Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2042447pxu; Fri, 18 Dec 2020 04:15:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJwkBaDtKvuTcPhlSImIjHuehJgKGPH8iOpILI+NWn22X+1Gz/agQiWUqE3vZhN5FW2MgF14 X-Received: by 2002:a17:907:2061:: with SMTP id qp1mr3674612ejb.222.1608293709220; Fri, 18 Dec 2020 04:15:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608293709; cv=none; d=google.com; s=arc-20160816; b=MGxz9BBBaB533ZzxW9WzSEaNvGLGZaPlfXzKw3Ck8TXceWczyoGUptCI82NqJ5j0Pi nIQUdGUfNkmtK1qGz+KD08x0VJi0H+eZnDR1BCVlv1DY8Fy4CVponvqpwN9r21WgM7Z7 iJaoy+fC9px4/K1fXSzGbOrkypriOzd2816GSIzjA1DM0OggSm86GPI0XpKTeKHbj4aY K+JBTfu00eE90qZw7HC2FfrO6N6PoIwWm+k+U/hbqHfRokkGG6zlaccNjsNanwn/AJNk iYh0Oup7fGeR98Mq0Pbz/OZGSjLkxaJfNDJiiA2f1/wi2X9gsoxYjACNS02fsfLKrpbw 61GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=EMOyMmi5OQh1mMw6pWH3HTsh9nX0nJvvkb+01sG5L6Q=; b=MNA5GwfA505bFC0FuDCVmB/eNsVdAZPfa9972R9uP9whI4nC03V0O+GYzuixeGDt30 M4UoFMlBdW1v5JZRWXy7pLLMQ2aZrWzp02TCc/wlkRw6bWYFO+aicwKPUSUp/hvUOvc4 imu2KRFrC48Lmu2yzX0vYxPwGHz9wPNR8mV8PInieLU/j4qjh/8j7m+SKaygVX0lT2eZ +ftlkgqoBFJ6/h7CQZWPxxRNC3ihA7DH2Cfeic1kcO93g44TpgiEPsFZh9yRdkfnuFo3 ZyE4hiD+Ku1vh17ITly/CQ8x3rfeqpCAtu8HFeaXFx3M13UdZcr4wEd0VznQFN6EmJDe WBHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OEqRBfN9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v3si4436428ejx.433.2020.12.18.04.14.45; Fri, 18 Dec 2020 04:15:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OEqRBfN9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726478AbgLRLyo (ORCPT + 99 others); Fri, 18 Dec 2020 06:54:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726447AbgLRLyn (ORCPT ); Fri, 18 Dec 2020 06:54:43 -0500 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DB05C0617B0 for ; Fri, 18 Dec 2020 03:54:03 -0800 (PST) Received: by mail-pj1-x1036.google.com with SMTP id n3so4775014pjm.1 for ; Fri, 18 Dec 2020 03:54:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=EMOyMmi5OQh1mMw6pWH3HTsh9nX0nJvvkb+01sG5L6Q=; b=OEqRBfN9ikmHv25/4WO0ioVGt+dtMVY9rOSKsI5lIuKBTvU4b+aYp4CCK82nWHGnS2 rjLxRrIr/TQvF8gZBpg25+9PrMfCR6teCbq6+7toS/4enCVZg87drrlN9cOTyBOQ/+kZ 0rIMRQV3Y7H5lJr5N7MFfK2xTyTOvpPt+kbgejrqeYe4xCTJCu26W53nxg3KXT55BVSj 4BK1Bj6Ug2n5ufoys9NpoYzTBTU6KrsVsbBArZ6gDAycN/ciqAfBF73YU/QS6I6ENmpf DNXhWTbx7nR6WtTw9YBgslobxO3i88AalvYg1IuJaWD4eLKdTQbjO00LOIWzdBrcirIx UiLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=EMOyMmi5OQh1mMw6pWH3HTsh9nX0nJvvkb+01sG5L6Q=; b=q1jrJzFRovmUM4dAmXoRRWdDEQOwAbr5kQ/SyLrXxcU9F6jpf+hc8glqfgCQkSEetR 3tUM78IAvx1jjWRZaQyqlXVwpFyL8345CmPGkCCpSiplhiiQuuQIsxxZBevD4YbY2CNg nEFmEvbkd26MM4n01avCiQ2Ohtg4tn363X1mH/bQwbDEp9/JHpNs10vmnO8XW/nwoMeq /56WxiVK/IYBRZwJ7hJrUsgBCeqFeFm0fUVaEWkh58TgHtxosoFyCtxiCK5R/CXK76jG DcUxbu69tPcM+daKGN7+teeRxeZX3eYwXWWgSzx3nYzws3UElGFcsAxcFg2aewvUOLqq aRDQ== X-Gm-Message-State: AOAM5329GrLD3P+GNe7GSkcqNcklfSnkXfUq/0oqvrbqTVVpV9Utn6Dy m4Tymy20BCokU+m8FD2fzFauEA== X-Received: by 2002:a17:90a:5894:: with SMTP id j20mr3959568pji.107.1608292442787; Fri, 18 Dec 2020 03:54:02 -0800 (PST) Received: from google.com (139.60.82.34.bc.googleusercontent.com. [34.82.60.139]) by smtp.gmail.com with ESMTPSA id gp14sm7862161pjb.6.2020.12.18.03.54.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Dec 2020 03:54:02 -0800 (PST) Date: Fri, 18 Dec 2020 11:53:58 +0000 From: Satya Tangirala To: Chao Yu Cc: "Theodore Y . Ts'o" , Jaegeuk Kim , Eric Biggers , Chao Yu , linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [PATCH 0/3] add support for metadata encryption to F2FS Message-ID: References: <20201005073606.1949772-1-satyat@google.com> <471e0eb7-b035-03da-3ee3-35d5880a6748@huawei.com> <9a8d3ae2-a09f-f199-5cb1-48b1317b3d37@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9a8d3ae2-a09f-f199-5cb1-48b1317b3d37@huawei.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 18, 2020 at 05:02:23PM +0800, Chao Yu wrote: > On 2020/12/17 23:44, Satya Tangirala wrote: > > On Sat, Oct 10, 2020 at 05:53:06PM +0800, Chao Yu wrote: > > > Why not using nid as DUN, then GC could migrate encrypted node block directly via > > > meta inode's address space like we do for encrypted data block, rather than > > > decrypting node block to node page and then encrypting node page with DUN of new > > > blkaddr it migrates to. > > > > > The issue is, the bi_crypt_context in a bio holds a single DUN value, > > which is the DUN for the first data unit in the bio. blk-crypto assumes > > that the DUN of each subsequent data unit can be computed by simply > > incrementing the DUN. So physically contiguous data units can only be put > > into the same bio if they also have contiguous DUNs. I don't know much > > about nids, but if the nid is invariant w.r.t the physical block location, > > then there might be more fragmentation of bios in regular read/writes > > Correct, considering performance of in batch node flush, it will be better to > use pba as IV value. > > But, what's the plan about supporting software encryption for metadata? Current > f2fs write flow will handle all operations which may encounter failure before > allocating block address for node, if we do allocation first, and then use pba > as IV to encrypt node block, it will be a little complicated to revert allocation > if we fail to encrypt node block. > Software encryption for metadata is supported through the blk-crypto framework - so encryption will happen in the block layer, not the filesystem layer. So there's nothing extra/special we need to do if there's an encryption failure - an encryption failure is no different from a read/write failure in a lower layer from f2fs' perspective.