[LU-15407] fscrypt does not work on Ubuntu 5.8 kernel - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: Lustre 2.15.0
Affects Version/s: Lustre 2.15.0
Labels:
None
Environment:
Ubuntu 20 HWE client running a 5.8 kernel.

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

With Ubuntu LTS running a 5.8 kernel which has native fscrypt support I added in sanity-sec testing. This is using the default embedded llcrypt and it failed the fscrypt test. For sanity-sec 46 I get:

== sanity-sec test 46: encrypted file access semantics without key ========================================================== 07:46:51 (1641221211)
10.0.0.10@tcp:/lustre /mnt/lustre lustre rw,checksum,flock,user_xattr,lruresize,lazystatfs,nouser_fid2path,verbose,encrypt 0 0
Stopping client samuel /mnt/lustre (opts
Starting client: samuel: -o user_xattr,flock,test_dummy_encryption 10.0.0.10@tcp:/lustre /mnt/lustre
mount.lustre: test dummy encryption option ignored: could not insert dummy encryption key into session keyring
Unable to dump key: Key has been revoked
Format:

All the fscrypt test fail the same way.

Attachments

Issue Links

is related to

LU-13717 Client-side encryption - support file name encryption

Resolved

LU-13783 Support for linux kernel version 5.8

Resolved

Activity

[LU-15407] fscrypt does not work on Ubuntu 5.8 kernel

Peter Jones added a comment - 18/Jan/22 2:03 PM

Landed for 2.15

Peter Jones added a comment - 18/Jan/22 2:03 PM Landed for 2.15

Gerrit Updater added a comment - 18/Jan/22 9:07 AM

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/46038/
Subject: ~~LU-15407~~ test: remove dummy enc key at cleanup
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: ec0b308614a2bad18a7a1fd805f36eb8ed6ea5eb

Gerrit Updater added a comment - 18/Jan/22 9:07 AM "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/46038/ Subject: LU-15407 test: remove dummy enc key at cleanup Project: fs/lustre-release Branch: master Current Patch Set: Commit: ec0b308614a2bad18a7a1fd805f36eb8ed6ea5eb

Gerrit Updater added a comment - 11/Jan/22 7:38 AM

"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/46038
Subject: ~~LU-15407~~ test: remove dummy enc key at cleanup
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: b05a9eb3e2fbe4110c66c12447af971577faa46c

Gerrit Updater added a comment - 11/Jan/22 7:38 AM "Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/46038 Subject: LU-15407 test: remove dummy enc key at cleanup Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: b05a9eb3e2fbe4110c66c12447af971577faa46c

James A Simmons added a comment - 10/Jan/22 3:23 PM

I figured out its due to one of the sanity-sec test failing. Currently if any of the test fail the later test also will fail with the above error. My thinking is that the sanity-sec test are not properly revoking the key on failing testing.

James A Simmons added a comment - 10/Jan/22 3:23 PM I figured out its due to one of the sanity-sec test failing. Currently if any of the test fail the later test also will fail with the above error. My thinking is that the sanity-sec test are not properly revoking the key on failing testing.

Sebastien Buisson added a comment - 06/Jan/22 2:14 PM

Hi James,

I tried but did not manage to reproduce. Here is my configuration:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal
# uname -r
5.8.0-63-generic

And like you, I am using the embedded llcrypt lib instead of the in-kernel fscrypt.

When mounting with test_dummy_encryption option, it works and the fscrypt key is added to the session keyring:

# keyctl show
Session Keyring
 499722460 --alswrv      0     0  keyring: _ses
 302746999 --alswrv      0 65534   \_ keyring: _uid.0
  70358189 --alsw-v      0     0   \_ logon: fscrypt:4242424242424242

The error message could not insert dummy encryption key into session keyring you get is displayed when the call to add_key fails. This function is provided by libkeyutils, in my case it is:

libkeyutils1/focal,now 1.6-6ubuntu1 amd64 [installed,automatic]

Sebastien Buisson added a comment - 06/Jan/22 2:14 PM Hi James, I tried but did not manage to reproduce. Here is my configuration: # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal # uname -r 5.8.0-63-generic And like you, I am using the embedded llcrypt lib instead of the in-kernel fscrypt. When mounting with test_dummy_encryption option, it works and the fscrypt key is added to the session keyring: # keyctl show Session Keyring 499722460 --alswrv 0 0 keyring: _ses 302746999 --alswrv 0 65534 \_ keyring: _uid.0 70358189 --alsw-v 0 0 \_ logon: fscrypt:4242424242424242 The error message could not insert dummy encryption key into session keyring you get is displayed when the call to add_key fails. This function is provided by libkeyutils , in my case it is: libkeyutils1/focal,now 1.6-6ubuntu1 amd64 [installed,automatic]

Peter Jones added a comment - 04/Jan/22 3:11 PM

Seb

Could you please investigate?

Thanks

Peter

Peter Jones added a comment - 04/Jan/22 3:11 PM Seb Could you please investigate? Thanks Peter

People

Assignee:: Sebastien Buisson

Reporter:: James A Simmons

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 03/Jan/22 2:53 PM

Updated:: 21/Mar/22 6:48 PM

Resolved:: 18/Jan/22 2:03 PM