From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06E1FC433FF for ; Thu, 8 Aug 2019 11:04:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DB5D421880 for ; Thu, 8 Aug 2019 11:04:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731313AbfHHLEd (ORCPT ); Thu, 8 Aug 2019 07:04:33 -0400 Received: from szxga03-in.huawei.com ([45.249.212.189]:3084 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730879AbfHHLEc (ORCPT ); Thu, 8 Aug 2019 07:04:32 -0400 Received: from DGGEMM404-HUB.china.huawei.com (unknown [172.30.72.55]) by Forcepoint Email with ESMTP id 324A1CEBB832B2F1C4B3; Thu, 8 Aug 2019 19:04:30 +0800 (CST) Received: from dggeme762-chm.china.huawei.com (10.3.19.108) by DGGEMM404-HUB.china.huawei.com (10.3.20.212) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 8 Aug 2019 19:04:29 +0800 Received: from 138 (10.175.124.28) by dggeme762-chm.china.huawei.com (10.3.19.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 8 Aug 2019 19:04:29 +0800 Date: Thu, 8 Aug 2019 19:21:39 +0800 From: Gao Xiang To: Dave Chinner CC: Eric Biggers , Goldwyn Rodrigues , "hch@lst.de" , "darrick.wong@oracle.com" , "linux-btrfs@vger.kernel.org" , "ruansy.fnst@cn.fujitsu.com" , "linux-fsdevel@vger.kernel.org" , , Subject: Re: [PATCH 10/13] iomap: use a function pointer for dio submits Message-ID: <20190808112139.GG28630@138> References: <20190802220048.16142-1-rgoldwyn@suse.de> <20190802220048.16142-11-rgoldwyn@suse.de> <20190804234321.GC7689@dread.disaster.area> <1565021323.13240.14.camel@suse.com> <20190805215458.GH7689@dread.disaster.area> <20190808042640.GA28630@138> <20190808054936.GA5319@sol.localdomain> <20190808081647.GI7689@dread.disaster.area> <20190808091632.GF28630@138> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20190808091632.GF28630@138> User-Agent: Mutt/1.11.3 (2019-02-01) X-Originating-IP: [10.175.124.28] X-ClientProxiedBy: dggeme703-chm.china.huawei.com (10.1.199.99) To dggeme762-chm.china.huawei.com (10.3.19.108) X-CFilter-Loop: Reflected Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org On Thu, Aug 08, 2019 at 05:29:47PM +0800, Gao Xiang wrote: > On Thu, Aug 08, 2019 at 06:16:47PM +1000, Dave Chinner wrote: > > On Wed, Aug 07, 2019 at 10:49:36PM -0700, Eric Biggers wrote: > > > FWIW, the only order that actually makes sense is decrypt->decompress->verity. > > > > *nod* > > > > Especially once we get the inline encryption support for fscrypt so > > the storage layer can offload the encrypt/decrypt to hardware via > > the bio containing plaintext. That pretty much forces fscrypt to be > > the lowest layer of the filesystem transformation stack. This > > hardware offload capability also places lots of limits on what you > > can do with block-based verity layers below the filesystem. e.g. > > using dm-verity when you don't know if there's hardware encryption > > below or software encryption on top becomes problematic... ...and I'm not talking of fs-verity, I personally think fs-verity is great. I am only talking about a generic stuff. In order to know which level becomes problematic, there even could be another choice "decrypt->verity1->decompress->verity2" for such requirement (assuming verity1/2 themselves are absolutely bug-free), verity1 can be a strong merkle tree and verity2 is a weak form (just like a simple Adler-32/crc32 in compressed block), thus we can locate whether it's a decrypt or decompress bug. Many compression algorithm containers already have such a weak form such as gzip algorithm, so there is no need to add such an extra step to postprocess. and I have no idea which (decrypt->verity1->decompress->verity2 or decrypt->decompress->verity) is faster since verity2 is rather simple. However, if we use the only strong form in the end, there could be a lot of extra IO and expensive multiple-level computations if files are highly compressible. On the other hand, such verity2 can be computed offline / avoided by fuzzer tools for read-only scenerios (for example, after building these images and do a full image verification with the given kernel) in order to make sure its stability (In any case, I'm talking about how to make those algorithms bug-free). All I want to say is I think "decrypt->verity->decompress" is reasonable as well. Thanks, Gao Xiang > > Add a word, I was just talking benefits between "decrypt->decompress-> > verity" and "decrypt->verity->decompress", I think both forms are > compatible with inline en/decryption. I don't care which level > "decrypt" is at... But maybe some user cares. Am I missing something? > > Thanks, > Gao Xiang >