From nobody@FreeBSD.org  Sun Mar  4 20:46:45 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 98D6E1065673
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  4 Mar 2012 20:46:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 797558FC1D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  4 Mar 2012 20:46:45 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q24Kkj0r009977
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 4 Mar 2012 20:46:45 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q24KkjpI009976;
	Sun, 4 Mar 2012 20:46:45 GMT
	(envelope-from nobody)
Message-Id: <201203042046.q24KkjpI009976@red.freebsd.org>
Date: Sun, 4 Mar 2012 20:46:45 GMT
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Make geli errors on first attachment clearer when using data authentication
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         165695
>Category:       kern
>Synopsis:       Make geli errors on first attachment clearer when using data authentication
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 04 20:50:12 UTC 2012
>Closed-Date:    Tue Jun 26 04:34:19 UTC 2012
>Last-Modified:  Tue Jun 26 04:34:19 UTC 2012
>Originator:     Robert Simmons
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD test 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012  root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Immediately after you attach a geli encrypted provider for the first time you get a series of error messages mentioning corrupted data such as the following if you configured that provider to use data authentication.

GEOM_ELI: ada0p4.eli: 4096 bytes corrupted at offset 0.
GEOM_ELI: ada0p4.eli: 4096 bytes corrupted at offset 4096.

As the man page suggests, one must use dd to write to the entire provider to initialize it before its first use.  These errors are because this initialization has not happened yet, and the data is failing authentication.  These errors are harmless at this point, and can be safely ignored.

I have patched the kernel errors to be more descriptive, and I've patched the man page to include a message about these errors and that they can be safely ignored.
>How-To-Repeat:
Replace the device node in the following with whatever is appropriate for your system.  Also, the -a is imperative because that is what is enabling data authentication in the provider.

geli init -b -v -a hmac/sha256 -l 256 -s 4096 /dev/ada0p4
geli attach /dev/ada0p4

After attaching this provider, you get the error messages in question.
>Fix:
I have included a unified diff to fix both the problem with the error messages and the man page to make sure what is happening is more clear.

Patch attached with submission follows:

diff -ur src/sbin/geom/class/eli/geli.8 src.new/sbin/geom/class/eli/geli.8
--- src/sbin/geom/class/eli/geli.8	2012-03-04 13:58:18.000000000 -0500
+++ src.new/sbin/geom/class/eli/geli.8	2012-03-04 14:52:36.000000000 -0500
@@ -925,6 +925,9 @@
 It is recommended to write to the whole provider before first use,
 in order to make sure that all sectors and their corresponding
 checksums are properly initialized into a consistent state.
+Due to this, one can safely ignore data authentication errors that occur
+immediately after the first time a provider is attached and when it is
+initialized by writing to it to set a consistent state.
 .Sh SEE ALSO
 .Xr crypto 4 ,
 .Xr gbde 4 ,
diff -ur src/sys/geom/eli/g_eli_integrity.c src.new/sys/geom/eli/g_eli_integrity.c
--- src/sys/geom/eli/g_eli_integrity.c	2011-05-08 05:17:56.000000000 -0400
+++ src.new/sys/geom/eli/g_eli_integrity.c	2012-03-04 15:12:58.000000000 -0500
@@ -206,7 +206,7 @@
 				 */
 				if (coroff != -1) {
 					G_ELI_DEBUG(0, "%s: %jd bytes "
-					    "corrupted at offset %jd.",
+					    "not authenticated at offset %jd.",
 					    sc->sc_name, (intmax_t)corsize,
 					    (intmax_t)coroff);
 					coroff = -1;
@@ -221,7 +221,7 @@
 		}
 		/* Report previous corruption if there was one. */
 		if (coroff != -1) {
-			G_ELI_DEBUG(0, "%s: %jd bytes corrupted at offset %jd.",
+			G_ELI_DEBUG(0, "%s: %jd bytes not authenticated at offset %jd.",
 			    sc->sc_name, (intmax_t)corsize, (intmax_t)coroff);
 		}
 	}


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sun Mar 4 21:16:36 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165695 

From: Robert Simmons <rsimmons0@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/165695: Make geli errors on first attachment clearer when
 using data authentication
Date: Sun, 29 Apr 2012 11:59:31 -0400

 --f46d0438927d50421904bed36c5e
 Content-Type: text/plain; charset=ISO-8859-1
 
 I went back and reread this patch and decided to make it a bit more
 clear since it hasn't been committed yet.  I've attached the adjusted
 patch.
 
 --f46d0438927d50421904bed36c5e
 Content-Type: text/plain; charset=US-ASCII; name="patch.txt"
 Content-Disposition: attachment; filename="patch.txt"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_h1maakf70
 
 ZGlmZiAtdXIgc3JjL3NiaW4vZ2VvbS9jbGFzcy9lbGkvZ2VsaS44IHNyYy5uZXcvc2Jpbi9nZW9t
 L2NsYXNzL2VsaS9nZWxpLjgKLS0tIHNyYy9zYmluL2dlb20vY2xhc3MvZWxpL2dlbGkuOAkyMDEy
 LTAzLTA0IDEzOjU4OjE4LjAwMDAwMDAwMCAtMDUwMAorKysgc3JjLm5ldy9zYmluL2dlb20vY2xh
 c3MvZWxpL2dlbGkuOAkyMDEyLTAzLTA0IDE0OjUyOjM2LjAwMDAwMDAwMCAtMDUwMApAQCAtOTI1
 LDYgKzkyNSw5IEBACiBJdCBpcyByZWNvbW1lbmRlZCB0byB3cml0ZSB0byB0aGUgd2hvbGUgcHJv
 dmlkZXIgYmVmb3JlIGZpcnN0IHVzZSwKIGluIG9yZGVyIHRvIG1ha2Ugc3VyZSB0aGF0IGFsbCBz
 ZWN0b3JzIGFuZCB0aGVpciBjb3JyZXNwb25kaW5nCiBjaGVja3N1bXMgYXJlIHByb3Blcmx5IGlu
 aXRpYWxpemVkIGludG8gYSBjb25zaXN0ZW50IHN0YXRlLgorT25lIGNhbiBzYWZlbHkgaWdub3Jl
 IGRhdGEgYXV0aGVudGljYXRpb24gZXJyb3JzIHRoYXQgb2NjdXIgaW1tZWRpYXRlbHkKK2FmdGVy
 IHRoZSBmaXJzdCB0aW1lIGEgcHJvdmlkZXIgaXMgYXR0YWNoZWQgYW5kIGJlZm9yZSBpdCBpcwor
 aW5pdGlhbGl6ZWQgaW4gdGhpcyB3YXkuCiAuU2ggU0VFIEFMU08KIC5YciBjcnlwdG8gNCAsCiAu
 WHIgZ2JkZSA0ICwKZGlmZiAtdXIgc3JjL3N5cy9nZW9tL2VsaS9nX2VsaV9pbnRlZ3JpdHkuYyBz
 cmMubmV3L3N5cy9nZW9tL2VsaS9nX2VsaV9pbnRlZ3JpdHkuYwotLS0gc3JjL3N5cy9nZW9tL2Vs
 aS9nX2VsaV9pbnRlZ3JpdHkuYwkyMDExLTA1LTA4IDA1OjE3OjU2LjAwMDAwMDAwMCAtMDQwMAor
 Kysgc3JjLm5ldy9zeXMvZ2VvbS9lbGkvZ19lbGlfaW50ZWdyaXR5LmMJMjAxMi0wMy0wNCAxNTox
 Mjo1OC4wMDAwMDAwMDAgLTA1MDAKQEAgLTIwNiw3ICsyMDYsNyBAQAogCQkJCSAqLwogCQkJCWlm
 IChjb3JvZmYgIT0gLTEpIHsKIAkJCQkJR19FTElfREVCVUcoMCwgIiVzOiAlamQgYnl0ZXMgIgot
 CQkJCQkgICAgImNvcnJ1cHRlZCBhdCBvZmZzZXQgJWpkLiIsCisJCQkJCSAgICAibm90IGF1dGhl
 bnRpY2F0ZWQgYXQgb2Zmc2V0ICVqZC4iLAogCQkJCQkgICAgc2MtPnNjX25hbWUsIChpbnRtYXhf
 dCljb3JzaXplLAogCQkJCQkgICAgKGludG1heF90KWNvcm9mZik7CiAJCQkJCWNvcm9mZiA9IC0x
 OwpAQCAtMjIxLDcgKzIyMSw3IEBACiAJCX0KIAkJLyogUmVwb3J0IHByZXZpb3VzIGNvcnJ1cHRp
 b24gaWYgdGhlcmUgd2FzIG9uZS4gKi8KIAkJaWYgKGNvcm9mZiAhPSAtMSkgewotCQkJR19FTElf
 REVCVUcoMCwgIiVzOiAlamQgYnl0ZXMgY29ycnVwdGVkIGF0IG9mZnNldCAlamQuIiwKKwkJCUdf
 RUxJX0RFQlVHKDAsICIlczogJWpkIGJ5dGVzIG5vdCBhdXRoZW50aWNhdGVkIGF0IG9mZnNldCAl
 amQuIiwKIAkJCSAgICBzYy0+c2NfbmFtZSwgKGludG1heF90KWNvcnNpemUsIChpbnRtYXhfdClj
 b3JvZmYpOwogCQl9CiAJfQo=
 --f46d0438927d50421904bed36c5e--
State-Changed-From-To: open->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Jun 26 04:34:17 UTC 2012 
State-Changed-Why:  
committed some time ago in r235201 r235419 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165695 
>Unformatted:
