[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190919134512.GA29320@gondor.apana.org.au>
Date: Thu, 19 Sep 2019 23:45:13 +1000
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Horia Geanta <horia.geanta@....com>
Cc: Andrey Smirnov <andrew.smirnov@...il.com>,
Leonard Crestez <leonard.crestez@....com>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
Chris Healy <cphealy@...il.com>,
Lucas Stach <l.stach@...gutronix.de>,
Iuliana Prodan <iuliana.prodan@....com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Abel Vesa <abel.vesa@....com>
Subject: Re: [PATCH 12/12] crypto: caam - change JR device ownership scheme
On Thu, Sep 19, 2019 at 11:19:22AM +0000, Horia Geanta wrote:
>
> What should a driver do when:
> -user tries to unbind it AND
> -there are tfms referencing algorithms registered by this driver
>
> 1. If driver tries to unregister the algorithms during its .remove()
> callback, then this BUG_ON is hit:
>
> int crypto_unregister_alg(struct crypto_alg *alg)
> {
> [...]
> BUG_ON(refcount_read(&alg->cra_refcnt) != 1);
You must not unregister the algorithm until it's no longer in use.
Normally we enforce this using module reference counts.
For hardware devices that need to be unregistered without unloading
the module at the same time, you will need your own reference
counting to determine when unregistration can be carried out. But
it must be carefully done so that it is not racy.
> 2. If driver exits without unregistering the algorithms,
> next time one of the tfms referencing those algorithms will be used
> bad things will happen.
Well remember hardware devices can always go away (e.g., dead
or unplugged) so the driver must do something sensible when that
happens. If this happened on a live tfm then further operations
should ideally fail and any outstanding requests should also fail
in a timely manner.
> 3. There is no mechanism in crypto core for notifying users
> to stop using a tfm.
For software implementations we use the module reference count
as the mechanism to signal that an algorithm is going away. In
particular try_module_get (and consequently crypto_mod_get) will
fail when the module is being unregistered.
We should extend this to cover hardware devices. Perhaps we can
introduce a callback in crypto_alg that crypto_mod_get can invoke
which would then fail if the device is going away (or has gone away).
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists