"dm-verity: Invalid number of feature arg" with FEC due to "# CONFIG_DM_VERITY_FEC is not set"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
On an 18.04 amd64 system dm-verity reports:
device-mapper: table: 253:20: verity: Invalid number of feature args
device-mapper: ioctl: error adding target to table
when trying to use "veritysetup" to create a previously formatted verity device that uses FEC. Without FEC it succeeds.
After writing this report I thought to check the kernel compilation options and discovered the cause:
$ sudo grep VERITY /boot/config-
CONFIG_DM_VERITY=m
# CONFIG_
It would be very useful to enable this unless there's a specific reason not to.
I'm working (with the Lubuntu team) on introducing verity/FEC for the live-build tooling so that all Ubuntu ISO images can have integral verification with FEC available.
--- additional data ---
$ uname -r
4.15.0-
$ sudo dmsetup targets | grep verity
verity v1.3.0
$ lsmod | grep verity
dm_verity 20480 0
dm_bufio 28672 1 dm_verity
$ modinfo dm-verity
filename: /lib/modules/
...
depends: dm-bufio
retpoline: Y
intree: Y
name: dm_verity
vermagic: 4.15.0-
signat: PKCS#7
...
sig_hashalgo: md4
parm: prefetch_
$ sudo losetup /dev/loop3 Downloads/
$ sudo mkdir -p /mnt/live/verity
$ sudo veritysetup format --fec-device=
VERITY header information for /mnt/live/
UUID: fa07efe8-
Hash type: 1
Data blocks: 412080
Data block size: 4096
Hash block size: 4096 Hash algorithm: sha256
Salt: fa93e8fdeb55acf
Root hash: 500f659e52b62e0
$ ls -la /mnt/live/verity/
total 26136
drwxr-xr-x 2 root root 4096 Aug 3 13:21 .
drwxr-xr-x 5 root root 4096 Aug 3 13:19 ..
-rw------- 1 root root 13451264 Aug 3 13:23 iso-fec.verity
-rw------- 1 root root 13303808 Aug 3 13:23 iso-hash.verity
Using strace I'm able to capture the table definition veritysetup is trying to use:
$ sudo strace -v -s 256 -f -o /tmp/veritysetu
dev/loop3 /mnt/live/
device-mapper: reload ioctl on failed: Invalid argument
Command failed with code -1 (wrong or missing parameters).
28809 ioctl(5, DM_DEV_CREATE, {version=4.0.0, data_size=16384, name="live-iso", uuid="CRYPT-
", flags=DM_
9f2d5674ce-
28809 ioctl(5, DM_TABLE_LOAD, {version=4.0.0, data_size=16384, data_start=312, name="live-iso", target_count=1, flags=DM_
ISTS_FLAG|
So the table is:
1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256 500f659e52b62e0
Manually attempting the command also fails (/dev/loop3 remains):
$ SIZE=$(blockdev --getsz /dev/loop3)
$ sudo losetup /dev/loop4 /mnt/live/
$ sudo losetup /dev/loop5 /mnt/live/
$ sudo dmsetup -vv create live-iso -r --table "0 $SIZE verity 1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256 500f659e52b62e0
dm version [ opencount flush ] [16384] (*1)
Udev cookie 0xd4d119f (semid 819203) created
Udev cookie 0xd4d119f (semid 819203) incremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to CREATE task(0) with flags DISABLE_
dm create live-iso [ opencount flush ] [16384] (*1)
dm reload live-iso [ opencount flush readonly ] [16384] (*1)
device-mapper: reload ioctl on live-iso failed: Invalid argument
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to REMOVE task(2) with flags DISABLE_
dm remove live-iso [ opencount flush readonly ] [16384] (*1)
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) waiting for zero
Udev cookie 0xd4d119f (semid 819203) destroyed
Command failed
<backtrace>
description: | updated |
description: | updated |
summary: |
- dm-verity: Invalid number of feature args + "dm-verity: Invalid number of feature arg" with FEC due to "# + CONFIG_DM_VERITY_FEC is not set" |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1838844
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.