[pkg-cryptsetup-devel] Bug#941051: cryptsetup: luksFormat crash with benbi IV generator and LUKS2 integrity option(s)
Bernhard Übelacker
bernhardu at mailbox.org
Sun Jan 5 18:19:42 GMT 2020
Dear Maintainer,
I just tried to reproduce the issue, but always
got a kernel oops instead of a usermode exception.
Therefore I guess this issue might be reassigned to src:linux?
By further looking it seems that in crypto_tfm_alg_blocksize
the __crt_alg member is dereferenced unconditionally while
containing a null pointer.
This could be reproduced in a minimal VM running
stable with 4.19.0-6-amd64 or unstable with 5.4.0-1-amd64.
Kind regards,
Bernhard
[Sa Jan 4 17:08:33 2020] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-3way)))
[Sa Jan 4 17:08:33 2020] BUG: kernel NULL pointer dereference, address: 0000000000000028
[Sa Jan 4 17:08:33 2020] #PF: supervisor read access in kernel mode
[Sa Jan 4 17:08:33 2020] #PF: error_code(0x0000) - not-present page
[Sa Jan 4 17:08:33 2020] PGD 0 P4D 0
[Sa Jan 4 17:08:33 2020] Oops: 0000 [#1] SMP NOPTI
[Sa Jan 4 17:08:33 2020] CPU: 7 PID: 4875 Comm: cryptsetup Not tainted 5.4.0-1-amd64 #1 Debian 5.4.6-1
[Sa Jan 4 17:08:33 2020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[Sa Jan 4 17:08:33 2020] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[Sa Jan 4 17:08:33 2020] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f b0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 a8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
-------------- next part --------------
# Buster/stable amd64 qemu VM 2020-01-04
apt update
apt dist-upgrade
apt install systemd-coredump cryptsetup
truncate -s 400M /tmp/test
losetup /dev/loop0 /tmp/test
export LANG=C
cryptsetup luksFormat \
--cipher=twofish-xts-benbi \
--hash=sha512 \
--verify-passphrase \
--key-size=512 \
--use-random \
--type=luks2 \
--pbkdf=argon2id \
--pbkdf-memory=1048576 \
--pbkdf-parallel=4 \
--pbkdf-force-iterations=5 \
--integrity=hmac-sha256 \
--integrity-no-journal \
--sector-size=4096 \
/dev/loop0
losetup -d /dev/loop0
rm /tmp/test
##############
##############
root at debian:~# truncate -s 400M /tmp/test
root at debian:~# losetup /dev/loop0 /tmp/test
root at debian:~# export LANG=C
root at debian:~# cryptsetup luksFormat \
> --cipher=twofish-xts-benbi \
> --hash=sha512 \
> --verify-passphrase \
> --key-size=512 \
> --use-random \
> --type=luks2 \
> --pbkdf=argon2id \
> --pbkdf-memory=1048576 \
> --pbkdf-parallel=4 \
> --pbkdf-force-iterations=5 \
> --integrity=hmac-sha256 \
> --integrity-no-journal \
> --sector-size=4096 \
> /dev/loop0
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/loop0:
Verify passphrase:
System is out of entropy while generating volume key.
Please move mouse or type some text in another window to gather some random events.
Generating key (25% done).
Generating key (25% done).
Generating key (25% done).
Generating key (68% done).
Generating key (100% done).
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
Segmentation fault
root at debian:~# dmesg
...
[ 72.932437] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-avx)))
[ 72.932657] general protection fault: 0000 [#1] SMP PTI
[ 72.932718] CPU: 2 PID: 463 Comm: cryptsetup Not tainted 4.19.0-6-amd64 #1 Debian 4.19.67-2+deb10u2
[ 72.932771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 72.932821] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[ 72.932854] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f c0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 b8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[ 72.932956] RSP: 0018:ffffc0874098fbb8 EFLAGS: 00010286
[ 72.932987] RAX: 19e7f52c35158f78 RBX: ffff9b0cb6fd7800 RCX: 00000000ffffffff
[ 72.933024] RDX: 0000000000000000 RSI: ffffc08740956040 RDI: ffff9b0cb6fd7800
[ 72.933061] RBP: ffff9b0cb6fd7800 R08: 0000000070da9754 R09: 0000000000000000
[ 72.933099] R10: 000000004020ca8d R11: 0000000000000027 R12: ffffc08740956040
[ 72.933136] R13: 0000000000000010 R14: ffff9b0cbb3c4480 R15: ffff9b0cb4918188
[ 72.933200] FS: 00007fae4dc9ed00(0000) GS:ffff9b0cbcb00000(0000) knlGS:0000000000000000
[ 72.933241] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 72.933272] CR2: 00007ffe60090e18 CR3: 00000000b4c26004 CR4: 0000000000060ee0
[ 72.933314] Call Trace:
[ 72.933345] crypt_ctr+0x806/0x122e [dm_crypt]
[ 72.933386] dm_table_add_target+0x17d/0x360 [dm_mod]
[ 72.933422] table_load+0x122/0x2e0 [dm_mod]
[ 72.933453] ? dev_status+0x40/0x40 [dm_mod]
[ 72.933481] ctl_ioctl+0x1af/0x3f0 [dm_mod]
[ 72.933512] dm_ctl_ioctl+0xa/0x10 [dm_mod]
[ 72.933546] do_vfs_ioctl+0xa4/0x630
[ 72.933577] ? ksys_semctl+0x129/0x160
[ 72.933601] ksys_ioctl+0x60/0x90
[ 72.933623] __x64_sys_ioctl+0x16/0x20
[ 72.933647] do_syscall_64+0x53/0x110
[ 72.933680] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 72.933714] RIP: 0033:0x7fae4e486427
[ 72.933737] Code: 00 00 90 48 8b 05 69 aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 aa 0c 00 f7 d8 64 89 01 48
[ 72.933829] RSP: 002b:00007ffdf6568ea8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[ 72.933869] RAX: ffffffffffffffda RBX: 00007fae4e335c45 RCX: 00007fae4e486427
[ 72.933906] RDX: 000055f7f38d3000 RSI: 00000000c138fd09 RDI: 0000000000000005
[ 72.933944] RBP: 00007ffdf6568f60 R08: 000000000000006f R09: 000055f7f38d2550
[ 72.933980] R10: 0000000000000002 R11: 0000000000000202 R12: 00007fae4e38365a
[ 72.934017] R13: 00007fae4e38429e R14: 00007fae4e38365a R15: 00007fae4e38365a
[ 72.934055] Modules linked in: authenc dm_crypt dm_integrity dm_bufio async_xor xor async_tx twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common xts algif_skcipher af_alg dm_mod loop snd_hda_codec_generic snd_hda_intel crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec qxl ttm snd_hda_core snd_hwdep drm_kms_helper snd_pcm ppdev snd_timer drm snd soundcore sg parport_pc evdev qemu_fw_cfg joydev parport serio_raw pcspkr button virtio_rng rng_core ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb hid_generic usbhid hid sr_mod sd_mod cdrom ata_generic crc32c_intel ata_piix libata xhci_pci xhci_hcd scsi_mod uhci_hcd ehci_hcd aesni_intel psmouse e1000 usbcore virtio_pci virtio_ring virtio floppy aes_x86_64 crypto_simd cryptd glue_helper
[ 72.937450] i2c_piix4 usb_common
[ 72.938855] ---[ end trace 6678cd93824a6c0f ]---
[ 72.940371] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[ 72.941670] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f c0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 b8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[ 72.944289] RSP: 0018:ffffc0874098fbb8 EFLAGS: 00010286
[ 72.945637] RAX: 19e7f52c35158f78 RBX: ffff9b0cb6fd7800 RCX: 00000000ffffffff
[ 72.946889] RDX: 0000000000000000 RSI: ffffc08740956040 RDI: ffff9b0cb6fd7800
[ 72.948215] RBP: ffff9b0cb6fd7800 R08: 0000000070da9754 R09: 0000000000000000
[ 72.949411] R10: 000000004020ca8d R11: 0000000000000027 R12: ffffc08740956040
[ 72.950123] R13: 0000000000000010 R14: ffff9b0cbb3c4480 R15: ffff9b0cb4918188
[ 72.950823] FS: 00007fae4dc9ed00(0000) GS:ffff9b0cbcb00000(0000) knlGS:0000000000000000
[ 72.951606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 72.952369] CR2: 00007ffe60090e18 CR3: 00000000b4c26004 CR4: 0000000000060ee0
reboot
############
############
root at debian:~# truncate -s 400M /tmp/test
root at debian:~# losetup /dev/loop0 /tmp/test
root at debian:~#
root at debian:~# export LANG=C
root at debian:~# cryptsetup luksFormat \
> --cipher=twofish-xts-benbi \
> --hash=sha512 \
> --verify-passphrase \
> --key-size=512 \
> --use-random \
> --type=luks2 \
> --pbkdf=argon2id \
> --pbkdf-memory=1048576 \
> --pbkdf-parallel=4 \
> --pbkdf-force-iterations=5 \
> --integrity=hmac-sha256 \
> --integrity-no-journal \
> --sector-size=4096 \
> /dev/loop0
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/loop0:
Verify passphrase:
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
Killed
root at debian:~# dmesg
...
[ 110.303080] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-avx)))
[ 110.303209] BUG: unable to handle kernel paging request at ffffbf0e40d00024
[ 110.303268] PGD bc51d067 P4D bc51d067 PUD bc51e067 PMD 36047067 PTE 0
[ 110.303315] Oops: 0000 [#1] SMP PTI
[ 110.303339] CPU: 1 PID: 463 Comm: cryptsetup Not tainted 4.19.0-6-amd64 #1 Debian 4.19.67-2+deb10u2
[ 110.303385] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 110.303436] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[ 110.303470] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f c0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 b8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[ 110.303562] RSP: 0018:ffffbf0e40a27bb8 EFLAGS: 00010286
[ 110.303591] RAX: ffffbf0e40d00000 RBX: ffff97c0f67e1000 RCX: 00000000ffffffff
[ 110.303627] RDX: 0000000000000000 RSI: ffffbf0e40a51040 RDI: ffff97c0f67e1000
[ 110.303664] RBP: ffff97c0f67e1000 R08: 00000000a2375ae1 R09: 0000000000000000
[ 110.303701] R10: 000000002d293843 R11: 00000000000000a0 R12: ffffbf0e40a51040
[ 110.303738] R13: 0000000000000010 R14: ffff97c0760ed780 R15: ffff97c0f6e24188
[ 110.303775] FS: 00007f58aafacd00(0000) GS:ffff97c0fc880000(0000) knlGS:0000000000000000
[ 110.303817] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.303847] CR2: ffffbf0e40d00024 CR3: 00000000b5d00005 CR4: 0000000000060ee0
[ 110.303888] Call Trace:
[ 110.303916] crypt_ctr+0x806/0x122e [dm_crypt]
[ 110.303964] dm_table_add_target+0x17d/0x360 [dm_mod]
[ 110.303999] table_load+0x122/0x2e0 [dm_mod]
[ 110.304030] ? dev_status+0x40/0x40 [dm_mod]
[ 110.304064] ctl_ioctl+0x1af/0x3f0 [dm_mod]
[ 110.304098] dm_ctl_ioctl+0xa/0x10 [dm_mod]
[ 110.304130] do_vfs_ioctl+0xa4/0x630
[ 110.304160] ? ksys_semctl+0x129/0x160
[ 110.304184] ksys_ioctl+0x60/0x90
[ 110.304206] __x64_sys_ioctl+0x16/0x20
[ 110.304232] do_syscall_64+0x53/0x110
[ 110.304262] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 110.304296] RIP: 0033:0x7f58ab794427
[ 110.304318] Code: 00 00 90 48 8b 05 69 aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 aa 0c 00 f7 d8 64 89 01 48
[ 110.304413] RSP: 002b:00007ffdba4eb0c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[ 110.304453] RAX: ffffffffffffffda RBX: 00007f58ab643c45 RCX: 00007f58ab794427
[ 110.304491] RDX: 0000558eead0b000 RSI: 00000000c138fd09 RDI: 0000000000000005
[ 110.304528] RBP: 00007ffdba4eb180 R08: 000000000000006f R09: 0000558eead0a550
[ 110.304565] R10: 0000000000000002 R11: 0000000000000202 R12: 00007f58ab69165a
[ 110.304602] R13: 00007f58ab69229e R14: 00007f58ab69165a R15: 00007f58ab69165a
[ 110.304641] Modules linked in: authenc dm_crypt dm_integrity dm_bufio async_xor xor async_tx twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common xts algif_skcipher af_alg dm_mod loop crct10dif_pclmul snd_hda_codec_generic crc32_pclmul ghash_clmulni_intel snd_hda_intel snd_hda_codec qxl snd_hda_core snd_hwdep ttm snd_pcm ppdev snd_timer drm_kms_helper evdev snd joydev pcspkr serio_raw drm soundcore parport_pc sg parport qemu_fw_cfg button virtio_rng rng_core ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb hid_generic usbhid hid sr_mod sd_mod cdrom ata_generic crc32c_intel xhci_pci uhci_hcd ata_piix xhci_hcd ehci_hcd libata usbcore aesni_intel virtio_pci virtio_ring virtio scsi_mod e1000 aes_x86_64 crypto_simd cryptd glue_helper psmouse
[ 110.311455] i2c_piix4 usb_common floppy
[ 110.312378] CR2: ffffbf0e40d00024
[ 110.313267] ---[ end trace 8ec0ac99bbfd63d8 ]---
[ 110.314145] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[ 110.315044] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f c0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 b8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[ 110.316814] RSP: 0018:ffffbf0e40a27bb8 EFLAGS: 00010286
[ 110.317699] RAX: ffffbf0e40d00000 RBX: ffff97c0f67e1000 RCX: 00000000ffffffff
[ 110.318599] RDX: 0000000000000000 RSI: ffffbf0e40a51040 RDI: ffff97c0f67e1000
[ 110.319460] RBP: ffff97c0f67e1000 R08: 00000000a2375ae1 R09: 0000000000000000
[ 110.320315] R10: 000000002d293843 R11: 00000000000000a0 R12: ffffbf0e40a51040
[ 110.321165] R13: 0000000000000010 R14: ffff97c0760ed780 R15: ffff97c0f6e24188
[ 110.322018] FS: 00007f58aafacd00(0000) GS:ffff97c0fc880000(0000) knlGS:0000000000000000
[ 110.322815] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.323504] CR2: ffffbf0e40d00024 CR3: 00000000b5d00005 CR4: 0000000000060ee0
##############
##############
# Unstable amd64 qemu VM 2020-01-04
apt update
apt dist-upgrade
apt install systemd-coredump cryptsetup gdb binutils linux-image-5.4.0-1-amd64-dbg
truncate -s 400M /tmp/test
losetup /dev/loop0 /tmp/test
export LANG=C
cryptsetup luksFormat \
--cipher=twofish-xts-benbi \
--hash=sha512 \
--verify-passphrase \
--key-size=512 \
--use-random \
--type=luks2 \
--pbkdf=argon2id \
--pbkdf-memory=1048576 \
--pbkdf-parallel=4 \
--pbkdf-force-iterations=5 \
--integrity=hmac-sha256 \
--integrity-no-journal \
--sector-size=4096 \
/dev/loop0
losetup -d /dev/loop0
rm /tmp/test
##############
##############
root at debian:~# truncate -s 400M /tmp/test
root at debian:~# losetup /dev/loop0 /tmp/test
root at debian:~#
root at debian:~# export LANG=C
root at debian:~# cryptsetup luksFormat \
> --cipher=twofish-xts-benbi \
> --hash=sha512 \
> --verify-passphrase \
> --key-size=512 \
> --use-random \
> --type=luks2 \
> --pbkdf=argon2id \
> --pbkdf-memory=1048576 \
> --pbkdf-parallel=4 \
> --pbkdf-force-iterations=5 \
> --integrity=hmac-sha256 \
> --integrity-no-journal \
> --sector-size=4096 \
> /dev/loop0
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /tmp/test:
Verify passphrase:
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
Killed
root at debian:~# dmesg -w -T
...
[Sa Jan 4 17:08:30 2020] device-mapper: uevent: version 1.0.3
[Sa Jan 4 17:08:30 2020] device-mapper: ioctl: 4.41.0-ioctl (2019-09-16) initialised: dm-devel at redhat.com
[Sa Jan 4 17:08:30 2020] NET: Registered protocol family 38
[Sa Jan 4 17:08:30 2020] cryptd: max_cpu_qlen set to 1000
[Sa Jan 4 17:08:30 2020] CPU feature 'AVX registers' is not supported.
[Sa Jan 4 17:08:31 2020] xor: measuring software checksum speed
[Sa Jan 4 17:08:31 2020] prefetch64-sse: 17966.000 MB/sec
[Sa Jan 4 17:08:31 2020] generic_sse: 17173.000 MB/sec
[Sa Jan 4 17:08:31 2020] xor: using function: prefetch64-sse (17966.000 MB/sec)
[Sa Jan 4 17:08:31 2020] async_tx: api initialized (async)
[Sa Jan 4 17:08:33 2020] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-3way)))
[Sa Jan 4 17:08:33 2020] BUG: kernel NULL pointer dereference, address: 0000000000000028
[Sa Jan 4 17:08:33 2020] #PF: supervisor read access in kernel mode
[Sa Jan 4 17:08:33 2020] #PF: error_code(0x0000) - not-present page
[Sa Jan 4 17:08:33 2020] PGD 0 P4D 0
[Sa Jan 4 17:08:33 2020] Oops: 0000 [#1] SMP NOPTI
[Sa Jan 4 17:08:33 2020] CPU: 7 PID: 4875 Comm: cryptsetup Not tainted 5.4.0-1-amd64 #1 Debian 5.4.6-1
[Sa Jan 4 17:08:33 2020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[Sa Jan 4 17:08:33 2020] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[Sa Jan 4 17:08:33 2020] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f b0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 a8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[Sa Jan 4 17:08:33 2020] RSP: 0018:ffffafb900533bb8 EFLAGS: 00010286
[Sa Jan 4 17:08:33 2020] RAX: 0000000000000004 RBX: ffffa0eef4da9c00 RCX: 00000000ffffffff
[Sa Jan 4 17:08:33 2020] RDX: 0000000000000000 RSI: ffffafb9003a3040 RDI: ffffa0eef4da9c00
[Sa Jan 4 17:08:33 2020] RBP: ffffafb9003a3040 R08: 0000000000000007 R09: 0000000000000001
[Sa Jan 4 17:08:33 2020] R10: ffffa0eef569c191 R11: 0000000000000041 R12: ffffa0eef4da9c00
[Sa Jan 4 17:08:33 2020] R13: ffffa0eef5f1afc0 R14: 0000000000000000 R15: 0000000000000010
[Sa Jan 4 17:08:33 2020] FS: 00007f4994596880(0000) GS:ffffa0eefc9c0000(0000) knlGS:0000000000000000
[Sa Jan 4 17:08:33 2020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Sa Jan 4 17:08:33 2020] CR2: 0000000000000028 CR3: 00000000b7bec000 CR4: 00000000000006e0
[Sa Jan 4 17:08:33 2020] Call Trace:
[Sa Jan 4 17:08:33 2020] crypt_ctr+0x6b6/0xff4 [dm_crypt]
[Sa Jan 4 17:08:33 2020] ? realloc_argv+0x58/0x80 [dm_mod]
[Sa Jan 4 17:08:33 2020] dm_table_add_target+0x17f/0x360 [dm_mod]
[Sa Jan 4 17:08:33 2020] table_load+0xf2/0x2a0 [dm_mod]
[Sa Jan 4 17:08:33 2020] ? retrieve_status+0x1f0/0x1f0 [dm_mod]
[Sa Jan 4 17:08:33 2020] ctl_ioctl+0x1a5/0x430 [dm_mod]
[Sa Jan 4 17:08:33 2020] dm_ctl_ioctl+0xa/0x10 [dm_mod]
[Sa Jan 4 17:08:33 2020] do_vfs_ioctl+0x40e/0x670
[Sa Jan 4 17:08:33 2020] ? ksys_semctl.constprop.0+0x161/0x170
[Sa Jan 4 17:08:33 2020] ksys_ioctl+0x5e/0x90
[Sa Jan 4 17:08:33 2020] ? exit_to_usermode_loop+0xb0/0xf0
[Sa Jan 4 17:08:33 2020] __x64_sys_ioctl+0x16/0x20
[Sa Jan 4 17:08:33 2020] do_syscall_64+0x52/0x160
[Sa Jan 4 17:08:33 2020] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[Sa Jan 4 17:08:33 2020] RIP: 0033:0x7f4994c5f5c7
[Sa Jan 4 17:08:33 2020] Code: 00 00 90 48 8b 05 c9 78 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 99 78 0c 00 f7 d8 64 89 01 48
[Sa Jan 4 17:08:33 2020] RSP: 002b:00007ffc2f77e6e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[Sa Jan 4 17:08:33 2020] RAX: ffffffffffffffda RBX: 00007f4994b0fc45 RCX: 00007f4994c5f5c7
[Sa Jan 4 17:08:33 2020] RDX: 000055a84cb97450 RSI: 00000000c138fd09 RDI: 0000000000000005
[Sa Jan 4 17:08:33 2020] RBP: 00007ffc2f77e7a0 R08: 000000000000006f R09: 000055a84cb92c90
[Sa Jan 4 17:08:33 2020] R10: 0000000000000006 R11: 0000000000000206 R12: 00007f4994b5d65a
[Sa Jan 4 17:08:33 2020] R13: 00007f4994b5e29e R14: 00007f4994b5d65a R15: 00007f4994b5d65a
[Sa Jan 4 17:08:33 2020] Modules linked in: authenc dm_crypt dm_integrity async_xor async_tx dm_bufio xor twofish_generic crypto_simd cryptd twofish_x86_64_3way glue_helper twofish_x86_64 twofish_common algif_skcipher af_alg dm_mod loop snd_hda_codec_generic ledtrig_audio snd_hda_intel bochs_drm snd_intel_nhlt drm_vram_helper snd_hda_codec ttm snd_hda_core snd_hwdep drm_kms_helper snd_pcm snd_timer ppdev drm snd evdev joydev soundcore serio_raw pcspkr sg parport_pc parport qemu_fw_cfg button virtio_rng rng_core ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic hid_generic usbhid hid sr_mod cdrom sd_mod ata_generic ata_piix xhci_pci libata xhci_hcd uhci_hcd ehci_hcd psmouse scsi_mod usbcore e1000 virtio_pci virtio_ring floppy virtio usb_common i2c_piix4
[Sa Jan 4 17:08:33 2020] CR2: 0000000000000028
[Sa Jan 4 17:08:33 2020] ---[ end trace 7fce60e3582d9eb7 ]---
[Sa Jan 4 17:08:33 2020] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]
[Sa Jan 4 17:08:33 2020] Code: 00 00 00 b9 ff ff ff ff 0f bd 8f b0 00 00 00 d3 e8 c3 66 66 66 66 90 48 8b 87 a8 00 00 00 b9 ff ff ff ff 48 8b 00 48 8b 40 60 <8b> 50 24 b8 01 00 00 00 0f bd ca d3 e0 39 d0 75 15 83 f9 09 7f 1e
[Sa Jan 4 17:08:33 2020] RSP: 0018:ffffafb900533bb8 EFLAGS: 00010286
[Sa Jan 4 17:08:33 2020] RAX: 0000000000000004 RBX: ffffa0eef4da9c00 RCX: 00000000ffffffff
[Sa Jan 4 17:08:33 2020] RDX: 0000000000000000 RSI: ffffafb9003a3040 RDI: ffffa0eef4da9c00
[Sa Jan 4 17:08:33 2020] RBP: ffffafb9003a3040 R08: 0000000000000007 R09: 0000000000000001
[Sa Jan 4 17:08:33 2020] R10: ffffa0eef569c191 R11: 0000000000000041 R12: ffffa0eef4da9c00
[Sa Jan 4 17:08:33 2020] R13: ffffa0eef5f1afc0 R14: 0000000000000000 R15: 0000000000000010
[Sa Jan 4 17:08:33 2020] FS: 00007f4994596880(0000) GS:ffffa0eefc9c0000(0000) knlGS:0000000000000000
[Sa Jan 4 17:08:33 2020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Sa Jan 4 17:08:33 2020] CR2: 0000000000000028 CR3: 00000000b7bec000 CR4: 00000000000006e0
gdb -q /usr/lib/debug/lib/modules/5.4.0-1-amd64/kernel/drivers/md/dm-crypt.ko
set width 0
set pagination off
b crypt_ctr
disassemble crypt_ctr
(gdb) disassemble /r crypt_iv_benbi_ctr
Dump of assembler code for function crypt_iv_benbi_ctr:
0x00000000000001a0 <+0>: e8 00 00 00 00 callq 0x1a5 <crypt_iv_benbi_ctr+5>
0x00000000000001a5 <+5>: 48 8b 87 a8 00 00 00 mov 0xa8(%rdi),%rax
0x00000000000001ac <+12>: b9 ff ff ff ff mov $0xffffffff,%ecx
0x00000000000001b1 <+17>: 48 8b 00 mov (%rax),%rax
0x00000000000001b4 <+20>: 48 8b 40 60 mov 0x60(%rax),%rax
0x00000000000001b8 <+24>: 8b 50 24 mov 0x24(%rax),%edx <<<<<<<<<<<<
0x00000000000001bb <+27>: b8 01 00 00 00 mov $0x1,%eax
0x00000000000001c0 <+32>: 0f bd ca bsr %edx,%ecx
0x00000000000001c3 <+35>: d3 e0 shl %cl,%eax
0x00000000000001c5 <+37>: 39 d0 cmp %edx,%eax
0x00000000000001c7 <+39>: 75 15 jne 0x1de <crypt_iv_benbi_ctr+62>
0x00000000000001c9 <+41>: 83 f9 09 cmp $0x9,%ecx
0x00000000000001cc <+44>: 7f 1e jg 0x1ec <crypt_iv_benbi_ctr+76>
0x00000000000001ce <+46>: b8 09 00 00 00 mov $0x9,%eax
0x00000000000001d3 <+51>: 29 c8 sub %ecx,%eax
0x00000000000001d5 <+53>: 89 87 80 00 00 00 mov %eax,0x80(%rdi)
0x00000000000001db <+59>: 31 c0 xor %eax,%eax
0x00000000000001dd <+61>: c3 retq
0x00000000000001de <+62>: 48 c7 46 48 00 00 00 00 movq $0x0,0x48(%rsi)
0x00000000000001e6 <+70>: b8 ea ff ff ff mov $0xffffffea,%eax
0x00000000000001eb <+75>: c3 retq
0x00000000000001ec <+76>: 48 c7 46 48 00 00 00 00 movq $0x0,0x48(%rsi)
0x00000000000001f4 <+84>: b8 ea ff ff ff mov $0xffffffea,%eax
0x00000000000001f9 <+89>: c3 retq
End of assembler dump.
(gdb) b *(crypt_iv_benbi_ctr+0x18)
Breakpoint 1 at 0x1b8: file include/linux/crypto.h, line 860.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/linux/crypto.h?h=linux-5.4.y#n860
static inline unsigned int crypto_tfm_alg_blocksize(struct crypto_tfm *tfm)
{
return tfm->__crt_alg->cra_blocksize;
}
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/crypto/skcipher.h?h=linux-5.4.y
static inline struct crypto_tfm *crypto_skcipher_tfm(
struct crypto_skcipher *tfm)
{
return &tfm->base;
}
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/crypto/skcipher.h?h=linux-5.4.y
static inline unsigned int crypto_skcipher_blocksize(
struct crypto_skcipher *tfm)
{
return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm));
}
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/md/dm-crypt.c?h=linux-5.4.y#n234
static struct crypto_skcipher *any_tfm(struct crypt_config *cc)
{
return cc->cipher_tfm.tfms[0];
}
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/md/dm-crypt.c?h=linux-5.4.y#n333
static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
const char *opts)
{
unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
int log = ilog2(bs);
/* we need to calculate how far we must shift the sector count
* to get the cipher block count, we use this shift in _gen */
if (1 << log != bs) {
ti->error = "cypher blocksize is not a power of 2";
return -EINVAL;
}
if (log > 9) {
ti->error = "cypher blocksize is > 512";
return -EINVAL;
}
cc->iv_gen_private.benbi.shift = 9 - log;
return 0;
}
(gdb) ptype /o struct crypt_config
/* offset | size */ type = struct crypt_config {
...
/* 168 | 8 */ union {
/* 8 */ struct crypto_skcipher **tfms;
/* 8 */ struct crypto_aead **tfms_aead;
/* total size (bytes): 8 */
} cipher_tfm;
168 == 0xa8
(gdb) ptype /o struct crypto_skcipher
/* offset | size */ type = struct crypto_skcipher {
...
/* 40 | 64 */ struct crypto_tfm {
/* 40 | 4 */ u32 crt_flags;
...
/* 88 | 8 */ void (*exit)(struct crypto_tfm *);
/* 96 | 8 */ struct crypto_alg *__crt_alg;
/* 104 | 0 */ void *__crt_ctx[];
/* total size (bytes): 64 */
} base;
/* total size (bytes): 104 */
}
96 == 0x60
(gdb) ptype /o struct crypto_alg
/* offset | size */ type = struct crypto_alg {
...
/* 36 | 4 */ unsigned int cra_blocksize;
36 == 0x24
--> __crt_alg member contains null pointer but is dereferenced ?
More information about the pkg-cryptsetup-devel
mailing list