[UNVERIFIED SENDER] Re: (8u) RFR: 8131062: aarch64: add support for GHASH acceleration

Liu, Xin xxinliu at amazon.com
Tue Aug 24 22:53:36 UTC 2021 

hi, Andrew,

I think we should include these two patches to jdk8u312.  Here are my
arguments.

1. Indeed, more people are using Aarch64 port of jdk8u now. In cloud
computing, adoption of it is even more rapid because many applications
are building on top of multi-layer abstractions.

In an EMR/Presto cluster, which has 1 master node, 2 core nodes and 5
task nodes, we execute a query on 52GB data (2979729211rows). We found
the major bottleneck on Aarch64 is SSL communication! With JDK-8131062
alone, the query time decreases from  441s to 211s, or 2x faster.


2. jdk8u has officially merged the Aarch64 backend. I think we should
treat it at least as fair as x86_64. x86_64 intrinsifies
'_ghash_processBlocks' now. If we don't do anything, it will leave a
disparity on the most popular symmetric crypto algorithm between x86_64
and armv8.


3. As you said, JDK-8131062 and JDK-8134869 have been in the TIP for 6
years. I think it's safe to backport them to jdk8u in terms of
correctness and security. Of course, we still need reviewers to vet them.

I don't think we need state-of-the-art AES/GCM implementation in jdk8u.
eg. we can leave JDK-8271567 in the TIP. It can be a bonus for upgrading.

thanks,
--lx




On 8/24/21 1:06 AM, Andrew Haley wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> On 8/24/21 7:33 AM, Liu, Xin wrote:
>> To be honest, I haven't understood the timing attack. I think the prior
>> GHash function handles each block in constant time too. This patch makes
>> it faster but it doesn't change this property.
> 
> True. I misremembered.
> 
>> Thanks you for the pointer. I backport this as well. As you said, this
>> revision refactors code with comments and becomes more idiomatic in
>> armv8. Not only I verify its correctness, I also measure performance
>> using microbenchmarks. I observe extra ~20% performance on top of
>> JDK-8131062.
> 
> I have very mixed feelings about this. Just so you know the history, at
> the time I wrote it I didn't propose it for backport because I was
> concerned that it really wasn't the sort of enhancement that was
> appropriate for a long-term-stable release. I'm not sure what's
> changed now. I guess the answer is that more people are using the
> AArch64 port now, so its efficiency is important, and the GHASH
> acceleration has had a long time to bake in later releases.
> 
> --
> Andrew Haley  (he/him)
> Java Platform Lead Engineer
> Red Hat UK Ltd. <https://www.redhat.com>
> https://keybase.io/andrewhaley
> EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
>

More information about the jdk8u-dev mailing list