From: Milan Broz <gmazyland@gmail.com>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
dm-devel@lists.linux.dev, Yu Kuai <yukuai1@huaweicloud.com>,
lkml <linux-kernel@vger.kernel.org>,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [discussion] proposal to bypass zero data for dm-crypt
Date: Sun, 5 Jan 2025 21:54:06 +0100 [thread overview]
Message-ID: <4351b4fa-2558-4b73-8604-81a4b1eef9dc@gmail.com> (raw)
In-Reply-To: <3181bbd4-40df-eecf-c9b2-45b09018b8af@redhat.com>
On 1/3/25 5:25 PM, Mikulas Patocka wrote:
> Milan, what do you think about this from a cryptographic point of view?
> Does it make sense to add an option that would detect zero data and skip
> decryption in this case?
It is a very dangerous thing.
Disk encryption is a length-preserving encryption, so it cannot prevent
decryption of modified ciphertext. However, such ciphertext modification
(without key knowledge) will cause a pseudorandom plaintext output
(IOW attacker cannot easily flip bits or whole sectors by ciphertext
modification).
If you allow the zeroed sector to transform to valid plaintext directly,
the attacker can wipe arbitrary plaintext sector. It can lead to fatal
issues (for example, wiping filesystem metadata bitmaps on some known
location).
Stack FDE (dm-crypt) below the filesystem or other storage layer
(like thin provision) that supports sparse data, and you will get
the expected behavior without such tricks.
Milan
>
> Mikulas
>
> On Sat, 21 Dec 2024, Yu Kuai wrote:
>
>> Background
>>
>> We provide virtual machines for customers to use, which include an important
>> feature: in the initial state, the disks in the virtual machine do not occupy
>> actual storage space, and the data read by users is all zeros until the user
>> writes data for the first time. This can save a large amount of storage.
>>
>> Problem
>>
>> However, after introducing dm-crypt, this feature has failed. Because we
>> expect the data read by users in the initial state to be zero, we have to
>> write all zeros from dm-crypt.
>>
>> Hence we'd like to propose to bypass zero data for dm-crypt, for
>> example:
>>
>> before:
>> zero data -> encrypted zero data
>> decrypted zero data -> zero data
>> others
>>
>> after:
>> zero data -> zero data
>> decrypted zero data -> encrypted zero data
>> others(doesn't change)
>>
>> We'd like to hear from the community for suggestions first, before we
>> start. :)
>>
>> Thanks,
>> Kuai
>>
>
next prev parent reply other threads:[~2025-01-05 20:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-21 2:34 [discussion] proposal to bypass zero data for dm-crypt Yu Kuai
2025-01-03 16:25 ` Mikulas Patocka
2025-01-05 20:54 ` Milan Broz [this message]
2025-01-06 1:43 ` Yu Kuai
2025-01-06 9:09 ` Milan Broz
2025-01-06 9:39 ` Yu Kuai
2025-01-07 2:04 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4351b4fa-2558-4b73-8604-81a4b1eef9dc@gmail.com \
--to=gmazyland@gmail.com \
--cc=agk@redhat.com \
--cc=dm-devel@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
--cc=yukuai1@huaweicloud.com \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox