* [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
@ 2010-12-27 17:03 Robert.Heinzmann
2010-12-27 20:41 ` Heinz Diehl
2010-12-28 12:04 ` Milan Broz
0 siblings, 2 replies; 7+ messages in thread
From: Robert.Heinzmann @ 2010-12-27 17:03 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 4441 bytes --]
Hello list,
I'm currently testig some dm_crypt performance on CentOS 5.4 (AMD64, Kernel 2.6.21.7) One part of the evaluation is a simple end-2-end disk benchmark. I use the Kernel for this. The routine is:
0) Create filesystem on the backend device and mount
-- record starttime
1) Extract Kernel (2.6.37)
2) Copy the extracted kernel once
3) Copy the extracted kernel once
4) Copy the extracted kernel once
5) Remove the copy
6) Remove the copy
7) Remove the copy
8) Remove the original
9) call sync
-- record endtime
I do this for plain ext3 filesystem on /dev/sdf and ext3 on crypto filesystem (I use dm_crypt and truecrypt as backends).
I found that if I run this Test with a ext3 filesystem created in step (0), performance drops ~40% for dm_crypt (runtime is 40 % longer). I also see that the cpu load is not increased, only I/O wait increases, but not the overall cpu usage. For me this looks like a latency issue, because stil a lot of CPU is free (actually mostly all of it). If I do a /proc/diskstat before and after the test, I see that I/O time is much longer in dm_crypt.
a) /proc/diskstat for one run with plain disk backend:
DISK sdf: reads=101 rmerge=0 rsect=808 rtimems=6366 writes=44052 wmerge=372381 wsect=3321608 wtimems=4993178 current=158 iotime=36041 iotimeweighted=5006161
b) /proc/diskstat for one run with dm_crypt disk backend (dm-1 is the dm_crypt):
DISK sdf: reads=110 rmerge=0 rsect=880 rtimems=5084 writes=55169 wmerge=421079 wsect=3809984 wtimems=5275315 current=0 iotime=42127 iotimeweighted=5280393
DISK dm-1: reads=110 rmerge=0 rsect=880 rtimems=13457 writes=476248 wmerge=0 wsect=3809984 wtimems=1467043364 current=0 iotime=42602 iotimeweighted=1467056820
I also see that the disk writes are split in 4k:
for a) the average write size is 3281192 / 48726 = 67,33 = ~34 KB per Write
for b) it is dm-1 with ext3: Average Write Size = 3809984 / 476248 = 8 = 4k per write.
Because this is cached I/O (buffer cache), dm_requests are processed in units of 4k (somehow this seems to be a implementation specific thing).Then this small requests are merged again in the scheduler for the /dev/sdf backend device. I would expect that this is not such a big issue. I tested the system and it can to 80 MB/sec encryption / decryption. The backend does ~50 MB/s writes. So I was expecting a performance impact of ~10 percent. However it seems to be much more (40%).
When I run the same test with ext2: I see a average request size of 22 Sectors (~11k) to the dm_device and merges on the backend (46 vs 42 seconds ~ 10% perf. impact):
With XFS the same (95 seconds instead of 87 ~10% perf. impact, avg I/O size 34 Sectors). Only ext3, is fixed at 4k requests.
I also measured via a dm_zero backend the latency impact of dm_crypt. It seems it adds ~0.1ms latency to the I/Os for small I/Os (4/8k) up to 10ms for 1M (I/O). It also looks like dm_crypt does only scale to one CPU Core per device.
So there are now several questions.
1) Can I force ext3 to use larger I/O's also ?
2) Is my assumtion correct that the cause for this issue can be a accumulated serialized latency issue ?
e.g.
- ext3 splits I/O's in units of 4k and adds them to the device mapper
- first device mapper target in the stack receives the requests (in this case this is dm_crypt)
- dm_crypt encrypts each 4k block individually and serially (because of single workqueue) and adds them to the lower level device (in this case sdf) - this adds up the latency addition (10 x 4k blocks = + 1ms).
- sdf queue merges the requests (not as efficient anymore (55169 vs 44052 writes)
- sdf sends the I/O's to the backend sevice
Especially the step 3 adds "significant" latency to the procedure to slow down the process considerably.
Can this be the reason ?
3) for direct I/O, request size is flexible, thus database workloads should not see major impact on performance (~10%) until the per device CPU limit is hit - is this a correct assumption ?
4) Cached I/O can be slowed down considerably, also if the average I/O rate is below the CPU limit due to latency multiplication - Is this a correct assumption ?
It would be great if you would help me understand this issue :)
Regards,
Robert
Mit freundlichen Grüßen / Kind Regards
Robert Heinzmann
[-- Attachment #2: Type: text/html, Size: 55308 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-27 17:03 [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64) Robert.Heinzmann
@ 2010-12-27 20:41 ` Heinz Diehl
2010-12-28 9:52 ` Robert.Heinzmann
2010-12-28 12:04 ` Milan Broz
1 sibling, 1 reply; 7+ messages in thread
From: Heinz Diehl @ 2010-12-27 20:41 UTC (permalink / raw)
To: dm-crypt
On 27.12.2010, Robert.Heinzmann@deutschepost.de wrote:
> I'm currently testig some dm_crypt performance on CentOS 5.4 (AMD64, Kernel 2.6.21.7)
[....]
I know that CentOS is focused on stability, but 2.6.21.7 is abysmally old.
Just for what it is, did you ever try to do the same with the latest
mainline kernel?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-27 20:41 ` Heinz Diehl
@ 2010-12-28 9:52 ` Robert.Heinzmann
0 siblings, 0 replies; 7+ messages in thread
From: Robert.Heinzmann @ 2010-12-28 9:52 UTC (permalink / raw)
To: htd, dm-crypt
Hello, actually not. This is the only Kernel tested.
Regards,
Robert
> -----Ursprüngliche Nachricht-----
> Von: dm-crypt-bounces@saout.de
> [mailto:dm-crypt-bounces@saout.de] Im Auftrag von Heinz Diehl
> Gesendet: Montag, 27. Dezember 2010 21:42
> An: dm-crypt@saout.de
> Betreff: Re: [dm-crypt] ext3 + dm_crypt performance impact
> (CentOS 5.4 AMD64)
>
> On 27.12.2010, Robert.Heinzmann@deutschepost.de wrote:
>
> > I'm currently testig some dm_crypt performance on CentOS
> 5.4 (AMD64,
> > Kernel 2.6.21.7)
> [....]
>
> I know that CentOS is focused on stability, but 2.6.21.7 is
> abysmally old.
> Just for what it is, did you ever try to do the same with the
> latest mainline kernel?
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-27 17:03 [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64) Robert.Heinzmann
2010-12-27 20:41 ` Heinz Diehl
@ 2010-12-28 12:04 ` Milan Broz
2010-12-28 14:10 ` Robert.Heinzmann
2010-12-28 15:19 ` Robert.Heinzmann
1 sibling, 2 replies; 7+ messages in thread
From: Milan Broz @ 2010-12-28 12:04 UTC (permalink / raw)
To: Robert.Heinzmann; +Cc: dm-crypt
Hi,
On 12/27/2010 06:03 PM, Robert.Heinzmann@deutschepost.de wrote:
> I do this for plain ext3 filesystem on /dev/sdf and ext3 on crypto
> filesystem (I use dm_crypt and truecrypt as backends).
Please note that truecrypt uses dmcrypt in recent versions
(and if kernel support requested mode).
(Note that CentOS 5 kernel cannot do XTS mode, one day it
will be backported though.)
> I also see that the disk writes are split in 4k:
> Because this is cached I/O (buffer cache), dm_requests are processed
> in units of 4k (somehow this seems to be a implementation specific
> thing).
dmcrypt doesn't limit io operation if directly submitted to it,
but stacking of devices can limit it. No idea about that ext3 thing though.
Because in RHEL5 kernel is not yet implemented merge callback in DM targets,
all stacked targets must split io operation to 4k (page) units.
(This is fixed long time ago upstream.)
> Then this small requests are merged again in the scheduler for
> the /dev/sdf backend device. I would expect that this is not such a
> big issue.
exactly
> It also looks like dm_crypt does only scale to one CPU Core per device.
Yes, this is known limitation.
I know about some problems, some of them are partially fixed in devel
tree (and targeted to 2.6.38) some will be based on top of these
changes (latency problem is one of them probably).
I do not want to speculate what exactly causes latency issues - it is not
one thing (testing of per-cpu worker threads changes shows that
page cache and fs are also important part which can contribute to some
problems here etc.)
But all these change will be upstream - old kernels, like RHEL5 are
maintained with focus to stability (most of changes are not backportable anyway).
If you are Red Hat customer, you can of course request this through support.
Milan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-28 12:04 ` Milan Broz
@ 2010-12-28 14:10 ` Robert.Heinzmann
2010-12-28 18:59 ` Milan Broz
2010-12-28 15:19 ` Robert.Heinzmann
1 sibling, 1 reply; 7+ messages in thread
From: Robert.Heinzmann @ 2010-12-28 14:10 UTC (permalink / raw)
To: mbroz; +Cc: dm-crypt
Hello Milan,
> > I do this for plain ext3 filesystem on /dev/sdf and ext3 on crypto
> > filesystem (I use dm_crypt and truecrypt as backends).
>
> Please note that truecrypt uses dmcrypt in recent versions
> (and if kernel support requested mode).
>
> (Note that CentOS 5 kernel cannot do XTS mode, one day it
> will be backported though.)
Seems like it. I tested with a recent 2.6.32 Kernel and here truecrypt
somehow uses dm_crypt in the backend (in xts mode).
What I also found was, that doing a simple
"dmsetup table --showkeys" actually shows the dm_crypt master key in
hex for the disk
Isn't that a little bit too easy ? Should dmsetup not at least scrumble
it (xxxxx) ?
Otherwise this information can easily leak out into ticketing systems,
support attachents etc. Of course you need root to do dmsetup, and root
also has access to the key (henn-egg-problem) so it is not a security
problem.
> > I also see that the disk writes are split in 4k:
>
> > Because this is cached I/O (buffer cache), dm_requests are
> processed
> > in units of 4k (somehow this seems to be a implementation specific
> > thing).
>
> dmcrypt doesn't limit io operation if directly submitted to
> it, but stacking of devices can limit it. No idea about that
> ext3 thing though.
>
> Because in RHEL5 kernel is not yet implemented merge callback
> in DM targets, all stacked targets must split io operation to
> 4k (page) units.
> (This is fixed long time ago upstream.)
Tested on 2.6.32 - same results.
Ext3: only 4k writes and -30% Performance
XFS: mixed writes and -15% Performance with Encryption (after
disabeling barrier support, otherwise performance is horrible, backend
should have BBU :) - Amazon EC2)
> > It also looks like dm_crypt does only scale to one CPU Core
> per device.
> Yes, this is known limitation.
>
> I know about some problems, some of them are partially fixed
> in devel tree (and targeted to 2.6.38) some will be based on
> top of these changes (latency problem is one of them probably).
>
> I do not want to speculate what exactly causes latency issues
> - it is not one thing (testing of per-cpu worker threads
> changes shows that page cache and fs are also important part
> which can contribute to some problems here etc.)
>
> But all these change will be upstream - old kernels, like
> RHEL5 are maintained with focus to stability (most of changes
> are not backportable anyway).
>
> If you are Red Hat customer, you can of course request this
> through support.
>
> Milan
So after all a little "high level conclusion".
Dm_crypt adds latency ...
... (a) by design (every bit must go throught the cpu) and
... (b) by Implementation (there seem to be currently unsolved
implementation issues, that can increase the latency)
(a) can probably not be fixed (btw: Any estimated on the latency impact
of AES-NI ?? If performance is 20x faster, is latency 20x smaller or
does AES-NI get better performance by parallellization ?)
(b) can be fixed and will not arrive before 2.6.38
Besides that the impact on workload can be described as:
If having a single disk and working in an area where one cpu core is NOT
loaded a 100% (and thus the solution still scales, probably < 80 MB/s),
the worst case overhead with encryption is somewhere abound 30-40% for
heavily cached workloads. In Database Workloads, where the disk backend
is limiting factor, the impact can be ignored. Here dm_crypt adds CPU
load, scaling with the amount of data encrypted. For SSD's, dm_crypt can
be a limiting factor because of the increased latency.
Does that match the observations of others ?
Regards,
Robert
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-28 12:04 ` Milan Broz
2010-12-28 14:10 ` Robert.Heinzmann
@ 2010-12-28 15:19 ` Robert.Heinzmann
1 sibling, 0 replies; 7+ messages in thread
From: Robert.Heinzmann @ 2010-12-28 15:19 UTC (permalink / raw)
To: mbroz; +Cc: dm-crypt
Hello again,
> Von: mbroz@redhat.com [mailto:mbroz@redhat.com]
> I do not want to speculate what exactly causes latency issues
> - it is not one thing (testing of per-cpu worker threads
> changes shows that page cache and fs are also important part
> which can contribute to some problems here etc.)
I reran the test on 2.6.32 again and looked at vmstat for the test run and found something interesing:
Run1: ext3 with /dev/sdX backend
Run2: ext3 with dmcrypt backend (dm_crypt is backed by the same /dev/sdX)
Run3: xfs with dmcrypt backend (dm_crypt is backed by the same /dev/sdX)
Run2 has a very stuttery I/O pattern, no constant I/O flow. For me this could explain the result of -35% performance für ext3 on dm_crypt. While Run1) and Run3) work in a pipeline fashion (where latency is not so much of an issue) - Run2 clearly distinguished different phases (write to buffer cache / encrypt / write to disk). Here tiny latency increases in the I/O will pile up in phase (2) encrypt.
This looks like a very odd behaviour / incompatiblity to me :/
Unfortunately I'm not a kernel expert, so I can't debug further.
Regards,
Robert
----
Run1:
======
ext3: Run on un-encrypted backend (plain disk):
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 3621816 131712 3504132 0 0 8 2790 196 345 2 5 82 10 1
2 0 0 3521500 135872 3586616 0 0 24 4 712 151 2 26 65 0 7
0 3 0 3467760 138568 3628056 0 0 16 54916 2792 2003 2 17 11 69 1
0 3 0 3408284 142220 3673428 0 0 12 46132 3516 2526 2 19 1 77 1
1 2 0 3343768 145108 3726176 0 0 12 47828 2965 2206 2 15 1 78 4
0 3 0 3271328 148116 3786512 0 0 12 45212 3087 2218 2 17 1 77 4
1 2 0 3187632 151352 3856728 0 0 12 45992 3215 2370 2 17 0 80 1
0 3 0 3095036 154432 3936248 0 0 16 45888 3215 2150 2 17 10 72 0
2 2 0 2988832 157912 4026676 0 0 8 39804 2734 1066 2 22 47 30 0
1 1 0 2937600 160608 4066824 0 0 16 36164 2524 1532 1 15 12 69 2
1 1 0 2877724 164160 4115332 0 0 40 48636 1476 208 3 21 23 50 4
1 1 0 2789056 168604 4187808 0 0 8 45516 1923 238 2 23 13 62 0
1 2 0 2722748 171612 4244048 0 0 16 48520 1855 268 1 17 29 50 2
0 3 0 2647884 174764 4307504 0 0 12 45768 2446 2401 2 18 23 54 3
2 2 0 2563828 177716 4380532 0 0 12 37536 2713 2080 2 16 0 80 1
1 3 0 2463276 181088 4465828 0 0 12 44952 3320 2230 3 20 0 75 2
1 2 0 2385192 184224 4530712 0 0 12 47352 2708 2307 1 18 0 81 0
0 3 0 2323952 187452 4577956 0 0 12 47512 3346 2289 3 18 0 77 2
2 2 0 2268744 190812 4620344 0 0 12 47636 3346 2600 2 17 0 81 0
1 2 0 2177296 194916 4695412 0 0 8 49964 3625 2421 2 21 0 74 3
1 2 0 2648832 195028 4265308 0 0 0 29352 1665 1643 2 32 0 64 2
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 3 0 3068280 195028 3865160 0 0 0 34360 1922 2481 1 29 9 61 0
0 3 0 3103564 195076 3834508 0 0 16 48092 1925 1621 0 4 42 54 0
0 3 0 3139772 195116 3801664 0 0 12 47444 2049 1845 0 3 52 44 0
0 3 0 3196236 195120 3764352 0 0 0 39396 1852 2226 0 4 40 55 0
0 3 0 3444792 195200 3531164 0 0 16 38064 2391 1594 1 11 55 33 0
1 1 0 3736860 195224 3269744 0 0 4 23356 2991 700 1 19 54 25 2
1 1 0 4244964 195224 2803476 0 0 0 18492 3625 435 1 33 4 62 0
0 1 0 4254208 195328 2796780 0 0 20 50000 1431 112 0 3 46 51 0
1 0 0 4532788 97148 2725008 0 0 1 136 835 458 17 6 66 9 2
1 0 0 4532712 97148 2724992 0 0 41 5 807 93 32 0 65 0 2
Run2
======
ext3: Same run with encrypted Backend (dm_crypt, aes_cbc)
2 1 0 4161032 412308 2725000 0 0 40 315112 1463 1648 2 23 66 2 6
2 2 0 4166480 412308 2725004 0 0 0 0 2844 2727 0 23 50 25 1
1 1 0 4174364 412308 2725004 0 0 0 0 4138 3636 0 26 41 30 3
1 1 0 4183044 412308 2725004 0 0 0 0 1887 1932 0 24 60 14 2
1 1 0 4192220 412308 2725004 0 0 0 0 2335 2264 0 29 61 10 1
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 1 0 4200280 412316 2724996 0 0 0 28 2063 2155 0 23 59 18 0
1 1 0 4533280 97208 2725084 0 0 105 4 1018 1241 0 8 54 39 0
2 0 0 4438560 98168 2809272 0 0 32 108 844 5537 16 14 65 2 2
1 0 0 4400668 100340 2838468 0 0 16 0 718 10816 23 9 65 1 2
1 0 0 4367456 102364 2864068 0 0 8 0 680 8588 22 7 66 0 4
1 0 0 4336292 104296 2887836 0 0 16 0 690 8833 19 7 67 1 5
2 0 0 4303192 106016 2913276 0 0 8 0 685 9194 21 9 66 0 4
1 2 0 4271408 106300 2916456 0 0 8 191356 1580 961 3 26 37 31 3
1 2 0 4279096 106300 2916464 0 0 0 0 1775 87 0 17 59 24 0
1 2 0 4286164 106300 2916464 0 0 0 0 1947 90 0 18 60 22 0
0 3 0 4291620 106300 2916464 0 0 0 0 1704 91 0 15 58 27 0
1 0 0 4283820 107044 2930500 0 0 16 9064 977 6038 14 10 48 26 2
1 0 0 4266336 107648 2945788 0 0 0 17576 1116 7134 18 10 47 23 2
1 0 0 4235284 108668 2972812 0 0 8 0 728 12201 26 6 64 1 3
1 0 0 4204896 109732 2999168 0 0 8 0 743 11814 27 6 63 0 3
1 0 0 4176104 110716 3024536 0 0 0 0 762 11966 27 6 66 0 2
1 0 0 4147956 111676 3049548 0 0 8 56 791 11842 26 6 67 0 1
2 1 0 4106776 112384 3068496 0 0 0 119492 1386 8563 26 28 10 22 14
1 2 0 4113688 112408 3069244 0 0 4 0 1936 471 1 20 0 78 1
1 0 0 4121364 112536 3071740 0 0 8 4688 1689 1174 2 16 5 72 4
1 0 0 4097144 113432 3093496 0 0 0 4092 1151 10074 23 9 54 9 5
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 4070032 114444 3117072 0 0 8 0 709 10846 23 6 65 1 6
2 1 0 4038420 115340 3136936 0 0 0 66320 1681 9014 30 39 7 11 13
0 3 0 4029340 115756 3147208 0 0 4 29604 1838 5212 14 30 2 39 15
1 0 0 4018948 116400 3161668 0 0 8 2772 2072 6793 14 8 29 48 1
1 0 0 3989892 117436 3187080 0 0 0 0 763 11976 27 6 66 0 1
1 0 0 3959948 118748 3212344 0 0 8 0 745 10322 24 7 66 1 3
3 2 0 3930692 119544 3228896 0 0 0 75952 1560 7265 25 34 7 19 15
1 1 0 3914316 120640 3249400 0 0 12 4496 1569 9340 27 23 25 17 8
1 0 0 3872148 122724 3290044 0 0 8 4 749 10154 21 11 66 1 2
1 0 0 3754576 127996 3386976 0 0 24 0 748 212 5 28 66 1 0
1 0 0 3662420 133292 3457428 0 0 32 0 770 285 6 26 66 2 0
1 2 0 3607292 134544 3471488 0 0 4 247188 1545 114 1 30 4 59 7
1 2 0 3613864 134544 3471488 0 0 0 0 1899 93 0 17 0 83 0
1 2 0 3620684 134552 3471480 0 0 0 16 1810 96 0 17 0 83 0
1 2 0 3626636 134552 3471488 0 0 0 0 1543 83 0 13 0 87 0
1 2 0 3633580 134552 3471488 0 0 0 0 1835 88 0 16 0 84 0
1 1 0 3628936 135296 3478356 0 0 24 19200 1659 115 1 24 9 63 4
1 1 0 3554984 138016 3538396 0 0 8 77976 1143 116 2 43 13 25 16
0 2 0 3554612 138016 3538428 0 0 0 0 1029 54 0 9 54 37 0
0 2 0 3552644 138404 3545736 0 0 0 0 1397 95 1 6 50 43 0
0 2 0 3545124 138752 3554636 0 0 4 0 2847 171 0 8 50 41 1
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 3418976 143204 3665872 0 0 20 0 884 126 3 24 63 9 0
1 2 0 3344964 144892 3709656 0 0 4 167920 1498 110 0 38 10 45 7
1 2 0 3352404 144892 3709656 0 0 0 0 2006 99 0 20 4 75 0
1 2 0 3360216 144892 3709656 0 0 0 0 1963 95 0 19 4 77 0
1 0 0 3361600 145276 3716428 0 0 16 11456 1368 114 0 16 22 61 2
1 0 0 3232156 150392 3827480 0 0 16 0 737 186 5 27 67 1 1
1 2 0 3165872 152620 3863048 0 0 12 160908 1496 141 3 36 38 14 8
0 3 0 3173188 152620 3863048 0 0 0 0 1929 93 0 20 60 20 0
1 2 0 3180628 152620 3863048 0 0 0 0 1980 98 0 19 61 20 0
1 2 0 3152568 154376 3884704 0 0 16 40216 1490 106 1 37 34 18 10
1 0 0 3139400 155832 3901336 0 0 4 20 2173 167 1 11 18 70 0
1 2 0 3095536 157908 3932828 0 0 12 47652 1582 148 3 35 9 45 9
1 0 0 3005852 162460 4012048 0 0 24 5452 852 188 3 26 56 12 3
1 0 0 2853664 167780 4143148 0 0 16 0 777 176 5 28 66 1 0
2 0 0 2715040 172524 4259044 0 0 16 5704 809 197 3 31 62 1 3
2 1 0 2613312 175684 4317960 0 0 12 243488 1553 113 3 56 16 10 16
0 2 0 2592604 175684 4317944 0 0 0 158036 1681 82 0 20 12 65 3
1 1 0 2600292 175684 4317944 0 0 0 0 2078 94 0 20 5 75 0
1 1 0 2606244 175684 4317944 0 0 0 0 1622 79 0 16 3 81 0
0 2 0 2613560 175700 4317932 0 0 4 16 1940 108 0 19 4 77 0
1 1 0 2620752 175700 4317944 0 0 0 0 1892 90 0 18 4 78 0
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 2 0 2626332 175700 4317944 0 0 0 0 1582 74 0 15 4 81 0
0 2 0 2632284 175700 4317944 0 0 0 0 1612 81 0 15 4 81 0
0 2 0 2642452 175700 4317944 0 0 0 0 1708 82 0 13 3 83 0
2 1 0 2626680 176584 4331580 0 0 0 17220 2422 140 1 19 5 69 6
1 0 0 2589492 179104 4363236 0 0 28 19496 975 143 2 27 17 39 14
1 0 0 2495704 184692 4436920 0 0 24 0 753 284 6 27 66 1 0
1 0 0 2351244 190080 4562020 0 0 16 0 761 189 4 29 66 1 0
Run3:
=======
xfs: Now a xfs on the same device (dm_crypt, aes_cbc)
0 0 0 4532784 97404 2724988 0 0 0 0 32 12 0 0 100 0 0
0 0 0 4532816 97404 2724992 0 0 0 0 31 11 0 0 100 0 0
0 0 0 4532816 97404 2724992 0 0 0 0 28 17 0 0 100 0 0
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 4532792 97412 2724984 0 0 0 68 211 340 1 1 97 0 0
0 1 0 4533312 97428 2724980 0 0 20 10574 945 849 1 7 55 36 1
1 0 0 4446004 97420 2805168 0 0 179 4404 1119 3817 11 9 73 5 2
1 0 0 4423212 97420 2823960 0 0 0 6984 1101 7801 19 10 60 0 11
1 0 0 4392896 97420 2847932 0 0 0 10924 1408 8646 20 15 61 0 4
1 0 0 4370208 97420 2867048 0 0 0 7644 997 6719 15 9 73 0 3
1 0 0 4343520 97420 2888740 0 0 0 10768 1236 7424 21 13 58 0 8
1 0 0 4317964 97428 2909456 0 0 0 11408 1335 6238 20 12 59 0 9
1 0 0 4297124 97428 2926644 0 0 0 10040 1158 5890 16 10 74 0 1
1 0 0 4281416 97428 2940348 0 0 0 4296 735 6210 14 4 79 0 3
1 0 0 4265972 97428 2954104 0 0 0 2868 691 6297 13 4 81 0 3
1 0 0 4242736 97428 2975012 0 0 0 4564 955 10067 21 8 66 0 5
1 0 0 4217148 97428 2996796 0 0 0 7040 1059 10220 23 9 61 0 8
1 0 0 4192024 97428 3019292 0 0 0 5256 1107 10753 24 8 63 0 4
1 0 0 4165704 97428 3043512 0 0 0 4240 1135 11862 26 7 66 0 1
1 0 0 4139056 97428 3067328 0 0 0 5184 1179 11436 25 9 63 0 3
1 0 0 4114124 97428 3090204 0 0 0 4200 1042 11076 23 7 64 0 6
1 0 0 4093592 97428 3103028 0 0 0 27320 1137 6365 12 15 58 11 4
1 0 0 4077564 97428 3122936 0 0 0 5000 957 9662 20 7 68 0 4
2 0 0 4056956 97428 3139108 0 0 0 22064 1426 7383 17 15 60 0 8
2 0 0 4043508 97428 3151752 0 0 0 18389 1228 5802 14 11 69 0 6
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 4032116 97428 3161168 0 0 0 48057 2334 4014 12 29 55 0 4
0 0 0 4022456 97428 3170792 0 0 0 42444 2208 3864 11 25 58 0 5
2 0 0 4012436 97428 3176364 0 0 0 35000 1310 3259 8 17 71 0 4
1 0 0 4007912 97428 3182172 0 0 0 46332 2095 3005 8 24 61 3 5
2 0 0 3999120 97428 3188468 0 0 0 47804 2062 2820 9 24 59 3 5
2 0 0 3996056 97428 3193124 0 0 0 45692 2248 2641 7 22 57 10 4
0 1 0 3986408 97428 3198288 0 0 0 48204 1703 2621 5 18 57 18 2
1 0 0 3984172 97428 3203504 0 0 0 41144 2119 2729 5 22 63 6 4
1 0 0 3979080 97428 3210696 0 0 0 39480 1582 3259 8 20 65 3 4
1 0 0 3964364 97428 3223272 0 0 0 10394 1140 5035 12 9 73 0 6
1 0 0 3940640 97428 3243824 0 0 0 5640 1014 9436 22 8 66 0 3
1 0 0 3912652 97428 3267928 0 0 0 5604 1120 11204 24 9 65 0 1
1 0 0 3875980 97428 3302288 0 0 0 10744 1571 8815 16 18 57 0 9
1 0 0 3817940 97428 3349316 0 0 0 25240 2875 2942 1 36 54 0 8
1 0 0 3755244 97428 3400224 0 0 0 31032 3200 3339 3 42 48 0 8
2 0 0 3661368 97428 3481976 0 0 0 31164 3279 3474 3 43 48 0 6
1 0 0 3602928 97428 3534648 0 0 0 33411 2293 2334 1 29 62 0 8
0 0 0 3579180 97428 3554604 0 0 0 48600 2403 2431 0 30 66 0 4
----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64)
2010-12-28 14:10 ` Robert.Heinzmann
@ 2010-12-28 18:59 ` Milan Broz
0 siblings, 0 replies; 7+ messages in thread
From: Milan Broz @ 2010-12-28 18:59 UTC (permalink / raw)
To: Robert.Heinzmann; +Cc: dm-crypt
On 12/28/2010 03:10 PM, Robert.Heinzmann@deutschepost.de wrote:
> What I also found was, that doing a simple
>
> "dmsetup table --showkeys" actually shows the dm_crypt master key in
> hex for the disk
>
> Isn't that a little bit too easy ? Should dmsetup not at least scrumble
> it (xxxxx) ?
That's why --showkeys is not default ;-)
And all automated customer-oriented reporting systems must not use this option
(see output from sosreport ot lvmdump - no key there)
If you are root, you have many other ways how to get key from memory,
hiding it here makes no sense.
> Otherwise this information can easily leak out into ticketing systems,
> support attachents etc.
Nope, --showkeys must be explicitly given by user for dmsetup.
Milan
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-12-28 18:59 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-27 17:03 [dm-crypt] ext3 + dm_crypt performance impact (CentOS 5.4 AMD64) Robert.Heinzmann
2010-12-27 20:41 ` Heinz Diehl
2010-12-28 9:52 ` Robert.Heinzmann
2010-12-28 12:04 ` Milan Broz
2010-12-28 14:10 ` Robert.Heinzmann
2010-12-28 18:59 ` Milan Broz
2010-12-28 15:19 ` Robert.Heinzmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.