Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp1128475pxb; Thu, 15 Apr 2021 15:02:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDqg6GHS5jNlLpxwUSAnSGlFig1W+ZEKWw88LpIlAHDGLBLLBCq7+MSouQKJuTswznSLAC X-Received: by 2002:aa7:d1ce:: with SMTP id g14mr277799edp.122.1618524131522; Thu, 15 Apr 2021 15:02:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618524131; cv=none; d=google.com; s=arc-20160816; b=N7/qpJ721HR0A6Rd+rUKmDpOrGaYcjFSDTj/Bphfdx9GE49wIQ4MR6MLB+a8RjSb+i aZrWjh09ZT1pAbHKCiaB8xBgwxYKlL3+KkazCN6qEsBvGDeCMfaixgXmhXM4SfAYCamj Bjf/rytXnh5h1yz+ibhkJ9QjLKmX6wPqE3VAFAMA5gw9qWSitZTcwDRDNnFmd/jz+bH+ QuxzR6BleHkhBr5SE/UrfOcd5n6seqsz+OiS9tOnsv6zl9m07RZdZPXZm6EshNQlTROE zUxYhr4yGhkWS2DiPt113XnRcdogrOTpsrrnq+E5ArTFzvgP3x1GAkpgOfkzoCHEGuKq x/fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Q2vCimQO/3GLPo2eJ8Zxh+5Z67/CfRsW+/TAEWQUpC8=; b=ewft/OmwYZVWMq4tk2K2VjLr1DElH8iSqbe3ga+arvTDqKWP0UxcMca03IrL5Y1Vvr ufwYfL1WlRhhO6FJbbyBSnRPg+XsheS5kV/zvPkzlEtjYQooGO48xZCGTLPteLEhGa17 sQqjSm81NgVFYVFlU+qUSeqZzMmGiE5buVEe+WAULm9MFsoAhqkh+RcIO/hDV6fZmHLL uoC1DI0AcgY+K/fdYfJ6zPhyYC8chgr1A9tfmj6omwvQaa+uGoIqmFKQy7L1KGLn3B1j bnVe9161mehgFk0Bk7JtdwdFOmM9QRU0icqs5r+T4AXn2bvmCikWN2oQZwly6h2BRAhI tdow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Cfhiug9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h20si3585355edb.48.2021.04.15.15.01.48; Thu, 15 Apr 2021 15:02:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Cfhiug9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235072AbhDOT4U (ORCPT + 99 others); Thu, 15 Apr 2021 15:56:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:58104 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234735AbhDOT4U (ORCPT ); Thu, 15 Apr 2021 15:56:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 38D046109D; Thu, 15 Apr 2021 19:55:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618516556; bh=f6zX1JTHDKJY5RAHzBASAEJeJPaS4icspmPXrKvXjCw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Cfhiug9/6ao8U96bXhC7D7ueiWI+fUpy1bMPmJ7S2wS+TalPR86ZoMqAEUV+VQUTD yiNiUSvpPWb/Yrro2k4JfpM6rNaP/MDWoENWHnqolzk1ZpJ4ljJrdj62X4iryhrB0y UPxIyYkvzbfejidy2Nc25BFrsiscet1hzNDm9oEcUPaRdf8RAbdfTCRBHJep3qAIpW reNK7pKaUlZs4V/ZrNCqt0BV1bljefsfYlLKxgDvMWmiyIhHgGGqviuCX4hZtI9C3+ hVYOjM4Nw6T2wAsrZFaZiR3UiHK9tzTq1/EmAB/tLXdzTwT1OJvwEZqo6WKkyCoUfr UdkuBT2WISphg== Date: Thu, 15 Apr 2021 12:55:54 -0700 From: Eric Biggers To: Satya Tangirala Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Jens Axboe Subject: Re: [PATCH v2 6/8] block: keyslot-manager: introduce blk_ksm_restrict_dus_to_queue_limits() Message-ID: References: <20210325212609.492188-1-satyat@google.com> <20210325212609.492188-7-satyat@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210325212609.492188-7-satyat@google.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 25, 2021 at 09:26:07PM +0000, Satya Tangirala wrote: > Not all crypto data unit sizes might be supported by the block layer due to > certain queue limits. This new function checks the queue limits and > appropriately modifies the keyslot manager to reflect only the supported > crypto data unit sizes. blk_ksm_register() runs any given ksm through this > function before actually registering the ksm with a queue. > > Signed-off-by: Satya Tangirala > --- > block/keyslot-manager.c | 59 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 59 insertions(+) > > diff --git a/block/keyslot-manager.c b/block/keyslot-manager.c > index 2a2b1a9785d2..fad6d9c4b649 100644 > --- a/block/keyslot-manager.c > +++ b/block/keyslot-manager.c > @@ -450,12 +450,71 @@ bool blk_ksm_is_empty(struct blk_keyslot_manager *ksm) > } > EXPORT_SYMBOL_GPL(blk_ksm_is_empty); > > +/* > + * Restrict the supported data unit sizes of the ksm based on the request queue > + * limits > + */ > +void blk_ksm_restrict_dus_to_queue_limits(struct blk_keyslot_manager *ksm, > + struct queue_limits *limits) As the kernel test robot hinted at, this function needs to be 'static'. > +{ > + /* The largest possible data unit size we support is PAGE_SIZE. */ > + unsigned long largest_dus = PAGE_SIZE; > + unsigned int dus_allowed_mask; > + int i; > + bool dus_was_restricted = false; > + > + /* > + * If the queue doesn't support SG gaps, a bio might get split in the > + * middle of a data unit. So require SG gap support for inline > + * encryption for any data unit size larger than a single sector. > + */ > + if (limits->virt_boundary_mask) > + largest_dus = SECTOR_SIZE; > + > + /* > + * If the queue has chunk_sectors, the bio might be split within a data > + * unit if the data unit size is larger than a single sector. So only > + * support a single sector data unit size in this case. > + */ > + if (limits->chunk_sectors) > + largest_dus = SECTOR_SIZE; So in practice, this means that inline encryption will be disabled on any disk that declares a virt_boundary_mask or chunk_sectors. What are the real-world consequences of that? Will that have any consequences for UFS or eMMC, or are those things never applicable to UFS or eMMC? It would also be helpful if the comments explained why these restrictions are necessary. They kind of do, but they don't explicitly give an example -- presumably the issue is that a crypto data unit could cross a virt_boundary_mask or chunk_sectors boundary? > + /* > + * Any bio sent to the queue must be allowed to contain at least a > + * data_unit_size worth of data. Since each segment in a bio contains > + * at least a SECTOR_SIZE worth of data, it's sufficient that > + * queue_max_segments(q) * SECTOR_SIZE >= data_unit_size. So disable > + * all data_unit_sizes not satisfiable. > + */ > + largest_dus = min(largest_dus, > + 1UL << (fls(limits->max_segments) - 1 + SECTOR_SHIFT)); > + > + /* Clear all unsupported data unit sizes. */ > + dus_allowed_mask = (largest_dus << 1) - 1; > + for (i = 0; i < ARRAY_SIZE(ksm->crypto_modes_supported); i++) { > + if (ksm->crypto_modes_supported[i] & (~dus_allowed_mask)) > + dus_was_restricted = true; > + ksm->crypto_modes_supported[i] &= dus_allowed_mask; > + } So again in practice, this effectively disables inline encryption on any disk that doesn't declare max_segments >= 8. What are the real-world consequences of that -- will this ever be a problem for UFS or eMMC? Also, why is it necessary to assume the worst case of 512 bytes per segment? > + if (dus_was_restricted) { > + pr_warn("Disallowed use of encryption data unit sizes above %lu bytes with inline encryption hardware because of device request queue limits.\n", > + largest_dus); > + } Could this message include the disk that it is talking about? > bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q) > { > if (blk_integrity_queue_supports_integrity(q)) { > pr_warn("Integrity and hardware inline encryption are not supported together. Disabling hardware inline encryption.\n"); > return false; > } > + > + blk_ksm_restrict_dus_to_queue_limits(ksm, &q->limits); > + > + if (blk_ksm_is_empty(ksm)) > + return false; > + > q->ksm = ksm; > return true; > } Adding a kerneldoc comment to this function would be helpful. Especially to explain what a return value of false means, exactly. - Eric