From: Benjamin Marzinski <bmarzins@redhat.com>
To: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
Cc: linux-block@vger.kernel.org, ebiggers@kernel.org,
mpatocka@redhat.com, gmazyland@gmail.com,
linux-kernel@vger.kernel.org, adrianvovk@gmail.com,
dm-devel@lists.linux.dev, quic_mdalam@quicinc.com,
israelr@nvidia.com, hch@infradead.org, axboe@kernel.dk
Subject: Re: [PATCH v2 2/3] dm-inlinecrypt: add target for inline block device encryption
Date: Wed, 29 Apr 2026 11:25:01 -0400 [thread overview]
Message-ID: <afIizQA9kVR_u_2j@redhat.com> (raw)
In-Reply-To: <7ab5cd97-30b7-42ca-80ce-6d9cd8c45b73@oss.qualcomm.com>
On Wed, Apr 29, 2026 at 08:34:00PM +0800, Linlin Zhang wrote:
>
>
> On 4/29/2026 12:36 AM, Benjamin Marzinski wrote:
> > On Tue, Apr 28, 2026 at 05:20:07PM +0800, Linlin Zhang wrote:
> >>
> >>
> >> On 4/28/2026 7:21 AM, Benjamin Marzinski wrote:
> >>> On Mon, Apr 27, 2026 at 01:23:27AM -0400, Benjamin Marzinski wrote:
> >>>> On Fri, Apr 10, 2026 at 06:40:30AM -0700, Linlin Zhang wrote:
> >>>>> From: Eric Biggers <ebiggers@google.com>
> >>>>> + /*
> >>>>> + * Since we've added an encryption context to the bio and
> >>>>> + * blk-crypto-fallback may be needed to process it, it's necessary to
> >>>>> + * use the fallback-aware bio submission code rather than
> >>>>> + * unconditionally returning DM_MAPIO_REMAPPED.
> >>>>> + *
> >>>>> + * To get the correct accounting for a dm target in the case where
> >>>>> + * __blk_crypto_submit_bio() doesn't take ownership of the bio (returns
> >>>>> + * true), call __blk_crypto_submit_bio() directly and return
> >>>>> + * DM_MAPIO_REMAPPED in that case, rather than relying on
> >>>>> + * blk_crypto_submit_bio() which calls submit_bio() in that case.
> >>>>> + */
> >>>>> + if (__blk_crypto_submit_bio(bio))
> >>>>
> >>>> This will still double account for fallback writes (which call
> >>>> submit_bio() on the encrypted bios, and return DM_MAPIO_SUBMITTED here).
> >>>
> >>> Just to clarify, I'm talking about the vmstats accounting. The IO
> >>> originally gets accounted by submit_bio() when the bio is submitted to
> >>> the dm device. For actual inline encryption and fallback reads, dm will
> >>> submit the bio to the underlying device using submit_bio_noacct() to
> >>> avoid double-counting the IO.
> >>>
> >>> For fallback writes, __blk_crypto_submit_bio() will submit the encrypted
> >>> bios to the underlying device with submit_bio(). This adds the IO
> >>> sectors again, even though it's the same IO, only encrypted now.
> >>
> >>
> >> Right, thanks for calling this out.
> >>
> >> For fallback writes, the IO is still double-counted. Given that this only
> >> affects IO accounting in the blk-crypto fallback write slow-path and not
> >> correctness, I think this is an acceptable tradeoff, and we can leave a
> >> TODO to revisit the accounting once a better solution exists.
> >>
> >> Add the bellow to the annotate.
> >>
> >> /*
> >> * TODO: blk-crypto fallback write slow-path currently double-accounts
> >> * IO in vmstat, as encrypted bios are submitted via submit_bio().
> >> * This does not affect data correctness. Consider fixing this if
> >> * a cleaner accounting model for derived bios is introduced.
> >> */
> >>
> >> Do you agree?
> >
> > You could add an extra argument, for instance "bool need_acct", to
> > __blk_crypto_submit_bio(), and plumb it through to
> > __blk_crypto_fallback_encrypt_bio(), where it could be used to choose
> > between calling submit_bio() and and submit_bio_noacct().
> >
> > We could even add a flag to cloned bios for stacked devices, that could
> > be checked in submit_bio(), so we didn't need to have
> > submit_bio_noacct(). But this is a pretty niche case with other
> > solutions, so I'm not sure if it warrants adding more checks to
> > submit_bio().
> >
> > I do agree that people probably aren't using dm-inlinecrypt for devices
> > where they don't actually have inline encryption capabilities, so it's
> > not a major issue. What to you think, Mikulas?
>
> Thanks for the suggestions.
>
> Adding a bool need_acct parameter to __blk_crypto_submit_bio() would require
> updating all existing callers, which feels rather intrusive given that the
> accounting issue only affects the blk‑crypto fallback write slow‑path. I’m a
> bit concerned that this would broaden the scope of the change more than
> necessary for the problem at hand.
I get your concern, and I'd like a second opinion on how much we should
care about this, but it doesn't look like there are many other callers
that would be effected here. The only existing caller of
__blk_crypto_submit_bio() is blk_crypto_submit_bio(), which would just
call it with "need_acct=true". Looking at the code path below
__blk_crypto_submit_bio() that would need to change for submitting the
bios:
__blk_crypto_submit_bio() is the only caller of
blk_crypto_fallback_bio_prep()
blk_crypto_fallback_bio_prep() is the only caller of
blk_crypto_fallback_encrypt_bio().
blk_crypto_fallback_encrypt_bio() is the only caller of
__blk_crypto_fallback_encrypt_bio(), which is the function that would
need to choose between submit_bio() and submit_bio_noacct().
Doing this would change the crypto API (by necessity, since we're adding
a new argument to __blk_crypto_submit_bio() for stacking devices to
use), and it is adds a extra argument to a number of functions, just to
handle this corner case. But it is still a relatively contained change.
-Ben
next prev parent reply other threads:[~2026-04-29 15:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 13:40 [PATCH v2 0/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-04-10 13:40 ` [PATCH v2 1/3] block: export blk-crypto symbols required by dm-inlinecrypt Linlin Zhang
2026-04-10 13:40 ` [PATCH v2 2/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-04-27 1:19 ` Benjamin Marzinski
2026-04-27 12:20 ` Linlin Zhang
2026-04-28 10:43 ` Linlin Zhang
2026-04-28 16:20 ` Benjamin Marzinski
2026-04-29 12:16 ` Linlin Zhang
2026-04-27 5:23 ` Benjamin Marzinski
2026-04-27 23:21 ` Benjamin Marzinski
2026-04-28 9:20 ` Linlin Zhang
2026-04-28 16:36 ` Benjamin Marzinski
2026-04-29 12:34 ` Linlin Zhang
2026-04-29 15:25 ` Benjamin Marzinski [this message]
2026-04-29 15:58 ` Benjamin Marzinski
2026-04-30 9:21 ` Linlin Zhang
2026-04-10 13:40 ` [PATCH v2 3/3] dm: add documentation for dm-inlinecrypt target Linlin Zhang
2026-04-10 17:07 ` Milan Broz
2026-04-24 13:53 ` Linlin Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afIizQA9kVR_u_2j@redhat.com \
--to=bmarzins@redhat.com \
--cc=adrianvovk@gmail.com \
--cc=axboe@kernel.dk \
--cc=dm-devel@lists.linux.dev \
--cc=ebiggers@kernel.org \
--cc=gmazyland@gmail.com \
--cc=hch@infradead.org \
--cc=israelr@nvidia.com \
--cc=linlin.zhang@oss.qualcomm.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=quic_mdalam@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.