Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3194790pxu; Tue, 8 Dec 2020 06:05:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJxVpGLLKdhuiz+z8DPEN+YXF/fomS2PU7n3Ux5iZ2GP3AG46dRtEkV3GBq7eLQ3iahV4X33 X-Received: by 2002:adf:f347:: with SMTP id e7mr25380916wrp.183.1607436338605; Tue, 08 Dec 2020 06:05:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607436338; cv=none; d=google.com; s=arc-20160816; b=oVvO18+LxHqx0L1pc+wJnGlYbGAxZzXQxtn0UN6/oK050yf83M2dkvQBANyCrKTLD4 IGSQjq31gew+/khIotALOrzOHb1lFr8RkJ0cEkmX5YMAeBM/V7z7QoorfN8NeVVRNfvc 1xjeFXezFnGP6PstbZ545newgJY25W3z6n68+QxvHwmScyrliD4xViXarHTWB2WtROMp ydF8aAxhvnOGi5OjO7XsXraHP0QcTyBnUvRq+lbfxWqwY07jI//sgx38EO0qKPQGu3Ih vlXXw1gs3l+o0ativ08+utl4M5U8gClkWVDC124S+BtkjQ7Q6AGqyyFO92kPhdiyMqx8 kIoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=lDqq2eswXCj3EY+TJU1U1M4S88oFP1VOECqQvTLwIYk=; b=DayqGJF9NSCTy4MiaWlYWzoJ84jS/TIFzkBiZwE12235XufJCXtz6xUo/aw2I5OPjD RDoAPNTYbN1RYb4VhnWoa2U/KkCsFdsTAPemWeIeFyfDdBt7OQR428AvUw0eyg/KYvjs AT5+QwjBpZNZKN249rbVc+r3yoDNMM5Or8i8SwkTp5g8RqAbaiXIBA6MIoUBVujCP6wa I9gjlzwj9bKKKJsthJ6977FL/SA9UyNcwfyIKiKy164ecNxsn+Mdne/v/xOLXWOFDZai S9KKIRdzgpU3isYxqKr9W6xiyCKE9uwvyDkZ1iPW63/BJjzxIzlngApFjjLRdwNqeBtL 5Amw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=huKOiS6v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ce26si10046685edb.168.2020.12.08.06.05.07; Tue, 08 Dec 2020 06:05:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=huKOiS6v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729726AbgLHOE6 (ORCPT + 99 others); Tue, 8 Dec 2020 09:04:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:34238 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729718AbgLHOE6 (ORCPT ); Tue, 8 Dec 2020 09:04:58 -0500 X-Gm-Message-State: AOAM533zDXagQPamJcCjm0vSMdgzUH+emfMx+uN/ClQgQharlccWqOTP kZnOvoRe8EndPV8LA2qgHNfXuQDvH6ielxA9QLE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1607436257; bh=lDqq2eswXCj3EY+TJU1U1M4S88oFP1VOECqQvTLwIYk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=huKOiS6vTt7nRhQpExK8DNb4h5Pv0evwMKQbfLx0IhhdrFwE8BE1BuC1muVURobOu ST4nLS/ZHopUWB8YZac9l2BdtdjsyetfR6EV89vOuqQvQK/aenAm3V+nG7zVeW+w5F KP4JOUwhIazs461yxwG2MM1FplLvvpGzli9t9KPMQQvPkwg09Tdk5pzardd4CnJ8uc SbnTCXGOTbfgB64ub9z4gZO3MJeC/Af8FnqXPt2Hg7aTY5wQrz/nqTuKXqtiYmhBqa BM2enEXefINKTlup0fU2LRo9J1BS26Lft0qtSthaRTqQVKtMJN7vapHRh/2jgnPjYv pQq9esu8dZCjA== X-Received: by 2002:a9d:12c:: with SMTP id 41mr16580172otu.77.1607436256848; Tue, 08 Dec 2020 06:04:16 -0800 (PST) MIME-Version: 1.0 References: <2F96670A-58DC-43A6-A20E-696803F0BFBA@oracle.com> <160518586534.2277919.14475638653680231924.stgit@warthog.procyon.org.uk> <118876.1607093975@warthog.procyon.org.uk> <955415.1607433903@warthog.procyon.org.uk> In-Reply-To: <955415.1607433903@warthog.procyon.org.uk> From: Ard Biesheuvel Date: Tue, 8 Dec 2020 15:04:05 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Why the auxiliary cipher in gss_krb5_crypto.c? To: David Howells Cc: Chuck Lever , Bruce Fields , CIFS , Linux NFS Mailing List , Herbert Xu , "open list:BPF JIT for MIPS (32-BIT AND 64-BIT)" , Linux Kernel Mailing List , Trond Myklebust , Linux Crypto Mailing List , linux-fsdevel@vger.kernel.org, linux-afs@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 8 Dec 2020 at 14:25, David Howells wrote: > > I wonder - would it make sense to reserve two arrays of scatterlist structs > and a mutex per CPU sufficient to map up to 1MiB of pages with each array > while the krb5 service is in use? > > That way sunrpc could, say, grab the mutex, map the input and output buffers, > do the entire crypto op in one go and then release the mutex - at least for > big ops, small ops needn't use this service. > > For rxrpc/afs's use case this would probably be overkill - it's doing crypto > on each packet, not on whole operations - but I could still make use of it > there. > > However, that then limits the maximum size of an op to 1MiB, plus dangly bits > on either side (which can be managed with chained scatterlist structs) and > also limits the number of large simultaneous krb5 crypto ops we can do. > Apparently, it is permitted for gss_krb5_cts_crypt() to do a kmalloc(GFP_NOFS) in the context from where gss_krb5_aes_encrypt() is being invoked, and so I don't see why it wouldn't be possible to simply kmalloc() a scatterlist[] of the appropriate size, populate it with all the pages, bufs and whatever else gets passed into the skcipher, and pass it into the skcipher in one go.