Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp498111lqr; Wed, 5 Jun 2024 11:58:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWWSOwTJ1IoaFZ+WBH5RFYbtFw+opoeLD+rBc/5EgzH6AvJIPr1sZBK5PyP2uMmGkz8VNKE9HwnEi2Nh5fk+vdTWy3ZZp6x5sinP8XevQ== X-Google-Smtp-Source: AGHT+IFQg5+our+kMfCHvUIMjy9S5EK9/qKeVQkE28zbHLLZ8Zo+gQ+cuRxL2arBI0REF7CfBbui X-Received: by 2002:a05:6102:370d:b0:48b:ae5b:b356 with SMTP id ada2fe7eead31-48c048e4211mr4478114137.15.1717613917985; Wed, 05 Jun 2024 11:58:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717613917; cv=pass; d=google.com; s=arc-20160816; b=ACIEA7u6rjanIUxNjmGwGwaA4JC85gip2wSm528w0//0pFzqPiswz6X+7nr9/ggqGr pNjixg7drghlymYgnpE0rAmf7MMGVfFfkhN9KH/xewr1rnTYS4xv7BoVF/9EjXqf6PvL hxVmsbsbPwuNcRwZRfE1YY6JTPfcXv6j4yqTIGtBBFfjBa6ZCuIf8unbm55S5NdUbFK5 XCnC64KiArWq/KIcj5MZru8KbvHhZpVAiMmst9K/ZiAoiFAjDQnReatixA1m0sYpZhHA HdZQb48Q0P41Esf4+pWzdiEN0cXnbHylNX5wjBTrH3WeKuZ1ut0tLbJyUNUrLJw9mChq WXng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=tHbAd2zWoBXELz8o3pRyNuT6u8gNWIj6qRyqkGC2kSI=; fh=PhjcRUevoInpMasAa/8hoLgoaNjfou5FLS3vcqu9Nww=; b=F4Ovruu3CQQ4SmhzKmqUDt8WbrFdMQRhhFpYZdDbjp3PYseDdyo+g/GpB0alZrLHRl 4k/7v2RuS6NWLBqaLvprve4diEVafCgk/Ybud0LOEQ3NPshkVZ2O4DitGbfS/BqZGXPy 63osgScbnNo5QA9EkqXTFV5N9Z5FANhrGzbeZFzyCJ5B6xGh51T2w24VIrgVq8n1nKfr 2iagYHJopEMSMQNSMsyv4SKqzccahqosgBY1YH/NA2IO8dTahelgaLc3YLtERMUuWDLu ljbBFi/AZ2ScggAK0GC+oYvGAI/sQx/05V7TwD7zG/WUjE2wiFxMTk07CYy8LrIVGD9h XGZg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M4BXj4xl; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4759-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4759-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id af79cd13be357-7951958e919si375376285a.218.2024.06.05.11.58.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 11:58:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4759-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=M4BXj4xl; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4759-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4759-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id B1F401C21384 for ; Wed, 5 Jun 2024 18:58:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4946313B28A; Wed, 5 Jun 2024 18:58:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M4BXj4xl" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED3AF2F2B; Wed, 5 Jun 2024 18:58:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717613896; cv=none; b=F0yYLCs+QmkGRblyOXvJKaorhQ9PQeqI1U+mv5G8bPoxikR/6+QPNgCWfnpMN2dmmwjGiZrjHQ66Jy3s41yw5oeS58hkki+7QnePtkmfjOL15PVFdt2xNkoNfXOB+GAmaCg+xyV4QRULVWFbVPagcdH1gw1lPvlOMX01tELZb0Y= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717613896; c=relaxed/simple; bh=vi1o/e9gmwqnbe2LC/NP+cXWDaYTONv/9BSHBsc5bk4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=jEDpKzAWiyV4mFM+iQPQ4wSNFVfsxI8MQUv2M4AOz9xxGZkIitqAqgRI/JIcpIDbsspWlAsgj8xh9anGBtgVMkEyLC2v1xup5VxQPzar5ketuUAo1vY+K8blae9vSBZPYzLuFVHtI4GqMNrB7r69eX4lR/nhnfnxcfmFhqn4BLY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M4BXj4xl; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 860D9C2BD11; Wed, 5 Jun 2024 18:58:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717613895; bh=vi1o/e9gmwqnbe2LC/NP+cXWDaYTONv/9BSHBsc5bk4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=M4BXj4xli/ZFwmGLAOvLGljdEnj/zSat1UrSG+Vbc+5Op13rKSxvEJaTy42KV8AO5 xj1iZmqMO5Pp1XZ5k0tvoRVBmHUmuJiDTJV7TU+ZuwEEikh/MvScIoXx5Xi55vNSTg V3eAnKLeaUuAmtsEX0Y2TdlSBbYWp0UDH0d0Kjm7YGnQK8U19BJKMJlVBt2ahFLmja rjeKseIaa4nBnYUZbLFUaMc7u0lV4SeFsi7tzq2CsanAEQD3oFZYWkwZxaEzIGLMvW Ac+ggcG/4Q2+jmh84OMMFnb+7tWUHO4U0uyxU8PRIfhnB6SqwF2BhJ1rSaYXnAvrTN PYy60e4x7Wctw== Date: Wed, 5 Jun 2024 11:58:13 -0700 From: Eric Biggers To: Herbert Xu Cc: linux-crypto@vger.kernel.org, fsverity@lists.linux.dev, dm-devel@lists.linux.dev, x86@kernel.org, linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Sami Tolvanen , Bart Van Assche Subject: Re: [PATCH v4 6/8] fsverity: improve performance by using multibuffer hashing Message-ID: <20240605185813.GA1222@sol.localdomain> References: <20240603183731.108986-1-ebiggers@kernel.org> <20240603183731.108986-7-ebiggers@kernel.org> <20240604184220.GC1566@sol.localdomain> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Jun 05, 2024 at 05:19:01PM +0800, Herbert Xu wrote: > On Tue, Jun 04, 2024 at 11:42:20AM -0700, Eric Biggers wrote: > > > > This doesn't make any sense, though. First, the requests need to be enqueued > > for the task, but crypto_ahash_finup() would only have the ability to enqueue it > > in a queue associated with the tfm, which is shared by many tasks. So it can't > > OK I screwed up that one. But that's not hard to fix. We could > simply add request chaining: > > ahash_request_chain(req1, req2); > ahash_request_chain(req2, req3); > ... > ahash_request_chain(reqn1, reqn); > > err = crypto_ahash_finup(req1); So after completely changing several times your proposal is getting a bit closer to mine, but it still uses a very clumsy API based around ahash that would be much harder to use and implement correctly. It also says nothing about what the API would look like on the shash side, which would be needed anyway because ahash is almost always just a pointless wrapper for shash. Is there a different API that you are asking for on the shash side? If so, what? > > actually work unless the tfm maintained a separate queue for each task, which > > would be really complex. Second, it adds a memory allocation per block which is > > very undesirable. You claim that it's needed anyway, but actually it's not; > > with my API there is only one initial hash state regardless of how high the > > interleaving factor is. In fact, if multiple initial states were allowed, > > Sure you don't need it for two interleaved requests. But as you > scale up to 16 and beyond, surely at some point you're going to > want to move the hash states off the stack. To reiterate, with my proposal there is only one state in memory. It's a simple API that can't be misused by providing inconsistent properties in the requests. Yes, separate states would be needed if we were to support arbitrary updates, but why add all that complexity before it's actually needed? Also, "16 and beyond" is highly unlikely to be useful for kernel use cases. > > multibuffer hashing would become much more complex because the underlying > > algorithm would need to validate that these different states are synced up. My > > proposal is much simpler and avoids all this unnecessary overhead. > > We could simply state that these chained requests must be on block > boundaries, similar to how we handle block ciphers. This is not a > big deal. ... which would make it useless for most dm-verity users, as dm-verity uses a 32-byte salt with SHA-256 (which has a 64-byte block size) by default. > > > Really the only reason to even consider ahash at all would be try to support > > software hashing and off-CPU hardware accelerators using the "same" code. > > However, your proposal would not achieve that either, as it would not use the > > async callback. Note, as far as I know no one actually cares about off-CPU > > hardware accelerator support in fsverity anyway... > > The other thing is that verity doesn't benefit from shash at all. > It appears to be doing kmap's on every single request. The diff from switching fsverity from ahash to shash clearly demonstrates otherwise. Yes, fsverity has to map the pages to pass into shash, but that's a very minor thing compared to all the complexity of ahash that was saved. And fsverity already had to map most of the pages anyway to access them. - Eric