Bug#552270: Marvell CESA driver and Kirkwood

Uri Simchoni uri at jdland.co.il
Sat Apr 24 14:43:35 EDT 2010


On 4/24/2010 6:12 PM, Sebastian Andrzej Siewior wrote:
> * Uri Simchoni | 2010-04-22 06:23:12 [+0300]:
> 
> For IPSec I use this[0] shell script which sets up a connection. Good for
> testing :) 
Thanks, That'll save time setting it up...
> I enabled list and sg debugging and a flood ping triggered a couple of
> warning. Could you please look at this?
Sure.
> 
> IPsec requests authenc(hmac(sha1),cbc(aes)) so right now it reqeusts two
> cesa provided algorithms. A single ping results in around 30ms RTT.
Since the CESA does each operation faster than sw (at least when the packet size exceeds some threshold), I see no reason for it to slow the process down. The slowness probably is somehow caused by the same thing that causes the oops, or by debug warning prints.

> Disabling hmac(sha1) gives me less than 1ms.
> Implementing authenc() for IPsec should speed things up. Right I'm stuck
> with hacking DMA support.
Well, so far I wasn't able to figure out how it all fits together - sure, the CESA can do AES-CBC+HMAC-SHA1 in one run, but I'm not sure it's suitable for IPSec, or that the crypto infrastructure supports a HW driver for combined operation. (the CESA is probably not suitable for SSL because of alignment problems, IPSec is better in that respect).
> 
> For now I think lowering priority of hmac() should fix the problem. A
> direct request "mv-hmac-sha1" should still returned the mv driver. What
> do you thing?
> 
I think there's a bug here I should find and fix. Till then perhaps the mv-hmac-sha1 driver should not be registered at all.
> Need to run now....
> 
>> Thanks,
>> Uri.
> 
> Sebastian




More information about the linux-arm-kernel mailing list