.cryptsetup.metadata

@@ -1,2 +0,0 @@
-3ce643e82d52b0c0282c2754c4bfa8c15c1f567e SOURCES/cryptsetup-2.3.7.tar.xz
-ec3ce9960bd536f7500e0d767a973672037c13e6 SOURCES/tests.tar.xz

.gitignore

@@ -1,2 +1,3 @@
 SOURCES/cryptsetup-2.3.7.tar.xz
-SOURCES/tests.tar.xz
+/cryptsetup-2.3.7.tar.xz
+/tests.tar.xz

cryptsetup-2.7.2-WIP-Add-support-for-high-priority-dm-crypt-flag.patch

@@ -0,0 +1,247 @@
+From 919f37117fe6255d502eb303b92d1e6582053c67 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Tue, 9 Apr 2024 16:11:58 +0200
+Subject: [PATCH] WIP: Add support for high-priority dm-crypt flag.
+
+---
+ lib/libcryptsetup.h             |  2 ++
+ lib/libdevmapper.c              | 20 ++++++++++++++++++--
+ lib/luks2/luks2_json_metadata.c |  1 +
+ lib/utils_dm.h                  |  1 +
+ man/common_options.adoc         | 11 +++++++++++
+ src/cryptsetup.c                |  8 +++++---
+ src/cryptsetup_arg_list.h       |  2 ++
+ src/utils_arg_names.h           |  1 +
+ src/utils_luks.c                |  3 +++
+ tests/device-test               | 28 +++++++++++++++++++++++++---
+ 10 files changed, 69 insertions(+), 8 deletions(-)
+
+Index: cryptsetup-2.3.7/lib/libcryptsetup.h
+===================================================================
+--- cryptsetup-2.3.7.orig/lib/libcryptsetup.h
++++ cryptsetup-2.3.7/lib/libcryptsetup.h
+@@ -1113,6 +1113,11 @@ int crypt_keyslot_destroy(struct crypt_d
+ #define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24)
+ /** dm-crypt: bypass internal workqueue and process write requests synchronously. */
+ #define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25)
++#define CRYPT_ACTIVATE_RECALCULATE_RESET (UINT32_C(1) << 26)
++/** dm-verity: try to use tasklets */
++#define CRYPT_ACTIVATE_TASKLETS (UINT32_C(1) << 27)
++/** dm-crypt: use high-priority workqueues */
++#define CRYPT_ACTIVATE_HIGH_PRIORITY (UINT32_C(1) << 28)
+ 
+ /**
+  * Active device runtime attributes
+Index: cryptsetup-2.3.7/lib/libdevmapper.c
+===================================================================
+--- cryptsetup-2.3.7.orig/lib/libdevmapper.c
++++ cryptsetup-2.3.7/lib/libdevmapper.c
+@@ -177,6 +177,9 @@ static void _dm_set_crypt_compat(struct
+ 	if (_dm_satisfies_version(1, 22, 0, crypt_maj, crypt_min, crypt_patch))
+ 		_dm_flags |= DM_CRYPT_NO_WORKQUEUE_SUPPORTED;
+ 
++	if (_dm_satisfies_version(1, 26, 0, crypt_maj, crypt_min, crypt_patch))
++		_dm_flags |= DM_CRYPT_HIGH_PRIORITY_SUPPORTED;
++
+ 	_dm_crypt_checked = true;
+ }
+ 
+@@ -568,19 +571,22 @@ static char *get_dm_crypt_params(const s
+ 		num_options++;
+ 	if (flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS)
+ 		num_options++;
++	if (flags & CRYPT_ACTIVATE_HIGH_PRIORITY)
++		num_options++;
+ 	if (tgt->u.crypt.integrity)
+ 		num_options++;
+ 	if (tgt->u.crypt.sector_size != SECTOR_SIZE)
+ 		num_options++;
+ 
+-	if (num_options) { /* MAX length  int32 + 15 + 15 + 23 + 18 + 19 + 17 + 13 + int32 + integrity_str */
+-		r = snprintf(features, sizeof(features), " %d%s%s%s%s%s%s%s%s", num_options,
++	if (num_options) { /* MAX length  int32 + 15 + 15 + 23 + 18 + 19 + 17 + 14 + 13 + int32 + integrity_str */
++		r = snprintf(features, sizeof(features), " %d%s%s%s%s%s%s%s%s%s", num_options,
+ 		(flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? " allow_discards" : "",
+ 		(flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? " same_cpu_crypt" : "",
+ 		(flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? " submit_from_crypt_cpus" : "",
+ 		(flags & CRYPT_ACTIVATE_NO_READ_WORKQUEUE) ? " no_read_workqueue" : "",
+ 		(flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) ? " no_write_workqueue" : "",
+ 		(flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) ? " iv_large_sectors" : "",
++		(flags & CRYPT_ACTIVATE_HIGH_PRIORITY) ? " high_priority" : "",
+ 		(tgt->u.crypt.sector_size != SECTOR_SIZE) ?
+ 			_uf(sector_feature, sizeof(sector_feature), "sector_size", tgt->u.crypt.sector_size) : "",
+ 		integrity_dm);
+@@ -1586,6 +1592,14 @@ static int check_retry(struct crypt_devi
+ 		ret = 1;
+ 	}
+ 
++	/* Drop high-priority workqueue options if not supported */
++	if ((*dmd_flags & CRYPT_ACTIVATE_HIGH_PRIORITY) &&
++	    !(dmt_flags & DM_CRYPT_HIGH_PRIORITY_SUPPORTED)) {
++		log_dbg(cd, "dm-crypt does not support high-priority option");
++		*dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_HIGH_PRIORITY;
++		ret = 1;
++	}
++
+ 	return ret;
+ }
+ 
+@@ -1941,6 +1955,8 @@ static int _dm_target_query_crypt(struct
+ 				*act_flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
+ 			else if (!strcasecmp(arg, "iv_large_sectors"))
+ 				*act_flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS;
++			else if (!strcasecmp(arg, "high_priority"))
++				*act_flags |= CRYPT_ACTIVATE_HIGH_PRIORITY;
+ 			else if (sscanf(arg, "integrity:%u:", &val) == 1) {
+ 				tgt->u.crypt.tag_size = val;
+ 				rintegrity = strchr(arg + strlen("integrity:"), ':');
+Index: cryptsetup-2.3.7/lib/luks2/luks2_json_metadata.c
+===================================================================
+--- cryptsetup-2.3.7.orig/lib/luks2/luks2_json_metadata.c
++++ cryptsetup-2.3.7/lib/luks2/luks2_json_metadata.c
+@@ -1386,6 +1386,7 @@ static const struct  {
+ 	{ CRYPT_ACTIVATE_NO_JOURNAL,             "no-journal" },
+ 	{ CRYPT_ACTIVATE_NO_READ_WORKQUEUE,      "no-read-workqueue" },
+ 	{ CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE,     "no-write-workqueue" },
++	{ CRYPT_ACTIVATE_HIGH_PRIORITY,          "high_priority" },
+ 	{ 0, NULL }
+ };
+ 
+Index: cryptsetup-2.3.7/lib/utils_dm.h
+===================================================================
+--- cryptsetup-2.3.7.orig/lib/utils_dm.h
++++ cryptsetup-2.3.7/lib/utils_dm.h
+@@ -73,6 +73,9 @@ static inline uint32_t act2dmflags(uint3
+ #define DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption  */
+ #define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues  */
+ #define DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */
++#define DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */
++#define DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */
++#define DM_CRYPT_HIGH_PRIORITY_SUPPORTED (1 << 29) /* dm-crypt high priority workqueue flag supported  */
+ 
+ typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
+ enum tdirection { TARGET_SET = 1, TARGET_QUERY };
+Index: cryptsetup-2.3.7/src/cryptsetup.c
+===================================================================
+--- cryptsetup-2.3.7.orig/src/cryptsetup.c
++++ cryptsetup-2.3.7/src/cryptsetup.c
+@@ -87,6 +87,7 @@ static int opt_perf_same_cpu_crypt = 0;
+ static int opt_perf_submit_from_crypt_cpus = 0;
+ static int opt_perf_no_read_workqueue = 0;
+ static int opt_perf_no_write_workqueue = 0;
++static int opt_perf_high_priority = 0;
+ static int opt_test_passphrase = 0;
+ static int opt_tcrypt_hidden = 0;
+ static int opt_tcrypt_system = 0;
+@@ -219,6 +220,9 @@ static void _set_activation_flags(uint32
+ 	if (opt_perf_no_read_workqueue)
+ 		*flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE;
+ 
++	if (opt_perf_high_priority)
++		*flags |= CRYPT_ACTIVATE_HIGH_PRIORITY;
++
+ 	if (opt_perf_no_write_workqueue)
+ 		*flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
+ 
+@@ -860,13 +864,15 @@ static int action_status(void)
+ 				 CRYPT_ACTIVATE_SAME_CPU_CRYPT|
+ 				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS|
+ 				 CRYPT_ACTIVATE_NO_READ_WORKQUEUE|
+-				 CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE))
+-			log_std("  flags:   %s%s%s%s%s\n",
++				 CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE|
++				 CRYPT_ACTIVATE_HIGH_PRIORITY))
++			log_std("  flags:   %s%s%s%s%s%s\n",
+ 				(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "",
+ 				(cad.flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? "same_cpu_crypt " : "",
+ 				(cad.flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? "submit_from_crypt_cpus " : "",
+ 				(cad.flags & CRYPT_ACTIVATE_NO_READ_WORKQUEUE) ? "no_read_workqueue " : "",
+-				(cad.flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) ? "no_write_workqueue" : "");
++				(cad.flags & CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) ? "no_write_workqueue" : "",
++				(cad.flags & CRYPT_ACTIVATE_HIGH_PRIORITY) ? "high_priority" : "");
+ 	}
+ out:
+ 	crypt_free(cd);
+@@ -3712,6 +3718,7 @@ int main(int argc, const char **argv)
+ 		{ "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option"), NULL },
+ 		{ "perf-no_read_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_read_workqueue,0,N_("Bypass dm-crypt workqueue and process read requests synchronously"), NULL },
+ 		{ "perf-no_write_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_write_workqueue,0,N_("Bypass dm-crypt workqueue and process write requests synchronously"), NULL },
++		{ "perf-high_priority",	'\0', POPT_ARG_NONE, &opt_perf_high_priority,	0, N_("Set dm-crypt workqueues and the writer thread to high priority"), NULL},
+ 		{ "deferred",          '\0', POPT_ARG_NONE, &opt_deferred_remove,       0, N_("Device removal is deferred until the last user closes it"), NULL },
+ 		{ "serialize-memory-hard-pbkdf", '\0', POPT_ARG_NONE, &opt_serialize_memory_hard_pbkdf, 0, N_("Use global lock to serialize memory hard PBKDF (OOM workaround)"), NULL },
+ 		{ "iter-time",         'i',  POPT_ARG_INT, &opt_iteration_time,         0, N_("PBKDF iteration time for LUKS (in ms)"), N_("msecs") },
+Index: cryptsetup-2.3.7/tests/device-test
+===================================================================
+--- cryptsetup-2.3.7.orig/tests/device-test
++++ cryptsetup-2.3.7/tests/device-test
+@@ -75,6 +75,9 @@ function dm_crypt_features()
+ 
+ 	[ $VER_MIN -lt 22 ] && return
+ 	DM_PERF_NO_WORKQUEUE=1
++
++	[ $VER_MIN -lt 26 ] && return
++	DM_PERF_HIGH_PRIORITY=1
+ }
+ 
+ function dm_crypt_keyring_support()
+@@ -157,11 +160,17 @@ else
+ 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ 	echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail
+ 	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+-		echo -n "no_read_workqueue no_write_workqueue"
++		echo -n "no_read_workqueue no_write_workqueue "
+ 		echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+ 	fi
++	if [ -n "$DM_PERF_HIGH_PRIORITY" ]; then
++	        echo -n "high_priority "
++	        echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-high_priority || fail
++	        $CRYPTSETUP status $DEV_NAME | grep -q high_priority || fail
++	fi
++
+ 	$CRYPTSETUP close $DEV_NAME || fail
+ 	echo
+ 
+@@ -187,11 +196,16 @@ else
+ 	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ 	echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
+ 	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+-		echo -n "no_read_workqueue no_write_workqueue"
++		echo -n "no_read_workqueue no_write_workqueue "
+ 		echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME  --perf-no_read_workqueue --perf-no_write_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+ 	fi
++	if [ -n "$DM_PERF_HIGH_PRIORITY" ]; then
++	        echo -n "high_priority "
++	        echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME  --perf-high_priority || fail
++	        $CRYPTSETUP status $DEV_NAME | grep -q high_priority || fail
++	fi
+ 	$CRYPTSETUP close $DEV_NAME || fail
+ 	echo
+ 
+@@ -249,7 +263,7 @@ else
+ 		$CRYPTSETUP status $DEV_NAME | grep -q keyring || fail
+ 	fi
+ 	if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
+-		echo -n "no_read_workqueue no_write_workqueue"
++		echo -n "no_read_workqueue no_write_workqueue "
+ 		echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue --persistent || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+@@ -258,6 +272,14 @@ else
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
+ 		$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+ 	fi
++	if [ -n "$DM_PERF_HIGH_PRIORITY" ]; then
++	        echo -n "high_priority "
++	        echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-high_priority --persistent || fail
++	        $CRYPTSETUP status $DEV_NAME | grep -q high_priority || fail
++	        $CRYPTSETUP close $DEV_NAME || fail
++	        echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
++	        $CRYPTSETUP status $DEV_NAME | grep -q high_priority || fail
++	fi
+ 	echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
+ 	$CRYPTSETUP close $DEV_NAME || fail
+ 	echo

cryptsetup.spec

@@ -5,7 +5,7 @@ Obsoletes: cryptsetup-python3
 Summary: A utility for setting up encrypted disks
 Name: cryptsetup
 Version: 2.3.7
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: Applications/System
 URL: https://gitlab.com/cryptsetup/cryptsetup
@@ -44,6 +44,7 @@ Patch16: %{name}-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patc
 Patch17: %{name}-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch
 Patch18: %{name}-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch
 Patch19: %{name}-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch
+Patch20: %{name}-2.7.2-WIP-Add-support-for-high-priority-dm-crypt-flag.patch
 
 %description
 The cryptsetup package contains a utility for setting up
@@ -118,6 +119,7 @@ can be used for offline reencryption of disk in situ.
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1
 %patch0 -p1
 chmod -x misc/dracut_90reencrypt/*
 
@@ -177,6 +179,10 @@ rm -rf %{buildroot}/%{_libdir}/*.la
 %clean
 
 %changelog
+* Wed Apr 10 2024 Daniel Zatovic <dzatovic@redhat.com> - 2.3.7-8
+- Scratch build for high-priority flag
+- patch: WIP: Add support for high-priority dm-crypt flag.
+
 * Tue Jul 11 2023 Ondrej Kozina <okozina@redhat.com> - 2.3.7-7
 - Rebuild due to missing CI environment
 - Resolves: #2212772 #2193342

gating.yaml

@@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+    - rhel-8
+decision_context: osci_compose_gate
+rules:
+    - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+    - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-x86_64.functional}
+    # Disabled because pull request ci does not build other architectures in brew.
+    # - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-other-archs.functional}

sources

@@ -0,0 +1,2 @@
+SHA512 (cryptsetup-2.3.7.tar.xz) = d209225c6f195f54c513904b71637bdadd47f3efc6227c61c15434a1467ddb76fe14123683a3d5e943ffa203ef33611f51b7c67bc1aed67d019a6aa552ea15ab
+SHA512 (tests.tar.xz) = 3154668ad4e481bf4e98afade202fc302fb72c595eea1bd374de7570ab15a2a9888743db491b812c4ba6006371adaaa0452315027e4ce2a6e6922cc640f47cf0

tests/.fmf/version

@@ -0,0 +1 @@
+1

tests/provision.fmf

@@ -0,0 +1,5 @@
+---
+standard-inventory-qcow2:
+    qemu:
+        m: 3G
+

tests/tests.yml

@@ -0,0 +1,28 @@
+- hosts: localhost
+  roles:
+  - role: standard-test-source
+    tags:
+    - classic
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - upstream_test_suite:
+        dir: source/tests
+        run: make -f Makefile.localtest tests
+    environment:
+        CRYPTSETUP_PATH: /sbin
+    required_packages:
+    - cryptsetup
+    - cryptsetup-devel
+    - integritysetup
+    - veritysetup
+    - gcc
+    - make
+    - kernel-headers
+    - device-mapper-devel
+    - expect
+    - keyutils
+    - jq
+    - vim-common
+    - sharutils