Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
From: Ben Greear <greearb@candelatech.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Help getting aesni crypto patch upstream
Date: Fri, 31 Jul 2020 07:02:40 -0700
Message-ID: <9ab2f706-18ee-0383-3977-8b6f41e2b4a5@candelatech.com> (raw)
In-Reply-To: <CAMj1kXFt5XCzJ7xGz2=pg-2dA0-zs94XTFsWoTNpSENuhdC51w@mail.gmail.com>

On 7/31/20 3:00 AM, Ard Biesheuvel wrote:
> On Fri, 31 Jul 2020 at 01:57, Ben Greear <greearb@candelatech.com> wrote:
>>
>> On 7/29/20 1:06 PM, Ard Biesheuvel wrote:
>>> On Wed, 29 Jul 2020 at 22:29, Ben Greear <greearb@candelatech.com> wrote:
>>>>
>>>> On 7/29/20 12:09 PM, Ard Biesheuvel wrote:
>>>>> On Wed, 29 Jul 2020 at 15:27, Ben Greear <greearb@candelatech.com> wrote:
>>>>>>
>>>>>> On 7/28/20 11:06 PM, Ard Biesheuvel wrote:
>>>>>>> On Wed, 29 Jul 2020 at 01:03, Ben Greear <greearb@candelatech.com> wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> As part of my wifi test tool, I need to do decrypt AES on the CPU, and the only way this
>>>>>>>> performs well is to use aesni.  I've been using a patch for years that does this, but
>>>>>>>> recently somewhere between 5.4 and 5.7, the API I've been using has been removed.
>>>>>>>>
>>>>>>>> Would anyone be interested in getting this support upstream?  I'd be happy to pay for
>>>>>>>> the effort.
>>>>>>>>
>>>>>>>> Here is the patch in question:
>>>>>>>>
>>>>>>>> https://github.com/greearb/linux-ct-5.7/blob/master/wip/0001-crypto-aesni-add-ccm-aes-algorithm-implementation.patch
>>>>>>>>
>>>>>>>> Please keep me in CC, I'm not subscribed to this list.
>>>>>>>>
>>>>>>>
>>>>>>> Hi Ben,
>>>>>>>
>>>>>>> Recently, the x86 FPU handling was improved to remove the overhead of
>>>>>>> preserving/restoring of the register state, so the issue that this
>>>>>>> patch fixes may no longer exist. Did you try?
>>>>>>>
>>>>>>> In any case, according to the commit log on that patch, the problem is
>>>>>>> in the MAC generation, so it might be better to add a cbcmac(aes)
>>>>>>> implementation only, and not duplicate all the CCM boilerplate.
>>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I don't know all of the details, and do not understand the crypto subsystem,
>>>>>> but I am pretty sure that I need at least some of this patch.
>>>>>>
>>>>>
>>>>> Whether this is true is what I am trying to get clarified.
>>>>>
>>>>> Your patch works around a performance bottleneck related to the use of
>>>>> AES-NI instructions in the kernel, which has been addressed recently.
>>>>> If the issue still exists, we can attempt to devise a fix for it,
>>>>> which may or may not be based on this patch.
>>>>
>>>> Ok, I can do the testing.  Do you expect 5.7-stable has all the needed
>>>> performance improvements?
>>>>
>>>
>>> Yes.
>>
>> It does not, as far as we can tell.
>>
>> We did a download test on an apu2 (small embedded AMD CPU, but with
>> aesni support).  A WiFi station is in software-decrypt mode (ath10k-ct driver/firmware,
>> but ath9k would be valid to reproduce the issue as well.)
>>
>> On our 5.4 kernel with the aesni patch applied, we get
>> about 220Mbps wpa2 download throughput.  With open, we get about 260Mbps
>> download throughput.
>>
>> On 5.7, without any aesni patch, we see about 116Mbps download wpa2 throughput,
>> and about 265Mbps open download throughput.
>>
> 
> Thanks for the excellent data. Apparently, FPU preserve/restore is
> still prohibitively expensive on these cores.
> 
> I'll have a stab at implementing cbcmac(aesni) early next week: as i
> pointed out before, we don't need all the ccm boilerplate if the ctr
> and mac processing are still done in separate passes anyway.

That will be very welcome.  We'll be happy to test.

Thanks,
Ben

-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

      reply index

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-28 22:03 Ben Greear
2020-07-29  6:06 ` Ard Biesheuvel
2020-07-29 12:27   ` Ben Greear
2020-07-29 19:09     ` Ard Biesheuvel
2020-07-29 19:29       ` Ben Greear
2020-07-29 20:06         ` Ard Biesheuvel
2020-07-30 22:56           ` Ben Greear
2020-07-31 10:00             ` Ard Biesheuvel
2020-07-31 14:02               ` Ben Greear [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9ab2f706-18ee-0383-3977-8b6f41e2b4a5@candelatech.com \
    --to=greearb@candelatech.com \
    --cc=ardb@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git