On 08.09.2025 15:16, Mikulas Patocka wrote:
> Hi
>
> These patches add asynchronous hash support to dm-integrity.
>
> Harald, please test them, I will commit them if they work for you.
>
> Mikulas
>
I have started to test your patches in top of 6.17.0-rc5.
I am testing 2 scenarios:
1.) plain dm-integrity using PHMAC.
2.) combined encryption and integrity (LUKS2 with integrity option) using PHMAC
(and PAES).
Plain dm-integrity using PHMAC seems to work fine. No errors occurred, but I
certainly have not stress-teted it.
I did:
# integritysetup format --integrity phmac-sha256 --integrity-key-file
'<key-file>' --integrity-key-size <size-of-key> /dev/loop0
# integritysetup open --integrity phmac-sha256 --integrity-key-file
'<key-file>' --integrity-key-size <size-of-key> /dev/loop0
# mkfs.ext4 /dev/mapper/int-loop
# mount /dev/mapper/int-loop /mnt
- read/write data to/from /mnt
All works fine.
However, combined encryption and integrity seems to have problems. Not sure if
this is related to your changes in dm-integrity, or if there is still something
missing in dm-crypt, or the interface between the two:
I did:
# cryptsetup luksFormat --type luks2 --master-key-file '<key-file>' --key-size
<size-of-encryption-key-in-bits> --cipher paes-xts-plain64 --pbkdf argon2i
--pbkdf-memory 32 --pbkdf-force-iterations 4 --integrity phmac-sha256
--integrity-key-size <size-of-integrity-key-in-bits> /dev/loop0
# cryptsetup luksOpen /dev/loop0 int-loop
The open step succeeds, but the following errors are shown in the journal:
Sep 09 04:54:50 fedora kernel: crypt_convert_block_aead: 12 callbacks suppressed
Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:54:50 fedora kernel: buffer_io_error: 3 callbacks suppressed
Sep 09 04:54:50 fedora kernel: Buffer I/O error on dev dm-1, logical block
43872, async page read
Sep 09 04:54:50 fedora 55-scsi-sg3_id.rules[2378]: WARNING: SCSI device dm-1
has no device ID, consider changing .SCSI_ID_SERIAL_SRC in
00-scsi-sg3_config.rules
Still, the mapper devices are there as expected:
# ll /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep 9 04:26 control
lrwxrwxrwx 1 root root 7 Sep 9 04:54 int-loop -> ../dm-1
lrwxrwxrwx 1 root root 7 Sep 9 04:54 int-loop_dif -> ../dm-0
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 200M 0 loop
└─int-loop_dif 251:0 0 171.4M 0 crypt
└─int-loop 251:1 0 171.4M 0 crypt
However, when making a file system on int-loop it fails:
# mkfs.ext4 /dev/mapper/int-loop
mke2fs 1.47.0 (5-Feb-2023)
Warning: could not erase sector 2: Input/output error
Creating filesystem with 175564 1k blocks and 43824 inodes
Filesystem UUID: 4a6d4579-0b58-4be7-aa67-1f76e4e754b7
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Allocating group tables: done
Warning: could not read block 0: Input/output error
Warning: could not erase sector 0: Input/output error
Writing inode tables: done
ext2fs_write_inode_full: Input/output error while writing reserved inodes
And the following messages appear on the journal:
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block
43872, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0:
INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0,
async page read
Sep 09 04:56:14 fedora 55-scsi-sg3_id.rules[2399]: WARNING: SCSI device dm-1
has no device ID, consider changing .SCSI_ID_SERIAL_SRC in
00-scsi-sg3_config.rules
This does not really look good.
--
Ingo Franzki
eMail: [email protected]
Tel: ++49 (0)7031-16-4648
Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB
243294
IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/
