Re: Performance issue LUKS1 vs LUKS2

[Milan Broz <gmazyland@gmail.com>]

On 4/26/23 16:53, Lodewyk van der Westhuizen wrote:
> Hey All,
> 
> Sorry for the long message but figured the more detail the better... I
> was hoping someone could point me in the right direction. I have
> machine that runs two different operating systems + cryptsetup
> versions and I am seeing big slowdown on the newer setup. Please see
> details below:
> 
> Setup 1 (using LUKS1):
> cryptsetup 1.7+
> kernel 3.10.0
> 
> Setup 2 (using LUKS2):
> cryptsetup 2.3+
> kernel 4.18.0

NOTE: LUKS1 is not cryptsetup version 1.x, it ia a metadata format.
All recent cryptsetup 2.x versions can use LUKS1 as well - just use "--type luks1"
in format (so you will compare the same formats on different kernels).

> 
> Hardware:
> CPU(s):                48
> On-line CPU(s) list:   0-47
> Thread(s) per core:    2
> Core(s) per socket:    12
> Socket(s):             2

You mean slowdown with access to encrypted data, not unlocking time, right?

The difference is almost for sure in kernel, LUKS2 is only about key management
(the dm-crypt parameters should be the same in the end).

But kernel 3.10 is really very old, so if it is "enterprise" heavily patched distro,
it is hard to say if it is really 3.10 or it includes a lot more recent backported changes.

Which crypto modules are used? What architecture it is - do you use AES-NI
acceleration on both systems?

> When running cryptsetup benchmark the results are the same (but AFAIK
> it only uses a single core for that).

Benchmark calls userspace kernel API, so it should use more cores
(you can easily see it for CBC mode - decryption should be always faster
as it can be run in parallel - unlike encryption).
But benchmark does not use dm-crypt, and dm-crypt changed a lot between kernels 3.x/4.x.

> I am using the same encryption algorithm/cipher - the only difference
> is the LUKS format (using LUKS2 instead of LUKS1). On the older
> machine there is good cpu utilization amongst the cores but for the
> newer setup performance is roughly a 1/3 of older setup. It's as if
> the other socket + cores are not being used at all.> 
> Here is how I format/encrypt (again only difference would be luks1 vs luks2):
> 
> cryptsetup luksFormat --verbose --batch-mode --type luks2 --cipher
> aes-cbc-essiv:sha256 partition

Is the keysize 256bits in both cases? You should paste luksDump from both
systems to be sure.

> 
> Perhaps I am just missing a flag with the new setup?

There are some flags to try that can help (basically revert dmcrypt behaviour),
search for "-perf-*" flags in man page.
Try luksOpen with -perf-same_cpu_crypt and/or --perf-submit_from_crypt_cpus
for luksOpen.

Also, you should use XTS mode, its should be faster here (at least for encryption).

Milan