Re: [RFCv3 05/15] tcp: authopt: Add crypto initialization

From: Eric Dumazet
Date: Tue Aug 24 2021 - 19:02:38 EST

Next message: Daniel Scally: "[RFC PATCH v2 0/3] Add regulator_lookup_list and API"
Previous message: Paul Moore: "Re: [PATCH v2 RESEND] powerpc/audit: Convert powerpc to AUDIT_ARCH_COMPAT_GENERIC"
In reply to: Leonard Crestez: "[RFCv3 05/15] tcp: authopt: Add crypto initialization"
Next in thread: Eric Dumazet: "Re: [RFCv3 05/15] tcp: authopt: Add crypto initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/24/21 2:34 PM, Leonard Crestez wrote:
> The crypto_shash API is used in order to compute packet signatures. The
> API comes with several unfortunate limitations:
>
> 1) Allocating a crypto_shash can sleep and must be done in user context.
> 2) Packet signatures must be computed in softirq context
> 3) Packet signatures use dynamic "traffic keys" which require exclusive
> access to crypto_shash for crypto_setkey.
>
> The solution is to allocate one crypto_shash for each possible cpu for
> each algorithm at setsockopt time. The per-cpu tfm is then borrowed from
> softirq context, signatures are computed and the tfm is returned.
>
> The pool for each algorithm is reference counted, initialized at
> setsockopt time and released in tcp_authopt_key_info's rcu callback
>
>

I don't know, why should we really care and try so hard to release
the tfm per cpu ?

I would simply allocate them at boot time.
This would avoid the expensive refcounting (potential false sharing)

Next message: Daniel Scally: "[RFC PATCH v2 0/3] Add regulator_lookup_list and API"
Previous message: Paul Moore: "Re: [PATCH v2 RESEND] powerpc/audit: Convert powerpc to AUDIT_ARCH_COMPAT_GENERIC"
In reply to: Leonard Crestez: "[RFCv3 05/15] tcp: authopt: Add crypto initialization"
Next in thread: Eric Dumazet: "Re: [RFCv3 05/15] tcp: authopt: Add crypto initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]