From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 10 22:34:46 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93ABC1065676; Wed, 10 Dec 2008 22:34:46 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id 54B1E8FC0C; Wed, 10 Dec 2008 22:34:46 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (unknown [79.87.10.246]) by smtp.lamaiziere.net (Postfix) with ESMTPA id E114F63366E; Wed, 10 Dec 2008 23:34:44 +0100 (CET) Received: from baby-jane (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id BE37E676D35; Wed, 10 Dec 2008 23:34:43 +0100 (CET) Date: Wed, 10 Dec 2008 23:34:40 +0100 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: Philip Paeps Message-ID: <20081210233440.41bd1c47@baby-jane> In-Reply-To: <20081208202155.GA7403@detritus.paeps.cx> References: <20081207224551.13ca3590@baby-jane> <20081208202155.GA7403@detritus.paeps.cx> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-apple-darwin9.3.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Cc: freebsd-hackers@freebsd.org Subject: Re: crypto(9) choose another driver if we cannot open a session on it X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 22:34:46 -0000 Le Mon, 8 Dec 2008 21:21:55 +0100, Philip Paeps a écrit : Hello, > On 2008-12-07 22:45:51 (+0100), Patrick Lamaizière > wrote: > > I wrote a small patch to allow the crypto framework to choose > > another cryptographic driver if we cannot open a session on the > > driver. > > Very cool. :-) I've been hacking on this too, mainly to get rid of > the code duplication that currently exists. Which code exactly? Yes I'm curious :-) I'm thinking about how to remove the need for a device to support all the algorithms when we open a session. By using a fake "crypto virtual device" to open and dispatch crypto requests to real devices or to cryptosoft. But i don't have any code to show yet. There is one thing I'm asking about crypto(9): - I doubt that the migration of a session is safe and I think that would be far easier to prevent a driver to unregister when there are some pending sessions on it? glxsb and padlock do not allow to unregister in this case. I've looked quickly the code of geli or ipsec. If the crypto framework returns EAGAIN because the migration of the session, they restart a crypto_dispatch(crp) but the datas in crp->crp_buf can be corrupted by the previous crypto operation (IMHO, may be i've missed something)? Thanks, regards.