Re: [PATCH] crypto: run qcrypto_pbkdf2_count

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread

From:	Daniel P . Berrangé
Subject:	Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread
Date:	Fri, 30 Aug 2024 12:08:18 +0100
User-agent:	Mutt/2.2.12 (2023-09-09)

On Tue, Aug 13, 2024 at 10:19:28AM -0300, Tiago Pasqualini wrote:
> CPU time accounting in the kernel has been demonstrated to have a
> sawtooth pattern[1][2]. This can cause the getrusage system call to
> not be as accurate as we are expecting, which can cause this calculation
> to stall.
> 
> The kernel discussions shows that this inaccuracy happens when CPU time
> gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
> in a fresh thread to avoid this inaccuracy. It also adds a sanity check
> to fail the process if CPU time is not accounted.
> 
> [1] 
> https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
> [2] 
> https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534
> 
> Resolves: #2398
> Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
> ---
>  crypto/pbkdf.c         | 42 +++++++++++++++++++++++++++++++++++-------
>  include/crypto/pbkdf.h | 10 ++++++++++
>  2 files changed, 45 insertions(+), 7 deletions(-)

Mostly looks good, but one minor issue...

> diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h
> index 2c31a44a27..b3757003e4 100644
> --- a/include/crypto/pbkdf.h
> +++ b/include/crypto/pbkdf.h
> @@ -153,4 +153,14 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm 
> hash,
>                                      size_t nout,
>                                      Error **errp);
>  
> +typedef struct CountItersData {
> +    QCryptoHashAlgorithm hash;
> +    const uint8_t *key;
> +    size_t nkey;
> +    const uint8_t *salt;
> +    size_t nsalt;
> +    size_t nout;
> +    Error **errp;
> +    uint64_t iterations;

Super fussy here, but lets make 'Error **errp' the very
last item in the struct.

> +} CountItersData;
>  #endif /* QCRYPTO_PBKDF_H */

...this should remain in the pbkdf.c file, since it is not intended to
be part of the public API.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread, Tiago Pasqualini, 2024/08/13
- Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread, Tiago Pasqualini, 2024/08/23
- Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread, Daniel P . Berrangé <=

Prev by Date: [PATCH 2/2] tests/unit: always build the pbkdf crypto unit test
Next by Date: Re: [PATCH 2/8] python/qapi: change "FIXME" to "TODO"
Previous by thread: Re: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread
Next by thread: [PATCH v4 0/3] hw/i386/acpi: Pre-compute the _PRT table
Index(es):
- Date
- Thread