• Vakul Garg's avatar
    net/tls: Add support for async decryption of tls records · 94524d8f
    Vakul Garg authored
    When tls records are decrypted using asynchronous acclerators such as
    NXP CAAM engine, the crypto apis return -EINPROGRESS. Presently, on
    getting -EINPROGRESS, the tls record processing stops till the time the
    crypto accelerator finishes off and returns the result. This incurs a
    context switch and is not an efficient way of accessing the crypto
    accelerators. Crypto accelerators work efficient when they are queued
    with multiple crypto jobs without having to wait for the previous ones
    to complete.
    
    The patch submits multiple crypto requests without having to wait for
    for previous ones to complete. This has been implemented for records
    which are decrypted in zero-copy mode. At the end of recvmsg(), we wait
    for all the asynchronous decryption requests to complete.
    
    The references to records which have been sent for async decryption are
    dropped. For cases where record decryption is not possible in zero-copy
    mode, asynchronous decryption is not used and we wait for decryption
    crypto api to complete.
    
    For crypto requests executing in async fashion, the memory for
    aead_request, sglists and skb etc is freed from the decryption
    completion handler. The decryption completion handler wakesup the
    sleeping user context when recvmsg() flags that it has done sending
    all the decryption requests and there are no more decryption requests
    pending to be completed.
    Signed-off-by: default avatarVakul Garg <vakul.garg@nxp.com>
    Reviewed-by: default avatarDave Watson <davejwatson@fb.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    94524d8f
tls.h 13.1 KB