patch 'crypto/openssl: set cipher padding once' has been queued to stable release 21.11.8
Kevin Traynor
ktraynor at redhat.com
Wed Sep 4 16:24:15 CEST 2024
On 23/08/2024 17:18, Kevin Traynor wrote:
> Hi,
>
> FYI, your patch has been queued to stable release 21.11.8
>
> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
> It will be pushed if I get no objections before 08/28/24. So please
> shout if anyone has objections.
>
> Also note that after the patch there's a diff of the upstream commit vs the
> patch applied to the branch. This will indicate if there was any rebasing
> needed to apply to the stable branch. If there were code changes for rebasing
> (ie: not only metadata diffs), please double check that the rebase was
> correctly done.
>
> Queued patches are on a temporary branch at:
> https://github.com/kevintraynor/dpdk-stable
>
> This queued commit can be viewed at:
> https://github.com/kevintraynor/dpdk-stable/commit/d6048dac1e75d310ad2dc6b89278567c8c925b56
>
> Thanks.
>
> Kevin
>
Hi, this patch was causing unit test failures in the CI.
CI run without patch applied:
https://dpdkdashboard.iol.unh.edu/results/dashboard/tarballs/30439/
CI run with this patch applied. See extra unit test fails.
1/2 DPDK:driver-tests / cryptodev_openssl_autotest FAIL 0.84 s
(killed by signal 11 SIGSEGV)
https://dpdkdashboard.iol.unh.edu/results/dashboard/tarballs/30433/
You can get full logs from the relevant platforms.
I've removed it from 21.11.8. I can re-add for 21.11.9 if it is rebased
and passing CI.
thanks,
Kevin.
> ---
> From d6048dac1e75d310ad2dc6b89278567c8c925b56 Mon Sep 17 00:00:00 2001
> From: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
> Date: Wed, 3 Jul 2024 13:45:51 +0000
> Subject: [PATCH] crypto/openssl: set cipher padding once
>
> [ upstream commit d2bf59017315dc18eb6c9f2d7acd10dfb8d7758e ]
>
> Setting the cipher padding has a noticeable performance footprint,
> and it doesn't need to be done for every call to
> process_openssl_cipher_{en,de}crypt(). Setting it causes OpenSSL to set
> it on every future context re-init. Thus, for every buffer after the
> first one, the padding is being set twice.
>
> Instead, just set the cipher padding once - when configuring the session
> parameters - avoiding the unnecessary double setting behaviour. This is
> skipped for AEAD ciphers, where disabling padding is not necessary.
>
> Throughput performance uplift measurements for AES-CBC-128 encrypt on
> Ampere Altra Max platform:
> 1 worker lcore
> | buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
> |-----------------+---------------+--------------------+----------|
> | 64 | 2.97 | 3.72 | 25.2% |
> | 256 | 8.10 | 9.42 | 16.3% |
> | 1024 | 14.22 | 15.18 | 6.8% |
> | 2048 | 16.28 | 16.93 | 4.0% |
> | 4096 | 17.58 | 17.97 | 2.2% |
>
> 8 worker lcores
> | buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
> |-----------------+---------------+--------------------+----------|
> | 64 | 21.27 | 29.85 | 40.3% |
> | 256 | 60.05 | 75.53 | 25.8% |
> | 1024 | 110.11 | 121.56 | 10.4% |
> | 2048 | 128.05 | 135.40 | 5.7% |
> | 4096 | 139.45 | 143.76 | 3.1% |
>
> Signed-off-by: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
> Acked-by: Kai Ji <kai.ji at intel.com>
> Reviewed-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
> index a321258980..b82f6939a5 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -615,4 +615,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
> }
>
> + EVP_CIPHER_CTX_set_padding(sess->cipher.ctx, 0);
> +
> return 0;
> }
> @@ -943,6 +945,4 @@ process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
> goto process_cipher_encrypt_err;
>
> - EVP_CIPHER_CTX_set_padding(ctx, 0);
> -
> if (process_openssl_encryption_update(mbuf_src, offset, &dst,
> srclen, ctx, inplace))
> @@ -993,6 +993,4 @@ process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
> goto process_cipher_decrypt_err;
>
> - EVP_CIPHER_CTX_set_padding(ctx, 0);
> -
> if (process_openssl_decryption_update(mbuf_src, offset, &dst,
> srclen, ctx, inplace))
More information about the stable
mailing list