aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2021-02-08 14:19:19 +0000
committerMark Johnston <markj@FreeBSD.org>2021-02-08 14:19:19 +0000
commit68f6800ce05c386ff045b4416d8595d09c4d8fdd (patch)
tree3bbac508acda51d8f5677fbb894bc7c74f8a76e0 /sys/netipsec
parent7509b677b413b9551c15b483ec2ed9ce655d2455 (diff)
downloadsrc-68f6800ce05c386ff045b4416d8595d09c4d8fdd.tar.gz
src-68f6800ce05c386ff045b4416d8595d09c4d8fdd.zip
opencrypto: Introduce crypto_dispatch_async()
Currently, OpenCrypto consumers can request asynchronous dispatch by setting a flag in the cryptop. (Currently only IPSec may do this.) I think this is a bit confusing: we (conditionally) set cryptop flags to request async dispatch, and then crypto_dispatch() immediately examines those flags to see if the consumer wants async dispatch. The flag names are also confusing since they don't specify what "async" applies to: dispatch or completion. Add a new KPI, crypto_dispatch_async(), rather than encoding the requested dispatch type in each cryptop. crypto_dispatch_async() falls back to crypto_dispatch() if the session's driver provides asynchronous dispatch. Get rid of CRYPTOP_ASYNC() and CRYPTOP_ASYNC_KEEPORDER(). Similarly, add crypto_dispatch_batch() to request processing of a tailq of cryptops, rather than encoding the scheduling policy using cryptop flags. Convert GELI, the only user of this interface (disabled by default) to use the new interface. Add CRYPTO_SESS_SYNC(), which can be used by consumers to determine whether crypto requests will be dispatched synchronously. This is just a helper macro. Use it instead of looking at cap flags directly. Fix style in crypto_done(). Also get rid of CRYPTO_RETW_EMPTY() and just check the relevant queues directly. This could result in some unnecessary wakeups but I think it's very uncommon to be using more than one queue per worker in a given workload, so checking all three queues is a waste of cycles. Reviewed by: jhb Sponsored by: Ampere Computing Submitted by: Klara, Inc. MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D28194
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/xform_ah.c14
-rw-r--r--sys/netipsec/xform_esp.c14
2 files changed, 16 insertions, 12 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 5163bda86931..774f11a16c44 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -652,8 +652,6 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Crypto operation descriptor. */
crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST;
crp->crp_flags = CRYPTO_F_CBIFSYNC;
- if (V_async_crypto)
- crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crypto_use_mbuf(crp, m);
crp->crp_callback = ah_input_cb;
crp->crp_opaque = xd;
@@ -671,7 +669,10 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
xd->skip = skip;
xd->cryptoid = cryptoid;
xd->vnet = curvnet;
- return (crypto_dispatch(crp));
+ if (V_async_crypto)
+ return (crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED));
+ else
+ return (crypto_dispatch(crp));
bad:
m_freem(m);
key_freesav(&sav);
@@ -1036,8 +1037,6 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
/* Crypto operation descriptor. */
crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST;
crp->crp_flags = CRYPTO_F_CBIFSYNC;
- if (V_async_crypto)
- crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crypto_use_mbuf(crp, m);
crp->crp_callback = ah_output_cb;
crp->crp_opaque = xd;
@@ -1055,7 +1054,10 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
xd->cryptoid = cryptoid;
xd->vnet = curvnet;
- return crypto_dispatch(crp);
+ if (V_async_crypto)
+ return (crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED));
+ else
+ return (crypto_dispatch(crp));
bad:
if (m)
m_freem(m);
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index dc64dc732992..a7d5776e4da2 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -406,8 +406,6 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Crypto operation descriptor */
crp->crp_flags = CRYPTO_F_CBIFSYNC;
- if (V_async_crypto)
- crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crypto_use_mbuf(crp, m);
crp->crp_callback = esp_input_cb;
crp->crp_opaque = xd;
@@ -460,7 +458,10 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
} else if (sav->ivlen != 0)
crp->crp_iv_start = skip + hlen - sav->ivlen;
- return (crypto_dispatch(crp));
+ if (V_async_crypto)
+ return (crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED));
+ else
+ return (crypto_dispatch(crp));
crp_aad_fail:
free(xd, M_XDATA);
@@ -895,8 +896,6 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
/* Crypto operation descriptor. */
crp->crp_flags |= CRYPTO_F_CBIFSYNC;
- if (V_async_crypto)
- crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER;
crypto_use_mbuf(crp, m);
crp->crp_callback = esp_output_cb;
crp->crp_opaque = xd;
@@ -944,7 +943,10 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_digest_start = m->m_pkthdr.len - alen;
}
- return crypto_dispatch(crp);
+ if (V_async_crypto)
+ return (crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED));
+ else
+ return (crypto_dispatch(crp));
crp_aad_fail:
free(xd, M_XDATA);