On Fri, Oct 31, 2025 at 10:34:37AM +0100, Christoph Hellwig wrote:
> diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h
> index 58b0c5254a67..ffe815c09696 100644
> --- a/include/linux/blk-crypto.h
> +++ b/include/linux/blk-crypto.h
> @@ -171,6 +171,22 @@ static inline bool bio_has_crypt_ctx(struct bio *bio)
>
> #endif /* CONFIG_BLK_INLINE_ENCRYPTION */
>
> +bool __blk_crypto_submit_bio(struct bio *bio);
> +
> +/**
> + * blk_crypto_submit_bio - Submit a bio using inline encryption
> + * @bio: bio to submit
> + *
> + * If the bio crypt context attached to @bio is supported by the underlying
> + * device's inline encryption hardware, just submit @bio. Otherwise, try to
> + * perform en/decryption for this bio by falling back to the kernel crypto
> API.
> + */
> +static inline void blk_crypto_submit_bio(struct bio *bio)
> +{
> + if (!bio_has_crypt_ctx(bio) || __blk_crypto_submit_bio(bio))
> + submit_bio(bio);
> +}
So, the new model is that if you have a bio that might have a
bio_crypt_ctx, you always have to use blk_crypto_submit_bio() instead of
submit_bio()?
It looks like usually yes, but not always, because submit_bio() still
works with hardware inline encryption. However, it also skips the
bio_crypt_check_alignment() check that was done before; now it happens
only in __blk_crypto_submit_bio(). So that creates an ambiguity about
whether that usage is allowed (if, hypothetically, a caller doesn't need
blk-crypto-fallback support).
Maybe the alignment check should be done both in submit_bio_noacct()
after verifying blk_crypto_config_supported_natively(), and in
__blk_crypto_submit_bio() after deciding to use the fallback? Those
cases are exclusive, so the check would still happen just once per bio.
Either way, the kerneldoc needs to be improved to accurately document
what blk_crypto_submit_bio() does, when it should be called, and how it
differs from submit_bio(). This also deserves a mention in the "API
presented to users of the block layer" section of
Documentation/block/inline-encryption.rst.
(I'll take a closer look at this patch later. It will take a bit more
time to go through the blk-crypto-fallback implementation.)
- Eric
