* [dm-crypt] --disable-locks
@ 2021-09-23 13:01 Jeremiah Moree
2021-09-24 9:11 ` [dm-crypt] --disable-locks Arno Wagner
2021-09-24 17:33 ` Milan Broz
0 siblings, 2 replies; 3+ messages in thread
From: Jeremiah Moree @ 2021-09-23 13:01 UTC (permalink / raw)
To: dmcrypt
[-- Attachment #1.1: Type: text/plain, Size: 628 bytes --]
While searching through the source code I came upon docs/LUKS-locking.txt.
From previous discussions on this list I understood the locking to be only
for protection against concurrent user access. This is how I wrote the FAQ
entry that is now in the docs.
From this new-to-me doc it seems that locking is to also prevent header
corruption. I am surprised no one pointed this out in discussions so there
is a chance I may be misunderstanding.
Specifically, this was in a discussion about --disable-locks. Am I correct
in stating:
Using --disable-locks I risk
* concurrent user access problems
* header corruption
--
JT
[-- Attachment #1.2: Type: text/html, Size: 884 bytes --]
[-- Attachment #2: Type: text/plain, Size: 147 bytes --]
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dm-crypt] Re: --disable-locks
2021-09-23 13:01 [dm-crypt] --disable-locks Jeremiah Moree
@ 2021-09-24 9:11 ` Arno Wagner
2021-09-24 17:33 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Arno Wagner @ 2021-09-24 9:11 UTC (permalink / raw)
To: Jeremiah Moree; +Cc: dmcrypt
Well, I would say that header corruption is covered under
"concurrent user access problems", as the header is under
user control here.
But I see that items 1.9/1.10/1.11 are really in the wrong
section. They belong under "Setup" and "Common Problems".
I can move them and clarify the locking question.
Also 1.9/1.10 should really be one item.
Regards,
Arno
On Thu, Sep 23, 2021 at 15:01:29 CEST, Jeremiah Moree wrote:
> While searching through the source code I came upon
> docs/LUKS-locking.txt.
> From previous discussions on this list I understood the locking to be
> only for protection against concurrent user access. This is how I
> wrote the FAQ entry that is now in the docs.
> From this new-to-me doc it seems that locking is to also prevent header
> corruption. I am surprised no one pointed this out in discussions so
> there is a chance I may be misunderstanding.
> Specifically, this was in a discussion about --disable-locks. Am I
> correct in stating:
> Using --disable-locks I risk
> * concurrent user access problems
> * header corruption
> --
> JT
> _______________________________________________
> dm-crypt mailing list -- dm-crypt@saout.de
> To unsubscribe send an email to dm-crypt-leave@saout.de
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dm-crypt] Re: --disable-locks
2021-09-23 13:01 [dm-crypt] --disable-locks Jeremiah Moree
2021-09-24 9:11 ` [dm-crypt] --disable-locks Arno Wagner
@ 2021-09-24 17:33 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Milan Broz @ 2021-09-24 17:33 UTC (permalink / raw)
To: Jeremiah Moree, dmcrypt
On 23/09/2021 15:01, Jeremiah Moree wrote:
> While searching through the source code I came upon docs/LUKS-locking.txt.
>
> From previous discussions on this list I understood the locking to be only for protection against concurrent user access. This is how I wrote the FAQ entry that is now in the docs.
It protects LUKS2 metadata (serializes access to metadata update so concurrent processes cannot see partially updated metadata).
That said, in some situations activation of data device can rely on reliable metadata update.
For example, during reencryption, LUKS2 metadata is continuously updated when moving reencrypted area.
If you disable locking here, it will (almost for sure) corrupt the data (not only metadata).
> From this new-to-me doc it seems that locking is to also prevent header corruption. I am surprised no one pointed this out in discussions so there is a chance I may be misunderstanding.
Interesting, I thought that we are primarily talking about metadata :)
> Specifically, this was in a discussion about --disable-locks. Am I correct in stating:
>
> Using --disable-locks I risk
> * concurrent user access problems
> * header corruption
See above.
For the simple situation we do not need locks to activate device and prevent concurrent accerss
(kernel dm-crypt/device-mapper has internal locking that allows only one device activation in-kernel).
But LUKS2 device can be more complex stacks of devices (a reencryption in-progress is a nice example)
where the LUKS2 locking plays its role.
Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-24 17:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-23 13:01 [dm-crypt] --disable-locks Jeremiah Moree
2021-09-24 9:11 ` [dm-crypt] --disable-locks Arno Wagner
2021-09-24 17:33 ` Milan Broz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).