Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4904410pxu; Tue, 22 Dec 2020 03:50:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJw3lZOrxA3dnarLjdOYKEH4MTIIrVZlvnPKfxcp9CSsinZi4q6r0Rn0BNakmyJjxf5EYrId X-Received: by 2002:a05:6402:1a2f:: with SMTP id be15mr20072876edb.209.1608637838750; Tue, 22 Dec 2020 03:50:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608637838; cv=none; d=google.com; s=arc-20160816; b=ju8DCg4pNLTYETV7R+cJlayBIq0jmxU4Xa7Ka9HVGr07gGIAsnVDYcy2JFZfdVctts l9S8mA+8yHnCSENQBA/yZSz8C4GoqUg8u1B2qTwCDyxvkbkZan3WXpcBSIeXXn1Gbdrc fLg+cIqwf0DRNl/lbs86yY38AJSkC71pU/bZ6FmDkL5sfDzXeToS6UsM7OYgTpwF04tC TUAmAMmiEie+9eov5zoktqDvRO3pEy0HrupUxmgEGIbZYFLRKW1ylDwEVNZuL3OU3KrJ wRepIOf9VrHVeKeFhSLSL/sCzu16kDZxF3aD1UZNUqV7wfsF8ysKTkYWTGMfEcyAXCtB +Zkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=9sOIEOD15QdZzb22yjHQHc1gw6Sl4/6vSb1vNZWe31s=; b=Z7dBuZ3unk4qlozF6hXIC3cv/08tgf5w/9FRqh0vLFByvYL+q9fYa7LkbpqJk2dwWB gpv9NNh+F5uUHAfVeNVRd+hnmMf5aCTl35fv6wW3ReuuQHw2IMKMmmRHGDdppTVSA0pC 4VL0CReCx0aiWcCJt8My6EGAHI8bNw/WCh0YQyOdZuC3+QyqKsThBHWyKjhzkfOLps35 YS0XIUMXrxtgUMDaB3ivAQ2dfE9EPPAP+cztOJfzdCVXMq00skJgt3v+MDPyDu711zsY piUvWn3G2S/KtwP7lnWk+TDN0RAGG/YPFwj38o/96EQYlsmWuf3QZBTxebZD9TFP7U0l PGLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k7si5418780ejb.442.2020.12.22.03.50.16; Tue, 22 Dec 2020 03:50:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726616AbgLVLsg (ORCPT + 99 others); Tue, 22 Dec 2020 06:48:36 -0500 Received: from szxga04-in.huawei.com ([45.249.212.190]:9235 "EHLO szxga04-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725985AbgLVLsf (ORCPT ); Tue, 22 Dec 2020 06:48:35 -0500 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.60]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4D0ZLn0qGZzktNS; Tue, 22 Dec 2020 19:46:57 +0800 (CST) Received: from [10.136.114.67] (10.136.114.67) by smtp.huawei.com (10.3.19.212) with Microsoft SMTP Server (TLS) id 14.3.498.0; Tue, 22 Dec 2020 19:47:46 +0800 Subject: Re: [PATCH 0/3] add support for metadata encryption to F2FS To: Satya Tangirala CC: "Theodore Y . Ts'o" , Jaegeuk Kim , Eric Biggers , Chao Yu , , , References: <20201005073606.1949772-1-satyat@google.com> <471e0eb7-b035-03da-3ee3-35d5880a6748@huawei.com> <9a8d3ae2-a09f-f199-5cb1-48b1317b3d37@huawei.com> From: Chao Yu Message-ID: Date: Tue, 22 Dec 2020 19:47:45 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.136.114.67] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/12/18 19:53, Satya Tangirala wrote: > On Fri, Dec 18, 2020 at 05:02:23PM +0800, Chao Yu wrote: >> On 2020/12/17 23:44, Satya Tangirala wrote: >>> On Sat, Oct 10, 2020 at 05:53:06PM +0800, Chao Yu wrote: >>>> Why not using nid as DUN, then GC could migrate encrypted node block directly via >>>> meta inode's address space like we do for encrypted data block, rather than >>>> decrypting node block to node page and then encrypting node page with DUN of new >>>> blkaddr it migrates to. >>>> >>> The issue is, the bi_crypt_context in a bio holds a single DUN value, >>> which is the DUN for the first data unit in the bio. blk-crypto assumes >>> that the DUN of each subsequent data unit can be computed by simply >>> incrementing the DUN. So physically contiguous data units can only be put >>> into the same bio if they also have contiguous DUNs. I don't know much >>> about nids, but if the nid is invariant w.r.t the physical block location, >>> then there might be more fragmentation of bios in regular read/writes >> >> Correct, considering performance of in batch node flush, it will be better to >> use pba as IV value. >> >> But, what's the plan about supporting software encryption for metadata? Current >> f2fs write flow will handle all operations which may encounter failure before >> allocating block address for node, if we do allocation first, and then use pba >> as IV to encrypt node block, it will be a little complicated to revert allocation >> if we fail to encrypt node block. >> > Software encryption for metadata is supported through the blk-crypto blk-crypto will encrypt all data in filesystem, if FBE is enabled, data may be encrypted twice? And why not supporting hardware encryption for metadata in blk-crypto? then both f2fs and ext4 can use inline-encryption based blk-crypto? Thanks, > framework - so encryption will happen in the block layer, not the > filesystem layer. So there's nothing extra/special we need to do if > there's an encryption failure - an encryption failure is no different > from a read/write failure in a lower layer from f2fs' perspective. > . >