Linux 6.16 Crypto Brings Faster AES-XTS On AVX-512 CPUs, Intel QAT Gen6 Support
([Linux Kernel] 3 Hours Ago
Cryptography Subsystem)
- Reference: 0001549921
- News link: https://www.phoronix.com/news/Linux-6.16-Crypto
- Source link:
The cryptography subsystem updates have been merged for the start of the [1]Linux 6.16 cycle. Notable with the crypto updates this round are more performance optimizations for Intel and AMD CPUs with AVX-512 and also enabling next-generation Intel QAT accelerators.
Thanks to the work of Google engineer Eric Biggers who has pursued many of the Intel/AMD x86_64 crypto optimizations, there is yet more to be excited about with Linux 6.16. In particular, additional AES-XTS cipher optimiations for AVX-512 processors. Bigger commented in the patch for that latest AES-XTS AVX-512 optimization:
"Optimize the AVX-512 version of _compute_first_set_of_tweaks by using vectorized shifts to compute the first vector of tweak blocks, and by using byte-aligned shifts when multiplying by x^8.
AES-XTS performance on AMD Ryzen 9 9950X (Zen 5) improves by about 2% for 4096-byte messages or 6% for 512-byte messages. AES-XTS performance on Intel Sapphire Rapids improves by about 1% for 4096-byte messages or 3% for 512-byte messages. Code size decreases by 75 bytes which outweighs the increase in rodata size of 16 bytes."
Biggers also dropped the AVX10-256 code path for AES-XTS and AES-CTR. That removal comes with [2]Intel dropping AVX10-256 only support with future AVX10.2 processors from Intel all to support AVX10-512. A pleasant albeit late change and thus resulted in [3]late compiler changes and now in the case of the Linux kernel no need to carry dedicated AVX10-256 code paths when AVX10-512 can always be assumed.
The other notable change is [4]Intel adding a QAT GEN6 driver to the Linux kernel. Intel prepared the "qat_6xxx" driver for preparing for their next-generation QuickAssist Technology accelerators. Not yet confirmed but given the timing presumably the new QAT accelerator IP will debut with next-gen Xeon Diamond Rapids processors.
The crypto code also now converts DEFLATE to ACOMP, adds an ACOMP scatter-gather walker, disabling various fallbacks, adding support for the Rockchip RK3576 SoC to the Rockchip random number generator (RNG) driver, adding i.MX8QM support to the CAAM driver, and other crypto driver changes.
More details on the crypto changes in Linux 6.16 via [5]this pull .
[1] https://www.phoronix.com/search/Linux+6.16
[2] https://www.phoronix.com/news/Intel-AVX10-Drops-256-Bit
[3] https://www.phoronix.com/news/Intel-AVX10.2-256-Merged-GCC-15
[4] https://www.phoronix.com/news/Intel-QAT-GEN6-Linux-Driver
[5] https://lore.kernel.org/lkml/aDPmka4yENceDgPs@gondor.apana.org.au/
Thanks to the work of Google engineer Eric Biggers who has pursued many of the Intel/AMD x86_64 crypto optimizations, there is yet more to be excited about with Linux 6.16. In particular, additional AES-XTS cipher optimiations for AVX-512 processors. Bigger commented in the patch for that latest AES-XTS AVX-512 optimization:
"Optimize the AVX-512 version of _compute_first_set_of_tweaks by using vectorized shifts to compute the first vector of tweak blocks, and by using byte-aligned shifts when multiplying by x^8.
AES-XTS performance on AMD Ryzen 9 9950X (Zen 5) improves by about 2% for 4096-byte messages or 6% for 512-byte messages. AES-XTS performance on Intel Sapphire Rapids improves by about 1% for 4096-byte messages or 3% for 512-byte messages. Code size decreases by 75 bytes which outweighs the increase in rodata size of 16 bytes."
Biggers also dropped the AVX10-256 code path for AES-XTS and AES-CTR. That removal comes with [2]Intel dropping AVX10-256 only support with future AVX10.2 processors from Intel all to support AVX10-512. A pleasant albeit late change and thus resulted in [3]late compiler changes and now in the case of the Linux kernel no need to carry dedicated AVX10-256 code paths when AVX10-512 can always be assumed.
The other notable change is [4]Intel adding a QAT GEN6 driver to the Linux kernel. Intel prepared the "qat_6xxx" driver for preparing for their next-generation QuickAssist Technology accelerators. Not yet confirmed but given the timing presumably the new QAT accelerator IP will debut with next-gen Xeon Diamond Rapids processors.
The crypto code also now converts DEFLATE to ACOMP, adds an ACOMP scatter-gather walker, disabling various fallbacks, adding support for the Rockchip RK3576 SoC to the Rockchip random number generator (RNG) driver, adding i.MX8QM support to the CAAM driver, and other crypto driver changes.
More details on the crypto changes in Linux 6.16 via [5]this pull .
[1] https://www.phoronix.com/search/Linux+6.16
[2] https://www.phoronix.com/news/Intel-AVX10-Drops-256-Bit
[3] https://www.phoronix.com/news/Intel-AVX10.2-256-Merged-GCC-15
[4] https://www.phoronix.com/news/Intel-QAT-GEN6-Linux-Driver
[5] https://lore.kernel.org/lkml/aDPmka4yENceDgPs@gondor.apana.org.au/
phoronix