[PATCH] Faster software AES-XTS

[freenas-0x7f]

Hi,

I'm running FreeNAS 9.10 w/ a Xeon 3450 w/o AES-NI. I'm using GELI to encrypt my drives. I was experiencing high CPU during big transfers, and throughput was subpar. While software crypto will never be as fast as crypto w/ AES-NI, I was still surprised. Running benchmark w/ openssl gave more than 300MB/s per thread, so w/ 8 thread, software crypto should never have been a bottleneck.

Then I tested gzero.eli

Code:

geli onetime -s 4096 -l 128 -e aes-xts gzero

I got a mere 60MB/s... So I investigated, found some issues w/ FreeBSD crypto, nothing I could fix quickly. However, I found a patch that was meant to speed up the AES-NI module, that could be applied to the software crypto module, that was a low hanging fruit.

I ported the change into the crypto module ran some tests w/ gzero.eli (on FreeBSD 10.3 VM, on a faster computer) => Before patch: 79 MB/S, After patch: 112MB/S

I also tested the correctness by writing/reading an ISO image to an encrypted image and computing the checksum.

---

Now I would like to test on my main setup (I'm was testing in a VM) and push this patch into FreeNAS.

1. Testing: FreeNAS compile the crypto module statically into the kernel so I can't load my patch into my NAS kernel. Could someone provide clear instruction on where to download FreeNAS kernel source and how to compile the exact version I'm running. I would rebuilt a FreeNAS w/ crypto as a dynamic module.
2. Anyone interested in pushing this investigation further? We are far from what we can achieve with those processors. Any ideas?
3. Could I get help from the developer to integrate this into FreeNAS and upstream FreeBSD?

I include a tar.gz with my patch and the compiled "patched" crypto module (for objdump only, load at your own peril).

 

[JustinClift]

This sounds like something that should be discussed on the FreeBSD "hackers" mailing list first, so it can be investigated there:

https://lists.freebsd.org/mailman/listinfo/freebsd-hackers

Once it's added to FreeBSD, the patch can make it's way into FreeNAS.

Are you ok to subscribe to that mailing list and get the conversation started? :)

 

[jpaetzel]

That commit is in FreeNAS 9.10:

commit d01d35973aabd48fc2e219005c0b7d92d6411b41
Author: pjd <pjd@FreeBSD.org>
Date: Thu Oct 27 14:07:57 2011 +0000

Improve AES-NI performance for AES-XTS:
...

Could you clarify what you ported to FreeBSD 10.3? (https://svnweb.freebsd.org/base?view=revision&revision=226837 shows that commit in FreeBSD 10.3 as well)

 

[jpaetzel]

Oh, I see what you are saying, you applied the concepts in that patch to the software module. Submit a pull request and I'll include it.

 

[JustinClift]

Was there a PR?

 

[freenas-0x7f]

I will push one over the week-end.