On Wed, Feb 11, 2026 at 02:29:28PM -0800, Sami Tolvanen wrote: > Hi Eric, > > On Thu, Feb 5, 2026 at 9:01 PM Eric Biggers <[email protected]> wrote: > > > > This series applies to linux-dm/for-next. It can also be retrieved from: > > > > git fetch > > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git > > dm-verity-fec-2026-02-05 > > > > Patches 1-5 fix bugs in dm-verity's forward error correction (FEC): > > > > - FEC and hash devices that are too small were not rejected. > > > > - Corrected blocks could be multiple-counted in statistics. > > > > - The erasures array was significantly oversized for its use case. > > > > - An out-of-bounds read could occur when decoding an RS codeword whose > > parity bytes span a block boundary. > > Thanks for the fixes, these look correct to me. It would be nice to > have tests for the edge cases though. Perhaps in the > verity-compat-test script that's included in the cryptsetup repo? > > > Patches 6-22 clean up the FEC implementation to be easier to understand > > and improve documentation and log messages. > > The clean-ups also look reasonable. For the series: > > Reviewed-by: Sami Tolvanen <[email protected]> > > Sami
"FEC and hash devices that are too small were not rejected" should be fairly straightforward to test. Testing "Corrected blocks could be multiple-counted in statistics" and "An out-of-bounds read could occur when decoding an RS codeword whose parity bytes span a block boundary" would require injecting kmalloc failures. It might be possible using the fault injection framework. "The erasures array was significantly oversized for its use case" just changes the size of an internal structure. Not testable from userspace. Unfortunately the verity-compat-test script isn't in very good shape. I opened a pull request to clean it up: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/890 After that I'll add test cases for at least the "FEC and hash devices that are too small were not rejected" bug. I noticed verity-compat-test also never tests fec_roots != 2, even though it contains code that seems to have been intended to. So I'll plan to fix that too, though unless we're able to add fault injection too it won't specifically cover the bug fixed by this series. Anyway, point is, I'm indeed working on improving the test script. I think these patches can be applied for 7.1 either way though. - Eric
