From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 4/5] verify: also check chunk CryptMode
Date: Mon, 10 Aug 2020 13:25:08 +0200 [thread overview]
Message-ID: <20200810112509.70129-6-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20200810112509.70129-1-f.gruenbichler@proxmox.com>
and in-line verify_stored_chunk to avoid double-loading each chunk.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
not 100% happy with this
src/backup/datastore.rs | 6 ------
src/backup/verify.rs | 36 +++++++++++++++++++++++++++++++++---
2 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/src/backup/datastore.rs b/src/backup/datastore.rs
index 5b6075ec..afdff224 100644
--- a/src/backup/datastore.rs
+++ b/src/backup/datastore.rs
@@ -551,12 +551,6 @@ impl DataStore {
self.chunk_store.insert_chunk(chunk, digest)
}
- pub fn verify_stored_chunk(&self, digest: &[u8; 32], expected_chunk_size: u64) -> Result<(), Error> {
- let blob = self.load_chunk(digest)?;
- blob.verify_unencrypted(expected_chunk_size as usize, digest)?;
- Ok(())
- }
-
pub fn load_blob(&self, backup_dir: &BackupDir, filename: &str) -> Result<DataBlob, Error> {
let mut path = self.base_path();
path.push(backup_dir.relative_path());
diff --git a/src/backup/verify.rs b/src/backup/verify.rs
index ec47534c..fa2f0aa5 100644
--- a/src/backup/verify.rs
+++ b/src/backup/verify.rs
@@ -40,6 +40,7 @@ fn verify_index_chunks(
index: Box<dyn IndexFile>,
verified_chunks: &mut HashSet<[u8;32]>,
corrupt_chunks: &mut HashSet<[u8; 32]>,
+ crypt_mode: CryptMode,
worker: &WorkerTask,
) -> Result<(), Error> {
@@ -51,9 +52,38 @@ fn verify_index_chunks(
let info = index.chunk_info(pos).unwrap();
let size = info.range.end - info.range.start;
+ let chunk = match datastore.load_chunk(&info.digest) {
+ Err(err) => {
+ corrupt_chunks.insert(info.digest);
+ worker.log(format!("can't verify chunk, load failed - {}", err));
+ errors += 1;
+ continue;
+ },
+ Ok(chunk) => chunk,
+ };
+
+ let chunk_crypt_mode = match chunk.crypt_mode() {
+ Err(err) => {
+ corrupt_chunks.insert(info.digest);
+ worker.log(format!("can't verify chunk, unknown CryptMode - {}", err));
+ errors += 1;
+ continue;
+ },
+ Ok(mode) => mode,
+ };
+
+ if chunk_crypt_mode != crypt_mode {
+ worker.log(format!(
+ "chunk CryptMode {:?} does not match index CryptMode {:?}",
+ chunk_crypt_mode,
+ crypt_mode
+ ));
+ errors += 1;
+ }
+
if !verified_chunks.contains(&info.digest) {
if !corrupt_chunks.contains(&info.digest) {
- if let Err(err) = datastore.verify_stored_chunk(&info.digest, size) {
+ if let Err(err) = chunk.verify_unencrypted(size as usize, &info.digest) {
corrupt_chunks.insert(info.digest);
worker.log(format!("{}", err));
errors += 1;
@@ -98,7 +128,7 @@ fn verify_fixed_index(
bail!("wrong index checksum");
}
- verify_index_chunks(datastore, Box::new(index), verified_chunks, corrupt_chunks, worker)
+ verify_index_chunks(datastore, Box::new(index), verified_chunks, corrupt_chunks, info.chunk_crypt_mode(), worker)
}
fn verify_dynamic_index(
@@ -124,7 +154,7 @@ fn verify_dynamic_index(
bail!("wrong index checksum");
}
- verify_index_chunks(datastore, Box::new(index), verified_chunks, corrupt_chunks, worker)
+ verify_index_chunks(datastore, Box::new(index), verified_chunks, corrupt_chunks, info.chunk_crypt_mode(), worker)
}
/// Verify a single backup snapshot
--
2.20.1
next prev parent reply other threads:[~2020-08-10 11:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-10 11:25 [pbs-devel] [PATCH proxmox-backup(-qemu) 0/6] various crpyo/digest enhancements Fabian Grünbichler
2020-08-10 11:25 ` [pbs-devel] [PATCH proxmox-backup-qemu] adapt to chunk reader changes Fabian Grünbichler
2020-08-10 15:13 ` Stefan Reiter
2020-08-11 7:53 ` Fabian Grünbichler
2020-08-11 8:07 ` Stefan Reiter
2020-08-11 8:55 ` [pbs-devel] applied: " Dietmar Maurer
2020-08-10 11:25 ` [pbs-devel] [PATCH proxmox-backup 1/5] datastore api: only decode unencrypted indices Fabian Grünbichler
2020-08-11 7:57 ` [pbs-devel] applied: " Dietmar Maurer
2020-08-10 11:25 ` [pbs-devel] [PATCH proxmox-backup 2/5] datastore api: verify blob/index csum from manifest Fabian Grünbichler
2020-08-10 11:25 ` [pbs-devel] [PATCH proxmox-backup 3/5] chunk readers: ensure chunk/index CryptMode matches Fabian Grünbichler
2020-08-10 11:25 ` Fabian Grünbichler [this message]
2020-08-10 11:25 ` [pbs-devel] [RFC proxmox-backup 5/5] mark signed manifests as such Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200810112509.70129-6-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox