| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jul 2022 09:59:49 +0200
From: Hendrik Brueckner <brueckner@...ux.ibm.com>
To: Steffen Eiden <seiden@...ux.ibm.com>
Cc: Heiko Carstens <hca@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Janosch Frank <frankja@...ux.ibm.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-mm@...ck.org, nrb@...ux.ibm.com
Subject: Re: [PATCH v2 1/3] s390/cpufeature: rework to allow more than only
hwcap bits
On Wed, Jul 13, 2022 at 02:56:42PM +0200, Steffen Eiden wrote:
> From: Heiko Carstens <hca@...ux.ibm.com>
>
> Rework cpufeature implementation to allow for various cpu feature
> indications, which is not only limited to hwcap bits. This is achieved
> by adding a sequential list of cpu feature numbers, where each of them
> is mapped to an entry which indicates what this number is about.
>
> Each entry contains a type member, which indicates what feature
> name space to look into (e.g. hwcap, or cpu facility). If wanted this
> allows also to automatically load modules only in e.g. z/VM
> configurations.
>
> Signed-off-by: Heiko Carstens <hca@...ux.ibm.com>
> Signed-off-by: Steffen Eiden <seiden@...ux.ibm.com>
> ---
> arch/s390/crypto/aes_s390.c | 2 +-
> arch/s390/crypto/chacha-glue.c | 2 +-
> arch/s390/crypto/crc32-vx.c | 2 +-
> arch/s390/crypto/des_s390.c | 2 +-
> arch/s390/crypto/ghash_s390.c | 2 +-
> arch/s390/crypto/prng.c | 2 +-
> arch/s390/crypto/sha1_s390.c | 2 +-
> arch/s390/crypto/sha256_s390.c | 2 +-
> arch/s390/crypto/sha3_256_s390.c | 2 +-
> arch/s390/crypto/sha3_512_s390.c | 2 +-
> arch/s390/crypto/sha512_s390.c | 2 +-
Regarding facility bits for cpu features: Initially, I used
MSA hwcap to cover all ciphers among all hw generations. With facility bit
checks, it makes more sense to fine-tune and load based on respective
MSA level or CPACF functions that is required for ciphers/hashes.
E.g. like
> diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c
> index 43ce4956df73..04f11c407763 100644
> --- a/arch/s390/crypto/sha512_s390.c
> +++ b/arch/s390/crypto/sha512_s390.c
> @@ -142,7 +142,7 @@ static void __exit fini(void)
> crypto_unregister_shash(&sha384_alg);
> }
>
> -module_cpu_feature_match(MSA, init);
> +module_cpu_feature_match(S390_CPU_FEATURE_MSA, init);
> module_exit(fini);
which becomes automatically loaded if (any) MSA is available and then
performs this check:
cpacf_query_func(CPACF_KIMD, CPACF_KIMD_SHA_512
which in the worst case would fail.
This might be a very useful follow-up patch to remove those mod init checks
into the cpu feature.
Other than that,
Reviewed-by: Hendrik Brueckner <brueckner@...ux.ibm.com>
Powered by blists - more mailing lists