From: Sasha Levin <sasha.levin@oracle.com>
To: "Thomas D." <whissi@whissi.de>, herbert@gondor.apana.org.au
Cc: dvyukov@google.com,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
linux-crypto@vger.kernel.org
Subject: Re: Broken userspace crypto in linux-4.1.18
Date: Wed, 17 Feb 2016 09:37:30 -0500 [thread overview]
Message-ID: <56C485AA.5060303@oracle.com> (raw)
In-Reply-To: <56C47DF9.6030704@whissi.de>
On 02/17/2016 09:04 AM, Thomas D. wrote:
> Hi,
>
> something is broken with crypto in linux-4.1.18.
>
> On my system I have two disks (sda and sdb), both encrypted with LUKS
> (cipher=aes-xts-plain64).
>
> My rootfs resides encrypted on sda2 (sda1 is an unencrypted boot
> partition).
> sdb has one full encrypted partition (sdb1) mounted in "/backup".
>
> After I upgraded from linux-4.1.17 to linux-4.1.18 and rebooted I noticed
> that my encrypted rootfs was opened successfully (must be my initramfs)
> however opening sdb1 with key file failed:
Thanks for the report Thomas.
[...]
> After I bisect the kernel I found the following bad commit:
>
>> commit 0571ba52a19e18a1c20469454231eef681cb1310
>> Author: Herbert Xu <herbert@gondor.apana.org.au>
>> Date: Wed Dec 30 11:47:53 2015 +0800
>>
>> crypto: af_alg - Disallow bind/setkey/... after accept(2)
>>
>> [ Upstream commit c840ac6af3f8713a71b4d2363419145760bd6044 ]
>>
>> Each af_alg parent socket obtained by socket(2) corresponds to a
>> tfm object once bind(2) has succeeded. An accept(2) call on that
>> parent socket creates a context which then uses the tfm object.
>>
>> Therefore as long as any child sockets created by accept(2) exist
>> the parent socket must not be modified or freed.
>>
>> This patch guarantees this by using locks and a reference count
>> on the parent socket. Any attempt to modify the parent socket will
>> fail with EBUSY.
So either the upstream patch is broken, or the 4.1 backport is wrong/missing
dependency/missing fix.
Any chance you could try 4.5-rc3 and see if that works for you? That'll narrow
it down a lot.
Thanks,
Sasha
next prev parent reply other threads:[~2016-02-17 14:37 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-17 14:04 Broken userspace crypto in linux-4.1.18 Thomas D.
2016-02-17 14:37 ` Sasha Levin [this message]
2016-02-17 15:24 ` Thomas D.
2016-02-17 22:12 ` Sasha Levin
2016-02-17 23:33 ` Willy Tarreau
2016-02-17 23:49 ` Thomas D.
2016-02-18 0:01 ` Willy Tarreau
2016-02-18 8:17 ` Stephan Mueller
2016-02-18 9:41 ` Jiri Slaby
2016-02-18 11:09 ` Thomas D.
2016-02-20 14:33 ` Thomas D.
2016-02-21 16:40 ` [PATCH] " Milan Broz
2016-02-23 21:02 ` Milan Broz
2016-02-23 21:21 ` Sasha Levin
[not found] ` <CAA-+O6H8TQxrKOQAL+s+PGnkOJe-f3dEs-wKGbM1BFZ7_aC2dg@mail.gmail.com>
2016-02-24 0:10 ` Thomas D.
2016-02-24 2:24 ` Greg KH
2016-02-24 8:32 ` Jiri Slaby
2016-02-24 8:54 ` Milan Broz
2016-02-24 17:12 ` Greg KH
2016-02-26 11:25 ` Milan Broz
2016-02-26 11:44 ` [PATCH 1/4] crypto: algif_skcipher - Require setkey before accept(2) Milan Broz
2016-02-26 11:44 ` [PATCH 2/4] crypto: algif_skcipher - Add nokey compatibility path Milan Broz
2016-02-26 11:44 ` [PATCH 3/4] crypto: algif_skcipher - Remove custom release parent function Milan Broz
2016-02-26 11:44 ` [PATCH 4/4] crypto: algif_skcipher - Fix race condition in skcipher_check_key Milan Broz
2016-02-27 14:45 ` [PATCH 1/4] crypto: algif_skcipher - Require setkey before accept(2) Herbert Xu
2016-02-27 21:40 ` Sasha Levin
2016-02-28 8:18 ` Milan Broz
2016-02-26 16:43 ` [PATCH] Re: Broken userspace crypto in linux-4.1.18 Sasha Levin
2016-04-17 22:17 ` Thomas D.
2016-04-17 22:39 ` Sasha Levin
2016-04-18 2:02 ` Herbert Xu
2016-04-18 9:48 ` Thomas D.
2016-04-18 12:54 ` Sasha Levin
2016-04-18 20:41 ` Milan Broz
2016-04-18 20:56 ` Thomas D.
2016-04-18 21:03 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C485AA.5060303@oracle.com \
--to=sasha.levin@oracle.com \
--cc=dvyukov@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=whissi@whissi.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).