Re: [v5 PATCH 7/7] crypto: stm32 - Save and restore between each request

From: Linus Walleij
Date: Mon Mar 06 2023 - 05:08:37 EST

Next message: Alexandre Ghiti: "[PATCH v5 03/26] arm: Remove COMMAND_LINE_SIZE from uapi"
Previous message: Alexandre Ghiti: "[PATCH v5 02/26] arm64: Remove COMMAND_LINE_SIZE from uapi"
In reply to: Herbert Xu: "[v5 PATCH 7/7] crypto: stm32 - Save and restore between each request"
Next in thread: Herbert Xu: "Re: [v5 PATCH 7/7] crypto: stm32 - Save and restore between each request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 6, 2023 at 5:42 AM Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> The Crypto API hashing paradigm requires the hardware state to
> be exported between *each* request because multiple unrelated
> hashes may be processed concurrently.
>
> The stm32 hardware is capable of producing the hardware hashing
> state but it was only doing it in the export function. This is
> not only broken for export as you can't export a kernel pointer
> and reimport it, but it also means that concurrent hashing was
> fundamentally broken.
>
> Fix this by moving the saving and restoring of hardware hash
> state between each and every hashing request.
>
> Also change the emptymsg check in stm32_hash_copy_hash to rely
> on whether we have any existing hash state, rather than whether
> this particular update request is empty.
>
> Fixes: 8a1012d3f2ab ("crypto: stm32 - Support for STM32 HASH module")
> Reported-by: Li kunyu <kunyu@xxxxxxxxxxxx>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

This partly works (after my folded in fix in patch 5)!

Clean SHA1 and SHA256 works flawlessly.
HMAC still fails, but not until we start testing random vectors:

[ 7.541954] alg: ahash: stm32-hmac-sha256 digest() failed on test
vector "random: psize=0 ksize=80"; expected_error=0,
actual_error=-110, cfg="random: may_sleep"
[ 7.567212] alg: self-tests for hmac(sha256) using
stm32-hmac-sha256 failed (rc=-110)
[ 7.567222] ------------[ cut here ]------------
[ 7.579669] WARNING: CPU: 0 PID: 89 at crypto/testmgr.c:5858
alg_test.part.0+0x4d0/0x4dc
[ 7.587809] alg: self-tests for hmac(sha256) using
stm32-hmac-sha256 failed (rc=-110)
[ 7.587817] Modules linked in:
[ 7.598702] CPU: 0 PID: 89 Comm: cryptomgr_test Not tainted
6.2.0-13572-gcdc48b2701b2 #87
[ 7.606877] Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support)
[ 7.613842] unwind_backtrace from show_stack+0x10/0x14
[ 7.619080] show_stack from dump_stack_lvl+0x40/0x4c
[ 7.624145] dump_stack_lvl from __warn+0x94/0xc0
[ 7.628861] __warn from warn_slowpath_fmt+0x118/0x164
[ 7.634007] warn_slowpath_fmt from alg_test.part.0+0x4d0/0x4dc
[ 7.639936] alg_test.part.0 from cryptomgr_test+0x18/0x38
[ 7.645430] cryptomgr_test from kthread+0xc0/0xc4
[ 7.650229] kthread from ret_from_fork+0x14/0x2c
[ 7.654936] Exception stack(0xf10b5fb0 to 0xf10b5ff8)
[ 7.659984] 5fa0: 00000000
00000000 00000000 00000000
[ 7.668154] 5fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[ 7.676325] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 7.682986] ---[ end trace 0000000000000000 ]---
[ 7.688219] stm32-hash a03c2000.hash: allocated sha256 fallback
[ 10.675002] stm32-hash a03c2000.hash: allocated hmac(sha1) fallback
[ 11.269604] alg: ahash: stm32-hmac-sha1 finup() failed with err
-110 on test vector "random: psize=0 ksize=15", cfg="random: use_finup
src_divs=[100.0%@+4081] i"
[ 11.285037] alg: self-tests for hmac(sha1) using stm32-hmac-sha1
failed (rc=-110)
[ 11.285048] ------------[ cut here ]------------
[ 11.297141] WARNING: CPU: 1 PID: 102 at crypto/testmgr.c:5858
alg_test.part.0+0x4d0/0x4dc
[ 11.305352] alg: self-tests for hmac(sha1) using stm32-hmac-sha1
failed (rc=-110)
[ 11.305361] Modules linked in:
[ 11.315894] CPU: 1 PID: 102 Comm: cryptomgr_test Tainted: G
W 6.2.0-13572-gcdc48b2701b2 #87
[ 11.325633] Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support)
[ 11.332594] unwind_backtrace from show_stack+0x10/0x14
[ 11.337832] show_stack from dump_stack_lvl+0x40/0x4c
[ 11.342897] dump_stack_lvl from __warn+0x94/0xc0
[ 11.347611] __warn from warn_slowpath_fmt+0x118/0x164
[ 11.352758] warn_slowpath_fmt from alg_test.part.0+0x4d0/0x4dc
[ 11.358687] alg_test.part.0 from cryptomgr_test+0x18/0x38
[ 11.364181] cryptomgr_test from kthread+0xc0/0xc4
[ 11.368981] kthread from ret_from_fork+0x14/0x2c
[ 11.373687] Exception stack(0xf10f1fb0 to 0xf10f1ff8)
[ 11.378734] 1fa0: 00000000
00000000 00000000 00000000
[ 11.386906] 1fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[ 11.395076] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 11.401724] ---[ end trace 0000000000000000 ]---
[ 11.407162] stm32-hash a03c2000.hash: allocated sha1 fallback

I will try to investigate further as time permits. (Right now I have
to go off for lunch...)

Yours,
Linus Walleij

Next message: Alexandre Ghiti: "[PATCH v5 03/26] arm: Remove COMMAND_LINE_SIZE from uapi"
Previous message: Alexandre Ghiti: "[PATCH v5 02/26] arm64: Remove COMMAND_LINE_SIZE from uapi"
In reply to: Herbert Xu: "[v5 PATCH 7/7] crypto: stm32 - Save and restore between each request"
Next in thread: Herbert Xu: "Re: [v5 PATCH 7/7] crypto: stm32 - Save and restore between each request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]