From: Christoph Hellwig <firstname.lastname@example.org>
To: Eric Biggers <email@example.com>
Cc: Max Gurtovoy <firstname.lastname@example.org>,
Israel Rukshin <email@example.com>,
Christoph Hellwig <firstname.lastname@example.org>,
dm-devel <email@example.com>, Nitzan Carmi <firstname.lastname@example.org>,
Milan Broz <email@example.com>
Subject: Re: [dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt
Date: Tue, 18 Jan 2022 21:15:13 -0800 [thread overview]
Message-ID: <YeeeYYm54aqsR6U6@infradead.org> (raw)
On Tue, Jan 18, 2022 at 12:27:33PM -0800, Eric Biggers wrote:
> * The block device for a partition doesn't have its own request_queue or
> queue_limits; those are properties of the disk, not the partition. But,
> setting an encryption key may require changes to the queue_limits. For
> example, discard_zeroes_data will no longer work, and the logical_block_size
> will need to become the crypto data unit size which may be larger than the
> original logical_block_size.
If we need changes to the queue limits we're doing something wrong I
think, as all these limitation only actually apply to bios that use
inline encryption and thus should be dynamic decisions.
Note that discard_zeroes_data is gone already, all zeroing must use
> * The block_device for a given partition didn't stay around while no one has it
> opened or mounted. This may have been addressed by Christoph's changes last
> year that merged block_device and hd_struct, but this used to be an issue.
Yes, this is fixed now.
> * There was some issue caused by the way the block layer maps partitions to
> disks; the knowledge of the original block device (and thus the key) was lost
> at this point. I'm not sure whether this is still an issue or not.
Also fixed by the block_device/hd_struct merged as the lookup is gone
> * A block device ioctl to set a key would need to handle cases where the block
> device is already open (fail with EBUSY?), or already has pages cached in the
> pagecache (invalidate them?). A dm target avoids these concerns since a key
> would only be set up when the disk and block device are originally created.
An ioctl is by definition perfomed on an open file handle, so it will by
definition be open. But I don't think that check really is needed to be
so strict. We can require the ioctl to be on an FMODE_EXCL file handle
which is a good sanity check and otherwise you get what you ask for.
> Finally, there's also the fact that this would really be more than "setting a
> default key". To precisely specify the encryption format, you also have to
> specify the algorithm, the key type, and the data unit size. (Also potentially
> more details about IV generation, if blk-crypto ever starts to support more IV
> generation methods, which I'd like to avoid but it might eventually happen.)
> These could all be passed in an ioctl, but dm-crypt already has a syntax defined
> for specifying encryption formats. So it could make sense to reuse it.
We could of course find a way to mostly reuse the dm-crypt text based setup
syntax even on a block device if that helps.
dm-devel mailing list
next prev parent reply other threads:[~2022-01-19 6:11 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-13 18:09 [dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt Israel Rukshin
2022-01-13 18:09 ` [dm-devel] [PATCH 1/1] dm crypt: Add inline encryption support Israel Rukshin
2022-01-14 8:06 ` Damien Le Moal
2022-01-14 8:14 ` Damien Le Moal
2022-01-16 10:29 ` Israel Rukshin
2022-01-13 21:22 ` [dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt Bart Van Assche
2022-01-14 20:51 ` Milan Broz
2022-01-14 22:27 ` Eric Biggers
2022-01-15 9:22 ` Milan Broz
2022-01-18 19:38 ` Eric Biggers
2022-01-19 5:18 ` Christoph Hellwig
2022-01-17 7:52 ` Christoph Hellwig
2022-01-17 10:50 ` Milan Broz
2022-01-17 14:00 ` Israel Rukshin
2022-01-18 16:45 ` Christoph Hellwig
2022-01-18 20:27 ` Eric Biggers
2022-01-19 5:15 ` Christoph Hellwig [this message]
2022-01-14 22:49 ` Eric Biggers
2022-01-16 10:15 ` Israel Rukshin
2022-01-18 20:02 ` Eric Biggers
2022-01-19 15:45 ` Israel Rukshin
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.