433078 – modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUKS root

Bug 433078 - modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUKS root

Summary: modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUK...

Keywords:
Status:	CLOSED DUPLICATE of bug 432813
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	module-init-tools
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Jon Masters
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	hotissue
Depends On:
Blocks:	F9Beta
TreeView+	depends on / blocked

Reported:	2008-02-15 23:37 UTC by Will Woods
Modified:	2008-02-18 22:54 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-18 22:54:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Will Woods 2008-02-15 23:37:19 UTC

Quick summary: on i386, 4 modules are aliased to 'aes': padlock-aes, geode-aes,
aes-i586, and aes_generic. I need at least one of those to decrypt my root
filesystem. In kernel 2.6.25-rc1 padlock-aes now returns an error when you
attempt to insert it, so modprobe gives up on the other 3, leaving me without
AES (and thus unable to boot).

The long version:

My rawhide machine - which is using a LUKS encrypted LVM PV for its root - is
unbootable with any 2.6.25 kernel. It requests the key and then fails to unlock
the device:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
Failed to setup dm-crypt key mapping. 
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify
that /dev/sda2 contains at least 133 sectors.

So it would seem we've failed to load the cipher module(s). Scrolling back up, I
see:
padlock: VIA PadLock not detected.
WARNING: Error inserting padlock_aes ($modpath/padlock-aes.ko): No such device
padlock: VIA PadLock Hash Engine not detected.
WARNING: Error inserting padlock_sha ($modpath/padlock-sha.ko): No such device

With kernel 2.6.24.1-31 and  2.6.24-2 (which work), these error messages don't
appear, and the system boots normally. 

LUKS needs at least one AES module to decrypt my root filesystem. 'modprobe
aes', in the 2.6.24 kernels, installs all the modules which are aliased to
'aes': padlock-aes, geode-aes, aes-i586, aes_generic. 

In 2.6.24 kernels they all probe successfully. With 2.6.25-rc1, inserting the
padlock-aes module now returns an error if you don't have that hardware. I'm
guessing that modprobe gives up at that point, and that's why the message
indicating missing support for aes-cbc-essiv:sha256 appears - no AES modules
were loaded

Comment 1 Jon Masters 2008-02-18 20:24:06 UTC

I'll look at it :)

Comment 2 Jeffrey C. Ollie 2008-02-18 21:59:43 UTC

Is this the same problem as 432813?

Comment 3 Will Woods 2008-02-18 22:22:47 UTC

Looks the same to me. Check the scrollback for error messages loading
padlock-{aes,sha}. 

Until this is fixed, we'll need a workaround to get 2.6.25 kernels booting -
either stop building padlock-aes, remove it from the initrd, or modify it so it
fails silently rather than causing errors.

Comment 4 Jeffrey C. Ollie 2008-02-18 22:37:28 UTC

*** Bug 432813 has been marked as a duplicate of this bug. ***

Comment 5 Will Woods 2008-02-18 22:54:53 UTC

Blarg! I fail at debugging! 

I rebuilt my initrd with no padlock-aes, and it still doesn't boot. For
confirmation of my wrongness, I went to a non-LUKS system and did:

  modprobe aes

Which attempted to insert all 4 AES modules, even after giving me the error
message about padlock_aes. In short: modprobe is fine, something in the kernel
is busted, and I'm a dope.

*** This bug has been marked as a duplicate of 432813 ***

Note You need to log in before you can comment on or make changes to this bug.