Re: [PATCH net-next v5 02/20] zinc: introduce minimal cryptography library

[Ard Biesheuvel]

On 20 September 2018 at 21:15, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
> Hi Andy,
>
> On Fri, Sep 21, 2018 at 5:23 AM Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>> At the risk on suggesting something awful: on x86_64, since we turn preemption off for simd, it wouldnât be *completely* insane to do the crypto on the irq stack. It would look like:
>>
>> kernel_fpu_call(func, arg);
>>
>> And this helper would disable preemption, enable FPU, switch to the irq stack, call func(arg), disable FPU, enable preemption, and return. And we can have large IRQ stacks.
>>
>> I refuse to touch this with a ten-foot pole until the lazy FPU restore patches land.
>
> Haha. That's fun, and maybe we'll do that at some point, but I have
> some other reasons too for being on a workqueue now.
>

Kernel mode crypto is callable from any context, and SIMD can be used
in softirq context on arm64 (and on x86, even from hardirq context
IIRC if the interrupt is taken from userland), in which case we'd
already be on the irq stack.

>>
>> All that being said, why are these frames so large?  It sounds like something may be spilling that ought not to.
>
> They're not. Well, they're not anymore. I had a silly thing before
> like "u8 buffer[1 << 12]" in some debugging code, which is what
> prompted the ccflag-y addition. I cleaned up the mistakes like that
> and frames are now reasonable everywhere. Non-issue.
>

Did any of the fuzzing/testing you mention in the cover letter occur
on the kernel versions of these algorithms?