On 7/10/19 4:56 PM, Satya Tangirala wrote: > We introduce blk-crypto, which manages programming keyslots for struct > bios. With blk-crypto, filesystems only need to call bio_crypt_set_ctx with > the encryption key, algorithm and data_unit_num; they don't have to worry > about getting a keyslot for each encryption context, as blk-crypto handles > that. Blk-crypto also makes it possible for layered devices like device > mapper to make use of inline encryption hardware. > > Blk-crypto delegates crypto operations to inline encryption hardware when > available, and also contains a software fallback to the kernel crypto API. > For more details, refer to Documentation/block/blk-crypto.txt. > > Known issues: > 1) We're allocating crypto_skcipher in blk_crypto_keyslot_program, which > uses GFP_KERNEL to allocate memory, but this function is on the write > path for IO - we need to add support for specifying a different flags > to the crypto API.
That's a must-fix before merging, btw. > @@ -1018,7 +1019,9 @@ blk_qc_t generic_make_request(struct bio *bio) > /* Create a fresh bio_list for all subordinate requests > */ > bio_list_on_stack[1] = bio_list_on_stack[0]; > bio_list_init(&bio_list_on_stack[0]); > - ret = q->make_request_fn(q, bio); > + > + if (!blk_crypto_submit_bio(&bio)) > + ret = q->make_request_fn(q, bio); > > blk_queue_exit(q); Why isn't this just stacking the ->make_request_fn() instead? Then we could get this out of the hot path. -- Jens Axboe
