Re: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Simon Horman <horms@kernel.org>
To: Vadim Fedorenko <vadfed@meta.com>
Cc: Vadim Fedorenko <vadim.fedorenko@linux.dev>,
	Jakub Kicinski <kuba@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Andrii Nakryiko <andrii@kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Mykola Lysenko <mykolal@fb.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	netdev@vger.kernel.org, linux-crypto@vger.kernel.org,
	bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs
Date: Sun, 3 Dec 2023 10:57:48 +0000	[thread overview]
Message-ID: <20231203105748.GD50400@kernel.org> (raw)
In-Reply-To: <20231202010604.1877561-1-vadfed@meta.com>

On Fri, Dec 01, 2023 at 05:06:02PM -0800, Vadim Fedorenko wrote:
> Add crypto API support to BPF to be able to decrypt or encrypt packets
> in TC/XDP BPF programs. Special care should be taken for initialization
> part of crypto algo because crypto alloc) doesn't work with preemtion
> disabled, it can be run only in sleepable BPF program. Also async crypto
> is not supported because of the very same issue - TC/XDP BPF programs
> are not sleepable.
> 
> Signed-off-by: Vadim Fedorenko <vadfed@meta.com>

...

> +/**
> + * bpf_crypto_ctx_create() - Create a mutable BPF crypto context.
> + *
> + * Allocates a crypto context that can be used, acquired, and released by
> + * a BPF program. The crypto context returned by this function must either
> + * be embedded in a map as a kptr, or freed with bpf_crypto_ctx_release().
> + * As crypto API functions use GFP_KERNEL allocations, this function can
> + * only be used in sleepable BPF programs.
> + *
> + * bpf_crypto_ctx_create() allocates memory for crypto context.
> + * It may return NULL if no memory is available.
> + * @type__str: pointer to string representation of crypto type.
> + * @algo__str: pointer to string representation of algorithm.
> + * @pkey:      bpf_dynptr which holds cipher key to do crypto.

Hi Vadim,

a minor nit from my side: something about @authsize should go here.

> + * @err:       integer to store error code when NULL is returned
> + */
> +__bpf_kfunc struct bpf_crypto_ctx *
> +bpf_crypto_ctx_create(const char *type__str, const char *algo__str,
> +		      const struct bpf_dynptr_kern *pkey,
> +		      unsigned int authsize, int *err)

...

next prev parent reply	other threads:[~2023-12-03 10:57 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-02  1:06 [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs Vadim Fedorenko
2023-12-02  1:06 ` [PATCH bpf-next v7 2/3] bpf: crypto: add skcipher to bpf crypto Vadim Fedorenko
2023-12-02  3:52   ` Herbert Xu
2023-12-03 20:00     ` Vadim Fedorenko
2023-12-02  1:06 ` [PATCH bpf-next v7 3/3] selftests: bpf: crypto skcipher algo selftests Vadim Fedorenko
2023-12-03 10:59   ` Simon Horman
2023-12-03 18:43     ` Vadim Fedorenko
2023-12-05  1:28   ` Martin KaFai Lau
2023-12-02  1:48 ` [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs Martin KaFai Lau
2023-12-03 19:02   ` Vadim Fedorenko
2023-12-04 23:08     ` Martin KaFai Lau
2023-12-03 10:57 ` Simon Horman [this message]
2023-12-03 19:08   ` Vadim Fedorenko
2023-12-05 20:19 ` kernel test robot
2023-12-05 21:15 ` kernel test robot
2023-12-06  5:56 ` Dan Carpenter
2023-12-07 12:14   ` Vadim Fedorenko
  -- strict thread matches above, loose matches on Subject: below --
2023-12-05 22:19 kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231203105748.GD50400@kernel.org \
    --to=horms@kernel.org \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=kuba@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mykolal@fb.com \
    --cc=netdev@vger.kernel.org \
    --cc=vadfed@meta.com \
    --cc=vadim.fedorenko@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.