From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Harald Freudenberger <freude@linux.ibm.com>,
mpatocka@redhat.com, agk@redhat.com, snitzer@kernel.org,
ifranzki@linux.ibm.com, linux-s390@vger.kernel.org,
dm-devel@lists.linux.dev, dengler@linux.ibm.com
Subject: Re: [PATCH v1 1/1] dm-integrity: Implement asynch digest support
Date: Thu, 16 Jan 2025 17:54:51 +0000 [thread overview]
Message-ID: <20250116175451.GA3772706@google.com> (raw)
In-Reply-To: <Z4jNmdb4Bacom3-j@gondor.apana.org.au>
On Thu, Jan 16, 2025 at 05:12:57PM +0800, Herbert Xu wrote:
> On Thu, Jan 16, 2025 at 10:00:36AM +0100, Harald Freudenberger wrote:
> >
> > Eric your idea was whirling around in my head for at least 3 month now.
> > It would be great to have a way to offer an shash() implementation which
> > clearly states that it is not for use in atomic context. E.g. like as you
> > wrote with a new flag. I'll work out something in this direction and push
> > it onto the crypto mailing list :-)
>
> I don't like this flag because we'd have to modify every other
> hash user.
But in practice it's the opposite. Making it an ahash forces users who would
otherwise just be using shash to use ahash instead.
> For example, this would result in your algorithm
> being unavailable to IPsec despite it being an ahash user (because
> it can't sleep).
No one is asking for it to be available to IPsec. And this is just a MAC, not a
cipher. But more generally, sleepable algorithms could still be used via an
adapter using cryptd, or by making IPsec support using a workqueue like all the
storage encryption/integrity systems already do. In any case this would be a
rare (or nonexistent?) use case and should be treated as such.
> I think the dm-crypt patch should wait until after I have added
> virtual address support to ahash. Then we could compare it properly
> with shash.
That won't solve all the problems with ahash, for example the per-request
allocation. We'll still end up with something that is worse for 99% of users,
while also doing a very poor job supporting the 1% (even assuming it's 1% and
not 0% which it very well might be) who actually think they want off-CPU
hardware crypto acceleration. Not to mention the nonsense like having
"synchronous asynchronous hashes".
I think it's time to admit that the approach you're trying to take with the
crypto API is wrong. This has been known for years.
The primary API needs to be designed around and optimized for software crypto,
which is what nearly everyone wants.
- Eric
next prev parent reply other threads:[~2025-01-16 17:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-15 16:46 [PATCH v1 0/1] dm-integrity: Implement asynch digest support Harald Freudenberger
2025-01-15 16:46 ` [PATCH v1 1/1] " Harald Freudenberger
2025-01-15 17:29 ` Mikulas Patocka
2025-01-17 13:31 ` Harald Freudenberger
2025-01-22 17:00 ` Harald Freudenberger
2025-01-27 17:57 ` Mikulas Patocka
2025-01-15 17:37 ` Eric Biggers
2025-01-16 7:33 ` Harald Freudenberger
2025-01-16 8:03 ` Eric Biggers
2025-01-16 9:00 ` Harald Freudenberger
2025-01-16 9:12 ` Herbert Xu
2025-01-16 17:54 ` Eric Biggers [this message]
2025-01-17 6:21 ` Herbert Xu
2025-01-17 7:57 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250116175451.GA3772706@google.com \
--to=ebiggers@kernel.org \
--cc=agk@redhat.com \
--cc=dengler@linux.ibm.com \
--cc=dm-devel@lists.linux.dev \
--cc=freude@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox