Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-15407

fscrypt does not work on Ubuntu 5.8 kernel

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • Lustre 2.15.0
    • Lustre 2.15.0
    • None
    • Ubuntu 20 HWE client running a 5.8 kernel.
    • 3
    • 9223372036854775807

    Description

      With Ubuntu LTS running a 5.8 kernel which has native fscrypt support I added in sanity-sec testing. This is using the default embedded llcrypt and it failed the fscrypt test. For sanity-sec 46 I get:

      == sanity-sec test 46: encrypted file access semantics without key ========================================================== 07:46:51 (1641221211)
      10.0.0.10@tcp:/lustre /mnt/lustre lustre rw,checksum,flock,user_xattr,lruresize,lazystatfs,nouser_fid2path,verbose,encrypt 0 0
      Stopping client samuel /mnt/lustre (opts
      Starting client: samuel:  -o user_xattr,flock,test_dummy_encryption 10.0.0.10@tcp:/lustre /mnt/lustre
      mount.lustre: test dummy encryption option ignored: could not insert dummy encryption key into session keyring
      Unable to dump key: Key has been revoked
      Format:

      All the fscrypt test fail the same way.

      Attachments

        Issue Links

          Activity

            [LU-15407] fscrypt does not work on Ubuntu 5.8 kernel
            pjones Peter Jones added a comment -

            Landed for 2.15

            pjones Peter Jones added a comment - Landed for 2.15

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/46038/
            Subject: LU-15407 test: remove dummy enc key at cleanup
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: ec0b308614a2bad18a7a1fd805f36eb8ed6ea5eb

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/46038/ Subject: LU-15407 test: remove dummy enc key at cleanup Project: fs/lustre-release Branch: master Current Patch Set: Commit: ec0b308614a2bad18a7a1fd805f36eb8ed6ea5eb

            "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/46038
            Subject: LU-15407 test: remove dummy enc key at cleanup
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: b05a9eb3e2fbe4110c66c12447af971577faa46c

            gerrit Gerrit Updater added a comment - "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/46038 Subject: LU-15407 test: remove dummy enc key at cleanup Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: b05a9eb3e2fbe4110c66c12447af971577faa46c

            I figured out its due to one of the sanity-sec test failing. Currently if any of the test fail the later test also will fail with the above error. My thinking is that the sanity-sec test are not properly revoking the key on failing testing. 

            simmonsja James A Simmons added a comment - I figured out its due to one of the sanity-sec test failing. Currently if any of the test fail the later test also will fail with the above error. My thinking is that the sanity-sec test are not properly revoking the key on failing testing. 

            Hi James,

            I tried but did not manage to reproduce. Here is my configuration:

            # lsb_release -a
            No LSB modules are available.
            Distributor ID: Ubuntu
            Description:    Ubuntu 20.04.3 LTS
            Release:        20.04
            Codename:       focal
            # uname -r
            5.8.0-63-generic
            

            And like you, I am using the embedded llcrypt lib instead of the in-kernel fscrypt.

            When mounting with test_dummy_encryption option, it works and the fscrypt key is added to the session keyring:

            # keyctl show
            Session Keyring
             499722460 --alswrv      0     0  keyring: _ses
             302746999 --alswrv      0 65534   \_ keyring: _uid.0
              70358189 --alsw-v      0     0   \_ logon: fscrypt:4242424242424242
            

            The error message could not insert dummy encryption key into session keyring you get is displayed when the call to add_key fails. This function is provided by libkeyutils, in my case it is:

            libkeyutils1/focal,now 1.6-6ubuntu1 amd64 [installed,automatic]
            
            sebastien Sebastien Buisson added a comment - Hi James, I tried but did not manage to reproduce. Here is my configuration: # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal # uname -r 5.8.0-63-generic And like you, I am using the embedded llcrypt lib instead of the in-kernel fscrypt. When mounting with test_dummy_encryption option, it works and the fscrypt key is added to the session keyring: # keyctl show Session Keyring 499722460 --alswrv 0 0 keyring: _ses 302746999 --alswrv 0 65534 \_ keyring: _uid.0 70358189 --alsw-v 0 0 \_ logon: fscrypt:4242424242424242 The error message could not insert dummy encryption key into session keyring you get is displayed when the call to add_key fails. This function is provided by libkeyutils , in my case it is: libkeyutils1/focal,now 1.6-6ubuntu1 amd64 [installed,automatic]
            pjones Peter Jones added a comment -

            Seb

            Could you please investigate?

            Thanks

            Peter

            pjones Peter Jones added a comment - Seb Could you please investigate? Thanks Peter

            People

              sebastien Sebastien Buisson
              simmonsja James A Simmons
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: