lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZtFm60YSk9BsAjYV@wunner.de>
Date: Fri, 30 Aug 2024 08:30:03 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Gonglei <arei.gonglei@...wei.com>
Cc: linux-kernel@...r.kernel.org, virtualization@...ts.linux-foundation.org,
	linux-crypto@...r.kernel.org,
	Herbert Xu <herbert@...dor.apana.org.au>,
	"Michael S . Tsirkin" <mst@...hat.com>,
	Baolin Wang <baolin.wang@...aro.org>, longpeng2@...wei.com,
	wu.wubin@...wei.com
Subject: Re: [PATCH] virtio-crypto: support crypto engine framework

On Tue, Dec 27, 2016 at 02:49:07PM +0800, Gonglei wrote:
> crypto engine was introduced since 'commit 735d37b5424b ("crypto: engine
> - Introduce the block request crypto engine framework")' which uses work
> queue to realize the asynchronous processing for ablk_cipher and ahash.
> 
> For virtio-crypto device, I register an engine for each
> data virtqueue so that we can use the capability of
> multiple data queues in future.

The above got applied as d79b5d0bbf2e.

What's the benefit of this change?

virtio has its own queue for requests.  Adding a crypto_engine puts
a queue in front of that.  So now there's a queue feeding a queue.
That seems to be a roundabout way of doing things, so I'm wondering
why this change was made?  It seems to introduce complexity and
overhead with no apparent benefit.

The reason I'm asking is that I'm splitting sign/verify out of
virtio_crypto_akcipher_algs.c:

https://lore.kernel.org/all/ZscuLueUKl9rcCGr@wunner.de/

Nowadays sign/verify is no longer asynchronous.  However the
crypto_engine indirection forces me to introduce a sig_request
struct which stores the input/output parameters for a sign/verify
operation, so that the crypto_engine can consume it asynchronously.

I'm tempted to instead remove crypto_engine support from
virtio_crypto_core.c to ease migration to synchronous sign/verify.

Thanks,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ