[PATCH 2/2] cipher: limit table prefetch to the look-up table arrays
Jussi Kivilinna
jussi.kivilinna at iki.fi
Sat Jul 4 07:37:33 CEST 2026
* cipher/aria.c (prefetch_sboxes): Compute unshare counter once
and prefetch only look-up arrays.
* cipher/cipher-gcm.c (do_prefetch_tables): Likewise.
* cipher/rijndael.c (prefetch_enc, prefetch_dec): Likewise.
* cipher/sm4.c (prefetch_sbox_table): Likewise.
* cipher/rijndael-tables.h (dec_tables): Rename 'inv_sbox' field to
'inv_sboxT'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
cipher/aria.c | 7 ++++---
cipher/cipher-gcm.c | 7 ++++---
cipher/rijndael-tables.h | 4 ++--
cipher/rijndael.c | 15 +++++++++------
cipher/sm4.c | 7 ++++---
5 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/cipher/aria.c b/cipher/aria.c
index 26546a63..bb67ed03 100644
--- a/cipher/aria.c
+++ b/cipher/aria.c
@@ -627,11 +627,12 @@ prefetch_sboxes(void)
* of look-up table are shared between processes. Modifying counters also
* causes checksums for pages to change and hint same-page merging algorithm
* that these pages are frequently changing. */
- sboxes.counter_head++;
- sboxes.counter_tail++;
+ u32 counter = sboxes.counter_head + 1;
+ sboxes.counter_head = counter;
+ sboxes.counter_tail = counter;
/* Prefetch look-up tables to cache. */
- prefetch_table((const void *)&sboxes, sizeof(sboxes));
+ prefetch_table((const void *)&sboxes.s1[0], sizeof(sboxes.s1) * 4);
}
diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index 2db371b8..1627cd1c 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -255,12 +255,13 @@ do_prefetch_tables (const void *gcmM, size_t gcmM_size)
* of look-up table are shared between processes. Modifying counters also
* causes checksums for pages to change and hint same-page merging algorithm
* that these pages are frequently changing. */
- gcm_table.counter_head++;
- gcm_table.counter_tail++;
+ u32 counter = gcm_table.counter_head + 1;
+ gcm_table.counter_head = counter;
+ gcm_table.counter_tail = counter;
/* Prefetch look-up tables to cache. */
prefetch_table(gcmM, gcmM_size);
- prefetch_table(&gcm_table, sizeof(gcm_table));
+ prefetch_table(&gcm_table.R, sizeof(gcm_table.R));
}
#ifdef GCM_TABLES_USE_U64
diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
index e46ce08c..52b9518f 100644
--- a/cipher/rijndael-tables.h
+++ b/cipher/rijndael-tables.h
@@ -107,7 +107,7 @@ static struct
volatile u32 counter_head;
u32 cacheline_align[64 / 4 - 1];
u32 T[256];
- byte inv_sbox[256];
+ byte inv_sboxT[256];
volatile u32 counter_tail;
} dec_tables ATTR_ALIGNED_64 =
{
@@ -217,4 +217,4 @@ static struct
};
#define decT dec_tables.T
-#define inv_sbox dec_tables.inv_sbox
+#define inv_sbox dec_tables.inv_sboxT
diff --git a/cipher/rijndael.c b/cipher/rijndael.c
index f3daf35a..645c0e2f 100644
--- a/cipher/rijndael.c
+++ b/cipher/rijndael.c
@@ -597,11 +597,12 @@ static void prefetch_enc(void)
* of look-up table are shared between processes. Modifying counters also
* causes checksums for pages to change and hint same-page merging algorithm
* that these pages are frequently changing. */
- enc_tables.counter_head++;
- enc_tables.counter_tail++;
+ u32 counter = enc_tables.counter_head + 1;
+ enc_tables.counter_head = counter;
+ enc_tables.counter_tail = counter;
/* Prefetch look-up tables to cache. */
- prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ prefetch_table((const void *)&enc_tables.T[0], sizeof(enc_tables.T));
}
static void prefetch_dec(void)
@@ -610,11 +611,13 @@ static void prefetch_dec(void)
* of look-up table are shared between processes. Modifying counters also
* causes checksums for pages to change and hint same-page merging algorithm
* that these pages are frequently changing. */
- dec_tables.counter_head++;
- dec_tables.counter_tail++;
+ u32 counter = dec_tables.counter_head + 1;
+ dec_tables.counter_head = counter;
+ dec_tables.counter_tail = counter;
/* Prefetch look-up tables to cache. */
- prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ prefetch_table((const void *)&dec_tables.T[0],
+ sizeof(dec_tables.T) + sizeof(dec_tables.inv_sboxT));
}
diff --git a/cipher/sm4.c b/cipher/sm4.c
index cc98b676..70b4901c 100644
--- a/cipher/sm4.c
+++ b/cipher/sm4.c
@@ -760,14 +760,15 @@ sm4_ppc9le_crypt_blk1_16(void *rk, byte *out, const byte *in, size_t num_blks)
static inline void prefetch_sbox_table(void)
{
- const volatile byte *vtab = (void *)&sbox_table;
+ const volatile byte *vtab = (void *)&sbox_table.S[0];
/* Modify counters to trigger copy-on-write and unsharing if physical pages
* of look-up table are shared between processes. Modifying counters also
* causes checksums for pages to change and hint same-page merging algorithm
* that these pages are frequently changing. */
- sbox_table.counter_head++;
- sbox_table.counter_tail++;
+ u32 counter = sbox_table.counter_head + 1;
+ sbox_table.counter_head = counter;
+ sbox_table.counter_tail = counter;
/* Prefetch look-up table to cache. */
(void)vtab[0 * 32];
--
2.53.0
More information about the Gcrypt-devel
mailing list