Re: [RFC][PATCH] Make cryptoapi non-optional?

From: David S. Miller
Date: Sat Aug 09 2003 - 03:20:04 EST

Next message: Con Kolivas: "Re: [PATCH]O14int"
Previous message: Russell King: "Re: [BK PATCH] More PCI fixes for 2.6.0-test2"
In reply to: Matt Mackall: "[RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: Matt Mackall: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 9 Aug 2003 02:44:59 -0500
Matt Mackall <mpm@xxxxxxxxxxx> wrote:

> The attached (lightly tested) patch gets rid of the SHA in the
> /dev/random code and replaces it with cryptoapi, leaving us with just
> one SHA implementation.
...
> __u32 secure_tcp_syn_cookie(__u32 saddr, __u32 daddr, __u16 sport,
> __u16 dport, __u32 sseq, __u32 count, __u32 data)
...
> + tfm = crypto_alloc_tfm("sha1", 0);

secure_tcp_syn_cookie() is called from software interrupt
context, therefore it may not sleep.

So you cannot call crypto_alloc_tfm() here, which can sleep.

Not to mention that calling crypto_alloc_tfm() for every TCP
connection creation is absurdly expensive.

Same thing in check_tcp_syn_cookie().

Also, same problem exists with extract_entropy() which also must be
callable from software interrupt context, and thus the
crypto_alloc_tfm() alloc calls you added there are illegal too.

This patch needs tons of work.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Con Kolivas: "Re: [PATCH]O14int"
Previous message: Russell King: "Re: [BK PATCH] More PCI fixes for 2.6.0-test2"
In reply to: Matt Mackall: "[RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: Matt Mackall: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]