mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
ac90aad0e9
Commit698de82278("crypto: testmgr - make it easier to enable the full set of tests") removed support for building kernels that run only the "fast" set of crypto self-tests by default. This assumed that nearly everyone actually wanted the full set of tests, *if* they had already chosen to enable the tests at all. Unfortunately, it turns out that both Debian and Fedora intentionally have the crypto self-tests enabled in their production kernels. And for production kernels we do need to keep the testing time down, which implies just running the "fast" tests, not the full set of tests. For Fedora, a reason for enabling the tests in production is that they are being (mis)used to meet the FIPS 140-3 pre-operational testing requirement. However, the other reason for enabling the tests in production, which applies to both distros, is that they provide some value in protecting users from buggy drivers. Unfortunately, the crypto/ subsystem has many buggy and untested drivers for off-CPU hardware accelerators on rare platforms. These broken drivers get shipped to users, and there have been multiple examples of the tests preventing these buggy drivers from being used. So effectively, the tests are being relied on in production kernels. I think this is kind of crazy (untested drivers should just not be enabled at all), but that seems to be how things work currently. Thus, reintroduce a kconfig option that controls the level of testing. Call it CRYPTO_SELFTESTS_FULL instead of the original name CRYPTO_MANAGER_EXTRA_TESTS, which was slightly misleading. Moreover, given the "production kernel" use case, make CRYPTO_SELFTESTS depend on EXPERT instead of DEBUG_KERNEL. I also haven't reinstated all the #ifdefs in crypto/testmgr.c. Instead, just rely on the compiler to optimize out unused code. Fixes:40b9969796("crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS") Fixes:698de82278("crypto: testmgr - make it easier to enable the full set of tests") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
59 lines
1.8 KiB
C
59 lines
1.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Shared crypto simd helpers
|
|
*/
|
|
|
|
#ifndef _CRYPTO_INTERNAL_SIMD_H
|
|
#define _CRYPTO_INTERNAL_SIMD_H
|
|
|
|
#include <asm/simd.h>
|
|
#include <linux/percpu.h>
|
|
#include <linux/types.h>
|
|
|
|
/* skcipher support */
|
|
|
|
struct simd_skcipher_alg;
|
|
struct skcipher_alg;
|
|
|
|
struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
|
|
const char *algname,
|
|
const char *drvname,
|
|
const char *basename);
|
|
void simd_skcipher_free(struct simd_skcipher_alg *alg);
|
|
|
|
int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
|
|
struct simd_skcipher_alg **simd_algs);
|
|
|
|
void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
|
|
struct simd_skcipher_alg **simd_algs);
|
|
|
|
/* AEAD support */
|
|
|
|
struct simd_aead_alg;
|
|
struct aead_alg;
|
|
|
|
int simd_register_aeads_compat(struct aead_alg *algs, int count,
|
|
struct simd_aead_alg **simd_algs);
|
|
|
|
void simd_unregister_aeads(struct aead_alg *algs, int count,
|
|
struct simd_aead_alg **simd_algs);
|
|
|
|
/*
|
|
* crypto_simd_usable() - is it allowed at this time to use SIMD instructions or
|
|
* access the SIMD register file?
|
|
*
|
|
* This delegates to may_use_simd(), except that this also returns false if SIMD
|
|
* in crypto code has been temporarily disabled on this CPU by the crypto
|
|
* self-tests, in order to test the no-SIMD fallback code. This override is
|
|
* currently limited to configurations where the "full" self-tests are enabled,
|
|
* because it might be a bit too invasive to be part of the "fast" self-tests.
|
|
*/
|
|
#ifdef CONFIG_CRYPTO_SELFTESTS_FULL
|
|
DECLARE_PER_CPU(bool, crypto_simd_disabled_for_test);
|
|
#define crypto_simd_usable() \
|
|
(may_use_simd() && !this_cpu_read(crypto_simd_disabled_for_test))
|
|
#else
|
|
#define crypto_simd_usable() may_use_simd()
|
|
#endif
|
|
|
|
#endif /* _CRYPTO_INTERNAL_SIMD_H */
|