From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3AB7C35DE6 for ; Mon, 24 Feb 2020 23:36:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 762202084E for ; Mon, 24 Feb 2020 23:36:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="a8iBiTmL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727957AbgBXXg1 (ORCPT ); Mon, 24 Feb 2020 18:36:27 -0500 Received: from bombadil.infradead.org ([198.137.202.133]:53570 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727081AbgBXXg1 (ORCPT ); Mon, 24 Feb 2020 18:36:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=su7zxcSpmTZRMT/KaDln9XS6SD5jlWklN/1EnJqLTaY=; b=a8iBiTmLkCfR2U9kE0H0YYhTfn o/scgFru4hBFHzGI47rRZprkclexGVaEqLsg/rB+QSE6MOYe5nK5Y1JE/sYlvoTfKu9jWgQOBc04h sbbQ4fEsVPSyaV0j12+5FyNyWHxuj2OsU1d8qRaMZxJ/8ab/QhwonRXL1U4J2B0RsT1evDF4WLvD3 Nki3qFEibQFrRTlru5egSP0PRrZb4Qdm9/KhXRx+RzSljbgj93kiY7faRf0dBqTSaibeFHOp3N4tJ wbdqJqnYtIVPFODIAQhv+tQ+vb02DXh4rvICJ6LbuJXKYUDZHVJSycZVvB6U1fjvMp3txTYeymc1R 4jZ/y1eA==; Received: from hch by bombadil.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6NGz-0001wx-Mm; Mon, 24 Feb 2020 23:36:25 +0000 Date: Mon, 24 Feb 2020 15:36:25 -0800 From: Christoph Hellwig To: Eric Biggers Cc: Christoph Hellwig , Satya Tangirala , linux-block@vger.kernel.org, linux-scsi@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, Barani Muthukumaran , Kuohong Wang , Kim Boojin Subject: Re: [PATCH v7 3/9] block: blk-crypto-fallback for Inline Encryption Message-ID: <20200224233625.GB30288@infradead.org> References: <20200221115050.238976-1-satyat@google.com> <20200221115050.238976-4-satyat@google.com> <20200221173539.GA6525@infradead.org> <20200221183437.GC925@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200221183437.GC925@sol.localdomain> X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org On Fri, Feb 21, 2020 at 10:34:37AM -0800, Eric Biggers wrote: > On Fri, Feb 21, 2020 at 09:35:39AM -0800, Christoph Hellwig wrote: > > High-level question: Does the whole keyslot manager concept even make > > sense for the fallback? With the work-queue we have item that exectutes > > at a time per cpu. So just allocatea per-cpu crypto_skcipher for > > each encryption mode and there should never be a slot limitation. Or > > do I miss something? > > It does make sense because if blk-crypto-fallback didn't use a keyslot manager, > it would have to call crypto_skcipher_setkey() on the I/O path for every bio to > ensure that the CPU's crypto_skcipher has the correct key. That's undesirable, > because setting a new key can be expensive with some encryption algorithms, and > also it can require a memory allocation which can fail. For example, with the > Adiantum algorithm, setting a key requires encrypting ~1100 bytes of data in > order to generate subkeys. It's better to set a key once and use it many times. I didn't think of such expensive operations when setting the key. Note that you would not have to do it on every I/O, as chances are high you'll get I/O from the same submitter and thus the same key, and we can optimize for that case pretty easily. But if you think the keyslot manager is better I accept that, this was just a throught when looking over the code.