From owner-freebsd-current@freebsd.org Thu Dec 31 20:07:05 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E85884CDD58 for ; Thu, 31 Dec 2020 20:07:05 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6K1j1CXsz3mB3 for ; Thu, 31 Dec 2020 20:07:04 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qv1-xf2c.google.com with SMTP id p5so9362598qvs.7 for ; Thu, 31 Dec 2020 12:07:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=268ayWxWElyFO73Fadv1ILf+Bdr4fpE4R7GWAIvsYfI=; b=bWmIckKxyfyPBrJN55KQ++HBJSMLKsNaiwKjXOUlufVDfAdsBDO/AUotW9rgNchqjU 5qSrk5+7cgtiZp6H/rwrPoopSpzYye2MsRaIgPAVOBG2En/gRpjUUXSTtscn4Hy7do4q YPicjCbNK7pkwFK5iZuqmjCYNmt68uSyUsEBkrIrdjaseKRnfK9mvAYdFZq7x0NiPZN2 oeEOtrNdMevQb9szyYl0WkWpM1QlnWF/kB03eBR/RhMCAwL54eAENkGuu6GzGkWOUc90 rz5VWB/ouRZxuX0QAwm0xcdvVmUVO9SOaJmOUiDIF3luF7weuQ0zJrVXX0TuPtRFuS8i Fstg== X-Gm-Message-State: AOAM531eaNE8UjBDHT6q8kDbP/lbggylaTmJPqW7UQJXAzJUJeCQNsdk Q+ZSl8epE96RBo8eqmpFRU8CfsegSbyK9Q== X-Google-Smtp-Source: ABdhPJzf3ahz0swJl2XubT7edAIRpHGsINEAcrq4CQbVOut2f29SYycgZR4bgz/2IX/KFvSr45mZsw== X-Received: by 2002:ad4:5b82:: with SMTP id 2mr62722534qvp.28.1609445223929; Thu, 31 Dec 2020 12:07:03 -0800 (PST) Received: from mutt-hbsd (pool-100-16-222-53.bltmmd.fios.verizon.net. [100.16.222.53]) by smtp.gmail.com with ESMTPSA id f10sm30865526qtg.27.2020.12.31.12.07.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Dec 2020 12:07:02 -0800 (PST) Date: Thu, 31 Dec 2020 15:07:02 -0500 From: Shawn Webb To: Allan Jude Cc: FreeBSD Current Subject: Re: Enabling AESNI by default Message-ID: <20201231200702.22gvepvlzfwncalz@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA References: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ji2eli3lbepfjcm2" Content-Disposition: inline In-Reply-To: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org> X-Rspamd-Queue-Id: 4D6K1j1CXsz3mB3 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::f2c:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RECEIVED_SPAMHAUS_PBL(0.00)[100.16.222.53:received]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::f2c:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f2c:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 20:07:06 -0000 --ji2eli3lbepfjcm2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 31, 2020 at 02:51:06PM -0500, Allan Jude wrote: > We've had the AESNI module for quite a few years now, and it has not > caused any problems. >=20 > I am wondering if there are any objections to including it in GENERIC, > so that users get the benefit without having to have the "tribal > knowledge" that 'to accelerate kernel crypto (GELI, ZFS, IPSEC, etc), > you need to load aesni.ko' >=20 > Userspace crypto that uses openssl or similar libraries is already > taking advantage of these CPU instructions if they are available, by > excluding this feature from GENERIC we are just causing the "out of the > box" experience to by very very slow for crypto. >=20 > For example, writing 1MB blocks to a GELI encrypted swap-backed md(4) > device: >=20 > with 8 jobs on a 10 core Intel Xeon CPU E5-2630 v4 @ 2.20GHz >=20 > fio --filename=3D/dev/md0.eli --device=3D1 --name=3Dgeli --rw=3Dwrite --b= s=3D1m > --numjobs=3D8 --iodepth=3D16 --end_fsync=3D1 --ioengine=3Dpvsync > --group_reporting --fallocate=3Dnone --runtime=3D60 --time_based >=20 >=20 > stock: > write: IOPS=3D530, BW=3D530MiB/s (556MB/s) (31.1GiB/60012msec) >=20 > with aesni.ko loaded: > write: IOPS=3D2824, BW=3D2825MiB/s (2962MB/s) (166GiB/60002msec) >=20 >=20 > Does anyone have a compelling reason to deny our users the 5x speedup? Note: HardenedBSD has had AESNI enabled on amd64 for nearly six years. Not a single complaint. For reference, HardenedBSD commit: a5aabd1c8dcc2a5097de56c54ec2a1c8d9352896 Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ji2eli3lbepfjcm2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl/uL2MACgkQ/y5nonf4 4fqIYhAAkqe9elnalcTGC+NO9jn6QHR+jITE5Vc33JE1xyDts9YcJVJCEOC5wvwK 4iKxzlkdMYesjZhubslOhtov2lzCWW/h7Nks9VlBsa9LVcqea1EFf4qmUiPoDIto OlhH8Tr6mvohdlX/TtB2G0YGQ1euZdZM3VlnEDo7GGJJcKVEE9XTo0eXzi9Wq/yQ 2DJLgLHuS1hkENQfebFB+OSOnbVuP/wQEjSXwndHgGy20gzXOqWnfXLy7tMl4EhX H840LF6WX7Hyk+l81DWZP20a4IUhm2C6nFYCYrskmu4Hm51zKTM9GvghJl1QHGsH v/0UQX6+NlRI5ebvUlZELvX0K+qMxTQPBCvVX5xGGqcWLrvx7Q+6t+2uQn1DKD6Z CrSSgCR3AFBK5dJjkvD08XNW+TjVHphiqNoz3Tz6J6UWCv7hSlYdvx2vdv8KmllJ NqBfgD9TEQ+epqWUnqu5jn13h7Vtie82XH12jejKpzQovBLQEKRSt/hvJuhwOQdO sui3oulUCcl43BxUnkBVXMc2BIRbL08a0wFw7Wrm/W6dJ9rbfbiQVKGvs5IEkCLz AVoVG30b8IkOLryMT0c09bCmhW7gzbIc9S+dwk38aFHFcGsl5vRyp37SxOkGxecu 67mz5uFv9pXQXNPzztKFslXTYYbQHoYn6PYD7LMU5os+Qp66VKk= =1VhA -----END PGP SIGNATURE----- --ji2eli3lbepfjcm2--