[pkg-cryptsetup-devel] Bug#996177: cryptsetup: please report fatal errors without having to use -v

Guilhem Moulin guilhem at debian.org
Thu Oct 14 20:03:21 BST 2021 

On Thu, 14 Oct 2021 at 20:48:51 +0200, Marc Lehmann wrote:
> I reported this from another system, but both were recently upgraded to
> bullseye.
> 
> I know because I use kvm to see if the machine will actually boot (Cthus
> the different memory setup) and the kvm in bullseye has a bug that makes
> this very hard (remote display makes it freeze randomly), and I had to
> work around this bug, so I know it was not buster.

Could still be an older initramfs image though.  If you're able to
reproduce this please run `cryptsetup --version` directly afterwards
(i.e., at initramfs stage if that's where the issue appears).
 
>> Looking at the upstream git log, I found 206b70c837f29c8b34cb0d80ae496870550ec50c
>> which fixes https://gitlab.com/cryptsetup/cryptsetup/-/issues/488 which looks
>> really familiar :-)
> 
> It looks very similar. It is not the message I got with -v, which
> specifically had the error number (3) in it somewhere, but maybe thats
> because it ran out of memory in a different place.

My reproducer (with cryptsetup 2.1.0) does have “Command failed with
code -3 (out of memory)” with ‘-v’:

    (initramfs) free
                  total        used        free      shared  buff/cache   available
    Mem:         493060       29808      363896          40       99356      364040
    Swap:             0           0           0
    (initramfs) cryptsetup luksDump /dev/vda5
    […]
    Keyslots:
      0: luks2
    	Key:        512 bits
    	Priority:   normal
    	Cipher:     aes-xts-plain64
    	Cipher key: 512 bits
    	PBKDF:      argon2i
    	Time cost:  4
    	Memory:     605915
    	Threads:    2
    […]
    (initramfs) cryptsetup luksOpen /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase
    (initramfs) echo $?
    3

    (initramfs) cryptsetup luksOpen -v /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase
    Command failed with code -3 (out of memory).

    (initramfs) cryptsetup luksOpen --debug /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase
    # cryptsetup 2.1.0 processing "cryptsetup luksOpen --debug /dev/vda5 --keyfile-size=32 --key-file=/dev/urandom --test-passphrase"
    # Running command open.
    # Locking memory.
    # Installing SIGINT/SIGTERM handler.
    # Unblocking interruption on signal.
    # Allocating context for crypt device /dev/vda5.
    # Trying to open and read device /dev/vda5 with direct-io.
    # Initialising device-mapper backend library.
    # Trying to load any crypt type from device /dev/vda5.
    # Crypto backend (OpenSSL 1.1.1d  10 Sep 2019) initialized in cryptsetup library version 2.1.0.
    # Detected kernel Linux 4.19.0-18-amd64 x86_64.
    # Loading LUKS2 header (repair disabled).
    # Opening lock resource file /run/cryptsetup/L_254:5
    # Acquiring read lock for device /dev/vda5.
    # Verifying read lock handle for device /dev/vda5.
    # Device /dev/vda5 READ lock taken.
    # Trying to read primary LUKS2 header at offset 0x0.
    # Opening locked device /dev/vda5
    # Veryfing locked device handle (bdev)
    # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
    # Checksum:e3d5da875cd56c8d48144ec6ef85229a8bdf52ad42a6c8b98a3b72ad32ece6de (on-disk)
    # Checksum:e3d5da875cd56c8d48144ec6ef85229a8bdf52ad42a6c8b98a3b72ad32ece6de (in-memory)
    # Trying to read secondary LUKS2 header at offset 0x4000.
    # Opening locked device /dev/vda5
    # Veryfing locked device handle (bdev)
    # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
    # Checksum:af4ba03f7cdd87c763d505ae21b76c475fb072428949c8a87e94e15bbe54339b (on-disk)
    # Checksum:af4ba03f7cdd87c763d505ae21b76c475fb072428949c8a87e94e15bbe54339b (in-memory)
    # Device size 3781165056, offset 16777216.
    # Device /dev/vda5 READ lock released.
    # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
    # Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 246530kB.
    # PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 246530, parallel_threads 2.
    # Checking volume passphrase using token -1.
    # File descriptor passphrase entry requested.
    # Checking volume passphrase [keyslot -1] using passphrase.
    # Keyslot 0 priority 1 != 2 (required), skipped.
    # Trying to open LUKS2 keyslot 0.
    # Keyslot 0 (luks2) open failed with -12.
    # Releasing crypt device /dev/vda5 context.
    # Releasing device-mapper backend.
    # Unlocking memory.
    Command failed with code -3 (out of memory).

However, after upgrading (and rebuilding the initramfs) I get “Not
enough available memory to open a keyslot.” instead of having to pass
‘-v’, ‘--debug’ or inspect the return code.

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20211014/6486a74c/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list