RFR: 8296507: GCM using more memory than necessary with in-place operations [v5]
Anthony Scarpino
ascarpino at openjdk.org
Tue Dec 6 20:01:07 UTC 2022
> I would like a review of an update to the GCM code. A recent report showed that GCM memory usage for TLS was very large. This was a result of in-place buffers, which TLS uses, and how the code handled the combined intrinsic method during decryption. A temporary buffer was used because the combined intrinsic does gctr before ghash which results in a bad tag. The fix is to not use the combined intrinsic during in-place decryption and depend on the individual GHASH and CounterMode intrinsics. Direct ByteBuffers are not affected as they are not used by the intrinsics directly.
>
> The reduction in the memory usage boosted performance back to where it was before despite using slower intrinsics (gctr & ghash individually). The extra memory allocation for the temporary buffer out-weighted the faster intrinsic.
>
>
> JDK 17: 122913.554 ops/sec
> JDK 19: 94885.008 ops/sec
> Post fix: 122735.804 ops/sec
>
> There is no regression test because this is a memory change and test coverage already existing.
Anthony Scarpino has updated the pull request incrementally with 434 additional commits since the last revision:
- merge with direct change
- 8298142: Update internal comment on language features in SourceVersion
Reviewed-by: sundar, jlahoda
- 8297379: Enable the ByteBuffer path of Poly1305 optimizations
Reviewed-by: sviswanathan, ascarpino, jnimeh
- 8297602: Compiler crash with type annotation and generic record during pattern matching
Reviewed-by: jlahoda
- 8297687: new URI(S,S,S,S) throws exception with incorrect index position reported in the error message
Reviewed-by: jpai
- 8298145: Remove ContiguousSpace::capacity
Reviewed-by: tschatzl
- merge with direct
- 8297186: G1 triggers unnecessary full GCs when heap utilization is low
Reviewed-by: kbarrett, sjohanss
- 8297172: Fix some issues of auto-vectorization of `Long.bitCount/numberOfTrailingZeros/numberOfLeadingZeros()`
Reviewed-by: kvn, thartmann
- 8297689: Fix incorrect result of Short.reverseBytes() call in loops
Reviewed-by: thartmann, jbhateja
- ... and 424 more: https://git.openjdk.org/jdk/compare/99e350b2...07a73bd8
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/11121/files
- new: https://git.openjdk.org/jdk/pull/11121/files/99e350b2..07a73bd8
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=11121&range=04
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=11121&range=03-04
Stats: 133477 lines in 2253 files changed: 59858 ins; 52478 del; 21141 mod
Patch: https://git.openjdk.org/jdk/pull/11121.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/11121/head:pull/11121
PR: https://git.openjdk.org/jdk/pull/11121
More information about the security-dev
mailing list