[Bug 253595] ccp(4) breaks ZFS
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Feb 17 19:57:23 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253595
Bug ID: 253595
Summary: ccp(4) breaks ZFS
Product: Base System
Version: 13.0-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: jsorocil at gmail.com
Created attachment 222535
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=222535&action=edit
core.txt
Loading ccp (either in rc.conf's kld_list or manually kldloading module after
boot) breaks ZFS encryption - I can't load keys for existing dataset and
creating new one results in kernel panic.
Try to load ZFS dataset key
% kldload ccp
% zfs load-key data
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
Enter passphrase for 'data':
Key load error: Incorrect key provided for 'data'.
zsh: exit 255 zfs load-key data
One way to reproduce kernel panic:
truncate -s 10G pool
mdconfig -at vnode -f pool
zpool create -m /mnt/test -O compress=lz4 -O atime=off -O devices=off -O
setuid=off -O exec=off -O encryption=on -O keyformat=passphrase test /dev/md0
<kernel panic>
Other way to reproduce kernel panic:
Try to create encrypted partition on existing pool (doesn't matter if root of
the pool is encrypted or not):
zfs create -o encryption=on -o keyformat=passphrase zroot/encrypted
<kernel panic>
% cat /var/crash/info.last
Dump header from device: /dev/gpt/hdd-swap
Architecture: amd64
Architecture Version: 2
Dump Length: 1346650112
Blocksize: 512
Compression: none
Dumptime: 2021-02-17 20:47:17 +0100
Hostname: zen-pobro
Magic: FreeBSD Kernel Dump
Version String: FreeBSD 13.0-BETA2 #2 r13.0-n244512-726e20f45041: Wed Feb 17
20:26:38 CET 2021
root at zen-pobro:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
Panic String: VERIFY3(0 == zio_crypt_key_wrap(&dck->dck_wkey->wk_key, key,
iv, mac, keydata, hmac_keydata)) failed (0 == 5)
Dump Parity: 2673242901
Bounds: 4
Dump Status: good
% dmesg
...
CPU: AMD Ryzen 7 PRO 4750G with Radeon Graphics (3593.33-MHz K8-class CPU)
Origin="AuthenticAMD" Id=0x860f01 Family=0x17 Model=0x60 Stepping=1
Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
Features2=0x7ed8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
AMD
Features2=0x75c237ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX,ADMSKX>
Structured Extended
Features=0x219c91a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,PQE,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA>
Structured Extended Features2=0x400004<UMIP,RDPID>
XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
AMD Extended Feature Extensions ID
EBX=0x90cf757<CLZERO,IRPerf,XSaveErPtr,RDPRU,MCOMMIT,WBNOINVD,IBPB,IBRS,STIBP,PREFER_IBRS,SSBD>
SVM: NP,NRIP,VClean,AFlush,DAssist,NAsids=32768
TSC: P-state invariant, performance statistics
...
ccp0: <AMD CCP-5a> mem 0xfcc00000-0xfccfffff,0xfcd8c000-0xfcd8dfff at device
0.2 on pci9
random: registering fast source AMD CCP TRNG
% pciconf -lv
none2 at pci0:9:0:2: class=0x108000 rev=0x00 hdr=0x00 vendor=0x1022
device=0x15df subvendor=0x1022 subdevice=0x15df
vendor = 'Advanced Micro Devices, Inc. [AMD]'
device = 'Family 17h (Models 10h-1fh) Platform Security Processor'
class = encrypt/decrypt
Reproduced on FreeBSD 13.0-ALPHA3, 13.0-BETA2 and 14.0-CURRENT (commit
4a7d84058d Wed Feb 17 11:45:54 2021 +0100)
If ccp module is not loaded:
% zfs load-key data
Enter passphrase for 'data':
<ZFS dataset decrypted>
% zfs create -o encryption=on -o keyformat=passphrase zroot/encrypted
<new encrypted ZFS dataset created without panic>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list