Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1571051rwb; Fri, 7 Oct 2022 14:56:08 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6CohxmBvxbxrAds2oCk92/3NVEtqxOUqaa5HdM8w8fdcYVNF+vzWy4ImPFzIxPsUU+eOB9 X-Received: by 2002:a17:906:fd8d:b0:780:997:8b7b with SMTP id xa13-20020a170906fd8d00b0078009978b7bmr5693714ejb.635.1665179768426; Fri, 07 Oct 2022 14:56:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665179768; cv=none; d=google.com; s=arc-20160816; b=LfwGXRn9fqXrQHUfz/+FParU4wcrvliZpblWlZiuJ8oAMNbEHG4qQ/AiN3kZSY+W8u IFUsGcPdCdb0udEcHyuwF4U/qanCNcfXVXhH6tBApBw+3y4FREsM1iCPUwLiN+h3weAG H4G6Qa/wSd4/BTDrbpl0iTj2l6uXFhGoYI/MyesCuElrNOqYYqU8pm3awPJS0J0b9f7E VbdVta6ZhhjD4pdKbEUFXIEVjuszVPAqvTFZ+Klv150dET6dRLCw3QoORTvi5zmT2UDb K3ngDuv+oz74S0v7DTsEgZnSx4JsjgtoMR1miNuc8IEb5vob1dpsaAEz0i5DBtvSIBBJ b+Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=AwOY7bO2EojpfvB1Br+YIUAho2KWuW1EWGqTFF7/hpc=; b=eY2iS0NXAwrPyGSulbKoh8rQaSV2HF/RAfRsS3y98B6VzWIQKZ5rBs4kP+JSlrBkSF 0FQvrTisIxIGaTBkbXdkBJVHTj3NOxr3a6jLOXGTQCvP25qKlaC9LX0WIxC7Tm0SvjJp eAvGSbOfWNWXLF6b/TldMxWA7k158iFJVSBNoB4l+Wzxkm/ROl3l9W3mlWuQWSOZGFor EZGsTR9krsmOk9NTIkoXF83I3m2IArdqq3SsLcoLie4jE2RIiAdJSu85ZX/OqXk/vd/e 10oxORxt1ksnb0xEME11+UZIaKhosFayoxDd+2s8mdHSgjRGuJ6J5hvH63f/roaWvb4R eBFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CE3lYiZn; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f13-20020a0564021e8d00b0044e9fd71b82si2203078edf.280.2022.10.07.14.55.43; Fri, 07 Oct 2022 14:56:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CE3lYiZn; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229695AbiJGVzI (ORCPT + 99 others); Fri, 7 Oct 2022 17:55:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229777AbiJGVzE (ORCPT ); Fri, 7 Oct 2022 17:55:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A13F23F318 for ; Fri, 7 Oct 2022 14:55:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C130C61DF6 for ; Fri, 7 Oct 2022 21:55:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3065CC433D7 for ; Fri, 7 Oct 2022 21:55:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1665179702; bh=wQrjTImctRkR7wPbuDz6RXmupPHNOQ/LD+KDKr2vXrA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=CE3lYiZnJEAIaaUshHuItl2AKCicjBucX9s1WzPQsfc+6XFreYXUrlNn3Ox+y2PeE WQJMrS5D4eJvNJ1kE9KjiJopPd6Aw6dvd5S2y1h3F1SSE/9xqdUd1gF5Z6YIllIQ2D c2EVevB7QOcCyWVX54VlK41pJLQfklNYoNEjTSFIoA9c0zpRnTkX0E7sSp/EQfT34k IzCIDNf6nBI2KC1O7VWDtqkTACJl51EDelOer9+vsFWj6vEUJa+RIfLy9HHiAYzaV0 uUDBPjDIdve6Ees4Nk9k9IUBAkm3mOX6Jp1NYULiFCkuXCAdCRGYsqtWbbS8z2TlxC IUUeRozMGvYXg== Received: by mail-lj1-f175.google.com with SMTP id f9so7146458ljk.12 for ; Fri, 07 Oct 2022 14:55:02 -0700 (PDT) X-Gm-Message-State: ACrzQf2ldMKXV5fHPkeIQyL0IXedjhcLawzxxywJeFerXeBtMuDENx/O +LP4XmlKA1CUDa0KLwt41KrnjM7RhmG5dAE0sPI= X-Received: by 2002:a2e:b621:0:b0:26e:535f:a90f with SMTP id s1-20020a2eb621000000b0026e535fa90fmr1480221ljn.69.1665179700248; Fri, 07 Oct 2022 14:55:00 -0700 (PDT) MIME-Version: 1.0 References: <20221004044912.24770-1-ap420073@gmail.com> In-Reply-To: From: Ard Biesheuvel Date: Fri, 7 Oct 2022 23:54:49 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] crypto: x86: Do not acquire fpu context for too long To: "Elliott, Robert (Servers)" Cc: Taehee Yoo , Herbert Xu , "linux-crypto@vger.kernel.org" , "davem@davemloft.net" , "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "x86@kernel.org" , "hpa@zytor.com" , "ebiggers@google.com" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 4 Oct 2022 at 17:17, Elliott, Robert (Servers) wrote: > > > > > -----Original Message----- > > From: Taehee Yoo > > Sent: Tuesday, October 4, 2022 1:02 AM > > To: Herbert Xu > > Cc: linux-crypto@vger.kernel.org; davem@davemloft.net; tglx@linutronix.de; > > mingo@redhat.com; bp@alien8.de; dave.hansen@linux.intel.com; x86@kernel.org; > > hpa@zytor.com; ardb@kernel.org; ebiggers@google.com > > Subject: Re: [PATCH] crypto: x86: Do not acquire fpu context for too long > > > > Hi Herbert, > > Thanks a lot for your review! > > > > On 10/4/22 13:52, Herbert Xu wrote: > > > On Tue, Oct 04, 2022 at 04:49:12AM +0000, Taehee Yoo wrote: > > >> > > >> #define ECB_WALK_START(req, bsize, fpu_blocks) do { \ > > >> void *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); \ > > >> + unsigned int walked_bytes = 0; \ > > >> const int __bsize = (bsize); \ > > >> struct skcipher_walk walk; \ > > >> - int err = skcipher_walk_virt(&walk, (req), false); \ > > >> + int err; \ > > >> + \ > > >> + err = skcipher_walk_virt(&walk, (req), false); \ > > >> while (walk.nbytes > 0) { \ > > >> - unsigned int nbytes = walk.nbytes; \ > > >> - bool do_fpu = (fpu_blocks) != -1 && \ > > >> - nbytes >= (fpu_blocks) * __bsize; \ > > >> const u8 *src = walk.src.virt.addr; \ > > >> - u8 *dst = walk.dst.virt.addr; \ > > >> u8 __maybe_unused buf[(bsize)]; \ > > >> - if (do_fpu) kernel_fpu_begin() > > >> + u8 *dst = walk.dst.virt.addr; \ > > >> + unsigned int nbytes; \ > > >> + bool do_fpu; \ > > >> + \ > > >> + if (walk.nbytes - walked_bytes > ECB_CBC_WALK_MAX) { \ > > >> + nbytes = ECB_CBC_WALK_MAX; \ > > >> + walked_bytes += ECB_CBC_WALK_MAX; \ > > >> + } else { \ > > >> + nbytes = walk.nbytes - walked_bytes; \ > > >> + walked_bytes = walk.nbytes; \ > > >> + } \ > > >> + \ > > >> + do_fpu = (fpu_blocks) != -1 && \ > > >> + nbytes >= (fpu_blocks) * __bsize; \ > > >> + if (do_fpu) \ > > >> + kernel_fpu_begin() > > >> > > >> #define CBC_WALK_START(req, bsize, fpu_blocks) \ > > >> ECB_WALK_START(req, bsize, fpu_blocks) > > >> @@ -65,8 +81,12 @@ > > >> } while (0) > > >> > > >> #define ECB_WALK_END() \ > > >> - if (do_fpu) kernel_fpu_end(); \ > > >> + if (do_fpu) \ > > >> + kernel_fpu_end(); \ > > >> + if (walked_bytes < walk.nbytes) \ > > >> + continue; \ > > >> err = skcipher_walk_done(&walk, nbytes); \ > > >> + walked_bytes = 0; \ > > >> } \ > > >> return err; \ > > >> } while (0) > > > > > > skcipher_walk_* is supposed to return at most a page. Why is this > > > necessary? > > > > > > Cheers, > > > > I referred to below link. > > https://lore.kernel.org/all/MW5PR84MB18426EBBA3303770A8BC0BDFAB759@MW5PR84MB18 > > 42.NAMPRD84.PROD.OUTLOOK.COM/ > > > > Sorry for that I didn't check that skcipher_walk_* returns only under 4K > > sizes. > > So, I thought fpu context would be too long. > > But, I just checked the skcipher_walk_*, and it's right, it returns > > under 4K sizes. > > So, there are no problems as you mentioned. > > > > Thank you so much! > > Taehee Yoo > > I think functions using the ECB and CBC macros (and > those helper functions) are safe - notice the third > argument is called fpu_blocks. So, Aria's ECB mode is > probably safe. There are no CTR macros, so that needs > to be checked more carefully. > > We need to check all the functions that don't use the > macros and functions. The SHA functions (I've started > working on a patch for those). > > Running modprobe tcrypt mode=0, I encountered RCU stalls > on these: > tcrypt: testing encryption speed of sync skcipher cts(cbc(aes)) using cts(cbc(aes-aesni)) > tcrypt: testing encryption speed of sync skcipher cfb(aes) using cfb(aes-aesni) > > aesni-intel_glue.c registers "__cts(cbs(aes))", not "cts(cbc(aes-aesni)", > and doesn't register any cfb algorithms, so those tests are using the > generic templates, which must not be breaking up the loops as needed. > These all use the aes-aesni cipher wrapped in various layers of generic code. The core cipher puts kernel_fpu_begin/end around every AES block {16 bytes) it processes, so I doubt that the crypto code is at fault here, unless the issues is in tcrypt itself.