[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7ac7b494-2409-6f2d-b18a-ac5154545066@linux.dev>
Date: Sun, 3 Dec 2023 19:08:58 +0000
From: Vadim Fedorenko <vadim.fedorenko@...ux.dev>
To: Simon Horman <horms@...nel.org>, Vadim Fedorenko <vadfed@...a.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Martin KaFai Lau
<martin.lau@...ux.dev>, Andrii Nakryiko <andrii@...nel.org>,
Alexei Starovoitov <ast@...nel.org>, Mykola Lysenko <mykolal@...com>,
Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org,
linux-crypto@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP
programs
On 03.12.2023 10:57, Simon Horman wrote:
> On Fri, Dec 01, 2023 at 05:06:02PM -0800, Vadim Fedorenko wrote:
>> Add crypto API support to BPF to be able to decrypt or encrypt packets
>> in TC/XDP BPF programs. Special care should be taken for initialization
>> part of crypto algo because crypto alloc) doesn't work with preemtion
>> disabled, it can be run only in sleepable BPF program. Also async crypto
>> is not supported because of the very same issue - TC/XDP BPF programs
>> are not sleepable.
>>
>> Signed-off-by: Vadim Fedorenko <vadfed@...a.com>
>
> ...
>
>> +/**
>> + * bpf_crypto_ctx_create() - Create a mutable BPF crypto context.
>> + *
>> + * Allocates a crypto context that can be used, acquired, and released by
>> + * a BPF program. The crypto context returned by this function must either
>> + * be embedded in a map as a kptr, or freed with bpf_crypto_ctx_release().
>> + * As crypto API functions use GFP_KERNEL allocations, this function can
>> + * only be used in sleepable BPF programs.
>> + *
>> + * bpf_crypto_ctx_create() allocates memory for crypto context.
>> + * It may return NULL if no memory is available.
>> + * @type__str: pointer to string representation of crypto type.
>> + * @algo__str: pointer to string representation of algorithm.
>> + * @pkey: bpf_dynptr which holds cipher key to do crypto.
>
> Hi Vadim,
>
> a minor nit from my side: something about @authsize should go here.
>
Hi Simon!
Good catch, I'll definitely add description to authsize, thanks!
>> + * @err: integer to store error code when NULL is returned
>> + */
>> +__bpf_kfunc struct bpf_crypto_ctx *
>> +bpf_crypto_ctx_create(const char *type__str, const char *algo__str,
>> + const struct bpf_dynptr_kern *pkey,
>> + unsigned int authsize, int *err)
>
> ...
Powered by blists - more mailing lists