Dm-crypt patch for OCF
rshitrit at marvell.com
Tue Sep 6 18:20:42 UTC 2005
I improved the first patch, see attached.
-)On the encrypt(write) side we first allocate a new buffer then we
encrypt (using crypt_convert) the src buffer to the new buffer, we send
to be written through the generic_make_request(clone), then when the
clone->bi_end_io is called we free the buffer and the io.
-)On the decrypt(read) side we first read the buffer to the source
through the generic_make_request(clone), then when the clone->bi_end_io
is called, we create a new working thread which will decrypt (using
crypt_convert) the buffer and free the io.
In the first patch, for each crypt_convert operation we send all the
sectors of the context to be encrypt/decrypt to the OCF, and then we are
A completion of all of these sectors before returning from
i.e. we get a limitation that only one encrypt/decrypt crypt_convert
operation can occur in parallel.
In the attached new patch, I removed this limitation for the
By doing this I can see that when running the Bonnie benchmark, I get
better performance for the read/rewrite tests.
The same approach can be used for the encrypt(write) crypt_convert, it
is a little bit more complicated then the decrypt(read), maybe I will
try to implement it in future patches.
I also noticed that sometimes I get 2 encrypt(write) crypt_convert in
parallel?!?!, that why I moved the wr_pending into a separate structure,
which is allocated per write request.
This change affected the write performance only in a bit, less then 1%.
btw - this patch is a patch for kernel 2.6.12, with OCF 20050630 patch
applied on it.
same tests were used as for the first patch.
Marvell Semiconductor Israel Ltd
From: cryptoapi-bounces at lists.logix.cz
[mailto:cryptoapi-bounces at lists.logix.cz] On Behalf Of Ronen Shitrit
Sent: Monday, September 05, 2005 6:33 PM
To: cryptoapi at lists.logix.cz; linux-crypto at vger.kernel.org
Cc: Evgeniy Polyakov; David McCullough
Subject: Dm-crypt patch for OCF
Attached is a patch for the dm_crypt HD encryption which use the OCF.
The patch includes a new Kconfig configuration option for OCF_DM_CRYPT,
When choosing this option the dm_crypt will use the OCF for dm_crypt
sector encryption/decryption, When using the essiv mode, the essiv
generation will use the kernel cryptoAPIs.
Currently this patch support the following encryption algorithms:
DES-CBC, 3DES-CBC and AES-CBC.
I tested this driver using AES-CBC, with OCF SW driver, it seems stable.
I used the Bonnie benchmark to get some statistics:
The bandwidth performance are much better when using the OCF dm_crypt.
This might be explained since Bonnie is using a large blocks of io
(crypt_convert get contexts of 512byte * 256), which cause the dm_crypt
to Q few requests at a time, and this "multi tasking", cause that the HD
and the CPU "bandwidth" are exploit in a better way. (I assume)
When using mkfs.ext2 on large partition I see that the OCF dm_crypt
requires about 7% more time then when using the standard dm_crypt.
This can be explained since the mkfs.ext2 is mostly using writes of
small blocks (crypt_convert get contexts of 512byte * 8), Which cause
that we gets less "multi tasking", and as explained below the write
request are not optimized in this patch.
Currently the dm_crypt is implemented in a way that: for decryption
(read requests), it is using the source buffer itself, While for the
encryption (write requests), it is using a different buffer.
The current implementation of the OCF only support encryption on the
source buffer, which is not efficient for this case, therefore this
patch has overhead of copying the buffers to be encrypted.
Thanks to Evgeniy Polyakov for the Acrypto patch reference.
Marvell Semiconductor Israel Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 13999 bytes
Url : http://lists.logix.cz/pipermail/cryptoapi/attachments/20050906/56889842/ocf_dm_crypt_3.obj
More information about the CryptoAPI