[dm-crypt] inconsistency in opening multiple mappers on the same device

[dm-crypt] inconsistency in opening multiple mappers on the same device

[.. ink ..]

I read the announcement of 1.4.3 and decided to do a simple test on
opening multiple mappers on the same device and this is what i found
out:

test using cryptsetup 1.4.3

[root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
[root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
Device zzz already exists.
[root@mtz ink]# echo -n xxx | cryptsetup create yyy xxx

[root@mtz ink]# ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 May 29 14:46 control
lrwxrwxrwx 1 root root       7 May 31 18:01 yyy -> ../dm-1
lrwxrwxrwx 1 root root       7 May 31 18:01 zzz -> ../dm-0

[root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/zzz
/home/ink/xxx
[root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/yyy
/home/ink/xxx
[root@mtz ink]#

It looks like by default, cryptsetup does not allow opening more than
one mapper on the same device bu it only checks the mapper name, not
the device behind the mapper and hence it allows opening of multiple
mappers on the same device as long as they use a different mapper
name.

The same behavior is there in luks based volume

Also,shouldnt  the error say mapper name since the check is on the
mapper,not the device behind the mapper.

Re: [dm-crypt] inconsistency in opening multiple mappers on the same device

[Arno Wagner]

Of course you cannot have two mappings on the same name.
The collision is not for the mapping, but for the name!
How would you even address a mapping if you had several on
the same /dev/mapper/<...> entry? That would be like
having several different files under the same file name.

Arno


On Thu, May 31, 2012 at 06:12:02PM -0400, .. ink .. wrote:
> I read the announcement of 1.4.3 and decided to do a simple test on
> opening multiple mappers on the same device and this is what i found
> out:
> 
> test using cryptsetup 1.4.3
> 
> [root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
> [root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
> Device zzz already exists.
> [root@mtz ink]# echo -n xxx | cryptsetup create yyy xxx
> 
> [root@mtz ink]# ls -l /dev/mapper/
> total 0
> crw------- 1 root root 10, 236 May 29 14:46 control
> lrwxrwxrwx 1 root root       7 May 31 18:01 yyy -> ../dm-1
> lrwxrwxrwx 1 root root       7 May 31 18:01 zzz -> ../dm-0
> 
> [root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/zzz
> /home/ink/xxx
> [root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/yyy
> /home/ink/xxx
> [root@mtz ink]#
> 
> It looks like by default, cryptsetup does not allow opening more than
> one mapper on the same device bu it only checks the mapper name, not
> the device behind the mapper and hence it allows opening of multiple
> mappers on the same device as long as they use a different mapper
> name.
> 
> The same behavior is there in luks based volume
> 
> Also,shouldnt  the error say mapper name since the check is on the
> mapper,not the device behind the mapper.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] inconsistency in opening multiple mappers on the same device

[Milan Broz]

On 06/01/2012 12:12 AM, .. ink .. wrote:
> It looks like by default, cryptsetup does not allow opening more than
> one mapper on the same device bu it only checks the mapper name, not
> the device behind the mapper and hence it allows opening of multiple
> mappers on the same device as long as they use a different mapper
> name.

No. Try it with real device. (Loop devices are strange, losetup
allows you to map more loopback devices to one file. It was
always the same here, try it with previous version...)

It is basically about this:

By default, cryptsetup require exclusive access to underlying device:

# echo xxx | src/cryptsetup create x /dev/sdb x
# echo xxx | src/cryptsetup create y /dev/sdb x
Cannot use device /dev/sdb which is in use (already mapped or mounted).

With --shared it allows to use the same (already used) underlying device
# echo xxx | src/cryptsetup create y /dev/sdb x --shared

Obviously you cannot have the same mapping name...

Milan

Re: [dm-crypt] inconsistency in opening multiple mappers on the same device

[Javier Juan Martínez Cabezón]

On 01/06/12 00:12, .. ink .. wrote:
> I read the announcement of 1.4.3 and decided to do a simple test on
> opening multiple mappers on the same device and this is what i found
> out:
> 
> test using cryptsetup 1.4.3
> 
> [root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
> [root@mtz ink]# echo -n xxx | cryptsetup create zzz xxx
> Device zzz already exists.
> [root@mtz ink]# echo -n xxx | cryptsetup create yyy xxx
> 
> [root@mtz ink]# ls -l /dev/mapper/
> total 0
> crw------- 1 root root 10, 236 May 29 14:46 control
> lrwxrwxrwx 1 root root       7 May 31 18:01 yyy -> ../dm-1
> lrwxrwxrwx 1 root root       7 May 31 18:01 zzz -> ../dm-0
> 
> [root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/zzz
> /home/ink/xxx
> [root@mtz ink]# zuluCrypt-cli -P -d /dev/mapper/yyy
> /home/ink/xxx
> [root@mtz ink]#
> 
> It looks like by default, cryptsetup does not allow opening more than
> one mapper on the same device bu it only checks the mapper name, not
> the device behind the mapper and hence it allows opening of multiple
> mappers on the same device as long as they use a different mapper
> name.
> 
> The same behavior is there in luks based volume
> 
> Also,shouldnt  the error say mapper name since the check is on the
> mapper,not the device behind the mapper.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

The default behaviour is to forbid it. As Milan said you need --shared
flag to "avoid" it.

Please check note issue 123 and Milan answer about the "safety" of
--shared use.

You shall create linear mappings under raw cryptsetup created devices
and work under this linear mappings and not with the cryptsetup raw
created one when using --shared flag.

Re: [dm-crypt] inconsistency in opening multiple mappers on the same device

[.. ink ..]

> Of course you cannot have two mappings on the same name.
> The collision is not for the mapping, but for the name!
> How would you even address a mapping if you had several on
> the same /dev/mapper/<...> entry? That would be like
> having several different files under the same file name.

computer 101, you cannot have more than one instance of a name in the
same folder. Why didnt i think of that? :-) But still, if cryptsetup
complaint is on duplicate mapper name, the error should talk about
mapper name, not device.

The error should have said "mapper name zzz already exist", not
"device zzz already exist".

Re: [dm-crypt] inconsistency in opening multiple mappers on the same device

[Milan Broz]

On 06/01/2012 02:47 PM, .. ink .. wrote:
> The error should have said "mapper name zzz already exist", not
> "device zzz already exist".

Device-mapper create block DEVICES. "mapper name" means nothing,
It is "device-mapper device name" if you want to be precise.

Milan