RFR: 8296507: GCM using more memory than necessary with in-place operations [v6]

Anthony Scarpino ascarpino at openjdk.org
Tue Dec 6 20:05:48 UTC 2022


> I would like a review of an update to the GCM code.  A recent report showed that GCM memory usage for TLS was very large.  This was a result of in-place buffers, which TLS uses, and how the code handled the combined intrinsic method during decryption.  A temporary buffer was used because the combined intrinsic does gctr before ghash which results in a bad tag.  The fix is to not use the combined intrinsic during in-place decryption and depend on the individual GHASH and CounterMode intrinsics.  Direct ByteBuffers are not affected as they are not used by the intrinsics directly.
> 
> The reduction in the memory usage boosted performance back to where it was before despite using slower intrinsics (gctr & ghash individually).  The extra memory allocation for the temporary buffer out-weighted the faster intrinsic.
> 
> 
>     JDK 17:   122913.554 ops/sec
>     JDK 19:    94885.008 ops/sec
>     Post fix: 122735.804 ops/sec 
> 
> There is no regression test because this is a memory change and test coverage already existing.

Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 443 commits:

 - Merge branch 'master' into gcm
 - merge with direct change
 - 8298142: Update internal comment on language features in SourceVersion
   
   Reviewed-by: sundar, jlahoda
 - 8297379: Enable the ByteBuffer path of Poly1305 optimizations
   
   Reviewed-by: sviswanathan, ascarpino, jnimeh
 - 8297602: Compiler crash with type annotation and generic record during pattern matching
   
   Reviewed-by: jlahoda
 - 8297687: new URI(S,S,S,S) throws exception with incorrect index position reported in the error message
   
   Reviewed-by: jpai
 - 8298145: Remove ContiguousSpace::capacity
   
   Reviewed-by: tschatzl
 - merge with direct
 - 8297186: G1 triggers unnecessary full GCs when heap utilization is low
   
   Reviewed-by: kbarrett, sjohanss
 - 8297172: Fix some issues of auto-vectorization of `Long.bitCount/numberOfTrailingZeros/numberOfLeadingZeros()`
   
   Reviewed-by: kvn, thartmann
 - ... and 433 more: https://git.openjdk.org/jdk/compare/ea83cb96...c3d94670

-------------

Changes: https://git.openjdk.org/jdk/pull/11121/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11121&range=05
  Stats: 80 lines in 1 file changed: 46 ins; 1 del; 33 mod
  Patch: https://git.openjdk.org/jdk/pull/11121.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11121/head:pull/11121

PR: https://git.openjdk.org/jdk/pull/11121



More information about the security-dev mailing list