fix: data lost caused by Longhorn CSI plugin doing a wrong re-encrypt…

…ion of volume in rare race condition see more details at longhorn/longhorn-manager#3566 longhorn-10416 Signed-off-by: Phan Le <phan.le@suse.com>
PhanLe1010 · Feb 14, 2025 · 8380661 · 8380661
1 parent 5fafd2e
commit 8380661
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/ns/crypto.go b/ns/crypto.go
@@ -1,9 +1,11 @@
 package ns
 
 import (
+	"os/exec"
 	"time"
 
 	"github.com/longhorn/go-common-libs/types"
+	"github.com/pkg/errors"
 )
 
 // LuksOpen runs cryptsetup luksOpen with the given passphrase and
@@ -47,6 +49,23 @@ func (nsexec *Executor) LuksStatus(volume string, timeout time.Duration) (stdout
 	return nsexec.Cryptsetup(args, timeout)
 }
 
+func (nsexec *Executor) IsLuks(devicePath string, timeout time.Duration) (bool, error) {
+	args := []string{"isLuks", devicePath}
+	_, err := nsexec.Cryptsetup(args, timeout)
+	if err == nil {
+		return true, nil
+	}
+	var exitErr *exec.ExitError
+	if errors.As(err, &exitErr) {
+		if exitErr.ExitCode() == 1 {
+			// The device is not encrypted if exit code of 1 is returned
+			// Ref https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md?plain=1#L2848
+			return false, nil
+		}
+	}
+	return false, err
+}
+
 // Cryptsetup runs cryptsetup without passphrase. It will return
 // 0 on success and a non-zero value on error.
 func (nsexec *Executor) Cryptsetup(args []string, timeout time.Duration) (stdout string, err error) {