Bug 467234
Summary: | openssl module reports invalid packet format error on file creation in ecryptfs filesystem | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jan Tluka <jtluka> | ||||||
Component: | ecryptfs-utils | Assignee: | Karsten Hopp <karsten> | ||||||
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 5.3 | CC: | duck, dzickus, esandeen, jarod, mgahagan, mhalcrow, mnowak, pknirsch, riek, rwheeler, syeghiay | ||||||
Target Milestone: | rc | Keywords: | Regression | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-01-20 21:59:50 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Jan Tluka
2008-10-16 14:31:04 UTC
This bugzilla has Keywords: Regression. Since no regressions are allowed between releases, it is also being proposed as a blocker for this release. Please resolve ASAP. Jan, it's marked regression... so this worked in the 5.2 code drop? (I'll go test ...) Hm... Using an openssl key requires the ecryptfsd userspace key helper daemon be running. Was that up and running here? The error sort of seems to indicate a problem communicating with ecryptfsd. Admittedly, openssl-based use of ecryptfs is much less tested that passphrase-based... Whoops, sorry, missed the 'pgrep ecryptfsd' part. Hi Jarod, I've just launched /kernel/filesystems/ecryptfs-extended test that showed following results (5.2 to 5.3 comparison): test | 5.2 | 5.3 ------------|-----------|--------- passphrase | FAILED | PASS pubkey | PASS | FAILED xattr | PASS | PASS passthrough | PASS | PASS PAM | PASS | PASS ---------------------------------- Further investigation of 'pubkey' test results in opening this bug. I used rh-tests-kernel-filesystems-ecryptfs-extended-1.1-1. Sorry. Previous comment 5 should be a response to Eric's comment 2. However explicitly shows regression. yes, I tested it and also found it to work in 5.2, thanks. -Eric Created attachment 321095 [details]
proposed fix
The problem is with ecryptfs_send_miscdev() passing uint32_t's into ecryptfs_write_packet_length, which expects size_t's - 64 bits on x86_64.
So when we filled in *packet_size_length:
dest[0] = (char)size;
*packet_size_length = 1;
it was filling in 8 bytes, even though the memory address was to a 4 byte object; this overflowed, and happened to hit dest[0], filling it with zeros.
Just changing the types seems to make things work properly.
Hi Eric, with rebuilded source rpm provided by you in comment 9 it works without errors. Further info to comment 10: It works for openssl key but now I get some failures on xattr tests. Unfortunately they're not 100% reproducible. I'm using nightly build RHEL5.3-Server-20081020.1. As this is different from the one where original bug appeared I'm going to check it on RHEL5.3-Server-20081015.nightly, too Furhermore I will check whether xattr errors show when using in-tree ecryptfs-utils package. Jan, which xattr tests? I recently (last couple of days...) found a a serious kernel bug when using xattrs to store the crypto headers... By 'xattr' I mean xattr part of /kernel/filesystems/ecryptfs-extended test from RHTS. Eric, I'm attaching another test script that should in 75% reproduce the xattr error. Test script name is simple_xattr.sh. Just specify one arg - number of mount loops (10-50 should be sufficient). It results in following messages: ecryptfs_read_lower: octets_read = [-13]; expected [4096] ecryptfs_write: Error getting page at index [0] from eCryptfs inode mapping; rc = [-22] ecryptfs_read_lower: octets_read = [-13]; expected [4096] ecryptfs_prepare_write: Error attemping to read lower page segment; rc = [-22] Created attachment 321168 [details]
xattr error reproducer
This is the script for xattr error reproduction.
Jan, thanks. I think we need a new bug for that problem, it's a different root cause... and luckily, I do have a patch :) Not sure it'll make 5.3, though.... Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Using openssl keys for encryption is not functional on 64-bit architectures. (until this bugfix is released, that is) I've dropped the release note request as 5.3 will have a package with Eric's fix. Deleted Release Notes Contents. Old Contents: Using openssl keys for encryption is not functional on 64-bit architectures. (until this bugfix is released, that is) An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0203.html |