decrypt_keyctl crashes kernel

Bug #1413754 reported by Hadmut Danisch
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Hi,

I have a computer with an encrypted raid array (encrypted inside mdadm raid, and lvm inside encrypted device), thus just a single encrypted device. Worked pretty well for years.

Recently, I've added a small SSD as a system disk with root and swap to make the machine faster. Now I had three encrypted block devices. Since it was annoying to enter the same password three times, I changed the /etc/crypttab into

sdc3_crypt UUID=cdb53b1b-58d8-4c61-baad-68e7f19b3920 h1 luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl,discard
sdc2_crypt UUID=b800eec1-ec70-44fd-aa17-0cc6dec90a9f h1 luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl,discard,swap
md1_crypt UUID=a59b9b7e-233d-4519-af0f-3561607da1d9 h1 luks,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl

to enter the password only once per boot.

Now, the system wasn't booting properly anymore. It came to asking for the password in a regular way, but once I entered the password, system went berserk. It either froze completely, or ignored most of the keyboard keys, became extremely slow, sometimes came to the init processes, but hang. Even if I was lucky enough to get a rescue root shell, system did not work properly, it just did not make any sense and seemed somewhat crazy. Impossible to use, and extremely slow.

Problems were permanent and happened with every boot, although differing, but were completely gone after I used a rescue CDROM to change the /etc/crypttab to its original state

sdc3_crypt UUID=cdb53b1b-58d8-4c61-baad-68e7f19b3920 none luks,discard
sdc2_crypt UUID=b800eec1-ec70-44fd-aa17-0cc6dec90a9f none luks,discard,swap
md1_crypt UUID=a59b9b7e-233d-4519-af0f-3561607da1d9 none luks

and rebuild the initramdisk. Now the system works just normal again (and keeps asking me for the password three times).

So it pretty much looks as if decrypt_keyctl is somewhat incompatible with the kernel and somehow breaks kernel structures.

regards
Hadmut

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cryptsetup 2:1.6.1-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Thu Jan 22 22:10:21 2015
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab:
 sdc3_crypt UUID=cdb53b1b-58d8-4c61-baad-68e7f19b3920 none luks,discard
 sdc2_crypt UUID=b800eec1-ec70-44fd-aa17-0cc6dec90a9f none luks,discard,swap
 md1_crypt UUID=a59b9b7e-233d-4519-af0f-3561607da1d9 none luks

Revision history for this message
Hadmut Danisch (hadmut) wrote :
Revision history for this message
jabba (schreib-doch-mal) wrote :

Same problem here on Ubuntu 15.04 Server.
With decrypt-script defined in crypttab system freezes while booting.

Setup was done according to this Ubuntu-Wiki article:
https://wiki.ubuntuusers.de/System_verschl%C3%BCsseln/Entschl%C3%BCsseln_mit_einem_USB-Schl%C3%BCssel

Revision history for this message
jabba (schreib-doch-mal) wrote :

I have to correct/complete my last post:

The system doesn't come up even with a "normal" luks-entry in cryptab like hadmut stated in his post.
Only with an empty crypttab the system boots.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Revision history for this message
jabba (schreib-doch-mal) wrote :

swap works - luks seems to be the bad entry here

tags: added: vivid
Changed in cryptsetup (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.