[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180815164548.ikdrxliwtmqdgt3c@davejwatson-mba.local>
Date: Wed, 15 Aug 2018 09:55:44 -0700
From: Dave Watson <davejwatson@...com>
To: Vakul Garg <vakul.garg@....com>
CC: <netdev@...r.kernel.org>, <borisp@...lanox.com>,
<aviadye@...lanox.com>, <davem@...emloft.net>
Subject: Re: [PATCH net-next][RFC] net/tls: Add support for async decryption
of tls records
On 08/14/18 07:47 PM, Vakul Garg wrote:
> Incoming TLS records which are directly decrypted into user space
> application buffer i.e. records which are decrypted in zero-copy mode
> are submitted for async decryption. When the decryption cryptoapi
> returns -EINPROGRESS, the next tls record is parsed and then submitted
> for decryption. The references to records which has been sent for async
> decryption are dropped. This happens in a loop for all the records that
> can be decrypted in zero-copy mode. For records for which decryption is
> not possible in zero-copy mode, asynchronous decryption is not used and
> we wait for decryption crypto api to complete.
>
> For crypto requests executing in async fashion, the memory for
> aead_request, sglists and skb etc is freed from the decryption
> completion handler. The decryption completion handler wakesup the
> sleeping user context. This happens when the user context is done
> enqueueing all the crypto requests and is waiting for all the async
> operations to finish. Since the splice() operation does not use
> zero-copy decryption, async remains disabled for splice().
I found it a little hard to understand what you are trying to do based
on the commit message. Reading the code, it looks like if the recv()
spans multiple TLS records, we will start decryption on all of them,
and only wait right before recv() returns, yes? This approach sounds
great to me.
Three of the selftests are failing for me:
[ FAIL ] tls.recv_partial
[ FAIL ] tls.recv_peek
[ FAIL ] tls.recv_peek_multiple
Powered by blists - more mailing lists