[REGRESSION] dm_crypt essiv ciphers do not use async driver mv-aes-cbc anymore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#regzbot introduced: 7bcb2c99f8ed

I am running the NixOS distribution cross-compiled from x86_64 to a Marvell Armada 388 armv7 SoC.

I am not getting expected speeds when reading/writing on my encrypted hard drive with 6.5.5, while it is fast on 5.4.257. Volume is formatted like this: `cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/sda`.

Specifically, I tracked this down to the changes to crypto/essiv.c from 7bcb2c99f8ed mentioned above. Reverting those changes on top of a 6.5.5 kernel provides working (see applicable diff further below).

I'm *guessing* that this is related to the mv-aes-cbc crypto driver (from the marvell-cesa module) being registered as async (according to /proc/crypto), and I *suspect* that async drivers are not being used anymore by essiv or dm_crypt. Going by the commit description, which sounds more like a refactor, this does not seem intentional.

Would appreciate a lot if someone more experienced with the crypto subsystem can have a look at this.


Greetings,

Yureka


---
Some more detailed information


Excerpt from /proc/crypto in 5.4.257:

name         : essiv(cbc(aes),sha256)
driver       : essiv(mv-cbc-aes,sha256-generic)
async        : yes

speeds of 130MB/s can be observed

In 5.10.197 (the first branch that has this issue and is still receiving updates):

name         : essiv(cbc(aes),sha256)
driver       : essiv(cbc(aes-arm),sha256-generic)
async        : no

speeds are less than half, 55MB/s
the other listings in /proc/crypto seem to be unchanged. mv-cbc-aes is still the highest priority driver providing cbc(aes)


diff that restores the working state on recent kernels (tested with 6.5.5):


diff --git a/crypto/essiv.c b/crypto/essiv.c
index 85bb624e32b9..8d57245add54 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -471,7 +471,7 @@ static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
                return PTR_ERR(shash_name);
 
        type = algt->type & algt->mask;
-       mask = crypto_algt_inherited_mask(algt);
+       mask = (algt->type ^ CRYPTO_ALG_ASYNC) & algt->mask & CRYPTO_ALG_ASYNC;
 
        switch (type) {
        case CRYPTO_ALG_TYPE_SKCIPHER:
@@ -530,7 +530,7 @@ static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
        /* Synchronous hash, e.g., "sha256" */
        _hash_alg = crypto_alg_mod_lookup(shash_name,
                                          CRYPTO_ALG_TYPE_SHASH,
-                                         CRYPTO_ALG_TYPE_MASK | mask);
+                                         CRYPTO_ALG_TYPE_MASK);
        if (IS_ERR(_hash_alg)) {
                err = PTR_ERR(_hash_alg);
                goto out_drop_skcipher;
@@ -562,12 +562,7 @@ static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
                     hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
                goto out_free_hash;
 
-       /*
-        * hash_alg wasn't gotten via crypto_grab*(), so we need to inherit its
-        * flags manually.
-        */
-       base->cra_flags        |= (hash_alg->base.cra_flags &
-                                  CRYPTO_ALG_INHERITED_FLAGS);
+       base->cra_flags         = block_base->cra_flags & CRYPTO_ALG_ASYNC;
        base->cra_blocksize     = block_base->cra_blocksize;
        base->cra_ctxsize       = sizeof(struct essiv_tfm_ctx);
        base->cra_alignmask     = block_base->cra_alignmask;





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux