From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
herbert@gondor.apana.org.au, arnd@arndb.de
Subject: Re: [PATCH] crypto - shash: reduce minimum alignment of shash_desc structure
Date: Thu, 7 Jan 2021 11:02:29 -0800 [thread overview]
Message-ID: <X/daxUIwf8iXkbxr@gmail.com> (raw)
In-Reply-To: <20210107124128.19791-1-ardb@kernel.org>
On Thu, Jan 07, 2021 at 01:41:28PM +0100, Ard Biesheuvel wrote:
> Unlike many other structure types defined in the crypto API, the
> 'shash_desc' structure is permitted to live on the stack, which
> implies its contents may not be accessed by DMA masters. (This is
> due to the fact that the stack may be located in the vmalloc area,
> which requires a different virtual-to-physical translation than the
> one implemented by the DMA subsystem)
>
> Our definition of CRYPTO_MINALIGN_ATTR is based on ARCH_KMALLOC_MINALIGN,
> which may take DMA constraints into account on architectures that support
> non-cache coherent DMA such as ARM and arm64. In this case, the value is
> chosen to reflect the largest cacheline size in the system, in order to
> ensure that explicit cache maintenance as required by non-coherent DMA
> masters does not affect adjacent, unrelated slab allocations. On arm64,
> this value is currently set at 128 bytes.
>
> This means that applying CRYPTO_MINALIGN_ATTR to struct shash_desc is both
> unnecessary (as it is never used for DMA), and undesirable, given that it
> wastes stack space (on arm64, performing the alignment costs 112 bytes in
> the worst case, and the hole between the 'tfm' and '__ctx' members takes
> up another 120 bytes, resulting in an increased stack footprint of up to
> 232 bytes.) So instead, let's switch to the minimum SLAB alignment, which
> does not take DMA constraints into account.
>
> Note that this is a no-op for x86.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> include/crypto/hash.h | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/crypto/hash.h b/include/crypto/hash.h
> index af2ff31ff619..13f8a6a54ca8 100644
> --- a/include/crypto/hash.h
> +++ b/include/crypto/hash.h
> @@ -149,7 +149,7 @@ struct ahash_alg {
>
> struct shash_desc {
> struct crypto_shash *tfm;
> - void *__ctx[] CRYPTO_MINALIGN_ATTR;
> + void *__ctx[] __aligned(ARCH_SLAB_MINALIGN);
> };
>
> #define HASH_MAX_DIGESTSIZE 64
> @@ -162,9 +162,9 @@ struct shash_desc {
>
> #define HASH_MAX_STATESIZE 512
>
> -#define SHASH_DESC_ON_STACK(shash, ctx) \
> - char __##shash##_desc[sizeof(struct shash_desc) + \
> - HASH_MAX_DESCSIZE] CRYPTO_MINALIGN_ATTR; \
> +#define SHASH_DESC_ON_STACK(shash, ctx) \
> + char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \
> + __aligned(__alignof__(struct shash_desc)); \
> struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
Looks good to me, but it would be helpful if the comment above the definition of
CRYPTO_MINALIGN in include/linux/crypto.h was updated.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: arnd@arndb.de, linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
herbert@gondor.apana.org.au
Subject: Re: [PATCH] crypto - shash: reduce minimum alignment of shash_desc structure
Date: Thu, 7 Jan 2021 11:02:29 -0800 [thread overview]
Message-ID: <X/daxUIwf8iXkbxr@gmail.com> (raw)
In-Reply-To: <20210107124128.19791-1-ardb@kernel.org>
On Thu, Jan 07, 2021 at 01:41:28PM +0100, Ard Biesheuvel wrote:
> Unlike many other structure types defined in the crypto API, the
> 'shash_desc' structure is permitted to live on the stack, which
> implies its contents may not be accessed by DMA masters. (This is
> due to the fact that the stack may be located in the vmalloc area,
> which requires a different virtual-to-physical translation than the
> one implemented by the DMA subsystem)
>
> Our definition of CRYPTO_MINALIGN_ATTR is based on ARCH_KMALLOC_MINALIGN,
> which may take DMA constraints into account on architectures that support
> non-cache coherent DMA such as ARM and arm64. In this case, the value is
> chosen to reflect the largest cacheline size in the system, in order to
> ensure that explicit cache maintenance as required by non-coherent DMA
> masters does not affect adjacent, unrelated slab allocations. On arm64,
> this value is currently set at 128 bytes.
>
> This means that applying CRYPTO_MINALIGN_ATTR to struct shash_desc is both
> unnecessary (as it is never used for DMA), and undesirable, given that it
> wastes stack space (on arm64, performing the alignment costs 112 bytes in
> the worst case, and the hole between the 'tfm' and '__ctx' members takes
> up another 120 bytes, resulting in an increased stack footprint of up to
> 232 bytes.) So instead, let's switch to the minimum SLAB alignment, which
> does not take DMA constraints into account.
>
> Note that this is a no-op for x86.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> include/crypto/hash.h | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/crypto/hash.h b/include/crypto/hash.h
> index af2ff31ff619..13f8a6a54ca8 100644
> --- a/include/crypto/hash.h
> +++ b/include/crypto/hash.h
> @@ -149,7 +149,7 @@ struct ahash_alg {
>
> struct shash_desc {
> struct crypto_shash *tfm;
> - void *__ctx[] CRYPTO_MINALIGN_ATTR;
> + void *__ctx[] __aligned(ARCH_SLAB_MINALIGN);
> };
>
> #define HASH_MAX_DIGESTSIZE 64
> @@ -162,9 +162,9 @@ struct shash_desc {
>
> #define HASH_MAX_STATESIZE 512
>
> -#define SHASH_DESC_ON_STACK(shash, ctx) \
> - char __##shash##_desc[sizeof(struct shash_desc) + \
> - HASH_MAX_DESCSIZE] CRYPTO_MINALIGN_ATTR; \
> +#define SHASH_DESC_ON_STACK(shash, ctx) \
> + char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \
> + __aligned(__alignof__(struct shash_desc)); \
> struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
Looks good to me, but it would be helpful if the comment above the definition of
CRYPTO_MINALIGN in include/linux/crypto.h was updated.
- Eric
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-01-07 19:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 12:41 [PATCH] crypto - shash: reduce minimum alignment of shash_desc structure Ard Biesheuvel
2021-01-07 12:41 ` Ard Biesheuvel
2021-01-07 19:02 ` Eric Biggers [this message]
2021-01-07 19:02 ` Eric Biggers
2021-01-08 8:36 ` Ard Biesheuvel
2021-01-08 8:36 ` Ard Biesheuvel
2021-01-08 9:22 ` Herbert Xu
2021-01-08 9:22 ` Herbert Xu
2021-01-08 9:32 ` Ard Biesheuvel
2021-01-08 9:32 ` Ard Biesheuvel
2021-01-08 10:42 ` Arnd Bergmann
2021-01-08 10:42 ` Arnd Bergmann
2021-01-08 10:44 ` Herbert Xu
2021-01-08 10:44 ` Herbert Xu
2021-01-08 10:59 ` Arnd Bergmann
2021-01-08 10:59 ` Arnd Bergmann
2021-01-08 11:31 ` Ard Biesheuvel
2021-01-08 11:31 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X/daxUIwf8iXkbxr@gmail.com \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.