bug: msm8998, ecryptfs, cannot create files due to invalid keysize

bug: msm8998, ecryptfs, cannot create files due to invalid keysize

[James Muir]

There were some changes made in the msm linux kernel (msm8998) to add
hw support to ecryptfs.

Unfortunately, those changes break basic ecryptfs usage; e.g.:

  maple:/data/local/tmp # dd if=/dev/urandom of=mykey.txt bs=1 count=64
  64+0 records in
  64+0 records out
  64 bytes transferred in 0.003 secs (21333 bytes/sec)
  maple:/data/local/tmp # cat mykey.txt | keyctl padd user mykey @us
  409613533
  maple:/data/local/tmp # keyctl add encrypted 1000000000000000 "new
ecryptfs user:mykey 64" @us
  522453367
  maple:/data/local/tmp # mkdir Private
  maple:/data/local/tmp # mount -t ecryptfs -o
ecryptfs_sig=1000000000000000,ecryptfs_cipher=aes,ecryptfs_key_bytes=32
Private Private                               maple:/data/local/tmp #
touch Private/foo.txt
  touch: 'Private/foo.txt': Invalid argument

It is not possible to create any files inside the ecryptfs mounted directory.

This regression was introduced in the following commit:

  https://github.com/sonyxperiadev/kernel/commit/8928f8683bcd0236f5653963deee3bc225fb2206

That commit is also present in aosp (e.g. the Pixel 2 uses the
msm8998; but note that the aosp kernels do not enable ecryptfs).

The msm gerrit id is I453dea289b01bdf49352d5209255966052f5dc1b (sorry
-- I can't seem to find a way to point to the msm gerrit server)

The commit modified several keysize parameters.  The problem now is
that an invalid keysize (64 bytes) is passed into an aes setkey
operation (64 is too large).  The setkey operation happens in
fs/ecryptfs/keystore.c.  The value 64 is a default value set in the
function ecryptfs_fill_auth_tok() in
security/keys/encrypted-keys/ecryptfs_format.c

-James M

Re: bug: msm8998, ecryptfs, cannot create files due to invalid keysize

[James Muir]

On Fri, Oct 27, 2017 at 4:43 PM, James Muir
<james.muir@graphitesoftware.com> wrote:
> There were some changes made in the msm linux kernel (msm8998) to add
> hw support to ecryptfs.
>
> Unfortunately, those changes break basic ecryptfs usage;

<snip>

> This regression was introduced in the following commit:
>
>   https://github.com/sonyxperiadev/kernel/commit/8928f8683bcd0236f5653963deee3bc225fb2206
>
> That commit is also present in aosp (e.g. the Pixel 2 uses the
> msm8998; but note that the aosp kernels do not enable ecryptfs).

Since my message was essentially a bug report (without a patch), it
might be that linux-arm-msm was not the right place to submit it.

Does anyone know of a better way to report msm kernel bugs to Qualcomm?

Due to the high volume of traffic on the list, it seems likely a bug
report would get overlooked here.

-James M

Re: bug: msm8998, ecryptfs, cannot create files due to invalid keysize

[Tyler Hicks]

[-- Attachment #1.1: Type: text/plain, Size: 1313 bytes --]

On 11/21/2017 09:33 AM, James Muir wrote:
> On Fri, Oct 27, 2017 at 4:43 PM, James Muir
> <james.muir@graphitesoftware.com> wrote:
>> There were some changes made in the msm linux kernel (msm8998) to add
>> hw support to ecryptfs.
>>
>> Unfortunately, those changes break basic ecryptfs usage;
> 
> <snip>
> 
>> This regression was introduced in the following commit:
>>
>>   https://github.com/sonyxperiadev/kernel/commit/8928f8683bcd0236f5653963deee3bc225fb2206
>>
>> That commit is also present in aosp (e.g. the Pixel 2 uses the
>> msm8998; but note that the aosp kernels do not enable ecryptfs).
> 
> Since my message was essentially a bug report (without a patch), it
> might be that linux-arm-msm was not the right place to submit it.
> 
> Does anyone know of a better way to report msm kernel bugs to Qualcomm?

I can't help here but it might be useful to directly contact the author
of the patch that introduced the regression.

Tyler

> 
> Due to the high volume of traffic on the list, it seems likely a bug
> report would get overlooked here.
> 
> -James M
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: bug: msm8998, ecryptfs, cannot create files due to invalid keysize

[James Muir]

On Mon, Nov 27, 2017 at 1:04 PM, Tyler Hicks <tyhicks@canonical.com> wrote:
> On 11/21/2017 09:33 AM, James Muir wrote:
>> On Fri, Oct 27, 2017 at 4:43 PM, James Muir
>> <james.muir@graphitesoftware.com> wrote:
>>> There were some changes made in the msm linux kernel (msm8998) to add
>>> hw support to ecryptfs.
>>>
>>> Unfortunately, those changes break basic ecryptfs usage;
>>
>> <snip>
>>
>>> This regression was introduced in the following commit:
>>>
>>>   https://github.com/sonyxperiadev/kernel/commit/8928f8683bcd0236f5653963deee3bc225fb2206
>>>
>>> That commit is also present in aosp (e.g. the Pixel 2 uses the
>>> msm8998; but note that the aosp kernels do not enable ecryptfs).
>>
>> Since my message was essentially a bug report (without a patch), it
>> might be that linux-arm-msm was not the right place to submit it.
>>
>> Does anyone know of a better way to report msm kernel bugs to Qualcomm?
>
> I can't help here but it might be useful to directly contact the author
> of the patch that introduced the regression.

Thanks, Tyler.

Contacting the author was the first thing I did.  I sent email on 17
Oct and then again on 6 Nov.  Unfortunately, they have not been
responsive.

I may try reaching out to some of the other msm devs who have made
changes under fs/ecryptfs.

-James M