qemu/crypto-run-qcrypto_pbkdf2_count_iters-in-a-new-threa.patch

From d199d3a9af9f5bd7877a6ace1243c77097264f1a Mon Sep 17 00:00:00 2001
From: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Date: Wed, 4 Sep 2024 20:52:30 -0300
Subject: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CPU time accounting in the kernel has been demonstrated to have a
sawtooth pattern[1][2]. This can cause the getrusage system call to
not be as accurate as we are expecting, which can cause this calculation
to stall.

The kernel discussions shows that this inaccuracy happens when CPU time
gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
in a fresh thread to avoid this inaccuracy. It also adds a sanity check
to fail the process if CPU time is not accounted.

[1] https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
[2] https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534

Resolves: #2398
Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit c72cab5ad9f849bbcfcf4be7952b8b8946cc626e)
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
 crypto/pbkdf.c | 53 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 7 deletions(-)

diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 8d198c152c..d1c06ef3ed 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -19,6 +19,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/thread.h"
 #include "qapi/error.h"
 #include "crypto/pbkdf.h"
 #ifndef _WIN32
@@ -85,12 +86,28 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
 #endif
 }
 
-uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
-                                    const uint8_t *key, size_t nkey,
-                                    const uint8_t *salt, size_t nsalt,
-                                    size_t nout,
-                                    Error **errp)
+typedef struct CountItersData {
+    QCryptoHashAlgorithm hash;
+    const uint8_t *key;
+    size_t nkey;
+    const uint8_t *salt;
+    size_t nsalt;
+    size_t nout;
+    uint64_t iterations;
+    Error **errp;
+} CountItersData;
+
+static void *threaded_qcrypto_pbkdf2_count_iters(void *data)
 {
+    CountItersData *iters_data = (CountItersData *) data;
+    QCryptoHashAlgorithm hash = iters_data->hash;
+    const uint8_t *key = iters_data->key;
+    size_t nkey = iters_data->nkey;
+    const uint8_t *salt = iters_data->salt;
+    size_t nsalt = iters_data->nsalt;
+    size_t nout = iters_data->nout;
+    Error **errp = iters_data->errp;
+
     uint64_t ret = -1;
     g_autofree uint8_t *out = g_new(uint8_t, nout);
     uint64_t iterations = (1 << 15);
@@ -114,7 +131,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
 
         delta_ms = end_ms - start_ms;
 
-        if (delta_ms > 500) {
+        if (delta_ms == 0) { /* sanity check */
+            error_setg(errp, "Unable to get accurate CPU usage");
+            goto cleanup;
+        } else if (delta_ms > 500) {
             break;
         } else if (delta_ms < 100) {
             iterations = iterations * 10;
@@ -129,5 +149,24 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
 
  cleanup:
     memset(out, 0, nout);
-    return ret;
+    iters_data->iterations = ret;
+    return NULL;
+}
+
+uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
+                                    const uint8_t *key, size_t nkey,
+                                    const uint8_t *salt, size_t nsalt,
+                                    size_t nout,
+                                    Error **errp)
+{
+    CountItersData data = {
+        hash, key, nkey, salt, nsalt, nout, 0, errp
+    };
+    QemuThread thread;
+
+    qemu_thread_create(&thread, "pbkdf2", threaded_qcrypto_pbkdf2_count_iters,
+                       &data, QEMU_THREAD_JOINABLE);
+    qemu_thread_join(&thread);
+
+    return data.iterations;
 }
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-21: - tests: bump QOS_PATH_MAX_ELEMENT_SIZE again - softmmu/physmem: fix memory leak in dirty_memory_extend() - crypto: run qcrypto_pbkdf2_count_iters in a new thread - hw/audio/virtio-sound: fix heap buffer overflow - hw/intc/arm_gic: fix spurious level triggered interrupts - ui/sdl2: set swap interval explicitly when OpenGL is enabled - target/riscv/kvm: tolerate KVM disable ext errors - virtio: remove virtio_tswap16s() call in vring_packed_event_read() - block: fix -Werror=maybe-uninitialized false-positive - hw/remote/vfio-user: Fix config space access byte order - hw/loongarch/virt: Fix memory leak - hw/intc/riscv_aplic: APLICs should add child earlier than realize - stdvga: fix screen blanking - ui/gtk: Draw guest frame at refresh cycle - target/i386: fix size of EBP writeback in gen_enter() - virtio-net: drop too short packets early - target/ppc: Fix lxv/stxv MSR facility check - target/ppc: Fix lxvx/stxvx facility check - virtio-snd: add max size bounds check in input cb(CVE-2024-7730) Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit e2eb79f1867bb8d8d870e758f06d2a32b3a4fc8a) 2024-11-07 09:21:18 +08:00			`From d199d3a9af9f5bd7877a6ace1243c77097264f1a Mon Sep 17 00:00:00 2001`
			`From: Tiago Pasqualini <tiago.pasqualini@canonical.com>`
			`Date: Wed, 4 Sep 2024 20:52:30 -0300`
			`Subject: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`CPU time accounting in the kernel has been demonstrated to have a`
			`sawtooth pattern[1][2]. This can cause the getrusage system call to`
			`not be as accurate as we are expecting, which can cause this calculation`
			`to stall.`

			`The kernel discussions shows that this inaccuracy happens when CPU time`
			`gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run`
			`in a fresh thread to avoid this inaccuracy. It also adds a sanity check`
			`to fail the process if CPU time is not accounted.`

			`[1] https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/`
			`[2] https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534`

			`Resolves: #2398`
			`Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>`
			`Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>`
			`(cherry picked from commit c72cab5ad9f849bbcfcf4be7952b8b8946cc626e)`
			`Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>`
			`---`
			`crypto/pbkdf.c \| 53 +++++++++++++++++++++++++++++++++++++++++++-------`
			`1 file changed, 46 insertions(+), 7 deletions(-)`

			`diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c`
			`index 8d198c152c..d1c06ef3ed 100644`
			`--- a/crypto/pbkdf.c`
			`+++ b/crypto/pbkdf.c`
			`@@ -19,6 +19,7 @@`
			`*/`

			`#include "qemu/osdep.h"`
			`+#include "qemu/thread.h"`
			`#include "qapi/error.h"`
			`#include "crypto/pbkdf.h"`
			`#ifndef _WIN32`
			`@@ -85,12 +86,28 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,`
			`#endif`
			`}`

			`-uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,`
			`- const uint8_t *key, size_t nkey,`
			`- const uint8_t *salt, size_t nsalt,`
			`- size_t nout,`
			`- Error **errp)`
			`+typedef struct CountItersData {`
			`+ QCryptoHashAlgorithm hash;`
			`+ const uint8_t *key;`
			`+ size_t nkey;`
			`+ const uint8_t *salt;`
			`+ size_t nsalt;`
			`+ size_t nout;`
			`+ uint64_t iterations;`
			`+ Error **errp;`
			`+} CountItersData;`
			`+`
			`+static void threaded_qcrypto_pbkdf2_count_iters(void data)`
			`{`
			`+ CountItersData iters_data = (CountItersData ) data;`
			`+ QCryptoHashAlgorithm hash = iters_data->hash;`
			`+ const uint8_t *key = iters_data->key;`
			`+ size_t nkey = iters_data->nkey;`
			`+ const uint8_t *salt = iters_data->salt;`
			`+ size_t nsalt = iters_data->nsalt;`
			`+ size_t nout = iters_data->nout;`
			`+ Error **errp = iters_data->errp;`
			`+`
			`uint64_t ret = -1;`
			`g_autofree uint8_t *out = g_new(uint8_t, nout);`
			`uint64_t iterations = (1 << 15);`
			`@@ -114,7 +131,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,`

			`delta_ms = end_ms - start_ms;`

			`- if (delta_ms > 500) {`
			`+ if (delta_ms == 0) { /* sanity check */`
			`+ error_setg(errp, "Unable to get accurate CPU usage");`
			`+ goto cleanup;`
			`+ } else if (delta_ms > 500) {`
			`break;`
			`} else if (delta_ms < 100) {`
			`iterations = iterations * 10;`
			`@@ -129,5 +149,24 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,`

			`cleanup:`
			`memset(out, 0, nout);`
			`- return ret;`
			`+ iters_data->iterations = ret;`
			`+ return NULL;`
			`+}`
			`+`
			`+uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,`
			`+ const uint8_t *key, size_t nkey,`
			`+ const uint8_t *salt, size_t nsalt,`
			`+ size_t nout,`
			`+ Error **errp)`
			`+{`
			`+ CountItersData data = {`
			`+ hash, key, nkey, salt, nsalt, nout, 0, errp`
			`+ };`
			`+ QemuThread thread;`
			`+`
			`+ qemu_thread_create(&thread, "pbkdf2", threaded_qcrypto_pbkdf2_count_iters,`
			`+ &data, QEMU_THREAD_JOINABLE);`
			`+ qemu_thread_join(&thread);`
			`+`
			`+ return data.iterations;`
			`}`
			`--`
			`2.41.0.windows.1`