libblkid: Ignore secondary LUKS2 header in blkid_do_safeprobe()

The secondary LUKS2 header can match file data content on other
filesystems (e.g. an image file of a LUKS2 device stored on XFS whose
data blocks happen to land at device offsets where blkid looks for the
secondary LUKS2 header). This causes blkid to report a crypto_LUKS
superblock instead of the real filesystem.

Add a new flag BLKID_PROBE_FL_SAFEPROBE and skip scanning for the
secondary LUKS2 header in blkid_do_safeprobe(). The secondary LUKS2
header is only important for wipefs which uses a promiscuous probe.

Fixes: #4170
Fixes: 8bee1a2
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
--
v2: Fix conflict with BLKID_FL_TINY_DEV flag
v3: Use pr->prob_flags instead of pr->flags
v4: Use original mask again as the use prob_flags resolves the conflict

diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h
index f1bb3f8f5cbeab75d76824934f49e7239fe2909f..dd4937fd0ec86b888d11a9779f1a9cdd5a228e88 100644 (file)
--- a/libblkid/src/blkidP.h
+++ b/libblkid/src/blkidP.h
@@ -245,6 +245,7 @@ struct blkid_struct_probe
 
 /* private per-probing flags */
 #define BLKID_PROBE_FL_IGNORE_PT (1 << 1)      /* ignore partition table */
+#define BLKID_PROBE_FL_SAFEPROBE (1 << 2)      /* safeprobe mode */
 
 extern blkid_probe blkid_clone_probe(blkid_probe parent);
 extern blkid_probe blkid_probe_get_wholedisk_probe(blkid_probe pr);

diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
index fba7eb1240afb68be5ac5b7808229d9fb6963681..0b0badc1ec9a73defd92c4fcfee221555ee6c36c 100644 (file)
--- a/libblkid/src/probe.c
+++ b/libblkid/src/probe.c
@@ -1809,6 +1809,7 @@ int blkid_do_safeprobe(blkid_probe pr)
                return BLKID_PROBE_NONE;
 
        blkid_probe_start(pr);
+       pr->prob_flags |= BLKID_PROBE_FL_SAFEPROBE;
 
        for (i = 0; i < BLKID_NCHAINS; i++) {
                struct blkid_chain *chn;

diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c
index 5ab7e73c90e66a5c8f32a6e612fa5fe9f89c851c..e7e379c8dbeb137e7d4ba37d60a7902f770a666a 100644 (file)
--- a/libblkid/src/superblocks/luks.c
+++ b/libblkid/src/superblocks/luks.c
@@ -126,16 +126,19 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_
                return luks_attributes(pr, header, 0);
        }
 
-       /* No primary header, scan for known offsets of LUKS2 secondary header. */
-       for (i = 0; i < ARRAY_SIZE(secondary_offsets); i++) {
-               header = (struct luks2_phdr *) blkid_probe_get_buffer(pr,
-                         secondary_offsets[i], sizeof(struct luks2_phdr));
 
-               if (!header)
-                       return errno ? -errno : BLKID_PROBE_NONE;
+       /* No primary header, scan for known offsets of LUKS2 secondary header unless this is a safeprobe */
+       if (!(pr->prob_flags & BLKID_PROBE_FL_SAFEPROBE)) {
+               for (i = 0; i < ARRAY_SIZE(secondary_offsets); i++) {
+                       header = (struct luks2_phdr *) blkid_probe_get_buffer(pr,
+                                 secondary_offsets[i], sizeof(struct luks2_phdr));
 
-               if (luks_valid(header, LUKS_MAGIC_2, secondary_offsets[i]))
-                       return luks_attributes(pr, header, secondary_offsets[i]);
+                       if (!header)
+                               return errno ? -errno : BLKID_PROBE_NONE;
+
+                       if (luks_valid(header, LUKS_MAGIC_2, secondary_offsets[i]))
+                               return luks_attributes(pr, header, secondary_offsets[i]);
+               }
        }
 
        return BLKID_PROBE_NONE;