From: Lukas Wunner <lukas@wunner.de>
To: Fabian Blatter <fabianblatter09@gmail.com>
Cc: ignat@linux.win, herbert@gondor.apana.org.au,
davem@davemloft.net, stefanb@linux.ibm.com,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] crypto: ecc - Optimize vli additive operations using compiler builtins
Date: Tue, 23 Jun 2026 15:37:01 +0200 [thread overview]
Message-ID: <ajqL_VMVA6n-gfQP@wunner.de> (raw)
In-Reply-To: <CAGtAT=nJOAxecN+eYVwkzQAUcr2BaBhAO=ni9hWqdRKUQ06=fA@mail.gmail.com> <20260607112435.42804-1-fabianblatter09@gmail.com>
On Sun, Jun 07, 2026 at 01:24:35PM +0200, Fabian Blatter wrote:
> This patch uses __builtin_addcll, __builtin_subcll when available and
> otherwise __builtin_uaddll_overflow, __builtin_usubll_overflow. the
> latter have existed since ancient gcc versions, so no third fallback
> is needed.
crypto/ecc.c is derived from https://github.com/kmackay/micro-ecc/,
which seeks to be a portable ECC library. I suspect the portability
goal is the reason why it doesn't take advantage of compiler builtins
or other optimizations.
The kernel is much less encumbered, the minimum compiler versions are
apparent from Documentation/process/changes.rst. If these compiler
versions support the builtins you're using then everything should be
alright.
> I have put the add_carry and sub_borrow inline functions with the
> preprocessor logic for builtin selection directly in crypto/ecc.c.
> Please let me know if you would like them to be somewhere else.
Seems reasonable to me.
> This is quite interesting, since, as far as I know, the kernel compiles
> with gcc and O2 by default, yet the macro-level benchmarks still show a
> performance increase. The effect seems to be reversed when crypto/ecc.c
> gets compiled. Or maybe the linux kernel uses some additional
> optimization flags, I am unsure.
You can compile the kernel with V=1 to see the full command line.
> However, most of the time, the patched version outperforms the original
> one by a wide margin:
> - On clang -O2 or -O3, vli_add and vli_uadd show a 4.074x and 5.384x
> speedup.
> - On gcc, vli_uadd shows a 74% performance increase at O2,
> and a 2.07x speedup at O3.
There is precedent in the tree for overriding the default -O2 with -O3,
see lib/lz4/Makefile and arch/mips/vdso/Makefile.
It might be worth using that for crypto/ecc.c if it doesn't cause
breakage and yields a significant speedup.
> I am happy to make any changes to this patch if you like.
> I could also look into making `vli_cmp` and `vli_is_zero`,
> or others constant-time in a future patch.
Your patch LGTM and I don't see a need for a v2.
Previously we discussed replacing the ECC point multiplication algorithm
used by crypto/ecc.c with a newer constant time Montgomery ladder.
If you are interested in continuing working on crypto/ecc.c,
this might be a worthwhile topic:
https://lore.kernel.org/r/aftFAexDFrYbIeBM@wunner.de/
Thanks,
Lukas
prev parent reply other threads:[~2026-06-23 13:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-07 11:24 [PATCH] crypto: ecc - Optimize vli additive operations using compiler builtins Fabian Blatter
2026-06-09 18:58 ` Stefan Berger
2026-06-09 20:51 ` Fabian
2026-06-10 14:52 ` Stefan Berger
2026-06-10 16:57 ` Fabian
2026-06-10 17:25 ` Stefan Berger
2026-06-23 13:37 ` Lukas Wunner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajqL_VMVA6n-gfQP@wunner.de \
--to=lukas@wunner.de \
--cc=davem@davemloft.net \
--cc=fabianblatter09@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@linux.win \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.