Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp567983pxb; Wed, 25 Aug 2021 09:36:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz3HmaR39NMzUEZ81Ua6cWF+NATv4PA4UZsAVL1rsQ0zk6TlamP/hT/xC0oW5e5ZDumHihI X-Received: by 2002:a17:907:b06:: with SMTP id h6mr14066241ejl.130.1629909385254; Wed, 25 Aug 2021 09:36:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629909385; cv=none; d=google.com; s=arc-20160816; b=I4MTeLWS00njmDz4HSyBgLe2S6xwUd4Xkp6rsboBudjNLdc73KLRdZWhSUwYOkUSKO lQcU648BENLHQ8BoeoljjcFZjvHtAgOthi2D8Wn4KDp0cZ+Cqf/dsSp7BcueOAbTYdvp P4wQlDrNheU9Hbfw04QdtwCSLDXMXgdZpIAMAjQhs9L8AVQlY6/fZHM7IjppNgFJ0TXc nrqmquIHGjxAnfluF6FDvN0Ds+dybQrhGZsOQQsz21DMa2Tu97AKOxM18AOII9U3qR9Z L///T9WuSvyUAh8GTiugBsVqgcusJq7M/Gao58r3GTMC9mZGh0IItBxJze69KF1ay4us WpMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=oB+gyP5iMcMqw9Ky0nyzgG868F6WdIo6LMQb39S8Z9E=; b=AF3hWzy/bQl4koqcs/hJ0v/89ihPbKGjCYWehfblwnGbmcxQTzhauXyMxCrUuXiY8C Ys7vXRaAEoF8gW7JqveYZDKIbQo+893VclZtg7X4LbwDEODoC1gQdrsNFcPo8NKa42mc BZv5qZ+mIQl/RZyekGDyAoD/AMP3gUbUSKYMkr1+sxQunJ/8Iwck3LA4TFHW/x0O5+38 wJH82u/fIj0EfnB5NKInEagwB2FN8o+w/Bdl3zJBThQKCc/bfsNlReKGnkWlGU51qukZ 2bk7Q9/fyzcQDTfEKmAM43qcvG4RasiMz8qVQ69spsTMOnW6d+HBXVv9vgJKpm0nG2u4 E/4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pudzFZzN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n2si478826edi.195.2021.08.25.09.35.59; Wed, 25 Aug 2021 09:36:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pudzFZzN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242007AbhHYQge (ORCPT + 99 others); Wed, 25 Aug 2021 12:36:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233004AbhHYQgc (ORCPT ); Wed, 25 Aug 2021 12:36:32 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C93E7C061757; Wed, 25 Aug 2021 09:35:45 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id i21so11569079ejd.2; Wed, 25 Aug 2021 09:35:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=oB+gyP5iMcMqw9Ky0nyzgG868F6WdIo6LMQb39S8Z9E=; b=pudzFZzN9DKM6ytg4NKy0f7hjl6/BWg5HXWlsO2fZUjza2apr4vizt7h5MT/E6vUZk XDp4IjT5hvwnoG1PttePRIQJbpMurFX1Rsoqt7+ONvC+Xge8TneYzitJ2f7xfyvZ3XO+ bRbq9Vm5u6OoAVXFUQIy2HHpDGlgTOY/yyTE/ibtSSoUTSpKyUxCq47Tkg5kpC165NtZ I3G7toluQm55HSD8EVFbja4ax8qY/9nzGXtPzuWrC3dolsFM75bQBMI3FtqJg6DPZtdx yD4DL7mVxn4L/3CP4BR6Ql44ZyJVh6UTRi5F48+jkuYLjrgvK9UgqGp439+k0dA/Zv1N SaAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=oB+gyP5iMcMqw9Ky0nyzgG868F6WdIo6LMQb39S8Z9E=; b=LOfDfS/1iJK+dm7Q6tTEmumDnqp7zBxdC3PPFpm5eFwi4HgKe2SRO6p5vaElOyxWqc E356rI2suiE3dHtwt7Hz3mWYpuYdzyyGaOHFn8kRDaGldnXZXqRsQ7NPOVJ3ug945YvN L59EmXcEjUYA3ZKrvB4hnM0Qx4vbyiShS63l9Uc6TKbkxP921OxfLgK2q6/TGp/iKf8w HwTI0/p/EFSXB5T0CAvbrfBcgbVPDPdV3pY4XNJMuEg+xX+tlZmue5VxEf+jT23ZXGwP 2CsH6CGeJMmj6ye+PNbHeVwoHB9vEcVaATWG/MfDEsBV1qsarGmE2M/+7ZbE4gojgL+8 3yEA== X-Gm-Message-State: AOAM531UTfHIC21nBF2pfNIWGZc8oyLZD2/2SuwnkTI3Fl9R7jUy/OW3 qAiFKWPkfrsWhkiktJXy3wA= X-Received: by 2002:a17:906:114c:: with SMTP id i12mr10962653eja.207.1629909344442; Wed, 25 Aug 2021 09:35:44 -0700 (PDT) Received: from ?IPv6:2a04:241e:502:1d80:f02c:a1bd:70b1:fe95? ([2a04:241e:502:1d80:f02c:a1bd:70b1:fe95]) by smtp.gmail.com with ESMTPSA id o3sm72797eju.123.2021.08.25.09.35.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 Aug 2021 09:35:43 -0700 (PDT) From: Leonard Crestez Subject: Re: [RFCv3 05/15] tcp: authopt: Add crypto initialization To: Eric Dumazet , Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern Cc: Eric Dumazet , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Shuah Khan References: <30f73293-ea03-d18f-d923-0cf499d4b208@gmail.com> Message-ID: <27e56f61-3267-de50-0d49-5fcfc59af93c@gmail.com> Date: Wed, 25 Aug 2021 19:35:42 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <30f73293-ea03-d18f-d923-0cf499d4b208@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 25.08.2021 02:34, Eric Dumazet wrote: > On 8/24/21 2:34 PM, Leonard Crestez wrote: >> The crypto_shash API is used in order to compute packet signatures. The >> API comes with several unfortunate limitations: >> >> 1) Allocating a crypto_shash can sleep and must be done in user context. >> 2) Packet signatures must be computed in softirq context >> 3) Packet signatures use dynamic "traffic keys" which require exclusive >> access to crypto_shash for crypto_setkey. >> >> The solution is to allocate one crypto_shash for each possible cpu for >> each algorithm at setsockopt time. The per-cpu tfm is then borrowed from >> softirq context, signatures are computed and the tfm is returned. >> > > I could not see the per-cpu stuff that you mention in the changelog. That's a little embarrasing, I forgot to implement the actual per-cpu stuff. tcp_authopt_alg_imp.tfm is meant to be an array up to NR_CPUS and tcp_authopt_alg_get_tfm needs no locking other than preempt_disable (which should already be the case). The reference counting would still only happen from very few places: setsockopt, close and openreq. This would only impact request/response traffic and relatively little. Performance was not a major focus so far. Preventing impact on non-AO connections is important but typical AO usecases are long-lived low-traffic connections. -- Regards, Leonard