From: Eric Biggers <ebiggers@kernel.org>
To: Dave Chinner <david@fromorbit.com>
Cc: Satya Tangirala <satyat@google.com>,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org, linux-xfs@vger.kernel.org
Subject: Re: [PATCH v4 3/7] iomap: support direct I/O with fscrypt using blk-crypto
Date: Mon, 27 Jul 2020 10:16:15 -0700 [thread overview]
Message-ID: <20200727171615.GJ1138@sol.localdomain> (raw)
In-Reply-To: <20200726024211.GA14321@sol.localdomain>
On Sat, Jul 25, 2020 at 07:42:11PM -0700, Eric Biggers wrote:
> > Exactly my point. Requiring infrastructure and storage layers to
> > obey completely new, undefined, undiscoverable, opaque and variable
> > definition of the block devices' "atomic unit of IO", then that's
> > simply a non-starter. That requires a complete re-architecture of
> > the block layers and how things interface and transmit information
> > through them. At minimum, high level IO alignment constraints must
> > be generic and not be hidden in context specific crypto structures.
>
> Do you have any specific examples in mind of where *encrypted* I/O may broken at
> only a logical_block_size boundary? Remember that encrypted I/O with a
> particular data_unit_size is only issued if the request_queue has declared that
> it supports encryption with that data_unit_size. In the case of a layered
> device, that means that every layer would have to opt-into supporting encryption
> as well as the specific data_unit_size.
>
> Also, the alignment requirement is already passed down the stack as part of the
> bio_crypt_ctx. If there do turn out to be places that need to use it, we could
> easily define generic helper functions:
>
> unsigned int bio_required_alignment(struct bio *bio)
> {
> unsigned int alignmask = queue_logical_block_size(bio->bi_disk->queue) - 1;
>
> #ifdef CONFIG_BLK_INLINE_ENCRYPTION
> if (bio->bi_crypt_context)
> alignmask |= bio->bi_crypt_context->bc_key->crypto_cfg.data_unit_size - 1;
> #endif
>
> return alignmask + 1;
> }
>
> unsigned int rq_required_alignment(struct request *rq)
> {
> unsigned int alignmask = queue_logical_block_size(rq->q) - 1;
>
> #ifdef CONFIG_BLK_INLINE_ENCRYPTION
> if (rq->crypt_ctx)
> alignmask |= rq->crypt_ctx->bc_key->crypto_cfg.data_unit_size - 1;
> #endif
>
> return alignmask + 1;
> }
>
> Sure, we could also add a new alignment_required field to struct bio and struct
> request, but it would be unnecessary since all the information is already there.
>
> > > Is it your opinion that inline encryption should only be supported when
> > > data_unit_size <= logical_block_size? The problems with that are
> >
> > Pretty much.
> >
> > > (a) Using an unnecessarily small data_unit_size degrades performance a
> > > lot -- for *all* I/O, not just direct I/O. This is because there are a
> > > lot more separate encryptions/decryptions to do, and there's a fixed
> > > overhead to each one (much of which is intrinsic in the crypto
> > > algorithms themselves, i.e. this isn't simply an implementation quirk).
> >
> > Performance is irrelevant if correctness is not possible.
> >
>
> As far as I know, data_unit_size > logical_block_size is working for everyone
> who has used it so far.
>
> So again, I'm curious if you have any specific examples in mind. Is this a
> real-world problem, or just a theoretical case where (in the future) someone
> could declare support for some data_unit_size in their 'struct request_queue'
> (possibly for a layered device) without correctly handling alignment in all
> cases?
>
> I do see that logical_block_size is used for discard, write_same, and zeroout.
> But that isn't encrypted I/O.
>
> BTW, there might very well be hardware that *only* supports
> data_unit_size > logical_block_size.
I found get_max_io_size() in block/blk-merge.c. I'll check if that needs to be
updated.
Let me know if you have any objection to the fscrypt inline encryption patches
*without direct I/O support* going into 5.9. Note that fscrypt doesn't directly
care about this block layer stuff at all; instead it uses
blk_crypto_config_supported() to check whether inline encryption with the
specified (crypto_mode, data_unit_size, dun_bytes) combination is supported on
the filesystem's device(s). Only then will fscrypt use inline encryption
instead of the traditional filesystem-layer encryption.
So if blk_crypto_config_supported() is saying that some crypto configuration is
supported when it isn't, then that's a bug in the blk-crypto patches that went
into the block layer in 5.8, which we need to fix there. (Ideally by fixing any
cases where encrypted I/O may be split in the middle of a data unit. But in the
worst case, we could easily make blk_crypto_config_supported() return false when
'data_unit_size > logical_block_size' for now.)
- Eric
next prev parent reply other threads:[~2020-07-27 17:16 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 23:37 [PATCH v4 0/7] add support for direct I/O with fscrypt using blk-crypto Satya Tangirala
2020-07-20 23:37 ` [PATCH v4 1/7] fscrypt: Add functions for direct I/O support Satya Tangirala
2020-07-22 17:04 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 2/7] direct-io: add support for fscrypt using blk-crypto Satya Tangirala
2020-07-22 17:05 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 3/7] iomap: support direct I/O with " Satya Tangirala
2020-07-22 17:06 ` Jaegeuk Kim
2020-07-22 21:16 ` Dave Chinner
2020-07-22 22:34 ` Eric Biggers
2020-07-22 22:44 ` Matthew Wilcox
2020-07-22 23:12 ` Eric Biggers
2020-07-22 23:26 ` Eric Biggers
2020-07-22 23:32 ` Darrick J. Wong
2020-07-22 23:43 ` Eric Biggers
2020-07-23 22:07 ` Dave Chinner
2020-07-23 23:03 ` Eric Biggers
2020-07-24 1:39 ` Dave Chinner
2020-07-24 3:46 ` Eric Biggers
2020-07-24 5:31 ` Dave Chinner
2020-07-24 17:41 ` Eric Biggers
2020-07-25 23:47 ` Dave Chinner
2020-07-25 23:59 ` Dave Chinner
2020-07-26 2:42 ` Eric Biggers
2020-07-27 17:16 ` Eric Biggers [this message]
2020-07-20 23:37 ` [PATCH v4 4/7] ext4: " Satya Tangirala
2020-07-22 17:07 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 5/7] f2fs: " Satya Tangirala
2020-07-21 20:11 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 6/7] fscrypt: document inline encryption support Satya Tangirala
2020-07-22 17:01 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 7/7] fscrypt: update documentation for direct I/O support Satya Tangirala
2020-07-21 0:47 ` Eric Biggers
2020-07-22 16:57 ` Jaegeuk Kim
2020-07-21 0:56 ` [PATCH v4 0/7] add support for direct I/O with fscrypt using blk-crypto Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200727171615.GJ1138@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=david@fromorbit.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).