Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 16, 2023 at 08:17:58AM +0100, Hans Petter Selasky wrote:
> On 1/15/23 14:53, Michal Suchánek wrote:
> > > Many people think that bit errors cannot happen because the memory uses ECC
> > > and the file system uses cryptographic hashes to verify the integrity of the
> > > data. But what many people forget about is that when copying data from
> > > memory to disk, typically using a DMA channel data is copied w/o any kind of
> > > integrity protection, because the integrity protection is not end-to-end.
> > > The integrity protection is only per-link.
> >
> > So long as all links have integrity protection it's end-to-end.
> >
> 
> Hi Michael,
> 
> You clearly don't see what this is about! Only if the same CRC mechanism is
> end-to-end, you don't have any good integrity mechanism at all!
> 
> Let me try to explain what this is about in very simple words. Because
> memcpy() does not copy the ECC CRC values along with the data, it is an
> unsafe memory copy mechanism, which may introduce bit-errors without
> noticing. It does not help to only have ECC RAM or for that sake protect the
> PCI links.
The ECC protects against 1bit errors - so long as only 1 bit is flipped
along that path it is corrected.

If you have bigger errors ECC can sometimes detect them and your system
crashes or whatever, and sometimes they go unnoticed.

It does not make sense to copy around that CRC. It is used to recover
the corrupted bit, and when that data is copied to a new location a new
CRC is calculated that can detect an error in that location. Copying
that checksum around would only accumulate the errors.

Of course, that assumes that the corruption happens only in the cheaper
external long-term storage, and data does not get corrupted as it goes
through your CPU where it is stored only a few CPU cycles at a time. It
is mostly the case but when you need extreme reliability system-level
schemes that mitigate this possibility do exist.

Thanks

Michal



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux