Date: Wed, 17 Feb 2021 19:57:23 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 253595] ccp(4) breaks ZFS Message-ID: <bug-253595-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253595 Bug ID: 253595 Summary: ccp(4) breaks ZFS Product: Base System Version: 13.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jsorocil@gmail.com Created attachment 222535 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D222535&action= =3Dedit core.txt Loading ccp (either in rc.conf's kld_list or manually kldloading module aft= er boot) breaks ZFS encryption - I can't load keys for existing dataset and creating new one results in kernel panic. Try to load ZFS dataset key % kldload ccp % zfs load-key data Enter passphrase for 'data': Key load error: Incorrect key provided for 'data'. Enter passphrase for 'data': Key load error: Incorrect key provided for 'data'. Enter passphrase for 'data': Key load error: Incorrect key provided for 'data'. zsh: exit 255 zfs load-key data One way to reproduce kernel panic: truncate -s 10G pool mdconfig -at vnode -f pool zpool create -m /mnt/test -O compress=3Dlz4 -O atime=3Doff -O devices=3Doff= -O setuid=3Doff -O exec=3Doff -O encryption=3Don -O keyformat=3Dpassphrase tes= t /dev/md0 <kernel panic> Other way to reproduce kernel panic: Try to create encrypted partition on existing pool (doesn't matter if root = of the pool is encrypted or not): zfs create -o encryption=3Don -o keyformat=3Dpassphrase zroot/encrypted <kernel panic> % cat /var/crash/info.last Dump header from device: /dev/gpt/hdd-swap Architecture: amd64 Architecture Version: 2 Dump Length: 1346650112 Blocksize: 512 Compression: none Dumptime: 2021-02-17 20:47:17 +0100 Hostname: zen-pobro Magic: FreeBSD Kernel Dump Version String: FreeBSD 13.0-BETA2 #2 r13.0-n244512-726e20f45041: Wed Feb= 17 20:26:38 CET 2021 root@zen-pobro:/usr/obj/usr/src/amd64.amd64/sys/GENERIC Panic String: VERIFY3(0 =3D=3D zio_crypt_key_wrap(&dck->dck_wkey->wk_key,= key, iv, mac, keydata, hmac_keydata)) failed (0 =3D=3D 5) Dump Parity: 2673242901 Bounds: 4 Dump Status: good % dmesg ... CPU: AMD Ryzen 7 PRO 4750G with Radeon Graphics (3593.33-MHz K8-class CPU) Origin=3D"AuthenticAMD" Id=3D0x860f01 Family=3D0x17 Model=3D0x60 Step= ping=3D1 =20 Features=3D0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,= MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT> =20 Features2=3D0x7ed8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,MOVB= E,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND> AMD Features=3D0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM> AMD Features2=3D0x75c237ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW= ,IBS,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX,ADMSKX> Structured Extended Features=3D0x219c91a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,PQE,RDSEED,ADX,SMAP,= CLFLUSHOPT,CLWB,SHA> Structured Extended Features2=3D0x400004<UMIP,RDPID> XSAVE Features=3D0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES> AMD Extended Feature Extensions ID EBX=3D0x90cf757<CLZERO,IRPerf,XSaveErPtr,RDPRU,MCOMMIT,WBNOINVD,IBPB,IBRS,S= TIBP,PREFER_IBRS,SSBD> SVM: NP,NRIP,VClean,AFlush,DAssist,NAsids=3D32768 TSC: P-state invariant, performance statistics ... ccp0: <AMD CCP-5a> mem 0xfcc00000-0xfccfffff,0xfcd8c000-0xfcd8dfff at device 0.2 on pci9 random: registering fast source AMD CCP TRNG % pciconf -lv none2@pci0:9:0:2: class=3D0x108000 rev=3D0x00 hdr=3D0x00 vendor=3D0x1= 022 device=3D0x15df subvendor=3D0x1022 subdevice=3D0x15df vendor =3D 'Advanced Micro Devices, Inc. [AMD]' device =3D 'Family 17h (Models 10h-1fh) Platform Security Processor' class =3D encrypt/decrypt Reproduced on FreeBSD 13.0-ALPHA3, 13.0-BETA2 and 14.0-CURRENT (commit 4a7d84058d Wed Feb 17 11:45:54 2021 +0100) If ccp module is not loaded: % zfs load-key data Enter passphrase for 'data': <ZFS dataset decrypted> % zfs create -o encryption=3Don -o keyformat=3Dpassphrase zroot/encrypted <new encrypted ZFS dataset created without panic> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253595-227>