From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com
 [IPv6:2a00:1450:4864:20::344])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 17 Jul 2019 21:49:05 +0200 (CEST)
Received: by mail-wm1-x344.google.com with SMTP id s15so1937918wmj.3
 for <dm-crypt@saout.de>; Wed, 17 Jul 2019 12:49:05 -0700 (PDT)
References: <40fa6a57-ac08-1f50-dbce-cadefcbf1ff4@codethink.co.uk>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <0ce29b38-3f32-d2bc-651e-071075941d43@gmail.com>
Date: Wed, 17 Jul 2019 21:49:02 +0200
MIME-Version: 1.0
In-Reply-To: <40fa6a57-ac08-1f50-dbce-cadefcbf1ff4@codethink.co.uk>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] veritysetup forward error correction failure
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Tom Eccles <tom.eccles@codethink.co.uk>, dm-crypt@saout.de
Cc: richardmaw@codethink.co.uk

On 17/07/2019 19:06, Tom Eccles wrote:
> Hello,
> 
> I have a question about veritysetup using forward error correction.
> 
> I created my dm-verity volume using
> 
> veritysetup --check-at-most-once --fec-device /dev/vdc --fec-roots 24 format
> /dev/vdb1 /dev/vdd
> 
> Then I introduce a single bit error into /dev/vdb1.
> 
> If I then open the dm-verity device using
> 
> veritysetup --fec-device /dev/vdc --fec-roots 24 open /dev/vdb1 vroot
> /dev/vdd <hash>
> 
> When I mount the device and inspect the corrupted file, the single bit error
> cannot be corrected:
> [  108.994804] device-mapper: verity-fec: 254:17: FEC 19300352: failed to
> correct: -74
> [  108.994834] device-mapper: verity: 254:17: data block 273411 is corrupted
> 
> However, if I verify the whole device using veritysetup it succeeds:
> 
> veritysetup --fec-device /dev/vdc --fec-roots 24 verify /dev/vdb1 /dev/vdd
> <hash>
> Verification failed at position 1119891456.
> Verification of data area failed.
> Found 1 repairable errors with FEC device
> 
> So I suspect that I have the wrong flags to veritysetup open. Can anybody
> see where I am going wrong?

Well, the FEC code in userspace and kernel differs, it is quite possible
that there could be some misconfiguration or a bug.

Please be sure you are testing access to the image and not
some cached data in meory - better flush all caches between runs with the command
"echo 3 > /proc/sys/vm/drop_caches".

If you can still reproduce it, please send version of the utility and
kernel (and --debug output as suggested in another mail) and if you have some
data/hash/fec images that can be used to reproduce it, let me know where I can find it.

Thanks,
Milan