From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu, 23 Jul 2015 20:04:57 +0200 (CEST)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1ZIKcx-0004jt-O7
 for dm-crypt@saout.de; Thu, 23 Jul 2015 19:49:51 +0200
Received: from c-50-158-72-35.hsd1.il.comcast.net ([50.158.72.35])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Thu, 23 Jul 2015 19:49:51 +0200
Received: from rnicholsNOSPAM by c-50-158-72-35.hsd1.il.comcast.net with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Thu, 23 Jul 2015 19:49:51 +0200
From: Robert Nichols <rnicholsNOSPAM@comcast.net>
Date: Thu, 23 Jul 2015 12:49:42 -0500
Message-ID: <mor9fn$l6d$1@ger.gmane.org>
References: <55AF9E9C.4040300@babioch.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <55AF9E9C.4040300@babioch.de>
Subject: Re: [dm-crypt] cryptsetup-reencrypt: Specifying device size
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 07/22/2015 08:46 AM, Karol Babioch wrote:
> Hi list,
>
> I'm wondering how safe it is to specify a device size when re-encrypting
> a block device using cryptsetup-reencrypt. In particular I would like to
> know if specifying a size smaller than the underlying block device might
> actually corrupt data?
>
> The man page mentions some warnings in regards to this option. In our
> use case the underlying block device is ~ 100G, while only 11G are
> actually used by filesystems on top of the block device. To speed things
> up we were thinking about a device size, e.g. something like 16G, so not
> the whole device needs to be re-encrypted.

I hope you are NOT saying that you have a filesystem larger than 16G
there but 'du" reports that only 11G are used. If that were the case,
then reencrypting just 16G would mean guaranteed destruction of the
filesystem.

You can test what would happen quite easily. Use "cryptsetup resize ..."
to _temporarily_ limit the active mapping to 16GB. Then see if "fsck"
still reports that all filesystem are OK. If so, then you can safely
reencrypt just the first 16GB. If "fsck" complains about any
filesystems, just close the container ("cryptsetup remove ...") and no
damage is done. LUKS does not permanently record the size of the
container; it will always default to the size of the underlying device
or partition.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.