From: Satya Tangirala <satyat@google.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Kim Boojin <boojin.kim@samsung.com>,
Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption
Date: Tue, 28 Apr 2020 02:14:41 +0000 [thread overview]
Message-ID: <20200428021441.GA52406@google.com> (raw)
In-Reply-To: <20200422092250.GA12290@infradead.org>
On Wed, Apr 22, 2020 at 02:22:50AM -0700, Christoph Hellwig wrote:
> > +bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
> > + const struct blk_crypto_config *cfg)
> > +{
> > + if (!ksm)
> > + return false;
> > + return (ksm->crypto_modes_supported[cfg->crypto_mode] &
> > + cfg->data_unit_size) &&
> > + (ksm->max_dun_bytes_supported >= cfg->dun_bytes);
>
> Nit: why not expand this a bit to be more readable:
>
> if (!(ksm->crypto_modes_supported[cfg->crypto_mode] &
> cfg->data_unit_size))
> return false;
> if (ksm->max_dun_bytes_supported < cfg->dun_bytes)
> return false;
> return true;
>
> > +int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
> > + const struct blk_crypto_key *key)
> > +{
> > + struct blk_ksm_keyslot *slot;
> > + int err = 0;
> > +
> > + blk_ksm_hw_enter(ksm);
> > + slot = blk_ksm_find_keyslot(ksm, key);
> > + if (!slot)
> > + goto out_unlock;
> > +
> > + if (atomic_read(&slot->slot_refs) != 0) {
> > + err = -EBUSY;
> > + goto out_unlock;
> > + }
>
> This check looks racy.
Yes, this could in theory race with blk_ksm_put_slot (e.g. if it's
called while there's still IO in flight/IO that just finished) - But
it's currently only called by fscrypt when a key is being destroyed,
which only happens after all the inodes using that key are evicted, and
no data is in flight, so when this function is called, slot->slot_refs
will be 0. In particular, this function should only be called when the
key isn't being used for IO anymore. I'll add a WARN_ON_ONCE and also
make the assumption clearer. We could also instead make this wait for
the slot_refs to become 0 and then evict the key instead of just
returning -EBUSY as it does now, but I'm not sure if it's really what
we want to do/worth doing right now...
WARNING: multiple messages have this Message-ID (diff)
From: Satya Tangirala via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Eric Biggers <ebiggers@google.com>,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption
Date: Tue, 28 Apr 2020 02:14:41 +0000 [thread overview]
Message-ID: <20200428021441.GA52406@google.com> (raw)
In-Reply-To: <20200422092250.GA12290@infradead.org>
On Wed, Apr 22, 2020 at 02:22:50AM -0700, Christoph Hellwig wrote:
> > +bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
> > + const struct blk_crypto_config *cfg)
> > +{
> > + if (!ksm)
> > + return false;
> > + return (ksm->crypto_modes_supported[cfg->crypto_mode] &
> > + cfg->data_unit_size) &&
> > + (ksm->max_dun_bytes_supported >= cfg->dun_bytes);
>
> Nit: why not expand this a bit to be more readable:
>
> if (!(ksm->crypto_modes_supported[cfg->crypto_mode] &
> cfg->data_unit_size))
> return false;
> if (ksm->max_dun_bytes_supported < cfg->dun_bytes)
> return false;
> return true;
>
> > +int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
> > + const struct blk_crypto_key *key)
> > +{
> > + struct blk_ksm_keyslot *slot;
> > + int err = 0;
> > +
> > + blk_ksm_hw_enter(ksm);
> > + slot = blk_ksm_find_keyslot(ksm, key);
> > + if (!slot)
> > + goto out_unlock;
> > +
> > + if (atomic_read(&slot->slot_refs) != 0) {
> > + err = -EBUSY;
> > + goto out_unlock;
> > + }
>
> This check looks racy.
Yes, this could in theory race with blk_ksm_put_slot (e.g. if it's
called while there's still IO in flight/IO that just finished) - But
it's currently only called by fscrypt when a key is being destroyed,
which only happens after all the inodes using that key are evicted, and
no data is in flight, so when this function is called, slot->slot_refs
will be 0. In particular, this function should only be called when the
key isn't being used for IO anymore. I'll add a WARN_ON_ONCE and also
make the assumption clearer. We could also instead make this wait for
the slot_refs to become 0 and then evict the key instead of just
returning -EBUSY as it does now, but I'm not sure if it's really what
we want to do/worth doing right now...
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-04-28 2:14 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 3:56 [PATCH v10 00/12] Inline Encryption Support Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 01/12] Documentation: Document the blk-crypto framework Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:22 ` Christoph Hellwig
2020-04-22 9:22 ` [f2fs-dev] " Christoph Hellwig
2020-04-28 2:14 ` Satya Tangirala [this message]
2020-04-28 2:14 ` Satya Tangirala via Linux-f2fs-devel
2020-04-28 2:46 ` Eric Biggers
2020-04-28 2:46 ` [f2fs-dev] " Eric Biggers
2020-04-28 2:57 ` Eric Biggers
2020-04-28 2:57 ` [f2fs-dev] " Eric Biggers
2020-04-28 5:19 ` Christoph Hellwig
2020-04-28 5:19 ` [f2fs-dev] " Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 03/12] block: Inline encryption support for blk-mq Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:35 ` Christoph Hellwig
2020-04-22 9:35 ` [f2fs-dev] " Christoph Hellwig
2020-04-28 2:54 ` Satya Tangirala
2020-04-28 2:54 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-28 5:21 ` Christoph Hellwig
2020-04-28 5:21 ` [f2fs-dev] " Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:37 ` Christoph Hellwig
2020-04-22 9:37 ` [f2fs-dev] " Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 07/12] scsi: ufs: UFS crypto API Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 10/12] fscrypt: add inline encryption support Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 11/12] f2fs: " Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 12/12] ext4: " Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 4:18 ` [PATCH v10 00/12] Inline Encryption Support Eric Biggers
2020-04-08 4:18 ` [f2fs-dev] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428021441.GA52406@google.com \
--to=satyat@google.com \
--cc=bmuthuku@qti.qualcomm.com \
--cc=boojin.kim@samsung.com \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=kuohong.wang@mediatek.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.