Dear fellow dm-crypt fans, I've been using dm-crypt/twofish for more than 440 days without interruption, on a box under heavy use, and I have not seen any data losses (hopefully, I will not see them in the future ;-) ). The system uses dm-crypt on _hardware_ RAID5, so I'd second the suggestion that the problem others have run into seen to be caused by the s/w RAID _or_ the combination of the most useful dm stuff with s/w RAID. Best wishes and regards, Ernst Am Freitag, 2. Juni 2006 08:55 schrieb Dr. Uwe Meyer-Gruhl: > Kevin Eilers schrieb: > > Hi! > > > >> So, it seems that once the mapping is broken, it stays broken until it > >> is removed and recreated with cryptsetup. > > > > I have experienced something similar. It sometimes took me hours to > > produce the corruptions, but once I got the first warnings, every minor > > write operation triggered it until I rebooted (root and var filesystems > > were affected, so unmounting and remapping didn't work). > > > > Another thing I noticed: > > I was using lvm ontop of dm-crypt ontop of raid5 and some filesystems > > (logical volumes) would get corrupted when under heavy load, and others > > got corrupted when other filesystem were under heavy load. It may be > > coincidence but it was always the same combination: > > Producing heavy load on the var lv corrupted it. > > Producing heavy load on my data lv corrupted the root lv. > > > > All lvs were on the same volume group. > > > > > > Kevin > > Very interesting. > > Another observation: I had several occasions where I could stress the > filesystem for hours without a hitch and on the first access after a > pause, the problem would occur immediately. Maybe one could trigger the > problem by the following sequence: > > 1. cryptsetup > 2. mke2fs > 3. wait an hour > 4. begin copying to the filesystem > > And no, the drives were not in a power-save state (which should not be > much of a problem anyway) and I always disable powersaved. > > > But the most important new info I can contribute is that the Twofish > cipher brings no solution to our problem, so aes-i586 seems fine. Which > is what I expected, since even another DM target (dm-linear) does not > work, which effectively rules out dm-crypt and ciphers completely. > > This leaves us with the device mapper (any target) and RAID subsystems > as the main problem candidates. Considering that I had other problems > with cryptoloop, I'd favor the RAID subsystem. > > Since I have been using RAID without problems without device mapper or > CRYPTOLOOP, I suspect a race condition (critical region) between those > subsystems. > > Hope this helps. > > > Uwe > > > --------------------------------------------------------------------- > - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
