Bug 433078

Summary: modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUKS root
Product: [Fedora] Fedora Reporter: Will Woods <wwoods>
Component: module-init-toolsAssignee: Jon Masters <jonathan>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: rawhideCC: jeff, pjones
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: hotissue
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-18 22:54:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 430962    

Description Will Woods 2008-02-15 23:37:19 UTC 
Quick summary: on i386, 4 modules are aliased to 'aes': padlock-aes, geode-aes,
aes-i586, and aes_generic. I need at least one of those to decrypt my root
filesystem. In kernel 2.6.25-rc1 padlock-aes now returns an error when you
attempt to insert it, so modprobe gives up on the other 3, leaving me without
AES (and thus unable to boot).

The long version:

My rawhide machine - which is using a LUKS encrypted LVM PV for its root - is
unbootable with any 2.6.25 kernel. It requests the key and then fails to unlock
the device:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
Failed to setup dm-crypt key mapping. 
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify
that /dev/sda2 contains at least 133 sectors.

So it would seem we've failed to load the cipher module(s). Scrolling back up, I
see:
padlock: VIA PadLock not detected.
WARNING: Error inserting padlock_aes ($modpath/padlock-aes.ko): No such device
padlock: VIA PadLock Hash Engine not detected.
WARNING: Error inserting padlock_sha ($modpath/padlock-sha.ko): No such device

With kernel 2.6.24.1-31 and  2.6.24-2 (which work), these error messages don't
appear, and the system boots normally. 

LUKS needs at least one AES module to decrypt my root filesystem. 'modprobe
aes', in the 2.6.24 kernels, installs all the modules which are aliased to
'aes': padlock-aes, geode-aes, aes-i586, aes_generic. 

In 2.6.24 kernels they all probe successfully. With 2.6.25-rc1, inserting the
padlock-aes module now returns an error if you don't have that hardware. I'm
guessing that modprobe gives up at that point, and that's why the message
indicating missing support for aes-cbc-essiv:sha256 appears - no AES modules
were loaded
Comment 1 Jon Masters 2008-02-18 20:24:06 UTC 
I'll look at it :)
Comment 2 Jeffrey C. Ollie 2008-02-18 21:59:43 UTC 
Is this the same problem as 432813?
Comment 3 Will Woods 2008-02-18 22:22:47 UTC 
Looks the same to me. Check the scrollback for error messages loading
padlock-{aes,sha}. 

Until this is fixed, we'll need a workaround to get 2.6.25 kernels booting -
either stop building padlock-aes, remove it from the initrd, or modify it so it
fails silently rather than causing errors.
Comment 4 Jeffrey C. Ollie 2008-02-18 22:37:28 UTC 
*** Bug 432813 has been marked as a duplicate of this bug. ***
Comment 5 Will Woods 2008-02-18 22:54:53 UTC 
Blarg! I fail at debugging! 

I rebuilt my initrd with no padlock-aes, and it still doesn't boot. For
confirmation of my wrongness, I went to a non-LUKS system and did:

  modprobe aes

Which attempted to insert all 4 AES modules, even after giving me the error
message about padlock_aes. In short: modprobe is fine, something in the kernel
is busted, and I'm a dope.

*** This bug has been marked as a duplicate of 432813 ***