On Thu, Nov 22, 2007 at 07:26:13PM +0800, Herbert Xu (herbert@xxxxxxxxxxxxxxxxxxx) wrote: > On Thu, Nov 22, 2007 at 02:17:11PM +0300, Evgeniy Polyakov wrote: > > > > > + spin_lock_bh(&ctx->lock); > > > > Crypto hardware can access iv in interrupt context and thus this can get > > wrong data. > > This lock only guards against other callers of this function. > It doesn't care about how you do the underlying encryption. > You can do it in softirq context, hardirq context, or offload > it to the moon :) What if dm-crypt will use the same interface (or other bulk-processing user) will use it with software crypto? Or was it specially designed for ipsec only? > > Are you sure that crypto operation has to be limited to be performed > > with turned off bottom halves? I believe this is a huge limitation for > > those ablkcipher devices which are not async actually... > > This only applies to givcrypt which is only used by IPsec where > we already do everything under a bh lock :) > > New users should specify the IV generator explicitly as is done > in dm-crypt. I.e. it is an ipsec helper only and should not be used by other users? -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
