* Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) [not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com> @ 2019-09-18 14:27 ` Geert Uytterhoeven 2019-09-18 15:54 ` David Howells 1 sibling, 0 replies; 5+ messages in thread From: Geert Uytterhoeven @ 2019-09-18 14:27 UTC (permalink / raw) To: John Paul Adrian Glaubitz Cc: Michael Schmitz, linux-m68k, Mat Martineau, David Howells, James Morris, Serge E. Hallyn, keyrings, linux-security-module, Linux Kernel Mailing List CC crypto keys people TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several minutes on old and slow machines. Can KEY_DH_OPERATIONS be made tristate? On Wed, Sep 18, 2019 at 4:08 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote: > On Wed, Sep 18, 2019 at 3:57 PM John Paul Adrian Glaubitz > <glaubitz@physik.fu-berlin.de> wrote: > > On 9/18/19 3:48 PM, Geert Uytterhoeven wrote: > > >> Diffie-Hellman doing some heavy crypto lifting on a poor m68k CPU? > > >> > > >> Disable CONFIG_CRYPTO_DH? > > > > > > See also https://lists.debian.org/debian-68k/2019/04/msg00033.html > > > > > > CRYPTO_DH is selected by CRYPTO_DEV_QAT and KEY_DH_OPERATIONS. > > > The latter is bool, forcing CRYPTO_DH builtin. > > > > > > If KEY_DH_OPERATIONS needs to be enabled in a Debian kernel, perhaps > > > it can be made tristate? > > It was enabled in [1] as it's required for certain WiFi drivers [2]. > > > > So, should it be fixed as you suggest or should we selectively disable it on m68k? > > Disabling it on m68k could be a first step (any WiFi drivers supported > on m68k yet?). > > Making it tristate is non-trivial, as there are some interdependencies: > > security/keys/Makefile:compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o > security/keys/Makefile:obj-$(CONFIG_KEY_DH_OPERATIONS) += dh.o > security/keys/internal.h:#ifdef CONFIG_KEY_DH_OPERATIONS > security/keys/keyctl.c: > (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN > : 0) | > > > > [1] https://salsa.debian.org/kernel-team/linux/commit/88f44cb9eb34098138c79bdab5fae434492866d1 > > > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911998 Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) [not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com> 2019-09-18 14:27 ` Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) Geert Uytterhoeven @ 2019-09-18 15:54 ` David Howells 2019-09-18 16:18 ` Geert Uytterhoeven 2019-09-18 16:43 ` David Howells 1 sibling, 2 replies; 5+ messages in thread From: David Howells @ 2019-09-18 15:54 UTC (permalink / raw) To: Geert Uytterhoeven Cc: dhowells, John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k, Mat Martineau, James Morris, Serge E. Hallyn, keyrings, linux-security-module, Linux Kernel Mailing List Geert Uytterhoeven <geert@linux-m68k.org> wrote: > CC crypto keys people > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several > minutes on old and slow machines. Why is it doing that? It doesn't do anything unless it is called, so something must be calling it. > Can KEY_DH_OPERATIONS be made tristate? Um. It's non-trivial since it's implementing a keyctl() function for userspace to call and there's currently no ops table to jump through. David ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) 2019-09-18 15:54 ` David Howells @ 2019-09-18 16:18 ` Geert Uytterhoeven 2019-09-18 16:43 ` David Howells 1 sibling, 0 replies; 5+ messages in thread From: Geert Uytterhoeven @ 2019-09-18 16:18 UTC (permalink / raw) To: David Howells Cc: John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k, Mat Martineau, James Morris, Serge E. Hallyn, keyrings, linux-security-module, Linux Kernel Mailing List Hi David, On Wed, Sep 18, 2019 at 5:54 PM David Howells <dhowells@redhat.com> wrote: > Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > CC crypto keys people > > > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several > > minutes on old and slow machines. > > Why is it doing that? It doesn't do anything unless it is called, so > something must be calling it. I don't know. Enabling initcall_debug shows that dh_init() takes a very long time. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) 2019-09-18 15:54 ` David Howells 2019-09-18 16:18 ` Geert Uytterhoeven @ 2019-09-18 16:43 ` David Howells 2019-09-19 19:17 ` Geert Uytterhoeven 1 sibling, 1 reply; 5+ messages in thread From: David Howells @ 2019-09-18 16:43 UTC (permalink / raw) To: Geert Uytterhoeven Cc: dhowells, John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k, Mat Martineau, James Morris, Serge E. Hallyn, keyrings, linux-crypto, linux-security-module, Linux Kernel Mailing List Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several > > > minutes on old and slow machines. > > > > Why is it doing that? It doesn't do anything unless it is called, so > > something must be calling it. > > I don't know. Enabling initcall_debug shows that dh_init() takes a very long > time. Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I guess it's doing some sort of self-test, but I can't see how it effects that. I think you need to consult the author/maintainer of crypto/dh.c. It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on demand. Failing that, I can look into demand-loading keyctl operations. David ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) 2019-09-18 16:43 ` David Howells @ 2019-09-19 19:17 ` Geert Uytterhoeven 0 siblings, 0 replies; 5+ messages in thread From: Geert Uytterhoeven @ 2019-09-19 19:17 UTC (permalink / raw) To: David Howells Cc: John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k, Mat Martineau, James Morris, Serge E. Hallyn, keyrings, Linux Crypto Mailing List, linux-security-module, Linux Kernel Mailing List Hi David, On Wed, Sep 18, 2019 at 6:43 PM David Howells <dhowells@redhat.com> wrote: > Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several > > > > minutes on old and slow machines. > > > > > > Why is it doing that? It doesn't do anything unless it is called, so > > > something must be calling it. > > > > I don't know. Enabling initcall_debug shows that dh_init() takes a very long > > time. > > Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless > asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I > guess it's doing some sort of self-test, but I can't see how it effects that. > I think you need to consult the author/maintainer of crypto/dh.c. Apparently the Debian kernel config had not enabled CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, so all crypto tests were run at boot time :-( > It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on > CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on > demand. Failing that, I can look into demand-loading keyctl operations. Regardless, it may be a good idea to make KEY_DH_OPERATIONS tristate one day, so enabling wireless as a module doesn't force CONFIG_CRYPTO_DH builtin. Thanks! Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-09-19 19:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <278d9706-162d-28a4-4640-31b697924473@physik.fu-berlin.de>
[not found] ` <c5acb1c0-7a5b-ce42-8b2f-5fd30cbdab6e@physik.fu-berlin.de>
[not found] ` <6304acd1-7b71-b1fb-f8d8-298cb3025e69@physik.fu-berlin.de>
[not found] ` <6725b972-05d4-fed4-7094-16401e86b452@gmail.com>
[not found] ` <578d8a91-aaee-087f-1742-65e64001b8fa@physik.fu-berlin.de>
[not found] ` <CAMuHMdUU6ejc168-ksqXrkE+PjCXFJumaRaWjRtj12NjG_TFSg@mail.gmail.com>
[not found] ` <CAMuHMdWfTrx8VuJoifEEBc1n+3MiiuwKNWcRnUw+TgWJCtOWag@mail.gmail.com>
[not found] ` <fea74ca3-4b24-780f-af74-a786646b1668@physik.fu-berlin.de>
[not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com>
2019-09-18 14:27 ` Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) Geert Uytterhoeven
2019-09-18 15:54 ` David Howells
2019-09-18 16:18 ` Geert Uytterhoeven
2019-09-18 16:43 ` David Howells
2019-09-19 19:17 ` Geert Uytterhoeven
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).