Intel Pursuing AVX-512 Optimized Crypto Algorithms For The Linux Kernel

Intel engineers have posted the initial Linux kernel patches providing AVX-512 optimized versions of common crypto algorithms. The AVX-512 optimized versions do pan out and promise to offer huge speed-ups but are disabled by default at this stage over the negative CPU frequency/performance impact that running AVX-512 can have on CPU cores / shared threads.

Intel's Megha Dey posted the set of seven initial patches that make use of VPCLMULQDQ and VAES AVX512 instructions found on Ice Lake and newer. By making use of AVX-512 there is "substantial (2-10x) improvements over existing crypto algorithms when update data size is greater than 128 bytes and do not have any significant impact when used on small amounts of data."

But because of the well known frequency penalty currently seen when running AVX-512 workloads, they acknowledge the "collateral damage" that can be caused to other workloads and thus isn't enabled by default. The AVX-512 crypto code with the initial patches is hidden behind a Kconfig build switch and also requires a use_avx512 kernel module parameter be set (or set after boot via sysfs) to enable the AVX-512 functionality at run-time.

The initial AVX-512 crypto patches for the Linux kernel can be found via this kernel mailing list thread. For now they still need to undergo further upstream review and testing before potentially being mainlined into a 2021 kernel release.