Re: Oopsing cryptoapi (or loop device?) on 2.6.*

From: Jan Rychter
Date: Tue Feb 17 2004 - 22:17:53 EST

Next message: Dave Jones: "2.6.3rc4 ali1535 i2c driver rmmod oops."
Previous message: H. Peter Anvin: "Re: UTF-8 and case-insensitivity"
In reply to: Jari Ruusu: "Re: Oopsing cryptoapi (or loop device?) on 2.6.*"
Next in thread: Jari Ruusu: "Re: Oopsing cryptoapi (or loop device?) on 2.6.*"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Jari" == Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> writes:
Jari> Jan Rychter wrote:
> "Jari" == Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>:
Jari> File backed loops have hard to fix re-entry problem: GFP_NOFS
Jari> memory allocations that cause dirty pages to written out to file
Jari> backed loop, will have to re-enter the file system anyway to
Jari> complete the write. This causes deadlocks. Same deadlocks are
Jari> there in mainline loop+cryptoloop combo.
>>
>> I have used cryptoapi (as modules) for the last 2 years (or so) now,
>> without encountering any problems whatsoever. I therefore beg to
>> differ: if the same deadlocks are there, then for some reason they
>> are not triggered on my machine. Two years versus an hour, that's a
>> rather significant difference in terms of reliability.

Jari> Do you mind doing a a quick grep:

Jari> cd /path/to/your/kernel/source grep "Jari Ruusu"
Jari> drivers/block/loop.c

Jari> If you see my name there, your kerneli.org cryptoapi enabled
Jari> kernel is running same loop code I wrote years ago. Those
Jari> loop-jari-something patches that you find on the net, are just
Jari> copies of old loop-AES code.

No, it is not running this code. The code that works well for me is the
external cryptoapi (as modules) with last update in Feb 2002.

Ok, now after spending some more time googling around and reading
documentation, I'm confused. It also seems I'm not the only one (see
http://www.linuxquestions.org/questions/archive/4/2004/01/3/136754).

How do you get a file-backed encrypted filesystem to work under Linux
2.4.24?

From what I understand, there are three options:

1) cryptoapi-as-modules, which is what I'm using now and what has
worked reliably (although perhaps not too fast),
2) in-kernel cryptoapi, which seems to be missing cryptoloop support,
so how do you actually use it? And what about the i586-optimized
AES patches?
3) Jari Ruusu's loop-AES, which from what I understood won't work on
file-backed loops because of deadlock issues.

Now, I would be all happy with option (1) which I have been using,
except I started caring about speed a little. Also, it bothers me a
little bit that the cryptoapi project seems to have died, as I wasn't
able to find any up-to-date pages or documents about it.

So, what is the preferred way?

--J.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Dave Jones: "2.6.3rc4 ali1535 i2c driver rmmod oops."
Previous message: H. Peter Anvin: "Re: UTF-8 and case-insensitivity"
In reply to: Jari Ruusu: "Re: Oopsing cryptoapi (or loop device?) on 2.6.*"
Next in thread: Jari Ruusu: "Re: Oopsing cryptoapi (or loop device?) on 2.6.*"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]