[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230116201458.104260-1-dima@arista.com>
Date: Mon, 16 Jan 2023 20:14:54 +0000
From: Dmitry Safonov <dima@...sta.com>
To: linux-kernel@...r.kernel.org, David Ahern <dsahern@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Jakub Kicinski <kuba@...nel.org>,
"David S. Miller" <davem@...emloft.net>
Cc: Dmitry Safonov <dima@...sta.com>,
Andy Lutomirski <luto@...capital.net>,
Bob Gilligan <gilligan@...sta.com>,
Dmitry Safonov <0x7f454c46@...il.com>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Leonard Crestez <cdleonard@...il.com>,
Paolo Abeni <pabeni@...hat.com>,
Salam Noureddine <noureddine@...sta.com>,
netdev@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: [PATCH v3 0/4] net/crypto: Introduce crypto_pool
Changes since v2 [5]:
- Fix incorrect rebase of v2: tcp_md5_add_crypto_pool() was
called on twsk creation even for sockets without TCP-MD5 key
- Documentation title underline length
(Reported-by: kernel test robot <lkp@...el.com>)
- Migrate crypto_pool_scratch to __rcu, using rcu_dereference*()
and rcu_replace_pointer(). As well, I changed local_bh_{en,dis}able()
to rcu_read_{,un}lock_bh().
(Addressing Jakub's review)
- Correct Documentation/ to use proper kerneldoc style, include it in
toc/tree and editor notes (from Jakub's comments)
- Avoid cast in crypto_pool_get() (Jakub's review)
- Select CRYPTO in Kconfig, not only CRYPTO_POOL (Jakub's reivew)
- Remove free_batch[] with synchronize_rcu() in favor of a struct
with a flexible array inside + call_rcu() (suggested by Jakub)
- Change scratch `size` argument type from (unsigned long) to (size_t)
for consistency
- Combined crypto_pool_alloc_ahash() and crypto_pool_reserve_scratch(),
now the scratch area size is supplied on crypto_pool allocation
(suggested by Jakub)
- Removed CONFIG_CRYPTO_POOL_DEFAULT_SCRATCH_SIZE
- CRYPTO_POOL now is a hidden symbol (Jakub's review)
- Simplified __cpool_alloc_ahash() error-paths, adding local variables
(suggested by Jakub)
- Resurrect a pool waiting to be destroyed if possible (Jakub's review)
- Rename _get() => _start(), _put() => _end(), _add() => _get()
(suggested by Jakub)
Changes since v1 [1]:
- Patches went through 3 iterations inside bigger TCP-AO patch set [2],
now I'm splitting it apart and sending it once again as a stand-alone
patch set to help reviewing it and make it easier to merge.
It is second part of that big series, once it merges the next part
will be TCP changes to add Authentication Option support (RFC5925),
that use API provided by these patches.
- Corrected kerneldoc-style comment near crypto_pool_reserve_scratch()
(Reported-By: kernel test robot <lkp@...el.com>)
- Added short Documentation/ page for crypto_pool API
Add crypto_pool - an API for allocating per-CPU array of crypto requests
on slow-path (in sleep'able contexts) and for using them on a fast-path,
which is RX/TX for net/* users.
The design is based on the current implementations of md5sig_pool, which
this patch set makes generic by separating it from TCP core, moving it
to crypto/ and adding support for other hashing algorithms than MD5.
It makes a generic implementation for a common net/ pattern.
The initial motivation to have this API is TCP-AO, that's going to use
the very same pattern as TCP-MD5, but for multiple hashing algorithms.
Previously, I've suggested to add such API on TCP-AO patch submission [3],
where Herbert kindly suggested to help with introducing new crypto API.
See also discussion and motivation in crypto_pool-v1 [4].
The API will allow:
- to reuse per-CPU ahash_request(s) for different users
- to allocate only one per-CPU scratch buffer rather than a new one for
each user
- to have a common API for net/ users that need ahash on RX/TX fast path
In this version I've wired up TCP-MD5 and IPv6-SR-HMAC as users.
Potentially, xfrm_ipcomp and xfrm_ah can be converted as well.
The initial reason for patches would be to have TCP-AO as a user, which
would let it share per-CPU crypto_request for any supported hashing
algorithm.
[1]: https://lore.kernel.org/all/20220726201600.1715505-1-dima@arista.com/
[2]: https://lore.kernel.org/all/20221027204347.529913-1-dima@arista.com/T/#u
[3]: http://lkml.kernel.org/r/20211106034334.GA18577@gondor.apana.org.au
[4]: https://lore.kernel.org/all/26d5955b-3807-a015-d259-ccc262f665c2@arista.com/T/#u
[5]: https://lore.kernel.org/all/20230103184257.118069-1-dima@arista.com/
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Bob Gilligan <gilligan@...sta.com>
Cc: David Ahern <dsahern@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Dmitry Safonov <0x7f454c46@...il.com>
Cc: Eric Dumazet <edumazet@...gle.com>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Cc: Jakub Kicinski <kuba@...nel.org>
Cc: Leonard Crestez <cdleonard@...il.com>
Cc: Paolo Abeni <pabeni@...hat.com>
Cc: Salam Noureddine <noureddine@...sta.com>
Cc: netdev@...r.kernel.org
Cc: linux-crypto@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Dmitry Safonov (4):
crypto: Introduce crypto_pool
crypto/net/tcp: Use crypto_pool for TCP-MD5
crypto/net/ipv6: sr: Switch to using crypto_pool
crypto/Documentation: Add crypto_pool kernel API
Documentation/crypto/crypto_pool.rst | 36 +++
Documentation/crypto/index.rst | 1 +
crypto/Kconfig | 3 +
crypto/Makefile | 1 +
crypto/crypto_pool.c | 334 +++++++++++++++++++++++++++
include/crypto/pool.h | 46 ++++
include/net/seg6_hmac.h | 7 -
include/net/tcp.h | 24 +-
net/ipv4/Kconfig | 1 +
net/ipv4/tcp.c | 104 ++-------
net/ipv4/tcp_ipv4.c | 100 ++++----
net/ipv4/tcp_minisocks.c | 21 +-
net/ipv6/Kconfig | 1 +
net/ipv6/seg6.c | 3 -
net/ipv6/seg6_hmac.c | 207 +++++++----------
net/ipv6/tcp_ipv6.c | 61 +++--
16 files changed, 635 insertions(+), 315 deletions(-)
create mode 100644 Documentation/crypto/crypto_pool.rst
create mode 100644 crypto/crypto_pool.c
create mode 100644 include/crypto/pool.h
base-commit: 5dc4c995db9eb45f6373a956eb1f69460e69e6d4
--
2.39.0
Powered by blists - more mailing lists