Linux 5.16.1 - VeraCrypt::File::ReadAt:306 fails without -m=nokernelcrypto

[ghost]

I have used veracrypt for a couple years without issue. Within the past week, I have receive an "input output" error when opening the container:

Error: Input/output error:
/dev/mapper/veracrypt1
...
VeraCrypt::File::ReadAt:306

This is accompanied by a note stating that users should not contact you because it is a drive failure. Although, the failure looks like it relates to device mapper.

• I have not updated veracrypt recently although my kernel updates regularly
• The container opens as expected on a version of arch with older packages and an older kernel
• Although, it opens fine using sudo veracrypt -t -m=nokernelcrypto ~/vc.img ~/vc!!!

Expected behavior

The container should mount

Observed behavior

It crashes

Steps to reproduce

To the best of my knowledge:

1. sudo veracrypt -t --mount ~/vc.img ~/vc
2. Crashes

Your Environment

VeraCrypt version: 1.24-Update7

Operating system and version: Linux HOSTNAME 5.16.1-arch1-1 #1 SMP PREEMPT Sun, 16 Jan 2022 11:39:23 +0000 x86_64 GNU/Linux (Arch Linux)

System type: 64 bit

Could be a kernel regression. Not really sure where to go.

[vnnv]

Same for all kernels 5.16.* - Downgrading to 5.15.x solve the problem

[idrassi]

Thank you for this report. Clearly something has changed in the new kernel that causes device mapper to fail when requested to handle XTS encryption/decryption. This will not be easy to investigate. Help to debug this part is welcomed.

[vnnv]

Just to mention that the problem is the same using dm-crypr (luks) in a file via loopback. It seems that it is related with https://github.com/torvalds/linux/commit/47e9624616c80c9879feda536c48c6a3a0ed9835 Seen in this thread: https://github.com/openzfs/zfs/issues/12926

[idrassi]

Thank you @vnnv for sharing this information, it explains a lot. This change in the kernel is breaking change for VeraCrypt and alike. We have to implement a new way to for using kernel crypto. Any help on this part will be appreciated.

Meanwhile, I will add automatic fallback to nokernelcrypto mode when using kernel >= 5.16 to avoid this issue until a proper fix is implemented.

[paulhargreaves]

I have noticed that nokernelcrypto is substantially slower.

On 12 Feb 2022, at 10:18, Mounir IDRASSI @.***> wrote:

 Thank you @vnnv for sharing this information, it explains a lot. This change in the kernel is breaking change for VeraCrypt and alike. We have to implement a new way to for using kernel crypto. Any help on this part will be appreciated.

Meanwhile, I will add automatic fallback to nokernelcrypto mode when using kernel >= 5.16 to avoid this issue until a proper fix is implemented.

— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.

[idrassi]

Indeed, nokernelcrypto is slower because Linux kernel cryptographic primitives are much better optimized than the ones used by VeraCrypt.

[idrassi]

Just to share that I have done a test on Ubuntu 22.04 daily build of today after installing kernel 5.16.9 from https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.9/ and VeraCrypt works without issues:

Linux box 5.16.9-051609-generic #202202110934 SMP PREEMPT Fri Feb 11 09:59:18 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

So it seems Ubuntu folks didn't include the problematic kernel change in their build.

[shockinghobby]

I just tried VC without nokernelcrypto on the latest Arch install. It works fine on 5.17.9-arch1-1. Can anyone confirm?

[paulhargreaves]

Yes, it's been working for me for a while. Not sure if they changed the kernel to fix.

On 28 May 2022, at 17:50, Anton Romanov @.***> wrote:

 I just tried VC without nokernelcrypto on the latest Arch install. It works fine on 5.17.9-arch1-1. Can anyone confirm?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

[shockinghobby]

Looks like there was a partial revert - https://lore.kernel.org/all/20220329201815.1347500-1-cmllamas@google.com/