From: Eric Biggers <ebiggers@kernel.org>
To: "Chang S. Bae" <chang.seok.bae@intel.com>
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
dm-devel@redhat.com, luto@kernel.org,
dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de,
mingo@kernel.org, x86@kernel.org, herbert@gondor.apana.org.au,
ardb@kernel.org, elliott@hpe.com, dan.j.williams@intel.com,
bernie.keany@intel.com, charishma1.gairuboyina@intel.com
Subject: Re: [PATCH v9 00/14] x86: Support Key Locker
Date: Sun, 7 Apr 2024 21:48:06 -0400 [thread overview]
Message-ID: <20240408014806.GA965@quark.localdomain> (raw)
In-Reply-To: <13bb2f0f-5894-4366-be53-44658144a23d@intel.com>
Hi,
On Sun, Apr 07, 2024 at 04:24:18PM -0700, Chang S. Bae wrote:
> On 3/28/2024 6:53 PM, Chang S. Bae wrote:
> >
> > Then, the following is a summary of changes per patch since v8 [6]:
> >
> > PATCH7-8:
> > * Invoke the setup code via arch_initcall() due to upstream changes
> > delaying the FPU setup.
> >
> > PATCH9-11:
> > * Add new patches for security and hotplug support clarification
>
> I've recently made updates to a few patches, primarily related to the
> mitigation parts. While the series is still under review, Eric's VAES
> patches have been merged into the crypto tree and are currently being
> sorted out. Once things settle down, I will make a few adjustments on the
> crypto side. Then, another revision will be necessary thereafter.
>
> Thanks,
> Chang
Thanks for the updated patchset!
Do you have a plan for how this will be merged? Which trees will the patches go
through? I think that the actual AES-XTS implementation could still use a bit
more polishing; see my comments below. However, patches 1-12 don't need to wait
for that. Perhaps the x86 maintainers would like to take patches 1-12 for
v6.10? Then the AES-XTS support can go through the crypto tree afterwards.
As you noticed, this cycle I've been optimizing AES-XTS for x86_64 by adding new
VAES and AES-NI + AVX implementations. I have some ideas for the Key Locker
based implementation of AES-XTS:
First, surely it's the case that in practice, all CPUs that support Key Locker
also support AVX? If so, then there's no need for the Key Locker assembly to
use legacy SSE instructions. It should instead target AVX and use VEX-coded
instructions. This would save some instructions and improve performance.
Since the Key Locker assembly only supports 64-bit mode, it should also feel
free to use registers xmm8-xmm15 for purposes such as caching the XTS tweaks.
This would improve performance.
Since the Key Locker assembly advances a large number of XTS tweaks at a time
(8), I'm also wondering if it would be faster to multiply by x^8 directly
instead of multiplying by x sequentially eight times. This can be done using
the pclmulqdq instruction; see aes-xts-avx-x86_64.S which implements this
optimization. Probably all CPUs that support Key Locker also support PCLMULQDQ.
I'm also trying to think of the best way to organize the Key Locker AES-XTS glue
code. I see that you're proposing to share the glue code with the existing
AES-XTS implementations. Unfortunately I don't think this ends up working very
well, due to the facts that the Key Locker code can return errors and uses a
different key type. I think that for now, I'd prefer that you simply copied the
XTS glue code into aeskl-intel_glue.c and modified it as needed. (But make sure
to use the new version of the glue code, which is faster.)
For falling back to AES-NI, I think the cleanest solution is to call the
top-level setkey, encrypt, and decrypt functions (the ones that are set in the
xts-aes-aesni skcipher_alg), instead of calling lower-level functions as your
current patchset does.
If you could keep the Key Locker assembly roughly stylistically consistent with
the new aes-xts-avx-x86_64.S, that would be great too.
Do you happen to know if there's any way to test the Key Locker AES-XTS code
without having access to a bare metal machine with a CPU that supports Key
Locker? I tried a Sapphire Rapids based VM in Google Compute Engine, but it
doesn't enumerate Key Locker. I also don't see anything in QEMU related to Key
Locker. So I don't currently have an easy way to test this patchset.
Finally, a high level question. Key Locker has been reported to be
substantially slower than AES-NI. At the same time, VAES has recently doubled
performance over AES-NI. I'd guess this leaves Key Locker even further behind.
Given that, how useful is this patchset? I'm a bit concerned that this might be
something that sounds good in theory but won't be used in practice. Are
performance improvements for Key Locker on the horizon? (Well, there are the
improvements I suggested above, which should help, but it sounds like main issue
is the Key Locker instructions themselves which are just fundamentally slower.)
- Eric
next prev parent reply other threads:[~2024-04-08 1:48 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 21:12 [PATCH v5 00/12] x86: Support Key Locker Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 01/12] Documentation/x86: Document " Chang S. Bae
2023-06-05 10:52 ` Bagas Sanjaya
2022-01-12 21:12 ` [PATCH v5 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2022-08-23 15:49 ` Evan Green
2022-08-24 22:20 ` Chang S. Bae
2022-08-24 22:52 ` Evan Green
2022-08-25 1:06 ` Chang S. Bae
2022-08-25 15:31 ` Evan Green
2022-08-31 23:08 ` Chang S. Bae
2022-09-06 16:22 ` Evan Green
2022-09-06 16:46 ` Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae
2022-01-29 17:31 ` [PATCH v5-fix " Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2022-01-12 21:12 ` [PATCH v5 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2022-01-13 22:16 ` [PATCH v5 00/12] x86: Support Key Locker Dave Hansen
2022-01-13 22:34 ` Bae, Chang Seok
2023-04-10 22:59 ` [PATCH v6 " Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 01/12] Documentation/x86: Document " Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 05/12] x86/msr-index: Add MSRs for Key Locker internal wrapping key Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 07/12] x86/cpu/keylocker: Load an internal wrapping key at boot-time Chang S. Bae
2023-05-05 23:05 ` Eric Biggers
2023-05-08 18:18 ` Chang S. Bae
2023-05-08 21:56 ` Dave Hansen
2023-05-09 0:31 ` Chang S. Bae
2023-05-09 0:51 ` Dave Hansen
2023-05-08 19:18 ` Elliott, Robert (Servers)
2023-05-08 20:15 ` Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 08/12] x86/PM/keylocker: Restore internal wrapping key on resume from ACPI S3/4 Chang S. Bae
2023-05-05 23:09 ` Eric Biggers
2023-05-08 18:18 ` Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 10/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2023-05-05 23:27 ` Eric Biggers
2023-05-09 0:55 ` Chang S. Bae
2023-05-11 19:05 ` Chang S. Bae
2023-05-11 21:39 ` Eric Biggers
2023-05-11 23:19 ` Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 11/12] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2023-05-06 0:01 ` Eric Biggers
2023-05-08 18:18 ` Chang S. Bae
2023-05-24 17:18 ` Chang S. Bae
2023-05-12 17:52 ` Milan Broz
2023-05-08 19:21 ` Elliott, Robert (Servers)
2023-05-08 19:24 ` Elliott, Robert (Servers)
2023-05-08 20:00 ` Chang S. Bae
2023-04-10 22:59 ` [PATCH v6 12/12] crypto: x86/aes-kl - Support XTS mode Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 00/12] x86: Support Key Locker Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 01/12] Documentation/x86: Document " Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae
2023-05-26 6:54 ` Eric Biggers
2023-05-30 20:50 ` Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 11/12] crypto: x86/aes - Prepare for a new AES implementation Chang S. Bae
2023-05-24 16:57 ` [PATCH v7 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae
2023-05-26 7:23 ` Eric Biggers
2023-05-30 20:49 ` Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 00/12] x86: Support Key Locker Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 01/12] Documentation/x86: Document " Chang S. Bae
2023-06-05 10:54 ` Bagas Sanjaya
2023-06-06 2:17 ` Randy Dunlap
2023-06-06 4:18 ` Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 02/12] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 03/12] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 04/12] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 05/12] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 06/12] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 07/12] x86/cpu/keylocker: Load a wrapping key at boot-time Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 08/12] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 09/12] x86/cpu: Add a configuration and command line option for Key Locker Chang S. Bae
2023-06-03 16:37 ` Borislav Petkov
2023-06-04 22:13 ` Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 10/12] crypto: x86/aesni - Use the proper data type in struct aesni_xts_ctx Chang S. Bae
2023-06-04 15:34 ` Eric Biggers
2023-06-04 22:02 ` Chang S. Bae
2023-06-05 2:46 ` Eric Biggers
2023-06-05 4:41 ` Chang S. Bae
2023-06-21 12:06 ` [PATCH] crypto: x86/aesni: Align the address before aes_set_key_common() Chang S. Bae
2023-07-14 8:51 ` Herbert Xu
2023-06-03 15:22 ` [PATCH v8 11/12] crypto: x86/aes - Prepare for a new AES-XTS implementation Chang S. Bae
2023-06-03 15:22 ` [PATCH v8 12/12] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae
2023-06-07 5:35 ` Eric Biggers
2023-06-07 22:06 ` Chang S. Bae
2024-03-11 21:32 ` [PATCH] crypto: x86/aesni - Update aesni_set_key() to return void Chang S. Bae
2024-03-12 2:15 ` Eric Biggers
2024-03-12 7:46 ` Ard Biesheuvel
2024-03-12 15:03 ` Chang S. Bae
2024-03-12 15:18 ` Ard Biesheuvel
2024-03-12 15:37 ` Chang S. Bae
2024-03-22 23:04 ` [PATCH v2 0/2] crypto: x86/aesni - Simplify AES key expansion code Chang S. Bae
2024-03-22 23:04 ` [PATCH v2 1/2] crypto: x86/aesni - Rearrange AES key size check Chang S. Bae
2024-03-22 23:04 ` [PATCH v2 2/2] crypto: x86/aesni - Update aesni_set_key() to return void Chang S. Bae
2024-03-28 10:57 ` [PATCH v2 0/2] crypto: x86/aesni - Simplify AES key expansion code Herbert Xu
2024-03-29 1:53 ` [PATCH v9 00/14] x86: Support Key Locker Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 01/14] Documentation/x86: Document " Chang S. Bae
2024-03-31 15:48 ` Randy Dunlap
2024-03-29 1:53 ` [PATCH v9 02/14] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 03/14] x86/insn: Add Key Locker instructions to the opcode map Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 04/14] x86/asm: Add a wrapper function for the LOADIWKEY instruction Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 05/14] x86/msr-index: Add MSRs for Key Locker wrapping key Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 06/14] x86/keylocker: Define Key Locker CPUID leaf Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 07/14] x86/cpu/keylocker: Load a wrapping key at boot time Chang S. Bae
2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 08/14] x86/PM/keylocker: Restore the wrapping key on the resume from ACPI S3/4 Chang S. Bae
2024-05-22 18:48 ` [PATCH v9a " Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 09/14] x86/hotplug/keylocker: Ensure wrapping key backup capability Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation Chang S. Bae
2024-03-29 6:57 ` Pawan Gupta
2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae
2024-04-19 0:01 ` Pawan Gupta
2024-04-22 7:49 ` Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 11/14] x86/cpu/keylocker: Check Register File " Chang S. Bae
2024-03-29 6:20 ` Pawan Gupta
2024-04-07 23:04 ` [PATCH v9a " Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 12/14] x86/Kconfig: Add a configuration for Key Locker Chang S. Bae
2024-06-11 21:36 ` [PATCH v9b 12/14] x86/Kconfig: Add symbols " Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 13/14] crypto: x86/aes - Prepare for new AES-XTS implementation Chang S. Bae
2024-06-11 21:41 ` Chang S. Bae
2024-03-29 1:53 ` [PATCH v9 14/14] crypto: x86/aes-kl - Implement the AES-XTS algorithm Chang S. Bae
2024-05-22 18:42 ` [PATCH v9a " Chang S. Bae
2024-05-31 5:37 ` Eric Biggers
2024-06-11 21:35 ` [PATCH v9b " Chang S. Bae
2024-04-07 23:24 ` [PATCH v9 00/14] x86: Support Key Locker Chang S. Bae
2024-04-08 1:48 ` Eric Biggers [this message]
2024-04-15 22:16 ` Chang S. Bae
2024-04-15 22:54 ` Eric Biggers
2024-04-15 22:58 ` Chang S. Bae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240408014806.GA965@quark.localdomain \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=bernie.keany@intel.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=charishma1.gairuboyina@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dm-devel@redhat.com \
--cc=elliott@hpe.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox