1613953 – [LUKS2 only]: cryptsetup luksFormat (LUKS2) miscalculates device alignment offset as provided by device topology

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1613953 - [LUKS2 only]: cryptsetup luksFormat (LUKS2) miscalculates device alignment offset as provided by device topology

Summary: [LUKS2 only]: cryptsetup luksFormat (LUKS2) miscalculates device alignment of...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	cryptsetup
Sub Component:
Version:	7.6
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Ondrej Kozina
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1614219
TreeView+	depends on / blocked

Reported:	2018-08-08 15:51 UTC by Corey Marthaler
Modified:	2021-09-06 15:04 UTC (History)
CC List:	5 users (show)
Fixed In Version:	cryptsetup-2.0.3-5.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1614219 (view as bug list)
Environment:
Last Closed:	2019-08-06 13:16:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
verbose format and lsblk output (19.67 KB, text/plain) 2018-08-08 18:40 UTC, Corey Marthaler	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:2297	0	None	None	None	2019-08-06 13:16:04 UTC

Description Corey Marthaler 2018-08-08 15:51:32 UTC

Description of problem:
It isn't clear to me why this is failing. In fact the only difference i see between the machines where this works and then ones that do not is the multipath PV devices. Does luks2 formatting work on mpath devices?

# This fails on any of my systems using mpath
[root@mckinley-01 ~]# ls /dev/raid_sanity/open_LUKS_fsadm_resize
/dev/raid_sanity/open_LUKS_fsadm_resize

[root@mckinley-01 ~]# dd if=/dev/zero of=/dev/raid_sanity/open_LUKS_fsadm_resize bs=1M count=40
40+0 records in
40+0 records out
41943040 bytes (42 MB) copied, 0.284668 s, 147 MB/s

[root@mckinley-01 ~]#  echo Str0ngP455w0rd### | cryptsetup luksFormat --type luks2 /dev/raid_sanity/open_LUKS_fsadm_resize
Cannot format device /dev/raid_sanity/open_LUKS_fsadm_resize.
[root@mckinley-01 ~]# echo $?
1

[root@mckinley-01 ~]#  echo Str0ngP455w0rd### | cryptsetup luksFormat --type luks1 /dev/raid_sanity/open_LUKS_fsadm_resize
[root@mckinley-01 ~]# echo $?
0


# This passes on any of my systems using *not* using mpath

[root@hayes-01 ~]# lvs
  LV   VG   Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  lv   test -wi-a----- 100.00m                                                    
[root@hayes-01 ~]# echo Str0ngP455w0rd### | cryptsetup luksFormat --type luks1 /dev/test/lv
[root@hayes-01 ~]# echo Str0ngP455w0rd### | cryptsetup luksFormat --type luks2 /dev/test/lv


Version-Release number of selected component (if applicable):
3.10.0-931.el7.x86_64
cryptsetup-2.0.3-3.el7    BUILT: Tue Jul 31 09:34:18 CDT 2018
cryptsetup-libs-2.0.3-3.el7    BUILT: Tue Jul 31 09:34:18 CDT 2018
cryptsetup-reencrypt-2.0.3-3.el7    BUILT: Tue Jul 31 09:34:18 CDT 2018


How reproducible:
Everytime

Comment 4 Milan Broz 2018-08-08 16:02:47 UTC

Corey, please could you always attach the command output with additional --debug switch? It helps to debug the issue, maybe the reason will be apparent there. Thanks.
I do not see any reason it shoulld fail here though.

Comment 5 Corey Marthaler 2018-08-08 16:08:47 UTC

Sure. I wasn't aware of that flag until now.


[root@mckinley-01 ~]# echo Str0ngP455w0rd### | cryptsetup --debug  luksFormat --type luks2 /dev/test/lv 
# cryptsetup 2.0.3 processing "cryptsetup --debug luksFormat --type luks2 /dev/test/lv"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/test/lv.
# Trying to open and read device /dev/test/lv with direct-io.
# Initialising device-mapper backend library.
# STDIN descriptor passphrase entry requested.
# Checking new password using default pwquality settings.
# New password libpwquality score is 100.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Formatting device /dev/test/lv as type LUKS2.
# Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library version 2.0.3.
# Detected kernel Linux 3.10.0-931.el7.x86_64 x86_64.
# Topology: IO (8192/33553920), offset = 512; Required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 91275, threads = 0 (took 359 ms)
# PBKDF benchmark: memory cost = 0, iterations = 110890, threads = 0 (took 591 ms)
# Benchmark returns pbkdf2(sha256) 110890 iterations, 0 memory, 0 threads (for 256-bits key).
# Digest JSON:
# {
  "type":"pbkdf2",
  "keyslots":[
  ],
  "segments":[
  ],
  "hash":"sha256",
  "iterations":13861,
  "salt":"h2eH4327A78Vm\/qaR1Nc0lNDQ37xVdKb3CzgfOnOZ0M=",
  "digest":"8GpNnwlUBMilVJ2v\/Nt9xHJ5wcpjOzdeIVoqwk3oUnw="
}
# Segment 0 assigned to digest 0.
# Header JSON:
# {
  "keyslots":{
  },
  "tokens":{
  },
  "segments":{
    "0":{
      "type":"crypt",
      "offset":"4194305",
      "iv_tweak":"0",
      "size":"dynamic",
      "encryption":"aes-xts-plain64",
      "sector_size":512
    }
  },
  "digests":{
    "0":{
      "type":"pbkdf2",
      "keyslots":[
      ],
      "segments":[
        "0"
      ],
      "hash":"sha256",
      "iterations":13861,
      "salt":"h2eH4327A78Vm\/qaR1Nc0lNDQ37xVdKb3CzgfOnOZ0M=",
      "digest":"8GpNnwlUBMilVJ2v\/Nt9xHJ5wcpjOzdeIVoqwk3oUnw="
    }
  },
  "config":{
    "json_size":"12288",
    "keyslots_size":"4161536"
  }
}
# Offset field has to be aligned to sector size: 512
Cannot format device /dev/test/lv.
# Releasing crypt device /dev/test/lv context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).

Comment 6 Milan Broz 2018-08-08 16:52:43 UTC

Ok, so it fails LUKS2 parameters validation because we ended with crypt segment not aligned to sector size, strange. That should never happen, even bogus values should be rounded properly...

What is the IO topology info for that multipath device? (lsblk- t)

Comment 7 Corey Marthaler 2018-08-08 18:40:10 UTC

Created attachment 1474453 [details]
verbose format and lsblk output

Comment 8 Ondrej Kozina 2018-08-09 08:05:28 UTC

There's a bug in luks2 align offset calculation. Thanks Corey!

Comment 9 Ondrej Kozina 2018-08-09 08:06:41 UTC

Moving to 7.7 It's a bug in luks2 format only which is not default in RHEL7.

Comment 10 Ondrej Kozina 2018-08-10 08:15:53 UTC

Fix upstream by:

- https://gitlab.com/cryptsetup/cryptsetup/commit/dd36d56d472e1ea1db74d64d2e6a8d8ece2e7a76

To reproduce it easily without complex device setup:

1) modprobe scsi_debug dev_size_mb=25 sector_size=512 physblk_exp=3 lowest_aligned=1
2) cryptsetup luksFormat --type luks2 /dev/sdx (<- scsi debug disk)

Comment 11 Ondrej Kozina 2018-08-10 08:35:02 UTC

(note to myself) In follow-up to the fix, it would be wise to backport also following commits, because LUKS2 was too restrictive about data alignment values:

- https://gitlab.com/cryptsetup/cryptsetup/commit/03a74b74e544df44f0005d4a5b5b0b99931143ab

- https://gitlab.com/cryptsetup/cryptsetup/commit/48e93621861049f589e890c299f440c416eacf4f

Comment 12 Ondrej Kozina 2018-08-10 19:53:30 UTC

(another note). Also backport this one:

- https://gitlab.com/cryptsetup/cryptsetup/commit/d2f0773eb8482f754d9a7599d26697efcdd25cd6

Comment 16 errata-xmlrpc 2019-08-06 13:16:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2297

Note You need to log in before you can comment on or make changes to this bug.