[Pkg-cryptsetup-devel] Bug#358388: cryptsetup: luksformat does not support aligning on raid stripe boundaries

Peter Palfrader weasel at debian.org
Wed Mar 22 14:59:10 UTC 2006 

Package: cryptsetup
Version: 2:1.0.2+1.0.3-rc3-1
Severity: normal
Tags: patch

When creating a filesystem on a RAID it is of advantage to align it on
stripewidth boundaries.  Unfortunately with LUKS the payload starts at a
certain 4k boundary, which usually is not a stripe boundary so using for
instance XFS's sunit and swidth options won't work as expected.

This patch adds a new options --align-payload that allows you to specify
the alignment you want on luksFormat.

For instance here I use cryptsetup -a 384 luksFormat /dev/md5 since md5
is a raid5 of 64k stripes (128 sectors) with 4 disks (3+1).

Please apply.
-------------- next part --------------
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/lib/libcryptsetup.h cryptsetup-1.0.2+1.0.3-rc3/lib/libcryptsetup.h
--- c/cryptsetup-1.0.2+1.0.3-rc3/lib/libcryptsetup.h	2006-02-20 22:20:24.000000000 +0100
+++ cryptsetup-1.0.2+1.0.3-rc3/lib/libcryptsetup.h	2006-03-22 15:22:03.281463152 +0100
@@ -28,6 +28,8 @@
 	uint64_t	skip;
 	uint64_t        iteration_time;
  	uint64_t	timeout;
+
+ 	uint64_t	align_payload;
 };
 
 int crypt_create_device(struct crypt_options *options);
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/lib/setup.c cryptsetup-1.0.2+1.0.3-rc3/lib/setup.c
--- c/cryptsetup-1.0.2+1.0.3-rc3/lib/setup.c	2006-03-15 15:42:10.000000000 +0100
+++ cryptsetup-1.0.2+1.0.3-rc3/lib/setup.c	2006-03-22 15:21:22.225873378 +0100
@@ -504,7 +504,7 @@
 	r = parse_into_name_and_mode(options->cipher, cipherName, cipherMode);
 	if(r < 0) return r;
 
-	r = LUKS_generate_phdr(&header,&mk,cipherName, cipherMode,LUKS_STRIPES);
+	r = LUKS_generate_phdr(&header,&mk,cipherName, cipherMode,LUKS_STRIPES, options->align_payload);
 	if(r < 0) { 
 		set_error("Can't write phdr");
 		return r; 
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/luks/keymanage.c cryptsetup-1.0.2+1.0.3-rc3/luks/keymanage.c
--- c/cryptsetup-1.0.2+1.0.3-rc3/luks/keymanage.c	2006-03-10 15:53:38.000000000 +0100
+++ cryptsetup-1.0.2+1.0.3-rc3/luks/keymanage.c	2006-03-22 15:18:39.059511226 +0100
@@ -144,7 +144,8 @@
 
 int LUKS_generate_phdr(struct luks_phdr *header, 
 		       const struct luks_masterkey *mk, const char *cipherName,
-		       const char *cipherMode, unsigned int stripes)
+		       const char *cipherMode, unsigned int stripes,
+		       unsigned int alignPayload)
 {
 	unsigned int i=0;
 	unsigned int blocksPerStripeSet = div_round_up(mk->keyLength*stripes,SECTOR_SIZE);
@@ -153,6 +154,8 @@
 	uuid_t partitionUuid;
 	int currentSector;
 	int alignSectors = 4096/SECTOR_SIZE;
+	if (alignPayload == 0)
+		alignPayload = alignSectors;
 
 	memset(header,0,sizeof(struct luks_phdr));
 
@@ -184,6 +187,7 @@
 		header->keyblock[i].stripes = stripes;
 		currentSector = round_up_modulo(currentSector + blocksPerStripeSet, alignSectors);
 	}
+	currentSector = round_up_modulo(currentSector, alignPayload);
 
 	header->payloadOffset=currentSector;
 	uuid_generate(partitionUuid);
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/luks/luks.h cryptsetup-1.0.2+1.0.3-rc3/luks/luks.h
--- c/cryptsetup-1.0.2+1.0.3-rc3/luks/luks.h	2005-09-11 16:32:49.000000000 +0200
+++ cryptsetup-1.0.2+1.0.3-rc3/luks/luks.h	2006-03-22 15:18:53.131369495 +0100
@@ -83,7 +83,8 @@
 
 int LUKS_generate_phdr(struct luks_phdr *header,
 		       const struct luks_masterkey *mk, const char *cipherName,
-		       const char *cipherMode, unsigned int stripes);
+		       const char *cipherMode, unsigned int stripes,
+		       unsigned int alignPayload);
 
 int LUKS_read_phdr(const char *device, struct luks_phdr *hdr);
 
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/man/cryptsetup.8 cryptsetup-1.0.2+1.0.3-rc3/man/cryptsetup.8
--- c/cryptsetup-1.0.2+1.0.3-rc3/man/cryptsetup.8	2006-02-25 20:28:38.000000000 +0100
+++ cryptsetup-1.0.2+1.0.3-rc3/man/cryptsetup.8	2006-03-22 15:47:41.339971047 +0100
@@ -114,6 +114,11 @@
 .B "\-\-timeout, \-t"
 The number of seconds to wait before timeout. This option is relevant evertime a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR.
 .TP
+.B "\-\-align-payload=\fIvalue\fR, \-a"
+Align payload at a boundary of \fIvalue\fR 512-byte sectors.  This option is relevant for \fIluksFormat\fR.  If your block device lives on a RAID it is
+useful to align the filesystem at full stripe boundaries so it can take advantage of the RAID's geometry.  See for instance the sunit and swidth options
+in the mkfs.xfs manual page.  By default the payload is aligned at an 8 sector (4096 byte) boundary.
+.TP
 .B "\-\-version"
 Show the version.
 
diff -Nur --exclude Makefile.in --exclude config.guess --exclude config.sub --exclude aclocal.m4 --exclude ltmain.sh --exclude configure --exclude luksformat.8 c/cryptsetup-1.0.2+1.0.3-rc3/src/cryptsetup.c cryptsetup-1.0.2+1.0.3-rc3/src/cryptsetup.c
--- c/cryptsetup-1.0.2+1.0.3-rc3/src/cryptsetup.c	2006-03-15 15:03:13.000000000 +0100
+++ cryptsetup-1.0.2+1.0.3-rc3/src/cryptsetup.c	2006-03-22 15:21:53.065565159 +0100
@@ -27,6 +27,7 @@
 static int opt_batch_mode = 0;
 static int opt_version_mode = 0;
 static int opt_timeout = 0;
+static int opt_align_payload = 8;
 
 static const char **action_argv;
 static int action_argc;
@@ -209,6 +210,7 @@
 		.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE :  0),
 		.iteration_time = opt_iteration_time,
 		.timeout = opt_timeout,
+		.align_payload = opt_align_payload,
 	};
 
 	int r = 0; char *msg = NULL;
@@ -370,6 +372,7 @@
 		{ "batch-mode",        'q',  POPT_ARG_NONE,                               &opt_batch_mode,        0, N_("Do not ask for confirmation"),                                     NULL },
 		{ "version",        '\0',  POPT_ARG_NONE,                               &opt_version_mode,        0, N_("Print package version"),                                     NULL },
  		{ "timeout",           't',  POPT_ARG_INT,                                &opt_timeout,           0, N_("Timeout for interactive passphrase prompt (in seconds)"),          N_("secs") },
+ 		{ "align-payload",     'a',  POPT_ARG_INT,                                &opt_align_payload,     0, N_("Align payload at <n> sector boundaries - for luksFormat"),         N_("SECTORS") },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;

More information about the Pkg-cryptsetup-devel mailing list