Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp369736imn; Fri, 29 Jul 2022 09:20:14 -0700 (PDT) X-Google-Smtp-Source: AA6agR6W0JIks2UAPb5iDTPFSYWt5VA8S3jtTHltmSNgYrVsEUwK3SI1R99zvtPQF2aDSu9A9Cf7 X-Received: by 2002:a17:90b:38c4:b0:1f2:c238:37fc with SMTP id nn4-20020a17090b38c400b001f2c23837fcmr5013020pjb.166.1659111614384; Fri, 29 Jul 2022 09:20:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659111614; cv=none; d=google.com; s=arc-20160816; b=sSJao/HSYXlx08cqZgMVGTVEJshnOfP4KahjsneQqPLhr/29eA1H0iQKmIipiIIamJ xt37coO2rNsEKatOpCbv3IUCxwEifXrJB3K6iNGonkzXLFWdojmaPLAu7G+lZUGnkvEK EfbPmZADMVVhGoP7ataO4Yrc7bG7OuX9a638KEAU2Feyv0pam/NO4l7YTV7CfknkVL32 teK+oz16G2oEwrN1ctfxpmptaHV1PRxNTah1pQpjMjmyTo6cVJ0tHxno9dVLsRZgSzXA amC/vlAhzRW0Zop1HS6/nVNCUbFH2t0v8Jx+F98+VG4MxJfTejK9nLQ395QtsvSeupPS PfLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=ndPzYPx7a+lxlREQ5VWInpGZ4vTgIRtRwCd3iQNfXK8=; b=p2/WJawLslVqomqVF1YfEiAp4jEfkh6gr+eQUgBKiioPqxUIvZn30ft/UBAmR2+91V bZ/BzFuwnKrODCThUrLTmezO6ntXGlWfpS2cHu+5NRp0to3+992r5b4wtozU7dfXS/H4 cUHG318Q6mOT+Hitn+KHCy9wsiRUxA426IqVxvpJbXvebfB6oJUSbbR/KF5uDeM1XmPW GIzG8OUkAALTUqgP9XeIzTwM5AenFmtiKsvlyrpGR+Vn4Dur/PkbooHsNoTaA1IUNw8C gR4hTNqQEXY1INdffr6p8a7Zyi54zHV2ntO4hD/g8ub2g5FzhXbpf+XS2l1I27nvX6xg dwmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=bjZweXK8; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y3-20020a17090a600300b001f21b7411f8si8396052pji.108.2022.07.29.09.19.30; Fri, 29 Jul 2022 09:20:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=bjZweXK8; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236815AbiG2QNU (ORCPT + 99 others); Fri, 29 Jul 2022 12:13:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236038AbiG2QNT (ORCPT ); Fri, 29 Jul 2022 12:13:19 -0400 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 997578050B for ; Fri, 29 Jul 2022 09:13:15 -0700 (PDT) Received: by mail-wm1-x332.google.com with SMTP id ay11-20020a05600c1e0b00b003a3013da120so4352810wmb.5 for ; Fri, 29 Jul 2022 09:13:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc; bh=ndPzYPx7a+lxlREQ5VWInpGZ4vTgIRtRwCd3iQNfXK8=; b=bjZweXK8UJ0AlRVWS2sdMyAkg5VvIQ9Xi02IPaDT1VpXCdn4TO6E0No+orkEsE9PUL +NZXNQQMK/XOIlS0xFFW2tMNWhgXGNzA+XBsvUR9xGmCZa2PCBWKx/cXxHFNV10zW1X4 Gb+8csJTKV9du0EVWYkmAB+Xe0gOERqGu+GAHd/noVjOFYNYzgj8OAeZhn0OJK0aPuih XX91oCAOv6QPXvjH/lrorxNY+G+UJPWHNivXZwtw4dqQQ0FlfuiCWthsqaTMQ/ZtbPe7 wInugXnkB42bZeUX33y4whDL3gipGhknOvNemnsPf34IN3cDl0rDq+KYnYpg6OgNZGxC Dl2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc; bh=ndPzYPx7a+lxlREQ5VWInpGZ4vTgIRtRwCd3iQNfXK8=; b=2JAMwIIAtBMAN+DA2/2zWATnqdGCzhzOunaqO3pZ5Re6pCzWyQu8eMZAWL8IyXFmI/ V3UWU9I/u6TR/jqq8sFzVajzpYdpuMRevYawOUkaKQJJSlaQcl1t8zsJQbp2w4FVZoQn ensqjBuh0Qcr8BHnbWdNNbJYATdMq3juJoP/Gh2FI+frOIejeaQVegDhNwF9XOYkvH3p oq/PEae4SkcG35t/6ah4LBsc5feVXxjKoMuvuuyYzG0luMOztbqocUUwjG5j/w/alGX8 Xe2OmFCDI3QTrWsMl2JQijY9OZfPi1cxuNuI52OpVyNay/VxJAcJldEHyZvRet/UfR9X PVGQ== X-Gm-Message-State: AJIora+dweifzMlVaLR2rIq9Eno1IDXXbPHgZRZ8w1tfMfesDVHfVF8p Abb3F05MttZYWlNDd2CYEd02eQ== X-Received: by 2002:a7b:c3c5:0:b0:3a2:e327:ba6d with SMTP id t5-20020a7bc3c5000000b003a2e327ba6dmr3284954wmj.184.1659111194003; Fri, 29 Jul 2022 09:13:14 -0700 (PDT) Received: from [10.83.37.24] ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id d10-20020adffbca000000b0021e4f446d43sm4047932wrs.58.2022.07.29.09.13.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 29 Jul 2022 09:13:13 -0700 (PDT) Message-ID: <26d5955b-3807-a015-d259-ccc262f665c2@arista.com> Date: Fri, 29 Jul 2022 17:13:06 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH 0/6] net/crypto: Introduce crypto_pool Content-Language: en-US To: Herbert Xu Cc: linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, Andy Lutomirski , Ard Biesheuvel , David Ahern , "David S. Miller" , Eric Biggers , Eric Dumazet , Francesco Ruggeri , Hideaki YOSHIFUJI , Jakub Kicinski , Leonard Crestez , Paolo Abeni , Salam Noureddine , netdev@vger.kernel.org, linux-crypto@vger.kernel.org References: <20220726201600.1715505-1-dima@arista.com> From: Dmitry Safonov In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Herbert, On 7/27/22 01:17, Herbert Xu wrote: > On Tue, Jul 26, 2022 at 09:15:54PM +0100, Dmitry Safonov wrote: >> Add crypto_pool - an API for allocating per-CPU array of crypto requests >> on slow-path (in sleep'able context) and to use them on a fast-path, >> which is RX/TX for net/ users (or in any other bh-disabled users). >> The design is based on the current implementations of md5sig_pool. >> >> Previously, I've suggested to add such API on TCP-AO patch submission [1], >> where Herbert kindly suggested to help with introducing new crypto API. > > What I was suggesting is modifying the actual ahash interface so > that the tfm can be shared between different key users by moving > the key into the request object. My impression here is that we're looking at different issues. 1. The necessity of allocating per-CPU ahash_requests. 2. Managing the lifetime and sharing of ahash_request between different kernel users. Removing (1) will allow saving (num_possible_cpus() - 1)*(sizeof(struct ahash_request) + crypto_ahash_reqsize(tfm)) bytes. Which would be very nice for the new fancy CPUs with hundreds of threads. For (2) many kernel users try manage it themselves, resulting in different implementations, as well as some users trying to avoid using any complication like ref counting and allocating the request only once, without freeing it until the module is unloaded. Here for example, introducing TCP-AO would result in copy'n'paste of tcp_md5sig_pool code. As well as RFC5925 for TCP-AO let user to have any supported hashing algorithms, with the requirement from RFC5926 of hmac(sha1) & aes(cmac). If a user wants more algorithms that implementation would need to be patched. I see quite a few net/ users that could use some common API for this besides TCP-MD5 and TCP-AO. That have the same pattern of allocating crypto algorithm on a slow-path (adding a key or module initialization) and using it of a fast-path, which is RX/TX. Besides of sharing and lifetime managing, those users need a temporary buffer (usually the name is `scratch'), IIUC, it is needed for async algorithms that could use some hardware accelerator instead of CPU and need to write the result anywhere, but on vmapped stack. So, here I'm trying to address (2) in order to avoid copy'n'pasting of tcp_md5sig_pool code for introduction of TCP-AO support. I've also patched tcp-md5 code to dynamically disable the static branch, which is not crypto change. There's also a chance I've misunderstood what is your proposal :-) Thanks, Dmitry