[dm-crypt] luks2 and discard/trim not working

[dm-crypt] luks2 and discard/trim not working

[Nikolay Kichukov]

Hello folks,

Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that fstrim
does not work. Surely it was running fine with LUKS1.

Here are some more details:

GNU/Gentoo Linux
kernel: 5.5.13-gentoo-x86_64
sys-fs/cryptsetup-2.2.2

NVME supports discard and fstrim on filesystem on nvme0n1p2(without
LUKS2 encyption) works fine:

NAME         DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO
nvme0n1             0      512B       2T         0
├─nvme0n1p1         0      512B       2T         0
├─nvme0n1p2         0      512B       2T         0
└─nvme0n1p3         0      512B       2T         0
  └─root_dif        0        0B       0B         0
    └─root          0        0B       0B         0

dmsetup table /dev/mapper/root | grep allow
0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random
:32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0 254:0 0
2 allow_discards integrity:28:aead

cryptsetup status root
/dev/mapper/root is active and is in use.
  type:    LUKS2
  cipher:  chacha20-random
  keysize: 256 bits
  key location: keyring
  integrity: poly1305
  device:  /dev/nvme0n1p3
  sector size:  512
  offset:  0 sectors
  size:    947028136 sectors
  mode:    read/write
  flags:   discards 

However:
fstrim -v /
fstrim: /: the discard operation is not supported

Any ideas?

Thanks,
-Nikolay

Re: [dm-crypt] luks2 and discard/trim not working

[Chris Murphy]

On Sat, May 9, 2020 at 8:28 AM Nikolay Kichukov <hijacker@oldum.net> wrote:
>
> Hello folks,
>
> Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that fstrim
> does not work. Surely it was running fine with LUKS1.

...

> dmsetup table /dev/mapper/root | grep allow
> 0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random
> :32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0 254:0 0
> 2 allow_discards integrity:28:aead

Was the original luksFormat command combined with --integrity option?

From man cryptsetup: Since dm-integrity doesn't support discards
(TRIM), dm-crypt device on top of it inherits this, so integrity
protection mode doesn't support discards either.


-- 
Chris Murphy

Re: [dm-crypt] luks2 and discard/trim not working

[Nikolay Kichukov]

Hello Chris,

On Sat, 9 May 2020 09:45:13 -0600
Chris Murphy <lists@colorremedies.com> wrote:

> On Sat, May 9, 2020 at 8:28 AM Nikolay Kichukov <hijacker@oldum.net>
> wrote:
> >
> > Hello folks,
> >
> > Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that
> > fstrim does not work. Surely it was running fine with LUKS1.  
> 
> ...
> 
> > dmsetup table /dev/mapper/root | grep allow
> > 0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random
> > :32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0
> > 254:0 0 2 allow_discards integrity:28:aead  
> 
> Was the original luksFormat command combined with --integrity option?

yes

> From man cryptsetup: Since dm-integrity doesn't support discards
> (TRIM), dm-crypt device on top of it inherits this, so integrity
> protection mode doesn't support discards either.

Thanks for the direction! It seems like, this is in the pipeline for
dm-integrity, which is to arrive in version 1.6.0 in kernel 5.7:

"allow_discards
Allow block discard requests (a.k.a. TRIM) for the integrity device.
Discards are only allowed to devices using internal hash.
The default is to ignore discard requests.
Available since: 1.6.0 (kernel 5.7)"

source: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMIntegrity
 
Does mine use an internal hash?

Thanks,
-Nik

Re: [dm-crypt] luks2 and discard/trim not working

[Milan Broz]

On 09/05/2020 21:41, Nikolay Kichukov wrote:
>  
> Does mine use an internal hash?

No, internal hash is used for non-cryptographic integrity
protection (IOW when you use only integritysetup).

LUKS2 can used with authenticated encryption and here discard
will be never supported. New cryptsetup should print better error
message here though ("TRIM/discard is not supported.")

(Discarded areas means that data area is undefined and reading
must return "integrity failure". Many programs do not expect this
and will misbehave.
And introducing new state "discarded" would basically define
a new state in authenticated encryption - we will not do this
in dm-crypt.)

Authenticated encryption for LUKS2 is an experimental feature,
I hope one day we will have something better on filesystem layer.

If you use just the same encryption as in LUKS1 (length
preserving encryption without any data integrity protection),
then it behaves exactly the same - discards can be enabled.

Milan

Re: [dm-crypt] luks2 and discard/trim not working

[Chris Murphy]

On Sat, May 9, 2020 at 1:42 PM Nikolay Kichukov <hijacker@oldum.net> wrote:
>
> Hello Chris,
>
> On Sat, 9 May 2020 09:45:13 -0600
> Chris Murphy <lists@colorremedies.com> wrote:
>
> > On Sat, May 9, 2020 at 8:28 AM Nikolay Kichukov <hijacker@oldum.net>
> > wrote:
> > >
> > > Hello folks,
> > >
> > > Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that
> > > fstrim does not work. Surely it was running fine with LUKS1.
> >
> > ...
> >
> > > dmsetup table /dev/mapper/root | grep allow
> > > 0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random
> > > :32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0
> > > 254:0 0 2 allow_discards integrity:28:aead
> >
> > Was the original luksFormat command combined with --integrity option?
>
> yes
>
> > From man cryptsetup: Since dm-integrity doesn't support discards
> > (TRIM), dm-crypt device on top of it inherits this, so integrity
> > protection mode doesn't support discards either.
>
> Thanks for the direction! It seems like, this is in the pipeline for
> dm-integrity, which is to arrive in version 1.6.0 in kernel 5.7:
>
> "allow_discards
> Allow block discard requests (a.k.a. TRIM) for the integrity device.
> Discards are only allowed to devices using internal hash.
> The default is to ignore discard requests.
> Available since: 1.6.0 (kernel 5.7)"
>
> source: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMIntegrity
>
> Does mine use an internal hash?

I'm not certain, but I suspect yes. Offhand I don't see a way to have
a separate/external hash device via cryptsetup. If you setup the
integrity device separately, before using cryptsetup, it looks like
'--data-device' provides a way to have data and hashes separate.


-- 
Chris Murphy

Re: [dm-crypt] luks2 and discard/trim not working

[Nikolay Kichukov]

Thanks Milan and Chris for your responses.

I do need to make use of discards, so my next questions is, can I
remove the integrity on the existing luks2 device or does it need to be
recreated without --integrity?

Thanks,
-Nikolay

Re: [dm-crypt] luks2 and discard/trim not working

[Milan Broz]

On 09/05/2020 23:35, Nikolay Kichukov wrote:
> I do need to make use of discards, so my next questions is, can I
> remove the integrity on the existing luks2 device or does it need to be
> recreated without --integrity?

You have to recreate it.

(Without integrity you can use reencryption to change
almost any parameter, but this is an exception. There is a reason
integrity extension is experimental. Read cryptsetup man page.)

Milan

Re: [dm-crypt] luks2 and discard/trim not working

[Chris Murphy]

On Sat, May 9, 2020 at 2:11 PM Milan Broz <gmazyland@gmail.com> wrote:
>
> On 09/05/2020 21:41, Nikolay Kichukov wrote:
> >
> > Does mine use an internal hash?
>
> No, internal hash is used for non-cryptographic integrity
> protection (IOW when you use only integritysetup).

Ahh OK, nice, I had it exactly 180 degrees wrong.

> Authenticated encryption for LUKS2 is an experimental feature,
> I hope one day we will have something better on filesystem layer.

Authenticated Btrfs using hmac:sha256 checksumming is expected to be
merged pending review (in-progress). And keyed blake2 also looks
possible. No native encryption yet though, but it works fine on top of
dm-crypt.
https://lwn.net/Articles/818842/

One of many technical explanations of what is covered.
https://lore.kernel.org/linux-btrfs/SN4PR0401MB3598198E5FB728B68B39A1589BA60@SN4PR0401MB3598.namprd04.prod.outlook.com/


-- 
Chris Murphy

[dm-crypt] luks2 and discard/trim not working

[Nikolay Kichukov]

Hello folks,

Recently, I upgraded to LUKS2 on a NVME SSD disk and noticed that fstrim
does not work. Surely it was running fine with LUKS1.

Here are some more details:

GNU/Gentoo Linux
kernel: 5.5.13-gentoo-x86_64
sys-fs/cryptsetup-2.2.2

NVME supports discard and fstrim on filesystem on nvme0n1p2(without
LUKS2 encyption) works fine:

NAME         DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO
nvme0n1             0      512B       2T         0
├─nvme0n1p1         0      512B       2T         0
├─nvme0n1p2         0      512B       2T         0
└─nvme0n1p3         0      512B       2T         0
  └─root_dif        0        0B       0B         0
    └─root          0        0B       0B         0

dmsetup table /dev/mapper/root | grep allow
0 947028136 crypt capi:rfc7539(chacha20,poly1305)-random
:32:logon:cryptsetup:6ae40ec7-1b4c-40ea-871b-d13c9ae66b92-d0 0 254:0 0
2 allow_discards integrity:28:aead

cryptsetup status root
/dev/mapper/root is active and is in use.
  type:    LUKS2
  cipher:  chacha20-random
  keysize: 256 bits
  key location: keyring
  integrity: poly1305
  device:  /dev/nvme0n1p3
  sector size:  512
  offset:  0 sectors
  size:    947028136 sectors
  mode:    read/write
  flags:   discards 

However:
fstrim -v /
fstrim: /: the discard operation is not supported

Any ideas?

Thanks,
-Nikolay