Thread (34 messages) 34 messages, 8 authors, 2016-04-18

Re: Broken userspace crypto in linux-4.1.18

From: Sasha Levin <hidden>
Date: 2016-02-17 14:37:53
Also in: stable

On 02/17/2016 09:04 AM, Thomas D. wrote:
Hi,

something is broken with crypto in linux-4.1.18.

On my system I have two disks (sda and sdb), both encrypted with LUKS
(cipher=aes-xts-plain64).

My rootfs resides encrypted on sda2 (sda1 is an unencrypted boot
partition).
sdb has one full encrypted partition (sdb1) mounted in "/backup".

After I upgraded from linux-4.1.17 to linux-4.1.18 and rebooted I noticed
that my encrypted rootfs was opened successfully (must be my initramfs)
however opening sdb1 with key file failed:
Thanks for the report Thomas.

[...]
After I bisect the kernel I found the following bad commit:
quoted
commit 0571ba52a19e18a1c20469454231eef681cb1310
Author: Herbert Xu [off-list ref]
Date:   Wed Dec 30 11:47:53 2015 +0800

    crypto: af_alg - Disallow bind/setkey/... after accept(2)

    [ Upstream commit c840ac6af3f8713a71b4d2363419145760bd6044 ]

    Each af_alg parent socket obtained by socket(2) corresponds to a
    tfm object once bind(2) has succeeded.  An accept(2) call on that
    parent socket creates a context which then uses the tfm object.

    Therefore as long as any child sockets created by accept(2) exist
    the parent socket must not be modified or freed.

    This patch guarantees this by using locks and a reference count
    on the parent socket.  Any attempt to modify the parent socket will
    fail with EBUSY.
So either the upstream patch is broken, or the 4.1 backport is wrong/missing
dependency/missing fix.

Any chance you could try 4.5-rc3 and see if that works for you? That'll narrow
it down a lot.


Thanks,
Sasha
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help