From: AnilKumar Chimata <anilc@codeaurora.org>
To: AnilKumar Chimata <anilc@codeaurora.org>
Cc: andy.gross@linaro.org, david.brown@linaro.org,
robh+dt@kernel.org, mark.rutland@arm.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
linux-soc@vger.kernel.org, devicetree@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
ebiggers@kernel.org, mhalcrow@google.com
Subject: Re: [PATCH 3/3] crypto: qce: ice: Add support for Inline Crypto Engine
Date: Wed, 24 Oct 2018 17:34:53 +0530 [thread overview]
Message-ID: <3d330886-3d78-bc85-e2c1-f64a65d20205@codeaurora.org> (raw)
In-Reply-To: <20181017170446.GD29710@thunk.org>
Hi Theodore,
Thanks for the comments,
On 2018-10-17 22:34, Theodore Y. Ts'o wrote:
> First, thanks for the effort for working on getting the core ICE
> driver support into upstreamable patches.
>
> On Wed, Oct 17, 2018 at 08:47:56PM +0530, AnilKumar Chimata wrote:
>> +2) Per File Encryption (PFE)
>> +Per File Manager(PFM) calls QSEECom api to create the key. PFM has a
>> peer comp-
>> +onent(PFT) at kernel layer which gets the corresponding key index
>> from PFM.
>> ...
>> +Further Improvements
>> +====================
>> +Currently, Due to PFE use case, ICE driver is dependent upon
>> dm-req-crypt to
>> +provide the keys as part of request structure. This couples ICE
>> driver with
>> +dm-req-crypt based solution. It is under discussion to expose an
>> IOCTL based
>> +and registration based interface APIs from ICE driver. ICE driver
>> would use
>> +these two interfaces to find out if any key exists for current
>> request. If
>> +yes, choose the right key index received from IOCTL or registration
>> based
>> +APIs. If not, dont set any crypto parameter in the request.
>
> However, this documentation is referencing components which are not in
> the mainline kernel.
Sure, will clean the documentation and try to minimize the unknown
components. Provided these details for better understanding of the flow.
>
> In the long term, what I'd like to see for per-file key support is a
> clean solution which interfaces with the in-kernel fscrypt-enabled
> file systems (e.g., f2fs and ext4). What I think we need to do is to
Agree, we are working on making per-file key (PFK) driver generic to
support any file system.
> add a field in the bio structure which references a key id, and then
> define a bdi-specific interface which allows the file system to
> register a struct key and get a key id. Use of the key id will be
> refcounted, so the device driver knows how many I/O operations are in
> flight using a particular key --- since each ICE hardware will have a
> different number of active keys that it can support.
Understand the point here, we will consider this refcount while working
on upstreamable PFK driver.
>
> Until that's there, at least for the upstream documentation, I think
> it would be better to drop mention of code that is not yet upstream
> --- and which may have problems ever going upstream in their current
> form.
Will clean the documentation.
>
> (I haven't checked in a while, but last time I looked the code in
> question blindly dereferenced private pointers assuming that the only
> two file systems that could ever use ICE were ext4 and f2fs.... not
> that the code used by Google handsets were _that_ much cleaner, but
> at least we dropped in a crypto key into the struct bio, instead of
> playing unnatural games with private pointers from the wrong
> abstraction layer. :-)
before upstreaming the PFK drivers, we will try to avoid private pointer
dereferences to achieve better abstraction to file system.
>
> - Ted
next prev parent reply other threads:[~2018-10-24 12:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 15:17 [PATCH 0/3] Add Inline Crypto Engine (ICE) driver AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 1/3] firmware: qcom: scm: Update qcom_scm_call signature AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 2/3] dt-bindings: Add ICE device specific parameters AnilKumar Chimata
2018-10-25 18:15 ` Rob Herring
2018-10-29 13:30 ` AnilKumar Chimata
2018-10-17 15:17 ` [PATCH 3/3] crypto: qce: ice: Add support for Inline Crypto Engine AnilKumar Chimata
2018-10-17 17:04 ` Theodore Y. Ts'o
2018-10-24 12:04 ` AnilKumar Chimata [this message]
2018-10-17 17:39 ` Randy Dunlap
2018-10-24 14:43 ` AnilKumar Chimata
2018-10-18 11:43 ` kbuild test robot
2018-10-24 11:14 ` anilc
2018-10-25 14:58 ` Rob Herring
2018-10-29 13:31 ` AnilKumar Chimata
2018-10-25 14:55 ` Rob Herring
2018-10-25 15:28 ` Theodore Y. Ts'o
2018-10-25 15:45 ` Rob Herring
2018-10-29 13:47 ` AnilKumar Chimata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3d330886-3d78-bc85-e2c1-f64a65d20205@codeaurora.org \
--to=anilc@codeaurora.org \
--cc=andy.gross@linaro.org \
--cc=davem@davemloft.net \
--cc=david.brown@linaro.org \
--cc=devicetree@vger.kernel.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-soc@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhalcrow@google.com \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).