On Mon, 27 Nov 2017 09:06:12 +0100 Daniel Pocock <dan...@pocock.pro> wrote:
> Hi all, > > The FAQ has a couple of sections on encryption (general and dm-crypt) > > One thing that isn't explained there: if you create multiple encrypted > volumes (e.g. using dm-crypt) and use Btrfs to combine them into > RAID1, how does error recovery work when a read operation returns > corrupted data? > > Without encryption, reading from one disk would give a checksum > mismatch and Btrfs would read from the other disk to (hopefully) get > a good copy of the data. > > With this encryption scenario, the failure would potentially be > detected in the decryption layer code and instead of returning bad > data to Btrfs, it would return some error code. In that case, will > Btrfs attempt to read from the other volume and allow the application > to proceed as if nothing was wrong? > > Regards, > > Daniel Default (aes-xts-plain64) dm-crypt setup can't verify integrity of encrypted block and in case of silent corruption will decrypt it to garbage which btrfs will catch. In case of AEAD encryption (dm-crypt plus dm-integrity) it can verify integrity itself but I'm not sure right now which exact error it returns to upper layer as I didn't used it yet. I use btrfs raid1 on top of LVM on top of dm-crypt devices and it handled bad blocks on physical devices normally (there was a burst of about 900 reallocates on one device which btrfs caught and fixed). -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html