kernel-packages team mailing list archive

Thread
Date
[Bug 1386339] Re: cryptswap can fail if random data matches a filesystem magic number

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: James Lewis <1386339@xxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Oct 2014 11:16:29 -0000
Reply-to: Bug 1386339 <1386339@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
I have added the information collected by apport, although this seems
like such an obviously possible (if rare) event that it does not take
too much debugging to identify what is happening.

The issue is more about deciding what action to take, rather than
finding the bug... obviously you don't want people to be able to
accidentally overwrite a filesystem, but you also don't want swap to
mysteriously disappear from people's machines... perhaps check the
partition type and wipe the first 1Meg of any partition marked "Linux
Swap" before starting the encrypted disks.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1386339

Title:
  cryptswap can fail if random data matches a filesystem magic number

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  I noticed that my encrypted swap was not working, and I found that the
  randomly generated encrypted filesystem had randomly generated data
  that had the magic number of a filesystem type, and hence ever more it
  refused to start...

  Eg:-

  root@hardline:/etc# more /etc/crypttab
  cryptswap1 /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

  root@hardline:/etc# cryptdisks_start cryptswap1
   * Starting crypto disk...                                                       * cryptswap1 (starting)..
   * cryptswap1: the precheck for '/dev/sda3' failed:  - The device /dev/sda3 contains a filesystem type hfsplus.
   * cryptswap1 (failed)...                                                [fail] 

  Obviosuly this is not a filesystem:-

  root@hardline:/etc# mount -t hfsplus /dev/sda3 /mnt
  mount: wrong fs type, bad option, bad superblock on /dev/sda3,
         missing codepage or helper program, or other error

  So I blanked it and restarted, all is now well... perhaps if there's a
  force option on cryptsetup this should be used in the setup scripts:-

  root@hardline:/etc# dd if=/dev/zero of=/dev/sda3
  ^C684121+0 records in
  684121+0 records out
  350269952 bytes (350 MB) copied, 5.96378 s, 58.7 MB/s

  root@hardline:/etc# cryptdisks_start cryptswap1
   * Starting crypto disk...                                                       * cryptswap1 (starting)..
   * cryptswap1 (started)...                                               [ OK ]
  --- 
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  james      3650 F.... pulseaudio
   /dev/snd/controlC1:  james      3650 F.... pulseaudio
  DistroRelease: Ubuntu 14.10
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-04-28 (182 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
  MachineType: LENOVO 20266
  Package: linux (not installed)
  ProcEnviron:
   LANGUAGE=en_GB:en
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-23-generic.efi.signed root=UUID=1cbc95ee-97a4-4869-b1a2-135f351313eb ro quiet splash nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw nomdmonddf nomdmonisw vt.handoff=7
  ProcVersionSignature: Ubuntu 3.16.0-23.31-generic 3.16.4
  PulseList:
   Error: command ['pacmd', 'list'] failed with exit code 1: Home directory not accessible: Permission denied
   No PulseAudio daemon running, or not running as session daemon.
  RelatedPackageVersions:
   linux-restricted-modules-3.16.0-23-generic N/A
   linux-backports-modules-3.16.0-23-generic  N/A
   linux-firmware                             1.138
  Tags:  utopic
  Uname: Linux 3.16.0-23-generic x86_64
  UpgradeStatus: Upgraded to utopic on 2014-10-14 (13 days ago)
  UserGroups:
   
  _MarkForUpload: True
  dmi.bios.date: 10/31/2013
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 76CN31WW
  dmi.board.asset.tag: No Asset Tag
  dmi.board.name: Yoga2
  dmi.board.vendor: LENOVO
  dmi.board.version: 31900058STD
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Lenovo Yoga 2 Pro
  dmi.modalias: dmi:bvnLENOVO:bvr76CN31WW:bd10/31/2013:svnLENOVO:pn20266:pvrLenovoYoga2Pro:rvnLENOVO:rnYoga2:rvr31900058STD:cvnLENOVO:ct10:cvrLenovoYoga2Pro:
  dmi.product.name: 20266
  dmi.product.version: Lenovo Yoga 2 Pro
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1386339/+subscriptions
References

[Bug 1386339] [NEW] cryptswap can fail if random data matches a filesystem magic number
From: James Lewis, 2014-10-27