On Mon, 2008-12-15 at 11:38 +0800, Herbert Xu wrote: > On Mon, Dec 15, 2008 at 10:19:02AM +0800, Huang Ying wrote: > > > > The general x86 implementation is used as the fall back for new AES-NI > > based implementation. Because AES-NI can not be used in kernel soft_irq > > context. If crypto layer is used to access general x86 implementation, > > Why is that? The VIA PadLock also "touches" the SSE state but we still > use it on softirq paths. > > In fact Suresh told me earlier that your AES instruction wasn't > going to have the SSE problems that VIA had, is this not the case? The PadLock instructions don't use/touch SSE registers, but might cause DNA fault when CR0.TS is set. So it is sufficient just to clear CR0.TS before executed. The AES-NI instructions do use SSE registers. Considering the following situation: 1. In kernel, code path using SSE registers are executed, user space SSE state is saved if necessary. 2. An interrupt/soft_irq comes, and encrypt/decrypt with AES-NI is executed. The SSE state of code path 1 is destroyed. To solve the above issue, the following methods can be used: a. Do not touch SSE state in soft_irq b. Disable/restore soft_irq in kernel_fpu_begin/kernel_fpu_end c. Use a per-CPU data structure to save kernel FPU state during soft_irq. The mothod a is used in patch. Best Regards, Huang Ying
Attachment:
signature.asc
Description: This is a digitally signed message part
