• Satya Tangirala's avatar
    dm: add support for passing through inline crypto support · aa6ce87a
    Satya Tangirala authored
    Update the device-mapper core to support exposing the inline crypto
    support of the underlying device(s) through the device-mapper device.
    
    This works by creating a "passthrough keyslot manager" for the dm
    device, which declares support for encryption settings which all
    underlying devices support.  When a supported setting is used, the bio
    cloning code handles cloning the crypto context to the bios for all the
    underlying devices.  When an unsupported setting is used, the blk-crypto
    fallback is used as usual.
    
    Crypto support on each underlying device is ignored unless the
    corresponding dm target opts into exposing it.  This is needed because
    for inline crypto to semantically operate on the original bio, the data
    must not be transformed by the dm target.  Thus, targets like dm-linear
    can expose crypto support of the underlying device, but targets like
    dm-crypt can't.  (dm-crypt could use inline crypto itself, though.)
    
    A DM device's table can only be changed if the "new" inline encryption
    capabilities are a (*not* necessarily strict) superset of the "old" inline
    encryption capabilities.  Attempts to make changes to the table that result
    in some inline encryption capability becoming no longer supported will be
    rejected.
    
    For the sake of clarity, key eviction from underlying devices will be
    handled in a future patch.
    Co-developed-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarSatya Tangirala <satyat@google.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    aa6ce87a
dm-table.c 51.2 KB