Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp735246ybb;
        Fri, 3 Apr 2020 10:50:23 -0700 (PDT)
X-Google-Smtp-Source: APiQypL/hHqLfJFQNSJdbhP4l2Vd21JisnuxMy59jVvagd0lfRpuTpVia2QMbyEcaJyE/tEiPkRT
X-Received: by 2002:aca:aa55:: with SMTP id t82mr3972301oie.147.1585936222951;
        Fri, 03 Apr 2020 10:50:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585936222; cv=none;
        d=google.com; s=arc-20160816;
        b=tKPJcd/nj3TkQdP/AX4JcXkf6yHI81SxvhBTdN5JiyyMGMHCEedMLLDZXlD+WeWl20
         oMlUBMST7L/D+9JM1jcl9jhsk0xYQY9VGc3xmsbSbUuHF+hKUUnmIOJ72wPBB9JQ+KUT
         CslR7va7fqjTQUUC0sl4tWJSIBJXCL+o9pnxYQyAg9a4PcYNia6oTnGOIcB+/vOwIwSA
         k5pQ8eeRlmA6za78JOf8nn3kUkJZSy+RJVB+hPrm3JqtSa8m9gMiSLXbZFnpzddGYmf9
         Iu19AV435F3mXiaWzwh+9j6eIEnIwbBTHLOUXPVvnKrulDkDFZo9PiOtZUiIkKUBsgZw
         WZQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=3OG8lFAEpJ09PZ/amzynXTCfwlvvxyjDXOX5w5FKr+E=;
        b=t27Q9ySk7tImRwr+B9OzKxrnvoEYhujZ/owqiZJ1unWS/Lfh4jihcWH1NxYTUxr9OR
         HbkLHYjQEYpLIlpIRQqWH3NU5gvBOQWzHKjUqPzH+OyzMfSViN0uhUg/m1JPu65mF77q
         DC4ByklcbZbCGnK4/Dtx8ybr6yFRnMhMRi7VbX+4Xcp/lAZxuiaEKd7Cnf2c+0PEXiGC
         JfYfNJylMqxaeS+UzxO8vjwdk7D/zGTk3gHE6+4adNKL7SKNW3F6isPUCQKVqbjl/P3j
         Q6Tz5DeJbYK982obsZ/cxePZLjoI3uNAUROhO4K4nijA9DSYS713aKMYdKritA75i2To
         lMtA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=c1EHZ+cl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o5si4074008otp.191.2020.04.03.10.50.10;
        Fri, 03 Apr 2020 10:50:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=c1EHZ+cl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2404349AbgDCRpv (ORCPT <rfc822;bowenwang.tinker@gmail.com>
        + 99 others); Fri, 3 Apr 2020 13:45:51 -0400
Received: from mail-lj1-f193.google.com ([209.85.208.193]:32998 "EHLO
        mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2404237AbgDCRpu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Apr 2020 13:45:50 -0400
Received: by mail-lj1-f193.google.com with SMTP id f20so7868905ljm.0;
        Fri, 03 Apr 2020 10:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=3OG8lFAEpJ09PZ/amzynXTCfwlvvxyjDXOX5w5FKr+E=;
        b=c1EHZ+clPAWskLmSC3jpCk5UIX7b/XtexdwIcUD9HOrR8CtL/iTql9iWeBCfi256iD
         RllSfX0R8t+mX/Hw8j/25w3jsjKOdSerTOjRBQcUawF/q0GrY8h11x+Nt3d4xmAR34Rk
         0jReMQ0cq+XT0z5phNMO94+HLRB1kkH8ihdMCMSTGqBeEgAQ0TNbK4sObsaGMH04m8hq
         q5sU26F0NNBgpomrExzJGOF36nXHk479xi3z2mIuyA58AEB33efE7blAP7vIXx0KtZEx
         m+HYZ65UvXnzGg9JiauEUEgbDANbPvBvrQgJNgGtmwtHhv5P1nIWHSeW+drzSdOZT7Mp
         DI6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=3OG8lFAEpJ09PZ/amzynXTCfwlvvxyjDXOX5w5FKr+E=;
        b=H8/fNFOHDS9vWdQkI/+1KMJ92FBJdaD6jq53qZAvk7iKPgbPdDjolO55pibQlbFhvD
         A3hLDC0PzrJzv2ZQVsWEsm+9dHhYdh6jsV/IxxafnvM5B2b1v/ijrAg97UuCvyFaLttW
         bgj/DE3ZOve7B3ef2qecy3NoKglapTc2vvtQNBLh9mCQfnkmXPiwxBtroRrti/oZnGeb
         WyGSQtZoHZKJa9KeeU6PGUgRCa1chX7TUWxSr+XYLkSIH9+dZANILv6qHuBUqhNYD0s0
         53pkycCh24MXqDHI14jJFO8bl///srxW+tfK/z9ez5fYWVc9d0lVify68XecegkNyPbT
         Rqtg==
X-Gm-Message-State: AGi0PuZeH2sLpDXphET0KjZNwld96c8kQeR/ko1RFEZX4l/u9i4fRrUP
        1fzEYEQmg+B4/CCu4ZqRaVuqvgX8baFK0IA/SQ==
X-Received: by 2002:a2e:94cb:: with SMTP id r11mr5456019ljh.276.1585935946971;
 Fri, 03 Apr 2020 10:45:46 -0700 (PDT)
MIME-Version: 1.0
References: <1585696903-96794-1-git-send-email-longli@linuxonhyperv.com>
In-Reply-To: <1585696903-96794-1-git-send-email-longli@linuxonhyperv.com>
From:   Pavel Shilovsky <piastryyy@gmail.com>
Date:   Fri, 3 Apr 2020 10:45:35 -0700
Message-ID: <CAKywueRg8kJ+0aOehM-QKGuRwbDSb2TA5vNje8eSCdMqBT+EdQ@mail.gmail.com>
Subject: Re: [PATCH] cifs: Allocate crypto structures on the fly for
 calculating signatures of incoming packets
To:     Long Li <longli@microsoft.com>
Cc:     Steve French <sfrench@samba.org>,
        linux-cifs <linux-cifs@vger.kernel.org>,
        samba-technical <samba-technical@lists.samba.org>,
        Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

=D0=B2=D1=82, 31 =D0=BC=D0=B0=D1=80. 2020 =D0=B3. =D0=B2 16:22, <longli@lin=
uxonhyperv.com>:
>
> From: Long Li <longli@microsoft.com>
>
> CIFS uses pre-allocated crypto structures to calculate signatures for bot=
h
> incoming and outgoing packets. In this way it doesn't need to allocate cr=
ypto
> structures for every packet, but it requires a lock to prevent concurrent
> access to crypto structures.
>
> Remove the lock by allocating crypto structures on the fly for
> incoming packets. At the same time, we can still use pre-allocated crypto
> structures for outgoing packets, as they are already protected by transpo=
rt
> lock srv_mutex.
>
> Signed-off-by: Long Li <longli@microsoft.com>
> ---
>  fs/cifs/cifsglob.h      |  3 +-
>  fs/cifs/smb2proto.h     |  6 ++-
>  fs/cifs/smb2transport.c | 87 +++++++++++++++++++++++++----------------
>  3 files changed, 60 insertions(+), 36 deletions(-)
>
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 0d956360e984..7448e7202e7a 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -426,7 +426,8 @@ struct smb_version_operations {
>         /* generate new lease key */
>         void (*new_lease_key)(struct cifs_fid *);
>         int (*generate_signingkey)(struct cifs_ses *);
> -       int (*calc_signature)(struct smb_rqst *, struct TCP_Server_Info *=
);
> +       int (*calc_signature)(struct smb_rqst *, struct TCP_Server_Info *=
,
> +                               bool allocate_crypto);
>         int (*set_integrity)(const unsigned int, struct cifs_tcon *tcon,
>                              struct cifsFileInfo *src_file);
>         int (*enum_snapshots)(const unsigned int xid, struct cifs_tcon *t=
con,
> diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h
> index 4d1ff7b66fdc..087d5f14320b 100644
> --- a/fs/cifs/smb2proto.h
> +++ b/fs/cifs/smb2proto.h
> @@ -55,9 +55,11 @@ extern struct cifs_ses *smb2_find_smb_ses(struct TCP_S=
erver_Info *server,
>  extern struct cifs_tcon *smb2_find_smb_tcon(struct TCP_Server_Info *serv=
er,
>                                                 __u64 ses_id, __u32  tid)=
;
>  extern int smb2_calc_signature(struct smb_rqst *rqst,
> -                               struct TCP_Server_Info *server);
> +                               struct TCP_Server_Info *server,
> +                               bool allocate_crypto);
>  extern int smb3_calc_signature(struct smb_rqst *rqst,
> -                               struct TCP_Server_Info *server);
> +                               struct TCP_Server_Info *server,
> +                               bool allocate_crypto);
>  extern void smb2_echo_request(struct work_struct *work);
>  extern __le32 smb2_get_lease_state(struct cifsInodeInfo *cinode);
>  extern bool smb2_is_valid_oplock_break(char *buffer,
> diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
> index 08b703b7a15e..c01e19a3b112 100644
> --- a/fs/cifs/smb2transport.c
> +++ b/fs/cifs/smb2transport.c
> @@ -40,14 +40,6 @@
>  #include "smb2status.h"
>  #include "smb2glob.h"
>
> -static int
> -smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
> -{
> -       return cifs_alloc_hash("hmac(sha256)",
> -                              &server->secmech.hmacsha256,
> -                              &server->secmech.sdeschmacsha256);
> -}
> -
>  static int
>  smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
>  {
> @@ -219,7 +211,8 @@ smb2_find_smb_tcon(struct TCP_Server_Info *server, __=
u64 ses_id, __u32  tid)
>  }
>
>  int
> -smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *serve=
r)
> +smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *serve=
r,
> +                       bool allocate_crypto)
>  {
>         int rc;
>         unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
> @@ -228,6 +221,8 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP=
_Server_Info *server)
>         struct smb2_sync_hdr *shdr =3D (struct smb2_sync_hdr *)iov[0].iov=
_base;
>         struct cifs_ses *ses;
>         struct shash_desc *shash;
> +       struct crypto_shash *hash;
> +       struct sdesc *sdesc =3D NULL;
>         struct smb_rqst drqst;
>
>         ses =3D smb2_find_smb_ses(server, shdr->SessionId);
> @@ -239,24 +234,32 @@ smb2_calc_signature(struct smb_rqst *rqst, struct T=
CP_Server_Info *server)
>         memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
>         memset(shdr->Signature, 0x0, SMB2_SIGNATURE_SIZE);
>
> -       rc =3D smb2_crypto_shash_allocate(server);
> -       if (rc) {
> -               cifs_server_dbg(VFS, "%s: sha256 alloc failed\n", __func_=
_);
> -               return rc;
> +       if (allocate_crypto) {
> +               rc =3D cifs_alloc_hash("hmac(sha256)", &hash, &sdesc);
> +               if (rc) {
> +                       cifs_server_dbg(VFS,
> +                                       "%s: sha256 alloc failed\n", __fu=
nc__);
> +                       return rc;
> +               }
> +               shash =3D &sdesc->shash;
> +       } else {
> +               hash =3D server->secmech.hmacsha256;
> +               shash =3D &server->secmech.sdeschmacsha256->shash;
>         }

smb2_crypto_shash_allocate() unconditionally allocated
server->secmech.hmacsha256 and server->secmech.sdeschmacsha256->shash.
Now the code doesn't allocate those variables at all. Unlike SMB3
where structures are allocated in during key generation, for SMB2 we
do it on demand in smb2_calc_signature(). So, the code above should be
changed to call smb2_crypto_shash_allocate() in "else" block.

--
Best regards,
Pavel Shilovsky