* Re: [PATCH 5/8] crypto: skcipher - avoid rounding up request size to DMA alignment
@ 2022-04-07 19:00 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2022-04-07 19:00 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14153 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
In-Reply-To: <20220406142715.2270256-6-ardb@kernel.org>
References: <20220406142715.2270256-6-ardb@kernel.org>
TO: Ard Biesheuvel <ardb@kernel.org>
TO: linux-crypto(a)vger.kernel.org
CC: herbert(a)gondor.apana.org.au
CC: keescook(a)chromium.org
CC: Ard Biesheuvel <ardb@kernel.org>
Hi Ard,
I love your patch! Perhaps something to improve:
[auto build test WARNING on herbert-cryptodev-2.6/master]
[also build test WARNING on herbert-crypto-2.6/master sunxi/sunxi/for-next v5.18-rc1 next-20220407]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Ard-Biesheuvel/crypto-avoid-DMA-padding-for-request-structures/20220407-010855
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
:::::: branch date: 26 hours ago
:::::: commit date: 26 hours ago
config: arm-randconfig-c002-20220406 (https://download.01.org/0day-ci/archive/20220408/202204080201.rcMuCSVx-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 6b306233f78876a1d197ed6e1f05785505de7c63)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/intel-lab-lkp/linux/commit/9ee3fae5a9cb824bb1a8a7f0cc52910bb5a186ad
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Ard-Biesheuvel/crypto-avoid-DMA-padding-for-request-structures/20220407-010855
git checkout 9ee3fae5a9cb824bb1a8a7f0cc52910bb5a186ad
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
include/linux/tracepoint.h:419:2: note: expanded from macro 'DECLARE_TRACE'
__DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
^
include/linux/tracepoint.h:343:4: note: expanded from macro '__DECLARE_TRACE'
{ } \
^
fs/erofs/data.c:120:2: note: Returning from 'trace_erofs_map_blocks_enter'
trace_erofs_map_blocks_enter(inode, map, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:122:6: note: Assuming field 'm_la' is < field 'i_size'
if (map->m_la >= inode->i_size) {
^~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:122:2: note: Taking false branch
if (map->m_la >= inode->i_size) {
^
fs/erofs/data.c:129:6: note: Assuming field 'datalayout' is equal to EROFS_INODE_CHUNK_BASED
if (vi->datalayout != EROFS_INODE_CHUNK_BASED) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:129:2: note: Taking false branch
if (vi->datalayout != EROFS_INODE_CHUNK_BASED) {
^
fs/erofs/data.c:134:6: note: Assuming the condition is false
if (vi->chunkformat & EROFS_CHUNK_FORMAT_INDEXES)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:134:2: note: Taking false branch
if (vi->chunkformat & EROFS_CHUNK_FORMAT_INDEXES)
^
fs/erofs/data.c:144:2: note: Taking true branch
if (IS_ERR(kaddr)) {
^
fs/erofs/data.c:146:3: note: Control jumps to line 180
goto out;
^
fs/erofs/data.c:180:7: note: 'err' is not equal to 0
if (!err)
^~~
fs/erofs/data.c:180:2: note: Taking false branch
if (!err)
^
fs/erofs/data.c:182:2: note: Calling 'trace_erofs_map_blocks_exit'
trace_erofs_map_blocks_exit(inode, map, flags, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/trace/events/erofs.h:224:1: note: Returning without writing to 'map->m_flags'
DEFINE_EVENT(erofs__map_blocks_exit, erofs_map_blocks_exit,
^
include/linux/tracepoint.h:542:2: note: expanded from macro 'DEFINE_EVENT'
DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
^
include/linux/tracepoint.h:419:2: note: expanded from macro 'DECLARE_TRACE'
__DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \
^
include/linux/tracepoint.h:343:4: note: expanded from macro '__DECLARE_TRACE'
{ } \
^
fs/erofs/data.c:182:2: note: Returning from 'trace_erofs_map_blocks_exit'
trace_erofs_map_blocks_exit(inode, map, flags, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:183:2: note: Returning without writing to 'map->m_flags'
return err;
^
fs/erofs/data.c:242:8: note: Returning from 'erofs_map_blocks'
ret = erofs_map_blocks(inode, &map, EROFS_GET_BLOCKS_RAW);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/erofs/data.c:243:6: note: 'ret' is >= 0
if (ret < 0)
^~~
fs/erofs/data.c:243:2: note: Taking false branch
if (ret < 0)
^
fs/erofs/data.c:251:6: note: Assuming 'ret' is 0
if (ret)
^~~
fs/erofs/data.c:251:2: note: Taking false branch
if (ret)
^
fs/erofs/data.c:255:2: note: Taking false branch
if (flags & IOMAP_DAX) {
^
fs/erofs/data.c:265:20: note: The left operand of '&' is a garbage value
if (!(map.m_flags & EROFS_MAP_MAPPED)) {
~~~~~~~~~~~ ^
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
>> crypto/ctr.c:23:8: warning: Excessive padding in 'struct crypto_rfc3686_req_ctx' (40 padding bytes, where 8 is optimal).
Optimal fields order:
subreq,
iv,
consider reordering the fields or adding explicit padding members [clang-analyzer-optin.performance.Padding]
struct crypto_rfc3686_req_ctx {
~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
crypto/ctr.c:23:8: note: Excessive padding in 'struct crypto_rfc3686_req_ctx' (40 padding bytes, where 8 is optimal). Optimal fields order: subreq, iv, consider reordering the fields or adding explicit padding members
struct crypto_rfc3686_req_ctx {
~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
drivers/mfd/tps65010.c:650:5: warning: Value stored to 'status' is never read [clang-analyzer-deadcode.DeadStores]
status = 0;
^ ~
drivers/mfd/tps65010.c:650:5: note: Value stored to 'status' is never read
status = 0;
^ ~
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
drivers/iio/industrialio-buffer.c:854:2: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
list_for_each_entry(buffer, &iio_dev_opaque->buffer_list, buffer_list) {
^
include/linux/list.h:640:13: note: expanded from macro 'list_for_each_entry'
pos = list_next_entry(pos, member))
^
include/linux/list.h:564:2: note: expanded from macro 'list_next_entry'
list_entry((pos)->member.next, typeof(*(pos)), member)
^
include/linux/list.h:520:2: note: expanded from macro 'list_entry'
container_of(ptr, type, member)
^
include/linux/container_of.h:18:25: note: expanded from macro 'container_of'
void *__mptr = (void *)(ptr); \
^
drivers/iio/industrialio-buffer.c:1303:8: note: Calling 'strtobool'
ret = strtobool(buf, &requested_state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/kstrtox.h:152:9: note: Value assigned to 'requested_state', which participates in a condition later
return kstrtobool(s, res);
^~~~~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:1303:8: note: Returning from 'strtobool'
ret = strtobool(buf, &requested_state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:1304:6: note: Assuming 'ret' is >= 0
if (ret < 0)
^~~~~~~
drivers/iio/industrialio-buffer.c:1304:2: note: Taking false branch
if (ret < 0)
^
drivers/iio/industrialio-buffer.c:1312:6: note: Assuming 'inlist' is not equal to 'requested_state'
if (inlist == requested_state)
^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:1312:2: note: Taking false branch
if (inlist == requested_state)
^
drivers/iio/industrialio-buffer.c:1315:6: note: Assuming 'requested_state' is true
if (requested_state)
^~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:1315:2: note: Taking true branch
if (requested_state)
^
drivers/iio/industrialio-buffer.c:1316:9: note: Calling '__iio_update_buffers'
ret = __iio_update_buffers(indio_dev, buffer, NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:1197:8: note: Calling 'iio_verify_update'
ret = iio_verify_update(indio_dev, insert_buffer, remove_buffer,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:834:6: note: 'insert_buffer' is non-null
if (insert_buffer &&
^~~~~~~~~~~~~
drivers/iio/industrialio-buffer.c:834:6: note: Left side of '&&' is true
drivers/iio/industrialio-buffer.c:835:6: note: Calling 'bitmap_empty'
bitmap_empty(insert_buffer->scan_mask, indio_dev->masklength)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bitmap.h:385:6: note: Left side of '&&' is false
if (small_const_nbits(nbits))
^
include/asm-generic/bitsperlong.h:36:31: note: expanded from macro 'small_const_nbits'
vim +23 crypto/ctr.c
23e353c8a681cc3 Joy Latten 2007-10-23 22
69d3150cfc2075d Jussi Kivilinna 2012-12-28 @23 struct crypto_rfc3686_req_ctx {
69d3150cfc2075d Jussi Kivilinna 2012-12-28 24 u8 iv[CTR_RFC3686_BLOCK_SIZE];
b2b39c2f976bc7b Herbert Xu 2016-07-12 25 struct skcipher_request subreq CRYPTO_MINALIGN_ATTR;
69d3150cfc2075d Jussi Kivilinna 2012-12-28 26 };
69d3150cfc2075d Jussi Kivilinna 2012-12-28 27
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH 0/8] crypto: avoid DMA padding for request structures
@ 2022-04-06 14:27 Ard Biesheuvel
2022-04-06 14:27 ` [PATCH 5/8] crypto: skcipher - avoid rounding up request size to DMA alignment Ard Biesheuvel
0 siblings, 1 reply; 2+ messages in thread
From: Ard Biesheuvel @ 2022-04-06 14:27 UTC (permalink / raw)
To: linux-crypto
Cc: herbert, keescook, Ard Biesheuvel, Catalin Marinas, Will Deacon,
Marc Zyngier, Arnd Bergmann, Eric Biggers, Gilad Ben-Yossef,
Corentin Labbe, Saravana Kannan
This series is related to Catalin's work [0] on reducing the memory
overhead of supporting non-coherent DMA, which requires memory buffers
to be rounded up to avoid corruption by the cache invalidation that is
needed for inbound DMA.
In the crypto subsystem, every skcipher, aead or ahash request requires
a request struct to be allocated, and these are usually backed by
kmalloc(). Such request buffers are sized dynamically, based on the
requirements of the implementation of the algorithm, and the surplus is
made available to the driver via an opaque context pointer.
Since some drivers may perform inbound non-coherent DMA into that
buffer, it must not share any cachelines with adjacent allocations, and
this is why the context pointer is rounded up to ARCH_KMALLOC_MINALIGN,
which takes the minimum DMA alignment into account on architectures
where this is needed.
This means that, even when using crypto drivers that don't do DMA to
begin with (which includes synchronous skciphers, aeads and ahashes
based on CPU instructions), or that do only coherent DMA are forced to
perform this padding and alignment, which may affect the memory
footprint substantially: on arm64, the compile time minimum DMA
alignment is 128 bytes.
So instead, require drivers to set a new flag
CRYPTO_ALG_NEED_DMA_ALIGNMENT if it performs DMA into the context
buffers, and only take DMA alignment into account if the flag is set.
Initially, we set this flag for all asynchronous accelerator drivers in
drivers/crypto, which simply preserves the status quo for these systems
once the subsequent patches get rid of this overhead. Future patches
could be applied to drivers that don't actually need it, or only need it
when running in non-coherent mode.
Note that the new approach proposed here still uses the compile time
value for DMA alignment, but this can be updated to use the runtime
values (which is usually lower and therefore less wasteful) after
Catalin's changes land.
[0] https://lore.kernel.org/linux-arm-kernel/20220405135758.774016-1-catalin.marinas@arm.com/
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Eric Biggers <ebiggers@kernel.org>,
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: Corentin Labbe <clabbe@baylibre.com>
Cc: Saravana Kannan <saravanak@google.com>
Ard Biesheuvel (8):
crypto: add flag for algos that need DMA aligned context buffers
crypto: safexcel - take request size after setting TFM
crypto: drivers - set CRYPTO_ALG_NEED_DMA_ALIGNMENT where needed
crypto: drivers - avoid setting skcipher TFM reqsize directly
crypto: skcipher - avoid rounding up request size to DMA alignment
crypto: aead - avoid DMA alignment for request structures unless
needed
crypto: ahash - avoid DMA alignment for request structures unless
needed
crypto: safexcel - reduce alignment of stack buffer
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 6 +-
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 20 +++----
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 6 +-
drivers/crypto/amcc/crypto4xx_core.c | 8 +++
drivers/crypto/amlogic/amlogic-gxl-cipher.c | 5 +-
drivers/crypto/amlogic/amlogic-gxl-core.c | 2 +
drivers/crypto/atmel-aes.c | 2 +-
drivers/crypto/atmel-sha.c | 2 +-
drivers/crypto/atmel-tdes.c | 2 +-
drivers/crypto/axis/artpec6_crypto.c | 8 +++
drivers/crypto/bcm/cipher.c | 23 +++++++-
drivers/crypto/caam/caamalg.c | 4 +-
drivers/crypto/caam/caamalg_qi.c | 2 +
drivers/crypto/caam/caamalg_qi2.c | 4 +-
drivers/crypto/caam/caamhash.c | 3 +-
drivers/crypto/cavium/cpt/cptvf_algs.c | 6 ++
drivers/crypto/cavium/nitrox/nitrox_aead.c | 6 +-
drivers/crypto/cavium/nitrox/nitrox_skcipher.c | 24 +++++---
drivers/crypto/ccree/cc_aead.c | 3 +
drivers/crypto/ccree/cc_cipher.c | 3 +
drivers/crypto/ccree/cc_hash.c | 6 ++
drivers/crypto/chelsio/chcr_algo.c | 5 +-
drivers/crypto/gemini/sl3516-ce-cipher.c | 5 +-
drivers/crypto/gemini/sl3516-ce-core.c | 1 +
drivers/crypto/hifn_795x.c | 4 +-
drivers/crypto/hisilicon/sec/sec_algs.c | 8 +++
drivers/crypto/hisilicon/sec2/sec_crypto.c | 2 +
drivers/crypto/inside-secure/safexcel.h | 17 +++---
drivers/crypto/inside-secure/safexcel_cipher.c | 55 ++++++++++++++++--
drivers/crypto/inside-secure/safexcel_hash.c | 26 +++++++++
drivers/crypto/ixp4xx_crypto.c | 2 +
drivers/crypto/keembay/keembay-ocs-aes-core.c | 12 ++++
drivers/crypto/keembay/keembay-ocs-hcu-core.c | 30 ++++++----
drivers/crypto/marvell/cesa/cipher.c | 6 ++
drivers/crypto/marvell/cesa/hash.c | 6 ++
drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 60 +++++++++++++++-----
drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 52 ++++++++++++-----
drivers/crypto/mxs-dcp.c | 8 ++-
drivers/crypto/n2_core.c | 1 +
drivers/crypto/omap-aes.c | 5 ++
drivers/crypto/omap-des.c | 4 ++
drivers/crypto/omap-sham.c | 12 ++++
drivers/crypto/qce/aead.c | 1 +
drivers/crypto/qce/sha.c | 3 +-
drivers/crypto/qce/skcipher.c | 1 +
drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +
drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 18 ++++--
drivers/crypto/s5p-sss.c | 6 ++
drivers/crypto/sa2ul.c | 9 +++
drivers/crypto/sahara.c | 14 +++--
drivers/crypto/stm32/stm32-cryp.c | 27 ++++++---
drivers/crypto/stm32/stm32-hash.c | 8 +++
drivers/crypto/talitos.c | 40 +++++++++++++
drivers/crypto/ux500/cryp/cryp_core.c | 21 ++++---
drivers/crypto/ux500/hash/hash_core.c | 12 ++--
drivers/crypto/xilinx/zynqmp-aes-gcm.c | 1 +
include/crypto/aead.h | 2 +-
include/crypto/hash.h | 5 +-
include/crypto/internal/aead.h | 13 ++++-
include/crypto/internal/hash.h | 10 +++-
include/crypto/internal/skcipher.h | 13 ++++-
include/crypto/skcipher.h | 8 +--
include/linux/crypto.h | 21 +++++++
63 files changed, 568 insertions(+), 134 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH 5/8] crypto: skcipher - avoid rounding up request size to DMA alignment
2022-04-06 14:27 [PATCH 0/8] crypto: avoid DMA padding for request structures Ard Biesheuvel
@ 2022-04-06 14:27 ` Ard Biesheuvel
0 siblings, 0 replies; 2+ messages in thread
From: Ard Biesheuvel @ 2022-04-06 14:27 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, keescook, Ard Biesheuvel
Now that algo implementations that require it will set the new
CRYPTO_ALG_NEED_DMA_ALIGNMENT flag, we can reduce the static footprint
of the skcipher request structure, and increase the request context size
to include the headroom needed for DMA alignment, but only when it is
actually needed.
On arm64, this (and reordering the 'base' field) reduces the size of the
skcipher request structure from 128 bytes to 72 bytes. It also reduces
the minimum alignment of the struct type, which is relevant because the
SYNC_SKCIPHER_ON_STACK() macro places such a struct on the stack, and
here, the alignment requirement increases the memory footprint
substantially, given that the stack pointer can only be assumed to be
aligned to 16 bytes, as per the AArch64 ABI.
Since DMA to the stack is never allowed, we can ignore the flag here,
and simply align the whole allocation to CRYPTO_REQ_MINALIGN.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
include/crypto/internal/skcipher.h | 13 +++++++++++--
include/crypto/skcipher.h | 8 ++++----
include/linux/crypto.h | 14 ++++++++++++++
3 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index a2339f80a615..8c825bef2b43 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -119,7 +119,15 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher(
static inline void crypto_skcipher_set_reqsize(
struct crypto_skcipher *skcipher, unsigned int reqsize)
{
- skcipher->reqsize = reqsize;
+ unsigned int align = crypto_tfm_alg_req_alignmask(&skcipher->base) + 1;
+
+ /*
+ * The request structure itself is only aligned to CRYPTO_REQ_MINALIGN,
+ * so we need to add some headroom, allowing us to return a suitably
+ * aligned context buffer pointer. We also need to round up the size so
+ * we don't end up sharing a cacheline at the end of the buffer.
+ */
+ skcipher->reqsize = ALIGN(reqsize, align) + align - CRYPTO_REQ_MINALIGN;
}
int crypto_register_skcipher(struct skcipher_alg *alg);
@@ -153,7 +161,8 @@ static inline void *crypto_skcipher_ctx(struct crypto_skcipher *tfm)
static inline void *skcipher_request_ctx(struct skcipher_request *req)
{
- return req->__ctx;
+ return PTR_ALIGN(&req->__ctx,
+ crypto_tfm_alg_req_alignmask(req->base.tfm) + 1);
}
static inline u32 skcipher_request_flags(struct skcipher_request *req)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 39f5b67c3069..0b477878f100 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -26,6 +26,8 @@ struct scatterlist;
* @__ctx: Start of private context data
*/
struct skcipher_request {
+ struct crypto_async_request base;
+
unsigned int cryptlen;
u8 *iv;
@@ -33,9 +35,7 @@ struct skcipher_request {
struct scatterlist *src;
struct scatterlist *dst;
- struct crypto_async_request base;
-
- void *__ctx[] CRYPTO_MINALIGN_ATTR;
+ void *__ctx[] CRYPTO_REQ_MINALIGN_ATTR;
};
struct crypto_skcipher {
@@ -132,7 +132,7 @@ struct skcipher_alg {
MAX_SYNC_SKCIPHER_REQSIZE + \
(!(sizeof((struct crypto_sync_skcipher *)1 == \
(typeof(tfm))1))) \
- ] CRYPTO_MINALIGN_ATTR; \
+ ] CRYPTO_REQ_MINALIGN_ATTR;\
struct skcipher_request *name = (void *)__##name##_desc
/**
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index f2e95fb6cedb..d02a112914c3 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -178,6 +178,10 @@
#define CRYPTO_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_MINALIGN)))
+/* minimum alignment for request structures */
+#define CRYPTO_REQ_MINALIGN ARCH_SLAB_MINALIGN
+#define CRYPTO_REQ_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_REQ_MINALIGN)))
+
struct scatterlist;
struct crypto_async_request;
struct crypto_tfm;
@@ -706,6 +710,16 @@ static inline unsigned int crypto_tfm_alg_alignmask(struct crypto_tfm *tfm)
return tfm->__crt_alg->cra_alignmask;
}
+static inline unsigned int crypto_tfm_alg_req_alignmask(struct crypto_tfm *tfm)
+{
+#ifdef ARCH_DMA_MINALIGN
+ if (ARCH_DMA_MINALIGN > CRYPTO_REQ_MINALIGN &&
+ (tfm->__crt_alg->cra_flags & CRYPTO_ALG_NEED_DMA_ALIGNMENT))
+ return ARCH_DMA_MINALIGN - 1;
+#endif
+ return CRYPTO_REQ_MINALIGN - 1;
+}
+
static inline u32 crypto_tfm_get_flags(struct crypto_tfm *tfm)
{
return tfm->crt_flags;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-07 19:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-07 19:00 [PATCH 5/8] crypto: skcipher - avoid rounding up request size to DMA alignment kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-04-06 14:27 [PATCH 0/8] crypto: avoid DMA padding for request structures Ard Biesheuvel
2022-04-06 14:27 ` [PATCH 5/8] crypto: skcipher - avoid rounding up request size to DMA alignment Ard Biesheuvel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.