lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Sep 2018 21:30:26 -0700
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     Andy Lutomirski <luto@...capital.net>,
        Andrew Lunn <andrew@...n.ch>, Arnd Bergmann <arnd@...db.de>,
        Eric Biggers <ebiggers@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Samuel Neves <sneves@....uc.pt>,
        Andrew Lutomirski <luto@...nel.org>,
        Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
Subject: Re: [PATCH net-next v5 02/20] zinc: introduce minimal cryptography library

On 20 September 2018 at 21:15, Jason A. Donenfeld <Jason@...c4.com> wrote:
> Hi Andy,
>
> On Fri, Sep 21, 2018 at 5:23 AM Andy Lutomirski <luto@...capital.net> wrote:
>> At the risk on suggesting something awful: on x86_64, since we turn preemption off for simd, it wouldn’t be *completely* insane to do the crypto on the irq stack. It would look like:
>>
>> kernel_fpu_call(func, arg);
>>
>> And this helper would disable preemption, enable FPU, switch to the irq stack, call func(arg), disable FPU, enable preemption, and return. And we can have large IRQ stacks.
>>
>> I refuse to touch this with a ten-foot pole until the lazy FPU restore patches land.
>
> Haha. That's fun, and maybe we'll do that at some point, but I have
> some other reasons too for being on a workqueue now.
>

Kernel mode crypto is callable from any context, and SIMD can be used
in softirq context on arm64 (and on x86, even from hardirq context
IIRC if the interrupt is taken from userland), in which case we'd
already be on the irq stack.

>>
>> All that being said, why are these frames so large?  It sounds like something may be spilling that ought not to.
>
> They're not. Well, they're not anymore. I had a silly thing before
> like "u8 buffer[1 << 12]" in some debugging code, which is what
> prompted the ccflag-y addition. I cleaned up the mistakes like that
> and frames are now reasonable everywhere. Non-issue.
>

Did any of the fuzzing/testing you mention in the cover letter occur
on the kernel versions of these algorithms?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ