lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f83be9ab-1330-d3ef-027f-8f57a20a0be7@linux.dev>
Date: Fri, 27 Oct 2023 00:38:17 +0100
From: Vadim Fedorenko <vadim.fedorenko@...ux.dev>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>,
 Vadim Fedorenko <vadfed@...a.com>
Cc: Martin KaFai Lau <martin.lau@...ux.dev>,
 Andrii Nakryiko <andrii@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
 Mykola Lysenko <mykolal@...com>, bpf <bpf@...r.kernel.org>,
 Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next 1/2] bpf: add skcipher API support to TC/XDP
 programs

On 26.10.2023 23:53, Alexei Starovoitov wrote:
> On Wed, Oct 25, 2023 at 6:59 PM Vadim Fedorenko <vadfed@...a.com> wrote:
>>
>> +__bpf_kfunc struct bpf_crypto_skcipher_ctx *
>> +bpf_crypto_skcipher_ctx_create(const struct bpf_dynptr_kern *algo, const struct bpf_dynptr_kern *key,
>> +                              int *err)
>> +{
>> +       struct bpf_crypto_skcipher_ctx *ctx;
>> +
>> +       if (__bpf_dynptr_size(algo) > CRYPTO_MAX_ALG_NAME) {
>> +               *err = -EINVAL;
>> +               return NULL;
>> +       }
>> +
>> +       if (!crypto_has_skcipher(algo->data, CRYPTO_ALG_TYPE_SKCIPHER, CRYPTO_ALG_TYPE_MASK)) {
>> +               *err = -EOPNOTSUPP;
>> +               return NULL;
>> +       }
>> +
>> +       ctx = bpf_mem_cache_alloc(&bpf_crypto_ctx_ma);
> 
> Since this kfunc is sleepable, just kmalloc(GFP_KERNEL) here.
> No need to use bpf_mem_alloc.

I was thinking about adding GFP_ATOMIC allocation option to
crypto_alloc_sync_skcipher, it's already implemented for cloning skcipher
object. Then the code can be reused for both sleepable (expect module loading)
and non-sleepable (fail if there is no crypto module loaded) variants without
any changes. But I can implement different allocators for different options.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ