* FAQ / encryption / error handling?
@ 2017-11-27 8:06 Daniel Pocock
2017-11-27 10:06 ` Dmitrii Tcvetkov
0 siblings, 1 reply; 3+ messages in thread
From: Daniel Pocock @ 2017-11-27 8:06 UTC (permalink / raw)
To: linux-btrfs
Hi all,
The FAQ has a couple of sections on encryption (general and dm-crypt)
One thing that isn't explained there: if you create multiple encrypted
volumes (e.g. using dm-crypt) and use Btrfs to combine them into RAID1,
how does error recovery work when a read operation returns corrupted data?
Without encryption, reading from one disk would give a checksum mismatch
and Btrfs would read from the other disk to (hopefully) get a good copy
of the data.
With this encryption scenario, the failure would potentially be detected
in the decryption layer code and instead of returning bad data to Btrfs,
it would return some error code. In that case, will Btrfs attempt to
read from the other volume and allow the application to proceed as if
nothing was wrong?
Regards,
Daniel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FAQ / encryption / error handling?
2017-11-27 8:06 FAQ / encryption / error handling? Daniel Pocock
@ 2017-11-27 10:06 ` Dmitrii Tcvetkov
2017-11-27 13:05 ` Austin S. Hemmelgarn
0 siblings, 1 reply; 3+ messages in thread
From: Dmitrii Tcvetkov @ 2017-11-27 10:06 UTC (permalink / raw)
To: Daniel Pocock; +Cc: linux-btrfs
On Mon, 27 Nov 2017 09:06:12 +0100
Daniel Pocock <daniel@pocock.pro> wrote:
> Hi all,
>
> The FAQ has a couple of sections on encryption (general and dm-crypt)
>
> One thing that isn't explained there: if you create multiple encrypted
> volumes (e.g. using dm-crypt) and use Btrfs to combine them into
> RAID1, how does error recovery work when a read operation returns
> corrupted data?
>
> Without encryption, reading from one disk would give a checksum
> mismatch and Btrfs would read from the other disk to (hopefully) get
> a good copy of the data.
>
> With this encryption scenario, the failure would potentially be
> detected in the decryption layer code and instead of returning bad
> data to Btrfs, it would return some error code. In that case, will
> Btrfs attempt to read from the other volume and allow the application
> to proceed as if nothing was wrong?
>
> Regards,
>
> Daniel
Default (aes-xts-plain64) dm-crypt setup can't verify integrity
of encrypted block and in case of silent corruption will decrypt it to
garbage which btrfs will catch. In case of AEAD encryption
(dm-crypt plus dm-integrity) it can verify integrity itself but I'm not
sure right now which exact error it returns to upper layer as I didn't
used it yet.
I use btrfs raid1 on top of LVM on top of dm-crypt devices and
it handled bad blocks on physical devices normally (there was a burst of
about 900 reallocates on one device which btrfs caught and fixed).
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FAQ / encryption / error handling?
2017-11-27 10:06 ` Dmitrii Tcvetkov
@ 2017-11-27 13:05 ` Austin S. Hemmelgarn
0 siblings, 0 replies; 3+ messages in thread
From: Austin S. Hemmelgarn @ 2017-11-27 13:05 UTC (permalink / raw)
To: Dmitrii Tcvetkov, Daniel Pocock; +Cc: linux-btrfs
On 2017-11-27 05:06, Dmitrii Tcvetkov wrote:
> On Mon, 27 Nov 2017 09:06:12 +0100
> Daniel Pocock <daniel@pocock.pro> wrote:
>
>> Hi all,
>>
>> The FAQ has a couple of sections on encryption (general and dm-crypt)
>>
>> One thing that isn't explained there: if you create multiple encrypted
>> volumes (e.g. using dm-crypt) and use Btrfs to combine them into
>> RAID1, how does error recovery work when a read operation returns
>> corrupted data?
>>
>> Without encryption, reading from one disk would give a checksum
>> mismatch and Btrfs would read from the other disk to (hopefully) get
>> a good copy of the data.
>>
>> With this encryption scenario, the failure would potentially be
>> detected in the decryption layer code and instead of returning bad
>> data to Btrfs, it would return some error code. In that case, will
>> Btrfs attempt to read from the other volume and allow the application
>> to proceed as if nothing was wrong?
>>
>> Regards,
>>
>> Daniel
>
> Default (aes-xts-plain64) dm-crypt setup can't verify integrity
> of encrypted block and in case of silent corruption will decrypt it to
> garbage which btrfs will catch. In case of AEAD encryption
> (dm-crypt plus dm-integrity) it can verify integrity itself but I'm not
> sure right now which exact error it returns to upper layer as I didn't
> used it yet.
The exact error shouldn't matter, provided that BTRFS perceives it as a
read error from the 'device' (in reality the virtual DM device).
Provided that condition is met, the error is handled pretty much the
same regardless of the exact error code.
>
> I use btrfs raid1 on top of LVM on top of dm-crypt devices and
> it handled bad blocks on physical devices normally (there was a burst of
> about 900 reallocates on one device which btrfs caught and fixed).Same here, and I've also tested it on top of dm-integrity, where BTRFS
will correctly handle errors passed up from dm-integrity failing to
verify blocks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-27 13:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-27 8:06 FAQ / encryption / error handling? Daniel Pocock
2017-11-27 10:06 ` Dmitrii Tcvetkov
2017-11-27 13:05 ` Austin S. Hemmelgarn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).