Am Mittwoch, 16. November 2016, 17:04:46 CET schrieb Herbert Xu:
Hi Herbert,
> On Wed, Nov 16, 2016 at 10:02:59AM +0100, Stephan Mueller wrote:
> > One thing occurred to me: The copying of the AD would only be done of src
> > != dst. For the AF_ALG interface, I thing we always have src != dst due
> > to the user space/kernel space translation. That means the kernel copies
> > the AD around even in user space src == dst. Isn't that a waste? I.e.
> > shouldn't we handle the AD copying rather in user space than in kernel
> > space?
>
> No that's not the case. You can do zero-copy, in which case src
> would be identical to dst.
The way to go on this topic would be to use the same logic as the authenc
implementation by using a null cipher for the copy operation. Though, finding
out whether the src and dst buffers are the same is an interesting
proposition, because we need to traverse the src and dst SGLs to see whether
the same pages and same offsets are used. A simple check for src SGL == dst
SGL will not work for the AF_ALG implementation, because the src SGL will
always be different from the dst SGL because they are constructed in different
ways (tsgl will always be different from rsgl). What may be the same are the
pages and offsets that are pointed to by the SGL in case of zerocopy.
Keeping that in mind, I am wondering whether the authenc() implementation
should be changed to simply remove the copy operation in there. As there seem
to be no other AEAD cipher implements that copy operation (at least the major
CCM and GCM implementations applicable to X86 do not do that), it seems that
it is not necessary at all for in-kernel users. The authenc implementation
performs the copy operation of the src SGL if it is different from the dst
SGL. See the following code used by authenc:
if (req->src != req->dst) {
err = crypto_authenc_copy_assoc(req);
if (err)
return err;
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req-
>assoclen);
}
Thus, the authenc implementation will always copy the AAD over in case of
AF_ALG even though zerocopy with the same buffers are used.
When the in-kernel users of AEAD seemingly do not care about the copying of
the AAD, and considering that authenc would not do it right for AF_ALG, I am
wondering whether we should:
1. remove the AAD copy in authenc to make it en-par with the other AEAD
implementations
2. re-consider the discussed patch
3. tell users to copy the AAD over if they need it in the dst buffers.
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
