From: Satya Tangirala <satyat@google.com>
To: Mike Snitzer <snitzer@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>, Eric Biggers <ebiggers@google.com>,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, Alasdair Kergon <agk@redhat.com>
Subject: Re: [dm-devel] [PATCH 2/3] dm: add support for passing through inline crypto support
Date: Thu, 15 Oct 2020 21:55:35 +0000 [thread overview]
Message-ID: <20201015215535.GA48329@google.com> (raw)
In-Reply-To: <20200924134021.GA13849@redhat.com>
On Thu, Sep 24, 2020 at 09:40:22AM -0400, Mike Snitzer wrote:
> On Thu, Sep 24 2020 at 3:48am -0400,
> Satya Tangirala <satyat@google.com> wrote:
>
> > On Wed, Sep 23, 2020 at 09:21:03PM -0400, Mike Snitzer wrote:
> > > On Wed, Sep 09 2020 at 7:44pm -0400,
> > > Satya Tangirala <satyat@google.com> wrote:
> > >
> > > > From: Eric Biggers <ebiggers@google.com>
> > > >
> > > > Update the device-mapper core to support exposing the inline crypto
> > > > support of the underlying device(s) through the device-mapper device.
> > > >
> > > > This works by creating a "passthrough keyslot manager" for the dm
> > > > device, which declares support for encryption settings which all
> > > > underlying devices support. When a supported setting is used, the bio
> > > > cloning code handles cloning the crypto context to the bios for all the
> > > > underlying devices. When an unsupported setting is used, the blk-crypto
> > > > fallback is used as usual.
> > > >
> > > > Crypto support on each underlying device is ignored unless the
> > > > corresponding dm target opts into exposing it. This is needed because
> > > > for inline crypto to semantically operate on the original bio, the data
> > > > must not be transformed by the dm target. Thus, targets like dm-linear
> > > > can expose crypto support of the underlying device, but targets like
> > > > dm-crypt can't. (dm-crypt could use inline crypto itself, though.)
> > > >
> > > > When a key is evicted from the dm device, it is evicted from all
> > > > underlying devices.
> > > >
> > > > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > > > Co-developed-by: Satya Tangirala <satyat@google.com>
> > > > Signed-off-by: Satya Tangirala <satyat@google.com>
> > > > ---
> > > > block/blk-crypto.c | 1 +
> > > > block/keyslot-manager.c | 34 ++++++++++++
> > > > drivers/md/dm-core.h | 4 ++
> > > > drivers/md/dm-table.c | 52 +++++++++++++++++++
> > > > drivers/md/dm.c | 92 ++++++++++++++++++++++++++++++++-
> > > > include/linux/device-mapper.h | 6 +++
> > > > include/linux/keyslot-manager.h | 7 +++
> > > > 7 files changed, 195 insertions(+), 1 deletion(-)
> > > >
>
> > > > diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h
> > > > index c4ef1fceead6..4542050eebfc 100644
> > > > --- a/drivers/md/dm-core.h
> > > > +++ b/drivers/md/dm-core.h
> > > > @@ -12,6 +12,7 @@
> > > > #include <linux/kthread.h>
> > > > #include <linux/ktime.h>
> > > > #include <linux/blk-mq.h>
> > > > +#include <linux/keyslot-manager.h>
> > > >
> > > > #include <trace/events/block.h>
> > > >
> > > > @@ -49,6 +50,9 @@ struct mapped_device {
> > > >
> > > > int numa_node_id;
> > > > struct request_queue *queue;
> > > > +#ifdef CONFIG_BLK_INLINE_ENCRYPTION
> > > > + struct blk_keyslot_manager ksm;
> > > > +#endif
> > > >
> > > > atomic_t holders;
> > > > atomic_t open_count;
> > >
> > > Any reason you placed the ksm member where you did?
> >
> > As in, any reason why it's placed right after the struct request_queue
> > *queue? The ksm is going to be set up in the request_queue and is a part
> > of the request_queue is some sense, so it seemed reasonable to me to
> > group them together....but I don't think there's any reason it *has* to
> > be there, if you think it should be put elsewhere (or maybe I'm
> > misunderstanding your question :) ).
>
> Placing the full struct where you did is highly disruptive to the prior
> care taken to tune alignment of struct members within mapped_device.
>
Ah I see - sorry about that! I ended up removing it entirely in the next
version of this series while trying to address this and your other
comments :). The next version is at
https://lore.kernel.org/linux-block/20201015214632.41951-5-satyat@google.com/
> Switching to a pointer will be less so, but even still it might be best
> to either find a hole in the struct (not looked recently, but there may
> not be one) or simply put it at the end of the structure.
>
> The pahole utility is very useful for this kind of struct member
> placement, etc. But it is increasingly unavailable in modern Linux
> distros...
>
> Mike
>
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Satya Tangirala <satyat@google.com>
To: Mike Snitzer <snitzer@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>, Eric Biggers <ebiggers@google.com>,
linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
dm-devel@redhat.com, Alasdair Kergon <agk@redhat.com>
Subject: Re: [PATCH 2/3] dm: add support for passing through inline crypto support
Date: Thu, 15 Oct 2020 21:55:35 +0000 [thread overview]
Message-ID: <20201015215535.GA48329@google.com> (raw)
In-Reply-To: <20200924134021.GA13849@redhat.com>
On Thu, Sep 24, 2020 at 09:40:22AM -0400, Mike Snitzer wrote:
> On Thu, Sep 24 2020 at 3:48am -0400,
> Satya Tangirala <satyat@google.com> wrote:
>
> > On Wed, Sep 23, 2020 at 09:21:03PM -0400, Mike Snitzer wrote:
> > > On Wed, Sep 09 2020 at 7:44pm -0400,
> > > Satya Tangirala <satyat@google.com> wrote:
> > >
> > > > From: Eric Biggers <ebiggers@google.com>
> > > >
> > > > Update the device-mapper core to support exposing the inline crypto
> > > > support of the underlying device(s) through the device-mapper device.
> > > >
> > > > This works by creating a "passthrough keyslot manager" for the dm
> > > > device, which declares support for encryption settings which all
> > > > underlying devices support. When a supported setting is used, the bio
> > > > cloning code handles cloning the crypto context to the bios for all the
> > > > underlying devices. When an unsupported setting is used, the blk-crypto
> > > > fallback is used as usual.
> > > >
> > > > Crypto support on each underlying device is ignored unless the
> > > > corresponding dm target opts into exposing it. This is needed because
> > > > for inline crypto to semantically operate on the original bio, the data
> > > > must not be transformed by the dm target. Thus, targets like dm-linear
> > > > can expose crypto support of the underlying device, but targets like
> > > > dm-crypt can't. (dm-crypt could use inline crypto itself, though.)
> > > >
> > > > When a key is evicted from the dm device, it is evicted from all
> > > > underlying devices.
> > > >
> > > > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > > > Co-developed-by: Satya Tangirala <satyat@google.com>
> > > > Signed-off-by: Satya Tangirala <satyat@google.com>
> > > > ---
> > > > block/blk-crypto.c | 1 +
> > > > block/keyslot-manager.c | 34 ++++++++++++
> > > > drivers/md/dm-core.h | 4 ++
> > > > drivers/md/dm-table.c | 52 +++++++++++++++++++
> > > > drivers/md/dm.c | 92 ++++++++++++++++++++++++++++++++-
> > > > include/linux/device-mapper.h | 6 +++
> > > > include/linux/keyslot-manager.h | 7 +++
> > > > 7 files changed, 195 insertions(+), 1 deletion(-)
> > > >
>
> > > > diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h
> > > > index c4ef1fceead6..4542050eebfc 100644
> > > > --- a/drivers/md/dm-core.h
> > > > +++ b/drivers/md/dm-core.h
> > > > @@ -12,6 +12,7 @@
> > > > #include <linux/kthread.h>
> > > > #include <linux/ktime.h>
> > > > #include <linux/blk-mq.h>
> > > > +#include <linux/keyslot-manager.h>
> > > >
> > > > #include <trace/events/block.h>
> > > >
> > > > @@ -49,6 +50,9 @@ struct mapped_device {
> > > >
> > > > int numa_node_id;
> > > > struct request_queue *queue;
> > > > +#ifdef CONFIG_BLK_INLINE_ENCRYPTION
> > > > + struct blk_keyslot_manager ksm;
> > > > +#endif
> > > >
> > > > atomic_t holders;
> > > > atomic_t open_count;
> > >
> > > Any reason you placed the ksm member where you did?
> >
> > As in, any reason why it's placed right after the struct request_queue
> > *queue? The ksm is going to be set up in the request_queue and is a part
> > of the request_queue is some sense, so it seemed reasonable to me to
> > group them together....but I don't think there's any reason it *has* to
> > be there, if you think it should be put elsewhere (or maybe I'm
> > misunderstanding your question :) ).
>
> Placing the full struct where you did is highly disruptive to the prior
> care taken to tune alignment of struct members within mapped_device.
>
Ah I see - sorry about that! I ended up removing it entirely in the next
version of this series while trying to address this and your other
comments :). The next version is at
https://lore.kernel.org/linux-block/20201015214632.41951-5-satyat@google.com/
> Switching to a pointer will be less so, but even still it might be best
> to either find a hole in the struct (not looked recently, but there may
> not be one) or simply put it at the end of the structure.
>
> The pahole utility is very useful for this kind of struct member
> placement, etc. But it is increasingly unavailable in modern Linux
> distros...
>
> Mike
>
next prev parent reply other threads:[~2020-10-16 10:20 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-09 23:44 [PATCH 0/3] add support for inline encryption to device mapper Satya Tangirala
2020-09-09 23:44 ` [PATCH 1/3] block: keyslot-manager: Introduce passthrough keyslot manager Satya Tangirala
2020-09-22 0:27 ` Eric Biggers
2020-09-09 23:44 ` [PATCH 2/3] dm: add support for passing through inline crypto support Satya Tangirala
2020-09-22 0:32 ` Eric Biggers
2020-09-24 1:14 ` Mike Snitzer
2020-09-24 7:17 ` Satya Tangirala
2020-09-24 13:46 ` Mike Snitzer
2020-09-24 15:45 ` Eric Biggers
2020-09-24 16:16 ` Mike Snitzer
2020-09-24 16:57 ` Eric Biggers
2020-09-24 1:21 ` Mike Snitzer
2020-09-24 1:21 ` Mike Snitzer
2020-09-24 7:38 ` Satya Tangirala
2020-09-24 14:23 ` Mike Snitzer
2020-10-15 22:05 ` [dm-devel] " Satya Tangirala
2020-10-15 22:05 ` Satya Tangirala
2020-09-24 7:48 ` Satya Tangirala
2020-09-24 13:40 ` Mike Snitzer
2020-10-15 21:55 ` Satya Tangirala [this message]
2020-10-15 21:55 ` Satya Tangirala
2020-09-09 23:44 ` [PATCH 3/3] dm: enable may_passthrough_inline_crypto on some targets Satya Tangirala
2020-09-22 0:49 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201015215535.GA48329@google.com \
--to=satyat@google.com \
--cc=agk@redhat.com \
--cc=axboe@kernel.dk \
--cc=dm-devel@redhat.com \
--cc=ebiggers@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=snitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.