Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2401923rdg;
        Mon, 16 Oct 2023 03:28:33 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IESOgU4UUAXMaM2nrlWJWtLZ/EP1I75/uDkdRQdNdf/oYVDP5UfXzbWe/bAJiVezldFzsUC
X-Received: by 2002:a17:902:c94f:b0:1c9:dcea:33e5 with SMTP id i15-20020a170902c94f00b001c9dcea33e5mr14673536pla.67.1697452113374;
        Mon, 16 Oct 2023 03:28:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697452113; cv=none;
        d=google.com; s=arc-20160816;
        b=dgywufxdlHbHtWhX5Ew4zBRjKTfwKvP/wavWAjSOr1mug9rQTA7vsYvl9Kdl5LlDN5
         aYdEnHpCx2g25D8oJ2clOcMkezBM0cAP3ghj/D4wsMcaFBool6VMTTuTxPbM+84VMLDM
         SsozZYfQup8KzEIuxqVhJPsfaPPQL0Hla7QTerv55kv5VL56gL5jJXl/AeeWKjs8JMKx
         bsPureHXCnW3pidb0m7xh00EnOFGAaX+7h9nRv004Fiu4V0TqtnDTtjGWWdVDx3+6BiN
         WkP8nsoAgTjLcPH23kCO7OEwSTynE0vhkBKvdQ1aG2vVB4oLGLdRx04kXt84/e9hSo1i
         zBTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=biKRhLHTaAG7K50KO2TPOhndeGa+3gCT0PZj6vEyDG4=;
        fh=UifezLYM7zmE36RwLsvSl14WLzmnRF71eKOP5g3P3i0=;
        b=mEHEDltRpZcUX3YiBR41kRgAg4nQjDS5wMtiNtFkLrKgDcaJUk24zdjzSDMvSsADh5
         RvTb7wMr/BEuG6II/82lOBXA/OJVs1vFePhIrCZ0sHqEqbj5R0ab5RgOm/xLKGN+Omyz
         usgkbBL/Ao0MvV6dorys+s6AK+d7vdesm/jzd5virxQTYEDuTN8J8/ui43Cbs8ZThm44
         JLaqbOX+pYLICrRhAKQFBgJ4znjFwJJnMMCTiX2DxLR4fehg6embBtvF1o6ra/zlg8bH
         PYOnWIAM+r6j/3QXaB4Bkv+/VxbvZge5MIz2V97ReCDLCYAsi0vWJdgjrx+15myzYVNc
         TYcg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33])
        by mx.google.com with ESMTPS id c2-20020a170902d48200b001bb993ef74bsi8368933plg.540.2023.10.16.03.28.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 03:28:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by lipwig.vger.email (Postfix) with ESMTP id BF02F804C223;
	Mon, 16 Oct 2023 03:28:30 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229666AbjJPK2P (ORCPT <rfc822;pbyt029@gmail.com> + 99 others);
        Mon, 16 Oct 2023 06:28:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53680 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231389AbjJPK2N (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 16 Oct 2023 06:28:13 -0400
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A2D2AC;
        Mon, 16 Oct 2023 03:28:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
        by a.mx.secunet.com (Postfix) with ESMTP id AA723207B0;
        Mon, 16 Oct 2023 12:28:09 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1])
        by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id KMRYe7fo4lTH; Mon, 16 Oct 2023 12:28:08 +0200 (CEST)
Received: from mailout2.secunet.com (mailout2.secunet.com [62.96.220.49])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by a.mx.secunet.com (Postfix) with ESMTPS id DA4F8205DD;
        Mon, 16 Oct 2023 12:28:08 +0200 (CEST)
Received: from cas-essen-02.secunet.de (unknown [10.53.40.202])
        by mailout2.secunet.com (Postfix) with ESMTP id D658480004A;
        Mon, 16 Oct 2023 12:28:08 +0200 (CEST)
Received: from mbx-essen-02.secunet.de (10.53.40.198) by
 cas-essen-02.secunet.de (10.53.40.202) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.32; Mon, 16 Oct 2023 12:28:08 +0200
Received: from gauss2.secunet.de (10.182.7.193) by mbx-essen-02.secunet.de
 (10.53.40.198) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 16 Oct
 2023 12:28:08 +0200
Received: by gauss2.secunet.de (Postfix, from userid 1000)
        id CCD7F3182C75; Mon, 16 Oct 2023 12:28:07 +0200 (CEST)
Date:   Mon, 16 Oct 2023 12:28:07 +0200
From:   Steffen Klassert <steffen.klassert@secunet.com>
To:     Wang Jinchao <wangjinchao@xfusion.com>
CC:     Daniel Jordan <daniel.m.jordan@oracle.com>,
        <linux-crypto@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
        <stone.xulei@xfusion.com>
Subject: Re: [RFC/REFACT] Refactoring and significantly reducing code
 complexity
Message-ID: <ZS0QNxbtXPgPH1j2@gauss3.secunet.de>
References: <ZRU/EjubEH/5QLlG@fedora>
 <ZRZk6tC6j1FtW3uY@gauss3.secunet.de>
 <ZSCxxxMKoby6XWsg@fedora>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ZSCxxxMKoby6XWsg@fedora>
X-ClientProxiedBy: cas-essen-02.secunet.de (10.53.40.202) To
 mbx-essen-02.secunet.de (10.53.40.198)
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 16 Oct 2023 03:28:30 -0700 (PDT)

On Sat, Oct 07, 2023 at 09:17:59AM +0800, Wang Jinchao wrote:
> On Fri, Sep 29, 2023 at 07:47:22AM +0200, Steffen Klassert wrote:
> > On Thu, Sep 28, 2023 at 04:53:38PM +0800, Wang Jinchao wrote:
> > > This is a refactored version with the following main changes:
> > > 
> > > - The parallel workqueue no longer uses the WQ_UNBOUND attribute
> > > - Removal of CPU-related logic, sysfs-related interfaces
> > > - removal of structures like padata_cpumask, and deletion of parallel_data
> > > - Using completion to maintain sequencing
> > > - no longer using lists
> > > - removing structures like padata_list and padata_serial_queue
> > > - Removal of padata_do_serial()
> > 
> > This removes all the logic that is needed to ensure that
> > the parallelized objects return in the same order as
> > they were before the parallelization. This change makes
> > padata unusable for networking.
> 
> The RFC use the following three to ensure serial timing sequence:
> 
> 1.  Use alloc_ordered_workqueue() to create a serial worker queue where 
>     serial() function runs. This ensures that serial() function executes
>     as serial work was enqueued using queue_work().
> 2.  Queue the serial work before enqueueing parallel work in padata_do_parallel().
>     This ensures the serial work follows the same order as the padata_do_parallel().
> 3.  The serial work wait for completion of parallel_done, which will be 
>     complete()ed after the parallel() function within the parallel work.

I had a closer look to the padata codebase now. The logic to
parallelize/serialize changed quite a bit since I wrote padata
initially. I don't understand the new logic completely,
so we need to rely on Daniels review for this.

> This is just a design idea, because I am not familiar with IPsec, I haven't 
> tested it in a real network environment yet. 
> Could you give me some clues on how to use pcrypt in an IPsec scenario?

pcrypt has performance gains if the cost of the crypto
oreration is higher than the cost of moving the crypto
request to another cpu. That was the case back in the
days, but the situation changed since then. We now have
hardware support for crypto, like aes-ni etc.
So for hardware supported algorithms, pcrypt will not
help much. But it is still interesting for crypto
algorithms that are implemented in software only.

Here is how you can instantiate a pcrypted
algorithm:

----------------------------------------------------
You need to instantiate pcrypt before you can use it.

You need either crconf or the tcrypt module to instantiate pcrypt.

With crconf:

You can get crconf from https://sourceforge.net/projects/crconf/
After installing crconf do e.g.

crconf add driver "pcrypt(authenc(hmac(sha1-generic),cbc(aes-asm)))" type 3


With tcrypt:

modprobe tcrypt alg="pcrypt(authenc(hmac(sha1-generic),cbc(aes-asm)))" type=3

The modprobe will return with an error, don't worry about it, that's ok.



Once you've did one of the above, your /proc/crypto should show
something like:

name         : authenc(hmac(sha1),cbc(aes))
driver       : pcrypt(authenc(hmac(sha1-generic),cbc(aes-asm)))
module       : pcrypt
priority     : 2100
refcnt       : 1
selftest     : passed
type         : aead
async        : yes
blocksize    : 16
ivsize       : 16
maxauthsize  : 20
geniv        : <built-in>


Now pcrypt is instantiated, e.g. all new IPsec states (that do
hmac-sha1, cbc-aes) will use it.