Bug 247954 - geli: NULL encryption algorithm instapanics "IV_SEPARATE set when IV isn't used"
Summary: geli: NULL encryption algorithm instapanics "IV_SEPARATE set when IV isn't used"
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: John Baldwin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-13 15:42 UTC by Alan Somers
Modified: 2020-09-19 18:20 UTC (History)
1 user (show)

See Also:


Attachments
Fix geli's null cipher, and add a test case (3.12 KB, patch)
2020-07-20 20:55 UTC, Alan Somers
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Somers freebsd_committer 2020-07-13 15:42:08 UTC
Trying to create a geli provider with "-e NULL" instapanics on head at r362978.  I'm guessing the panic was introduced by r359374.  Sadly, geli's test suite does not cover that algorithm.  I can't reproduce the panic on stable/12 at r361403.

Steps to Reproduce:
# sudo mdconfig -a -t malloc -s 4m
md0
# sudo geli onetime -e NULL md0

panic: IV_SEPARATE set when IV isn't used
cpuid = 0
time = 1594654462
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe006013ba20
vpanic() at vpanic+0x182/frame 0xfffffe006013ba70
panic() at panic+0x43/frame 0xfffffe006013bad0
crypto_dispatch() at crypto_dispatch+0x682/frame 0xfffffe006013bb00
g_eli_crypto_run() at g_eli_crypto_run+0x1a6/frame 0xfffffe006013bb50
g_eli_worker() at g_eli_worker+0x368/frame 0xfffffe006013bbb0
fork_exit() at fork_exit+0x80/frame 0xfffffe006013bbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe006013bbf0
Comment 1 Alan Somers freebsd_committer 2020-07-13 15:42:54 UTC
jhb, could you please take a look at this?  I think it's pretty likely that the bug was introduced by r359374.
Comment 2 Conrad Meyer freebsd_committer 2020-07-13 16:01:58 UTC
A NULL mode should not exist anyway.
Comment 3 John Baldwin freebsd_committer freebsd_triage 2020-07-16 23:28:31 UTC
Hmm, I could either relax the assertion or we'd have to omit the flag for NULL.  Arguably things that want to use a NULL transform should just not create an OCF session at all but instead handle it directly.  IPsec mandates a NULL cipher for testing (but only for testing.)  Presumably NULL doesn't need to use keys either.

Hmm, try this:

Index: geom/eli/g_eli_integrity.c
===================================================================
--- geom/eli/g_eli_integrity.c  (revision 361855)
+++ geom/eli/g_eli_integrity.c  (working copy)
@@ -536,13 +536,15 @@
                crp->crp_digest_start = 0;
                crp->crp_payload_start = sc->sc_alen;
                crp->crp_payload_length = data_secsize;
-               crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
                if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) {
                        crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
                            encr_secsize);
                }
-               g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
-                   sizeof(crp->crp_iv));
+               if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+                       crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+                       g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+                           sizeof(crp->crp_iv));
+               }
 
                g_eli_auth_keygen(sc, dstoff, authkey);
                crp->crp_auth_key = authkey;
Index: geom/eli/g_eli_privacy.c
===================================================================
--- geom/eli/g_eli_privacy.c    (revision 361855)
+++ geom/eli/g_eli_privacy.c    (working copy)
@@ -281,13 +281,15 @@
 
                crp->crp_payload_start = 0;
                crp->crp_payload_length = secsize;
-               crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
                if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) {
                        crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
                            secsize);
                }
-               g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
-                   sizeof(crp->crp_iv));
+               if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+                       crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+                       g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+                           sizeof(crp->crp_iv));
+               }
 
                error = crypto_dispatch(crp);
                KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
Comment 4 Alan Somers freebsd_committer 2020-07-20 20:55:01 UTC
Created attachment 216613 [details]
Fix geli's null cipher, and add a test case

Your fix works for me, jhb.  I've combined it with a regression test in the attached patch.
Comment 5 John Baldwin freebsd_committer freebsd_triage 2020-07-20 21:05:26 UTC
Comment on attachment 216613 [details]
Fix geli's null cipher, and add a test case

Looks good to me.
Comment 6 commit-hook freebsd_committer 2020-07-21 19:18:33 UTC
A commit references this bug:

Author: asomers
Date: Tue Jul 21 19:18:30 UTC 2020
New revision: 363402
URL: https://svnweb.freebsd.org/changeset/base/363402

Log:
  Fix geli's null cipher, and add a test case

  PR:		247954
  Submitted by:	jhb (sys), asomers (tests)
  Reviewed by:	jhb (tests), asomers (sys)
  MFC after:	2 weeks
  Sponsored by:	Axcient

Changes:
  head/sys/geom/eli/g_eli_integrity.c
  head/sys/geom/eli/g_eli_privacy.c
  head/tests/sys/geom/class/eli/onetime_test.sh
Comment 7 commit-hook freebsd_committer 2020-07-22 17:37:30 UTC
A commit references this bug:

Author: lwhsu
Date: Wed Jul 22 17:37:11 UTC 2020
New revision: 363423
URL: https://svnweb.freebsd.org/changeset/base/363423

Log:
  Fix sys.geom.class.eli.onetime_test.onetime after r363402

  PR:		247954
  X-MFC with:	r363402
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/tests/sys/geom/class/eli/onetime_test.sh
Comment 8 Alan Somers freebsd_committer 2020-09-19 18:20:06 UTC
No need to MFC.  Bug does not exist on stable/12.