From: Herbert Xu <herbert@gondor.apana.org.au>
To: Binoy Jayan <binoy.jayan@linaro.org>
Cc: Milan Broz <gmazyland@gmail.com>, Oded <oded.golombek@arm.com>,
Ofir <Ofir.Drang@arm.com>, Arnd Bergmann <arnd@arndb.de>,
Mark Brown <broonie@kernel.org>, Alasdair Kergon <agk@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
private-kwg@linaro.org, dm-devel@redhat.com,
linux-crypto@vger.kernel.org, Rajendra <rnayak@codeaurora.org>,
Linux kernel mailing list <linux-kernel@vger.kernel.org>,
linux-raid@vger.kernel.org, Shaohua Li <shli@kernel.org>,
Mike Snitzer <snitzer@redhat.com>
Subject: Re: dm-crypt optimization
Date: Thu, 22 Dec 2016 16:59:27 +0800 [thread overview]
Message-ID: <20161222085927.GB2160@gondor.apana.org.au> (raw)
In-Reply-To: <CAHv-k_-K9dOiM+Pm_wqVJrvmNYhjtS82-emKVZ8OjsoMHf+7hg@mail.gmail.com>
On Thu, Dec 22, 2016 at 01:55:59PM +0530, Binoy Jayan wrote:
>
> > Support of bigger block sizes would be unsafe without additional mechanism that provides
> > atomic writes of multiple sectors. Maybe it applies to 4k as well on some devices though...)
>
> Did you mean write to the crypto output buffers or the actual disk write?
> I didn't quite understand how the block size for encryption affects atomic
> writes as it is the block layer which handles them. As far as dm-crypt is,
> concerned it just encrypts/decrypts a 'struct bio' instance and submits the IO
> operation to the block layer.
I think Milan's talking about increasing the real block size, which
would obviously require the hardware to be able to write that out
atomically, as otherwise it breaks the crypto.
But if we can instead do the IV generation within the crypto API,
then the block size won't be an issue at all. Because you can
supply as many blocks as you want and they would be processed
block-by-block.
Now there is a disadvantage to this approach, and that is you
have to wait for the whole thing to be encrypted before you can
start doing the IO. I'm not sure how big a problem that is but
if it is bad enough to affect performance, we can look into adding
some form of partial completion to the crypto API.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2016-12-22 9:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-20 9:41 dm-crypt optimization Binoy Jayan
2016-12-21 12:47 ` Milan Broz
2016-12-22 8:25 ` Binoy Jayan
2016-12-22 8:59 ` Herbert Xu [this message]
2016-12-22 10:14 ` Ofir Drang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161222085927.GB2160@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=Ofir.Drang@arm.com \
--cc=agk@redhat.com \
--cc=arnd@arndb.de \
--cc=binoy.jayan@linaro.org \
--cc=broonie@kernel.org \
--cc=davem@davemloft.net \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=oded.golombek@arm.com \
--cc=private-kwg@linaro.org \
--cc=rnayak@codeaurora.org \
--cc=shli@kernel.org \
--cc=snitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).