Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1509904imm; Thu, 12 Jul 2018 03:12:50 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeqxtNC81nHmSphOe1KrJ/v1Mbo3uu2OPsskYbYvQReAwpf5fdzXWXKmDfXDQcUzegJLIHk X-Received: by 2002:a62:3001:: with SMTP id w1-v6mr1706554pfw.19.1531390370753; Thu, 12 Jul 2018 03:12:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531390370; cv=none; d=google.com; s=arc-20160816; b=YSFM9xZRj7jr4BuHvN1zBCH7q+r1t5fbJOqdKoPgPt6tUdgdCfd/m5+HAKFHVYEkSP +Ndzo6jusJdOR8hu6wbQDjOTAgJrsA2iAt9U9rXpuK8k6aNbpd10D4x2ceEFoTeUt5C9 G1R2WFaYxuymKzngCtLfzLJME6tPgHIfw70OtlsUsU4w63xxh+OcFxeJd7EkRKrPjA0x 7JQSdTU8O54NkAH1nbq2stSljrcBeYYfr5Z0ylnd91RUN4+Bg3laMlOZ+FnM1+6Gybgx gbX9IsmtPA+j9+c+4Ina18ns5SZC8xhGhbqtBdu0ieU/OyPB/c1byi3bC0jbNf7f0l6e xSSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=yAwc0QZPV+VJTwKbWmwVzOD0TdYU6jiveyWNx/pyiKA=; b=Be4L35R+6tbhKv34gUWBzPnKeyvO0Nqub8Vj9wUXOtnHosicWJEarow84FPSN6e/le A29EaMDu7XsTLIIkRwHKAobhoG/OWg1vEDNyFScd+5oYvMMUgjbnLePeDXwwb+lImlye aPAK389ZZ/j2YxbzRvWAlnYH2JGqMV6sSJIwbFs2083cP7w5wB6FQaUpsUvlmLQ7p1um bfc7LZH2qcXBtoHfW1vSptnk2TmcsUw7kSGi0o0DiDPTCEnmpfxDtFv4TCl7VH4fkE/Z d0QEge24hGM8t0Kdt8yX1jP8wU8oXLxNVlSI38CJ9ab7U4bk69Ca38oAutdMNeEtXha1 +SHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z33-v6si20965198plb.380.2018.07.12.03.12.35; Thu, 12 Jul 2018 03:12:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726668AbeGLKTo (ORCPT + 99 others); Thu, 12 Jul 2018 06:19:44 -0400 Received: from smtp.nue.novell.com ([195.135.221.5]:55767 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726401AbeGLKTo (ORCPT ); Thu, 12 Jul 2018 06:19:44 -0400 Received: from linux-l9pv.suse (unknown.telstraglobal.net [134.159.103.118]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Thu, 12 Jul 2018 12:10:43 +0200 Date: Thu, 12 Jul 2018 18:10:37 +0800 From: joeyli To: Yu Chen Cc: "Rafael J. Wysocki" , Pavel Machek , Len Brown , Borislav Petkov , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, "Rafael J . Wysocki" Subject: Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device Message-ID: <20180712101037.GI7985@linux-l9pv.suse> References: <5a1cc6bff40ff9a3e023392c69b881e91b16837a.1529486870.git.yu.c.chen@intel.com> <20180628130641.GG3628@linux-l9pv.suse> <20180628135017.GA6561@sandybridge-desktop> <20180628142856.GH3628@linux-l9pv.suse> <20180628145207.GA10891@sandybridge-desktop> <20180629125943.GK3628@linux-l9pv.suse> <20180706152856.GB9631@sandybridge-desktop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180706152856.GB9631@sandybridge-desktop> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Yu Chen, Sorry for my delay... On Fri, Jul 06, 2018 at 11:28:56PM +0800, Yu Chen wrote: > Hi Joey Lee, > On Fri, Jun 29, 2018 at 08:59:43PM +0800, joeyli wrote: > > On Thu, Jun 28, 2018 at 10:52:07PM +0800, Yu Chen wrote: > > > Hi, > > > On Thu, Jun 28, 2018 at 10:28:56PM +0800, joeyli wrote: > > > > On Thu, Jun 28, 2018 at 09:50:17PM +0800, Yu Chen wrote: > > > > > Hi, > > > > > On Thu, Jun 28, 2018 at 09:07:20PM +0800, joeyli wrote: > > > > > > Hi Chen Yu, > > > > > > > > > > > > On Wed, Jun 20, 2018 at 05:40:32PM +0800, Chen Yu wrote: > > > > > > > Use the helper functions introduced previously to encrypt > > > > > > > the page data before they are submitted to the block device. > > > > > > > Besides, for the case of hibernation compression, the data > > > > > > > are firstly compressed and then encrypted, and vice versa > > > > > > > for the resume process. > > > > > > > > > > > > > > > > > > > I want to suggest my solution that it direct signs/encrypts the > > > > > > memory snapshot image. This solution is already shipped with > > > > > > SLE12 a couple of years: > > > > > > > > > > > > https://github.com/joeyli/linux-s4sign/commits/s4sign-hmac-encrypted-key-v0.2-v4.17-rc3 > > > > > > > > > > > I did not see image page encryption in above link, if I understand > > > > > > > > PM / hibernate: Generate and verify signature for snapshot image > > > > https://github.com/joeyli/linux-s4sign/commit/bae39460393ada4c0226dd07cd5e3afcef86b71f > > > > > > > > PM / hibernate: snapshot image encryption > > > > https://github.com/joeyli/linux-s4sign/commit/6a9a0113bb221c036ebd0f6321b7191283fe4929 > > > > > > > > The above patches sign and encrypt the data pages in snapshot image. > > > > It puts the signature to header. > > > > > > > It looks like your signature code can be simplyly added on top of the > > > solution we proposed here, how about we collaborating on this task? > > > > OK, I will base on your user key solution to respin my signature patches. > > > > > just my 2 cents, > > > 1. The cryption code should be indepent of the snapshot code, and > > > this is why we implement it as a kernel module for that in PATCH[1/3]. > > > > Why the cryption code must be indepent of snapshot code? > > > Modules can be easier to be maintained and customized/improved in the future IMO.. hm... currently I didn't see apparent benefit on this... About modularization, is it possible to separate the key handler code from crypto_hibernation.c? Otherwise the snapshot signature needs to depend on encrypt function. > > > 2. There's no need to traverse the snapshot image twice, if the > > > image is large(there's requirement on servers now) we can > > > simplyly do the encryption before the disk IO, and this is > > > why PATCH[2/3] looks like this. > > > > If the encryption solution is only for block device, then the uswsusp > > interface must be locked-down when kernel is in locked mode: > > > > uswsusp: Disable when the kernel is locked down > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=lockdown-20180410&id=8732c1663d7c0305ae01ba5a1ee4d2299b7b4612 > > > > I still suggest to keep the solution to direct encript the snapshot > > image for uswsusp because the snapshot can be encrypted by kernel > > before user space get it. > > > > I mean that if the uswsusp be used, then kernel direct encrypts the > > snapshot image, otherwise kernel encrypts pages before block io. > > > I did not quite get the point, if the kernel has been locked down, > then the uswsusp is disabled, why the kernel encrypts the snapshot > for uswsusp? There have some functions be locked-down because there have no appropriate mechanisms to check the integrity of writing data. If the snapshot image can be encrypted and authentication, then the uswsusp interface is avaiable for userspace. We do not need to lock it down. > > On the other hand, I have a question about asynchronous block io. > > Please see below... > > > Okay. > > > > > > > Suggested-by: Rafael J. Wysocki > > > > > > > Cc: Rafael J. Wysocki > > > > > > > Cc: Pavel Machek > > > > > > > Cc: Len Brown > > > > > > > Cc: Borislav Petkov > > > > > > > Cc: "Lee, Chun-Yi" > > > > > > > Cc: linux-pm@vger.kernel.org > > > > > > > Cc: linux-kernel@vger.kernel.org > > > > > > > Signed-off-by: Chen Yu > > > > > > > --- > > > > > > > kernel/power/power.h | 1 + > > > > > > > kernel/power/swap.c | 215 ++++++++++++++++++++++++++++++++++++++++++++++++--- > > > > > > > 2 files changed, 205 insertions(+), 11 deletions(-) > > [...snip] > > > > > > > /* kernel/power/hibernate.c */ > > > > > > > extern int swsusp_check(void); > > > > > > > diff --git a/kernel/power/swap.c b/kernel/power/swap.c > > > > > > > index c2bcf97..2b6b3d0 100644 > > > > > > > --- a/kernel/power/swap.c > > > > > > > +++ b/kernel/power/swap.c > > [...snip] > > > > > > > @@ -1069,18 +1171,42 @@ static int load_image(struct swap_map_handle *handle, > > > > > > > if (!m) > > > > > > > m = 1; > > > > > > > nr_pages = 0; > > > > > > > + crypto_page_idx = 0; > > > > > > > + if (handle->crypto) { > > > > > > > + crypt_buf = (void *)get_zeroed_page(GFP_KERNEL); > > > > > > > + if (!crypt_buf) > > > > > > > + return -ENOMEM; > > > > > > > + } > > > > > > > start = ktime_get(); > > > > > > > for ( ; ; ) { > > > > > > > ret = snapshot_write_next(snapshot); > > > > > > > if (ret <= 0) > > > > > > > break; > > > > > > > - ret = swap_read_page(handle, data_of(*snapshot), &hb); > > > > > > > + if (handle->crypto) > > > > > > > + ret = swap_read_page(handle, crypt_buf, &hb); > > > > > > > + else > > > > > > > + ret = swap_read_page(handle, data_of(*snapshot), &hb); > > > > > > > if (ret) > > > > > > > break; > > > > > > > if (snapshot->sync_read) > > > > > > > ret = hib_wait_io(&hb); > > > > In snapshot_write_next(), the logic will clean the snapshot->sync_read > > when the buffer page doesn't equal to the original page. Which means > > that the page can be read by asynchronous block io. Otherwise, kernel > > calls hib_wait_io() to wait until the block io was done. > > > Yes, you are right, I missed the asynchronous block io in non-compression > case. > > > > > > > if (ret) > > > > > > > break; > > > > > > > + if (handle->crypto) { > > > > > > > + /* > > > > > > > + * Need a decryption for the > > > > > > > + * data read from the block > > > > > > > + * device. > > > > > > > + */ > > > > > > > + ret = crypto_data(crypt_buf, PAGE_SIZE, > > > > > > > + data_of(*snapshot), > > > > > > > + PAGE_SIZE, > > > > > > > + false, > > > > > > > + crypto_page_idx); > > > > > > > + if (ret) > > > > > > > + break; > > > > > > > + crypto_page_idx++; > > > > > > > + } > > > > The decryption is here in the for-loop. But maybe the page is still in > > the block io queue for waiting the batch read? The page content is not > > really read to memory when the crypto_data be run? > > > Yes, it is possible. > > > > > > > if (!(nr_pages % m)) > > > > > > > pr_info("Image loading progress: %3d%%\n", > > > > > > > nr_pages / m * 10); > > nr_pages++; > > } > > err2 = hib_wait_io(&hb); > > stop = ktime_get(); > > > > When the for-loop is break, the above hib_wait_io(&hb) guarantees that > > all asynchronous block io are done. Then all pages are read to memory. > > > > I think that the decryption code must be moved after for-loop be break. > > Or there have any callback hook in the asynchronous block io that we > > can put the encryption code after the block io read the page. > > > Yes, we can move the decryptino code here. Another thought came to my > mind, how about disabling the asynchronous block io in non-compression > case if encryption hibernation is enabled(because encryption hibernation > is not using the asynchronous block io and it has to traverse each page > one by one, so asynchronous block io does not bring benefit to encryption > hibernation in non-compression case)? Or do I miss something? > Disabling asynchronous block will cause IO performance drops. As I remeber that it's a lot of drops. You can try it. I am not sure how many people are still using non-compression mode. I do not know too much on block layer API. Is it possible to encrypt each page before writing to device from kernel? Thanks Joey Lee