| Message ID | 1461924463-1678-2-git-send-email-rjones@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
Am Freitag, 29. April 2016, 11:07:43 schrieb Richard W.M. Jones: Hi Richard, > Running self-tests for a short-lived KVM VM takes 28ms on my laptop. > This commit adds a flag 'cryptomgr.notests' which allows them to be > disabled. > > Signed-off-by: Richard W.M. Jones <rjones@redhat.com> > --- > Documentation/kernel-parameters.txt | 3 +++ > crypto/testmgr.c | 9 +++++++++ > 2 files changed, 12 insertions(+) > > diff --git a/Documentation/kernel-parameters.txt > b/Documentation/kernel-parameters.txt index 0b3de80..d4d5fb7 100644 > --- a/Documentation/kernel-parameters.txt > +++ b/Documentation/kernel-parameters.txt > @@ -826,6 +826,9 @@ bytes respectively. Such letter suffixes can also be > entirely omitted. It will be ignored when crashkernel=X,high is not used > or memory reserved is below 4G. > > + cryptomgr.notests > + [KNL] Disable crypto self-tests > + > cs89x0_dma= [HW,NET] > Format: <dma> > > diff --git a/crypto/testmgr.c b/crypto/testmgr.c > index b86883a..dc613f2 100644 > --- a/crypto/testmgr.c > +++ b/crypto/testmgr.c > @@ -35,6 +35,10 @@ > > #include "internal.h" > > +static bool notests; > +module_param(notests, bool, 0644); > +MODULE_PARM_DESC(notests, "disable crypto self-tests"); > + > #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS > > /* a perfect nop */ > @@ -3868,6 +3872,11 @@ int alg_test(const char *driver, const char *alg, u32 > type, u32 mask) int j; > int rc; > > + if (notests) { What about if (!fips_enabled && notests) ? I am not sure whether the kernel should prevent mistakes in user space. A mistake would be when setting fips=1 and notests=1 as the FIPS mode mandates the self tests. > + pr_info("alg: self-tests disabled\n"); > + return 0; > + } > + > alg_test_descs_check_order(); > > if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { Ciao Stephan
On Fri, Apr 29, 2016 at 12:59:57PM +0200, Stephan Mueller wrote: > Am Freitag, 29. April 2016, 11:07:43 schrieb Richard W.M. Jones: > > Hi Richard, [...] > > + if (notests) { > > What about if (!fips_enabled && notests) ? > > I am not sure whether the kernel should prevent mistakes in user space. A > mistake would be when setting fips=1 and notests=1 as the FIPS mode mandates > the self tests. (Sorry, I just posted v2 before I saw this message.) I saw the FIPS stuff and thought about that. Should we prevent mistakes like that? I really don't know. Rich. > > + pr_info("alg: self-tests disabled\n"); > > + return 0; > > + } > > + > > alg_test_descs_check_order(); > > > > if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { > > > Ciao > Stephan > -- > | Nimm das Recht weg - | > | was ist dann der Staat noch anderes als eine große Räuberbande? |
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 0b3de80..d4d5fb7 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -826,6 +826,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. It will be ignored when crashkernel=X,high is not used or memory reserved is below 4G. + cryptomgr.notests + [KNL] Disable crypto self-tests + cs89x0_dma= [HW,NET] Format: <dma> diff --git a/crypto/testmgr.c b/crypto/testmgr.c index b86883a..dc613f2 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -35,6 +35,10 @@ #include "internal.h" +static bool notests; +module_param(notests, bool, 0644); +MODULE_PARM_DESC(notests, "disable crypto self-tests"); + #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS /* a perfect nop */ @@ -3868,6 +3872,11 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) int j; int rc; + if (notests) { + pr_info("alg: self-tests disabled\n"); + return 0; + } + alg_test_descs_check_order(); if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
Running self-tests for a short-lived KVM VM takes 28ms on my laptop. This commit adds a flag 'cryptomgr.notests' which allows them to be disabled. Signed-off-by: Richard W.M. Jones <rjones@redhat.com> --- Documentation/kernel-parameters.txt | 3 +++ crypto/testmgr.c | 9 +++++++++ 2 files changed, 12 insertions(+)