Bug 414991 - [RHEL5.2] kernel panic on mounting ecryptfs overlay
[RHEL5.2] kernel panic on mounting ecryptfs overlay
Status: CLOSED DUPLICATE of bug 228341
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Eric Sandeen
Martin Jenner
Depends On:
  Show dependency treegraph
Reported: 2007-12-06 17:36 EST by Jarod Wilson
Modified: 2007-12-18 14:19 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-18 14:19:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Updated version of noninteractive.sh from ecrytpfs-full tarball at sf.net (3.96 KB, text/plain)
2007-12-07 16:57 EST, Jarod Wilson
no flags Details

  None (edit)
Description Jarod Wilson 2007-12-06 17:36:54 EST
Description of problem:
Twice now I've managed to hit a kernel panic upon mounting an ecryptfs overlay.

Version-Release number of selected component (if applicable):
kernel 2.6.18-58.el5 + eric's ecryptfs backport

How reproducible:

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# mount -t ecryptfs -o
/secret/ /secret/
Verify Passphrase: 
1) CAST6
2) AES-128
3) AES-192
4) AES-256
5) Twofish
6) Triple-DES
7) Blowfish
8) CAST5
Selection [AES-128]: 
Enable plaintext passthrough (y/n): n
Attempting to mount with the following options:
Mounted eCryptfs

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# umount /secret/

[root@xw4400-01 ecryptfs-kernel-2.6.24-rc3]# mount -t ecryptfs -o
/secret/ /secret/
Verify Passphrase: 
1) AES-128
2) AES-192
3) AES-256
4) CAST6
5) Twofish
6) Triple-DES
7) Blowfish
8) CAST5
Selection [AES-128]: 
Enable plaintext passthrough (y/n): n
Attempting to mount with the following options:

general protection fault: 0000 [1] SMP 
last sysfs file: /fs/ecryptfs/version
CPU 0 
Modules linked in: ecryptfs(U) ipt_MASQUERADE iptable_nat ip_nat xt_state
ip_conntrack nfnetlink ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables
bridge ipv6 autofs4 hidp rfcomm l2cap bluetooth sunrpc netxen_nic
cpufreq_ondemand dm_multipath video sbs backlight i2c_ec i2c_core button
battery asus_acpi acpi_memhotplug ac lp snd_hda_intel snd_hda_codec
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_pcm_oss snd_mixer_oss snd_pcm ata_piix snd_timer tg3 firewire_ohci snd
ide_cd parport_pc shpchp parport serio_raw firewire_core pcspkr sg floppy
soundcore cdrom snd_page_alloc dm_snapshot dm_zero dm_mirror dm_mod ahci
libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 3320, comm: mount.ecryptfs Not tainted 2.6.18-58.el5 #1
RIP: 0010:[<ffffffff801163cb>]  [<ffffffff801163cb>] key_put+0x5/0x1c
RSP: 0018:ffff81002957fa60  EFLAGS: 00010202
RAX: ffff8100378a2850 RBX: ffff8100378a2848 RCX: ffff81003fdd54c0
RDX: ffff81002ad75508 RSI: 0000000000000000 RDI: 08230200002ca758
RBP: ffff81002ad754c0 R08: ffff81002957e000 R09: ffff81003fdd5400
R10: 0000000000000001 R11: ffffffff885c8800 R12: ffff81002ad75500
R13: ffff8100378a2860 R14: 0000000000000001 R15: 0000000000000001
FS:  00002aaaaaac8450(0000) GS:ffffffff80397000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002aaaaaac6000 CR3: 0000000029595000 CR4: 00000000000006e0
Process mount.ecryptfs (pid: 3320, threadinfo ffff81002957e000, task
Stack:  ffffffff885b8606 ffff81002957fa68 ffff8100378a2840 ffffffff885c8800
 ffff81003fdd5400 ffff8100378a2850 ffffffff885b6945 ffff8100378a2850
 ffff81003fdd5400 ffff81003fdd5488 ffffffff800d9140 ffff81003fdd5400
Call Trace:
 [<ffffffff885b8606>] :ecryptfs:ecryptfs_destroy_mount_crypt_stat+0x49/0x98
 [<ffffffff885b6945>] :ecryptfs:ecryptfs_put_super+0x1a/0x3a
 [<ffffffff800d9140>] generic_shutdown_super+0x79/0xfb
 [<ffffffff800d92b6>] deactivate_super+0x6a/0x82
 [<ffffffff885b6813>] :ecryptfs:ecryptfs_get_sb+0x3a5/0x3f2
 [<ffffffff800c390a>] zone_statistics+0x3e/0x6d
 [<ffffffff8000eebc>] __alloc_pages+0x65/0x2b4
 [<ffffffff800d9361>] vfs_kern_mount+0x93/0x11a
 [<ffffffff800d942a>] do_kern_mount+0x36/0x4d
 [<ffffffff800e2add>] do_mount+0x68c/0x6fc
 [<ffffffff80008ad5>] __handle_mm_fault+0x4e0/0xdf4
 [<ffffffff80021d1a>] __up_read+0x19/0x7f
 [<ffffffff80064a9d>] do_page_fault+0x4eb/0x81d
 [<ffffffff80016563>] generic_file_aio_read+0x34/0x39
 [<ffffffff8000c927>] do_sync_read+0xc7/0x104
 [<ffffffff800c390a>] zone_statistics+0x3e/0x6d
 [<ffffffff8000eebc>] __alloc_pages+0x65/0x2b4
 [<ffffffff8004a06e>] sys_mount+0x8a/0xcd
 [<ffffffff8005b28d>] tracesys+0xd5/0xe0

Code: f0 ff 0f 0f 94 c0 84 c0 74 0c 48 c7 c7 20 b4 2f 80 e9 08 21 
RIP  [<ffffffff801163cb>] key_put+0x5/0x1c
 RSP <ffff81002957fa60>
 <0>Kernel panic - not syncing: Fatal exception
Comment 1 Jarod Wilson 2007-12-07 16:38:47 EST
I believe I have a reproducer here. Back-to-back mount attempts with invalid
ciphers appears to be the key.
Comment 2 Jarod Wilson 2007-12-07 16:57:47 EST
Created attachment 281681 [details]
Updated version of noninteractive.sh from ecrytpfs-full tarball at sf.net

This is an updated version of the noninteractive.sh script from the
ecryptfs-full tarball found on sourceforge, updated to actually run w/the
latest kernel- and user-space. At the moment, the bad cipher tests trigger a
kernel panic 100% of the time...
Comment 3 Eric Sandeen 2007-12-11 19:00:09 EST
This should fix it up:

In the invalid cipher case, and probably other error cases, we weren't
initializing a pointer that we later tried to pass to key_put.

Index: linux-2.6.18-58.el5/fs/ecryptfs/keystore.c
--- linux-2.6.18-58.el5.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.18-58.el5/fs/ecryptfs/keystore.c
@@ -1851,7 +1851,7 @@ ecryptfs_add_global_auth_tok(struct ecry
 	struct ecryptfs_global_auth_tok *new_auth_tok;
 	int rc = 0;
-	new_auth_tok = kmem_cache_alloc(ecryptfs_global_auth_tok_cache,
+	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
 	if (!new_auth_tok) {
 		rc = -ENOMEM;

This patch has been sent upstream.
Comment 4 Eric Sandeen 2007-12-12 17:35:27 EST
patch is in -mm now.

This *might* account for the umount bug too, since we were mucking around in
uninitialized memory... hard to say, though.
Comment 5 Eric Sandeen 2007-12-18 14:19:07 EST
Fixed in the patch series sent for bug #228341

*** This bug has been marked as a duplicate of 228341 ***

Note You need to log in before you can comment on or make changes to this bug.