lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230718125847.3869700-5-ardb@kernel.org>
Date: Tue, 18 Jul 2023 14:58:30 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: linux-crypto@...r.kernel.org
Cc: Ard Biesheuvel <ardb@...nel.org>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Eric Biggers <ebiggers@...nel.org>,
	Kees Cook <keescook@...omium.org>,
	Haren Myneni <haren@...ibm.com>,
	Nick Terrell <terrelln@...com>,
	Minchan Kim <minchan@...nel.org>,
	Sergey Senozhatsky <senozhatsky@...omium.org>,
	Jens Axboe <axboe@...nel.dk>,
	Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
	Richard Weinberger <richard@....at>,
	David Ahern <dsahern@...nel.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Steffen Klassert <steffen.klassert@...unet.com>,
	linux-kernel@...r.kernel.org,
	linux-block@...r.kernel.org,
	qat-linux@...el.com,
	linuxppc-dev@...ts.ozlabs.org,
	linux-mtd@...ts.infradead.org,
	netdev@...r.kernel.org
Subject: [RFC PATCH 04/21] net: ipcomp: Migrate to acomp API from deprecated comp API

Migrate the IPcomp network compression code to the acomp API, in order
to drop the dependency on the obsolete 'comp' API which is going away.

For the time being, this is a rather mechanical conversion replacing
each comp TFM object with an acomp TFM/request object pair - this is
necessary because, at this point, there is still a 1:1 relation between
acomp tranforms and requests in the acomp-to-scomp adaptation layer, and
this deviates from the model used by AEADs and skciphers where the TFM
is fully reentrant, and operations using the same encryption keys can be
issued in parallel using individual request objects but the same TFM.

Also, this minimal conversion does not yet take advantage of the fact
that the acomp API takes scatterlists as input and output descriptors,
which in principle removes the need to linearize the SKBs. However,
given that compression code generally requires in- and output buffers to
be non-overlapping, scratch buffers will always be needed, and so
whether this conversion is worth while is TBD.

Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
---
 include/crypto/acompress.h |   5 +
 include/net/ipcomp.h       |   4 +-
 net/xfrm/xfrm_algo.c       |   7 +-
 net/xfrm/xfrm_ipcomp.c     | 107 +++++++++++++-------
 4 files changed, 79 insertions(+), 44 deletions(-)

diff --git a/include/crypto/acompress.h b/include/crypto/acompress.h
index ccb6f3279bc8b32e..3f54e3d8815a9d0d 100644
--- a/include/crypto/acompress.h
+++ b/include/crypto/acompress.h
@@ -318,4 +318,9 @@ static inline int crypto_acomp_decompress(struct acomp_req *req)
 	return crypto_comp_errstat(alg, tfm->decompress(req));
 }
 
+static inline const char *crypto_acomp_name(struct crypto_acomp *acomp)
+{
+       return crypto_tfm_alg_name(crypto_acomp_tfm(acomp));
+}
+
 #endif
diff --git a/include/net/ipcomp.h b/include/net/ipcomp.h
index 8660a2a6d1fc76a7..bf27ac7e3ca952e2 100644
--- a/include/net/ipcomp.h
+++ b/include/net/ipcomp.h
@@ -7,12 +7,12 @@
 
 #define IPCOMP_SCRATCH_SIZE     65400
 
-struct crypto_comp;
+struct acomp_req;
 struct ip_comp_hdr;
 
 struct ipcomp_data {
 	u16 threshold;
-	struct crypto_comp * __percpu *tfms;
+	struct acomp_req * __percpu *reqs;
 };
 
 struct ip_comp_hdr;
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 094734fbec967505..ca411bcebc53ad4f 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -5,6 +5,7 @@
  * Copyright (c) 2002 James Morris <jmorris@...ercode.com.au>
  */
 
+#include <crypto/acompress.h>
 #include <crypto/hash.h>
 #include <crypto/skcipher.h>
 #include <linux/module.h>
@@ -674,7 +675,7 @@ static const struct xfrm_algo_list xfrm_ealg_list = {
 static const struct xfrm_algo_list xfrm_calg_list = {
 	.algs = calg_list,
 	.entries = ARRAY_SIZE(calg_list),
-	.type = CRYPTO_ALG_TYPE_COMPRESS,
+	.type = CRYPTO_ALG_TYPE_ACOMPRESS,
 	.mask = CRYPTO_ALG_TYPE_MASK,
 };
 
@@ -833,8 +834,8 @@ void xfrm_probe_algs(void)
 	}
 
 	for (i = 0; i < calg_entries(); i++) {
-		status = crypto_has_comp(calg_list[i].name, 0,
-					 CRYPTO_ALG_ASYNC);
+		status = crypto_has_acomp(calg_list[i].name, 0,
+					  CRYPTO_ALG_ASYNC);
 		if (calg_list[i].available != status)
 			calg_list[i].available = status;
 	}
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 9c0fa0e1786a2d42..e29ef55e0f01d144 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -20,20 +20,21 @@
 #include <linux/slab.h>
 #include <linux/smp.h>
 #include <linux/vmalloc.h>
+#include <crypto/acompress.h>
 #include <net/ip.h>
 #include <net/ipcomp.h>
 #include <net/xfrm.h>
 
-struct ipcomp_tfms {
+struct ipcomp_reqs {
 	struct list_head list;
-	struct crypto_comp * __percpu *tfms;
+	struct acomp_req * __percpu *reqs;
 	int users;
 };
 
 static DEFINE_MUTEX(ipcomp_resource_mutex);
 static void * __percpu *ipcomp_scratches;
 static int ipcomp_scratch_users;
-static LIST_HEAD(ipcomp_tfms_list);
+static LIST_HEAD(ipcomp_reqs_list);
 
 static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
 {
@@ -42,13 +43,19 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
 	int dlen = IPCOMP_SCRATCH_SIZE;
 	const u8 *start = skb->data;
 	u8 *scratch = *this_cpu_ptr(ipcomp_scratches);
-	struct crypto_comp *tfm = *this_cpu_ptr(ipcd->tfms);
-	int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
-	int len;
+	struct acomp_req *req = *this_cpu_ptr(ipcd->reqs);
+	struct scatterlist sg_in, sg_out;
+	int err, len;
 
+	sg_init_one(&sg_in, start, plen);
+	sg_init_one(&sg_out, scratch, dlen);
+	acomp_request_set_params(req, &sg_in, &sg_out, plen, dlen);
+
+	err = crypto_acomp_decompress(req);
 	if (err)
 		return err;
 
+	dlen = req->dlen;
 	if (dlen < (plen + sizeof(struct ip_comp_hdr)))
 		return -EINVAL;
 
@@ -125,17 +132,24 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
 	const int plen = skb->len;
 	int dlen = IPCOMP_SCRATCH_SIZE;
 	u8 *start = skb->data;
-	struct crypto_comp *tfm;
+	struct acomp_req *req = *this_cpu_ptr(ipcd->reqs);
+	struct scatterlist sg_in, sg_out;
 	u8 *scratch;
 	int err;
 
 	local_bh_disable();
 	scratch = *this_cpu_ptr(ipcomp_scratches);
-	tfm = *this_cpu_ptr(ipcd->tfms);
-	err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
+	req = *this_cpu_ptr(ipcd->reqs);
+
+	sg_init_one(&sg_in, start, plen);
+	sg_init_one(&sg_out, scratch, dlen);
+	acomp_request_set_params(req, &sg_in, &sg_out, plen, dlen);
+
+	err = crypto_acomp_compress(req);
 	if (err)
 		goto out;
 
+	dlen = req->dlen;
 	if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
 		err = -EMSGSIZE;
 		goto out;
@@ -229,17 +243,17 @@ static void * __percpu *ipcomp_alloc_scratches(void)
 	return scratches;
 }
 
-static void ipcomp_free_tfms(struct crypto_comp * __percpu *tfms)
+static void ipcomp_free_reqs(struct acomp_req * __percpu *reqs)
 {
-	struct ipcomp_tfms *pos;
+	struct ipcomp_reqs *pos;
 	int cpu;
 
-	list_for_each_entry(pos, &ipcomp_tfms_list, list) {
-		if (pos->tfms == tfms)
+	list_for_each_entry(pos, &ipcomp_reqs_list, list) {
+		if (pos->reqs == reqs)
 			break;
 	}
 
-	WARN_ON(list_entry_is_head(pos, &ipcomp_tfms_list, list));
+	WARN_ON(list_entry_is_head(pos, &ipcomp_reqs_list, list));
 
 	if (--pos->users)
 		return;
@@ -247,32 +261,39 @@ static void ipcomp_free_tfms(struct crypto_comp * __percpu *tfms)
 	list_del(&pos->list);
 	kfree(pos);
 
-	if (!tfms)
+	if (!reqs)
 		return;
 
 	for_each_possible_cpu(cpu) {
-		struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
-		crypto_free_comp(tfm);
+		struct acomp_req *req = *per_cpu_ptr(reqs, cpu);
+
+		if (req) {
+			struct crypto_acomp *acomp = crypto_acomp_reqtfm(req);
+
+			acomp_request_free(req);
+			crypto_free_acomp(acomp);
+		}
 	}
-	free_percpu(tfms);
+	free_percpu(reqs);
 }
 
-static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
+static struct acomp_req * __percpu *ipcomp_alloc_reqs(const char *alg_name)
 {
-	struct ipcomp_tfms *pos;
-	struct crypto_comp * __percpu *tfms;
+	struct ipcomp_reqs *pos;
+	struct crypto_acomp *acomp;
+	struct acomp_req * __percpu *reqs;
 	int cpu;
 
 
-	list_for_each_entry(pos, &ipcomp_tfms_list, list) {
-		struct crypto_comp *tfm;
+	list_for_each_entry(pos, &ipcomp_reqs_list, list) {
+		struct crypto_acomp *tfm;
 
 		/* This can be any valid CPU ID so we don't need locking. */
-		tfm = this_cpu_read(*pos->tfms);
+		tfm = crypto_acomp_reqtfm(this_cpu_read(*pos->reqs));
 
-		if (!strcmp(crypto_comp_name(tfm), alg_name)) {
+		if (!strcmp(crypto_acomp_name(tfm), alg_name)) {
 			pos->users++;
-			return pos->tfms;
+			return pos->reqs;
 		}
 	}
 
@@ -282,31 +303,39 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
 
 	pos->users = 1;
 	INIT_LIST_HEAD(&pos->list);
-	list_add(&pos->list, &ipcomp_tfms_list);
+	list_add(&pos->list, &ipcomp_reqs_list);
 
-	pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
-	if (!tfms)
+	reqs = alloc_percpu_gfp(struct acomp_req *, GFP_KERNEL | __GFP_ZERO);
+	if (!reqs)
 		goto error;
 
 	for_each_possible_cpu(cpu) {
-		struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
-							    CRYPTO_ALG_ASYNC);
-		if (IS_ERR(tfm))
+		struct acomp_req *req;
+
+		acomp = crypto_alloc_acomp(alg_name, 0, CRYPTO_ALG_ASYNC);
+		if (IS_ERR(acomp))
 			goto error;
-		*per_cpu_ptr(tfms, cpu) = tfm;
+
+		req = acomp_request_alloc(acomp);
+		if (!req) {
+			crypto_free_acomp(acomp);
+			goto error;
+		}
+		*per_cpu_ptr(reqs, cpu) = req;
 	}
 
-	return tfms;
+	pos->reqs = reqs;
+	return reqs;
 
 error:
-	ipcomp_free_tfms(tfms);
+	ipcomp_free_reqs(reqs);
 	return NULL;
 }
 
 static void ipcomp_free_data(struct ipcomp_data *ipcd)
 {
-	if (ipcd->tfms)
-		ipcomp_free_tfms(ipcd->tfms);
+	if (ipcd->reqs)
+		ipcomp_free_reqs(ipcd->reqs);
 	ipcomp_free_scratches();
 }
 
@@ -349,8 +378,8 @@ int ipcomp_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
 	if (!ipcomp_alloc_scratches())
 		goto error;
 
-	ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
-	if (!ipcd->tfms)
+	ipcd->reqs = ipcomp_alloc_reqs(x->calg->alg_name);
+	if (!ipcd->reqs)
 		goto error;
 	mutex_unlock(&ipcomp_resource_mutex);
 
-- 
2.39.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ