dm verity: add support for forward error correction

Add support for correcting corrupted blocks using Reed-Solomon. This code uses RS(255, N) interleaved across data and hash blocks. Each error-correcting block covers N bytes evenly distributed across the combined total data, so that each byte is a maximum distance away from the others. This makes it possible to recover from several consecutive corrupted blocks with relatively small space overhead. In addition, using verity hashes to locate erasures nearly doubles the effectiveness of error correction. Being able to detect corrupted blocks also improves performance, because only corrupted blocks need to corrected. For a 2 GiB partition, RS(255, 253) (two parity bytes for each 253-byte block) can correct up to 16 MiB of consecutive corrupted blocks if erasures can be located, and 8 MiB if they cannot, with 16 MiB space overhead. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
author: Sami Tolvanen <samitolvanen@google.com> 2015-12-03 09:26:30 -0500
committer: Mike Snitzer <snitzer@redhat.com> 2015-12-10 10:39:03 -0500
commit: a739ff3f543afbb4a041c16cd0182c8e8d366e70 (patch)
tree: 2613a382283548a1b88e6f2ba589252312d05fff /Documentation/device-mapper
parent: bb4d73ac5e4f0a6c4853f35824f6cb2d396a2f9c (diff)
1 files changed, 33 insertions, 2 deletions
diff --git a/Documentation/device-mapper/verity.txt b/Documentation/device-mapper/verity.txt
index e15bc1a0fb98..d602c801ff59 100644
--- a/Documentation/device-mapper/verity.txt
+++ b/Documentation/device-mapper/verity.txt
@@ -18,11 +18,11 @@ Construction Parameters
    0 is the original format used in the Chromium OS.
      The salt is appended when hashing, digests are stored continuously and
-      the rest of the block is padded with zeros.
+      the rest of the block is padded with zeroes.
    1 is the current format that should be used for new devices.
      The salt is prepended when hashing and each digest is
-      padded with zeros to the power of two.
+      padded with zeroes to the power of two.
 <dev>
    This is the device containing data, the integrity of which needs to be
@@ -79,6 +79,32 @@ restart_on_corruption
    not compatible with ignore_corruption and requires user space support to
    avoid restart loops.
+use_fec_from_device <fec_dev>
+    Use forward error correction (FEC) to recover from corruption if hash
+    verification fails. Use encoding data from the specified device. This
+    may be the same device where data and hash blocks reside, in which case
+    fec_start must be outside data and hash areas.
+    If the encoding data covers additional metadata, it must be accessible
+    on the hash device after the hash blocks.
+    Note: block sizes for data and hash devices must match. Also, if the
+    verity <dev> is encrypted the <fec_dev> should be too.
+fec_roots <num>
+    Number of generator roots. This equals to the number of parity bytes in
+    the encoding data. For example, in RS(M, N) encoding, the number of roots
+    is M-N.
+fec_blocks <num>
+    The number of encoding data blocks on the FEC device. The block size for
+    the FEC device is <data_block_size>.
+fec_start <offset>
+    This is the offset, in <data_block_size> blocks, from the start of the
+    FEC device to the beginning of the encoding data.
 Theory of operation
 ===================
@@ -98,6 +124,11 @@ per-block basis. This allows for a lightweight hash computation on first read
 into the page cache. Block hashes are stored linearly, aligned to the nearest
 block size.
+If forward error correction (FEC) support is enabled any recovery of
+corrupted data will be verified using the cryptographic hash of the
+corresponding data. This is why combining error correction with
+integrity checking is essential.
 Hash Tree
 ---------
author	Sami Tolvanen <samitolvanen@google.com>	2015-12-03 09:26:30 -0500
committer	Mike Snitzer <snitzer@redhat.com>	2015-12-10 10:39:03 -0500
commit	a739ff3f543afbb4a041c16cd0182c8e8d366e70 (patch)
tree	2613a382283548a1b88e6f2ba589252312d05fff /Documentation/device-mapper
parent	bb4d73ac5e4f0a6c4853f35824f6cb2d396a2f9c (diff)

diff --git a/Documentation/device-mapper/verity.txt b/Documentation/device-mapper/verity.txt index e15bc1a0fb98..d602c801ff59 100644 --- a/Documentation/device-mapper/verity.txt +++ b/Documentation/device-mapper/verity.txt
@@ -18,11 +18,11 @@ Construction Parameters
18		18
19	0 is the original format used in the Chromium OS.	19	0 is the original format used in the Chromium OS.
20	The salt is appended when hashing, digests are stored continuously and	20	The salt is appended when hashing, digests are stored continuously and
21	the rest of the block is padded with zeros.	21	the rest of the block is padded with zeroes.
22		22
23	1 is the current format that should be used for new devices.	23	1 is the current format that should be used for new devices.
24	The salt is prepended when hashing and each digest is	24	The salt is prepended when hashing and each digest is
25	padded with zeros to the power of two.	25	padded with zeroes to the power of two.
26		26
27	<dev>	27	<dev>
28	This is the device containing data, the integrity of which needs to be	28	This is the device containing data, the integrity of which needs to be
@@ -79,6 +79,32 @@ restart_on_corruption
79	not compatible with ignore_corruption and requires user space support to	79	not compatible with ignore_corruption and requires user space support to
80	avoid restart loops.	80	avoid restart loops.
81		81
		82	use_fec_from_device <fec_dev>
		83	Use forward error correction (FEC) to recover from corruption if hash
		84	verification fails. Use encoding data from the specified device. This
		85	may be the same device where data and hash blocks reside, in which case
		86	fec_start must be outside data and hash areas.
		87
		88	If the encoding data covers additional metadata, it must be accessible
		89	on the hash device after the hash blocks.
		90
		91	Note: block sizes for data and hash devices must match. Also, if the
		92	verity <dev> is encrypted the <fec_dev> should be too.
		93
		94	fec_roots <num>
		95	Number of generator roots. This equals to the number of parity bytes in
		96	the encoding data. For example, in RS(M, N) encoding, the number of roots
		97	is M-N.
		98
		99	fec_blocks <num>
		100	The number of encoding data blocks on the FEC device. The block size for
		101	the FEC device is <data_block_size>.
		102
		103	fec_start <offset>
		104	This is the offset, in <data_block_size> blocks, from the start of the
		105	FEC device to the beginning of the encoding data.
		106
		107
82	Theory of operation	108	Theory of operation
83	===================	109	===================
84		110
@@ -98,6 +124,11 @@ per-block basis. This allows for a lightweight hash computation on first read
98	into the page cache. Block hashes are stored linearly, aligned to the nearest	124	into the page cache. Block hashes are stored linearly, aligned to the nearest
99	block size.	125	block size.
100		126
		127	If forward error correction (FEC) support is enabled any recovery of
		128	corrupted data will be verified using the cryptographic hash of the
		129	corresponding data. This is why combining error correction with
		130	integrity checking is essential.
		131
101	Hash Tree	132	Hash Tree
102	---------	133	---------
103		134