* [PATCH] Re: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) [not found] ` <20200727160554.GG794331@ZenIV.linux.org.uk> @ 2020-07-27 16:13 ` Al Viro 2020-07-27 17:42 ` Nick Bowler 2020-07-27 18:22 ` [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() Al Viro 0 siblings, 2 replies; 4+ messages in thread From: Al Viro @ 2020-07-27 16:13 UTC (permalink / raw) To: Nick Bowler; +Cc: linux-kernel, David S. Miller, netdev On Mon, Jul 27, 2020 at 05:05:54PM +0100, Al Viro wrote: > On Thu, Jul 23, 2020 at 11:51:01AM -0400, Nick Bowler wrote: > > Hi, > > > > After installing Linux 5.8-rc6, it seems cryptsetup can no longer > > open LUKS volumes. Regardless of the entered passphrase (correct > > or otherwise), the result is a very unhelpful "Keyslot open failed." > > message. > > > > On the kernels which fail, I also noticed that the cryptsetup > > benchmark command appears to not be able to determine that any > > ciphers are available (output at end of message), possibly for > > the same reason. > > > > Bisected to the following commit, which suggests a problem specific > > to compat userspace (this is amd64 kernel). I tested both ia32 and > > x32 userspace to confirm the problem. Reverting this commit on top > > of 5.8-rc6 resolves the issue. > > > > Looking at strace output the failing syscall appears to be: > > > > sendmsg(8, {msg_name=NULL, msg_namelen=0, > > msg_iov=[{iov_base=..., iov_len=512}], msg_iovlen=1, > > msg_control=[{cmsg_len=16, cmsg_level=SOL_ALG, > > cmsg_type=0x3}, {cmsg_len=32, cmsg_level=SOL_ALG, > > cmsg_type=0x2}], msg_controllen=48, msg_flags=0}, 0) > > = -1 EINVAL (Invalid argument) > > Huh? Just in case - could you verify that on the kernel with that > commit reverted the same sendmsg() succeeds? Oh, fuck... Please see if the following fixes your reproducer; the braino is, of course, that instead of fetching ucmsg->cmsg_len into ucmlen we read the entire thing into cmsg. Other uses of ucmlen had been replaced with cmsg.cmsg_len; this one was missed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> --- diff --git a/net/compat.c b/net/compat.c index 5e3041a2c37d..434838bef5f8 100644 --- a/net/compat.c +++ b/net/compat.c @@ -202,7 +202,7 @@ int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk, /* Advance. */ kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp); - ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen); + ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, cmsg.cmsg_len); } /* ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Re: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) 2020-07-27 16:13 ` [PATCH] Re: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) Al Viro @ 2020-07-27 17:42 ` Nick Bowler 2020-07-27 18:22 ` [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() Al Viro 1 sibling, 0 replies; 4+ messages in thread From: Nick Bowler @ 2020-07-27 17:42 UTC (permalink / raw) To: Al Viro; +Cc: linux-kernel, David S. Miller, netdev On 2020-07-27, Al Viro <viro@zeniv.linux.org.uk> wrote: > On Mon, Jul 27, 2020 at 05:05:54PM +0100, Al Viro wrote: >> On Thu, Jul 23, 2020 at 11:51:01AM -0400, Nick Bowler wrote: >> > After installing Linux 5.8-rc6, it seems cryptsetup can no longer >> > open LUKS volumes. Regardless of the entered passphrase (correct >> > or otherwise), the result is a very unhelpful "Keyslot open failed." >> > message. [...] > Oh, fuck... Please see if the following fixes your reproducer; the braino > is, of course, that instead of fetching ucmsg->cmsg_len into ucmlen we read > the entire thing into cmsg. Other uses of ucmlen had been replaced with > cmsg.cmsg_len; this one was missed. > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > --- > diff --git a/net/compat.c b/net/compat.c > index 5e3041a2c37d..434838bef5f8 100644 > --- a/net/compat.c > +++ b/net/compat.c > @@ -202,7 +202,7 @@ int cmsghdr_from_user_compat_to_kern(struct msghdr > *kmsg, struct sock *sk, > > /* Advance. */ > kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp); > - ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen); > + ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, cmsg.cmsg_len); > } > > /* This patch appears to resolve the problem when applied on top of 5.8-rc7. Thanks, Nick ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() 2020-07-27 16:13 ` [PATCH] Re: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) Al Viro 2020-07-27 17:42 ` Nick Bowler @ 2020-07-27 18:22 ` Al Viro 2020-07-27 20:25 ` David Miller 1 sibling, 1 reply; 4+ messages in thread From: Al Viro @ 2020-07-27 18:22 UTC (permalink / raw) To: netdev; +Cc: linux-kernel, David S. Miller, Nick Bowler commit 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()") missed one of the places where ucmlen should've been replaced with cmsg.cmsg_len, now that we are fetching the entire struct rather than doing it field-by-field. As the result, compat sendmsg() with several different-sized cmsg attached started to fail with EINVAL. Trivial to fix, fortunately. Reported-by: Nick Bowler <nbowler@draconx.ca> Tested-by: Nick Bowler <nbowler@draconx.ca> Fixes: 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()") Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> --- diff --git a/net/compat.c b/net/compat.c index 5e3041a2c37d..434838bef5f8 100644 --- a/net/compat.c +++ b/net/compat.c @@ -202,7 +202,7 @@ int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk, /* Advance. */ kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp); - ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen); + ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, cmsg.cmsg_len); } /* ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() 2020-07-27 18:22 ` [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() Al Viro @ 2020-07-27 20:25 ` David Miller 0 siblings, 0 replies; 4+ messages in thread From: David Miller @ 2020-07-27 20:25 UTC (permalink / raw) To: viro; +Cc: netdev, linux-kernel, nbowler From: Al Viro <viro@zeniv.linux.org.uk> Date: Mon, 27 Jul 2020 19:22:20 +0100 > commit 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to > copy_from_user()") missed one of the places where ucmlen should've been > replaced with cmsg.cmsg_len, now that we are fetching the entire struct > rather than doing it field-by-field. > > As the result, compat sendmsg() with several different-sized cmsg > attached started to fail with EINVAL. Trivial to fix, fortunately. > > Reported-by: Nick Bowler <nbowler@draconx.ca> > Tested-by: Nick Bowler <nbowler@draconx.ca> > Fixes: 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()") > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Applied, thanks Al. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-07-27 20:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20200723155101.pnezpo574ot4qkzx@atlas.draconx.ca>
[not found] ` <20200727160554.GG794331@ZenIV.linux.org.uk>
2020-07-27 16:13 ` [PATCH] Re: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression) Al Viro
2020-07-27 17:42 ` Nick Bowler
2020-07-27 18:22 ` [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern() Al Viro
2020-07-27 20:25 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).