Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp3080043ybn; Fri, 27 Sep 2019 00:21:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxvwNRF/tRSt/uDj9K5OAV79Famd4LlKen4JBJ4jgm6yizyDyRrjjKi+6lEwT+OkVsMSq2S X-Received: by 2002:a17:906:d185:: with SMTP id c5mr6560948ejz.139.1569568899948; Fri, 27 Sep 2019 00:21:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569568899; cv=none; d=google.com; s=arc-20160816; b=yb9z6gHe44UJKVy38HLiKy1LtPz4VNlSQcO0jGbYOniqdkjLvlY+g8a3wVfwRXku2D lgCnqohLde1tzgzO95YfSX1cPt+cvck3SoiyFZpakjrr5XTPTovK84ln+/UmxDeT3NIU QBCvudVrZsP0tDnTxfRPW1yJY2gRNfJeLFA2YWJczq7jykTtBwdK+NgvqV3CjT5UkWSH Qstxoh+4ByTP6ZwHwbLAwitb9TsgP1LqStRAO/TIpTMSti83/zXZQpqvQzM9pW1qGsgx E+jUCv68gqof5CTIMBBn0a1q88tZhyChhv3iX2+U7TVLbyNr+7O7+2NdYHdd0/6PFZRD fNpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vO1B5vBzUjIj1IZ1I8PNSjdn/9fGwQt1B5Ogltx7r9c=; b=MG6g1OgIVdBo5+r4fdm5S7FlcDudyxznT3GIRRLmk5MpDpPYRbcAexQF8d6IqL8tJh sfZuPeXf30qb3X/0qYh7VJJXDgHz97kZ90USi1GukVx9C0Y68TZc3Rmos1CWC6ZXkRUN Lm7pw4JnK6xJGzvBJKb9JThZZrEnlFY6vdwXv12sAdiZm1NIRHgBzsbS1LYJT/o7TzF7 lBsgiWBkSVpiy0zi7CMf1fNfvcSVFjvyM5FDhsh42L6jrRTCn1E5NDQjycbVbcGZxM3E G+KzxUYu8Bc6iKjr3uvSR5wfARhjNsSn6/U22NeGHRtbEfNFJ3ZoEuj9JfOaKIFX1D7l e2ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=KL9ayUzJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b22si1006047eda.194.2019.09.27.00.21.06; Fri, 27 Sep 2019 00:21:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=KL9ayUzJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725812AbfI0HU7 (ORCPT + 99 others); Fri, 27 Sep 2019 03:20:59 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:43763 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725804AbfI0HU7 (ORCPT ); Fri, 27 Sep 2019 03:20:59 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 922ea3ef for ; Fri, 27 Sep 2019 06:35:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=1LvK4z4bebYeyRy2NWOqt/mYcs8=; b=KL9ayU zJc/qfmEI7nz+58bPgK9TifZviMg+DCK4yEz8hJKofLlQ3l0QZYwkZDaiuDWFXph JG9cPXitjtRxboN0da4MIPy0346bdNibRKo83z90mSLXDEOmgWHrztvkc/Af4bAR Cw6eDWJZ9b7bJndUiMtdy3p06lpwj3QlEkb5KKYKTqF5kV9xDUezWEQxnY260tar yLRHzqWGdR/eWpgqW1bjww634aDigrE6OTbLe/etR1xOBnwi1hQyZrkHoiZ9P46g QExWXor2Go0MAVSnmxQT7yra4ZlR8corlP3igk1RZqglSAq67oksZVOOiO1WZVvy inK1MY53z3oGuqww== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f869cbec (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Fri, 27 Sep 2019 06:34:58 +0000 (UTC) Received: by mail-oi1-f177.google.com with SMTP id i185so4351130oif.9 for ; Fri, 27 Sep 2019 00:20:57 -0700 (PDT) X-Gm-Message-State: APjAAAVSi64NIrLeURMvcXYs17f1I6fuMFDXhIBKzjxylXaTEe5pxjHX IIwZYw4THrLQ/WHcXJH2Uxbkbnz06e+yzOn4C2Y= X-Received: by 2002:a54:4807:: with SMTP id j7mr5461378oij.122.1569568856212; Fri, 27 Sep 2019 00:20:56 -0700 (PDT) MIME-Version: 1.0 References: <20190925161255.1871-1-ard.biesheuvel@linaro.org> In-Reply-To: From: "Jason A. Donenfeld" Date: Fri, 27 Sep 2019 09:20:43 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 00/18] crypto: wireguard using the existing crypto API To: Andy Lutomirski Cc: Ard Biesheuvel , Linux Crypto Mailing List , linux-arm-kernel , Herbert Xu , David Miller , Greg KH , Linus Torvalds , Samuel Neves , Dan Carpenter , Arnd Bergmann , Eric Biggers , Will Deacon , Marc Zyngier , Catalin Marinas Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hey Andy, Thanks for weighing in. > inlining. I'd be surprised for chacha20. If you really want inlining > to dictate the overall design, I think you need some real numbers for > why it's necessary. There also needs to be a clear story for how > exactly making everything inline plays with the actual decision of > which implementation to use. Take a look at my description for the MIPS case: when on MIPS, the arch code is *always* used since it's just straight up scalar assembly. In this case, the chacha20_arch function *never* returns false [1], which means it's always included [2], so the generic implementation gets optimized out, saving disk and memory, which I assume MIPS people care about. [1] https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux.git/tree/lib/zinc/chacha20/chacha20-mips-glue.c?h=jd/wireguard#n13 [2] https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux.git/tree/lib/zinc/chacha20/chacha20.c?h=jd/wireguard#n118 I'm fine with considering this a form of "premature optimization", though, and ditching the motivation there. On Thu, Sep 26, 2019 at 11:37 PM Andy Lutomirski wrote: > My suggestion from way back, which is at > least a good deal of the way toward being doable, is to do static > calls. This means that the common code will call out to the arch code > via a regular CALL instruction and will *not* inline the arch code. > This means that the arch code could live in its own module, it can be > selected at boot time, etc. Alright, let's do static calls, then, to deal with the case of going from the entry point implementation in lib/zinc (or lib/crypto, if you want, Ard) to the arch-specific implementation in arch/${ARCH}/crypto. And then within each arch, we can keep it simple, since everything is already in the same directory. Sound good? Jason