From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ilya Lesokhin <ilyal@mellanox.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"sd@queasysnail.net" <sd@queasysnail.net>,
"Boris Pismenny" <borisp@mellanox.com>,
"davejwatson@fb.com" <davejwatson@fb.com>
Subject: Re: Using the aesni generic gcm(aes) aead in atomic context
Date: Tue, 31 Oct 2017 10:13:45 +0100 [thread overview]
Message-ID: <20171031091345.GF30509@secunet.com> (raw)
In-Reply-To: <20171031074438.GA26042@gondor.apana.org.au>
On Tue, Oct 31, 2017 at 03:44:38PM +0800, Herbert Xu wrote:
> On Tue, Oct 31, 2017 at 07:39:08AM +0000, Ilya Lesokhin wrote:
> >
> > I think we should consider having a synchronous implementation that falls back
> > to integer implementation when the FPU is not available.
> > This would spare the users from having to handle the asynchronous case.
> >
> > Hopefully the situation where the FPU is not available is rare enough
> > So it won't hurt the performance too much.
>
> For your intended use case I think async processing should work just
> fine as it does for IPsec.
I think Ilya talks about the case where the TLS crypto is intended
to be offloaded to a NIC. In this case we need a software crypto
fallback e.g. if a packet got rerouted to a device that does not
support crypto offloading. For IPsec, we catch these cases in
validate_xmit_skb() either with the ESP GSO handler, or in the non
GSO case with validate_xmit_xfrm(). We currently request for
a sync algorithm to avoid the async handling for this case.
Allowing for async crypto would require some way to handle
async returnes or the -EBUSY case from the crypto layer inside
of a qdisc. Also, in the GSO case it is not clear how to unwind
the GSO call stack on a async return.
I had a discussion with davem at the netfilter workshop about
this. Based on this discussion, I prepared some patches that
I hope to be (RFC) ready until the netdev2.2 next week.
next prev parent reply other threads:[~2017-10-31 9:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-30 15:18 Using the aesni generic gcm(aes) aead in atomic context Ilya Lesokhin
2017-10-31 4:10 ` Herbert Xu
2017-10-31 7:14 ` Ilya Lesokhin
2017-10-31 7:17 ` Herbert Xu
2017-10-31 7:23 ` Ilya Lesokhin
2017-10-31 7:32 ` Herbert Xu
2017-10-31 7:39 ` Ilya Lesokhin
2017-10-31 7:44 ` Herbert Xu
2017-10-31 7:58 ` Ilya Lesokhin
2017-10-31 9:13 ` Steffen Klassert [this message]
2017-10-31 9:41 ` Ilya Lesokhin
2017-11-01 9:21 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171031091345.GF30509@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=borisp@mellanox.com \
--cc=davejwatson@fb.com \
--cc=herbert@gondor.apana.org.au \
--cc=ilyal@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.