Debian Bug report logs -
#941051
cryptsetup: luksFormat crash with benbi IV generator and LUKS2 integrity option(s)
Reported by: Jerad Simpson <jbsimpson@gmail.com>
Date: Tue, 24 Sep 2019 01:27:02 UTC
Severity: normal
Found in version cryptsetup/2:2.1.0-5+deb10u2
Done: Guilhem Moulin <guilhem@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, jbsimpson@gmail.com, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Tue, 24 Sep 2019 01:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jerad Simpson <jbsimpson@gmail.com>:
New Bug report received and forwarded. Copy sent to jbsimpson@gmail.com, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Tue, 24 Sep 2019 01:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cryptsetup
Version: 2:2.1.0-5+deb10u2
Severity: normal
Dear Maintainer,
I have been toying around with LUKS2 integrity and have found a situation that
apparently leads to a "Killed" process or a segmentation fault which looks like
it is due to a NULL pointer dereference in my dmesg output.
This lead me to change some of my original luksFormat parameters from using
benbi for IV generation over to plain64be, which does seem to work. It also
makes me question whether benbi is a good or bad choice to use for a wide block
XTS mode, as I have been using for years. Any input? I'm no expert.
In short, this fails:
# cryptsetup luksFormat \
--cipher=twofish-xts-benbi \
--hash=sha512 \
--verify-passphrase \
--key-size=512 \
--use-random \
--type=luks2 \
--pbkdf=argon2id \
--pbkdf-memory=1048576 \
--pbkdf-parallel=4 \
--pbkdf-force-iterations=5 \
--integrity=hmac-sha256 \
--integrity-no-journal \
--sector-size=4096 \
/dev/kvmhost_vg/root
And, this works:
# cryptsetup luksFormat \
--cipher=twofish-xts-plain64be \
--hash=sha512 \
--verify-passphrase \
--key-size=512 \
--use-random \
--type=luks2 \
--pbkdf=argon2id \
--pbkdf-memory=1048576 \
--pbkdf-parallel=4 \
--pbkdf-force-iterations=5 \
--integrity=hmac-sha256 \
--integrity-no-journal \
--sector-size=4096 \
/dev/kvmhost_vg/root
Some more random information, for which feedback is always appreciated:
My rationale for using benbi might have always been way off base. I have been
known to use pvmove to "defrag" my lvm2 volumes in the past and have always
been worried about this somehow breaking my encryption. It never has broken
with benbi, and as I understood it, the IV counters would start at 1 and never
be tied directly to any physical harddrive sector. However, maybe LVM
"sectors," since this occurs before the encryption, is what the IVs have always
been based upon. Does anybody know if there is any truth in that? I have not
decided to "defrag" my lvm2 volumes in ages. In any case, I can live with
plain64 or plain64be, especially if I have been doing it wrong all along!
Mainly, I wanted maintainers to be aware of this crash.
Thank You,
Jerad Simpson
-- Package-specific info:
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_DIE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup depends on:
ii cryptsetup-initramfs 2:2.1.0-5+deb10u2
ii cryptsetup-run 2:2.1.0-5+deb10u2
cryptsetup recommends no packages.
cryptsetup suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Sun, 05 Jan 2020 18:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernhard Übelacker <bernhardu@mailbox.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Sun, 05 Jan 2020 18:21:03 GMT) (full text, mbox, link).
Message #10 received at 941051@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear Maintainer,
I just tried to reproduce the issue, but always
got a kernel oops instead of a usermode exception.
Therefore I guess this issue might be reassigned to src:linux?
By further looking it seems that in crypto_tfm_alg_blocksize
the __crt_alg member is dereferenced unconditionally while
containing a null pointer.
This could be reproduced in a minimal VM running
stable with 4.19.0-6-amd64 or unstable with 5.4.0-1-amd64.
Kind regards,
Bernhard
[Sa Jan 4 17:08:33 2020] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-3way)))
[Sa Jan 4 17:08:33 2020] BUG: kernel NULL pointer dereference, address: 0000000000000028
[Sa Jan 4 17:08:33 2020] #PF: supervisor read access in kernel mode
[Sa Jan 4 17:08:33 2020] #PF: error_code(0x0000) - not-present page
[Sa Jan 4 17:08:33 2020] PGD 0 P4D 0
[Sa Jan 4 17:08:33 2020] Oops: 0000 [#1] SMP NOPTI
[Sa Jan 4 17:08:33 2020] CPU: 7 PID: 4875 Comm: cryptsetup Not tainted 5.4.0-1-amd64 #1 Debian 5.4.6-1
[Sa Jan 4 17:08:33 2020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[Sa Jan 4 17:08:33 2020] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[Sa Jan 4 17:08:33 2020] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f b0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 a8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[debugging.txt (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Sun, 05 Jan 2020 19:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Milan Broz <gmazyland@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Sun, 05 Jan 2020 19:12:05 GMT) (full text, mbox, link).
Message #15 received at 941051@bugs.debian.org (full text, mbox, reply):
Hi,
this is an apparent bug in upstream kernel.
I fixed it in my git, please could you verify it works for you? Patch is in this branch:
https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/log/?h=dm-cryptsetup
(and let me know if you want to add reported-and-tested-by tag with your name)
Thanks for the report!
Milan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Mon, 06 Jan 2020 03:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernhard Übelacker <bernhardu@mailbox.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Mon, 06 Jan 2020 03:09:03 GMT) (full text, mbox, link).
Message #20 received at 941051@bugs.debian.org (full text, mbox, reply):
Hello Milan,
thanks for the fast response - I currently try to build a
package with your patch, but I guess this could take some time...
And I don't know what the usual approach is,
but the original reporter is probably Jerad?
(@Jerad maybe you could confirm your issue is the
same that I was seeing in dmesg?)
I hope the build finishes and I can report back then.
Kind regards,
Bernhard
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Mon, 06 Jan 2020 09:18:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Milan Broz <gmazyland@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Mon, 06 Jan 2020 09:18:02 GMT) (full text, mbox, link).
Message #25 received at 941051@bugs.debian.org (full text, mbox, reply):
I sent patch upstream, if you could, please reply directly to the dm-devel list:
https://www.redhat.com/archives/dm-devel/2020-January/msg00012.html
Thanks!
Milan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Mon, 06 Jan 2020 14:39:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Jerad Simpson <jbsimpson@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Mon, 06 Jan 2020 14:39:02 GMT) (full text, mbox, link).
Message #30 received at 941051@bugs.debian.org (full text, mbox, reply):
Thank you for the attention on this one. I have been away from home, but yes, it was a kernel oops in my logs, looking very similar, if not identical to what I've seen on the recent activity here. I can test patches in the next week or two.
Thanks Again,
On January 6, 2020 3:06:54 AM UTC, "Bernhard Übelacker" <bernhardu@mailbox.org> wrote:
>Hello Milan,
>thanks for the fast response - I currently try to build a
>package with your patch, but I guess this could take some time...
>
>And I don't know what the usual approach is,
>but the original reporter is probably Jerad?
>(@Jerad maybe you could confirm your issue is the
>same that I was seeing in dmesg?)
>
>I hope the build finishes and I can report back then.
>
>Kind regards,
>Bernhard
--
Jerad Simpson
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>:
Bug#941051; Package cryptsetup.
(Tue, 07 Jan 2020 13:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernhard Übelacker <bernhardu@mailbox.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>.
(Tue, 07 Jan 2020 13:00:03 GMT) (full text, mbox, link).
Message #35 received at 941051@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear Maintainer,
I rebuilt a linux-image package with the patch applied
and the submitters' cryptsetup command finished
without visible error to me.
(console output and dmesg in second half of attached file.)
Due to my limited knowledge of cryptsetup I guess Jerad
could better judge if the resulting device is working
properly afterwards.
Kind regards,
Bernhard
[debugging2.txt (text/plain, attachment)]
Reply sent
to Guilhem Moulin <guilhem@debian.org>:
You have taken responsibility.
(Fri, 05 Aug 2022 10:33:03 GMT) (full text, mbox, link).
Notification sent
to Jerad Simpson <jbsimpson@gmail.com>:
Bug acknowledged by developer.
(Fri, 05 Aug 2022 10:33:03 GMT) (full text, mbox, link).
Message #40 received at 941051-close@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Tue, 24 Sep 2019 at 01:23:45 +0000, Jerad Simpson wrote:
> In short, this fails:
>
> # cryptsetup luksFormat \
> --cipher=twofish-xts-benbi \
> --hash=sha512 \
> --verify-passphrase \
> --key-size=512 \
> --use-random \
> --type=luks2 \
> --pbkdf=argon2id \
> --pbkdf-memory=1048576 \
> --pbkdf-parallel=4 \
> --pbkdf-force-iterations=5 \
> --integrity=hmac-sha256 \
> --integrity-no-journal \
> --sector-size=4096 \
> /dev/kvmhost_vg/root
>
> And, this works:
>
> # cryptsetup luksFormat \
> --cipher=twofish-xts-plain64be \
> --hash=sha512 \
> --verify-passphrase \
> --key-size=512 \
> --use-random \
> --type=luks2 \
> --pbkdf=argon2id \
> --pbkdf-memory=1048576 \
> --pbkdf-parallel=4 \
> --pbkdf-force-iterations=5 \
> --integrity=hmac-sha256 \
> --integrity-no-journal \
> --sector-size=4096 \
> /dev/kvmhost_vg/root
Seems this was meanwhile fixed in linux 4.19.118-1 resp. 5.4.19-1, and upstream
since https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.103
resp. https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.19 .
I'm indeed unable to reproduce this in an up-to-date Buster/Bullseye/sid
VM.
--
Guilhem.
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 03 Sep 2022 07:27:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Aug 20 19:03:24 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.