From: Linus Torvalds Subject: Re: [PATCH] treewide: Remove direct uses of SHA_WORKSPACE_WORDS Date: Sun, 7 Aug 2011 14:41:14 -0700 Message-ID: References: <1312595187-3265-1-git-send-email-msb@chromium.org> <1312752577.29102.13.camel@Joe-Laptop> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Cc: Joachim Eastwood , Andreas Schwab , Nicolas Pitre , Mandeep Singh Baines , linux-kernel@vger.kernel.org, Ramsay Jones , Herbert Xu , "David S. Miller" , linux-crypto@vger.kernel.org, linux@arm.linux.org.uk To: Joe Perches Return-path: Received: from smtp1.linux-foundation.org ([140.211.169.13]:55319 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755369Ab1HGVmO (ORCPT ); Sun, 7 Aug 2011 17:42:14 -0400 In-Reply-To: <1312752577.29102.13.camel@Joe-Laptop> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Sun, Aug 7, 2011 at 2:29 PM, Joe Perches wrote: > While not connected to ARM's implementation of sha_transform, > maybe this might make code a bit clearer. > > Remove need to know the size and type of SHA_WORKSPACE_WORDS. > Introduce and use opaque struct sha_workspace instead. The thing is, that workspace thing is likely just broken, and should be removed. On machines with sufficient registers, we can keep the workspace in the register set, and setting it up on stack and passing it in as a buffer is just bad. On x86 and arm it doesn't matter, but on ppc it likely pessimizes the code by resulting in pointless writebacks to that stack buffer. So the right thing to do is probably to just remove it entirely, and just make the sha_transform() thing allocate it on the stack as needed. The only issue then is whether you really want the stackspace cleared afterwards. My personal guess is that it really doesn't matter: if you leak stack space anywhere, you are seriously screwed from a security standpoint anyway, so.. But in the meantime, I don't want to add this kind of abstraction for something that I suspect is just fundamentally broken. Linus