Thread (33 messages) 33 messages, 5 authors, 2023-06-19

Re: [PATCH v7 01/22] net/tcp: Prepare tcp_md5sig_pool for TCP-AO

From: Steen Hegelund <steen.hegelund@microchip.com>
Date: 2023-06-15 10:46:04
Also in: lkml 

Hi Dmitry,

On Thu, 2023-06-15 at 00:09 +0100, Dmitry Safonov wrote:
EXTERNAL EMAIL: Do not click links or open attachments unless you know the
content is safe

TCP-AO, similarly to TCP-MD5, needs to allocate tfms on a slow-path,
which is setsockopt() and use crypto ahash requests on fast paths,
which are RX/TX softirqs. Also, it needs a temporary/scratch buffer
for preparing the hash.

Rework tcp_md5sig_pool in order to support other hashing algorithms
than MD5. It will make it possible to share pre-allocated crypto_ahash
descriptors and scratch area between all TCP hash users.

Internally tcp_sigpool calls crypto_clone_ahash() API over pre-allocated
crypto ahash tfm. Kudos to Herbert, who provided this new crypto API.

I was a little concerned over GFP_ATOMIC allocations of ahash and
crypto_request in RX/TX (see tcp_sigpool_start()), so I benchmarked both
"backends" with different algorithms, using patched version of iperf3[2].
On my laptop with i7-7600U @ 2.80GHz:
... snip ...

+/**
+ * tcp_sigpool_alloc_ahash - allocates pool for ahash requests
+ * @alg: name of async hash algorithm
+ * @scratch_size: reserve a tcp_sigpool::scratch buffer of this size
+ */
+int tcp_sigpool_alloc_ahash(const char *alg, size_t scratch_size)
+{
+       int i, ret;
+
+       /* slow-path */
+       mutex_lock(&cpool_mutex);
+       ret = sigpool_reserve_scratch(scratch_size);
+       if (ret)
+               goto out;
+       for (i = 0; i < cpool_populated; i++) {
+               if (!cpool[i].alg)
+                       continue;
+               if (strcmp(cpool[i].alg, alg))
+                       continue;
+
+               if (kref_read(&cpool[i].kref) > 0)
+                       kref_get(&cpool[i].kref);
+               else
+                       kref_init(&cpool[i].kref);
+               ret = i;
+               goto out;
+       }
Here it looks to me like you will never get to this part of the code since you
always end up going to the out label in the previous loop.

+
+       for (i = 0; i < cpool_populated; i++) {
+               if (!cpool[i].alg)
+                       break;
+       }
+       if (i >= CPOOL_SIZE) {
+               ret = -ENOSPC;
+               goto out;
+       }
+
+       ret = __cpool_alloc_ahash(&cpool[i], alg);
+       if (!ret) {
+               ret = i;
+               if (i == cpool_populated)
+                       cpool_populated++;
+       }
+out:
+       mutex_unlock(&cpool_mutex);
+       return ret;
+}
+EXPORT_SYMBOL_GPL(tcp_sigpool_alloc_ahash);
+
... snip ...


 clear_hash:
-       tcp_put_md5sig_pool();
-clear_hash_noput:
+       tcp_sigpool_end(&hp);
+clear_hash_nostart:
        memset(md5_hash, 0, 16);
        return 1;
 }
--
2.40.0

BR
Steen
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help