From: Eric Biggers <ebiggers@kernel.org>
To: Sergei Shtepa <sergei.shtepa@linux.dev>
Cc: axboe@kernel.dk, hch@infradead.org, corbet@lwn.net,
snitzer@kernel.org, mingo@redhat.com, peterz@infradead.org,
juri.lelli@redhat.com, viro@zeniv.linux.org.uk,
brauner@kernel.org, linux-block@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Sergei Shtepa <sergei.shtepa@veeam.com>
Subject: Re: [PATCH v6 11/11] blksnap: prevents using devices with data integrity or inline encryption
Date: Mon, 27 Nov 2023 14:47:19 -0800 [thread overview]
Message-ID: <20231127224719.GD1463@sol.localdomain> (raw)
In-Reply-To: <20231124165933.27580-12-sergei.shtepa@linux.dev>
On Fri, Nov 24, 2023 at 05:59:33PM +0100, Sergei Shtepa wrote:
> There is an opinion that the use of the blksnap module may violate the
> security of encrypted data. The difference storage file may be located
> on an unreliable disk or even network storage.
I think this misses the point slightly. The main problem is that blksnap writes
data in plaintext that is supposed to be encrypted, as indicated by the bio
having an encryption context. That's just what it does, at least based on the
last patchset; it's not just "an opinion". See
https://lore.kernel.org/linux-block/20a5802d-424d-588a-c497-1d1236c52880@veeam.com/
> +#ifdef CONFIG_BLK_INLINE_ENCRYPTION
> + if (bio->bi_crypt_context) {
> + pr_err_once("Hardware inline encryption is not supported\n");
> + diff_area_set_corrupted(tracker->diff_area, -EPERM);
> + return false;
> + }
> +#endif
The error message for ->bi_crypt_context being set should say
"Inline encryption", not "Hardware inline encryption". The submitter of the bio
may have intended to use blk-crypto-fallback.
Anyway, this patch is better than ignoring the problem. It's worth noting,
though, that this patch does not prevent blksnap from being set up on a block
device on which blk-crypto-fallback is already being used (or will be used).
When that happens, I/O will suddenly start failing. For usability reasons,
ideally that would be prevented somehow.
- Eric
next prev parent reply other threads:[~2023-11-27 22:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 16:59 [PATCH v6 00/11] blksnap - block devices snapshots module Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 01/11] documentation: Block Device Filtering Mechanism Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 02/11] block: " Sergei Shtepa
2023-12-07 7:44 ` Christoph Hellwig
2023-12-07 11:22 ` Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 03/11] documentation: Block Devices Snapshots Module Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 04/11] blksnap: header file of the module interface Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 05/11] blksnap: module management interface functions Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 06/11] blksnap: handling and tracking I/O units Sergei Shtepa
2023-12-07 8:23 ` Christoph Hellwig
2023-11-24 16:59 ` [PATCH v6 07/11] blksnap: difference storage and chunk Sergei Shtepa
2023-12-07 8:36 ` Christoph Hellwig
2023-11-24 16:59 ` [PATCH v6 08/11] blksnap: event queue from the difference storage Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 09/11] blksnap: snapshot and snapshot image block device Sergei Shtepa
2023-11-24 16:59 ` [PATCH v6 10/11] blksnap: Kconfig and Makefile Sergei Shtepa
2023-12-07 7:47 ` Christoph Hellwig
2023-11-24 16:59 ` [PATCH v6 11/11] blksnap: prevents using devices with data integrity or inline encryption Sergei Shtepa
2023-11-27 22:47 ` Eric Biggers [this message]
2023-11-28 11:00 ` Sergei Shtepa
2023-11-28 17:18 ` Eric Biggers
2023-11-29 15:15 ` Sergei Shtepa
2023-11-24 17:03 ` [PATCH v6 00/11] blksnap - block devices snapshots module Jens Axboe
2023-11-24 17:12 ` Sergei Shtepa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231127224719.GD1463@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=corbet@lwn.net \
--cc=hch@infradead.org \
--cc=juri.lelli@redhat.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sergei.shtepa@linux.dev \
--cc=sergei.shtepa@veeam.com \
--cc=snitzer@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).