diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2022-09-17 09:57:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-17 09:57:20 +0200 |
| commit | 9bf36477bf7c4c91405e6c298a98ef8b467ce1b2 (patch) | |
| tree | a0ffedb15bb1f4a4e0b7966ce46594cd6a030415 | |
| parent | fd-util: rename CLOSE_AND_REPLACE() -> close_and_replace() (diff) | |
| parent | dissect-image: make verity_partition() actually fail when all attempts of act... (diff) | |
| download | systemd-9bf36477bf7c4c91405e6c298a98ef8b467ce1b2.tar.xz systemd-9bf36477bf7c4c91405e6c298a98ef8b467ce1b2.zip | |
Merge pull request #24703 from yuwata/dissect-image-verity-partition-make-fail
dissect-image: make verity_partition() actually fail when all attempts of activation failed
| -rw-r--r-- | src/shared/dissect-image.c | 53 |
1 files changed, 29 insertions, 24 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 93f70d7588..274c33c35e 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1877,6 +1877,28 @@ static int do_crypt_activate_verity( CRYPT_ACTIVATE_READONLY); } +static usec_t verity_timeout(void) { + usec_t t = 100 * USEC_PER_MSEC; + const char *e; + int r; + + /* On slower machines, like non-KVM vm, setting up device may take a long time. + * Let's make the timeout configurable. */ + + e = getenv("SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC"); + if (!e) + return t; + + r = parse_sec(e, &t); + if (r < 0) + log_debug_errno(r, + "Failed to parse timeout specified in $SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC, " + "using the default timeout (%s).", + FORMAT_TIMESPAN(t, USEC_PER_MSEC)); + + return t; +} + static int verity_partition( PartitionDesignator designator, DissectedPartition *m, @@ -1985,28 +2007,9 @@ static int verity_partition( if (r < 0 && !IN_SET(r, -ENODEV, -ENOENT, -EBUSY)) return log_debug_errno(r, "Checking whether existing verity device %s can be reused failed: %m", node); if (r >= 0) { - usec_t timeout_usec = 100 * USEC_PER_MSEC; - const char *e; - - /* On slower machines, like non-KVM vm, setting up device may take a long time. - * Let's make the timeout configurable. */ - e = getenv("SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC"); - if (e) { - usec_t t; - - r = parse_sec(e, &t); - if (r < 0) - log_debug_errno(r, - "Failed to parse timeout specified in $SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC, " - "using the default timeout (%s).", - FORMAT_TIMESPAN(timeout_usec, USEC_PER_MSEC)); - else - timeout_usec = t; - } - /* devmapper might say that the device exists, but the devlink might not yet have been * created. Check and wait for the udev event in that case. */ - r = device_wait_for_devlink(node, "block", timeout_usec, NULL); + r = device_wait_for_devlink(node, "block", verity_timeout(), NULL); /* Fallback to activation with a unique device if it's taking too long */ if (r == -ETIMEDOUT) break; @@ -2018,17 +2021,19 @@ static int verity_partition( } } if (r >= 0) - break; + goto success; /* Device is being opened by another process, but it has not finished yet, yield for 2ms */ (void) usleep(2 * USEC_PER_MSEC); } - /* An existing verity device was reported by libcryptsetup/libdevmapper, but we can't use it at this time. - * Fall back to activating it with a unique device name. */ - if (r < 0 && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE)) + /* All trials failed. Let's try to activate with a unique name. */ + if (FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE)) return verity_partition(designator, m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d); + return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "All attempts to activate verity device %s failed.", name); + +success: /* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */ restore_deferred_remove = mfree(restore_deferred_remove); |