Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3446487rdh; Mon, 27 Nov 2023 14:47:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IEUknjSo+/UqorLO1j1if3Prp4qGO9OpY/SMoJ8juG5RzGTxrLtsFxnrBde2QDG6pqGcjj9 X-Received: by 2002:a05:6a20:42a1:b0:18b:826d:1e89 with SMTP id o33-20020a056a2042a100b0018b826d1e89mr15561972pzj.12.1701125255672; Mon, 27 Nov 2023 14:47:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701125255; cv=none; d=google.com; s=arc-20160816; b=TYVOLPCZMwPwqot8xBvb6NYOB3NoMXX1g5V4xxAT5HHstIW3ylL7Nko6CQxgE4oAHQ 7UuGJ5d6XLIju/KJQh+ilai9Im8cI6EG1ZBRYohWVTYWatzvtarwNZlXAgvOaUSgjpc0 DPNTaTEWPpwoCT0Q9Da0EQGDkoxmOhwnVkamdGo0doD3yQNiSzKf80pmOF9Lx479ruIF v/MqCf2KRmPTgIR/ABqyyQIKVhNbe6lMNPwFljK2yWQ6D8n29GwTq35QCTFGYI7gHCN6 HO+kb5aHi8BGFRoGeRTPQNPIBtd94IVUVOZ0dRkI1ogu7rHB2j3ZU15Nxp4O12VUMvaf ymUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=jBF+cvK2wGvpHYkSIgYvcxlEUpgFLMhTWrl80+GjPek=; fh=JJ6XuJws04ZTDoXMtogHpkKD8YDwoIWFzY7xNjodiaE=; b=DCvcz6wPZC3vR9EJRynlwAiWs2a2x3tW35HYhusJjQopTwr6u0+8eOGxt7sI8Cfow5 d0yT9qlPKadsue8WR45V+xuqKrGBo671gi/ZNYySEH6RQpkj3TRQCaV/GCkY8jCBj4Vl KI3Km9uqn63PDCTKocMHwULgat1+mCAHX6kZJBQ62m2KxWd9h+mndJLwXojc5toWEl9/ Kr6uOJTW2c+zQOGzYCw6s7JElDb3v0VnAOtivO6KNttiu+7C4ZgPCC3T39L6kN18LMKJ l+wurXlrIC99qk6rhA2+Th62HzBhYTyjgMUh4ytzgo7/QmePkxwkSXJhyu8F23swodbi 52aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RCXakQs3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id r24-20020a635d18000000b005c14fc66cc1si10321114pgb.22.2023.11.27.14.47.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Nov 2023 14:47:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RCXakQs3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id DDF6E818FBC2; Mon, 27 Nov 2023 14:47:32 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231470AbjK0WrR (ORCPT + 99 others); Mon, 27 Nov 2023 17:47:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233404AbjK0WrP (ORCPT ); Mon, 27 Nov 2023 17:47:15 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0EFDB1B6 for ; Mon, 27 Nov 2023 14:47:21 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 11659C433C8; Mon, 27 Nov 2023 22:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701125241; bh=Y4oxrecu9ql/C7+/pWvE72XQSeQO0hmoCWBxJdrSTgs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RCXakQs3Lvm/NZ4IohSRSzS5ha4CpLf9iXXNE2gzU12WjlKhA6BByL06gdkR2Yl8N qIcbnyv/O/hUAE+YcK+WEBL2opMGlawyFsswlIlOShGrocyxQsiF/ltCEsVRgtzk6f ZS1CgRTABTLrtC+wT2c06detaejWQs7FwoXclVZmVSEdLvZfQHU8tnC4lJtGkItyiC H/JZmfFNJQNuKYaHn7Y57Z5hYpiqPthrcfgNzEzAdOom/D01+Tp+ialYIspQdPEP4P HzC/JlWUWvBbXJFZHsI9Lo164J6yw4L4tpYyy8dFb/sUnoEAFYJl9n4RgmXEv+hAtE Ygv1bcTo7hedw== Date: Mon, 27 Nov 2023 14:47:19 -0800 From: Eric Biggers To: Sergei Shtepa Cc: axboe@kernel.dk, hch@infradead.org, corbet@lwn.net, snitzer@kernel.org, mingo@redhat.com, peterz@infradead.org, juri.lelli@redhat.com, viro@zeniv.linux.org.uk, brauner@kernel.org, linux-block@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Sergei Shtepa Subject: Re: [PATCH v6 11/11] blksnap: prevents using devices with data integrity or inline encryption Message-ID: <20231127224719.GD1463@sol.localdomain> References: <20231124165933.27580-1-sergei.shtepa@linux.dev> <20231124165933.27580-12-sergei.shtepa@linux.dev> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231124165933.27580-12-sergei.shtepa@linux.dev> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Mon, 27 Nov 2023 14:47:33 -0800 (PST) On Fri, Nov 24, 2023 at 05:59:33PM +0100, Sergei Shtepa wrote: > There is an opinion that the use of the blksnap module may violate the > security of encrypted data. The difference storage file may be located > on an unreliable disk or even network storage. I think this misses the point slightly. The main problem is that blksnap writes data in plaintext that is supposed to be encrypted, as indicated by the bio having an encryption context. That's just what it does, at least based on the last patchset; it's not just "an opinion". See https://lore.kernel.org/linux-block/20a5802d-424d-588a-c497-1d1236c52880@veeam.com/ > +#ifdef CONFIG_BLK_INLINE_ENCRYPTION > + if (bio->bi_crypt_context) { > + pr_err_once("Hardware inline encryption is not supported\n"); > + diff_area_set_corrupted(tracker->diff_area, -EPERM); > + return false; > + } > +#endif The error message for ->bi_crypt_context being set should say "Inline encryption", not "Hardware inline encryption". The submitter of the bio may have intended to use blk-crypto-fallback. Anyway, this patch is better than ignoring the problem. It's worth noting, though, that this patch does not prevent blksnap from being set up on a block device on which blk-crypto-fallback is already being used (or will be used). When that happens, I/O will suddenly start failing. For usability reasons, ideally that would be prevented somehow. - Eric