From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: AnilKumar Chimata <anilc@codeaurora.org>
Cc: andy.gross@linaro.org, david.brown@linaro.org,
robh+dt@kernel.org, mark.rutland@arm.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
linux-soc@vger.kernel.org, devicetree@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
ebiggers@kernel.org, mhalcrow@google.com
Subject: Re: [PATCH 3/3] crypto: qce: ice: Add support for Inline Crypto Engine
Date: Wed, 17 Oct 2018 13:04:46 -0400 [thread overview]
Message-ID: <20181017170446.GD29710@thunk.org> (raw)
In-Reply-To: <1539789476-6098-4-git-send-email-anilc@codeaurora.org>
First, thanks for the effort for working on getting the core ICE
driver support into upstreamable patches.
On Wed, Oct 17, 2018 at 08:47:56PM +0530, AnilKumar Chimata wrote:
> +2) Per File Encryption (PFE)
> +Per File Manager(PFM) calls QSEECom api to create the key. PFM has a peer comp-
> +onent(PFT) at kernel layer which gets the corresponding key index from PFM.
> ...
> +Further Improvements
> +====================
> +Currently, Due to PFE use case, ICE driver is dependent upon dm-req-crypt to
> +provide the keys as part of request structure. This couples ICE driver with
> +dm-req-crypt based solution. It is under discussion to expose an IOCTL based
> +and registration based interface APIs from ICE driver. ICE driver would use
> +these two interfaces to find out if any key exists for current request. If
> +yes, choose the right key index received from IOCTL or registration based
> +APIs. If not, dont set any crypto parameter in the request.
However, this documentation is referencing components which are not in
the mainline kernel.
In the long term, what I'd like to see for per-file key support is a
clean solution which interfaces with the in-kernel fscrypt-enabled
file systems (e.g., f2fs and ext4). What I think we need to do is to
add a field in the bio structure which references a key id, and then
define a bdi-specific interface which allows the file system to
register a struct key and get a key id. Use of the key id will be
refcounted, so the device driver knows how many I/O operations are in
flight using a particular key --- since each ICE hardware will have a
different number of active keys that it can support.
Until that's there, at least for the upstream documentation, I think
it would be better to drop mention of code that is not yet upstream
--- and which may have problems ever going upstream in their current
form.
(I haven't checked in a while, but last time I looked the code in
question blindly dereferenced private pointers assuming that the only
two file systems that could ever use ICE were ext4 and f2fs.... not
that the code used by Google handsets were _that_ much cleaner, but
at least we dropped in a crypto key into the struct bio, instead of
playing unnatural games with private pointers from the wrong
abstraction layer. :-)
- Ted
next prev parent reply other threads:[~2018-10-17 17:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 15:17 [PATCH 0/3] Add Inline Crypto Engine (ICE) driver AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 1/3] firmware: qcom: scm: Update qcom_scm_call signature AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 2/3] dt-bindings: Add ICE device specific parameters AnilKumar Chimata
2018-10-25 18:15 ` Rob Herring
2018-10-29 13:30 ` AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 3/3] crypto: qce: ice: Add support for Inline Crypto Engine AnilKumar Chimata
2018-10-17 17:04 ` Theodore Y. Ts'o [this message]
2018-10-24 12:04 ` AnilKumar Chimata
2018-10-17 17:39 ` Randy Dunlap
2018-10-24 14:43 ` AnilKumar Chimata
2018-10-18 11:43 ` kbuild test robot
2018-10-24 11:14 ` anilc
2018-10-25 14:58 ` Rob Herring
2018-10-29 13:31 ` AnilKumar Chimata
2018-10-25 14:55 ` Rob Herring
2018-10-25 15:28 ` Theodore Y. Ts'o
2018-10-25 15:45 ` Rob Herring
2018-10-29 13:47 ` AnilKumar Chimata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181017170446.GD29710@thunk.org \
--to=tytso@mit.edu \
--cc=andy.gross@linaro.org \
--cc=anilc@codeaurora.org \
--cc=davem@davemloft.net \
--cc=david.brown@linaro.org \
--cc=devicetree@vger.kernel.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-soc@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhalcrow@google.com \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).