Re: The future of disk encryption with LUKS2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In the discussion a completely different situation is described.

I pointed out, that if no data made it to the drive (not even in it's internal cache) the transaction never started and we are at the old state. Failure or garbled write leaves us with an inconsistent/damaged header, we can easily recover from this by using the secondary header. If the primary header was written successfully, we are done.

And yes, we ask the drive to flush dirty pages before the header update, do the update, ask to flush dirty pages again, reread and check consistency, at this point if the header is consistent we should be okay. That is, if the drive is not purposefully lying to us.

Additionally I pointed out, that transactional semantics better be used...which in turn leads to more complexity in header updating and especially online resizing.

But, afterall, you can only die one way ....

Reagrds

-Sven


Am 08.02.2016 um 22:43 schrieb f-dm-c@xxxxxxxxxxxxx:
     > Date: Mon, 8 Feb 2016 21:51:34 +0100
     > From: Sven Eschenberg <sven@xxxxxxxxxxxxxxxxxxxxx>

     > If the data hasn't made it to the drive (or rather is not in transit)
     > then the change is just discarded leaving us in a stable state.

Please read the first part of discussion below---in particular, Ted's
description of the difference between SGI hardware of the day and
typical PC-class hardware of the day.  If we're analyzing the
consistency of the various headers in the event that power is failing
as we write them, it's not just about whether the write happened or
not or whether the hardware sector is corrupted from the drive's
perspective---it's also whether we can trust a sector the drive
thinks is okay but turns out not to be from our standpoint.

     > > http://zork.net/~nick/mail/why-reiserfs-is-teh-sukc

It is entirely possible that you could ask the drive to write garbage
and it would succeed.  It really isn't safe to make any assumptions
about how an entire machine -might- work as power is failing; in
general, the manufacturer (of any piece, much less the whole) has
not guaranteed you anything about its behavior, and it could do
anything.  Just because -your- machine does something doesn't mean
all users' machines out there will do the same thing.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux