diff mbox

crypto: fix FTBFS with ARM SHA1-asm and THUMB2_KERNEL

Message ID 1358787763-1226-1-git-send-email-matt@genesi-usa.com (mailing list archive)
State New, archived
Headers show

Commit Message

Matt Sealey Jan. 21, 2013, 5:02 p.m. UTC
The optimized assembler SHA1 code for ARM does not conform to Thumb2
register usage requirements, so it cannot be built when the kernel is
configured with THUMB2_KERNEL.

Fix the FTBFS for now by preventing misconfigurations of the kernel.

Signed-off-by: Matt Sealey <matt@genesi-usa.com>
---
 crypto/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nicolas Pitre Jan. 21, 2013, 10:46 p.m. UTC | #1
On Mon, 21 Jan 2013, Matt Sealey wrote:

> The optimized assembler SHA1 code for ARM does not conform to Thumb2
> register usage requirements, so it cannot be built when the kernel is
> configured with THUMB2_KERNEL.
> 
> Fix the FTBFS for now by preventing misconfigurations of the kernel.
> 
> Signed-off-by: Matt Sealey <matt@genesi-usa.com>

A .arm directive at the top of the assembly code would be a better 
"fix", as that wouldn't reduce functionality.

Yet, I'd invite you to have a look at commit 638591cd7b in linux-next.


Nicolas
Matt Sealey Jan. 22, 2013, 12:54 a.m. UTC | #2
On Mon, Jan 21, 2013 at 4:46 PM, Nicolas Pitre <nico@fluxnic.net> wrote:
> On Mon, 21 Jan 2013, Matt Sealey wrote:
>
>> The optimized assembler SHA1 code for ARM does not conform to Thumb2
>> register usage requirements, so it cannot be built when the kernel is
>> configured with THUMB2_KERNEL.
>>
>> Fix the FTBFS for now by preventing misconfigurations of the kernel.
>>
>> Signed-off-by: Matt Sealey <matt@genesi-usa.com>
>
> A .arm directive at the top of the assembly code would be a better
> "fix", as that wouldn't reduce functionality.

If I recall, doing that last time for ssi-fiq.S was the wrong solution
and it was suggesed proper configuration (on top of possibly rewriting
the assembly) was better than hacking around in the assembly..

> Yet, I'd invite you to have a look at commit 638591cd7b in linux-next.

I took a peek, and invite you to ignore my patch. I only tracked the
top of Linus' tree..

That said, it seems nobody benchmarked this on something different
than IXP425 or KS8695 to see if it's markedly faster than the
(moderately recently updated) C-code implementation outside of the
mentioned in the logs for initial commit? It seems like rather a
specific optimization for a rather specific use case for rather
specific processors (and therefore a small test base) probably meant
for a very specific product line somewhere. Whether you get any
benefit in enabling this config item or not for any other ARM platform
is up for debate, isn't it?

If it *is* in fact much faster everywhere, and it works in any ARM or
THUMB2 configuration, there's a case to be built for it being the
default ARM implementation for AES and SHA1..

This question is to the implementor/committer (Dave McCullough), how
exactly did you measure the benchmark and can we reproduce it on some
other ARM box?

If it's long and laborious and not so important to test the IPsec
tunnel use-case, what would be the simplest possible benchmark to see
if the C vs. assembly version is faster for a particular ARM device? I
can get hold of pretty much any Cortex-A8 or Cortex-A9 that matters, I
have access to a Chromebook for A15, and maybe an i.MX27 or i.MX35 and
a couple Marvell boards (ARMv6) if I set my mind to it... that much
testing implies we find a pretty concise benchmark though with a
fairly common kernel version we can spread around (i.MX, OMAP and the
Chromebook, I can handle, the rest I'm a little wary of bothering to
spend too much time on). I think that could cover a good swath of
not-ARMv5 use cases from lower speeds to quad core monsters.. but I
might stick to i.MX to start with..

--
Matt Sealey <matt@genesi-usa.com>
Product Development Analyst, Genesi USA, Inc.
Jussi Kivilinna Jan. 22, 2013, 7:46 a.m. UTC | #3
Quoting Matt Sealey <matt@genesi-usa.com>:

> This question is to the implementor/committer (Dave McCullough), how
> exactly did you measure the benchmark and can we reproduce it on some
> other ARM box?
>
> If it's long and laborious and not so important to test the IPsec
> tunnel use-case, what would be the simplest possible benchmark to see
> if the C vs. assembly version is faster for a particular ARM device? I
> can get hold of pretty much any Cortex-A8 or Cortex-A9 that matters, I
> have access to a Chromebook for A15, and maybe an i.MX27 or i.MX35 and
> a couple Marvell boards (ARMv6) if I set my mind to it... that much
> testing implies we find a pretty concise benchmark though with a
> fairly common kernel version we can spread around (i.MX, OMAP and the
> Chromebook, I can handle, the rest I'm a little wary of bothering to
> spend too much time on). I think that could cover a good swath of
> not-ARMv5 use cases from lower speeds to quad core monsters.. but I
> might stick to i.MX to start with..

There is 'tcrypt' module in crypto/ for quick benchmarking. 'modprobe  
tcrypt mode=500 sec=1' tests AES in various cipher-modes, using  
different buffer sizes and outputs results to kernel log.

-Jussi
Jussi Kivilinna Jan. 22, 2013, 7:50 a.m. UTC | #4
Quoting Jussi Kivilinna <jussi.kivilinna@mbnet.fi>:

> Quoting Matt Sealey <matt@genesi-usa.com>:
>
>> This question is to the implementor/committer (Dave McCullough), how
>> exactly did you measure the benchmark and can we reproduce it on some
>> other ARM box?
>>
>> If it's long and laborious and not so important to test the IPsec
>> tunnel use-case, what would be the simplest possible benchmark to see
>> if the C vs. assembly version is faster for a particular ARM device? I
>> can get hold of pretty much any Cortex-A8 or Cortex-A9 that matters, I
>> have access to a Chromebook for A15, and maybe an i.MX27 or i.MX35 and
>> a couple Marvell boards (ARMv6) if I set my mind to it... that much
>> testing implies we find a pretty concise benchmark though with a
>> fairly common kernel version we can spread around (i.MX, OMAP and the
>> Chromebook, I can handle, the rest I'm a little wary of bothering to
>> spend too much time on). I think that could cover a good swath of
>> not-ARMv5 use cases from lower speeds to quad core monsters.. but I
>> might stick to i.MX to start with..
>
> There is 'tcrypt' module in crypto/ for quick benchmarking.  
> 'modprobe tcrypt mode=500 sec=1' tests AES in various cipher-modes,  
> using different buffer sizes and outputs results to kernel log.
>

Actually mode=200 might be better, as mode=500 is for asynchronous  
implementations and might use hardware crypto if such device/module is  
available.

-Jussi
Matt Sealey Jan. 22, 2013, 7:43 p.m. UTC | #5
On Tue, Jan 22, 2013 at 1:50 AM, Jussi Kivilinna
<jussi.kivilinna@mbnet.fi> wrote:
>
>> There is 'tcrypt' module in crypto/ for quick benchmarking. 'modprobe
>> tcrypt mode=500 sec=1' tests AES in various cipher-modes, using different
>> buffer sizes and outputs results to kernel log.
>>
>
> Actually mode=200 might be better, as mode=500 is for asynchronous
> implementations and might use hardware crypto if such device/module is
> available.

Okeydokey I'll start running some tests..
diff mbox

Patch

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 4641d95..304d60b 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -472,7 +472,7 @@  config CRYPTO_SHA1_SPARC64
 
 config CRYPTO_SHA1_ARM
 	tristate "SHA1 digest algorithm (ARM-asm)"
-	depends on ARM
+	depends on ARM && !THUMB2_KERNEL
 	select CRYPTO_SHA1
 	select CRYPTO_HASH
 	help