| Message ID | ZuetBbpfq5X8BAwn@gondor.apana.org.au |
|---|---|
| State | New |
| Headers | show |
| Series | [GIT,PULL] Crypto Update for 6.12 | expand |
The pull request you sent on Mon, 18 Nov 2024 11:18:25 +0800:
> git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git v6.13-p1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/02b2f1a7b8ef340e57cae640a52ec7199b0b887d
Thank you!
The pull request you sent on Thu, 23 Jan 2025 19:10:34 +0800:
> git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git v6.14-p1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/454cb97726fe62a04b187a0d631ec0a69f6b713a
Thank you!
On Tue, 25 Mar 2025 at 16:25, Eric Biggers <ebiggers@kernel.org> wrote: > > On Tue, Mar 25, 2025 at 01:53:28PM +0800, Herbert Xu wrote: > > > > crypto: hash - Add request chaining API > > Herbert didn't mention that I have nacked this patch, which he is insisting on > pushing for some reason instead of my original version that is much better. > > Let me reiterate why "request chaining" is a bad idea and is going to cause > problems. > > It makes it so that now a single hash request can now actually be a list of hash > requests. It makes some of the crypto code operate on the whole list. However, > most code still operates only on the first request in the list. It's > undocumented and inconsistent which code is doing which, which is going to cause > bugs. The first request in the list is also being treated specially in > undocumented ways, so submitting a list of requests is not necessarily > equivalent to submitting them all individually. Another recipe for bugs. > > Each hash request can also contain an entire scatterlist. It's overkill for > what is actually needed for multibuffer hashing, which is a simple API that > hashes two buffers specified by virtual address. Herbert's API creates lots of > unnecessary edge cases, most of which lack any testing. It continues many of > the worst practices of the crypto API that we *know* are not working, like > requiring per-request memory allocations and optimizing for legacy hardware > offload rather than the CPU-based crypto that almost everyone actually uses. > > In contrast, my patchset > https://lore.kernel.org/r/20250212154718.44255-1-ebiggers@kernel.org/ supports > multibuffer hashing in a much better way and has been ready for a year already. > It actually works; it has a smaller diffstat; it is faster; it has a much > simpler API; and it actually includes all needed pieces including x86 and arm64 > support, dm-verity and fs-verity support, and full documentation and tests. > > I've been spending a lot of time fixing the kernel's crypto code over the years. > I'm not looking forward to having another set of major issues to fix. > > And this latest set of issues will be totally unnecessary. > > We can do better than this, especially for cryptography code. > > Nacked-by: Eric Biggers <ebiggers@kernel.org> > It's sad that it is coming to this, but I have to second Eric here: for CPU based crypto, the flexibility of Herbert's approach has no added value. SHA CPU instructions can be interleaved at the instruction level to get almost 2x speedup in some cases, and this works very well when operating on equal sized inputs. However, generalizing this to arbitrary request chains to accommodate async h/w offload introduces a lot of complexity for use cases that are only imaginary. Given Eric's track record as a contributor to the crypto subsystem and as a maintainer of subsystems that are closely tied to it, I would expect Herbert to take his opinion more seriously, but it is just being ignored. Instead, a lightly tested alternative with no integration into existing users has been merged in its place, with very little input from the community. So Herbert, please withdraw this pull request, and work with Eric and the rest of us to converge on something that we can all get behind.
On Fri, Jul 19, 2024 at 01:49:26AM +1200, Herbert Xu wrote: The following changes since commit 8400291e289ee6b2bf9779ff1c83a291501f017b: Linux 6.11-rc1 (2024-07-28 14:19:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git v6.12-p1 for you to fetch changes up to ce212d2afca47acd366a2e74c76fe82c31f785ab: crypto: n2 - Set err to EINVAL if snprintf fails for hmac (2024-09-13 18:26:53 +0800) ---------------------------------------------------------------- This update includes the following changes: API: - Make self-test asynchronous. Algorithms: - Remove MPI functions added for SM3. - Add allocation error checks to remaining MPI functions (introduced for SM3). - Set default Jitter RNG OSR to 3. Drivers: - Add hwrng driver for Rockchip RK3568 SoC. - Allow disabling SR-IOV VFs through sysfs in qat. - Fix device reset bugs in hisilicon. - Fix authenc key parsing by using generic helper in octeontx*. Others: - Fix xor benchmarking on parisc. ---------------------------------------------------------------- Adam Guerin (1): crypto: qat - preserve ADF_GENERAL_SEC Amit Shah (1): crypto: ccp - do not request interrupt on cmd completion when irqs disabled Aurelien Jarno (2): dt-bindings: rng: Add Rockchip RK3568 TRNG hwrng: rockchip - add hwrng driver for Rockchip RK3568 SoC Brian Masney (2): crypto: qcom-rng - fix support for ACPI-based systems crypto: qcom-rng - rename *_of_data to *_match_data Chen Yufan (1): crypto: camm/qi - Use ERR_CAST() to return error-valued pointer Chenghai Huang (2): crypto: hisilicon - add a lock for the qp send operation crypto: hisilicon/trng - modifying the order of header files Chunhai Guo (2): crypto: atmel - use devm_clk_get_prepared() helpers crypto: img-hash - use devm_clk_get_enabled() helpers Colin Ian King (2): crypto: hisilicon/sec - Remove trailing space after \n newline crypto: qat - Remove trailing space after \n newline Dan Carpenter (7): crypto: iaa - Fix potential use after free bug crypto: spacc - Fix bounds checking on spacc->job[] crypto: spacc - Fix off by one in spacc_isenabled() crypto: spacc - Add a new line in spacc_open() crypto: spacc - Fix uninitialized variable in spacc_aead_process() crypto: spacc - Fix NULL vs IS_ERR() check in spacc_aead_fallback() crypto: spacc - Check for allocation failure in spacc_skcipher_fallback() Eric Biggers (3): crypto: x86/aes-gcm - fix PREEMPT_RT issue in gcm_crypt() crypto: arm/aes-neonbs - go back to using aes-arm directly crypto: x86/aesni - update docs for aesni-intel module Fangrui Song (1): crypto: x86/sha256 - Add parentheses around macros' single arguments Francesco Dolcini (1): hwrng: cn10k - Enable by default CN10K driver if Thunder SoC is enabled Frank Li (1): dt-bindings: crypto: fsl,sec-v4.0: add second register space for rtic Gaosheng Cui (2): hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Guoqing Jiang (1): hwrng: mtk - Use devm_pm_runtime_enable Gustavo A. R. Silva (2): crypto: qat - Use static_assert() to check struct sizes crypto: nx - Use static_assert() to check struct sizes Helge Deller (1): crypto: xor - fix template benchmarking Herbert Xu (19): Revert "crypto: arm64/poly1305 - move data to rodata section" crypto: caam/qi* - Use cpumask_var_t instead of cpumask_t Revert "lib/mpi: Introduce ec implementation to MPI library" Revert "lib/mpi: Extend the MPI library" crypto: lib/mpi - Add error checks to extension crypto: dh - Check mpi_rshift errors crypto: rsa - Check MPI allocation errors crypto: spacc - Use crypto_authenc_extractkeys crypto: octeontx - Fix authenc setkey crypto: octeontx2 - Fix authenc setkey crypto: api - Remove instance larval fulfilment crypto: api - Do not wait for tests during registration crypto: simd - Do not call crypto_alloc_tfm during registration Revert "crypto: spacc - Add SPAcc Skcipher support" crypto: api - Fix generic algorithm self-test races crypto: algboss - Pass instance creation error up crypto: testmgr - Hide ENOENT errors crypto: octeontx* - Select CRYPTO_AUTHENC crypto: n2 - Set err to EINVAL if snprintf fails for hmac Huan Yang (1): hwrng: mxc-rnga - Use devm_clk_get_enabled() helpers Jeff Johnson (1): crypto: ppc/curve25519 - add missing MODULE_DESCRIPTION() macro Jia He (2): crypto: arm64/poly1305 - move data to rodata section crypto: arm64/poly1305 - move data to rodata section Kamlesh Gurudasani (1): padata: Honor the caller's alignment in case of chunk_size 0 Kuan-Wei Chiu (3): crypto: octeontx - Remove custom swap function in favor of built-in sort swap crypto: octeontx2 - Remove custom swap functions in favor of built-in sort swap crypto: hisilicon/zip - Optimize performance by replacing rw_lock with spinlock Liao Chen (1): crypto: keembay - fix module autoloading Martin Kaiser (2): hwrng: rockchip - rst is used only during probe hwrng: rockchip - handle devm_pm_runtime_enable errors Michal Witwicki (4): crypto: qat - disable IOV in adf_dev_stop() crypto: qat - fix recovery flow for VFs crypto: qat - ensure correct order in VF restarting handler crypto: qat - allow disabling SR-IOV VFs Nikunj Kela (1): dt-bindings: crypto: qcom,prng: document support for SA8255p Pavan Kumar Paluri (1): crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Pavitrakumar M (8): crypto: spacc - Add SPAcc Skcipher support crypto: spacc - Enable SPAcc AUTODETECT crypto: spacc - Add SPAcc ahash support crypto: spacc - Add SPAcc aead support crypto: spacc - Add SPAcc Kconfig and Makefile crypto: spacc - Enable Driver compilation in crypto Kconfig and Makefile crypto: spacc - Fix counter width checks crypto: spacc - Fixed return to CRYPTO_OK Riyan Dhiman (1): crypto: aegis128 - Fix indentation issue in crypto_aegis128_process_crypt() Stephan Mueller (1): crypto: jitter - set default OSR to 3 Stephen Rothwell (1): crypto: spacc - Add ifndef around MIN Svyatoslav Pankratov (1): crypto: qat - fix "Full Going True" macro definition Thorsten Blum (2): crypto: chacha20poly1305 - Annotate struct chachapoly_ctx with __counted_by() crypto: jitter - Use min() to simplify jent_read_entropy() Tom Lendacky (1): crypto: ccp - Add additional information about an SEV firmware upgrade VanGiang Nguyen (1): padata: use integer wrap around to prevent deadlock on seq_nr overflow WangYuli (1): crypto: mips/crc32 - Clean up useless assignment operations Weili Qian (3): crypto: hisilicon/qm - reset device before enabling it crypto: hisilicon/hpre - mask cluster timeout error crypto: hisilicon/qm - inject error before stopping queue Yang Shen (1): crypto: hisilicon - fix missed error branch Yue Haibing (6): crypto: safexcel - Remove unused declaration safexcel_ring_first_rptr() crypto: sl3516 - Remove unused declaration sl3516_ce_enqueue() crypto: octeontx - Remove unused declaration otx_cpt_callback() crypto: ccp - Remove unused declaration sp_get_master() crypto: amlogic - Remove unused declaration meson_enqueue() crypto: crypto4xx - Remove unused declaration crypto4xx_free_ctx() Zhu Jun (1): crypto: tools/ccp - Remove unused variable .../devicetree/bindings/crypto/fsl,sec-v4.0.yaml | 5 +- .../devicetree/bindings/crypto/qcom,prng.yaml | 1 + .../bindings/rng/rockchip,rk3568-rng.yaml | 61 + MAINTAINERS | 7 + arch/arm/crypto/Kconfig | 14 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-cipher-glue.c | 5 +- arch/arm/crypto/aes-cipher.h | 13 + arch/arm/crypto/aes-neonbs-glue.c | 131 +- arch/arm64/crypto/poly1305-armv8.pl | 6 +- arch/mips/crypto/crc32-mips.c | 64 +- arch/powerpc/crypto/curve25519-ppc64le-core.c | 1 + arch/x86/crypto/Kconfig | 8 +- arch/x86/crypto/aesni-intel_glue.c | 61 +- arch/x86/crypto/sha256-avx2-asm.S | 16 +- crypto/Kconfig | 2 +- crypto/aegis128-core.c | 5 +- crypto/algapi.c | 71 +- crypto/algboss.c | 4 +- crypto/api.c | 75 +- crypto/chacha20poly1305.c | 2 +- crypto/dh.c | 4 +- crypto/internal.h | 3 +- crypto/jitterentropy.c | 6 +- crypto/rsa.c | 19 +- crypto/simd.c | 76 +- crypto/testmgr.c | 23 +- crypto/xor.c | 31 +- drivers/char/hw_random/Kconfig | 15 + drivers/char/hw_random/Makefile | 1 + drivers/char/hw_random/bcm2835-rng.c | 4 +- drivers/char/hw_random/cctrng.c | 1 + drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/hw_random/mxc-rnga.c | 16 +- drivers/char/hw_random/rockchip-rng.c | 228 +++ drivers/crypto/amcc/crypto4xx_core.h | 1 - drivers/crypto/amlogic/amlogic-gxl.h | 2 - drivers/crypto/atmel-aes.c | 16 +- drivers/crypto/atmel-sha.c | 14 +- drivers/crypto/caam/caamalg_qi.c | 4 +- drivers/crypto/caam/caamalg_qi2.c | 17 +- drivers/crypto/caam/qi.c | 31 +- drivers/crypto/ccp/sev-dev.c | 28 +- drivers/crypto/ccp/sp-dev.h | 1 - drivers/crypto/gemini/sl3516-ce.h | 2 - drivers/crypto/hisilicon/hpre/hpre_crypto.c | 2 + drivers/crypto/hisilicon/hpre/hpre_main.c | 54 +- drivers/crypto/hisilicon/qm.c | 151 +- drivers/crypto/hisilicon/sec/sec_drv.c | 2 +- drivers/crypto/hisilicon/sec2/sec_main.c | 16 +- drivers/crypto/hisilicon/sgl.c | 14 +- drivers/crypto/hisilicon/trng/trng.c | 4 +- drivers/crypto/hisilicon/zip/zip_crypto.c | 17 +- drivers/crypto/hisilicon/zip/zip_main.c | 23 +- drivers/crypto/img-hash.c | 21 +- drivers/crypto/inside-secure/safexcel.h | 1 - drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/keembay/keembay-ocs-hcu-core.c | 1 + drivers/crypto/intel/qat/qat_420xx/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_c62x/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_cfg.c | 29 + drivers/crypto/intel/qat/qat_common/adf_cfg.h | 2 + .../crypto/intel/qat/qat_common/adf_common_drv.h | 2 +- drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c | 6 +- .../crypto/intel/qat/qat_common/adf_gen4_hw_data.h | 2 +- drivers/crypto/intel/qat/qat_common/adf_init.c | 44 +- .../crypto/intel/qat/qat_common/adf_pfvf_pf_msg.c | 9 +- .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.c | 14 + .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.h | 1 + drivers/crypto/intel/qat/qat_common/adf_sriov.c | 194 ++- drivers/crypto/intel/qat/qat_common/adf_sysfs.c | 4 +- drivers/crypto/intel/qat/qat_common/adf_vf_isr.c | 4 +- drivers/crypto/intel/qat/qat_common/qat_bl.h | 2 + drivers/crypto/intel/qat/qat_common/qat_uclo.c | 2 +- drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 4 +- drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c | 4 +- drivers/crypto/marvell/Kconfig | 2 + drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 277 ++-- drivers/crypto/marvell/octeontx/otx_cptvf_algs.h | 1 - drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 266 ++-- drivers/crypto/n2_core.c | 1 + drivers/crypto/nx/nx-842.h | 3 + drivers/crypto/qcom-rng.c | 24 +- include/crypto/internal/simd.h | 12 +- include/linux/mpi.h | 192 +-- kernel/padata.c | 6 +- lib/crypto/mpi/Makefile | 2 - lib/crypto/mpi/ec.c | 1507 -------------------- lib/crypto/mpi/mpi-add.c | 89 +- lib/crypto/mpi/mpi-bit.c | 168 +-- lib/crypto/mpi/mpi-cmp.c | 46 +- lib/crypto/mpi/mpi-div.c | 82 +- lib/crypto/mpi/mpi-internal.h | 21 +- lib/crypto/mpi/mpi-inv.c | 143 -- lib/crypto/mpi/mpi-mod.c | 148 +- lib/crypto/mpi/mpi-mul.c | 29 +- lib/crypto/mpi/mpicoder.c | 336 ----- lib/crypto/mpi/mpih-mul.c | 25 - lib/crypto/mpi/mpiutil.c | 184 +-- tools/crypto/ccp/dbc.c | 1 - 105 files changed, 1423 insertions(+), 3900 deletions(-) create mode 100644 Documentation/devicetree/bindings/rng/rockchip,rk3568-rng.yaml create mode 100644 arch/arm/crypto/aes-cipher.h create mode 100644 drivers/char/hw_random/rockchip-rng.c delete mode 100644 lib/crypto/mpi/ec.c delete mode 100644 lib/crypto/mpi/mpi-inv.c Thanks,