Date: Mon, 13 Apr 2020 09:56:20 -0700 From: John Baldwin <jhb@FreeBSD.org> To: d@delphij.net, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r359374 - in head: . share/man/man4 share/man/man7 share/man/man9 sys/crypto/aesni sys/crypto/armv8 sys/crypto/blake2 sys/crypto/ccp sys/crypto/via sys/dev/cesa sys/dev/cxgbe sys/dev/cx... Message-ID: <36ec45df-1217-8709-61ec-9c335dee5736@FreeBSD.org> In-Reply-To: <9c343572-5bf6-7047-f435-8e3fcffa8f8e@delphij.net> References: <202003271825.02RIPOmR010857@repo.freebsd.org> <9c343572-5bf6-7047-f435-8e3fcffa8f8e@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/12/20 1:08 PM, Xin Li wrote: > > > On 3/27/20 11:25 AM, John Baldwin wrote: > [...]> - Drivers no longer register a list of supported algorithms. This >> doesn't quite work when you factor in modes (e.g. a driver might >> support both AES-CBC and SHA2-256-HMAC separately but not combined >> for ETA). Instead, a new 'crypto_probesession' method has been >> added to the kobj interface for symmteric crypto drivers. This >> method returns a negative value on success (similar to how >> device_probe works) and the crypto framework uses this value to pick >> the "best" driver. There are three constants for hardware >> (e.g. ccr), accelerated software (e.g. aesni), and plain software >> (cryptosoft) that give preference in that order. One effect of this >> is that if you request only hardware when creating a new session, >> you will no longer get a session using accelerated software. >> Another effect is that the default setting to disallow software >> crypto via /dev/crypto now disables accelerated software. > > For user-visible interface, it seems like we are essentially treating > "accelerated software" like AES-NI the same way of plain software. For > example, geom_eli would now say: > > GEOM_ELI: Encryption: AES-XTS 128 > GEOM_ELI: Crypto: software > > Instead of: > > GEOM_ELI: Encryption: AES-XTS 128 > GEOM_ELI: Crypto: hardware > > When AES-NI is used (which is because we only have two bits to represent > hardware and software, and have gave neither bits clear with its own > meaning (use specific driver)). > > If we are not going to add a new bit to represent accelerated software, > why are they categorized as software providers? Technically, all these > still requires hardware that implements the cryptographic primitives to > work, and it's much easier for system administrators if we expose the > fact that they are using some kind of acceleration than asking them to > run DTrace etc. to find out. Personally, I think it's probably better > to change the notion to either "accelerated" (by either hardware or > software) and "software"... The only case where this is visible is in fact GELI (there is no printf for IPsec or KTLS). For /dev/crypto using aesni.ko is a bug, not a feature, as any such software would be much better off using AES-NI in userland instead of round-tripping through the kernel. We could add a bit to appease the GELI printf, or we could just kill the GELI printf. I think a more useful approach would probably be to kill the GELI printf and instead add something less GELI-specific such as counters of active sessions for the various cryptographic drivers that would show which drivers are in use for any in-kernel crypto. This approach also lends itself to supporting a more flexible API where a single crypto session might be backed by multiple drivers where a binary hardware / software setting might not even make sense as you might have a mix. (I know of other out-of-tree crypto use cases that experimented with splitting in-kernel crypto workloads between an async co-processor and AES-NI.) Also, while AES-NI instructions are faster than plain C, they are still very much software rather than an engine like QAT or ccr(4). They run synchronously using host CPU cycles rather than async on a separate co-processor. This means that if you tweak the various geli sysctls for batching vs non-batching, etc. you need to make the same choices for both accelerated software and "plain" software vs possibly different choices for an async co-processor. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36ec45df-1217-8709-61ec-9c335dee5736>