Date: Tue, 18 May 2010 21:41:32 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-current@FreeBSD.org, freebsd-amd64@FreeBSD.org Subject: Re: AESNI driver and fpu_kern KPI Message-ID: <20100518184132.GA83316@deviant.kiev.zoral.com.ua> In-Reply-To: <20100518153019.GA1699@garage.freebsd.pl> References: <20100515100401.GT83316@deviant.kiev.zoral.com.ua> <20100518153019.GA1699@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--OqXX2KyyhehiiWxy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 18, 2010 at 05:30:19PM +0200, Pawel Jakub Dawidek wrote: > On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote: > > Hello, > >=20 > > please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the > > combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9) > > driver. I did development and some testing on the hardware generously > > provided by Sentex Communications to Netperf cluster. >=20 > Nice work. Few comments: >=20 > - Could you modify this chunk in padlock.c: >=20 > + td =3D curthread; > + error =3D fpu_kern_enter(td, &ses->ses_fpu_ctx); > + if (error !=3D 0) > + goto out; > error =3D padlock_hash_setup(ses, macini); > + fpu_kern_leave(td, &ses->ses_fpu_ctx); > + out: >=20 > To something without goto, eg.: >=20 > td =3D curthread; > error =3D fpu_kern_enter(td, &ses->ses_fpu_ctx); > if (error =3D=3D 0) { > error =3D padlock_hash_setup(ses, macini); > fpu_kern_leave(td, &ses->ses_fpu_ctx); > } Done. >=20 > - I see that in sys/dev/random/nehemiah.c you don't check for return > value of fpu_kern_enter(). That's the only place where you ignore it. > Is that intended? No, thank you, fixed. >=20 > - Unfortunately the driver in its current version can't be used with > IPsec and with GELI where authentication is enabled. This is because > the driver doesn't support sessions where both encryption and > authentication is defined. Do you have plans to change it? > I saw that you based crypto(9) bits on padlock, which does support > sessions with authentication by calculating hashes in software. My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an opportunity to test the KPI in real application. I may consider adding software-implemented authentification sometime later. I would not object if anybody do this instead of me. Since you are there, I want to confirm that you do not have objections against your copyright left in aesni.c. The file was copied from padlock.c and I felt that removing the copyright is wrong. Updated patch, that also includes some other changes, mainly additions to fpu_kern() KPI, that were discussed/requested by Fabien Thomas, is at http://people.freebsd.org/~kib/misc/aesni.2.patch. Thank you for your comments. --OqXX2KyyhehiiWxy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkvy31sACgkQC3+MBN1Mb4jaMQCfQ1jDeLLMjEjS+0Be/3uJtFqA Jr8AoK+qxE2ou8m96ZvW/AXpc58hY932 =mX/Y -----END PGP SIGNATURE----- --OqXX2KyyhehiiWxy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100518184132.GA83316>