All of lore.kernel.org
 help / color / mirror / Atom feed
From: LABBE Corentin <clabbe@baylibre.com>
To: John Keeping <john@metanate.com>
Cc: heiko@sntech.de, herbert@gondor.apana.org.au, robh+dt@kernel.org,
	devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-rockchip@lists.infradead.org
Subject: Re: [PATCH v2 06/18] crypto: rockchip: add fallback for cipher
Date: Thu, 3 Mar 2022 20:54:58 +0100	[thread overview]
Message-ID: <YiEdEoX79kDp8kUY@Red> (raw)
In-Reply-To: <YiDO8Tt9Lhx530Oz@donbot>

Le Thu, Mar 03, 2022 at 02:21:37PM +0000, John Keeping a écrit :
> On Wed, Mar 02, 2022 at 09:11:01PM +0000, Corentin Labbe wrote:
> > The hardware does not handle 0 size length request, let's add a
> > fallback.
> > Furthermore fallback will be used for all unaligned case the hardware
> > cannot handle.
> > 
> > Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> > Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
> > ---
> >  drivers/crypto/rockchip/rk3288_crypto.h       |  2 +
> >  .../crypto/rockchip/rk3288_crypto_skcipher.c  | 97 ++++++++++++++++---
> >  2 files changed, 86 insertions(+), 13 deletions(-)
> > 
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> > index c919d9a43a08..8b1e15d8ddc6 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto.h
> > +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> > @@ -246,10 +246,12 @@ struct rk_cipher_ctx {
> >  	struct rk_crypto_info		*dev;
> >  	unsigned int			keylen;
> >  	u8				iv[AES_BLOCK_SIZE];
> > +	struct crypto_skcipher *fallback_tfm;
> >  };
> >  
> >  struct rk_cipher_rctx {
> >  	u32				mode;
> > +	struct skcipher_request fallback_req;   // keep at the end
> >  };
> >  
> >  enum alg_type {
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > index bbd0bf52bf07..bf9d398cc54c 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > +++ b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > @@ -13,6 +13,63 @@
> >  
> >  #define RK_CRYPTO_DEC			BIT(0)
> >  
> > +static int rk_cipher_need_fallback(struct skcipher_request *req)
> > +{
> > +	struct scatterlist *sgs, *sgd;
> > +
> > +	if (!req->cryptlen)
> > +		return true;
> > +
> > +	sgs = req->src;
> > +	while (sgs) {
> > +		if (!IS_ALIGNED(sgs->offset, sizeof(u32))) {
> > +			return true;
> > +		}
> > +		if (sgs->length % 16) {
> 
> Can this be relaxed to check for alignment to 4 rather than 16?  That's
> the requirement for programming the registers.

No we cannot, the hardware could operate only one SG at a time, and the cipher operation need to be complete, so the length should be a multiple of AES_BLOCK_SIZE.
The original driver already have this size check.
But for DES/3DES this check is bad and should be 8, so a fix is needed anyway.

> 
> But I think this check is wrong in general as it doesn't account for
> cryptlen; with fscrypt I'm seeing sgs->length == 255 but cryptlen == 16
> so the hardware can be used but at the moment the fallback path is
> triggered.

Yes, I need to check min(sg->length, cryptlen_remaining) instead.
I will fix that.

Thanks.

WARNING: multiple messages have this Message-ID (diff)
From: LABBE Corentin <clabbe@baylibre.com>
To: John Keeping <john@metanate.com>
Cc: heiko@sntech.de, herbert@gondor.apana.org.au, robh+dt@kernel.org,
	devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-rockchip@lists.infradead.org
Subject: Re: [PATCH v2 06/18] crypto: rockchip: add fallback for cipher
Date: Thu, 3 Mar 2022 20:54:58 +0100	[thread overview]
Message-ID: <YiEdEoX79kDp8kUY@Red> (raw)
In-Reply-To: <YiDO8Tt9Lhx530Oz@donbot>

Le Thu, Mar 03, 2022 at 02:21:37PM +0000, John Keeping a écrit :
> On Wed, Mar 02, 2022 at 09:11:01PM +0000, Corentin Labbe wrote:
> > The hardware does not handle 0 size length request, let's add a
> > fallback.
> > Furthermore fallback will be used for all unaligned case the hardware
> > cannot handle.
> > 
> > Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> > Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
> > ---
> >  drivers/crypto/rockchip/rk3288_crypto.h       |  2 +
> >  .../crypto/rockchip/rk3288_crypto_skcipher.c  | 97 ++++++++++++++++---
> >  2 files changed, 86 insertions(+), 13 deletions(-)
> > 
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> > index c919d9a43a08..8b1e15d8ddc6 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto.h
> > +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> > @@ -246,10 +246,12 @@ struct rk_cipher_ctx {
> >  	struct rk_crypto_info		*dev;
> >  	unsigned int			keylen;
> >  	u8				iv[AES_BLOCK_SIZE];
> > +	struct crypto_skcipher *fallback_tfm;
> >  };
> >  
> >  struct rk_cipher_rctx {
> >  	u32				mode;
> > +	struct skcipher_request fallback_req;   // keep at the end
> >  };
> >  
> >  enum alg_type {
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > index bbd0bf52bf07..bf9d398cc54c 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > +++ b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > @@ -13,6 +13,63 @@
> >  
> >  #define RK_CRYPTO_DEC			BIT(0)
> >  
> > +static int rk_cipher_need_fallback(struct skcipher_request *req)
> > +{
> > +	struct scatterlist *sgs, *sgd;
> > +
> > +	if (!req->cryptlen)
> > +		return true;
> > +
> > +	sgs = req->src;
> > +	while (sgs) {
> > +		if (!IS_ALIGNED(sgs->offset, sizeof(u32))) {
> > +			return true;
> > +		}
> > +		if (sgs->length % 16) {
> 
> Can this be relaxed to check for alignment to 4 rather than 16?  That's
> the requirement for programming the registers.

No we cannot, the hardware could operate only one SG at a time, and the cipher operation need to be complete, so the length should be a multiple of AES_BLOCK_SIZE.
The original driver already have this size check.
But for DES/3DES this check is bad and should be 8, so a fix is needed anyway.

> 
> But I think this check is wrong in general as it doesn't account for
> cryptlen; with fscrypt I'm seeing sgs->length == 255 but cryptlen == 16
> so the hardware can be used but at the moment the fallback path is
> triggered.

Yes, I need to check min(sg->length, cryptlen_remaining) instead.
I will fix that.

Thanks.

_______________________________________________
Linux-rockchip mailing list
Linux-rockchip@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-rockchip

WARNING: multiple messages have this Message-ID (diff)
From: LABBE Corentin <clabbe@baylibre.com>
To: John Keeping <john@metanate.com>
Cc: heiko@sntech.de, herbert@gondor.apana.org.au, robh+dt@kernel.org,
	devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-rockchip@lists.infradead.org
Subject: Re: [PATCH v2 06/18] crypto: rockchip: add fallback for cipher
Date: Thu, 3 Mar 2022 20:54:58 +0100	[thread overview]
Message-ID: <YiEdEoX79kDp8kUY@Red> (raw)
In-Reply-To: <YiDO8Tt9Lhx530Oz@donbot>

Le Thu, Mar 03, 2022 at 02:21:37PM +0000, John Keeping a écrit :
> On Wed, Mar 02, 2022 at 09:11:01PM +0000, Corentin Labbe wrote:
> > The hardware does not handle 0 size length request, let's add a
> > fallback.
> > Furthermore fallback will be used for all unaligned case the hardware
> > cannot handle.
> > 
> > Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> > Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
> > ---
> >  drivers/crypto/rockchip/rk3288_crypto.h       |  2 +
> >  .../crypto/rockchip/rk3288_crypto_skcipher.c  | 97 ++++++++++++++++---
> >  2 files changed, 86 insertions(+), 13 deletions(-)
> > 
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> > index c919d9a43a08..8b1e15d8ddc6 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto.h
> > +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> > @@ -246,10 +246,12 @@ struct rk_cipher_ctx {
> >  	struct rk_crypto_info		*dev;
> >  	unsigned int			keylen;
> >  	u8				iv[AES_BLOCK_SIZE];
> > +	struct crypto_skcipher *fallback_tfm;
> >  };
> >  
> >  struct rk_cipher_rctx {
> >  	u32				mode;
> > +	struct skcipher_request fallback_req;   // keep at the end
> >  };
> >  
> >  enum alg_type {
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > index bbd0bf52bf07..bf9d398cc54c 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > +++ b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
> > @@ -13,6 +13,63 @@
> >  
> >  #define RK_CRYPTO_DEC			BIT(0)
> >  
> > +static int rk_cipher_need_fallback(struct skcipher_request *req)
> > +{
> > +	struct scatterlist *sgs, *sgd;
> > +
> > +	if (!req->cryptlen)
> > +		return true;
> > +
> > +	sgs = req->src;
> > +	while (sgs) {
> > +		if (!IS_ALIGNED(sgs->offset, sizeof(u32))) {
> > +			return true;
> > +		}
> > +		if (sgs->length % 16) {
> 
> Can this be relaxed to check for alignment to 4 rather than 16?  That's
> the requirement for programming the registers.

No we cannot, the hardware could operate only one SG at a time, and the cipher operation need to be complete, so the length should be a multiple of AES_BLOCK_SIZE.
The original driver already have this size check.
But for DES/3DES this check is bad and should be 8, so a fix is needed anyway.

> 
> But I think this check is wrong in general as it doesn't account for
> cryptlen; with fscrypt I'm seeing sgs->length == 255 but cryptlen == 16
> so the hardware can be used but at the moment the fallback path is
> triggered.

Yes, I need to check min(sg->length, cryptlen_remaining) instead.
I will fix that.

Thanks.

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2022-03-03 19:55 UTC|newest]

Thread overview: 87+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-02 21:10 [PATCH v2 00/18] crypto: rockchip: permit to pass self-tests Corentin Labbe
2022-03-02 21:10 ` Corentin Labbe
2022-03-02 21:10 ` Corentin Labbe
2022-03-02 21:10 ` [PATCH v2 01/18] crypto: rockchip: use dev_err for error message about interrupt Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10 ` [PATCH v2 02/18] crypto: rockchip: do not use uninit variable Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10 ` [PATCH v2 03/18] crypto: rockchip: do not do custom power management Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10 ` [PATCH v2 04/18] crypto: rockchip: fix privete/private typo Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:10   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 05/18] crypto: rockchip: do not store mode globally Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 06/18] crypto: rockchip: add fallback for cipher Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-03 14:21   ` John Keeping
2022-03-03 14:21     ` John Keeping
2022-03-03 14:21     ` John Keeping
2022-03-03 19:54     ` LABBE Corentin [this message]
2022-03-03 19:54       ` LABBE Corentin
2022-03-03 19:54       ` LABBE Corentin
2022-03-02 21:11 ` [PATCH v2 07/18] crypto: rockchip: add fallback for ahash Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 08/18] crypto: rockchip: better handle cipher key Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 09/18] crypto: rockchip: remove non-aligned handling Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 10/18] crypto: rockchip: rework by using crypto_engine Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 11/18] crypto: rockhip: do not handle dma clock Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-04 15:01   ` Johan Jonker
2022-03-04 15:01     ` Johan Jonker
2022-03-04 15:01     ` Johan Jonker
2022-03-10 14:45     ` LABBE Corentin
2022-03-10 14:45       ` LABBE Corentin
2022-03-10 14:45       ` LABBE Corentin
2022-03-10 17:52       ` Johan Jonker
2022-03-10 17:52         ` Johan Jonker
2022-03-10 17:52         ` Johan Jonker
2022-03-15 11:45         ` LABBE Corentin
2022-03-15 11:45           ` LABBE Corentin
2022-03-15 11:45           ` LABBE Corentin
2022-03-02 21:11 ` [PATCH v2 12/18] ARM: dts: rk3288: crypto do not need " Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 13/18] crypto: rockchip: rewrite type Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 14/18] crypto: rockchip: add debugfs Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 15/18] crypto: rockchip: introduce PM Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-03 12:57   ` John Keeping
2022-03-03 12:57     ` John Keeping
2022-03-03 12:57     ` John Keeping
2022-03-02 21:11 ` [PATCH v2 16/18] arm64: dts: rockchip: add rk3328 crypto node Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11 ` [PATCH v2 17/18] dt-bindings: crypto: convert rockchip-crypto to yaml Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-03 13:44   ` Rob Herring
2022-03-03 13:44     ` Rob Herring
2022-03-03 13:44     ` Rob Herring
2022-03-03 19:40     ` LABBE Corentin
2022-03-03 19:40       ` LABBE Corentin
2022-03-03 19:40       ` LABBE Corentin
2022-03-08  0:52   ` Rob Herring
2022-03-08  0:52     ` Rob Herring
2022-03-08  0:52     ` Rob Herring
2022-03-02 21:11 ` [PATCH v2 18/18] crypto: rockchip: add myself as maintainer Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe
2022-03-02 21:11   ` Corentin Labbe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YiEdEoX79kDp8kUY@Red \
    --to=clabbe@baylibre.com \
    --cc=devicetree@vger.kernel.org \
    --cc=heiko@sntech.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=john@metanate.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-rockchip@lists.infradead.org \
    --cc=robh+dt@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.