Add more POWER8 optimizations

Here is the comparison / benchmarking of:
1) current package
2) current package + attached debdiff
3) upstream code

It shows that:
1) performance of current package improves a *lot* with the attached debdiff;
2) performance of current package + attached debdiff is equal to the upstream's.

$ openssl speed -evp aes-128-gcm
--------------------------------

1) current package

 $ openssl speed -evp aes-128-gcm
 <...>
 The 'numbers' are in 1000s of bytes per second processed.
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-gcm 80062.35k 87264.06k 89732.78k 90357.90k 90450.60k

2) current package + attached debdiff

 $ openssl speed -evp aes-128-gcm
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-gcm 244362.49k 558183.91k 1240341.76k 1534709.55k 1625676.37k

 speedup:
 - 16 bytes: 3x
 - 64 bytes: 6.4x
 - 256 bytes: 13.8x
 - 1024 bytes: 17x
 - 8192 bytes: 18x

3) upstream code

 $ LD_LIBRARY_PATH=/usr/local/ssl/lib/ /usr/local/ssl/bin/openssl speed -evp aes-128-gcm
 <...>
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-gcm 244700.26k 562547.05k 1243287.37k 1535474.69k 1620669.78k

 (same as #2)

$ openssl speed -evp aes-128-ctr
--------------------------------

1) current package

 $ openssl speed -evp aes-128-ctr
 <...>
 The 'numbers' are in 1000s of bytes per second processed.
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-ctr 144150.81k 154729.39k 157233.48k 158093.92k 157728.99k

2) current package + attached debdiff

 $ openssl speed -evp aes-128-ctr
 <...>
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-ctr 345134.48k 842190.28k 2709975.21k 4183632.82k 4959908.05k

 speedup:
 - 16 bytes: 2.4x
 - 64 bytes: 5.4x
 - 256 bytes: 17.2x
 - 1024 bytes: 26.4x
 - 8192 bytes: 31.4x

3) upstream code

 $ LD_LIBRARY_PATH=/usr/local/ssl/lib/ /usr/local/ssl/bin/openssl speed -evp aes-128-ctr
 <...>
 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
 aes-128-ctr 345758.55k 839220.54k 2694016.68k 4168019.39k 4974437.20k

 (same as #2)

In summary:

$ openssl speed -evp aes-128-gcm
--------------------------------

 speedup:
 - 16 bytes: 3x
 - 64 bytes: 6.4x
 - 256 bytes: 13.8x
 - 1024 bytes: 17x
 - 8192 bytes: 18x

$ openssl speed -evp aes-128-ctr
--------------------------------

 speedup:
 - 16 bytes: 2.4x
 - 64 bytes: 5.4x
 - 256 bytes: 17.2x
 - 1024 bytes: 26.4x
 - 8192 bytes: 31.4x

In the patches, this line might not be as clear as intended:

> The 'backport' keyword in 'Origin:' just indicates it isn't equal to 'upstream'.

"isn't equal" in the sense only the interesting changed files were kept, but not changed, and other files were removed from the diff.

The attachment "openssl-power8_part2.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Subscribing the release team to see if this is too late to get a feature exception.

I'd be inclined to say it's too late in the cycle to appropriately validate this on all architectures, especially given the partial backports that very much touch common code, etc.

I think it's saner to defer this to 15.10, either with more complete backports or "for free" from a new upstream release, and get solid testing in on all 6 arches.

Hi Adam,

> I'd be inclined to say it's too late in the cycle [...] given the partial backports that very much touch common code, etc.

That's certainly understandable.

I believe it's possible to trim up the backports even more.

AFAICT, most changes are contained inside #ifdef HWAES_CAPABLE blocks, and the first patch is just syntactic sugar so not to change a few lines in subsequent patches; so I'll try to remove it, and change those few lines (the 'ks' to 'ks->ks' change).

Then it should be OK to validate the places defining HWAES in other files/arches..
or even restrict any addition/ifdef even more w/ a POWER8/ppc64el specific conditional.

Does that help?

Thanks

Ok, the trimmed backports:
- removed the patch which touched common code w/out #ifdef blocks.
- now all changes are under #ifdef blocks, which helps analysis.

Build log:

 ...
 ALL TESTS SUCCESSFUL.
 make[2]: Leaving directory '/home/ubuntu/ss5/openssl-1.0.1f/test'
 ...

In the patches, all changes are under these macros; now, checking for their
definitions will identify if any other arches might be affected.

 1)
 #ifdef HWAES_CAPABLE
  #ifdef HWAES_cbc_encrypt
  #ifdef HWAES_ctr32_encrypt_blocks

 2)
 #if ... && (... || defined(OPENSSL_CPUID_OBJ))

 3)
 #ifdef HWAES_CAPABLE
  #ifdef HWAES_ctr32_encrypt_blocks

Adam,

Does it help/improve the situation at all?

Well, a later SRU should be OK too, right? :)

Thanks, it looks like those changes are in the wily version of openssl right? Closing the bug but feel free to reopen if I'm wrong

Thanks, Sebastien. Yes, the changes are in wily.
For documentation purposes. The numbers in a KVM guest on POWER8 match those in comment #2.

$ lsb_release -d
Description: Ubuntu Wily Werewolf (development branch)

$ dpkg -s openssl | grep ^Version:
Version: 1.0.2d-0ubuntu1

$ openssl speed -evp aes-128-gcm
...
aes-128-gcm 245286.05k 562263.25k 1246015.74k 1527520.94k 1611202.56k

$ openssl speed -evp aes-128-ctr
...
aes-128-ctr 343161.12k 846347.46k 2721303.72k 4169064.79k 4955196.07k