From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ard Biesheuvel <ardb@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: Re: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper
Date: Thu, 3 Apr 2025 02:14:53 +0000 [thread overview]
Message-ID: <20250403021453.GA2872965@google.com> (raw)
In-Reply-To: <Z-3jkYNtZpTDtKGf@gondor.apana.org.au>
On Thu, Apr 03, 2025 at 09:25:37AM +0800, Herbert Xu wrote:
> On Wed, Apr 02, 2025 at 10:19:30AM -0700, Eric Biggers wrote:
> >
> > This seems premature. crypto_shash is documented to be usable in any context.
> > See the "Context:" comments in include/crypto/hash.h. Similarly, developers
> > expect lib/ functions to be available in any context unless otherwise
> > documented.
>
> Doing slow computations in a hard IRQ is a bad idea. The whole
> point of a hard IRQ handler is to set a flag and defer everything
> to a different context.
>
> Please show me one good reason why we should allow crypto in
> a hard IRQ.
>
> > IMO, doing it for lib/ too would be going too far though. The lib/ functions
> > should be easy to use and not have random requirements on the calling context.
> > And since they're just functions, it's easy for them to fall back to the generic
> > functions when needed. Also note that for very short inputs it can actually be
> > faster to use no-SIMD code, as that avoids the overhead of a kernel-mode SIMD
> > section. So the fallback sometimes exists anyway for that.
>
> We already disallow SIMD in hard IRQs anyway (may_use_simd is
> always false in that context). The only thing you could use
> is the generic implementation.
>
> So making this change in lib/crypto does not take any functionality
> away. You could still invoke the generic lib/crypto code directly.
>
> It does mean that we take away a completely useless check for
> people who are actually doing crypto because crypto work should
> never be done in a hard IRQ.
It's not the 90s anymore. Crypto is fast now, and used ubiquitously.
And "crypto" doesn't necessarily mean a large operation. It can be hashing just
a few bytes of data, for example.
Also as you know, the crypto API includes some non-cryptographic algorithms too.
BTW, x86 does allow SIMD in hardirq context in some cases.
Certainly agreed that crypto in hardirqs is something to be avoided in general,
though.
So maybe your proposal is okay, if it's done properly.
The thing I actually have more of a problem with is that you tend to start
making random API changes without any of the necessary prerequisites like
updating documentation, or adding debug assertions to catch violations of new
requirements. You've already started removing the fallbacks from shash (commit
3846c01d42526bc31), but neither of those things have been done. So we're
currently in a weird state where the shash API is explicitly documented to work
in all contexts, but you've broken that.
- Eric
next prev parent reply other threads:[~2025-04-03 2:14 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-02 0:24 [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Eric Biggers
2025-04-02 0:24 ` [PATCH v2 1/9] crypto: x86/aes - drop the avx10_256 AES-XTS and AES-CTR code Eric Biggers
2025-04-02 0:24 ` [PATCH v2 2/9] crypto: x86/aegis - stop using the SIMD helper Eric Biggers
2025-04-02 0:24 ` [PATCH v2 3/9] crypto: x86/aes " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 4/9] crypto: x86/aria " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 5/9] crypto: x86/camellia " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 6/9] crypto: x86/cast " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 7/9] crypto: x86/serpent " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 8/9] crypto: x86/sm4 " Eric Biggers
2025-04-02 0:24 ` [PATCH v2 9/9] crypto: x86/twofish " Eric Biggers
2025-04-02 3:14 ` [PATCH v2 0/9] crypto: x86 " Herbert Xu
2025-04-02 6:31 ` Ard Biesheuvel
2025-04-02 6:34 ` Ard Biesheuvel
2025-04-02 8:22 ` Herbert Xu
2025-04-02 17:19 ` Eric Biggers
2025-04-03 1:25 ` Herbert Xu
2025-04-03 2:14 ` Eric Biggers [this message]
2025-04-03 2:33 ` [PATCH] crypto: hash - Do not use shash in hard IRQs Herbert Xu
2025-04-03 2:56 ` [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Herbert Xu
2025-04-03 3:20 ` Eric Biggers
2025-04-03 3:42 ` Banning crypto in hardirq context (was: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper) Herbert Xu
2025-04-03 3:59 ` Eric Biggers
2025-04-03 4:14 ` [PATCH] crypto: x86/chacha - Remove SIMD fallback path Herbert Xu
2025-04-07 16:48 ` Eric Biggers
2025-04-08 2:12 ` [PATCH] crypto: x86/chacha - Restore SSSE3 " Herbert Xu
2025-04-03 7:03 ` Banning crypto in hardirq context (was: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper) Ard Biesheuvel
2025-04-07 5:25 ` [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403021453.GA2872965@google.com \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox