Bug 1311286

Summary: kernel 4.1.18 has broken crypto API
Product: [Fedora] Fedora Reporter: Karl Sponser <karl.sponser>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 23CC: agk, gansalmon, gmazyland, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab, okozina
Target Milestone: ---   
Target Release: ---   
Hardware: armhfp   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-24 13:19:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karl Sponser 2016-02-23 20:14:25 UTC 
Description of problem:
A patch in Kernel 4.1.18 broke luks. You can't open luks devices any more nor format them. ArchLinux patched cryptsetup to be compatible again (see below)



Version-Release number of selected component (if applicable):
cryptsetup-1.6.8-2.fc23.x86_64
cryptsetup-1.7.0-3.fc24.armv7hl



How reproducible:
Always.



Steps to Reproduce:
1. Install/boot Kernel 4.1.18
2. Try to open/format a luks device (fails)



Actual results:
# cryptsetup luksFormat /dev/loop2

WARNING!
========
This will overwrite data on /dev/loop2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
Failed to setup dm-crypt key mapping for device /dev/loop2.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

The error is the same if you try to luksOpen an existing luks formated device, that worked with all previous kernel versions.



Expected results:
It should be possible to open/format devices with luks with Kernel 4.1.18, like it worked with all previous Kernels.



Additional info:
There is an upstream bug report:
https://bugzilla.kernel.org/show_bug.cgi?id=112631

ArchLinux fixed cryptsetup, to work around this problem:
https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/cryptsetup&id=ea2c8f73c45aa239ed5f356a8ecd01aeba51ef1d
Comment 1 Ondrej Kozina 2016-02-24 09:04:44 UTC 
In fact it's broken kernel crypto API for older userspace. For reference see: http://www.spinics.net/lists/linux-crypto/msg18521.html
Comment 2 Ondrej Kozina 2016-02-24 09:30:47 UTC 
Oh, didn't realise f23 doesn't ship 4.1.18 kernel at all so probably safe to close anyway...

Even though I understand it's annoying bug we don't plan to fix it by updating cryptsetup (in userspace) in stable fedora realease. This is clearly mistake in 4.1.18 backport of crypto API patches.
Comment 3 Josh Boyer 2016-02-24 13:19:59 UTC 
Thanks for the report.  None of the Fedora releases are on the 4.1.y kernel any longer.  All are 4.3.y or newer.  This isn't an issue for Fedora afaik, so I'm closing this as UPSTREAM.