On 02/22/2017 07:12 AM, Binoy Jayan wrote: > > I was wondering if this is near to be ready for submission (apart from > the testmgr.c > changes) or I need to make some changes to make it similar to the IPSec offload? I just tried this and except it registers the IV for every new device again, it works... (After a while you have many duplicate entries in /proc/crypto.) But I would like to see some summary why such a big patch is needed in the first place. (During an internal discussions seems that people are already lost in mails and patches here, so Ondra promised me to send some summary mail soon here.) IIRC the first initial problem was dmcrypt performance on some embedded crypto processors that are not able to cope with small crypto requests effectively. Do you have some real performance numbers that proves that such a patch is adequate? I would really like to see the performance issue fixed but I am really not sure this approach works for everyone. It would be better to avoid repeating this exercise later. IIRC Ondra's "bulk" mode, despite rejected, shows that there is a potential to speedup things even for crypt drivers that do not support own IV generators. I like the patch is now contained inside dmcrypt, but it still exposes IVs that are designed just for old, insecure, compatibility-only containers. I really do not think every compatible crap must be accessible through crypto API. (I wrote the dmcrypt lrw and tcw compatibility IVs and I would never do that this way if I know it is accessible outside of dmcrypt internals...) Even the ESSIV is something that was born to fix predictive IVs (CBC watermarking attacks) for disk encryption only, no reason to expose it outside of disk encryption. Milan