From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Satya Tangirala <satyat@google.com>,
Christoph Hellwig <hch@infradead.org>,
linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption
Date: Mon, 27 Apr 2020 22:19:56 -0700 [thread overview]
Message-ID: <20200428051956.GB24105@infradead.org> (raw)
In-Reply-To: <20200428025708.GB251491@gmail.com>
On Mon, Apr 27, 2020 at 07:57:08PM -0700, Eric Biggers wrote:
> Or maybe 'struct blk_ksm_keyslot' should contain a pointer to the
> 'struct blk_crypto_key' rather than a copy of it? If we did that, then:
>
> - Each duplicate blk_crypto_key would use its own keyslot and not interfere with
> any others.
>
> - blk_crypto_evict_key() would be *required* to be called.
>
> - It would be a kernel bug if blk_crypto_evict_key() were called with any
> pending I/O, so WARN_ON_ONCE() would be the right thing to do.
>
> - The hash function used to find a key's keyslot would be
> hash_ptr(blk_crypto_key, ksm->log_slot_hashtable_size) instead of
> SipHash(key=perboot_key, data=raw_key).
>
> I might be forgetting something; was there a reason we didn't do that?
> It wouldn't be as robust against users forgetting to call
> blk_crypto_evict_key(), but that would be a bug anyway.
The above sounds pretty sensible to me (but I'm everything but an expert
in the area).
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-block@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Satya Tangirala <satyat@google.com>,
Christoph Hellwig <hch@infradead.org>,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption
Date: Mon, 27 Apr 2020 22:19:56 -0700 [thread overview]
Message-ID: <20200428051956.GB24105@infradead.org> (raw)
In-Reply-To: <20200428025708.GB251491@gmail.com>
On Mon, Apr 27, 2020 at 07:57:08PM -0700, Eric Biggers wrote:
> Or maybe 'struct blk_ksm_keyslot' should contain a pointer to the
> 'struct blk_crypto_key' rather than a copy of it? If we did that, then:
>
> - Each duplicate blk_crypto_key would use its own keyslot and not interfere with
> any others.
>
> - blk_crypto_evict_key() would be *required* to be called.
>
> - It would be a kernel bug if blk_crypto_evict_key() were called with any
> pending I/O, so WARN_ON_ONCE() would be the right thing to do.
>
> - The hash function used to find a key's keyslot would be
> hash_ptr(blk_crypto_key, ksm->log_slot_hashtable_size) instead of
> SipHash(key=perboot_key, data=raw_key).
>
> I might be forgetting something; was there a reason we didn't do that?
> It wouldn't be as robust against users forgetting to call
> blk_crypto_evict_key(), but that would be a bug anyway.
The above sounds pretty sensible to me (but I'm everything but an expert
in the area).
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-04-28 5:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 3:56 [PATCH v10 00/12] Inline Encryption Support Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 01/12] Documentation: Document the blk-crypto framework Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:22 ` Christoph Hellwig
2020-04-22 9:22 ` [f2fs-dev] " Christoph Hellwig
2020-04-28 2:14 ` Satya Tangirala
2020-04-28 2:14 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-28 2:46 ` Eric Biggers
2020-04-28 2:46 ` [f2fs-dev] " Eric Biggers
2020-04-28 2:57 ` Eric Biggers
2020-04-28 2:57 ` [f2fs-dev] " Eric Biggers
2020-04-28 5:19 ` Christoph Hellwig [this message]
2020-04-28 5:19 ` Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 03/12] block: Inline encryption support for blk-mq Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:35 ` Christoph Hellwig
2020-04-22 9:35 ` [f2fs-dev] " Christoph Hellwig
2020-04-28 2:54 ` Satya Tangirala
2020-04-28 2:54 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-28 5:21 ` Christoph Hellwig
2020-04-28 5:21 ` [f2fs-dev] " Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-22 9:37 ` Christoph Hellwig
2020-04-22 9:37 ` [f2fs-dev] " Christoph Hellwig
2020-04-08 3:56 ` [PATCH v10 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 07/12] scsi: ufs: UFS crypto API Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 10/12] fscrypt: add inline encryption support Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 11/12] f2fs: " Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 3:56 ` [PATCH v10 12/12] ext4: " Satya Tangirala
2020-04-08 3:56 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-04-08 4:18 ` [PATCH v10 00/12] Inline Encryption Support Eric Biggers
2020-04-08 4:18 ` [f2fs-dev] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428051956.GB24105@infradead.org \
--to=hch@infradead.org \
--cc=bmuthuku@qti.qualcomm.com \
--cc=boojin.kim@samsung.com \
--cc=ebiggers@kernel.org \
--cc=kuohong.wang@mediatek.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.