On Wed, Feb 15, 2023 at 06:33:15PM +0000, Dmitry Safonov wrote:

TCP-AO similarly to TCP-MD5 needs to allocate tfms on a slow-path, which
is setsockopt() and use crypto ahash requests on fast paths, which are
RX/TX softirqs. It as well needs a temporary/scratch buffer for
preparing the hashing request.

Extend tcp_md5sig_pool to support other hashing algorithms than MD5.
Move it in a separate file.

This patch was previously submitted as more generic crypto_pool [1],
but Herbert nacked making it generic crypto API. His view is that crypto
requests should be atomically allocated on fast-paths. So, in this
version I don't move this pool anywhere outside TCP, only extending it
for TCP-AO use-case. It can be converted once there will be per-request
hashing crypto keys.

[1]: https://lore.kernel.org/all/20230118214111.394416-1-dima@arista.com/T/#u (local)
Signed-off-by: Dmitry Safonov <redacted>
---
 include/net/tcp.h        |  48 ++++--
 net/ipv4/Kconfig         |   4 +
 net/ipv4/Makefile        |   1 +
 net/ipv4/tcp.c           | 103 +++---------
 net/ipv4/tcp_ipv4.c      |  97 +++++++-----
 net/ipv4/tcp_minisocks.c |  21 ++-
 net/ipv4/tcp_sigpool.c   | 333 +++++++++++++++++++++++++++++++++++++++
 net/ipv6/tcp_ipv6.c      |  58 +++----
 8 files changed, 493 insertions(+), 172 deletions(-)
 create mode 100644 net/ipv4/tcp_sigpool.c

Please wait for my per-request hash work before you resubmit this.
Once that's in place all you need is a single tfm for the whole
system.

As to request pools what exactly is the point of that? Just kmalloc
them on demand.

Cheers,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt