From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <karol@babioch.de>
Received: from babioch.de (babioch.de [IPv6:2a01:4f8:151:7ffd::1])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Wed, 22 Jul 2015 15:52:38 +0200 (CEST)
Received: from [10.200.69.110] (unknown [149.14.88.27])
 by babioch.de (Postfix) with ESMTPSA id BE9984001C
 for <dm-crypt@saout.de>; Wed, 22 Jul 2015 15:46:08 +0200 (CEST)
From: Karol Babioch <karol@babioch.de>
Message-ID: <55AF9E9C.4040300@babioch.de>
Date: Wed, 22 Jul 2015 15:46:04 +0200
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="pvDUxxW64n8GCNU3XNtIH4xOCicLTrM03"
Subject: [dm-crypt] cryptsetup-reencrypt: Specifying device size
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pvDUxxW64n8GCNU3XNtIH4xOCicLTrM03
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi list,

I'm wondering how safe it is to specify a device size when re-encrypting
a block device using cryptsetup-reencrypt. In particular I would like to
know if specifying a size smaller than the underlying block device might
actually corrupt data?

The man page mentions some warnings in regards to this option. In our
use case the underlying block device is ~ 100G, while only 11G are
actually used by filesystems on top of the block device. To speed things
up we were thinking about a device size, e.g. something like 16G, so not
the whole device needs to be re-encrypted.

I'm not familiar enough with the LUKS internals, but I'm pretty sure
that it is not filesystem aware, so it will only reencrypt the first
16GB of the device, while LVM and any filesystems may actually put data
anywhere on the device.

So am I right in assuming that providing a device size smaller than the
actual block device size might lead to data corruption or is it safe to
use it in the way described above?

Best regards,
Karol Babioch


--pvDUxxW64n8GCNU3XNtIH4xOCicLTrM03
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVr56dAAoJEHSaZc1HnzIV2sYP/RZdY5QUK8vOCCWP0bWNx01r
6pTYPTLJa4IqjyZgxkw9acXmlI3R5g+mKeoaAySo6b4if0RPZUIud6kIIC2YZQZ9
EJSRsa/ZX2CenTi6v+GazUHU73nYnKUgjDpBG0TvT7m5J9gaLa53yHE9/KQRaLi3
tczbKVpYnC9vbbrjtxf6eGyoUbIExGtyNJWkXeYz1kPlg+bR8AzG2THdMggGY1F5
bCGC1v6+HLll2c2vK0EeCVEj0NxoSPiESPVjbXyeuZ1BojpskeZqr5XzdTxz+43v
+qL59Jnec63ggwUqTL63zCROkTOBWlJD7eBgBjBDsL2ShenKuFiMH6GbpB9S62Al
u2juChQUzbu8GX2yNDQwnIir5DWJaayKVhoamBPrt5GiAhFz4mbxKf/ojuhbh82z
sduiQzjzUKf4ihaIaQA/X/KFhHVtA085Y4Os1nprmQQzO4+IR5opufQdDNC0l9Gj
Z+2QgBVqsj8SaPVUSYHEKs9IM5+LaHKskj392QV+f+EoaxqOBCN6gE+a1yYvgmCb
fEcqhFcyquvukf0oYtictg7mdK4V++s1FZyRaubQAkwVSqgDUEbkvYT6403MXHcL
gEsQ/JYiYJ/YdODOOlFTz6pDDItGjsaa+NiKtr9HYRocmg3rWMUkIJaGS3bK9X0R
DhpF+qhwdcfkVjNfqNAh
=xSNP
-----END PGP SIGNATURE-----

--pvDUxxW64n8GCNU3XNtIH4xOCicLTrM03--