Re: [PATCH v5 00/11] blksnap - block devices snapshots module

From: Sergei Shtepa
Date: Tue Jun 13 2023 - 06:12:34 EST

Next message: Lorenz Bauer: "[PATCH bpf-next v2 0/6] Add SO_REUSEPORT support for TC bpf_sk_assign"
Previous message: Lorenzo Bianconi: "Re: [PATCH net-next 6/8] net: ethernet: mtk_eth_soc: convert caps in mtk_soc_data struct to u64"
In reply to: Christoph Hellwig: "Re: [PATCH v5 00/11] blksnap - block devices snapshots module"
Next in thread: Eric Biggers: "Re: [PATCH v5 00/11] blksnap - block devices snapshots module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/12/23 18:19, Eric Biggers wrote:
> This is the first time you've received an email from this sender
> ebiggers@xxxxxxxxxx, please exercise caution when clicking on links or opening
> attachments.
>
>
> On Mon, Jun 12, 2023 at 03:52:17PM +0200, Sergei Shtepa wrote:
> > Hi all.
> >
> > I am happy to offer a improved version of the Block Devices Snapshots
> > Module. It allows to create non-persistent snapshots of any block devices.
> > The main purpose of such snapshots is to provide backups of block devices.
> > See more in Documentation/block/blksnap.rst.
>
> How does blksnap interact with blk-crypto?
>
> I.e., what happens if a bio with a ->bi_crypt_context set is submitted to a
> block device that has blksnap active?
>
> If you are unfamiliar with blk-crypto, please read
> Documentation/block/inline-encryption.rst

Thank you, this is an important point. Yes, that's right.
The current version of blksnap can cause blk-crypto to malfunction while
holding a snapshot. When handling bios from the file system, the
->bi_crypt_context is preserved. But the bio requests serving the snapshot
are executed without context. I think that the snapshot will be unreadable.

But I don't see any obstacles in the way of blksnap and blk-crypto
compatibility. If DM implements support for blk-crypto, then the same
principle can be applied for blksnap. I think that the integration of
blksnap with blk-crypto may be one of the stages of further development.

The dm-crypto should work properly.

It is noteworthy that in 7 years of using the out-of-tree module to take
a snapshot, I have not encountered cases of such problems.
But incompatibility with blk-crypto is possible, this is already a pain
for some users. I will request this information from our support team.

>
> It looks like blksnap hooks into the block layer directly, via the new
> "blkfilter" mechanism. I'm concerned that it might ignore ->bi_crypt_context
> and write data to the disk in plaintext, when it is supposed to be encrypted.

No. The "blkfilter" mechanism should not affect the operation of blk-crypto.
It does not change the bio.
Only a module that has been attached and provides its own filtering algorithm,
such as blksnap, can violate the logic of blk-crypto.
Therefore, until the blksnap module is loaded, blk-crypto should work as before.

Next message: Lorenz Bauer: "[PATCH bpf-next v2 0/6] Add SO_REUSEPORT support for TC bpf_sk_assign"
Previous message: Lorenzo Bianconi: "Re: [PATCH net-next 6/8] net: ethernet: mtk_eth_soc: convert caps in mtk_soc_data struct to u64"
In reply to: Christoph Hellwig: "Re: [PATCH v5 00/11] blksnap - block devices snapshots module"
Next in thread: Eric Biggers: "Re: [PATCH v5 00/11] blksnap - block devices snapshots module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]