[02/31] crypto_pool: Add crypto_pool_reserve_scratch()

Message ID	20220818170005.747015-3-dima@arista.com (mailing list archive)
State	Changes Requested
Headers	show Return-Path: <netdev-owner@kernel.org> From: Dmitry Safonov <dima@arista.com> To: Eric Dumazet <edumazet@google.com>, "David S. Miller" <davem@davemloft.net>, linux-kernel@vger.kernel.org Cc: Dmitry Safonov <dima@arista.com>, Andy Lutomirski <luto@amacapital.net>, Ard Biesheuvel <ardb@kernel.org>, Bob Gilligan <gilligan@arista.com>, David Ahern <dsahern@kernel.org>, Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers <ebiggers@kernel.org>, Francesco Ruggeri <fruggeri@arista.com>, Herbert Xu <herbert@gondor.apana.org.au>, Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>, Ivan Delalande <colona@arista.com>, Jakub Kicinski <kuba@kernel.org>, Leonard Crestez <cdleonard@gmail.com>, Paolo Abeni <pabeni@redhat.com>, Salam Noureddine <noureddine@arista.com>, Shuah Khan <shuah@kernel.org>, netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH 02/31] crypto_pool: Add crypto_pool_reserve_scratch() Date: Thu, 18 Aug 2022 17:59:36 +0100 Message-Id: <20220818170005.747015-3-dima@arista.com> In-Reply-To: <20220818170005.747015-1-dima@arista.com> References: <20220818170005.747015-1-dima@arista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	net/tcp: Add TCP-AO support \| expand [00/31] net/tcp: Add TCP-AO support [01/31] crypto: Introduce crypto_pool [02/31] crypto_pool: Add crypto_pool_reserve_scratch() [03/31] net/tcp: Separate tcp_md5sig_info allocation into tcp_md5sig_info_add() [04/31] net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction [05/31] net/tcp: Use crypto_pool for TCP-MD5 [06/31] net/ipv6: sr: Switch to using crypto_pool [07/31] tcp: Add TCP-AO config and structures [08/31] net/tcp: Introduce TCP_AO setsockopt()s [09/31] net/tcp: Prevent TCP-MD5 with TCP-AO being set [10/31] net/tcp: Calculate TCP-AO traffic keys [11/31] net/tcp: Add TCP-AO sign to outgoing packets [12/31] net/tcp: Add tcp_parse_auth_options() [13/31] net/tcp: Add AO sign to RST packets [14/31] net/tcp: Add TCP-AO sign to twsk [15/31] net/tcp: Wire TCP-AO to request sockets [16/31] net/tcp: Sign SYN-ACK segments with TCP-AO [17/31] net/tcp: Verify inbound TCP-AO signed segments [18/31] net/tcp: Add TCP-AO segments counters [19/31] net/tcp: Add TCP-AO SNE support [20/31] net/tcp: Add tcp_hash_fail() ratelimited logs [21/31] net/tcp: Ignore specific ICMPs for TCP-AO connections [22/31] net/tcp: Add option for TCP-AO to (not) hash header [23/31] net/tcp: Add getsockopt(TCP_AO_GET) [24/31] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) [25/31] selftests/net: Add TCP-AO library [26/31] selftests/net: Verify that TCP-AO complies with ignoring ICMPs [27/31] selftest/net: Add TCP-AO ICMPs accept test [28/31] selftest/tcp-ao: Add a test for MKT matching [29/31] selftest/tcp-ao: Add test for TCP-AO add setsockopt() command [30/31] selftests/tcp-ao: Add TCP-AO + TCP-MD5 + no sign listen socket tests [31/31] selftests/aolib: Add test/benchmark for removing MKTs

Message ID

20220818170005.747015-3-dima@arista.com (mailing list archive)

State

Changes Requested

Headers

From: Dmitry Safonov <dima@arista.com>
To: Eric Dumazet <edumazet@google.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <dima@arista.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Ard Biesheuvel <ardb@kernel.org>,
        Bob Gilligan <gilligan@arista.com>,
        David Ahern <dsahern@kernel.org>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Eric Biggers <ebiggers@kernel.org>,
        Francesco Ruggeri <fruggeri@arista.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Ivan Delalande <colona@arista.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Leonard Crestez <cdleonard@gmail.com>,
        Paolo Abeni <pabeni@redhat.com>,
        Salam Noureddine <noureddine@arista.com>,
        Shuah Khan <shuah@kernel.org>, netdev@vger.kernel.org,
        linux-crypto@vger.kernel.org
Subject: [PATCH 02/31] crypto_pool: Add crypto_pool_reserve_scratch()
Date: Thu, 18 Aug 2022 17:59:36 +0100
Message-Id: <20220818170005.747015-3-dima@arista.com>
In-Reply-To: <20220818170005.747015-1-dima@arista.com>
References: <20220818170005.747015-1-dima@arista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

net/tcp: Add TCP-AO support | expand

Context	Check	Description
netdev/tree_selection	success	Guessed tree name to be net-next, async
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Series has a cover letter
netdev/patch_count	fail	Series longer than 15 patches (and no cover letter)
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 255 this patch: 255
netdev/cc_maintainers	success	CCed 3 of 3 maintainers
netdev/build_clang	fail	Errors and warnings before: 0 this patch: 3
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 255 this patch: 255
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 129 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

netdev/tree_selection

success

Guessed tree name to be net-next, async

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/subject_prefix

success

Link

netdev/cover_letter

success

Series has a cover letter

netdev/patch_count

fail

Series longer than 15 patches (and no cover letter)

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

success

Errors and warnings before: 255 this patch: 255

netdev/cc_maintainers

success

CCed 3 of 3 maintainers

netdev/build_clang

fail

Errors and warnings before: 0 this patch: 3

netdev/module_param

success

Was 0 now: 0

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

success

Errors and warnings before: 255 this patch: 255

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 129 lines checked

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/source_inline

success

Was 0 now: 0

Commit Message

Dmitry Safonov Aug. 18, 2022, 4:59 p.m. UTC

Instead of having build-time hardcoded constant, reallocate scratch
area, if needed by user. Different algos, different users may need
different size of temp per-CPU buffer. Only up-sizing supported for
simplicity.

Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 crypto/Kconfig        |  6 ++++
 crypto/crypto_pool.c  | 68 +++++++++++++++++++++++++++++++------------
 include/crypto/pool.h |  3 +-
 3 files changed, 57 insertions(+), 20 deletions(-)

Comments

Dan Carpenter Aug. 22, 2022, 10:45 a.m. UTC | #1

Hi Dmitry,

url:    https://github.com/intel-lab-lkp/linux/commits/Dmitry-Safonov/net-tcp-Add-TCP-AO-support/20220819-010628
base:   e34cfee65ec891a319ce79797dda18083af33a76
config: x86_64-randconfig-m001 (https://download.01.org/0day-ci/archive/20220822/202208221817.t5uzfegL-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
crypto/crypto_pool.c:203 crypto_pool_alloc_ahash() error: uninitialized symbol 'err'.

vim +/err +203 crypto/crypto_pool.c

f4c3873630fc8c4 Dmitry Safonov 2022-08-18  171  int crypto_pool_alloc_ahash(const char *alg)
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  172  {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  173  	unsigned int i;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  174  	int err;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  175  
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  176  	/* slow-path */
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  177  	mutex_lock(&cpool_mutex);
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  178  	for (i = 0; i < last_allocated; i++) {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  179  		if (cpool[i].alg && !strcmp(cpool[i].alg, alg)) {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  180  			if (kref_read(&cpool[i].kref) > 0) {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  181  				kref_get(&cpool[i].kref);
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  182  				goto out;

"err" not set.  It was supposed to be set to zero at the start.  But
better to say "ret = i;" here maybe?

Why is i unsigned?  It leads to unsightly casts.  Presumably some static
checker insists on this... :/

f4c3873630fc8c4 Dmitry Safonov 2022-08-18  183  			} else {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  184  				break;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  185  			}
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  186  		}
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  187  	}
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  188  
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  189  	for (i = 0; i < last_allocated; i++) {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  190  		if (!cpool[i].alg)
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  191  			break;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  192  	}
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  193  	if (i >= CPOOL_SIZE) {
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  194  		err = -ENOSPC;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  195  		goto out;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  196  	}
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  197  
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  198  	err = __cpool_alloc_ahash(&cpool[i], alg);
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  199  	if (!err && last_allocated <= i)
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  200  		last_allocated++;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  201  out:
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  202  	mutex_unlock(&cpool_mutex);
f4c3873630fc8c4 Dmitry Safonov 2022-08-18 @203  	return err ?: (int)i;
f4c3873630fc8c4 Dmitry Safonov 2022-08-18  204  }

Dmitry Safonov Aug. 26, 2022, 2:42 p.m. UTC | #2

Hi Dan,

On 8/22/22 11:45, Dan Carpenter wrote:
> Hi Dmitry,
[..]
> "err" not set.  It was supposed to be set to zero at the start.  But
> better to say "ret = i;" here maybe?
> 
> Why is i unsigned?  It leads to unsightly casts.  Presumably some static
> checker insists on this... :/

Thanks! Will be addressed/reworked in v2.

Thank you,
          Dmitry

diff --git a/crypto/Kconfig b/crypto/Kconfig
index aeddaa3dcc77..e5865be483be 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -2134,6 +2134,12 @@  config CRYPTO_POOL
 	help
 	  Per-CPU pool of crypto requests ready for usage in atomic contexts.
 
+config CRYPTO_POOL_DEFAULT_SCRATCH_SIZE
+	hex "Per-CPU default scratch area size"
+	depends on CRYPTO_POOL
+	default 0x100
+	range 0x100 0x10000
+
 source "drivers/crypto/Kconfig"
 source "crypto/asymmetric_keys/Kconfig"
 source "certs/Kconfig"
diff --git a/crypto/crypto_pool.c b/crypto/crypto_pool.c
index a5b6e6cf818a..9e2ac4eb1138 100644
--- a/crypto/crypto_pool.c
+++ b/crypto/crypto_pool.c
@@ -1,13 +1,14 @@ 
 // SPDX-License-Identifier: GPL-2.0-or-later
 
 #include <crypto/pool.h>
+#include <linux/cpu.h>
 #include <linux/kref.h>
 #include <linux/module.h>
 #include <linux/mutex.h>
 #include <linux/percpu.h>
 #include <linux/workqueue.h>
 
-static unsigned long scratch_size = DEFAULT_CRYPTO_POOL_SCRATCH_SZ;
+static unsigned long scratch_size = CONFIG_CRYPTO_POOL_DEFAULT_SCRATCH_SIZE;
 static DEFINE_PER_CPU(void *, crypto_pool_scratch);
 
 struct crypto_pool_entry {
@@ -19,29 +20,64 @@  struct crypto_pool_entry {
 
 #define CPOOL_SIZE (PAGE_SIZE/sizeof(struct crypto_pool_entry))
 static struct crypto_pool_entry cpool[CPOOL_SIZE];
-static int last_allocated;
+static unsigned int last_allocated;
 static DEFINE_MUTEX(cpool_mutex);
 
-static int crypto_pool_scratch_alloc(void)
+static void __set_scratch(void *scratch)
 {
-	int cpu;
+	kfree(this_cpu_read(crypto_pool_scratch));
+	this_cpu_write(crypto_pool_scratch, scratch);
+}
 
-	lockdep_assert_held(&cpool_mutex);
+/* Slow-path */
+/**
+ * crypto_pool_reserve_scratch - re-allocates scratch buffer, slow-path
+ * @size: request size for the scratch/temp buffer
+ */
+int crypto_pool_reserve_scratch(unsigned long size)
+{
+	int cpu, err = 0;
 
+	mutex_lock(&cpool_mutex);
+	if (size == scratch_size) {
+		for_each_possible_cpu(cpu) {
+			if (per_cpu(crypto_pool_scratch, cpu))
+				continue;
+			goto allocate_scratch;
+		}
+		mutex_unlock(&cpool_mutex);
+		return 0;
+	}
+allocate_scratch:
+	size = max(size, scratch_size);
+	cpus_read_lock();
 	for_each_possible_cpu(cpu) {
-		void *scratch = per_cpu(crypto_pool_scratch, cpu);
+		void *scratch;
 
-		if (scratch)
-			continue;
+		scratch = kmalloc_node(size, GFP_KERNEL, cpu_to_node(cpu));
+		if (!scratch) {
+			err = -ENOMEM;
+			break;
+		}
 
-		scratch = kmalloc_node(scratch_size, GFP_KERNEL,
-				       cpu_to_node(cpu));
-		if (!scratch)
-			return -ENOMEM;
-		per_cpu(crypto_pool_scratch, cpu) = scratch;
+		if (!cpu_online(cpu)) {
+			kfree(per_cpu(crypto_pool_scratch, cpu));
+			per_cpu(crypto_pool_scratch, cpu) = scratch;
+			continue;
+		}
+		err = smp_call_function_single(cpu, __set_scratch, scratch, 1);
+		if (err) {
+			kfree(scratch);
+			break;
+		}
 	}
-	return 0;
+
+	cpus_read_unlock();
+	scratch_size = size;
+	mutex_unlock(&cpool_mutex);
+	return err;
 }
+EXPORT_SYMBOL_GPL(crypto_pool_reserve_scratch);
 
 static void crypto_pool_scratch_free(void)
 {
@@ -139,10 +175,6 @@  int crypto_pool_alloc_ahash(const char *alg)
 
 	/* slow-path */
 	mutex_lock(&cpool_mutex);
-	err = crypto_pool_scratch_alloc();
-	if (err)
-		goto out;
-
 	for (i = 0; i < last_allocated; i++) {
 		if (cpool[i].alg && !strcmp(cpool[i].alg, alg)) {
 			if (kref_read(&cpool[i].kref) > 0) {
diff --git a/include/crypto/pool.h b/include/crypto/pool.h
index 2c61aa45faff..c7d817860cc3 100644
--- a/include/crypto/pool.h
+++ b/include/crypto/pool.h
@@ -4,8 +4,6 @@ 
 
 #include <crypto/hash.h>
 
-#define DEFAULT_CRYPTO_POOL_SCRATCH_SZ	128
-
 struct crypto_pool {
 	void *scratch;
 };
@@ -20,6 +18,7 @@  struct crypto_pool_ahash {
 	struct ahash_request *req;
 };
 
+int crypto_pool_reserve_scratch(unsigned long size);
 int crypto_pool_alloc_ahash(const char *alg);
 void crypto_pool_add(unsigned int id);
 void crypto_pool_release(unsigned int id);

[02/31] crypto_pool: Add crypto_pool_reserve_scratch()

Checks

Commit Message

Comments

Patch