Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 414991

Summary: [RHEL5.2] kernel panic on mounting ecryptfs overlay
Product: Red Hat Enterprise Linux 5 Reporter: Jarod Wilson <jarod>
Component: kernelAssignee: Eric Sandeen <esandeen>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: low Docs Contact:
Priority: low    
Version: 5.2CC: karsten, lwang
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-18 19:19:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Updated version of noninteractive.sh from ecrytpfs-full tarball at sf.net none

Description Jarod Wilson 2007-12-06 22:36:54 UTC 
Description of problem:
Twice now I've managed to hit a kernel panic upon mounting an ecryptfs overlay.

Version-Release number of selected component (if applicable):
kernel 2.6.18-58.el5 + eric's ecryptfs backport

How reproducible:

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# mount -t ecryptfs -o
rw,key=passphrase,ecryptfs_sig=f9b8ab5e40ea7ae5,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
/secret/ /secret/
Passphrase: 
Verify Passphrase: 
Cipher
1) CAST6
2) AES-128
3) AES-192
4) AES-256
5) Twofish
6) Triple-DES
7) Blowfish
8) CAST5
Selection [AES-128]: 
Enable plaintext passthrough (y/n): n
Attempting to mount with the following options:
  ecryptfs_cipher=aes
    ecryptfs_key_bytes=16
      ecryptfs_sig=f9b8ab5e40ea7ae5
Mounted eCryptfs

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# umount /secret/

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# mount -t ecryptfs -o
rw,key=passphrase,ecryptfs_sig=f9b8ab5e40ea7ae5,ecryptfs_cipher=aes-128,ecryptfs_key_bytes=16
/secret/ /secret/
Passphrase: 
Verify Passphrase: 
Cipher
1) AES-128
2) AES-192
3) AES-256
4) CAST6
5) Twofish
6) Triple-DES
7) Blowfish
8) CAST5
Selection [AES-128]: 
Enable plaintext passthrough (y/n): n
Attempting to mount with the following options:
  ecryptfs_cipher=aes
  ecryptfs_key_bytes=16
  ecryptfs_sig=f9b8ab5e40ea7ae5

general protection fault: 0000 [1] SMP 
last sysfs file: /fs/ecryptfs/version
CPU 0 
Modules linked in: ecryptfs(U) ipt_MASQUERADE iptable_nat ip_nat xt_state
ip_conntrack nfnetlink ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables
bridge ipv6 autofs4 hidp rfcomm l2cap bluetooth sunrpc netxen_nic
cpufreq_ondemand dm_multipath video sbs backlight i2c_ec i2c_core button
battery asus_acpi acpi_memhotplug ac lp snd_hda_intel snd_hda_codec
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_pcm_oss snd_mixer_oss snd_pcm ata_piix snd_timer tg3 firewire_ohci snd
ide_cd parport_pc shpchp parport serio_raw firewire_core pcspkr sg floppy
soundcore cdrom snd_page_alloc dm_snapshot dm_zero dm_mirror dm_mod ahci
libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 3320, comm: mount.ecryptfs Not tainted 2.6.18-58.el5 #1
RIP: 0010:[<ffffffff801163cb>]  [<ffffffff801163cb>] key_put+0x5/0x1c
RSP: 0018:ffff81002957fa60  EFLAGS: 00010202
RAX: ffff8100378a2850 RBX: ffff8100378a2848 RCX: ffff81003fdd54c0
RDX: ffff81002ad75508 RSI: 0000000000000000 RDI: 08230200002ca758
RBP: ffff81002ad754c0 R08: ffff81002957e000 R09: ffff81003fdd5400
R10: 0000000000000001 R11: ffffffff885c8800 R12: ffff81002ad75500
R13: ffff8100378a2860 R14: 0000000000000001 R15: 0000000000000001
FS:  00002aaaaaac8450(0000) GS:ffffffff80397000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002aaaaaac6000 CR3: 0000000029595000 CR4: 00000000000006e0
Process mount.ecryptfs (pid: 3320, threadinfo ffff81002957e000, task
ffff8100330877e0)
Stack:  ffffffff885b8606 ffff81002957fa68 ffff8100378a2840 ffffffff885c8800
 ffff81003fdd5400 ffff8100378a2850 ffffffff885b6945 ffff8100378a2850
 ffff81003fdd5400 ffff81003fdd5488 ffffffff800d9140 ffff81003fdd5400
Call Trace:
 [<ffffffff885b8606>] :ecryptfs:ecryptfs_destroy_mount_crypt_stat+0x49/0x98
 [<ffffffff885b6945>] :ecryptfs:ecryptfs_put_super+0x1a/0x3a
 [<ffffffff800d9140>] generic_shutdown_super+0x79/0xfb
 [<ffffffff800d92b6>] deactivate_super+0x6a/0x82
 [<ffffffff885b6813>] :ecryptfs:ecryptfs_get_sb+0x3a5/0x3f2
 [<ffffffff800c390a>] zone_statistics+0x3e/0x6d
 [<ffffffff8000eebc>] __alloc_pages+0x65/0x2b4
 [<ffffffff800d9361>] vfs_kern_mount+0x93/0x11a
 [<ffffffff800d942a>] do_kern_mount+0x36/0x4d
 [<ffffffff800e2add>] do_mount+0x68c/0x6fc
 [<ffffffff80008ad5>] __handle_mm_fault+0x4e0/0xdf4
 [<ffffffff80021d1a>] __up_read+0x19/0x7f
 [<ffffffff80064a9d>] do_page_fault+0x4eb/0x81d
 [<ffffffff80016563>] generic_file_aio_read+0x34/0x39
 [<ffffffff8000c927>] do_sync_read+0xc7/0x104
 [<ffffffff800c390a>] zone_statistics+0x3e/0x6d
 [<ffffffff8000eebc>] __alloc_pages+0x65/0x2b4
 [<ffffffff8004a06e>] sys_mount+0x8a/0xcd
 [<ffffffff8005b28d>] tracesys+0xd5/0xe0


Code: f0 ff 0f 0f 94 c0 84 c0 74 0c 48 c7 c7 20 b4 2f 80 e9 08 21 
RIP  [<ffffffff801163cb>] key_put+0x5/0x1c
 RSP <ffff81002957fa60>
 <0>Kernel panic - not syncing: Fatal exception
Comment 1 Jarod Wilson 2007-12-07 21:38:47 UTC 
I believe I have a reproducer here. Back-to-back mount attempts with invalid
ciphers appears to be the key.
Comment 2 Jarod Wilson 2007-12-07 21:57:47 UTC 
Created attachment 281681 [details]
Updated version of noninteractive.sh from ecrytpfs-full tarball at sf.net

This is an updated version of the noninteractive.sh script from the
ecryptfs-full tarball found on sourceforge, updated to actually run w/the
latest kernel- and user-space. At the moment, the bad cipher tests trigger a
kernel panic 100% of the time...
Comment 3 Eric Sandeen 2007-12-12 00:00:09 UTC 
This should fix it up:

In the invalid cipher case, and probably other error cases, we weren't
initializing a pointer that we later tried to pass to key_put.

Index: linux-2.6.18-58.el5/fs/ecryptfs/keystore.c
===================================================================
--- linux-2.6.18-58.el5.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.18-58.el5/fs/ecryptfs/keystore.c
@@ -1851,7 +1851,7 @@ ecryptfs_add_global_auth_tok(struct ecry
 	struct ecryptfs_global_auth_tok *new_auth_tok;
 	int rc = 0;
 
-	new_auth_tok = kmem_cache_alloc(ecryptfs_global_auth_tok_cache,
+	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
 					GFP_KERNEL);
 	if (!new_auth_tok) {
 		rc = -ENOMEM;


This patch has been sent upstream.
Comment 4 Eric Sandeen 2007-12-12 22:35:27 UTC 
patch is in -mm now.

This *might* account for the umount bug too, since we were mucking around in
uninitialized memory... hard to say, though.
Comment 5 Eric Sandeen 2007-12-18 19:19:07 UTC 
Fixed in the patch series sent for bug #228341

*** This bug has been marked as a duplicate of 228341 ***