From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ard Biesheuvel <ardb@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: Banning crypto in hardirq context (was: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper)
Date: Wed, 2 Apr 2025 20:59:34 -0700 [thread overview]
Message-ID: <20250403035934.GB129577@sol.localdomain> (raw)
In-Reply-To: <Z-4DqsRApwQi6Xju@gondor.apana.org.au>
On Thu, Apr 03, 2025 at 11:42:34AM +0800, Herbert Xu wrote:
> On Wed, Apr 02, 2025 at 08:20:08PM -0700, Eric Biggers wrote:
> >
> > Also, riscv has scalar AES instructions. (They aren't used by the kernel yet,
> > but they could be. The CRC code already uses scalar carryless multiplication.)
>
> It still doesn't mean that it's a good idea to use AES in a
> hard IRQ handler, especially if the code is meant to be portable.
>
> > Also, as I said already, x86 does support SIMD instructions in hardirq context
> > in some cases. Whether anyone actually uses that, I don't know, but it is
> > explicitly supported. Check out irq_fpu_usable().
>
> This is more of an accident than some deliberate strategy of
> supporting FPU usage in hard IRQs. This test was initially
> added for aesni:
>
> commit 54b6a1bd5364aca95cd6ffae00f2b64c6511122c
> Author: Ying Huang <huang.ying.caritas@gmail.com>
> Date: Sun Jan 18 16:28:34 2009 +1100
>
> crypto: aes-ni - Add support to Intel AES-NI instructions for x86_64 platform
>
> It was then improved by:
>
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Mon Feb 13 13:56:14 2012 -0800
>
> i387: make irq_fpu_usable() tests more robust
>
> Some code - especially the crypto layer - wants to use the x86
> FP/MMX/AVX register set in what may be interrupt (typically softirq)
> context.
>
> At no point was there any intention of using this in a hardirq
> context.
>
> Until such a time when you have a valid application for using
> lib/crypto code in a hardirq context, I don't think we should
> be supporting that at the expense of real users who are in
> process/softirq context only.
Whatever. We agree that "crypto in hardirq" is not a good idea in general. I'm
just pointing out that there are certain cases, like SipHash used in a hash
table, where it easily could happen and would be fine. And all the shash and
crypto library functions currently work in any context, unlike e.g. skcipher and
aead which do not. You seem to be trying to claim that it was never supported,
but that is incorrect. Making it unsupported would be a change that needs to be
properly documented (the functions would no longer be simply "Any context")
*and* have proper debug assertions added to enforce it and prevent usage errors.
But in a lot of cases there is also no reason to even add that restriction. I'm
not sure why you're so eager to make the library functions harder to use.
- Eric
next prev parent reply other threads:[~2025-04-03 3:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-02 0:24 [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Eric Biggers
2025-04-02 0:24 ` [PATCH v2 1/9] crypto: x86/aes - drop the avx10_256 AES-XTS and AES-CTR code Eric Biggers
2025-04-02 0:24 ` [PATCH v2 2/9] crypto: x86/aegis - stop using the SIMD helper Eric Biggers
2025-04-02 0:24 ` [PATCH v2 3/9] crypto: x86/aes " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 4/9] crypto: x86/aria " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 5/9] crypto: x86/camellia " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 6/9] crypto: x86/cast " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 7/9] crypto: x86/serpent " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 8/9] crypto: x86/sm4 " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 9/9] crypto: x86/twofish " Eric Biggers
2025-04-02 3:14 ` [PATCH v2 0/9] crypto: x86 " Herbert Xu
2025-04-02 6:31 ` Ard Biesheuvel
2025-04-02 6:34 ` Ard Biesheuvel
2025-04-02 8:22 ` Herbert Xu
2025-04-02 17:19 ` Eric Biggers
2025-04-03 1:25 ` Herbert Xu
2025-04-03 2:14 ` Eric Biggers
2025-04-03 2:33 ` [PATCH] crypto: hash - Do not use shash in hard IRQs Herbert Xu
2025-04-03 2:56 ` [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Herbert Xu
2025-04-03 3:20 ` Eric Biggers
2025-04-03 3:42 ` Banning crypto in hardirq context (was: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper) Herbert Xu
2025-04-03 3:59 ` Eric Biggers [this message]
2025-04-03 4:14 ` [PATCH] crypto: x86/chacha - Remove SIMD fallback path Herbert Xu
2025-04-07 16:48 ` Eric Biggers
2025-04-08 2:12 ` [PATCH] crypto: x86/chacha - Restore SSSE3 " Herbert Xu
2025-04-03 7:03 ` Banning crypto in hardirq context (was: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper) Ard Biesheuvel
2025-04-07 5:25 ` [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403035934.GB129577@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox