When both the file system and a lower layer such as dm-crypt encrypt the same file contents, it impacts performance and power utilization. Depending on how the operating environment manages the encryption keys, there is often no significant security benefit to redundantly encrypting. File systems that encrypt some of their blocks can set the REQ_NOENCRYPT flag as a directive to lower layers to not encrypt. Lower layers may optionally observe the flag, but once thay do, they must continue to observe it on subsequent I/O on the device. Otherwise they will decrypt content that they didn't previously encrypt, resulting in data corruption. Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx> --- include/linux/blk_types.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 61339bc44400..89da8f5f7be1 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -205,6 +205,7 @@ enum req_flag_bits { /* command specific flags for REQ_OP_WRITE_ZEROES: */ __REQ_NOUNMAP, /* do not free blocks when zeroing */ + __REQ_NOENCRYPT, /* ok to not encrypt */ __REQ_NR_BITS, /* stops here */ }; @@ -223,6 +224,7 @@ enum req_flag_bits { #define REQ_BACKGROUND (1ULL << __REQ_BACKGROUND) #define REQ_NOUNMAP (1ULL << __REQ_NOUNMAP) +#define REQ_NOENCRYPT (1ULL << __REQ_NOENCRYPT) #define REQ_FAILFAST_MASK \ (REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT | REQ_FAILFAST_DRIVER) -- 2.13.1.508.gb3defc5cc-goog -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel