* Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
[not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com>
@ 2019-09-18 14:27 ` Geert Uytterhoeven
2019-09-18 15:54 ` David Howells
1 sibling, 0 replies; 5+ messages in thread
From: Geert Uytterhoeven @ 2019-09-18 14:27 UTC (permalink / raw)
To: John Paul Adrian Glaubitz
Cc: Michael Schmitz, linux-m68k, Mat Martineau, David Howells,
James Morris, Serge E. Hallyn, keyrings, linux-security-module,
Linux Kernel Mailing List
CC crypto keys people
TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
minutes on old and slow machines. Can KEY_DH_OPERATIONS be made tristate?
On Wed, Sep 18, 2019 at 4:08 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> On Wed, Sep 18, 2019 at 3:57 PM John Paul Adrian Glaubitz
> <glaubitz@physik.fu-berlin.de> wrote:
> > On 9/18/19 3:48 PM, Geert Uytterhoeven wrote:
> > >> Diffie-Hellman doing some heavy crypto lifting on a poor m68k CPU?
> > >>
> > >> Disable CONFIG_CRYPTO_DH?
> > >
> > > See also https://lists.debian.org/debian-68k/2019/04/msg00033.html
> > >
> > > CRYPTO_DH is selected by CRYPTO_DEV_QAT and KEY_DH_OPERATIONS.
> > > The latter is bool, forcing CRYPTO_DH builtin.
> > >
> > > If KEY_DH_OPERATIONS needs to be enabled in a Debian kernel, perhaps
> > > it can be made tristate?
> > It was enabled in [1] as it's required for certain WiFi drivers [2].
> >
> > So, should it be fixed as you suggest or should we selectively disable it on m68k?
>
> Disabling it on m68k could be a first step (any WiFi drivers supported
> on m68k yet?).
>
> Making it tristate is non-trivial, as there are some interdependencies:
>
> security/keys/Makefile:compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o
> security/keys/Makefile:obj-$(CONFIG_KEY_DH_OPERATIONS) += dh.o
> security/keys/internal.h:#ifdef CONFIG_KEY_DH_OPERATIONS
> security/keys/keyctl.c:
> (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN
> : 0) |
>
> > > [1] https://salsa.debian.org/kernel-team/linux/commit/88f44cb9eb34098138c79bdab5fae434492866d1
> > > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911998
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
[not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com>
2019-09-18 14:27 ` Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) Geert Uytterhoeven
@ 2019-09-18 15:54 ` David Howells
2019-09-18 16:18 ` Geert Uytterhoeven
2019-09-18 16:43 ` David Howells
1 sibling, 2 replies; 5+ messages in thread
From: David Howells @ 2019-09-18 15:54 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: dhowells, John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k,
Mat Martineau, James Morris, Serge E. Hallyn, keyrings,
linux-security-module, Linux Kernel Mailing List
Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> CC crypto keys people
>
> TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
> minutes on old and slow machines.
Why is it doing that? It doesn't do anything unless it is called, so
something must be calling it.
> Can KEY_DH_OPERATIONS be made tristate?
Um. It's non-trivial since it's implementing a keyctl() function for
userspace to call and there's currently no ops table to jump through.
David
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
2019-09-18 15:54 ` David Howells
@ 2019-09-18 16:18 ` Geert Uytterhoeven
2019-09-18 16:43 ` David Howells
1 sibling, 0 replies; 5+ messages in thread
From: Geert Uytterhoeven @ 2019-09-18 16:18 UTC (permalink / raw)
To: David Howells
Cc: John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k,
Mat Martineau, James Morris, Serge E. Hallyn, keyrings,
linux-security-module, Linux Kernel Mailing List
Hi David,
On Wed, Sep 18, 2019 at 5:54 PM David Howells <dhowells@redhat.com> wrote:
> Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > CC crypto keys people
> >
> > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
> > minutes on old and slow machines.
>
> Why is it doing that? It doesn't do anything unless it is called, so
> something must be calling it.
I don't know. Enabling initcall_debug shows that dh_init() takes a very long
time.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
2019-09-18 15:54 ` David Howells
2019-09-18 16:18 ` Geert Uytterhoeven
@ 2019-09-18 16:43 ` David Howells
2019-09-19 19:17 ` Geert Uytterhoeven
1 sibling, 1 reply; 5+ messages in thread
From: David Howells @ 2019-09-18 16:43 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: dhowells, John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k,
Mat Martineau, James Morris, Serge E. Hallyn, keyrings,
linux-crypto, linux-security-module, Linux Kernel Mailing List
Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
> > > minutes on old and slow machines.
> >
> > Why is it doing that? It doesn't do anything unless it is called, so
> > something must be calling it.
>
> I don't know. Enabling initcall_debug shows that dh_init() takes a very long
> time.
Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless
asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I
guess it's doing some sort of self-test, but I can't see how it effects that.
I think you need to consult the author/maintainer of crypto/dh.c.
It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on
CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on
demand. Failing that, I can look into demand-loading keyctl operations.
David
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga)
2019-09-18 16:43 ` David Howells
@ 2019-09-19 19:17 ` Geert Uytterhoeven
0 siblings, 0 replies; 5+ messages in thread
From: Geert Uytterhoeven @ 2019-09-19 19:17 UTC (permalink / raw)
To: David Howells
Cc: John Paul Adrian Glaubitz, Michael Schmitz, linux-m68k,
Mat Martineau, James Morris, Serge E. Hallyn, keyrings,
Linux Crypto Mailing List, linux-security-module,
Linux Kernel Mailing List
Hi David,
On Wed, Sep 18, 2019 at 6:43 PM David Howells <dhowells@redhat.com> wrote:
> Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
> > > > minutes on old and slow machines.
> > >
> > > Why is it doing that? It doesn't do anything unless it is called, so
> > > something must be calling it.
> >
> > I don't know. Enabling initcall_debug shows that dh_init() takes a very long
> > time.
>
> Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless
> asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I
> guess it's doing some sort of self-test, but I can't see how it effects that.
> I think you need to consult the author/maintainer of crypto/dh.c.
Apparently the Debian kernel config had not enabled
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, so all crypto tests
were run at boot time :-(
> It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on
> CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on
> demand. Failing that, I can look into demand-loading keyctl operations.
Regardless, it may be a good idea to make KEY_DH_OPERATIONS tristate
one day, so enabling wireless as a module doesn't force CONFIG_CRYPTO_DH
builtin.
Thanks!
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-09-19 19:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <278d9706-162d-28a4-4640-31b697924473@physik.fu-berlin.de>
[not found] ` <c5acb1c0-7a5b-ce42-8b2f-5fd30cbdab6e@physik.fu-berlin.de>
[not found] ` <6304acd1-7b71-b1fb-f8d8-298cb3025e69@physik.fu-berlin.de>
[not found] ` <6725b972-05d4-fed4-7094-16401e86b452@gmail.com>
[not found] ` <578d8a91-aaee-087f-1742-65e64001b8fa@physik.fu-berlin.de>
[not found] ` <CAMuHMdUU6ejc168-ksqXrkE+PjCXFJumaRaWjRtj12NjG_TFSg@mail.gmail.com>
[not found] ` <CAMuHMdWfTrx8VuJoifEEBc1n+3MiiuwKNWcRnUw+TgWJCtOWag@mail.gmail.com>
[not found] ` <fea74ca3-4b24-780f-af74-a786646b1668@physik.fu-berlin.de>
[not found] ` <CAMuHMdVeedJZE6mrGdYqRgawUtfu_ww5p-Qg1rLXNmGWiY7Nxg@mail.gmail.com>
2019-09-18 14:27 ` Can KEY_DH_OPERATIONS become tristate? (was: Re: Kernel 5.3.0 stuck during boot on Amiga) Geert Uytterhoeven
2019-09-18 15:54 ` David Howells
2019-09-18 16:18 ` Geert Uytterhoeven
2019-09-18 16:43 ` David Howells
2019-09-19 19:17 ` Geert Uytterhoeven
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).