On Wed, Apr 29, 2026 at 08:34:00PM +0800, Linlin Zhang wrote: > > > On 4/29/2026 12:36 AM, Benjamin Marzinski wrote: > > On Tue, Apr 28, 2026 at 05:20:07PM +0800, Linlin Zhang wrote: > >> > >> > >> On 4/28/2026 7:21 AM, Benjamin Marzinski wrote: > >>> On Mon, Apr 27, 2026 at 01:23:27AM -0400, Benjamin Marzinski wrote: > >>>> On Fri, Apr 10, 2026 at 06:40:30AM -0700, Linlin Zhang wrote: > >>>>> From: Eric Biggers <[email protected]> > >>>>> + /* > >>>>> + * Since we've added an encryption context to the bio and > >>>>> + * blk-crypto-fallback may be needed to process it, it's > >>>>> necessary to > >>>>> + * use the fallback-aware bio submission code rather than > >>>>> + * unconditionally returning DM_MAPIO_REMAPPED. > >>>>> + * > >>>>> + * To get the correct accounting for a dm target in the case > >>>>> where > >>>>> + * __blk_crypto_submit_bio() doesn't take ownership of the bio > >>>>> (returns > >>>>> + * true), call __blk_crypto_submit_bio() directly and return > >>>>> + * DM_MAPIO_REMAPPED in that case, rather than relying on > >>>>> + * blk_crypto_submit_bio() which calls submit_bio() in that > >>>>> case. > >>>>> + */ > >>>>> + if (__blk_crypto_submit_bio(bio)) > >>>> > >>>> This will still double account for fallback writes (which call > >>>> submit_bio() on the encrypted bios, and return DM_MAPIO_SUBMITTED here). > >>> > >>> Just to clarify, I'm talking about the vmstats accounting. The IO > >>> originally gets accounted by submit_bio() when the bio is submitted to > >>> the dm device. For actual inline encryption and fallback reads, dm will > >>> submit the bio to the underlying device using submit_bio_noacct() to > >>> avoid double-counting the IO. > >>> > >>> For fallback writes, __blk_crypto_submit_bio() will submit the encrypted > >>> bios to the underlying device with submit_bio(). This adds the IO > >>> sectors again, even though it's the same IO, only encrypted now. > >> > >> > >> Right, thanks for calling this out. > >> > >> For fallback writes, the IO is still double-counted. Given that this only > >> affects IO accounting in the blk-crypto fallback write slow-path and not > >> correctness, I think this is an acceptable tradeoff, and we can leave a > >> TODO to revisit the accounting once a better solution exists. > >> > >> Add the bellow to the annotate. > >> > >> /* > >> * TODO: blk-crypto fallback write slow-path currently double-accounts > >> * IO in vmstat, as encrypted bios are submitted via submit_bio(). > >> * This does not affect data correctness. Consider fixing this if > >> * a cleaner accounting model for derived bios is introduced. > >> */ > >> > >> Do you agree? > > > > You could add an extra argument, for instance "bool need_acct", to > > __blk_crypto_submit_bio(), and plumb it through to > > __blk_crypto_fallback_encrypt_bio(), where it could be used to choose > > between calling submit_bio() and and submit_bio_noacct(). > > > > We could even add a flag to cloned bios for stacked devices, that could > > be checked in submit_bio(), so we didn't need to have > > submit_bio_noacct(). But this is a pretty niche case with other > > solutions, so I'm not sure if it warrants adding more checks to > > submit_bio(). > > > > I do agree that people probably aren't using dm-inlinecrypt for devices > > where they don't actually have inline encryption capabilities, so it's > > not a major issue. What to you think, Mikulas? > > Thanks for the suggestions. > > Adding a bool need_acct parameter to __blk_crypto_submit_bio() would require > updating all existing callers, which feels rather intrusive given that the > accounting issue only affects the blk‑crypto fallback write slow‑path. I’m a > bit concerned that this would broaden the scope of the change more than > necessary for the problem at hand.
I get your concern, and I'd like a second opinion on how much we should care about this, but it doesn't look like there are many other callers that would be effected here. The only existing caller of __blk_crypto_submit_bio() is blk_crypto_submit_bio(), which would just call it with "need_acct=true". Looking at the code path below __blk_crypto_submit_bio() that would need to change for submitting the bios: __blk_crypto_submit_bio() is the only caller of blk_crypto_fallback_bio_prep() blk_crypto_fallback_bio_prep() is the only caller of blk_crypto_fallback_encrypt_bio(). blk_crypto_fallback_encrypt_bio() is the only caller of __blk_crypto_fallback_encrypt_bio(), which is the function that would need to choose between submit_bio() and submit_bio_noacct(). Doing this would change the crypto API (by necessity, since we're adding a new argument to __blk_crypto_submit_bio() for stacking devices to use), and it is adds a extra argument to a number of functions, just to handle this corner case. But it is still a relatively contained change. -Ben
