linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Baolin Wang <baolin.wang@linaro.org>
To: Milan Broz <gmazyland@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>, Alasdair G Kergon <agk@redhat.com>,
	Mike Snitzer <snitzer@redhat.com>,
	dm-devel@redhat.com, neilb@suse.com, dan.j.williams@intel.com,
	martin.petersen@oracle.com, sagig@mellanox.com,
	Kent Overstreet <kent.overstreet@gmail.com>,
	keith.busch@intel.com, tj@kernel.org,
	Mark Brown <broonie@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	linux-block@vger.kernel.org, linux-raid@vger.kernel.org,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency
Date: Mon, 4 Jan 2016 14:58:35 +0800	[thread overview]
Message-ID: <CAMz4kuK__1tKf=+gP2zELzFFur45eqTL78v6oTdYgYTzCvTsNw@mail.gmail.com> (raw)
In-Reply-To: <56885330.9080801@gmail.com>

Hi Milan,

On 3 January 2016 at 06:46, Milan Broz <gmazyland@gmail.com> wrote:
>
> Sorry for delay, I tried to compile it.
> It doesn't crash now, but it also does not work.
>
> You usage of IV in XTS mode is not correct - it cannot just work this way,
> you have to initialize IV after each block. And just one write not aligned
> to your large XTS block will corrupt it.
>
> Did you tried to _read_ data you write to the device?
>
> See this test :
>
> # create  device with your patch
> $ echo "test"|cryptsetup create -s 512 -c aes-xts-bulk tst /dev/sdg
>
> # prepare random test file
> $ dd if=/dev/urandom of=/src.img bs=1M count=16
>
> # now copy the file to the plaintext device and drop caches
> $ dd if=/src.img of=/dev/mapper/tst bs=1M count=16
>
> $ echo 3 > /proc/sys/vm/drop_caches
>
> # and verify that we are (not) reading the same data ...
>
> $ dd if=/dev/mapper/tst of=/dst1.img bs=1M count=16
>
> $ sha256sum /src.img /dst1.img
> 5401119fa9975bbeebac58e0b2598bc87247a29e62417f9f58fe200b531602ad  /src.img
> e9bf5efa95031fdb5adf618db141f48ed23f71b12c017b8a0cbe0a694f18b979  /dst1.img
>
> (I think only first page-sized block is correct, because without direct-io
> it writes in page-sized IOs.)
>
>
> ... or just try to mkfs and mount it
> $ mkfs -t ext4  /dev/mapper/tst
>
> mke2fs 1.42.13 (17-May-2015)
> Creating filesystem with 262144 4k blocks and 65536 inodes
> ...
>
> $ mount /dev/mapper/tst /mnt/tst
> mount: wrong fs type, bad option, bad superblock on /dev/mapper/tst,
>        missing codepage or helper program, or other error
>
>
> You approach simply does not work. (It will probably work for ECB mode but it is
> unusable in real world.)
>
>
> Anyway, I think that you should optimize driver, not add strange hw-dependent
> crypto modes to dmcrypt. This is not the first crypto accelerator that is just not
> suited for this kind of use.

Very grateful for your feedback. I'm sorry I didn't check much data
correctness, mostly focus on the encryption speed. It looks like there
are something wrong when I follow your test procedure. I will optimize
the driver and need to be known much about XTS mode to check why it
can not work. Thanks.

>
> (If it can process batch of chunks of data each with own IV, then it can work
> with dmcrypt, but I think such optimized code should be inside crypto API,
> not in dmcrypt.)
>
> Milan



-- 
Baolin.wang
Best Regards

  reply	other threads:[~2016-01-04  6:58 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-16  3:18 [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency Baolin Wang
2015-12-16  3:18 ` [PATCH v2 1/2] block: Export the __blk_bios_map_sg() to map one bio Baolin Wang
2015-12-16  3:18 ` [PATCH v2 2/2] md: dm-crypt: Introduce the bulk IV mode for bulk crypto Baolin Wang
2015-12-16  8:08 ` [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency Milan Broz
2015-12-16  8:31   ` Baolin Wang
2015-12-17  7:37   ` Baolin Wang
2016-01-02 22:46     ` Milan Broz
2016-01-04  6:58       ` Baolin Wang [this message]
2016-01-04 20:13       ` Mark Brown
2016-01-06  6:49         ` Baolin Wang
2016-01-12 23:31         ` [dm-devel] " Mikulas Patocka
2016-01-12 23:38           ` Arnd Bergmann
2016-01-13  2:18             ` Mikulas Patocka
2016-01-13 10:17               ` Arnd Bergmann
2016-01-13 15:00                 ` Mikulas Patocka
2016-01-13  7:01             ` Milan Broz
2016-01-12 23:40           ` Mark Brown
2016-01-13  2:13             ` Mikulas Patocka
2016-01-14 11:35               ` Mark Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMz4kuK__1tKf=+gP2zELzFFur45eqTL78v6oTdYgYTzCvTsNw@mail.gmail.com' \
    --to=baolin.wang@linaro.org \
    --cc=agk@redhat.com \
    --cc=arnd@arndb.de \
    --cc=axboe@kernel.dk \
    --cc=broonie@kernel.org \
    --cc=dan.j.williams@intel.com \
    --cc=dm-devel@redhat.com \
    --cc=gmazyland@gmail.com \
    --cc=keith.busch@intel.com \
    --cc=kent.overstreet@gmail.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=martin.petersen@oracle.com \
    --cc=neilb@suse.com \
    --cc=sagig@mellanox.com \
    --cc=snitzer@redhat.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).