Re: [PATCH v4 3/5] dm: add support for passing through inline crypto support

From: Eric Biggers
Date: Wed Feb 10 2021 - 15:19:16 EST

Next message: Rob Herring: "Re: [PATCH v4 5/7] ASoC: qcom: dt-bindings: add bindings for lpass tx macro codec"
Previous message: Kees Cook: "Re: [PATCH] pstore/ram : Add support for cached pages"
Next in thread: Satya Tangirala: "Re: [PATCH v4 3/5] dm: add support for passing through inline crypto support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 01, 2021 at 05:10:17AM +0000, Satya Tangirala wrote:
> Update the device-mapper core to support exposing the inline crypto
> support of the underlying device(s) through the device-mapper device.
>
> This works by creating a "passthrough keyslot manager" for the dm
> device, which declares support for encryption settings which all
> underlying devices support. When a supported setting is used, the bio
> cloning code handles cloning the crypto context to the bios for all the
> underlying devices. When an unsupported setting is used, the blk-crypto
> fallback is used as usual.
>
> Crypto support on each underlying device is ignored unless the
> corresponding dm target opts into exposing it. This is needed because
> for inline crypto to semantically operate on the original bio, the data
> must not be transformed by the dm target. Thus, targets like dm-linear
> can expose crypto support of the underlying device, but targets like
> dm-crypt can't. (dm-crypt could use inline crypto itself, though.)
>
> A DM device's table can only be changed if the "new" inline encryption
> capabilities are a (*not* necessarily strict) superset of the "old" inline
> encryption capabilities. Attempts to make changes to the table that result
> in some inline encryption capability becoming no longer supported will be
> rejected.
>
> For the sake of clarity, key eviction from underlying devices will be
> handled in a future patch.
>
> Co-developed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Signed-off-by: Satya Tangirala <satyat@xxxxxxxxxx>

I don't see any obvious issues with this latest version. I assume you've tested
it on real hardware?

If it's needed despite my Co-developed-by, feel free to add:

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

A few nits about comments, in case you resend:

> diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h
> index 086d293c2b03..bf3e66f39a4a 100644
> --- a/drivers/md/dm-core.h
> +++ b/drivers/md/dm-core.h
> @@ -13,6 +13,7 @@
> #include <linux/ktime.h>
> #include <linux/genhd.h>
> #include <linux/blk-mq.h>
> +#include <linux/keyslot-manager.h>
>
> #include <trace/events/block.h>
>
> @@ -162,6 +163,10 @@ struct dm_table {
> void *event_context;
>
> struct dm_md_mempools *mempools;
> +
> +#ifdef CONFIG_BLK_INLINE_ENCRYPTION
> + struct blk_keyslot_manager *ksm;
> +#endif
> };

It might be helpful if there was a brief comment here that explained that this
field is only set temporarily while the table is being set up, and it gets set
to NULL after the capabilities have been transferred to the request_queue.
I.e., it's not something that stays around here while the dm device is active.

> +/*
> + * Constructs and returns a keyslot manager that represents the crypto
> + * capabilities of the devices described by the dm_table. However, if the
> + * constructed keyslot manager does not support a superset of the crypto
> + * capabilities supported by the current keyslot manager of the mapped_device,
> + * it returns an error instead, since we don't support restricting crypto
> + * capabilities on table changes. Finally, if the constructed keyslot manager
> + * doesn't actually support any crypto modes at all, it just returns NULL.
> + */
> +static int
> +dm_table_construct_keyslot_manager(struct dm_table *t)

This doesn't "return" the keyslot manager anymore, but rather assigns it to
t->ksm. It would also be helpful if the comment explicitly mentioned that the
goal is to find the capabilities that all the devices have in common.

E.g. "Initializes t->ksm with a keyslot manager that represents the common set
of crypto capabilities of the devices described by the dm_table.".

> diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h
> index 61a66fb8ebb3..d2142f5a82a7 100644
> --- a/include/linux/device-mapper.h
> +++ b/include/linux/device-mapper.h
> @@ -257,6 +257,12 @@ struct target_type {
> #define DM_TARGET_NOWAIT 0x00000080
> #define dm_target_supports_nowait(type) ((type)->features & DM_TARGET_NOWAIT)
>
> +/*
> + *
> + */
> +#define DM_TARGET_PASSES_CRYPTO 0x00000100
> +#define dm_target_passes_crypto(type) ((type)->features & DM_TARGET_PASSES_CRYPTO)

The above comment isn't very useful :-)

- Eric

Next message: Rob Herring: "Re: [PATCH v4 5/7] ASoC: qcom: dt-bindings: add bindings for lpass tx macro codec"
Previous message: Kees Cook: "Re: [PATCH] pstore/ram : Add support for cached pages"
Next in thread: Satya Tangirala: "Re: [PATCH v4 3/5] dm: add support for passing through inline crypto support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]