On Wed, 13 Mar 2019 at 06:15, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > All crypto API algorithms are supposed to support the case where they > are called in a context where SIMD instructions are unusable, e.g. IRQ > context on some architectures. However, this isn't tested for by the > self-tests, causing bugs to go undetected. > > This patch series therefore updates the self-tests to test the no-SIMD > code. It works by converting all may_use_simd() checks to a new macro > crypto_simd_usable(), which also returns false when the self-tests have > disabled SIMD in crypto algorithms on the current CPU for test purposes. > > For now, all no-SIMD testing is limited to the extra crypto self-tests, > because it might be a bit too invasive for the regular self-tests. > But this could be changed later. > > This already found bugs in the arm64 implementations of AES-GCM and > ChaCha. These are fixed by the first two patches. Following this, the > tests pass on x86, arm, and arm64. > Thanks a lot for doing this Eric. I pushed your branch to kernelci again, let's see if anything else falls out (although not as likely, given that this shouldn't affect h/w accelerators) > This patch series is based on top of my other pending patch series > "crypto: add SIMD helpers for AEADs". It can also be found in git at: > > URL: https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git > Branch: crypto-nosimd-tests > > Eric Biggers (8): > crypto: chacha-generic - fix use as arm64 no-NEON fallback > crypto: arm64/gcm-aes-ce - fix no-NEON fallback code > crypto: simd,testmgr - introduce crypto_simd_usable() > crypto: x86 - convert to use crypto_simd_usable() > crypto: arm - convert to use crypto_simd_usable() > crypto: arm64 - convert to use crypto_simd_usable() > crypto: simd - convert to use crypto_simd_usable() > crypto: testmgr - test the !may_use_simd() fallback code > > arch/arm/crypto/chacha-neon-glue.c | 5 +- > arch/arm/crypto/crc32-ce-glue.c | 5 +- > arch/arm/crypto/crct10dif-ce-glue.c | 3 +- > arch/arm/crypto/ghash-ce-glue.c | 7 +- > arch/arm/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm/crypto/sha1-ce-glue.c | 5 +- > arch/arm/crypto/sha1_neon_glue.c | 5 +- > arch/arm/crypto/sha2-ce-glue.c | 5 +- > arch/arm/crypto/sha256_neon_glue.c | 5 +- > arch/arm/crypto/sha512-neon-glue.c | 5 +- > arch/arm64/crypto/aes-ce-ccm-glue.c | 7 +- > arch/arm64/crypto/aes-ce-glue.c | 5 +- > arch/arm64/crypto/aes-glue.c | 4 +- > arch/arm64/crypto/aes-neonbs-glue.c | 2 +- > arch/arm64/crypto/chacha-neon-glue.c | 5 +- > arch/arm64/crypto/crct10dif-ce-glue.c | 5 +- > arch/arm64/crypto/ghash-ce-glue.c | 17 ++- > arch/arm64/crypto/nhpoly1305-neon-glue.c | 3 +- > arch/arm64/crypto/sha1-ce-glue.c | 7 +- > arch/arm64/crypto/sha2-ce-glue.c | 7 +- > arch/arm64/crypto/sha256-glue.c | 5 +- > arch/arm64/crypto/sha3-ce-glue.c | 5 +- > arch/arm64/crypto/sha512-ce-glue.c | 7 +- > arch/arm64/crypto/sm3-ce-glue.c | 7 +- > arch/arm64/crypto/sm4-ce-glue.c | 5 +- > arch/x86/crypto/aesni-intel_glue.c | 8 +- > arch/x86/crypto/chacha_glue.c | 6 +- > arch/x86/crypto/crc32-pclmul_glue.c | 5 +- > arch/x86/crypto/crc32c-intel_glue.c | 7 +- > arch/x86/crypto/crct10dif-pclmul_glue.c | 7 +- > arch/x86/crypto/ghash-clmulni-intel_glue.c | 9 +- > arch/x86/crypto/nhpoly1305-avx2-glue.c | 5 +- > arch/x86/crypto/nhpoly1305-sse2-glue.c | 5 +- > arch/x86/crypto/poly1305_glue.c | 4 +- > arch/x86/crypto/sha1_ssse3_glue.c | 7 +- > arch/x86/crypto/sha256_ssse3_glue.c | 7 +- > arch/x86/crypto/sha512_ssse3_glue.c | 10 +- > crypto/chacha_generic.c | 2 +- > crypto/simd.c | 8 +- > crypto/testmgr.c | 142 +++++++++++++++++---- > include/crypto/internal/simd.h | 24 ++++ > 41 files changed, 272 insertions(+), 123 deletions(-) > > -- > 2.21.0 >
