1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/loop.h>
11 #if HAVE_VALGRIND_MEMCHECK_H
12 #include <valgrind/memcheck.h>
15 #include "sd-daemon.h"
16 #include "sd-device.h"
19 #include "blkid-util.h"
20 #include "blockdev-util.h"
21 #include "btrfs-util.h"
22 #include "chattr-util.h"
25 #include "errno-util.h"
28 #include "filesystems.h"
30 #include "fsck-util.h"
31 #include "home-util.h"
32 #include "homework-luks.h"
33 #include "homework-mount.h"
34 #include "id128-util.h"
36 #include "memory-util.h"
37 #include "missing_magic.h"
39 #include "mkfs-util.h"
40 #include "mount-util.h"
41 #include "openssl-util.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "process-util.h"
45 #include "random-util.h"
46 #include "resize-fs.h"
47 #include "stat-util.h"
49 #include "sync-util.h"
50 #include "tmpfile-util.h"
51 #include "udev-util.h"
52 #include "user-util.h"
54 /* Round down to the nearest 4K size. Given that newer hardware generally prefers 4K sectors, let's align our
55 * partitions to that too. In the worst case we'll waste 3.5K per partition that way, but I think I can live
57 #define DISK_SIZE_ROUND_DOWN(x) ((x) & ~UINT64_C(4095))
59 /* Rounds up to the nearest 4K boundary. Returns UINT64_MAX on overflow */
60 #define DISK_SIZE_ROUND_UP(x) \
63 _x > UINT64_MAX - 4095U ? UINT64_MAX : (_x + 4095U) & ~UINT64_C(4095); \
67 int run_mark_dirty(int fd
, bool b
) {
71 /* Sets or removes the 'user.home-dirty' xattr on the specified file. We use this to detect when a
72 * home directory was not properly unmounted. */
76 r
= fd_verify_regular(fd
);
81 ret
= fsetxattr(fd
, "user.home-dirty", &x
, 1, XATTR_CREATE
);
82 if (ret
< 0 && errno
!= EEXIST
)
83 return log_debug_errno(errno
, "Could not mark home directory as dirty: %m");
88 return log_debug_errno(r
, "Failed to synchronize image before marking it clean: %m");
90 ret
= fremovexattr(fd
, "user.home-dirty");
91 if (ret
< 0 && errno
!= ENODATA
)
92 return log_debug_errno(errno
, "Could not mark home directory as clean: %m");
97 return log_debug_errno(r
, "Failed to synchronize dirty flag to disk: %m");
102 int run_mark_dirty_by_path(const char *path
, bool b
) {
103 _cleanup_close_
int fd
= -1;
107 fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
);
109 return log_debug_errno(errno
, "Failed to open %s to mark dirty or clean: %m", path
);
111 return run_mark_dirty(fd
, b
);
114 static int probe_file_system_by_fd(
117 sd_id128_t
*ret_uuid
) {
119 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
120 _cleanup_free_
char *s
= NULL
;
121 const char *fstype
= NULL
, *uuid
= NULL
;
129 b
= blkid_new_probe();
134 r
= blkid_probe_set_device(b
, fd
, 0, 0);
136 return errno
> 0 ? -errno
: -ENOMEM
;
138 (void) blkid_probe_enable_superblocks(b
, 1);
139 (void) blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
|BLKID_SUBLKS_UUID
);
142 r
= blkid_do_safeprobe(b
);
143 if (IN_SET(r
, -2, 1)) /* nothing found or ambiguous result */
146 return errno
> 0 ? -errno
: -EIO
;
148 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
152 (void) blkid_probe_lookup_value(b
, "UUID", &uuid
, NULL
);
156 r
= sd_id128_from_string(uuid
, &id
);
164 *ret_fstype
= TAKE_PTR(s
);
170 static int probe_file_system_by_path(const char *path
, char **ret_fstype
, sd_id128_t
*ret_uuid
) {
171 _cleanup_close_
int fd
= -1;
173 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
177 return probe_file_system_by_fd(fd
, ret_fstype
, ret_uuid
);
180 static int block_get_size_by_fd(int fd
, uint64_t *ret
) {
186 if (fstat(fd
, &st
) < 0)
189 if (!S_ISBLK(st
.st_mode
))
192 return RET_NERRNO(ioctl(fd
, BLKGETSIZE64
, ret
));
195 static int block_get_size_by_path(const char *path
, uint64_t *ret
) {
196 _cleanup_close_
int fd
= -1;
198 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
202 return block_get_size_by_fd(fd
, ret
);
205 static int run_fsck(const char *node
, const char *fstype
) {
212 r
= fsck_exists(fstype
);
214 return log_error_errno(r
, "Failed to check if fsck for file system %s exists: %m", fstype
);
216 log_warning("No fsck for file system %s installed, ignoring.", fstype
);
220 r
= safe_fork("(fsck)",
221 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
227 execl("/sbin/fsck", "/sbin/fsck", "-aTl", node
, NULL
);
229 log_error_errno(errno
, "Failed to execute fsck: %m");
230 _exit(FSCK_OPERATIONAL_ERROR
);
233 exit_status
= wait_for_terminate_and_check("fsck", fsck_pid
, WAIT_LOG_ABNORMAL
);
236 if ((exit_status
& ~FSCK_ERROR_CORRECTED
) != 0) {
237 log_warning("fsck failed with exit status %i.", exit_status
);
239 if ((exit_status
& (FSCK_SYSTEM_SHOULD_REBOOT
|FSCK_ERRORS_LEFT_UNCORRECTED
)) != 0)
240 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "File system is corrupted, refusing.");
242 log_warning("Ignoring fsck error.");
245 log_info("File system check completed.");
250 static int luks_try_passwords(
251 struct crypt_device
*cd
,
254 size_t *volume_key_size
) {
261 STRV_FOREACH(pp
, passwords
) {
262 size_t vks
= *volume_key_size
;
264 r
= sym_crypt_volume_key_get(
272 *volume_key_size
= vks
;
276 log_debug_errno(r
, "Password %zu didn't work for unlocking LUKS superblock: %m", (size_t) (pp
- passwords
));
282 static int luks_setup(
287 const char *cipher_mode
,
288 uint64_t volume_key_size
,
290 const PasswordCache
*cache
,
292 struct crypt_device
**ret
,
293 sd_id128_t
*ret_found_uuid
,
294 void **ret_volume_key
,
295 size_t *ret_volume_key_size
) {
297 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
298 _cleanup_(erase_and_freep
) void *vk
= NULL
;
308 r
= sym_crypt_init(&cd
, node
);
310 return log_error_errno(r
, "Failed to allocate libcryptsetup context: %m");
312 cryptsetup_enable_logging(cd
);
314 r
= sym_crypt_load(cd
, CRYPT_LUKS2
, NULL
);
316 return log_error_errno(r
, "Failed to load LUKS superblock: %m");
318 r
= sym_crypt_get_volume_key_size(cd
);
320 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine LUKS volume key size");
323 if (!sd_id128_is_null(uuid
) || ret_found_uuid
) {
326 s
= sym_crypt_get_uuid(cd
);
328 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has no UUID.");
330 r
= sd_id128_from_string(s
, &p
);
332 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has invalid UUID.");
334 /* Check that the UUID matches, if specified */
335 if (!sd_id128_is_null(uuid
) &&
336 !sd_id128_equal(uuid
, p
))
337 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has wrong UUID.");
340 if (cipher
&& !streq_ptr(cipher
, sym_crypt_get_cipher(cd
)))
341 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong cipher.");
343 if (cipher_mode
&& !streq_ptr(cipher_mode
, sym_crypt_get_cipher_mode(cd
)))
344 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong cipher mode.");
346 if (volume_key_size
!= UINT64_MAX
&& vks
!= volume_key_size
)
347 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong volume key size.");
354 FOREACH_POINTER(list
,
355 cache
? cache
->pkcs11_passwords
: NULL
,
356 cache
? cache
->fido2_passwords
: NULL
,
358 r
= luks_try_passwords(cd
, list
, vk
, &vks
);
363 return log_error_errno(r
, "No valid password for LUKS superblock.");
365 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
367 r
= sym_crypt_activate_by_volume_key(
371 discard
? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0);
373 return log_error_errno(r
, "Failed to unlock LUKS superblock: %m");
375 log_info("Setting up LUKS device /dev/mapper/%s completed.", dm_name
);
379 if (ret_found_uuid
) /* Return the UUID actually found if the caller wants to know */
382 *ret_volume_key
= TAKE_PTR(vk
);
383 if (ret_volume_key_size
)
384 *ret_volume_key_size
= vks
;
389 static int make_dm_names(UserRecord
*h
, HomeSetup
*setup
) {
391 assert(h
->user_name
);
394 if (!setup
->dm_name
) {
395 setup
->dm_name
= strjoin("home-", h
->user_name
);
400 if (!setup
->dm_node
) {
401 setup
->dm_node
= path_join("/dev/mapper/", setup
->dm_name
);
409 static int acquire_open_luks_device(
414 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
419 assert(!setup
->crypt_device
);
421 r
= dlopen_cryptsetup();
425 r
= make_dm_names(h
, setup
);
429 r
= sym_crypt_init_by_name(&cd
, setup
->dm_name
);
430 if (IN_SET(r
, -ENODEV
, -EINVAL
, -ENOENT
) && graceful
)
433 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", setup
->dm_name
);
435 cryptsetup_enable_logging(cd
);
437 setup
->crypt_device
= TAKE_PTR(cd
);
441 static int luks_open(
444 const PasswordCache
*cache
,
445 sd_id128_t
*ret_found_uuid
,
446 void **ret_volume_key
,
447 size_t *ret_volume_key_size
) {
449 _cleanup_(erase_and_freep
) void *vk
= NULL
;
457 assert(!setup
->crypt_device
);
459 /* Opens a LUKS device that is already set up. Re-validates the password while doing so (which also
460 * provides us with the volume key, which we want). */
462 r
= acquire_open_luks_device(h
, setup
, /* graceful= */ false);
466 r
= sym_crypt_load(setup
->crypt_device
, CRYPT_LUKS2
, NULL
);
468 return log_error_errno(r
, "Failed to load LUKS superblock: %m");
470 r
= sym_crypt_get_volume_key_size(setup
->crypt_device
);
472 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine LUKS volume key size");
475 if (ret_found_uuid
) {
478 s
= sym_crypt_get_uuid(setup
->crypt_device
);
480 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has no UUID.");
482 r
= sd_id128_from_string(s
, &p
);
484 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has invalid UUID.");
492 FOREACH_POINTER(list
,
493 cache
? cache
->pkcs11_passwords
: NULL
,
494 cache
? cache
->fido2_passwords
: NULL
,
496 r
= luks_try_passwords(setup
->crypt_device
, list
, vk
, &vks
);
501 return log_error_errno(r
, "No valid password for LUKS superblock.");
503 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
505 log_info("Discovered used LUKS device /dev/mapper/%s, and validated password.", setup
->dm_name
);
507 /* This is needed so that crypt_resize() can operate correctly for pre-existing LUKS devices. We need
508 * to tell libcryptsetup the volume key explicitly, so that it is in the kernel keyring. */
509 r
= sym_crypt_activate_by_volume_key(setup
->crypt_device
, NULL
, vk
, vks
, CRYPT_ACTIVATE_KEYRING_KEY
);
511 return log_error_errno(r
, "Failed to upload volume key again: %m");
513 log_info("Successfully re-activated LUKS device.");
518 *ret_volume_key
= TAKE_PTR(vk
);
519 if (ret_volume_key_size
)
520 *ret_volume_key_size
= vks
;
525 static int fs_validate(
529 sd_id128_t
*ret_found_uuid
) {
531 _cleanup_free_
char *fstype
= NULL
;
538 r
= probe_file_system_by_path(dm_node
, &fstype
, &u
);
540 return log_error_errno(r
, "Failed to probe file system: %m");
542 /* Limit the set of supported file systems a bit, as protection against little tested kernel file
543 * systems. Also, we only support the resize ioctls for these file systems. */
544 if (!supported_fstype(fstype
))
545 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "Image contains unsupported file system: %s", strna(fstype
));
547 if (!sd_id128_is_null(uuid
) &&
548 !sd_id128_equal(uuid
, u
))
549 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "File system has wrong UUID.");
551 log_info("Probing file system completed (found %s).", fstype
);
553 *ret_fstype
= TAKE_PTR(fstype
);
555 if (ret_found_uuid
) /* Return the UUID actually found if the caller wants to know */
561 static int luks_validate(
564 sd_id128_t partition_uuid
,
565 sd_id128_t
*ret_partition_uuid
,
566 uint64_t *ret_offset
,
567 uint64_t *ret_size
) {
569 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
570 sd_id128_t found_partition_uuid
= SD_ID128_NULL
;
571 const char *fstype
= NULL
, *pttype
= NULL
;
572 blkid_loff_t offset
= 0, size
= 0;
582 b
= blkid_new_probe();
587 r
= blkid_probe_set_device(b
, fd
, 0, 0);
589 return errno
> 0 ? -errno
: -ENOMEM
;
591 (void) blkid_probe_enable_superblocks(b
, 1);
592 (void) blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
593 (void) blkid_probe_enable_partitions(b
, 1);
594 (void) blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
597 r
= blkid_do_safeprobe(b
);
598 if (IN_SET(r
, -2, 1)) /* nothing found or ambiguous result */
601 return errno
> 0 ? -errno
: -EIO
;
603 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
604 if (streq_ptr(fstype
, "crypto_LUKS")) {
605 /* Directly a LUKS image */
607 *ret_size
= UINT64_MAX
; /* full disk */
608 *ret_partition_uuid
= SD_ID128_NULL
;
613 (void) blkid_probe_lookup_value(b
, "PTTYPE", &pttype
, NULL
);
614 if (!streq_ptr(pttype
, "gpt"))
618 pl
= blkid_probe_get_partitions(b
);
620 return errno
> 0 ? -errno
: -ENOMEM
;
623 n
= blkid_partlist_numof_partitions(pl
);
625 return errno
> 0 ? -errno
: -EIO
;
627 for (int i
= 0; i
< n
; i
++) {
629 sd_id128_t id
= SD_ID128_NULL
;
633 pp
= blkid_partlist_get_partition(pl
, i
);
635 return errno
> 0 ? -errno
: -EIO
;
637 if (!streq_ptr(blkid_partition_get_type_string(pp
), "773f91ef-66d4-49b5-bd83-d683bf40ad16"))
640 if (!streq_ptr(blkid_partition_get_name(pp
), label
))
643 sid
= blkid_partition_get_uuid(pp
);
645 r
= sd_id128_from_string(sid
, &id
);
647 log_debug_errno(r
, "Couldn't parse partition UUID %s, weird: %m", sid
);
649 if (!sd_id128_is_null(partition_uuid
) && !sd_id128_equal(id
, partition_uuid
))
656 offset
= blkid_partition_get_start(pp
);
657 size
= blkid_partition_get_size(pp
);
658 found_partition_uuid
= id
;
668 if ((uint64_t) offset
> UINT64_MAX
/ 512U)
672 if ((uint64_t) size
> UINT64_MAX
/ 512U)
675 *ret_offset
= offset
* 512U;
676 *ret_size
= size
* 512U;
677 *ret_partition_uuid
= found_partition_uuid
;
682 static int crypt_device_to_evp_cipher(struct crypt_device
*cd
, const EVP_CIPHER
**ret
) {
683 _cleanup_free_
char *cipher_name
= NULL
;
684 const char *cipher
, *cipher_mode
, *e
;
685 size_t key_size
, key_bits
;
686 const EVP_CIPHER
*cc
;
691 /* Let's find the right OpenSSL EVP_CIPHER object that matches the encryption settings of the LUKS
694 cipher
= sym_crypt_get_cipher(cd
);
696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Cannot get cipher from LUKS device.");
698 cipher_mode
= sym_crypt_get_cipher_mode(cd
);
700 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Cannot get cipher mode from LUKS device.");
702 e
= strchr(cipher_mode
, '-');
704 cipher_mode
= strndupa_safe(cipher_mode
, e
- cipher_mode
);
706 r
= sym_crypt_get_volume_key_size(cd
);
708 return log_error_errno(r
< 0 ? r
: SYNTHETIC_ERRNO(EINVAL
), "Cannot get volume key size from LUKS device.");
711 key_bits
= key_size
* 8;
712 if (streq(cipher_mode
, "xts"))
715 if (asprintf(&cipher_name
, "%s-%zu-%s", cipher
, key_bits
, cipher_mode
) < 0)
718 cc
= EVP_get_cipherbyname(cipher_name
);
720 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "Selected cipher mode '%s' not supported, can't encrypt JSON record.", cipher_name
);
722 /* Verify that our key length calculations match what OpenSSL thinks */
723 r
= EVP_CIPHER_key_length(cc
);
724 if (r
< 0 || (uint64_t) r
!= key_size
)
725 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Key size of selected cipher doesn't meet our expectations.");
731 static int luks_validate_home_record(
732 struct crypt_device
*cd
,
734 const void *volume_key
,
735 PasswordCache
*cache
,
736 UserRecord
**ret_luks_home_record
) {
743 for (int token
= 0; token
< sym_crypt_token_max(CRYPT_LUKS2
); token
++) {
744 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
, *rr
= NULL
;
745 _cleanup_(EVP_CIPHER_CTX_freep
) EVP_CIPHER_CTX
*context
= NULL
;
746 _cleanup_(user_record_unrefp
) UserRecord
*lhr
= NULL
;
747 _cleanup_free_
void *encrypted
= NULL
, *iv
= NULL
;
748 size_t decrypted_size
, encrypted_size
, iv_size
;
749 int decrypted_size_out1
, decrypted_size_out2
;
750 _cleanup_free_
char *decrypted
= NULL
;
751 const char *text
, *type
;
752 crypt_token_info state
;
753 JsonVariant
*jr
, *jiv
;
754 unsigned line
, column
;
755 const EVP_CIPHER
*cc
;
757 state
= sym_crypt_token_status(cd
, token
, &type
);
758 if (state
== CRYPT_TOKEN_INACTIVE
) /* First unconfigured token, give up */
760 if (IN_SET(state
, CRYPT_TOKEN_INTERNAL
, CRYPT_TOKEN_INTERNAL_UNKNOWN
, CRYPT_TOKEN_EXTERNAL
))
762 if (state
!= CRYPT_TOKEN_EXTERNAL_UNKNOWN
)
763 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Unexpected token state of token %i: %i", token
, (int) state
);
765 if (!streq(type
, "systemd-homed"))
768 r
= sym_crypt_token_json_get(cd
, token
, &text
);
770 return log_error_errno(r
, "Failed to read LUKS token %i: %m", token
);
772 r
= json_parse(text
, JSON_PARSE_SENSITIVE
, &v
, &line
, &column
);
774 return log_error_errno(r
, "Failed to parse LUKS token JSON data %u:%u: %m", line
, column
);
776 jr
= json_variant_by_key(v
, "record");
778 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "LUKS token lacks 'record' field.");
779 jiv
= json_variant_by_key(v
, "iv");
781 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "LUKS token lacks 'iv' field.");
783 r
= json_variant_unbase64(jr
, &encrypted
, &encrypted_size
);
785 return log_error_errno(r
, "Failed to base64 decode record: %m");
787 r
= json_variant_unbase64(jiv
, &iv
, &iv_size
);
789 return log_error_errno(r
, "Failed to base64 decode IV: %m");
791 r
= crypt_device_to_evp_cipher(cd
, &cc
);
794 if (iv_size
> INT_MAX
|| EVP_CIPHER_iv_length(cc
) != (int) iv_size
)
795 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "IV size doesn't match.");
797 context
= EVP_CIPHER_CTX_new();
801 if (EVP_DecryptInit_ex(context
, cc
, NULL
, volume_key
, iv
) != 1)
802 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to initialize decryption context.");
804 decrypted_size
= encrypted_size
+ EVP_CIPHER_key_length(cc
) * 2;
805 decrypted
= new(char, decrypted_size
);
809 if (EVP_DecryptUpdate(context
, (uint8_t*) decrypted
, &decrypted_size_out1
, encrypted
, encrypted_size
) != 1)
810 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to decrypt JSON record.");
812 assert((size_t) decrypted_size_out1
<= decrypted_size
);
814 if (EVP_DecryptFinal_ex(context
, (uint8_t*) decrypted
+ decrypted_size_out1
, &decrypted_size_out2
) != 1)
815 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to finish decryption of JSON record.");
817 assert((size_t) decrypted_size_out1
+ (size_t) decrypted_size_out2
< decrypted_size
);
818 decrypted_size
= (size_t) decrypted_size_out1
+ (size_t) decrypted_size_out2
;
820 if (memchr(decrypted
, 0, decrypted_size
))
821 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Inner NUL byte in JSON record, refusing.");
823 decrypted
[decrypted_size
] = 0;
825 r
= json_parse(decrypted
, JSON_PARSE_SENSITIVE
, &rr
, NULL
, NULL
);
827 return log_error_errno(r
, "Failed to parse decrypted JSON record, refusing.");
829 lhr
= user_record_new();
833 r
= user_record_load(lhr
, rr
, USER_RECORD_LOAD_EMBEDDED
|USER_RECORD_PERMISSIVE
);
835 return log_error_errno(r
, "Failed to parse user record: %m");
837 if (!user_record_compatible(h
, lhr
))
838 return log_error_errno(SYNTHETIC_ERRNO(EREMCHG
), "LUKS home record not compatible with host record, refusing.");
840 r
= user_record_authenticate(lhr
, h
, cache
, /* strict_verify= */ true);
843 assert(r
> 0); /* Insist that a password was verified */
845 *ret_luks_home_record
= TAKE_PTR(lhr
);
849 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Couldn't find home record in LUKS2 header, refusing.");
852 static int format_luks_token_text(
853 struct crypt_device
*cd
,
855 const void *volume_key
,
858 int r
, encrypted_size_out1
= 0, encrypted_size_out2
= 0, iv_size
, key_size
;
859 _cleanup_(EVP_CIPHER_CTX_freep
) EVP_CIPHER_CTX
*context
= NULL
;
860 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
861 _cleanup_free_
void *iv
= NULL
, *encrypted
= NULL
;
862 size_t text_length
, encrypted_size
;
863 _cleanup_free_
char *text
= NULL
;
864 const EVP_CIPHER
*cc
;
871 r
= crypt_device_to_evp_cipher(cd
, &cc
);
875 key_size
= EVP_CIPHER_key_length(cc
);
876 iv_size
= EVP_CIPHER_iv_length(cc
);
879 iv
= malloc(iv_size
);
883 r
= genuine_random_bytes(iv
, iv_size
, RANDOM_BLOCK
);
885 return log_error_errno(r
, "Failed to generate IV: %m");
888 context
= EVP_CIPHER_CTX_new();
892 if (EVP_EncryptInit_ex(context
, cc
, NULL
, volume_key
, iv
) != 1)
893 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to initialize encryption context.");
895 r
= json_variant_format(hr
->json
, 0, &text
);
897 return log_error_errno(r
, "Failed to format user record for LUKS: %m");
899 text_length
= strlen(text
);
900 encrypted_size
= text_length
+ 2*key_size
- 1;
902 encrypted
= malloc(encrypted_size
);
906 if (EVP_EncryptUpdate(context
, encrypted
, &encrypted_size_out1
, (uint8_t*) text
, text_length
) != 1)
907 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to encrypt JSON record.");
909 assert((size_t) encrypted_size_out1
<= encrypted_size
);
911 if (EVP_EncryptFinal_ex(context
, (uint8_t*) encrypted
+ encrypted_size_out1
, &encrypted_size_out2
) != 1)
912 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to finish encryption of JSON record. ");
914 assert((size_t) encrypted_size_out1
+ (size_t) encrypted_size_out2
<= encrypted_size
);
918 JSON_BUILD_PAIR("type", JSON_BUILD_STRING("systemd-homed")),
919 JSON_BUILD_PAIR("keyslots", JSON_BUILD_EMPTY_ARRAY
),
920 JSON_BUILD_PAIR("record", JSON_BUILD_BASE64(encrypted
, encrypted_size_out1
+ encrypted_size_out2
)),
921 JSON_BUILD_PAIR("iv", JSON_BUILD_BASE64(iv
, iv_size
))));
923 return log_error_errno(r
, "Failed to prepare LUKS JSON token object: %m");
925 r
= json_variant_format(v
, 0, ret
);
927 return log_error_errno(r
, "Failed to format encrypted user record for LUKS: %m");
932 int home_store_header_identity_luks(
935 UserRecord
*old_home
) {
937 _cleanup_(user_record_unrefp
) UserRecord
*header_home
= NULL
;
938 _cleanup_free_
char *text
= NULL
;
943 if (!setup
->crypt_device
)
946 assert(setup
->volume_key
);
948 /* Let's store the user's identity record in the LUKS2 "token" header data fields, in an encrypted
949 * fashion. Why that? If we'd rely on the record being embedded in the payload file system itself we
950 * would have to mount the file system before we can validate the JSON record, its signatures and
951 * whether it matches what we are looking for. However, kernel file system implementations are
952 * generally not ready to be used on untrusted media. Hence let's store the record independently of
953 * the file system, so that we can validate it first, and only then mount the file system. To keep
954 * things simple we use the same encryption settings for this record as for the file system itself. */
956 r
= user_record_clone(h
, USER_RECORD_EXTRACT_EMBEDDED
|USER_RECORD_PERMISSIVE
, &header_home
);
958 return log_error_errno(r
, "Failed to determine new header record: %m");
960 if (old_home
&& user_record_equal(old_home
, header_home
)) {
961 log_debug("Not updating header home record.");
965 r
= format_luks_token_text(setup
->crypt_device
, header_home
, setup
->volume_key
, &text
);
969 for (int token
= 0; token
< sym_crypt_token_max(CRYPT_LUKS2
); token
++) {
970 crypt_token_info state
;
973 state
= sym_crypt_token_status(setup
->crypt_device
, token
, &type
);
974 if (state
== CRYPT_TOKEN_INACTIVE
) /* First unconfigured token, we are done */
976 if (IN_SET(state
, CRYPT_TOKEN_INTERNAL
, CRYPT_TOKEN_INTERNAL_UNKNOWN
, CRYPT_TOKEN_EXTERNAL
))
977 continue; /* Not ours */
978 if (state
!= CRYPT_TOKEN_EXTERNAL_UNKNOWN
)
979 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Unexpected token state of token %i: %i", token
, (int) state
);
981 if (!streq(type
, "systemd-homed"))
984 r
= sym_crypt_token_json_set(setup
->crypt_device
, token
, text
);
986 return log_error_errno(r
, "Failed to set JSON token for slot %i: %m", token
);
988 /* Now, let's free the text so that for all further matching tokens we all crypt_json_token_set()
989 * with a NULL text in order to invalidate the tokens. */
994 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Didn't find any record token to update.");
996 log_info("Wrote LUKS header user record.");
1001 int run_fitrim(int root_fd
) {
1002 struct fstrim_range range
= {
1006 /* If discarding is on, discard everything right after mounting, so that the discard setting takes
1007 * effect on activation. (Also, optionally, trim on logout) */
1009 assert(root_fd
>= 0);
1011 if (ioctl(root_fd
, FITRIM
, &range
) < 0) {
1012 if (ERRNO_IS_NOT_SUPPORTED(errno
) || errno
== EBADF
) {
1013 log_debug_errno(errno
, "File system does not support FITRIM, not trimming.");
1017 return log_warning_errno(errno
, "Failed to invoke FITRIM, ignoring: %m");
1020 log_info("Discarded unused %s.", FORMAT_BYTES(range
.len
));
1024 int run_fallocate(int backing_fd
, const struct stat
*st
) {
1027 assert(backing_fd
>= 0);
1029 /* If discarding is off, let's allocate the whole image before mounting, so that the setting takes
1030 * effect on activation */
1033 if (fstat(backing_fd
, &stbuf
) < 0)
1034 return log_error_errno(errno
, "Failed to fstat(): %m");
1039 if (!S_ISREG(st
->st_mode
))
1042 if (st
->st_blocks
>= DIV_ROUND_UP(st
->st_size
, 512)) {
1043 log_info("Backing file is fully allocated already.");
1047 if (fallocate(backing_fd
, FALLOC_FL_KEEP_SIZE
, 0, st
->st_size
) < 0) {
1049 if (ERRNO_IS_NOT_SUPPORTED(errno
)) {
1050 log_debug_errno(errno
, "fallocate() not supported on file system, ignoring.");
1054 if (ERRNO_IS_DISK_SPACE(errno
)) {
1055 log_debug_errno(errno
, "Not enough disk space to fully allocate home.");
1056 return -ENOSPC
; /* make recognizable */
1059 return log_error_errno(errno
, "Failed to allocate backing file blocks: %m");
1062 log_info("Allocated additional %s.",
1063 FORMAT_BYTES((DIV_ROUND_UP(st
->st_size
, 512) - st
->st_blocks
) * 512));
1067 int run_fallocate_by_path(const char *backing_path
) {
1068 _cleanup_close_
int backing_fd
= -1;
1070 backing_fd
= open(backing_path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
1072 return log_error_errno(errno
, "Failed to open '%s' for fallocate(): %m", backing_path
);
1074 return run_fallocate(backing_fd
, NULL
);
1077 static int lock_image_fd(int image_fd
, const char *ip
) {
1080 /* If the $SYSTEMD_LUKS_LOCK environment variable is set we'll take an exclusive BSD lock on the
1081 * image file, and send it to our parent. homed will keep it open to ensure no other instance of
1082 * homed (across the network or such) will also mount the file. */
1084 r
= getenv_bool("SYSTEMD_LUKS_LOCK");
1088 return log_error_errno(r
, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
1092 if (fstat(image_fd
, &st
) < 0)
1093 return log_error_errno(errno
, "Failed to stat image file: %m");
1094 if (S_ISBLK(st
.st_mode
)) {
1095 /* Locking block devices doesn't really make sense, as this might interfere with
1096 * udev's workings, and these locks aren't network propagated anyway, hence not what
1097 * we are after here. */
1098 log_debug("Not locking image file '%s', since it's a block device.", ip
);
1101 r
= stat_verify_regular(&st
);
1103 return log_error_errno(r
, "Image file to lock is not a regular file: %m");
1105 if (flock(image_fd
, LOCK_EX
|LOCK_NB
) < 0) {
1107 if (errno
== EWOULDBLOCK
)
1108 log_error_errno(errno
, "Image file '%s' already locked, can't use.", ip
);
1110 log_error_errno(errno
, "Failed to lock image file '%s': %m", ip
);
1112 return errno
!= EWOULDBLOCK
? -errno
: -EADDRINUSE
; /* Make error recognizable */
1115 log_info("Successfully locked image file '%s'.", ip
);
1117 /* Now send it to our parent to keep safe while the home dir is active */
1118 r
= sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd
, 1);
1120 log_warning_errno(r
, "Failed to send LUKS lock fd to parent, ignoring: %m");
1126 static int open_image_file(
1128 const char *force_image_path
,
1129 struct stat
*ret_stat
) {
1131 _cleanup_close_
int image_fd
= -1;
1136 ip
= force_image_path
?: user_record_image_path(h
);
1138 image_fd
= open(ip
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
1140 return log_error_errno(errno
, "Failed to open image file %s: %m", ip
);
1142 if (fstat(image_fd
, &st
) < 0)
1143 return log_error_errno(errno
, "Failed to fstat() image file: %m");
1144 if (!S_ISREG(st
.st_mode
) && !S_ISBLK(st
.st_mode
))
1145 return log_error_errno(
1146 S_ISDIR(st
.st_mode
) ? SYNTHETIC_ERRNO(EISDIR
) : SYNTHETIC_ERRNO(EBADFD
),
1147 "Image file %s is not a regular file or block device: %m", ip
);
1149 r
= lock_image_fd(image_fd
, ip
);
1156 return TAKE_FD(image_fd
);
1159 int home_setup_luks(
1161 HomeSetupFlags flags
,
1162 const char *force_image_path
,
1164 PasswordCache
*cache
,
1165 UserRecord
**ret_luks_home
) {
1167 sd_id128_t found_partition_uuid
= SD_ID128_NULL
, found_luks_uuid
= SD_ID128_NULL
, found_fs_uuid
= SD_ID128_NULL
;
1168 _cleanup_(user_record_unrefp
) UserRecord
*luks_home
= NULL
;
1169 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
1170 size_t volume_key_size
= 0;
1171 uint64_t offset
, size
;
1177 assert(user_record_storage(h
) == USER_LUKS
);
1179 r
= dlopen_cryptsetup();
1183 r
= make_dm_names(h
, setup
);
1187 /* Reuse the image fd if it has already been opened by an earlier step */
1188 if (setup
->image_fd
< 0) {
1189 setup
->image_fd
= open_image_file(h
, force_image_path
, &st
);
1190 if (setup
->image_fd
< 0)
1191 return setup
->image_fd
;
1192 } else if (fstat(setup
->image_fd
, &st
) < 0)
1193 return log_error_errno(errno
, "Failed to stat image: %m");
1195 if (FLAGS_SET(flags
, HOME_SETUP_ALREADY_ACTIVATED
)) {
1196 struct loop_info64 info
;
1199 if (!setup
->crypt_device
) {
1210 if (ret_luks_home
) {
1211 r
= luks_validate_home_record(setup
->crypt_device
, h
, volume_key
, cache
, &luks_home
);
1216 n
= sym_crypt_get_device_name(setup
->crypt_device
);
1218 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine backing device for DM %s.", setup
->dm_name
);
1221 r
= loop_device_open(n
, O_RDWR
, &setup
->loop
);
1223 return log_error_errno(r
, "Failed to open loopback device %s: %m", n
);
1226 if (ioctl(setup
->loop
->fd
, LOOP_GET_STATUS64
, &info
) < 0) {
1227 _cleanup_free_
char *sysfs
= NULL
;
1229 if (!IN_SET(errno
, ENOTTY
, EINVAL
))
1230 return log_error_errno(errno
, "Failed to get block device metrics of %s: %m", n
);
1232 if (ioctl(setup
->loop
->fd
, BLKGETSIZE64
, &size
) < 0)
1233 return log_error_errno(r
, "Failed to read block device size of %s: %m", n
);
1235 if (fstat(setup
->loop
->fd
, &st
) < 0)
1236 return log_error_errno(r
, "Failed to stat block device %s: %m", n
);
1237 assert(S_ISBLK(st
.st_mode
));
1239 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/partition", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
1242 if (access(sysfs
, F_OK
) < 0) {
1243 if (errno
!= ENOENT
)
1244 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", sysfs
);
1248 _cleanup_free_
char *buffer
= NULL
;
1250 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/start", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
1253 r
= read_one_line_file(sysfs
, &buffer
);
1255 return log_error_errno(r
, "Failed to read partition start offset: %m");
1257 r
= safe_atou64(buffer
, &offset
);
1259 return log_error_errno(r
, "Failed to parse partition start offset: %m");
1261 if (offset
> UINT64_MAX
/ 512U)
1262 return log_error_errno(SYNTHETIC_ERRNO(E2BIG
), "Offset too large for 64 byte range, refusing.");
1267 #if HAVE_VALGRIND_MEMCHECK_H
1268 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
1271 offset
= info
.lo_offset
;
1272 size
= info
.lo_sizelimit
;
1275 found_partition_uuid
= found_fs_uuid
= SD_ID128_NULL
;
1277 log_info("Discovered used loopback device %s.", setup
->loop
->node
);
1279 if (setup
->root_fd
< 0) {
1280 setup
->root_fd
= open(user_record_home_directory(h
), O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
1281 if (setup
->root_fd
< 0)
1282 return log_error_errno(errno
, "Failed to open home directory: %m");
1285 _cleanup_free_
char *fstype
= NULL
, *subdir
= NULL
;
1288 /* When we aren't reopening the home directory we are allocating it fresh, hence the relevant
1289 * objects can't be allocated yet. */
1290 assert(setup
->root_fd
< 0);
1291 assert(!setup
->crypt_device
);
1292 assert(!setup
->loop
);
1294 ip
= force_image_path
?: user_record_image_path(h
);
1296 subdir
= path_join(HOME_RUNTIME_WORK_DIR
, user_record_user_name_and_realm(h
));
1300 r
= luks_validate(setup
->image_fd
, user_record_user_name_and_realm(h
), h
->partition_uuid
, &found_partition_uuid
, &offset
, &size
);
1302 return log_error_errno(r
, "Failed to validate disk label: %m");
1304 /* Everything before this point left the image untouched. We are now starting to make
1305 * changes, hence mark the image dirty */
1306 if (run_mark_dirty(setup
->image_fd
, true) > 0)
1307 setup
->do_mark_clean
= true;
1309 if (!user_record_luks_discard(h
)) {
1310 r
= run_fallocate(setup
->image_fd
, &st
);
1315 r
= loop_device_make(setup
->image_fd
, O_RDWR
, offset
, size
, 0, &setup
->loop
);
1317 log_error_errno(r
, "Loopback block device support is not available on this system.");
1318 return -ENOLINK
; /* make recognizable */
1321 return log_error_errno(r
, "Failed to allocate loopback context: %m");
1323 log_info("Setting up loopback device %s completed.", setup
->loop
->node
?: ip
);
1325 r
= luks_setup(setup
->loop
->node
?: ip
,
1329 h
->luks_cipher_mode
,
1330 h
->luks_volume_key_size
,
1333 user_record_luks_discard(h
) || user_record_luks_offline_discard(h
),
1334 &setup
->crypt_device
,
1341 setup
->undo_dm
= true;
1343 if (ret_luks_home
) {
1344 r
= luks_validate_home_record(setup
->crypt_device
, h
, volume_key
, cache
, &luks_home
);
1349 r
= fs_validate(setup
->dm_node
, h
->file_system_uuid
, &fstype
, &found_fs_uuid
);
1353 r
= run_fsck(setup
->dm_node
, fstype
);
1357 r
= home_unshare_and_mount(setup
->dm_node
, fstype
, user_record_luks_discard(h
), user_record_mount_flags(h
), h
->luks_extra_mount_options
);
1361 setup
->undo_mount
= true;
1363 setup
->root_fd
= open(subdir
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
1364 if (setup
->root_fd
< 0)
1365 return log_error_errno(errno
, "Failed to open home directory: %m");
1367 if (user_record_luks_discard(h
))
1368 (void) run_fitrim(setup
->root_fd
);
1370 setup
->do_offline_fallocate
= !(setup
->do_offline_fitrim
= user_record_luks_offline_discard(h
));
1373 if (!sd_id128_is_null(found_partition_uuid
))
1374 setup
->found_partition_uuid
= found_partition_uuid
;
1375 if (!sd_id128_is_null(found_luks_uuid
))
1376 setup
->found_luks_uuid
= found_luks_uuid
;
1377 if (!sd_id128_is_null(found_fs_uuid
))
1378 setup
->found_fs_uuid
= found_fs_uuid
;
1380 setup
->partition_offset
= offset
;
1381 setup
->partition_size
= size
;
1384 erase_and_free(setup
->volume_key
);
1385 setup
->volume_key
= TAKE_PTR(volume_key
);
1386 setup
->volume_key_size
= volume_key_size
;
1390 *ret_luks_home
= TAKE_PTR(luks_home
);
1395 static void print_size_summary(uint64_t host_size
, uint64_t encrypted_size
, const struct statfs
*sfs
) {
1398 log_info("Image size is %s, file system size is %s, file system payload size is %s, file system free is %s.",
1399 FORMAT_BYTES(host_size
),
1400 FORMAT_BYTES(encrypted_size
),
1401 FORMAT_BYTES((uint64_t) sfs
->f_blocks
* (uint64_t) sfs
->f_frsize
),
1402 FORMAT_BYTES((uint64_t) sfs
->f_bfree
* (uint64_t) sfs
->f_frsize
));
1405 int home_activate_luks(
1408 PasswordCache
*cache
,
1409 UserRecord
**ret_home
) {
1411 _cleanup_(user_record_unrefp
) UserRecord
*new_home
= NULL
, *luks_home_record
= NULL
;
1412 uint64_t host_size
, encrypted_size
;
1413 const char *hdo
, *hd
;
1418 assert(user_record_storage(h
) == USER_LUKS
);
1422 r
= dlopen_cryptsetup();
1426 assert_se(hdo
= user_record_home_directory(h
));
1427 hd
= strdupa_safe(hdo
); /* copy the string out, since it might change later in the home record object */
1429 r
= home_get_state_luks(h
, setup
);
1433 return log_error_errno(SYNTHETIC_ERRNO(EEXIST
), "Device mapper device %s already exists, refusing.", setup
->dm_node
);
1435 r
= home_setup_luks(
1445 r
= block_get_size_by_fd(setup
->loop
->fd
, &host_size
);
1447 return log_error_errno(r
, "Failed to get loopback block device size: %m");
1449 r
= block_get_size_by_path(setup
->dm_node
, &encrypted_size
);
1451 return log_error_errno(r
, "Failed to get LUKS block device size: %m");
1463 r
= home_extend_embedded_identity(new_home
, h
, setup
);
1467 setup
->root_fd
= safe_close(setup
->root_fd
);
1469 r
= home_move_mount(user_record_user_name_and_realm(h
), hd
);
1473 setup
->undo_mount
= false;
1474 setup
->do_offline_fitrim
= false;
1476 loop_device_relinquish(setup
->loop
);
1478 r
= sym_crypt_deactivate_by_name(NULL
, setup
->dm_name
, CRYPT_DEACTIVATE_DEFERRED
);
1480 log_warning_errno(r
, "Failed to relinquish DM device, ignoring: %m");
1482 setup
->undo_dm
= false;
1483 setup
->do_offline_fallocate
= false;
1484 setup
->do_mark_clean
= false;
1485 setup
->do_drop_caches
= false;
1487 log_info("Everything completed.");
1489 print_size_summary(host_size
, encrypted_size
, &sfs
);
1491 *ret_home
= TAKE_PTR(new_home
);
1495 int home_deactivate_luks(UserRecord
*h
, HomeSetup
*setup
) {
1501 assert(!setup
->crypt_device
);
1503 /* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we
1504 * don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM
1505 * device), to avoid races: by explicitly detaching them we know when the detaching is complete. We
1506 * don't bother about the loopback device because unlike the DM device it doesn't have a fixed
1509 r
= acquire_open_luks_device(h
, setup
, /* graceful= */ true);
1511 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", setup
->dm_name
);
1513 log_debug("LUKS device %s has already been detached.", setup
->dm_name
);
1514 we_detached
= false;
1516 log_info("Discovered used LUKS device %s.", setup
->dm_node
);
1518 cryptsetup_enable_logging(setup
->crypt_device
);
1520 r
= sym_crypt_deactivate_by_name(setup
->crypt_device
, setup
->dm_name
, 0);
1521 if (IN_SET(r
, -ENODEV
, -EINVAL
, -ENOENT
)) {
1522 log_debug_errno(r
, "LUKS device %s is already detached.", setup
->dm_node
);
1523 we_detached
= false;
1525 return log_info_errno(r
, "LUKS device %s couldn't be deactivated: %m", setup
->dm_node
);
1527 log_info("LUKS device detaching completed.");
1532 (void) wait_for_block_device_gone(setup
, USEC_PER_SEC
* 30);
1533 setup
->undo_dm
= false;
1535 if (user_record_luks_offline_discard(h
))
1536 log_debug("Not allocating on logout.");
1538 (void) run_fallocate_by_path(user_record_image_path(h
));
1540 run_mark_dirty_by_path(user_record_image_path(h
), false);
1544 int home_trim_luks(UserRecord
*h
, HomeSetup
*setup
) {
1547 assert(setup
->root_fd
>= 0);
1549 if (!user_record_luks_offline_discard(h
)) {
1550 log_debug("Not trimming on logout.");
1554 (void) run_fitrim(setup
->root_fd
);
1558 static struct crypt_pbkdf_type
* build_good_pbkdf(struct crypt_pbkdf_type
*buffer
, UserRecord
*hr
) {
1562 *buffer
= (struct crypt_pbkdf_type
) {
1563 .hash
= user_record_luks_pbkdf_hash_algorithm(hr
),
1564 .type
= user_record_luks_pbkdf_type(hr
),
1565 .time_ms
= user_record_luks_pbkdf_time_cost_usec(hr
) / USEC_PER_MSEC
,
1566 .max_memory_kb
= user_record_luks_pbkdf_memory_cost(hr
) / 1024,
1567 .parallel_threads
= user_record_luks_pbkdf_parallel_threads(hr
),
1573 static struct crypt_pbkdf_type
* build_minimal_pbkdf(struct crypt_pbkdf_type
*buffer
, UserRecord
*hr
) {
1577 /* For PKCS#11 derived keys (which are generated randomly and are of high quality already) we use a
1579 *buffer
= (struct crypt_pbkdf_type
) {
1580 .hash
= user_record_luks_pbkdf_hash_algorithm(hr
),
1581 .type
= CRYPT_KDF_PBKDF2
,
1589 static int luks_format(
1591 const char *dm_name
,
1594 const PasswordCache
*cache
,
1595 char **effective_passwords
,
1598 struct crypt_device
**ret
) {
1600 _cleanup_(user_record_unrefp
) UserRecord
*reduced
= NULL
;
1601 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
1602 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
1603 struct crypt_pbkdf_type good_pbkdf
, minimal_pbkdf
;
1604 _cleanup_free_
char *text
= NULL
;
1605 size_t volume_key_size
;
1614 r
= sym_crypt_init(&cd
, node
);
1616 return log_error_errno(r
, "Failed to allocate libcryptsetup context: %m");
1618 cryptsetup_enable_logging(cd
);
1620 /* Normally we'd, just leave volume key generation to libcryptsetup. However, we can't, since we
1621 * can't extract the volume key from the library again, but we need it in order to encrypt the JSON
1622 * record. Hence, let's generate it on our own, so that we can keep track of it. */
1624 volume_key_size
= user_record_luks_volume_key_size(hr
);
1625 volume_key
= malloc(volume_key_size
);
1629 r
= genuine_random_bytes(volume_key
, volume_key_size
, RANDOM_BLOCK
);
1631 return log_error_errno(r
, "Failed to generate volume key: %m");
1633 #if HAVE_CRYPT_SET_METADATA_SIZE
1634 /* Increase the metadata space to 4M, the largest LUKS2 supports */
1635 r
= sym_crypt_set_metadata_size(cd
, 4096U*1024U, 0);
1637 return log_error_errno(r
, "Failed to change LUKS2 metadata size: %m");
1640 build_good_pbkdf(&good_pbkdf
, hr
);
1641 build_minimal_pbkdf(&minimal_pbkdf
, hr
);
1643 r
= sym_crypt_format(
1646 user_record_luks_cipher(hr
),
1647 user_record_luks_cipher_mode(hr
),
1648 ID128_TO_UUID_STRING(uuid
),
1651 &(struct crypt_params_luks2
) {
1653 .subsystem
= "systemd-home",
1654 .sector_size
= 512U,
1655 .pbkdf
= &good_pbkdf
,
1658 return log_error_errno(r
, "Failed to format LUKS image: %m");
1660 log_info("LUKS formatting completed.");
1662 STRV_FOREACH(pp
, effective_passwords
) {
1664 if (password_cache_contains(cache
, *pp
)) { /* is this a fido2 or pkcs11 password? */
1665 log_debug("Using minimal PBKDF for slot %i", slot
);
1666 r
= sym_crypt_set_pbkdf_type(cd
, &minimal_pbkdf
);
1668 log_debug("Using good PBKDF for slot %i", slot
);
1669 r
= sym_crypt_set_pbkdf_type(cd
, &good_pbkdf
);
1672 return log_error_errno(r
, "Failed to tweak PBKDF for slot %i: %m", slot
);
1674 r
= sym_crypt_keyslot_add_by_volume_key(
1682 return log_error_errno(r
, "Failed to set up LUKS password for slot %i: %m", slot
);
1684 log_info("Writing password to LUKS keyslot %i completed.", slot
);
1688 r
= sym_crypt_activate_by_volume_key(
1693 discard
? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0);
1695 return log_error_errno(r
, "Failed to activate LUKS superblock: %m");
1697 log_info("LUKS activation by volume key succeeded.");
1699 r
= user_record_clone(hr
, USER_RECORD_EXTRACT_EMBEDDED
|USER_RECORD_PERMISSIVE
, &reduced
);
1701 return log_error_errno(r
, "Failed to prepare home record for LUKS: %m");
1703 r
= format_luks_token_text(cd
, reduced
, volume_key
, &text
);
1707 r
= sym_crypt_token_json_set(cd
, CRYPT_ANY_TOKEN
, text
);
1709 return log_error_errno(r
, "Failed to set LUKS JSON token: %m");
1711 log_info("Writing user record as LUKS token completed.");
1714 *ret
= TAKE_PTR(cd
);
1719 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_context
*, fdisk_unref_context
, NULL
);
1720 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_partition
*, fdisk_unref_partition
, NULL
);
1721 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_parttype
*, fdisk_unref_parttype
, NULL
);
1722 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_table
*, fdisk_unref_table
, NULL
);
1724 static int make_partition_table(
1728 uint64_t *ret_offset
,
1730 sd_id128_t
*ret_disk_uuid
) {
1732 _cleanup_(fdisk_unref_partitionp
) struct fdisk_partition
*p
= NULL
, *q
= NULL
;
1733 _cleanup_(fdisk_unref_parttypep
) struct fdisk_parttype
*t
= NULL
;
1734 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
1735 _cleanup_free_
char *path
= NULL
, *disk_uuid_as_string
= NULL
;
1736 uint64_t offset
, size
, first_lba
, start
, last_lba
, end
;
1737 sd_id128_t disk_uuid
;
1745 t
= fdisk_new_parttype();
1749 r
= fdisk_parttype_set_typestr(t
, "773f91ef-66d4-49b5-bd83-d683bf40ad16");
1751 return log_error_errno(r
, "Failed to initialize partition type: %m");
1753 c
= fdisk_new_context();
1757 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
1760 r
= fdisk_assign_device(c
, path
, 0);
1762 return log_error_errno(r
, "Failed to open device: %m");
1764 r
= fdisk_create_disklabel(c
, "gpt");
1766 return log_error_errno(r
, "Failed to create GPT disk label: %m");
1768 p
= fdisk_new_partition();
1772 r
= fdisk_partition_set_type(p
, t
);
1774 return log_error_errno(r
, "Failed to set partition type: %m");
1776 r
= fdisk_partition_partno_follow_default(p
, 1);
1778 return log_error_errno(r
, "Failed to place partition at first free partition index: %m");
1780 first_lba
= fdisk_get_first_lba(c
); /* Boundary where usable space starts */
1781 assert(first_lba
<= UINT64_MAX
/512);
1782 start
= DISK_SIZE_ROUND_UP(first_lba
* 512); /* Round up to multiple of 4K */
1784 if (start
== UINT64_MAX
)
1785 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Overflow while rounding up start LBA.");
1787 last_lba
= fdisk_get_last_lba(c
); /* One sector before boundary where usable space ends */
1788 assert(last_lba
< UINT64_MAX
/512);
1789 end
= DISK_SIZE_ROUND_DOWN((last_lba
+ 1) * 512); /* Round down to multiple of 4K */
1792 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Resulting partition size zero or negative.");
1794 r
= fdisk_partition_set_start(p
, start
/ 512);
1796 return log_error_errno(r
, "Failed to place partition at offset %" PRIu64
": %m", start
);
1798 r
= fdisk_partition_set_size(p
, (end
- start
) / 512);
1800 return log_error_errno(r
, "Failed to end partition at offset %" PRIu64
": %m", end
);
1802 r
= fdisk_partition_set_name(p
, label
);
1804 return log_error_errno(r
, "Failed to set partition name: %m");
1806 r
= fdisk_partition_set_uuid(p
, ID128_TO_UUID_STRING(uuid
));
1808 return log_error_errno(r
, "Failed to set partition UUID: %m");
1810 r
= fdisk_add_partition(c
, p
, NULL
);
1812 return log_error_errno(r
, "Failed to add partition: %m");
1814 r
= fdisk_write_disklabel(c
);
1816 return log_error_errno(r
, "Failed to write disk label: %m");
1818 r
= fdisk_get_disklabel_id(c
, &disk_uuid_as_string
);
1820 return log_error_errno(r
, "Failed to determine disk label UUID: %m");
1822 r
= sd_id128_from_string(disk_uuid_as_string
, &disk_uuid
);
1824 return log_error_errno(r
, "Failed to parse disk label UUID: %m");
1826 r
= fdisk_get_partition(c
, 0, &q
);
1828 return log_error_errno(r
, "Failed to read created partition metadata: %m");
1830 assert(fdisk_partition_has_start(q
));
1831 offset
= fdisk_partition_get_start(q
);
1832 if (offset
> UINT64_MAX
/ 512U)
1833 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Partition offset too large.");
1835 assert(fdisk_partition_has_size(q
));
1836 size
= fdisk_partition_get_size(q
);
1837 if (size
> UINT64_MAX
/ 512U)
1838 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Partition size too large.");
1840 *ret_offset
= offset
* 512U;
1841 *ret_size
= size
* 512U;
1842 *ret_disk_uuid
= disk_uuid
;
1847 static bool supported_fs_size(const char *fstype
, uint64_t host_size
) {
1850 m
= minimal_size_by_fs_name(fstype
);
1851 if (m
== UINT64_MAX
)
1854 return host_size
>= m
;
1857 static int wait_for_devlink(const char *path
) {
1858 _cleanup_close_
int inotify_fd
= -1;
1862 /* let's wait for a device link to show up in /dev, with a timeout. This is good to do since we
1863 * return a /dev/disk/by-uuid/… link to our callers and they likely want to access it right-away,
1864 * hence let's wait until udev has caught up with our changes, and wait for the symlink to be
1867 until
= usec_add(now(CLOCK_MONOTONIC
), 45 * USEC_PER_SEC
);
1870 _cleanup_free_
char *dn
= NULL
;
1873 if (laccess(path
, F_OK
) < 0) {
1874 if (errno
!= ENOENT
)
1875 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", path
);
1877 return 0; /* Found it */
1879 if (inotify_fd
< 0) {
1880 /* We need to wait for the device symlink to show up, let's create an inotify watch for it */
1881 inotify_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1883 return log_error_errno(errno
, "Failed to allocate inotify fd: %m");
1886 dn
= dirname_malloc(path
);
1891 log_info("Watching %s", dn
);
1893 if (inotify_add_watch(inotify_fd
, dn
, IN_CREATE
|IN_MOVED_TO
|IN_ONLYDIR
|IN_DELETE_SELF
|IN_MOVE_SELF
) < 0) {
1894 if (errno
!= ENOENT
)
1895 return log_error_errno(errno
, "Failed to add watch on %s: %m", dn
);
1899 if (empty_or_root(dn
))
1902 dn
= dirname_malloc(dn
);
1905 w
= now(CLOCK_MONOTONIC
);
1907 return log_error_errno(SYNTHETIC_ERRNO(ETIMEDOUT
), "Device link %s still hasn't shown up, giving up.", path
);
1909 r
= fd_wait_for_event(inotify_fd
, POLLIN
, usec_sub_unsigned(until
, w
));
1911 return log_error_errno(r
, "Failed to watch inotify: %m");
1913 (void) flush_fd(inotify_fd
);
1917 static int calculate_disk_size(UserRecord
*h
, const char *parent_dir
, uint64_t *ret
) {
1925 if (h
->disk_size
!= UINT64_MAX
) {
1926 *ret
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
1930 if (statfs(parent_dir
, &sfs
) < 0)
1931 return log_error_errno(errno
, "statfs() on %s failed: %m", parent_dir
);
1933 m
= sfs
.f_bsize
* sfs
.f_bavail
;
1935 if (h
->disk_size_relative
== UINT64_MAX
) {
1937 if (m
> UINT64_MAX
/ USER_DISK_SIZE_DEFAULT_PERCENT
)
1938 return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW
), "Disk size too large.");
1940 *ret
= DISK_SIZE_ROUND_DOWN(m
* USER_DISK_SIZE_DEFAULT_PERCENT
/ 100);
1942 log_info("Sizing home to %u%% of available disk space, which is %s.",
1943 USER_DISK_SIZE_DEFAULT_PERCENT
,
1944 FORMAT_BYTES(*ret
));
1946 *ret
= DISK_SIZE_ROUND_DOWN((uint64_t) ((double) m
* (double) h
->disk_size_relative
/ (double) UINT32_MAX
));
1948 log_info("Sizing home to %" PRIu64
".%01" PRIu64
"%% of available disk space, which is %s.",
1949 (h
->disk_size_relative
* 100) / UINT32_MAX
,
1950 ((h
->disk_size_relative
* 1000) / UINT32_MAX
) % 10,
1951 FORMAT_BYTES(*ret
));
1954 if (*ret
< USER_DISK_SIZE_MIN
)
1955 *ret
= USER_DISK_SIZE_MIN
;
1960 static int home_truncate(
1971 trunc
= user_record_luks_discard(h
);
1973 r
= fallocate(fd
, 0, 0, size
);
1974 if (r
< 0 && ERRNO_IS_NOT_SUPPORTED(errno
)) {
1975 /* Some file systems do not support fallocate(), let's gracefully degrade
1976 * (ZFS, reiserfs, …) and fall back to truncation */
1977 log_notice_errno(errno
, "Backing file system does not support fallocate(), falling back to ftruncate(), i.e. implicitly using non-discard mode.");
1983 r
= ftruncate(fd
, size
);
1986 if (ERRNO_IS_DISK_SPACE(errno
)) {
1987 log_debug_errno(errno
, "Not enough disk space to allocate home of size %s.", FORMAT_BYTES(size
));
1988 return -ENOSPC
; /* make recognizable */
1991 return log_error_errno(errno
, "Failed to truncate home image: %m");
1994 return !trunc
; /* Return == 0 if we managed to truncate, > 0 if we managed to allocate */
1997 int home_create_luks(
2000 const PasswordCache
*cache
,
2001 char **effective_passwords
,
2002 UserRecord
**ret_home
) {
2004 _cleanup_free_
char *subdir
= NULL
, *disk_uuid_path
= NULL
;
2005 uint64_t encrypted_size
,
2006 host_size
= 0, partition_offset
= 0, partition_size
= 0; /* Unnecessary initialization to appease gcc */
2007 _cleanup_(user_record_unrefp
) UserRecord
*new_home
= NULL
;
2008 sd_id128_t partition_uuid
, fs_uuid
, luks_uuid
, disk_uuid
;
2009 _cleanup_close_
int mount_fd
= -1;
2010 const char *fstype
, *ip
;
2015 assert(h
->storage
< 0 || h
->storage
== USER_LUKS
);
2017 assert(!setup
->temporary_image_path
);
2018 assert(setup
->image_fd
< 0);
2021 r
= dlopen_cryptsetup();
2025 assert_se(ip
= user_record_image_path(h
));
2027 fstype
= user_record_file_system_type(h
);
2028 if (!supported_fstype(fstype
))
2029 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "Unsupported file system type: %s", fstype
);
2031 r
= mkfs_exists(fstype
);
2033 return log_error_errno(r
, "Failed to check if mkfs binary for %s exists: %m", fstype
);
2035 if (h
->file_system_type
|| streq(fstype
, "ext4") || !supported_fstype("ext4"))
2036 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "mkfs binary for file system type %s does not exist.", fstype
);
2038 /* If the record does not explicitly declare a file system to use, and the compiled-in
2039 * default does not actually exist, than do an automatic fallback onto ext4, as the baseline
2040 * fs of Linux. We won't search for a working fs type here beyond ext4, i.e. nothing fancier
2041 * than a single, conservative fallback to baseline. This should be useful in minimal
2042 * environments where mkfs.btrfs or so are not made available, but mkfs.ext4 as Linux' most
2043 * boring, most basic fs is. */
2044 log_info("Formatting tool for compiled-in default file system %s not available, falling back to ext4 instead.", fstype
);
2048 if (sd_id128_is_null(h
->partition_uuid
)) {
2049 r
= sd_id128_randomize(&partition_uuid
);
2051 return log_error_errno(r
, "Failed to acquire partition UUID: %m");
2053 partition_uuid
= h
->partition_uuid
;
2055 if (sd_id128_is_null(h
->luks_uuid
)) {
2056 r
= sd_id128_randomize(&luks_uuid
);
2058 return log_error_errno(r
, "Failed to acquire LUKS UUID: %m");
2060 luks_uuid
= h
->luks_uuid
;
2062 if (sd_id128_is_null(h
->file_system_uuid
)) {
2063 r
= sd_id128_randomize(&fs_uuid
);
2065 return log_error_errno(r
, "Failed to acquire file system UUID: %m");
2067 fs_uuid
= h
->file_system_uuid
;
2069 r
= make_dm_names(h
, setup
);
2073 r
= access(setup
->dm_node
, F_OK
);
2075 if (errno
!= ENOENT
)
2076 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", setup
->dm_node
);
2078 return log_error_errno(SYNTHETIC_ERRNO(EEXIST
), "Device mapper device %s already exists, refusing.", setup
->dm_node
);
2080 if (path_startswith(ip
, "/dev/")) {
2081 _cleanup_free_
char *sysfs
= NULL
;
2082 uint64_t block_device_size
;
2085 /* Let's place the home directory on a real device, i.e. an USB stick or such */
2087 setup
->image_fd
= open(ip
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
2088 if (setup
->image_fd
< 0)
2089 return log_error_errno(errno
, "Failed to open device %s: %m", ip
);
2091 if (fstat(setup
->image_fd
, &st
) < 0)
2092 return log_error_errno(errno
, "Failed to stat device %s: %m", ip
);
2093 if (!S_ISBLK(st
.st_mode
))
2094 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Device is not a block device, refusing.");
2096 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/partition", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
2098 if (access(sysfs
, F_OK
) < 0) {
2099 if (errno
!= ENOENT
)
2100 return log_error_errno(errno
, "Failed to check whether %s exists: %m", sysfs
);
2102 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Operating on partitions is currently not supported, sorry. Please specify a top-level block device.");
2104 if (flock(setup
->image_fd
, LOCK_EX
) < 0) /* make sure udev doesn't read from it while we operate on the device */
2105 return log_error_errno(errno
, "Failed to lock block device %s: %m", ip
);
2107 if (ioctl(setup
->image_fd
, BLKGETSIZE64
, &block_device_size
) < 0)
2108 return log_error_errno(errno
, "Failed to read block device size: %m");
2110 if (h
->disk_size
== UINT64_MAX
) {
2112 /* If a relative disk size is requested, apply it relative to the block device size */
2113 if (h
->disk_size_relative
< UINT32_MAX
)
2114 host_size
= CLAMP(DISK_SIZE_ROUND_DOWN(block_device_size
* h
->disk_size_relative
/ UINT32_MAX
),
2115 USER_DISK_SIZE_MIN
, USER_DISK_SIZE_MAX
);
2117 host_size
= block_device_size
; /* Otherwise, take the full device */
2119 } else if (h
->disk_size
> block_device_size
)
2120 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE
), "Selected disk size larger than backing block device, refusing.");
2122 host_size
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
2124 if (!supported_fs_size(fstype
, host_size
))
2125 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
),
2126 "Selected file system size too small for %s.", fstype
);
2128 /* After creation we should reference this partition by its UUID instead of the block
2129 * device. That's preferable since the user might have specified a device node such as
2130 * /dev/sdb to us, which might look very different when replugged. */
2131 if (asprintf(&disk_uuid_path
, "/dev/disk/by-uuid/" SD_ID128_UUID_FORMAT_STR
, SD_ID128_FORMAT_VAL(luks_uuid
)) < 0)
2134 if (user_record_luks_discard(h
) || user_record_luks_offline_discard(h
)) {
2135 /* If we want online or offline discard, discard once before we start using things. */
2137 if (ioctl(setup
->image_fd
, BLKDISCARD
, (uint64_t[]) { 0, block_device_size
}) < 0)
2138 log_full_errno(errno
== EOPNOTSUPP
? LOG_DEBUG
: LOG_WARNING
, errno
,
2139 "Failed to issue full-device BLKDISCARD on device, ignoring: %m");
2141 log_info("Full device discard completed.");
2144 _cleanup_free_
char *parent
= NULL
, *t
= NULL
;
2146 parent
= dirname_malloc(ip
);
2150 r
= mkdir_p(parent
, 0755);
2152 return log_error_errno(r
, "Failed to create parent directory %s: %m", parent
);
2154 r
= calculate_disk_size(h
, parent
, &host_size
);
2158 if (!supported_fs_size(fstype
, host_size
))
2159 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Selected file system size too small for %s.", fstype
);
2161 r
= tempfn_random(ip
, "homework", &t
);
2163 return log_error_errno(r
, "Failed to derive temporary file name for %s: %m", ip
);
2165 setup
->image_fd
= open(t
, O_RDWR
|O_CREAT
|O_EXCL
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, 0600);
2166 if (setup
->image_fd
< 0)
2167 return log_error_errno(errno
, "Failed to create home image %s: %m", t
);
2169 setup
->temporary_image_path
= TAKE_PTR(t
);
2171 r
= chattr_full(t
, setup
->image_fd
, FS_NOCOW_FL
|FS_NOCOMP_FL
, FS_NOCOW_FL
|FS_NOCOMP_FL
, NULL
, NULL
, CHATTR_FALLBACK_BITWISE
);
2172 if (r
< 0 && r
!= -ENOANO
) /* ENOANO → some bits didn't work; which we skip logging about because chattr_full() already debug logs about those flags */
2173 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r
) ? LOG_DEBUG
: LOG_WARNING
, r
,
2174 "Failed to set file attributes on %s, ignoring: %m", setup
->temporary_image_path
);
2176 r
= home_truncate(h
, setup
->image_fd
, host_size
);
2180 log_info("Allocating image file completed.");
2183 r
= make_partition_table(
2185 user_record_user_name_and_realm(h
),
2193 log_info("Writing of partition table completed.");
2195 r
= loop_device_make(setup
->image_fd
, O_RDWR
, partition_offset
, partition_size
, 0, &setup
->loop
);
2197 if (r
== -ENOENT
) { /* this means /dev/loop-control doesn't exist, i.e. we are in a container
2198 * or similar and loopback bock devices are not available, return a
2199 * recognizable error in this case. */
2200 log_error_errno(r
, "Loopback block device support is not available on this system.");
2201 return -ENOLINK
; /* Make recognizable */
2204 return log_error_errno(r
, "Failed to set up loopback device for %s: %m", setup
->temporary_image_path
);
2207 r
= loop_device_flock(setup
->loop
, LOCK_EX
); /* make sure udev won't read before we are done */
2209 return log_error_errno(r
, "Failed to take lock on loop device: %m");
2211 log_info("Setting up loopback device %s completed.", setup
->loop
->node
?: ip
);
2213 r
= luks_format(setup
->loop
->node
,
2216 user_record_user_name_and_realm(h
),
2218 effective_passwords
,
2219 user_record_luks_discard(h
) || user_record_luks_offline_discard(h
),
2221 &setup
->crypt_device
);
2225 setup
->undo_dm
= true;
2227 r
= block_get_size_by_path(setup
->dm_node
, &encrypted_size
);
2229 return log_error_errno(r
, "Failed to get encrypted block device size: %m");
2231 log_info("Setting up LUKS device %s completed.", setup
->dm_node
);
2233 r
= make_filesystem(setup
->dm_node
, fstype
, user_record_user_name_and_realm(h
), fs_uuid
, user_record_luks_discard(h
));
2237 log_info("Formatting file system completed.");
2239 r
= home_unshare_and_mount(setup
->dm_node
, fstype
, user_record_luks_discard(h
), user_record_mount_flags(h
), h
->luks_extra_mount_options
);
2243 setup
->undo_mount
= true;
2245 subdir
= path_join(HOME_RUNTIME_WORK_DIR
, user_record_user_name_and_realm(h
));
2249 /* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
2250 r
= btrfs_subvol_make_fallback(subdir
, 0700);
2252 return log_error_errno(r
, "Failed to create user directory in mounted image file: %m");
2254 setup
->root_fd
= open(subdir
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
2255 if (setup
->root_fd
< 0)
2256 return log_error_errno(errno
, "Failed to open user directory in mounted image file: %m");
2258 (void) home_shift_uid(setup
->root_fd
, NULL
, UID_NOBODY
, h
->uid
, &mount_fd
);
2260 if (mount_fd
>= 0) {
2261 /* If we have established a new mount, then we can use that as new root fd to our home directory. */
2262 safe_close(setup
->root_fd
);
2264 setup
->root_fd
= fd_reopen(mount_fd
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
);
2265 if (setup
->root_fd
< 0)
2266 return log_error_errno(setup
->root_fd
, "Unable to convert mount fd into proper directory fd: %m");
2268 mount_fd
= safe_close(mount_fd
);
2271 r
= home_populate(h
, setup
->root_fd
);
2275 r
= home_sync_and_statfs(setup
->root_fd
, &sfs
);
2279 r
= user_record_clone(h
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_LOG
|USER_RECORD_PERMISSIVE
, &new_home
);
2281 return log_error_errno(r
, "Failed to clone record: %m");
2283 r
= user_record_add_binding(
2286 disk_uuid_path
?: ip
,
2290 sym_crypt_get_cipher(setup
->crypt_device
),
2291 sym_crypt_get_cipher_mode(setup
->crypt_device
),
2292 luks_volume_key_size_convert(setup
->crypt_device
),
2298 return log_error_errno(r
, "Failed to add binding to record: %m");
2300 if (user_record_luks_offline_discard(h
)) {
2301 r
= run_fitrim(setup
->root_fd
);
2306 setup
->root_fd
= safe_close(setup
->root_fd
);
2308 r
= home_setup_undo_mount(setup
, LOG_ERR
);
2312 r
= home_setup_undo_dm(setup
, LOG_ERR
);
2316 setup
->loop
= loop_device_unref(setup
->loop
);
2318 if (!user_record_luks_offline_discard(h
)) {
2319 r
= run_fallocate(setup
->image_fd
, NULL
/* refresh stat() data */);
2324 /* Sync everything to disk before we move things into place under the final name. */
2325 if (fsync(setup
->image_fd
) < 0)
2326 return log_error_errno(r
, "Failed to synchronize image to disk: %m");
2329 /* Reread partition table if this is a block device */
2330 (void) ioctl(setup
->image_fd
, BLKRRPART
, 0);
2332 assert(setup
->temporary_image_path
);
2334 if (rename(setup
->temporary_image_path
, ip
) < 0)
2335 return log_error_errno(errno
, "Failed to rename image file: %m");
2337 setup
->temporary_image_path
= mfree(setup
->temporary_image_path
);
2339 /* If we operate on a file, sync the containing directory too. */
2340 r
= fsync_directory_of_file(setup
->image_fd
);
2342 return log_error_errno(r
, "Failed to synchronize directory of image file to disk: %m");
2344 log_info("Moved image file into place.");
2347 /* Let's close the image fd now. If we are operating on a real block device this will release the BSD
2348 * lock that ensures udev doesn't interfere with what we are doing */
2349 setup
->image_fd
= safe_close(setup
->image_fd
);
2352 (void) wait_for_devlink(disk_uuid_path
);
2354 log_info("Everything completed.");
2356 print_size_summary(host_size
, encrypted_size
, &sfs
);
2358 *ret_home
= TAKE_PTR(new_home
);
2362 int home_get_state_luks(UserRecord
*h
, HomeSetup
*setup
) {
2368 r
= make_dm_names(h
, setup
);
2372 r
= access(setup
->dm_node
, F_OK
);
2373 if (r
< 0 && errno
!= ENOENT
)
2374 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", setup
->dm_node
);
2384 static int can_resize_fs(int fd
, uint64_t old_size
, uint64_t new_size
) {
2389 /* Filter out bogus requests early */
2390 if (old_size
== 0 || old_size
== UINT64_MAX
||
2391 new_size
== 0 || new_size
== UINT64_MAX
)
2392 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid resize parameters.");
2394 if ((old_size
& 511) != 0 || (new_size
& 511) != 0)
2395 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Resize parameters not multiple of 512.");
2397 if (fstatfs(fd
, &sfs
) < 0)
2398 return log_error_errno(errno
, "Failed to fstatfs() file system: %m");
2400 if (is_fs_type(&sfs
, BTRFS_SUPER_MAGIC
)) {
2402 if (new_size
< BTRFS_MINIMAL_SIZE
)
2403 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for btrfs (needs to be 256M at least.");
2405 /* btrfs can grow and shrink online */
2407 } else if (is_fs_type(&sfs
, XFS_SB_MAGIC
)) {
2409 if (new_size
< XFS_MINIMAL_SIZE
)
2410 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for xfs (needs to be 14M at least).");
2412 /* XFS can grow, but not shrink */
2413 if (new_size
< old_size
)
2414 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE
), "Shrinking this type of file system is not supported.");
2416 } else if (is_fs_type(&sfs
, EXT4_SUPER_MAGIC
)) {
2418 if (new_size
< EXT4_MINIMAL_SIZE
)
2419 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for ext4 (needs to be 1M at least).");
2421 /* ext4 can grow online, and shrink offline */
2422 if (new_size
< old_size
)
2423 return CAN_RESIZE_OFFLINE
;
2426 return log_error_errno(SYNTHETIC_ERRNO(ESOCKTNOSUPPORT
), "Resizing this type of file system is not supported.");
2428 return CAN_RESIZE_ONLINE
;
2431 static int ext4_offline_resize_fs(
2435 unsigned long flags
,
2436 const char *extra_mount_options
) {
2438 _cleanup_free_
char *size_str
= NULL
;
2439 bool re_open
= false, re_mount
= false;
2440 pid_t resize_pid
, fsck_pid
;
2444 assert(setup
->dm_node
);
2446 /* First, unmount the file system */
2447 if (setup
->root_fd
>= 0) {
2448 setup
->root_fd
= safe_close(setup
->root_fd
);
2452 if (setup
->undo_mount
) {
2453 r
= home_setup_undo_mount(setup
, LOG_ERR
);
2460 log_info("Temporary unmounting of file system completed.");
2462 /* resize2fs requires that the file system is force checked first, do so. */
2463 r
= safe_fork("(e2fsck)",
2464 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
2470 execlp("e2fsck" ,"e2fsck", "-fp", setup
->dm_node
, NULL
);
2472 log_error_errno(errno
, "Failed to execute e2fsck: %m");
2473 _exit(EXIT_FAILURE
);
2476 exit_status
= wait_for_terminate_and_check("e2fsck", fsck_pid
, WAIT_LOG_ABNORMAL
);
2477 if (exit_status
< 0)
2479 if ((exit_status
& ~FSCK_ERROR_CORRECTED
) != 0) {
2480 log_warning("e2fsck failed with exit status %i.", exit_status
);
2482 if ((exit_status
& (FSCK_SYSTEM_SHOULD_REBOOT
|FSCK_ERRORS_LEFT_UNCORRECTED
)) != 0)
2483 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "File system is corrupted, refusing.");
2485 log_warning("Ignoring fsck error.");
2488 log_info("Forced file system check completed.");
2490 /* We use 512 sectors here, because resize2fs doesn't do byte sizes */
2491 if (asprintf(&size_str
, "%" PRIu64
"s", new_size
/ 512) < 0)
2494 /* Resize the thing */
2495 r
= safe_fork("(e2resize)",
2496 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_WAIT
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
2502 execlp("resize2fs" ,"resize2fs", setup
->dm_node
, size_str
, NULL
);
2504 log_error_errno(errno
, "Failed to execute resize2fs: %m");
2505 _exit(EXIT_FAILURE
);
2508 log_info("Offline file system resize completed.");
2510 /* Re-establish mounts and reopen the directory */
2512 r
= home_mount_node(setup
->dm_node
, "ext4", discard
, flags
, extra_mount_options
);
2516 setup
->undo_mount
= true;
2520 setup
->root_fd
= open(HOME_RUNTIME_WORK_DIR
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
2521 if (setup
->root_fd
< 0)
2522 return log_error_errno(errno
, "Failed to reopen file system: %m");
2525 log_info("File system mounted again.");
2530 static int prepare_resize_partition(
2532 uint64_t partition_offset
,
2533 uint64_t old_partition_size
,
2534 sd_id128_t
*ret_disk_uuid
,
2535 struct fdisk_table
**ret_table
,
2536 struct fdisk_partition
**ret_partition
) {
2538 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
2539 _cleanup_(fdisk_unref_tablep
) struct fdisk_table
*t
= NULL
;
2540 _cleanup_free_
char *path
= NULL
, *disk_uuid_as_string
= NULL
;
2541 struct fdisk_partition
*found
= NULL
;
2542 sd_id128_t disk_uuid
;
2543 size_t n_partitions
;
2547 assert(ret_disk_uuid
);
2550 assert((partition_offset
& 511) == 0);
2551 assert((old_partition_size
& 511) == 0);
2552 assert(UINT64_MAX
- old_partition_size
>= partition_offset
);
2554 if (partition_offset
== 0) {
2555 /* If the offset is at the beginning we assume no partition table, let's exit early. */
2556 log_debug("Not rewriting partition table, operating on naked device.");
2557 *ret_disk_uuid
= SD_ID128_NULL
;
2562 c
= fdisk_new_context();
2566 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
2569 r
= fdisk_assign_device(c
, path
, 0);
2571 return log_error_errno(r
, "Failed to open device: %m");
2573 if (!fdisk_is_labeltype(c
, FDISK_DISKLABEL_GPT
))
2574 return log_error_errno(SYNTHETIC_ERRNO(ENOMEDIUM
), "Disk has no GPT partition table.");
2576 r
= fdisk_get_disklabel_id(c
, &disk_uuid_as_string
);
2578 return log_error_errno(r
, "Failed to acquire disk UUID: %m");
2580 r
= sd_id128_from_string(disk_uuid_as_string
, &disk_uuid
);
2582 return log_error_errno(r
, "Failed parse disk UUID: %m");
2584 r
= fdisk_get_partitions(c
, &t
);
2586 return log_error_errno(r
, "Failed to acquire partition table: %m");
2588 n_partitions
= fdisk_table_get_nents(t
);
2589 for (size_t i
= 0; i
< n_partitions
; i
++) {
2590 struct fdisk_partition
*p
;
2592 p
= fdisk_table_get_partition(t
, i
);
2594 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to read partition metadata: %m");
2596 if (fdisk_partition_is_used(p
) <= 0)
2598 if (fdisk_partition_has_start(p
) <= 0 || fdisk_partition_has_size(p
) <= 0 || fdisk_partition_has_end(p
) <= 0)
2599 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Found partition without a size.");
2601 if (fdisk_partition_get_start(p
) == partition_offset
/ 512U &&
2602 fdisk_partition_get_size(p
) == old_partition_size
/ 512U) {
2605 return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ
), "Partition found twice, refusing.");
2608 } else if (fdisk_partition_get_end(p
) > partition_offset
/ 512U)
2609 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Can't extend, not last partition in image.");
2613 return log_error_errno(SYNTHETIC_ERRNO(ENOPKG
), "Failed to find matching partition to resize.");
2615 *ret_disk_uuid
= disk_uuid
;
2616 *ret_table
= TAKE_PTR(t
);
2617 *ret_partition
= found
;
2622 static int ask_cb(struct fdisk_context
*c
, struct fdisk_ask
*ask
, void *userdata
) {
2627 switch (fdisk_ask_get_type(ask
)) {
2629 case FDISK_ASKTYPE_STRING
:
2630 result
= new(char, 37);
2634 fdisk_ask_string_set_result(ask
, id128_to_uuid_string(*(sd_id128_t
*) userdata
, result
));
2638 log_debug("Unexpected question from libfdisk, ignoring.");
2644 static int apply_resize_partition(
2646 sd_id128_t disk_uuids
,
2647 struct fdisk_table
*t
,
2648 struct fdisk_partition
*p
,
2649 size_t new_partition_size
) {
2651 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
2652 _cleanup_free_
void *two_zero_lbas
= NULL
;
2653 _cleanup_free_
char *path
= NULL
;
2660 if (!t
) /* no partition table to apply, exit early */
2665 /* Before writing our partition patch the final size in */
2666 r
= fdisk_partition_size_explicit(p
, 1);
2668 return log_error_errno(r
, "Failed to enable explicit partition size: %m");
2670 r
= fdisk_partition_set_size(p
, new_partition_size
/ 512U);
2672 return log_error_errno(r
, "Failed to change partition size: %m");
2674 two_zero_lbas
= malloc0(1024U);
2678 /* libfdisk appears to get confused by the existing PMBR. Let's explicitly flush it out. */
2679 n
= pwrite(fd
, two_zero_lbas
, 1024U, 0);
2681 return log_error_errno(errno
, "Failed to wipe partition table: %m");
2683 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short write while wiping partition table.");
2685 c
= fdisk_new_context();
2689 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
2692 r
= fdisk_assign_device(c
, path
, 0);
2694 return log_error_errno(r
, "Failed to open device: %m");
2696 r
= fdisk_create_disklabel(c
, "gpt");
2698 return log_error_errno(r
, "Failed to create GPT disk label: %m");
2700 r
= fdisk_apply_table(c
, t
);
2702 return log_error_errno(r
, "Failed to apply partition table: %m");
2704 r
= fdisk_set_ask(c
, ask_cb
, &disk_uuids
);
2706 return log_error_errno(r
, "Failed to set libfdisk query function: %m");
2708 r
= fdisk_set_disklabel_id(c
);
2710 return log_error_errno(r
, "Failed to change disklabel ID: %m");
2712 r
= fdisk_write_disklabel(c
);
2714 return log_error_errno(r
, "Failed to write disk label: %m");
2719 /* Always keep at least 16M free, so that we can safely log in and update the user record while doing so */
2720 #define HOME_MIN_FREE (16U*1024U*1024U)
2722 static int get_smallest_fs_size(int fd
, uint64_t *ret
) {
2723 uint64_t minsz
, needed
;
2729 /* Determines the minimal disk size we might be able to shrink the file system referenced by the fd to. */
2731 if (syncfs(fd
) < 0) /* let's sync before we query the size, so that the values returned are accurate */
2732 return log_error_errno(errno
, "Failed to synchronize home file system: %m");
2734 if (fstatfs(fd
, &sfs
) < 0)
2735 return log_error_errno(errno
, "Failed to statfs() home file system: %m");
2737 /* Let's determine the minimal file syste size of the used fstype */
2738 minsz
= minimal_size_by_fs_magic(sfs
.f_type
);
2739 if (minsz
== UINT64_MAX
)
2740 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "Don't know minimum file system size of file system type '%s' of home directory.", fs_type_to_string(sfs
.f_type
));
2742 if (minsz
< USER_DISK_SIZE_MIN
)
2743 minsz
= USER_DISK_SIZE_MIN
;
2745 if (sfs
.f_bfree
> sfs
.f_blocks
)
2746 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Detected amount of free blocks is greater than the total amount of file system blocks. Refusing.");
2748 /* Calculate how much disk space is currently in use. */
2749 needed
= sfs
.f_blocks
- sfs
.f_bfree
;
2750 if (needed
> UINT64_MAX
/ sfs
.f_bsize
)
2751 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "File system size out of range.");
2753 needed
*= sfs
.f_bsize
;
2755 /* Add some safety margin of free space we'll always keep */
2756 if (needed
> UINT64_MAX
- HOME_MIN_FREE
) /* Check for overflow */
2757 needed
= UINT64_MAX
;
2759 needed
+= HOME_MIN_FREE
;
2761 *ret
= DISK_SIZE_ROUND_UP(MAX(needed
, minsz
));
2765 static int get_largest_image_size(int fd
, const struct stat
*st
, uint64_t *ret
) {
2766 uint64_t used
, avail
, sum
;
2774 /* Determines the maximum file size we might be able to grow the image file referenced by the fd to. */
2776 r
= stat_verify_regular(st
);
2778 return log_error_errno(r
, "Image file is not a regular file, refusing: %m");
2781 return log_error_errno(errno
, "Failed to synchronize file system backing image file: %m");
2783 if (fstatfs(fd
, &sfs
) < 0)
2784 return log_error_errno(errno
, "Failed to statfs() image file: %m");
2786 used
= (uint64_t) st
->st_blocks
* 512;
2787 avail
= (uint64_t) sfs
.f_bsize
* sfs
.f_bavail
;
2789 if (avail
> UINT64_MAX
- used
)
2794 *ret
= DISK_SIZE_ROUND_DOWN(MIN(sum
, USER_DISK_SIZE_MAX
));
2798 static int resize_fs_loop(
2802 uint64_t old_fs_size
,
2803 uint64_t new_fs_size
,
2804 uint64_t *ret_fs_size
) {
2806 uint64_t current_fs_size
;
2807 unsigned n_iterations
= 0;
2812 assert(setup
->root_fd
>= 0);
2814 /* A bisection loop trying to find the closest size to what the user asked for. (Well, we bisect like
2815 * this only when we *shrink* the fs — if we grow the fs there's no need to bisect.) */
2817 current_fs_size
= old_fs_size
;
2818 for (uint64_t lower_boundary
= new_fs_size
, upper_boundary
= old_fs_size
, try_fs_size
= new_fs_size
;;) {
2823 /* Now resize the file system */
2824 if (resize_type
== CAN_RESIZE_ONLINE
) {
2825 r
= resize_fs(setup
->root_fd
, try_fs_size
, NULL
);
2827 if (!ERRNO_IS_DISK_SPACE(r
) || new_fs_size
> old_fs_size
) /* Not a disk space issue? Not trying to shrink? */
2828 return log_error_errno(r
, "Failed to resize file system: %m");
2830 log_debug_errno(r
, "Shrinking from %s to %s didn't work, not enough space for contained data.", FORMAT_BYTES(current_fs_size
), FORMAT_BYTES(try_fs_size
));
2833 log_debug("Successfully resized from %s to %s.", FORMAT_BYTES(current_fs_size
), FORMAT_BYTES(try_fs_size
));
2834 current_fs_size
= try_fs_size
;
2838 /* If we hit a disk space issue and are shrinking the fs, then maybe it helps to
2839 * increase the image size. */
2841 r
= ext4_offline_resize_fs(setup
, try_fs_size
, user_record_luks_discard(h
), user_record_mount_flags(h
), h
->luks_extra_mount_options
);
2845 /* For now, when we fail to shrink an ext4 image we'll not try again via the
2846 * bisection logic. We might add that later, but give this involves shelling out
2847 * multiple programs it's a bit too cumbersome to my taste. */
2850 current_fs_size
= try_fs_size
;
2853 if (new_fs_size
> old_fs_size
) /* If we are growing we are done after one iteration */
2856 /* If we are shrinking then let's adjust our bisection boundaries and try again. */
2858 upper_boundary
= MIN(upper_boundary
, try_fs_size
);
2860 lower_boundary
= MAX(lower_boundary
, try_fs_size
);
2862 /* OK, this attempt to shrink didn't work. Let's try between the old size and what worked. */
2863 if (lower_boundary
>= upper_boundary
) {
2864 log_debug("Image can't be shrunk further (range to try is empty).");
2868 /* Let's find a new value to try half-way between the lower boundary and the upper boundary
2870 try_fs_size
= DISK_SIZE_ROUND_DOWN(lower_boundary
+ (upper_boundary
- lower_boundary
) / 2);
2871 if (try_fs_size
<= lower_boundary
|| try_fs_size
>= upper_boundary
) {
2872 log_debug("Image can't be shrunk further (remaining range to try too small).");
2877 log_debug("Bisection loop completed after %u iterations.", n_iterations
);
2880 *ret_fs_size
= current_fs_size
;
2885 static int resize_image_loop(
2888 uint64_t old_image_size
,
2889 uint64_t new_image_size
,
2890 uint64_t *ret_image_size
) {
2892 uint64_t current_image_size
;
2893 unsigned n_iterations
= 0;
2898 assert(setup
->image_fd
>= 0);
2900 /* A bisection loop trying to find the closest size to what the user asked for. (Well, we bisect like
2901 * this only when we *grow* the image — if we shrink the image then there's no need to bisect.) */
2903 current_image_size
= old_image_size
;
2904 for (uint64_t lower_boundary
= old_image_size
, upper_boundary
= new_image_size
, try_image_size
= new_image_size
;;) {
2909 r
= home_truncate(h
, setup
->image_fd
, try_image_size
);
2911 if (!ERRNO_IS_DISK_SPACE(r
) || new_image_size
< old_image_size
) /* Not a disk space issue? Not trying to grow? */
2914 log_debug_errno(r
, "Growing from %s to %s didn't work, not enough space on backing disk.", FORMAT_BYTES(current_image_size
), FORMAT_BYTES(try_image_size
));
2916 } else if (r
> 0) { /* Success: allocation worked */
2917 log_debug("Resizing from %s to %s via allocation worked successfully.", FORMAT_BYTES(current_image_size
), FORMAT_BYTES(try_image_size
));
2918 current_image_size
= try_image_size
;
2920 } else { /* Success, but through truncation, not allocation. */
2921 log_debug("Resizing from %s to %s via truncation worked successfully.", FORMAT_BYTES(old_image_size
), FORMAT_BYTES(try_image_size
));
2922 current_image_size
= try_image_size
;
2923 break; /* there's no point in the bisection logic if this was plain truncation and
2924 * not allocation, let's exit immediately. */
2927 if (new_image_size
< old_image_size
) /* If we are shrinking we are done after one iteration */
2930 /* If we are growing then let's adjust our bisection boundaries and try again */
2932 lower_boundary
= MAX(lower_boundary
, try_image_size
);
2934 upper_boundary
= MIN(upper_boundary
, try_image_size
);
2936 if (lower_boundary
>= upper_boundary
) {
2937 log_debug("Image can't be grown further (range to try is empty).");
2941 try_image_size
= DISK_SIZE_ROUND_DOWN(lower_boundary
+ (upper_boundary
- lower_boundary
) / 2);
2942 if (try_image_size
<= lower_boundary
|| try_image_size
>= upper_boundary
) {
2943 log_debug("Image can't be grown further (remaining range to try too small).");
2948 log_debug("Bisection loop completed after %u iterations.", n_iterations
);
2951 *ret_image_size
= current_image_size
;
2956 int home_resize_luks(
2958 HomeSetupFlags flags
,
2960 PasswordCache
*cache
,
2961 UserRecord
**ret_home
) {
2963 uint64_t old_image_size
, new_image_size
, old_fs_size
, new_fs_size
, crypto_offset
, crypto_offset_bytes
,
2964 new_partition_size
, smallest_fs_size
, resized_fs_size
;
2965 _cleanup_(user_record_unrefp
) UserRecord
*header_home
= NULL
, *embedded_home
= NULL
, *new_home
= NULL
;
2966 _cleanup_(fdisk_unref_tablep
) struct fdisk_table
*table
= NULL
;
2967 struct fdisk_partition
*partition
= NULL
;
2968 _cleanup_close_
int opened_image_fd
= -1;
2969 _cleanup_free_
char *whole_disk
= NULL
;
2970 int r
, resize_type
, image_fd
= -1;
2971 sd_id128_t disk_uuid
;
2972 const char *ip
, *ipo
;
2976 INTENTION_DONT_KNOW
= 0, /* These happen to match the return codes of CMP() */
2977 INTENTION_SHRINK
= -1,
2979 } intention
= INTENTION_DONT_KNOW
;
2982 assert(user_record_storage(h
) == USER_LUKS
);
2985 r
= dlopen_cryptsetup();
2989 assert_se(ipo
= user_record_image_path(h
));
2990 ip
= strdupa_safe(ipo
); /* copy out since original might change later in home record object */
2992 if (setup
->image_fd
< 0) {
2993 setup
->image_fd
= open_image_file(h
, NULL
, &st
);
2994 if (setup
->image_fd
< 0)
2995 return setup
->image_fd
;
2997 if (fstat(setup
->image_fd
, &st
) < 0)
2998 return log_error_errno(errno
, "Failed to stat image file %s: %m", ip
);
3001 image_fd
= setup
->image_fd
;
3003 if (S_ISBLK(st
.st_mode
)) {
3006 r
= block_get_whole_disk(st
.st_rdev
, &parent
);
3008 return log_error_errno(r
, "Failed to acquire whole block device for %s: %m", ip
);
3010 /* If we shall resize a file system on a partition device, then let's figure out the
3011 * whole disk device and operate on that instead, since we need to rewrite the
3012 * partition table to resize the partition. */
3014 log_info("Operating on partition device %s, using parent device.", ip
);
3016 r
= device_path_make_major_minor(st
.st_mode
, parent
, &whole_disk
);
3018 return log_error_errno(r
, "Failed to derive whole disk path for %s: %m", ip
);
3020 opened_image_fd
= open(whole_disk
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
3021 if (opened_image_fd
< 0)
3022 return log_error_errno(errno
, "Failed to open whole block device %s: %m", whole_disk
);
3024 image_fd
= opened_image_fd
;
3026 if (fstat(image_fd
, &st
) < 0)
3027 return log_error_errno(errno
, "Failed to stat whole block device %s: %m", whole_disk
);
3028 if (!S_ISBLK(st
.st_mode
))
3029 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Whole block device %s is not actually a block device, refusing.", whole_disk
);
3031 log_info("Operating on whole block device %s.", ip
);
3033 if (ioctl(image_fd
, BLKGETSIZE64
, &old_image_size
) < 0)
3034 return log_error_errno(errno
, "Failed to determine size of original block device: %m");
3036 if (flock(image_fd
, LOCK_EX
) < 0) /* make sure udev doesn't read from it while we operate on the device */
3037 return log_error_errno(errno
, "Failed to lock block device %s: %m", ip
);
3039 new_image_size
= old_image_size
; /* we can't resize physical block devices */
3041 r
= stat_verify_regular(&st
);
3043 return log_error_errno(r
, "Image %s is not a block device nor regular file: %m", ip
);
3045 old_image_size
= st
.st_size
;
3047 /* Note an asymetry here: when we operate on loopback files the specified disk size we get we
3048 * apply onto the loopback file as a whole. When we operate on block devices we instead apply
3049 * to the partition itself only. */
3051 if (FLAGS_SET(flags
, HOME_SETUP_RESIZE_MINIMIZE
)) {
3053 intention
= INTENTION_SHRINK
;
3055 uint64_t new_image_size_rounded
;
3057 new_image_size_rounded
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
3059 if (old_image_size
>= new_image_size_rounded
&& old_image_size
<= h
->disk_size
) {
3060 /* If exact match, or a match after we rounded down, don't do a thing */
3061 log_info("Image size already matching, skipping operation.");
3065 new_image_size
= new_image_size_rounded
;
3066 intention
= CMP(new_image_size
, old_image_size
); /* Is this a shrink */
3070 r
= home_setup_luks(
3076 FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES
) ? NULL
: &header_home
);
3080 if (!FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES
)) {
3081 r
= home_load_embedded_identity(h
, setup
->root_fd
, header_home
, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL
, cache
, &embedded_home
, &new_home
);
3086 log_info("offset = %" PRIu64
", size = %" PRIu64
", image = %" PRIu64
, setup
->partition_offset
, setup
->partition_size
, old_image_size
);
3088 if ((UINT64_MAX
- setup
->partition_offset
) < setup
->partition_size
||
3089 setup
->partition_offset
+ setup
->partition_size
> old_image_size
)
3090 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Old partition doesn't fit in backing storage, refusing.");
3092 if (S_ISREG(st
.st_mode
)) {
3093 uint64_t partition_table_extra
, largest_size
;
3095 partition_table_extra
= old_image_size
- setup
->partition_size
;
3097 r
= get_largest_image_size(setup
->image_fd
, &st
, &largest_size
);
3100 if (new_image_size
> largest_size
)
3101 new_image_size
= largest_size
;
3103 if (new_image_size
< partition_table_extra
)
3104 new_image_size
= partition_table_extra
;
3106 new_partition_size
= DISK_SIZE_ROUND_DOWN(new_image_size
- partition_table_extra
);
3108 assert(S_ISBLK(st
.st_mode
));
3110 if (FLAGS_SET(flags
, HOME_SETUP_RESIZE_MINIMIZE
)) {
3111 new_partition_size
= 0;
3112 intention
= INTENTION_SHRINK
;
3114 uint64_t new_partition_size_rounded
;
3116 new_partition_size_rounded
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
3118 if (setup
->partition_size
>= new_partition_size_rounded
&&
3119 setup
->partition_size
<= h
->disk_size
) {
3120 log_info("Partition size already matching, skipping operation.");
3124 new_partition_size
= new_partition_size_rounded
;
3125 intention
= CMP(new_partition_size
, setup
->partition_size
);
3129 if ((UINT64_MAX
- setup
->partition_offset
) < new_partition_size
||
3130 setup
->partition_offset
+ new_partition_size
> new_image_size
)
3131 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "New partition doesn't fit into backing storage, refusing.");
3133 crypto_offset
= sym_crypt_get_data_offset(setup
->crypt_device
);
3134 if (crypto_offset
> UINT64_MAX
/512U)
3135 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "LUKS2 data offset out of range, refusing.");
3136 crypto_offset_bytes
= (uint64_t) crypto_offset
* 512U;
3137 if (setup
->partition_size
<= crypto_offset_bytes
)
3138 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Weird, old crypto payload offset doesn't actually fit in partition size?");
3140 /* Make sure at least the LUKS header fit in */
3141 if (new_partition_size
<= crypto_offset_bytes
) {
3144 add
= DISK_SIZE_ROUND_UP(crypto_offset_bytes
) - new_partition_size
;
3145 new_partition_size
+= add
;
3146 if (S_ISREG(st
.st_mode
))
3147 new_image_size
+= add
;
3150 old_fs_size
= setup
->partition_size
- crypto_offset_bytes
;
3151 new_fs_size
= DISK_SIZE_ROUND_DOWN(new_partition_size
- crypto_offset_bytes
);
3153 r
= get_smallest_fs_size(setup
->root_fd
, &smallest_fs_size
);
3157 if (new_fs_size
< smallest_fs_size
) {
3160 add
= DISK_SIZE_ROUND_UP(smallest_fs_size
) - new_fs_size
;
3162 new_partition_size
+= add
;
3163 if (S_ISREG(st
.st_mode
))
3164 new_image_size
+= add
;
3167 if (new_fs_size
== old_fs_size
) {
3168 log_info("New file system size identical to old file system size, skipping operation.");
3172 if (FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_GROW
) && new_fs_size
> old_fs_size
) {
3173 log_info("New file system size would be larger than old, but shrinking requested, skipping operation.");
3177 if (FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SHRINK
) && new_fs_size
< old_fs_size
) {
3178 log_info("New file system size would be smaller than old, but growing requested, skipping operation.");
3182 if (CMP(new_fs_size
, old_fs_size
) != intention
) {
3184 log_info("Shrink operation would enlarge file system, skipping operation.");
3186 assert(intention
> 0);
3187 log_info("Grow operation would shrink file system, skipping operation.");
3192 /* Before we start doing anything, let's figure out if we actually can */
3193 resize_type
= can_resize_fs(setup
->root_fd
, old_fs_size
, new_fs_size
);
3194 if (resize_type
< 0)
3196 if (resize_type
== CAN_RESIZE_OFFLINE
&& FLAGS_SET(flags
, HOME_SETUP_ALREADY_ACTIVATED
))
3197 return log_error_errno(SYNTHETIC_ERRNO(ETXTBSY
), "File systems of this type can only be resized offline, but is currently online.");
3199 log_info("Ready to resize image size %s → %s, partition size %s → %s, file system size %s → %s.",
3200 FORMAT_BYTES(old_image_size
),
3201 FORMAT_BYTES(new_image_size
),
3202 FORMAT_BYTES(setup
->partition_size
),
3203 FORMAT_BYTES(new_partition_size
),
3204 FORMAT_BYTES(old_fs_size
),
3205 FORMAT_BYTES(new_fs_size
));
3207 r
= prepare_resize_partition(
3209 setup
->partition_offset
,
3210 setup
->partition_size
,
3217 if (new_fs_size
> old_fs_size
) { /* → Grow */
3219 if (S_ISREG(st
.st_mode
)) {
3220 uint64_t resized_image_size
;
3222 /* Grow file size */
3223 r
= resize_image_loop(h
, setup
, old_image_size
, new_image_size
, &resized_image_size
);
3227 if (resized_image_size
== old_image_size
) {
3228 log_info("Couldn't change image size.");
3232 assert(resized_image_size
> old_image_size
);
3234 log_info("Growing of image file from %s to %s completed.", FORMAT_BYTES(old_image_size
), FORMAT_BYTES(resized_image_size
));
3236 if (resized_image_size
< new_image_size
) {
3239 /* If the growing we managed to do is smaller than what we wanted we need to
3240 * adjust the partition/file system sizes we are going for, too */
3241 sub
= new_image_size
- resized_image_size
;
3242 assert(new_partition_size
>= sub
);
3243 new_partition_size
-= sub
;
3244 assert(new_fs_size
>= sub
);
3248 new_image_size
= resized_image_size
;
3250 assert(S_ISBLK(st
.st_mode
));
3251 assert(new_image_size
== old_image_size
);
3254 /* Make sure loopback device sees the new bigger size */
3255 r
= loop_device_refresh_size(setup
->loop
, UINT64_MAX
, new_partition_size
);
3257 log_debug_errno(r
, "Device is not a loopback device, not refreshing size.");
3259 return log_error_errno(r
, "Failed to refresh loopback device size: %m");
3261 log_info("Refreshing loop device size completed.");
3263 r
= apply_resize_partition(image_fd
, disk_uuid
, table
, partition
, new_partition_size
);
3267 log_info("Growing of partition completed.");
3269 if (S_ISBLK(st
.st_mode
) && ioctl(image_fd
, BLKRRPART
, 0) < 0)
3270 log_debug_errno(errno
, "BLKRRPART failed on block device, ignoring: %m");
3272 /* Tell LUKS about the new bigger size too */
3273 r
= sym_crypt_resize(setup
->crypt_device
, setup
->dm_name
, new_fs_size
/ 512U);
3275 return log_error_errno(r
, "Failed to grow LUKS device: %m");
3277 log_info("LUKS device growing completed.");
3281 if (!FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES
)) {
3282 r
= home_store_embedded_identity(new_home
, setup
->root_fd
, h
->uid
, embedded_home
);
3287 if (S_ISREG(st
.st_mode
)) {
3288 if (user_record_luks_discard(h
))
3289 /* Before we shrink, let's trim the file system, so that we need less space on disk during the shrinking */
3290 (void) run_fitrim(setup
->root_fd
);
3292 /* If discard is off, let's ensure all backing blocks are allocated, so that our resize operation doesn't fail half-way */
3293 r
= run_fallocate(image_fd
, &st
);
3300 /* Now try to resize the file system. The requested size might not always be possible, in which case
3301 * we'll try to get as close as we can get. The result is returned in 'resized_fs_size' */
3302 r
= resize_fs_loop(h
, setup
, resize_type
, old_fs_size
, new_fs_size
, &resized_fs_size
);
3306 if (resized_fs_size
== old_fs_size
) {
3307 log_info("Couldn't change file system size.");
3311 log_info("File system resizing from %s to %s completed.", FORMAT_BYTES(old_fs_size
), FORMAT_BYTES(resized_fs_size
));
3313 if (resized_fs_size
> new_fs_size
) {
3316 /* If the shrinking we managed to do is larger than what we wanted we need to adjust the partition/image sizes. */
3317 add
= resized_fs_size
- new_fs_size
;
3318 new_partition_size
+= add
;
3319 if (S_ISREG(st
.st_mode
))
3320 new_image_size
+= add
;
3323 new_fs_size
= resized_fs_size
;
3325 /* Immediately sync afterwards */
3326 r
= home_sync_and_statfs(setup
->root_fd
, NULL
);
3330 if (new_fs_size
< old_fs_size
) { /* → Shrink */
3332 /* Shrink the LUKS device now, matching the new file system size */
3333 r
= sym_crypt_resize(setup
->crypt_device
, setup
->dm_name
, new_fs_size
/ 512);
3335 return log_error_errno(r
, "Failed to shrink LUKS device: %m");
3337 log_info("LUKS device shrinking completed.");
3339 /* Refresh the loop devices size */
3340 r
= loop_device_refresh_size(setup
->loop
, UINT64_MAX
, new_partition_size
);
3342 log_debug_errno(r
, "Device is not a loopback device, not refreshing size.");
3344 return log_error_errno(r
, "Failed to refresh loopback device size: %m");
3346 log_info("Refreshing loop device size completed.");
3348 if (S_ISREG(st
.st_mode
)) {
3349 /* Shrink the image file */
3350 if (ftruncate(image_fd
, new_image_size
) < 0)
3351 return log_error_errno(errno
, "Failed to shrink image file %s: %m", ip
);
3353 log_info("Shrinking of image file completed.");
3355 assert(S_ISBLK(st
.st_mode
));
3356 assert(new_image_size
== old_image_size
);
3359 r
= apply_resize_partition(image_fd
, disk_uuid
, table
, partition
, new_partition_size
);
3363 log_info("Shrinking of partition completed.");
3365 if (S_ISBLK(st
.st_mode
) && ioctl(image_fd
, BLKRRPART
, 0) < 0)
3366 log_debug_errno(errno
, "BLKRRPART failed on block device, ignoring: %m");
3368 } else { /* → Grow */
3369 if (!FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES
)) {
3370 r
= home_store_embedded_identity(new_home
, setup
->root_fd
, h
->uid
, embedded_home
);
3376 if (!FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES
)) {
3377 r
= home_store_header_identity_luks(new_home
, setup
, header_home
);
3381 r
= home_extend_embedded_identity(new_home
, h
, setup
);
3386 if (user_record_luks_discard(h
))
3387 (void) run_fitrim(setup
->root_fd
);
3389 r
= home_sync_and_statfs(setup
->root_fd
, &sfs
);
3393 if (!FLAGS_SET(flags
, HOME_SETUP_RESIZE_DONT_UNDO
)) {
3394 r
= home_setup_done(setup
);
3399 log_info("Everything completed.");
3401 print_size_summary(new_image_size
, new_fs_size
, &sfs
);
3404 *ret_home
= TAKE_PTR(new_home
);
3409 int home_passwd_luks(
3412 const PasswordCache
*cache
, /* the passwords acquired via PKCS#11/FIDO2 security tokens */
3413 char **effective_passwords
/* new passwords */) {
3415 size_t volume_key_size
, max_key_slots
, n_effective
;
3416 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
3417 struct crypt_pbkdf_type good_pbkdf
, minimal_pbkdf
;
3423 assert(user_record_storage(h
) == USER_LUKS
);
3426 r
= dlopen_cryptsetup();
3430 type
= sym_crypt_get_type(setup
->crypt_device
);
3432 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine crypto device type.");
3434 r
= sym_crypt_keyslot_max(type
);
3436 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine number of key slots.");
3439 r
= sym_crypt_get_volume_key_size(setup
->crypt_device
);
3441 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine volume key size.");
3442 volume_key_size
= (size_t) r
;
3444 volume_key
= malloc(volume_key_size
);
3449 FOREACH_POINTER(list
,
3450 cache
? cache
->pkcs11_passwords
: NULL
,
3451 cache
? cache
->fido2_passwords
: NULL
,
3454 r
= luks_try_passwords(setup
->crypt_device
, list
, volume_key
, &volume_key_size
);
3459 return log_error_errno(SYNTHETIC_ERRNO(ENOKEY
), "Failed to unlock LUKS superblock with supplied passwords.");
3461 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
3463 n_effective
= strv_length(effective_passwords
);
3465 build_good_pbkdf(&good_pbkdf
, h
);
3466 build_minimal_pbkdf(&minimal_pbkdf
, h
);
3468 for (size_t i
= 0; i
< max_key_slots
; i
++) {
3469 r
= sym_crypt_keyslot_destroy(setup
->crypt_device
, i
);
3470 if (r
< 0 && !IN_SET(r
, -ENOENT
, -EINVAL
)) /* Returns EINVAL or ENOENT if there's no key in this slot already */
3471 return log_error_errno(r
, "Failed to destroy LUKS password: %m");
3473 if (i
>= n_effective
) {
3475 log_info("Destroyed LUKS key slot %zu.", i
);
3479 if (password_cache_contains(cache
, effective_passwords
[i
])) { /* Is this a FIDO2 or PKCS#11 password? */
3480 log_debug("Using minimal PBKDF for slot %zu", i
);
3481 r
= sym_crypt_set_pbkdf_type(setup
->crypt_device
, &minimal_pbkdf
);
3483 log_debug("Using good PBKDF for slot %zu", i
);
3484 r
= sym_crypt_set_pbkdf_type(setup
->crypt_device
, &good_pbkdf
);
3487 return log_error_errno(r
, "Failed to tweak PBKDF for slot %zu: %m", i
);
3489 r
= sym_crypt_keyslot_add_by_volume_key(
3490 setup
->crypt_device
,
3494 effective_passwords
[i
],
3495 strlen(effective_passwords
[i
]));
3497 return log_error_errno(r
, "Failed to set up LUKS password: %m");
3499 log_info("Updated LUKS key slot %zu.", i
);
3505 int home_lock_luks(UserRecord
*h
, HomeSetup
*setup
) {
3511 assert(setup
->root_fd
< 0);
3512 assert(!setup
->crypt_device
);
3514 r
= acquire_open_luks_device(h
, setup
, /* graceful= */ false);
3518 log_info("Discovered used LUKS device %s.", setup
->dm_node
);
3520 assert_se(p
= user_record_home_directory(h
));
3521 r
= syncfs_path(AT_FDCWD
, p
);
3522 if (r
< 0) /* Snake oil, but let's better be safe than sorry */
3523 return log_error_errno(r
, "Failed to synchronize file system %s: %m", p
);
3525 log_info("File system synchronized.");
3527 /* Note that we don't invoke FIFREEZE here, it appears libcryptsetup/device-mapper already does that on its own for us */
3529 r
= sym_crypt_suspend(setup
->crypt_device
, setup
->dm_name
);
3531 return log_error_errno(r
, "Failed to suspend cryptsetup device: %s: %m", setup
->dm_node
);
3533 log_info("LUKS device suspended.");
3537 static int luks_try_resume(
3538 struct crypt_device
*cd
,
3539 const char *dm_name
,
3548 STRV_FOREACH(pp
, password
) {
3549 r
= sym_crypt_resume_by_passphrase(
3556 log_info("Resumed LUKS device %s.", dm_name
);
3560 log_debug_errno(r
, "Password %zu didn't work for resuming device: %m", (size_t) (pp
- password
));
3566 int home_unlock_luks(UserRecord
*h
, HomeSetup
*setup
, const PasswordCache
*cache
) {
3572 assert(!setup
->crypt_device
);
3574 r
= acquire_open_luks_device(h
, setup
, /* graceful= */ false);
3578 log_info("Discovered used LUKS device %s.", setup
->dm_node
);
3581 FOREACH_POINTER(list
,
3582 cache
? cache
->pkcs11_passwords
: NULL
,
3583 cache
? cache
->fido2_passwords
: NULL
,
3585 r
= luks_try_resume(setup
->crypt_device
, setup
->dm_name
, list
);
3590 return log_error_errno(r
, "No valid password for LUKS superblock.");
3592 return log_error_errno(r
, "Failed to resume LUKS superblock: %m");
3594 log_info("LUKS device resumed.");
3598 static int device_is_gone(HomeSetup
*setup
) {
3599 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
3605 if (!setup
->dm_node
)
3608 if (stat(setup
->dm_node
, &st
) < 0) {
3609 if (errno
!= ENOENT
)
3610 return log_error_errno(errno
, "Failed to stat block device node %s: %m", setup
->dm_node
);
3615 r
= sd_device_new_from_stat_rdev(&d
, &st
);
3618 return log_error_errno(errno
, "Failed to allocate device object from block device node %s: %m", setup
->dm_node
);
3626 static int device_monitor_handler(sd_device_monitor
*monitor
, sd_device
*device
, void *userdata
) {
3627 HomeSetup
*setup
= userdata
;
3632 if (!device_for_action(device
, SD_DEVICE_REMOVE
))
3635 /* We don't really care for the device object passed to us, we just check if the device node still
3638 r
= device_is_gone(setup
);
3641 if (r
> 0) /* Yay! we are done! */
3642 (void) sd_event_exit(sd_device_monitor_get_event(monitor
), 0);
3647 int wait_for_block_device_gone(HomeSetup
*setup
, usec_t timeout_usec
) {
3648 _cleanup_(sd_device_monitor_unrefp
) sd_device_monitor
*m
= NULL
;
3649 _cleanup_(sd_event_unrefp
) sd_event
*event
= NULL
;
3654 /* So here's the thing: we enable "deferred deactivation" on our dm-crypt volumes. This means they
3655 * are automatically torn down once not used anymore (i.e. once unmounted). Which is great. It also
3656 * means that when we deactivate a home directory and try to tear down the volume that backs it, it
3657 * possibly is aleady torn down or in the process of being torn down, since we race against the
3658 * automatic tearing down. Which is fine, we handle errors from that. However, we lose the ability to
3659 * naturally wait for the tear down operation to complete: if we are not the ones who tear down the
3660 * device we are also not the ones who naturally block on that operation. Hence let's add some code
3661 * to actively wait for the device to go away, via sd-device. We'll call this whenever tearing down a
3662 * LUKS device, to ensure the device is really really gone before we proceed. Net effect: "homectl
3663 * deactivate foo && homectl activate foo" will work reliably, i.e. deactivation immediately followed
3664 * by activation will work. Also, by the time deactivation completes we can guarantee that all data
3665 * is sync'ed down to the lowest block layer as all higher levels are fully and entirely
3668 if (!setup
->dm_name
)
3671 assert(setup
->dm_node
);
3672 log_debug("Waiting until %s disappears.", setup
->dm_node
);
3674 r
= sd_event_new(&event
);
3676 return log_error_errno(r
, "Failed to allocate event loop: %m");
3678 r
= sd_device_monitor_new(&m
);
3680 return log_error_errno(r
, "Failed to allocate device monitor: %m");
3682 r
= sd_device_monitor_filter_add_match_subsystem_devtype(m
, "block", "disk");
3684 return log_error_errno(r
, "Failed to configure device monitor match: %m");
3686 r
= sd_device_monitor_attach_event(m
, event
);
3688 return log_error_errno(r
, "Failed to attach device monitor to event loop: %m");
3690 r
= sd_device_monitor_start(m
, device_monitor_handler
, setup
);
3692 return log_error_errno(r
, "Failed to start device monitor: %m");
3694 r
= device_is_gone(setup
);
3698 log_debug("%s has already disappeared before entering wait loop.", setup
->dm_node
);
3699 return 0; /* gone already */
3702 if (timeout_usec
!= USEC_INFINITY
) {
3703 r
= sd_event_add_time_relative(event
, NULL
, CLOCK_MONOTONIC
, timeout_usec
, 0, NULL
, NULL
);
3705 return log_error_errno(r
, "Failed to add timer event: %m");
3708 r
= sd_event_loop(event
);
3710 return log_error_errno(r
, "Failed to run event loop: %m");
3712 r
= device_is_gone(setup
);
3716 return log_error_errno(r
, "Device %s still around.", setup
->dm_node
);
3718 log_debug("Successfully waited until device %s disappeared.", setup
->dm_node
);