]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homework-luks.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #21411 from poettering/homed-maximize
[thirdparty/systemd.git] / src / home / homework-luks.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <libfdisk.h>
4 #include <linux/loop.h>
5 #include <poll.h>
6 #include <sys/file.h>
7 #include <sys/ioctl.h>
8 #include <sys/mount.h>
9 #include <sys/xattr.h>
10
11 #if HAVE_VALGRIND_MEMCHECK_H
12 #include <valgrind/memcheck.h>
13 #endif
14
15 #include "sd-daemon.h"
16 #include "sd-device.h"
17 #include "sd-event.h"
18
19 #include "blkid-util.h"
20 #include "blockdev-util.h"
21 #include "btrfs-util.h"
22 #include "chattr-util.h"
23 #include "dm-util.h"
24 #include "env-util.h"
25 #include "errno-util.h"
26 #include "fd-util.h"
27 #include "fileio.h"
28 #include "filesystems.h"
29 #include "fs-util.h"
30 #include "fsck-util.h"
31 #include "home-util.h"
32 #include "homework-luks.h"
33 #include "homework-mount.h"
34 #include "id128-util.h"
35 #include "io-util.h"
36 #include "memory-util.h"
37 #include "missing_magic.h"
38 #include "mkdir.h"
39 #include "mkfs-util.h"
40 #include "mount-util.h"
41 #include "openssl-util.h"
42 #include "parse-util.h"
43 #include "path-util.h"
44 #include "process-util.h"
45 #include "random-util.h"
46 #include "resize-fs.h"
47 #include "stat-util.h"
48 #include "strv.h"
49 #include "sync-util.h"
50 #include "tmpfile-util.h"
51 #include "udev-util.h"
52 #include "user-util.h"
53
54 /* Round down to the nearest 4K size. Given that newer hardware generally prefers 4K sectors, let's align our
55 * partitions to that too. In the worst case we'll waste 3.5K per partition that way, but I think I can live
56 * with that. */
57 #define DISK_SIZE_ROUND_DOWN(x) ((x) & ~UINT64_C(4095))
58
59 /* Rounds up to the nearest 4K boundary. Returns UINT64_MAX on overflow */
60 #define DISK_SIZE_ROUND_UP(x) \
61 ({ \
62 uint64_t _x = (x); \
63 _x > UINT64_MAX - 4095U ? UINT64_MAX : (_x + 4095U) & ~UINT64_C(4095); \
64 })
65
66
67 int run_mark_dirty(int fd, bool b) {
68 char x = '1';
69 int r, ret;
70
71 /* Sets or removes the 'user.home-dirty' xattr on the specified file. We use this to detect when a
72 * home directory was not properly unmounted. */
73
74 assert(fd >= 0);
75
76 r = fd_verify_regular(fd);
77 if (r < 0)
78 return r;
79
80 if (b) {
81 ret = fsetxattr(fd, "user.home-dirty", &x, 1, XATTR_CREATE);
82 if (ret < 0 && errno != EEXIST)
83 return log_debug_errno(errno, "Could not mark home directory as dirty: %m");
84
85 } else {
86 r = fsync_full(fd);
87 if (r < 0)
88 return log_debug_errno(r, "Failed to synchronize image before marking it clean: %m");
89
90 ret = fremovexattr(fd, "user.home-dirty");
91 if (ret < 0 && errno != ENODATA)
92 return log_debug_errno(errno, "Could not mark home directory as clean: %m");
93 }
94
95 r = fsync_full(fd);
96 if (r < 0)
97 return log_debug_errno(r, "Failed to synchronize dirty flag to disk: %m");
98
99 return ret >= 0;
100 }
101
102 int run_mark_dirty_by_path(const char *path, bool b) {
103 _cleanup_close_ int fd = -1;
104
105 assert(path);
106
107 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY);
108 if (fd < 0)
109 return log_debug_errno(errno, "Failed to open %s to mark dirty or clean: %m", path);
110
111 return run_mark_dirty(fd, b);
112 }
113
114 static int probe_file_system_by_fd(
115 int fd,
116 char **ret_fstype,
117 sd_id128_t *ret_uuid) {
118
119 _cleanup_(blkid_free_probep) blkid_probe b = NULL;
120 _cleanup_free_ char *s = NULL;
121 const char *fstype = NULL, *uuid = NULL;
122 sd_id128_t id;
123 int r;
124
125 assert(fd >= 0);
126 assert(ret_fstype);
127 assert(ret_uuid);
128
129 b = blkid_new_probe();
130 if (!b)
131 return -ENOMEM;
132
133 errno = 0;
134 r = blkid_probe_set_device(b, fd, 0, 0);
135 if (r != 0)
136 return errno > 0 ? -errno : -ENOMEM;
137
138 (void) blkid_probe_enable_superblocks(b, 1);
139 (void) blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE|BLKID_SUBLKS_UUID);
140
141 errno = 0;
142 r = blkid_do_safeprobe(b);
143 if (IN_SET(r, -2, 1)) /* nothing found or ambiguous result */
144 return -ENOPKG;
145 if (r != 0)
146 return errno > 0 ? -errno : -EIO;
147
148 (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
149 if (!fstype)
150 return -ENOPKG;
151
152 (void) blkid_probe_lookup_value(b, "UUID", &uuid, NULL);
153 if (!uuid)
154 return -ENOPKG;
155
156 r = sd_id128_from_string(uuid, &id);
157 if (r < 0)
158 return r;
159
160 s = strdup(fstype);
161 if (!s)
162 return -ENOMEM;
163
164 *ret_fstype = TAKE_PTR(s);
165 *ret_uuid = id;
166
167 return 0;
168 }
169
170 static int probe_file_system_by_path(const char *path, char **ret_fstype, sd_id128_t *ret_uuid) {
171 _cleanup_close_ int fd = -1;
172
173 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
174 if (fd < 0)
175 return -errno;
176
177 return probe_file_system_by_fd(fd, ret_fstype, ret_uuid);
178 }
179
180 static int block_get_size_by_fd(int fd, uint64_t *ret) {
181 struct stat st;
182
183 assert(fd >= 0);
184 assert(ret);
185
186 if (fstat(fd, &st) < 0)
187 return -errno;
188
189 if (!S_ISBLK(st.st_mode))
190 return -ENOTBLK;
191
192 return RET_NERRNO(ioctl(fd, BLKGETSIZE64, ret));
193 }
194
195 static int block_get_size_by_path(const char *path, uint64_t *ret) {
196 _cleanup_close_ int fd = -1;
197
198 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
199 if (fd < 0)
200 return -errno;
201
202 return block_get_size_by_fd(fd, ret);
203 }
204
205 static int run_fsck(const char *node, const char *fstype) {
206 int r, exit_status;
207 pid_t fsck_pid;
208
209 assert(node);
210 assert(fstype);
211
212 r = fsck_exists(fstype);
213 if (r < 0)
214 return log_error_errno(r, "Failed to check if fsck for file system %s exists: %m", fstype);
215 if (r == 0) {
216 log_warning("No fsck for file system %s installed, ignoring.", fstype);
217 return 0;
218 }
219
220 r = safe_fork("(fsck)",
221 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
222 &fsck_pid);
223 if (r < 0)
224 return r;
225 if (r == 0) {
226 /* Child */
227 execl("/sbin/fsck", "/sbin/fsck", "-aTl", node, NULL);
228 log_open();
229 log_error_errno(errno, "Failed to execute fsck: %m");
230 _exit(FSCK_OPERATIONAL_ERROR);
231 }
232
233 exit_status = wait_for_terminate_and_check("fsck", fsck_pid, WAIT_LOG_ABNORMAL);
234 if (exit_status < 0)
235 return exit_status;
236 if ((exit_status & ~FSCK_ERROR_CORRECTED) != 0) {
237 log_warning("fsck failed with exit status %i.", exit_status);
238
239 if ((exit_status & (FSCK_SYSTEM_SHOULD_REBOOT|FSCK_ERRORS_LEFT_UNCORRECTED)) != 0)
240 return log_error_errno(SYNTHETIC_ERRNO(EIO), "File system is corrupted, refusing.");
241
242 log_warning("Ignoring fsck error.");
243 }
244
245 log_info("File system check completed.");
246
247 return 1;
248 }
249
250 static int luks_try_passwords(
251 struct crypt_device *cd,
252 char **passwords,
253 void *volume_key,
254 size_t *volume_key_size) {
255
256 char **pp;
257 int r;
258
259 assert(cd);
260
261 STRV_FOREACH(pp, passwords) {
262 size_t vks = *volume_key_size;
263
264 r = sym_crypt_volume_key_get(
265 cd,
266 CRYPT_ANY_SLOT,
267 volume_key,
268 &vks,
269 *pp,
270 strlen(*pp));
271 if (r >= 0) {
272 *volume_key_size = vks;
273 return 0;
274 }
275
276 log_debug_errno(r, "Password %zu didn't work for unlocking LUKS superblock: %m", (size_t) (pp - passwords));
277 }
278
279 return -ENOKEY;
280 }
281
282 static int luks_setup(
283 const char *node,
284 const char *dm_name,
285 sd_id128_t uuid,
286 const char *cipher,
287 const char *cipher_mode,
288 uint64_t volume_key_size,
289 char **passwords,
290 const PasswordCache *cache,
291 bool discard,
292 struct crypt_device **ret,
293 sd_id128_t *ret_found_uuid,
294 void **ret_volume_key,
295 size_t *ret_volume_key_size) {
296
297 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
298 _cleanup_(erase_and_freep) void *vk = NULL;
299 sd_id128_t p;
300 size_t vks;
301 char **list;
302 int r;
303
304 assert(node);
305 assert(dm_name);
306 assert(ret);
307
308 r = sym_crypt_init(&cd, node);
309 if (r < 0)
310 return log_error_errno(r, "Failed to allocate libcryptsetup context: %m");
311
312 cryptsetup_enable_logging(cd);
313
314 r = sym_crypt_load(cd, CRYPT_LUKS2, NULL);
315 if (r < 0)
316 return log_error_errno(r, "Failed to load LUKS superblock: %m");
317
318 r = sym_crypt_get_volume_key_size(cd);
319 if (r <= 0)
320 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine LUKS volume key size");
321 vks = (size_t) r;
322
323 if (!sd_id128_is_null(uuid) || ret_found_uuid) {
324 const char *s;
325
326 s = sym_crypt_get_uuid(cd);
327 if (!s)
328 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has no UUID.");
329
330 r = sd_id128_from_string(s, &p);
331 if (r < 0)
332 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has invalid UUID.");
333
334 /* Check that the UUID matches, if specified */
335 if (!sd_id128_is_null(uuid) &&
336 !sd_id128_equal(uuid, p))
337 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has wrong UUID.");
338 }
339
340 if (cipher && !streq_ptr(cipher, sym_crypt_get_cipher(cd)))
341 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong cipher.");
342
343 if (cipher_mode && !streq_ptr(cipher_mode, sym_crypt_get_cipher_mode(cd)))
344 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong cipher mode.");
345
346 if (volume_key_size != UINT64_MAX && vks != volume_key_size)
347 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong volume key size.");
348
349 vk = malloc(vks);
350 if (!vk)
351 return log_oom();
352
353 r = -ENOKEY;
354 FOREACH_POINTER(list,
355 cache ? cache->pkcs11_passwords : NULL,
356 cache ? cache->fido2_passwords : NULL,
357 passwords) {
358 r = luks_try_passwords(cd, list, vk, &vks);
359 if (r != -ENOKEY)
360 break;
361 }
362 if (r == -ENOKEY)
363 return log_error_errno(r, "No valid password for LUKS superblock.");
364 if (r < 0)
365 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
366
367 r = sym_crypt_activate_by_volume_key(
368 cd,
369 dm_name,
370 vk, vks,
371 discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
372 if (r < 0)
373 return log_error_errno(r, "Failed to unlock LUKS superblock: %m");
374
375 log_info("Setting up LUKS device /dev/mapper/%s completed.", dm_name);
376
377 *ret = TAKE_PTR(cd);
378
379 if (ret_found_uuid) /* Return the UUID actually found if the caller wants to know */
380 *ret_found_uuid = p;
381 if (ret_volume_key)
382 *ret_volume_key = TAKE_PTR(vk);
383 if (ret_volume_key_size)
384 *ret_volume_key_size = vks;
385
386 return 0;
387 }
388
389 static int make_dm_names(UserRecord *h, HomeSetup *setup) {
390 assert(h);
391 assert(h->user_name);
392 assert(setup);
393
394 if (!setup->dm_name) {
395 setup->dm_name = strjoin("home-", h->user_name);
396 if (!setup->dm_name)
397 return log_oom();
398 }
399
400 if (!setup->dm_node) {
401 setup->dm_node = path_join("/dev/mapper/", setup->dm_name);
402 if (!setup->dm_node)
403 return log_oom();
404 }
405
406 return 0;
407 }
408
409 static int acquire_open_luks_device(
410 UserRecord *h,
411 HomeSetup *setup,
412 bool graceful) {
413
414 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
415 int r;
416
417 assert(h);
418 assert(setup);
419 assert(!setup->crypt_device);
420
421 r = dlopen_cryptsetup();
422 if (r < 0)
423 return r;
424
425 r = make_dm_names(h, setup);
426 if (r < 0)
427 return r;
428
429 r = sym_crypt_init_by_name(&cd, setup->dm_name);
430 if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT) && graceful)
431 return 0;
432 if (r < 0)
433 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", setup->dm_name);
434
435 cryptsetup_enable_logging(cd);
436
437 setup->crypt_device = TAKE_PTR(cd);
438 return 1;
439 }
440
441 static int luks_open(
442 UserRecord *h,
443 HomeSetup *setup,
444 const PasswordCache *cache,
445 sd_id128_t *ret_found_uuid,
446 void **ret_volume_key,
447 size_t *ret_volume_key_size) {
448
449 _cleanup_(erase_and_freep) void *vk = NULL;
450 sd_id128_t p;
451 char **list;
452 size_t vks;
453 int r;
454
455 assert(h);
456 assert(setup);
457 assert(!setup->crypt_device);
458
459 /* Opens a LUKS device that is already set up. Re-validates the password while doing so (which also
460 * provides us with the volume key, which we want). */
461
462 r = acquire_open_luks_device(h, setup, /* graceful= */ false);
463 if (r < 0)
464 return r;
465
466 r = sym_crypt_load(setup->crypt_device, CRYPT_LUKS2, NULL);
467 if (r < 0)
468 return log_error_errno(r, "Failed to load LUKS superblock: %m");
469
470 r = sym_crypt_get_volume_key_size(setup->crypt_device);
471 if (r <= 0)
472 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine LUKS volume key size");
473 vks = (size_t) r;
474
475 if (ret_found_uuid) {
476 const char *s;
477
478 s = sym_crypt_get_uuid(setup->crypt_device);
479 if (!s)
480 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has no UUID.");
481
482 r = sd_id128_from_string(s, &p);
483 if (r < 0)
484 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has invalid UUID.");
485 }
486
487 vk = malloc(vks);
488 if (!vk)
489 return log_oom();
490
491 r = -ENOKEY;
492 FOREACH_POINTER(list,
493 cache ? cache->pkcs11_passwords : NULL,
494 cache ? cache->fido2_passwords : NULL,
495 h->password) {
496 r = luks_try_passwords(setup->crypt_device, list, vk, &vks);
497 if (r != -ENOKEY)
498 break;
499 }
500 if (r == -ENOKEY)
501 return log_error_errno(r, "No valid password for LUKS superblock.");
502 if (r < 0)
503 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
504
505 log_info("Discovered used LUKS device /dev/mapper/%s, and validated password.", setup->dm_name);
506
507 /* This is needed so that crypt_resize() can operate correctly for pre-existing LUKS devices. We need
508 * to tell libcryptsetup the volume key explicitly, so that it is in the kernel keyring. */
509 r = sym_crypt_activate_by_volume_key(setup->crypt_device, NULL, vk, vks, CRYPT_ACTIVATE_KEYRING_KEY);
510 if (r < 0)
511 return log_error_errno(r, "Failed to upload volume key again: %m");
512
513 log_info("Successfully re-activated LUKS device.");
514
515 if (ret_found_uuid)
516 *ret_found_uuid = p;
517 if (ret_volume_key)
518 *ret_volume_key = TAKE_PTR(vk);
519 if (ret_volume_key_size)
520 *ret_volume_key_size = vks;
521
522 return 0;
523 }
524
525 static int fs_validate(
526 const char *dm_node,
527 sd_id128_t uuid,
528 char **ret_fstype,
529 sd_id128_t *ret_found_uuid) {
530
531 _cleanup_free_ char *fstype = NULL;
532 sd_id128_t u;
533 int r;
534
535 assert(dm_node);
536 assert(ret_fstype);
537
538 r = probe_file_system_by_path(dm_node, &fstype, &u);
539 if (r < 0)
540 return log_error_errno(r, "Failed to probe file system: %m");
541
542 /* Limit the set of supported file systems a bit, as protection against little tested kernel file
543 * systems. Also, we only support the resize ioctls for these file systems. */
544 if (!supported_fstype(fstype))
545 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "Image contains unsupported file system: %s", strna(fstype));
546
547 if (!sd_id128_is_null(uuid) &&
548 !sd_id128_equal(uuid, u))
549 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "File system has wrong UUID.");
550
551 log_info("Probing file system completed (found %s).", fstype);
552
553 *ret_fstype = TAKE_PTR(fstype);
554
555 if (ret_found_uuid) /* Return the UUID actually found if the caller wants to know */
556 *ret_found_uuid = u;
557
558 return 0;
559 }
560
561 static int luks_validate(
562 int fd,
563 const char *label,
564 sd_id128_t partition_uuid,
565 sd_id128_t *ret_partition_uuid,
566 uint64_t *ret_offset,
567 uint64_t *ret_size) {
568
569 _cleanup_(blkid_free_probep) blkid_probe b = NULL;
570 sd_id128_t found_partition_uuid = SD_ID128_NULL;
571 const char *fstype = NULL, *pttype = NULL;
572 blkid_loff_t offset = 0, size = 0;
573 blkid_partlist pl;
574 bool found = false;
575 int r, n;
576
577 assert(fd >= 0);
578 assert(label);
579 assert(ret_offset);
580 assert(ret_size);
581
582 b = blkid_new_probe();
583 if (!b)
584 return -ENOMEM;
585
586 errno = 0;
587 r = blkid_probe_set_device(b, fd, 0, 0);
588 if (r != 0)
589 return errno > 0 ? -errno : -ENOMEM;
590
591 (void) blkid_probe_enable_superblocks(b, 1);
592 (void) blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
593 (void) blkid_probe_enable_partitions(b, 1);
594 (void) blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
595
596 errno = 0;
597 r = blkid_do_safeprobe(b);
598 if (IN_SET(r, -2, 1)) /* nothing found or ambiguous result */
599 return -ENOPKG;
600 if (r != 0)
601 return errno > 0 ? -errno : -EIO;
602
603 (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
604 if (streq_ptr(fstype, "crypto_LUKS")) {
605 /* Directly a LUKS image */
606 *ret_offset = 0;
607 *ret_size = UINT64_MAX; /* full disk */
608 *ret_partition_uuid = SD_ID128_NULL;
609 return 0;
610 } else if (fstype)
611 return -ENOPKG;
612
613 (void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
614 if (!streq_ptr(pttype, "gpt"))
615 return -ENOPKG;
616
617 errno = 0;
618 pl = blkid_probe_get_partitions(b);
619 if (!pl)
620 return errno > 0 ? -errno : -ENOMEM;
621
622 errno = 0;
623 n = blkid_partlist_numof_partitions(pl);
624 if (n < 0)
625 return errno > 0 ? -errno : -EIO;
626
627 for (int i = 0; i < n; i++) {
628 blkid_partition pp;
629 sd_id128_t id = SD_ID128_NULL;
630 const char *sid;
631
632 errno = 0;
633 pp = blkid_partlist_get_partition(pl, i);
634 if (!pp)
635 return errno > 0 ? -errno : -EIO;
636
637 if (!streq_ptr(blkid_partition_get_type_string(pp), "773f91ef-66d4-49b5-bd83-d683bf40ad16"))
638 continue;
639
640 if (!streq_ptr(blkid_partition_get_name(pp), label))
641 continue;
642
643 sid = blkid_partition_get_uuid(pp);
644 if (sid) {
645 r = sd_id128_from_string(sid, &id);
646 if (r < 0)
647 log_debug_errno(r, "Couldn't parse partition UUID %s, weird: %m", sid);
648
649 if (!sd_id128_is_null(partition_uuid) && !sd_id128_equal(id, partition_uuid))
650 continue;
651 }
652
653 if (found)
654 return -ENOPKG;
655
656 offset = blkid_partition_get_start(pp);
657 size = blkid_partition_get_size(pp);
658 found_partition_uuid = id;
659
660 found = true;
661 }
662
663 if (!found)
664 return -ENOPKG;
665
666 if (offset < 0)
667 return -EINVAL;
668 if ((uint64_t) offset > UINT64_MAX / 512U)
669 return -EINVAL;
670 if (size <= 0)
671 return -EINVAL;
672 if ((uint64_t) size > UINT64_MAX / 512U)
673 return -EINVAL;
674
675 *ret_offset = offset * 512U;
676 *ret_size = size * 512U;
677 *ret_partition_uuid = found_partition_uuid;
678
679 return 0;
680 }
681
682 static int crypt_device_to_evp_cipher(struct crypt_device *cd, const EVP_CIPHER **ret) {
683 _cleanup_free_ char *cipher_name = NULL;
684 const char *cipher, *cipher_mode, *e;
685 size_t key_size, key_bits;
686 const EVP_CIPHER *cc;
687 int r;
688
689 assert(cd);
690
691 /* Let's find the right OpenSSL EVP_CIPHER object that matches the encryption settings of the LUKS
692 * device */
693
694 cipher = sym_crypt_get_cipher(cd);
695 if (!cipher)
696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot get cipher from LUKS device.");
697
698 cipher_mode = sym_crypt_get_cipher_mode(cd);
699 if (!cipher_mode)
700 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot get cipher mode from LUKS device.");
701
702 e = strchr(cipher_mode, '-');
703 if (e)
704 cipher_mode = strndupa_safe(cipher_mode, e - cipher_mode);
705
706 r = sym_crypt_get_volume_key_size(cd);
707 if (r <= 0)
708 return log_error_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Cannot get volume key size from LUKS device.");
709
710 key_size = r;
711 key_bits = key_size * 8;
712 if (streq(cipher_mode, "xts"))
713 key_bits /= 2;
714
715 if (asprintf(&cipher_name, "%s-%zu-%s", cipher, key_bits, cipher_mode) < 0)
716 return log_oom();
717
718 cc = EVP_get_cipherbyname(cipher_name);
719 if (!cc)
720 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Selected cipher mode '%s' not supported, can't encrypt JSON record.", cipher_name);
721
722 /* Verify that our key length calculations match what OpenSSL thinks */
723 r = EVP_CIPHER_key_length(cc);
724 if (r < 0 || (uint64_t) r != key_size)
725 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key size of selected cipher doesn't meet our expectations.");
726
727 *ret = cc;
728 return 0;
729 }
730
731 static int luks_validate_home_record(
732 struct crypt_device *cd,
733 UserRecord *h,
734 const void *volume_key,
735 PasswordCache *cache,
736 UserRecord **ret_luks_home_record) {
737
738 int r;
739
740 assert(cd);
741 assert(h);
742
743 for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
744 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *rr = NULL;
745 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
746 _cleanup_(user_record_unrefp) UserRecord *lhr = NULL;
747 _cleanup_free_ void *encrypted = NULL, *iv = NULL;
748 size_t decrypted_size, encrypted_size, iv_size;
749 int decrypted_size_out1, decrypted_size_out2;
750 _cleanup_free_ char *decrypted = NULL;
751 const char *text, *type;
752 crypt_token_info state;
753 JsonVariant *jr, *jiv;
754 unsigned line, column;
755 const EVP_CIPHER *cc;
756
757 state = sym_crypt_token_status(cd, token, &type);
758 if (state == CRYPT_TOKEN_INACTIVE) /* First unconfigured token, give up */
759 break;
760 if (IN_SET(state, CRYPT_TOKEN_INTERNAL, CRYPT_TOKEN_INTERNAL_UNKNOWN, CRYPT_TOKEN_EXTERNAL))
761 continue;
762 if (state != CRYPT_TOKEN_EXTERNAL_UNKNOWN)
763 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unexpected token state of token %i: %i", token, (int) state);
764
765 if (!streq(type, "systemd-homed"))
766 continue;
767
768 r = sym_crypt_token_json_get(cd, token, &text);
769 if (r < 0)
770 return log_error_errno(r, "Failed to read LUKS token %i: %m", token);
771
772 r = json_parse(text, JSON_PARSE_SENSITIVE, &v, &line, &column);
773 if (r < 0)
774 return log_error_errno(r, "Failed to parse LUKS token JSON data %u:%u: %m", line, column);
775
776 jr = json_variant_by_key(v, "record");
777 if (!jr)
778 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "LUKS token lacks 'record' field.");
779 jiv = json_variant_by_key(v, "iv");
780 if (!jiv)
781 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "LUKS token lacks 'iv' field.");
782
783 r = json_variant_unbase64(jr, &encrypted, &encrypted_size);
784 if (r < 0)
785 return log_error_errno(r, "Failed to base64 decode record: %m");
786
787 r = json_variant_unbase64(jiv, &iv, &iv_size);
788 if (r < 0)
789 return log_error_errno(r, "Failed to base64 decode IV: %m");
790
791 r = crypt_device_to_evp_cipher(cd, &cc);
792 if (r < 0)
793 return r;
794 if (iv_size > INT_MAX || EVP_CIPHER_iv_length(cc) != (int) iv_size)
795 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "IV size doesn't match.");
796
797 context = EVP_CIPHER_CTX_new();
798 if (!context)
799 return log_oom();
800
801 if (EVP_DecryptInit_ex(context, cc, NULL, volume_key, iv) != 1)
802 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context.");
803
804 decrypted_size = encrypted_size + EVP_CIPHER_key_length(cc) * 2;
805 decrypted = new(char, decrypted_size);
806 if (!decrypted)
807 return log_oom();
808
809 if (EVP_DecryptUpdate(context, (uint8_t*) decrypted, &decrypted_size_out1, encrypted, encrypted_size) != 1)
810 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt JSON record.");
811
812 assert((size_t) decrypted_size_out1 <= decrypted_size);
813
814 if (EVP_DecryptFinal_ex(context, (uint8_t*) decrypted + decrypted_size_out1, &decrypted_size_out2) != 1)
815 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finish decryption of JSON record.");
816
817 assert((size_t) decrypted_size_out1 + (size_t) decrypted_size_out2 < decrypted_size);
818 decrypted_size = (size_t) decrypted_size_out1 + (size_t) decrypted_size_out2;
819
820 if (memchr(decrypted, 0, decrypted_size))
821 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Inner NUL byte in JSON record, refusing.");
822
823 decrypted[decrypted_size] = 0;
824
825 r = json_parse(decrypted, JSON_PARSE_SENSITIVE, &rr, NULL, NULL);
826 if (r < 0)
827 return log_error_errno(r, "Failed to parse decrypted JSON record, refusing.");
828
829 lhr = user_record_new();
830 if (!lhr)
831 return log_oom();
832
833 r = user_record_load(lhr, rr, USER_RECORD_LOAD_EMBEDDED|USER_RECORD_PERMISSIVE);
834 if (r < 0)
835 return log_error_errno(r, "Failed to parse user record: %m");
836
837 if (!user_record_compatible(h, lhr))
838 return log_error_errno(SYNTHETIC_ERRNO(EREMCHG), "LUKS home record not compatible with host record, refusing.");
839
840 r = user_record_authenticate(lhr, h, cache, /* strict_verify= */ true);
841 if (r < 0)
842 return r;
843 assert(r > 0); /* Insist that a password was verified */
844
845 *ret_luks_home_record = TAKE_PTR(lhr);
846 return 0;
847 }
848
849 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Couldn't find home record in LUKS2 header, refusing.");
850 }
851
852 static int format_luks_token_text(
853 struct crypt_device *cd,
854 UserRecord *hr,
855 const void *volume_key,
856 char **ret) {
857
858 int r, encrypted_size_out1 = 0, encrypted_size_out2 = 0, iv_size, key_size;
859 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
860 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
861 _cleanup_free_ void *iv = NULL, *encrypted = NULL;
862 size_t text_length, encrypted_size;
863 _cleanup_free_ char *text = NULL;
864 const EVP_CIPHER *cc;
865
866 assert(cd);
867 assert(hr);
868 assert(volume_key);
869 assert(ret);
870
871 r = crypt_device_to_evp_cipher(cd, &cc);
872 if (r < 0)
873 return r;
874
875 key_size = EVP_CIPHER_key_length(cc);
876 iv_size = EVP_CIPHER_iv_length(cc);
877
878 if (iv_size > 0) {
879 iv = malloc(iv_size);
880 if (!iv)
881 return log_oom();
882
883 r = genuine_random_bytes(iv, iv_size, RANDOM_BLOCK);
884 if (r < 0)
885 return log_error_errno(r, "Failed to generate IV: %m");
886 }
887
888 context = EVP_CIPHER_CTX_new();
889 if (!context)
890 return log_oom();
891
892 if (EVP_EncryptInit_ex(context, cc, NULL, volume_key, iv) != 1)
893 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context.");
894
895 r = json_variant_format(hr->json, 0, &text);
896 if (r < 0)
897 return log_error_errno(r, "Failed to format user record for LUKS: %m");
898
899 text_length = strlen(text);
900 encrypted_size = text_length + 2*key_size - 1;
901
902 encrypted = malloc(encrypted_size);
903 if (!encrypted)
904 return log_oom();
905
906 if (EVP_EncryptUpdate(context, encrypted, &encrypted_size_out1, (uint8_t*) text, text_length) != 1)
907 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt JSON record.");
908
909 assert((size_t) encrypted_size_out1 <= encrypted_size);
910
911 if (EVP_EncryptFinal_ex(context, (uint8_t*) encrypted + encrypted_size_out1, &encrypted_size_out2) != 1)
912 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finish encryption of JSON record. ");
913
914 assert((size_t) encrypted_size_out1 + (size_t) encrypted_size_out2 <= encrypted_size);
915
916 r = json_build(&v,
917 JSON_BUILD_OBJECT(
918 JSON_BUILD_PAIR("type", JSON_BUILD_STRING("systemd-homed")),
919 JSON_BUILD_PAIR("keyslots", JSON_BUILD_EMPTY_ARRAY),
920 JSON_BUILD_PAIR("record", JSON_BUILD_BASE64(encrypted, encrypted_size_out1 + encrypted_size_out2)),
921 JSON_BUILD_PAIR("iv", JSON_BUILD_BASE64(iv, iv_size))));
922 if (r < 0)
923 return log_error_errno(r, "Failed to prepare LUKS JSON token object: %m");
924
925 r = json_variant_format(v, 0, ret);
926 if (r < 0)
927 return log_error_errno(r, "Failed to format encrypted user record for LUKS: %m");
928
929 return 0;
930 }
931
932 int home_store_header_identity_luks(
933 UserRecord *h,
934 HomeSetup *setup,
935 UserRecord *old_home) {
936
937 _cleanup_(user_record_unrefp) UserRecord *header_home = NULL;
938 _cleanup_free_ char *text = NULL;
939 int r;
940
941 assert(h);
942
943 if (!setup->crypt_device)
944 return 0;
945
946 assert(setup->volume_key);
947
948 /* Let's store the user's identity record in the LUKS2 "token" header data fields, in an encrypted
949 * fashion. Why that? If we'd rely on the record being embedded in the payload file system itself we
950 * would have to mount the file system before we can validate the JSON record, its signatures and
951 * whether it matches what we are looking for. However, kernel file system implementations are
952 * generally not ready to be used on untrusted media. Hence let's store the record independently of
953 * the file system, so that we can validate it first, and only then mount the file system. To keep
954 * things simple we use the same encryption settings for this record as for the file system itself. */
955
956 r = user_record_clone(h, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &header_home);
957 if (r < 0)
958 return log_error_errno(r, "Failed to determine new header record: %m");
959
960 if (old_home && user_record_equal(old_home, header_home)) {
961 log_debug("Not updating header home record.");
962 return 0;
963 }
964
965 r = format_luks_token_text(setup->crypt_device, header_home, setup->volume_key, &text);
966 if (r < 0)
967 return r;
968
969 for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
970 crypt_token_info state;
971 const char *type;
972
973 state = sym_crypt_token_status(setup->crypt_device, token, &type);
974 if (state == CRYPT_TOKEN_INACTIVE) /* First unconfigured token, we are done */
975 break;
976 if (IN_SET(state, CRYPT_TOKEN_INTERNAL, CRYPT_TOKEN_INTERNAL_UNKNOWN, CRYPT_TOKEN_EXTERNAL))
977 continue; /* Not ours */
978 if (state != CRYPT_TOKEN_EXTERNAL_UNKNOWN)
979 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unexpected token state of token %i: %i", token, (int) state);
980
981 if (!streq(type, "systemd-homed"))
982 continue;
983
984 r = sym_crypt_token_json_set(setup->crypt_device, token, text);
985 if (r < 0)
986 return log_error_errno(r, "Failed to set JSON token for slot %i: %m", token);
987
988 /* Now, let's free the text so that for all further matching tokens we all crypt_json_token_set()
989 * with a NULL text in order to invalidate the tokens. */
990 text = mfree(text);
991 }
992
993 if (text)
994 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Didn't find any record token to update.");
995
996 log_info("Wrote LUKS header user record.");
997
998 return 1;
999 }
1000
1001 int run_fitrim(int root_fd) {
1002 struct fstrim_range range = {
1003 .len = UINT64_MAX,
1004 };
1005
1006 /* If discarding is on, discard everything right after mounting, so that the discard setting takes
1007 * effect on activation. (Also, optionally, trim on logout) */
1008
1009 assert(root_fd >= 0);
1010
1011 if (ioctl(root_fd, FITRIM, &range) < 0) {
1012 if (ERRNO_IS_NOT_SUPPORTED(errno) || errno == EBADF) {
1013 log_debug_errno(errno, "File system does not support FITRIM, not trimming.");
1014 return 0;
1015 }
1016
1017 return log_warning_errno(errno, "Failed to invoke FITRIM, ignoring: %m");
1018 }
1019
1020 log_info("Discarded unused %s.", FORMAT_BYTES(range.len));
1021 return 1;
1022 }
1023
1024 int run_fallocate(int backing_fd, const struct stat *st) {
1025 struct stat stbuf;
1026
1027 assert(backing_fd >= 0);
1028
1029 /* If discarding is off, let's allocate the whole image before mounting, so that the setting takes
1030 * effect on activation */
1031
1032 if (!st) {
1033 if (fstat(backing_fd, &stbuf) < 0)
1034 return log_error_errno(errno, "Failed to fstat(): %m");
1035
1036 st = &stbuf;
1037 }
1038
1039 if (!S_ISREG(st->st_mode))
1040 return 0;
1041
1042 if (st->st_blocks >= DIV_ROUND_UP(st->st_size, 512)) {
1043 log_info("Backing file is fully allocated already.");
1044 return 0;
1045 }
1046
1047 if (fallocate(backing_fd, FALLOC_FL_KEEP_SIZE, 0, st->st_size) < 0) {
1048
1049 if (ERRNO_IS_NOT_SUPPORTED(errno)) {
1050 log_debug_errno(errno, "fallocate() not supported on file system, ignoring.");
1051 return 0;
1052 }
1053
1054 if (ERRNO_IS_DISK_SPACE(errno)) {
1055 log_debug_errno(errno, "Not enough disk space to fully allocate home.");
1056 return -ENOSPC; /* make recognizable */
1057 }
1058
1059 return log_error_errno(errno, "Failed to allocate backing file blocks: %m");
1060 }
1061
1062 log_info("Allocated additional %s.",
1063 FORMAT_BYTES((DIV_ROUND_UP(st->st_size, 512) - st->st_blocks) * 512));
1064 return 1;
1065 }
1066
1067 int run_fallocate_by_path(const char *backing_path) {
1068 _cleanup_close_ int backing_fd = -1;
1069
1070 backing_fd = open(backing_path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
1071 if (backing_fd < 0)
1072 return log_error_errno(errno, "Failed to open '%s' for fallocate(): %m", backing_path);
1073
1074 return run_fallocate(backing_fd, NULL);
1075 }
1076
1077 static int lock_image_fd(int image_fd, const char *ip) {
1078 int r;
1079
1080 /* If the $SYSTEMD_LUKS_LOCK environment variable is set we'll take an exclusive BSD lock on the
1081 * image file, and send it to our parent. homed will keep it open to ensure no other instance of
1082 * homed (across the network or such) will also mount the file. */
1083
1084 r = getenv_bool("SYSTEMD_LUKS_LOCK");
1085 if (r == -ENXIO)
1086 return 0;
1087 if (r < 0)
1088 return log_error_errno(r, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
1089 if (r > 0) {
1090 struct stat st;
1091
1092 if (fstat(image_fd, &st) < 0)
1093 return log_error_errno(errno, "Failed to stat image file: %m");
1094 if (S_ISBLK(st.st_mode)) {
1095 /* Locking block devices doesn't really make sense, as this might interfere with
1096 * udev's workings, and these locks aren't network propagated anyway, hence not what
1097 * we are after here. */
1098 log_debug("Not locking image file '%s', since it's a block device.", ip);
1099 return 0;
1100 }
1101 r = stat_verify_regular(&st);
1102 if (r < 0)
1103 return log_error_errno(r, "Image file to lock is not a regular file: %m");
1104
1105 if (flock(image_fd, LOCK_EX|LOCK_NB) < 0) {
1106
1107 if (errno == EWOULDBLOCK)
1108 log_error_errno(errno, "Image file '%s' already locked, can't use.", ip);
1109 else
1110 log_error_errno(errno, "Failed to lock image file '%s': %m", ip);
1111
1112 return errno != EWOULDBLOCK ? -errno : -EADDRINUSE; /* Make error recognizable */
1113 }
1114
1115 log_info("Successfully locked image file '%s'.", ip);
1116
1117 /* Now send it to our parent to keep safe while the home dir is active */
1118 r = sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd, 1);
1119 if (r < 0)
1120 log_warning_errno(r, "Failed to send LUKS lock fd to parent, ignoring: %m");
1121 }
1122
1123 return 0;
1124 }
1125
1126 static int open_image_file(
1127 UserRecord *h,
1128 const char *force_image_path,
1129 struct stat *ret_stat) {
1130
1131 _cleanup_close_ int image_fd = -1;
1132 struct stat st;
1133 const char *ip;
1134 int r;
1135
1136 ip = force_image_path ?: user_record_image_path(h);
1137
1138 image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
1139 if (image_fd < 0)
1140 return log_error_errno(errno, "Failed to open image file %s: %m", ip);
1141
1142 if (fstat(image_fd, &st) < 0)
1143 return log_error_errno(errno, "Failed to fstat() image file: %m");
1144 if (!S_ISREG(st.st_mode) && !S_ISBLK(st.st_mode))
1145 return log_error_errno(
1146 S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD),
1147 "Image file %s is not a regular file or block device: %m", ip);
1148
1149 r = lock_image_fd(image_fd, ip);
1150 if (r < 0)
1151 return r;
1152
1153 if (ret_stat)
1154 *ret_stat = st;
1155
1156 return TAKE_FD(image_fd);
1157 }
1158
1159 int home_setup_luks(
1160 UserRecord *h,
1161 HomeSetupFlags flags,
1162 const char *force_image_path,
1163 HomeSetup *setup,
1164 PasswordCache *cache,
1165 UserRecord **ret_luks_home) {
1166
1167 sd_id128_t found_partition_uuid = SD_ID128_NULL, found_luks_uuid = SD_ID128_NULL, found_fs_uuid = SD_ID128_NULL;
1168 _cleanup_(user_record_unrefp) UserRecord *luks_home = NULL;
1169 _cleanup_(erase_and_freep) void *volume_key = NULL;
1170 size_t volume_key_size = 0;
1171 uint64_t offset, size;
1172 struct stat st;
1173 int r;
1174
1175 assert(h);
1176 assert(setup);
1177 assert(user_record_storage(h) == USER_LUKS);
1178
1179 r = dlopen_cryptsetup();
1180 if (r < 0)
1181 return r;
1182
1183 r = make_dm_names(h, setup);
1184 if (r < 0)
1185 return r;
1186
1187 /* Reuse the image fd if it has already been opened by an earlier step */
1188 if (setup->image_fd < 0) {
1189 setup->image_fd = open_image_file(h, force_image_path, &st);
1190 if (setup->image_fd < 0)
1191 return setup->image_fd;
1192 } else if (fstat(setup->image_fd, &st) < 0)
1193 return log_error_errno(errno, "Failed to stat image: %m");
1194
1195 if (FLAGS_SET(flags, HOME_SETUP_ALREADY_ACTIVATED)) {
1196 struct loop_info64 info;
1197 const char *n;
1198
1199 if (!setup->crypt_device) {
1200 r = luks_open(h,
1201 setup,
1202 cache,
1203 &found_luks_uuid,
1204 &volume_key,
1205 &volume_key_size);
1206 if (r < 0)
1207 return r;
1208 }
1209
1210 if (ret_luks_home) {
1211 r = luks_validate_home_record(setup->crypt_device, h, volume_key, cache, &luks_home);
1212 if (r < 0)
1213 return r;
1214 }
1215
1216 n = sym_crypt_get_device_name(setup->crypt_device);
1217 if (!n)
1218 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine backing device for DM %s.", setup->dm_name);
1219
1220 if (!setup->loop) {
1221 r = loop_device_open(n, O_RDWR, &setup->loop);
1222 if (r < 0)
1223 return log_error_errno(r, "Failed to open loopback device %s: %m", n);
1224 }
1225
1226 if (ioctl(setup->loop->fd, LOOP_GET_STATUS64, &info) < 0) {
1227 _cleanup_free_ char *sysfs = NULL;
1228
1229 if (!IN_SET(errno, ENOTTY, EINVAL))
1230 return log_error_errno(errno, "Failed to get block device metrics of %s: %m", n);
1231
1232 if (ioctl(setup->loop->fd, BLKGETSIZE64, &size) < 0)
1233 return log_error_errno(r, "Failed to read block device size of %s: %m", n);
1234
1235 if (fstat(setup->loop->fd, &st) < 0)
1236 return log_error_errno(r, "Failed to stat block device %s: %m", n);
1237 assert(S_ISBLK(st.st_mode));
1238
1239 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/partition", major(st.st_rdev), minor(st.st_rdev)) < 0)
1240 return log_oom();
1241
1242 if (access(sysfs, F_OK) < 0) {
1243 if (errno != ENOENT)
1244 return log_error_errno(errno, "Failed to determine whether %s exists: %m", sysfs);
1245
1246 offset = 0;
1247 } else {
1248 _cleanup_free_ char *buffer = NULL;
1249
1250 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/start", major(st.st_rdev), minor(st.st_rdev)) < 0)
1251 return log_oom();
1252
1253 r = read_one_line_file(sysfs, &buffer);
1254 if (r < 0)
1255 return log_error_errno(r, "Failed to read partition start offset: %m");
1256
1257 r = safe_atou64(buffer, &offset);
1258 if (r < 0)
1259 return log_error_errno(r, "Failed to parse partition start offset: %m");
1260
1261 if (offset > UINT64_MAX / 512U)
1262 return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Offset too large for 64 byte range, refusing.");
1263
1264 offset *= 512U;
1265 }
1266 } else {
1267 #if HAVE_VALGRIND_MEMCHECK_H
1268 VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info));
1269 #endif
1270
1271 offset = info.lo_offset;
1272 size = info.lo_sizelimit;
1273 }
1274
1275 found_partition_uuid = found_fs_uuid = SD_ID128_NULL;
1276
1277 log_info("Discovered used loopback device %s.", setup->loop->node);
1278
1279 if (setup->root_fd < 0) {
1280 setup->root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
1281 if (setup->root_fd < 0)
1282 return log_error_errno(errno, "Failed to open home directory: %m");
1283 }
1284 } else {
1285 _cleanup_free_ char *fstype = NULL, *subdir = NULL;
1286 const char *ip;
1287
1288 /* When we aren't reopening the home directory we are allocating it fresh, hence the relevant
1289 * objects can't be allocated yet. */
1290 assert(setup->root_fd < 0);
1291 assert(!setup->crypt_device);
1292 assert(!setup->loop);
1293
1294 ip = force_image_path ?: user_record_image_path(h);
1295
1296 subdir = path_join(HOME_RUNTIME_WORK_DIR, user_record_user_name_and_realm(h));
1297 if (!subdir)
1298 return log_oom();
1299
1300 r = luks_validate(setup->image_fd, user_record_user_name_and_realm(h), h->partition_uuid, &found_partition_uuid, &offset, &size);
1301 if (r < 0)
1302 return log_error_errno(r, "Failed to validate disk label: %m");
1303
1304 /* Everything before this point left the image untouched. We are now starting to make
1305 * changes, hence mark the image dirty */
1306 if (run_mark_dirty(setup->image_fd, true) > 0)
1307 setup->do_mark_clean = true;
1308
1309 if (!user_record_luks_discard(h)) {
1310 r = run_fallocate(setup->image_fd, &st);
1311 if (r < 0)
1312 return r;
1313 }
1314
1315 r = loop_device_make(setup->image_fd, O_RDWR, offset, size, 0, &setup->loop);
1316 if (r == -ENOENT) {
1317 log_error_errno(r, "Loopback block device support is not available on this system.");
1318 return -ENOLINK; /* make recognizable */
1319 }
1320 if (r < 0)
1321 return log_error_errno(r, "Failed to allocate loopback context: %m");
1322
1323 log_info("Setting up loopback device %s completed.", setup->loop->node ?: ip);
1324
1325 r = luks_setup(setup->loop->node ?: ip,
1326 setup->dm_name,
1327 h->luks_uuid,
1328 h->luks_cipher,
1329 h->luks_cipher_mode,
1330 h->luks_volume_key_size,
1331 h->password,
1332 cache,
1333 user_record_luks_discard(h) || user_record_luks_offline_discard(h),
1334 &setup->crypt_device,
1335 &found_luks_uuid,
1336 &volume_key,
1337 &volume_key_size);
1338 if (r < 0)
1339 return r;
1340
1341 setup->undo_dm = true;
1342
1343 if (ret_luks_home) {
1344 r = luks_validate_home_record(setup->crypt_device, h, volume_key, cache, &luks_home);
1345 if (r < 0)
1346 return r;
1347 }
1348
1349 r = fs_validate(setup->dm_node, h->file_system_uuid, &fstype, &found_fs_uuid);
1350 if (r < 0)
1351 return r;
1352
1353 r = run_fsck(setup->dm_node, fstype);
1354 if (r < 0)
1355 return r;
1356
1357 r = home_unshare_and_mount(setup->dm_node, fstype, user_record_luks_discard(h), user_record_mount_flags(h), h->luks_extra_mount_options);
1358 if (r < 0)
1359 return r;
1360
1361 setup->undo_mount = true;
1362
1363 setup->root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
1364 if (setup->root_fd < 0)
1365 return log_error_errno(errno, "Failed to open home directory: %m");
1366
1367 if (user_record_luks_discard(h))
1368 (void) run_fitrim(setup->root_fd);
1369
1370 setup->do_offline_fallocate = !(setup->do_offline_fitrim = user_record_luks_offline_discard(h));
1371 }
1372
1373 if (!sd_id128_is_null(found_partition_uuid))
1374 setup->found_partition_uuid = found_partition_uuid;
1375 if (!sd_id128_is_null(found_luks_uuid))
1376 setup->found_luks_uuid = found_luks_uuid;
1377 if (!sd_id128_is_null(found_fs_uuid))
1378 setup->found_fs_uuid = found_fs_uuid;
1379
1380 setup->partition_offset = offset;
1381 setup->partition_size = size;
1382
1383 if (volume_key) {
1384 erase_and_free(setup->volume_key);
1385 setup->volume_key = TAKE_PTR(volume_key);
1386 setup->volume_key_size = volume_key_size;
1387 }
1388
1389 if (ret_luks_home)
1390 *ret_luks_home = TAKE_PTR(luks_home);
1391
1392 return 0;
1393 }
1394
1395 static void print_size_summary(uint64_t host_size, uint64_t encrypted_size, const struct statfs *sfs) {
1396 assert(sfs);
1397
1398 log_info("Image size is %s, file system size is %s, file system payload size is %s, file system free is %s.",
1399 FORMAT_BYTES(host_size),
1400 FORMAT_BYTES(encrypted_size),
1401 FORMAT_BYTES((uint64_t) sfs->f_blocks * (uint64_t) sfs->f_frsize),
1402 FORMAT_BYTES((uint64_t) sfs->f_bfree * (uint64_t) sfs->f_frsize));
1403 }
1404
1405 int home_activate_luks(
1406 UserRecord *h,
1407 HomeSetup *setup,
1408 PasswordCache *cache,
1409 UserRecord **ret_home) {
1410
1411 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL, *luks_home_record = NULL;
1412 uint64_t host_size, encrypted_size;
1413 const char *hdo, *hd;
1414 struct statfs sfs;
1415 int r;
1416
1417 assert(h);
1418 assert(user_record_storage(h) == USER_LUKS);
1419 assert(setup);
1420 assert(ret_home);
1421
1422 r = dlopen_cryptsetup();
1423 if (r < 0)
1424 return r;
1425
1426 assert_se(hdo = user_record_home_directory(h));
1427 hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */
1428
1429 r = home_get_state_luks(h, setup);
1430 if (r < 0)
1431 return r;
1432 if (r > 0)
1433 return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Device mapper device %s already exists, refusing.", setup->dm_node);
1434
1435 r = home_setup_luks(
1436 h,
1437 0,
1438 NULL,
1439 setup,
1440 cache,
1441 &luks_home_record);
1442 if (r < 0)
1443 return r;
1444
1445 r = block_get_size_by_fd(setup->loop->fd, &host_size);
1446 if (r < 0)
1447 return log_error_errno(r, "Failed to get loopback block device size: %m");
1448
1449 r = block_get_size_by_path(setup->dm_node, &encrypted_size);
1450 if (r < 0)
1451 return log_error_errno(r, "Failed to get LUKS block device size: %m");
1452
1453 r = home_refresh(
1454 h,
1455 setup,
1456 luks_home_record,
1457 cache,
1458 &sfs,
1459 &new_home);
1460 if (r < 0)
1461 return r;
1462
1463 r = home_extend_embedded_identity(new_home, h, setup);
1464 if (r < 0)
1465 return r;
1466
1467 setup->root_fd = safe_close(setup->root_fd);
1468
1469 r = home_move_mount(user_record_user_name_and_realm(h), hd);
1470 if (r < 0)
1471 return r;
1472
1473 setup->undo_mount = false;
1474 setup->do_offline_fitrim = false;
1475
1476 loop_device_relinquish(setup->loop);
1477
1478 r = sym_crypt_deactivate_by_name(NULL, setup->dm_name, CRYPT_DEACTIVATE_DEFERRED);
1479 if (r < 0)
1480 log_warning_errno(r, "Failed to relinquish DM device, ignoring: %m");
1481
1482 setup->undo_dm = false;
1483 setup->do_offline_fallocate = false;
1484 setup->do_mark_clean = false;
1485 setup->do_drop_caches = false;
1486
1487 log_info("Everything completed.");
1488
1489 print_size_summary(host_size, encrypted_size, &sfs);
1490
1491 *ret_home = TAKE_PTR(new_home);
1492 return 1;
1493 }
1494
1495 int home_deactivate_luks(UserRecord *h, HomeSetup *setup) {
1496 bool we_detached;
1497 int r;
1498
1499 assert(h);
1500 assert(setup);
1501 assert(!setup->crypt_device);
1502
1503 /* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we
1504 * don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM
1505 * device), to avoid races: by explicitly detaching them we know when the detaching is complete. We
1506 * don't bother about the loopback device because unlike the DM device it doesn't have a fixed
1507 * name. */
1508
1509 r = acquire_open_luks_device(h, setup, /* graceful= */ true);
1510 if (r < 0)
1511 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", setup->dm_name);
1512 if (r == 0) {
1513 log_debug("LUKS device %s has already been detached.", setup->dm_name);
1514 we_detached = false;
1515 } else {
1516 log_info("Discovered used LUKS device %s.", setup->dm_node);
1517
1518 cryptsetup_enable_logging(setup->crypt_device);
1519
1520 r = sym_crypt_deactivate_by_name(setup->crypt_device, setup->dm_name, 0);
1521 if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT)) {
1522 log_debug_errno(r, "LUKS device %s is already detached.", setup->dm_node);
1523 we_detached = false;
1524 } else if (r < 0)
1525 return log_info_errno(r, "LUKS device %s couldn't be deactivated: %m", setup->dm_node);
1526 else {
1527 log_info("LUKS device detaching completed.");
1528 we_detached = true;
1529 }
1530 }
1531
1532 (void) wait_for_block_device_gone(setup, USEC_PER_SEC * 30);
1533 setup->undo_dm = false;
1534
1535 if (user_record_luks_offline_discard(h))
1536 log_debug("Not allocating on logout.");
1537 else
1538 (void) run_fallocate_by_path(user_record_image_path(h));
1539
1540 run_mark_dirty_by_path(user_record_image_path(h), false);
1541 return we_detached;
1542 }
1543
1544 int home_trim_luks(UserRecord *h, HomeSetup *setup) {
1545 assert(h);
1546 assert(setup);
1547 assert(setup->root_fd >= 0);
1548
1549 if (!user_record_luks_offline_discard(h)) {
1550 log_debug("Not trimming on logout.");
1551 return 0;
1552 }
1553
1554 (void) run_fitrim(setup->root_fd);
1555 return 0;
1556 }
1557
1558 static struct crypt_pbkdf_type* build_good_pbkdf(struct crypt_pbkdf_type *buffer, UserRecord *hr) {
1559 assert(buffer);
1560 assert(hr);
1561
1562 *buffer = (struct crypt_pbkdf_type) {
1563 .hash = user_record_luks_pbkdf_hash_algorithm(hr),
1564 .type = user_record_luks_pbkdf_type(hr),
1565 .time_ms = user_record_luks_pbkdf_time_cost_usec(hr) / USEC_PER_MSEC,
1566 .max_memory_kb = user_record_luks_pbkdf_memory_cost(hr) / 1024,
1567 .parallel_threads = user_record_luks_pbkdf_parallel_threads(hr),
1568 };
1569
1570 return buffer;
1571 }
1572
1573 static struct crypt_pbkdf_type* build_minimal_pbkdf(struct crypt_pbkdf_type *buffer, UserRecord *hr) {
1574 assert(buffer);
1575 assert(hr);
1576
1577 /* For PKCS#11 derived keys (which are generated randomly and are of high quality already) we use a
1578 * minimal PBKDF */
1579 *buffer = (struct crypt_pbkdf_type) {
1580 .hash = user_record_luks_pbkdf_hash_algorithm(hr),
1581 .type = CRYPT_KDF_PBKDF2,
1582 .iterations = 1,
1583 .time_ms = 1,
1584 };
1585
1586 return buffer;
1587 }
1588
1589 static int luks_format(
1590 const char *node,
1591 const char *dm_name,
1592 sd_id128_t uuid,
1593 const char *label,
1594 const PasswordCache *cache,
1595 char **effective_passwords,
1596 bool discard,
1597 UserRecord *hr,
1598 struct crypt_device **ret) {
1599
1600 _cleanup_(user_record_unrefp) UserRecord *reduced = NULL;
1601 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
1602 _cleanup_(erase_and_freep) void *volume_key = NULL;
1603 struct crypt_pbkdf_type good_pbkdf, minimal_pbkdf;
1604 _cleanup_free_ char *text = NULL;
1605 size_t volume_key_size;
1606 int slot = 0, r;
1607 char **pp;
1608
1609 assert(node);
1610 assert(dm_name);
1611 assert(hr);
1612 assert(ret);
1613
1614 r = sym_crypt_init(&cd, node);
1615 if (r < 0)
1616 return log_error_errno(r, "Failed to allocate libcryptsetup context: %m");
1617
1618 cryptsetup_enable_logging(cd);
1619
1620 /* Normally we'd, just leave volume key generation to libcryptsetup. However, we can't, since we
1621 * can't extract the volume key from the library again, but we need it in order to encrypt the JSON
1622 * record. Hence, let's generate it on our own, so that we can keep track of it. */
1623
1624 volume_key_size = user_record_luks_volume_key_size(hr);
1625 volume_key = malloc(volume_key_size);
1626 if (!volume_key)
1627 return log_oom();
1628
1629 r = genuine_random_bytes(volume_key, volume_key_size, RANDOM_BLOCK);
1630 if (r < 0)
1631 return log_error_errno(r, "Failed to generate volume key: %m");
1632
1633 #if HAVE_CRYPT_SET_METADATA_SIZE
1634 /* Increase the metadata space to 4M, the largest LUKS2 supports */
1635 r = sym_crypt_set_metadata_size(cd, 4096U*1024U, 0);
1636 if (r < 0)
1637 return log_error_errno(r, "Failed to change LUKS2 metadata size: %m");
1638 #endif
1639
1640 build_good_pbkdf(&good_pbkdf, hr);
1641 build_minimal_pbkdf(&minimal_pbkdf, hr);
1642
1643 r = sym_crypt_format(
1644 cd,
1645 CRYPT_LUKS2,
1646 user_record_luks_cipher(hr),
1647 user_record_luks_cipher_mode(hr),
1648 ID128_TO_UUID_STRING(uuid),
1649 volume_key,
1650 volume_key_size,
1651 &(struct crypt_params_luks2) {
1652 .label = label,
1653 .subsystem = "systemd-home",
1654 .sector_size = 512U,
1655 .pbkdf = &good_pbkdf,
1656 });
1657 if (r < 0)
1658 return log_error_errno(r, "Failed to format LUKS image: %m");
1659
1660 log_info("LUKS formatting completed.");
1661
1662 STRV_FOREACH(pp, effective_passwords) {
1663
1664 if (password_cache_contains(cache, *pp)) { /* is this a fido2 or pkcs11 password? */
1665 log_debug("Using minimal PBKDF for slot %i", slot);
1666 r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf);
1667 } else {
1668 log_debug("Using good PBKDF for slot %i", slot);
1669 r = sym_crypt_set_pbkdf_type(cd, &good_pbkdf);
1670 }
1671 if (r < 0)
1672 return log_error_errno(r, "Failed to tweak PBKDF for slot %i: %m", slot);
1673
1674 r = sym_crypt_keyslot_add_by_volume_key(
1675 cd,
1676 slot,
1677 volume_key,
1678 volume_key_size,
1679 *pp,
1680 strlen(*pp));
1681 if (r < 0)
1682 return log_error_errno(r, "Failed to set up LUKS password for slot %i: %m", slot);
1683
1684 log_info("Writing password to LUKS keyslot %i completed.", slot);
1685 slot++;
1686 }
1687
1688 r = sym_crypt_activate_by_volume_key(
1689 cd,
1690 dm_name,
1691 volume_key,
1692 volume_key_size,
1693 discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
1694 if (r < 0)
1695 return log_error_errno(r, "Failed to activate LUKS superblock: %m");
1696
1697 log_info("LUKS activation by volume key succeeded.");
1698
1699 r = user_record_clone(hr, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &reduced);
1700 if (r < 0)
1701 return log_error_errno(r, "Failed to prepare home record for LUKS: %m");
1702
1703 r = format_luks_token_text(cd, reduced, volume_key, &text);
1704 if (r < 0)
1705 return r;
1706
1707 r = sym_crypt_token_json_set(cd, CRYPT_ANY_TOKEN, text);
1708 if (r < 0)
1709 return log_error_errno(r, "Failed to set LUKS JSON token: %m");
1710
1711 log_info("Writing user record as LUKS token completed.");
1712
1713 if (ret)
1714 *ret = TAKE_PTR(cd);
1715
1716 return 0;
1717 }
1718
1719 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_context*, fdisk_unref_context, NULL);
1720 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_partition*, fdisk_unref_partition, NULL);
1721 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_parttype*, fdisk_unref_parttype, NULL);
1722 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_table*, fdisk_unref_table, NULL);
1723
1724 static int make_partition_table(
1725 int fd,
1726 const char *label,
1727 sd_id128_t uuid,
1728 uint64_t *ret_offset,
1729 uint64_t *ret_size,
1730 sd_id128_t *ret_disk_uuid) {
1731
1732 _cleanup_(fdisk_unref_partitionp) struct fdisk_partition *p = NULL, *q = NULL;
1733 _cleanup_(fdisk_unref_parttypep) struct fdisk_parttype *t = NULL;
1734 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
1735 _cleanup_free_ char *path = NULL, *disk_uuid_as_string = NULL;
1736 uint64_t offset, size, first_lba, start, last_lba, end;
1737 sd_id128_t disk_uuid;
1738 int r;
1739
1740 assert(fd >= 0);
1741 assert(label);
1742 assert(ret_offset);
1743 assert(ret_size);
1744
1745 t = fdisk_new_parttype();
1746 if (!t)
1747 return log_oom();
1748
1749 r = fdisk_parttype_set_typestr(t, "773f91ef-66d4-49b5-bd83-d683bf40ad16");
1750 if (r < 0)
1751 return log_error_errno(r, "Failed to initialize partition type: %m");
1752
1753 c = fdisk_new_context();
1754 if (!c)
1755 return log_oom();
1756
1757 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
1758 return log_oom();
1759
1760 r = fdisk_assign_device(c, path, 0);
1761 if (r < 0)
1762 return log_error_errno(r, "Failed to open device: %m");
1763
1764 r = fdisk_create_disklabel(c, "gpt");
1765 if (r < 0)
1766 return log_error_errno(r, "Failed to create GPT disk label: %m");
1767
1768 p = fdisk_new_partition();
1769 if (!p)
1770 return log_oom();
1771
1772 r = fdisk_partition_set_type(p, t);
1773 if (r < 0)
1774 return log_error_errno(r, "Failed to set partition type: %m");
1775
1776 r = fdisk_partition_partno_follow_default(p, 1);
1777 if (r < 0)
1778 return log_error_errno(r, "Failed to place partition at first free partition index: %m");
1779
1780 first_lba = fdisk_get_first_lba(c); /* Boundary where usable space starts */
1781 assert(first_lba <= UINT64_MAX/512);
1782 start = DISK_SIZE_ROUND_UP(first_lba * 512); /* Round up to multiple of 4K */
1783
1784 if (start == UINT64_MAX)
1785 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Overflow while rounding up start LBA.");
1786
1787 last_lba = fdisk_get_last_lba(c); /* One sector before boundary where usable space ends */
1788 assert(last_lba < UINT64_MAX/512);
1789 end = DISK_SIZE_ROUND_DOWN((last_lba + 1) * 512); /* Round down to multiple of 4K */
1790
1791 if (end <= start)
1792 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Resulting partition size zero or negative.");
1793
1794 r = fdisk_partition_set_start(p, start / 512);
1795 if (r < 0)
1796 return log_error_errno(r, "Failed to place partition at offset %" PRIu64 ": %m", start);
1797
1798 r = fdisk_partition_set_size(p, (end - start) / 512);
1799 if (r < 0)
1800 return log_error_errno(r, "Failed to end partition at offset %" PRIu64 ": %m", end);
1801
1802 r = fdisk_partition_set_name(p, label);
1803 if (r < 0)
1804 return log_error_errno(r, "Failed to set partition name: %m");
1805
1806 r = fdisk_partition_set_uuid(p, ID128_TO_UUID_STRING(uuid));
1807 if (r < 0)
1808 return log_error_errno(r, "Failed to set partition UUID: %m");
1809
1810 r = fdisk_add_partition(c, p, NULL);
1811 if (r < 0)
1812 return log_error_errno(r, "Failed to add partition: %m");
1813
1814 r = fdisk_write_disklabel(c);
1815 if (r < 0)
1816 return log_error_errno(r, "Failed to write disk label: %m");
1817
1818 r = fdisk_get_disklabel_id(c, &disk_uuid_as_string);
1819 if (r < 0)
1820 return log_error_errno(r, "Failed to determine disk label UUID: %m");
1821
1822 r = sd_id128_from_string(disk_uuid_as_string, &disk_uuid);
1823 if (r < 0)
1824 return log_error_errno(r, "Failed to parse disk label UUID: %m");
1825
1826 r = fdisk_get_partition(c, 0, &q);
1827 if (r < 0)
1828 return log_error_errno(r, "Failed to read created partition metadata: %m");
1829
1830 assert(fdisk_partition_has_start(q));
1831 offset = fdisk_partition_get_start(q);
1832 if (offset > UINT64_MAX / 512U)
1833 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Partition offset too large.");
1834
1835 assert(fdisk_partition_has_size(q));
1836 size = fdisk_partition_get_size(q);
1837 if (size > UINT64_MAX / 512U)
1838 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Partition size too large.");
1839
1840 *ret_offset = offset * 512U;
1841 *ret_size = size * 512U;
1842 *ret_disk_uuid = disk_uuid;
1843
1844 return 0;
1845 }
1846
1847 static bool supported_fs_size(const char *fstype, uint64_t host_size) {
1848 uint64_t m;
1849
1850 m = minimal_size_by_fs_name(fstype);
1851 if (m == UINT64_MAX)
1852 return false;
1853
1854 return host_size >= m;
1855 }
1856
1857 static int wait_for_devlink(const char *path) {
1858 _cleanup_close_ int inotify_fd = -1;
1859 usec_t until;
1860 int r;
1861
1862 /* let's wait for a device link to show up in /dev, with a timeout. This is good to do since we
1863 * return a /dev/disk/by-uuid/… link to our callers and they likely want to access it right-away,
1864 * hence let's wait until udev has caught up with our changes, and wait for the symlink to be
1865 * created. */
1866
1867 until = usec_add(now(CLOCK_MONOTONIC), 45 * USEC_PER_SEC);
1868
1869 for (;;) {
1870 _cleanup_free_ char *dn = NULL;
1871 usec_t w;
1872
1873 if (laccess(path, F_OK) < 0) {
1874 if (errno != ENOENT)
1875 return log_error_errno(errno, "Failed to determine whether %s exists: %m", path);
1876 } else
1877 return 0; /* Found it */
1878
1879 if (inotify_fd < 0) {
1880 /* We need to wait for the device symlink to show up, let's create an inotify watch for it */
1881 inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1882 if (inotify_fd < 0)
1883 return log_error_errno(errno, "Failed to allocate inotify fd: %m");
1884 }
1885
1886 dn = dirname_malloc(path);
1887 for (;;) {
1888 if (!dn)
1889 return log_oom();
1890
1891 log_info("Watching %s", dn);
1892
1893 if (inotify_add_watch(inotify_fd, dn, IN_CREATE|IN_MOVED_TO|IN_ONLYDIR|IN_DELETE_SELF|IN_MOVE_SELF) < 0) {
1894 if (errno != ENOENT)
1895 return log_error_errno(errno, "Failed to add watch on %s: %m", dn);
1896 } else
1897 break;
1898
1899 if (empty_or_root(dn))
1900 break;
1901
1902 dn = dirname_malloc(dn);
1903 }
1904
1905 w = now(CLOCK_MONOTONIC);
1906 if (w >= until)
1907 return log_error_errno(SYNTHETIC_ERRNO(ETIMEDOUT), "Device link %s still hasn't shown up, giving up.", path);
1908
1909 r = fd_wait_for_event(inotify_fd, POLLIN, usec_sub_unsigned(until, w));
1910 if (r < 0)
1911 return log_error_errno(r, "Failed to watch inotify: %m");
1912
1913 (void) flush_fd(inotify_fd);
1914 }
1915 }
1916
1917 static int calculate_disk_size(UserRecord *h, const char *parent_dir, uint64_t *ret) {
1918 struct statfs sfs;
1919 uint64_t m;
1920
1921 assert(h);
1922 assert(parent_dir);
1923 assert(ret);
1924
1925 if (h->disk_size != UINT64_MAX) {
1926 *ret = DISK_SIZE_ROUND_DOWN(h->disk_size);
1927 return 0;
1928 }
1929
1930 if (statfs(parent_dir, &sfs) < 0)
1931 return log_error_errno(errno, "statfs() on %s failed: %m", parent_dir);
1932
1933 m = sfs.f_bsize * sfs.f_bavail;
1934
1935 if (h->disk_size_relative == UINT64_MAX) {
1936
1937 if (m > UINT64_MAX / USER_DISK_SIZE_DEFAULT_PERCENT)
1938 return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Disk size too large.");
1939
1940 *ret = DISK_SIZE_ROUND_DOWN(m * USER_DISK_SIZE_DEFAULT_PERCENT / 100);
1941
1942 log_info("Sizing home to %u%% of available disk space, which is %s.",
1943 USER_DISK_SIZE_DEFAULT_PERCENT,
1944 FORMAT_BYTES(*ret));
1945 } else {
1946 *ret = DISK_SIZE_ROUND_DOWN((uint64_t) ((double) m * (double) h->disk_size_relative / (double) UINT32_MAX));
1947
1948 log_info("Sizing home to %" PRIu64 ".%01" PRIu64 "%% of available disk space, which is %s.",
1949 (h->disk_size_relative * 100) / UINT32_MAX,
1950 ((h->disk_size_relative * 1000) / UINT32_MAX) % 10,
1951 FORMAT_BYTES(*ret));
1952 }
1953
1954 if (*ret < USER_DISK_SIZE_MIN)
1955 *ret = USER_DISK_SIZE_MIN;
1956
1957 return 0;
1958 }
1959
1960 static int home_truncate(
1961 UserRecord *h,
1962 int fd,
1963 uint64_t size) {
1964
1965 bool trunc;
1966 int r;
1967
1968 assert(h);
1969 assert(fd >= 0);
1970
1971 trunc = user_record_luks_discard(h);
1972 if (!trunc) {
1973 r = fallocate(fd, 0, 0, size);
1974 if (r < 0 && ERRNO_IS_NOT_SUPPORTED(errno)) {
1975 /* Some file systems do not support fallocate(), let's gracefully degrade
1976 * (ZFS, reiserfs, …) and fall back to truncation */
1977 log_notice_errno(errno, "Backing file system does not support fallocate(), falling back to ftruncate(), i.e. implicitly using non-discard mode.");
1978 trunc = true;
1979 }
1980 }
1981
1982 if (trunc)
1983 r = ftruncate(fd, size);
1984
1985 if (r < 0) {
1986 if (ERRNO_IS_DISK_SPACE(errno)) {
1987 log_debug_errno(errno, "Not enough disk space to allocate home of size %s.", FORMAT_BYTES(size));
1988 return -ENOSPC; /* make recognizable */
1989 }
1990
1991 return log_error_errno(errno, "Failed to truncate home image: %m");
1992 }
1993
1994 return !trunc; /* Return == 0 if we managed to truncate, > 0 if we managed to allocate */
1995 }
1996
1997 int home_create_luks(
1998 UserRecord *h,
1999 HomeSetup *setup,
2000 const PasswordCache *cache,
2001 char **effective_passwords,
2002 UserRecord **ret_home) {
2003
2004 _cleanup_free_ char *subdir = NULL, *disk_uuid_path = NULL;
2005 uint64_t encrypted_size,
2006 host_size = 0, partition_offset = 0, partition_size = 0; /* Unnecessary initialization to appease gcc */
2007 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
2008 sd_id128_t partition_uuid, fs_uuid, luks_uuid, disk_uuid;
2009 _cleanup_close_ int mount_fd = -1;
2010 const char *fstype, *ip;
2011 struct statfs sfs;
2012 int r;
2013
2014 assert(h);
2015 assert(h->storage < 0 || h->storage == USER_LUKS);
2016 assert(setup);
2017 assert(!setup->temporary_image_path);
2018 assert(setup->image_fd < 0);
2019 assert(ret_home);
2020
2021 r = dlopen_cryptsetup();
2022 if (r < 0)
2023 return r;
2024
2025 assert_se(ip = user_record_image_path(h));
2026
2027 fstype = user_record_file_system_type(h);
2028 if (!supported_fstype(fstype))
2029 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "Unsupported file system type: %s", fstype);
2030
2031 r = mkfs_exists(fstype);
2032 if (r < 0)
2033 return log_error_errno(r, "Failed to check if mkfs binary for %s exists: %m", fstype);
2034 if (r == 0) {
2035 if (h->file_system_type || streq(fstype, "ext4") || !supported_fstype("ext4"))
2036 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "mkfs binary for file system type %s does not exist.", fstype);
2037
2038 /* If the record does not explicitly declare a file system to use, and the compiled-in
2039 * default does not actually exist, than do an automatic fallback onto ext4, as the baseline
2040 * fs of Linux. We won't search for a working fs type here beyond ext4, i.e. nothing fancier
2041 * than a single, conservative fallback to baseline. This should be useful in minimal
2042 * environments where mkfs.btrfs or so are not made available, but mkfs.ext4 as Linux' most
2043 * boring, most basic fs is. */
2044 log_info("Formatting tool for compiled-in default file system %s not available, falling back to ext4 instead.", fstype);
2045 fstype = "ext4";
2046 }
2047
2048 if (sd_id128_is_null(h->partition_uuid)) {
2049 r = sd_id128_randomize(&partition_uuid);
2050 if (r < 0)
2051 return log_error_errno(r, "Failed to acquire partition UUID: %m");
2052 } else
2053 partition_uuid = h->partition_uuid;
2054
2055 if (sd_id128_is_null(h->luks_uuid)) {
2056 r = sd_id128_randomize(&luks_uuid);
2057 if (r < 0)
2058 return log_error_errno(r, "Failed to acquire LUKS UUID: %m");
2059 } else
2060 luks_uuid = h->luks_uuid;
2061
2062 if (sd_id128_is_null(h->file_system_uuid)) {
2063 r = sd_id128_randomize(&fs_uuid);
2064 if (r < 0)
2065 return log_error_errno(r, "Failed to acquire file system UUID: %m");
2066 } else
2067 fs_uuid = h->file_system_uuid;
2068
2069 r = make_dm_names(h, setup);
2070 if (r < 0)
2071 return r;
2072
2073 r = access(setup->dm_node, F_OK);
2074 if (r < 0) {
2075 if (errno != ENOENT)
2076 return log_error_errno(errno, "Failed to determine whether %s exists: %m", setup->dm_node);
2077 } else
2078 return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Device mapper device %s already exists, refusing.", setup->dm_node);
2079
2080 if (path_startswith(ip, "/dev/")) {
2081 _cleanup_free_ char *sysfs = NULL;
2082 uint64_t block_device_size;
2083 struct stat st;
2084
2085 /* Let's place the home directory on a real device, i.e. an USB stick or such */
2086
2087 setup->image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
2088 if (setup->image_fd < 0)
2089 return log_error_errno(errno, "Failed to open device %s: %m", ip);
2090
2091 if (fstat(setup->image_fd, &st) < 0)
2092 return log_error_errno(errno, "Failed to stat device %s: %m", ip);
2093 if (!S_ISBLK(st.st_mode))
2094 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Device is not a block device, refusing.");
2095
2096 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/partition", major(st.st_rdev), minor(st.st_rdev)) < 0)
2097 return log_oom();
2098 if (access(sysfs, F_OK) < 0) {
2099 if (errno != ENOENT)
2100 return log_error_errno(errno, "Failed to check whether %s exists: %m", sysfs);
2101 } else
2102 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Operating on partitions is currently not supported, sorry. Please specify a top-level block device.");
2103
2104 if (flock(setup->image_fd, LOCK_EX) < 0) /* make sure udev doesn't read from it while we operate on the device */
2105 return log_error_errno(errno, "Failed to lock block device %s: %m", ip);
2106
2107 if (ioctl(setup->image_fd, BLKGETSIZE64, &block_device_size) < 0)
2108 return log_error_errno(errno, "Failed to read block device size: %m");
2109
2110 if (h->disk_size == UINT64_MAX) {
2111
2112 /* If a relative disk size is requested, apply it relative to the block device size */
2113 if (h->disk_size_relative < UINT32_MAX)
2114 host_size = CLAMP(DISK_SIZE_ROUND_DOWN(block_device_size * h->disk_size_relative / UINT32_MAX),
2115 USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
2116 else
2117 host_size = block_device_size; /* Otherwise, take the full device */
2118
2119 } else if (h->disk_size > block_device_size)
2120 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE), "Selected disk size larger than backing block device, refusing.");
2121 else
2122 host_size = DISK_SIZE_ROUND_DOWN(h->disk_size);
2123
2124 if (!supported_fs_size(fstype, host_size))
2125 return log_error_errno(SYNTHETIC_ERRNO(ERANGE),
2126 "Selected file system size too small for %s.", fstype);
2127
2128 /* After creation we should reference this partition by its UUID instead of the block
2129 * device. That's preferable since the user might have specified a device node such as
2130 * /dev/sdb to us, which might look very different when replugged. */
2131 if (asprintf(&disk_uuid_path, "/dev/disk/by-uuid/" SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(luks_uuid)) < 0)
2132 return log_oom();
2133
2134 if (user_record_luks_discard(h) || user_record_luks_offline_discard(h)) {
2135 /* If we want online or offline discard, discard once before we start using things. */
2136
2137 if (ioctl(setup->image_fd, BLKDISCARD, (uint64_t[]) { 0, block_device_size }) < 0)
2138 log_full_errno(errno == EOPNOTSUPP ? LOG_DEBUG : LOG_WARNING, errno,
2139 "Failed to issue full-device BLKDISCARD on device, ignoring: %m");
2140 else
2141 log_info("Full device discard completed.");
2142 }
2143 } else {
2144 _cleanup_free_ char *parent = NULL, *t = NULL;
2145
2146 parent = dirname_malloc(ip);
2147 if (!parent)
2148 return log_oom();
2149
2150 r = mkdir_p(parent, 0755);
2151 if (r < 0)
2152 return log_error_errno(r, "Failed to create parent directory %s: %m", parent);
2153
2154 r = calculate_disk_size(h, parent, &host_size);
2155 if (r < 0)
2156 return r;
2157
2158 if (!supported_fs_size(fstype, host_size))
2159 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Selected file system size too small for %s.", fstype);
2160
2161 r = tempfn_random(ip, "homework", &t);
2162 if (r < 0)
2163 return log_error_errno(r, "Failed to derive temporary file name for %s: %m", ip);
2164
2165 setup->image_fd = open(t, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
2166 if (setup->image_fd < 0)
2167 return log_error_errno(errno, "Failed to create home image %s: %m", t);
2168
2169 setup->temporary_image_path = TAKE_PTR(t);
2170
2171 r = chattr_full(t, setup->image_fd, FS_NOCOW_FL|FS_NOCOMP_FL, FS_NOCOW_FL|FS_NOCOMP_FL, NULL, NULL, CHATTR_FALLBACK_BITWISE);
2172 if (r < 0 && r != -ENOANO) /* ENOANO → some bits didn't work; which we skip logging about because chattr_full() already debug logs about those flags */
2173 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
2174 "Failed to set file attributes on %s, ignoring: %m", setup->temporary_image_path);
2175
2176 r = home_truncate(h, setup->image_fd, host_size);
2177 if (r < 0)
2178 return r;
2179
2180 log_info("Allocating image file completed.");
2181 }
2182
2183 r = make_partition_table(
2184 setup->image_fd,
2185 user_record_user_name_and_realm(h),
2186 partition_uuid,
2187 &partition_offset,
2188 &partition_size,
2189 &disk_uuid);
2190 if (r < 0)
2191 return r;
2192
2193 log_info("Writing of partition table completed.");
2194
2195 r = loop_device_make(setup->image_fd, O_RDWR, partition_offset, partition_size, 0, &setup->loop);
2196 if (r < 0) {
2197 if (r == -ENOENT) { /* this means /dev/loop-control doesn't exist, i.e. we are in a container
2198 * or similar and loopback bock devices are not available, return a
2199 * recognizable error in this case. */
2200 log_error_errno(r, "Loopback block device support is not available on this system.");
2201 return -ENOLINK; /* Make recognizable */
2202 }
2203
2204 return log_error_errno(r, "Failed to set up loopback device for %s: %m", setup->temporary_image_path);
2205 }
2206
2207 r = loop_device_flock(setup->loop, LOCK_EX); /* make sure udev won't read before we are done */
2208 if (r < 0)
2209 return log_error_errno(r, "Failed to take lock on loop device: %m");
2210
2211 log_info("Setting up loopback device %s completed.", setup->loop->node ?: ip);
2212
2213 r = luks_format(setup->loop->node,
2214 setup->dm_name,
2215 luks_uuid,
2216 user_record_user_name_and_realm(h),
2217 cache,
2218 effective_passwords,
2219 user_record_luks_discard(h) || user_record_luks_offline_discard(h),
2220 h,
2221 &setup->crypt_device);
2222 if (r < 0)
2223 return r;
2224
2225 setup->undo_dm = true;
2226
2227 r = block_get_size_by_path(setup->dm_node, &encrypted_size);
2228 if (r < 0)
2229 return log_error_errno(r, "Failed to get encrypted block device size: %m");
2230
2231 log_info("Setting up LUKS device %s completed.", setup->dm_node);
2232
2233 r = make_filesystem(setup->dm_node, fstype, user_record_user_name_and_realm(h), fs_uuid, user_record_luks_discard(h));
2234 if (r < 0)
2235 return r;
2236
2237 log_info("Formatting file system completed.");
2238
2239 r = home_unshare_and_mount(setup->dm_node, fstype, user_record_luks_discard(h), user_record_mount_flags(h), h->luks_extra_mount_options);
2240 if (r < 0)
2241 return r;
2242
2243 setup->undo_mount = true;
2244
2245 subdir = path_join(HOME_RUNTIME_WORK_DIR, user_record_user_name_and_realm(h));
2246 if (!subdir)
2247 return log_oom();
2248
2249 /* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
2250 r = btrfs_subvol_make_fallback(subdir, 0700);
2251 if (r < 0)
2252 return log_error_errno(r, "Failed to create user directory in mounted image file: %m");
2253
2254 setup->root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
2255 if (setup->root_fd < 0)
2256 return log_error_errno(errno, "Failed to open user directory in mounted image file: %m");
2257
2258 (void) home_shift_uid(setup->root_fd, NULL, UID_NOBODY, h->uid, &mount_fd);
2259
2260 if (mount_fd >= 0) {
2261 /* If we have established a new mount, then we can use that as new root fd to our home directory. */
2262 safe_close(setup->root_fd);
2263
2264 setup->root_fd = fd_reopen(mount_fd, O_RDONLY|O_CLOEXEC|O_DIRECTORY);
2265 if (setup->root_fd < 0)
2266 return log_error_errno(setup->root_fd, "Unable to convert mount fd into proper directory fd: %m");
2267
2268 mount_fd = safe_close(mount_fd);
2269 }
2270
2271 r = home_populate(h, setup->root_fd);
2272 if (r < 0)
2273 return r;
2274
2275 r = home_sync_and_statfs(setup->root_fd, &sfs);
2276 if (r < 0)
2277 return r;
2278
2279 r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE, &new_home);
2280 if (r < 0)
2281 return log_error_errno(r, "Failed to clone record: %m");
2282
2283 r = user_record_add_binding(
2284 new_home,
2285 USER_LUKS,
2286 disk_uuid_path ?: ip,
2287 partition_uuid,
2288 luks_uuid,
2289 fs_uuid,
2290 sym_crypt_get_cipher(setup->crypt_device),
2291 sym_crypt_get_cipher_mode(setup->crypt_device),
2292 luks_volume_key_size_convert(setup->crypt_device),
2293 fstype,
2294 NULL,
2295 h->uid,
2296 (gid_t) h->uid);
2297 if (r < 0)
2298 return log_error_errno(r, "Failed to add binding to record: %m");
2299
2300 if (user_record_luks_offline_discard(h)) {
2301 r = run_fitrim(setup->root_fd);
2302 if (r < 0)
2303 return r;
2304 }
2305
2306 setup->root_fd = safe_close(setup->root_fd);
2307
2308 r = home_setup_undo_mount(setup, LOG_ERR);
2309 if (r < 0)
2310 return r;
2311
2312 r = home_setup_undo_dm(setup, LOG_ERR);
2313 if (r < 0)
2314 return r;
2315
2316 setup->loop = loop_device_unref(setup->loop);
2317
2318 if (!user_record_luks_offline_discard(h)) {
2319 r= run_fallocate(setup->image_fd, NULL /* refresh stat() data */);
2320 if (r < 0)
2321 return r;
2322 }
2323
2324 /* Sync everything to disk before we move things into place under the final name. */
2325 if (fsync(setup->image_fd) < 0)
2326 return log_error_errno(r, "Failed to synchronize image to disk: %m");
2327
2328 if (disk_uuid_path)
2329 /* Reread partition table if this is a block device */
2330 (void) ioctl(setup->image_fd, BLKRRPART, 0);
2331 else {
2332 assert(setup->temporary_image_path);
2333
2334 if (rename(setup->temporary_image_path, ip) < 0)
2335 return log_error_errno(errno, "Failed to rename image file: %m");
2336
2337 setup->temporary_image_path = mfree(setup->temporary_image_path);
2338
2339 /* If we operate on a file, sync the containing directory too. */
2340 r = fsync_directory_of_file(setup->image_fd);
2341 if (r < 0)
2342 return log_error_errno(r, "Failed to synchronize directory of image file to disk: %m");
2343
2344 log_info("Moved image file into place.");
2345 }
2346
2347 /* Let's close the image fd now. If we are operating on a real block device this will release the BSD
2348 * lock that ensures udev doesn't interfere with what we are doing */
2349 setup->image_fd = safe_close(setup->image_fd);
2350
2351 if (disk_uuid_path)
2352 (void) wait_for_devlink(disk_uuid_path);
2353
2354 log_info("Everything completed.");
2355
2356 print_size_summary(host_size, encrypted_size, &sfs);
2357
2358 *ret_home = TAKE_PTR(new_home);
2359 return 0;
2360 }
2361
2362 int home_get_state_luks(UserRecord *h, HomeSetup *setup) {
2363 int r;
2364
2365 assert(h);
2366 assert(setup);
2367
2368 r = make_dm_names(h, setup);
2369 if (r < 0)
2370 return r;
2371
2372 r = access(setup->dm_node, F_OK);
2373 if (r < 0 && errno != ENOENT)
2374 return log_error_errno(errno, "Failed to determine whether %s exists: %m", setup->dm_node);
2375
2376 return r >= 0;
2377 }
2378
2379 enum {
2380 CAN_RESIZE_ONLINE,
2381 CAN_RESIZE_OFFLINE,
2382 };
2383
2384 static int can_resize_fs(int fd, uint64_t old_size, uint64_t new_size) {
2385 struct statfs sfs;
2386
2387 assert(fd >= 0);
2388
2389 /* Filter out bogus requests early */
2390 if (old_size == 0 || old_size == UINT64_MAX ||
2391 new_size == 0 || new_size == UINT64_MAX)
2392 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid resize parameters.");
2393
2394 if ((old_size & 511) != 0 || (new_size & 511) != 0)
2395 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Resize parameters not multiple of 512.");
2396
2397 if (fstatfs(fd, &sfs) < 0)
2398 return log_error_errno(errno, "Failed to fstatfs() file system: %m");
2399
2400 if (is_fs_type(&sfs, BTRFS_SUPER_MAGIC)) {
2401
2402 if (new_size < BTRFS_MINIMAL_SIZE)
2403 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for btrfs (needs to be 256M at least.");
2404
2405 /* btrfs can grow and shrink online */
2406
2407 } else if (is_fs_type(&sfs, XFS_SB_MAGIC)) {
2408
2409 if (new_size < XFS_MINIMAL_SIZE)
2410 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for xfs (needs to be 14M at least).");
2411
2412 /* XFS can grow, but not shrink */
2413 if (new_size < old_size)
2414 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE), "Shrinking this type of file system is not supported.");
2415
2416 } else if (is_fs_type(&sfs, EXT4_SUPER_MAGIC)) {
2417
2418 if (new_size < EXT4_MINIMAL_SIZE)
2419 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for ext4 (needs to be 1M at least).");
2420
2421 /* ext4 can grow online, and shrink offline */
2422 if (new_size < old_size)
2423 return CAN_RESIZE_OFFLINE;
2424
2425 } else
2426 return log_error_errno(SYNTHETIC_ERRNO(ESOCKTNOSUPPORT), "Resizing this type of file system is not supported.");
2427
2428 return CAN_RESIZE_ONLINE;
2429 }
2430
2431 static int ext4_offline_resize_fs(
2432 HomeSetup *setup,
2433 uint64_t new_size,
2434 bool discard,
2435 unsigned long flags,
2436 const char *extra_mount_options) {
2437
2438 _cleanup_free_ char *size_str = NULL;
2439 bool re_open = false, re_mount = false;
2440 pid_t resize_pid, fsck_pid;
2441 int r, exit_status;
2442
2443 assert(setup);
2444 assert(setup->dm_node);
2445
2446 /* First, unmount the file system */
2447 if (setup->root_fd >= 0) {
2448 setup->root_fd = safe_close(setup->root_fd);
2449 re_open = true;
2450 }
2451
2452 if (setup->undo_mount) {
2453 r = home_setup_undo_mount(setup, LOG_ERR);
2454 if (r < 0)
2455 return r;
2456
2457 re_mount = true;
2458 }
2459
2460 log_info("Temporary unmounting of file system completed.");
2461
2462 /* resize2fs requires that the file system is force checked first, do so. */
2463 r = safe_fork("(e2fsck)",
2464 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
2465 &fsck_pid);
2466 if (r < 0)
2467 return r;
2468 if (r == 0) {
2469 /* Child */
2470 execlp("e2fsck" ,"e2fsck", "-fp", setup->dm_node, NULL);
2471 log_open();
2472 log_error_errno(errno, "Failed to execute e2fsck: %m");
2473 _exit(EXIT_FAILURE);
2474 }
2475
2476 exit_status = wait_for_terminate_and_check("e2fsck", fsck_pid, WAIT_LOG_ABNORMAL);
2477 if (exit_status < 0)
2478 return exit_status;
2479 if ((exit_status & ~FSCK_ERROR_CORRECTED) != 0) {
2480 log_warning("e2fsck failed with exit status %i.", exit_status);
2481
2482 if ((exit_status & (FSCK_SYSTEM_SHOULD_REBOOT|FSCK_ERRORS_LEFT_UNCORRECTED)) != 0)
2483 return log_error_errno(SYNTHETIC_ERRNO(EIO), "File system is corrupted, refusing.");
2484
2485 log_warning("Ignoring fsck error.");
2486 }
2487
2488 log_info("Forced file system check completed.");
2489
2490 /* We use 512 sectors here, because resize2fs doesn't do byte sizes */
2491 if (asprintf(&size_str, "%" PRIu64 "s", new_size / 512) < 0)
2492 return log_oom();
2493
2494 /* Resize the thing */
2495 r = safe_fork("(e2resize)",
2496 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
2497 &resize_pid);
2498 if (r < 0)
2499 return r;
2500 if (r == 0) {
2501 /* Child */
2502 execlp("resize2fs" ,"resize2fs", setup->dm_node, size_str, NULL);
2503 log_open();
2504 log_error_errno(errno, "Failed to execute resize2fs: %m");
2505 _exit(EXIT_FAILURE);
2506 }
2507
2508 log_info("Offline file system resize completed.");
2509
2510 /* Re-establish mounts and reopen the directory */
2511 if (re_mount) {
2512 r = home_mount_node(setup->dm_node, "ext4", discard, flags, extra_mount_options);
2513 if (r < 0)
2514 return r;
2515
2516 setup->undo_mount = true;
2517 }
2518
2519 if (re_open) {
2520 setup->root_fd = open(HOME_RUNTIME_WORK_DIR, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
2521 if (setup->root_fd < 0)
2522 return log_error_errno(errno, "Failed to reopen file system: %m");
2523 }
2524
2525 log_info("File system mounted again.");
2526
2527 return 0;
2528 }
2529
2530 static int prepare_resize_partition(
2531 int fd,
2532 uint64_t partition_offset,
2533 uint64_t old_partition_size,
2534 sd_id128_t *ret_disk_uuid,
2535 struct fdisk_table **ret_table,
2536 struct fdisk_partition **ret_partition) {
2537
2538 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
2539 _cleanup_(fdisk_unref_tablep) struct fdisk_table *t = NULL;
2540 _cleanup_free_ char *path = NULL, *disk_uuid_as_string = NULL;
2541 struct fdisk_partition *found = NULL;
2542 sd_id128_t disk_uuid;
2543 size_t n_partitions;
2544 int r;
2545
2546 assert(fd >= 0);
2547 assert(ret_disk_uuid);
2548 assert(ret_table);
2549
2550 assert((partition_offset & 511) == 0);
2551 assert((old_partition_size & 511) == 0);
2552 assert(UINT64_MAX - old_partition_size >= partition_offset);
2553
2554 if (partition_offset == 0) {
2555 /* If the offset is at the beginning we assume no partition table, let's exit early. */
2556 log_debug("Not rewriting partition table, operating on naked device.");
2557 *ret_disk_uuid = SD_ID128_NULL;
2558 *ret_table = NULL;
2559 return 0;
2560 }
2561
2562 c = fdisk_new_context();
2563 if (!c)
2564 return log_oom();
2565
2566 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
2567 return log_oom();
2568
2569 r = fdisk_assign_device(c, path, 0);
2570 if (r < 0)
2571 return log_error_errno(r, "Failed to open device: %m");
2572
2573 if (!fdisk_is_labeltype(c, FDISK_DISKLABEL_GPT))
2574 return log_error_errno(SYNTHETIC_ERRNO(ENOMEDIUM), "Disk has no GPT partition table.");
2575
2576 r = fdisk_get_disklabel_id(c, &disk_uuid_as_string);
2577 if (r < 0)
2578 return log_error_errno(r, "Failed to acquire disk UUID: %m");
2579
2580 r = sd_id128_from_string(disk_uuid_as_string, &disk_uuid);
2581 if (r < 0)
2582 return log_error_errno(r, "Failed parse disk UUID: %m");
2583
2584 r = fdisk_get_partitions(c, &t);
2585 if (r < 0)
2586 return log_error_errno(r, "Failed to acquire partition table: %m");
2587
2588 n_partitions = fdisk_table_get_nents(t);
2589 for (size_t i = 0; i < n_partitions; i++) {
2590 struct fdisk_partition *p;
2591
2592 p = fdisk_table_get_partition(t, i);
2593 if (!p)
2594 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata: %m");
2595
2596 if (fdisk_partition_is_used(p) <= 0)
2597 continue;
2598 if (fdisk_partition_has_start(p) <= 0 || fdisk_partition_has_size(p) <= 0 || fdisk_partition_has_end(p) <= 0)
2599 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Found partition without a size.");
2600
2601 if (fdisk_partition_get_start(p) == partition_offset / 512U &&
2602 fdisk_partition_get_size(p) == old_partition_size / 512U) {
2603
2604 if (found)
2605 return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), "Partition found twice, refusing.");
2606
2607 found = p;
2608 } else if (fdisk_partition_get_end(p) > partition_offset / 512U)
2609 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Can't extend, not last partition in image.");
2610 }
2611
2612 if (!found)
2613 return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "Failed to find matching partition to resize.");
2614
2615 *ret_disk_uuid = disk_uuid;
2616 *ret_table = TAKE_PTR(t);
2617 *ret_partition = found;
2618
2619 return 1;
2620 }
2621
2622 static int ask_cb(struct fdisk_context *c, struct fdisk_ask *ask, void *userdata) {
2623 char *result;
2624
2625 assert(c);
2626
2627 switch (fdisk_ask_get_type(ask)) {
2628
2629 case FDISK_ASKTYPE_STRING:
2630 result = new(char, 37);
2631 if (!result)
2632 return log_oom();
2633
2634 fdisk_ask_string_set_result(ask, id128_to_uuid_string(*(sd_id128_t*) userdata, result));
2635 break;
2636
2637 default:
2638 log_debug("Unexpected question from libfdisk, ignoring.");
2639 }
2640
2641 return 0;
2642 }
2643
2644 static int apply_resize_partition(
2645 int fd,
2646 sd_id128_t disk_uuids,
2647 struct fdisk_table *t,
2648 struct fdisk_partition *p,
2649 size_t new_partition_size) {
2650
2651 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
2652 _cleanup_free_ void *two_zero_lbas = NULL;
2653 _cleanup_free_ char *path = NULL;
2654 ssize_t n;
2655 int r;
2656
2657 assert(fd >= 0);
2658 assert(!t == !p);
2659
2660 if (!t) /* no partition table to apply, exit early */
2661 return 0;
2662
2663 assert(p);
2664
2665 /* Before writing our partition patch the final size in */
2666 r = fdisk_partition_size_explicit(p, 1);
2667 if (r < 0)
2668 return log_error_errno(r, "Failed to enable explicit partition size: %m");
2669
2670 r = fdisk_partition_set_size(p, new_partition_size / 512U);
2671 if (r < 0)
2672 return log_error_errno(r, "Failed to change partition size: %m");
2673
2674 two_zero_lbas = malloc0(1024U);
2675 if (!two_zero_lbas)
2676 return log_oom();
2677
2678 /* libfdisk appears to get confused by the existing PMBR. Let's explicitly flush it out. */
2679 n = pwrite(fd, two_zero_lbas, 1024U, 0);
2680 if (n < 0)
2681 return log_error_errno(errno, "Failed to wipe partition table: %m");
2682 if (n != 1024)
2683 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Short write while wiping partition table.");
2684
2685 c = fdisk_new_context();
2686 if (!c)
2687 return log_oom();
2688
2689 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
2690 return log_oom();
2691
2692 r = fdisk_assign_device(c, path, 0);
2693 if (r < 0)
2694 return log_error_errno(r, "Failed to open device: %m");
2695
2696 r = fdisk_create_disklabel(c, "gpt");
2697 if (r < 0)
2698 return log_error_errno(r, "Failed to create GPT disk label: %m");
2699
2700 r = fdisk_apply_table(c, t);
2701 if (r < 0)
2702 return log_error_errno(r, "Failed to apply partition table: %m");
2703
2704 r = fdisk_set_ask(c, ask_cb, &disk_uuids);
2705 if (r < 0)
2706 return log_error_errno(r, "Failed to set libfdisk query function: %m");
2707
2708 r = fdisk_set_disklabel_id(c);
2709 if (r < 0)
2710 return log_error_errno(r, "Failed to change disklabel ID: %m");
2711
2712 r = fdisk_write_disklabel(c);
2713 if (r < 0)
2714 return log_error_errno(r, "Failed to write disk label: %m");
2715
2716 return 1;
2717 }
2718
2719 /* Always keep at least 16M free, so that we can safely log in and update the user record while doing so */
2720 #define HOME_MIN_FREE (16U*1024U*1024U)
2721
2722 static int get_smallest_fs_size(int fd, uint64_t *ret) {
2723 uint64_t minsz, needed;
2724 struct statfs sfs;
2725
2726 assert(fd >= 0);
2727 assert(ret);
2728
2729 /* Determines the minimal disk size we might be able to shrink the file system referenced by the fd to. */
2730
2731 if (syncfs(fd) < 0) /* let's sync before we query the size, so that the values returned are accurate */
2732 return log_error_errno(errno, "Failed to synchronize home file system: %m");
2733
2734 if (fstatfs(fd, &sfs) < 0)
2735 return log_error_errno(errno, "Failed to statfs() home file system: %m");
2736
2737 /* Let's determine the minimal file syste size of the used fstype */
2738 minsz = minimal_size_by_fs_magic(sfs.f_type);
2739 if (minsz == UINT64_MAX)
2740 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Don't know minimum file system size of file system type '%s' of home directory.", fs_type_to_string(sfs.f_type));
2741
2742 if (minsz < USER_DISK_SIZE_MIN)
2743 minsz = USER_DISK_SIZE_MIN;
2744
2745 if (sfs.f_bfree > sfs.f_blocks)
2746 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Detected amount of free blocks is greater than the total amount of file system blocks. Refusing.");
2747
2748 /* Calculate how much disk space is currently in use. */
2749 needed = sfs.f_blocks - sfs.f_bfree;
2750 if (needed > UINT64_MAX / sfs.f_bsize)
2751 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "File system size out of range.");
2752
2753 needed *= sfs.f_bsize;
2754
2755 /* Add some safety margin of free space we'll always keep */
2756 if (needed > UINT64_MAX - HOME_MIN_FREE) /* Check for overflow */
2757 needed = UINT64_MAX;
2758 else
2759 needed += HOME_MIN_FREE;
2760
2761 *ret = DISK_SIZE_ROUND_UP(MAX(needed, minsz));
2762 return 0;
2763 }
2764
2765 static int get_largest_image_size(int fd, const struct stat *st, uint64_t *ret) {
2766 uint64_t used, avail, sum;
2767 struct statfs sfs;
2768 int r;
2769
2770 assert(fd >= 0);
2771 assert(st);
2772 assert(ret);
2773
2774 /* Determines the maximum file size we might be able to grow the image file referenced by the fd to. */
2775
2776 r = stat_verify_regular(st);
2777 if (r < 0)
2778 return log_error_errno(r, "Image file is not a regular file, refusing: %m");
2779
2780 if (syncfs(fd) < 0)
2781 return log_error_errno(errno, "Failed to synchronize file system backing image file: %m");
2782
2783 if (fstatfs(fd, &sfs) < 0)
2784 return log_error_errno(errno, "Failed to statfs() image file: %m");
2785
2786 used = (uint64_t) st->st_blocks * 512;
2787 avail = (uint64_t) sfs.f_bsize * sfs.f_bavail;
2788
2789 if (avail > UINT64_MAX - used)
2790 sum = UINT64_MAX;
2791 else
2792 sum = avail + used;
2793
2794 *ret = DISK_SIZE_ROUND_DOWN(MIN(sum, USER_DISK_SIZE_MAX));
2795 return 0;
2796 }
2797
2798 static int resize_fs_loop(
2799 UserRecord *h,
2800 HomeSetup *setup,
2801 int resize_type,
2802 uint64_t old_fs_size,
2803 uint64_t new_fs_size,
2804 uint64_t *ret_fs_size) {
2805
2806 uint64_t current_fs_size;
2807 unsigned n_iterations = 0;
2808 int r;
2809
2810 assert(h);
2811 assert(setup);
2812 assert(setup->root_fd >= 0);
2813
2814 /* A bisection loop trying to find the closest size to what the user asked for. (Well, we bisect like
2815 * this only when we *shrink* the fs — if we grow the fs there's no need to bisect.) */
2816
2817 current_fs_size = old_fs_size;
2818 for (uint64_t lower_boundary = new_fs_size, upper_boundary = old_fs_size, try_fs_size = new_fs_size;;) {
2819 bool worked;
2820
2821 n_iterations++;
2822
2823 /* Now resize the file system */
2824 if (resize_type == CAN_RESIZE_ONLINE) {
2825 r = resize_fs(setup->root_fd, try_fs_size, NULL);
2826 if (r < 0) {
2827 if (!ERRNO_IS_DISK_SPACE(r) || new_fs_size > old_fs_size) /* Not a disk space issue? Not trying to shrink? */
2828 return log_error_errno(r, "Failed to resize file system: %m");
2829
2830 log_debug_errno(r, "Shrinking from %s to %s didn't work, not enough space for contained data.", FORMAT_BYTES(current_fs_size), FORMAT_BYTES(try_fs_size));
2831 worked = false;
2832 } else {
2833 log_debug("Successfully resized from %s to %s.", FORMAT_BYTES(current_fs_size), FORMAT_BYTES(try_fs_size));
2834 current_fs_size = try_fs_size;
2835 worked = true;
2836 }
2837
2838 /* If we hit a disk space issue and are shrinking the fs, then maybe it helps to
2839 * increase the image size. */
2840 } else {
2841 r = ext4_offline_resize_fs(setup, try_fs_size, user_record_luks_discard(h), user_record_mount_flags(h), h->luks_extra_mount_options);
2842 if (r < 0)
2843 return r;
2844
2845 /* For now, when we fail to shrink an ext4 image we'll not try again via the
2846 * bisection logic. We might add that later, but give this involves shelling out
2847 * multiple programs it's a bit too cumbersome to my taste. */
2848
2849 worked = true;
2850 current_fs_size = try_fs_size;
2851 }
2852
2853 if (new_fs_size > old_fs_size) /* If we are growing we are done after one iteration */
2854 break;
2855
2856 /* If we are shrinking then let's adjust our bisection boundaries and try again. */
2857 if (worked)
2858 upper_boundary = MIN(upper_boundary, try_fs_size);
2859 else
2860 lower_boundary = MAX(lower_boundary, try_fs_size);
2861
2862 /* OK, this attempt to shrink didn't work. Let's try between the old size and what worked. */
2863 if (lower_boundary >= upper_boundary) {
2864 log_debug("Image can't be shrunk further (range to try is empty).");
2865 break;
2866 }
2867
2868 /* Let's find a new value to try half-way between the lower boundary and the upper boundary
2869 * to try now. */
2870 try_fs_size = DISK_SIZE_ROUND_DOWN(lower_boundary + (upper_boundary - lower_boundary) / 2);
2871 if (try_fs_size <= lower_boundary || try_fs_size >= upper_boundary) {
2872 log_debug("Image can't be shrunk further (remaining range to try too small).");
2873 break;
2874 }
2875 }
2876
2877 log_debug("Bisection loop completed after %u iterations.", n_iterations);
2878
2879 if (ret_fs_size)
2880 *ret_fs_size = current_fs_size;
2881
2882 return 0;
2883 }
2884
2885 static int resize_image_loop(
2886 UserRecord *h,
2887 HomeSetup *setup,
2888 uint64_t old_image_size,
2889 uint64_t new_image_size,
2890 uint64_t *ret_image_size) {
2891
2892 uint64_t current_image_size;
2893 unsigned n_iterations = 0;
2894 int r;
2895
2896 assert(h);
2897 assert(setup);
2898 assert(setup->image_fd >= 0);
2899
2900 /* A bisection loop trying to find the closest size to what the user asked for. (Well, we bisect like
2901 * this only when we *grow* the image — if we shrink the image then there's no need to bisect.) */
2902
2903 current_image_size = old_image_size;
2904 for (uint64_t lower_boundary = old_image_size, upper_boundary = new_image_size, try_image_size = new_image_size;;) {
2905 bool worked;
2906
2907 n_iterations++;
2908
2909 r = home_truncate(h, setup->image_fd, try_image_size);
2910 if (r < 0) {
2911 if (!ERRNO_IS_DISK_SPACE(r) || new_image_size < old_image_size) /* Not a disk space issue? Not trying to grow? */
2912 return r;
2913
2914 log_debug_errno(r, "Growing from %s to %s didn't work, not enough space on backing disk.", FORMAT_BYTES(current_image_size), FORMAT_BYTES(try_image_size));
2915 worked = false;
2916 } else if (r > 0) { /* Success: allocation worked */
2917 log_debug("Resizing from %s to %s via allocation worked successfully.", FORMAT_BYTES(current_image_size), FORMAT_BYTES(try_image_size));
2918 current_image_size = try_image_size;
2919 worked = true;
2920 } else { /* Success, but through truncation, not allocation. */
2921 log_debug("Resizing from %s to %s via truncation worked successfully.", FORMAT_BYTES(old_image_size), FORMAT_BYTES(try_image_size));
2922 current_image_size = try_image_size;
2923 break; /* there's no point in the bisection logic if this was plain truncation and
2924 * not allocation, let's exit immediately. */
2925 }
2926
2927 if (new_image_size < old_image_size) /* If we are shrinking we are done after one iteration */
2928 break;
2929
2930 /* If we are growing then let's adjust our bisection boundaries and try again */
2931 if (worked)
2932 lower_boundary = MAX(lower_boundary, try_image_size);
2933 else
2934 upper_boundary = MIN(upper_boundary, try_image_size);
2935
2936 if (lower_boundary >= upper_boundary) {
2937 log_debug("Image can't be grown further (range to try is empty).");
2938 break;
2939 }
2940
2941 try_image_size = DISK_SIZE_ROUND_DOWN(lower_boundary + (upper_boundary - lower_boundary) / 2);
2942 if (try_image_size <= lower_boundary || try_image_size >= upper_boundary) {
2943 log_debug("Image can't be grown further (remaining range to try too small).");
2944 break;
2945 }
2946 }
2947
2948 log_debug("Bisection loop completed after %u iterations.", n_iterations);
2949
2950 if (ret_image_size)
2951 *ret_image_size = current_image_size;
2952
2953 return 0;
2954 }
2955
2956 int home_resize_luks(
2957 UserRecord *h,
2958 HomeSetupFlags flags,
2959 HomeSetup *setup,
2960 PasswordCache *cache,
2961 UserRecord **ret_home) {
2962
2963 uint64_t old_image_size, new_image_size, old_fs_size, new_fs_size, crypto_offset, crypto_offset_bytes,
2964 new_partition_size, smallest_fs_size, resized_fs_size;
2965 _cleanup_(user_record_unrefp) UserRecord *header_home = NULL, *embedded_home = NULL, *new_home = NULL;
2966 _cleanup_(fdisk_unref_tablep) struct fdisk_table *table = NULL;
2967 struct fdisk_partition *partition = NULL;
2968 _cleanup_close_ int opened_image_fd = -1;
2969 _cleanup_free_ char *whole_disk = NULL;
2970 int r, resize_type, image_fd = -1;
2971 sd_id128_t disk_uuid;
2972 const char *ip, *ipo;
2973 struct statfs sfs;
2974 struct stat st;
2975 enum {
2976 INTENTION_DONT_KNOW = 0, /* These happen to match the return codes of CMP() */
2977 INTENTION_SHRINK = -1,
2978 INTENTION_GROW = 1,
2979 } intention = INTENTION_DONT_KNOW;
2980
2981 assert(h);
2982 assert(user_record_storage(h) == USER_LUKS);
2983 assert(setup);
2984
2985 r = dlopen_cryptsetup();
2986 if (r < 0)
2987 return r;
2988
2989 assert_se(ipo = user_record_image_path(h));
2990 ip = strdupa_safe(ipo); /* copy out since original might change later in home record object */
2991
2992 if (setup->image_fd < 0) {
2993 setup->image_fd = open_image_file(h, NULL, &st);
2994 if (setup->image_fd < 0)
2995 return setup->image_fd;
2996 } else {
2997 if (fstat(setup->image_fd, &st) < 0)
2998 return log_error_errno(errno, "Failed to stat image file %s: %m", ip);
2999 }
3000
3001 image_fd = setup->image_fd;
3002
3003 if (S_ISBLK(st.st_mode)) {
3004 dev_t parent;
3005
3006 r = block_get_whole_disk(st.st_rdev, &parent);
3007 if (r < 0)
3008 return log_error_errno(r, "Failed to acquire whole block device for %s: %m", ip);
3009 if (r > 0) {
3010 /* If we shall resize a file system on a partition device, then let's figure out the
3011 * whole disk device and operate on that instead, since we need to rewrite the
3012 * partition table to resize the partition. */
3013
3014 log_info("Operating on partition device %s, using parent device.", ip);
3015
3016 r = device_path_make_major_minor(st.st_mode, parent, &whole_disk);
3017 if (r < 0)
3018 return log_error_errno(r, "Failed to derive whole disk path for %s: %m", ip);
3019
3020 opened_image_fd = open(whole_disk, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
3021 if (opened_image_fd < 0)
3022 return log_error_errno(errno, "Failed to open whole block device %s: %m", whole_disk);
3023
3024 image_fd = opened_image_fd;
3025
3026 if (fstat(image_fd, &st) < 0)
3027 return log_error_errno(errno, "Failed to stat whole block device %s: %m", whole_disk);
3028 if (!S_ISBLK(st.st_mode))
3029 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Whole block device %s is not actually a block device, refusing.", whole_disk);
3030 } else
3031 log_info("Operating on whole block device %s.", ip);
3032
3033 if (ioctl(image_fd, BLKGETSIZE64, &old_image_size) < 0)
3034 return log_error_errno(errno, "Failed to determine size of original block device: %m");
3035
3036 if (flock(image_fd, LOCK_EX) < 0) /* make sure udev doesn't read from it while we operate on the device */
3037 return log_error_errno(errno, "Failed to lock block device %s: %m", ip);
3038
3039 new_image_size = old_image_size; /* we can't resize physical block devices */
3040 } else {
3041 r = stat_verify_regular(&st);
3042 if (r < 0)
3043 return log_error_errno(r, "Image %s is not a block device nor regular file: %m", ip);
3044
3045 old_image_size = st.st_size;
3046
3047 /* Note an asymetry here: when we operate on loopback files the specified disk size we get we
3048 * apply onto the loopback file as a whole. When we operate on block devices we instead apply
3049 * to the partition itself only. */
3050
3051 if (FLAGS_SET(flags, HOME_SETUP_RESIZE_MINIMIZE)) {
3052 new_image_size = 0;
3053 intention = INTENTION_SHRINK;
3054 } else {
3055 uint64_t new_image_size_rounded;
3056
3057 new_image_size_rounded = DISK_SIZE_ROUND_DOWN(h->disk_size);
3058
3059 if (old_image_size >= new_image_size_rounded && old_image_size <= h->disk_size) {
3060 /* If exact match, or a match after we rounded down, don't do a thing */
3061 log_info("Image size already matching, skipping operation.");
3062 return 0;
3063 }
3064
3065 new_image_size = new_image_size_rounded;
3066 intention = CMP(new_image_size, old_image_size); /* Is this a shrink */
3067 }
3068 }
3069
3070 r = home_setup_luks(
3071 h,
3072 flags,
3073 whole_disk,
3074 setup,
3075 cache,
3076 FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES) ? NULL : &header_home);
3077 if (r < 0)
3078 return r;
3079
3080 if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
3081 r = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
3082 if (r < 0)
3083 return r;
3084 }
3085
3086 log_info("offset = %" PRIu64 ", size = %" PRIu64 ", image = %" PRIu64, setup->partition_offset, setup->partition_size, old_image_size);
3087
3088 if ((UINT64_MAX - setup->partition_offset) < setup->partition_size ||
3089 setup->partition_offset + setup->partition_size > old_image_size)
3090 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Old partition doesn't fit in backing storage, refusing.");
3091
3092 if (S_ISREG(st.st_mode)) {
3093 uint64_t partition_table_extra, largest_size;
3094
3095 partition_table_extra = old_image_size - setup->partition_size;
3096
3097 r = get_largest_image_size(setup->image_fd, &st, &largest_size);
3098 if (r < 0)
3099 return r;
3100 if (new_image_size > largest_size)
3101 new_image_size = largest_size;
3102
3103 if (new_image_size < partition_table_extra)
3104 new_image_size = partition_table_extra;
3105
3106 new_partition_size = DISK_SIZE_ROUND_DOWN(new_image_size - partition_table_extra);
3107 } else {
3108 assert(S_ISBLK(st.st_mode));
3109
3110 if (FLAGS_SET(flags, HOME_SETUP_RESIZE_MINIMIZE)) {
3111 new_partition_size = 0;
3112 intention = INTENTION_SHRINK;
3113 } else {
3114 uint64_t new_partition_size_rounded;
3115
3116 new_partition_size_rounded = DISK_SIZE_ROUND_DOWN(h->disk_size);
3117
3118 if (setup->partition_size >= new_partition_size_rounded &&
3119 setup->partition_size <= h->disk_size) {
3120 log_info("Partition size already matching, skipping operation.");
3121 return 0;
3122 }
3123
3124 new_partition_size = new_partition_size_rounded;
3125 intention = CMP(new_partition_size, setup->partition_size);
3126 }
3127 }
3128
3129 if ((UINT64_MAX - setup->partition_offset) < new_partition_size ||
3130 setup->partition_offset + new_partition_size > new_image_size)
3131 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "New partition doesn't fit into backing storage, refusing.");
3132
3133 crypto_offset = sym_crypt_get_data_offset(setup->crypt_device);
3134 if (crypto_offset > UINT64_MAX/512U)
3135 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "LUKS2 data offset out of range, refusing.");
3136 crypto_offset_bytes = (uint64_t) crypto_offset * 512U;
3137 if (setup->partition_size <= crypto_offset_bytes)
3138 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Weird, old crypto payload offset doesn't actually fit in partition size?");
3139
3140 /* Make sure at least the LUKS header fit in */
3141 if (new_partition_size <= crypto_offset_bytes) {
3142 uint64_t add;
3143
3144 add = DISK_SIZE_ROUND_UP(crypto_offset_bytes) - new_partition_size;
3145 new_partition_size += add;
3146 if (S_ISREG(st.st_mode))
3147 new_image_size += add;
3148 }
3149
3150 old_fs_size = setup->partition_size - crypto_offset_bytes;
3151 new_fs_size = DISK_SIZE_ROUND_DOWN(new_partition_size - crypto_offset_bytes);
3152
3153 r = get_smallest_fs_size(setup->root_fd, &smallest_fs_size);
3154 if (r < 0)
3155 return r;
3156
3157 if (new_fs_size < smallest_fs_size) {
3158 uint64_t add;
3159
3160 add = DISK_SIZE_ROUND_UP(smallest_fs_size) - new_fs_size;
3161 new_fs_size += add;
3162 new_partition_size += add;
3163 if (S_ISREG(st.st_mode))
3164 new_image_size += add;
3165 }
3166
3167 if (new_fs_size == old_fs_size) {
3168 log_info("New file system size identical to old file system size, skipping operation.");
3169 return 0;
3170 }
3171
3172 if (FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_GROW) && new_fs_size > old_fs_size) {
3173 log_info("New file system size would be larger than old, but shrinking requested, skipping operation.");
3174 return 0;
3175 }
3176
3177 if (FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SHRINK) && new_fs_size < old_fs_size) {
3178 log_info("New file system size would be smaller than old, but growing requested, skipping operation.");
3179 return 0;
3180 }
3181
3182 if (CMP(new_fs_size, old_fs_size) != intention) {
3183 if (intention < 0)
3184 log_info("Shrink operation would enlarge file system, skipping operation.");
3185 else {
3186 assert(intention > 0);
3187 log_info("Grow operation would shrink file system, skipping operation.");
3188 }
3189 return 0;
3190 }
3191
3192 /* Before we start doing anything, let's figure out if we actually can */
3193 resize_type = can_resize_fs(setup->root_fd, old_fs_size, new_fs_size);
3194 if (resize_type < 0)
3195 return resize_type;
3196 if (resize_type == CAN_RESIZE_OFFLINE && FLAGS_SET(flags, HOME_SETUP_ALREADY_ACTIVATED))
3197 return log_error_errno(SYNTHETIC_ERRNO(ETXTBSY), "File systems of this type can only be resized offline, but is currently online.");
3198
3199 log_info("Ready to resize image size %s → %s, partition size %s → %s, file system size %s → %s.",
3200 FORMAT_BYTES(old_image_size),
3201 FORMAT_BYTES(new_image_size),
3202 FORMAT_BYTES(setup->partition_size),
3203 FORMAT_BYTES(new_partition_size),
3204 FORMAT_BYTES(old_fs_size),
3205 FORMAT_BYTES(new_fs_size));
3206
3207 r = prepare_resize_partition(
3208 image_fd,
3209 setup->partition_offset,
3210 setup->partition_size,
3211 &disk_uuid,
3212 &table,
3213 &partition);
3214 if (r < 0)
3215 return r;
3216
3217 if (new_fs_size > old_fs_size) { /* → Grow */
3218
3219 if (S_ISREG(st.st_mode)) {
3220 uint64_t resized_image_size;
3221
3222 /* Grow file size */
3223 r = resize_image_loop(h, setup, old_image_size, new_image_size, &resized_image_size);
3224 if (r < 0)
3225 return r;
3226
3227 if (resized_image_size == old_image_size) {
3228 log_info("Couldn't change image size.");
3229 return 0;
3230 }
3231
3232 assert(resized_image_size > old_image_size);
3233
3234 log_info("Growing of image file from %s to %s completed.", FORMAT_BYTES(old_image_size), FORMAT_BYTES(resized_image_size));
3235
3236 if (resized_image_size < new_image_size) {
3237 uint64_t sub;
3238
3239 /* If the growing we managed to do is smaller than what we wanted we need to
3240 * adjust the partition/file system sizes we are going for, too */
3241 sub = new_image_size - resized_image_size;
3242 assert(new_partition_size >= sub);
3243 new_partition_size -= sub;
3244 assert(new_fs_size >= sub);
3245 new_fs_size -= sub;
3246 }
3247
3248 new_image_size = resized_image_size;
3249 } else {
3250 assert(S_ISBLK(st.st_mode));
3251 assert(new_image_size == old_image_size);
3252 }
3253
3254 /* Make sure loopback device sees the new bigger size */
3255 r = loop_device_refresh_size(setup->loop, UINT64_MAX, new_partition_size);
3256 if (r == -ENOTTY)
3257 log_debug_errno(r, "Device is not a loopback device, not refreshing size.");
3258 else if (r < 0)
3259 return log_error_errno(r, "Failed to refresh loopback device size: %m");
3260 else
3261 log_info("Refreshing loop device size completed.");
3262
3263 r = apply_resize_partition(image_fd, disk_uuid, table, partition, new_partition_size);
3264 if (r < 0)
3265 return r;
3266 if (r > 0)
3267 log_info("Growing of partition completed.");
3268
3269 if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0)
3270 log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m");
3271
3272 /* Tell LUKS about the new bigger size too */
3273 r = sym_crypt_resize(setup->crypt_device, setup->dm_name, new_fs_size / 512U);
3274 if (r < 0)
3275 return log_error_errno(r, "Failed to grow LUKS device: %m");
3276
3277 log_info("LUKS device growing completed.");
3278 } else {
3279 /* → Shrink */
3280
3281 if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
3282 r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
3283 if (r < 0)
3284 return r;
3285 }
3286
3287 if (S_ISREG(st.st_mode)) {
3288 if (user_record_luks_discard(h))
3289 /* Before we shrink, let's trim the file system, so that we need less space on disk during the shrinking */
3290 (void) run_fitrim(setup->root_fd);
3291 else {
3292 /* If discard is off, let's ensure all backing blocks are allocated, so that our resize operation doesn't fail half-way */
3293 r = run_fallocate(image_fd, &st);
3294 if (r < 0)
3295 return r;
3296 }
3297 }
3298 }
3299
3300 /* Now try to resize the file system. The requested size might not always be possible, in which case
3301 * we'll try to get as close as we can get. The result is returned in 'resized_fs_size' */
3302 r = resize_fs_loop(h, setup, resize_type, old_fs_size, new_fs_size, &resized_fs_size);
3303 if (r < 0)
3304 return r;
3305
3306 if (resized_fs_size == old_fs_size) {
3307 log_info("Couldn't change file system size.");
3308 return 0;
3309 }
3310
3311 log_info("File system resizing from %s to %s completed.", FORMAT_BYTES(old_fs_size), FORMAT_BYTES(resized_fs_size));
3312
3313 if (resized_fs_size > new_fs_size) {
3314 uint64_t add;
3315
3316 /* If the shrinking we managed to do is larger than what we wanted we need to adjust the partition/image sizes. */
3317 add = resized_fs_size - new_fs_size;
3318 new_partition_size += add;
3319 if (S_ISREG(st.st_mode))
3320 new_image_size += add;
3321 }
3322
3323 new_fs_size = resized_fs_size;
3324
3325 /* Immediately sync afterwards */
3326 r = home_sync_and_statfs(setup->root_fd, NULL);
3327 if (r < 0)
3328 return r;
3329
3330 if (new_fs_size < old_fs_size) { /* → Shrink */
3331
3332 /* Shrink the LUKS device now, matching the new file system size */
3333 r = sym_crypt_resize(setup->crypt_device, setup->dm_name, new_fs_size / 512);
3334 if (r < 0)
3335 return log_error_errno(r, "Failed to shrink LUKS device: %m");
3336
3337 log_info("LUKS device shrinking completed.");
3338
3339 /* Refresh the loop devices size */
3340 r = loop_device_refresh_size(setup->loop, UINT64_MAX, new_partition_size);
3341 if (r == -ENOTTY)
3342 log_debug_errno(r, "Device is not a loopback device, not refreshing size.");
3343 else if (r < 0)
3344 return log_error_errno(r, "Failed to refresh loopback device size: %m");
3345 else
3346 log_info("Refreshing loop device size completed.");
3347
3348 if (S_ISREG(st.st_mode)) {
3349 /* Shrink the image file */
3350 if (ftruncate(image_fd, new_image_size) < 0)
3351 return log_error_errno(errno, "Failed to shrink image file %s: %m", ip);
3352
3353 log_info("Shrinking of image file completed.");
3354 } else {
3355 assert(S_ISBLK(st.st_mode));
3356 assert(new_image_size == old_image_size);
3357 }
3358
3359 r = apply_resize_partition(image_fd, disk_uuid, table, partition, new_partition_size);
3360 if (r < 0)
3361 return r;
3362 if (r > 0)
3363 log_info("Shrinking of partition completed.");
3364
3365 if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0)
3366 log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m");
3367
3368 } else { /* → Grow */
3369 if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
3370 r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
3371 if (r < 0)
3372 return r;
3373 }
3374 }
3375
3376 if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
3377 r = home_store_header_identity_luks(new_home, setup, header_home);
3378 if (r < 0)
3379 return r;
3380
3381 r = home_extend_embedded_identity(new_home, h, setup);
3382 if (r < 0)
3383 return r;
3384 }
3385
3386 if (user_record_luks_discard(h))
3387 (void) run_fitrim(setup->root_fd);
3388
3389 r = home_sync_and_statfs(setup->root_fd, &sfs);
3390 if (r < 0)
3391 return r;
3392
3393 if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_UNDO)) {
3394 r = home_setup_done(setup);
3395 if (r < 0)
3396 return r;
3397 }
3398
3399 log_info("Everything completed.");
3400
3401 print_size_summary(new_image_size, new_fs_size, &sfs);
3402
3403 if (ret_home)
3404 *ret_home = TAKE_PTR(new_home);
3405
3406 return 0;
3407 }
3408
3409 int home_passwd_luks(
3410 UserRecord *h,
3411 HomeSetup *setup,
3412 const PasswordCache *cache, /* the passwords acquired via PKCS#11/FIDO2 security tokens */
3413 char **effective_passwords /* new passwords */) {
3414
3415 size_t volume_key_size, max_key_slots, n_effective;
3416 _cleanup_(erase_and_freep) void *volume_key = NULL;
3417 struct crypt_pbkdf_type good_pbkdf, minimal_pbkdf;
3418 const char *type;
3419 char **list;
3420 int r;
3421
3422 assert(h);
3423 assert(user_record_storage(h) == USER_LUKS);
3424 assert(setup);
3425
3426 r = dlopen_cryptsetup();
3427 if (r < 0)
3428 return r;
3429
3430 type = sym_crypt_get_type(setup->crypt_device);
3431 if (!type)
3432 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine crypto device type.");
3433
3434 r = sym_crypt_keyslot_max(type);
3435 if (r <= 0)
3436 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine number of key slots.");
3437 max_key_slots = r;
3438
3439 r = sym_crypt_get_volume_key_size(setup->crypt_device);
3440 if (r <= 0)
3441 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine volume key size.");
3442 volume_key_size = (size_t) r;
3443
3444 volume_key = malloc(volume_key_size);
3445 if (!volume_key)
3446 return log_oom();
3447
3448 r = -ENOKEY;
3449 FOREACH_POINTER(list,
3450 cache ? cache->pkcs11_passwords : NULL,
3451 cache ? cache->fido2_passwords : NULL,
3452 h->password) {
3453
3454 r = luks_try_passwords(setup->crypt_device, list, volume_key, &volume_key_size);
3455 if (r != -ENOKEY)
3456 break;
3457 }
3458 if (r == -ENOKEY)
3459 return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), "Failed to unlock LUKS superblock with supplied passwords.");
3460 if (r < 0)
3461 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
3462
3463 n_effective = strv_length(effective_passwords);
3464
3465 build_good_pbkdf(&good_pbkdf, h);
3466 build_minimal_pbkdf(&minimal_pbkdf, h);
3467
3468 for (size_t i = 0; i < max_key_slots; i++) {
3469 r = sym_crypt_keyslot_destroy(setup->crypt_device, i);
3470 if (r < 0 && !IN_SET(r, -ENOENT, -EINVAL)) /* Returns EINVAL or ENOENT if there's no key in this slot already */
3471 return log_error_errno(r, "Failed to destroy LUKS password: %m");
3472
3473 if (i >= n_effective) {
3474 if (r >= 0)
3475 log_info("Destroyed LUKS key slot %zu.", i);
3476 continue;
3477 }
3478
3479 if (password_cache_contains(cache, effective_passwords[i])) { /* Is this a FIDO2 or PKCS#11 password? */
3480 log_debug("Using minimal PBKDF for slot %zu", i);
3481 r = sym_crypt_set_pbkdf_type(setup->crypt_device, &minimal_pbkdf);
3482 } else {
3483 log_debug("Using good PBKDF for slot %zu", i);
3484 r = sym_crypt_set_pbkdf_type(setup->crypt_device, &good_pbkdf);
3485 }
3486 if (r < 0)
3487 return log_error_errno(r, "Failed to tweak PBKDF for slot %zu: %m", i);
3488
3489 r = sym_crypt_keyslot_add_by_volume_key(
3490 setup->crypt_device,
3491 i,
3492 volume_key,
3493 volume_key_size,
3494 effective_passwords[i],
3495 strlen(effective_passwords[i]));
3496 if (r < 0)
3497 return log_error_errno(r, "Failed to set up LUKS password: %m");
3498
3499 log_info("Updated LUKS key slot %zu.", i);
3500 }
3501
3502 return 1;
3503 }
3504
3505 int home_lock_luks(UserRecord *h, HomeSetup *setup) {
3506 const char *p;
3507 int r;
3508
3509 assert(h);
3510 assert(setup);
3511 assert(setup->root_fd < 0);
3512 assert(!setup->crypt_device);
3513
3514 r = acquire_open_luks_device(h, setup, /* graceful= */ false);
3515 if (r < 0)
3516 return r;
3517
3518 log_info("Discovered used LUKS device %s.", setup->dm_node);
3519
3520 assert_se(p = user_record_home_directory(h));
3521 r = syncfs_path(AT_FDCWD, p);
3522 if (r < 0) /* Snake oil, but let's better be safe than sorry */
3523 return log_error_errno(r, "Failed to synchronize file system %s: %m", p);
3524
3525 log_info("File system synchronized.");
3526
3527 /* Note that we don't invoke FIFREEZE here, it appears libcryptsetup/device-mapper already does that on its own for us */
3528
3529 r = sym_crypt_suspend(setup->crypt_device, setup->dm_name);
3530 if (r < 0)
3531 return log_error_errno(r, "Failed to suspend cryptsetup device: %s: %m", setup->dm_node);
3532
3533 log_info("LUKS device suspended.");
3534 return 0;
3535 }
3536
3537 static int luks_try_resume(
3538 struct crypt_device *cd,
3539 const char *dm_name,
3540 char **password) {
3541
3542 char **pp;
3543 int r;
3544
3545 assert(cd);
3546 assert(dm_name);
3547
3548 STRV_FOREACH(pp, password) {
3549 r = sym_crypt_resume_by_passphrase(
3550 cd,
3551 dm_name,
3552 CRYPT_ANY_SLOT,
3553 *pp,
3554 strlen(*pp));
3555 if (r >= 0) {
3556 log_info("Resumed LUKS device %s.", dm_name);
3557 return 0;
3558 }
3559
3560 log_debug_errno(r, "Password %zu didn't work for resuming device: %m", (size_t) (pp - password));
3561 }
3562
3563 return -ENOKEY;
3564 }
3565
3566 int home_unlock_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache) {
3567 char **list;
3568 int r;
3569
3570 assert(h);
3571 assert(setup);
3572 assert(!setup->crypt_device);
3573
3574 r = acquire_open_luks_device(h, setup, /* graceful= */ false);
3575 if (r < 0)
3576 return r;
3577
3578 log_info("Discovered used LUKS device %s.", setup->dm_node);
3579
3580 r = -ENOKEY;
3581 FOREACH_POINTER(list,
3582 cache ? cache->pkcs11_passwords : NULL,
3583 cache ? cache->fido2_passwords : NULL,
3584 h->password) {
3585 r = luks_try_resume(setup->crypt_device, setup->dm_name, list);
3586 if (r != -ENOKEY)
3587 break;
3588 }
3589 if (r == -ENOKEY)
3590 return log_error_errno(r, "No valid password for LUKS superblock.");
3591 if (r < 0)
3592 return log_error_errno(r, "Failed to resume LUKS superblock: %m");
3593
3594 log_info("LUKS device resumed.");
3595 return 0;
3596 }
3597
3598 static int device_is_gone(HomeSetup *setup) {
3599 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3600 struct stat st;
3601 int r;
3602
3603 assert(setup);
3604
3605 if (!setup->dm_node)
3606 return true;
3607
3608 if (stat(setup->dm_node, &st) < 0) {
3609 if (errno != ENOENT)
3610 return log_error_errno(errno, "Failed to stat block device node %s: %m", setup->dm_node);
3611
3612 return true;
3613 }
3614
3615 r = sd_device_new_from_stat_rdev(&d, &st);
3616 if (r < 0) {
3617 if (r != -ENODEV)
3618 return log_error_errno(errno, "Failed to allocate device object from block device node %s: %m", setup->dm_node);
3619
3620 return true;
3621 }
3622
3623 return false;
3624 }
3625
3626 static int device_monitor_handler(sd_device_monitor *monitor, sd_device *device, void *userdata) {
3627 HomeSetup *setup = userdata;
3628 int r;
3629
3630 assert(setup);
3631
3632 if (!device_for_action(device, SD_DEVICE_REMOVE))
3633 return 0;
3634
3635 /* We don't really care for the device object passed to us, we just check if the device node still
3636 * exists */
3637
3638 r = device_is_gone(setup);
3639 if (r < 0)
3640 return r;
3641 if (r > 0) /* Yay! we are done! */
3642 (void) sd_event_exit(sd_device_monitor_get_event(monitor), 0);
3643
3644 return 0;
3645 }
3646
3647 int wait_for_block_device_gone(HomeSetup *setup, usec_t timeout_usec) {
3648 _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *m = NULL;
3649 _cleanup_(sd_event_unrefp) sd_event *event = NULL;
3650 int r;
3651
3652 assert(setup);
3653
3654 /* So here's the thing: we enable "deferred deactivation" on our dm-crypt volumes. This means they
3655 * are automatically torn down once not used anymore (i.e. once unmounted). Which is great. It also
3656 * means that when we deactivate a home directory and try to tear down the volume that backs it, it
3657 * possibly is aleady torn down or in the process of being torn down, since we race against the
3658 * automatic tearing down. Which is fine, we handle errors from that. However, we lose the ability to
3659 * naturally wait for the tear down operation to complete: if we are not the ones who tear down the
3660 * device we are also not the ones who naturally block on that operation. Hence let's add some code
3661 * to actively wait for the device to go away, via sd-device. We'll call this whenever tearing down a
3662 * LUKS device, to ensure the device is really really gone before we proceed. Net effect: "homectl
3663 * deactivate foo && homectl activate foo" will work reliably, i.e. deactivation immediately followed
3664 * by activation will work. Also, by the time deactivation completes we can guarantee that all data
3665 * is sync'ed down to the lowest block layer as all higher levels are fully and entirely
3666 * destructed. */
3667
3668 if (!setup->dm_name)
3669 return 0;
3670
3671 assert(setup->dm_node);
3672 log_debug("Waiting until %s disappears.", setup->dm_node);
3673
3674 r = sd_event_new(&event);
3675 if (r < 0)
3676 return log_error_errno(r, "Failed to allocate event loop: %m");
3677
3678 r = sd_device_monitor_new(&m);
3679 if (r < 0)
3680 return log_error_errno(r, "Failed to allocate device monitor: %m");
3681
3682 r = sd_device_monitor_filter_add_match_subsystem_devtype(m, "block", "disk");
3683 if (r < 0)
3684 return log_error_errno(r, "Failed to configure device monitor match: %m");
3685
3686 r = sd_device_monitor_attach_event(m, event);
3687 if (r < 0)
3688 return log_error_errno(r, "Failed to attach device monitor to event loop: %m");
3689
3690 r = sd_device_monitor_start(m, device_monitor_handler, setup);
3691 if (r < 0)
3692 return log_error_errno(r, "Failed to start device monitor: %m");
3693
3694 r = device_is_gone(setup);
3695 if (r < 0)
3696 return r;
3697 if (r > 0) {
3698 log_debug("%s has already disappeared before entering wait loop.", setup->dm_node);
3699 return 0; /* gone already */
3700 }
3701
3702 if (timeout_usec != USEC_INFINITY) {
3703 r = sd_event_add_time_relative(event, NULL, CLOCK_MONOTONIC, timeout_usec, 0, NULL, NULL);
3704 if (r < 0)
3705 return log_error_errno(r, "Failed to add timer event: %m");
3706 }
3707
3708 r = sd_event_loop(event);
3709 if (r < 0)
3710 return log_error_errno(r, "Failed to run event loop: %m");
3711
3712 r = device_is_gone(setup);
3713 if (r < 0)
3714 return r;
3715 if (r == 0)
3716 return log_error_errno(r, "Device %s still around.", setup->dm_node);
3717
3718 log_debug("Successfully waited until device %s disappeared.", setup->dm_node);
3719 return 0;
3720 }
Unnamed repository; edit this file 'description' to name the repository.