RE: [PATCH v3 2/3] platform/mellanox/mlxbf_pka: Add userspace PKA ring device interface

From: Ron Li

Date: Fri Dec 05 2025 - 12:15:17 EST



> -----Original Message-----
> From: Hans de Goede <hansg@xxxxxxxxxx>
> Sent: Wednesday, November 19, 2025 10:52 AM
> To: Ron Li <xiangrongl@xxxxxxxxxx>; ilpo.jarvinen@xxxxxxxxxxxxxxx; Vadim
> Pasternak <vadimp@xxxxxxxxxx>; alok.a.tiwari@xxxxxxxxxx; Khalil Blaiech
> <kblaiech@xxxxxxxxxx>; David Thompson <davthompson@xxxxxxxxxx>
> Cc: platform-driver-x86@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-
> crypto@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH v3 2/3] platform/mellanox/mlxbf_pka: Add userspace
> PKA ring device interface
>
> External email: Use caution opening links or attachments
>
>
> Hi,
>
> On 19-Sep-25 9:51 PM, Ron Li wrote:
> > Expose each BlueField PKA ring as a character device for userspace offload.
> > This focuses on per-ring resources, layout, and control, without in-kernel
> > crypto algorithms.
> >
> > - Create ring device nodes and lifecycle: open/close, mmap, ioctl
> > - Partition 16KB Window RAM per ring (1KB cmd, 1KB result, 14KB vectors)
> > - Program ring info words (cmd/rslt bases, size, host_desc_size, in-order)
> > - Provide UAPI ioctls:
> > - MLXBF_PKA_RING_GET_REGION_INFO
> > - MLXBF_PKA_GET_RING_INFO
> > - MLXBF_PKA_CLEAR_RING_COUNTERS
> > - ACPI-based probe for BF1/BF2/BF3 and per-shim ring setup
> > - Document device/ring identifiers and interface in sysfs ABI
>
> IMHO you really should use the standard hw-accel crypto kernel APIs
> for this and not introduce a set of custom ioctls.
>
> I guess an exception can be made if:
>
> 1. You can motivate why using the standard hw-accel crypto kernel APIs will
> not work for your use-case; *and*
> 2. You can get an ack from one of the linux-crypto MAINTAINERs for doing this
> outside of the crypto subsystems.
>
> Sorry, but we cannot merge these patches adding this custom crypto API
> under drivers/platform/mellanox without explicit permission to deviate
> from the standard crypto APIs by the linux-crypto MAINTAINERs.
>
> Regards,
>
> Hans

Hello linux-crypto maintainers,
Please review the justifications for avoiding the Crypto API for the PKA driver:
- Our primary consumers are user‑space TLS stacks (OpenSSL/BoringSSL). The user‑space AF_ALG interface does not expose asymmetric algorithms (Documentation/crypto/userspace-if.rst), so it wouldn’t reach those consumers.
- Additionally, routing through Crypto API adds extra copies/context hops that regress our handshake latency and batched throughput targets compared to the direct, zero‑copy queue UAPI.

Please advise if the review procedure can proceed.

Thanks
Ron