From patchwork Wed Aug 12 06:53:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 247627 Delivered-To: patch@linaro.org Received: by 2002:a92:cc90:0:0:0:0:0 with SMTP id x16csp97300ilo; Tue, 11 Aug 2020 23:54:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOQ2fqklpKMTePM1cxLwkmifr4iOm8p9GN0TeLBQK64Owr1HVcRE5SDy6m4Fl6JmPrGSon X-Received: by 2002:a05:6902:4d3:: with SMTP id v19mr51126951ybs.272.1597215267031; Tue, 11 Aug 2020 23:54:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597215267; cv=none; d=google.com; s=arc-20160816; b=KoQ4z5pWSZrX+wMOWb6xIhLEncqOgbm3ww2xb1IldYmCCwOMfsWfqL1npuenn8mqBt jBebS+d0IVnQLobtd8Q53zelL4y+lKlae+kVJGyEuvSknECyMksdvm4FvoVAoNifE+Op qnEKAy0PzbC1DtyBOMrctDeh/Dfx6xktXp5N5829W7i97GvyF/GBDoMfwUFWZBKeY9Ye ftECoFKB8ZsYpkk6Ggdd5RKfyypAyhV9apsrv2nAsjZjxzQyEVIfzRzRC2W1opuw+MdG TEOxBiIxsHlbWbxWujjiBjFp1/IrhFQkdJlVP1Ai9eD16WrcX+AvhFSEOIXbwd6FSXGJ Hm+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:to:from:dkim-signature; bh=hRnoFEnKBhkgA2clRhmlEpGopkDGft0FGQ1sbW5/fwI=; b=joCXl6GDnflyvI0aeEhjpl6fmYzuN5Vdbvhzp572gYxthKWdLhlVD+deLH2u/t+7i2 Ut6zerhmKJMAhUMRS8B6vPBjfIAfOzdQXflo7EjQyqFpu0kEITFw8GN1x2+sCfloYnjt edbZ8qmYhAfrSHtrqdP++nYLvU9RGUs2G8ih2WsotLuksXhG+ygxdAqWQ2Y/UThjUdlk 361e19S3buNuWecmEwHACrZSbDa2asPuVsAti+I5dhsIECia1901Js7YAgjqfj7wXX9b y/euazpHUKk0Jwr+zPgqjS44Olr39SQGt+CLn5S+4Av/HqPOu67PoYbYQ1zQ3OE6R4rI qMRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=pEoJd4lD; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id e184si1429367ybe.397.2020.08.11.23.54.26 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 11 Aug 2020 23:54:27 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=pEoJd4lD; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:34572 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5keY-0005E2-GZ for patch@linaro.org; Wed, 12 Aug 2020 02:54:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33782) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5kdt-0005Dm-LC for qemu-devel@nongnu.org; Wed, 12 Aug 2020 02:53:45 -0400 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:39063) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k5kdr-000412-SD for qemu-devel@nongnu.org; Wed, 12 Aug 2020 02:53:45 -0400 Received: by mail-pl1-x644.google.com with SMTP id z20so668039plo.6 for ; Tue, 11 Aug 2020 23:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=hRnoFEnKBhkgA2clRhmlEpGopkDGft0FGQ1sbW5/fwI=; b=pEoJd4lD2pzXeFTBowHd8mepclvEYhF5He9ADrurkYy7Tf0x+nfElE8jQNEqVgDjXg UVMYowNBlzy9R5ly3L6kNZ3KEz/q+73yR79r2CZBdwU2O2VgIl3pODujhwVJ3lgXpBtb Njg1eJoqsT4AVNf8GtJ7NMBT+UsUHQ6Exuq5/qKgKO1UJsjmb7Rdt5a3Xxo7VbPL1+a9 UgS03hgYoKpXYecr9qrdB204bkYQgpOAdViA4uiyBGTCmmnBJueupCR4CXKKbeUHFAor QyyJ7agVJFAWxxQ9BG/FGiKWI7Pn6BAsaAzI3owoBncGXzQObP7JUs9n8S2/EPeVqrGN Us1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=hRnoFEnKBhkgA2clRhmlEpGopkDGft0FGQ1sbW5/fwI=; b=Mv+bngaNVH3kSgkRB9fntgo3D9cl4hd685kq/R5eTl1bLRHjNZlyhQ1Mwy040LSwXc q5s76NR4M8kAIUinaIDdH6g9TIvd6WcREFccRc30bEmQYfX+djWUg5MqOzowRix0Lt0a 5tABaqCy3OXgCeB0+z38ojaBtd/b2ctHN5xON1yEEEJ93PjlRIZzodAV1uFq4LStREvo hPxntoGmHz7PqymK5LFsA5FwMjn0K8zROqgjLWkayrtZJmKgQ/SXtwY4e23A2SseYF+w ovhAeV1pJ2UnH7VZuAVUsxbsHRtZADXrA1qfxbtRnB6zlwHDHXHEP/fiNkd0hI7KpY8D p53w== X-Gm-Message-State: AOAM5327SGP8w3No8/ENRmabKUl65ylSW043oSMKWsXlKJ9WFaRiWMdr ph72aWk7hIRqvdz1A1tv/LCD/ZDq3Y0= X-Received: by 2002:a17:90a:ce0c:: with SMTP id f12mr4427045pju.44.1597215221220; Tue, 11 Aug 2020 23:53:41 -0700 (PDT) Received: from localhost.localdomain ([71.212.141.89]) by smtp.gmail.com with ESMTPSA id b26sm1242781pff.54.2020.08.11.23.53.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 23:53:40 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH 0/2] target/arm: Implement an IMPDEF pauth algorithm Date: Tue, 11 Aug 2020 23:53:37 -0700 Message-Id: <20200812065339.2030527-1-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::644; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x644.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, peter.maydell@linaro.org, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" With recent linux kernels, which are built with pauth enabled, boot times have been significantly impacted. It turns out the architected pac algorithm is expensive to implement without hardware accel. I tried replacing this with AES128, which most hosts have in hardware. I did manage to make this perform fairly well, but it *really* depends on the quality of the crypto library shipped by the OS: (0) For reference, pauth_computepac_architected consumes about 80% of the total runtime for a debug-enabled kernel build. That's a 400% slowdown. (1) libgcrypt performed well, with 15% of the total runtime, or about 18% slowdown. (2a) libnettle, as shipped by ubuntu 18, does not have the x86_64 aes instruction set enabled, and so is not using the available hw accel. That took about 40% of the total runtime or 170% slowdown. (2b) Rebuilding libnettle locally, with --enable-fat, and using LD_LIBRARY_PATH to replace the system version, worked fairly well, with about 20% of the total runtime or 25% slowdown. (2c) libnettle doesn't have support for armv8, ppc or s390. Those hosts should *really* be using libgcrypt. But, silly me, I had used --target-list=aarch64-softmmu for this testing, in order to speed up the builds. When I went back to building aarch64-linux-user, I was reminded that we don't link linux-user binaries against the crypto libraries. And those crypto libraries are usually only distributed as shared libraries, which would cause problems for --static. I very briefly looked into doing my own aes implementation, with host cpu detection. But aside from the ugliness of that, it begs the question of what to do if there's no host accel. I settled on a fast non-cryptographic hash with about 10% overhead. I added a -cpu max,pauth={off,impdef,arch} property to choose between the different algorithms. The default remains arch, since that's what 5.0 and 5.1 shipped. We can discuss whether it makes sense to change the default for "max". r~ Richard Henderson (2): target/arm: Add cpu property to control pauth target/arm: Implement an IMPDEF pauth algorithm target/arm/cpu64.c | 64 +++++++++++++++++++++++++++++++++ target/arm/pauth_helper.c | 75 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 134 insertions(+), 5 deletions(-) -- 2.25.1