From mboxrd@z Thu Jan 1 00:00:00 1970 From: Geert Uytterhoeven Subject: DM_INTEGRITY Kconfig help (was: Re: dm: add integrity target) Date: Thu, 4 May 2017 08:03:19 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Sender: linux-kernel-owner@vger.kernel.org To: Mikulas Patocka , Milan Broz , Mike Snitzer Cc: Linux Kernel Mailing List , linux-raid@vger.kernel.org List-Id: linux-raid.ids On Wed, May 3, 2017 at 7:43 PM, Linux Kernel Mailing List wrote: > Web: https://git.kernel.org/torvalds/c/7eada909bfd7ac90a4522e56aa3179d1fd68cd14 > Commit: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 > Parent: 400a0befc96240f7bb2a53b9622deffd55d385fe > Refname: refs/heads/master > Author: Mikulas Patocka > AuthorDate: Wed Jan 4 20:23:53 2017 +0100 > Committer: Mike Snitzer > CommitDate: Fri Mar 24 15:49:07 2017 -0400 > > dm: add integrity target > > The dm-integrity target emulates a block device that has additional > per-sector tags that can be used for storing integrity information. > > A general problem with storing integrity tags with every sector is that > writing the sector and the integrity tag must be atomic - i.e. in case of > crash, either both sector and integrity tag or none of them is written. > > To guarantee write atomicity the dm-integrity target uses a journal. It > writes sector data and integrity tags into a journal, commits the journal > and then copies the data and integrity tags to their respective location. > > The dm-integrity target can be used with the dm-crypt target - in this > situation the dm-crypt target creates the integrity data and passes them > to the dm-integrity target via bio_integrity_payload attached to the bio. > In this mode, the dm-crypt and dm-integrity targets provide authenticated > disk encryption - if the attacker modifies the encrypted device, an I/O > error is returned instead of random data. > > The dm-integrity target can also be used as a standalone target, in this > mode it calculates and verifies the integrity tag internally. In this > mode, the dm-integrity target can be used to detect silent data > corruption on the disk or in the I/O path. > > Signed-off-by: Mikulas Patocka > Signed-off-by: Milan Broz > Signed-off-by: Mike Snitzer > --- a/drivers/md/Kconfig > +++ b/drivers/md/Kconfig > @@ -500,4 +500,14 @@ config DM_LOG_WRITES > > If unsure, say N. > > +config DM_INTEGRITY > + tristate "Integrity target" > + depends on BLK_DEV_DM > + select BLK_DEV_INTEGRITY > + select DM_BUFIO > + select CRYPTO > + select ASYNC_XOR > + ---help--- > + This is the integrity target. Which is...? Can you please extend the help message for the uneducated? Thanks! Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds