[dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt

Wed Jan 19 05:15:13 UTC 2022

On Tue, Jan 18, 2022 at 12:27:33PM -0800, Eric Biggers wrote:
> * The block device for a partition doesn't have its own request_queue or
>   queue_limits; those are properties of the disk, not the partition.  But,
>   setting an encryption key may require changes to the queue_limits.  For
>   example, discard_zeroes_data will no longer work, and the logical_block_size
>   will need to become the crypto data unit size which may be larger than the
>   original logical_block_size.

If we need changes to the queue limits we're doing something wrong I
think, as all these limitation only actually apply to bios that use
inline encryption and thus should be dynamic decisions.

Note that discard_zeroes_data is gone already, all zeroing must use
REQ_OP_WRITE_ZEROES.

> 
> * The block_device for a given partition didn't stay around while no one has it
>   opened or mounted.  This may have been addressed by Christoph's changes last
>   year that merged block_device and hd_struct, but this used to be an issue.

Yes, this is fixed now.

> * There was some issue caused by the way the block layer maps partitions to
>   disks; the knowledge of the original block device (and thus the key) was lost
>   at this point.  I'm not sure whether this is still an issue or not.

Also fixed by the block_device/hd_struct merged as the lookup is gone
entirely now.

> * A block device ioctl to set a key would need to handle cases where the block
>   device is already open (fail with EBUSY?), or already has pages cached in the
>   pagecache (invalidate them?).  A dm target avoids these concerns since a key
>   would only be set up when the disk and block device are originally created.

An ioctl is by definition perfomed on an open file handle, so it will by
definition be open.  But I don't think that check really is needed to be
so strict.  We can require the ioctl to be on an FMODE_EXCL file handle
which is a good sanity check and otherwise you get what you ask for.

> 
> Finally, there's also the fact that this would really be more than "setting a
> default key".  To precisely specify the encryption format, you also have to
> specify the algorithm, the key type, and the data unit size.  (Also potentially
> more details about IV generation, if blk-crypto ever starts to support more IV
> generation methods, which I'd like to avoid but it might eventually happen.)
> 
> These could all be passed in an ioctl, but dm-crypt already has a syntax defined
> for specifying encryption formats.  So it could make sense to reuse it.

We could of course find a way to mostly reuse the dm-crypt text based setup
syntax even on a block device if that helps.