lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABO+C-AfQ6PV-NJpCD86sdx7zSPcPQMsOasDKc_s2Qqtq60FNQ@mail.gmail.com>
Date: Tue, 9 Dec 2025 12:26:13 +0800
From: Jerry Shih <jerry.shih@...ive.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Ard Biesheuvel <ardb@...nel.org>, "Jason A . Donenfeld" <Jason@...c4.com>, 
	Herbert Xu <herbert@...dor.apana.org.au>, Vivian Wang <wangruikang@...as.ac.cn>, 
	"David S . Miller" <davem@...emloft.net>, Palmer Dabbelt <palmer@...belt.com>, Paul Walmsley <pjw@...nel.org>, 
	Alexandre Ghiti <alex@...ti.fr>, "Martin K . Petersen" <martin.petersen@...cle.com>, Han Gao <gaohan@...as.ac.cn>, 
	linux-riscv@...ts.infradead.org, stable@...r.kernel.org
Subject: Re: [PATCH] lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS

On Sun, Dec 7, 2025 at 5:39 AM Eric Biggers <ebiggers@...nel.org> wrote:
>
> Replace the RISCV_ISA_V dependency of the RISC-V crypto code with
> RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS, which implies RISCV_ISA_V as
> well as vector unaligned accesses being efficient.
>
> This is necessary because this code assumes that vector unaligned
> accesses are supported and are efficient.  (It does so to avoid having
> to use lots of extra vsetvli instructions to switch the element width
> back and forth between 8 and either 32 or 64.)
>
> This was omitted from the code originally just because the RISC-V kernel
> support for detecting this feature didn't exist yet.  Support has now
> been added, but it's fragmented into per-CPU runtime detection, a
> command-line parameter, and a kconfig option.  The kconfig option is the
> only reasonable way to do it, though, so let's just rely on that.
>
> Fixes: eb24af5d7a05 ("crypto: riscv - add vector crypto accelerated AES-{ECB,CBC,CTR,XTS}")
> Fixes: bb54668837a0 ("crypto: riscv - add vector crypto accelerated ChaCha20")
> Fixes: 600a3853dfa0 ("crypto: riscv - add vector crypto accelerated GHASH")
> Fixes: 8c8e40470ffe ("crypto: riscv - add vector crypto accelerated SHA-{256,224}")
> Fixes: b3415925a08b ("crypto: riscv - add vector crypto accelerated SHA-{512,384}")
> Fixes: 563a5255afa2 ("crypto: riscv - add vector crypto accelerated SM3")
> Fixes: b8d06352bbf3 ("crypto: riscv - add vector crypto accelerated SM4")
> Cc: stable@...r.kernel.org
> Signed-off-by: Eric Biggers <ebiggers@...nel.org>
> ---
>  arch/riscv/crypto/Kconfig | 12 ++++++++----
>  lib/crypto/Kconfig        |  9 ++++++---
>  2 files changed, 14 insertions(+), 7 deletions(-)
>
> diff --git a/arch/riscv/crypto/Kconfig b/arch/riscv/crypto/Kconfig
> index a75d6325607b..14c5acb935e9 100644
> --- a/arch/riscv/crypto/Kconfig
> +++ b/arch/riscv/crypto/Kconfig
> @@ -2,11 +2,12 @@
>
>  menu "Accelerated Cryptographic Algorithms for CPU (riscv)"
>
>  config CRYPTO_AES_RISCV64
>         tristate "Ciphers: AES, modes: ECB, CBC, CTS, CTR, XTS"
> -       depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                  RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         select CRYPTO_ALGAPI
>         select CRYPTO_LIB_AES
>         select CRYPTO_SKCIPHER
>         help
>           Block cipher: AES cipher algorithms
> @@ -18,21 +19,23 @@ config CRYPTO_AES_RISCV64
>           - Zvkb vector crypto extension (CTR)
>           - Zvkg vector crypto extension (XTS)
>
>  config CRYPTO_GHASH_RISCV64
>         tristate "Hash functions: GHASH"
> -       depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                  RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         select CRYPTO_GCM
>         help
>           GCM GHASH function (NIST SP 800-38D)
>
>           Architecture: riscv64 using:
>           - Zvkg vector crypto extension
>
>  config CRYPTO_SM3_RISCV64
>         tristate "Hash functions: SM3 (ShangMi 3)"
> -       depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                  RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         select CRYPTO_HASH
>         select CRYPTO_LIB_SM3
>         help
>           SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012)
>
> @@ -40,11 +43,12 @@ config CRYPTO_SM3_RISCV64
>           - Zvksh vector crypto extension
>           - Zvkb vector crypto extension
>
>  config CRYPTO_SM4_RISCV64
>         tristate "Ciphers: SM4 (ShangMi 4)"
> -       depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       depends on 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                  RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         select CRYPTO_ALGAPI
>         select CRYPTO_SM4
>         help
>           SM4 block cipher algorithm (OSCCA GB/T 32907-2016,
>           ISO/IEC 18033-3:2010/Amd 1:2021)
> diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
> index a3647352bff6..6871a41e5069 100644
> --- a/lib/crypto/Kconfig
> +++ b/lib/crypto/Kconfig
> @@ -59,11 +59,12 @@ config CRYPTO_LIB_CHACHA_ARCH
>         depends on CRYPTO_LIB_CHACHA && !UML && !KMSAN
>         default y if ARM
>         default y if ARM64 && KERNEL_MODE_NEON
>         default y if MIPS && CPU_MIPS32_R2
>         default y if PPC64 && CPU_LITTLE_ENDIAN && VSX
> -       default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                    RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         default y if S390
>         default y if X86_64
>
>  config CRYPTO_LIB_CURVE25519
>         tristate
> @@ -182,11 +183,12 @@ config CRYPTO_LIB_SHA256_ARCH
>         depends on CRYPTO_LIB_SHA256 && !UML
>         default y if ARM && !CPU_V7M
>         default y if ARM64
>         default y if MIPS && CPU_CAVIUM_OCTEON
>         default y if PPC && SPE
> -       default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                    RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         default y if S390
>         default y if SPARC64
>         default y if X86_64
>
>  config CRYPTO_LIB_SHA512
> @@ -200,11 +202,12 @@ config CRYPTO_LIB_SHA512_ARCH
>         bool
>         depends on CRYPTO_LIB_SHA512 && !UML
>         default y if ARM && !CPU_V7M
>         default y if ARM64
>         default y if MIPS && CPU_CAVIUM_OCTEON
> -       default y if RISCV && 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
> +       default y if RISCV && 64BIT && TOOLCHAIN_HAS_VECTOR_CRYPTO && \
> +                    RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
>         default y if S390
>         default y if SPARC64
>         default y if X86_64
>
>  config CRYPTO_LIB_SHA3
>
> base-commit: 43dfc13ca972988e620a6edb72956981b75ab6b0
> --
> 2.52.0
>

Reviewed-by: Jerry Shih <jerry.shih@...ive.com>

Thanks,
-Jerry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ