Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5743294ybp; Tue, 15 Oct 2019 04:29:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWNlhsq5EJoIXoG9yNruEkXLpjkuXZMhpyK5Az2jyVnmHz1jG//+I59SmCaCCHvz21YCfg X-Received: by 2002:a17:906:a294:: with SMTP id i20mr32986831ejz.165.1571138981949; Tue, 15 Oct 2019 04:29:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571138981; cv=none; d=google.com; s=arc-20160816; b=d5zAIx5QzWaVUrC2ztnMcANOX3tQtU3m4NsMPp24by3e6vj9Z87YO6Juqq6/yn8qrn Fk62NT26Y2zLJ9cc4OGm9dLJDXOX5eILioDf0srkmgy9tvbINsqf1yrPY8RkaFWpakX3 ld9PneJ+Zx3rE19dop+4it0vEKg6wRU0liNVaqNnfPv6iIohfOchnWS2n0GMsawo8Ept Q99MsrBTPi7xVct9Oc6jBpA5s1Bk/kYaj9sNwRrsqBXTLv9LRACEYm1J9lN45KpO/+pT VOOYNFVq0DyVkc3MAtMn9ggbMwWiAEpbUe4lklazi0qd4M/DnOGddzfOgrUcVd9oXmmM 17ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=OFpENs/PN2nUro9OrNM8LsgBZDJfT5VvqwGFbZvHNY8=; b=C/xa2BzDPPscCqYma2VLMFA1QxHvMU6qES92SG+8/tOof0wsON9o0CcUt7cyzDdTg0 VW/56+S40dWQ0WdIMkWd9o4yL7qH4SqG/OmRRuN9nX0vl4n1YBXG9G/MNARAhSiSzLc4 qc4LCHxYpl/GmKSnAv2WsJFrr7SDZyY3Cm7SIx15FwPeLr+0PkCmA+ATVfcQqnldowhS NPuHDGHmzoDlOiLMAvpUE8G/2imZGsBo4s+ri5pW+KMj98RvAHbOfCFircvDq8WhXQB8 2FG60k2lmy78Uf56ZstX+FestnLenznNz6hSQel2yP17VLq7MJK54Cq1eOoxeni8PHHO PIrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fpbUamZ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n19si12786617edo.172.2019.10.15.04.29.17; Tue, 15 Oct 2019 04:29:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fpbUamZ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729984AbfJOKM6 (ORCPT + 99 others); Tue, 15 Oct 2019 06:12:58 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:45263 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729637AbfJOKM6 (ORCPT ); Tue, 15 Oct 2019 06:12:58 -0400 Received: by mail-wr1-f65.google.com with SMTP id r5so23058831wrm.12 for ; Tue, 15 Oct 2019 03:12:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OFpENs/PN2nUro9OrNM8LsgBZDJfT5VvqwGFbZvHNY8=; b=fpbUamZ2tfiWR5n1UNPKwLUc2xDeqOVG/pjSPzUAny6yphTcFCG3iV1MtuQ8MVJgkn jWL89r0nLV0y7rK5uhFop61NkghDT6jsg9zyE57uD74yuVIZGgOh7544r8Xy+UEjWLzV ENvN/csbsb4XFYLsV/AQmOvJv15hoEQXqBT6oSWbYq7NJ5gw783KzXkhUzJYIxQMJyD4 PSA9xX6quefgbCSJc7iOZkNTiv+AZHI5UMnAKBEIw9uJWXHUy5mrQNnYZMZgs1sIsF+7 0rK8fkM779wJ0g8GCxtJNqbWrtxJKUHfK/RxqVnQYFXnektrMZwJx4H3o4mNrEOiAA5/ y9Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OFpENs/PN2nUro9OrNM8LsgBZDJfT5VvqwGFbZvHNY8=; b=pq0xuuz9pF6CgkUmi7JxulMPhElmWjfLZ+SSTIMuT4a6TXt5mR1LUt8OcZMsPSsu2k zYwU22R7tqSPkF8d147q9ONNU1DIh4gVComdTUuk74jgNYhAfYQSWRs5m2iWL4518u3w EeteifgwKZnp+URgsivNZo23SjWw0axWdrhK+6VgMy8lH4O6xrn0kS5QZInb/kONY+iq QRGVg3YcUvUDVyZe/dEKEfd1ExGLKdBczm5q0UpfdiPe0zdKlRxx0uW29pixR4zwB9Fl KqTRvOAsqwf0wZ/AqI7zCeeQCKaHC20oeOb0fc0F8xcStTj9YMynkaVPtBQBAF/BpUcC J6SA== X-Gm-Message-State: APjAAAWsOg/X9amjhDVFbE2li0yBdJcrZcu/1y0zI4bHzqKMhNse9m8Y Atkb0basCabBLw91zsZbHv6R4PUmP1GacJLZbloYmA== X-Received: by 2002:adf:9f08:: with SMTP id l8mr28597538wrf.325.1571134374116; Tue, 15 Oct 2019 03:12:54 -0700 (PDT) MIME-Version: 1.0 References: <20191007164610.6881-1-ard.biesheuvel@linaro.org> <20191007164610.6881-3-ard.biesheuvel@linaro.org> <8021f3ad396dead64fca36cef018c914f9a3a55d.camel@strongswan.org> In-Reply-To: <8021f3ad396dead64fca36cef018c914f9a3a55d.camel@strongswan.org> From: Ard Biesheuvel Date: Tue, 15 Oct 2019 12:12:43 +0200 Message-ID: Subject: Re: [PATCH v3 02/29] crypto: x86/chacha - depend on generic chacha library instead of crypto driver To: Martin Willi Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Herbert Xu , David Miller , "Jason A . Donenfeld" , Samuel Neves , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Rene van Dorst Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 15 Oct 2019 at 12:00, Martin Willi wrote: > > Hi Ard, > > > Since turning the FPU on and off is cheap these days, simplify the > > SIMD routine by dropping the per-page yield, which makes for a > > cleaner switch to the library API as well. > > In my measurements that lazy FPU restore works as intended, and I could > not identify any slowdown by this change. > Thanks for confirming. > > +++ b/arch/x86/crypto/chacha_glue.c > > @@ -127,32 +127,32 @@ static int chacha_simd_stream_xor [...] > > > > + do_simd = (walk->total > CHACHA_BLOCK_SIZE) && crypto_simd_usable(); > > Given that most users (including chacha20poly1305) likely involve > multiple operations under the same (real) FPU save/restore cycle, those > length checks both in chacha and in poly1305 hardly make sense anymore. > > Obviously under tcrypt we get better results when engaging SIMD for any > length, but also for real users this seems beneficial. But of course we > may defer that to a later optimization patch. > Given that the description already reasons about FPU save/restore being cheap these days, I think it would be appropriate to just get rid of it right away. Especially in the chacha20poly1305 case, where the separate chacha invocation for the poly nonce is guaranteed to fail this check, we basically end up going back and forth between the scalar and the SIMD code, which seems rather suboptimal to me.