| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250403032008.GA129577@sol.localdomain> Date: Wed, 2 Apr 2025 20:20:08 -0700 From: Eric Biggers <ebiggers@...nel.org> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Ard Biesheuvel <ardb@...nel.org>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, x86@...nel.org, "Jason A. Donenfeld" <Jason@...c4.com> Subject: Re: [PATCH v2 0/9] crypto: x86 - stop using the SIMD helper On Thu, Apr 03, 2025 at 10:56:35AM +0800, Herbert Xu wrote: > On Thu, Apr 03, 2025 at 02:14:53AM +0000, Eric Biggers wrote: > > > > It's not the 90s anymore. Crypto is fast now, and used ubiquitously. > > I have to say that you've done a great job in improving crypto > performance on x86 and I'm very pleased with being able to > encrypt 256 bytes in just over 100 CPU cycles and doing a > whole page takes less than 1000 cycles. > > But this is only possible with SIMD instructions which we do not > support in hard IRQ context. > What? Take a look at siphash_1u32(), for example. That is crypto, and it is fast. It doesn't use, or need to use, SIMD instructions. Also, riscv has scalar AES instructions. (They aren't used by the kernel yet, but they could be. The CRC code already uses scalar carryless multiplication.) Obviously, it's also very common to really need the SIMD unit. That's the way it is. But those are not all cases. Also, as I said already, x86 does support SIMD instructions in hardirq context in some cases. Whether anyone actually uses that, I don't know, but it is explicitly supported. Check out irq_fpu_usable(). - Eric
Powered by blists - more mailing lists