841956ecbc
- tests: bump QOS_PATH_MAX_ELEMENT_SIZE again - softmmu/physmem: fix memory leak in dirty_memory_extend() - crypto: run qcrypto_pbkdf2_count_iters in a new thread - hw/audio/virtio-sound: fix heap buffer overflow - hw/intc/arm_gic: fix spurious level triggered interrupts - ui/sdl2: set swap interval explicitly when OpenGL is enabled - target/riscv/kvm: tolerate KVM disable ext errors - virtio: remove virtio_tswap16s() call in vring_packed_event_read() - block: fix -Werror=maybe-uninitialized false-positive - hw/remote/vfio-user: Fix config space access byte order - hw/loongarch/virt: Fix memory leak - hw/intc/riscv_aplic: APLICs should add child earlier than realize - stdvga: fix screen blanking - ui/gtk: Draw guest frame at refresh cycle - target/i386: fix size of EBP writeback in gen_enter() - virtio-net: drop too short packets early - target/ppc: Fix lxv/stxv MSR facility check - target/ppc: Fix lxvx/stxvx facility check - virtio-snd: add max size bounds check in input cb(CVE-2024-7730) Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit e2eb79f1867bb8d8d870e758f06d2a32b3a4fc8a)
118 lines
4.1 KiB
Diff
118 lines
4.1 KiB
Diff
From d199d3a9af9f5bd7877a6ace1243c77097264f1a Mon Sep 17 00:00:00 2001
|
|
From: Tiago Pasqualini <tiago.pasqualini@canonical.com>
|
|
Date: Wed, 4 Sep 2024 20:52:30 -0300
|
|
Subject: [PATCH] crypto: run qcrypto_pbkdf2_count_iters in a new thread
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
CPU time accounting in the kernel has been demonstrated to have a
|
|
sawtooth pattern[1][2]. This can cause the getrusage system call to
|
|
not be as accurate as we are expecting, which can cause this calculation
|
|
to stall.
|
|
|
|
The kernel discussions shows that this inaccuracy happens when CPU time
|
|
gets big enough, so this patch changes qcrypto_pbkdf2_count_iters to run
|
|
in a fresh thread to avoid this inaccuracy. It also adds a sanity check
|
|
to fail the process if CPU time is not accounted.
|
|
|
|
[1] https://lore.kernel.org/lkml/159231011694.16989.16351419333851309713.tip-bot2@tip-bot2/
|
|
[2] https://lore.kernel.org/lkml/20221226031010.4079885-1-maxing.lan@bytedance.com/t/#m1c7f2fdc0ea742776a70fd1aa2a2e414c437f534
|
|
|
|
Resolves: #2398
|
|
Signed-off-by: Tiago Pasqualini <tiago.pasqualini@canonical.com>
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit c72cab5ad9f849bbcfcf4be7952b8b8946cc626e)
|
|
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
|
|
---
|
|
crypto/pbkdf.c | 53 +++++++++++++++++++++++++++++++++++++++++++-------
|
|
1 file changed, 46 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
|
|
index 8d198c152c..d1c06ef3ed 100644
|
|
--- a/crypto/pbkdf.c
|
|
+++ b/crypto/pbkdf.c
|
|
@@ -19,6 +19,7 @@
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
+#include "qemu/thread.h"
|
|
#include "qapi/error.h"
|
|
#include "crypto/pbkdf.h"
|
|
#ifndef _WIN32
|
|
@@ -85,12 +86,28 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
|
|
#endif
|
|
}
|
|
|
|
-uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
|
- const uint8_t *key, size_t nkey,
|
|
- const uint8_t *salt, size_t nsalt,
|
|
- size_t nout,
|
|
- Error **errp)
|
|
+typedef struct CountItersData {
|
|
+ QCryptoHashAlgorithm hash;
|
|
+ const uint8_t *key;
|
|
+ size_t nkey;
|
|
+ const uint8_t *salt;
|
|
+ size_t nsalt;
|
|
+ size_t nout;
|
|
+ uint64_t iterations;
|
|
+ Error **errp;
|
|
+} CountItersData;
|
|
+
|
|
+static void *threaded_qcrypto_pbkdf2_count_iters(void *data)
|
|
{
|
|
+ CountItersData *iters_data = (CountItersData *) data;
|
|
+ QCryptoHashAlgorithm hash = iters_data->hash;
|
|
+ const uint8_t *key = iters_data->key;
|
|
+ size_t nkey = iters_data->nkey;
|
|
+ const uint8_t *salt = iters_data->salt;
|
|
+ size_t nsalt = iters_data->nsalt;
|
|
+ size_t nout = iters_data->nout;
|
|
+ Error **errp = iters_data->errp;
|
|
+
|
|
uint64_t ret = -1;
|
|
g_autofree uint8_t *out = g_new(uint8_t, nout);
|
|
uint64_t iterations = (1 << 15);
|
|
@@ -114,7 +131,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
|
|
|
delta_ms = end_ms - start_ms;
|
|
|
|
- if (delta_ms > 500) {
|
|
+ if (delta_ms == 0) { /* sanity check */
|
|
+ error_setg(errp, "Unable to get accurate CPU usage");
|
|
+ goto cleanup;
|
|
+ } else if (delta_ms > 500) {
|
|
break;
|
|
} else if (delta_ms < 100) {
|
|
iterations = iterations * 10;
|
|
@@ -129,5 +149,24 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
|
|
|
cleanup:
|
|
memset(out, 0, nout);
|
|
- return ret;
|
|
+ iters_data->iterations = ret;
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
+uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
|
|
+ const uint8_t *key, size_t nkey,
|
|
+ const uint8_t *salt, size_t nsalt,
|
|
+ size_t nout,
|
|
+ Error **errp)
|
|
+{
|
|
+ CountItersData data = {
|
|
+ hash, key, nkey, salt, nsalt, nout, 0, errp
|
|
+ };
|
|
+ QemuThread thread;
|
|
+
|
|
+ qemu_thread_create(&thread, "pbkdf2", threaded_qcrypto_pbkdf2_count_iters,
|
|
+ &data, QEMU_THREAD_JOINABLE);
|
|
+ qemu_thread_join(&thread);
|
|
+
|
|
+ return data.iterations;
|
|
}
|
|
--
|
|
2.41.0.windows.1
|
|
|