Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp621770pxb; Wed, 25 Aug 2021 10:56:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwR2W0TtwM9RnQSEsuqcPuwxbW3ZCDmJXd/f00YLYEJAdn87uiPdMDybt9gR9W09ROLkZDL X-Received: by 2002:a05:6402:51d2:: with SMTP id r18mr50675570edd.376.1629914203328; Wed, 25 Aug 2021 10:56:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629914203; cv=none; d=google.com; s=arc-20160816; b=gH6xWGreqI5UGnTl3AwhT2E5ysW+2EnJTKbuetyl6xjqX9b3RUM5MPwZFMW5bmt344 wBwRLTS28X/6v3NKOaBDzLy20ojVKe4eGAY3t4x2pEfDhr19RxGPhNP98uhuHC5TJlTx YaPxyYgI/fC4bUJw8GUrXSaQF2GHVQ/ZItHd9EwbThLO2/NPMutws8m6fa4E8VpLzzvA mGvVJIqgcVWUNDFM1ZS1HXG0qKESfAHKzA0YGEka5whe10EmPJsfI2C4MLpx9ggYRF/F xLgBl0Wsdhd/t/HbtK0mxVHb24+pQne6a2PBGGuyjHUAcaxyd8memQI3K79dDWCU8hXh R4Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Fx2qkPqDeREwxSopnWcjB1GCzK8MBh8mRC5Q/NQ22aI=; b=WEzUT0i+YD8960FyWznU0Ux7+1BGX8SM6vhx38/5eq+eEoMF3g9hg314RBh2za5yi1 TZYvCglp+FrbBftVmwlsq1c/MF6DqaqyhD559h674FHUz/xIyHBqrM0eCVoSLOyZ6pht RB/vyzxkOfsqeyNRymQIbMTDI/+52T6r0AzXIxs21aSIa+TeZggC/y3xZLik9+hPIJ+g NqoCHUZbweRLYvj1PLeAT0GKyUhWP5YXNsGCyOO72knKFy34n0i0fGTFK/Gwzj6aZeVT 6DnRAgeGQLsyL+wMSWoKsznmcRtSZE9zofSQRRsXFJKCLxK6UeuZ70yrLMG7iQaArRzd 1acw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="O/CUHdrL"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bl4si577684ejb.17.2021.08.25.10.56.10; Wed, 25 Aug 2021 10:56:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="O/CUHdrL"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229839AbhHYR4s (ORCPT + 99 others); Wed, 25 Aug 2021 13:56:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234718AbhHYR4r (ORCPT ); Wed, 25 Aug 2021 13:56:47 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E34CCC061757 for ; Wed, 25 Aug 2021 10:56:01 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id n126so522774ybf.6 for ; Wed, 25 Aug 2021 10:56:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Fx2qkPqDeREwxSopnWcjB1GCzK8MBh8mRC5Q/NQ22aI=; b=O/CUHdrLiJ6O7rxUOG4hBQ7TFTwBLuhTlSrZgBQd5wpnDEAl3/RRINc47fHCxofqDt Gk1K1H+WIWlFbz2x/95RZbZF6zY2T0i0K10hlYkqCy83IiYX0RlWk8FPP860yq5QK/pn AZklAgrLEmCa2VfG+KI9vqFNqhrnccHnKhyXf4jq9OayxTyK9WaPkzlVxRnzzSfoXueo k5CNeeYg3Y4+WhtMXmlXLmzjat1ycxEx2ypsjsku/k9RGzbEk/pQ37JseXFbGiT9hFQz Mx4g7c7OKIoEEzMGooqLVfc0uk/UV0Pp9GTc7fv8CwjlSV4RlZviucdinirrM/SgUwbq qMgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Fx2qkPqDeREwxSopnWcjB1GCzK8MBh8mRC5Q/NQ22aI=; b=Oyg+Gq6NLwIDfKw1fHmGRTE5eDVLtheiPL0tYB1nF+6ico9gyREU7T1b5rYNmL4wae YBl6RHCMHdKkdFsrpW4wWyKTFFyKB8OQHcSFHtWPBtDFuFPjuBRNaqABdqosut7vlpy3 ituTt6paXJTvXTSNwTzpWLva0rww3YF2vjDXtodY/OuRLtVzQqnjp70EYsepyQYScc6y iz+7IdWuY5S22K0X+YRjx2nbHW75eMJ7lYo9ZJTHHO7oI8LrLEg+B/3KMzjuRq8rQHsU rctM1LRm24aw3naI8yeKm8Rn/OiIPk64wymntJSmCN1WYIFbkUeOXfBnX6SD2kZDiB97 L+zQ== X-Gm-Message-State: AOAM5339ccQ9FyXWu6H5W0w6yvkXRg9jTICJMkZUSTw53hVlglIIOi2L 8CxYIJXKwaw3kiyXgO8nMeKSJ72AxT31Q3y1HyXA6w== X-Received: by 2002:a25:afcd:: with SMTP id d13mr57803506ybj.504.1629914160647; Wed, 25 Aug 2021 10:56:00 -0700 (PDT) MIME-Version: 1.0 References: <30f73293-ea03-d18f-d923-0cf499d4b208@gmail.com> <27e56f61-3267-de50-0d49-5fcfc59af93c@gmail.com> In-Reply-To: <27e56f61-3267-de50-0d49-5fcfc59af93c@gmail.com> From: Eric Dumazet Date: Wed, 25 Aug 2021 10:55:49 -0700 Message-ID: Subject: Re: [RFCv3 05/15] tcp: authopt: Add crypto initialization To: Leonard Crestez Cc: Eric Dumazet , Dmitry Safonov <0x7f454c46@gmail.com>, David Ahern , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Priyaranjan Jha , Menglong Dong , netdev , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , "open list:KERNEL SELFTEST FRAMEWORK" , LKML , Shuah Khan Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Aug 25, 2021 at 9:35 AM Leonard Crestez wrote: > > On 25.08.2021 02:34, Eric Dumazet wrote: > > On 8/24/21 2:34 PM, Leonard Crestez wrote: > >> The crypto_shash API is used in order to compute packet signatures. The > >> API comes with several unfortunate limitations: > >> > >> 1) Allocating a crypto_shash can sleep and must be done in user context. > >> 2) Packet signatures must be computed in softirq context > >> 3) Packet signatures use dynamic "traffic keys" which require exclusive > >> access to crypto_shash for crypto_setkey. > >> > >> The solution is to allocate one crypto_shash for each possible cpu for > >> each algorithm at setsockopt time. The per-cpu tfm is then borrowed from > >> softirq context, signatures are computed and the tfm is returned. > >> > > > > I could not see the per-cpu stuff that you mention in the changelog. > > That's a little embarrasing, I forgot to implement the actual per-cpu > stuff. tcp_authopt_alg_imp.tfm is meant to be an array up to NR_CPUS and > tcp_authopt_alg_get_tfm needs no locking other than preempt_disable > (which should already be the case). Well, do not use arrays of NR_CPUS and instead use normal per_cpu accessors (as in __tcp_alloc_md5sig_pool) > > The reference counting would still only happen from very few places: > setsockopt, close and openreq. This would only impact request/response > traffic and relatively little. What I meant is that __tcp_alloc_md5sig_pool() allocates stuff one time, we do not care about tcp_md5sig_pool_populated going back to false. Otherwise, a single user application constantly allocating a socket, enabling MD5 (or authopt), then closing the socket would incur a big cost on hosts with a lot of cpus. > > Performance was not a major focus so far. Preventing impact on non-AO > connections is important but typical AO usecases are long-lived > low-traffic connections. > > -- > Regards, > Leonard