On Fri, Feb 21, 2020 at 03:50:44AM -0800, Satya Tangirala wrote: > Blk-crypto delegates crypto operations to inline encryption hardware when > available. The separately configurable blk-crypto-fallback contains a > software fallback to the kernel crypto API - when enabled, blk-crypto > will use this fallback for en/decryption when inline encryption hardware is > not available. This lets upper layers not have to worry about whether or > not the underlying device has support for inline encryption before > deciding to specify an encryption context for a bio, and also allows for > testing without actual inline encryption hardware. For more details, refer > to Documentation/block/inline-encryption.rst. > > Signed-off-by: Satya Tangirala <satyat@xxxxxxxxxx> In v7, only blk_mq_make_request() actually calls blk_crypto_bio_prep(). That will make the crypto contexts be silently ignored (no fallback) if q->make_request_fn != blk_mq_make_request. In recent kernels that *hopefully* won't matter in practice since almost everyone is using blk_mq_make_request. But it still seems like a poor design. First, it's super important that if someone requests encryption, then they either get it or get an error; it should *never* be silently ignored. Second, part of the goal of blk-crypto-fallback is that it should always work, so that in principle users don't have to implement the encryption twice, once via blk-crypto and once via fs or dm-layer crypto. So is there any reason not to keep the blk_crypto_bio_prep() call in generic_make_request()? I think performance can't be much of a complaint, since if almost everyone is using blk_mq_make_request() then they are making the function call anyway... - Eric
