From: Alfred Klomp <git@alfredklomp.com>
Date: Thu, 8 Jun 2023 11:26:24 +0000 (+0200)
Subject: integritysetup: support mode=(journal|bitmap|direct)
X-Git-Tag: v254-rc1~246
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2160ba061a7b412540fbe49d88f96ec379c61ae;p=thirdparty%2Fsystemd.git

integritysetup: support mode=(journal|bitmap|direct)

Add a parameter to the integritytab file to set the mode in which to
open the integrity volume. The mode can be journaled (the default),
bitmap without a journal, or direct mode without a journal or a bitmap.

This change removes the `no-journal' option because it is redundant,
being replaced with `mode=direct'.

Supercedes commit bcc1ee56c, from a week ago, which implemented
`no-journal'.

Resolves #27587
---

diff --git a/man/integritytab.xml b/man/integritytab.xml
index 44da039ddec..12ec2933a9d 100644
--- a/man/integritytab.xml
+++ b/man/integritytab.xml
@@ -73,10 +73,13 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>no-journal</option></term>
+        <term><option>mode=(journal|bitmap|direct)</option></term>
 
         <listitem><para>
-        Disable the journal. Corresponds to the "direct writes" mode documented in
+        Enable journaled, bitmapped or direct (passthrough) mode. Journaled mode is the default when this option is not specified.
+        It provides safety against crashes, but can be slow because all data has to be written twice.
+        Bitmap mode is more efficient since it requires only a single write, but it is less reliable because if data corruption happens when the machine crashes, it may not be detected.
+        Direct mode disables the journal and the bitmap. Corresponds to the "direct writes" mode documented in
         <ulink url="https://docs.kernel.org/admin-guide/device-mapper/dm-integrity.html">the dm-integrity documentation</ulink>.
         Note that without a journal, if there is a crash, it is possible that the integrity tags and data will not match. If used, the journal-*
         options below will have no effect if passed.
diff --git a/src/integritysetup/integrity-util.c b/src/integritysetup/integrity-util.c
index 66f93e7d2eb..c29d4fcd5da 100644
--- a/src/integritysetup/integrity-util.c
+++ b/src/integritysetup/integrity-util.c
@@ -34,9 +34,22 @@ int parse_integrity_options(
                 else if (streq(word, "allow-discards")) {
                         if (ret_activate_flags)
                                 *ret_activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
-                } else if (streq(word, "no-journal")) {
-                        if (ret_activate_flags)
-                                *ret_activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
+                } else if ((val = startswith(word, "mode="))) {
+                        if (streq(val, "journal")) {
+                                if (ret_activate_flags)
+                                        *ret_activate_flags &= ~(CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_NO_JOURNAL_BITMAP);
+                        } else if (streq(val, "bitmap")) {
+                                if (ret_activate_flags) {
+                                        *ret_activate_flags &= ~CRYPT_ACTIVATE_NO_JOURNAL;
+                                        *ret_activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
+                                }
+                        } else if (streq(val, "direct")) {
+                                if (ret_activate_flags) {
+                                        *ret_activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
+                                        *ret_activate_flags &= ~CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
+                                }
+                        } else
+                                log_warning("Encountered unknown mode option '%s', ignoring.", val);
                 } else if ((val = startswith(word, "journal-watermark="))) {
                         r = parse_percent(val);
                         if (r < 0)