[dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

Chaitra Bhat Chaitra.Bhat at VERIFONE.com
Thu Aug 15 09:36:28 UTC 2013 

Hi Mikulas,

I have attached a simple script to demonstrate what I was trying to tell. It is based on the verify-compat-test script. Feel free to modify the script; the script is basically to get the idea across.

For the Successful Case
#source script_test
#check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 2

For the Failure Case
#source script_test
#check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 1

Regards,
Chaitra
________________________________________
From: Mikulas Patocka [mpatocka at redhat.com]
Sent: 15 August 2013 01:23
To: Chaitra Bhat
Cc: device-mapper development; Alasdair G Kergon
Subject: RE: [dm-devel] dm-verity: Verification fails but do not see Input/Output Error on read

On Tue, 13 Aug 2013, Chaitra Bhat wrote:

> Hi Mikulas,
>
> I figured out what was happening - but I would need your help to explain
> these behaviours please :)
>
> Case I - Format the hash device, verify and create the dm-verity target.
> Then modify data in the underlying data-device using dd. Read back the
> data from the modified location from the verity-device.
>
> Result: Verify fails but 'NO' I/O error reported when reading back from
> the location using dd.

So, create a script that results in this scenario of not reporting I/O
error and send it to us.

Mikulas

> Case II - Format the hash device, verify and create the dm-verity target
> device. Remove the verity target, then modify the data in the
> data-device using dd. Load the verity target and read-back the data from
> the verity-device from the modified location.
>
> Result: Verify fails and also get I/O error on reading that location
> using dd.
>
> My understanding was that the verity-device could be created and mounted
> and then if the underlying data was corrupted somehow, then a read of
> invalid data from that corrupted location will return -EIO.
>
> Chaitra
>
> PS: I was following the examples in the verity-compat-test script.

________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: script_test.sh
Type: application/x-shellscript
Size: 2776 bytes
Desc: script_test.sh
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20130815/6b61085e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20130815/6b61085e/attachment.sig>

More information about the dm-devel mailing list