Bug 244276

Summary: espressobin: kernel panic in 'geli attach' using AES-CBC and 'armv8crypto.ko'
Product: Base System Reporter: Jouni Laakso <jounijl>
Component: armAssignee: freebsd-arm (Nobody) <freebsd-arm>
Status: Closed FIXED    
Severity: Affects Some People CC: Andrew, freebsd-arm, imp, jhb, markj
Priority: --- Keywords: crash, needs-qa
Version: 12.1-RELEASEFlags: koobs: maintainer-feedback? (Andrew)
Hardware: arm64   
OS: Any   

Description Jouni Laakso 2020-02-21 11:09:24 UTC
armv8crypto.ko has AES-CBC 128. The following command caused a kernel panic using armv8crypto.ko . 

root@espresso:~ # geli init -e AES-CBC -s 4096 -K /etc/geli/da0p2.key /dev/da0p2
root@espresso:~ # geli attach -k /etc/geli/da0p2.key /dev/da0p2
Enter passphrase:
GEOM_ELI: Device da0p2.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: hardware
panic: CRD_F_KEY_EXPLICIT
cpuid = 1
time = 1573038302
KDB: stack backtrace:
#0 0xffff00000043c3a4 at kdb_backtrace+0x60
#1 0xffff0000003f2b74 at vpanic+0x18c
#2 0xffff0000003f29e4 at panic+0x44
#3 0xffff000053882910 at armv8_crypto_process+0x220
#4 0xffff000000634a38 at crypto_dispatch+0x164
#5 0xffff00005384a1d4 at g_eli_crypto_run+0x244
#6 0xffff000053843c8c at g_eli_worker+0x404
#7 0xffff0000003b4c74 at fork_exit+0x90
Uptime: 13h42m12s
Dumping 127 out of 999 MB:


More information about 'CRD_F_KEY_EXPLICIT' can be found from 'man -S9 crypto' : "When the CRD_F_KEY_EXPLICIT flag is set, the crd_key points to a buffer with encryption or authentication key."

The key file contains 64 B data from random:

root@espresso:~ # file /etc/geli/da0p2.key
/etc/geli/da0p2.key: data
root@espresso:~ # ls -l /etc/geli/da0p2.key
-rw-r--r--  1 root  wheel  64 Nov  6 12:42 /etc/geli/da0p2.key
root@espresso:~ # hexdump -C /etc/geli/da0p2.key
00000000  87 25 16 38 b0 dc 4b f3  86 fb 10 0b 2d 1d 9a 98  |.%.8..K.....-...|
00000010  0a 38 c7 79 0f a9 7f f4  2f 57 45 6e 56 5e 4d ff  |.8.y..../WEnV^M.|
00000020  1a f5 1e f2 78 98 56 85  41 1d 33 3e e0 4e e7 8d  |....x.V.A.3>.N..|
00000030  ff f7 f0 98 8f 93 cf d0  49 83 e4 3c ff dd 24 62  |........I..<..$b|
00000040

Adding more bytes to the key file, 4096 B did not help. File ownership 'chmod 400' did not help. Changing the random bytes to human readable characters and removing the sector size '-s' from init did not help.

root@espresso:~ # uname -a
FreeBSD espresso 12.1-RELEASE FreeBSD 12.1-RELEASE #3 r358082M: Mon Nov  4 23:41:54 EET 2019     root@espresso:/usr/obj/usr/src/arm64.aarch64/sys/ESPRESSOBIN  arm64
Comment 1 Jouni Laakso 2020-02-21 12:09:44 UTC
After looking at the code, the module file 'armv8_crypto.c' calls 'panic' if the flag is set:

        if ((enccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
                panic("CRD_F_KEY_EXPLICIT");
        }

This happens in a subfunction of a declared function:

        DEVMETHOD(cryptodev_process,    armv8_crypto_process)

Where the key is given in and what is the reason, I've not yet had time solve. Where can I find more information about kernel modules and what are the declarations?
Comment 2 Mark Johnston freebsd_committer freebsd_triage 2020-06-04 20:24:01 UTC
I'm not able to reproduce this on an espressobin running recent HEAD.  The opencrypto code and drivers have been refactored quite a bit in the meantime, so this exact panic() call is gone now.
Comment 3 John Baldwin freebsd_committer freebsd_triage 2021-05-26 21:10:41 UTC
This was fixed in commit c03414326909ed7a740be3ba63fbbef01fe513a8.  Note that this fix is only in 13 and is not likely to be merged to 12.