On Thu, 20 Aug 2020 at 09:01, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Aug 20, 2020 at 08:58:15AM +0200, Ard Biesheuvel wrote: > > > > But if we look at the actual issue at hand, we might also look into > > amortizing the FPU preserve/restore over multiple invocations of a > > cipher. I proposed a patch a while ago that makes cipher an internal > > crypto API abstraction, and we could easily add pre/post hooks that > > preserve/restore the FPU in this case, in which case we would not need > > any changes at higher levels. > > I think any use of SIMD crypto_cipher on bulk data is just wrong. > Because the performance degradation when SIMD cannot be used is > too great for this to make sense. > > So optimising the FPU overhead is attacking the wrong problem. > I don't disagree with that, especially given all the effort that went into optimizing FPU preserve/restore on both arm64 and x86. But the bottom line is that this is what is causing the degradation in Ben's case, so we cannot disregard it.
