All of lore.kernel.org
 help / color / mirror / Atom feed
From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>,
	Satya Tangirala <satyat@google.com>, Jens Axboe <axboe@kernel.dk>,
	linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-ext4@vger.kernel.org,
	Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
	Kuohong Wang <kuohong.wang@mediatek.com>,
	Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v13 00/12] Inline Encryption Support
Date: Mon, 18 May 2020 09:50:44 -0700	[thread overview]
Message-ID: <20200518165044.GA23230@infradead.org> (raw)
In-Reply-To: <20200515170059.GA1009@sol.localdomain>

On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote:
> The fallback is actually really useful.  First, for testing: it allows all the
> filesystem code that uses inline crypto to be tested using gce-xfstests and
> kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing
> and it's much easier to develop patches for.  It also allowed us to enable the
> inlinecrypt mount option in Cuttlefish, which is the virtual Android device used
> to test the Android common kernels.  So, it gets the kernel test platform as
> similar to a real Android device as possible.
> 
> Ideally we'd implement virtualized inline encryption as you suggested.  But
> these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types
> (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline
> encryption standard defined yet).  So it's not currently feasible.

Not that you don't need to implement it in the hypervisor.  You can
also trivially wire up for things like null_blk.

> Second, it creates a clean design where users can just use blk-crypto, and not
> have to implement a second encryption implementation.

And I very much disagree about that being a clean implementation.  It is
fine if the user doesn't care, but you should catch this before hitting
the block stack and do the encryption there without hardware blk-crypt
support.

WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>,
	linux-block@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>,
	Kuohong Wang <kuohong.wang@mediatek.com>,
	Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
	Satya Tangirala <satyat@google.com>,
	Christoph Hellwig <hch@infradead.org>,
	linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v13 00/12] Inline Encryption Support
Date: Mon, 18 May 2020 09:50:44 -0700	[thread overview]
Message-ID: <20200518165044.GA23230@infradead.org> (raw)
In-Reply-To: <20200515170059.GA1009@sol.localdomain>

On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote:
> The fallback is actually really useful.  First, for testing: it allows all the
> filesystem code that uses inline crypto to be tested using gce-xfstests and
> kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing
> and it's much easier to develop patches for.  It also allowed us to enable the
> inlinecrypt mount option in Cuttlefish, which is the virtual Android device used
> to test the Android common kernels.  So, it gets the kernel test platform as
> similar to a real Android device as possible.
> 
> Ideally we'd implement virtualized inline encryption as you suggested.  But
> these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types
> (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline
> encryption standard defined yet).  So it's not currently feasible.

Not that you don't need to implement it in the hypervisor.  You can
also trivially wire up for things like null_blk.

> Second, it creates a clean design where users can just use blk-crypto, and not
> have to implement a second encryption implementation.

And I very much disagree about that being a clean implementation.  It is
fine if the user doesn't care, but you should catch this before hitting
the block stack and do the encryption there without hardware blk-crypt
support.


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

  reply	other threads:[~2020-05-18 16:50 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-14  0:37 [PATCH v13 00/12] Inline Encryption Support Satya Tangirala
2020-05-14  0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 01/12] Documentation: Document the blk-crypto framework Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 03/12] block: Inline encryption support for blk-mq Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-15  3:55   ` Stanley Chu
2020-05-15  3:55     ` [f2fs-dev] " Stanley Chu
2020-05-14  0:37 ` [PATCH v13 07/12] scsi: ufs: UFS crypto API Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-15  6:35   ` Stanley Chu
2020-05-15  6:35     ` [f2fs-dev] " Stanley Chu
2020-05-14  0:37 ` [PATCH v13 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  5:12   ` Eric Biggers
2020-05-14  5:12     ` [f2fs-dev] " Eric Biggers
2020-05-15  7:37   ` Stanley Chu
2020-05-15  7:37     ` [f2fs-dev] " Stanley Chu
2020-05-14  0:37 ` [PATCH v13 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 10/12] fscrypt: add inline encryption support Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-28 21:54   ` Eric Biggers
2020-05-28 21:54     ` [f2fs-dev] " Eric Biggers
2020-06-03  2:07   ` Eric Biggers
2020-06-03  2:07     ` [f2fs-dev] " Eric Biggers
2020-05-14  0:37 ` [PATCH v13 11/12] f2fs: " Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  0:37 ` [PATCH v13 12/12] ext4: " Satya Tangirala
2020-05-14  0:37   ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-14  5:10 ` [PATCH v13 00/12] Inline Encryption Support Eric Biggers
2020-05-14  5:10   ` [f2fs-dev] " Eric Biggers
2020-05-14 15:48   ` Jens Axboe
2020-05-14 15:48     ` [f2fs-dev] " Jens Axboe
2020-05-15  7:41     ` Christoph Hellwig
2020-05-15  7:41       ` [f2fs-dev] " Christoph Hellwig
2020-05-15 12:25       ` Satya Tangirala
2020-05-15 12:25         ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-05-15 14:42         ` Christoph Hellwig
2020-05-15 14:42           ` [f2fs-dev] " Christoph Hellwig
2020-05-15 17:00           ` Eric Biggers
2020-05-15 17:00             ` [f2fs-dev] " Eric Biggers
2020-05-18 16:50             ` Christoph Hellwig [this message]
2020-05-18 16:50               ` Christoph Hellwig
2020-05-15  1:04   ` Martin K. Petersen
2020-05-15  1:04     ` [f2fs-dev] " Martin K. Petersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200518165044.GA23230@infradead.org \
    --to=hch@infradead.org \
    --cc=axboe@kernel.dk \
    --cc=bmuthuku@qti.qualcomm.com \
    --cc=boojin.kim@samsung.com \
    --cc=ebiggers@kernel.org \
    --cc=kuohong.wang@mediatek.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=satyat@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.