From 6e0eb8f7eeb709e88fa11ef0fdb91ad509fbce33 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 18 Jun 2025 14:46:32 +0000 Subject: [PATCH] Sync with c9-beta --- ...ove_unreliable_nvme_attribute_checks.patch | 31 +++ ...d_nvme_is_tech_avail-to-the-API-file.patch | 60 +++++ ...ction-to-set-persistent-flags-for-LU.patch | 233 ++++++++++++++++++ SPECS/libblockdev.spec | 17 +- 4 files changed, 340 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0013-tests-Remove_unreliable_nvme_attribute_checks.patch create mode 100644 SOURCES/0014-nvme-Add-bd_nvme_is_tech_avail-to-the-API-file.patch create mode 100644 SOURCES/0015-crypto-Add-a-function-to-set-persistent-flags-for-LU.patch diff --git a/SOURCES/0013-tests-Remove_unreliable_nvme_attribute_checks.patch b/SOURCES/0013-tests-Remove_unreliable_nvme_attribute_checks.patch new file mode 100644 index 0000000..59284d1 --- /dev/null +++ b/SOURCES/0013-tests-Remove_unreliable_nvme_attribute_checks.patch @@ -0,0 +1,31 @@ +From 6067dbdf0fe3c2d83055c43edf35cddf277e7236 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 10 Nov 2023 14:09:20 +0100 +Subject: [PATCH] tests: Remove unreliable nvme attribute checks + +Some attributes like this health information data read counters +are just too volatile to be tested as there might be some other +processes probing the device causing the statistics counters to increase. +--- + tests/nvme_test.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/nvme_test.py b/tests/nvme_test.py +index 3c7c0a29..f31de546 100644 +--- a/tests/nvme_test.py ++++ b/tests/nvme_test.py +@@ -157,14 +157,12 @@ def test_smart_log(self): + self.assertEqual(log.critical_temp_time, 0) + self.assertEqual(log.ctrl_busy_time, 0) + self.assertEqual(log.media_errors, 0) +- # self.assertEqual(log.num_err_log_entries, 0) + self.assertEqual(log.percent_used, 0) + self.assertEqual(log.power_cycles, 0) + self.assertEqual(log.power_on_hours, 0) + self.assertEqual(log.spare_thresh, 0) + self.assertEqual(log.temp_sensors, [0, 0, 0, 0, 0, 0, 0, 0]) + self.assertEqual(log.temperature, 0) +- self.assertGreater(log.total_data_read, 1) + self.assertEqual(log.unsafe_shutdowns, 0) + self.assertEqual(log.warning_temp_time, 0) + self.assertEqual(log.wctemp, 0) diff --git a/SOURCES/0014-nvme-Add-bd_nvme_is_tech_avail-to-the-API-file.patch b/SOURCES/0014-nvme-Add-bd_nvme_is_tech_avail-to-the-API-file.patch new file mode 100644 index 0000000..be6b83a --- /dev/null +++ b/SOURCES/0014-nvme-Add-bd_nvme_is_tech_avail-to-the-API-file.patch @@ -0,0 +1,60 @@ +From 874f378ae48860be89807c8021f66d23d5c7da62 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Thu, 14 Mar 2024 13:53:04 +0100 +Subject: [PATCH] nvme: Add bd_nvme_is_tech_avail to the API file + +--- + src/lib/plugin_apis/nvme.api | 11 +++++++++++ + tests/nvme_test.py | 14 ++++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/lib/plugin_apis/nvme.api b/src/lib/plugin_apis/nvme.api +index 667dbe9e..af892d8e 100644 +--- a/src/lib/plugin_apis/nvme.api ++++ b/src/lib/plugin_apis/nvme.api +@@ -66,6 +66,17 @@ typedef enum { + BD_NVME_TECH_MODE_INITIATOR = 1 << 2, + } BDNVMETechMode; + ++/** ++ * bd_nvme_is_tech_avail: ++ * @tech: the queried tech ++ * @mode: a bit mask of queried modes of operation (#BDNVMETechMode) for @tech ++ * @error: (out) (nullable): place to store error (details about why the @tech-@mode combination is not available) ++ * ++ * Returns: whether the @tech-@mode combination is available -- supported by the ++ * plugin implementation and having all the runtime dependencies available ++ */ ++gboolean bd_nvme_is_tech_avail (BDNVMETech tech, G_GNUC_UNUSED guint64 mode, GError **error); ++ + + /* BpG-skip */ + /** +diff --git a/tests/nvme_test.py b/tests/nvme_test.py +index 060d6ebc..ca4fec90 100644 +--- a/tests/nvme_test.py ++++ b/tests/nvme_test.py +@@ -27,6 +27,20 @@ class NVMeTest(unittest.TestCase): + BlockDev.reinit(cls.requested_plugins, True, None) + + ++class NVMePluginVersionTestCase(NVMeTest): ++ @tag_test(TestTags.NOSTORAGE) ++ def test_plugin_version(self): ++ self.assertEqual(BlockDev.get_plugin_soname(BlockDev.Plugin.NVME), "libbd_nvme.so.2") ++ ++ @tag_test(TestTags.NOSTORAGE) ++ def test_availability(self): ++ avail = BlockDev.nvme_is_tech_avail(BlockDev.NVMETech.NVME, 0) ++ self.assertTrue(avail) ++ ++ avail = BlockDev.nvme_is_tech_avail(BlockDev.NVMETech.FABRICS, 0) ++ self.assertTrue(avail) ++ ++ + class NVMeTestCase(NVMeTest): + def setUp(self): + self.dev_file = None +-- +2.46.1 + diff --git a/SOURCES/0015-crypto-Add-a-function-to-set-persistent-flags-for-LU.patch b/SOURCES/0015-crypto-Add-a-function-to-set-persistent-flags-for-LU.patch new file mode 100644 index 0000000..37cd08b --- /dev/null +++ b/SOURCES/0015-crypto-Add-a-function-to-set-persistent-flags-for-LU.patch @@ -0,0 +1,233 @@ +From a0f99ca404218f1da0820e55000531fe0c67f270 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Thu, 6 Mar 2025 14:41:16 +0100 +Subject: [PATCH] crypto: Add a function to set persistent flags for LUKS + +This will be used to set the allow-discards flag on LUKS devices +during installation by Blivet. +--- + configure.ac | 6 +++ + src/lib/plugin_apis/crypto.api | 24 +++++++++++ + src/plugins/crypto.c | 76 ++++++++++++++++++++++++++++++++++ + src/plugins/crypto.h | 11 +++++ + tests/crypto_test.py | 29 +++++++++++++ + 5 files changed, 146 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 14d5974c..158b000f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -226,6 +226,12 @@ AS_IF([test "x$with_crypto" != "xno"], + [AC_DEFINE([LIBCRYPTSETUP_23])], []) + AS_IF([$PKG_CONFIG --atleast-version=2.4.0 libcryptsetup], + [AC_DEFINE([LIBCRYPTSETUP_24])], []) ++ AS_IF([$PKG_CONFIG --atleast-version=2.6.0 libcryptsetup], ++ [AC_DEFINE([LIBCRYPTSETUP_26])], []) ++ AS_IF([$PKG_CONFIG --atleast-version=2.7.0 libcryptsetup], ++ [AC_DEFINE([LIBCRYPTSETUP_27])], []) ++ AS_IF([$PKG_CONFIG --atleast-version=2.8.0 libcryptsetup], ++ [AC_DEFINE([LIBCRYPTSETUP_28])], []) + AS_IF([test "x$with_escrow" != "xno"], + [LIBBLOCKDEV_PKG_CHECK_MODULES([NSS], [nss >= 3.18.0]) + LIBBLOCKDEV_CHECK_HEADER([volume_key/libvolume_key.h], [$GLIB_CFLAGS $NSS_CFLAGS], [libvolume_key.h not available])], +diff --git a/src/lib/plugin_apis/crypto.api b/src/lib/plugin_apis/crypto.api +index cf87979d..81087ce4 100644 +--- a/src/lib/plugin_apis/crypto.api ++++ b/src/lib/plugin_apis/crypto.api +@@ -353,6 +353,16 @@ typedef enum { + #define BD_CRYPTO_TYPE_LUKS_INFO (bd_crypto_luks_info_get_type ()) + GType bd_crypto_luks_info_get_type(); + ++typedef enum { ++ BD_CRYPTO_LUKS_ACTIVATE_ALLOW_DISCARDS = 1 << 0, ++ BD_CRYPTO_LUKS_ACTIVATE_SAME_CPU_CRYPT = 1 << 1, ++ BD_CRYPTO_LUKS_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS = 1 << 2, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_JOURNAL = 1 << 3, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_READ_WORKQUEUE = 1 << 4, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_WRITE_WORKQUEUE = 1 << 5, ++ BD_CRYPTO_LUKS_ACTIVATE_HIGH_PRIORITY = 1 << 6, ++} BDCryptoLUKSPersistentFlags; ++ + /** + * BDCryptoLUKSInfo: + * @version: LUKS version +@@ -940,6 +950,20 @@ gboolean bd_crypto_luks_header_backup (const gchar *device, const gchar *backup_ + */ + gboolean bd_crypto_luks_header_restore (const gchar *device, const gchar *backup_file, GError **error); + ++/** ++ * bd_crypto_luks_set_persistent_flags: ++ * @device: a LUKS device to set the persistent flags on ++ * @flags: flags to set ++ * @error: (out) (optional): place to store error (if any) ++ * ++ * Note: This function is valid only for LUKS2. ++ * ++ * Returns: whether the given @flags were successfully set or not ++ * ++ * Tech category: %BD_CRYPTO_TECH_LUKS-%BD_CRYPTO_TECH_MODE_MODIFY ++ */ ++gboolean bd_crypto_luks_set_persistent_flags (const gchar *device, BDCryptoLUKSPersistentFlags flags, GError **error); ++ + /** + * bd_crypto_luks_info: + * @luks_device: a device to get information about +diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c +index 2086209e..ed7c0c5a 100644 +--- a/src/plugins/crypto.c ++++ b/src/plugins/crypto.c +@@ -1978,6 +1978,82 @@ gboolean bd_crypto_luks_header_restore (const gchar *device, const gchar *backup + return TRUE; + } + ++/** ++ * bd_crypto_luks_set_persistent_flags: ++ * @device: a LUKS device to set the persistent flags on ++ * @flags: flags to set ++ * @error: (out) (optional): place to store error (if any) ++ * ++ * Note: This function is valid only for LUKS2. ++ * ++ * Returns: whether the given @flags were successfully set or not ++ * ++ * Tech category: %BD_CRYPTO_TECH_LUKS-%BD_CRYPTO_TECH_MODE_MODIFY ++ */ ++gboolean bd_crypto_luks_set_persistent_flags (const gchar *device, BDCryptoLUKSPersistentFlags flags, GError **error) { ++ struct crypt_device *cd = NULL; ++ gint ret = 0; ++ guint32 crypt_flags = 0; ++ ++ ret = crypt_init (&cd, device); ++ if (ret != 0) { ++ g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE, ++ "Failed to initialize device: %s", strerror_l (-ret, c_locale)); ++ return FALSE; ++ } ++ ++ ret = crypt_load (cd, CRYPT_LUKS, NULL); ++ if (ret != 0) { ++ g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE, ++ "Failed to load device: %s", strerror_l (-ret, c_locale)); ++ crypt_free (cd); ++ return FALSE; ++ } ++ ++ if (g_strcmp0 (crypt_get_type (cd), CRYPT_LUKS2) != 0) { ++ g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE, ++ "Persistent flags can be set only on LUKS v2"); ++ crypt_free (cd); ++ return FALSE; ++ } ++ ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_ALLOW_DISCARDS) ++ crypt_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_SAME_CPU_CRYPT) ++ crypt_flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ++ crypt_flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_NO_JOURNAL) ++ crypt_flags |= CRYPT_ACTIVATE_NO_JOURNAL; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_NO_READ_WORKQUEUE) ++ crypt_flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_NO_WRITE_WORKQUEUE) ++ crypt_flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE; ++ if (flags & BD_CRYPTO_LUKS_ACTIVATE_HIGH_PRIORITY) { ++#ifdef LIBCRYPTSETUP_28 ++ crypt_flags |= CRYPT_ACTIVATE_HIGH_PRIORITY; ++#else ++ g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_TECH_UNAVAIL, ++ "Libcryptsetup 2.8 or newer is needed for 'high priority' flag support"); ++ crypt_free (cd); ++ return FALSE; ++#endif ++ } ++ ++ ++ ret = crypt_persistent_flags_set (cd, CRYPT_FLAGS_ACTIVATION, crypt_flags); ++ if (ret != 0) { ++ g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE, ++ "Failed to set flags: %s", strerror_l (-ret, c_locale)); ++ crypt_free (cd); ++ return FALSE; ++ } ++ ++ crypt_free (cd); ++ ++ return TRUE; ++} ++ + /** + * bd_crypto_luks_info: + * @luks_device: a device to get information about +diff --git a/src/plugins/crypto.h b/src/plugins/crypto.h +index 536accf9..15acd4e6 100644 +--- a/src/plugins/crypto.h ++++ b/src/plugins/crypto.h +@@ -155,6 +155,16 @@ typedef enum { + BD_CRYPTO_INTEGRITY_OPEN_ALLOW_DISCARDS = 1 << 5, + } BDCryptoIntegrityOpenFlags; + ++typedef enum { ++ BD_CRYPTO_LUKS_ACTIVATE_ALLOW_DISCARDS = 1 << 0, ++ BD_CRYPTO_LUKS_ACTIVATE_SAME_CPU_CRYPT = 1 << 1, ++ BD_CRYPTO_LUKS_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS = 1 << 2, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_JOURNAL = 1 << 3, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_READ_WORKQUEUE = 1 << 4, ++ BD_CRYPTO_LUKS_ACTIVATE_NO_WRITE_WORKQUEUE = 1 << 5, ++ BD_CRYPTO_LUKS_ACTIVATE_HIGH_PRIORITY = 1 << 6, ++} BDCryptoLUKSPersistentFlags; ++ + /** + * BDCryptoLUKSInfo: + * @version: LUKS version +@@ -244,6 +254,7 @@ gboolean bd_crypto_luks_resume (const gchar *luks_device, const gchar *passphras + gboolean bd_crypto_luks_kill_slot (const gchar *device, gint slot, GError **error); + gboolean bd_crypto_luks_header_backup (const gchar *device, const gchar *backup_file, GError **error); + gboolean bd_crypto_luks_header_restore (const gchar *device, const gchar *backup_file, GError **error); ++gboolean bd_crypto_luks_set_persistent_flags (const gchar *device, BDCryptoLUKSPersistentFlags flags, GError **error); + + BDCryptoLUKSInfo* bd_crypto_luks_info (const gchar *luks_device, GError **error); + BDCryptoIntegrityInfo* bd_crypto_integrity_info (const gchar *device, GError **error); +diff --git a/tests/crypto_test.py b/tests/crypto_test.py +index 91ea1f35..b16e719d 100644 +--- a/tests/crypto_test.py ++++ b/tests/crypto_test.py +@@ -978,6 +978,35 @@ class CryptoTestInfo(CryptoTestCase): + self.assertTrue(succ) + + ++class CryptoTestSetPersistentFlags(CryptoTestCase): ++ ++ @tag_test(TestTags.SLOW, TestTags.CORE) ++ def test_luks_set_persistent_flags(self): ++ """Verify that we can set flags on a LUKS device""" ++ ++ self._luks_format(self.loop_dev, PASSWD, None) ++ ++ with self.assertRaisesRegex(GLib.GError, "Persistent flags can be set only on LUKS v2"): ++ BlockDev.crypto_luks_set_persistent_flags(self.loop_dev, ++ BlockDev.CryptoLUKSPersistentFlags.ALLOW_DISCARDS) ++ ++ @tag_test(TestTags.SLOW, TestTags.CORE) ++ def test_luks_set_persistent_flags(self): ++ """Verify that we can set flags on a LUKS 2 device""" ++ ++ self._luks2_format(self.loop_dev, PASSWD, None) ++ ++ succ = BlockDev.crypto_luks_set_persistent_flags(self.loop_dev, ++ BlockDev.CryptoLUKSPersistentFlags.ALLOW_DISCARDS) ++ self.assertTrue(succ) ++ ++ _ret, out, err = run_command("cryptsetup luksDump %s" % self.loop_dev) ++ m = re.search(r"Flags:\s*(\S+)\s*", out) ++ if not m or len(m.groups()) != 1: ++ self.fail("Failed to get label information from:\n%s %s" % (out, err)) ++ self.assertEqual(m.group(1), "allow-discards") ++ ++ + class CryptoTestLuksSectorSize(CryptoTestCase): + def setUp(self): + if not check_cryptsetup_version("2.4.0"): +-- +2.48.1 + diff --git a/SPECS/libblockdev.spec b/SPECS/libblockdev.spec index c13da05..86605ee 100644 --- a/SPECS/libblockdev.spec +++ b/SPECS/libblockdev.spec @@ -129,7 +129,7 @@ Name: libblockdev Version: 2.28 -Release: 10%{?dist} +Release: 13%{?dist} Summary: A library for low-level manipulation with block devices License: LGPLv2+ URL: https://github.com/storaged-project/libblockdev @@ -147,6 +147,9 @@ Patch9: 0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch Patch10: 0010-lvm-Add-a-function-to-activate-LVs-in-shared-mode.patch Patch11: 0011-nvme_libblockdev-3.0.4_backport.patch Patch12: 0012-lvm-Add-support-for-starting-and-stopping-VG-locking.patch +Patch13: 0013-tests-Remove_unreliable_nvme_attribute_checks.patch +Patch14: 0014-nvme-Add-bd_nvme_is_tech_avail-to-the-API-file.patch +Patch15: 0015-crypto-Add-a-function-to-set-persistent-flags-for-LU.patch BuildRequires: make BuildRequires: glib2-devel @@ -1045,6 +1048,18 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm} %files plugins-all %changelog +* Tue Mar 11 2025 Vojtech Trefny - 2.28-13 +- crypto: Add a function to set persistent flags for LUKS + Resolves: RHEL-82886 + +* Thu Sep 19 2024 Vojtech Trefny - 2.28-12 +- nvme: Add bd_nvme_is_tech_avail to the API file + Resolves: RHEL-59588 + +* Tue Nov 28 2023 Tomas Bzatek - 2.28-11 +- tests: Remove unreliable nvme attribute checks + Resolves: RHEL-16126 + * Wed Nov 08 2023 Vojtech Trefny - 2.28-10 - lvm: Add support for starting and stopping VG locking Resolves: RHEL-15921