• Jason A. Donenfeld's avatar
    crypto: arch/lib - limit simd usage to 4k chunks · 706024a5
    Jason A. Donenfeld authored
    The initial Zinc patchset, after some mailing list discussion, contained
    code to ensure that kernel_fpu_enable would not be kept on for more than
    a 4k chunk, since it disables preemption. The choice of 4k isn't totally
    scientific, but it's not a bad guess either, and it's what's used in
    both the x86 poly1305, blake2s, and nhpoly1305 code already (in the form
    of PAGE_SIZE, which this commit corrects to be explicitly 4k for the
    former two).
    
    Ard did some back of the envelope calculations and found that
    at 5 cycles/byte (overestimate) on a 1ghz processor (pretty slow), 4k
    means we have a maximum preemption disabling of 20us, which Sebastian
    confirmed was probably a good limit.
    
    Unfortunately the chunking appears to have been left out of the final
    patchset that added the glue code. So, this commit adds it back in.
    
    Fixes: 84e03fa3 ("crypto: x86/chacha - expose SIMD ChaCha routine as library function")
    Fixes: b3aad5ba ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function")
    Fixes: a44a3430 ("crypto: arm/chacha - expose ARM ChaCha routine as library function")
    Fixes: d7d7b853 ("crypto: x86/poly1305 - wire up faster implementations for kernel")
    Fixes: f569ca16 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation")
    Fixes: a6b803b3 ("crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation")
    Fixes: ed0356ed ("crypto: blake2s - x86_64 SIMD implementation")
    Cc: Eric Biggers <ebiggers@google.com>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
    Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    706024a5
blake2s-glue.c 6.78 KB