Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp25027imm;
        Thu, 30 Aug 2018 06:11:39 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbeHhn+WVONogABt2m7Q1yXmC58ndU0oo9oSZJBRoD1LkM97fHGf3NtjATgM94x0lJbhM/D
X-Received: by 2002:a63:788b:: with SMTP id t133-v6mr9637983pgc.329.1535634699707;
        Thu, 30 Aug 2018 06:11:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535634699; cv=none;
        d=google.com; s=arc-20160816;
        b=fDzWyfSv5ABUL1OdRXfKRWbEdwhmLGjOqBGJrkXQUmZOQIhvV2rZ0vpSlNSRko2gVQ
         TY7d9ErboTaEo7mmu73+QrW8zfo52nxE3JZq3PX6USF3K67YCvLBEaJcN7bpGJ/cDbCP
         9yu+WbCChv22ZKz+TuTuSn8Ke28iTjMCAWFeJRO5p3haIJC457ugSFiGwbjiAbo/6wuV
         9LyLpfViANDYRAOiGYYg7R7mKTh1pF6LZAlTzo5h173yfn0jxmSntW4Iw1Rp2wZ4e9YG
         GXmynj/u6WyLkZ1XcVFd8JFvm3s/r/pWY+uPSuOPZISf+F+V8OBc2dwJpF+kI4rcJI31
         87kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=E7VC8mJOmHv/wzAdDg69mky7q/58obX4zwl1I0RJ3Mo=;
        b=dRYt5pVToV4hkOkqS8SioEFLy4KRytFvtg1CmBruyiw9FL6I37wmEuuyZAuuG/rMlD
         VV9HoqbfG47n233c+VK1b2MHxH8xaZKUUiHn7p/W1gj549XbV8Gw69BU8axpCeVIFXB1
         ybFdHTvSHAQOXkO9fMShZ7zrHnYW76lwG2Pz93C0iQBtwFK6vcZURZQUbZQzY1N3gQdD
         wS2sxNaXIUrRlkIpR4vVeH0PDdP5z85FFZwsOEpxRdKFBmq5JcMyooMCmxDzBjR7guV7
         gJDQ9r3AZOYvYbP8QaYbgpeZ4IGHNJ1pXN8D8eA1hmfjIfu3sArBdwtwiufUnj8QUAWh
         grPg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=EvbtDhxt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f190-v6si6738214pfc.327.2018.08.30.06.11.24;
        Thu, 30 Aug 2018 06:11:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=EvbtDhxt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728911AbeH3RLY (ORCPT <rfc822;zffurovfq63@gmail.com>
        + 99 others); Thu, 30 Aug 2018 13:11:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:37802 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728582AbeH3RLX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Aug 2018 13:11:23 -0400
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 3669D20836;
        Thu, 30 Aug 2018 13:09:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1535634558;
        bh=kYS66qYia24IcWzTldwoU3RWRivJ9qcaAVOOBwFKaVQ=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=EvbtDhxtb5nVvDlQzXDvikQmhR7a+P5adBbcSFCTJcgzyO6TRD9CH8kQ3BHVgbdbr
         15xO9fvTUeMh2rnm4v92Kqrw0w2BpU0RFTIDYKFoe2DPyz0r+ZWUPJFzb17fO/KM7y
         hi2oavvroU2LpJckyhThKxuxoXoPO4TCbURo0G8k=
Received: by mail-wr1-f51.google.com with SMTP id z96-v6so8006367wrb.8;
        Thu, 30 Aug 2018 06:09:18 -0700 (PDT)
X-Gm-Message-State: APzg51DXvJNFweUtJtCyyccazrgaqdY56xuTlAK3owqzkC+Q9AVztZgE
        WikiR5rYWgW7kOwEyURPM5/KLkuIw5wxpQqqywc=
X-Received: by 2002:adf:f24e:: with SMTP id b14-v6mr7051575wrp.184.1535634556708;
 Thu, 30 Aug 2018 06:09:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAJKOXPfVXnazraHq-NCCM+h26FFi1U6Z3OSYOX17XH3bj-UDLQ@mail.gmail.com>
 <3053033.se6UkFii4W@tauon.chronox.de>
In-Reply-To: <3053033.se6UkFii4W@tauon.chronox.de>
From:   Krzysztof Kozlowski <krzk@kernel.org>
Date:   Thu, 30 Aug 2018 15:09:05 +0200
X-Gmail-Original-Message-ID: <CAJKOXPd7JdzM2_PiHkS1ix1yU9hZmMbGDZaL07vbON0XzORH=w@mail.gmail.com>
Message-ID: <CAJKOXPd7JdzM2_PiHkS1ix1yU9hZmMbGDZaL07vbON0XzORH=w@mail.gmail.com>
Subject: Re: Locking for HW crypto accelerators
To:     smueller@chronox.de
Cc:     herbert@gondor.apana.org.au, davem@davemloft.net,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 30 Aug 2018 at 14:59, Stephan Mueller <smueller@chronox.de> wrote:
>
> Am Donnerstag, 30. August 2018, 14:22:22 CEST schrieb Krzysztof Kozlowski:
>
> Hi Krzysztof,
>
> > Hi,
> >
> > I am trying to figure out necessary locking on the driver side of
> > crypto HW accelerator for symmetric hash (actually: CRC). I
> > implemented quite simple driver for shash_alg.
> >
> > I looked at the docs, I looked at the crypto kcapi core code... and
> > there is nothing about necessary locking. kcapi does not perform it.
> >
> > My HW is quite similar to drivers/crypto/stm32/stm32_crc32.c so it has
> > only one HW set of registers for dealing with CRC. Or in other words,
> > only one queue of one element. :) I implemented all shash_alg
> > callbacks - init(), update(), final()... and also finup() (manually
> > calling update+final) and digest() (init+update+final).
> >
> > Now imagine multiple user-space users of this crypto alg where all of
> > them call kcapi_md_digest() (so essentially init() -> update() ->
> > final()). It seems that kcapi does not perform any locking here so at
> > some point updates from different processes might be mixed with
> > finals:
> >
> > Process A:             Process B:
> > init()
> >                        init()
> > update()
> >                        update()
> > final()
> >                        final()
> >
> > My findings show that the requests are indeed being mixed with each other...
> >
> > Should driver perform any weird locking here? Or maybe that is the
> > case of using ONLY the digest() callback (so no update, no final)
> > because my HW cannot track different kcapi requests?
>
> The hashing is performed on a buffer provided by the caller. E.g. it is the
> buffer pointed to by the ahash request or the shash desc structure. All
> operations of init/update/final operate on that memory.
>
> If you have parallel requests, each caller has a private buffer that it
> provides to the kernel crypto API. This applies also to AF_ALG.
>
> Thus, as long as the individual operations of init/update and final are atomic
> operations, there should be no locking necessary.
>
> Thus, all your driver needs to guarantee is the atomicitcy of the init/update/
> final operation in respect to your hardware state.

Thanks Stephan for hints. Let's assume the each of init, update and
final are atomic... but how about the relation between update and
final? I have two concurrent users in user-space but only one HW:

Process A:             Process B:
init() and set_key()
                       init() and different key
update(some_data)
                       update(different_data)
final()
                       final()

The final() from process A will now produce the result of hashing/CRC
of some_data and different_data (and even maybe mixed with init() for
different key). All because in the meantime process B added its own
data to the HW.

Best regards,
Krzysztof