Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp959474imm; Wed, 26 Sep 2018 09:22:23 -0700 (PDT) X-Google-Smtp-Source: ACcGV611JqCcs0c00k/5QUj9gVXsMvkuh/t69GAjyLelHzphl7brhoDpiIfPAKApQFiBfDGobHLo X-Received: by 2002:a62:798e:: with SMTP id u136-v6mr1118689pfc.95.1537978943767; Wed, 26 Sep 2018 09:22:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537978943; cv=none; d=google.com; s=arc-20160816; b=If7m27NuZfxcYVbzAVkHI8BLbxHKkFU+cIAxAxK03G3jsxGpG33w/RsJBgwqUHgMJ8 vFLyOJwnZXgM9HOs6vPn/WJWWZhw7K1cjM5+n9rjLGG7B8cMDr+TImHaCJ31wyrobhLZ 1hy5nqtYjmEjH01Aq9mD1M2YhA2b5lJjMYQNGPGKJFTi7C8ZbCqpfVXyK9HAEuMjZ8gP 0TalDtayi8xacm6pBU8CTT6BsVkOl9EpPp14yVaT+YaWnc3EkFYE28fz88K7RLTXuQpp Hfg4G7++4+Ch966D1FbFtbUiHpHHwgKdgqUw4KSHnf45sQ9VKOJMiEY0j7wEAWePKali VfDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=IItGuF9Cd6xIR7yEn1bw/RTknS2eJDnbTUJYwwXhwDI=; b=efvXVKjOmaqH/BQvp8K6HASHDey9mvZ3JTw3n65gRPBUiDscX4tOYoSd8S3qEwyoFL v02b48xtusekw9ykclGUgoAFjMUF1seq4UICB9ZTghBWsOLnSUkesQyg6AWcEohkvFBF fqvggtus2y4yjm/D/44m81MBde17bJGXsMk3efHKaC2o4w37fqFJglwWY359QXpZ85Xc 6igH1qdA8tAlNtEW6LgsZ7Cv/Afkqo8kEEevpNOOnKTai4fWeGa+ReK9N+EO64k792e7 CRaOn7Ig4vPj1NuLPc7LzGkUL2VtlChAhvANEBnFnHV2WF2NYAI9A3wKg5b4cS96Txo+ nvpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=G2fPxZNz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s65-v6si5578306pgb.486.2018.09.26.09.22.08; Wed, 26 Sep 2018 09:22:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=G2fPxZNz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728557AbeIZWfI (ORCPT + 99 others); Wed, 26 Sep 2018 18:35:08 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:40998 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727649AbeIZWfH (ORCPT ); Wed, 26 Sep 2018 18:35:07 -0400 Received: by mail-pf1-f195.google.com with SMTP id m77-v6so4975943pfi.8 for ; Wed, 26 Sep 2018 09:21:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IItGuF9Cd6xIR7yEn1bw/RTknS2eJDnbTUJYwwXhwDI=; b=G2fPxZNz6ir7ab/bXLz5shQfyXpggsEI1j6RxPBgrFfibLosh/+86haXoZ2nmxgV8G Cw70WDJgOXL+Z/wHBgrG4drJOqUoXn6Et+20RkzR4waXnpEKhjz9BFrPHsi/u85LLOha UWYJNIePnJIgbqhmRO5Ts4RdANfCdeVIPlzqrpSbtrHBATIZTz5RZ2VvSmhVfzdoS7yF DQs3NY/xfmVG/lGfcaRb0IOkkDCkrfSSriL/ymhd+59RD1C9galuv1lYokaEs7z/N/OQ QsxJCM8R4tZtbi2x9aQNdtd+hD/IEl3jdsjqSp5Ls3Xt3+g4yeYEH3PE679JDKjeGHiN HKAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IItGuF9Cd6xIR7yEn1bw/RTknS2eJDnbTUJYwwXhwDI=; b=Dn0cKlVhknVIEvOTKc/hzddcgacJk79b+NJfK1NUf6HJxed9rZBJHDCYSTD23RrKFH GmlAQx7jlF2Et255uQMUAaohwYCQg09CNZC2UlCR2wkYcmEFxQKjUkU7qzDZxaWVTmnE Ft58+txi2IRxb0WnwXFPsb74xPpy/+rdZInjiez/QtSjLwB6UlAKL0KxhDU5RxNVy/zD 9ng9TBWUx+LIycQuT+DfTn5hizegZ4YfLpktWV2YQyL5xgS2gunRQQcLyHmdsignHzpQ mXjJdUDgtoVa6uhXP7kr2PGw0Y3hvnCp5VLhsnLqMqFDRrxIorDERkcHv4AdT7AH5Fb+ P6Hg== X-Gm-Message-State: ABuFfoh6y3OC3ci0h/+DZ2LUOfCWD2uJnL/mtX7vdnHhvtmC0n/boF5f 9P6wrfSCK4uOHOWyC0NiwG02SA== X-Received: by 2002:a62:7885:: with SMTP id t127-v6mr7091641pfc.6.1537978885682; Wed, 26 Sep 2018 09:21:25 -0700 (PDT) Received: from ?IPv6:2601:646:c200:7429:583:1c0b:7305:80fc? ([2601:646:c200:7429:583:1c0b:7305:80fc]) by smtp.gmail.com with ESMTPSA id a1-v6sm9643049pfc.28.2018.09.26.09.21.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Sep 2018 09:21:24 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [PATCH net-next v6 07/23] zinc: ChaCha20 ARM and ARM64 implementations From: Andy Lutomirski X-Mailer: iPhone Mail (16A366) In-Reply-To: Date: Wed, 26 Sep 2018 09:21:23 -0700 Cc: "Jason A. Donenfeld" , Herbert Xu , Thomas Gleixner , Linux Kernel Mailing List , "" , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , "David S. Miller" , Greg Kroah-Hartman , Samuel Neves , Andy Lutomirski , Jean-Philippe Aumasson , Russell King , linux-arm-kernel Content-Transfer-Encoding: quoted-printable Message-Id: References: <20180925145622.29959-1-Jason@zx2c4.com> <20180925145622.29959-8-Jason@zx2c4.com> To: Ard Biesheuvel Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Sep 26, 2018, at 7:02 AM, Ard Biesheuvel wr= ote: >=20 > (+ Herbert, Thomas) >=20 >> On Wed, 26 Sep 2018 at 15:33, Jason A. Donenfeld wrote:= >>=20 >> Hi Ard, >> . >=20 >> And if it becomes one, >> this is something we can address *later*, but certainly there's no use >> of adding additional complexity to the initial patchset to do this >> now. >>=20 >=20 > You are introducing a very useful SIMD abstraction, but it lets code > run with preemption disabled for unbounded amounts of time, and so now > is the time to ensure we get it right. >=20 > Part of the [justified] criticism on the current state of the crypto > API is on its complexity, and so I don't think it makes sense to keep > it simple now and add the complexity later (and the same concern > applies to async support btw). Are, is what you=E2=80=99re saying that the Zinc chacha20 functions should c= all simd_relax() every n bytes automatically for some reasonable value of n?= If so, seems sensible, except that some care might be needed to make sure t= hey interact with preemption correctly. What I mean is: the public Zinc entry points should either be callable in an= atomic context or they should not be. I think this should be checked at ru= ntime in an appropriate place with an __might_sleep or similar. Or simd_rel= ax should learn to *not* schedule if the result of preempt_enable() leaves i= t atomic. (And the latter needs to be done in a way that works even on non-p= reempt kernels, and I don=E2=80=99t remember whether that=E2=80=99s possible= .). And this should happen regardless of how many bytes are processed. IOW, c= alling into Zinc should be equally not atomic-safe for 100 bytes and for 10 M= B. As for async, ISTM a really good WireGuard accelerator would expose a differ= ent interface than crypto API supports, and it probably makes sense to wait f= or such hardware to show up before figuring out how to use it. And no matte= r what form it takes, I don=E2=80=99t think it should complicate the basic Z= inc crypto entry points.=