From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
To: Dmitrii Tcvetkov <demfloro@demfloro.ru>,
Daniel Pocock <daniel@pocock.pro>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: FAQ / encryption / error handling?
Date: Mon, 27 Nov 2017 08:05:25 -0500 [thread overview]
Message-ID: <f7d32a71-c2f6-70d7-4e68-619ef64dadb7@gmail.com> (raw)
In-Reply-To: <20171127130608.20356674@job>
On 2017-11-27 05:06, Dmitrii Tcvetkov wrote:
> On Mon, 27 Nov 2017 09:06:12 +0100
> Daniel Pocock <daniel@pocock.pro> wrote:
>
>> Hi all,
>>
>> The FAQ has a couple of sections on encryption (general and dm-crypt)
>>
>> One thing that isn't explained there: if you create multiple encrypted
>> volumes (e.g. using dm-crypt) and use Btrfs to combine them into
>> RAID1, how does error recovery work when a read operation returns
>> corrupted data?
>>
>> Without encryption, reading from one disk would give a checksum
>> mismatch and Btrfs would read from the other disk to (hopefully) get
>> a good copy of the data.
>>
>> With this encryption scenario, the failure would potentially be
>> detected in the decryption layer code and instead of returning bad
>> data to Btrfs, it would return some error code. In that case, will
>> Btrfs attempt to read from the other volume and allow the application
>> to proceed as if nothing was wrong?
>>
>> Regards,
>>
>> Daniel
>
> Default (aes-xts-plain64) dm-crypt setup can't verify integrity
> of encrypted block and in case of silent corruption will decrypt it to
> garbage which btrfs will catch. In case of AEAD encryption
> (dm-crypt plus dm-integrity) it can verify integrity itself but I'm not
> sure right now which exact error it returns to upper layer as I didn't
> used it yet.
The exact error shouldn't matter, provided that BTRFS perceives it as a
read error from the 'device' (in reality the virtual DM device).
Provided that condition is met, the error is handled pretty much the
same regardless of the exact error code.
>
> I use btrfs raid1 on top of LVM on top of dm-crypt devices and
> it handled bad blocks on physical devices normally (there was a burst of
> about 900 reallocates on one device which btrfs caught and fixed).Same here, and I've also tested it on top of dm-integrity, where BTRFS
will correctly handle errors passed up from dm-integrity failing to
verify blocks.
prev parent reply other threads:[~2017-11-27 13:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 8:06 FAQ / encryption / error handling? Daniel Pocock
2017-11-27 10:06 ` Dmitrii Tcvetkov
2017-11-27 13:05 ` Austin S. Hemmelgarn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7d32a71-c2f6-70d7-4e68-619ef64dadb7@gmail.com \
--to=ahferroin7@gmail.com \
--cc=daniel@pocock.pro \
--cc=demfloro@demfloro.ru \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).