Re: AESNI driver and fpu_kern KPI
On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote: Hello, please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9) driver. I did development and some testing on the hardware generously provided by Sentex Communications to Netperf cluster. Nice work. Few comments: - Could you modify this chunk in padlock.c: + td = curthread; + error = fpu_kern_enter(td, ses-ses_fpu_ctx); + if (error != 0) + goto out; error = padlock_hash_setup(ses, macini); + fpu_kern_leave(td, ses-ses_fpu_ctx); + out: To something without goto, eg.: td = curthread; error = fpu_kern_enter(td, ses-ses_fpu_ctx); if (error == 0) { error = padlock_hash_setup(ses, macini); fpu_kern_leave(td, ses-ses_fpu_ctx); } - I see that in sys/dev/random/nehemiah.c you don't check for return value of fpu_kern_enter(). That's the only place where you ignore it. Is that intended? - Unfortunately the driver in its current version can't be used with IPsec and with GELI where authentication is enabled. This is because the driver doesn't support sessions where both encryption and authentication is defined. Do you have plans to change it? I saw that you based crypto(9) bits on padlock, which does support sessions with authentication by calculating hashes in software. -- Pawel Jakub Dawidek http://www.wheelsystems.com p...@freebsd.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! pgptFXEkt9czc.pgp Description: PGP signature
Re: AESNI driver and fpu_kern KPI
On Tue, May 18, 2010 at 05:30:19PM +0200, Pawel Jakub Dawidek wrote: On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote: Hello, please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9) driver. I did development and some testing on the hardware generously provided by Sentex Communications to Netperf cluster. Nice work. Few comments: - Could you modify this chunk in padlock.c: + td = curthread; + error = fpu_kern_enter(td, ses-ses_fpu_ctx); + if (error != 0) + goto out; error = padlock_hash_setup(ses, macini); + fpu_kern_leave(td, ses-ses_fpu_ctx); + out: To something without goto, eg.: td = curthread; error = fpu_kern_enter(td, ses-ses_fpu_ctx); if (error == 0) { error = padlock_hash_setup(ses, macini); fpu_kern_leave(td, ses-ses_fpu_ctx); } Done. - I see that in sys/dev/random/nehemiah.c you don't check for return value of fpu_kern_enter(). That's the only place where you ignore it. Is that intended? No, thank you, fixed. - Unfortunately the driver in its current version can't be used with IPsec and with GELI where authentication is enabled. This is because the driver doesn't support sessions where both encryption and authentication is defined. Do you have plans to change it? I saw that you based crypto(9) bits on padlock, which does support sessions with authentication by calculating hashes in software. My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an opportunity to test the KPI in real application. I may consider adding software-implemented authentification sometime later. I would not object if anybody do this instead of me. Since you are there, I want to confirm that you do not have objections against your copyright left in aesni.c. The file was copied from padlock.c and I felt that removing the copyright is wrong. Updated patch, that also includes some other changes, mainly additions to fpu_kern() KPI, that were discussed/requested by Fabien Thomas, is at http://people.freebsd.org/~kib/misc/aesni.2.patch. Thank you for your comments. pgp8b5Us7q8yA.pgp Description: PGP signature
Re: AESNI driver and fpu_kern KPI
- Unfortunately the driver in its current version can't be used with IPsec and with GELI where authentication is enabled. This is because the driver doesn't support sessions where both encryption and authentication is defined. Do you have plans to change it? I saw that you based crypto(9) bits on padlock, which does support sessions with authentication by calculating hashes in software. My goal was to develop fpu_kern_enter() KPI. I used the AESNI as an opportunity to test the KPI in real application. I may consider adding software-implemented authentification sometime later. I would not object if anybody do this instead of me. Today I've tested the patch with the same issue with IPsec, i've quickly re-included the same keyed hash function than padlock to test, tomorrow I will test again and I will post a patch if it works well. A minor things: aesni only compile as a module. Another idea for Sha1 would be to integrate the new version from intel http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/ but it seems the 32bits version is not available at this time (and same licencing issue). Regards, Fabien ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
AESNI driver and fpu_kern KPI
Hello, please find at http://people.freebsd.org/~kib/misc/aesni.1.patch the combined patch, containing the fpu_kern KPI and Intel AESNI crypto(9) driver. I did development and some testing on the hardware generously provided by Sentex Communications to Netperf cluster. I already posted the kern_fpu part. This is a KPI for x86 arches to denote the region of the kernel code as using the FPU/SSE hardware. I wanted to use the KPI for some in-kernel SSE code to have a proof that interface is useful and up to the task. The crypto(9) driver using AESNI instructions appeared to be a perfect match. Also, the patch should fix the fpu dna in kernel mode messages usually appearing when using VIA padlock engine. Padlock does not use FPU resources, but occasionally issues NPX exception if FPU is marked as unavailable due to context switch. I am interested in the problem reports and reviews. Maintainers of !x86-oids are welcome to provide feedback whether they feel that proposed KPI could be implemented on their architectures, or what modifications they consider as needed to be able to implement it. Unless major objections are raised or bugs are found, I plan to commit the fpu_kern KPI shortly. On the other hand, some code in the AESNI driver was derived from the Intel whitepaper, that does not specified a license for the code explicitely. I asked the author of the paper for clarification, he seems to be supportive. In the worst case, aeskeys_{i386,amd64}.S files would be rewritten from scratch. Until the issue is resolved, AESNI part cannot be committed. pgpVGOxglQWJr.pgp Description: PGP signature
Re: AESNI driver and fpu_kern KPI
On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote: I am interested in the problem reports and reviews. Maintainers of !x86-oids are welcome to provide feedback whether they feel that proposed KPI could be implemented on their architectures, or what modifications they consider as needed to be able to implement it. FYI, sparc64 doesn't need such a KPI as it supports using the FPU in kernel unconditionally for ages. Marius ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: AESNI driver and fpu_kern KPI
On Sat, May 15, 2010 at 01:04:36PM +0200, Marius Strobl wrote: On Sat, May 15, 2010 at 01:04:01PM +0300, Kostik Belousov wrote: I am interested in the problem reports and reviews. Maintainers of !x86-oids are welcome to provide feedback whether they feel that proposed KPI could be implemented on their architectures, or what modifications they consider as needed to be able to implement it. FYI, sparc64 doesn't need such a KPI as it supports using the FPU in kernel unconditionally for ages. How is this done on sparc64 ? Is PSTATE.PEF cleared on kernel entry, or FPU is disabled ? When I researched the problem space, I noted that windows on amd64 also provides an unrestricted access to XMM, while not on i386: http://msdn.microsoft.com/en-us/library/ff545910%28VS.85%29.aspx It seems that windows unconditionally set CR0.TS on kernel-mode entry from usermode. pgpmCJ699IGGD.pgp Description: PGP signature