Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp3076161rdb; Mon, 4 Dec 2023 16:34:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IHRH6bY9kUQwVefL237w43gyuFdayHUHvDKniCHSI5d8ZtCFpQSUaN+k2txv9H1q85ZVVfw X-Received: by 2002:a05:6512:1596:b0:50b:d764:804c with SMTP id bp22-20020a056512159600b0050bd764804cmr3866969lfb.127.1701736449565; Mon, 04 Dec 2023 16:34:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701736449; cv=none; d=google.com; s=arc-20160816; b=vNIEu8vRwUEq2daJakxku11aWlYwOqVZG7Zikoa0x0tNDiQtn58Et5WBbZp8WS9RD7 tEEmQaTVrqAxNIu/rxu5Sa1zalC1Tx1zrLGv1B6NEmBvYZl/FAt3Q/g4XtrmtlEFz/H0 fCnTN1Zg9IJmQjwZRXqUCzlFMjEJfpKM0cAYox+N5GkPu3PPRDO1vHUNV3VuZOMuyg39 /IL9KHjvUvjwPxs6lZU+cuLu0E0doOmCSsv9qnw5yCkbdM7ATmjWYTSOIL1fF8uF1/LD 7vzfDqiliGuGJRRVNvhYU8zBLcACLnoSmw0uY6MGTp1VaBcJK3+suDWP6kTEXVjlVQTC SIoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature:message-id; bh=OMTDuBvfrBcTj07LSr3P2m6REF9k0/Ryy4y4Trr/lFg=; fh=4Jy0WQzEs9kE6VCdlh1RmghwgjFFepxJQsn6RHRnjQ4=; b=lpsUoHNUNG+yDVxE4ky/tZpxyOMo6aDJP0yyLk7T07EfhKnBLnq+E99/zin5ldztKb +BSYVKwoNTcA2OESH1sYYm2aMXbRjBbkM5JM7Nsd/ET8ratcXDB3bM/sK+/BrXcNZFZK OwOkq+haXrH3HtEA3uAIMwyuGM3WJjxZu2sgZ2bTypiUtqMOeSQ4afH2tsWMbivQFli0 eH6+tnVrHXtUBMz0jPAi/TI5R5BZDfYMcLJwHecYZmgtNEIU6L7Fq/s466NVQk+DoTcs rf6umjnNTkJULCV/5iKM3kS8gP78R8HxCkRNDcRZ2y7DkUKEhapZKfRYsz1lVRt3dA/Z TdjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=vvA+FTKZ; spf=pass (google.com: domain of linux-crypto+bounces-542-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-542-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id s22-20020a50ab16000000b0054c5febab05si329529edc.333.2023.12.04.16.34.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 16:34:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-542-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=vvA+FTKZ; spf=pass (google.com: domain of linux-crypto+bounces-542-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-542-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 405DA1F21321 for ; Tue, 5 Dec 2023 00:34:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B3B9B17F1 for ; Tue, 5 Dec 2023 00:34:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="vvA+FTKZ" X-Original-To: linux-crypto@vger.kernel.org Received: from out-180.mta0.migadu.com (out-180.mta0.migadu.com [IPv6:2001:41d0:1004:224b::b4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7782C4 for ; Mon, 4 Dec 2023 15:08:35 -0800 (PST) Message-ID: <7e93cc7b-0bc0-41d7-af36-d21f919d5755@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1701731312; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OMTDuBvfrBcTj07LSr3P2m6REF9k0/Ryy4y4Trr/lFg=; b=vvA+FTKZPChnV3ecNA06X9JnFKhJYMavhM7/yPr+2hBLNJhNmR8omGqAChlikGU1gys05A KZs1A6yX12c4IVzkdX8PKMP1yhIy5D1LJeQnfGppovnMsCbqx4IhXSDswi/LpW9CKB0jmy YneU4DfBp+Ie5xHz0EyuBt5fh/Kzf+E= Date: Mon, 4 Dec 2023 15:08:25 -0800 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs Content-Language: en-US To: Vadim Fedorenko Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org, bpf@vger.kernel.org, Jakub Kicinski , Andrii Nakryiko , Alexei Starovoitov , Mykola Lysenko , Vadim Fedorenko , Herbert Xu References: <20231202010604.1877561-1-vadfed@meta.com> <3bea70d0-94a5-4d41-be15-2e8b5932a3b0@linux.dev> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Martin KaFai Lau In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT On 12/3/23 11:02 AM, Vadim Fedorenko wrote: >>> +static const struct bpf_crypto_type *bpf_crypto_get_type(const char *name) >>> +{ >>> +    const struct bpf_crypto_type *type = ERR_PTR(-ENOENT); >>> +    struct bpf_crypto_type_list *node; >>> + >>> +    down_read(&bpf_crypto_types_sem); >>> +    list_for_each_entry(node, &bpf_crypto_types, list) { >>> +        if (strcmp(node->type->name, name)) >>> +            continue; >>> + >>> +        if (try_module_get(node->type->owner)) >> >> If I read patch 2 correctly, it is always built-in. I am not sure I understand >> the module_put/get in this patch. > > Well, yeah, right now it's built-in, but it can be easily converted to module > with it's own Kconfig option. Especially if we think about adding aead crypto > and using bpf in embedded setups with less amount of resources. What code is missing to support module? It sounds like all codes are ready. and does it really need a separate kconfig option? Can it depend on CONFIG_BPF_SYSCALL and CONFIG_CRYPTO_SKCIPHER? >>> +BTF_SET8_START(crypt_init_kfunc_btf_ids) >>> +BTF_ID_FLAGS(func, bpf_crypto_ctx_create, KF_ACQUIRE | KF_RET_NULL | >>> KF_SLEEPABLE) >>> +BTF_ID_FLAGS(func, bpf_crypto_ctx_release, KF_RELEASE) >>> +BTF_ID_FLAGS(func, bpf_crypto_ctx_acquire, KF_ACQUIRE | KF_TRUSTED_ARGS) >> >> Considering bpf_crypto_ctx is rcu protected, the acquire may use "KF_ACQUIRE | >> KF_RCU | KF_RET_NULL" such that the bpf_crypto_ctx_acquire(ctx_from_map_value) >> will work and the user will prepare checking NULL from day one. >> > > Got it. What about create? Should it also include KF_RCU? create should not need KF_RCU. The return value is a trusted/refcounted pointer. It has a reg->ref_obj_id => is_trusted_reg().