From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread
Date: Fri, 30 Aug 2024 12:08:18 +0100 [thread overview]
Message-ID: <ZtGoIvroHBwF53oF@redhat.com> (raw)
In-Reply-To: <20240813131928.842265-1-tiago.pasqualini@canonical.com>
On Tue, Aug 13, 2024 at 10:19:28AM -0300, Tiago Pasqualini wrote:
> CPU time accounting in the kernel has been demonstrated to have a
> sawtooth pattern[1][2]. This can cause the getrusage system call to
> not be as accurate as we are expecting, which can cause this calculation
> to stall.
>
> The kernel discussions shows that this inaccuracy happens when CPU time
> gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
> in a fresh thread to avoid this inaccuracy. It also adds a sanity check
> to fail the process if CPU time is not accounted.
>
> [1] https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
> [2] https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534
>
> Resolves: #2398
> Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
> ---
> crypto/pbkdf.c | 42 +++++++++++++++++++++++++++++++++++-------
> include/crypto/pbkdf.h | 10 ++++++++++
> 2 files changed, 45 insertions(+), 7 deletions(-)
Mostly looks good, but one minor issue...
> diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h
> index 2c31a44a27..b3757003e4 100644
> --- a/include/crypto/pbkdf.h
> +++ b/include/crypto/pbkdf.h
> @@ -153,4 +153,14 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
> size_t nout,
> Error **errp);
>
> +typedef struct CountItersData {
> + QCryptoHashAlgorithm hash;
> + const uint8_t *key;
> + size_t nkey;
> + const uint8_t *salt;
> + size_t nsalt;
> + size_t nout;
> + Error **errp;
> + uint64_t iterations;
Super fussy here, but lets make 'Error **errp' the very
last item in the struct.
> +} CountItersData;
> #endif /* QCRYPTO_PBKDF_H */
...this should remain in the pbkdf.c file, since it is not intended to
be part of the public API.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2024-08-30 11:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-13 13:19 [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread Tiago Pasqualini
2024-08-23 17:13 ` Tiago Pasqualini
2024-08-30 11:08 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZtGoIvroHBwF53oF@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=tiago.pasqualini@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.