Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Juha Yrjola <juha.yrjola@nokia.com>

Juha Yrjola <juha.yrjola@solidboot.com>

Julien Thierry <julien.thierry.kdev@gmail.com> <julien.thierry@arm.com>

Kamil Konieczny <k.konieczny@samsung.com> <k.konieczny@partner.samsung.com>

Kay Sievers <kay.sievers@vrfy.org>

Kenneth W Chen <kenneth.w.chen@intel.com>

Konstantin Khlebnikov <koct9i@gmail.com> <k.khlebnikov@samsung.com>

   ../RCU/index

   gcc-plugins

   symbol-namespaces

   padata

Interfaces for kernel debugging

.. SPDX-License-Identifier: GPL-2.0

=======================================

The padata parallel execution mechanism

=======================================

:Last updated: for 2.6.36

:Date: December 2019

Padata is a mechanism by which the kernel can farm jobs out to be done in

parallel on multiple CPUs while retaining their ordering.  It was developed for

use with the IPsec code, which needs to be able to perform encryption and

decryption on large numbers of packets without reordering those packets.  The

crypto developers made a point of writing padata in a sufficiently general

fashion that it could be put to other uses as well.

Usage

=====

Padata is a mechanism by which the kernel can farm work out to be done in

parallel on multiple CPUs while retaining the ordering of tasks.  It was

developed for use with the IPsec code, which needs to be able to perform

encryption and decryption on large numbers of packets without reordering

those packets.  The crypto developers made a point of writing padata in a

sufficiently general fashion that it could be put to other uses as well.

Initializing

------------

The first step in using padata is to set up a padata_instance structure for

overall control of how tasks are to be run::

overall control of how jobs are to be run::

    #include <linux/padata.h>

    struct padata_instance *padata_alloc(const char *name,

					 const struct cpumask *pcpumask,

					 const struct cpumask *cbcpumask);

    struct padata_instance *padata_alloc_possible(const char *name);

'name' simply identifies the instance.

The pcpumask describes which processors will be used to execute work

submitted to this instance in parallel. The cbcpumask defines which

processors are allowed to be used as the serialization callback processor.

The workqueue wq is where the work will actually be done; it should be

a multithreaded queue, naturally.

To allocate a padata instance with the cpu_possible_mask for both

cpumasks this helper function can be used::

    struct padata_instance *padata_alloc_possible(struct workqueue_struct *wq);

Note: Padata maintains two kinds of cpumasks internally. The user supplied

cpumasks, submitted by padata_alloc/padata_alloc_possible and the 'usable'

cpumasks. The usable cpumasks are always a subset of active CPUs in the

user supplied cpumasks; these are the cpumasks padata actually uses. So

it is legal to supply a cpumask to padata that contains offline CPUs.

Once an offline CPU in the user supplied cpumask comes online, padata

is going to use it.

There are functions for enabling and disabling the instance::

    int padata_start(struct padata_instance *pinst);

    void padata_stop(struct padata_instance *pinst);

These functions are setting or clearing the "PADATA_INIT" flag;

if that flag is not set, other functions will refuse to work.

padata_start returns zero on success (flag set) or -EINVAL if the

padata cpumask contains no active CPU (flag not set).

padata_stop clears the flag and blocks until the padata instance

is unused.

These functions are setting or clearing the "PADATA_INIT" flag; if that flag is

not set, other functions will refuse to work.  padata_start() returns zero on

success (flag set) or -EINVAL if the padata cpumask contains no active CPU

(flag not set).  padata_stop() clears the flag and blocks until the padata

instance is unused.

The list of CPUs to be used can be adjusted with these functions::

Finally, complete padata initialization by allocating a padata_shell::

    int padata_set_cpumasks(struct padata_instance *pinst,

			    cpumask_var_t pcpumask,

			    cpumask_var_t cbcpumask);

    int padata_set_cpumask(struct padata_instance *pinst, int cpumask_type,

			   cpumask_var_t cpumask);

    int padata_add_cpu(struct padata_instance *pinst, int cpu, int mask);

    int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask);

   struct padata_shell *padata_alloc_shell(struct padata_instance *pinst);

Changing the CPU masks are expensive operations, though, so it should not be

done with great frequency.

A padata_shell is used to submit a job to padata and allows a series of such

jobs to be serialized independently.  A padata_instance may have one or more

padata_shells associated with it, each allowing a separate series of jobs.

It's possible to change both cpumasks of a padata instance with

padata_set_cpumasks by specifying the cpumasks for parallel execution (pcpumask)

and for the serial callback function (cbcpumask). padata_set_cpumask is used to

change just one of the cpumasks. Here cpumask_type is one of PADATA_CPU_SERIAL,

PADATA_CPU_PARALLEL and cpumask specifies the new cpumask to use.

To simply add or remove one CPU from a certain cpumask the functions

padata_add_cpu/padata_remove_cpu are used. cpu specifies the CPU to add or

remove and mask is one of PADATA_CPU_SERIAL, PADATA_CPU_PARALLEL.

Modifying cpumasks

------------------

If a user is interested in padata cpumask changes, he can register to

the padata cpumask change notifier::

The CPUs used to run jobs can be changed in two ways, programatically with

padata_set_cpumask() or via sysfs.  The former is defined::

    int padata_register_cpumask_notifier(struct padata_instance *pinst,

					 struct notifier_block *nblock);

    int padata_set_cpumask(struct padata_instance *pinst, int cpumask_type,

			   cpumask_var_t cpumask);

To unregister from that notifier::

Here cpumask_type is one of PADATA_CPU_PARALLEL or PADATA_CPU_SERIAL, where a

parallel cpumask describes which processors will be used to execute jobs

submitted to this instance in parallel and a serial cpumask defines which

processors are allowed to be used as the serialization callback processor.

cpumask specifies the new cpumask to use.

    int padata_unregister_cpumask_notifier(struct padata_instance *pinst,

					   struct notifier_block *nblock);

There may be sysfs files for an instance's cpumasks.  For example, pcrypt's

live in /sys/kernel/pcrypt/<instance-name>.  Within an instance's directory

there are two files, parallel_cpumask and serial_cpumask, and either cpumask

may be changed by echoing a bitmask into the file, for example::

The padata cpumask change notifier notifies about changes of the usable

cpumasks, i.e. the subset of active CPUs in the user supplied cpumask.

    echo f > /sys/kernel/pcrypt/pencrypt/parallel_cpumask

Padata calls the notifier chain with::

Reading one of these files shows the user-supplied cpumask, which may be

different from the 'usable' cpumask.

    blocking_notifier_call_chain(&pinst->cpumask_change_notifier,

				 notification_mask,

				 &pd_new->cpumask);

Padata maintains two pairs of cpumasks internally, the user-supplied cpumasks

and the 'usable' cpumasks.  (Each pair consists of a parallel and a serial

cpumask.)  The user-supplied cpumasks default to all possible CPUs on instance

allocation and may be changed as above.  The usable cpumasks are always a

subset of the user-supplied cpumasks and contain only the online CPUs in the

user-supplied masks; these are the cpumasks padata actually uses.  So it is

legal to supply a cpumask to padata that contains offline CPUs.  Once an

offline CPU in the user-supplied cpumask comes online, padata is going to use

it.

Here cpumask_change_notifier is registered notifier, notification_mask

is one of PADATA_CPU_SERIAL, PADATA_CPU_PARALLEL and cpumask is a pointer

to a struct padata_cpumask that contains the new cpumask information.

Changing the CPU masks are expensive operations, so it should not be done with

great frequency.

Running A Job

-------------

Actually submitting work to the padata instance requires the creation of a

padata_priv structure::

padata_priv structure, which represents one job::

    struct padata_priv {

        /* Other stuff here... */

be called in the process of getting the work done as we will see

momentarily.

The submission of work is done with::

The submission of the job is done with::

    int padata_do_parallel(struct padata_instance *pinst,

		           struct padata_priv *padata, int cb_cpu);

    int padata_do_parallel(struct padata_shell *ps,

		           struct padata_priv *padata, int *cb_cpu);

The pinst and padata structures must be set up as described above; cb_cpu

specifies which CPU will be used for the final callback when the work is

done; it must be in the current instance's CPU mask.  The return value from

padata_do_parallel() is zero on success, indicating that the work is in

The ps and padata structures must be set up as described above; cb_cpu

points to the preferred CPU to be used for the final callback when the job is

done; it must be in the current instance's CPU mask (if not the cb_cpu pointer

is updated to point to the CPU actually chosen).  The return value from

padata_do_parallel() is zero on success, indicating that the job is in

progress. -EBUSY means that somebody, somewhere else is messing with the

instance's CPU mask, while -EINVAL is a complaint about cb_cpu not being

in that CPU mask or about a not running instance.

instance's CPU mask, while -EINVAL is a complaint about cb_cpu not being in the

serial cpumask, no online CPUs in the parallel or serial cpumasks, or a stopped

instance.

Each task submitted to padata_do_parallel() will, in turn, be passed to

Each job submitted to padata_do_parallel() will, in turn, be passed to

exactly one call to the above-mentioned parallel() function, on one CPU, so

true parallelism is achieved by submitting multiple tasks.  parallel() runs with

true parallelism is achieved by submitting multiple jobs.  parallel() runs with

software interrupts disabled and thus cannot sleep.  The parallel()

function gets the padata_priv structure pointer as its lone parameter;

information about the actual work to be done is probably obtained by using

container_of() to find the enclosing structure.

Note that parallel() has no return value; the padata subsystem assumes that

parallel() will take responsibility for the task from this point.  The work

parallel() will take responsibility for the job from this point.  The job

need not be completed during this call, but, if parallel() leaves work

outstanding, it should be prepared to be called again with a new job before

the previous one completes.  When a task does complete, parallel() (or

whatever function actually finishes the job) should inform padata of the

fact with a call to::

the previous one completes.

Serializing Jobs

----------------

When a job does complete, parallel() (or whatever function actually finishes

the work) should inform padata of the fact with a call to::

    void padata_do_serial(struct padata_priv *padata);

the CPU requested in the initial call to padata_do_parallel(); it, too, is

run with local software interrupts disabled.

Note that this call may be deferred for a while since the padata code takes

pains to ensure that tasks are completed in the order in which they were

pains to ensure that jobs are completed in the order in which they were

submitted.

The one remaining function in the padata API should be called to clean up

when a padata instance is no longer needed::

Destroying

----------

Cleaning up a padata instance predictably involves calling the three free

functions that correspond to the allocation in reverse::

    void padata_free_shell(struct padata_shell *ps);

    void padata_stop(struct padata_instance *pinst);

    void padata_free(struct padata_instance *pinst);

This function will busy-wait while any remaining tasks are completed, so it

might be best not to call it while there is work outstanding.

It is the user's responsibility to ensure all outstanding jobs are complete

before any of the above are called.

Interface

=========

.. kernel-doc:: include/linux/padata.h

.. kernel-doc:: kernel/padata.c

::

       int crypto_unregister_alg(struct crypto_alg *alg);

       int crypto_unregister_algs(struct crypto_alg *algs, int count);

       void crypto_unregister_alg(struct crypto_alg *alg);

       void crypto_unregister_algs(struct crypto_alg *algs, int count);

Notice that both registration and unregistration functions do return a

value, so make sure to handle errors. A return code of zero implies

success. Any return code < 0 implies an error.

The registration functions return 0 on success, or a negative errno

value on failure.  crypto_register_algs() succeeds only if it

successfully registered all the given algorithms; if it fails partway

through, then any changes are rolled back.

The bulk registration/unregistration functions register/unregister each

transformation in the given array of length count. They handle errors as

follows:

-  crypto_register_algs() succeeds if and only if it successfully

   registers all the given transformations. If an error occurs partway

   through, then it rolls back successful registrations before returning

   the error code. Note that if a driver needs to handle registration

   errors for individual transformations, then it will need to use the

   non-bulk function crypto_register_alg() instead.

-  crypto_unregister_algs() tries to unregister all the given

   transformations, continuing on error. It logs errors and always

   returns zero.

The unregistration functions always succeed, so they don't have a

return value.  Don't try to unregister algorithms that aren't

currently registered.

Single-Block Symmetric Ciphers [CIPHER]

---------------------------------------

Example of transformations: aes, arc4, ...

Example of transformations: aes, serpent, ...

This section describes the simplest of all transformation

implementations, that being the CIPHER type used for symmetric ciphers.

Multi-Block Ciphers

-------------------

Example of transformations: cbc(aes), ecb(arc4), ...

Example of transformations: cbc(aes), chacha20, ...

This section describes the multi-block cipher transformation

implementations. The multi-block ciphers are used for transformations

::

       int crypto_unregister_ahash(struct ahash_alg *alg);

       void crypto_unregister_ahash(struct ahash_alg *alg);

       int crypto_unregister_shash(struct shash_alg *alg);

       int crypto_unregister_shashes(struct shash_alg *algs, int count);

       void crypto_unregister_shash(struct shash_alg *alg);

       void crypto_unregister_shashes(struct shash_alg *algs, int count);

Cipher Definition With struct shash_alg and ahash_alg

Required properties:

- compatible : Must be one of:

	       "brcm,bcm2711-rng200"

	       "brcm,bcm7211-rng200"

	       "brcm,bcm7278-rng200"

	       "brcm,iproc-rng200"