From: Benjamin Marzinski <bmarzins@redhat.com>
To: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
Cc: linux-block@vger.kernel.org, ebiggers@kernel.org,
mpatocka@redhat.com, gmazyland@gmail.com,
linux-kernel@vger.kernel.org, adrianvovk@gmail.com,
dm-devel@lists.linux.dev, quic_mdalam@quicinc.com,
israelr@nvidia.com, hch@infradead.org, axboe@kernel.dk
Subject: Re: [PATCH v2 2/3] dm-inlinecrypt: add target for inline block device encryption
Date: Wed, 29 Apr 2026 11:25:01 -0400 [thread overview]
Message-ID: <afIizQA9kVR_u_2j@redhat.com> (raw)
In-Reply-To: <7ab5cd97-30b7-42ca-80ce-6d9cd8c45b73@oss.qualcomm.com>
On Wed, Apr 29, 2026 at 08:34:00PM +0800, Linlin Zhang wrote:
>
>
> On 4/29/2026 12:36 AM, Benjamin Marzinski wrote:
> > On Tue, Apr 28, 2026 at 05:20:07PM +0800, Linlin Zhang wrote:
> >>
> >>
> >> On 4/28/2026 7:21 AM, Benjamin Marzinski wrote:
> >>> On Mon, Apr 27, 2026 at 01:23:27AM -0400, Benjamin Marzinski wrote:
> >>>> On Fri, Apr 10, 2026 at 06:40:30AM -0700, Linlin Zhang wrote:
> >>>>> From: Eric Biggers <ebiggers@google.com>
> >>>>> + /*
> >>>>> + * Since we've added an encryption context to the bio and
> >>>>> + * blk-crypto-fallback may be needed to process it, it's necessary to
> >>>>> + * use the fallback-aware bio submission code rather than
> >>>>> + * unconditionally returning DM_MAPIO_REMAPPED.
> >>>>> + *
> >>>>> + * To get the correct accounting for a dm target in the case where
> >>>>> + * __blk_crypto_submit_bio() doesn't take ownership of the bio (returns
> >>>>> + * true), call __blk_crypto_submit_bio() directly and return
> >>>>> + * DM_MAPIO_REMAPPED in that case, rather than relying on
> >>>>> + * blk_crypto_submit_bio() which calls submit_bio() in that case.
> >>>>> + */
> >>>>> + if (__blk_crypto_submit_bio(bio))
> >>>>
> >>>> This will still double account for fallback writes (which call
> >>>> submit_bio() on the encrypted bios, and return DM_MAPIO_SUBMITTED here).
> >>>
> >>> Just to clarify, I'm talking about the vmstats accounting. The IO
> >>> originally gets accounted by submit_bio() when the bio is submitted to
> >>> the dm device. For actual inline encryption and fallback reads, dm will
> >>> submit the bio to the underlying device using submit_bio_noacct() to
> >>> avoid double-counting the IO.
> >>>
> >>> For fallback writes, __blk_crypto_submit_bio() will submit the encrypted
> >>> bios to the underlying device with submit_bio(). This adds the IO
> >>> sectors again, even though it's the same IO, only encrypted now.
> >>
> >>
> >> Right, thanks for calling this out.
> >>
> >> For fallback writes, the IO is still double-counted. Given that this only
> >> affects IO accounting in the blk-crypto fallback write slow-path and not
> >> correctness, I think this is an acceptable tradeoff, and we can leave a
> >> TODO to revisit the accounting once a better solution exists.
> >>
> >> Add the bellow to the annotate.
> >>
> >> /*
> >> * TODO: blk-crypto fallback write slow-path currently double-accounts
> >> * IO in vmstat, as encrypted bios are submitted via submit_bio().
> >> * This does not affect data correctness. Consider fixing this if
> >> * a cleaner accounting model for derived bios is introduced.
> >> */
> >>
> >> Do you agree?
> >
> > You could add an extra argument, for instance "bool need_acct", to
> > __blk_crypto_submit_bio(), and plumb it through to
> > __blk_crypto_fallback_encrypt_bio(), where it could be used to choose
> > between calling submit_bio() and and submit_bio_noacct().
> >
> > We could even add a flag to cloned bios for stacked devices, that could
> > be checked in submit_bio(), so we didn't need to have
> > submit_bio_noacct(). But this is a pretty niche case with other
> > solutions, so I'm not sure if it warrants adding more checks to
> > submit_bio().
> >
> > I do agree that people probably aren't using dm-inlinecrypt for devices
> > where they don't actually have inline encryption capabilities, so it's
> > not a major issue. What to you think, Mikulas?
>
> Thanks for the suggestions.
>
> Adding a bool need_acct parameter to __blk_crypto_submit_bio() would require
> updating all existing callers, which feels rather intrusive given that the
> accounting issue only affects the blk‑crypto fallback write slow‑path. I’m a
> bit concerned that this would broaden the scope of the change more than
> necessary for the problem at hand.
I get your concern, and I'd like a second opinion on how much we should
care about this, but it doesn't look like there are many other callers
that would be effected here. The only existing caller of
__blk_crypto_submit_bio() is blk_crypto_submit_bio(), which would just
call it with "need_acct=true". Looking at the code path below
__blk_crypto_submit_bio() that would need to change for submitting the
bios:
__blk_crypto_submit_bio() is the only caller of
blk_crypto_fallback_bio_prep()
blk_crypto_fallback_bio_prep() is the only caller of
blk_crypto_fallback_encrypt_bio().
blk_crypto_fallback_encrypt_bio() is the only caller of
__blk_crypto_fallback_encrypt_bio(), which is the function that would
need to choose between submit_bio() and submit_bio_noacct().
Doing this would change the crypto API (by necessity, since we're adding
a new argument to __blk_crypto_submit_bio() for stacking devices to
use), and it is adds a extra argument to a number of functions, just to
handle this corner case. But it is still a relatively contained change.
-Ben
next prev parent reply other threads:[~2026-04-29 15:25 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 13:40 [PATCH v2 0/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-04-10 13:40 ` [PATCH v2 1/3] block: export blk-crypto symbols required by dm-inlinecrypt Linlin Zhang
2026-04-10 13:40 ` [PATCH v2 2/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-04-27 1:19 ` Benjamin Marzinski
2026-04-27 12:20 ` Linlin Zhang
2026-04-28 10:43 ` Linlin Zhang
2026-04-28 16:20 ` Benjamin Marzinski
2026-04-29 12:16 ` Linlin Zhang
2026-04-27 5:23 ` Benjamin Marzinski
2026-04-27 23:21 ` Benjamin Marzinski
2026-04-28 9:20 ` Linlin Zhang
2026-04-28 16:36 ` Benjamin Marzinski
2026-04-29 12:34 ` Linlin Zhang
2026-04-29 15:25 ` Benjamin Marzinski [this message]
2026-04-29 15:58 ` Benjamin Marzinski
2026-04-10 13:40 ` [PATCH v2 3/3] dm: add documentation for dm-inlinecrypt target Linlin Zhang
2026-04-10 17:07 ` Milan Broz
2026-04-24 13:53 ` Linlin Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afIizQA9kVR_u_2j@redhat.com \
--to=bmarzins@redhat.com \
--cc=adrianvovk@gmail.com \
--cc=axboe@kernel.dk \
--cc=dm-devel@lists.linux.dev \
--cc=ebiggers@kernel.org \
--cc=gmazyland@gmail.com \
--cc=hch@infradead.org \
--cc=israelr@nvidia.com \
--cc=linlin.zhang@oss.qualcomm.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=quic_mdalam@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox