/dev/mapper/dm_crypt-0다음을 지원하는 LUKS 장치입니다 /dev/sdc3.
$ sudo pv /dev/sdc3 >/dev/null
[ 503MiB/s]
$ sudo pv /dev/mapper/dm_crypt-0 >/dev/null
[72.0MiB/s]
따라서 암호화된 장치는 원시 장치보다 훨씬 느립니다. 왜?
top설명하다:
top - 20:07:52 up 9 min, 2 users, load average: 2.03, 1.42, 0.83
Tasks: 604 total, 3 running, 601 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 3.6 sy, 0.0 ni, 96.1 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st
GiB Mem : 472.4 total, 397.7 free, 0.9 used, 73.8 buff/cache
GiB Swap: 8.0 total, 8.0 free, 0.0 used. 469.3 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4845 root 20 0 0 0 0 R 81.2 0.0 0:21.96 kworker/u101:2+kcryptd/253:0
4846 root 20 0 0 0 0 R 81.2 0.0 0:16.22 kworker/u101:4+kcryptd/253:0
4844 root 20 0 5640 2200 1960 D 13.8 0.0 0:08.04 pv
4725 tange 20 0 9912 4624 3220 R 1.0 0.0 0:06.55 top
따라서 이는 단 2번의 암호 해독으로 인한 것일 수 있습니다 kcryptd. 시스템에는 48개의 코어가 있습니다.
성능이 이 2개로 제한되는 경우 kcryptd작업을 완료하고 500MB/s를 얻기 위해 어떻게 48개 코어를 더 사용할 수 있습니까?
나는 이것을 테스트했고 그것이 단일 스레드 문제일지도 모른다고 생각했습니다.
parallel --recend '' --pipepart -a /dev/mapper/dm_crypt-0 --block -1 'cat >/dev/null'
kcryptd에 지정된 대로 이는 더 많은 기능이 활성화되어 전체 500MB/s를 제공합니다 top. LUKS라는 뜻이니까 좋아요할 수 있는500MB/s의 속도를 제공합니다.
순차적 쓰기도 좋습니다(500MB/s는 아니지만 약 300MB/s - SSD 속도로 인해 제한될 수 있음).
따라서 문제는 순차 읽기에만 국한된 것 같습니다.
$ cat /proc/cpuinfo
processor : 47
vendor_id : AuthenticAMD
cpu family : 16
model : 9
model name : AMD Opteron(tm) Processor 6174
stepping : 1
microcode : 0x10000d9
cpu MHz : 2200.035
cache size : 512 KB
physical id : 1
siblings : 12
core id : 5
cpu cores : 12
apicid : 27
initial apicid : 27
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid amd_dcm pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt nodeid_msr hw_pstate vmmcall npt lbrv svm_lock nrip_save pausefilter
bugs : tlb_mmatch fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2
bogomips : 4400.20
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 48 bits physical, 48 bits virtual
power management: ts ttp tm stc 100mhzsteps hwpstate
$ sudo cryptsetup luksDump /dev/sdc3
LUKS header information
Version: 2
Epoch: 18
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 9498ddbe-9613-4ae3-8fb4-e65913d800c8
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
$ sudo cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 260580 iterations per second for 256-bit key
PBKDF2-sha256 717220 iterations per second for 256-bit key
PBKDF2-sha512 565574 iterations per second for 256-bit key
PBKDF2-ripemd160 403919 iterations per second for 256-bit key
PBKDF2-whirlpool 262669 iterations per second for 256-bit key
argon2i 4 iterations, 256407 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 4 iterations, 260616 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 74.8 MiB/s 130.1 MiB/s
serpent-cbc 128b 47.6 MiB/s 144.4 MiB/s
twofish-cbc 128b 116.1 MiB/s 137.4 MiB/s
aes-cbc 256b 33.5 MiB/s 68.5 MiB/s
serpent-cbc 256b 53.4 MiB/s 144.3 MiB/s
twofish-cbc 256b 125.7 MiB/s 150.8 MiB/s
aes-xts 256b 130.3 MiB/s 132.6 MiB/s
serpent-xts 256b 119.3 MiB/s 138.9 MiB/s
twofish-xts 256b 135.4 MiB/s 144.2 MiB/s
aes-xts 512b 99.0 MiB/s 102.7 MiB/s
serpent-xts 512b 136.8 MiB/s 138.9 MiB/s
twofish-xts 512b 144.9 MiB/s 144.3 MiB/s