From owner-freebsd-stable@freebsd.org  Thu Feb  9 14:51:57 2017
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6B6CCD6747
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Thu,  9 Feb 2017 14:51:57 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 82BD5D32
 for <freebsd-stable@freebsd.org>; Thu,  9 Feb 2017 14:51:57 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from amavis-ori.ijs.si (localhost [IPv6:::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.ijs.si (Postfix) with ESMTPS id 3vK1Hp3SZRz1RH
 for <freebsd-stable@freebsd.org>; Thu,  9 Feb 2017 15:51:50 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h=
 user-agent:message-id:organization:subject:subject:from:from
 :date:date:content-transfer-encoding:content-type:content-type
 :mime-version:received:received:received:received; s=jakla4; t=
 1486651906; x=1489243907; bh=soBkK6gkKd8savOyAOCCTwdBscBhPgBf3mf
 YbeJ/Y+g=; b=YZ/K1efX9mxh3WHcVGzVTVdkL8nPXjsBY7e1p/+BYwE6kIxNXXd
 RQWozCIv/l3msQeNqsjnrX2+Qg2IwQCbm0Q1aj2gS5RztEI1HymO76YZAXJE+P2m
 FsO1QAwQBqpWGzRV5eQOT56chu63HCVf3r5nMuEnIiQNKTWAOMnGw1S0=
X-Virus-Scanned: amavisd-new at ijs.si
Received: from mail.ijs.si ([IPv6:::1])
 by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026)
 with LMTP id 4W4nGwRJStO6 for <freebsd-stable@freebsd.org>;
 Thu,  9 Feb 2017 15:51:46 +0100 (CET)
Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
 by mail.ijs.si (Postfix) with ESMTP id 3vK1Hf1C9mz1R6
 for <freebsd-stable@freebsd.org>; Thu,  9 Feb 2017 15:51:42 +0100 (CET)
Received: from nabiralnik.ijs.si (nabiralnik.ijs.si
 [IPv6:2001:1470:ff80::80:16])
 by mildred.ijs.si (Postfix) with ESMTP id 3vK1Hf0MVZzcC
 for <freebsd-stable@freebsd.org>; Thu,  9 Feb 2017 15:51:42 +0100 (CET)
Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91)
 by webmail.ijs.si
 with HTTP (HTTP/1.1 POST); Thu, 09 Feb 2017 15:51:42 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 09 Feb 2017 15:51:42 +0100
From: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To: freebsd-stable@freebsd.org
Subject: GELI with integrity verification on swap
Organization: Jozef Stefan Institute
Message-ID: <76025e5011614a74cffeae62394a7cd4@ijs.si>
X-Sender: Mark.Martinec+freebsd@ijs.si
User-Agent: Roundcube Webmail/1.2.3
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 14:51:57 -0000

After experiencing an unexplained restart on one host (11.0-RELEASE-p7),
which could be tied to a problem with a swap device (swap on a dedicated
gpt partition), I'm investigating options for adding some checksuming
to swap storage.

I understand that swap on ZFS is not a way to go, and that a gmirror
does not provide any checksuming on data, it seems to me the only
option is to use GELI with integrity verification (authentication)
enabled (aalgo).

Following advice in
   
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html
I ended up with the following in /etc/fstab (on a different host, same 
OS):

   /dev/gpt/sw1.eli none swap sw,sectorsize=4096,aalgo=HMAC/SHA256 0 0
   /dev/gpt/sw2.eli none swap sw,sectorsize=4096,aalgo=HMAC/SHA256 0 0

which seems to work fine, but spawns some questions:


1) On the first manual reboot after adding the above options,
there was a kernel panic. Subsequent reboot(s) were successful.
Is there any known problem with using integrity verification
on GELI for swap?


2) During boot the log shows a short flurry of messages like:

kernel: GEOM_ELI: Device gpt/sw1.eli created.
kernel: GEOM_ELI: Encryption: AES-XTS 128
kernel: GEOM_ELI:  Integrity: HMAC/SHA256
kernel: GEOM_ELI:     Crypto: software
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 16384 bytes of 
data at offset 11452985344.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453235200.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453239296.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453239296.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453239296.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453235200.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 4096.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 0.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 4096 bytes of data 
at offset 11453239296.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data 
at offset 65536.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data 
at offset 8192.
kernel: GEOM_ELI: gpt/sw1.eli: Failed to authenticate 8192 bytes of data 
at offset 0.

which, according to geli(8) man page, could be normal, as these blocks 
were never
written to beforehand and contain random stuff. As the geli swap device 
is
supposed to be ephemeral (Flags: ONETIME, W-DETACH, AUTH, W-OPEN), there 
is
no way to initialize blocks on a swap device on boot. So, are these 
messages
really safe to be ignored?

Which brings us another, perhaps more important question: what business 
does
a kernel has to do READING from a swap device, blocks which never have 
been
written to before by this incarnation of the kernel???


3) Considering that the underlying device is a 4k sectored device, and
that HMAC/SHA256 takes some space (like 11%) on its own, what does it 
mean
that the provider (gpt/sw1.eli) as well as the consumer (gpt/sw1)
both show sector size 4096 ? Does that mean that all 4k alignment 
efforts
are wasted when one enables integrity verification on GELI?

   Geom name: gpt/sw1.eli
   State: ACTIVE
   EncryptionAlgorithm: AES-XTS
   KeyLength: 128
   AuthenticationAlgorithm: HMAC/SHA256
   Crypto: software
   Version: 7
   Flags: ONETIME, W-DETACH, AUTH, W-OPEN
   KeysAllocated: 24
   KeysTotal: 24
   Providers:
   1. Name: gpt/sw1.eli
      Mediasize: 11453243392 (11G)
      Sectorsize: 4096
      Mode: r1w1e0
   Consumers:
   1. Name: gpt/sw1
      Mediasize: 12884901888 (12G)
      Sectorsize: 512
      Stripesize: 4096
      Stripeoffset: 0
      Mode: r1w1e1


Mark