[dm-crypt] ioctl missing

[dm-crypt] ioctl missing

[Benoît Kuhn]

[-- Attachment #1: Type: text/plain, Size: 1621 bytes --]

Hi,

I hope that you can help me, I am working with thin clients on ThinStation
distribution. I would like to integrate cryptsetup with luks extension in
this OS to open encrypted partitions (in my case, a partition on an USB
stick). So I compiled the last version of cryptsetup available on CRUX. I
included also all (I think it's all...) packages needed by cryptsetup.
So here are packages that I have on my OS, Cryptsetup, popt, gettext,
libgcrypt, libdevmapper, util-linux-ng and lvm2. The
library libgpg-error.so.0 is charged automatically when I compile my OS.

My problem is when I start my OS and try to launch the command "cryptsetup
luksOpen /dev/devicename nameoflocation", it asks me the passphrase and
after having enter anything (I mean whatever the password, if it is good or
wrong), I have the following message "device-mapper: reload ioctl failde:
No such file or directory".

So I compared the following command my own system (Ubuntu 12.04 LTS i386)
and on ThinStation : "ldd path/cryptsetup" and I obtain 2 more libraries on
my system which are libdl.so.2 (that I have on ThinStation but not yet
associate to cryptsetup) and libselinux.so.1 that doesn't appear on
ThinStation.

I also have the possibility to compile my OS with the option allmodules.
That fix apparently the "ioctl" error but nothing append... I mean that I
enter a password when it asks me and whatever the password nothing append,
it looks like a no and loop during the verification of the password.

Also I tested other luks options but I have the same problem...

If you have any idea, it will be very great! :)

Thank you

Benoit

[-- Attachment #2: Type: text/html, Size: 1893 bytes --]

Re: [dm-crypt] ioctl missing

[Milan Broz]

On 07/24/2012 11:23 AM, Benoît Kuhn wrote:

> My problem is when I start my OS and try to launch the command
> "cryptsetup luksOpen /dev/devicename nameoflocation", it asks me the
> passphrase and after having enter anything (I mean whatever the
> password, if it is good or wrong), I have the following message
> "device-mapper: reload ioctl failde: No such file or directory".

Please add --debug and post output.

But I guess you have misconfigured libdevmapper library.
If compiled with udev support, it requires some udev rules to be installed,
other wise it cannnot create device node.

Milan

Re: [dm-crypt] ioctl missing

[Laurence Darby]

Milan Broz wrote:

> On 07/24/2012 11:23 AM, Benoît Kuhn wrote:
> 
> > My problem is when I start my OS and try to launch the command
> > "cryptsetup luksOpen /dev/devicename nameoflocation", it asks me the
> > passphrase and after having enter anything (I mean whatever the
> > password, if it is good or wrong), I have the following message
> > "device-mapper: reload ioctl failde: No such file or directory".
> 
> Please add --debug and post output.
> 
> But I guess you have misconfigured libdevmapper library.
> If compiled with udev support, it requires some udev rules to be
> installed, other wise it cannnot create device node.
> 


I've got this problem as well after upgrading to linux 3.5, while 3.0.1
works fine, so this is probably bisectable...  The full output is:

 cryptsetup --debug luksOpen /boot/data data
# cryptsetup 1.4.3 processing "cryptsetup --debug luksOpen /boot/data
# data" Running command luksOpen.
# Locking memory.
# Allocating crypt device /boot/data context.
# Not a block device, using free loop device /dev/loop0.
# Trying to open and read device /dev/loop0.
# Initialising device-mapper backend, UDEV is enabled.
# Detected dm-crypt version 1.11.0, dm-ioctl version 4.22.0.
# Trying to load LUKS1 crypt type from device /dev/loop0.
# Crypto backend (gcrypt 1.4.6) initialized.
# Reading LUKS header of size 1024 from device /dev/loop0
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume data [keyslot -1] using [none] passphrase.
# dm status data  OF   [16384]
# Interactive passphrase entry requested.
Enter passphrase for /boot/data: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-24275
# Udev cookie 0xd4d0df3 (semid 196609) created
# Udev cookie 0xd4d0df3 (semid 196609) incremented
# Udev cookie 0xd4d0df3 (semid 196609) incremented
# Udev cookie 0xd4d0df3 (semid 196609) assigned to dm_task type 0 with
# flags 0xe dm create temporary-cryptsetup-24275
# CRYPT-TEMP-temporary-cryptsetup-24275 OF   [16384] dm reload
# temporary-cryptsetup-24275  OFW    [16384]
device-mapper: reload ioctl failed: No such file or directory
# Udev cookie 0xd4d0df3 (semid 196609) decremented
# Udev cookie 0xd4d0df3 (semid 196609) incremented
# Udev cookie 0xd4d0df3 (semid 196609) assigned to dm_task type 2 with
# flags 0xe dm remove temporary-cryptsetup-24275  OFW    [16384]
# temporary-cryptsetup-24275: Stacking NODE_DEL (replaces other stacked
# ops) Udev cookie 0xd4d0df3 (semid 196609) decremented
# Udev cookie 0xd4d0df3 (semid 196609): Waiting for zero
# Udev cookie 0xd4d0df3 (semid 196609) destroyed
Failed to setup dm-crypt key mapping for device /dev/loop0.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog
for more info). Failed to read from key storage.


and dmesg says:
[45852.267229] device-mapper: table: 252:0: crypt: Error creating IV
[45852.267232] device-mapper: ioctl: error adding target to table

Strace of cryptsetup shows:

...
09:18:49.677631 write(7, "Enter passphrase for /boot/data: ", 33Enter passphrase for /boot/data: ) = 33
09:18:49.677689 ioctl(7, SNDCTL_TMR_CONTINUE or TCSETSF, {c_iflags=0x500, c_oflags=0x5, c_cflags=0xbf, c_lflags=0x8a33, c_line=0, c_cc="\x03\x1c\x7f\x15\x04\x00\x01\x00\x11\x13\x1a\x00\x12\x0f\x17\x16\x00\x00\x00"}) = 0
09:18:49.677752 read(7, "asdf\n", 512) = 6 [NOT my passphrase, same thing happens either way]
09:18:53.767150 ioctl(7, SNDCTL_TMR_CONTINUE or TCSETSF, {c_iflags=0x500, c_oflags=0x5, c_cflags=0xbf, c_lflags=0x8a3b, c_line=0, c_cc="\x03\x1c\x7f\x15\x04\x00\x01\x00\x11\x13\x1a\x00\x12\x0f\x17\x16\x00\x00\x00"}) = 0
09:18:53.767224 write(7, "\n", 1
)       = 1
09:18:53.767266 close(7)                = 0
09:18:54.718838 rt_sigaction(SIGINT, {0xb76c43c0, [INT], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
09:18:54.718924 open("/dev/loop0", O_RDONLY|O_LARGEFILE) = 7
09:18:54.718966 ioctl(7, BLKSSZGET, 0xbf96803c) = 0
09:18:54.718992 close(7)                = 0
09:18:54.719039 open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 7
09:18:54.719077 read(7, "\262\277", 2)  = 2
09:18:54.719114 semget(0xd4dbfb2, 1, IPC_CREAT|IPC_EXCL|0600) = 229377
09:18:54.719146 semctl(229377, 0, IPC_64|SETVAL, 0xbf967e44) = 0
09:18:54.719177 close(7)                = 0
09:18:54.719206 semop(229377, {{0, 1, 0}}, 1) = 0
09:18:54.719243 open("/dev/loop0", O_RDONLY|O_LARGEFILE) = 7
09:18:54.719276 ioctl(7, BLKRAGET, 0xbf967f1c) = 0
09:18:54.719300 close(7)                = 0
09:18:54.719331 brk(0x9d22000)          = 0x9d22000
09:18:54.719435 ioctl(3, DM_DEV_CREATE, 0x9cfd8c8) = 0
09:18:54.719588 brk(0x9d1e000)          = 0x9d1e000
09:18:54.719630 ioctl(3, DM_TABLE_LOAD, 0x9cfd840) = -1 ENOENT (No such file or directory)
...

Let me know if I should try bisecting the kernel versions.

Regards,
Laurence

Re: [dm-crypt] ioctl missing

[Milan Broz]

On 08/01/2012 10:32 AM, Laurence Darby wrote:

> I've got this problem as well after upgrading to linux 3.5, while 3.0.1
> works fine, so this is probably bisectable...  The full output is:

no need to bisect, it is missing some crypto module in kernel

> [45852.267229] device-mapper: table: 252:0: crypt: Error creating IV
> [45852.267232] device-mapper: ioctl: error adding target to table

means that kernel(dmcrypt) cannot initialize some crypto primitive.

"Check that kernel supports aes-cbc-essiv:sha256 cipher" is clear,
check you have AES, CBC mode and SHA256 crypto compiled in!

(I guess sha256 is missing for some reason.)

Milan

Re: [dm-crypt] ioctl missing

[Laurence Darby]

Milan Broz wrote:

> 
> "Check that kernel supports aes-cbc-essiv:sha256 cipher" is clear,
> check you have AES, CBC mode and SHA256 crypto compiled in!
> 
> (I guess sha256 is missing for some reason.)
> 


Doh...  I didn't trust that error message because I knew my kernel
config had support for all the ciphers needed, I had added it as a
module when I first started using cryptsetup ages ago, to avoid
rebooting, but normally I run with everything built-in, and I forgot I
still had that as a module, so I didn't run make modules_install for
the new kernel... :(

Laurence