From nobody@FreeBSD.org  Sun Nov 28 17:12:52 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D837B106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 28 Nov 2010 17:12:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id C5D848FC1F
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 28 Nov 2010 17:12:52 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oASHCqcU034385
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 28 Nov 2010 17:12:52 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oASHCqvm034384;
	Sun, 28 Nov 2010 17:12:52 GMT
	(envelope-from nobody)
Message-Id: <201011281712.oASHCqvm034384@red.freebsd.org>
Date: Sun, 28 Nov 2010 17:12:52 GMT
From: Intensity <e88c8uazkf@snkmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         152647
>Category:       kern
>Synopsis:       Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 28 17:20:09 UTC 2010
>Closed-Date:    Tue Jun 14 15:11:02 UTC 2011
>Last-Modified:  Tue Jun 14 15:11:02 UTC 2011
>Originator:     Intensity
>Release:        8.1-STABLE
>Organization:
>Environment:
FreeBSD 8.1-STABLE-201011 FreeBSD 8.1-STABLE-201011 #0: Wed Nov  3 21:19:34 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I install a GELI+ZFS system as instructed at:

  http://forums.freebsd.org/showthread.php?t=2775

However, I specify "-a HMAC/SHA512" to the geli command.  In doing so from the live CD, that running GELI/ZFS setup seems to work just fine with no indication of a problem.  However, when rebooting, perhaps some information about the GELI system is lost, since upon rebooting I get a multitude of errors looking like:

  GEOM_ELI: ad0s1a: 8192 bytes corrupted at offset 6455033856.

When I follow the instructions again but without adding "-a HMAC/SHA512" then everything works.  The authentication layer should add resilience, not create fatal problems in mounting the system.  I'd recommend checking into this but also running tests on more elaborate setups.
>How-To-Repeat:
Follow the instructions at:

  http://forums.freebsd.org/showthread.php?t=2775

but add "-a HMAC/SHA512" to the geli command.
>Fix:
No known fix.  The use of HMAC/SHA512 may not be popular or as well-tested.  I understand that this level is redundant when the underlying ZFS provides checksums, but I wanted to do both.

>Release-Note:
>Audit-Trail:

From: Stefan =?iso-8859-1?Q?Kr=FCger?= <stadtkind2@gmx.de>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/152647: Use of geli hmac/sha512 yields GEOM_ELI "bytes
 corrupted at offset" error
Date: Tue, 11 Jan 2011 11:36:20 +0100

 The problem still exists on 8.2-RC1.
 
 FreeBSD beastie.home.lan 8.2-RC1 FreeBSD 8.2-RC1 #0: Thu Dec 23 15:32:35 UTC 2010     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
 
 Steps to reproduce the issue:
 
 # swapoff -a
 # geli load
 # geli onetime -a HMAC/SHA1 -e AES-CBC -s 4096 -d /dev/ad0s1b
 GEOM_ELI: Device ad0s1b.eli created.
 GEOM_ELI: Encryption: AES-CBC 128
 GEOM_ELI:  Integrity: HMAC/SHA1
 GEOM_ELI:     Crypto: software
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 954429440.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 65536.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 8192.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 0.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 262144.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 65536.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 8192.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 0.
 GEOM_ELI: ad0s1b.eli: 8192 bytes corrupted at offset 262144.
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 32768.
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 0.
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 8192.
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 65536.
 GEOM_ELI: ad0s1b.eli: 4096 bytes corrupted at offset 0.
 # 
 
 This happens with any data integrity verification algorithm.
 
 Also, newfs'ing a HMAC/* geli partition is not possible.
 
 HTH

From: Robert Simmons <rsimmons0@gmail.com>
To: bug-followup@freebsd.org,
 e88c8uazkf@snkmail.com
Cc:  
Subject: Re: kern/152647: Use of geli hmac/sha512 yields GEOM_ELI "bytes corrupted at offset" error
Date: Thu, 9 Jun 2011 22:51:06 -0400

 I can verify that this bug exists on my machine as well.  I am using 8.2-
 RELEASE and I have run into this problem with each and every -a algorithm 
 available in geli(8).
State-Changed-From-To: open->closed 
State-Changed-By: ae 
State-Changed-When: Tue Jun 14 15:08:08 UTC 2011 
State-Changed-Why:  
The geli(8) manual page was modified (r216147, r223074, r223076) 
and it recommends to overwrite whole geli provider before use. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152647 
>Unformatted:
