Ubuntu
linux package

"dm-verity: Invalid number of feature arg" with FEC due to "# CONFIG_DM_VERITY_FEC is not set"

Bug #1838844 reported by TJ
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

On an 18.04 amd64 system dm-verity reports:

device-mapper: table: 253:20: verity: Invalid number of feature args
device-mapper: ioctl: error adding target to table

when trying to use "veritysetup" to create a previously formatted verity device that uses FEC. Without FEC it succeeds.

After writing this report I thought to check the kernel compilation options and discovered the cause:

$ sudo grep VERITY /boot/config-$(uname -r)
CONFIG_DM_VERITY=m
# CONFIG_DM_VERITY_FEC is not set

It would be very useful to enable this unless there's a specific reason not to.

I'm working (with the Lubuntu team) on introducing verity/FEC for the live-build tooling so that all Ubuntu ISO images can have integral verification with FEC available.

--- additional data ---

$ uname -r
4.15.0-56-lowlatency

$ sudo dmsetup targets | grep verity
verity v1.3.0

$ lsmod | grep verity
dm_verity 20480 0
dm_bufio 28672 1 dm_verity

$ modinfo dm-verity
filename: /lib/modules/4.15.0-56-lowlatency/kernel/drivers/md/dm-verity.ko
...
depends: dm-bufio
retpoline: Y
intree: Y
name: dm_verity
vermagic: 4.15.0-56-lowlatency SMP preempt mod_unload
signat: PKCS#7
...
sig_hashalgo: md4
parm: prefetch_cluster:uint

$ sudo losetup /dev/loop3 Downloads/lubuntu-desktop-amd64.1910.iso
$ sudo mkdir -p /mnt/live/verity
$ sudo veritysetup format --fec-device=/mnt/live/verity/iso-fec.verity /dev/loop3 /mnt/live/verity/iso-hash.verity
VERITY header information for /mnt/live/verity/iso-hash.verity
UUID: fa07efe8-e4a6-4968-abce-779f2d5674ce
Hash type: 1
Data blocks: 412080
Data block size: 4096
Hash block size: 4096 Hash algorithm: sha256
Salt: fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b
Root hash: 500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931

$ ls -la /mnt/live/verity/
total 26136
drwxr-xr-x 2 root root 4096 Aug 3 13:21 .
drwxr-xr-x 5 root root 4096 Aug 3 13:19 ..
-rw------- 1 root root 13451264 Aug 3 13:23 iso-fec.verity
-rw------- 1 root root 13303808 Aug 3 13:23 iso-hash.verity

Using strace I'm able to capture the table definition veritysetup is trying to use:

$ sudo strace -v -s 256 -f -o /tmp/veritysetup.strace veritysetup -v --fec-device=/mnt/live/verity/iso-fec.verity create live-iso /
dev/loop3 /mnt/live/verity/iso-hash.verity 500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931
device-mapper: reload ioctl on failed: Invalid argument
Command failed with code -1 (wrong or missing parameters).

28809 ioctl(5, DM_DEV_CREATE, {version=4.0.0, data_size=16384, name="live-iso", uuid="CRYPT-VERITY-fa07efe8e4a64968abce779f2d5674ce-live-iso
", flags=DM_EXISTS_FLAG} => {version=4.37.0, data_size=305, dev=makedev(253, 20), name="live-iso", uuid="CRYPT-VERITY-fa07efe8e4a64968abce77
9f2d5674ce-live-iso", target_count=0, open_count=0, event_nr=0, flags=DM_EXISTS_FLAG}) = 0

28809 ioctl(5, DM_TABLE_LOAD, {version=4.0.0, data_size=16384, data_start=312, name="live-iso", target_count=1, flags=DM_READONLY_FLAG|DM_EX
ISTS_FLAG|DM_SECURE_DATA_FLAG, {sector_start=0, length=3296640, target_type="verity", string="1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256 500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931 fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8 use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots 2"}}, 0x560977ffe210) = -1 EINVAL (Invalid argument)

So the table is:

1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256 500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931 fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8 use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots 2

Manually attempting the command also fails (/dev/loop3 remains):

$ SIZE=$(blockdev --getsz /dev/loop3)
$ sudo losetup /dev/loop4 /mnt/live/verity/iso-hash.verity
$ sudo losetup /dev/loop5 /mnt/live/verity/iso-fec.verity

$ sudo dmsetup -vv create live-iso -r --table "0 $SIZE verity 1 /dev/loop3 /dev/loop4 4096 4096 412080 1 sha256 500f659e52b62e0efabe1eae2b2fac34c12522acc372e80e5d375be252c51931 fa93e8fdeb55acf548adf8812d6748c789b620c22338579def0bc01e65726a7b 8 use_fec_from_device /dev/loop5 fec_start 0 fec_blocks 415327 fec_roots 2"

dm version [ opencount flush ] [16384] (*1)
Udev cookie 0xd4d119f (semid 819203) created
Udev cookie 0xd4d119f (semid 819203) incremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK (0x20)
dm create live-iso [ opencount flush ] [16384] (*1)
dm reload live-iso [ opencount flush readonly ] [16384] (*1)
device-mapper: reload ioctl on live-iso failed: Invalid argument
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) incremented to 2
Udev cookie 0xd4d119f (semid 819203) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK (0x20)
dm remove live-iso [ opencount flush readonly ] [16384] (*1)
<backtrace>
Udev cookie 0xd4d119f (semid 819203) decremented to 1
Udev cookie 0xd4d119f (semid 819203) waiting for zero
Udev cookie 0xd4d119f (semid 819203) destroyed
Command failed
<backtrace>

See original description
Tags: bionic
TJ (tj)
description: updated
TJ (tj)
description: updated
TJ (tj)
summary: - dm-verity: Invalid number of feature args
+ "dm-verity: Invalid number of feature arg" with FEC due to "#
+ CONFIG_DM_VERITY_FEC is not set"
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1838844

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bionic
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Dmitry Nezhevenko (dmitry.nezhevenko) wrote :

It would be cool to have it enabled by default.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.