Hi all
Attached is a patch for the dm_crypt HD encryption which use the OCF.
The patch includes a new Kconfig configuration option for OCF_DM_CRYPT,
When choosing this option the dm_crypt will use the OCF for dm_crypt
sector encryption/decryption,
When using the essiv mode, the essiv generation will use the kernel
cryptoAPIs.
Currently this patch support the following encryption algorithms:
DES-CBC, 3DES-CBC and AES-CBC.I tested this driver using AES-CBC, with OCF SW driver, it seems stable. I used the Bonnie benchmark to get some statistics: http://www.textuality.com/bonnie/ The bandwidth performance are much better when using the OCF dm_crypt. This might be explained since Bonnie is using a large blocks of io (crypt_convert get contexts of 512byte * 256), which cause the dm_crypt to Q few requests at a time, and this "multi tasking", cause that the HD and the CPU "bandwidth" are exploit in a better way. (I assume) When using mkfs.ext2 on large partition I see that the OCF dm_crypt requires about 7% more time then when using the standard dm_crypt. This can be explained since the mkfs.ext2 is mostly using writes of small blocks (crypt_convert get contexts of 512byte * 8), Which cause that we gets less "multi tasking", and as explained below the write request are not optimized in this patch. Currently the dm_crypt is implemented in a way that: for decryption (read requests), it is using the source buffer itself, While for the encryption (write requests), it is using a different buffer. The current implementation of the OCF only support encryption on the source buffer, which is not efficient for this case, therefore this patch has overhead of copying the buffers to be encrypted. Thanks to Evgeniy Polyakov for the Acrypto patch reference. Regards Ronen Shitrit Marvell Semiconductor Israel Ltd
ocf_dm_crypt.patch
Description: ocf_dm_crypt.patch
