On Thu, Nov 22, 2007 at 07:26:13PM +0800, Herbert Xu ([EMAIL PROTECTED]) wrote:
> On Thu, Nov 22, 2007 at 02:17:11PM +0300, Evgeniy Polyakov wrote:
> >
> > > + spin_lock_bh(&ctx->lock);
> >
> > Crypto hardware can access iv in interrupt context and thus this can get
> > wrong data.
>
> This lock only guards against other callers of this function.
> It doesn't care about how you do the underlying encryption.
> You can do it in softirq context, hardirq context, or offload
> it to the moon :)
What if dm-crypt will use the same interface (or other bulk-processing
user) will use it with software crypto? Or was it specially designed for
ipsec only?
> > Are you sure that crypto operation has to be limited to be performed
> > with turned off bottom halves? I believe this is a huge limitation for
> > those ablkcipher devices which are not async actually...
>
> This only applies to givcrypt which is only used by IPsec where
> we already do everything under a bh lock :)
>
> New users should specify the IV generator explicitly as is done
> in dm-crypt.
I.e. it is an ipsec helper only and should not be used by other users?
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
