Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Feb 2021 19:57:23 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 253595] ccp(4) breaks ZFS
Message-ID:  <bug-253595-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253595

            Bug ID: 253595
           Summary: ccp(4) breaks ZFS
           Product: Base System
           Version: 13.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jsorocil@gmail.com

Created attachment 222535
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D222535&action=
=3Dedit
core.txt

Loading ccp (either in rc.conf's kld_list or manually kldloading module aft=
er
boot) breaks ZFS encryption - I can't load keys for existing dataset and
creating new one results in kernel panic.

Try to load ZFS dataset key
% kldload ccp
% zfs load-key data
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
zsh: exit 255   zfs load-key data

One way to reproduce kernel panic:
truncate -s 10G pool
mdconfig -at vnode -f pool
zpool create -m /mnt/test -O compress=3Dlz4 -O atime=3Doff -O devices=3Doff=
 -O
setuid=3Doff -O exec=3Doff -O encryption=3Don -O keyformat=3Dpassphrase tes=
t /dev/md0
<kernel panic>

Other way to reproduce kernel panic:
Try to create encrypted partition on existing pool (doesn't matter if root =
of
the pool is encrypted or not):
zfs create -o encryption=3Don -o keyformat=3Dpassphrase zroot/encrypted
<kernel panic>

% cat /var/crash/info.last
Dump header from device: /dev/gpt/hdd-swap
  Architecture: amd64
  Architecture Version: 2
  Dump Length: 1346650112
  Blocksize: 512
  Compression: none
  Dumptime: 2021-02-17 20:47:17 +0100
  Hostname: zen-pobro
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 13.0-BETA2 #2 r13.0-n244512-726e20f45041: Wed Feb=
 17
20:26:38 CET 2021
    root@zen-pobro:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
  Panic String: VERIFY3(0 =3D=3D zio_crypt_key_wrap(&dck->dck_wkey->wk_key,=
 key,
iv, mac, keydata, hmac_keydata)) failed (0 =3D=3D 5)

  Dump Parity: 2673242901
  Bounds: 4
  Dump Status: good

% dmesg
...
CPU: AMD Ryzen 7 PRO 4750G with Radeon Graphics (3593.33-MHz K8-class CPU)
  Origin=3D"AuthenticAMD"  Id=3D0x860f01  Family=3D0x17  Model=3D0x60  Step=
ping=3D1
=20
Features=3D0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,=
MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
=20
Features2=3D0x7ed8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,MOVB=
E,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=3D0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD
Features2=3D0x75c237ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW=
,IBS,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX,ADMSKX>
  Structured Extended
Features=3D0x219c91a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,PQE,RDSEED,ADX,SMAP,=
CLFLUSHOPT,CLWB,SHA>
  Structured Extended Features2=3D0x400004<UMIP,RDPID>
  XSAVE Features=3D0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  AMD Extended Feature Extensions ID
EBX=3D0x90cf757<CLZERO,IRPerf,XSaveErPtr,RDPRU,MCOMMIT,WBNOINVD,IBPB,IBRS,S=
TIBP,PREFER_IBRS,SSBD>
  SVM: NP,NRIP,VClean,AFlush,DAssist,NAsids=3D32768
  TSC: P-state invariant, performance statistics
...
ccp0: <AMD CCP-5a> mem 0xfcc00000-0xfccfffff,0xfcd8c000-0xfcd8dfff at device
0.2 on pci9
random: registering fast source AMD CCP TRNG

% pciconf -lv
none2@pci0:9:0:2:       class=3D0x108000 rev=3D0x00 hdr=3D0x00 vendor=3D0x1=
022
device=3D0x15df subvendor=3D0x1022 subdevice=3D0x15df
    vendor     =3D 'Advanced Micro Devices, Inc. [AMD]'
    device     =3D 'Family 17h (Models 10h-1fh) Platform Security Processor'
    class      =3D encrypt/decrypt


Reproduced on FreeBSD 13.0-ALPHA3, 13.0-BETA2 and 14.0-CURRENT (commit
4a7d84058d Wed Feb 17 11:45:54 2021 +0100)

If ccp module is not loaded:
% zfs load-key data
Enter passphrase for 'data':
<ZFS dataset decrypted>

% zfs create -o encryption=3Don -o keyformat=3Dpassphrase zroot/encrypted
<new encrypted ZFS dataset created without panic>

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253595-227>