Re: [PATCH v4 7/9] riscv: vector: adjust minimum Vector requirement to ZVE32X

From: Eric Biggers
Date: Thu Apr 18 2024 - 13:32:22 EST


On Thu, Apr 18, 2024 at 05:53:55PM +0100, Conor Dooley wrote:
> > If it would be useful to do so, we should be able to enable some of the code
> > with a smaller VLEN and/or EEW once it has been tested in those configurations.
> > Some of it should work, but some of it won't be able to work. (For example, the
> > SHA512 instructions require EEW==64.)
> >
> > Also note that currently all the RISC-V vector crypto code only supports riscv64
> > (XLEN=64). Similarly, that could be relaxed in the future if people really need
> > the vector crypto acceleration on 32-bit CPUs... But similarly, the code would
> > need to be revised and tested in that configuration.
> >
> > > Eric/Jerry (although read the previous paragraph too):
> > > I noticed that the sha256 glue code calls crypto_simd_usable(), and in
> > > turn may_use_simd() before kernel_vector_begin(). The chacha20 glue code
> > > does not call either, which seems to violate the edict in
> > > kernel_vector_begin()'s kerneldoc:
> > > "Must not be called unless may_use_simd() returns true."
> >
> > skcipher algorithms can only be invoked in process and softirq context. This
> > differs from shash algorithms which can be invoked in any context.
> >
> > My understanding is that, like arm64, RISC-V always allows non-nested
> > kernel-mode vector to be used in process and softirq context -- and in fact,
> > this was intentionally done in order to support use cases like this. So that's
> > why the RISC-V skcipher algorithms don't check for may_use_simd() before calling
> > kernel_vector_begin().
>
> I see, thanks for explaining that. I think you should probably check
> somewhere if has_vector() returns true in that driver though before
> using vector instructions. Only checking vlen seems to me like relying on
> an implementation detail and if we set vlen for the T-Head/0.7.1 vector
> it'd be fooled. That said, I don't think that any of the 0.7.1 vector
> systems actually support Zvkb, but I hope you get my drift.

All the algorithms check for at least one of the vector crypto extensions being
supported, for example Zvkb. 'if (riscv_isa_extension_available(NULL, ZVKB))'
should return whether the ratified version of Zvkb is supported, and likewise
for the other vector crypto extensions. The ratified version of the vector
crypto extensions depends on the ratified version of the vector extension. So
there should be no issue. If there is, the RISC-V core architecture code needs
to be fixed to not declare that extensions are supported when they are actually
incompatible non-standard versions of those extensions. Incompatible
non-standard extensions should be represented as separate extensions.

- Eric