[PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT | linux-arm-kernel

[PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 01/23] crypto: testmgr - add a new test case for CRC-T10DIF · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 02/23] crypto: arm64/aes-ce-ccm - move kernel mode neon en/disable into loop · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 03/23] crypto: arm64/aes-blk - move kernel mode neon en/disable into loop · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 04/23] crypto: arm64/aes-bs - move kernel mode neon en/disable into loop · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 05/23] crypto: arm64/chacha20 - move kernel mode neon en/disable into loop · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 06/23] crypto: arm64/aes-blk - remove configurable interleave · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 07/23] crypto: arm64/aes-blk - add 4 way interleave to CBC encrypt path · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 08/23] crypto: arm64/aes-blk - add 4 way interleave to CBC-MAC encrypt path · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 09/23] crypto: arm64/sha256-neon - play nice with CONFIG_PREEMPT kernels · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 10/23] arm64: assembler: add utility macros to push/pop stack frames · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 11/23] arm64: assembler: add macros to conditionally yield the NEON under PREEMPT · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 12/23] crypto: arm64/sha1-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 13/23] crypto: arm64/sha2-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 14/23] crypto: arm64/aes-ccm - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 15/23] crypto: arm64/aes-blk - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 16/23] crypto: arm64/aes-bs - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 17/23] crypto: arm64/aes-ghash - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 18/23] crypto: arm64/crc32-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 19/23] crypto: arm64/crct10dif-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 20/23] crypto: arm64/sha3-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 21/23] crypto: arm64/sha512-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 22/23] crypto: arm64/sm3-ce - yield NEON after every block of input · Ard Biesheuvel <hidden> · 2018-03-10
[PATCH v5 23/23] DO NOT MERGE · Ard Biesheuvel <hidden> · 2018-03-10
RE: [PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Vakul Garg <hidden> · 2018-03-11
Re: [PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Ard Biesheuvel <hidden> · 2018-03-11
Re: [PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Herbert Xu <herbert@gondor.apana.org.au> · 2018-03-16
Re: [PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Ard Biesheuvel <hidden> · 2018-03-19
Re: [PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT · Herbert Xu <herbert@gondor.apana.org.au> · 2018-03-19

[PATCH v5 00/23] crypto: arm64 - play nice with CONFIG_PREEMPT

From: herbert@gondor.apana.org.au (Herbert Xu)
Date: 2018-03-16 15:57:35
Also in: linux-crypto, linux-rt-users

On Sat, Mar 10, 2018 at 03:21:45PM +0000, Ard Biesheuvel wrote:

As reported by Sebastian, the way the arm64 NEON crypto code currently
keeps kernel mode NEON enabled across calls into skcipher_walk_xxx() is
causing problems with RT builds, given that the skcipher walk API may
allocate and free temporary buffers it uses to present the input and
output arrays to the crypto algorithm in blocksize sized chunks (where
blocksize is the natural blocksize of the crypto algorithm), and doing
so with NEON enabled means we're alloc/free'ing memory with preemption
disabled.

This was deliberate: when this code was introduced, each kernel_neon_begin()
and kernel_neon_end() call incurred a fixed penalty of storing resp.
loading the contents of all NEON registers to/from memory, and so doing
it less often had an obvious performance benefit. However, in the mean time,
we have refactored the core kernel mode NEON code, and now kernel_neon_begin()
only incurs this penalty the first time it is called after entering the kernel,
and the NEON register restore is deferred until returning to userland. This
means pulling those calls into the loops that iterate over the input/output
of the crypto algorithm is not a big deal anymore (although there are some
places in the code where we relied on the NEON registers retaining their
values between calls)

So let's clean this up for arm64: update the NEON based skcipher drivers to
no longer keep the NEON enabled when calling into the skcipher walk API.

As pointed out by Peter, this only solves part of the problem. So let's
tackle it more thoroughly, and update the algorithms to test the NEED_RESCHED
flag each time after processing a fixed chunk of input.

Given that this issue was flagged by the RT people, I would appreciate it
if they could confirm whether they are happy with this approach.

Changes since v4:
- rebase onto v4.16-rc3
- apply the same treatment to new SHA512, SHA-3 and SM3 code that landed
  in v4.16-rc1

Looks good to me.  If more work is needed we can always do
incremental fixes.

Patches 1-22 applied.  Thanks.
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help