[PATCH 0/2] wireguard-linux-compat: grsecurity compat patches
Jason A. Donenfeld
Jason at zx2c4.com
Mon Dec 13 16:53:26 UTC 2021
On Mon, Dec 13, 2021 at 5:39 PM Mathias Krause <minipli at grsecurity.net> wrote:
>
> Am 13.12.21 um 17:33 schrieb Jason A. Donenfeld:
> >> root at box:~# ./run.sh
> >> [+] Setting no-turbo to status 1
> >> [+] Setting non-boot CPUs to status 0
> >> [+] Inserting module to run tests
> >> insmod: ERROR: could not insert module kbench9000.ko: Unknown symbol in
> >> module
> >> [+] Gathering results
> >> ever64: 115100 cycles per call
> >> ever64_out_r: 115080 cycles per call
> >> ever64_out_rm: 113957 cycles per call
> >> [+] Setting non-boot CPUs to status 1
> >> [+] Setting no-turbo to status 0
> >>
> >> Slightly faster.
> >
> > Huh, that's actually a pretty nice speedup for just changing register
> > allocation... What CPU is this?
>
> It's an "Intel(R) Core(TM) i9-9900 CPU @ 3.10GHz" But shouldn't matter
> all that much, as the inline ASM is integer ops only.
Yet it does. Here are results on a tigerlake, i7-11850H:
[+] Setting no-turbo to status 1
[+] Setting non-boot CPUs to status 0
[+] Inserting module to run tests
[+] Gathering results
donna64: 141081 cycles per call
hacl64: 135645 cycles per call
fiat64: 132547 cycles per call
sandy2x: 126933 cycles per call
precomp_bmi2: 120276 cycles per call
precomp_adx: 113578 cycles per call
ever64: 106943 cycles per call
ever64r: 105924 cycles per call
ever64rm: 108139 cycles per call
fiat32: 297854 cycles per call
donna32: 467667 cycles per call
tweetnacl: 1195385 cycles per call
[+] Setting non-boot CPUs to status 1
[+] Setting no-turbo to status 0
https://xn--4db.cc/c4B65RUy/diff
Looks like Tigerlake is able to make use of free stack accesses thanks
to the new "fast forwarding" feature.
More information about the WireGuard
mailing list