From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEE09C35DF9 for ; Thu, 27 Feb 2020 19:25:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9920A2469D for ; Thu, 27 Feb 2020 19:25:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582831548; bh=kGU0a0I3IvKdb4w1iUhQ37ywQbN9rjfpMR5iKdjutug=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=RMQEE2p37slY7aMlP2qc+tXmItATJLjrloahsIGEt2YXzpyj0Py2Ggvk5NtMDvF+b X4Eqxo2zJ8t3/jPiDkyCINNqNolQiw+cQRlpmRVS+fCxC2i2IJLBHlm9a9kpdRmwLl 8+MXl1Pk1MN4eOSuqB5cWEqTIWk5lG3qqd4g8Sg0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729611AbgB0TZr (ORCPT ); Thu, 27 Feb 2020 14:25:47 -0500 Received: from mail.kernel.org ([198.145.29.99]:47938 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727159AbgB0TZq (ORCPT ); Thu, 27 Feb 2020 14:25:46 -0500 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D6ADC24691; Thu, 27 Feb 2020 19:25:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582831546; bh=kGU0a0I3IvKdb4w1iUhQ37ywQbN9rjfpMR5iKdjutug=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=V3StYee0L66BoNn9KcVM2tPtSK3paFsNrIKznwTf8CK9KxeFhi3ZH/ln7EP5hXIAr HAUNj01Ixcs9roRcSoN5rmOMIs2EkSno4j81M0pJkUBY7UL2ArRgnsY8mn83Xw51Q9 aQsDsd891ZxVxCj7opcQJOBy1jaEwhuOgnfsz6oI= Date: Thu, 27 Feb 2020 11:25:44 -0800 From: Eric Biggers To: Satya Tangirala Cc: linux-block@vger.kernel.org, linux-scsi@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, Barani Muthukumaran , Kuohong Wang , Kim Boojin Subject: Re: [PATCH v7 3/9] block: blk-crypto-fallback for Inline Encryption Message-ID: <20200227192544.GE877@sol.localdomain> References: <20200221115050.238976-1-satyat@google.com> <20200221115050.238976-4-satyat@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200221115050.238976-4-satyat@google.com> Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org On Fri, Feb 21, 2020 at 03:50:44AM -0800, Satya Tangirala wrote: > Blk-crypto delegates crypto operations to inline encryption hardware when > available. The separately configurable blk-crypto-fallback contains a > software fallback to the kernel crypto API - when enabled, blk-crypto > will use this fallback for en/decryption when inline encryption hardware is > not available. This lets upper layers not have to worry about whether or > not the underlying device has support for inline encryption before > deciding to specify an encryption context for a bio, and also allows for > testing without actual inline encryption hardware. For more details, refer > to Documentation/block/inline-encryption.rst. > > Signed-off-by: Satya Tangirala In v7, only blk_mq_make_request() actually calls blk_crypto_bio_prep(). That will make the crypto contexts be silently ignored (no fallback) if q->make_request_fn != blk_mq_make_request. In recent kernels that *hopefully* won't matter in practice since almost everyone is using blk_mq_make_request. But it still seems like a poor design. First, it's super important that if someone requests encryption, then they either get it or get an error; it should *never* be silently ignored. Second, part of the goal of blk-crypto-fallback is that it should always work, so that in principle users don't have to implement the encryption twice, once via blk-crypto and once via fs or dm-layer crypto. So is there any reason not to keep the blk_crypto_bio_prep() call in generic_make_request()? I think performance can't be much of a complaint, since if almost everyone is using blk_mq_make_request() then they are making the function call anyway... - Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EAFEC11D3D for ; Thu, 27 Feb 2020 19:26:09 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4B8B324691; Thu, 27 Feb 2020 19:26:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="VEdoiXEC"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="fAqKJXbk"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="V3StYee0" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4B8B324691 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1j7OnQ-0002ML-HJ; Thu, 27 Feb 2020 19:26:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1j7OnM-0002M9-Ov for linux-f2fs-devel@lists.sourceforge.net; Thu, 27 Feb 2020 19:26:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HdtxJ4/bSXwqXCvmIPfks9tn7+Sy3lZv+ZpXTBglwq8=; b=VEdoiXECovJ/bAEvGPYqdmq67a 8Xsp6fLRl3iKvZHrPXaKXWH3bMOWNN1OxFSFrW28lbbFiy1eoGT3/qhECx54jKhokxMpN1fvjra0n wJEvP9jMU3YGxnI6CLNTVYzubhUmu5YKfjylzDWSqtZDTQdsMN3F8dj+o1bV3x1lPKdU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HdtxJ4/bSXwqXCvmIPfks9tn7+Sy3lZv+ZpXTBglwq8=; b=fAqKJXbk+OUvfRFPKSQHCLpK/s 0okw5KLoZw6V/hT38PvtAJV5QxX7lmHNCn+33Q1rUUrXoNaea4zX5wzwIOoji2TYpAADiBgC+5/L6 bO6YH9oulwsfO5RRQaJphBv8I297++CXn4i4/GFtVSH1rFck3TY16fYrHRgb0a1jf678=; Received: from mail.kernel.org ([198.145.29.99]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1j7OnE-007v97-K9 for linux-f2fs-devel@lists.sourceforge.net; Thu, 27 Feb 2020 19:26:04 +0000 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D6ADC24691; Thu, 27 Feb 2020 19:25:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582831546; bh=kGU0a0I3IvKdb4w1iUhQ37ywQbN9rjfpMR5iKdjutug=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=V3StYee0L66BoNn9KcVM2tPtSK3paFsNrIKznwTf8CK9KxeFhi3ZH/ln7EP5hXIAr HAUNj01Ixcs9roRcSoN5rmOMIs2EkSno4j81M0pJkUBY7UL2ArRgnsY8mn83Xw51Q9 aQsDsd891ZxVxCj7opcQJOBy1jaEwhuOgnfsz6oI= Date: Thu, 27 Feb 2020 11:25:44 -0800 From: Eric Biggers To: Satya Tangirala Message-ID: <20200227192544.GE877@sol.localdomain> References: <20200221115050.238976-1-satyat@google.com> <20200221115050.238976-4-satyat@google.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200221115050.238976-4-satyat@google.com> X-Headers-End: 1j7OnE-007v97-K9 Subject: Re: [f2fs-dev] [PATCH v7 3/9] block: blk-crypto-fallback for Inline Encryption X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-scsi@vger.kernel.org, Kim Boojin , Kuohong Wang , Barani Muthukumaran , linux-f2fs-devel@lists.sourceforge.net, linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net On Fri, Feb 21, 2020 at 03:50:44AM -0800, Satya Tangirala wrote: > Blk-crypto delegates crypto operations to inline encryption hardware when > available. The separately configurable blk-crypto-fallback contains a > software fallback to the kernel crypto API - when enabled, blk-crypto > will use this fallback for en/decryption when inline encryption hardware is > not available. This lets upper layers not have to worry about whether or > not the underlying device has support for inline encryption before > deciding to specify an encryption context for a bio, and also allows for > testing without actual inline encryption hardware. For more details, refer > to Documentation/block/inline-encryption.rst. > > Signed-off-by: Satya Tangirala In v7, only blk_mq_make_request() actually calls blk_crypto_bio_prep(). That will make the crypto contexts be silently ignored (no fallback) if q->make_request_fn != blk_mq_make_request. In recent kernels that *hopefully* won't matter in practice since almost everyone is using blk_mq_make_request. But it still seems like a poor design. First, it's super important that if someone requests encryption, then they either get it or get an error; it should *never* be silently ignored. Second, part of the goal of blk-crypto-fallback is that it should always work, so that in principle users don't have to implement the encryption twice, once via blk-crypto and once via fs or dm-layer crypto. So is there any reason not to keep the blk_crypto_bio_prep() call in generic_make_request()? I think performance can't be much of a complaint, since if almost everyone is using blk_mq_make_request() then they are making the function call anyway... - Eric _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel