cryptsetup.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* dm-verity design question
@ 2022-04-12  9:38 Jasper Surmont
  2022-04-12  9:47 ` Milan Broz
  0 siblings, 1 reply; 2+ messages in thread
From: Jasper Surmont @ 2022-04-12  9:38 UTC (permalink / raw)
  To: cryptsetup

Hey,

After going through the dm-verity source code for a while I think I
kind of figured out the general design; on a read:
1. Multiple possible problems get checked like alignment, out of range
etc. Also variables get set based on the request
2. The request is prefetched to the cache
3. The actual integrity check is done when the bio ends (bi_end_io
points to verity_end_io which submits the work to verify digest etc

If this is correct, I have 2 questions:
1. What is the main benefit of prefetching here? We know the remapped
request is going to be executed very soon, so I don't really see why
we prefetch.
2. In verity_end_io(...), we only submit the work to verify the digest
if FEC is enabled. Why? Can't we check integrity without using FEC?

I hope my questions are clear.

Thanks a lot!

Sincerely, Jasper Surmont

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: dm-verity design question
  2022-04-12  9:38 dm-verity design question Jasper Surmont
@ 2022-04-12  9:47 ` Milan Broz
  0 siblings, 0 replies; 2+ messages in thread
From: Milan Broz @ 2022-04-12  9:47 UTC (permalink / raw)
  To: cryptsetup

Hi Jasper,

if it is question about kernel code, the best is to ask on dm-devel@redhat.com list
(you can cc cryptsetup list too).

Not all device-mapper kernel developers are here (dm-devel is official list
for kernel device-mapper subsystem; this one mainly for userspace cryptsetup tools).

Milan


On 12/04/2022 11:38, Jasper Surmont wrote:
> Hey,
> 
> After going through the dm-verity source code for a while I think I
> kind of figured out the general design; on a read:
> 1. Multiple possible problems get checked like alignment, out of range
> etc. Also variables get set based on the request
> 2. The request is prefetched to the cache
> 3. The actual integrity check is done when the bio ends (bi_end_io
> points to verity_end_io which submits the work to verify digest etc
> 
> If this is correct, I have 2 questions:
> 1. What is the main benefit of prefetching here? We know the remapped
> request is going to be executed very soon, so I don't really see why
> we prefetch.
> 2. In verity_end_io(...), we only submit the work to verify the digest
> if FEC is enabled. Why? Can't we check integrity without using FEC?
> 
> I hope my questions are clear.
> 
> Thanks a lot!
> 
> Sincerely, Jasper Surmont
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-04-12  9:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-12  9:38 dm-verity design question Jasper Surmont
2022-04-12  9:47 ` Milan Broz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).