Bug 610278

Summary:	f12 crypto devices won't mount under f13 and newer.
Product:	[Fedora] Fedora	Reporter:	Dave Jones <davej>
Component:	cryptsetup-luks	Assignee:	Milan Broz <mbroz>
Status:	CLOSED WONTFIX	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	low
Version:	13	CC:	agk, anton, dougsland, dwysocha, esandeen, gansalmon, itamar, jonathan, kernel-maint, lvm-team, madhu.chinakonda, mbroz, opensource, pfrields, pjones, prockai, pvrabec, whulbert
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-07-02 08:11:37 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Dave Jones 2010-07-01 22:30:38 UTC

created a crypto dev on a 1g usb key on f12. Tried to mount it under f13, it fails.

creation:

(18:17:45:root@gelk:~)# dd if=/dev/zero of=/dev/sdg bs=1M
dd: writing `/dev/sdg': No space left on device
982+0 records in
981+0 records out
1028653056 bytes (1.0 GB) copied, 247.166 s, 4.2 MB/s
(18:22:12:root@gelk:~)# cryptsetup create test /dev/sdg
Enter passphrase: 
(18:25:22:root@gelk:~)# mkfs.ext2 /dev/mapper/test 
mke2fs 1.41.9 (22-Aug-2009)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
62848 inodes, 251136 blocks
12556 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=260046848
8 block groups
32768 blocks per group, 32768 fragments per group
7856 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376

Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
(18:25:39:root@gelk:~)# mount /dev/mapper/test /mnt/test/
(18:25:49:root@gelk:~)# cd /mnt/test/
(18:25:51:root@gelk:test)# ls
lost+found/
(18:25:51:root@gelk:test)# mkdir testdir
(18:25:55:root@gelk:test)# touch testfile
(18:25:58:root@gelk:test)# echo blah > testfile2
(18:26:06:root@gelk:test)# sync
(18:26:08:root@gelk:test)# ls -l
total 36
drwx------. 2 root root 16384 2010-07-01 18:25 lost+found/
drwxr-xr-x. 2 root root  4096 2010-07-01 18:25 testdir/
-rw-r--r--. 1 root root     0 2010-07-01 18:25 testfile
-rw-r--r--. 1 root root     5 2010-07-01 18:26 testfile2
(18:26:19:root@gelk:test)# cd ..
(18:26:21:root@gelk:mnt)# umount /mnt/test 
(18:26:23:root@gelk:mnt)# 


Then, plug it into an f13 box..

$ cryptsetup create test /dev/sdd
Enter passphrase:
$ mount /dev/mapper/test /mnt/test/
[  997.364633] EXT2-fs (dm-4): error: ext2_check_descriptors: Block bitmap for group 0 not in group (block 3416865761)!
[  997.370967] EXT2-fs (dm-4): group descriptors corrupted

Comment 1 Dave Jones 2010-07-01 22:40:31 UTC

I did a dd if=/dev/mapper/test on f12 and f13 to compare the two. Something is immediately wrong..

-rw-r--r--. 1 davej davej 1028653056 2010-07-01 18:36 f12-decrypted
-rw-r--r--. 1 davej davej  199872471 2010-07-01 18:34 f13-decrypted

for some reason dm-crypt on f13 thinks it's smaller than it is.

Comment 2 Eric Sandeen 2010-07-01 22:45:11 UTC

*nod* sorry (heh!) to say this doesn't look like a filesystem problem.

Comment 3 Milan Broz 2010-07-02 08:11:37 UTC

Please use LUKS, not plain crypto mapping (cryptsetup create).

Default mode for plain crypt changed because old mode was vulnerable, if you want to use old plain crypt devices in f13 (formatted in older Fedora) you have to specify encryption mode explicitly (either in crypttab or on commandline).

Try "cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 <name> <device>"
on F13.

and read
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Issues_with_Specific_Versions_of_cryptsetup

The LUKS hasn't this problem, because it stores mode in metadata on-disk.