Date: Thu, 31 Dec 2020 15:07:02 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Allan Jude <allanjude@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Enabling AESNI by default Message-ID: <20201231200702.22gvepvlzfwncalz@mutt-hbsd> In-Reply-To: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org> References: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Dec 31, 2020 at 02:51:06PM -0500, Allan Jude wrote: > We've had the AESNI module for quite a few years now, and it has not > caused any problems. > > I am wondering if there are any objections to including it in GENERIC, > so that users get the benefit without having to have the "tribal > knowledge" that 'to accelerate kernel crypto (GELI, ZFS, IPSEC, etc), > you need to load aesni.ko' > > Userspace crypto that uses openssl or similar libraries is already > taking advantage of these CPU instructions if they are available, by > excluding this feature from GENERIC we are just causing the "out of the > box" experience to by very very slow for crypto. > > For example, writing 1MB blocks to a GELI encrypted swap-backed md(4) > device: > > with 8 jobs on a 10 core Intel Xeon CPU E5-2630 v4 @ 2.20GHz > > fio --filename=/dev/md0.eli --device=1 --name=geli --rw=write --bs=1m > --numjobs=8 --iodepth=16 --end_fsync=1 --ioengine=pvsync > --group_reporting --fallocate=none --runtime=60 --time_based > > > stock: > write: IOPS=530, BW=530MiB/s (556MB/s) (31.1GiB/60012msec) > > with aesni.ko loaded: > write: IOPS=2824, BW=2825MiB/s (2962MB/s) (166GiB/60002msec) > > > Does anyone have a compelling reason to deny our users the 5x speedup? Note: HardenedBSD has had AESNI enabled on amd64 for nearly six years. Not a single complaint. For reference, HardenedBSD commit: a5aabd1c8dcc2a5097de56c54ec2a1c8d9352896 Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl/uL2MACgkQ/y5nonf4 4fqIYhAAkqe9elnalcTGC+NO9jn6QHR+jITE5Vc33JE1xyDts9YcJVJCEOC5wvwK 4iKxzlkdMYesjZhubslOhtov2lzCWW/h7Nks9VlBsa9LVcqea1EFf4qmUiPoDIto OlhH8Tr6mvohdlX/TtB2G0YGQ1euZdZM3VlnEDo7GGJJcKVEE9XTo0eXzi9Wq/yQ 2DJLgLHuS1hkENQfebFB+OSOnbVuP/wQEjSXwndHgGy20gzXOqWnfXLy7tMl4EhX H840LF6WX7Hyk+l81DWZP20a4IUhm2C6nFYCYrskmu4Hm51zKTM9GvghJl1QHGsH v/0UQX6+NlRI5ebvUlZELvX0K+qMxTQPBCvVX5xGGqcWLrvx7Q+6t+2uQn1DKD6Z CrSSgCR3AFBK5dJjkvD08XNW+TjVHphiqNoz3Tz6J6UWCv7hSlYdvx2vdv8KmllJ NqBfgD9TEQ+epqWUnqu5jn13h7Vtie82XH12jejKpzQovBLQEKRSt/hvJuhwOQdO sui3oulUCcl43BxUnkBVXMc2BIRbL08a0wFw7Wrm/W6dJ9rbfbiQVKGvs5IEkCLz AVoVG30b8IkOLryMT0c09bCmhW7gzbIc9S+dwk38aFHFcGsl5vRyp37SxOkGxecu 67mz5uFv9pXQXNPzztKFslXTYYbQHoYn6PYD7LMU5os+Qp66VKk= =1VhA -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201231200702.22gvepvlzfwncalz>