RE: OCF or Acrypto for IPSec and dm-crypt

2005-09-05 Thread Ronen Shitrit 
 Hi

YES (like in OCF and in the current cryptoAPI)

Sounds good to me,

When is this Async Crypto API, going to be ready??
Since I'm planning to take a full month vacation, by the end of this
week,
and if by the time I will be back, this Async Crypto APIs will be ready,
and
_part_of_the_mainline_, then I will need to re-evaluate my decision for
going with 
the OCF, since the big guys here likes to go with the mainline.

Regards

Ronen Shitrit 
Marvell Semiconductor Israel Ltd

-Original Message-
From: Herbert Xu [mailto:[EMAIL PROTECTED] 
Sent: Monday, September 05, 2005 5:39 AM
To: Ronen Shitrit
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
linux-crypto@vger.kernel.org
Subject: Re: OCF or Acrypto for IPSec and dm-crypt

Ronen Shitrit [EMAIL PROTECTED] wrote:
 
 I think, Correct me if I'm wrong,
 What you described below, is 1 session with few operations (using the 
 routing feature of the acrypto), but once the session/set of 
 operations are done, then the session is closed.

I see.  You want the session to last through the lifetime of an IPsec
SA, right?  

Well the good news is that the Async Crypto API that I'm working on will
do exactly that.  The session is identified with the existing crypto_tfm
object which is tied to each IPsec SA (for IPsec that is).

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page:
http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [ACRYPTO] dm-crypt ported to acrypto.

2005-09-05 Thread Ronen Shitrit 
 
Hi

I already tried the solution you suggest below, it works fine but then
we only handle one request at a time, and the
performance doesn't look good.
I also noticed that if I allow to insert up to a specific limit of
pending requests lets say 10, then the driver acts fine,
and the performance seems better.
But If I let the limit to get to more then 100 pending requests, then I
get memory corruption probably cause of some overrun.

I'm not sure if any pending requests is allowed at all, I will need to
investigate it more.

Regards
Ronen Shitrit 
Marvell Semiconductor Israel Ltd

-Original Message-
From: Evgeniy Polyakov [mailto:[EMAIL PROTECTED] 
Sent: Sunday, September 04, 2005 11:52 PM
To: Ronen Shitrit
Cc: [EMAIL PROTECTED]; linux-crypto@vger.kernel.org
Subject: Re: [ACRYPTO] dm-crypt ported to acrypto.

On Sun, Sep 04, 2005 at 11:27:24PM +0300, Ronen Shitrit
([EMAIL PROTECTED]) wrote:
  Hi
 
 I already ported this patch to the OCF, and I'm using it over the OCF.
 I also don't see any issue with small partitions??
 
 The crypt_convert API is called from 2 different places in the code:
 1. For read requests through the kcrypt_do_work working Q, called from

 bi_end_io of the crypt_clone.
 2. For Write requests through the crypt_clone directly.

Ok, I see now.
Such schema was probably created to eliminate problem with buffer cache,
when it is accessed from kernel itself and should not have encrypted
data, but when it's data is wrtten to disk itself, BIOs should be
already encrypted.

 In my recent version of the patch:
  I implemented a callback for read, which update the pending counter, 
 and callback for write  Which doesn't update it.
  And in the crypt_convert I update the pending counter only if it's a 
 read operation.
 
 By doing this I'm making sure that only one read request will be 
 handled at a time and the pending counter Will be updated correctly 
 for the read requests.
 
 Now, I still see that I'm getting few writing requests inside the 
 Acrypto Q at the same time.
 I think it is not OK  since currently the patch is not handling 
 buffers correctly for this case: the write task Believe that the write

 was done, and it frees the buffers. (If I understood it correctly) ???

I think the best solution is just to put waiting for dm_async_pending to
become zero into crypt_convert().
Patch attached.
I will setup large partition tomorrow and send my results with it.

Thank you for catching this.

 
 I will send a patch, once the dm_crypt will be stable with the OCF.
 
 Ronen Shitrit
 Marvell Semiconductor Israel Ltd

-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html