Re: [kernel-hardening] Re: Remaining crypto API regressions with CONFIG_VMAP_STACK
From: Eric Biggers
Date: Sat Dec 10 2016 - 01:31:09 EST
On Sat, Dec 10, 2016 at 01:37:12PM +0800, Herbert Xu wrote:
> On Fri, Dec 09, 2016 at 09:25:38PM -0800, Andy Lutomirski wrote:
> >
> > Herbert, how hard would it be to teach the crypto code to use a more
> > sensible data structure than scatterlist and to use coccinelle fix
> > this stuff for real?
>
> First of all we already have a sync non-SG hash interface, it's
> called shash.
>
> If we had enough sync-only users of skcipher then I'll consider
> adding an interface for it. However, at this point in time it
> appears to more sense to convert such users over to the async
> interface rather than the other way around.
>
> As for AEAD we never had a sync interface to begin with and I
> don't think I'm going to add one.
>
Isn't the question of "should the API use physical or virtual addresses"
independent of the question of "should the API support asynchronous requests"?
You can already choose, via the flags and mask arguments when allocating a
crypto transform, whether you want it to be synchronous or asynchronous or
whether you don't care. I don't see what that says about whether the API should
take in physical memory (e.g. scatterlists or struct pages) or virtual memory
(e.g. iov_iters or just regular pointers).
And while it's true that asynchronous algorithms are often provided by hardware
drivers that operate on physical memory, it's not always the case. For example
some of the AES-NI algorithms are asynchronous only because they use the SSE
registers which can't always available to kernel code, so the request may need
to be processed by another thread.
Eric