From: Harald Freudenberger <freude@linux.ibm.com>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: dengler@linux.ibm.com, Eric Biggers <ebiggers@kernel.org>,
linux-s390@vger.kernel.org, dm-devel@lists.linux.dev,
herbert@gondor.apana.org.au, ifranzki@linux.ibm.com,
agk@redhat.com, snitzer@kernel.org, gmazyland@gmail.com
Subject: Re: [PATCH v5 0/2] dm-integrity: Implement asynch digest support
Date: Fri, 25 Jul 2025 10:14:30 +0200 [thread overview]
Message-ID: <56aa9892c7825a443f8a6153e17b4c46@linux.ibm.com> (raw)
In-Reply-To: <5fc734af-a2c1-b7bb-85fb-cba6b8722c13@redhat.com>
On 2025-07-24 16:40, Mikulas Patocka wrote:
> On Tue, 22 Jul 2025, Harald Freudenberger wrote:
>
>> Support for ahashes in dm-integrity.
>>
>> Changelog:
>>
>> v1: First implementation. Tested with crc32, sha256, hmac-sha256 and
>> the s390 specific implementations for hmac-sha256 and protected
>> key phmac-sha256. Also ran with some instrumented code (in the
>> digest
>> implementation) to verify that in fact now the code runs
>> asynchronous.
>> v2: Support shash and ahash. Based on Mikulas' idea about implementing
>> ahash support similar to dm-verity this version now adds support
>> for ahash but does not replace the shash support. For more details
>> see the text of the patch header.
>> v3: The line to store the digestsize into the new internal variable
>> did not make it into the patch set which was sent out. So now
>> this important code piece is also there. Also rebuilded, sparse
>> checked and tested to make sure the patches are ok.
>> v4: Thanks to Mikulas a total new implementation of the ahash support
>> for the dm-integrity layer :-)
>> v5: Slight rework around the allocation and comparing of ahash and
>> shash algorithm.
>> V5 has been tested with the new introduced ahash phmac which is a
>> protected key ("hardware key") version of a hmac for s390. As of
>> now
>> phmac is only available in Herbert Xu's cryptodev-2.6 kernel tree
>> but will be merged into mainline with the next merge window for
>> the 6.17 development kernel.
>>
>> Mikulas Patocka (2):
>> dm-integrity: use internal variable for digestsize
>> dm-integrity: introduce ahash support for the internal hash
>>
>> drivers/md/dm-integrity.c | 370
>> +++++++++++++++++++++++++++-----------
>> 1 file changed, 265 insertions(+), 105 deletions(-)
>>
>>
>> base-commit: 89be9a83ccf1f88522317ce02f854f30d6115c41
>> --
>> 2.43.0
>>
>
> Hi
>
> Eric Biggers recently removed ahash support from dm-verity - see this
> commit:
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/device-mapper/linux-dm/+/f43309c6743257244f11f14d31c297ee6a410ded
>
> Should I revert Eric's patch? - would you need dm-verity with
> asynchronous
> hashes on zseries too?
>
> Is this patch series needed for performance (does it perform better
> than
> the in-cpu instructions)? Or is it need because of better security (the
> keys are hidden in the hardware)?
>
> Mikulas
I've seen this. Well as of now we don't need dm-verity. However, I'll
check
our plans and let you know within the next days.
Thanks
Harald Freudenberger
with
next prev parent reply other threads:[~2025-07-25 8:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-22 13:38 [PATCH v5 0/2] dm-integrity: Implement asynch digest support Harald Freudenberger
2025-07-22 13:38 ` [PATCH v5 1/2] dm-integrity: use internal variable for digestsize Harald Freudenberger
2025-07-22 13:38 ` [PATCH v5 2/2] dm-integrity: introduce ahash support for the internal hash Harald Freudenberger
2025-07-24 14:40 ` [PATCH v5 0/2] dm-integrity: Implement asynch digest support Mikulas Patocka
2025-07-25 8:14 ` Harald Freudenberger [this message]
2025-07-25 17:38 ` Eric Biggers
2025-07-28 10:11 ` Harald Freudenberger
2025-07-28 21:24 ` Mikulas Patocka
2025-07-29 1:40 ` Herbert Xu
2025-08-14 12:13 ` Harald Freudenberger
2025-08-18 19:49 ` Mikulas Patocka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56aa9892c7825a443f8a6153e17b4c46@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=agk@redhat.com \
--cc=dengler@linux.ibm.com \
--cc=dm-devel@lists.linux.dev \
--cc=ebiggers@kernel.org \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).