On Mon, Oct 30, 2017 at 03:18:21PM +0000, Ilya Lesokhin wrote:

Hi,
I've tried using the aesni generic gcm(aes) aead to implement TLS SW fallback and
I'm getting 
[ 3356.839506] BUG: sleeping function called from invalid context at ./include/crypto/algapi.h:417

The warning is coming from a ___might_sleep() macro that is called if CRYPTO_TFM_REQ_MAY_SLEEP is set.
I'm getting the warning regardless of if pass CRYPTO_ALG_ASYNC or 0 as flags to crypto_alloc_aead("gcm(aes)", 0, flags).

I've also noticed that rfc4106_encrypt() includes a irq_fpu_usable() check while generic_gcmaes_encrypt() doesn't. 
Is the generic gcm(aes) aead unsafe in atomic context?
And if so which aead should I use?

Finally, out of curiosity, doesn't macsec crypto run in atomic context?

Are you allocating the tfm from atomic context? That is not allowed.

Normally you would allocate the tfm in process context, e.g., when
the connection is setup.

Cheers,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt