Re: [dm-crypt] Poor performane (idle cpu)

[Arno Wagner <arno@wagner.name>]

On Tue, Feb 09, 2010 at 12:54:16AM +0100, Jakob Sandgren wrote:
> Hi,
> 
> (please keep me on CC since I'm not subscribed yet)
> 
> >> I'm using dm-crypt for several mappings with a hardware raid backend. 
> >> Using a raw read from the raid device (e.g sda) gives ~250MB/s
> >> 
> >> But when I read from an encrypted mapping, I just get ~70MB/s. That
> >> should be fine if I at least have the kcryptd process using a core
> >> at
> >> 100%, but that is not the case. Three of my four cores is 99% idle
> >> and
> >> one core is 50% idle (aprox.).
> >
> >Which means your core is too slow to support the full 250MB/s
> >speed. 
> >
> >> I have recently upgraded my hardware from an older quadcore system
> >> (AMD) to a new Core I7 (860) and expected improved performance and
> >> when I did not get that, then did I do some more investegation and
> >> found out above. I have also read posts from others having the same
> >> problems, but no explanation.
> >
> >I suspect as the core can support only about 140MB/s encryption
> >speed, the accesses get broken. It is well possible that
> >if your array would only give 120MB/s it would still have
> >that rate encrypted.
> 
> 
> This does not make sense to me, I can not understand how a "to fast"
> disk could give worse results? Disk requests would get issued at the
> speed that decryption can handle(?). I do not understand what a
> "broken access" would be. 

Ok, if you are not too fast, then data can be read uninterrupted
with maximum size accesses. If you read too fast, then the
disk accesses have to be made smaller and wait for the 
decryption to finish. That adds waiting times and data is
not read full speed anymore. It is not so bad with HDDs,
the possibly worst case is tapes: If you process slower
than the tape streams, it has to stop and rewind frequently,
killing performance.
 
> Anyway, just to try the theory did I set up a single disk that would
> give 120MB sustained read from the unencrypted mapping, but when I
> read from the encrypted mapping I still ended up with the low 70MB/s
> and a lot of idle cpu. 

Hmm.
 
> Running two reads at the same time (to the same encrypted mapping)
> actually increased the combined read rate with ~10% ?! 
> 
> To me it seems like there is some serious flaw within kcryptd that
> ends up to wait for "something" instead of sending enough requests to
> the disks to make sure it has data to decrypt. What do you think?

The same thing. 

Here is a reference test (I have notebook disks in this server):

  Raw read: 54MB/s 14% CPU
  Read with decrypt: 53MB/s 65% CPU


Another idea: Are these 50% CPU on the faked Intel cores, i.e.
50% of a hyperthreading core? This could actually mean 100%
on a proper core. You get twice as many hyperthreading pseudo
cores, but they are not full cores and can often not perform
at 100% as some infrastructure is shared between two halfes of 
them. So if one half runs at 100% and one half at 0% (as the 
other half needs something available only once at full load), 
the complete core load could be reported as 50% when in fact 
it is 100%.  

That would mean the crypto is pretty slow on your new CPU.
As a reference, my 53MB/s at 65% CPU is on an 2800MHz Athlon 
64 X2 5600+ with aes-cbc-plain. 

Here is an OpenSSL crypto speed test:
 openssl speed -evp aes-256-cbc
 [...]
 The 'numbers' are in 1000s of bytes per second processed.
 type           16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
 aes-256-cbc    71848.00k    98649.49k   110187.78k   113646.25k  114666.15k

You might want to compare this with the numbers on your CPU.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier