lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200727171615.GJ1138@sol.localdomain> Date: Mon, 27 Jul 2020 10:16:15 -0700 From: Eric Biggers <ebiggers@...nel.org> To: Dave Chinner <david@...morbit.com> Cc: Satya Tangirala <satyat@...gle.com>, linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org Subject: Re: [PATCH v4 3/7] iomap: support direct I/O with fscrypt using blk-crypto On Sat, Jul 25, 2020 at 07:42:11PM -0700, Eric Biggers wrote: > > Exactly my point. Requiring infrastructure and storage layers to > > obey completely new, undefined, undiscoverable, opaque and variable > > definition of the block devices' "atomic unit of IO", then that's > > simply a non-starter. That requires a complete re-architecture of > > the block layers and how things interface and transmit information > > through them. At minimum, high level IO alignment constraints must > > be generic and not be hidden in context specific crypto structures. > > Do you have any specific examples in mind of where *encrypted* I/O may broken at > only a logical_block_size boundary? Remember that encrypted I/O with a > particular data_unit_size is only issued if the request_queue has declared that > it supports encryption with that data_unit_size. In the case of a layered > device, that means that every layer would have to opt-into supporting encryption > as well as the specific data_unit_size. > > Also, the alignment requirement is already passed down the stack as part of the > bio_crypt_ctx. If there do turn out to be places that need to use it, we could > easily define generic helper functions: > > unsigned int bio_required_alignment(struct bio *bio) > { > unsigned int alignmask = queue_logical_block_size(bio->bi_disk->queue) - 1; > > #ifdef CONFIG_BLK_INLINE_ENCRYPTION > if (bio->bi_crypt_context) > alignmask |= bio->bi_crypt_context->bc_key->crypto_cfg.data_unit_size - 1; > #endif > > return alignmask + 1; > } > > unsigned int rq_required_alignment(struct request *rq) > { > unsigned int alignmask = queue_logical_block_size(rq->q) - 1; > > #ifdef CONFIG_BLK_INLINE_ENCRYPTION > if (rq->crypt_ctx) > alignmask |= rq->crypt_ctx->bc_key->crypto_cfg.data_unit_size - 1; > #endif > > return alignmask + 1; > } > > Sure, we could also add a new alignment_required field to struct bio and struct > request, but it would be unnecessary since all the information is already there. > > > > Is it your opinion that inline encryption should only be supported when > > > data_unit_size <= logical_block_size? The problems with that are > > > > Pretty much. > > > > > (a) Using an unnecessarily small data_unit_size degrades performance a > > > lot -- for *all* I/O, not just direct I/O. This is because there are a > > > lot more separate encryptions/decryptions to do, and there's a fixed > > > overhead to each one (much of which is intrinsic in the crypto > > > algorithms themselves, i.e. this isn't simply an implementation quirk). > > > > Performance is irrelevant if correctness is not possible. > > > > As far as I know, data_unit_size > logical_block_size is working for everyone > who has used it so far. > > So again, I'm curious if you have any specific examples in mind. Is this a > real-world problem, or just a theoretical case where (in the future) someone > could declare support for some data_unit_size in their 'struct request_queue' > (possibly for a layered device) without correctly handling alignment in all > cases? > > I do see that logical_block_size is used for discard, write_same, and zeroout. > But that isn't encrypted I/O. > > BTW, there might very well be hardware that *only* supports > data_unit_size > logical_block_size. I found get_max_io_size() in block/blk-merge.c. I'll check if that needs to be updated. Let me know if you have any objection to the fscrypt inline encryption patches *without direct I/O support* going into 5.9. Note that fscrypt doesn't directly care about this block layer stuff at all; instead it uses blk_crypto_config_supported() to check whether inline encryption with the specified (crypto_mode, data_unit_size, dun_bytes) combination is supported on the filesystem's device(s). Only then will fscrypt use inline encryption instead of the traditional filesystem-layer encryption. So if blk_crypto_config_supported() is saying that some crypto configuration is supported when it isn't, then that's a bug in the blk-crypto patches that went into the block layer in 5.8, which we need to fix there. (Ideally by fixing any cases where encrypted I/O may be split in the middle of a data unit. But in the worst case, we could easily make blk_crypto_config_supported() return false when 'data_unit_size > logical_block_size' for now.) - Eric
Powered by blists - more mailing lists