On 09.09.2025 11:42, Mikulas Patocka wrote: > > > On Tue, 9 Sep 2025, Ingo Franzki wrote: > >> However, combined encryption and integrity seems to have problems. Not >> sure if this is related to your changes in dm-integrity, or if there is >> still something missing in dm-crypt, or the interface between the two: >> >> I did: >> >> # cryptsetup luksFormat --type luks2 --master-key-file '<key-file>' >> --key-size <size-of-encryption-key-in-bits> --cipher paes-xts-plain64 >> --pbkdf argon2i --pbkdf-memory 32 --pbkdf-force-iterations 4 --integrity >> phmac-sha256 --integrity-key-size <size-of-integrity-key-in-bits> >> /dev/loop0 >> >> # cryptsetup luksOpen /dev/loop0 int-loop >> >> The open step succeeds, but the following errors are shown in the journal: >> >> Sep 09 04:54:50 fedora kernel: crypt_convert_block_aead: 12 callbacks suppressed >> Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976 >> Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976 >> Sep 09 04:54:50 fedora kernel: buffer_io_error: 3 callbacks suppressed >> Sep 09 04:54:50 fedora kernel: Buffer I/O error on dev dm-1, logical block 43872, async page read >> Sep 09 04:54:50 fedora 55-scsi-sg3_id.rules[2378]: WARNING: SCSI device dm-1 has no device ID, consider changing .SCSI_ID_SERIAL_SRC in 00-scsi-sg3_config.rules > > In this mode, the encryption, decryption and authentication is done by > dm-crypt, not dm-integrity. dm-integrity just passes the tags around. > > So, it looks like a dm-crypt bug. > > Please, revert my patches and run the same test on a clean 6.17.0-rc5 just > to verify that the patches do not introduce the bug. With your patches reverted the combined mode fails the same way as with your patches. So they did not introduce the bug. > > Mikulas > -- Ingo Franzki eMail: ifranzki@xxxxxxxxxxxxx Tel: ++49 (0)7031-16-4648 Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Gregor Pillen Geschäftsführung: David Faller Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/
