From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 24 Jun 2020 18:24:11 +0200 (CEST) Date: Wed, 24 Jun 2020 09:24:07 -0700 From: Eric Biggers Message-ID: <20200624162407.GB200774@gmail.com> References: <20200619164132.1648-1-ignat@cloudflare.com> <20200619164132.1648-2-ignat@cloudflare.com> <20200624050452.GB844@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] [RFC PATCH 1/1] Add DM_CRYPT_FORCE_INLINE flag to dm-crypt target List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Ignat Korchagin Cc: agk@redhat.com, Mike Snitzer , dm-devel@redhat.com, dm-crypt@saout.de, linux-kernel , kernel-team On Wed, Jun 24, 2020 at 09:24:07AM +0100, Ignat Korchagin wrote: > On Wed, Jun 24, 2020 at 6:04 AM Eric Biggers wrote: > > > > On Fri, Jun 19, 2020 at 05:41:32PM +0100, Ignat Korchagin wrote: > > > Sometimes extra thread offloading imposed by dm-crypt hurts IO latency. This is > > > especially visible on busy systems with many processes/threads. Moreover, most > > > Crypto API implementaions are async, that is they offload crypto operations on > > > their own, so this dm-crypt offloading is excessive. > > > > This really should say "some Crypto API implementations are async" instead of > > "most Crypto API implementations are async". > > The most accurate would probably be: most hardware-accelerated Crypto > API implementations are async > > > Notably, the AES-NI implementation of AES-XTS is synchronous if you call it in a > > context where SIMD instructions are usable. It's only asynchronous when SIMD is > > not usable. (This seems to have been missed in your blog post.) > > No, it was not. This is exactly why we made xts-proxy Crypto API > module as a second patch. But it seems now it does not make a big > difference if a used Crypto API implementation is synchronous as well > (based on some benchmarks outlined in the cover letter to this patch). > I think the v2 of this patch will not require a synchronous Crypto > API. This is probably a right thing to do, as the "inline" flag should > control the way how dm-crypt itself handles requests, not how Crypto > API handles requests. If a user wants to ensure a particular > synchronous Crypto API implementation, they can already reconfigure > dm-crypt and specify the implementation with a "capi:" prefix in the > the dm table description. I think you're missing the point. Although xts-aes-aesni has the CRYPTO_ALG_ASYNC bit set, the actual implementation processes the request synchronously if SIMD instructions are currently usable. That's always the case in dm-crypt, as far as I can tell. This algorithm has the ASYNC flag only because it's not synchronous when called in hardIRQ context. That's why your "xts-proxy" doesn't make a difference, and why it's misleading to suggest that the crypto API is doing its own queueing when you're primarily talking about xts-aes-aesni. The crypto API definitely can do its own queueing, mainly with hardware drivers. But it doesn't in this common and relevant case. - Eric