linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Haren Myneni <haren@linux.ibm.com>
Cc: mikey@neuling.org, npiggin@gmail.com, hch@infradead.org,
	linux-crypto@vger.kernel.org, sukadev@linux.vnet.ibm.com,
	linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH 08/10] crypto/NX: Add NX GZIP user space API
Date: Fri, 20 Dec 2019 15:41:56 +0800	[thread overview]
Message-ID: <20191220074156.pflm3ydpgaxtthhd@gondor.apana.org.au> (raw)
In-Reply-To: <1576745384.12797.37.camel@hbabu-laptop>

On Thu, Dec 19, 2019 at 12:49:44AM -0800, Haren Myneni wrote:
> 
> Virtual Accelerator Switchboard (VAS) can provide support different
> accelerators, Right now only NX is used, but possible to extend to
> others in future. Or different functionalities such as fast thread
> wakeup (VAS feature) with VAS windows. 
> 
> So looking common VAS API for any its accelerators. Need open a window /
> channel - open() and ioctl()) calls, and setup the communications with
> mapping address to NX (mmap()) and close the window. Then user space
> communicates to accelerator directly without kernel involvement.
> Specific drivers should set window attributes such as how many requests
> can be send at same time and etc. All other interfaces should be same
> for any accelerator. 
> 
> Also, since user space sends requests directly, should restrict
> malicious users to prevent overload NX (security issue). Allowing
> sysadmin to restrict /dev/crypto/nx-gzip usage. 

If you are going to place your driver through the Crypto API then
it needs to use the Crypto API interface for user-space access.
That interface is af_alg.

If this is not a good fit then I suggest that you move your API
elsewhere, perhaps to the powerpc tree where the user-space API can
then be properly reviewed.

It is not feasible to review your driver's user-space API through
the crypto tree.

> As you suggested, SW crypto API (af_alg) can be used just for NX
> compression like using API based on the accelerator functionalities. It
> is socket based API with AF_ALG socket family. But is there a way for
> sysadmin to restrict usage from user space? Need just few functions in
> struct proto. 

The af_alg interface does not operate in the manner that you
describe.  It is an interface that maps onto the underlying kernel
Crypto API operations.  We currently don't have an af_alg module
for compression, but if we did we would be closely following the
current kernel compression interface.

One key feature of af_alg is that it normally is agnostic to the
underlying implementation.  That is, even when the hardware is
absent it would seamlessly switch over to a software implementation.

I say normally because there can be exceptions, e.g., with paes
and hardware keys.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

  reply	other threads:[~2019-12-20  7:43 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-15 12:50 [PATCH 00/10] crypto/nx: Enable GZIP engine and provide userpace API Haren Myneni
2019-12-15 12:59 ` [PATCH 01/10] powerpc/vas: Define vas_win_paste_addr() Haren Myneni
2019-12-15 13:00 ` [PATCH 02/10] powerpc/vas: Initialize window attributes for GZIP compression Haren Myneni
2019-12-15 13:01 ` [PATCH 03/10] powerpc/vas: Define VAS_TX_WIN_OPEN ioctl API Haren Myneni
2019-12-15 13:02 ` [PATCH 04/10] crypto/nx: Initialize coproc entry with kzalloc Haren Myneni
2019-12-15 13:02 ` [PATCH 05/10] crypto/nx: Organize powernv 842 code to add new GZIP compression type Haren Myneni
2019-12-15 13:03 ` [PATCH 06/10] crypto/NX: Make code generic to add new GZIP compression Haren Myneni
2019-12-15 13:03 ` [PATCH 07/10] crypto/nx: Enable and setup GZIP compresstion type Haren Myneni
2019-12-15 13:05 ` [PATCH 08/10] crypto/NX: Add NX GZIP user space API Haren Myneni
2019-12-17  9:33   ` Herbert Xu
2019-12-19  8:49     ` Haren Myneni
2019-12-20  7:41       ` Herbert Xu [this message]
2019-12-15 13:05 ` [PATCH 09/10] powerpc/vas: Remove 'pid' in vas_tx_win_attr struct Haren Myneni
2019-12-15 13:06 ` [PATCH 10/10] Documentation/powerpc: VAS API Haren Myneni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191220074156.pflm3ydpgaxtthhd@gondor.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=haren@linux.ibm.com \
    --cc=hch@infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=mikey@neuling.org \
    --cc=npiggin@gmail.com \
    --cc=sukadev@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).