On Wed, 30 Jul 2025, LongPing Wei wrote:
> On 7/30/2025 6:46 PM, Mikulas Patocka wrote:
> >
> >
> > On Wed, 30 Jul 2025, LongPing Wei wrote:
> >
> > > dm-thin obviously can pass through inline crypto support.
> >
> > Hi
> >
> > I'm not sure about it. What if dm-thin performs copy-on-write? How would
> > that interact with inline crypto?
> >
> > Mikulas
> >
> Hi, Mikulas
>
> dm-thin's encryption behavior is the same as dm-bow's when COW occurs, and
> DM_TARGET_PASSES_CRYPTO has already been set to dm-bow.
>
> The key and iv of inline crypto are passed in by the upper layer, which is not
> affected by the specific location of data blocks in thin-pool.
>
> LongPing Wei>> Signed-off-by: LongPing Wei <weilongp...@oppo.com>
How is it supposed to work during provisioning? Suppose that you have 64k
chunk with no mapping. dm-thin returns zero for it. Then, you write 4k
somewhere to this chunk. dm-thin allocates the chunk, writes zeroes to it
and then writes 4k data into it (and only this 4k block will be
encrypted). When you attempt to read this chunk, the 4k block will be
deciphered correctly, but the zero data around it will be deciphered too
and garbage will be returned to the application.
Mikulas
