[dm-crypt] aes-xts-plain with aes_x86_64 makes my SSD 5x slower than my encrypted HD
mbroz at redhat.com
Mon Jul 23 19:15:24 CEST 2012
On 07/23/2012 06:12 PM, Marc MERLIN wrote:
> On Mon, Jul 23, 2012 at 10:14:07AM +0200, Arno Wagner wrote:
> (editted: actually no, using 'null' encryptino still gives 25MB/s).
Ok, the we can forget about aes-ni etc, it is problem somewhere else.
> Mmmh, I have one possible thing. I have a preempt kernel. Could that be it?
Can you send me your kernel .config then? Preempt should not be problem.
Which kernel version? which architecture? Any additional patches over
>> Paste fdisk -l -u /dev/sda
> Disk /dev/sda: 512.1 GB, 512110190592 bytes
> 255 heads, 63 sectors/track, 62260 cylinders, total 1000215216 sectors
> Units = sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disk identifier: 0x09aaf50a
> Device Boot Start End Blocks Id System
> /dev/sda1 * 2048 502047 250000 83 Linux
> /dev/sda2 502048 52930847 26214400 83 Linux
> /dev/sda3 52930848 73902367 10485760 82 Linux swap / Solaris
> /dev/sda4 73902368 1000215215 463156424 83 Linux
Hm. sda1 is apparently aligned. But I think
other partitions are not aligned properly.
No idea which block size/page size your SSD internaly use, but to be safe,
let's assume ideal is 256KiB (= 512 * 512 byte sectors).
73902368 seems not to be multiple of 512...
Well, your sda2 configuration is created with +256MB, which is SI unit,
so not multiple of 1024 but 1000!
It should be created with +256M, so you end with:
Device Boot Start End Blocks Id System
/dev/sda1 2048 526335 262144 83 Linux
/dev/sda2 526336 ...
But I think this is not the core problem but you should try it to fix.
(I hope I did not mixed up numbers above :)
... Thinking about it, we can test it without partition change (for reads).
This test is perhaps useless but maybe someone can find it useful later.
Let's map properly aligned device to sda4 (read only). Result will be just
garbage, but it is just for speed testing.
For mapping above, properly aligned (1MiB alignment = 2048 sectors)
should start on sector 7390412. This is +1760 sector shift for sda4.
Map 1GiB device there:
# dmsetup create test_plain -r --table "0 2097152 linear /dev/sda4 1760"
Map null cryptsetup over it
# echo "password" | cryptsetup create -c null test_crypt /dev/mapper/test_plain
Now repeat read dd test for /dev/mapper/test_plain and /dev/mapper/test_crypt
Still the same slow down?
# dmsetup remove test_crypt
# dmsetup remove test_plain
(Btw if you use real cipher and zero device instead of underlying disk,
you can measure encryption throughput:
# dmsetup create test_plain --table "0 2097152 zero"
# echo "password" | cryptsetup create -c aes-xts-plain64 -s 256 test_crypt /dev/mapper/test_plain
very useful to prove that your cpu encryption is slow... but we proved that it is not the case
here, so just for the archive :-)
> I also used:
> cryptsetup luksFormat --align-payload=8192
It will not help if underlying partition is misaligned.
>> 2) try to switch io scheduler to "noop" or "deadline"
> But just to make sure, I tried cfg, noop, and deadline and it didn't make a
>> Also you can try to increase queue size.
> Not sure which one it is:
I think this one, try to increase it to 8192 or so...
More information about the dm-crypt