Re: [PATCH v5 3/9] block: blk-crypto for Inline Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 04, 2019 at 06:01:17PM -0800, Eric Biggers wrote:
> I think that "Severely bloating the per-I/O data structure" is an exaggeration,
> since that it's only 32 bytes, and it isn't in struct bio directly but rather in
> struct bio_crypt_ctx...

Yes, and none of that is needed for the real inline crypto.  And I think
we can further reduce the overhead of bio_crypt_ctx once we have the
basiscs sorted out.  If we want to gain more traction we need to reduce
the I/O to a minimum.

> In any case, Satya, it might be a good idea to reorganize this patchset so that
> it first adds all logic that's needed for "real" inline encryption support
> (including the needed parts of blk-crypto.c), then adds the crypto API fallback
> as a separate patch.  That would separate the concerns more cleanly and make the
> patchset easier to review, and make it easier to make the fallback
> de-configurable or even remove it entirely if that turns out to be needed.

Yes, that is a good idea.  Not just in terms of patch, but also in terms
of code organization.  The current structure is pretty weird with 3
files that are mostly tighly integrated, except that one also has the
software implementations.  So what I think we need at a minimum is:

 - reoranizize that we have say block/blk-crypt.c for all the inline
   crypto infrastructure, and block/blk-crypy-sw.c for the actual
   software crypto implementation.
 - remove all the fields only needed for software crypto from
   bio_crypt_ctx, and instead clone the bio into a bioset with the
   additional fields only when we use the software implementation, so
   that there is no overhead for the hardware path.



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux