archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 01:04:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

xfrm: Skip redundant replay recheck for the hardware offload path

Browse source 
The xfrm_replay_recheck() function was introduced to handle the issues
arising from asynchronous crypto algorithms.

The crypto offload path is now effectively synchronous, as it holds
the state lock throughout its operation. This eliminates the race
condition, making the recheck an unnecessary overhead. This patch
improves performance by skipping the redundant call when
crypto_done is true.

Additionally, the sequence number assignment is moved to an earlier
point in the function. This improves performance by reducing lock
contention and places the logic at a more appropriate point, as the
full sequence number (including the higher-order bits) can be
determined as soon as the packet is received.

Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Jianbo Liu 2025-10-21 04:35:43 +03:00 committed by Steffen Klassert
parent 10a1186194
commit b427c0c3bc
1 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
net/xfrm/xfrm_input.c
View file

@ -546,7 +546,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
nexthdr = x->type_offload->input_tail(x, skb);
}
goto lock;
goto process;
}
family = XFRM_SPI_SKB_CB(skb)->family;
@ -614,7 +614,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
goto drop;
}
lock:
process:
seq_hi = htonl(xfrm_replay_seqhi(x, seq));
XFRM_SKB_CB(skb)->seq.input.low = seq;
XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
spin_lock(&x->lock);
if (unlikely(x->km.state != XFRM_STATE_VALID)) {
@ -646,11 +651,6 @@ lock:
goto drop_unlock;
}
seq_hi = htonl(xfrm_replay_seqhi(x, seq));
XFRM_SKB_CB(skb)->seq.input.low = seq;
XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
if (!crypto_done) {
spin_unlock(&x->lock);
dev_hold(skb->dev);
@ -676,7 +676,7 @@ resume:
/* only the first xfrm gets the encap type */
encap_type = 0;
if (xfrm_replay_recheck(x, skb, seq)) {
if (!crypto_done && xfrm_replay_recheck(x, skb, seq)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;
}