On Thu, Dec 31, 2020 at 05:41:53PM +0100, Ard Biesheuvel wrote: > The AES-NI implementation of XTS was impacted significantly by the retpoline > changes, which is due to the fact that both its asm helper and the chaining > mode glue library use indirect calls for processing small quantitities of > data > > So let's fix this, by: > - creating a minimal, backportable fix that recovers most of the performance, > by reducing the number of indirect calls substantially; > - for future releases, rewrite the XTS implementation completely, and replace > the glue helper with a core asm routine that is more flexible, making the C > code wrapper much more straight-forward. > > This results in a substantial performance improvement: around ~2x for 1k and > 4k blocks, and more than 3x for ~1k blocks that require ciphertext stealing > (benchmarked using tcrypt using 1420 byte blocks - full results below) > > It also allows us to enable the same driver for i386. > > Changes since v1: > - use 'test LEN, LEN' instead of 'cmp $0, LEN' to get shorter opcodes, as > suggested by Uros > - rebase to get rid of false dependencies on other changes that are in flight. > > NOTE: patch #2 depends on [0], which provides the permutation table used for > ciphertext stealing > > [0] https://lore.kernel.org/linux-crypto/20201207233402.17472-1-ardb@xxxxxxxxxx/ > > Cc: Megha Dey <megha.dey@xxxxxxxxx> > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: Uros Bizjak <ubizjak@xxxxxxxxx> > > Ard Biesheuvel (2): > crypto: x86/aes-ni-xts - use direct calls to and 4-way stride > crypto: x86/aes-ni-xts - rewrite and drop indirections via glue helper > > arch/x86/crypto/aesni-intel_asm.S | 353 ++++++++++++++++---- > arch/x86/crypto/aesni-intel_glue.c | 229 +++++++------ > crypto/Kconfig | 1 - > 3 files changed, 411 insertions(+), 172 deletions(-) All applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
