if (crypto_tq != NULL)

taskqueue_free(crypto_tq);

No ?

Yes indeed!

a little complex to retrieve the id ?

add a readonly sysctl?

cannot find it in the new code ? is it replaced by something else?

is there a maximum ?

empty line

is it possible to scale krp also ?

is it necessary to check all queue here ?

It is used only for debugging purpose. Do you suggest another approach?

yes, this is a good idea

Your are right, this is indeed a merge error

Ok, I changed to set the maximum to mp_ncpus

Ok

It is possible indeed, but it requires some changes in the code and unfortunately I cannot test this now.

Yes, since the same return worker is used to dispatch all of them.
I guess it is cheaper to check these pointers rather than triggering a potential useless wake up

What about just '((w) - crypto_ret_workers)'?

My only thought here is to not add an extra context switch for actual hardware drivers. Currently you can't use the crypto_getcaps(hid) to figure out what a driver is because aesni0 is incorrectly tagged as hardware (it should be tagged as software, but in such a way that it has priority over the "plain" software, this is also important for avoiding the use of the in-kernel aesni0 driver for user requests from /dev/crypto as any user requests are better off doing AESNI or other accelerated software directly in userland).

Yes indeed!

You are right, the current proposed patch works fine only for the software driver.

Actually we already have patches to integrate the aesni and padlock drivers in the software driver. We plan to submit these patches in future reviews.
For now, as it does not make much sense, we could just prevent the crypto jobs using hardware accelerated drivers to be dispatched over multi CPU?
What do you think?

We should provide a way to just do direct dispatch for hardware crypto drivers, that is all I really care about, but I'm not sure how to do that cleanly with the current aesni driver without some sort of extra "I'm accelerated software" flag, that is all. I'm open to any solution that does direct dispatch for hardware drivers and uses multiple threads for software (plain or accelerated)

I feel like I'd rather do the F_PERCPU check in the crypto code itself (e.g. in crypto_dispatch) rather than in consumers.

That is what I did first.
Unfortunately, if you request a MP dispatch and the underlying crypto driver does not handle it, you lose the CBIFSYNC flag and get a performance penalty.

Maybe rename this to _ASYNC, to counteract the CAP_F_SYNC flag on a driver.

I was confused, as I thought this flag allowed things to be reordered, instead of keeping things ordered. Maybe rename the flag to _F_KEEPORDER. Maybe add some text that the caller is required to ensure that proper ordering is maintained via holding a lock or some other synchronization primitive.

I'm not sure this flag should be added. The code should be generic to apply to all _SYNC drivers, so that special code isn't added to drivers.

Maybe make this into a macro or in-line function, as it's repeated a number of times, and involves a bit of logic.

This is implementation defined behavior per 6.3.1.3 of c99 and should be fixed (different compliers may output different results when running this code). Something like:
((a)-(b) <= INT_MAX)

is probably best, as that is what you end up doing w/ the cast, and results in well defined behavior.

Yes why not, but the user has no clue there is a kind of acceleration to be expected.
Not sure it is a problem since the explanation is below.

You are right, it is more a "keep order" behavior. I will add what you suggested.

I see what you mean; it indeed applies well on SYNC drivers. I just wanted to make sure things are well separated to avoid surprising effects, but it could be added later only if we really need to have such a distinction.

Well I have the feeling that CRYPTO_F_CBIFSYNC should be done automatically

Anyway, with your suggestions, the resulting condition would be something like that:

if (CRYPTO_SESID2CAPS(cryptoid) & CRYPTOCAP_F_SYNC) {

if (V_crypto_mp_dispatch)
    crp->crp_flags |= CRYPTO_F_MPDISPATCH | CRYPTO_F_KEEPORDER;
else
    crp->crp_flags |= CRYPTO_F_CBIFSYNC;

}

That raises another question: why not using CRYPTO_F_CBIMM instead of CRYPTO_F_CBIFSYNC then?

Actually I reused the logic used by SEQ_GT(a,b) defined in netinet/tcp_seq.h

Maybe we have some problems there too?

Please check the whitespace on this block of changes. It looks to be using a combination of spaces and tabs for the indentation.

Thanks.

Please check the whitespace for the additions to this file.
It looks like you're using spaces for indentation, and
the existing code uses tabs.

Thanks.

I use the same indentation style as before: tabs are used to indent, and 4 extra spaces are used on multi lines instructions.
Is that no longer valid?

Fixed!

There is a slight difference between _CBIMM and _CBIFSYNC... in the case of _CBIMM, it is ALWAYS called immediately. This can cause a lock reversal as the driver may be holding a lock when calling crypto_done. In the case of _CBIFSYNC, the callback is only called when the code is processed immediately. I don't know all the locking context to know what is safe, but the above makes some sense to keep it this way.

If this function was moved after the following one, it would reduce the diff by wrapping the tail of the crypto_dispatch w/ this new function. It also makes tracing history easier.

likely. an email to bde would help figure out what the best solution is.

please remember to update .Dd before the final commit.

Is this supposed to be "(that is, if the..."?

Start the new sentence on a new line, per mdoc style.