Date: Thu, 31 Dec 2020 15:07:02 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Allan Jude <allanjude@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Enabling AESNI by default Message-ID: <20201231200702.22gvepvlzfwncalz@mutt-hbsd> In-Reply-To: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org> References: <5d56280e-a8dd-b28d-7039-f8fe0bc0cd6f@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ji2eli3lbepfjcm2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 31, 2020 at 02:51:06PM -0500, Allan Jude wrote: > We've had the AESNI module for quite a few years now, and it has not > caused any problems. >=20 > I am wondering if there are any objections to including it in GENERIC, > so that users get the benefit without having to have the "tribal > knowledge" that 'to accelerate kernel crypto (GELI, ZFS, IPSEC, etc), > you need to load aesni.ko' >=20 > Userspace crypto that uses openssl or similar libraries is already > taking advantage of these CPU instructions if they are available, by > excluding this feature from GENERIC we are just causing the "out of the > box" experience to by very very slow for crypto. >=20 > For example, writing 1MB blocks to a GELI encrypted swap-backed md(4) > device: >=20 > with 8 jobs on a 10 core Intel Xeon CPU E5-2630 v4 @ 2.20GHz >=20 > fio --filename=3D/dev/md0.eli --device=3D1 --name=3Dgeli --rw=3Dwrite --b= s=3D1m > --numjobs=3D8 --iodepth=3D16 --end_fsync=3D1 --ioengine=3Dpvsync > --group_reporting --fallocate=3Dnone --runtime=3D60 --time_based >=20 >=20 > stock: > write: IOPS=3D530, BW=3D530MiB/s (556MB/s) (31.1GiB/60012msec) >=20 > with aesni.ko loaded: > write: IOPS=3D2824, BW=3D2825MiB/s (2962MB/s) (166GiB/60002msec) >=20 >=20 > Does anyone have a compelling reason to deny our users the 5x speedup? Note: HardenedBSD has had AESNI enabled on amd64 for nearly six years. Not a single complaint. For reference, HardenedBSD commit: a5aabd1c8dcc2a5097de56c54ec2a1c8d9352896 Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ji2eli3lbepfjcm2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl/uL2MACgkQ/y5nonf4 4fqIYhAAkqe9elnalcTGC+NO9jn6QHR+jITE5Vc33JE1xyDts9YcJVJCEOC5wvwK 4iKxzlkdMYesjZhubslOhtov2lzCWW/h7Nks9VlBsa9LVcqea1EFf4qmUiPoDIto OlhH8Tr6mvohdlX/TtB2G0YGQ1euZdZM3VlnEDo7GGJJcKVEE9XTo0eXzi9Wq/yQ 2DJLgLHuS1hkENQfebFB+OSOnbVuP/wQEjSXwndHgGy20gzXOqWnfXLy7tMl4EhX H840LF6WX7Hyk+l81DWZP20a4IUhm2C6nFYCYrskmu4Hm51zKTM9GvghJl1QHGsH v/0UQX6+NlRI5ebvUlZELvX0K+qMxTQPBCvVX5xGGqcWLrvx7Q+6t+2uQn1DKD6Z CrSSgCR3AFBK5dJjkvD08XNW+TjVHphiqNoz3Tz6J6UWCv7hSlYdvx2vdv8KmllJ NqBfgD9TEQ+epqWUnqu5jn13h7Vtie82XH12jejKpzQovBLQEKRSt/hvJuhwOQdO sui3oulUCcl43BxUnkBVXMc2BIRbL08a0wFw7Wrm/W6dJ9rbfbiQVKGvs5IEkCLz AVoVG30b8IkOLryMT0c09bCmhW7gzbIc9S+dwk38aFHFcGsl5vRyp37SxOkGxecu 67mz5uFv9pXQXNPzztKFslXTYYbQHoYn6PYD7LMU5os+Qp66VKk= =1VhA -----END PGP SIGNATURE----- --ji2eli3lbepfjcm2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201231200702.22gvepvlzfwncalz>