From: Milan Broz <mbroz@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: jaxboe@fusionio.com, kzak@redhat.com, Milan Broz <mbroz@redhat.com>
Subject: [RFC PATCH 0/4] Remove cryptoloop support
Date: Thu, 1 Nov 2012 21:11:00 +0100 [thread overview]
Message-ID: <cover.1351799189.git.mbroz@redhat.com> (raw)
Hi,
after several "is cryptoloop supported/secure/maintained" discussions
(which regularly repeats for years on various occasions) we should do something.
So let's remove cryptoloop support from kernel :-)
Current mainline userspace (util-linux) is going to remove encryption support
in next losetup version (already removed in git tree), encryption support is
already deprecated in the last release.
There are known problems with cryptoloop (like predictable IV or hardcoded sizes),
and if you read even some very old notes, nothing changed for years.
(e.g. this page http://mareichelt.com/pub/texts.cryptoloop.html)
Dm-crypt/cryptsetup provides replacement for long time already.
It allocates loop device automatically for file images and with proper parameters
it can map existing images - even some old which are not supported by current
cryptoloop. On the other side it requires device-mapper modules (dm_mod, dm_crypt).
Alternative (out of tree) loop-AES already replaces most of the kernel
and userpsace code by own patches anyway.
I am not fan of removing old code this way but I do not see alternative here.
Please comment if you see better solution...
Thanks,
Milan
Milan Broz (4):
Remove cryptoloop module.
Remove cryptoloop config option.
Deprecate loop crypto ioctl fields.
Remove transfer module support in loop.
arch/arm/configs/colibri_pxa270_defconfig | 1 -
arch/arm/configs/ezx_defconfig | 1 -
arch/arm/configs/imote2_defconfig | 1 -
arch/arm/configs/lpc32xx_defconfig | 1 -
arch/arm/configs/netx_defconfig | 1 -
arch/arm/configs/nhk8815_defconfig | 1 -
arch/arm/configs/trizeps4_defconfig | 1 -
arch/ia64/configs/bigsur_defconfig | 1 -
arch/ia64/configs/generic_defconfig | 1 -
arch/ia64/configs/gensparse_defconfig | 1 -
arch/ia64/configs/tiger_defconfig | 1 -
arch/ia64/configs/xen_domu_defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/bcm47xx_defconfig | 1 -
arch/mips/configs/bigsur_defconfig | 1 -
arch/mips/configs/fuloong2e_defconfig | 1 -
arch/mips/configs/ip27_defconfig | 1 -
arch/mips/configs/ip32_defconfig | 1 -
arch/mips/configs/jazz_defconfig | 1 -
arch/mips/configs/lemote2f_defconfig | 1 -
arch/mips/configs/malta_defconfig | 1 -
arch/mips/configs/markeins_defconfig | 1 -
arch/mips/configs/nlm_xlp_defconfig | 1 -
arch/mips/configs/nlm_xlr_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/mips/configs/sead3_defconfig | 1 -
arch/parisc/configs/712_defconfig | 1 -
arch/parisc/configs/b180_defconfig | 1 -
arch/parisc/configs/c3000_defconfig | 1 -
arch/parisc/configs/default_defconfig | 1 -
arch/powerpc/configs/85xx/ge_imp3a_defconfig | 1 -
arch/powerpc/configs/86xx/gef_ppc9a_defconfig | 1 -
arch/powerpc/configs/86xx/gef_sbc310_defconfig | 1 -
arch/powerpc/configs/86xx/gef_sbc610_defconfig | 1 -
arch/powerpc/configs/86xx/sbc8641d_defconfig | 1 -
arch/powerpc/configs/c2k_defconfig | 1 -
arch/powerpc/configs/chroma_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/score/configs/spct6600_defconfig | 1 -
arch/sh/configs/sdk7786_defconfig | 1 -
arch/sh/configs/sh7785lcr_32bit_defconfig | 1 -
arch/sh/configs/titan_defconfig | 1 -
arch/sparc/configs/sparc32_defconfig | 1 -
arch/sparc/configs/sparc64_defconfig | 1 -
arch/tile/configs/tilegx_defconfig | 1 -
arch/tile/configs/tilepro_defconfig | 1 -
arch/um/defconfig | 1 -
drivers/block/Kconfig | 23 --
drivers/block/Makefile | 1 -
drivers/block/cryptoloop.c | 216 ---------------
drivers/block/loop.c | 344 +++---------------------
include/linux/loop.h | 31 ---
include/uapi/linux/loop.h | 18 +-
64 files changed, 44 insertions(+), 647 deletions(-)
delete mode 100644 drivers/block/cryptoloop.c
--
1.7.10.4
next reply other threads:[~2012-11-01 20:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-01 20:11 Milan Broz [this message]
2012-11-01 20:11 ` [RFC PATCH 1/4] Remove cryptoloop module Milan Broz
2012-11-01 20:11 ` [RFC PATCH 2/4] Remove cryptoloop config option Milan Broz
2012-11-01 20:11 ` [RFC PATCH 3/4] Deprecate loop crypto ioctl fields Milan Broz
2012-11-01 20:11 ` [RFC PATCH 4/4] Remove transfer module support in loop Milan Broz
2012-11-02 13:01 ` [RFC PATCH 0/4] Remove cryptoloop support (cryptsetup replacement) Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1351799189.git.mbroz@redhat.com \
--to=mbroz@redhat.com \
--cc=jaxboe@fusionio.com \
--cc=kzak@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.