Ubuntu
lvm2 package

Merge ~bluca/ubuntu/+source/lvm2:errno_backport into ubuntu/+source/lvm2:ubuntu/devel

  1. Git
  2. lp:~bluca/ubuntu/+source/lvm2
  3. errno_backport
  4. Merge into ubuntu/devel
Proposed by Luca Boccassi
Status: Needs review
Proposed branch: ~bluca/ubuntu/+source/lvm2:errno_backport
Merge into: ubuntu/+source/lvm2:ubuntu/devel
Diff against target: 82 lines (+68/-0)
2 files modified
debian/patches/libdm-propagate-ioctl-errors-back-to-caller.patch (+67/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Gianfranco Costamagna (community) Approve
git-ubuntu import Pending
Review via email: mp+461372@code.launchpad.net

This proposal supersedes a proposal from 2024-02-22.

Commit message

libdm: backport patch to fix return code from device-mapper

Description of the change

When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues.

This is fixed in the lvm2 version 2.03.23 upstream release.

Please consider backporting this patch for Noble.

Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3
Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1

To post a comment you must log in.
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) :
review: Approve
Reply

Unmerged commits

d4580c5... by Luca Boccassi

libdm: backport patch to fix return code from device-mapper

Backport patch from latest upstream lvm2 version. Fixes returning an
accurate error code to libcryptsetup when opening a dm-verity device
fails due to a missing key. Needed for cryptsetup 2.7.0 and systemd
256.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/patches/libdm-propagate-ioctl-errors-back-to-caller.patch b/debian/patches/libdm-propagate-ioctl-errors-back-to-caller.patch
2new file mode 100644
3index 0000000..f0f49f0
4--- /dev/null
5+++ b/debian/patches/libdm-propagate-ioctl-errors-back-to-caller.patch
6@@ -0,0 +1,67 @@
7+Author: Lennart Poettering <lennart@poettering.net>
8+Origin: upstream, commit:25ef7a7b1a876f491bd361369423d7309358f6c1
9+Forwarded: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3
10+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620
11+Description: libdm: propagate ioctl errors back to caller
12+ When setting up dm-verity devices with signed root hashes it is very
13+ useful to have a recognizable error code when a key is not present in
14+ the kernel keyring. Turns out the kernel actually returns ENOKEY in that
15+ case, but this gets lost in libdevmapper.
16+ .
17+ This fixes this: in _create_and_load_v4() it copies the error code from
18+ the ioctl from the sub-tasks back to the main task field on failure.
19+ .
20+ This is not enough to make libcryptsetup actually propagate the ENOKEY
21+ correctly, that also needs a patch to libcryptsetup, but this is part of
22+ the puzzle.
23+--- a/libdm/ioctl/libdm-iface.c
24++++ b/libdm/ioctl/libdm-iface.c
25+@@ -1471,7 +1471,7 @@ static int _create_and_load_v4(struct dm_task *dmt)
26+ {
27+ struct dm_info info;
28+ struct dm_task *task;
29+- int r;
30++ int r, ioctl_errno = 0;
31+ uint32_t cookie;
32+
33+ /* Use new task struct to create the device */
34+@@ -1497,8 +1497,10 @@ static int _create_and_load_v4(struct dm_task *dmt)
35+ task->cookie_set = dmt->cookie_set;
36+ task->add_node = dmt->add_node;
37+
38+- if (!dm_task_run(task))
39++ if (!dm_task_run(task)) {
40++ ioctl_errno = task->ioctl_errno;
41+ goto_bad;
42++ }
43+
44+ if (!dm_task_get_info(task, &info) || !info.exists)
45+ goto_bad;
46+@@ -1529,6 +1531,8 @@ static int _create_and_load_v4(struct dm_task *dmt)
47+ task->ima_measurement = dmt->ima_measurement;
48+
49+ r = dm_task_run(task);
50++ if (!r)
51++ ioctl_errno = task->ioctl_errno;
52+
53+ task->head = NULL;
54+ task->tail = NULL;
55+@@ -1575,12 +1579,18 @@ static int _create_and_load_v4(struct dm_task *dmt)
56+ if (!dm_task_run(dmt))
57+ log_error("Failed to revert device creation.");
58+
59++ if (ioctl_errno != 0)
60++ dmt->ioctl_errno = ioctl_errno;
61++
62+ return 0;
63+
64+ bad:
65+ dm_task_destroy(task);
66+ _udev_complete(dmt);
67+
68++ if (ioctl_errno != 0)
69++ dmt->ioctl_errno = ioctl_errno;
70++
71+ return 0;
72+ }
73+
74diff --git a/debian/patches/series b/debian/patches/series
75index a4eda8e..6f44f58 100644
76--- a/debian/patches/series
77+++ b/debian/patches/series
78@@ -2,3 +2,4 @@ debian-changes
79 enable-issue-discards.patch
80 0014-no-lvm2-monitor-in-containers.patch
81 fix-systemd-run-location.patch
82+libdm-propagate-ioctl-errors-back-to-caller.patch

Subscribers

People subscribed via source and target branches