From owner-freebsd-hackers@freebsd.org Tue Oct 27 03:27:25 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6BF1843AD89 for ; Tue, 27 Oct 2020 03:27:25 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CKxwD4j97z4CY8 for ; Tue, 27 Oct 2020 03:27:24 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qk1-x741.google.com with SMTP id t128so49487qke.0 for ; Mon, 26 Oct 2020 20:27:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=JCQq/X2oZxBmXo9h6R6qizTpm61Q4roE1o5jh//4jxM=; b=ZnbrpqnpQE8C1d5PqHNRXMA7Xu290QC5Hvv313uAsXx0pilxH5e32YGGz2HZy064DL vq5ezr0OLpmFLvjT6HJhhvxylv4eLkcyBWpY6Mb4gfqCW6kgvM3xufnYfbfPHrXLQbG9 QUX7bY6vdW6JzW1JQnkeLoPan/9uHBnGNKu98+DRJ/HpipquZY6E8yr7SsaR6F1Lrs5S gJckifNyXP+TLaGXGgQYhj+PoWPfQBqFN0fwE+PNCrqF38/qMUxBjiN82ImRcCdCmZWr +i490fzPro/TnaeZdcWSCnOMVdS0SXL5z/CSxlmZlO05K9FJG9osX+RnsKDxY+HAJ7OJ a41w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=JCQq/X2oZxBmXo9h6R6qizTpm61Q4roE1o5jh//4jxM=; b=dYLw1ENL/KRwLbdANB5rSE5B23fYgnne+KezKLN5C6UK4q8ZUhIBdPPxeBb73zeaPF 42mMEBPKW6lI8NMyGL0rbRsOw8wjMtd/RIBNEy63z1F1jaQclPnX8PCa4UlnpucMn6+a K/V9o4rLKQpnpiSm9pPuMuQu2oaXURU2qUMYrm7n9z6WL6N1iWMPCpY9L0/3xa5joF/V aTRjKS6QkM/K/p1ZC2feFik+OxZy7vNCbDlCvV8/fRrGTQAREUTn0eS9NIUYsFHddi6E tJA2prDr7v+O+PTlazD04FaCsibxBgLBPLfsWCHsC1vmxUy2tXrqBsg28c/vRrGUtwZ/ uxQg== X-Gm-Message-State: AOAM532rR0TpoY9acgC+Q2w3dF0AMXWfyRU5Um3Wv6B7qbqaO1oB18cE 03R1PH3PSkZt7ktKe/MIrj/s0dBElAU= X-Google-Smtp-Source: ABdhPJxOWlCk2kGyBIHxp5R3OdAc4ufiG5zwIQKb3sNcdkHlBRjg0odbQ3uqhjHWWiswvItpUSXP7w== X-Received: by 2002:a37:7181:: with SMTP id m123mr238801qkc.295.1603769243643; Mon, 26 Oct 2020 20:27:23 -0700 (PDT) Received: from raichu (toroon0560w-lp130-01-174-88-77-103.dsl.bell.ca. [174.88.77.103]) by smtp.gmail.com with ESMTPSA id p5sm158747qtu.13.2020.10.26.20.27.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Oct 2020 20:27:22 -0700 (PDT) Sender: Mark Johnston Date: Mon, 26 Oct 2020 23:27:20 -0400 From: Mark Johnston To: Neel Chauhan Cc: freebsd-hackers@freebsd.org Subject: Re: QAT driver Message-ID: <20201027032720.GB31663@raichu> References: <20201026200059.GA66299@raichu> <723fbd7326df42ce30cd5e361db9c736@neelc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <723fbd7326df42ce30cd5e361db9c736@neelc.org> X-Rspamd-Queue-Id: 4CKxwD4j97z4CY8 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Znbrpqnp; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::741 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-1.94 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.01)[-1.005]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::741:from]; NEURAL_HAM_SHORT(-0.20)[-0.199]; NEURAL_HAM_MEDIUM(-1.04)[-1.037]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2020 03:27:25 -0000 On Mon, Oct 26, 2020 at 08:00:08PM -0700, Neel Chauhan wrote: > Hi, > > This is great news for me with my home HPE ML110 G10/Xeon 4108 server. > > However, I will not be able to test this patch unless it can get > backported to 12.1 or 12.2 once it's out, and I don't expect backporting > to happen. Indeed, it wouldn't appear before 12.3. > I have one question about this: will I be able to use this to accelerate > OpenSSL? Is additional code needed? In principle OpenSSL can make use of cryptodev(4) using the cryptodev engine, which would allow requests to be handled by qat(4) (or any other hardware crypto driver loaded in the kernel). I don't know that the cryptodev engine is really maintained these days though. More importantly, using the kernel to perform crypto transforms carries a lot of overhead since OpenSSL would have to switch into the kernel and copy data between userspace and the kernel for each request. I'd be surprised if you get any benefit from this versus using the AES-NI extensions in userspace, which OpenSSL should do out of the box. There are QAT drivers designed to service userspace requests efficiently, such as the one published by Intel and the one included with DPDK. This one is a fair bit simpler and really mostly intended for kernel consumers, mainly IPSec and disk encryption subsystems. > I use the mentioned HPE server for Tor and Tor is very crypto-heavy (yet > singlethreaded). > > I believe the official Intel drivers allow OpenSSL acceleration, but I'd > prefer to avoid out-of-band drivers whether possible (ports/src is > fine). It'd still be worth testing if you think a significant gain may be had.