All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ben Greear <greearb@candelatech.com>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v2] crypto: aesni - add ccm(aes) algorithm implementation
Date: Tue, 15 Dec 2020 09:55:37 +0100	[thread overview]
Message-ID: <CAMj1kXH5LPib2vPgLkdzHX4gSawDSE=ij451s106_xTuT19YmA@mail.gmail.com> (raw)
In-Reply-To: <CAMj1kXE-+35tfO87024xB274ZVOu7HTHqDa8o-hjoxDasd8p7g@mail.gmail.com>

(+ Eric)

TL;DR can we find a way to use synchronous SIMD skciphers/aeads
without cryptd or scalar fallbacks

On Thu, 10 Dec 2020 at 13:19, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Thu, 10 Dec 2020 at 13:16, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> >
> > On Thu, Dec 10, 2020 at 01:03:56PM +0100, Ard Biesheuvel wrote:
> > >
> > > But we should probably start policing this a bit more. For instance, we now have
> > >
> > > drivers/net/macsec.c:
> > >
> > > /* Pick a sync gcm(aes) cipher to ensure order is preserved. */
> > > tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
> > >
> > > (btw the comment is bogus, right?)
> > >
> > > TLS_SW does the same thing in net/tls/tls_device_fallback.c.
> >
> > Short of us volunteering to write code for every user out there
> > I don't see a way out.
> >
> > > Async is obviously needed for h/w accelerators, but could we perhaps
> > > do better for s/w SIMD algorithms? Those are by far the most widely
> > > used ones.
> >
> > If you can come up with a way that avoids the cryptd model without
> > using a fallback obviously that would be the ultimate solution.
> >
>
> Could we disable softirq handling in these regions?

I have been looking into this a bit, and I wonder if we might consider
doing the following:
- forbid synchronous skcipher/aead encrypt/decrypt calls from any
other context than task or softirq (insofar this is not already the
case)
- limit kernel mode SIMD in general to task or softirq context
- reduce the scope for simd begin/end blocks, which is better for
PREEMPT in any case, and no longer results in a performance hit on x86
as it did before, now that we have lazy restore for the userland FPU
state
- disable softirq processing when enabling kernel mode SIMD

This way, we don't need a scalar fallback at all, given that any SIMD
use in softirq context is guaranteed to occur when the SIMD registers
are dead from the task's pov.

So the question is then how granular these kernel mode SIMD regions
need to be to avoid excessive latencies in softirq handling.

I think this could also be an opportunity for a bit more alignment
between architectures on this topic.

-- 
Ard.

  reply	other threads:[~2020-12-15  8:56 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-01 19:45 [PATCH v2] crypto: aesni - add ccm(aes) algorithm implementation Ard Biesheuvel
2020-12-01 21:40 ` Ben Greear
2020-12-01 21:57 ` Herbert Xu
2020-12-01 22:00   ` Ben Greear
2020-12-01 22:01     ` Herbert Xu
2020-12-01 22:01   ` Ard Biesheuvel
2020-12-01 22:04     ` Herbert Xu
2020-12-01 22:12       ` Ard Biesheuvel
2020-12-01 22:16         ` Herbert Xu
2020-12-01 22:27           ` Ard Biesheuvel
2020-12-01 23:11             ` Herbert Xu
2020-12-01 23:24               ` Ard Biesheuvel
2020-12-01 23:30                 ` Herbert Xu
2020-12-01 23:41                   ` Ard Biesheuvel
2020-12-01 23:48                     ` Herbert Xu
2020-12-02  0:01                       ` Ben Greear
2020-12-10  0:18               ` Ard Biesheuvel
2020-12-10  2:43                 ` Herbert Xu
2020-12-10  3:01                   ` Ben Greear
2020-12-10  7:30                     ` Ard Biesheuvel
2020-12-10 11:14                       ` Herbert Xu
2020-12-10 12:03                         ` Ard Biesheuvel
2020-12-10 12:16                           ` Herbert Xu
2020-12-10 12:19                             ` Ard Biesheuvel
2020-12-15  8:55                               ` Ard Biesheuvel [this message]
2020-12-15  9:19                                 ` Herbert Xu
2022-11-08 18:50                                   ` Ben Greear
2022-11-09  3:52                                     ` Herbert Xu
2022-11-09 10:05                                       ` Ard Biesheuvel
2022-11-09 14:12                                         ` Ben Greear
2022-11-11 22:29                                         ` Ben Greear
2022-11-12 14:59                                           ` Ard Biesheuvel
2023-10-16 20:50                                             ` Ben Greear
2023-10-17  3:16                                               ` Eric Biggers
2023-10-17  6:43                                                 ` Ard Biesheuvel
2023-10-18  1:24                                                   ` Herbert Xu
2020-12-10 14:40                       ` Ben Greear
2020-12-01 22:12       ` Ben Greear

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAMj1kXH5LPib2vPgLkdzHX4gSawDSE=ij451s106_xTuT19YmA@mail.gmail.com' \
    --to=ardb@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=greearb@candelatech.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.