| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <MN2PR12MB30228850A78FCEE1FB3BF394A9A7A@MN2PR12MB3022.namprd12.prod.outlook.com> Date: Fri, 5 Dec 2025 17:15:13 +0000 From: Ron Li <xiangrongl@...dia.com> To: Hans de Goede <hansg@...nel.org>, "ilpo.jarvinen@...ux.intel.com" <ilpo.jarvinen@...ux.intel.com>, Vadim Pasternak <vadimp@...dia.com>, "alok.a.tiwari@...cle.com" <alok.a.tiwari@...cle.com>, Khalil Blaiech <kblaiech@...dia.com>, David Thompson <davthompson@...dia.com> CC: "platform-driver-x86@...r.kernel.org" <platform-driver-x86@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org> Subject: RE: [PATCH v3 2/3] platform/mellanox/mlxbf_pka: Add userspace PKA ring device interface > -----Original Message----- > From: Hans de Goede <hansg@...nel.org> > Sent: Wednesday, November 19, 2025 10:52 AM > To: Ron Li <xiangrongl@...dia.com>; ilpo.jarvinen@...ux.intel.com; Vadim > Pasternak <vadimp@...dia.com>; alok.a.tiwari@...cle.com; Khalil Blaiech > <kblaiech@...dia.com>; David Thompson <davthompson@...dia.com> > Cc: platform-driver-x86@...r.kernel.org; linux-kernel@...r.kernel.org; linux- > crypto@...r.kernel.org > Subject: Re: [PATCH v3 2/3] platform/mellanox/mlxbf_pka: Add userspace > PKA ring device interface > > External email: Use caution opening links or attachments > > > Hi, > > On 19-Sep-25 9:51 PM, Ron Li wrote: > > Expose each BlueField PKA ring as a character device for userspace offload. > > This focuses on per-ring resources, layout, and control, without in-kernel > > crypto algorithms. > > > > - Create ring device nodes and lifecycle: open/close, mmap, ioctl > > - Partition 16KB Window RAM per ring (1KB cmd, 1KB result, 14KB vectors) > > - Program ring info words (cmd/rslt bases, size, host_desc_size, in-order) > > - Provide UAPI ioctls: > > - MLXBF_PKA_RING_GET_REGION_INFO > > - MLXBF_PKA_GET_RING_INFO > > - MLXBF_PKA_CLEAR_RING_COUNTERS > > - ACPI-based probe for BF1/BF2/BF3 and per-shim ring setup > > - Document device/ring identifiers and interface in sysfs ABI > > IMHO you really should use the standard hw-accel crypto kernel APIs > for this and not introduce a set of custom ioctls. > > I guess an exception can be made if: > > 1. You can motivate why using the standard hw-accel crypto kernel APIs will > not work for your use-case; *and* > 2. You can get an ack from one of the linux-crypto MAINTAINERs for doing this > outside of the crypto subsystems. > > Sorry, but we cannot merge these patches adding this custom crypto API > under drivers/platform/mellanox without explicit permission to deviate > from the standard crypto APIs by the linux-crypto MAINTAINERs. > > Regards, > > Hans Hello linux-crypto maintainers, Please review the justifications for avoiding the Crypto API for the PKA driver: - Our primary consumers are user‑space TLS stacks (OpenSSL/BoringSSL). The user‑space AF_ALG interface does not expose asymmetric algorithms (Documentation/crypto/userspace-if.rst), so it wouldn’t reach those consumers. - Additionally, routing through Crypto API adds extra copies/context hops that regress our handshake latency and batched throughput targets compared to the direct, zero‑copy queue UAPI. Please advise if the review procedure can proceed. Thanks Ron
Powered by blists - more mailing lists