dm-verity: Verification fails but do not see Input/Output Error on read

dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

[-- Attachment #1.1.1: Type: text/plain, Size: 1336 bytes --]

Hi All,

I am currently experimenting with dm-verity. I was able to successfully set-up a dm-verity target and mount it as a read-only filesystem.

But when I was testing the functionality of dm-verity, I found this. As suggested by Will Drewry in one of his e-mails, I used dd to write over the underlying block device, then tried to dd it out via the dm-verity device. I did not get EIO when I did this.

I then did a veritysetup verify and it said "Verification failed at position x", with 'x' being the position I had modified using dd.

So, any idea why do I not get Input/Output Error message when I know that verification is failing at that location?

(Yes, I did drop the caches before reading)

-Chaitra
________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

[-- Attachment #1.1.2: Type: text/html, Size: 1806 bytes --]

[-- Attachment #1.2: PGP.sig --]
[-- Type: application/pgp-signature, Size: 835 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Alasdair G Kergon]

On Thu, Aug 08, 2013 at 09:01:44AM +0000, Chaitra Bhat wrote:
> So, any idea why do I not get Input/Output Error message when I know that verification is failing at that location?

I think it only verifies the data the first time it is read and doesn't check
for changes underneath while the device is live.

Alasdair

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Alasdair,

Thanks for your response.

But I am not convinced. Here is why...
1. I tried a bit-more and I was able to get Input/Output Error on certain locations - everytime - I read that location.
(But I still have an open question that on some locations, though the verify reports failure, I do not get an IO Error on read)

2. I do not understand when you say device is live - do you mean mounted? Because I thought that the whole idea of dm-verity was that once the verity device is set-up, it would return EIO when something gets corrupted in the data or hash partitions when that invalid data is read.

Chaitra
________________________________________
From: Alasdair G Kergon [agk@redhat.com]
Sent: 08 August 2013 13:18
To: Chaitra Bhat
Cc: dm-devel@redhat.com; Mikulas Patocka
Subject: Re: [dm-devel] dm-verity: Verification fails but do not see    Input/Output Error on read

On Thu, Aug 08, 2013 at 09:01:44AM +0000, Chaitra Bhat wrote:
> So, any idea why do I not get Input/Output Error message when I know that verification is failing at that location?

I think it only verifies the data the first time it is read and doesn't check
for changes underneath while the device is live.

Alasdair


________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 2599)
Charset: us-ascii

wsFVAwUBUgORJfoDVUR++NlrAQp+ww/+MOcAtZq+aepO/OgxJC04gYombsP3DuvC
JA8nCMBYBOr85BLObkcs5lWQojMV2RWgCRDJjmQcrDiLs+4H6T+rQBirvhByfkQm
WLrX1zmKbGYzYdmhASSpMqrOCpNucfX+IqFKhwHg2cjVFKcQ+SFnkEPjVK1SsQZl
87BUf8RoHkY6Sr6wmaYshrLFgkeS0x2Mx8eLvZX9Cak7guz6b7e8HVz5WKl37mNI
d5ColhZvRLAab+nEJBdlxPGubDguAGmmeShXdsAUrwQRK7wSQYFQthTBh3J4tsv9
PgZGwbEfU6+1/bDZfUX08RdM60t62HyFuPBwXWNplAFKyq7Z5T3OCcmMGqYd0MQA
ApyWAZiB6H9PPsWz9L4CEnuKfMVA45b9kBoL+Zh4Q4Rqvwm0PhoDyxkieVht1o15
WAM4evJsZuKce4ed7lqlqgQHCwYf7A2MVrhUdRTkG3fiqpfrThi2LTngN18PzORI
dEe8/cuxapYsDL+T4dXJSx7PFFHzBwlAjFPVvwr4sv+IzOaBUXNHV4/I9N2rjciO
RvZj4F04kVUjPqdjhqcxbAktwe0fa+GNhwdBrxhFChJ+5emlyyhSeOo5lSD2Wpq5
cXhmOZEjTGXqU4Iz4PTvH72OSceJoO8bi9FHa2+bVMCXsamJv5VnS7E63gkWvLDf
Nkd1ojmA9SE=
=OUWm
-----END PGP SIGNATURE-----

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Mikulas Patocka]

On Thu, 8 Aug 2013, Chaitra Bhat wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi Alasdair,
> 
> Thanks for your response.
> 
> But I am not convinced. Here is why...
>
> 1. I tried a bit-more and I was able to get Input/Output Error on 
> certain locations - everytime - I read that location. (But I still have 
> an open question that on some locations, though the verify reports 
> failure, I do not get an IO Error on read)
> 
> 2. I do not understand when you say device is live - do you mean 
> mounted? Because I thought that the whole idea of dm-verity was that 
> once the verity device is set-up, it would return EIO when something 
> gets corrupted in the data or hash partitions when that invalid data is 
> read.
> 
> Chaitra

It is possible that you are reading data from the buffer cache and not 
from the underlying device.

To not use the buffer cache, use iflag=direct parameter to dd.

Mikulas

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Mikulas,

I get 'Invalid argument' with 'iflag=direct' option when I try to read from a verity device using dd. Before I read from the device, I also did 'echo 3 > /proc/sys/vm/drop_caches' to make sure caches are dropped.

But as I said before, some locations always fail with I/O error when read and others don't.

Regards,
Chaitra
________________________________________
From: dm-devel-bounces@redhat.com [dm-devel-bounces@redhat.com] on behalf of Mikulas Patocka [mpatocka@redhat.com]
Sent: 08 August 2013 13:52
To: device-mapper development
Cc: Alasdair G Kergon
Subject: Re: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

On Thu, 8 Aug 2013, Chaitra Bhat wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Alasdair,
>
> Thanks for your response.
>
> But I am not convinced. Here is why...
>
> 1. I tried a bit-more and I was able to get Input/Output Error on
> certain locations - everytime - I read that location. (But I still have
> an open question that on some locations, though the verify reports
> failure, I do not get an IO Error on read)
>
> 2. I do not understand when you say device is live - do you mean
> mounted? Because I thought that the whole idea of dm-verity was that
> once the verity device is set-up, it would return EIO when something
> gets corrupted in the data or hash partitions when that invalid data is
> read.
>
> Chaitra

It is possible that you are reading data from the buffer cache and not
from the underlying device.

To not use the buffer cache, use iflag=direct parameter to dd.

Mikulas

- --
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 2599)
Charset: us-ascii

wsFVAwUBUgOhd/oDVUR++NlrAQqnvRAAuAbHC7T53cO0nrh9/TlAt0GGuwWNP38G
+Aq0V8688jILCjca8pnMfnzgKlOMV26cTihbw2yhNG4O1+SuXp7Do21kv3VleW7o
fZxPSHoYcdBiJFj4dfGtZjpbECte0nE5xuFpgP18YD5jctixSvpGhQoxaJaWGfcU
lq88sDc5ixygu1f6eFheBZ1pdJJQnJygvMYC+tf1fJm/5rtYlIBRDqQ+L7V359vn
2/10EJE9TIZI4gPaVdJpzyft8pSNj1FKEUynBTZCCx9LuQ0iiC2M9aoMjdV6qXgW
7cACU2EkV+697BFamCLvQ6ZS1C6rWd6Ua5TffNBUon8wsSH2E0PzDRxLPhdPBRr/
wjoWaYz0DBJaCG7szCr0fjY54qX9Mrlc9Q8NMHxl7yCGiMC7rcrFU03/gtngUv+K
Ws6BlBtoy67nJOozaFQ+l5agI4Ces0SYHDebDmBFNBRee3WTHTXdWvJ0v8/sHIhR
cqlKrVqTShjAvWFqnIb8ryfkS8V2bBMp1AgeHHVoSVi+vY0LF4Tg0yDx1MNzPihd
BLGIZxZ6nC/uco6WZK3fMMQjAr/qbAt/VFKkQ7quo7BmNBJA6CnBZMzXV8dj4Gbf
ozaIt1CYlBo+7npfAkP2u7dZU4J0AZ0M9/Q2gMKe1YSf/F1qeaRJ9Je2ItguLrYV
6Y0pNBE5L+E=
=Ld/X
-----END PGP SIGNATURE-----

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Mikulas Patocka]

On Thu, 8 Aug 2013, Chaitra Bhat wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi Mikulas,
> 
> I get 'Invalid argument' with 'iflag=direct' option when I try to read 
> from a verity device using dd.

If you use iflag=direct, block size and offset must be aligned on physical 
block size boundary (usually 4k). If they are not aligned, you get invalid 
argument error.

> Before I read from the device, I also did 'echo 3 > 
> /proc/sys/vm/drop_caches' to make sure caches are dropped.

If the filesystem is mounted, it doesn't drop some buffers (those that are 
used by the filesystem). Unmount the filesystem first.

> But as I said before, some locations always fail with I/O error when 
> read and others don't.

If you still get misbehavior, even if you bypass the cache with 
iflag=direct or with filesystem unmount, create a script that reproduces 
it and send it to us.

> Regards,
> Chaitra

Mikulas

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Mikulas,

I figured out what was happening - but I would need your help to explain these behaviours please :)

Case I - Format the hash device, verify and create the dm-verity target. Then modify data in the underlying data-device using dd. Read back the data from the modified location from the verity-device.

Result: Verify fails but 'NO' I/O error reported when reading back from the location using dd.

Case II - Format the hash device, verify and create the dm-verity target device. Remove the verity target, then modify the data in the data-device using dd. Load the verity target and read-back the data from the verity-device from the modified location.

Result: Verify fails and also get I/O error on reading that location using dd.

My understanding was that the verity-device could be created and mounted and then if the underlying data was corrupted somehow, then a read of invalid data from that corrupted location will return -EIO.

Chaitra

PS: I was following the examples in the verity-compat-test script.
________________________________________
From: Mikulas Patocka [mpatocka@redhat.com]
Sent: 08 August 2013 18:00
To: device-mapper development; Chaitra Bhat
Cc: Alasdair G Kergon
Subject: Re: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

On Thu, 8 Aug 2013, Chaitra Bhat wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Mikulas,
>
> I get 'Invalid argument' with 'iflag=direct' option when I try to read
> from a verity device using dd.

If you use iflag=direct, block size and offset must be aligned on physical
block size boundary (usually 4k). If they are not aligned, you get invalid
argument error.

> Before I read from the device, I also did 'echo 3 >
> /proc/sys/vm/drop_caches' to make sure caches are dropped.

If the filesystem is mounted, it doesn't drop some buffers (those that are
used by the filesystem). Unmount the filesystem first.

> But as I said before, some locations always fail with I/O error when
> read and others don't.

If you still get misbehavior, even if you bypass the cache with
iflag=direct or with filesystem unmount, create a script that reproduces
it and send it to us.

> Regards,
> Chaitra

Mikulas

________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 2599)
Charset: us-ascii

wsFVAwUBUgo6DvoDVUR++NlrAQqymBAA3XlrZBofe+VuyvzgLgpyXGJ3VPG4geQm
VbgtmPbEK4aF4SD4cRnKWgopQ7cVttPnWbf4vSOBLBcbMtq9LvyeYjVLlzvBPonR
qOjA2EQ4E2cIul4I4QcUt6gPb/3eRYZd1ighaOgS7+u+kB+BdevaHMpGYSXHX+dz
2uNC8yTv+f68I8Uyet2v7YXXbENjJ+lmNV7CDxupIbHHp0oSw/Ko84mxOSf0rxAW
uUGKVBDaVH3wka6bMcSjUzSSuyAeLDD5lkC9Z8s9piRN+WkQBWwk3ag0cdftK9Ur
lI72I9rzhh+RkLk+sGVXt1+M+elvy3fKy8Rbvlzk3fa7cEIFimUdNET7wEWn9/jg
bzUp6XFLq/mTi4XkwPBVKgTgbeX1uiD593SnGpTeoMZ3suaGBX605LIH2QfTvjEX
lDMEtnzzJH2OQn7ziIQSwROu7rNoTse6eaGjXG27AxMQp+jX3KefGoZEey10nmYW
s4BpQo5MJXElT9SlXR869MFrB0urzok+9loXIl03+0Z0S3IR2JATOp3WnDVCckrz
cgCLhfUgoZTSlT9x5haRFD5bSSB5YHujMWLyJxL1SiRiK6yQJ/eNBc5kDHAt2vhK
Ag0/GXXXXnAJxchEmpjzr1w9I2lhofO3DbI6kssOeQwve/UhtTO5mI1l5C/42VaV
8taSIt9IcAE=
=Z+BV
-----END PGP SIGNATURE-----

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Mikulas Patocka]

On Tue, 13 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
> 
> I figured out what was happening - but I would need your help to explain 
> these behaviours please :)
> 
> Case I - Format the hash device, verify and create the dm-verity target. 
> Then modify data in the underlying data-device using dd. Read back the 
> data from the modified location from the verity-device.
> 
> Result: Verify fails but 'NO' I/O error reported when reading back from 
> the location using dd.

So, create a script that results in this scenario of not reporting I/O 
error and send it to us.

Mikulas

> Case II - Format the hash device, verify and create the dm-verity target 
> device. Remove the verity target, then modify the data in the 
> data-device using dd. Load the verity target and read-back the data from 
> the verity-device from the modified location.
> 
> Result: Verify fails and also get I/O error on reading that location 
> using dd.
> 
> My understanding was that the verity-device could be created and mounted 
> and then if the underlying data was corrupted somehow, then a read of 
> invalid data from that corrupted location will return -EIO.
> 
> Chaitra
> 
> PS: I was following the examples in the verity-compat-test script.

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

[-- Attachment #1.1.1: Type: text/plain, Size: 2687 bytes --]

Hi Mikulas,

I have attached a simple script to demonstrate what I was trying to tell. It is based on the verify-compat-test script. Feel free to modify the script; the script is basically to get the idea across.

For the Successful Case
#source script_test
#check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2

For the Failure Case
#source script_test
#check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 1

Regards,
Chaitra
________________________________________
From: Mikulas Patocka [mpatocka@redhat.com]
Sent: 15 August 2013 01:23
To: Chaitra Bhat
Cc: device-mapper development; Alasdair G Kergon
Subject: RE: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

On Tue, 13 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
>
> I figured out what was happening - but I would need your help to explain
> these behaviours please :)
>
> Case I - Format the hash device, verify and create the dm-verity target.
> Then modify data in the underlying data-device using dd. Read back the
> data from the modified location from the verity-device.
>
> Result: Verify fails but 'NO' I/O error reported when reading back from
> the location using dd.

So, create a script that results in this scenario of not reporting I/O
error and send it to us.

Mikulas

> Case II - Format the hash device, verify and create the dm-verity target
> device. Remove the verity target, then modify the data in the
> data-device using dd. Load the verity target and read-back the data from
> the verity-device from the modified location.
>
> Result: Verify fails and also get I/O error on reading that location
> using dd.
>
> My understanding was that the verity-device could be created and mounted
> and then if the underlying data was corrupted somehow, then a read of
> invalid data from that corrupted location will return -EIO.
>
> Chaitra
>
> PS: I was following the examples in the verity-compat-test script.

________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

[-- Attachment #1.1.2: script_test.sh --]
[-- Type: application/x-shellscript, Size: 2776 bytes --]

[-- Attachment #1.2: PGP.sig --]
[-- Type: application/pgp-signature, Size: 835 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Mikulas Patocka]

Hi

There is a bug in the script - there is:
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 
2>&1 && \
	fail "activation"

There should be "||" instead of "&&", so that the function fail is 
executed on failure.

If I replace "&&" with "||", the script behaves as expected - it fails and 
writes this:
# check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2
[root hash][verify][activate][remove]verify fails
FAILED
VERITY header information for verity-hash
UUID:                   613837c4-6ca8-4add-a2e9-c1acfd5c8e96
Hash type:              1
Data blocks:            16384
Data block size:        512
Hash block size:        512
Hash algorithm:         sha256
Salt:                   
e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
Root hash:              
9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
Verification failed at position 3072.
Verification of data area failed.
exit

Mikulas


On Thu, 15 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
> 
> I have attached a simple script to demonstrate what I was trying to tell. It is based on the verify-compat-test script. Feel free to modify the script; the script is basically to get the idea across.
> 
> For the Successful Case
> #source script_test
> #check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2
> 
> For the Failure Case
> #source script_test
> #check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 1
> 
> Regards,
> Chaitra
> ________________________________________
> From: Mikulas Patocka [mpatocka@redhat.com]
> Sent: 15 August 2013 01:23
> To: Chaitra Bhat
> Cc: device-mapper development; Alasdair G Kergon
> Subject: RE: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read
> 
> On Tue, 13 Aug 2013, Chaitra Bhat wrote:
> 
> > Hi Mikulas,
> >
> > I figured out what was happening - but I would need your help to explain
> > these behaviours please :)
> >
> > Case I - Format the hash device, verify and create the dm-verity target.
> > Then modify data in the underlying data-device using dd. Read back the
> > data from the modified location from the verity-device.
> >
> > Result: Verify fails but 'NO' I/O error reported when reading back from
> > the location using dd.
> 
> So, create a script that results in this scenario of not reporting I/O
> error and send it to us.
> 
> Mikulas
> 
> > Case II - Format the hash device, verify and create the dm-verity target
> > device. Remove the verity target, then modify the data in the
> > data-device using dd. Load the verity target and read-back the data from
> > the verity-device from the modified location.
> >
> > Result: Verify fails and also get I/O error on reading that location
> > using dd.
> >
> > My understanding was that the verity-device could be created and mounted
> > and then if the underlying data was corrupted somehow, then a read of
> > invalid data from that corrupted location will return -EIO.
> >
> > Chaitra
> >
> > PS: I was following the examples in the verity-compat-test script.
> 
> ________________________________
> This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.
> 

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Chaitra Bhat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Mikulas,

Thanks for your e-mail. Yes, there was an error in the script which I have fixed now. 

Also, on further analysis found that the behaviour that I was seeing was probably due to the dd command. When I read the verity device in multiple of block-size after having corrupted the underlying verity device, I always got I/O error. But if I tried to read back the specific error location, I did not get an I/O error.

Another odd behaviour - Create the verity target, corrupt the underlying device, remove the mapping and establish the mapping again. Then read the specific corrupted location through dd (not even block size), always get an I/O error. Seems like some kind of caching being done when the verity device is mapped - very odd.

Regards,
Chaitra
















Regards,
Chaitra
________________________________________
From: Mikulas Patocka [mpatocka@redhat.com]
Sent: 22 August 2013 15:32
To: Chaitra Bhat
Cc: device-mapper development; Alasdair G Kergon
Subject: RE: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

Hi

There is a bug in the script - there is:
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT
2>&1 && \
        fail "activation"

There should be "||" instead of "&&", so that the function fail is
executed on failure.

If I replace "&&" with "||", the script behaves as expected - it fails and
writes this:
# check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2
[root hash][verify][activate][remove]verify fails
FAILED
VERITY header information for verity-hash
UUID:                   613837c4-6ca8-4add-a2e9-c1acfd5c8e96
Hash type:              1
Data blocks:            16384
Data block size:        512
Hash block size:        512
Hash algorithm:         sha256
Salt:
e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
Root hash:
9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
Verification failed at position 3072.
Verification of data area failed.
exit

Mikulas


On Thu, 15 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
>
> I have attached a simple script to demonstrate what I was trying to tell. It is based on the verify-compat-test script. Feel free to modify the script; the script is basically to get the idea across.
>
> For the Successful Case
> #source script_test
> #check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2
>
> For the Failure Case
> #source script_test
> #check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 1
>
> Regards,
> Chaitra
> ________________________________________
> From: Mikulas Patocka [mpatocka@redhat.com]
> Sent: 15 August 2013 01:23
> To: Chaitra Bhat
> Cc: device-mapper development; Alasdair G Kergon
> Subject: RE: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read
>
> On Tue, 13 Aug 2013, Chaitra Bhat wrote:
>
> > Hi Mikulas,
> >
> > I figured out what was happening - but I would need your help to explain
> > these behaviours please :)
> >
> > Case I - Format the hash device, verify and create the dm-verity target.
> > Then modify data in the underlying data-device using dd. Read back the
> > data from the modified location from the verity-device.
> >
> > Result: Verify fails but 'NO' I/O error reported when reading back from
> > the location using dd.
>
> So, create a script that results in this scenario of not reporting I/O
> error and send it to us.
>
> Mikulas
>
> > Case II - Format the hash device, verify and create the dm-verity target
> > device. Remove the verity target, then modify the data in the
> > data-device using dd. Load the verity target and read-back the data from
> > the verity-device from the modified location.
> >
> > Result: Verify fails and also get I/O error on reading that location
> > using dd.
> >
> > My understanding was that the verity-device could be created and mounted
> > and then if the underlying data was corrupted somehow, then a read of
> > invalid data from that corrupted location will return -EIO.
> >
> > Chaitra
> >
> > PS: I was following the examples in the verity-compat-test script.
>
> ________________________________
> This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.
>


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 2599)
Charset: us-ascii

wsFVAwUBUh24nfoDVUR++NlrAQpRrhAAn6jl8Ou9boxEyYmkqHe+qHSkX4D4mxRn
AFg3ssJYXjEHM3OBVmVnoSK+IexLMH+YgkLQN0YH7LNEEeJQDMaTxB/fnLxIRbYU
vCwvuvoIrwiLoPIJG8Oga0RDPq0LtP6/FUx9Y1U9HbiCtq8O6lu3WD34hRNqsh1c
/oviBuCuX571pIJjVBdmqb3BLyoOggTkCPjXmcmXadQml2lbnG0fjdyhahJRMzWN
RW8skPe7XfdUJ2fGocxBYv1Ayddei6iDKbxnY9f+Zy+rTXrofrWnIGnF40IVVJ2H
6shEHD/y6Ph7rnyQpN27QDsVC0Tkv/jtrFhfE/4Ddy0ktYzM8ZLXTgXPoXRSj0oE
AfFiybz74VQJ57d9yznQ8pR9kpLYgUW7pBG5D4bCBKBUve8o7f1GZ279xlx/LJJ1
3G2YXi/dZbU87sMCI6gUPssNQTurO3fj8lAqVE81wBmZFAHxnFcGuJFQoQFwyQAJ
uHbWm7rUV2GDIlxwLYWGxvQ01zmR/omNzeiU5PtqsE10PGPza3+IBYNRWNfof9bF
OrF9eMsu9bm27HBrkx68sXCOyv7JlV+Zjki7WHGdC2gFUap8bC9CsyNvBuPXpJYR
ONEO3QSQRMhQj2ko0oFSz9pJBUqMPc0diBqPQdOF176IaEMNxdmPTEZGS/zUd+u1
chujfskszlM=
=o2Ei
-----END PGP SIGNATURE-----

Re: dm-verity: Verification fails but do not see Input/Output Error on read

[Mikulas Patocka]

On Wed, 28 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
> 
> Thanks for your e-mail. Yes, there was an error in the script which I 
> have fixed now.
> 
> Also, on further analysis found that the behaviour that I was seeing was 
> probably due to the dd command. When I read the verity device in 
> multiple of block-size after having corrupted the underlying verity 
> device, I always got I/O error. But if I tried to read back the specific 
> error location, I did not get an I/O error.

If you can reproduce the misbehavior, send a script that does it.

> Another odd behaviour - Create the verity target, corrupt the underlying 
> device, remove the mapping and establish the mapping again. Then read 
> the specific corrupted location through dd (not even block size), always 
> get an I/O error. Seems like some kind of caching being done when the 
> verity device is mapped - very odd.
> 
> Regards,
> Chaitra

Mikulas