Re: Help getting aesni crypto patch upstream

[Ben Greear <greearb@xxxxxxxxxxxxxxx>]

On 7/29/20 12:09 PM, Ard Biesheuvel wrote:
> On Wed, 29 Jul 2020 at 15:27, Ben Greear <greearb@xxxxxxxxxxxxxxx> wrote:
> > On 7/28/20 11:06 PM, Ard Biesheuvel wrote:
> > > On Wed, 29 Jul 2020 at 01:03, Ben Greear <greearb@xxxxxxxxxxxxxxx> wrote:
> > > > Hello,
> > > >
> > > > As part of my wifi test tool, I need to do decrypt AES on the CPU, and the only way this
> > > > performs well is to use aesni.  I've been using a patch for years that does this, but
> > > > recently somewhere between 5.4 and 5.7, the API I've been using has been removed.
> > > >
> > > > Would anyone be interested in getting this support upstream?  I'd be happy to pay for
> > > > the effort.
> > > >
> > > > Here is the patch in question:
> > > >
> > > > https://github.com/greearb/linux-ct-5.7/blob/master/wip/0001-crypto-aesni-add-ccm-aes-algorithm-implementation.patch
> > > >
> > > > Please keep me in CC, I'm not subscribed to this list.
> > >
> > > Hi Ben,
> > >
> > > Recently, the x86 FPU handling was improved to remove the overhead of
> > > preserving/restoring of the register state, so the issue that this
> > > patch fixes may no longer exist. Did you try?
> > >
> > > In any case, according to the commit log on that patch, the problem is
> > > in the MAC generation, so it might be better to add a cbcmac(aes)
> > > implementation only, and not duplicate all the CCM boilerplate.
> >
> > Hello,
> >
> > I don't know all of the details, and do not understand the crypto subsystem,
> > but I am pretty sure that I need at least some of this patch.
>
> Whether this is true is what I am trying to get clarified.
>
> Your patch works around a performance bottleneck related to the use of
> AES-NI instructions in the kernel, which has been addressed recently.
> If the issue still exists, we can attempt to devise a fix for it,
> which may or may not be based on this patch.

Ok, I can do the testing.  Do you expect 5.7-stable has all the needed
performance improvements?

Thanks,
Ben

> > If you can suggest a patch to try I'll be happy to test it to see how it
> > performs.
>
> Please share performance numbers of an old kernel with this patch
> applied, and a recent one without. If that shows there is in fact an
> issue, we will do something about it.
>
> > --
> > Ben Greear <greearb@xxxxxxxxxxxxxxx>
> > Candela Technologies Inc  http://www.candelatech.com


--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc  http://www.candelatech.com