Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3557168imm; Sun, 16 Sep 2018 22:08:20 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda0PqjF2a0+MA3hZuh7gkFu4M4KrLp961ld81YgPoOvQfynlX3KV3DanHKAxfzKEeibAvZH X-Received: by 2002:a63:d348:: with SMTP id u8-v6mr21806602pgi.420.1537160900681; Sun, 16 Sep 2018 22:08:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537160900; cv=none; d=google.com; s=arc-20160816; b=OhOckdIISA7+8XzCF/TzS7UsZ5enlAO94gCUoQE8eiynpTelDl71WAcXp3XtNuUPFR LzamKeUJfW9nUl0tbTp3q+mhd3fp4dNdZKmKhHXoEH6gaK7dRkq6xLV0Kw5w1IU7aai4 cPq4WibGYmaTOZS79del+tubiyLzGrOjClsrvSStdNtugng4OUZynNS5t2MH5cijtox0 JD6OardFiTn3LmUnOEjt7IY5V+D8YogQeRm/owL//eR4lKlTXPRBZ9JM1xHaf13e2Lux UUseu+wplZ9ze+I63H3iEwLSQT5IHuRpxSorVXbNEwqjqoT0pnAAQS8w+3dwgvguiWFx QCBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=rbV+Zi0q2JqCnGEy/0/c3pzp2yZOqt4BCH1ti5I+PAM=; b=ZSpwnuiaNNz//FuX1HKXzlELDjzroLY54bNM5l2LT3JD5d5zz82eig4C5MiUxEMtcW ZtWVatoFNSydqe5fVm/QZ2+pavwhcVEwHa5dFOfAOO/F63KBLwoJSgf7T2dsbvuPFb2H Qgeks7wdvKQX6za2nrHt34RKU+5VBBfe68hNLt6NX8Ky+l/8mS0aG388mTdNpHMssZY2 6wNi9Lr4wmxVT3Dii4HtSAHPx6O7KeM4kyWbx17REJRiT7rXAh0dDnNAg7e3DNG4anL0 glYf2dQ46O//5IaD/ZMOuu/G3WDhpdxsTUGv0noHzaoRbzy7uK3MiHk7aIaPIoLRGh8z YxVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b="IBx0Lwo/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 11-v6si15053050plb.383.2018.09.16.22.08.02; Sun, 16 Sep 2018 22:08:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b="IBx0Lwo/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728330AbeIQKdi (ORCPT + 99 others); Mon, 17 Sep 2018 06:33:38 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:51791 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726889AbeIQKdi (ORCPT ); Mon, 17 Sep 2018 06:33:38 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2b004aa4; Mon, 17 Sep 2018 04:50:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=8IX3puEaO8HMfEuPmriwZlgYS0M=; b=IBx0Lw o/0ppYnfSuqe13H9FtngChB8PxSqOyJtVsZ/JIkoOeFu5h5k2nMtSwBWdBcobN85 NBKPioQFQ9EHXGSJBE7+RUlxAsWgTo9KGq6l9ZHyFTlwCcHsqVB+BCxrq2GA0B0h ckRPIy1bJ7i1WR9q5mZojVT9lfmYJCg8DNTVUMrfPxVNmqW+Ekmuad7RW1Oh+/qe oxGD4zs5nepcX7wP7OIU1JV7QBHADvMjP5hW7JGvocDJW87nVQyQGQ7p6bW4BIkL Vefes4e+//hBwO8Vp5GiHs9Q33TjC+/K4zPvgHnnmm+9njUukwI8PvSc2UKfnrzl h82lNsooLlkmovIA== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6e9d1cbf (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Mon, 17 Sep 2018 04:50:31 +0000 (UTC) Received: by mail-ot1-f52.google.com with SMTP id n5-v6so9994956otl.5; Sun, 16 Sep 2018 22:07:55 -0700 (PDT) X-Gm-Message-State: APzg51CSg3cBzOE77nobqUgn+JGhhAfl1GNdz5WX/WDWW/3+aW6u1fr5 ImuSH49dz7OqiilTN/zJFi/xqXrUbYAx1qGimM0= X-Received: by 2002:a9d:2dc8:: with SMTP id g66-v6mr11109829otb.311.1537160874064; Sun, 16 Sep 2018 22:07:54 -0700 (PDT) MIME-Version: 1.0 References: <20180911214737.GA81235@gmail.com> <20180911233015.GD11474@lunn.ch> <20180911.165739.2032677219588723041.davem@davemloft.net> In-Reply-To: From: "Jason A. Donenfeld" Date: Mon, 17 Sep 2018 07:07:42 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library To: Andrew Lutomirski Cc: David Miller , Andrew Lunn , Eric Biggers , Greg Kroah-Hartman , Ard Biesheuvel , LKML , Netdev , Samuel Neves , Jean-Philippe Aumasson , Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey Andy, Thanks a lot for your feedback. On Mon, Sep 17, 2018 at 6:09 AM Andy Lutomirski wrote: > 1. Zinc conflates the addition of a new API with the replacement of > some algorithm implementations. This is problematic. Look at the > recent benchmarks of ipsec before and after this series. Apparently > big packets get faster and small packets get slower. It would be > really nice to bisect the series to narrow down *where* the regression > came from, but, as currently structured, you can't. > > The right way to do this is to rearrange the series. First, the new > Zinc APIs should be added, and they should be backed with the > *existing* crypto code. (If the code needs to be moved or copied to a > new location, so be it. The patch will be messy because somehow the > Zinc API is going to have to dispatch to the arch-specific code, and > the way that the crypto API handles it is not exactly friendly to this > type of use. So be it.) Then another patch should switch the crypto > API to use the Zinc interface. That patch, *by itself*, can be > benchmarked. If it causes a regression for small ipsec packets, then > it can be tracked down relatively easily. Once this is all done, the > actual crypto implementation can be changed, and that changed can be > reviewed on its own merits. That ipsec regression was less related to the implementation and more related to calling kernel_fpu_begin() unnecessarily, something I've now fixed. So I'm not sure that's such a good example. However, I can try to implement Zinc over the existing assembly (Martin's and Ard's), first, as you've described. This will be a pretty large amount of work, but if you think it's worth it for the commit history, then I'll do it. > 2. The new Zinc crypto implementations look like they're brand new. I > realize that they have some history, some of them are derived from > OpenSSL, etc, but none of this is really apparent in the patches > themselves. The whole point of going with these is that they _aren't_ brand new, yet they are very fast. Eyeballs and fuzzer hours are important, and AndyP's seems to get the most eyeballs and fuzzer hours, generally. > it would be nice if > the patches made it more clear how the code differs from its origin. > At the very least, though, if the replacement of the crypto code were, > as above, a patch that just replaced the crypto code, it would be much > easier to review and benchmark intelligently. You seem to have replied to the v3 thread, not the v4 thread. I've already started to include lots of detail about the origins of the code and [any] important differences in v4, and I'll continue to add more detail for v5. On , have a look at AndyP's x86_64 ones: - zinc: ChaCha20 x86_64 implementation - zinc: Poly1305 x86_64 implementation For the arm/arm64 ones, the changes were even more trivial, so much so that at Ard's urging, I included a cleaned-up diff inside the commit message: - zinc: ChaCha20 ARM and ARM64 implementations - zinc: Poly1305 ARM and ARM64 implementations How's that level of detail looking to you? Thanks again for the review. Regards, Jason