Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp82289pxa; Fri, 31 Jul 2020 07:04:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyR2X7Wj/7KyytlM/ZBWA2aALkuASMnr0Zu0/KlOgbQqHGgJ3tGmVOn77ow6O0jUo9RPiUn X-Received: by 2002:a17:906:eb4f:: with SMTP id mc15mr4098503ejb.435.1596204242923; Fri, 31 Jul 2020 07:04:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596204242; cv=none; d=google.com; s=arc-20160816; b=wDo9lzdjzoMaFeLDf7hF4c/rR8R76jGiZ4tnaDjf2lmaO6f9knHbrVDwutexMRgzsH e7mw/pXiKC5BP+H12MRD8e1SKdxuC74DvhmDq6QU++2alOJ2kCovRMnvuwi+LzkzPxvK KuNC25Fdi+TQ/Kut9dNGmXn6B2nc2Qw5awwyV8dBIu9KgbE/MyBm8b4iC1iUnfL0+k2M 8CShLVlo0Wu4JBfpg/5gL74CaXjB9wbuQeot0gdMBK6ejbLZo+9wedNh7fAyPQ3VGiOF hzEsY9x2qSgxaCgFIuOJGHC/z7DkW8X8LYEnjOvntTk0utviDCVV/2iBxYZv5bE2BCzd 1rbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :dkim-signature:dkim-filter; bh=EFkyGoycJ7EZbZ1SlHn59WQ7FEP7aC+YQ3srww/1/N4=; b=SCdYc2sOxkyBX3XiPZ4H1w2tyofjwaok1Vk1eyvytenNET0Xl3k0CuQX5T4D4K7MkD CXdZPtvWurAIYD4bOLGan9/uFUU7uwPAELXsJUMUKfQjh/HhUSzF4JwtclNjkvztAy6C FP0E4njDOMo1/+OI8dsX3dVRQe7Iru8Qv5er58tUnPipfKTu/m9pAnSqEXVVpfh+krny /+C5hoYi4LCbX56uKPWxknU37nLOupYTunlkCD7z+sjy7iVWdPcMA+nRP6yCzgwnJIcv dzr+M3/DBXNGVkeXYp6VF0JczTaJJ3oXhpHi6dZc6YIEd1jlj8YDZAm4nA0fXC2S3/qj OGVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@candelatech.com header.s=default header.b=VwkJLstg; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=candelatech.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d1si5431494edz.288.2020.07.31.07.03.36; Fri, 31 Jul 2020 07:04:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@candelatech.com header.s=default header.b=VwkJLstg; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=candelatech.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731656AbgGaOCl (ORCPT + 99 others); Fri, 31 Jul 2020 10:02:41 -0400 Received: from mail2.candelatech.com ([208.74.158.173]:41738 "EHLO mail3.candelatech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731597AbgGaOCl (ORCPT ); Fri, 31 Jul 2020 10:02:41 -0400 Received: from [192.168.254.5] (unknown [50.34.202.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail3.candelatech.com (Postfix) with ESMTPSA id BE2E013C2B0; Fri, 31 Jul 2020 07:02:40 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com BE2E013C2B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1596204160; bh=+npZ/QHlEf5PDI5xPs4OhMgSGVNT6DgowRgUqcNMrwQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=VwkJLstgU43hYcGDAqr/tA9MdASwAUQ+7gdYRYeCO1Bp972iVqyRKOIgsfWhLNfWq Rox8j5BEpgQFlkXFlGswt1TFaBidI5irxHfTX/yMRP1bc8kuAKMaGbHATAfv4zwRVl p85Vcwe0rCkL4zCFP10E1yK6xUbGqsXqHe577lXY= Subject: Re: Help getting aesni crypto patch upstream To: Ard Biesheuvel Cc: Linux Crypto Mailing List References: <2a55b661-512b-9479-9fff-0f2e2a581765@candelatech.com> <04d8e7e3-700b-44b2-e8f2-5126abf21a62@candelatech.com> <9e6927a6-8f70-009a-ad76-4f11a396e43a@candelatech.com> From: Ben Greear Organization: Candela Technologies Message-ID: <9ab2f706-18ee-0383-3977-8b6f41e2b4a5@candelatech.com> Date: Fri, 31 Jul 2020 07:02:40 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-MW Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 7/31/20 3:00 AM, Ard Biesheuvel wrote: > On Fri, 31 Jul 2020 at 01:57, Ben Greear wrote: >> >> On 7/29/20 1:06 PM, Ard Biesheuvel wrote: >>> On Wed, 29 Jul 2020 at 22:29, Ben Greear wrote: >>>> >>>> On 7/29/20 12:09 PM, Ard Biesheuvel wrote: >>>>> On Wed, 29 Jul 2020 at 15:27, Ben Greear wrote: >>>>>> >>>>>> On 7/28/20 11:06 PM, Ard Biesheuvel wrote: >>>>>>> On Wed, 29 Jul 2020 at 01:03, Ben Greear wrote: >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> As part of my wifi test tool, I need to do decrypt AES on the CPU, and the only way this >>>>>>>> performs well is to use aesni. I've been using a patch for years that does this, but >>>>>>>> recently somewhere between 5.4 and 5.7, the API I've been using has been removed. >>>>>>>> >>>>>>>> Would anyone be interested in getting this support upstream? I'd be happy to pay for >>>>>>>> the effort. >>>>>>>> >>>>>>>> Here is the patch in question: >>>>>>>> >>>>>>>> https://github.com/greearb/linux-ct-5.7/blob/master/wip/0001-crypto-aesni-add-ccm-aes-algorithm-implementation.patch >>>>>>>> >>>>>>>> Please keep me in CC, I'm not subscribed to this list. >>>>>>>> >>>>>>> >>>>>>> Hi Ben, >>>>>>> >>>>>>> Recently, the x86 FPU handling was improved to remove the overhead of >>>>>>> preserving/restoring of the register state, so the issue that this >>>>>>> patch fixes may no longer exist. Did you try? >>>>>>> >>>>>>> In any case, according to the commit log on that patch, the problem is >>>>>>> in the MAC generation, so it might be better to add a cbcmac(aes) >>>>>>> implementation only, and not duplicate all the CCM boilerplate. >>>>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> I don't know all of the details, and do not understand the crypto subsystem, >>>>>> but I am pretty sure that I need at least some of this patch. >>>>>> >>>>> >>>>> Whether this is true is what I am trying to get clarified. >>>>> >>>>> Your patch works around a performance bottleneck related to the use of >>>>> AES-NI instructions in the kernel, which has been addressed recently. >>>>> If the issue still exists, we can attempt to devise a fix for it, >>>>> which may or may not be based on this patch. >>>> >>>> Ok, I can do the testing. Do you expect 5.7-stable has all the needed >>>> performance improvements? >>>> >>> >>> Yes. >> >> It does not, as far as we can tell. >> >> We did a download test on an apu2 (small embedded AMD CPU, but with >> aesni support). A WiFi station is in software-decrypt mode (ath10k-ct driver/firmware, >> but ath9k would be valid to reproduce the issue as well.) >> >> On our 5.4 kernel with the aesni patch applied, we get >> about 220Mbps wpa2 download throughput. With open, we get about 260Mbps >> download throughput. >> >> On 5.7, without any aesni patch, we see about 116Mbps download wpa2 throughput, >> and about 265Mbps open download throughput. >> > > Thanks for the excellent data. Apparently, FPU preserve/restore is > still prohibitively expensive on these cores. > > I'll have a stab at implementing cbcmac(aesni) early next week: as i > pointed out before, we don't need all the ccm boilerplate if the ctr > and mac processing are still done in separate passes anyway. That will be very welcome. We'll be happy to test. Thanks, Ben -- Ben Greear Candela Technologies Inc http://www.candelatech.com