Re: [RFC PATCH crypto] AES: Add support to Intel AES-NIinstructions
From: Huang Ying
Date: Mon Dec 15 2008 - 00:15:32 EST
On Mon, 2008-12-15 at 11:38 +0800, Herbert Xu wrote:
> On Mon, Dec 15, 2008 at 10:19:02AM +0800, Huang Ying wrote:
> >
> > The general x86 implementation is used as the fall back for new AES-NI
> > based implementation. Because AES-NI can not be used in kernel soft_irq
> > context. If crypto layer is used to access general x86 implementation,
>
> Why is that? The VIA PadLock also "touches" the SSE state but we still
> use it on softirq paths.
>
> In fact Suresh told me earlier that your AES instruction wasn't
> going to have the SSE problems that VIA had, is this not the case?
The PadLock instructions don't use/touch SSE registers, but might cause
DNA fault when CR0.TS is set. So it is sufficient just to clear CR0.TS
before executed.
The AES-NI instructions do use SSE registers. Considering the following
situation:
1. In kernel, code path using SSE registers are executed, user space SSE
state is saved if necessary.
2. An interrupt/soft_irq comes, and encrypt/decrypt with AES-NI is
executed. The SSE state of code path 1 is destroyed.
To solve the above issue, the following methods can be used:
a. Do not touch SSE state in soft_irq
b. Disable/restore soft_irq in kernel_fpu_begin/kernel_fpu_end
c. Use a per-CPU data structure to save kernel FPU state during
soft_irq.
The mothod a is used in patch.
Best Regards,
Huang Ying
Attachment:
signature.asc
Description: This is a digitally signed message part