Re: [PATCH v2 0/7] dm-integrity: asynchronous hash support

[Ingo Franzki <ifranzki@xxxxxxxxxxxxx>]

On 08.09.2025 15:16, Mikulas Patocka wrote:
> Hi
> 
> These patches add asynchronous hash support to dm-integrity.
> 
> Harald, please test them, I will commit them if they work for you.
> 
> Mikulas
> 

I have started to test your patches in top of 6.17.0-rc5.
I am testing 2 scenarios:
1.) plain dm-integrity using PHMAC.
2.) combined encryption and integrity (LUKS2 with integrity option) using PHMAC (and PAES).

Plain dm-integrity using PHMAC seems to work fine. No errors occurred, but I certainly have not stress-teted it.
I did:
# integritysetup format --integrity phmac-sha256 --integrity-key-file '<key-file>' --integrity-key-size <size-of-key> /dev/loop0
# integritysetup open --integrity phmac-sha256 --integrity-key-file '<key-file>' --integrity-key-size <size-of-key> /dev/loop0
# mkfs.ext4 /dev/mapper/int-loop
# mount /dev/mapper/int-loop /mnt
- read/write data to/from /mnt

All works fine.

However, combined encryption and integrity seems to have problems. Not sure if this is related to your changes in dm-integrity, or if there is still something missing in dm-crypt, or the interface between the two:
I did:

# cryptsetup luksFormat --type luks2 --master-key-file '<key-file>' --key-size <size-of-encryption-key-in-bits> --cipher paes-xts-plain64 --pbkdf argon2i --pbkdf-memory 32 --pbkdf-force-iterations 4 --integrity phmac-sha256 --integrity-key-size <size-of-integrity-key-in-bits> /dev/loop0
# cryptsetup luksOpen /dev/loop0 int-loop

The open step succeeds, but the following errors are shown in the journal:

Sep 09 04:54:50 fedora kernel: crypt_convert_block_aead: 12 callbacks suppressed
Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:54:50 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:54:50 fedora kernel: buffer_io_error: 3 callbacks suppressed
Sep 09 04:54:50 fedora kernel: Buffer I/O error on dev dm-1, logical block 43872, async page read
Sep 09 04:54:50 fedora 55-scsi-sg3_id.rules[2378]: WARNING: SCSI device dm-1 has no device ID, consider changing .SCSI_ID_SERIAL_SRC in 00-scsi-sg3_config.rules

Still, the mapper devices are there as expected:

# ll /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  9 04:26 control
lrwxrwxrwx 1 root root       7 Sep  9 04:54 int-loop -> ../dm-1
lrwxrwxrwx 1 root root       7 Sep  9 04:54 int-loop_dif -> ../dm-0


# lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
loop0            7:0    0   200M  0 loop
└─int-loop_dif 251:0    0 171.4M  0 crypt
  └─int-loop   251:1    0 171.4M  0 crypt

However, when making a file system on int-loop it fails:

# mkfs.ext4 /dev/mapper/int-loop
mke2fs 1.47.0 (5-Feb-2023)
Warning: could not erase sector 2: Input/output error
Creating filesystem with 175564 1k blocks and 43824 inodes
Filesystem UUID: 4a6d4579-0b58-4be7-aa67-1f76e4e754b7
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729

Allocating group tables: done
Warning: could not read block 0: Input/output error
Warning: could not erase sector 0: Input/output error
Writing inode tables: done
ext2fs_write_inode_full: Input/output error while writing reserved inodes


And the following messages appear on the journal:

Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 350976
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 43872, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: trusted_key: device-mapper: crypt: dm-0: INTEGRITY AEAD ERROR, sector 0
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora kernel: Buffer I/O error on dev dm-1, logical block 0, async page read
Sep 09 04:56:14 fedora 55-scsi-sg3_id.rules[2399]: WARNING: SCSI device dm-1 has no device ID, consider changing .SCSI_ID_SERIAL_SRC in 00-scsi-sg3_config.rules

This does not really look good.


-- 
Ingo Franzki
eMail: ifranzki@xxxxxxxxxxxxx  
Tel: ++49 (0)7031-16-4648
Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/