November 2018 - lvm2-commits - Fedora Mailing-Lists

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=97a95f9648ffe2882ad... Commit: 97a95f9648ffe2882ad7fadcea3f0908c8947c7d Parent: fd8001a9fc7ea3a49c2b9fc3c3e20367e5dcf401 Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Tue Nov 13 16:27:33 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 tests: raise minsize of xfs mkfs.xfs now needs at least ~1600... --- test/shell/fsadm.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/test/shell/fsadm.sh b/test/shell/fsadm.sh index fa9da35..8141da4 100644 --- a/test/shell/fsadm.sh +++ b/test/shell/fsadm.sh @@ -143,7 +143,7 @@ if check_missing ext3; then fi if check_missing xfs; then - mkfs.xfs -l internal,size=1000b -f "$dev_vg_lv" + mkfs.xfs -l internal,size=2000b -f "$dev_vg_lv" fsadm --lvresize resize $vg_lv 30M # Fails - not enough space for 4M fs

5 years, 6 months

1
0
0 / 0

master - tests: secure data erase

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=83d9ea73486c92a4872... Commit: 83d9ea73486c92a48725648d2ee2b5fac2fb6b5c Parent: 55a8d6c86b4c6c6c707cfcc3dd887bca0632114f Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Fri Nov 16 22:15:23 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 tests: secure data erase --- test/Makefile.in | 15 +++++++-- test/lib/dmsecuretest.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ test/shell/dmsecuretest.sh | 71 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 156 insertions(+), 3 deletions(-) diff --git a/test/Makefile.in b/test/Makefile.in index f8571b7..6b6749a 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -28,7 +28,7 @@ datarootdir = @datarootdir@ LVM_TEST_RESULTS ?= results # FIXME: resolve testing of: unit -SOURCES = lib/not.c lib/harness.c +SOURCES = lib/not.c lib/harness.c lib/dmsecuretest.c CXXSOURCES = lib/runner.cpp CXXFLAGS += $(EXTRA_EXEC_CFLAGS) @@ -190,6 +190,8 @@ LIB_LVMLOCKD_CONF = \ LIB_MKE2FS_CONF = \ mke2fs.conf +LIB_SECURETEST = securetest +LIB_DMSECURETEST = dmsecuretest LIB_LOCAL = paths runner LIB_NOT = not LIB_LINK_NOT = invalid fail should @@ -217,7 +219,7 @@ install: .tests-stamp lib/paths-installed @cd $(DATADIR)/lib && for i in $(CMDS); do \ echo "$(LN_S) -f lvm-wrapper $$i"; \ $(LN_S) -f lvm-wrapper $$i; done - $(INSTALL_PROGRAM) lib/$(LIB_NOT) $(EXECDIR) + $(INSTALL_PROGRAM) lib/$(LIB_NOT) lib/$(LIB_SECURETEST) lib/$(LIB_DMSECURETEST) $(EXECDIR) @cd $(EXECDIR) && for i in $(LIB_LINK_NOT); do \ echo "$(LN_S) -f not $$i"; \ $(LN_S) -f not $$i; done @@ -235,9 +237,16 @@ lib/fail: lib/not lib/runner: lib/runner.o .lib-dir-stamp $(CXX) $(LDFLAGS) $(EXTRA_EXEC_LDFLAGS) $(ELDFLAGS) -o $@ $< +lib/dmsecuretest: lib/dmsecuretest.o .lib-dir-stamp $(INTERNAL_LIBS) + $(CC) -g $(LDFLAGS) $(EXTRA_EXEC_LDFLAGS) $(ELDFLAGS) -o $@ $< $(INTERNAL_LIBS) $(UDEV_LIBS) -lm + +lib/securetest: lib/dmsecuretest.o .lib-dir-stamp + $(CC) -g $(LDFLAGS) $(EXTRA_EXEC_LDFLAGS) $(ELDFLAGS) -o $@ $< -L$(top_builddir)/libdm/ioctl -ldevmapper + lib/runner.o: $(wildcard $(srcdir)/lib/*.h) CFLAGS_runner.o += $(EXTRA_EXEC_CFLAGS) +CFLAGS_dmsecuretest.o += $(EXTRA_EXEC_CFLAGS) lib/%: lib/%.o .lib-dir-stamp $(CC) $(CFLAGS) $(LDFLAGS) $(ELDFLAGS) -o $@ $< @@ -290,7 +299,7 @@ lib/dm-version-expected: $(top_srcdir)/VERSION_DM .lib-dir-stamp cut -f 1 -d ' ' <$< >$@ CMDS = lvm $(shell cat $(top_builddir)/tools/.commands 2>/dev/null) -LIB = $(addprefix lib/, $(LIB_SHARED) $(LIB_LOCAL) $(LIB_NOT) $(LIB_LINK_NOT) $(LIB_FLAVOURS)) +LIB = $(addprefix lib/, $(LIB_SECURETEST) $(LIB_DMSECURETEST) $(LIB_SHARED) $(LIB_LOCAL) $(LIB_NOT) $(LIB_LINK_NOT) $(LIB_FLAVOURS)) .tests-stamp: $(ALL) $(LIB) $(SUBDIRS) lib/version-expected lib/dm-version-expected @if test "$(srcdir)" != . ; then \ diff --git a/test/lib/dmsecuretest.c b/test/lib/dmsecuretest.c new file mode 100644 index 0000000..0428fac --- /dev/null +++ b/test/lib/dmsecuretest.c @@ -0,0 +1,73 @@ +/* + * Test sample code to check for leftovers from secure table loading in + * userspace memory + * + * Compile with: gcc -O2 -g -o tst dmcrypt.c -ldevmapper + * + * Search for string in coredump (needs 'raise', or using 'gcore' tool) + * + * grep "434e0cbab02ca68ffba9268222c3789d703fe62427b78b308518b3228f6a2122" core + * + */ + +#include <unistd.h> +#include <signal.h> +#include <libdevmapper.h> + +/* Comment out this define to get coredump instead of sleeping */ +#define SLEEP 1 + +static void rot13(char *s) +{ + unsigned i; + + for (i = 0; s[i]; i++) + if (s[i] >= 'a' && s[i] <= 'm') + s[i] += 13; + else if (s[i] >= 'n' && s[i] <= 'z') + s[i] -= 13; +} + +int main (int argc, char *argv[]) +{ + const unsigned sz = 8192; + /* rot13: 434e0cbab02ca68ffba9268222c3789d703fe62427b78b308518b3228f6a2122 */ + char aes[] = "434r0pono02pn68sson9268222p3789q703sr62427o78o308518o3228s6n2122"; + const char *device = (argc > 1) ? argv[1] : "/dev/loop0"; /* device for use */ + const char *devname = (argc > 2) ? argv[2] : "test-secure"; /* name of dm device */ + uint32_t cookie = 0; + char table[300]; + struct dm_task *dmt; + + if (geteuid() != 0) { + fprintf(stderr, "Needs root UID for execution!\n"); + exit(1); + } + + printf("Going to create %s dm device using backend device: %s\n", devname, device); + + if ((dmt = dm_task_create(DM_DEVICE_CREATE))) { + (void) dm_task_set_name(dmt, devname); + (void) dm_task_secure_data(dmt); + rot13(aes); + snprintf(table, sizeof(table), "aes-xts-plain64 %s 0 %s %u", aes, device, sz); + memset(aes, 0, sizeof(aes)); + (void) dm_task_add_target(dmt, 0, sz, "crypt", table); + memset(table, 0, sizeof(table)); + asm volatile ("" ::: "memory");/* Compiler barrier. */ + (void) dm_task_set_cookie(dmt, &cookie, DM_UDEV_DISABLE_LIBRARY_FALLBACK); + (void) dm_task_run(dmt); + (void) dm_task_destroy(dmt); + } + + dm_task_update_nodes(); + + /* At this point there should be no memory trace from a secure table line */ + +#ifdef SLEEP + sleep(4); /* Give time to other process to capture 'gcore pid' */ +#else + raise(SIGABRT); /* Generate core for search of any forgotten traces of key */ +#endif + return 0; +} diff --git a/test/shell/dmsecuretest.sh b/test/shell/dmsecuretest.sh new file mode 100644 index 0000000..45abd00 --- /dev/null +++ b/test/shell/dmsecuretest.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash + +# Copyright (C) 2018 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions +# of the GNU General Public License v.2. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +# Test secure table is not leaking data in user land + +SKIP_WITH_LVMPOLLD=1 + +# AES key matching rot13 string from dmsecuretest.c */ +SECURE="434e0cbab02ca68ffba9268222c3789d703fe62427b78b308518b3228f6a2122" + +. lib/inittest + +DMTEST="${PREFIX}-test-secure" + +aux driver_at_least 4 6 || skip + +# ensure we can create devices (uses dmsetup, etc) +aux prepare_devs 1 + +# check both code versions - linked libdm and internal device_mapper version +# there should not be any difference +for i in securetest dmsecuretest ; do + +# 1st. try with empty table +# 2nd. retry with already exiting DM node - exercize error path also wipes +for j in empty existing ; do + +"$i" "$dev1" "$DMTEST" >cmdout 2>&1 & +PID=$! +sleep .5 + +# crypt device should be loaded +dmsetup table | tee tbl +grep "$DMTEST" tbl + +# generate core file for running&sleeping binary +gcore "$PID" +kill "$PID" +wait + +cat cmdout + +# $SECURE string must NOT be present in core file +not grep "$SECURE" "core.$PID" || { + ## cp "core.$PID" /dev/shm/core + rm -f "core.$PID" + dmsetup remove "$DMTEST" + die "!!! Secure string $SECURE found present in core.$PID !!!" +} +rm -f "core.$PID" + +if test "$j" = empty ; then + not grep "Device or resource busy" cmdout +else + # Device should be already present resulting into error message + grep "Device or resource busy" cmdout + dmsetup remove "$DMTEST" +fi + +done + +done

5 years, 6 months

1
0
0 / 0

master - libdm: add memory barrier

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=55a8d6c86b4c6c6c707... Commit: 55a8d6c86b4c6c6c707cfcc3dd887bca0632114f Parent: 43f8da76997a22be123e97b6d0f357d6ec2d0c7c Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Fri Nov 16 16:01:03 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 libdm: add memory barrier Just for case ensure compiler is not able to optimize memset() away for resources that are released. This idea of using memory barrier is taken from openssl. Other options would be to check for 'explicit_bzero' function. --- device_mapper/ioctl/libdm-iface.c | 2 ++ libdm/ioctl/libdm-iface.c | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) diff --git a/device_mapper/ioctl/libdm-iface.c b/device_mapper/ioctl/libdm-iface.c index 1321dc0..eb6e9db 100644 --- a/device_mapper/ioctl/libdm-iface.c +++ b/device_mapper/ioctl/libdm-iface.c @@ -471,6 +471,7 @@ static void _dm_zfree_string(char *string) { if (string) { memset(string, 0, strlen(string)); + asm volatile ("" ::: "memory"); /* Compiler barrier. */ free(string); } } @@ -479,6 +480,7 @@ static void _dm_zfree_dmi(struct dm_ioctl *dmi) { if (dmi) { memset(dmi, 0, dmi->data_size); + asm volatile ("" ::: "memory"); /* Compiler barrier. */ free(dmi); } } diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c index 002669e..b195c11 100644 --- a/libdm/ioctl/libdm-iface.c +++ b/libdm/ioctl/libdm-iface.c @@ -469,6 +469,7 @@ static void _dm_zfree_string(char *string) { if (string) { memset(string, 0, strlen(string)); + asm volatile ("" ::: "memory"); /* Compiler barrier. */ dm_free(string); } } @@ -477,6 +478,7 @@ static void _dm_zfree_dmi(struct dm_ioctl *dmi) { if (dmi) { memset(dmi, 0, dmi->data_size); + asm volatile ("" ::: "memory"); /* Compiler barrier. */ dm_free(dmi); } }

5 years, 6 months

1
0
0 / 0

master - libdm: print params only for ioctls using them

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=43f8da76997a22be123... Commit: 43f8da76997a22be123e97b6d0f357d6ec2d0c7c Parent: 1ae5bf2b833a5d55cf97de1619cc820d4e8c394f Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Fri Nov 16 15:57:15 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 libdm: print params only for ioctls using them When preparing ioctl buffer and flatting all parameters, add table parameters only to ioctl that do process them. Note: list of ioctl should be kept in sync with kernel code. --- WHATS_NEW_DM | 1 + device_mapper/ioctl/libdm-iface.c | 37 +++++++++++++++++++++++++++++-------- libdm/ioctl/libdm-iface.c | 37 +++++++++++++++++++++++++++++-------- 3 files changed, 59 insertions(+), 16 deletions(-) diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM index c19d9a8..aa1734c 100644 --- a/WHATS_NEW_DM +++ b/WHATS_NEW_DM @@ -1,5 +1,6 @@ Version 1.02.155 - ==================================== + Enhance ioctl flattening and add parameters only when needed. Add DM_DEVICE_ARM_POLL for API completness matching kernel. Do not add parameters for RESUME with DM_DEVICE_CREATE dm task. diff --git a/device_mapper/ioctl/libdm-iface.c b/device_mapper/ioctl/libdm-iface.c index 31a4bc0..1321dc0 100644 --- a/device_mapper/ioctl/libdm-iface.c +++ b/device_mapper/ioctl/libdm-iface.c @@ -1085,6 +1085,22 @@ static int _lookup_dev_name(uint64_t dev, char *buf, size_t len) return r; } +static int _add_params(int type) +{ + switch (type) { + case DM_DEVICE_REMOVE_ALL: + case DM_DEVICE_CREATE: + case DM_DEVICE_REMOVE: + case DM_DEVICE_SUSPEND: + case DM_DEVICE_STATUS: + case DM_DEVICE_CLEAR: + case DM_DEVICE_ARM_POLL: + return 0; /* IOCTL_FLAGS_NO_PARAMS in drivers/md/dm-ioctl.c */ + default: + return 1; + } +} + static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) { const size_t min_size = 16 * 1024; @@ -1097,11 +1113,15 @@ static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) char *b, *e; int count = 0; - for (t = dmt->head; t; t = t->next) { - len += sizeof(struct dm_target_spec); - len += strlen(t->params) + 1 + ALIGNMENT; - count++; - } + if (_add_params(dmt->type)) + for (t = dmt->head; t; t = t->next) { + len += sizeof(struct dm_target_spec); + len += strlen(t->params) + 1 + ALIGNMENT; + count++; + } + else if (dmt->head) + log_debug_activation(INTERNAL_ERROR "dm '%s' ioctl should not define parameters.", + _cmd_data_v4[dmt->type].name); if (count && (dmt->sector || dmt->message)) { log_error("targets and message are incompatible"); @@ -1251,9 +1271,10 @@ static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) b = (char *) (dmi + 1); e = (char *) dmi + len; - for (t = dmt->head; t; t = t->next) - if (!(b = _add_target(t, b, e))) - goto_bad; + if (_add_params(dmt->type)) + for (t = dmt->head; t; t = t->next) + if (!(b = _add_target(t, b, e))) + goto_bad; if (dmt->newname) strcpy(b, dmt->newname); diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c index 6e73b1d..002669e 100644 --- a/libdm/ioctl/libdm-iface.c +++ b/libdm/ioctl/libdm-iface.c @@ -1097,6 +1097,22 @@ static int _lookup_dev_name(uint64_t dev, char *buf, size_t len) return r; } +static int _add_params(int type) +{ + switch (type) { + case DM_DEVICE_REMOVE_ALL: + case DM_DEVICE_CREATE: + case DM_DEVICE_REMOVE: + case DM_DEVICE_SUSPEND: + case DM_DEVICE_STATUS: + case DM_DEVICE_CLEAR: + case DM_DEVICE_ARM_POLL: + return 0; /* IOCTL_FLAGS_NO_PARAMS in drivers/md/dm-ioctl.c */ + default: + return 1; + } +} + static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) { const size_t min_size = 16 * 1024; @@ -1109,11 +1125,15 @@ static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) char *b, *e; int count = 0; - for (t = dmt->head; t; t = t->next) { - len += sizeof(struct dm_target_spec); - len += strlen(t->params) + 1 + ALIGNMENT; - count++; - } + if (_add_params(dmt->type)) + for (t = dmt->head; t; t = t->next) { + len += sizeof(struct dm_target_spec); + len += strlen(t->params) + 1 + ALIGNMENT; + count++; + } + else if (dmt->head) + log_debug_activation(INTERNAL_ERROR "dm '%s' ioctl should not define parameters.", + _cmd_data_v4[dmt->type].name); if (count && (dmt->sector || dmt->message)) { log_error("targets and message are incompatible"); @@ -1263,9 +1283,10 @@ static struct dm_ioctl *_flatten(struct dm_task *dmt, unsigned repeat_count) b = (char *) (dmi + 1); e = (char *) dmi + len; - for (t = dmt->head; t; t = t->next) - if (!(b = _add_target(t, b, e))) - goto_bad; + if (_add_params(dmt->type)) + for (t = dmt->head; t; t = t->next) + if (!(b = _add_target(t, b, e))) + goto_bad; if (dmt->newname) strcpy(b, dmt->newname);

5 years, 6 months

1
0
0 / 0

master - libdm: add DM_DEVICE_ARM_POLL

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=1ae5bf2b833a5d55cf9... Commit: 1ae5bf2b833a5d55cf97de1619cc820d4e8c394f Parent: 10e191fd124e89d40518a7cba5d61c47be5a0969 Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Fri Nov 16 15:58:16 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 libdm: add DM_DEVICE_ARM_POLL Expose DM_DEVICE_ARM_POLL via standard API enum. --- WHATS_NEW_DM | 1 + device_mapper/all.h | 6 ++++-- device_mapper/ioctl/libdm-iface.c | 3 +++ libdm/ioctl/libdm-iface.c | 3 +++ libdm/libdevmapper.h | 4 +++- 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM index d0088c4..c19d9a8 100644 --- a/WHATS_NEW_DM +++ b/WHATS_NEW_DM @@ -1,5 +1,6 @@ Version 1.02.155 - ==================================== + Add DM_DEVICE_ARM_POLL for API completness matching kernel. Do not add parameters for RESUME with DM_DEVICE_CREATE dm task. Version 1.02.153 - 31st October 2018 diff --git a/device_mapper/all.h b/device_mapper/all.h index 6fe80f8..0c1dc29 100644 --- a/device_mapper/all.h +++ b/device_mapper/all.h @@ -116,10 +116,12 @@ enum { DM_DEVICE_MKNODES, DM_DEVICE_LIST_VERSIONS, - + DM_DEVICE_TARGET_MSG, - DM_DEVICE_SET_GEOMETRY + DM_DEVICE_SET_GEOMETRY, + + DM_DEVICE_ARM_POLL }; /* diff --git a/device_mapper/ioctl/libdm-iface.c b/device_mapper/ioctl/libdm-iface.c index cc69317..31a4bc0 100644 --- a/device_mapper/ioctl/libdm-iface.c +++ b/device_mapper/ioctl/libdm-iface.c @@ -117,6 +117,9 @@ static struct cmd_data _cmd_data_v4[] = { #ifdef DM_DEV_SET_GEOMETRY {"setgeometry", DM_DEV_SET_GEOMETRY, {4, 6, 0}}, #endif +#ifdef DM_DEV_ARM_POLL + {"armpoll", DM_DEV_ARM_POLL, {4, 36, 0}}, +#endif }; /* *INDENT-ON* */ diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c index 5c418a9..6e73b1d 100644 --- a/libdm/ioctl/libdm-iface.c +++ b/libdm/ioctl/libdm-iface.c @@ -115,6 +115,9 @@ static struct cmd_data _cmd_data_v4[] = { #ifdef DM_DEV_SET_GEOMETRY {"setgeometry", DM_DEV_SET_GEOMETRY, {4, 6, 0}}, #endif +#ifdef DM_DEV_ARM_POLL + {"armpoll", DM_DEV_ARM_POLL, {4, 36, 0}}, +#endif }; /* *INDENT-ON* */ diff --git a/libdm/libdevmapper.h b/libdm/libdevmapper.h index 2438f74..19032d7 100644 --- a/libdm/libdevmapper.h +++ b/libdm/libdevmapper.h @@ -119,7 +119,9 @@ enum { DM_DEVICE_TARGET_MSG, - DM_DEVICE_SET_GEOMETRY + DM_DEVICE_SET_GEOMETRY, + + DM_DEVICE_ARM_POLL }; /*

5 years, 6 months

1
0
0 / 0

master - libdm: do not add params for resume and remove

by Zdenek Kabelac

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=10e191fd124e89d4051... Commit: 10e191fd124e89d40518a7cba5d61c47be5a0969 Parent: d44bfe90f1b609d23566ba26c4d51ba167f2368d Author: Zdenek Kabelac <zkabelac(a)redhat.com> AuthorDate: Fri Nov 16 15:54:09 2018 +0100 Committer: Zdenek Kabelac <zkabelac(a)redhat.com> CommitterDate: Sat Nov 17 00:30:50 2018 +0100 libdm: do not add params for resume and remove DM_DEVICE_CREATE with table is doing several ioctl operations, however only some of then takes parameters. Since _create_and_load_v4() reused already existing dm task from DM_DEVICE_RELOAD it has also kept passing its table parameters to DM_DEVICE_RESUME ioctl - but this ioctl is supposed to not take any argument and thus there is no wiping of passed data - and since kernel returns buffer and shortens dmi->data_size accordingly, anything past returned data size remained uncleared in zfree() function. This has problem if the user used dm_task_secure_data (i.e. cryptsetup), as in this case binary expact secured data are erased from main memory after use, but they may have been left in place. This patch is also closing the possible hole for error path, which also reuse same dm task structure for DM_DEVICE_REMOVE. --- WHATS_NEW_DM | 1 + device_mapper/ioctl/libdm-iface.c | 2 ++ libdm/ioctl/libdm-iface.c | 2 ++ 3 files changed, 5 insertions(+), 0 deletions(-) diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM index 7049a4c..d0088c4 100644 --- a/WHATS_NEW_DM +++ b/WHATS_NEW_DM @@ -1,5 +1,6 @@ Version 1.02.155 - ==================================== + Do not add parameters for RESUME with DM_DEVICE_CREATE dm task. Version 1.02.153 - 31st October 2018 ==================================== diff --git a/device_mapper/ioctl/libdm-iface.c b/device_mapper/ioctl/libdm-iface.c index 27db622..cc69317 100644 --- a/device_mapper/ioctl/libdm-iface.c +++ b/device_mapper/ioctl/libdm-iface.c @@ -1454,6 +1454,7 @@ static int _create_and_load_v4(struct dm_task *dmt) dmt->uuid = NULL; free(dmt->mangled_uuid); dmt->mangled_uuid = NULL; + _dm_task_free_targets(dmt); if (dm_task_run(dmt)) return 1; @@ -1464,6 +1465,7 @@ static int _create_and_load_v4(struct dm_task *dmt) dmt->uuid = NULL; free(dmt->mangled_uuid); dmt->mangled_uuid = NULL; + _dm_task_free_targets(dmt); /* * Also udev-synchronize "remove" dm task that is a part of this revert! diff --git a/libdm/ioctl/libdm-iface.c b/libdm/ioctl/libdm-iface.c index 6d87749..5c418a9 100644 --- a/libdm/ioctl/libdm-iface.c +++ b/libdm/ioctl/libdm-iface.c @@ -1466,6 +1466,7 @@ static int _create_and_load_v4(struct dm_task *dmt) dmt->uuid = NULL; dm_free(dmt->mangled_uuid); dmt->mangled_uuid = NULL; + _dm_task_free_targets(dmt); if (dm_task_run(dmt)) return 1; @@ -1476,6 +1477,7 @@ static int _create_and_load_v4(struct dm_task *dmt) dmt->uuid = NULL; dm_free(dmt->mangled_uuid); dmt->mangled_uuid = NULL; + _dm_task_free_targets(dmt); /* * Also udev-synchronize "remove" dm task that is a part of this revert!

5 years, 6 months

1
0
0 / 0

master - scripts: remove lvmetad from makefile

by David Teigland

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=d44bfe90f1b609d2356... Commit: d44bfe90f1b609d23566ba26c4d51ba167f2368d Parent: df2fa88e631b13f0f2cfff4aeab80f12bd93ab72 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Thu Nov 15 09:25:55 2018 -0600 Committer: David Teigland <teigland(a)redhat.com> CommitterDate: Thu Nov 15 09:25:55 2018 -0600 scripts: remove lvmetad from makefile --- scripts/Makefile.in | 11 ----------- 1 files changed, 0 insertions(+), 11 deletions(-) diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 039cac2..27fc201 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -63,9 +63,6 @@ install_initscripts: ifeq ("@BUILD_DMEVENTD@", "yes") $(INSTALL_SCRIPT) lvm2_monitoring_init_red_hat $(initdir)/lvm2-monitor endif -ifeq ("@BUILD_LVMETAD@", "yes") - $(INSTALL_SCRIPT) lvm2_lvmetad_init_red_hat $(initdir)/lvm2-lvmetad -endif ifeq ("@BUILD_LVMPOLLD@", "yes") $(INSTALL_SCRIPT) lvm2_lvmpolld_init_red_hat $(initdir)/lvm2-lvmpolld endif @@ -95,11 +92,6 @@ endif ifeq ("@BLKDEACTIVATE@", "yes") $(INSTALL_DATA) blk_availability_systemd_red_hat.service $(systemd_unit_dir)/blk-availability.service endif -ifeq ("@BUILD_LVMETAD@", "yes") - $(INSTALL_DATA) lvm2_lvmetad_systemd_red_hat.socket $(systemd_unit_dir)/lvm2-lvmetad.socket - $(INSTALL_DATA) lvm2_lvmetad_systemd_red_hat.service $(systemd_unit_dir)/lvm2-lvmetad.service - $(INSTALL_DATA) lvm2_pvscan_systemd_red_hat@.service $(systemd_unit_dir)/lvm2-pvscan@.service -endif ifeq ("@BUILD_LVMPOLLD@", "yes") $(INSTALL_DATA) lvm2_lvmpolld_systemd_red_hat.socket $(systemd_unit_dir)/lvm2-lvmpolld.socket $(INSTALL_DATA) lvm2_lvmpolld_systemd_red_hat.service $(systemd_unit_dir)/lvm2-lvmpolld.service @@ -144,10 +136,7 @@ DISTCLEAN_TARGETS += \ lvm2_clvmd_systemd_red_hat.service \ lvm2_cmirrord_systemd_red_hat.service \ lvm2_lvmdbusd_systemd_red_hat.service \ - lvm2_lvmetad_init_red_hat \ lvm2_lvmpolld_init_red_hat \ - lvm2_lvmetad_systemd_red_hat.service \ - lvm2_lvmetad_systemd_red_hat.socket \ lvm2_lvmpolld_systemd_red_hat.service \ lvm2_lvmpolld_systemd_red_hat.socket \ lvmlockd.service \

5 years, 6 months

1
0
0 / 0

master - lvm2-monitoring service shouldn't refer to lvmetad

by David Teigland

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=df2fa88e631b13f0f2c... Commit: df2fa88e631b13f0f2cfff4aeab80f12bd93ab72 Parent: 16fed9ef0c4ea5ba20063c9fbf36c0c1292f87b3 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Thu Nov 15 09:20:47 2018 -0600 Committer: David Teigland <teigland(a)redhat.com> CommitterDate: Thu Nov 15 09:20:47 2018 -0600 lvm2-monitoring service shouldn't refer to lvmetad --- scripts/lvm2_monitoring_systemd_red_hat.service.in | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/lvm2_monitoring_systemd_red_hat.service.in b/scripts/lvm2_monitoring_systemd_red_hat.service.in index 4144862..7ec4e4e 100644 --- a/scripts/lvm2_monitoring_systemd_red_hat.service.in +++ b/scripts/lvm2_monitoring_systemd_red_hat.service.in @@ -1,8 +1,8 @@ [Unit] Description=Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling Documentation=man:dmeventd(8) man:lvcreate(8) man:lvchange(8) man:vgchange(8) -Requires=dm-event.socket lvm2-lvmetad.socket -After=dm-event.socket dm-event.service lvm2-lvmetad.socket lvm2-activation.service lvm2-lvmetad.service +Requires=dm-event.socket +After=dm-event.socket dm-event.service lvm2-activation.service Before=local-fs-pre.target DefaultDependencies=no Conflicts=shutdown.target

5 years, 6 months

1
0
0 / 0

master - man: remove some clvmd references

by David Teigland

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=16fed9ef0c4ea5ba200... Commit: 16fed9ef0c4ea5ba20063c9fbf36c0c1292f87b3 Parent: e6be10ffd2d9d5037d3e140157539edbb0a9d396 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Wed Nov 14 10:00:23 2018 -0600 Committer: David Teigland <teigland(a)redhat.com> CommitterDate: Wed Nov 14 10:00:23 2018 -0600 man: remove some clvmd references --- man/cmirrord.8_main | 13 +++++-------- man/lvm.8_main | 1 - 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/man/cmirrord.8_main b/man/cmirrord.8_main index 026c19b..d49fa52 100644 --- a/man/cmirrord.8_main +++ b/man/cmirrord.8_main @@ -11,10 +11,8 @@ It is specific to device-mapper based mirrors (and by extension, LVM cluster mirrors). Cluster mirrors are not possible without this daemon running. -This daemon relies on the cluster infrastructure provided by the -Cluster MANager (CMAN), which must be set up and running in order for -cmirrord to function. (The cluster infrastructure is also required for -\fBclvmd\fP(8).) +This daemon relies on the cluster infrastructure provided by the corosync, +which must be set up and running in order for cmirrord to function. Output is logged via \fBsyslog\fP(3). The \fBSIGUSR1 signal\fP(7) can be issued to \fBcmirrord\fP to gather current status information for debugging @@ -32,8 +30,7 @@ Do not fork and log to the terminal. Print usage. .SH SEE ALSO +.BR lvmlockd (8), +.BR lvm (8), .BR syslog (3), -.BR cluster.conf (5), -.BR signal (7), -.BR clvmd (8), -.BR lvm (8) +.BR signal (7) diff --git a/man/lvm.8_main b/man/lvm.8_main index d4ce3da..b9abf58 100644 --- a/man/lvm.8_main +++ b/man/lvm.8_main @@ -544,7 +544,6 @@ Prepends source file name and code line number with libdm debugging. .BR lvmpolld (8) .BR lvmlockd (8) .BR lvmlockctl (8) -.BR clvmd (8) .BR cmirrord (8) .BR lvmdbusd (8)

5 years, 6 months

1
0
0 / 0

master - man: remove scattered lvmetad references

by David Teigland

Gitweb: https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=e6be10ffd2d9d5037d3... Commit: e6be10ffd2d9d5037d3e140157539edbb0a9d396 Parent: 3ca8ed66a737c3b078e292752461befd157d49b4 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Wed Nov 14 09:39:42 2018 -0600 Committer: David Teigland <teigland(a)redhat.com> CommitterDate: Wed Nov 14 09:57:57 2018 -0600 man: remove scattered lvmetad references --- man/lvm.8_main | 9 +----- man/lvm2-activation-generator.8_main | 48 +++++++++++++++------------------- man/lvmlockd.8_main | 3 -- man/lvmsystemid.7_main | 29 +++----------------- man/see_also.end | 2 - 5 files changed, 26 insertions(+), 65 deletions(-) diff --git a/man/lvm.8_main b/man/lvm.8_main index 7bbf44a..d4ce3da 100644 --- a/man/lvm.8_main +++ b/man/lvm.8_main @@ -192,7 +192,7 @@ Rename a Volume Group. Report information about Volume Groups. .TP .B vgscan -Scan all disks for Volume Groups and rebuild caches. +Scan all disks for Volume Groups. .TP .B vgsplit Split a Volume Group into two, moving any logical @@ -440,12 +440,6 @@ The Volume Group name that is assumed for any reference to a Logical Volume that doesn't specify a path. Not set by default. .TP -.B LVM_LVMETAD_PIDFILE -Path to the file that stores the lvmetad process ID. -.TP -.B LVM_LVMETAD_SOCKET -Path to the socket used to communicate with lvmetad. -.TP .B LVM_LVMPOLLD_PIDFILE Path to the file that stores the lvmpolld process ID. .TP @@ -547,7 +541,6 @@ Prepends source file name and code line number with libdm debugging. .BR lvmdump (8) .BR dmeventd (8) -.BR lvmetad (8) .BR lvmpolld (8) .BR lvmlockd (8) .BR lvmlockctl (8) diff --git a/man/lvm2-activation-generator.8_main b/man/lvm2-activation-generator.8_main index 0563205..066751d 100644 --- a/man/lvm2-activation-generator.8_main +++ b/man/lvm2-activation-generator.8_main @@ -1,44 +1,39 @@ .TH "LVM2-ACTIVATION-GENERATOR" "8" "LVM TOOLS #VERSION#" "Red Hat, Inc" "\"" .SH "NAME" -lvm2-activation-generator - generator for systemd units to activate LVM2 volumes on boot +lvm2-activation-generator - generator for systemd units to activate LVM volumes on boot .SH SYNOPSIS .B #SYSTEMD_GENERATOR_DIR#/lvm2-activation-generator .sp .SH DESCRIPTION -The lvm2-activation-generator is called by \fBsystemd\fP(1) on boot -to generate systemd units at runtime to activate LVM2 volumes if -\fBlvmetad\fP(8) is disabled (global/use_lvmetad=0 \fBlvm.conf\fP(5) -option is used). Otherwise, if \fBlvmetad\fP(8) is enabled, -the lvm2-activation-generator exits immediately without generating -any systemd units and LVM2 fully relies on event-based activation -to activate the LVM2 volumes instead using the \fBpvscan\fP(8) -(pvscan --cache -aay) call that is a part of \fBudev\fP(8) rules. + +The lvm2-activation-generator is called by \fBsystemd\fP(1) on boot to +generate systemd units at runtime to activate LVM Logical Volumes (LVs) +when global/use_lvmetad=0 is set in \fBlvm.conf\fP(5). These units use +\fBvgchange -ay\fP to activate LVs. + +If use_lvmetad=1, the lvm2-activation-generator exits immediately without +generating any systemd units, and LVM fully relies on event-based +activation to activate LVs. In this case, event-generated \fBpvscan +--cache -aay\fP commands activate LVs. These systemd units are generated by lvm2-activation-generator: .sp \fIlvm2-activation-early.service\fP -used for activation of LVM2 volumes that is ordered before systemd's -special \fBcryptsetup.target\fP to support LVM2 volumes which are not -layered on top of encrypted devices. +is run before systemd's special \fBcryptsetup.target\fP to activate +LVs that are not layered on top of encrypted devices. \fIlvm2-activation.service\fP -used for activation of LVM2 volumes that is ordered after systemd's -special \fBcryptsetup.target\fP to support LVM2 volumes which are -layered on top of encrypted devices. +is run after systemd's special \fBcryptsetup.target\fP to activate +LVs that are layered on top of encrypted devices. \fIlvm2-activation-net.service\fP -used for activation of LVM2 volumes that is ordered after systemd's -special \fBremote-fs-pre.target\fP to support LVM2 volumes which are -layered on attached remote devices. +is run after systemd's special \fBremote-fs-pre.target\fP to activate +LVs that are layered on attached remote devices. -Note that all the underlying devices (Physical Volumes) need to be present -when the service is run. If the there are any devices presented in the system -anytime later, any LVM2 volumes on top of such devices need to be activated -directly by \fBlvchange\fP(8) or \fBvgchange\fP(8). This limitation does -not exist when using \fBlvmetad\fP(8) and accompanying event-based activation -since such LVM volumes are activated automatically as soon as the Volume Group -is ready (all the Physical Volumes making up the Volume Group are present -in the system). +Note that all the underlying LVM devices (Physical Volumes) need to be +present when the service is run. If the there are any devices that appear +to the system later, LVs using these devices need to be activated directly +by \fBlvchange\fP(8) or \fBvgchange\fP(8). The lvm2-activation-generator implements the \fBGenerators Specification\fP as referenced in \fBsystemd\fP(1). @@ -47,7 +42,6 @@ as referenced in \fBsystemd\fP(1). .BR lvm.conf (5) .BR vgchange (8) .BR lvchange (8) -.BR lvmetad (8) .BR pvscan (8) .BR udev (7) .BR systemd (1) diff --git a/man/lvmlockd.8_main b/man/lvmlockd.8_main index 1a52fc5..ebf57da 100644 --- a/man/lvmlockd.8_main +++ b/man/lvmlockd.8_main @@ -829,9 +829,6 @@ on a remote host. (The activation option 'l' is not used.) lvmlockd works with thin and cache pools and LVs. .IP \[bu] 2 -lvmlockd works with lvmetad. - -.IP \[bu] 2 lvmlockd saves the cluster name for a shared VG using dlm. Only hosts in the matching cluster can use the VG. diff --git a/man/lvmsystemid.7_main b/man/lvmsystemid.7_main index 97c67c2..688d16b 100644 --- a/man/lvmsystemid.7_main +++ b/man/lvmsystemid.7_main @@ -46,8 +46,7 @@ circumstances (see vgexport and vgimport). Improper changes can result in a host losing access to its VG, or a VG being accidentally damaged by access from an unintended host. Even limited changes to the VG system ID may not be perfectly reflected across hosts. A more coherent view of -shared storage requires an inter-host locking system to coordinate access -and update caches. +shared storage requires an inter-host locking system to coordinate access. Valid system ID characters are the same as valid VG name characters. If a system ID contains invalid characters, those characters are omitted and @@ -294,8 +293,7 @@ The system ID of a VG is displayed with the "systemid" reporting option. Report/display commands ignore foreign VGs by default. To report foreign VGs, the --foreign option can be used. This causes the VGs to be read -from disk. Because lvmetad caching is not used, this option can cause -poor performance. +from disk. .B vgs --foreign -o +systemid @@ -306,20 +304,10 @@ standard reporting commands will silently ignore foreign VGs. .SS vgexport/vgimport -vgexport clears the system ID. - -Other hosts will continue to see a newly exported VG as foreign because of -local caching (when lvmetad is used). Manually updating the local lvmetad -cache with pvscan --cache will allow a host to recognize the newly -exported VG. +vgexport clears the VG system ID when exporting the VG. vgimport sets the VG system ID to the system ID of the host doing the -import. vgimport automatically scans storage for newly exported VGs. - -After vgimport, the exporting host may continue to see the VG as exported, -and not owned by the new host. Manually updating the local cache with -pvscan --cache will allow a host to recognize the newly imported VG as -foreign. +import. .SS vgchange @@ -373,15 +361,6 @@ Because of this, they are not protected by a system ID, and any host can use them. Coordination of changes to orphan PVs is beyond the scope of system ID. The same is true of any block device that is not a PV. -The effects of this are especially evident when LVM uses lvmetad caching. -For example, if multiple hosts see an orphan PV, and one host creates a VG -using the orphan, the other hosts will continue to report the PV as an -orphan. Nothing would automatically prevent the other hosts from using -the newly allocated PV and corrupting it. If the other hosts run a -command to rescan devices, and update lvmetad, they would then recognize -that the PV has been used by another host. A command that rescans devices -could be pvscan --cache, or vgs --foreign. - .SH SEE ALSO .BR vgcreate (8), .BR vgchange (8), diff --git a/man/see_also.end b/man/see_also.end index 5b07719..505c159 100644 --- a/man/see_also.end +++ b/man/see_also.end @@ -53,11 +53,9 @@ .BR lvmdump (8) .BR dmeventd (8) -.BR lvmetad (8) .BR lvmpolld (8) .BR lvmlockd (8) .BR lvmlockctl (8) -.BR clvmd (8) .BR cmirrord (8) .BR lvmdbusd (8)

5 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

lvm2-commits November 2018