* [dm-crypt] cryptsetup problem with memory allocation
@ 2014-06-23 8:50 Belisko Marek
2014-06-23 9:01 ` .. ink ..
2014-06-23 21:45 ` Milan Broz
0 siblings, 2 replies; 11+ messages in thread
From: Belisko Marek @ 2014-06-23 8:50 UTC (permalink / raw)
To: dm-crypt
Hi,
I'm trying to use cryptsetup on beaglebone to encrypt some data.
cryptsetup version is 1.6.2. When running luksFormat (with verbose
option) I get following:
# Allocating crypt device /dev/loop0 context.
# Trying to open and read device /dev/loop0.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 1000 miliseconds.
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Formatting device /dev/loop0 as type LUKS1.
# Crypto backend (gcrypt 1.5.0) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha1, aes,
cbc-essiv:sha256, MK 32 bytes
# Crypto backend (gcrypt 1.5.0) initialized.
# KDF pbkdf2, hash sha1: 18204 iterations per second.
# Data offset 4096, UUID 9b15dba5-058d-4b81-aa14-e085698e87c1, digest
iterations 2125
# Updating LUKS header of size 1024 on device /dev/loop0
# Key length 32, device size 8192 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/loop0
# Key length 32, device size 8192 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.0) initialized.
# KDF pbkdf2, hash sha1: 18204 iterations per second.
# Key slot 0 use 8888 password iterations.
# Using hash sha1 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# Detected kernel Linux 3.9.0-g7897c55-dirty armv7l.
Couldn't create ioctl argument.
Cannot initialize device-mapper. Is dm_mod kernel module loaded?
# Releasing crypt device /dev/loop0 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Cannot initialize device-mapper. Is dm_mod
kernel module loaded?
I track it down that malloc fails (ENONMEM) in libdevmapper and then
_dm_check_versions() fails when creating dm task (dmt =
dm_task_create(DM_DEVICE_LIST_VERSIONS). There is enough of free
memory in this case:
total used free shared buffers
Mem: 247396 68656 178740 0 0
Any idea why allocation runs out of memory and due to that cryptsetup fails?
Thanks in advance.
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 8:50 [dm-crypt] cryptsetup problem with memory allocation Belisko Marek
@ 2014-06-23 9:01 ` .. ink ..
2014-06-23 9:05 ` Belisko Marek
2014-06-23 12:31 ` Belisko Marek
2014-06-23 21:45 ` Milan Broz
1 sibling, 2 replies; 11+ messages in thread
From: .. ink .. @ 2014-06-23 9:01 UTC (permalink / raw)
To: Belisko Marek, dm-crypt
[-- Attachment #1: Type: text/plain, Size: 386 bytes --]
On Mon, Jun 23, 2014 at 4:50 AM, Belisko Marek <marek.belisko@gmail.com>
wrote:
>
> Command failed with code 5: Cannot initialize device-mapper. Is dm_mod
> kernel module loaded?
>
>
you can answer this question by posting the output of the following command:
lsmod | grep dm_mod
your post should have contained the answer since the question was asked
multiple times
in those logs.
[-- Attachment #2: Type: text/html, Size: 946 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 9:01 ` .. ink ..
@ 2014-06-23 9:05 ` Belisko Marek
2014-06-23 12:31 ` Belisko Marek
1 sibling, 0 replies; 11+ messages in thread
From: Belisko Marek @ 2014-06-23 9:05 UTC (permalink / raw)
To: .. ink ..; +Cc: dm-crypt
On Mon, Jun 23, 2014 at 11:01 AM, .. ink .. <mhogomchungu@gmail.com> wrote:
>
> On Mon, Jun 23, 2014 at 4:50 AM, Belisko Marek <marek.belisko@gmail.com>
> wrote:
>
>
>>
>> Command failed with code 5: Cannot initialize device-mapper. Is dm_mod
>> kernel module loaded?
>>
>
> you can answer this question by posting the output of the following command:
>
> lsmod | grep dm_mod
I forgot to mention that I checked this before and output is:
lsmod | grep dm_mod
dm_mod 61572 0
>
> your post should have contained the answer since the question was asked
> multiple times
> in those logs.
As I describe in first email problem comes when trying to access devmapper.
>
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 9:01 ` .. ink ..
2014-06-23 9:05 ` Belisko Marek
@ 2014-06-23 12:31 ` Belisko Marek
1 sibling, 0 replies; 11+ messages in thread
From: Belisko Marek @ 2014-06-23 12:31 UTC (permalink / raw)
To: .. ink ..; +Cc: dm-crypt
On Mon, Jun 23, 2014 at 11:01 AM, .. ink .. <mhogomchungu@gmail.com> wrote:
>
> On Mon, Jun 23, 2014 at 4:50 AM, Belisko Marek <marek.belisko@gmail.com>
> wrote:
>
>
>>
>> Command failed with code 5: Cannot initialize device-mapper. Is dm_mod
>> kernel module loaded?
>>
>
> you can answer this question by posting the output of the following command:
also when run luksFormat first time I can see this message:
[ 93.644868] device-mapper: ioctl: 4.24.0-ioctl (2013-01-15)
initialised: dm-devel@redhat.com
so I think module is loaded and running.
>
> lsmod | grep dm_mod
>
> your post should have contained the answer since the question was asked
> multiple times
> in those logs.
>
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 8:50 [dm-crypt] cryptsetup problem with memory allocation Belisko Marek
2014-06-23 9:01 ` .. ink ..
@ 2014-06-23 21:45 ` Milan Broz
2014-06-23 23:12 ` Alasdair G Kergon
` (2 more replies)
1 sibling, 3 replies; 11+ messages in thread
From: Milan Broz @ 2014-06-23 21:45 UTC (permalink / raw)
To: Belisko Marek, dm-crypt; +Cc: Peter Rajnoha
On 06/23/2014 10:50 AM, Belisko Marek wrote:
> I'm trying to use cryptsetup on beaglebone to encrypt some data.
> cryptsetup version is 1.6.2. When running luksFormat (with verbose
> option) I get following:
Hi,
please can you try new versions of libdevampper and cryptsetup?
...
> # Calculated device size is 250 sectors (RW), offset 8.
> # Detected kernel Linux 3.9.0-g7897c55-dirty armv7l.
> Couldn't create ioctl argument.
...
> I track it down that malloc fails (ENONMEM) in libdevmapper and then
> _dm_check_versions() fails when creating dm task (dmt =
> dm_task_create(DM_DEVICE_LIST_VERSIONS).
This is error from libdevmapper, I have no idea why this happens
on ARM... (Adding cc to Peter - any idea in dm camp? :-)
Are there any special patches in your kernel for DM subsystem?
(Can you try newer kernel also?)
Milan
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 21:45 ` Milan Broz
@ 2014-06-23 23:12 ` Alasdair G Kergon
2014-07-04 15:02 ` Belisko Marek
2014-06-23 23:17 ` Alasdair G Kergon
2014-07-04 14:44 ` Belisko Marek
2 siblings, 1 reply; 11+ messages in thread
From: Alasdair G Kergon @ 2014-06-23 23:12 UTC (permalink / raw)
To: Milan Broz, Belisko Marek, dm-crypt, Peter Rajnoha
> > I track it down that malloc fails (ENONMEM) in libdevmapper and then
> > _dm_check_versions() fails when creating dm task (dmt =
> > dm_task_create(DM_DEVICE_LIST_VERSIONS).
After updating to the most recent version you are able to use,
run it under strace and let us see the relevant output (at least the
failing system call itself, what leads up to it, including all early
memory-related system calls and DM ioctls) and any environment variables
set that could modify behaviour.
Be careful not to expose any confidential data or passwords.
Alasdair
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 21:45 ` Milan Broz
2014-06-23 23:12 ` Alasdair G Kergon
@ 2014-06-23 23:17 ` Alasdair G Kergon
2014-07-04 14:44 ` Belisko Marek
2 siblings, 0 replies; 11+ messages in thread
From: Alasdair G Kergon @ 2014-06-23 23:17 UTC (permalink / raw)
To: Milan Broz, Belisko Marek, dm-crypt, Peter Rajnoha
> > I'm trying to use cryptsetup on beaglebone to encrypt some data.
Also, check if libc is up-to-date. Is it glibc or an alternative?
Alasdair
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 21:45 ` Milan Broz
2014-06-23 23:12 ` Alasdair G Kergon
2014-06-23 23:17 ` Alasdair G Kergon
@ 2014-07-04 14:44 ` Belisko Marek
2 siblings, 0 replies; 11+ messages in thread
From: Belisko Marek @ 2014-07-04 14:44 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt, Peter Rajnoha
Hello Milan,
On Mon, Jun 23, 2014 at 11:45 PM, Milan Broz <gmazyland@gmail.com> wrote:
> On 06/23/2014 10:50 AM, Belisko Marek wrote:
>> I'm trying to use cryptsetup on beaglebone to encrypt some data.
>> cryptsetup version is 1.6.2. When running luksFormat (with verbose
>> option) I get following:
>
> Hi,
>
> please can you try new versions of libdevampper and cryptsetup?
I test 1.64 cryptsetup + lvm2 (02.107) and it also fails but on
different place (don't have log by hand now).
I did test also with kernel 3.15 and cryptsetup 1.64 and it works fine.
>
> ...
>> # Calculated device size is 250 sectors (RW), offset 8.
>> # Detected kernel Linux 3.9.0-g7897c55-dirty armv7l.
>> Couldn't create ioctl argument.
> ...
>> I track it down that malloc fails (ENONMEM) in libdevmapper and then
>> _dm_check_versions() fails when creating dm task (dmt =
>> dm_task_create(DM_DEVICE_LIST_VERSIONS).
>
> This is error from libdevmapper, I have no idea why this happens
> on ARM... (Adding cc to Peter - any idea in dm camp? :-)
>
> Are there any special patches in your kernel for DM subsystem?
> (Can you try newer kernel also?)
We have mainline 3.9 kernel on top some patches but not touching
anything in dm area.
>
> Milan
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-06-23 23:12 ` Alasdair G Kergon
@ 2014-07-04 15:02 ` Belisko Marek
2014-07-04 16:44 ` Milan Broz
0 siblings, 1 reply; 11+ messages in thread
From: Belisko Marek @ 2014-07-04 15:02 UTC (permalink / raw)
To: Milan Broz, Belisko Marek, dm-crypt, Peter Rajnoha, agk
Hi,
On Tue, Jun 24, 2014 at 1:12 AM, Alasdair G Kergon <agk@redhat.com> wrote:
>> > I track it down that malloc fails (ENONMEM) in libdevmapper and then
>> > _dm_check_versions() fails when creating dm task (dmt =
>> > dm_task_create(DM_DEVICE_LIST_VERSIONS).
>
> After updating to the most recent version you are able to use,
> run it under strace and let us see the relevant output (at least the
> failing system call itself, what leads up to it, including all early
> memory-related system calls and DM ioctls) and any environment variables
> set that could modify behaviour.
when update to latest cryptsetup (1.64) I can see different error as with 1.62:
ioctl(6, DM_VERSION, 0x1e340) = -1 EACCES (Permission denied)
So it seems that gcrypt probably drop privileges (as running on
embedded system I'm root)?
Attaching strace:
3467 execve("/usr/sbin/cryptsetup", ["cryptsetup", "--debug", "-h",
"sha256", "-c", "aes-cbc-essiv:sha256", "-s256", "luksFormat",
"/dev/loop0"], [/* 13 vars */]) = 0
3467 brk(0) = 0x1d000
3467 uname({sys="Linux", node="test-dev", ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f95000
3467 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
3467 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
3467 fstat64(3, {st_mode=S_IFREG|0644, st_size=18517, ...}) = 0
3467 mmap2(NULL, 18517, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f90000
3467 close(3) = 0
3467 open("/usr/lib/libcryptsetup.so.4", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300-\0\0004\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=124668, ...}) = 0
3467 mmap2(NULL, 156656, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f69000
3467 mprotect(0xb6f87000, 28672, PROT_NONE) = 0
3467 mmap2(0xb6f8e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d) = 0xb6f8e000
3467 close(3) = 0
3467 open("/usr/lib/libpopt.so.0", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\360\30\341O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=42372, ...}) = 0
3467 mmap2(0x4fe10000, 72340, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fe10000
3467 mprotect(0x4fe1a000, 28672, PROT_NONE) = 0
3467 mmap2(0x4fe21000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x4fe21000
3467 close(3) = 0
3467 open("/lib/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\200Q\337O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0644, st_size=1468186, ...}) = 0
3467 mmap2(0x4fde8000, 153752, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fde8000
3467 mprotect(0x4fe06000, 28672, PROT_NONE) = 0
3467 mmap2(0x4fe0d000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d) = 0x4fe0d000
3467 close(3) = 0
3467 open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\30\200\314O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=1215516, ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f68000
3467 mmap2(0x4fcb0000, 1254792, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fcb0000
3467 mprotect(0x4fdd5000, 32768, PROT_NONE) = 0
3467 mmap2(0x4fddd000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x125) = 0x4fddd000
3467 mmap2(0x4fde0000, 9608, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4fde0000
3467 close(3) = 0
3467 open("/lib/libuuid.so.1", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0@\217\374O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=15916, ...}) = 0
3467 mmap2(0x4ffc8000, 45668, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4ffc8000
3467 mprotect(0x4ffcc000, 28672, PROT_NONE) = 0
3467 mmap2(0x4ffd3000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0x4ffd3000
3467 close(3) = 0
3467 open("/usr/lib/libdevmapper.so.1.02", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`S\0\0004\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0555, st_size=270292, ...}) = 0
3467 mmap2(NULL, 305932, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f1d000
3467 mprotect(0xb6f5d000, 28672, PROT_NONE) = 0
3467 mmap2(0xb6f64000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3f) = 0xb6f64000
3467 mmap2(0xb6f67000, 2828, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f67000
3467 close(3) = 0
3467 open("/usr/lib/libgcrypt.so.11", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0X\310\376O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=465980, ...}) = 0
3467 mmap2(0x4ffe8000, 496620, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4ffe8000
3467 mprotect(0x50058000, 28672, PROT_NONE) = 0
3467 mmap2(0x5005f000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6f) = 0x5005f000
3467 close(3) = 0
3467 open("/lib/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0T\217\354O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0644, st_size=57276, ...}) = 0
3467 mmap2(0x4fec8000, 46140, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fec8000
3467 mprotect(0x4fecc000, 28672, PROT_NONE) = 0
3467 mmap2(0x4fed3000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0x4fed3000
3467 close(3) = 0
3467 open("/usr/lib/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\340\206\6A4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=13324, ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f1c000
3467 mmap2(0x41068000, 43512, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x41068000
3467 mprotect(0x4106b000, 28672, PROT_NONE) = 0
3467 mmap2(0x41072000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x41072000
3467 close(3) = 0
3467 open("/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`\27\353O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=28452, ...}) = 0
3467 mmap2(0x4feb0000, 57892, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4feb0000
3467 mprotect(0x4feb6000, 28672, PROT_NONE) = 0
3467 mmap2(0x4febd000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x4febd000
3467 close(3) = 0
3467 open("/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
3467 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\304X\341O4\0\0\0"...,
512) = 512
3467 fstat64(3, {st_mode=S_IFREG|0755, st_size=85808, ...}) = 0
3467 mmap2(0x4fe10000, 123444, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6efd000
3467 mprotect(0xb6f11000, 28672, PROT_NONE) = 0
3467 mmap2(0xb6f18000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb6f18000
3467 mmap2(0xb6f1a000, 4660, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f1a000
3467 close(3) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6efc000
3467 set_tls(0xb6efc4c0, 0xb6efcbc8, 0x4fca7058, 0xb6efc4c0, 0x4fca7058) = 0
3467 mprotect(0x4fddd000, 8192, PROT_READ) = 0
3467 mprotect(0xb6f18000, 4096, PROT_READ) = 0
3467 mprotect(0x4febd000, 4096, PROT_READ) = 0
3467 mprotect(0x4fca6000, 4096, PROT_READ) = 0
3467 munmap(0xb6f90000, 18517) = 0
3467 set_tid_address(0xb6efc068) = 3467
3467 set_robust_list(0xb6efc070, 12) = 0
3467 futex(0xbecdcca8, FUTEX_WAKE_PRIVATE, 1) = 0
3467 futex(0xbecdcca8,
FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, b6f19000) =
-1 EAGAIN (Resource temporarily unavailable)
3467 rt_sigaction(SIGRTMIN, {0xb6f0239c, [], SA_SIGINFO|0x4000000},
NULL, 8) = 0
3467 rt_sigaction(SIGRT_1, {0xb6f02240, [],
SA_RESTART|SA_SIGINFO|0x4000000}, NULL, 8) = 0
3467 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
3467 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
3467 brk(0) = 0x1d000
3467 brk(0x3e000) = 0x3e000
3467 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(252, 0), ...}) = 0
3467 ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f94000
3467 write(1, "# cryptsetup 1.6.4 processing \"c"..., 113) = 113
3467 write(1, "# Running command luksFormat.\n", 30) = 30
3467 write(1, "# Locking memory.\n", 18) = 18
3467 mlockall(MCL_CURRENT|MCL_FUTURE) = 0
3467 getpriority(PRIO_PROCESS, 0) = 20
3467 setpriority(PRIO_PROCESS, 0, -18) = 0
3467 write(1, "# Installing SIGINT/SIGTERM hand"..., 37) = 37
3467 rt_sigaction(SIGINT, {0xc09c, [], 0x4000000 /* SA_??? */}, NULL, 8) = 0
3467 rt_sigaction(SIGTERM, {0xc09c, [], 0x4000000 /* SA_??? */}, NULL, 8) = 0
3467 write(1, "# Unblocking interruption on sig"..., 37) = 37
3467 rt_sigprocmask(SIG_UNBLOCK, [INT TERM], NULL, 8) = 0
3467 ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 write(1, "\nWARNING!\n========\n", 19) = 19
3467 write(1, "This will overwrite data on /dev"..., 53) = 53
3467 fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(252, 0), ...}) = 0
3467 ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f93000
3467 write(1, "Are you sure? (Type uppercase ye"..., 36) = 36
3467 read(0, "YES\n", 4096) = 4
3467 write(1, "# Allocating crypt device /dev/l"..., 46) = 46
3467 write(1, "# Trying to open and read device"..., 45) = 45
3467 open("/dev/loop0", O_RDONLY|O_LARGEFILE) = 3
3467 fstat64(3, {st_mode=S_IFBLK|0660, st_rdev=makedev(7, 0), ...}) = 0
3467 close(3) = 0
3467 write(1, "# Initialising device-mapper bac"..., 46) = 46
3467 write(1, "# Timeout set to 0 miliseconds.\n", 32) = 32
3467 write(1, "# Iteration time set to 1000 mil"..., 42) = 42
3467 ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 write(1, "# Interactive passphrase entry r"..., 42) = 42
3467 open("/dev/tty", O_RDWR|O_LARGEFILE) = 3
3467 ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 write(3, "Enter passphrase: ", 18) = 18
3467 ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or
TCSETSF, {B115200 opost isig icanon -echo ...}) = 0
3467 read(3, "123\n", 512) = 4
3467 ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or
TCSETSF, {B115200 opost isig icanon echo ...}) = 0
3467 write(3, "\n", 1) = 1
3467 close(3) = 0
3467 open("/dev/tty", O_RDWR|O_LARGEFILE) = 3
3467 ioctl(3, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or
TCGETS, {B115200 opost isig icanon echo ...}) = 0
3467 write(3, "Verify passphrase: ", 19) = 19
3467 ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or
TCSETSF, {B115200 opost isig icanon -echo ...}) = 0
3467 read(3, "123\n", 512) = 4
3467 ioctl(3, SNDCTL_TMR_CONTINUE or SNDRV_TIMER_IOCTL_GPARAMS or
TCSETSF, {B115200 opost isig icanon echo ...}) = 0
3467 write(3, "\n", 1) = 1
3467 close(3) = 0
3467 write(1, "# Formatting device /dev/loop0 a"..., 46) = 46
3467 open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
3467 open("/dev/random", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 4
3467 access("/etc/gcrypt/fips_enabled", F_OK) = -1 ENOENT (No such
file or directory)
3467 open("/proc/sys/crypto/fips_enabled", O_RDONLY) = -1 ENOENT (No
such file or directory)
3467 mmap2(NULL, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ef8000
3467 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
3467 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_IPC_LOCK,
CAP_IPC_LOCK, 0}) = 0
3467 mlock(0xb6ef8000, 16384) = 0
3467 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
3467 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_IPC_LOCK, 0}) = 0
3467 write(1, "# Crypto backend (gcrypt 1.5.0, "..., 63) = 63
3467 read(3, "I%2\265\vD\3264\247\316)\357\23\177z\342yq\22(\317\266\n\360\274\2\225>\202V\265\343",
32) = 32
3467 open("/dev/loop0", O_RDONLY|O_LARGEFILE) = 5
3467 ioctl(5, BLKIOMIN, 512) = 0
3467 ioctl(5, BLKIOOPT, 0) = 0
3467 ioctl(5, BLKALIGNOFF, 0) = 0
3467 write(1, "# Topology: IO (512/0), offset ="..., 73) = 73
3467 close(5) = 0
3467 stat64("/dev/loop0", {st_mode=S_IFBLK|0660, st_rdev=makedev(7,
0), ...}) = 0
3467 open("/dev/loop0", O_RDWR|O_LARGEFILE) = 5
3467 ioctl(5, BLKROGET, 0) = 0
3467 ioctl(5, BLKGETSIZE64, 4194304) = 0
3467 close(5) = 0
3467 gettimeofday({1404485571, 163191}, NULL) = 0
3467 open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 5
3467 fcntl64(5, F_GETFD) = 0
3467 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
3467 getuid32() = 0
3467 getppid() = 3463
3467 gettimeofday({1404485571, 165188}, NULL) = 0
3467 gettimeofday({1404485571, 165490}, NULL) = 0
3467 read(5, "5\276P\256}\324\23\5\27\322m\274\233\334^0", 16) = 16
3467 gettid() = 3467
3467 write(1, "# Checking if cipher aes-cbc-ess"..., 53) = 53
3467 open("/dev/loop0", O_RDONLY|O_LARGEFILE) = 6
3467 fstat64(6, {st_mode=S_IFBLK|0660, st_rdev=makedev(7, 0), ...}) = 0
3467 ioctl(6, BLKSSZGET, 512) = 0
3467 close(6) = 0
3467 stat64("/dev/loop0", {st_mode=S_IFBLK|0660, st_rdev=makedev(7,
0), ...}) = 0
3467 open("/dev/loop0", O_RDWR|O_LARGEFILE) = 6
3467 ioctl(6, BLKROGET, 0) = 0
3467 ioctl(6, BLKGETSIZE64, 4194304) = 0
3467 close(6) = 0
3467 write(1, "# Calculated device size is 1 se"..., 54) = 54
3467 uname({sys="Linux", node="test-dev", ...}) = 0
3467 write(1, "# Detected kernel Linux 3.9.0 ar"..., 38) = 38
3467 uname({sys="Linux", node="test-dev", ...}) = 0
3467 stat64("/dev/mapper/control", {st_mode=S_IFCHR|0600,
st_rdev=makedev(10, 236), ...}) = 0
3467 open("/dev/mapper/control", O_RDWR|O_LARGEFILE) = 6
3467 open("/proc/devices", O_RDONLY|O_LARGEFILE) = 7
3467 fstat64(7, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
3467 mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 EAGAIN (Resource temporarily
unavailable)
3467 read(7, "C", 1) = 1
3467 read(7, "h", 1) = 1
3467 read(7, "a", 1) = 1
3467 read(7, "r", 1) = 1
3467 read(7, "a", 1) = 1
3467 read(7, "c", 1) = 1
3467 read(7, "t", 1) = 1
3467 read(7, "e", 1) = 1
3467 read(7, "r", 1) = 1
3467 read(7, " ", 1) = 1
3467 read(7, "d", 1) = 1
3467 read(7, "e", 1) = 1
3467 read(7, "v", 1) = 1
3467 read(7, "i", 1) = 1
3467 read(7, "c", 1) = 1
3467 read(7, "e", 1) = 1
3467 read(7, "s", 1) = 1
3467 read(7, ":", 1) = 1
3467 read(7, "\n", 1) = 1
3467 close(7) = 0
...
3467 write(1, "# dm version OF [16384] (*1)"..., 33) = 33
3467 ioctl(6, DM_VERSION, 0x1e340) = -1 EACCES (Permission denied)
3467 write(1, "# device-mapper: version ioctl o"..., 61) = 61
3467 getuid32() = 0
3467 geteuid32() = 0
3467 write(2, "Cannot initialize device-mapper."..., 65) = 65
3467 write(1, "# Releasing crypt device /dev/lo"..., 45) = 45
3467 write(1, "# Releasing device-mapper backen"..., 35) = 35
3467 close(6) = 0
3467 write(1, "# Unlocking memory.\n", 20) = 20
3467 munlockall() = 0
3467 setpriority(PRIO_PROCESS, 0, 0) = 0
3467 write(2, "Command failed with code 5", 26) = 26
3467 write(2, ": Cannot initialize device-mappe"..., 67) = 67
3467 exit_group(1) = ?
3467 +++ exited with 1 +++
Driver is loaded:
dm_mod 61572 0
>
> Be careful not to expose any confidential data or passwords.
>
> Alasdair
>
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-07-04 15:02 ` Belisko Marek
@ 2014-07-04 16:44 ` Milan Broz
2014-07-08 6:22 ` Belisko Marek
0 siblings, 1 reply; 11+ messages in thread
From: Milan Broz @ 2014-07-04 16:44 UTC (permalink / raw)
To: Belisko Marek, Milan Broz, dm-crypt, Peter Rajnoha, agk
On 07/04/2014 05:02 PM, Belisko Marek wrote:
> Hi,
>
> On Tue, Jun 24, 2014 at 1:12 AM, Alasdair G Kergon <agk@redhat.com> wrote:
>>>> I track it down that malloc fails (ENONMEM) in libdevmapper and then
>>>> _dm_check_versions() fails when creating dm task (dmt =
>>>> dm_task_create(DM_DEVICE_LIST_VERSIONS).
>>
>> After updating to the most recent version you are able to use,
>> run it under strace and let us see the relevant output (at least the
>> failing system call itself, what leads up to it, including all early
>> memory-related system calls and DM ioctls) and any environment variables
>> set that could modify behaviour.
> when update to latest cryptsetup (1.64) I can see different error as with 1.62:
> ioctl(6, DM_VERSION, 0x1e340) = -1 EACCES (Permission denied)
> So it seems that gcrypt probably drop privileges (as running on
> embedded system I'm root)?
Just guess, but do you have gcrypt compiled with Posix capabilities?
If so, it cannot work. See this comment in cryptsetup gcrypt wrapper
(you can workaround it by uncommenting this #if and rebuild cryptsetup)
lib/crypto_backend/crypto_gcrypt.c:
/* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
* it drops all privileges during secure memory initialisation.
* For now, the only workaround is to disable secure memory in gcrypt.
* cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
* and it locks its memory space anyway.
*/
#if 0
gcry_control (GCRYCTL_DISABLE_SECMEM);
crypto_backend_secmem = 0;
#else
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
#endif
Milan
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [dm-crypt] cryptsetup problem with memory allocation
2014-07-04 16:44 ` Milan Broz
@ 2014-07-08 6:22 ` Belisko Marek
0 siblings, 0 replies; 11+ messages in thread
From: Belisko Marek @ 2014-07-08 6:22 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt, Peter Rajnoha, agk
Hi Milan,
On Fri, Jul 4, 2014 at 6:44 PM, Milan Broz <gmazyland@gmail.com> wrote:
> On 07/04/2014 05:02 PM, Belisko Marek wrote:
>> Hi,
>>
>> On Tue, Jun 24, 2014 at 1:12 AM, Alasdair G Kergon <agk@redhat.com> wrote:
>>>>> I track it down that malloc fails (ENONMEM) in libdevmapper and then
>>>>> _dm_check_versions() fails when creating dm task (dmt =
>>>>> dm_task_create(DM_DEVICE_LIST_VERSIONS).
>>>
>>> After updating to the most recent version you are able to use,
>>> run it under strace and let us see the relevant output (at least the
>>> failing system call itself, what leads up to it, including all early
>>> memory-related system calls and DM ioctls) and any environment variables
>>> set that could modify behaviour.
>> when update to latest cryptsetup (1.64) I can see different error as with 1.62:
>> ioctl(6, DM_VERSION, 0x1e340) = -1 EACCES (Permission denied)
>> So it seems that gcrypt probably drop privileges (as running on
>> embedded system I'm root)?
>
> Just guess, but do you have gcrypt compiled with Posix capabilities?
>
> If so, it cannot work. See this comment in cryptsetup gcrypt wrapper
> (you can workaround it by uncommenting this #if and rebuild cryptsetup)
#if 1 fixed my problem. Thanks for help!
>
> lib/crypto_backend/crypto_gcrypt.c:
>
> /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
> * it drops all privileges during secure memory initialisation.
> * For now, the only workaround is to disable secure memory in gcrypt.
> * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
> * and it locks its memory space anyway.
> */
> #if 0
> gcry_control (GCRYCTL_DISABLE_SECMEM);
> crypto_backend_secmem = 0;
> #else
>
> gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
> gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
> gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
> #endif
>
> Milan
BR,
marek
--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-07-08 6:22 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-23 8:50 [dm-crypt] cryptsetup problem with memory allocation Belisko Marek
2014-06-23 9:01 ` .. ink ..
2014-06-23 9:05 ` Belisko Marek
2014-06-23 12:31 ` Belisko Marek
2014-06-23 21:45 ` Milan Broz
2014-06-23 23:12 ` Alasdair G Kergon
2014-07-04 15:02 ` Belisko Marek
2014-07-04 16:44 ` Milan Broz
2014-07-08 6:22 ` Belisko Marek
2014-06-23 23:17 ` Alasdair G Kergon
2014-07-04 14:44 ` Belisko Marek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.