From owner-svn-src-head@freebsd.org Mon Apr 13 19:22:10 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 996CC2C6D77; Mon, 13 Apr 2020 19:22:10 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 491JQp0Vd4z44nS; Mon, 13 Apr 2020 19:22:09 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 03DJM34J099555 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 13 Apr 2020 12:22:03 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id 03DJM3qM099554; Mon, 13 Apr 2020 12:22:03 -0700 (PDT) (envelope-from jmg) Date: Mon, 13 Apr 2020 12:22:02 -0700 From: John-Mark Gurney To: John Baldwin Cc: d@delphij.net, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r359374 - in head: . share/man/man4 share/man/man7 share/man/man9 sys/crypto/aesni sys/crypto/armv8 sys/crypto/blake2 sys/crypto/ccp sys/crypto/via sys/dev/cesa sys/dev/cxgbe sys/dev/cx... Message-ID: <20200413192202.GQ4213@funkthat.com> Mail-Followup-To: John Baldwin , d@delphij.net, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <202003271825.02RIPOmR010857@repo.freebsd.org> <9c343572-5bf6-7047-f435-8e3fcffa8f8e@delphij.net> <36ec45df-1217-8709-61ec-9c335dee5736@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <36ec45df-1217-8709-61ec-9c335dee5736@FreeBSD.org> X-Operating-System: FreeBSD 11.3-STABLE amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Mon, 13 Apr 2020 12:22:03 -0700 (PDT) X-Rspamd-Queue-Id: 491JQp0Vd4z44nS X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2020 19:22:10 -0000 John Baldwin wrote this message on Mon, Apr 13, 2020 at 09:56 -0700: > On 4/12/20 1:08 PM, Xin Li wrote: > > > > > > On 3/27/20 11:25 AM, John Baldwin wrote: > > [...]> - Drivers no longer register a list of supported algorithms. This > >> doesn't quite work when you factor in modes (e.g. a driver might > >> support both AES-CBC and SHA2-256-HMAC separately but not combined > >> for ETA). Instead, a new 'crypto_probesession' method has been > >> added to the kobj interface for symmteric crypto drivers. This > >> method returns a negative value on success (similar to how > >> device_probe works) and the crypto framework uses this value to pick > >> the "best" driver. There are three constants for hardware > >> (e.g. ccr), accelerated software (e.g. aesni), and plain software > >> (cryptosoft) that give preference in that order. One effect of this > >> is that if you request only hardware when creating a new session, > >> you will no longer get a session using accelerated software. > >> Another effect is that the default setting to disallow software > >> crypto via /dev/crypto now disables accelerated software. > > > > For user-visible interface, it seems like we are essentially treating > > "accelerated software" like AES-NI the same way of plain software. For > > example, geom_eli would now say: > > > > GEOM_ELI: Encryption: AES-XTS 128 > > GEOM_ELI: Crypto: software > > > > Instead of: > > > > GEOM_ELI: Encryption: AES-XTS 128 > > GEOM_ELI: Crypto: hardware > > > > When AES-NI is used (which is because we only have two bits to represent > > hardware and software, and have gave neither bits clear with its own > > meaning (use specific driver)). > > > > If we are not going to add a new bit to represent accelerated software, > > why are they categorized as software providers? Technically, all these > > still requires hardware that implements the cryptographic primitives to > > work, and it's much easier for system administrators if we expose the > > fact that they are using some kind of acceleration than asking them to > > run DTrace etc. to find out. Personally, I think it's probably better > > to change the notion to either "accelerated" (by either hardware or > > software) and "software"... > > The only case where this is visible is in fact GELI (there is no printf > for IPsec or KTLS). For /dev/crypto using aesni.ko is a bug, not a > feature, as any such software would be much better off using AES-NI in > userland instead of round-tripping through the kernel. We could add a > bit to appease the GELI printf, or we could just kill the GELI > printf. I think a more useful approach would probably be to kill the > GELI printf and instead add something less GELI-specific such as > counters of active sessions for the various cryptographic drivers that > would show which drivers are in use for any in-kernel crypto. This > approach also lends itself to supporting a more flexible API where a > single crypto session might be backed by multiple drivers where a > binary hardware / software setting might not even make sense as you > might have a mix. (I know of other out-of-tree crypto use cases that > experimented with splitting in-kernel crypto workloads between an > async co-processor and AES-NI.) As long as there remains some what to warn the user that when they've mounted a geli volume that they're using slow crypto, I'm fine... We have done a bad job on doing the right thing, and I'm afraid that removing this print w/o doing something to address it will go from FreeBSD already not doing the right thing, but to not allowing the user to know that FreeBSD isn't doing the right thing. Even a simple print in the crypto driver when the processor supports AES-NI, but the aesni module isn't loaded would be useful.. Without the geli print, it's likely articles, like the recent Anandtech, will think FreeBSD's encrypted volumes are slow when it's just a failure for us to do the correct thing. I haven't looeked at the new code, but the resaon that aesni.ko was considered a hardware vs software device was that the existing crypto framework didn't have a well to tell the two apart, and it wasn't possible to select the aesni.ko routines over the software routines in a reliable manner. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."