Crypto API scatterwalk copy

[djwatson]

The crypto API expects data to be contiguous in memory. This means that even though it supports a scatter/gather buffer interface, under the covers it does a copy to make everything contiguous. This makes sense in some ways: the AESNI routines need data aligned on certain byte boundaries to be most efficient.

For af_ktls however, the header aad data and hash are currently never contiguous. We should either make all the af_ktls data contiguous if possible, or modify the crypto API to accept portions of data that aren't contiguous where it doesn't matter.

Attached was my work in progress diff to modify the crypto API to avoid the copies if possible.

nocopy_crypto.txt

[fridex]

Thank you for the patch. In my opinion it should worth to support both:

• make rfc4106 copyless since it affects performance when sending records that are bigger than PAGE_SIZE - this is reasonable especially for TLS
• avoid preallocation of pages in AF_KTLS and allocate them lazily (with space for header, tag or seq nums), since we want to pass them to kernel_sendpage() - this would cause that the header, AAD, tag would be continuous.

[djwatson]

Feedback from netdev1.2:

Should update gcm/aes crypto to support full scatter/gather, and support routines to copy directly to/from userspace. This would make mmap + send() just as fast as sendfile, while supporting more applications