Re: gbde and geli on 6.2
Chris wrote: Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. I wonder if this is a problem in 5.4? I'm using 3x300G (separate partitions) on my 5.4 box for a year now, no problems, one of them is full. I'm preparing to update to 6.2 so this could put a big damper on that... -- br, Tommi ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
Tommi Lätti wrote: Chris wrote: Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. I wonder if this is a problem in 5.4? I'm using 3x300G (separate partitions) on my 5.4 box for a year now, no problems, one of them is full. I'm preparing to update to 6.2 so this could put a big damper on that... This is unrelated to the discussed problem, but there was some gotcha that was related to moving from 5.4 to 6.something when using gbde. IIRC it came to effect if you did not use the standard number of keys, but used only one. But it's some time I updated and I don't remember the exact details. Cheers, Tobias ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
On 27/09/2007, Roland Smith [EMAIL PROTECTED] wrote: On Thu, Sep 27, 2007 at 07:35:28PM +0100, Chris wrote: However I seen this in geli within an hour of using it. GEOM_ELI: Crypto WRITE request failed (error=1). ad6s1c.eli[WRITE(offset=0, length=131072)] I've been running a GELI encrypted /home partition on 6.2-STABLE amd64 for months without problems. I've had trouble with GELI on usb harddisks, but that seems to be related to the USB/ATAPI controller. As I said no dma errors or any hd related errors of any sort with encyrption turned off. How big are your drives? I have two 160GB SATA150 drives in a mirrored configuration (VIA Tech V-RAID RAID1). The encrypted partition is 120GB. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) In that case the partition is too small if the problem is what we think it is. Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
On Wed, Sep 26, 2007 at 11:09:22PM +0100, Chris wrote: Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. http://lists.freebsd.org/pipermail/freebsd-geom/2007-August/002524.html I suffered this problem error example below. Usage at the time was approx 150gig when I first noticed it. g_vfs_done():ad6s1c.bde[WRITE(offset=493964558336, length=131072)]error = 1 After reading about this problem on a few diff hits (all with no response on fixes) I tried geli. However I seen this in geli within an hour of using it. GEOM_ELI: Crypto WRITE request failed (error=1). ad6s1c.eli[WRITE(offset=0, length=131072)] I've been running a GELI encrypted /home partition on 6.2-STABLE amd64 for months without problems. I've had trouble with GELI on usb harddisks, but that seems to be related to the USB/ATAPI controller. The message seems to come from /usr/src/sys/geom/eli/g_eli_integrity.c, in the function g_eli_auth_write_done. But for a more detailed analysys, you'd have to set kern.geom.eli.debug to 3, and see what else pops up. The headers indicate that the error number is used according to errno.h, which lists 1 as being Operation not permitted. Both GELI and GBDE fail with the same length of request. So the error might depend on the underlaying code in the kernel (bio* functions). Are you sure that the disk and controller are working properly? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpAxT4YeDmFk.pgp Description: PGP signature
Re: gbde and geli on 6.2
On 27/09/2007, Roland Smith [EMAIL PROTECTED] wrote: On Wed, Sep 26, 2007 at 11:09:22PM +0100, Chris wrote: Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. http://lists.freebsd.org/pipermail/freebsd-geom/2007-August/002524.html I suffered this problem error example below. Usage at the time was approx 150gig when I first noticed it. g_vfs_done():ad6s1c.bde[WRITE(offset=493964558336, length=131072)]error = 1 After reading about this problem on a few diff hits (all with no response on fixes) I tried geli. However I seen this in geli within an hour of using it. GEOM_ELI: Crypto WRITE request failed (error=1). ad6s1c.eli[WRITE(offset=0, length=131072)] I've been running a GELI encrypted /home partition on 6.2-STABLE amd64 for months without problems. I've had trouble with GELI on usb harddisks, but that seems to be related to the USB/ATAPI controller. The message seems to come from /usr/src/sys/geom/eli/g_eli_integrity.c, in the function g_eli_auth_write_done. But for a more detailed analysys, you'd have to set kern.geom.eli.debug to 3, and see what else pops up. The headers indicate that the error number is used according to errno.h, which lists 1 as being Operation not permitted. Both GELI and GBDE fail with the same length of request. So the error might depend on the underlaying code in the kernel (bio* functions). Are you sure that the disk and controller are working properly? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) As I said no dma errors or any hd related errors of any sort with encyrption turned off. How big are your drives? Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
On Thu, Sep 27, 2007 at 07:35:28PM +0100, Chris wrote: However I seen this in geli within an hour of using it. GEOM_ELI: Crypto WRITE request failed (error=1). ad6s1c.eli[WRITE(offset=0, length=131072)] I've been running a GELI encrypted /home partition on 6.2-STABLE amd64 for months without problems. I've had trouble with GELI on usb harddisks, but that seems to be related to the USB/ATAPI controller. As I said no dma errors or any hd related errors of any sort with encyrption turned off. How big are your drives? I have two 160GB SATA150 drives in a mirrored configuration (VIA Tech V-RAID RAID1). The encrypted partition is 120GB. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp4tOmaoNd3v.pgp Description: PGP signature
gbde and geli on 6.2
Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. http://lists.freebsd.org/pipermail/freebsd-geom/2007-August/002524.html I suffered this problem error example below. Usage at the time was approx 150gig when I first noticed it. g_vfs_done():ad6s1c.bde[WRITE(offset=493964558336, length=131072)]error = 1 After reading about this problem on a few diff hits (all with no response on fixes) I tried geli. However I seen this in geli within an hour of using it. GEOM_ELI: Crypto WRITE request failed (error=1). ad6s1c.eli[WRITE(offset=0, length=131072)] couldnt really found much info on it so I have given up on freebsd encryption for now and using the disk unencrypted. No dma errors etc. all running fine. I expect the gbde is a problem and would like it to come with some warning as a modern drive is now often larger then the lba48 limit whilst I am unsure of geli as I couldnt really found much information on the problem I had so I understand its possible I had set something incorrectly although I followed the handbooks guidelines. The data itself was actually written and not corrupt but the server did crash whilst was in use occasionally so needed reboots which is no good for a production server. Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
Chris wrote:
Hi I am concerned about the availabilities of these encryptions in
freebsd releases that are marked stable.
It seems gbde has a problem when the the data written goes over the
lba boundary around lba48.
Could you please test the attached patch to /usr/src/sys/dev/ata/ata-all.c ?
I believe this may be due to the error in the underlying ata driver
rather than specifically to do with encryption.
As a side note - Soren, could we get this commited to both -current and
-stable if there aren't any significant objections?
Michael
*** ata-all.c~ Thu Aug 30 17:23:15 2007
--- ata-all.c Thu Aug 30 17:23:15 2007
***
*** 743,749
atadev-flags = ~ATA_D_48BIT_ACTIVE;
! if ((request-u.ata.lba = ATA_MAX_28BIT_LBA ||
request-u.ata.count 256)
atadev-param.support.command2 ATA_SUPPORT_ADDRESS48) {
--- 743,749
atadev-flags = ~ATA_D_48BIT_ACTIVE;
! if (((request-u.ata.lba + request-u.ata.count) = ATA_MAX_28BIT_LBA ||
request-u.ata.count 256)
atadev-param.support.command2 ATA_SUPPORT_ADDRESS48) {
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gbde and geli on 6.2
On 26/09/2007, Michael Butler [EMAIL PROTECTED] wrote: Chris wrote: Hi I am concerned about the availabilities of these encryptions in freebsd releases that are marked stable. It seems gbde has a problem when the the data written goes over the lba boundary around lba48. Could you please test the attached patch to /usr/src/sys/dev/ata/ata-all.c ? I believe this may be due to the error in the underlying ata driver rather than specifically to do with encryption. As a side note - Soren, could we get this commited to both -current and -stable if there aren't any significant objections? Michael yep I further read the link I posted and apologise I seen bad ata was mentioned. I will test on a local machine as I cant test that production machine again, as I understand it I just need to use a large hd greater then lba48? Thanks Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
