From: Baolin Wang <baolin.wang@linaro.org>
To: Milan Broz <gmazyland@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>, Alasdair G Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@redhat.com>,
dm-devel@redhat.com, neilb@suse.com, dan.j.williams@intel.com,
martin.petersen@oracle.com, sagig@mellanox.com,
Kent Overstreet <kent.overstreet@gmail.com>,
keith.busch@intel.com, tj@kernel.org,
Mark Brown <broonie@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
linux-block@vger.kernel.org, linux-raid@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency
Date: Mon, 4 Jan 2016 14:58:35 +0800 [thread overview]
Message-ID: <CAMz4kuK__1tKf=+gP2zELzFFur45eqTL78v6oTdYgYTzCvTsNw@mail.gmail.com> (raw)
In-Reply-To: <56885330.9080801@gmail.com>
Hi Milan,
On 3 January 2016 at 06:46, Milan Broz <gmazyland@gmail.com> wrote:
>
> Sorry for delay, I tried to compile it.
> It doesn't crash now, but it also does not work.
>
> You usage of IV in XTS mode is not correct - it cannot just work this way,
> you have to initialize IV after each block. And just one write not aligned
> to your large XTS block will corrupt it.
>
> Did you tried to _read_ data you write to the device?
>
> See this test :
>
> # create device with your patch
> $ echo "test"|cryptsetup create -s 512 -c aes-xts-bulk tst /dev/sdg
>
> # prepare random test file
> $ dd if=/dev/urandom of=/src.img bs=1M count=16
>
> # now copy the file to the plaintext device and drop caches
> $ dd if=/src.img of=/dev/mapper/tst bs=1M count=16
>
> $ echo 3 > /proc/sys/vm/drop_caches
>
> # and verify that we are (not) reading the same data ...
>
> $ dd if=/dev/mapper/tst of=/dst1.img bs=1M count=16
>
> $ sha256sum /src.img /dst1.img
> 5401119fa9975bbeebac58e0b2598bc87247a29e62417f9f58fe200b531602ad /src.img
> e9bf5efa95031fdb5adf618db141f48ed23f71b12c017b8a0cbe0a694f18b979 /dst1.img
>
> (I think only first page-sized block is correct, because without direct-io
> it writes in page-sized IOs.)
>
>
> ... or just try to mkfs and mount it
> $ mkfs -t ext4 /dev/mapper/tst
>
> mke2fs 1.42.13 (17-May-2015)
> Creating filesystem with 262144 4k blocks and 65536 inodes
> ...
>
> $ mount /dev/mapper/tst /mnt/tst
> mount: wrong fs type, bad option, bad superblock on /dev/mapper/tst,
> missing codepage or helper program, or other error
>
>
> You approach simply does not work. (It will probably work for ECB mode but it is
> unusable in real world.)
>
>
> Anyway, I think that you should optimize driver, not add strange hw-dependent
> crypto modes to dmcrypt. This is not the first crypto accelerator that is just not
> suited for this kind of use.
Very grateful for your feedback. I'm sorry I didn't check much data
correctness, mostly focus on the encryption speed. It looks like there
are something wrong when I follow your test procedure. I will optimize
the driver and need to be known much about XTS mode to check why it
can not work. Thanks.
>
> (If it can process batch of chunks of data each with own IV, then it can work
> with dmcrypt, but I think such optimized code should be inside crypto API,
> not in dmcrypt.)
>
> Milan
--
Baolin.wang
Best Regards
next prev parent reply other threads:[~2016-01-04 6:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-16 3:18 [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency Baolin Wang
2015-12-16 3:18 ` Baolin Wang
2015-12-16 3:18 ` [PATCH v2 1/2] block: Export the __blk_bios_map_sg() to map one bio Baolin Wang
2015-12-16 3:18 ` [PATCH v2 2/2] md: dm-crypt: Introduce the bulk IV mode for bulk crypto Baolin Wang
2015-12-16 8:08 ` [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency Milan Broz
2015-12-16 8:31 ` Baolin Wang
2015-12-17 7:37 ` Baolin Wang
2016-01-02 22:46 ` Milan Broz
2016-01-04 6:58 ` Baolin Wang [this message]
2016-01-04 20:13 ` Mark Brown
2016-01-06 6:49 ` Baolin Wang
2016-01-12 23:31 ` [dm-devel] " Mikulas Patocka
2016-01-12 23:38 ` Arnd Bergmann
2016-01-13 2:18 ` Mikulas Patocka
2016-01-13 10:17 ` Arnd Bergmann
2016-01-13 15:00 ` Mikulas Patocka
2016-01-13 7:01 ` Milan Broz
2016-01-12 23:40 ` Mark Brown
2016-01-13 2:13 ` Mikulas Patocka
2016-01-14 11:35 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMz4kuK__1tKf=+gP2zELzFFur45eqTL78v6oTdYgYTzCvTsNw@mail.gmail.com' \
--to=baolin.wang@linaro.org \
--cc=agk@redhat.com \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=broonie@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=keith.busch@intel.com \
--cc=kent.overstreet@gmail.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=neilb@suse.com \
--cc=sagig@mellanox.com \
--cc=snitzer@redhat.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.