From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: agk@redhat.com, snitzer@kernel.org, dm-devel@lists.linux.dev,
linux-crypto@vger.kernel.org, gilad@benyossef.com,
samitolvanen@google.com
Subject: Re: [PATCH] dm-verity: hash blocks with shash import+finup when possible
Date: Wed, 1 Nov 2023 22:40:08 -0700 [thread overview]
Message-ID: <20231102054008.GG1498@sol.localdomain> (raw)
In-Reply-To: <ZUMo87EMeYxiCZLX@gondor.apana.org.au>
On Thu, Nov 02, 2023 at 12:43:31PM +0800, Herbert Xu wrote:
> On Tue, Oct 31, 2023 at 10:48:56PM -0700, Eric Biggers wrote:
> >
> > Note that dm-verity also has to use an ugly and error-prone workaround to use
> > ahash at all, since its hash blocks can be cached in vmalloc memory; see
> > verity_hash_update(). shash handles vmalloc memory much more naturally, since
> > no translation from vmalloc address to page to linear address is needed.
>
> So why not drop ahash and always use shash? Does anybody care about
> offload for dm-verity?
I'd love to do that; it's what I did in fsverity. Someone did intentionally
convert dm-verity from shash to ahash in 2017, though; see commit d1ac3ff008fb.
So we'd be reverting that. Maybe there are people who'd still care. Maybe not.
I haven't yet gotten any complaints about switching fsverity to shash in v6.5
(and I only used ahash originally because of the precedent of dm-verity).
> Alternatively, we could incorporate this into ahash itself. Then
> you could have an optimised code path that does not do SGs if the
> underlying algorithm is shash.
>
> I really do not wish to see this ahash/shash paradigm proliferate.
Do you have in mind making struct ahash_request specify the data by either
scatterlist or by virtual address? It might be possible. It would be necessary
to wire up all possible combinations of (SG, virt) x (ahash_alg, shash_alg),
with the vmalloc_to_page() hack for the virt + ahash_alg case.
> OK. But we do still have the module signature verification code
> path and I think that one still needs the can-sleep flag.
Well, struct shash_desc used to have that flag, but it never did anything. The
few use cases like this might be more simply served by just having a helper
function crypto_shash_update_large() that passes the data in chunks to
crypto_shash_update().
- Eric
next prev parent reply other threads:[~2023-11-02 5:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-30 2:33 [PATCH] dm-verity: hash blocks with shash import+finup when possible Eric Biggers
2023-10-30 22:41 ` Sami Tolvanen
2023-11-01 4:51 ` Herbert Xu
2023-11-01 5:48 ` Eric Biggers
2023-11-02 4:43 ` Herbert Xu
2023-11-02 5:40 ` Eric Biggers [this message]
2023-11-06 10:11 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231102054008.GG1498@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=agk@redhat.com \
--cc=dm-devel@lists.linux.dev \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox