From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christoph Hellwig <hch@infradead.org>
Cc: Satya Tangirala <satyat@google.com>,
linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v5 3/9] block: blk-crypto for Inline Encryption
Date: Thu, 31 Oct 2019 16:50:45 -0400 [thread overview]
Message-ID: <20191031205045.GG16197@mit.edu> (raw)
In-Reply-To: <20191031175713.GA23601@infradead.org>
On Thu, Oct 31, 2019 at 10:57:13AM -0700, Christoph Hellwig wrote:
> On Mon, Oct 28, 2019 at 12:20:26AM -0700, Satya Tangirala wrote:
> > We introduce blk-crypto, which manages programming keyslots for struct
> > bios. With blk-crypto, filesystems only need to call bio_crypt_set_ctx with
> > the encryption key, algorithm and data_unit_num; they don't have to worry
> > about getting a keyslot for each encryption context, as blk-crypto handles
> > that. Blk-crypto also makes it possible for layered devices like device
> > mapper to make use of inline encryption hardware.
> >
> > Blk-crypto delegates crypto operations to inline encryption hardware when
> > available, and also contains a software fallback to the kernel crypto API.
> > For more details, refer to Documentation/block/inline-encryption.rst.
>
> Can you explain why we need this software fallback that basically just
> duplicates logic already in fscrypt? As far as I can tell this fallback
> logic actually is more code than the actual inline encryption, and nasty
> code at that, e.g. the whole crypt_iter thing.
One of the reasons I really want this is so I (as an upstream
maintainer of ext4 and fscrypt) can test the new code paths using
xfstests on GCE, without needing special pre-release hardware that has
the ICE support.
Yeah, I could probably get one of those dev boards internally at
Google, but they're a pain in the tuckus to use, and I'd much rather
be able to have my normal test infrastructure using gce-xfstests and
kvm-xfstests be able to test inline-crypto. So in terms of CI
testing, having the blk-crypto is really going to be helpful.
- Ted
WARNING: multiple messages have this Message-ID (diff)
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Satya Tangirala <satyat@google.com>
Subject: Re: [f2fs-dev] [PATCH v5 3/9] block: blk-crypto for Inline Encryption
Date: Thu, 31 Oct 2019 16:50:45 -0400 [thread overview]
Message-ID: <20191031205045.GG16197@mit.edu> (raw)
In-Reply-To: <20191031175713.GA23601@infradead.org>
On Thu, Oct 31, 2019 at 10:57:13AM -0700, Christoph Hellwig wrote:
> On Mon, Oct 28, 2019 at 12:20:26AM -0700, Satya Tangirala wrote:
> > We introduce blk-crypto, which manages programming keyslots for struct
> > bios. With blk-crypto, filesystems only need to call bio_crypt_set_ctx with
> > the encryption key, algorithm and data_unit_num; they don't have to worry
> > about getting a keyslot for each encryption context, as blk-crypto handles
> > that. Blk-crypto also makes it possible for layered devices like device
> > mapper to make use of inline encryption hardware.
> >
> > Blk-crypto delegates crypto operations to inline encryption hardware when
> > available, and also contains a software fallback to the kernel crypto API.
> > For more details, refer to Documentation/block/inline-encryption.rst.
>
> Can you explain why we need this software fallback that basically just
> duplicates logic already in fscrypt? As far as I can tell this fallback
> logic actually is more code than the actual inline encryption, and nasty
> code at that, e.g. the whole crypt_iter thing.
One of the reasons I really want this is so I (as an upstream
maintainer of ext4 and fscrypt) can test the new code paths using
xfstests on GCE, without needing special pre-release hardware that has
the ICE support.
Yeah, I could probably get one of those dev boards internally at
Google, but they're a pain in the tuckus to use, and I'd much rather
be able to have my normal test infrastructure using gce-xfstests and
kvm-xfstests be able to test inline-crypto. So in terms of CI
testing, having the blk-crypto is really going to be helpful.
- Ted
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-10-31 20:51 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 7:20 [PATCH v5 0/9] Inline Encryption Support Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-28 7:20 ` [PATCH v5 1/9] block: Keyslot Manager for Inline Encryption Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:04 ` Christoph Hellwig
2019-10-31 18:04 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 2/9] block: Add encryption context to struct bio Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:16 ` Christoph Hellwig
2019-10-31 18:16 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 3/9] block: blk-crypto for Inline Encryption Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 17:57 ` Christoph Hellwig
2019-10-31 17:57 ` [f2fs-dev] " Christoph Hellwig
2019-10-31 20:50 ` Theodore Y. Ts'o [this message]
2019-10-31 20:50 ` Theodore Y. Ts'o
2019-10-31 21:22 ` Christoph Hellwig
2019-10-31 21:22 ` [f2fs-dev] " Christoph Hellwig
2019-11-05 2:01 ` Eric Biggers
2019-11-05 2:01 ` [f2fs-dev] " Eric Biggers
2019-11-05 15:39 ` Christoph Hellwig
2019-11-05 15:39 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 4/9] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-28 7:20 ` [PATCH v5 5/9] scsi: ufs: UFS crypto API Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:23 ` Christoph Hellwig
2019-10-31 18:23 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 6/9] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:26 ` Christoph Hellwig
2019-10-31 18:26 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 7/9] fscrypt: add inline encryption support Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:32 ` Christoph Hellwig
2019-10-31 18:32 ` [f2fs-dev] " Christoph Hellwig
2019-10-31 20:21 ` Eric Biggers
2019-10-31 20:21 ` [f2fs-dev] " Eric Biggers
2019-10-31 21:21 ` Christoph Hellwig
2019-10-31 21:21 ` [f2fs-dev] " Christoph Hellwig
2019-10-31 22:25 ` Eric Biggers
2019-10-31 22:25 ` [f2fs-dev] " Eric Biggers
2019-11-05 0:15 ` Christoph Hellwig
2019-11-05 0:15 ` [f2fs-dev] " Christoph Hellwig
2019-11-05 1:03 ` Eric Biggers
2019-11-05 1:03 ` [f2fs-dev] " Eric Biggers
2019-11-05 3:12 ` Eric Biggers
2019-11-05 3:12 ` [f2fs-dev] " Eric Biggers
2019-10-28 7:20 ` [PATCH v5 8/9] f2fs: " Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 17:14 ` Jaegeuk Kim
2019-10-31 17:14 ` [f2fs-dev] " Jaegeuk Kim
2019-10-28 7:20 ` [PATCH v5 9/9] ext4: " Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191031205045.GG16197@mit.edu \
--to=tytso@mit.edu \
--cc=bmuthuku@qti.qualcomm.com \
--cc=boojin.kim@samsung.com \
--cc=hch@infradead.org \
--cc=kuohong.wang@mediatek.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.