On Mon, Jul 11, 2022 at 03:21:39PM +0100, Giovanni Cabiddu wrote:
On Mon, Apr 11, 2022 at 05:37:24PM +0000, Eric Biggers wrote:
On Sun, Apr 10, 2022 at 08:47:05PM +0100, Giovanni Cabiddu wrote:
If requests exceed 4 entries buffers, memory is allocated dynamically.
In addition, remove the CRYPTO_ALG_ALLOCATES_MEMORY flag from both aead and skcipher alg structures.
There is nothing that says that algorithms can ignore !CRYPTO_ALG_ALLOCATES_MEMORY if there are too many scatterlist entries. See the comment above the definition of CRYPTO_ALG_ALLOCATES_MEMORY.
If you need to introduce this constraint, then you will need to audit the users of !CRYPTO_ALG_ALLOCATES_MEMORY to verify that none of them are issuing requests that violate this constraint, then add this to the documentation comment for CRYPTO_ALG_ALLOCATES_MEMORY.
Belatedly...
Adding to this thread my colleague Lucas who did an audit of the users of !CRYPTO_ALG_ALLOCATES_MEMORY to understand if we can add a constraint to the definition of CRYPTO_ALG_ALLOCATES_MEMORY.
Regards,
-- Giovanni
An audit was done on users of !CRYPTO_ALG_ALLOCATES_MEMORY: dm-crypt and dm-integrity. dm-crypt uses scatterlists with at most 4 entries, but dm-integrity may allocate memory for scatterlist with arch-dependent and system-bounded number of entries. Therefore the constraint in https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.org... cannot be introduced.
A way to solve the problem might be to forward requests with more than 4 entries in a scatterlist to an implementation that does not allocate memory. This will introduce always a performance penalty for requests with scatterlists greater than 4 in algorithms backed up by HW accelerators, even if the requestor does not requires this restriction. A way to solve this might be to register two versions of the same algorithm, one without CRYPTO_ALG_ALLOCATES_MEMORY that forwards to SW and one with CRYPTO_ALG_ALLOCATES_MEMORY set that doesn’t. Any suggestions?
Adding Horia Geantă and dm-devel based on the previous thread.
Thanks. --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN. Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.