RE: [EXTERNAL] [PATCH v5 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs

Wed, 03 Jul 2024 08:21:05 -0700 

> Subject: [EXTERNAL] [PATCH v5 1/5] crypto/openssl: fix GCM and CCM thread
> unsafe ctxs
> 
> Commit 67ab783b5d70 ("crypto/openssl: use local copy for session
> contexts") introduced a fix for concurrency bugs which could occur when
> using one OpenSSL PMD session across multiple cores simultaneously. The
> solution was to clone the EVP contexts per-buffer to avoid them being
> used concurrently.
> 
> However, part of commit 75adf1eae44f ("crypto/openssl: update HMAC
> routine with 3.0 EVP API") reverted this fix, only for combined ops
> (AES-GCM and AES-CCM).
> 
> Fix the concurrency issue by cloning EVP contexts per-buffer. An extra
> workaround is required for OpenSSL versions which are >= 3.0.0, and
> <= 3.2.0. This is because, prior to OpenSSL 3.2.0, EVP_CIPHER_CTX_copy()
> is not implemented for AES-GCM or AES-CCM. When using these OpenSSL
> versions, create and initialise the context from scratch, per-buffer.
> 
> Throughput performance uplift measurements for AES-GCM-128 encrypt on
> Ampere Altra Max platform:
> 1 worker lcore
> |   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
> |-----------------+---------------+--------------------+----------|
> |              64 |          2.60 |               1.31 |   -49.5% |
> |             256 |          7.69 |               4.45 |   -42.1% |
> |            1024 |         15.33 |              11.30 |   -26.3% |
> |            2048 |         18.74 |              15.37 |   -18.0% |
> |            4096 |         21.11 |              18.80 |   -10.9% |
> 
> 8 worker lcores
> |   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
> |-----------------+---------------+--------------------+----------|
> |              64 |         19.94 |               2.83 |   -85.8% |
> |             256 |         58.84 |              11.00 |   -81.3% |
> |            1024 |        119.71 |              42.46 |   -64.5% |
> |            2048 |        147.69 |              80.91 |   -45.2% |
> |            4096 |        167.39 |             121.25 |   -27.6% |
> 
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
> Cc: sta...@dpdk.org

Since this fix is reducing the performance significantly.
Backporting it alone would reduce performance on stable releases.

I would suggest applying all the patches in this series for backports.


> Signed-off-by: Jack Bond-Preston <jack.bond-pres...@foss.arm.com>
> Acked-by: Kai Ji <kai...@intel.com>
> Reviewed-by: Wathsala Vithanage <wathsala.vithan...@arm.com>
Applied to dpdk-next-crypto
Thanks for the optimizations.

Reply via email to