linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Milan Broz <gmazyland@gmail.com>
To: Christoph Hellwig <hch@lst.de>, Jens Axboe <axboe@kernel.dk>
Cc: Hillf Danton <hdanton@sina.com>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Pavel Tatashin <pasha.tatashin@soleen.com>,
	"Reviewed-by : Tyler Hicks" <tyhicks@linux.microsoft.com>,
	linux-block@vger.kernel.org
Subject: Re: [PATCH 5/8] loop: merge the cryptoloop module into the main loop module
Date: Thu, 26 Aug 2021 18:31:50 +0200	[thread overview]
Message-ID: <977860f6-efc4-a55e-50e3-c5204fc762c5@gmail.com> (raw)
In-Reply-To: <20210826133810.3700-6-hch@lst.de>

On 26/08/2021 15:38, Christoph Hellwig wrote:
> No need to keep a separate loadable module infrastructure for a tiny
> amount of cryptoapi glue, especially as unloading of the cryptoloop
> module leads to nasty interactions with the loop device state machine
> through loop_unregister_transfer.
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>

Hi Christoph,

the cryptoloop is insecure, most of the encryption modes are deprecated
(and known to be problematic); util-linux no longer support cryptoloop
options in losetup.

Isn't the better way to go just to remove cryptoloop completely?

(I tried this years ago, because dm-crypt can actually implement all,
even insecure, options, see https://lkml.org/lkml/2012/11/2/162 )

I know that loopAES still use this interface, but it implements
own modes anyway, replacing kernel code.

I really think that the best option here is just to kill this mess :-)
(Or implement sector-level crypto properly in loop.)

Just my 2 eorocents... :)

Milan

  reply	other threads:[~2021-08-26 16:31 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-26 13:38 sort out the lock order in the loop driver v2 Christoph Hellwig
2021-08-26 13:38 ` [PATCH 1/8] cryptoloop: fix a sparse annotation Christoph Hellwig
2021-08-26 13:38 ` [PATCH 2/8] loop: remove the unused idx argument to loop_control_get_free Christoph Hellwig
2021-08-26 13:38 ` [PATCH 3/8] loop: remove the ->ioctl method in loop_func_table Christoph Hellwig
2021-08-26 13:38 ` [PATCH 4/8] loop: return void from the ->release " Christoph Hellwig
2021-08-26 13:38 ` [PATCH 5/8] loop: merge the cryptoloop module into the main loop module Christoph Hellwig
2021-08-26 16:31   ` Milan Broz [this message]
2021-08-26 16:34     ` Christoph Hellwig
2021-08-26 16:44       ` Milan Broz
2021-08-27  6:45         ` Christoph Hellwig
2021-08-27 11:33           ` Tetsuo Handa
2021-08-27 15:38             ` Christoph Hellwig
2021-08-26 13:38 ` [PATCH 6/8] loop: devirtualize transfer transformations Christoph Hellwig
2021-08-26 13:38 ` [PATCH 7/8] loop: move loop device deletion out of loop_ctl_mutex Christoph Hellwig
2021-08-26 13:38 ` [PATCH 8/8] loop: avoid holding loop_ctl_mutex over add_disk Christoph Hellwig
2021-08-27  0:30 ` sort out the lock order in the loop driver v2 Tetsuo Handa
2021-08-27  6:40   ` Christoph Hellwig
2021-08-27  7:46     ` Tetsuo Handa
2021-08-27 15:34       ` Christoph Hellwig
     [not found] ` <20210827130259.2622-1-hdanton@sina.com>
2021-08-27 14:10   ` Tetsuo Handa
     [not found]   ` <20210828035114.2762-1-hdanton@sina.com>
2021-08-28  5:17     ` Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=977860f6-efc4-a55e-50e3-c5204fc762c5@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=hch@lst.de \
    --cc=hdanton@sina.com \
    --cc=linux-block@vger.kernel.org \
    --cc=pasha.tatashin@soleen.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=tyhicks@linux.microsoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).