| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171130102948.22d451cd@gandalf.local.home>
Date: Thu, 30 Nov 2017 10:29:48 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: linux-rt-users@...r.kernel.org, linux-kernel@...r.kernel.org,
tglx@...utronix.de, Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH RT] crypto: limit more FPU-enabled sections
On Thu, 30 Nov 2017 15:22:17 +0100
Sebastian Andrzej Siewior <bigeasy@...utronix.de> wrote:
> Those crypto drivers use SSE/AVX/… for their crypto work and in order to
> do so in kernel they need to enable the "FPU" in kernel mode which
> disables preemption.
> There are two problems with the way they are used:
> - the while loop which processes X bytes may create latency spikes and
> should be avoided or limited.
> - the cipher-walk-next part may allocate/free memory and may use
> kmap_atomic().
>
> The whole kernel_fpu_begin()/end() processing isn't probably that cheap.
> It most likely makes sense to prcess as much of those as possible in one
s/prcess/process/
> go. The new *_fpu_sched_rt() shedules only if a RT task is pending.
>
> Probably we should meassure the performance those ciphers in pure SW
> mode and with this optimisations to see if it makes sense to keep them
> for RT.
>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
> +static void camellia_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + camellia_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
> +static void camellia_fpu_sched_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled || !tif_need_resched_now())
> + return;
> + camellia_fpu_end(fpu_enabled);
> + kernel_fpu_end();
> + /* schedule due to preemptible */
> + kernel_fpu_begin();
> +#endif
> +}
> +
> +static void camellia_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + camellia_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
> +static void camellia_fpu_sched_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled || !tif_need_resched_now())
> + return;
> + camellia_fpu_end(fpu_enabled);
I haven't looked deeply, but why does this call the camellia_fpu_end()
but other *_fpu_sched_rt() do not call the equivalent?
> + kernel_fpu_end();
> + /* schedule due to preemptible */
> + kernel_fpu_begin();
> +#endif
> +}
> +
These are duplicate functions. Shouldn't they go into a header file?
Also, they are very similar:
static inline void camellia_fpu_end(bool fpu_enabled)
{
glue_fpu_end(fpu_enabled);
}
static inline void cast6_fpu_end(bool fpu_enabled)
{
glue_fpu_end(fpu_enabled);
}
static inline void serpent_fpu_end(bool fpu_enabled)
{
glue_fpu_end(fpu_enabled);
}
static inline void twofish_fpu_end(bool fpu_enabled)
{
glue_fpu_end(fpu_enabled);
}
-- Steve
>
> +static void cast6_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + cast6_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
>
> +static void serpent_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + serpent_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
> +static void serpent_fpu_sched_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled || !tif_need_resched_now())
> + return;
> + kernel_fpu_end();
> + /* schedule due to preemptible */
> + kernel_fpu_begin();
> +#endif
> +}
> +
> static void encrypt_callback(void *priv, u8 *srcdst, unsigned int nbytes)
>
> +static void serpent_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + serpent_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
>
> diff --git a/arch/x86/crypto/serpent_sse2_glue.c b/arch/x86/crypto/serpent_sse2_glue.c
> index ac0e831943f5..66fd2a51836f 100644
> --- a/arch/x86/crypto/serpent_sse2_glue.c
> +++ b/arch/x86/crypto/serpent_sse2_glue.c
> @@ -187,16 +187,28 @@ struct crypt_priv {
> bool fpu_enabled;
> };
>
> +static void serpent_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + serpent_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
>
> +static void twofish_fpu_end_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled)
> + return;
> + twofish_fpu_end(fpu_enabled);
> + ctx->fpu_enabled = false;
> +#endif
> +}
> +
> +static void twofish_fpu_sched_rt(struct crypt_priv *ctx)
> +{
> +#if CONFIG_PREEMPT_RT_FULL
> + bool fpu_enabled = ctx->fpu_enabled;
> +
> + if (!fpu_enabled || !tif_need_resched_now())
> + return;
> + kernel_fpu_end();
> + /* schedule due to preemptible */
> + kernel_fpu_begin();
> +#endif
> +}
> +
>
Powered by blists - more mailing lists