Dm-crypt Performance
The dm-crypt module provides transparent block-level data encryption under Linux. Since dm-crypt works independently of applications and file systems, it can be easily used in many areas. In this short article we show how to increase the performance of dm-crypt from Linux kernel 5.9 onwards.
dm-crypt in the Linux storage stack
dm-crypt works as a device mapper target. The Linux Storage Stack Diagram shows at which level dm-crypt is used.
Performance improvements of Kernel 5.9
Ignat Korchagin (Technical Lead at Cloudfare) describes in an extensive blog article performance bottlenecks he encountered when using dm-crypt. As a result, he has written a Linux kernel patch that has found its way into Linux kernel 5.9 in a slightly modified form.
Detailed information about the performance optimizations can be found in the blog article:
- Speeding up Linux disk encryption (blog.cloudflare.com, 20.03.2020)
Linux Kernel Patch
The patch was included in Linux kernel version 5.9:
- dm crypt: add flags to optionally bypass kcryptd workqueues (git.kernel.org, 20.07.2020)
With the patch the following additional flags are available for configuration:
- DM_CRYPT_NO_READ_WORKQUEUE
- DM_CRYPT_NO_WRITE_WORKQUEUE
Confirmation test with Samsung PM1735
In a customer scenario we could confirm the dm-crypt performance improvement. In the affected system with Samsung PM1735 (MZPLJ3T2HBJR-00007) and Debian 10 (Linux kernel 4.19) a performance drop was detectable. An update to Debian 11 (Linux kernel 5.10) fixed the problem.
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|