On 8/24/21 2:34 PM, Leonard Crestez wrote: > The crypto_shash API is used in order to compute packet signatures. The > API comes with several unfortunate limitations: > > 1) Allocating a crypto_shash can sleep and must be done in user context. > 2) Packet signatures must be computed in softirq context > 3) Packet signatures use dynamic "traffic keys" which require exclusive > access to crypto_shash for crypto_setkey. > > The solution is to allocate one crypto_shash for each possible cpu for > each algorithm at setsockopt time. The per-cpu tfm is then borrowed from > softirq context, signatures are computed and the tfm is returned. > I could not see the per-cpu stuff that you mention in the changelog.
