Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757526AbbKFRXc (ORCPT ); Fri, 6 Nov 2015 12:23:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54559 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751365AbbKFRXa (ORCPT ); Fri, 6 Nov 2015 12:23:30 -0500 Date: Fri, 6 Nov 2015 12:23:29 -0500 (EST) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: Milan Broz cc: Sami Tolvanen , device-mapper development , Mandeep Baines , Will Drewry , Kees Cook , Mike Snitzer , linux-kernel@vger.kernel.org, Alasdair Kergon , Mark Salyzyn Subject: Re: [PATCH 0/4] dm verity: add support for error correction In-Reply-To: <563B066C.6050202@redhat.com> Message-ID: References: <1446688954-29589-1-git-send-email-samitolvanen@google.com> <563B066C.6050202@redhat.com> User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2671 Lines: 63 On Thu, 5 Nov 2015, Milan Broz wrote: > On 11/05/2015 03:02 AM, Sami Tolvanen wrote: > > This patch set adds error correction support to dm-verity, which > > makes it possible to recover from data corruption in exchange of > > increased space overhead. > > > > The feature is implemented as part of dm-verity to take advantage > > of the existing hash tree to improve performance and locate known > > erasures. > > Hi, > > could you please elaborate why is all this needed? To extend support > of some faulty flash chips? > > Do you have some statistics that there are really such correctable errors > in real devices? I'm also wondering what is this patch useful for. Disks and flash controllers have their own error detection and correction, so the controller will much more likely return an I/O error rather than corrupted data. And the patch does absolutely nothing to recover from an I/O error, it only attempts to correct corrupted reads. Another point - if the read-only system partition is experiencing some errors, than the read-write partition will probably have errors too (because both partitions are on the same flash chip) and the Chromebook or smartphone will be unusable anyway because of errors on the writeable partition. Do you have some real case where such error corrections increase longevity of some device? > Anyway, I really do not understand layer separation here. Either we have > cryptographically strong data integrity checking or we have > error-correction. Are we sure this combination does not create some unintended > gap in integrity checking? Why the integrity check should even try to do some > error correction if there is an intentional integrity attack? > > IMO if you need an error correction, this should be placed as a separate > layer below the crypto integrity check, the same as RAID operates. If error correction was placed below dm-verity, it would degrade performance because it would have to verify every sector, even if dm-verity said that the sector is valid. But you can take raid5 in read-only mode, put it on several partitions protected with dm-verity and you get decent error correction (unlike this patch, it would also correct I/O errors returned by the flash controller). I suggest doing this. > The second question - why are you writing another separate tool > for maintenance for dm-verity when there is veritysetup? > > Milan Mikulas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/