crypto: make skcipher/aead allocation-free on the hot path#570
Closed
jperon wants to merge 2 commits into
Closed
Conversation
Reuse skcipher_request and aead_request objects through a per-runtime pool keyed by request type and size. This reduces the number of dynamic allocations on the hot path while remaining compatible under memory pressure. Also adds stress tests for round-trip encryption/decryption.
The per-runtime request pool still allocated a freelist node on every release and took a lock on a path that is already serialized by the runtime lock. Replace it with a luacrypto_ctx_t held in the object's private data: the request and the IV buffer (both fixed-size for a given tfm) are allocated once at creation time, so encrypt/decrypt no longer performs any fallible allocation besides the output buffer. This removes the ENOMEM failures seen when driving skcipher/aead from softirq context (QUIC decryption in ipparse). The extra byte for lunatik_pushstring()'s NUL terminator in the skcipher output buffer is kept; the explicit '\0' store is dropped as lunatik_pushstring() already writes it. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1a269d2 to
ee8c77c
Compare
Collaborator
Author
|
@lneto I took occasion of Fable launch… and it found a far better solution to my issue! |
Contributor
it's indeed looking better.. I was thinking about this today, I'd like to have this for the next release.. I'll review it after finishing the support for conntrack.. I'm working on using it for tc/qos.. thank you! |
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Even with last optimizations, I kept having ENOMEM with ecb. This fixes it.
Reuse skcipher_request and aead_request objects through a per-runtime pool keyed by request type and size. This reduces the number of dynamic allocations on the hot path while remaining compatible under memory pressure.
Also adds stress tests for round-trip encryption/decryption.