Package: cryptsetup Version: 2:1.0.6-7 Followup-For: Bug #419571
I have another usecase for this wishlist item, one that'll hopefully expedite its implementation :-) Current mainstream CPUs seem to be able to do ~100MiB/s per core in aes-cbc-essiv:sha256 mode, assuming a 256 bit key. Since dm-crypt uses at most one thread per mapping this constitutes an upper bound on the performance of any one mapping. One could say that this is enough for most applications but the problem is, it only works as long as the underlying disk is significantly slower. If the disk can serve requests faster than dm-crypt can process them, and multiple processes/threads want to do I/O simultaneously, performance goes down the drain. Throughput is still fine but even a single streaming write will monopolize I/O for tens of seconds at a time, making the system unusable, especially if the root partition is on the same mapping. No, changing I/O schedulers does nothing. Nowadays that condition holds for any RAID arrays (my use case) but even single disks are fast enough to possibly be affected (anything SCSI, the VelociRaptor, newer 1TB+ disks on their outer tracks, ...) The established workaround for md raid5 at least seems to be to dm-crypt the component disks, raid those and (optionally) put lvm on top. Backwards as it sounds it actually works. Even though one is writing the data out n/(n-1) times and read-modify-write gets really ugly it still eliminates the starvation issues and gives a nice read performance boost to boot. Sadly initramfs-tools' initrd will not boot from such a setup (can't find root partition), though I can boot just fine from the busybox prompt. The main problem seems to be that the scripts will only activate one mapping at most, another is that cryptroot wants to run after mdadm. Thanks for reading, Chris -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use ii libc6 2.7-18 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libuuid1 1.41.3-1 universally unique id library cryptsetup recommends no packages. Versions of packages cryptsetup suggests: pn dosfstools <none> (no description available) ii initramfs-tools [linux-in 0.92o tools for generating an initramfs ii udev 0.125-7+lenny3 /dev/ and hotplug management daemo -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
