Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 May 2010 17:30:19 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Kostik Belousov <kostikbel@gmail.com>
Cc:        freebsd-current@freebsd.org, freebsd-amd64@freebsd.org
Subject:   Re: AESNI driver and fpu_kern KPI
Message-ID:  <20100518153019.GA1699@garage.freebsd.pl>
In-Reply-To: <20100515100401.GT83316@deviant.kiev.zoral.com.ua>
References:  <20100515100401.GT83316@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 

--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote:
> Hello,
>=20
> please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the
> combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9)
> driver.  I did development and some testing on the hardware generously
> provided by Sentex Communications to Netperf cluster.

Nice work. Few comments:

- Could you modify this chunk in padlock.c:

+               td =3D curthread;
+               error =3D fpu_kern_enter(td, &ses->ses_fpu_ctx);
+               if (error !=3D 0)
+                       goto out;
                error =3D padlock_hash_setup(ses, macini);
+               fpu_kern_leave(td, &ses->ses_fpu_ctx);
+       out:

  To something without goto, eg.:

		td =3D curthread;
		error =3D fpu_kern_enter(td, &ses->ses_fpu_ctx);
		if (error =3D=3D 0) {
			error =3D padlock_hash_setup(ses, macini);
			fpu_kern_leave(td, &ses->ses_fpu_ctx);
		}

- I see that in sys/dev/random/nehemiah.c you don't check for return
  value of fpu_kern_enter(). That's the only place where you ignore it.
  Is that intended?

- Unfortunately the driver in its current version can't be used with
  IPsec and with GELI where authentication is enabled. This is because
  the driver doesn't support sessions where both encryption and
  authentication is defined. Do you have plans to change it?
  I saw that you based crypto(9) bits on padlock, which does support
  sessions with authentication by calculating hashes in software.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEARECAAYFAkvysooACgkQForvXbEpPzRgIACgmBAAtggqwnb21MTpF1dI+cAB
kawAn17T+DC1JxoO+ECEHnXXGEWnbfiI
=iy9u
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100518153019.GA1699>