From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-arm-kernel@lists.infradead.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 6/9] lib/crypto: arm64/sha256: Remove obsolete chunking logic
Date: Tue, 31 Mar 2026 17:05:45 -0700 [thread overview]
Message-ID: <20260401000548.133151-7-ebiggers@kernel.org> (raw)
In-Reply-To: <20260401000548.133151-1-ebiggers@kernel.org>
Since commit aefbab8e77eb ("arm64: fpsimd: Preserve/restore kernel mode
NEON at context switch"), kernel-mode NEON sections have been
preemptible on arm64. And since commit 7dadeaa6e851 ("sched: Further
restrict the preemption modes"), voluntary preemption is no longer
supported on arm64 either. Therefore, there's no longer any need to
limit the length of kernel-mode NEON sections on arm64.
Simplify the SHA-256 code accordingly.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
lib/crypto/arm64/sha256-ce.S | 14 +++++---------
lib/crypto/arm64/sha256.h | 29 ++++++++---------------------
2 files changed, 13 insertions(+), 30 deletions(-)
diff --git a/lib/crypto/arm64/sha256-ce.S b/lib/crypto/arm64/sha256-ce.S
index e4bfe42a61a9..b54ad977afa3 100644
--- a/lib/crypto/arm64/sha256-ce.S
+++ b/lib/crypto/arm64/sha256-ce.S
@@ -77,15 +77,15 @@
ld1 { v8.4s-v11.4s}, [\tmp], #64
ld1 {v12.4s-v15.4s}, [\tmp]
.endm
/*
- * size_t __sha256_ce_transform(struct sha256_block_state *state,
- * const u8 *data, size_t nblocks);
+ * void sha256_ce_transform(struct sha256_block_state *state,
+ * const u8 *data, size_t nblocks);
*/
.text
-SYM_FUNC_START(__sha256_ce_transform)
+SYM_FUNC_START(sha256_ce_transform)
load_round_constants x8
/* load state */
ld1 {dgav.4s, dgbv.4s}, [x0]
@@ -125,21 +125,17 @@ CPU_LE( rev32 v19.16b, v19.16b )
/* update state */
add dgav.4s, dgav.4s, dg0v.4s
add dgbv.4s, dgbv.4s, dg1v.4s
- /* return early if voluntary preemption is needed */
- cond_yield 1f, x5, x6
-
/* handled all input blocks? */
cbnz x2, 0b
/* store new state */
-1: st1 {dgav.4s, dgbv.4s}, [x0]
- mov x0, x2
+ st1 {dgav.4s, dgbv.4s}, [x0]
ret
-SYM_FUNC_END(__sha256_ce_transform)
+SYM_FUNC_END(sha256_ce_transform)
.unreq dga
.unreq dgav
.unreq dgb
.unreq dgbv
diff --git a/lib/crypto/arm64/sha256.h b/lib/crypto/arm64/sha256.h
index 1fad3d7baa9a..b4353d3c4dd0 100644
--- a/lib/crypto/arm64/sha256.h
+++ b/lib/crypto/arm64/sha256.h
@@ -12,30 +12,21 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_ce);
asmlinkage void sha256_block_data_order(struct sha256_block_state *state,
const u8 *data, size_t nblocks);
asmlinkage void sha256_block_neon(struct sha256_block_state *state,
const u8 *data, size_t nblocks);
-asmlinkage size_t __sha256_ce_transform(struct sha256_block_state *state,
- const u8 *data, size_t nblocks);
+asmlinkage void sha256_ce_transform(struct sha256_block_state *state,
+ const u8 *data, size_t nblocks);
static void sha256_blocks(struct sha256_block_state *state,
const u8 *data, size_t nblocks)
{
if (static_branch_likely(&have_neon) && likely(may_use_simd())) {
- if (static_branch_likely(&have_ce)) {
- do {
- size_t rem;
-
- scoped_ksimd()
- rem = __sha256_ce_transform(state, data,
- nblocks);
-
- data += (nblocks - rem) * SHA256_BLOCK_SIZE;
- nblocks = rem;
- } while (nblocks);
- } else {
- scoped_ksimd()
+ scoped_ksimd() {
+ if (static_branch_likely(&have_ce))
+ sha256_ce_transform(state, data, nblocks);
+ else
sha256_block_neon(state, data, nblocks);
}
} else {
sha256_block_data_order(state, data, nblocks);
}
@@ -53,17 +44,13 @@ asmlinkage void sha256_ce_finup2x(const struct __sha256_ctx *ctx,
static bool sha256_finup_2x_arch(const struct __sha256_ctx *ctx,
const u8 *data1, const u8 *data2, size_t len,
u8 out1[SHA256_DIGEST_SIZE],
u8 out2[SHA256_DIGEST_SIZE])
{
- /*
- * The assembly requires len >= SHA256_BLOCK_SIZE && len <= INT_MAX.
- * Further limit len to 65536 to avoid spending too long with preemption
- * disabled. (Of course, in practice len is nearly always 4096 anyway.)
- */
+ /* The assembly requires len >= SHA256_BLOCK_SIZE && len <= INT_MAX. */
if (static_branch_likely(&have_ce) && len >= SHA256_BLOCK_SIZE &&
- len <= 65536 && likely(may_use_simd())) {
+ len <= INT_MAX && likely(may_use_simd())) {
scoped_ksimd()
sha256_ce_finup2x(ctx, data1, data2, len, out1, out2);
kmsan_unpoison_memory(out1, SHA256_DIGEST_SIZE);
kmsan_unpoison_memory(out2, SHA256_DIGEST_SIZE);
return true;
--
2.53.0
next prev parent reply other threads:[~2026-04-01 0:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-01 0:05 [PATCH 0/9] lib/crypto: arm64: Remove obsolete chunking logic Eric Biggers
2026-04-01 0:05 ` [PATCH 1/9] lib/crypto: arm64/aes: " Eric Biggers
2026-04-01 0:05 ` [PATCH 2/9] lib/crypto: arm64/chacha: " Eric Biggers
2026-04-01 0:05 ` [PATCH 3/9] lib/crypto: arm64/gf128hash: " Eric Biggers
2026-04-01 0:05 ` [PATCH 4/9] lib/crypto: arm64/poly1305: " Eric Biggers
2026-04-01 0:05 ` [PATCH 5/9] lib/crypto: arm64/sha1: " Eric Biggers
2026-04-01 0:05 ` Eric Biggers [this message]
2026-04-01 0:05 ` [PATCH 7/9] lib/crypto: arm64/sha512: " Eric Biggers
2026-04-01 0:05 ` [PATCH 8/9] lib/crypto: arm64/sha3: " Eric Biggers
2026-04-01 0:05 ` [PATCH 9/9] arm64: fpsimd: Remove obsolete cond_yield macro Eric Biggers
2026-04-01 7:00 ` [PATCH 0/9] lib/crypto: arm64: Remove obsolete chunking logic Ard Biesheuvel
2026-04-02 23:12 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260401000548.133151-7-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox