From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ilya Lesokhin <ilyal@mellanox.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"sd@queasysnail.net" <sd@queasysnail.net>,
"Boris Pismenny" <borisp@mellanox.com>,
"davejwatson@fb.com" <davejwatson@fb.com>
Subject: Re: Using the aesni generic gcm(aes) aead in atomic context
Date: Tue, 31 Oct 2017 10:13:45 +0100 [thread overview]
Message-ID: <20171031091345.GF30509@secunet.com> (raw)
In-Reply-To: <20171031074438.GA26042@gondor.apana.org.au>
On Tue, Oct 31, 2017 at 03:44:38PM +0800, Herbert Xu wrote:
> On Tue, Oct 31, 2017 at 07:39:08AM +0000, Ilya Lesokhin wrote:
> >
> > I think we should consider having a synchronous implementation that falls back
> > to integer implementation when the FPU is not available.
> > This would spare the users from having to handle the asynchronous case.
> >
> > Hopefully the situation where the FPU is not available is rare enough
> > So it won't hurt the performance too much.
>
> For your intended use case I think async processing should work just
> fine as it does for IPsec.
I think Ilya talks about the case where the TLS crypto is intended
to be offloaded to a NIC. In this case we need a software crypto
fallback e.g. if a packet got rerouted to a device that does not
support crypto offloading. For IPsec, we catch these cases in
validate_xmit_skb() either with the ESP GSO handler, or in the non
GSO case with validate_xmit_xfrm(). We currently request for
a sync algorithm to avoid the async handling for this case.
Allowing for async crypto would require some way to handle
async returnes or the -EBUSY case from the crypto layer inside
of a qdisc. Also, in the GSO case it is not clear how to unwind
the GSO call stack on a async return.
I had a discussion with davem at the netfilter workshop about
this. Based on this discussion, I prepared some patches that
I hope to be (RFC) ready until the netdev2.2 next week.
next prev parent reply other threads:[~2017-10-31 9:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-30 15:18 Using the aesni generic gcm(aes) aead in atomic context Ilya Lesokhin
2017-10-31 4:10 ` Herbert Xu
2017-10-31 7:14 ` Ilya Lesokhin
2017-10-31 7:17 ` Herbert Xu
2017-10-31 7:23 ` Ilya Lesokhin
2017-10-31 7:32 ` Herbert Xu
2017-10-31 7:39 ` Ilya Lesokhin
2017-10-31 7:44 ` Herbert Xu
2017-10-31 7:58 ` Ilya Lesokhin
2017-10-31 9:13 ` Steffen Klassert [this message]
2017-10-31 9:41 ` Ilya Lesokhin
2017-11-01 9:21 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171031091345.GF30509@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=borisp@mellanox.com \
--cc=davejwatson@fb.com \
--cc=herbert@gondor.apana.org.au \
--cc=ilyal@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).