Re: [PATCH v10 02/12] block: Keyslot Manager for Inline Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 27, 2020 at 07:57:08PM -0700, Eric Biggers wrote:
> Or maybe 'struct blk_ksm_keyslot' should contain a pointer to the
> 'struct blk_crypto_key' rather than a copy of it?  If we did that, then:
> 
> - Each duplicate blk_crypto_key would use its own keyslot and not interfere with
>   any others.
> 
> - blk_crypto_evict_key() would be *required* to be called.
> 
> - It would be a kernel bug if blk_crypto_evict_key() were called with any
>   pending I/O, so WARN_ON_ONCE() would be the right thing to do.
> 
> - The hash function used to find a key's keyslot would be
>   hash_ptr(blk_crypto_key, ksm->log_slot_hashtable_size) instead of
>   SipHash(key=perboot_key, data=raw_key).
>   
> I might be forgetting something; was there a reason we didn't do that?
> It wouldn't be as robust against users forgetting to call
> blk_crypto_evict_key(), but that would be a bug anyway.

The above sounds pretty sensible to me (but I'm everything but an expert
in the area).



[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux