Re: [PATCH v4 01/21] net/tcp: Prepare tcp_md5sig_pool for TCP-AO
From: Herbert Xu
Date: Mon Feb 20 2023 - 04:42:40 EST
On Wed, Feb 15, 2023 at 06:33:15PM +0000, Dmitry Safonov wrote:
> TCP-AO similarly to TCP-MD5 needs to allocate tfms on a slow-path, which
> is setsockopt() and use crypto ahash requests on fast paths, which are
> RX/TX softirqs. It as well needs a temporary/scratch buffer for
> preparing the hashing request.
>
> Extend tcp_md5sig_pool to support other hashing algorithms than MD5.
> Move it in a separate file.
>
> This patch was previously submitted as more generic crypto_pool [1],
> but Herbert nacked making it generic crypto API. His view is that crypto
> requests should be atomically allocated on fast-paths. So, in this
> version I don't move this pool anywhere outside TCP, only extending it
> for TCP-AO use-case. It can be converted once there will be per-request
> hashing crypto keys.
>
> [1]: https://lore.kernel.org/all/20230118214111.394416-1-dima@xxxxxxxxxx/T/#u
> Signed-off-by: Dmitry Safonov <dima@xxxxxxxxxx>
> ---
> include/net/tcp.h | 48 ++++--
> net/ipv4/Kconfig | 4 +
> net/ipv4/Makefile | 1 +
> net/ipv4/tcp.c | 103 +++---------
> net/ipv4/tcp_ipv4.c | 97 +++++++-----
> net/ipv4/tcp_minisocks.c | 21 ++-
> net/ipv4/tcp_sigpool.c | 333 +++++++++++++++++++++++++++++++++++++++
> net/ipv6/tcp_ipv6.c | 58 +++----
> 8 files changed, 493 insertions(+), 172 deletions(-)
> create mode 100644 net/ipv4/tcp_sigpool.c
Please wait for my per-request hash work before you resubmit this.
Once that's in place all you need is a single tfm for the whole
system.
As to request pools what exactly is the point of that? Just kmalloc
them on demand.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt