Skip to content

L
linux
Switch branch/tag
  1. 21 Oct, 2011 24 commits
  3. 20 Oct, 2011 1 commit
  5. 22 Sep, 2011 5 commits
  7. 20 Aug, 2011 1 commit
  9. 16 Aug, 2011 1 commit
    • Herbert Xu's avatar
      crypto: sha - Fix build error due to crypto_sha1_update · 4619b6bd
      Herbert Xu authored 
      On Tue, Aug 16, 2011 at 03:22:34PM +1000, Stephen Rothwell wrote:
>
> After merging the final tree, today's linux-next build (powerpc
> allyesconfig) produced this warning:
>
> In file included from security/integrity/ima/../integrity.h:16:0,
>                  from security/integrity/ima/ima.h:27,
>                  from security/integrity/ima/ima_policy.c:20:
> include/crypto/sha.h:86:10: warning: 'struct shash_desc' declared inside parameter list
> include/crypto/sha.h:86:10: warning: its scope is only this definition or declaration, which is probably not what you want
>
> Introduced by commit 7c390170 ("crypto: sha1 - export sha1_update for
> reuse").  I guess you need to include crypto/hash.h in crypto/sha.h.

This patch fixes this by providing a declaration for struct shash_desc.
Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4619b6bd
  11. 15 Aug, 2011 1 commit
  13. 10 Aug, 2011 6 commits
    • Mathias Krause's avatar
      crypto: sha1 - SSSE3 based SHA1 implementation for x86-64 · 66be8951
      Mathias Krause authored 
      This is an assembler implementation of the SHA1 algorithm using the
Supplemental SSE3 (SSSE3) instructions or, when available, the
Advanced Vector Extensions (AVX).

Testing with the tcrypt module shows the raw hash performance is up to
2.3 times faster than the C implementation, using 8k data blocks on a
Core 2 Duo T5500. For the smalest data set (16 byte) it is still 25%
faster.

Since this implementation uses SSE/YMM registers it cannot safely be
used in every situation, e.g. while an IRQ interrupts a kernel thread.
The implementation falls back to the generic SHA1 variant, if using
the SSE/YMM registers is not possible.

With this algorithm I was able to increase the throughput of a single
IPsec link from 344 Mbit/s to 464 Mbit/s on a Core 2 Quad CPU using
the SSSE3 variant -- a speedup of +34.8%.

Saving and restoring SSE/YMM state might make the actual throughput
fluctuate when there are FPU intensive userland applications running.
For example, meassuring the performance using iperf2 directly on the
machine under test gives wobbling numbers because iperf2 uses the FPU
for each packet to check if the reporting interval has expired (in the
above test I got min/max/avg: 402/484/464 MBit/s).

Using this algorithm on a IPsec gateway gives much more reasonable and
stable numbers, albeit not as high as in the directly connected case.
Here is the result from an RFC 2544 test run with a EXFO Packet Blazer
FTB-8510:

 frame size    sha1-generic     sha1-ssse3    delta
    64 byte     37.5 MBit/s    37.5 MBit/s     0.0%
   128 byte     56.3 MBit/s    62.5 MBit/s   +11.0%
   256 byte     87.5 MBit/s   100.0 MBit/s   +14.3%
   512 byte    131.3 MBit/s   150.0 MBit/s   +14.2%
  1024 byte    162.5 MBit/s   193.8 MBit/s   +19.3%
  1280 byte    175.0 MBit/s   212.5 MBit/s   +21.4%
  1420 byte    175.0 MBit/s   218.7 MBit/s   +25.0%
  1518 byte    150.0 MBit/s   181.2 MBit/s   +20.8%

The throughput for the largest frame size is lower than for the
previous size because the IP packets need to be fragmented in this
case to make there way through the IPsec tunnel.
Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
Cc: Maxim Locktyukhin <maxim.locktyukhin@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      66be8951
    • Mathias Krause's avatar
      crypto: sha1 - export sha1_update for reuse · 7c390170
      Mathias Krause authored 
      Export the update function as crypto_sha1_update() to not have the need
to reimplement the same algorithm for each SHA-1 implementation. This
way the generic SHA-1 implementation can be used as fallback for other
implementations that fail to run under certain circumstances, like the
need for an FPU context while executing in IRQ context.
Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7c390170
    • Jamie Iles's avatar
      crypto: picoxcell - fix possible invalid pointer dereference · b64dc04b
      Jamie Iles authored 
      The completion callback will free the request so we must remove it from
the completion list before calling the callback.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b64dc04b
    • Jamie Iles's avatar
      crypto: picoxcell - support for device tree matching · 30343ef1
      Jamie Iles authored 
      Allow the crypto engines to be matched from device tree bindings.

Cc: devicetree-discuss@lists.ozlabs.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      30343ef1
    • Jamie Iles's avatar
      crypto: picoxcell - add connection ID to the clock name · 4efae8c9
      Jamie Iles authored 
      For using the device tree probing we use a connection ID for the
clk_get() operation.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4efae8c9
    • Jamie Iles's avatar
      crypto: picoxcell - convert to platform ID table · c3f4200f
      Jamie Iles authored 
      Use a platform ID table and a single platform_driver.  It's neater and
makes the device tree addition easier and more consistent.  Rename the
match values to be inline with what they'll be in the device tree
bindings.  There aren't any current in-tree users of the existing device
names.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarJamie Iles <jamie@jamieiles.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c3f4200f
  15. 03 Aug, 2011 1 commit
    • Jonathan Nieder's avatar
      crypto: padlock-aes - Make module loading even quieter when hardware is missing · c39cc377
      Jonathan Nieder authored 
      When loading aes via the module alias, a padlock module failing to
load due to missing hardware is not particularly notable.  With
v2.6.27-rc1~1107^2~14 (crypto: padlock - Make module loading quieter
when hardware isn't available, 2008-07-03), the padlock-aes module
suppresses the relevant messages when the "quiet" flag is in use; but
better to suppress this particular message completely, since the
administrator can already distinguish such errors by the absence of a
message indicating initialization failing or succeeding.

This avoids occasional messages in syslog of the form

	padlock_aes: VIA PadLock not detected.
Signed-off-by: default avatarJonathan Nieder <jrnieder@gmail.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c39cc377
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7