AESNI driver and fpu_kern KPI
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue May 18 15:55:40 UTC 2010
On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote:
> Hello,
>
> please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the
> combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9)
> driver. I did development and some testing on the hardware generously
> provided by Sentex Communications to Netperf cluster.
Nice work. Few comments:
- Could you modify this chunk in padlock.c:
+ td = curthread;
+ error = fpu_kern_enter(td, &ses->ses_fpu_ctx);
+ if (error != 0)
+ goto out;
error = padlock_hash_setup(ses, macini);
+ fpu_kern_leave(td, &ses->ses_fpu_ctx);
+ out:
To something without goto, eg.:
td = curthread;
error = fpu_kern_enter(td, &ses->ses_fpu_ctx);
if (error == 0) {
error = padlock_hash_setup(ses, macini);
fpu_kern_leave(td, &ses->ses_fpu_ctx);
}
- I see that in sys/dev/random/nehemiah.c you don't check for return
value of fpu_kern_enter(). That's the only place where you ignore it.
Is that intended?
- Unfortunately the driver in its current version can't be used with
IPsec and with GELI where authentication is enabled. This is because
the driver doesn't support sessions where both encryption and
authentication is defined. Do you have plans to change it?
I saw that you based crypto(9) bits on padlock, which does support
sessions with authentication by calculating hashes in software.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-amd64/attachments/20100518/d6d3d3bf/attachment.pgp
More information about the freebsd-amd64
mailing list