From: Sean Anderson <sean.anderson@linux.dev>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Horia Geantă" <horia.geanta@nxp.com>,
"Pankaj Gupta" <pankaj.gupta@nxp.com>,
"Gaurav Jain" <gaurav.jain@nxp.com>,
linux-crypto@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
linux-kernel@vger.kernel.org,
"Valentin Ciocoi Radulescu" <valentin.ciocoi@nxp.com>
Subject: Re: [PATCH] crypto: api - Allow delayed algorithm destruction
Date: Thu, 10 Apr 2025 19:24:25 -0400 [thread overview]
Message-ID: <cf7e20a2-dc30-4940-9abe-bbf5ea1ac413@linux.dev> (raw)
In-Reply-To: <Z_XpfyPaoZ6Y8u6z@gondor.apana.org.au>
On 4/8/25 23:29, Herbert Xu wrote:
> On Wed, Apr 09, 2025 at 10:58:04AM +0800, Herbert Xu wrote:
>>
>> What I'll do is make the crypto_unregister call wait for the users
>> to go away. That matches how the network device unregistration works
>> and hopefully should solve this problem. But keep your eyes for
>> dead locks that used to plague netdev unregistration :)
>
> That was a dumb idea. All it would do is make the shutdown hang.
> So here is a different tack. Let the algorithms stick around,
> by allocating them dynamically instead. Then we could simply
> kfree them when the user finally disappears (if ever).
>
> Note to make this work, caam needs to be modified to allocate the
> algorithms dynamically (kmemdup should work), and add a cra_destroy
> function to kfree the memory.
>
> ---8<---
> The current algorithm unregistration mechanism originated from
> software crypto. The code relies on module reference counts to
> stop in-use algorithms from being unregistered. Therefore if
> the unregistration function is reached, it is assumed that the
> module reference count has hit zero and thus the algorithm reference
> count should be exactly 1.
>
> This is completely broken for hardware devices, which can be
> unplugged at random.
>
> Fix this by allowing algorithms to be destroyed later if a destroy
> callback is provided.
>
> Reported-by: Sean Anderson <sean.anderson@linux.dev>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/crypto/algapi.c b/crypto/algapi.c
> index 5b8a4c787387..f368c0dc0d6d 100644
> --- a/crypto/algapi.c
> +++ b/crypto/algapi.c
> @@ -481,10 +481,10 @@ void crypto_unregister_alg(struct crypto_alg *alg)
> if (WARN(ret, "Algorithm %s is not registered", alg->cra_driver_name))
> return;
>
> - if (WARN_ON(refcount_read(&alg->cra_refcnt) != 1))
> - return;
> -
> - if (alg->cra_type && alg->cra_type->destroy)
> + if (alg->cra_destroy)
> + crypto_alg_put(alg);
> + else if (!WARN_ON(refcount_read(&alg->cra_refcnt) != 1) &&
> + alg->cra_type && alg->cra_type->destroy)
> alg->cra_type->destroy(alg);
>
> crypto_remove_final(&list);
The above patch didn't apply cleanly. I seem to be missing cra_type. What
tree should I test with?
--Sean
next prev parent reply other threads:[~2025-04-10 23:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-07 23:16 [BUG] CAAM refcount warnings Sean Anderson
2025-04-08 5:17 ` [PATCH] crypto: caam/qi - Fix drv_ctx refcount bug Herbert Xu
2025-04-08 7:59 ` Horia Geanta
2025-04-08 15:44 ` Sean Anderson
2025-04-09 2:58 ` Herbert Xu
2025-04-09 3:29 ` [PATCH] crypto: api - Allow delayed algorithm destruction Herbert Xu
2025-04-10 23:24 ` Sean Anderson [this message]
2025-04-11 1:36 ` Herbert Xu
2025-04-12 5:16 ` [PATCH] crypto: api - Add support for duplicating algorithms before registration Herbert Xu
2025-04-13 16:03 ` Eric Biggers
2025-04-14 5:16 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf7e20a2-dc30-4940-9abe-bbf5ea1ac413@linux.dev \
--to=sean.anderson@linux.dev \
--cc=davem@davemloft.net \
--cc=gaurav.jain@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pankaj.gupta@nxp.com \
--cc=valentin.ciocoi@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.