From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Mikhail Kurinnoi <viewizard@viewizard.com>
Cc: Matthias Gerstner <mgerstner@suse.de>, linux-integrity@vger.kernel.org
Subject: Re: [PATCH] integrity: prevent deadlock during digsig verification.
Date: Thu, 28 Jun 2018 17:27:47 -0400 [thread overview]
Message-ID: <1530221267.3366.69.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180628235051.10151b04@totoro>
On Thu, 2018-06-28 at 23:50 +0300, Mikhail Kurinnoi wrote:
> ? Thu, 28 Jun 2018 15:14:38 -0400
> Mimi Zohar <zohar@linux.vnet.ibm.com> ?????:
>
> > On Thu, 2018-06-28 at 18:39 +0200, Matthias Gerstner wrote:
> > > Hi,
> > >
> > > > In this patch, I propose add an exception for
> > > > "crypto-pkcs1pad(rsa,*)" module requests only in case of enabled
> > > > integrity asymmetric keys support.
> > >
> > > I have tested the patch in my test setup and it looks good. No
> > > deadlocks so far.
> >
> > I really wish we didn't have to do a string compare "crypto-
> > pkcs1pad(rsa" each and every time. Is the check once per crypto
> > algorithm?
>
> As I understood, it check once per crypto algorithm:
>
> "crypto_alloc_tfm() will first attempt to locate an already loaded
> algorithm.
> ...
> If that fails it will send a query to any loaded crypto manager to
> construct an algorithm on the fly.
> A refcount is grabbed on the algorithm which is then associated with
> the new transform."
>
> https://github.com/torvalds/linux/blob/a97d8efd9d350bd9c6cf13689c7cc09049b42acd/crypto/api.c#L515
After having loaded "all" the crypto algorithms, we wouldn't need to
ever do the string compare again. As this isn't on a critical path,
nor is it likely for all crypto algorithms to be loaded, it probably
doesn't make sense to address it.
Mimi
next prev parent reply other threads:[~2018-06-28 21:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-27 13:33 [PATCH] integrity: prevent deadlock during digsig verification Mikhail Kurinnoi
2018-06-28 16:39 ` Matthias Gerstner
2018-06-28 19:14 ` Mimi Zohar
2018-06-28 20:50 ` Mikhail Kurinnoi
2018-06-28 21:27 ` Mimi Zohar [this message]
2018-06-28 18:43 ` Mimi Zohar
2024-09-11 10:00 ` Lukas Wunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1530221267.3366.69.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=mgerstner@suse.de \
--cc=viewizard@viewizard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.