From: Ard Biesheuvel Subject: Re: [PATCH net-next v6 07/23] zinc: ChaCha20 ARM and ARM64 implementations Date: Wed, 26 Sep 2018 19:08:30 +0200 Message-ID: References: <20180925145622.29959-1-Jason@zx2c4.com> <20180925145622.29959-8-Jason@zx2c4.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Cc: Andy Lutomirski , Herbert Xu , Thomas Gleixner , Linux Kernel Mailing List , "" , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , "David S. Miller" , Greg Kroah-Hartman , Samuel Neves , Andy Lutomirski , Jean-Philippe Aumasson , Russell King , linux-arm-kernel To: "Jason A. Donenfeld" Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Wed, 26 Sep 2018 at 19:03, Jason A. Donenfeld wrote: > > On Wed, Sep 26, 2018 at 6:21 PM Andy Lutomirski wro= te: > > Are, is what you=E2=80=99re saying that the Zinc chacha20 functions sho= uld call simd_relax() every n bytes automatically for some reasonable value= of n? If so, seems sensible, except that some care might be needed to mak= e sure they interact with preemption correctly. > > > > What I mean is: the public Zinc entry points should either be callable = in an atomic context or they should not be. I think this should be checked= at runtime in an appropriate place with an __might_sleep or similar. Or s= imd_relax should learn to *not* schedule if the result of preempt_enable() = leaves it atomic. (And the latter needs to be done in a way that works even= on non-preempt kernels, and I don=E2=80=99t remember whether that=E2=80=99= s possible.). And this should happen regardless of how many bytes are proce= ssed. IOW, calling into Zinc should be equally not atomic-safe for 100 byte= s and for 10 MB. > > I'm not sure this is actually a problem. Namely: > > preempt_disable(); > kernel_fpu_begin(); > kernel_fpu_end(); > schedule(); <--- bug! > > Calling kernel_fpu_end() disables preemption, but AFAIK, preemption > enabling/disabling is recursive, so kernel_fpu_end's use of > preempt_disable won't actually do anything until the outer preempt > enable is called: > > preempt_disable(); > kernel_fpu_begin(); > kernel_fpu_end(); > preempt_enable(); > schedule(); <--- works! > > Or am I missing some more subtle point? > No that seems accurate to me.