From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
David Laight <David.Laight@aculab.com>
Cc: Netdev <netdev@vger.kernel.org>,
kernel-hardening@lists.openwall.com,
Andi Kleen <ak@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH v2 3/4] secure_seq: use siphash24 instead of md5_transform
Date: Wed, 14 Dec 2016 14:16:24 +0100 [thread overview]
Message-ID: <1e502c6b-cda3-c46d-2535-fcfb58f443a9@stressinduktion.org> (raw)
In-Reply-To: <CAHmME9pEM=cDC5S=j1BU2oCF8-WdnbRfiVojcet4rXcRLcpJRw@mail.gmail.com>
On 14.12.2016 13:53, Jason A. Donenfeld wrote:
> Hi David,
>
> On Wed, Dec 14, 2016 at 10:51 AM, David Laight <David.Laight@aculab.com> wrote:
>> From: Jason A. Donenfeld
>>> Sent: 14 December 2016 00:17
>>> This gives a clear speed and security improvement. Rather than manually
>>> filling MD5 buffers, we simply create a layout by a simple anonymous
>>> struct, for which gcc generates rather efficient code.
>> ...
>>> + const struct {
>>> + struct in6_addr saddr;
>>> + struct in6_addr daddr;
>>> + __be16 sport;
>>> + __be16 dport;
>>> + } __packed combined = {
>>> + .saddr = *(struct in6_addr *)saddr,
>>> + .daddr = *(struct in6_addr *)daddr,
>>> + .sport = sport,
>>> + .dport = dport
>>> + };
>>
>> You need to look at the effect of marking this (and the other)
>> structures 'packed' on architectures like sparc64.
>
> In all current uses of __packed in the code, I think the impact is
> precisely zero, because all structures have members in descending
> order of size, with each member being a perfect multiple of the one
> below it. The __packed is therefore just there for safety, in case
> somebody comes in and screws everything up by sticking a u8 in
> between. In that case, it wouldn't be desirable to hash the structure
> padding bits. In the worst case, I don't believe the impact would be
> worse than a byte-by-byte memcpy, which is what the old code did. But
> anyway, these structures are already naturally packed anyway, so the
> present impact is nil.
__packed not only removes all padding of the struct but also changes the
alignment assumptions for the whole struct itself. The rule, the struct
is aligned by its maximum alignment of a member is no longer true. That
said, the code accessing this struct will change (not on archs that can
deal efficiently with unaligned access, but on others).
A proper test for not introducing padding is to use something with
BUILD_BUG_ON. Also gcc also clears the padding of the struct, so padding
shouldn't be that bad in there (it is better than byte access on mips).
Btw. I think gcc7 gets support for store merging optimization.
Bye,
Hannes
next prev parent reply other threads:[~2016-12-14 13:16 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 3:59 [PATCH v2 1/4] siphash: add cryptographically secure hashtable function Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 2/4] siphash: add convenience functions for jhash converts Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 3/4] secure_seq: use siphash24 instead of md5_transform Jason A. Donenfeld
2016-12-14 12:53 ` Jason A. Donenfeld
2016-12-14 13:16 ` Hannes Frederic Sowa [this message]
2016-12-14 13:44 ` Jason A. Donenfeld
2016-12-14 14:47 ` David Laight
2016-12-14 17:49 ` Jason A. Donenfeld
2016-12-14 17:56 ` David Miller
2016-12-14 18:06 ` Jason A. Donenfeld
2016-12-14 19:22 ` Hannes Frederic Sowa
2016-12-14 19:38 ` Jason A. Donenfeld
2016-12-14 20:27 ` Hannes Frederic Sowa
2016-12-14 20:12 ` Tom Herbert
2016-12-14 21:01 ` Jason A. Donenfeld
2016-12-14 3:59 ` [PATCH v2 4/4] random: use siphash24 instead of md5 for get_random_int/long Jason A. Donenfeld
2016-12-14 11:21 ` [PATCH v2 1/4] siphash: add cryptographically secure hashtable function Hannes Frederic Sowa
2016-12-14 13:10 ` Jason A. Donenfeld
2016-12-14 15:09 ` Hannes Frederic Sowa
2016-12-14 19:47 ` Jason A. Donenfeld
2016-12-15 7:57 ` Herbert Xu
2016-12-15 8:15 ` [kernel-hardening] " Daniel Micay
2016-12-14 12:46 ` Jason A. Donenfeld
2016-12-14 22:03 ` Hannes Frederic Sowa
2016-12-14 23:29 ` Jason A. Donenfeld
2016-12-15 8:31 ` Hannes Frederic Sowa
2016-12-15 11:04 ` David Laight
2016-12-15 12:23 ` Hannes Frederic Sowa
2016-12-15 12:28 ` David Laight
2016-12-15 12:50 ` Hannes Frederic Sowa
2016-12-15 13:56 ` David Laight
2016-12-15 14:56 ` Hannes Frederic Sowa
2016-12-15 15:41 ` David Laight
2016-12-15 15:53 ` Hannes Frederic Sowa
2016-12-15 18:50 ` Jason A. Donenfeld
2016-12-15 20:31 ` Hannes Frederic Sowa
2016-12-15 20:43 ` Jason A. Donenfeld
2016-12-15 21:04 ` Peter Zijlstra
2016-12-15 21:09 ` Hannes Frederic Sowa
2016-12-15 21:17 ` Hannes Frederic Sowa
2016-12-15 21:09 ` Peter Zijlstra
2016-12-15 21:11 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-15 21:14 ` Linus Torvalds
2016-12-14 18:46 ` [PATCH v3 1/3] " Jason A. Donenfeld
2016-12-14 18:46 ` [PATCH v3 2/3] secure_seq: use siphash24 instead of md5_transform Jason A. Donenfeld
2016-12-14 21:44 ` kbuild test robot
2016-12-14 18:46 ` [PATCH v3 3/3] random: use siphash24 instead of md5 for get_random_int/long Jason A. Donenfeld
2016-12-14 21:56 ` kbuild test robot
2016-12-14 21:57 ` kbuild test robot
2016-12-15 10:14 ` David Laight
2016-12-15 18:51 ` Jason A. Donenfeld
2016-12-14 19:18 ` [PATCH v3 1/3] siphash: add cryptographically secure hashtable function Tom Herbert
2016-12-14 19:35 ` Jason A. Donenfeld
2016-12-14 20:55 ` Jason A. Donenfeld
2016-12-14 21:35 ` Tom Herbert
2016-12-14 22:56 ` Jason A. Donenfeld
2016-12-14 23:14 ` Tom Herbert
2016-12-14 23:17 ` Jason A. Donenfeld
2016-12-18 0:06 ` Christian Kujau
2016-12-14 23:30 ` Linus Torvalds
2016-12-14 23:34 ` Jason A. Donenfeld
2016-12-15 0:10 ` Linus Torvalds
2016-12-15 10:22 ` David Laight
2016-12-14 21:15 ` kbuild test robot
2016-12-14 21:21 ` Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 1/4] " Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 2/4] siphash: add N[qd]word helpers Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 3/4] secure_seq: use siphash instead of md5_transform Jason A. Donenfeld
2016-12-15 1:46 ` [PATCH v4 4/4] random: use siphash instead of MD5 for get_random_int/long Jason A. Donenfeld
2016-12-15 4:23 ` [PATCH v4 1/4] siphash: add cryptographically secure hashtable function kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e502c6b-cda3-c46d-2535-fcfb58f443a9@stressinduktion.org \
--to=hannes@stressinduktion.org \
--cc=David.Laight@aculab.com \
--cc=Jason@zx2c4.com \
--cc=ak@linux.intel.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).