lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251017205006.GA769943@google.com>
Date: Fri, 17 Oct 2025 20:50:06 +0000
From: Eric Biggers <ebiggers@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: linux-crypto@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>,
	linux-kernel@...r.kernel.org, x86@...nel.org, Jason@...c4.com
Subject: Re: [PATCH 0/8] VAES+AVX2 optimized implementation of AES-GCM

On Fri, Oct 17, 2025 at 09:04:37AM -0700, Eric Biggers wrote:
> On Fri, Oct 17, 2025 at 10:44:37AM +0200, Ard Biesheuvel wrote:
> > On Fri, 17 Oct 2025 at 10:25, Herbert Xu <herbert@...dor.apana.org.au> wrote:
> > >
> > > Eric Biggers <ebiggers@...nel.org> wrote:
> > > > On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
> > > >> This patchset replaces the 256-bit vector implementation of AES-GCM for
> > > >> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> > > >> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> > > >> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> > > >>
> > > >> This patchset also renames the 512-bit vector implementation of AES-GCM
> > > >> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> > > >> some additional optimizations to it.
> > > >>
> > > >> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> > > >> I'd prefer to just apply this myself.  But let me know if you'd prefer
> > > >> to take it instead (considering that AES-GCM hasn't been librarified
> > > >> yet).  Either way, there's no hurry, since this is targeting 6.19.
> > > >>
> > > >> Eric Biggers (8):
> > > >>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
> > > >>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
> > > >>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
> > > >>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
> > > >>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
> > > >>     functions
> > > >>   crypto: x86/aes-gcm - revise some comments in AVX512 code
> > > >>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
> > > >>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> > > >>
> > > >>  arch/x86/crypto/Makefile                      |    5 +-
> > > >>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
> > > >>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
> > > >>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
> > > >>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
> > > >>  5 files changed, 1667 insertions(+), 486 deletions(-)
> > > >>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
> > > >>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> > > >>
> > > >> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
> > > >
> > > > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next
> > >
> > > Oops, I didn't see this email until it was too late.  Since the
> > > patches should be identical I don't think it matters.
> 
> Well, it seems you didn't read the patchset (even the cover letter) or
> any of the replies to it.  So maybe I should just take it, as I already
> said I preferred, and later did do since you hadn't said you wanted to
> take it.  It would have been okay if you had volunteered to take this,
> but you need to actually read the patches and replies.
> 
> As for the patches being identical, besides correctly applying Ard's
> tags, I made a couple very minor changes that weren't worth sending a v2
> for: clarifying one of the commit messages, and correcting two comments
> and dropping some unused aliases from aes-gcm-vaes-avx2.S.

And to be clear, these aren't going to go through two trees.  That would
be silly.  If you really want to take them after all, then ask me to
drop them first, and make sure to apply them properly with Acked-by and
Tested-by tags.  Otherwise, please drop your duplicate copy.

Thanks,

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ