Re: [RFC PATCH crypto] AES: Add support to Intel AES-NIinstructions

[Huang Ying]

On Mon, 2008-12-15 at 11:38 +0800, Herbert Xu wrote:
> On Mon, Dec 15, 2008 at 10:19:02AM +0800, Huang Ying wrote:
> > 
> > The general x86 implementation is used as the fall back for new AES-NI
> > based implementation. Because AES-NI can not be used in kernel soft_irq
> > context. If crypto layer is used to access general x86 implementation,
> 
> Why is that? The VIA PadLock also "touches" the SSE state but we still
> use it on softirq paths.
> 
> In fact Suresh told me earlier that your AES instruction wasn't
> going to have the SSE problems that VIA had, is this not the case?

The PadLock instructions don't use/touch SSE registers, but might cause
DNA fault when CR0.TS is set. So it is sufficient just to clear CR0.TS
before executed.

The AES-NI instructions do use SSE registers. Considering the following
situation:

1. In kernel, code path using SSE registers are executed, user space SSE
state is saved if necessary.
2. An interrupt/soft_irq comes, and encrypt/decrypt with AES-NI is
executed. The SSE state of code path 1 is destroyed.

To solve the above issue, the following methods can be used:

a. Do not touch SSE state in soft_irq
b. Disable/restore soft_irq in kernel_fpu_begin/kernel_fpu_end
c. Use a per-CPU data structure to save kernel FPU state during
soft_irq.

The mothod a is used in patch.

Best Regards,
Huang Ying

Attachment: signature.asc
Description: This is a digitally signed message part