From: Eric Biggers <ebiggers@kernel.org>
To: Bart Van Assche <bvanassche@acm.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
Damien Le Moal <dlemoal@kernel.org>, Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, Yu Kuai <yukuai1@huaweicloud.com>,
Ming Lei <ming.lei@redhat.com>,
Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Subject: Re: [PATCH 1/2] block: Make __submit_bio_noacct() preserve the bio submission order
Date: Wed, 11 Jun 2025 11:15:51 -0700 [thread overview]
Message-ID: <20250611181551.GB1254@sol> (raw)
In-Reply-To: <1853d37f-b7b1-4266-b47f-8c2063f36b7d@acm.org>
On Wed, Jun 11, 2025 at 09:15:05AM -0700, Bart Van Assche wrote:
> On 6/10/25 9:21 PM, Eric Biggers wrote:
> > blk-crypto-fallback runs at the top layer, so yes it's different from native
> > inline encryption support where the encryption is done at the bottom. (But the
> > results are the same from the filesystem's perspective, since native support
> > only gets passed through and used when it would give the expected result.)
>
> Although I'm not sure Keith realizes this, his patch may move encryption
> from the top of the block driver stack (a device mapper driver) to the
> bottom (something else than a device mapper driver). This may happen
> because device mapper drivers do not split bios unless this is
> essential, e.g. because the LBA range of a bio spans more than one entry
> in the mapping table.
>
> Is my understanding correct that this is acceptable because the
> encryption IV is based on the file offset provided by the filesystem and
> not on the LBA where the data is written?
The IV is provided in the bio_crypt_context. The encryption can be done at a
lower layer, like how hardware inline encryption works, if the layers above are
compatible with it. (E.g., they must not change the data.)
Ultimately, the data that's actually written to disk needs to be identical to
the data that would have been written if the user encrypted the data themselves
and submitted a pre-encrypted bio.
>
> > Just keep in mind that blk-crypto-fallback is meant to work on any block device
> > (even ones that don't have a crypto profile, as the profile is just for the
> > native support). So we do need to make sure it always gets invoked when needed.
>
> I propose that we require that bio-based drivers must call
> bio_split_to_limits() to support inline encryption. Otherwise the
> approach of Keith's patch can't work. Does this seem reasonable to you?
>
> As far as I can tell upstream bio-based drivers already call
> bio_split_to_limits().
Well, again it needs to work on any block device. If the encryption might just
not be done and plaintext ends up on-disk, then blk-crypto-fallback would be
unsafe to use.
It would be preferable to have blk-crypto-fallback continue to be handled in the
block layer so that drivers don't need to worry about it.
- Eric
next prev parent reply other threads:[~2025-06-11 18:16 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-14 20:29 [PATCH 0/2] Two bug fixes for zoned block devices Bart Van Assche
2025-05-14 20:29 ` [PATCH 1/2] block: Make __submit_bio_noacct() preserve the bio submission order Bart Van Assche
2025-05-15 7:19 ` Niklas Cassel
2025-05-15 15:58 ` Bart Van Assche
2025-05-16 4:47 ` Christoph Hellwig
2025-05-19 22:12 ` Bart Van Assche
2025-05-20 13:56 ` Christoph Hellwig
2025-05-20 18:09 ` Bart Van Assche
2025-05-21 5:53 ` Christoph Hellwig
2025-05-21 21:18 ` Bart Van Assche
2025-05-22 5:12 ` Damien Le Moal
2025-05-22 17:08 ` Bart Van Assche
2025-05-23 6:02 ` Damien Le Moal
2025-05-23 16:30 ` Bart Van Assche
2025-05-24 8:48 ` Damien Le Moal
2025-05-24 14:05 ` Bart Van Assche
2025-05-24 15:36 ` Damien Le Moal
2025-05-26 5:24 ` Christoph Hellwig
2025-05-27 16:19 ` Bart Van Assche
2025-05-31 0:25 ` Bart Van Assche
2025-06-08 22:07 ` Bart Van Assche
2025-06-08 22:47 ` Damien Le Moal
2025-06-09 3:58 ` Christoph Hellwig
2025-06-09 20:48 ` Bart Van Assche
2025-06-10 5:04 ` Christoph Hellwig
2025-06-09 3:55 ` Christoph Hellwig
2025-06-10 17:23 ` Bart Van Assche
2025-06-10 23:18 ` Keith Busch
2025-06-11 0:46 ` Damien Le Moal
2025-06-11 1:00 ` Keith Busch
2025-06-11 1:02 ` Damien Le Moal
2025-06-11 1:08 ` Keith Busch
2025-06-11 1:34 ` Keith Busch
2025-06-11 3:40 ` Christoph Hellwig
2025-06-11 4:21 ` Eric Biggers
2025-06-11 16:15 ` Bart Van Assche
2025-06-11 18:15 ` Eric Biggers [this message]
2025-06-11 19:43 ` Bart Van Assche
2025-06-18 22:27 ` Bart Van Assche
2025-05-23 4:21 ` Christoph Hellwig
2025-05-14 20:29 ` [PATCH 2/2] block: Fix a deadlock related freezing zoned storage devices Bart Van Assche
2025-05-16 4:51 ` Christoph Hellwig
2025-05-19 22:22 ` Bart Van Assche
2025-05-20 13:57 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250611181551.GB1254@sol \
--to=ebiggers@kernel.org \
--cc=axboe@kernel.dk \
--cc=bvanassche@acm.org \
--cc=dlemoal@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=shinichiro.kawasaki@wdc.com \
--cc=yukuai1@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox