Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1442249ybh; Thu, 23 Jul 2020 09:01:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoXjQ1D2GZe0/0LYCDcaLrz+CuP14FUxRsZ5wYjV3EwjaXpxPDMWklNy60aplNt64mbTxs X-Received: by 2002:a17:906:1d5b:: with SMTP id o27mr5280816ejh.367.1595520100476; Thu, 23 Jul 2020 09:01:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595520100; cv=none; d=google.com; s=arc-20160816; b=TQSLXg5JfRX/hgPaP1Iip7oiKIEAkK4p0kgQPLhNfKSXz13mayw7M6zALxBadvNGWG X97gIl3DFnKd2OpsAcDXT1hduX5rF442HgktwA+pWZJxVuWHab+zjN6hlrMl9mwmQ74R sXzLuajjAO/+bj12X8yZurZddlOc22TYgBjALO9L20o8542SLjAIrJjnp8h66xiB2LYV gWLKaIGyIU8tua+YDylsAGdZtDK0qXuUVT9L0GqGIae60fKxcWhu8LvYc+yLtSpDF/DC rCQvLkBblUf/gHxmaOkdzQGYlbYQY048nj47FavDMNbpRh9j6o1WpVA6VrHESq3zFb97 8CSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date; bh=NnTfemstaqzyE4U/FUseSB0cc0HdlAO9SObeidwT/EY=; b=Inhlbz7O3ViUqGd5K9s2Cir12jTdejkGFgc42v4Urb/HfWAFZi2d2sqv453rQ+OaoO Aj1LuQwqLTjcyp+/3zYA/UiGO545hW1VuR6qDr4dV/7r2h/+9TODGcPa7peTk3SZ0b1b 9+1tBtjpPJomriQPH4AxBEwriGN1oBzJG3WfDleTbyJEIaUkH1UPmfxMOUsqmL0+25sR 0vOoq8uQrHvj2Crebc4RfxzMtAkAJLZMXdA6KAuJSkHCteut0pJtVeKhZBHGN5aT52Ah M48a4jkIAO7Z3m5INkaRmDzVvf801qs1gQBfmM4jdPy0JQaxbeHeqmAvMA8o2up0nANZ LpGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dt21si2158148ejb.402.2020.07.23.09.01.16; Thu, 23 Jul 2020 09:01:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728321AbgGWQAe (ORCPT + 99 others); Thu, 23 Jul 2020 12:00:34 -0400 Received: from mta01.start.ca ([162.250.196.97]:54702 "EHLO mta01.start.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726632AbgGWQAe (ORCPT ); Thu, 23 Jul 2020 12:00:34 -0400 X-Greylist: delayed 566 seconds by postgrey-1.27 at vger.kernel.org; Thu, 23 Jul 2020 12:00:33 EDT Received: from mta01.start.ca (localhost [127.0.0.1]) by mta01.start.ca (Postfix) with ESMTP id 7B14D41FCE; Thu, 23 Jul 2020 11:51:06 -0400 (EDT) Received: from localhost (dhcp-24-53-240-163.cable.user.start.ca [24.53.240.163]) by mta01.start.ca (Postfix) with ESMTPS id 2724941BB3; Thu, 23 Jul 2020 11:51:02 -0400 (EDT) Date: Thu, 23 Jul 2020 11:51:01 -0400 From: Nick Bowler To: linux-kernel@vger.kernel.org Cc: Al Viro , "David S. Miller" Subject: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) Message-ID: <20200723155101.pnezpo574ot4qkzx@atlas.draconx.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20180716 X-Virus-Scanned: ClamAV using ClamSMTP Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, After installing Linux 5.8-rc6, it seems cryptsetup can no longer open LUKS volumes. Regardless of the entered passphrase (correct or otherwise), the result is a very unhelpful "Keyslot open failed." message. On the kernels which fail, I also noticed that the cryptsetup benchmark command appears to not be able to determine that any ciphers are available (output at end of message), possibly for the same reason. Bisected to the following commit, which suggests a problem specific to compat userspace (this is amd64 kernel). I tested both ia32 and x32 userspace to confirm the problem. Reverting this commit on top of 5.8-rc6 resolves the issue. Looking at strace output the failing syscall appears to be: sendmsg(8, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=..., iov_len=512}], msg_iovlen=1, msg_control=[{cmsg_len=16, cmsg_level=SOL_ALG, cmsg_type=0x3}, {cmsg_len=32, cmsg_level=SOL_ALG, cmsg_type=0x2}], msg_controllen=48, msg_flags=0}, 0) = -1 EINVAL (Invalid argument) where fd 8 is the descriptor received after "accept" from the AF_ALG socket bound to the skcipher algorithm. 547ce4cfb34cdecfa0ee19c29a5510329a7ac802 is the first bad commit commit 547ce4cfb34cdecfa0ee19c29a5510329a7ac802 Author: Al Viro Date: Sun May 31 02:06:55 2020 +0100 switch cmsghdr_from_user_compat_to_kern() to copy_from_user() no point getting compat_cmsghdr field-by-field Signed-off-by: Al Viro Signed-off-by: David S. Miller net/compat.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) # cryptsetup open /dev/nvme0n1p2 test Enter passphrase for /dev/nvme0n1p2: Keyslot open failed. # cryptsetup benchmark # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 362077 iterations per second for 256-bit key PBKDF2-sha256 503155 iterations per second for 256-bit key PBKDF2-sha512 396586 iterations per second for 256-bit key PBKDF2-ripemd160 283398 iterations per second for 256-bit key PBKDF2-whirlpool 159649 iterations per second for 256-bit key argon2i 4 iterations, 111601 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 4 iterations, 112215 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b N/A N/A serpent-cbc 128b N/A N/A twofish-cbc 128b N/A N/A aes-cbc 256b N/A N/A serpent-cbc 256b N/A N/A twofish-cbc 256b N/A N/A aes-xts 256b N/A N/A serpent-xts 256b N/A N/A twofish-xts 256b N/A N/A aes-xts 512b N/A N/A serpent-xts 512b N/A N/A twofish-xts 512b N/A N/A Cheers, -- Nick Bowler