Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4123691imm; Mon, 17 Sep 2018 08:32:29 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdbex/lCKBwWZCtl1AIB7ms7mhxcVe7WAquDIJYiMUN4U5fBlm+fqOnJWGlGTpExDK+xWRAm X-Received: by 2002:a17:902:820a:: with SMTP id x10-v6mr25453659pln.261.1537198349069; Mon, 17 Sep 2018 08:32:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537198349; cv=none; d=google.com; s=arc-20160816; b=LMi7AGVU1+JJqpzgHTNnEuJrg8YT0VvedNRhGeGYE9sWrRfjL+YRgzG0PkIjhYrv6x vZE1gWQc+Y2IH1KMkE5SuYWVVJM5DQN56cvTDqz+35Rqieg5oBzQxwdN2Ne3RBy4aPH+ gcgnmQNB7hrIDppUwimk9igtfV7kWUI7BxvIA/0A9LF2bBPQ9NxYd6drD+xi5wmdSPVe s74oVQXD3CwNdlWzbcwkXXQmKp7wgRzF7+TEaZE7OSyhVs0aGaTShM+P3u/r2oNZisZT 4G3vUZiJwPN4R/M1Fbg92FEavQEK27HLCwYoJtDiamUW9Sd5srzcZmCPMJ/YLGzqgFoH N0PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Z6cTK7mTfBi41Gg8l7Xm2UOrKMV0ylD+ISkGtT2rkF4=; b=Z+yEwE3XFY4YmAC2maTAs4/dq2ZFTXy/wFzSeqke1wan5qbp+ykLx9g8PCBZlnZLXc AeJhalwEahqH5wHtHT+kSXDenTLLFJkm4nZAu+6ZKhrfn9o0rH+ZoMLYlI2HEGuYkENL grWuydCOSPb9qUn0deSH5HwD2FocpOohQfqzghy8v80pXgf7aWzfmkhJAshDSroP6uiL ulJ+c9fH92u3/p8MWSrW69Ul6b4EEDFfs9PUKem9DztFr22O3XqYS7PCo1imSFMkENad VGlf8QzOynnAaaW7flTG5peBwmu5n/nFD4BVFbDbpMgbHzsmFZds7zuH1EA/JYkwOjY0 A7bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=dhCJqVuL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id go1si16472701plb.266.2018.09.17.08.32.12; Mon, 17 Sep 2018 08:32:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=dhCJqVuL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728934AbeIQU75 (ORCPT + 99 others); Mon, 17 Sep 2018 16:59:57 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:57749 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727063AbeIQU75 (ORCPT ); Mon, 17 Sep 2018 16:59:57 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 37236be9; Mon, 17 Sep 2018 15:14:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=PR7VKoV/mArejq5lfHQeNp92ISQ=; b=dhCJqV uLyITH0OiwdWwrJyyC0DKJ+67ki8kKxGokIPUDSG9CPcyTnIkd7OQesg9ncA95Bc t9IW0QjLcLOzujlplKFlok/XeLlrd7qpkfW4bFqpBL2NUrZ7mHEOXa//BopkYGhf zgrvbBkJjHGsJUAmTEQwDEv4Tqa8Rqt2dXKAbt1onDvv64SeYtTYn6KhelrmvhY4 WoQ1ykhFpGpsJTwXqS0wrjgAkp5tWxO3f3Oui00ukCjylfOoOsdKkbhPwKVOiYaI J4pAAGpQU0Sx5g6kl3tpJlpxnDEkJrIEAjcEMMzbW/I1jPkG6/oRvYbU0kJp5cr3 2BDMvfeFeIg/Cw/g== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 87f16a2f (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Mon, 17 Sep 2018 15:14:37 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id 13-v6so19324802ois.1; Mon, 17 Sep 2018 08:32:04 -0700 (PDT) X-Gm-Message-State: APzg51BEPTw2FCh8nTdRuiP+RQdcP341IPlMHSVH8NkO1asvxc/tVpHu U/bCUB8ADkNcXGDUdMZPFHd8OVjQV5INVaLJNQU= X-Received: by 2002:aca:ce02:: with SMTP id e2-v6mr18733540oig.225.1537198323121; Mon, 17 Sep 2018 08:32:03 -0700 (PDT) MIME-Version: 1.0 References: <20180911214737.GA81235@gmail.com> <20180911233015.GD11474@lunn.ch> <20180911.165739.2032677219588723041.davem@davemloft.net> <35BC21D7-01F4-4F91-A7E9-8D15DE5B95D6@amacapital.net> In-Reply-To: <35BC21D7-01F4-4F91-A7E9-8D15DE5B95D6@amacapital.net> From: "Jason A. Donenfeld" Date: Mon, 17 Sep 2018 17:31:50 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library To: Andy Lutomirski Cc: Ard Biesheuvel , Andrew Lutomirski , David Miller , Andrew Lunn , Eric Biggers , Greg Kroah-Hartman , LKML , Netdev , Samuel Neves , Jean-Philippe Aumasson , Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 17, 2018 at 4:52 PM Andy Lutomirski wrote: > I think the module organization needs to change. It needs to be possible to have chacha20 built in but AES or whatever as a module. Okay, I'll do that for v5. > I might have agreed before Spectre :(. Unfortunately, unless we do some magic, I think the code would look something like: > > if (static_branch_likely(have_simd)) arch_chacha20(); > > ...where arch_chacha20 is a *pointer*. And that will generate a retpoline and run very, very slowly. (I just rewrote some of the x86 entry code to eliminate one retpoline. I got a 5% speedup on some tests according to the kbuild bot.) Actually, the way it works now benefits from the compilers inliner and the branch predictor. I benchmarked this without any retpoline slowdowns, and the branch predictor becomes correct pretty much all the time. We can tinker with this after the initial merge, if you really want, but avoiding function pointers and instead using ordinary branches really winds up being quite fast.