Hello, Dear devcice-mapper maintainers.
I'm JeongHyeon Lee, work in Samsung. I'm chage of DM-Verity feature with
Mr. sunwook eom.
I have a patch or suggestion about DM-Verity error handling.
Our device (smart phone) need DM-Verity feature. So I hope there is new
mode DM-Verity error handling.
This new mode concept is When detect corrupted block, will be go to panic.
Because our team policy is found device DM-Verity error, device will go
panic.
And then analyze what kind of device fault (crash UFS, IO error, DRAM
bit flip etc)
In addition to the smart phone, I would like to have an option that
users or administrators can use accordingly.
There are patch contents in the attachment. I would really appreciate it
if you could check it.
I will look forward to hearing from yours.
Thank you :)
On Thu, Jun 18 2020 at 2:56am -0400,
JeongHyeon Lee <[email protected]> wrote:
> Hello, Dear devcice-mapper maintainers.
>
> I'm JeongHyeon Lee, work in Samsung. I'm chage of DM-Verity feature with
> Mr. sunwook eom.
> I have a patch or suggestion about DM-Verity error handling.
>
> Our device (smart phone) need DM-Verity feature. So I hope there is new
> mode DM-Verity error handling.
> This new mode concept is When detect corrupted block, will be go to panic.
>
> Because our team policy is found device DM-Verity error, device will go
> panic.
> And then analyze what kind of device fault (crash UFS, IO error, DRAM
> bit flip etc)
>
> In addition to the smart phone, I would like to have an option that
> users or administrators can use accordingly.
> There are patch contents in the attachment. I would really appreciate it
> if you could check it.
>
> I will look forward to hearing from yours.
> Thank you :)
>
I do not accept that panicing the system because of verity failure is
reasonable.
In fact, even rebooting (via DM_VERITY_MODE_RESTART) looks very wrong.
The device should be put in a failed state and left for admin recovery.
Mike
On Thu, Jun 18, 2020 at 11:44:45AM -0400, Mike Snitzer wrote:
> I do not accept that panicing the system because of verity failure is
> reasonable.
>
> In fact, even rebooting (via DM_VERITY_MODE_RESTART) looks very wrong.
>
> The device should be put in a failed state and left for admin recovery.
That's exactly how the restart mode works on some Android devices. The
bootloader sees the verification error and puts the device in recovery
mode. Using the restart mode on systems without firmware support won't
make sense, obviously.
Sami