From patchwork Wed Jan 18 21:41:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 4204 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2576727wrn; Wed, 18 Jan 2023 13:42:01 -0800 (PST) X-Google-Smtp-Source: AMrXdXuplDZ5TGPjztRNYHPYb4r7IK0iZReawL7EmUo3MPiQ3nNcX1uP1td70Q+ftO0Mo/btmbD4 X-Received: by 2002:a17:907:8744:b0:7c1:435c:d777 with SMTP id qo4-20020a170907874400b007c1435cd777mr9293186ejc.9.1674078121506; Wed, 18 Jan 2023 13:42:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674078121; cv=none; d=google.com; s=arc-20160816; b=uPk9ezZY/8jDjJ4YoMbocVn71zLxkCYJw0URCOnDLc6Zlq0OQaL/gmQMJpjoVOFZLl djMTPxtLZsD378PPzxfs2cMLgTnYPz8HBADMplVuazrCqyezjMD+hDKZhC+xqyV306jK YbwgkG+KindcAL0Hd52jnCJNc/zT53ZEG7VCm+DuKbzJ6UxIDCedyTMyvERhtiLYhSWl vWh2C770seIbycvO23qWT4s6i0XVp0hVHN5Z1issNt6CmyJEHshxjHmQjcSIq0S8ojUP a0TIANMwKN98klPocAA9lyIphgh10g1w0UkkSqB1H6K+5zWRCCyUubEiiIBl8KO/ZPmK 5sOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=8B1gvUeo570UTBfHDYlb1KlevQwv4wbaPwDQDlDx8dY=; b=atloaS2QHxp49tbw13JYbyvCAsAgRix6iKnncHoQsuyhQ/3F6WdjcNQCPKCTw6FXhR xsqe4EJ32eg0xJ7sEDkYwaNfWSfhg9uulmNdULzrJ5j56nElmKzGUzBtKd5fYTTCdLXt GXv7CkYY1uwJOE/w7DVVBK6e3wvkreIY4vLpy4++hgbF+KaWwE+/sMOJdZvjsN39IJ5V VTmoPoxuQo3lyI5vxeqzH4LjMSGfwdoFWO9qsjPSz8Wg/xDhFgG/RENfK3t/HIToHyLu wUs5Id7XtYkrKsVTy80warRTXEKYuOaMHY7KPCq35Yoj5z0+t9jFccHWV631vcSxOWNr WKXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=g8Lag3oj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ne29-20020a1709077b9d00b0086bd195adc0si19952081ejc.66.2023.01.18.13.41.38; Wed, 18 Jan 2023 13:42:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=g8Lag3oj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231183AbjARVlY (ORCPT + 99 others); Wed, 18 Jan 2023 16:41:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231165AbjARVlW (ORCPT ); Wed, 18 Jan 2023 16:41:22 -0500 Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5502EC65 for ; Wed, 18 Jan 2023 13:41:20 -0800 (PST) Received: by mail-wr1-x42e.google.com with SMTP id n7so6343wrx.5 for ; Wed, 18 Jan 2023 13:41:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8B1gvUeo570UTBfHDYlb1KlevQwv4wbaPwDQDlDx8dY=; b=g8Lag3ojyoFeBI0q8Mv3nS97JMmd2Tv3gcfIoYkWcbZKkjcYGMHM0P0EBnF1qTuX8g dL3nrjPjDzsCutcXFyqoYC/JIWGITou37Nlw2mXrUfINkflEuwWWVXWLKiku98WF8dZv XxnobcCtMd2NwQdWCeRnMBDQSL+ISz9p43TPRo5bT9qdxw3e7DETL4cC2x5MQts9VzYj lvhSgfq3fixcJEMMR7v7AsuBbwNpPmlv9GCXeIJwRDfvgeD5vbe4MvgwYa+dCqnVQ87N oUjK5dzyjtDg4EdTjvItymF1Yyqz9tFdGSXFBF7GNA7QdmYhzFnOJ8sMO/bo/1hJY3vp HqhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8B1gvUeo570UTBfHDYlb1KlevQwv4wbaPwDQDlDx8dY=; b=zB+eh51iThLgWYIw0Umj1PnkL5fBWsgXWob1D2p82o8uktBmuJaP0JDMWFmsn50GYY GQAgAE2nN9CeAmxpTXcyMvEQxukLigxQGlsXqaysHpqeinDdQTnMCcTaNCVx49FFvNDW ZOcNPdYqm9zNuujrGAkJnaBCrr5JOYIOE2gciC7p908GzfBjkTUd5EjXSUzd2vqRU+xE AOXKvUf0sSDg6Egzm505GjhqJJVJmN2KkI0jmsB1N12A1mA/vMeA/ksL5hRCS2S/5B3C UTjeD/u0vpBGASAHlu+G2aDt2shELgc2sMLUkaEGLvL5lYv8FgXETX1aG76BJ0mqz4kN YAww== X-Gm-Message-State: AFqh2kqLwNPehePf/en2pBMnKXqtYZMZ8n5jNerQXNIwVyqm6cqArMQV stswgf04ibuVr65qy77FEgMdVI9hXexNJdcA X-Received: by 2002:adf:e88f:0:b0:2bd:f388:841c with SMTP id d15-20020adfe88f000000b002bdf388841cmr7637022wrm.42.1674078078945; Wed, 18 Jan 2023 13:41:18 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m5-20020a056000024500b00267bcb1bbe5sm33186349wrz.56.2023.01.18.13.41.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 13:41:18 -0800 (PST) From: Dmitry Safonov To: linux-kernel@vger.kernel.org, David Ahern , Eric Dumazet , Herbert Xu , Jakub Kicinski , "David S. Miller" Cc: Dmitry Safonov , Andy Lutomirski , Bob Gilligan , Dmitry Safonov <0x7f454c46@gmail.com>, Hideaki YOSHIFUJI , Leonard Crestez , Paolo Abeni , Salam Noureddine , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v4 0/4] net/crypto: Introduce crypto_pool Date: Wed, 18 Jan 2023 21:41:07 +0000 Message-Id: <20230118214111.394416-1-dima@arista.com> X-Mailer: git-send-email 2.39.0 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755398140475211425?= X-GMAIL-MSGID: =?utf-8?q?1755398140475211425?= Changes since v3 [6]: - Cleanup seg6_hmac_init() and seg6_hmac_exit() declaration/usage left-overs (reported by Jakub) - Remove max(size, __scratch_size) from crypto_pool_reserve_scratch() Changes since v2 [5]: - Fix incorrect rebase of v2: tcp_md5_add_crypto_pool() was called on twsk creation even for sockets without TCP-MD5 key - Documentation title underline length (Reported-by: kernel test robot ) - Migrate crypto_pool_scratch to __rcu, using rcu_dereference*() and rcu_replace_pointer(). As well, I changed local_bh_{en,dis}able() to rcu_read_{,un}lock_bh(). (Addressing Jakub's review) - Correct Documentation/ to use proper kerneldoc style, include it in toc/tree and editor notes (from Jakub's comments) - Avoid cast in crypto_pool_get() (Jakub's review) - Select CRYPTO in Kconfig, not only CRYPTO_POOL (Jakub's reivew) - Remove free_batch[] with synchronize_rcu() in favor of a struct with a flexible array inside + call_rcu() (suggested by Jakub) - Change scratch `size` argument type from (unsigned long) to (size_t) for consistency - Combined crypto_pool_alloc_ahash() and crypto_pool_reserve_scratch(), now the scratch area size is supplied on crypto_pool allocation (suggested by Jakub) - Removed CONFIG_CRYPTO_POOL_DEFAULT_SCRATCH_SIZE - CRYPTO_POOL now is a hidden symbol (Jakub's review) - Simplified __cpool_alloc_ahash() error-paths, adding local variables (suggested by Jakub) - Resurrect a pool waiting to be destroyed if possible (Jakub's review) - Rename _get() => _start(), _put() => _end(), _add() => _get() (suggested by Jakub) Changes since v1 [1]: - Patches went through 3 iterations inside bigger TCP-AO patch set [2], now I'm splitting it apart and sending it once again as a stand-alone patch set to help reviewing it and make it easier to merge. It is second part of that big series, once it merges the next part will be TCP changes to add Authentication Option support (RFC5925), that use API provided by these patches. - Corrected kerneldoc-style comment near crypto_pool_reserve_scratch() (Reported-By: kernel test robot ) - Added short Documentation/ page for crypto_pool API Add crypto_pool - an API for allocating per-CPU array of crypto requests on slow-path (in sleep'able contexts) and for using them on a fast-path, which is RX/TX for net/* users. The design is based on the current implementations of md5sig_pool, which this patch set makes generic by separating it from TCP core, moving it to crypto/ and adding support for other hashing algorithms than MD5. It makes a generic implementation for a common net/ pattern. The initial motivation to have this API is TCP-AO, that's going to use the very same pattern as TCP-MD5, but for multiple hashing algorithms. Previously, I've suggested to add such API on TCP-AO patch submission [3], where Herbert kindly suggested to help with introducing new crypto API. See also discussion and motivation in crypto_pool-v1 [4]. The API will allow: - to reuse per-CPU ahash_request(s) for different users - to allocate only one per-CPU scratch buffer rather than a new one for each user - to have a common API for net/ users that need ahash on RX/TX fast path In this version I've wired up TCP-MD5 and IPv6-SR-HMAC as users. Potentially, xfrm_ipcomp and xfrm_ah can be converted as well. The initial reason for patches would be to have TCP-AO as a user, which would let it share per-CPU crypto_request for any supported hashing algorithm. [1]: https://lore.kernel.org/all/20220726201600.1715505-1-dima@arista.com/ [2]: https://lore.kernel.org/all/20221027204347.529913-1-dima@arista.com/T/#u [3]: http://lkml.kernel.org/r/20211106034334.GA18577@gondor.apana.org.au [4]: https://lore.kernel.org/all/26d5955b-3807-a015-d259-ccc262f665c2@arista.com/T/#u [5]: https://lore.kernel.org/all/20230103184257.118069-1-dima@arista.com/ [6]: https://lore.kernel.org/all/20230116201458.104260-1-dima@arista.com/T/#u Cc: Andy Lutomirski Cc: Bob Gilligan Cc: David Ahern Cc: "David S. Miller" Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Eric Dumazet Cc: Herbert Xu Cc: Hideaki YOSHIFUJI Cc: Jakub Kicinski Cc: Leonard Crestez Cc: Paolo Abeni Cc: Salam Noureddine Cc: netdev@vger.kernel.org Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Dmitry Safonov (4): crypto: Introduce crypto_pool crypto/net/tcp: Use crypto_pool for TCP-MD5 crypto/net/ipv6: sr: Switch to using crypto_pool crypto/Documentation: Add crypto_pool kernel API Documentation/crypto/crypto_pool.rst | 36 +++ Documentation/crypto/index.rst | 1 + crypto/Kconfig | 3 + crypto/Makefile | 1 + crypto/crypto_pool.c | 333 +++++++++++++++++++++++++++ include/crypto/pool.h | 46 ++++ include/net/seg6_hmac.h | 9 - include/net/tcp.h | 24 +- net/ipv4/Kconfig | 1 + net/ipv4/tcp.c | 104 ++------- net/ipv4/tcp_ipv4.c | 100 ++++---- net/ipv4/tcp_minisocks.c | 21 +- net/ipv6/Kconfig | 1 + net/ipv6/seg6.c | 14 +- net/ipv6/seg6_hmac.c | 207 +++++++---------- net/ipv6/tcp_ipv6.c | 61 +++-- 16 files changed, 636 insertions(+), 326 deletions(-) create mode 100644 Documentation/crypto/crypto_pool.rst create mode 100644 crypto/crypto_pool.c create mode 100644 include/crypto/pool.h base-commit: c1649ec55708ae42091a2f1bca1ab49ecd722d55