git.ipfire.org Git - thirdparty/systemd.git/commit

author	Luca Boccassi <luca.boccassi@microsoft.com>
	Wed, 8 Jul 2020 18:57:31 +0000 (19:57 +0100)
committer	Luca Boccassi <luca.boccassi@microsoft.com>
	Tue, 21 Jul 2020 22:42:03 +0000 (23:42 +0100)
commit	ac1f3ad05f7476ae58981dcba45dfeb2c0006824
tree	3df9b81faac4c8112c8470925b4289e8c0f49beb	tree \| snapshot
parent	536879480a5ec4d4be10941aa837791ddd68edc2	commit \| diff

verity: re-use already open devices if the hashes match

Opening a verity device is an expensive operation. The kernelspace operations
are mostly sequential with a global lock held regardless of which device
is being opened. In userspace jumps in and out of multiple libraries are
required. When signatures are used, there's the additional cryptographic
checks.

We know when two devices are identical: they have the same root hash.
If libcrypsetup returns EEXIST, double check that the hashes are really
the same, and that either both or none have a signature, and if everything
matches simply remount the already open device. The kernel will do
reference counting for us.

In order to quickly and reliably discover if a device is already open,
change the node naming scheme from '/dev/mapper/major:minor-verity' to
'/dev/mapper/$roothash-verity'.

Unfortunately libdevmapper is not 100% reliable, so in some case it
will say that the device already exists and it is active, but in
reality it is not usable. Fallback to an individually-activated
unique device name in those cases for robustness.

src/shared/dissect-image.c		diff \| blob \| blame \| history
src/shared/dissect-image.h		diff \| blob \| blame \| history
src/shared/dm-util.c		diff \| blob \| blame \| history
src/shared/dm-util.h		diff \| blob \| blame \| history
test/units/testsuite-50.sh		diff \| blob \| blame \| history