All of lore.kernel.org
 help / color / mirror / Atom feed
* ignore/update integrity checksums
@ 2019-11-22  9:07 Erich Eckner
  2019-11-22 10:09 ` Erich Eckner
  0 siblings, 1 reply; 3+ messages in thread
From: Erich Eckner @ 2019-11-22  9:07 UTC (permalink / raw)
  To: dm-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I have multiple disks with LUKS+integrity created by

cryptsetup luksFormat /dev/sde --key-file /mnt/key/key --integrity hmac-sha256

which are part of a raid6. Details of the device:

/dev/mapper/leg0 is active.
   type:    LUKS2
   cipher:  aes-xts-plain64
   keysize: 768 bits
   key location: keyring
   integrity: hmac(sha256)
   integrity keysize: 256 bits
   device:  /dev/sdb
   sector size:  512
   offset:  0 sectors
   size:    11031354576 sectors
   mode:    read/write


Recently, I rebooted this box and apparently, I missed to cleanly sync the 
disks, so they now report integrity errors, when mdadm probes (during 
assemble) for the raid superblock:

device-mapper: crypt: dm-1: INTEGRITY AEAD ERROR, sector 11031354368

There was no write activity on the raid before the reboot except for a 
running

mdadm /dev/md0 --replace /dev/dm-0 --with /dev/dm-1

which of course might have written a lot to all superblocks.

Since I believe, the superblocks should be mostly in-sync (except for 
event-counters?): Is there a way to ignore or re-calculate the integrity 
checks?

Also: What is the correct way to assure, that data has been synced to the 
disk(s) before switching off power? (If that matters, there is a 
raid-controller underneath: "06:00.0 RAID bus controller: Hewlett-Packard 
Company Smart Array G6 controllers (rev 01)" - but it
does not actually handle the raid, it only feeds the disks through to the 
os) I can execute any command after closing the luks-integrity device, my 
question aims at: what should I execute?

regards,
Erich


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3XpUQACgkQCu7JB1Xa
e1ry/hAAsWBT+D4UgVEbLNQj8s2cpFP8z4iTfT2vTG9UeEilxjpxrU5tPcRGKANv
qewyTwC5JrH6Mst3AE6P+ToSUWisMOcUXSg663dh4q8lmJjL/IdBrTU6cMqrFJV/
QXx3crf3j6soZ9AXSQgGRJm0wIV24WKg5vgTTDug56TR0ifUK+KJrWsqtforhtYu
hynMYlMHOcYUX4aPRHL6M56K9dSt92/9i5oRcm+jmKKSnTceJHduSD4RPMs93Lb9
JYIef1Qg+0wZqPZr1JD5AR+IU4J4dvysiqP9H3XYNIZaGYo2dGI6q6+6ksuGDxDu
sCeMFNlOdftptC8HlVUm29sERNEXqN+cWZ5X9OdEPKPuY+fQtF4vugy9rRcw+Q41
FHLGs5Aip/jGbXxh0vtOflcpZF4O4j4mu5r0KWEh1YgMIOb+JeWueGamSCdvb0yP
p/ZwfCM0a3sncOw5YRIIS6YXshCl57xzgRv326Z199Y9uROAd0pGvW2B91pKS2QM
W++AaEozRAT5X/5PSSJpw9bx2iprS6YwkygCeFuIswcrMfvbaiwBdXeIVvPZRJjO
lTVMnxWIqt3zkDWaZdwJzQCFycLtlGGXlei4Y3TCBfwRRGBWj6iLRY6t7SlKX9ST
7KHoha1dp2EheKJV6eZXo0mxrF7bt6gcPeVpPZIKKGJG5XkgHMA=
=VedA
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: ignore/update integrity checksums
  2019-11-22  9:07 ignore/update integrity checksums Erich Eckner
@ 2019-11-22 10:09 ` Erich Eckner
  0 siblings, 0 replies; 3+ messages in thread
From: Erich Eckner @ 2019-11-22 10:09 UTC (permalink / raw)
  To: dm-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 22 Nov 2019, Erich Eckner wrote:

> Hi,
>
> I have multiple disks with LUKS+integrity created by
>
> cryptsetup luksFormat /dev/sde --key-file /mnt/key/key --integrity 
> hmac-sha256
>
> which are part of a raid6. Details of the device:
>
> /dev/mapper/leg0 is active.
>  type:    LUKS2
>  cipher:  aes-xts-plain64
>  keysize: 768 bits
>  key location: keyring
>  integrity: hmac(sha256)
>  integrity keysize: 256 bits
>  device:  /dev/sdb
>  sector size:  512
>  offset:  0 sectors
>  size:    11031354576 sectors
>  mode:    read/write
>
>
> Recently, I rebooted this box and apparently, I missed to cleanly sync the 
> disks, so they now report integrity errors, when mdadm probes (during 
> assemble) for the raid superblock:
>
> device-mapper: crypt: dm-1: INTEGRITY AEAD ERROR, sector 11031354368
>
> There was no write activity on the raid before the reboot except for a 
> running
>
> mdadm /dev/md0 --replace /dev/dm-0 --with /dev/dm-1
>
> which of course might have written a lot to all superblocks.
>
> Since I believe, the superblocks should be mostly in-sync (except for 
> event-counters?): Is there a way to ignore or re-calculate the integrity 
> checks?
>
> Also: What is the correct way to assure, that data has been synced to the 
> disk(s) before switching off power? (If that matters, there is a 
> raid-controller underneath: "06:00.0 RAID bus controller: Hewlett-Packard 
> Company Smart Array G6 controllers (rev 01)" - but it
> does not actually handle the raid, it only feeds the disks through to the os) 
> I can execute any command after closing the luks-integrity device, my 
> question aims at: what should I execute?
>
> regards,
> Erich
>
>
> --
> dm-devel mailing list
> dm-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
>

just a follow-up experimentation with the broken disks:

I noticed /sys/block/dm-0/integrity/read_verify and similar which should 
manipulate verification upon read and updating upon write, according to

https://github.com/ibuildthecloud/ubuntu-kernel/blob/master/Documentation/block/data-integrity.txt#L169

However, changing /sys/block/dm-0/integrity/read_verify to 0 (it was at 1 
before) does not change the behaviour: `mdadm --examine` still generates 
read errors and cannot find its superblock for the corresponding crypt 
device.

Oh, I just see, that I forgot all the details of my system in the first 
email - sry! - here it comes:

This box is running arch linux with up-to-date packages.

# uname -a
Linux backup 5.3.12-arch1-1 #1 SMP PREEMPT Wed, 20 Nov 2019 19:45:16 +0000 
x86_64 GNU/Linux

# pacman -Q cryptsetup mdadm
cryptsetup 2.2.2-1
mdadm 4.1-2

regards,
Erich


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3Xs8gACgkQCu7JB1Xa
e1qykQ//cTcBJ1NGt2R3Cs23AGwdsUzsqyrf3ahPPWryFvN53GbYT6LOrjCqpF8n
DWNFQ/xBqDwpuQh3l3MatEoaIewGMgkjt2gcpG1aVPnZWJo1hgJDhpXW8locBpN+
h/q8bxcD9nOkMApDwu9bQxLIJcqBZISTgE8QmAvKvXFiPSuh22Gbth6NtSki2G3U
95TPvNbdMJCSG32SEQ1F3/4nky20CMkd31sam44pL//Mr9a6sSeKeaUeQ9rX13Oe
58kmkKp3d8ZIp89ruWgca2wEE5SZA3qdewWs5dfkCnLxzIs8tjL9jfrp1wR+yKNb
DiDj2i203IPxxIgcwu+aDPxboCrJDu3zEE1OcQf6ZDd7nGqsdaf2aGp/F/SkqQ9s
d20+DZSi+2NSQ8n782/zXuroVmy1of4eDn2flFSZFOKfuqgtWcQFnN+JZsZT/bIQ
xNKuD8eIY5lvO58Rpkg38JjIMfVuQiGdjfh1CK/ZUeYOXC6YnGgmOaZqdIWMH4ya
JknY7oXkCluGRNKn3wObufRMa3LkAjoRTmHRw4JpLWJgBxXaj7vsc/thrWy+Uw+3
cmwTMQBR3YttEAYsMRp+s6QNvN6ny3FlNAupnrSTiujjSnO7RZKTV5VeBOcAeoL4
4dTi0FTpehWWA6U3UlmUOafyZjGCHuXDVHKAbVUHiHjQJIpSztw=
=9Xhi
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 3+ messages in thread
* ignore/update integrity checksums
@ 2019-11-22  8:54 Erich Eckner
  0 siblings, 0 replies; 3+ messages in thread
From: Erich Eckner @ 2019-11-22  8:54 UTC (permalink / raw)
  To: dm-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I have multiple disks with LUKS+integrity created by

cryptsetup luksFormat /dev/sde --key-file /mnt/key/key --integrity hmac-sha256

which are part of a raid6. Details of the device:

/dev/mapper/leg0 is active.
   type:    LUKS2
   cipher:  aes-xts-plain64
   keysize: 768 bits
   key location: keyring
   integrity: hmac(sha256)
   integrity keysize: 256 bits
   device:  /dev/sdb
   sector size:  512
   offset:  0 sectors
   size:    11031354576 sectors
   mode:    read/write


Recently, I rebooted this box and apparently, I missed to cleanly sync the 
disks, so they now report integrity errors, when mdadm probes (during 
assemble) for the raid superblock:

device-mapper: crypt: dm-1: INTEGRITY AEAD ERROR, sector 11031354368

There was no write activity on the raid before the reboot except for a 
running

mdadm /dev/md0 --replace /dev/dm-0 --with /dev/dm-1

which of course might have written a lot to all superblocks.

Since I believe, the superblocks should be mostly in-sync (except for 
event-counters?): Is there a way to ignore or re-calculate the integrity 
checks?

Also: What is the correct way to assure, that data has been synced to the 
disk(s) before switching off power? (If that matters, there is a 
raid-controller underneath: "06:00.0 RAID bus controller: Hewlett-Packard 
Company Smart Array G6 controllers (rev 01)" - but it does not actually 
handle the raid, it only feeds the disks through to the os) I can execute 
any command after closing the luks-integrity device, my question aims at: 
what should I execute?

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3XojcACgkQCu7JB1Xa
e1q17g//TCKyH5US3c5j+FHH/90gsAoW8LuMzeIV3KnswtJm1fA/lWhbJMbKG/8r
eo1P48wOKLRTNT5RJV+M3+we/80la/x6PGl2IM/WXTGT8TAdOISKksifzJ7/wXhd
UxIjzhenc2mFnpYjrMABY3BYGvJf7AkrmrmliGe/BO9sMKej6R1WlE17ZOD+sGFN
/FWLPtgcBcfVFNk+tn2aUa6oovLxpzzhYUcktuqpI0WQOOydQwRsb3sIM0bYHpNZ
99ieIHyIDY7p0V/Ym0Msm/ic1PIzsPtWl6MiRmzjXf8v0UVVFKb23kuPxXHKEBLV
5u/DOzbrBpT+w5hI8eUk5me/qUPWEnrY/4AodZEJxwOpbeqOEbLPa15cPxwT5s3b
+45mpf0raREAI4WANNym5FmAxVukaQKaEGJ7Q8AyVJtN76oGaPNhxEQ4BDxQXOsV
RituTR17MULV80jpVS2atwRNkged9H6aRaDtcmrkx2qyaAHSLghXTLySID9XumbW
pkH45nWvsU1z8t8Lvxy81CrMnB8cmy6Iud3yH1WVKvCnjqmbSZQ4FMXw0fiAas+C
Q1ipkMdKg2mgLUQCRgwWpbvtVR14kZnQjZoPAhOTzbGaYTRbaEPkOMoKqCRStUkb
3l+Hg+AGeP9CR19sFYoR2HSnJGdeK/kYUEBuNfHrOjop2yi+lZY=
=aG59
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-22 10:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-22  9:07 ignore/update integrity checksums Erich Eckner
2019-11-22 10:09 ` Erich Eckner
  -- strict thread matches above, loose matches on Subject: below --
2019-11-22  8:54 Erich Eckner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.