From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Theodore Ts'o <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>,
davem@davemloft.net, linux-crypto@vger.kernel.org,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net, ecryptfs@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] crypto: allow to assign gfp_t for __crypto_alloc_tfm
Date: Wed, 20 May 2015 09:21:20 +0200 [thread overview]
Message-ID: <20150520072118.GN8928@secunet.com> (raw)
In-Reply-To: <20150519142755.GB32663@gondor.apana.org.au>
On Tue, May 19, 2015 at 10:27:55PM +0800, Herbert Xu wrote:
> On Tue, May 19, 2015 at 10:14:30AM -0400, Theodore Ts'o wrote:
> >
> > There can be multiple reads going on in parallel, so we're currently
> > creating tfm's as necessary. In fact one of the things that we've
>
> A single tfm is fully-reentrant (as long as you don't change the
> key). So multiple reads/writes on a single file can all use one
> tfm with no locking at all.
>
> There should be a single tfm per key. As your code appears to use
> one key per inode, that translates to one tfm per inode.
>
> > talked about doing is since there are some ARM cores where their
> > "hardware acceleration" is slower than optimized software (sigh), and
> > there are some Android applications (such as Facebook) that read
> > *vast* quantities of data from flash on startup before painting a
> > single pixel, that we might want to consider in some cases,
> > parallelizing the decryption across multiple ARM cores. Figuring out
> > when to do this, both in terms of the workload, how many cores to use
> > to balance off against power utilization, how much (if ever) to use
> > the hardware "accelerator", and just plain lack of time caused us not
> > to go down that particular path.
>
> We already have some support for such parallelisation in the form of
> pcrypt. It has been used on IPsec and I believe dmcrypt.
The current pcrypt version is used just for IPsec because it supports
only AEAD type algorithms and does not support request backlog. But
I have patches to support ablkcipher algorithms and request backlog.
I could provide them if there is interest in it.
WARNING: multiple messages have this Message-ID (diff)
From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Theodore Ts'o <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>,
<davem@davemloft.net>, <linux-crypto@vger.kernel.org>,
<linux-ext4@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-f2fs-devel@lists.sourceforge.net>,
<ecryptfs@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH] crypto: allow to assign gfp_t for __crypto_alloc_tfm
Date: Wed, 20 May 2015 09:21:20 +0200 [thread overview]
Message-ID: <20150520072118.GN8928@secunet.com> (raw)
In-Reply-To: <20150519142755.GB32663@gondor.apana.org.au>
On Tue, May 19, 2015 at 10:27:55PM +0800, Herbert Xu wrote:
> On Tue, May 19, 2015 at 10:14:30AM -0400, Theodore Ts'o wrote:
> >
> > There can be multiple reads going on in parallel, so we're currently
> > creating tfm's as necessary. In fact one of the things that we've
>
> A single tfm is fully-reentrant (as long as you don't change the
> key). So multiple reads/writes on a single file can all use one
> tfm with no locking at all.
>
> There should be a single tfm per key. As your code appears to use
> one key per inode, that translates to one tfm per inode.
>
> > talked about doing is since there are some ARM cores where their
> > "hardware acceleration" is slower than optimized software (sigh), and
> > there are some Android applications (such as Facebook) that read
> > *vast* quantities of data from flash on startup before painting a
> > single pixel, that we might want to consider in some cases,
> > parallelizing the decryption across multiple ARM cores. Figuring out
> > when to do this, both in terms of the workload, how many cores to use
> > to balance off against power utilization, how much (if ever) to use
> > the hardware "accelerator", and just plain lack of time caused us not
> > to go down that particular path.
>
> We already have some support for such parallelisation in the form of
> pcrypt. It has been used on IPsec and I believe dmcrypt.
The current pcrypt version is used just for IPsec because it supports
only AEAD type algorithms and does not support request backlog. But
I have patches to support ablkcipher algorithms and request backlog.
I could provide them if there is interest in it.
WARNING: multiple messages have this Message-ID (diff)
From: steffen.klassert@secunet.com (Steffen Klassert)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] crypto: allow to assign gfp_t for __crypto_alloc_tfm
Date: Wed, 20 May 2015 09:21:20 +0200 [thread overview]
Message-ID: <20150520072118.GN8928@secunet.com> (raw)
In-Reply-To: <20150519142755.GB32663@gondor.apana.org.au>
On Tue, May 19, 2015 at 10:27:55PM +0800, Herbert Xu wrote:
> On Tue, May 19, 2015 at 10:14:30AM -0400, Theodore Ts'o wrote:
> >
> > There can be multiple reads going on in parallel, so we're currently
> > creating tfm's as necessary. In fact one of the things that we've
>
> A single tfm is fully-reentrant (as long as you don't change the
> key). So multiple reads/writes on a single file can all use one
> tfm with no locking at all.
>
> There should be a single tfm per key. As your code appears to use
> one key per inode, that translates to one tfm per inode.
>
> > talked about doing is since there are some ARM cores where their
> > "hardware acceleration" is slower than optimized software (sigh), and
> > there are some Android applications (such as Facebook) that read
> > *vast* quantities of data from flash on startup before painting a
> > single pixel, that we might want to consider in some cases,
> > parallelizing the decryption across multiple ARM cores. Figuring out
> > when to do this, both in terms of the workload, how many cores to use
> > to balance off against power utilization, how much (if ever) to use
> > the hardware "accelerator", and just plain lack of time caused us not
> > to go down that particular path.
>
> We already have some support for such parallelisation in the form of
> pcrypt. It has been used on IPsec and I believe dmcrypt.
The current pcrypt version is used just for IPsec because it supports
only AEAD type algorithms and does not support request backlog. But
I have patches to support ablkcipher algorithms and request backlog.
I could provide them if there is interest in it.
next prev parent reply other threads:[~2015-05-20 7:21 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 5:46 [PATCH] crypto: allow to assign gfp_t for __crypto_alloc_tfm Jaegeuk Kim
2015-05-19 5:46 ` Jaegeuk Kim
2015-05-19 5:49 ` Herbert Xu
2015-05-19 5:49 ` Herbert Xu
2015-05-19 6:24 ` Jaegeuk Kim
2015-05-19 6:24 ` Jaegeuk Kim
2015-05-19 6:31 ` [f2fs-dev] [PATCH v2] " Jaegeuk Kim
2015-05-19 6:31 ` Jaegeuk Kim
2015-05-19 6:32 ` Herbert Xu
2015-05-19 6:32 ` [f2fs-dev] " Herbert Xu
2015-05-19 6:32 ` Herbert Xu
2015-05-19 6:32 ` [PATCH] " Herbert Xu
2015-05-19 6:32 ` Herbert Xu
2015-05-19 6:58 ` Jaegeuk Kim
2015-05-19 6:58 ` Jaegeuk Kim
2015-05-19 6:59 ` Herbert Xu
2015-05-19 6:59 ` Herbert Xu
2015-05-19 7:13 ` Jaegeuk Kim
2015-05-19 7:13 ` Jaegeuk Kim
2015-05-19 7:15 ` Herbert Xu
2015-05-19 7:15 ` Herbert Xu
2015-05-19 7:27 ` Jaegeuk Kim
2015-05-19 7:27 ` Jaegeuk Kim
2015-05-19 7:30 ` Herbert Xu
2015-05-19 7:30 ` Herbert Xu
2015-05-19 7:59 ` Jaegeuk Kim
2015-05-19 7:59 ` Jaegeuk Kim
2015-05-19 14:14 ` Theodore Ts'o
2015-05-19 14:14 ` Theodore Ts'o
2015-05-19 14:27 ` Herbert Xu
2015-05-19 14:27 ` Herbert Xu
2015-05-19 14:39 ` Theodore Ts'o
2015-05-19 14:39 ` Theodore Ts'o
2015-05-20 7:21 ` Steffen Klassert [this message]
2015-05-20 7:21 ` Steffen Klassert
2015-05-20 7:21 ` Steffen Klassert
2015-05-20 14:59 ` Theodore Ts'o
2015-05-20 14:59 ` Theodore Ts'o
2015-05-20 15:30 ` Ard Biesheuvel
2015-05-20 15:30 ` Ard Biesheuvel
2015-05-20 15:42 ` Herbert Xu
2015-05-20 15:42 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150520072118.GN8928@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=ecryptfs@vger.kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jaegeuk@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.