diff --git a/man/veritysetup.8.adoc b/man/veritysetup.8.adoc index d6a1aba6c..3b7618a58 100644 --- a/man/veritysetup.8.adoc +++ b/man/veritysetup.8.adoc @@ -58,7 +58,8 @@ The is a hexadecimal string. ** can be [--hash-offset, --no-superblock, --ignore-corruption or --restart-on-corruption, --panic-on-corruption, --ignore-zero-blocks, ---check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets]. +--check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets, +--shared]. If option --root-hash-file is used, the root hash is read from instead of from the command line parameter. Expects hex-encoded text, @@ -223,6 +224,11 @@ recent. *--salt=hex string*:: Salt used for format or verification. Format is a hexadecimal string. +*--shared*:: +Allows data device to be used in shared mode. The data device is not checked +for exclusive access in-before the device activation and may be mapped in multiple +verity mappings. + *--usage*:: Show short option help. diff --git a/src/veritysetup.c b/src/veritysetup.c index f7c9c05aa..20181526b 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -173,6 +173,8 @@ static int _activate(const char *dm_device, activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; if (ARG_SET(OPT_USE_TASKLETS_ID)) activate_flags |= CRYPT_ACTIVATE_TASKLETS; + if (ARG_SET(OPT_SHARED_ID)) + activate_flags |= CRYPT_ACTIVATE_SHARED; if (!ARG_SET(OPT_NO_SUPERBLOCK_ID)) { params.flags = flags; diff --git a/src/veritysetup_arg_list.h b/src/veritysetup_arg_list.h index 69df9dfa6..7e8dfb37f 100644 --- a/src/veritysetup_arg_list.h +++ b/src/veritysetup_arg_list.h @@ -50,6 +50,8 @@ ARG(OPT_ROOT_HASH_SIGNATURE, '\0', POPT_ARG_STRING, N_("Path to root hash signat ARG(OPT_SALT, 's', POPT_ARG_STRING, N_("Salt"), N_("hex string"), CRYPT_ARG_STRING, {}, {}) +ARG(OPT_SHARED, '\0', POPT_ARG_NONE, N_("Share data device with another verity segment"), NULL, CRYPT_ARG_BOOL, {}, OPT_SHARED_ACTIONS ) + ARG(OPT_USE_TASKLETS, '\0', POPT_ARG_NONE, N_("Use kernel tasklets for performance"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_TASKLETS_ACTIONS) ARG(OPT_UUID, '\0', POPT_ARG_STRING, N_("UUID for device to use"), NULL, CRYPT_ARG_STRING, {}, {}) diff --git a/src/veritysetup_args.h b/src/veritysetup_args.h index f9e7b228c..bb2e302c4 100644 --- a/src/veritysetup_args.h +++ b/src/veritysetup_args.h @@ -27,6 +27,7 @@ #define OPT_ROOT_HASH_FILE_ACTIONS { FORMAT_ACTION, OPEN_ACTION, VERIFY_ACTION } #define OPT_ROOT_HASH_SIGNATURE_ACTIONS { OPEN_ACTION } #define OPT_USE_TASKLETS_ACTIONS { OPEN_ACTION } +#define OPT_SHARED_ACTIONS { OPEN_ACTION } enum { OPT_UNUSED_ID = 0, diff --git a/tests/verity-compat-test b/tests/verity-compat-test index c415cd908..e58c7bc81 100755 --- a/tests/verity-compat-test +++ b/tests/verity-compat-test @@ -419,8 +419,8 @@ function check_concurrent() # $1 hash # not gracefully recoverable. Either could fail depending on scheduling, so just check that # the libdevmapper error does not appear in either of the outputs. cat /dev/null >$DEV_OUT - $VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 & - $VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 & + $VERITYSETUP create -v --shared $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 & + $VERITYSETUP create -v --shared $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 & wait grep -q "Command failed with code .* (wrong or missing parameters)" $DEV_OUT && fail grep -q "Command failed with code .* (wrong device or file specified)." $DEV_OUT && fail