From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fz10H-000403-Md for garchives@archives.gentoo.org; Sat, 08 Jul 2006 00:49:02 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k680jq2S032343; Sat, 8 Jul 2006 00:45:52 GMT Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k680P55r031376 for ; Sat, 8 Jul 2006 00:25:05 GMT Received: by ug-out-1314.google.com with SMTP id j40so892929ugd for ; Fri, 07 Jul 2006 17:25:05 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Ki9Dh1DdziHihzYLveJA8tXhKv5EXkRsQ8DV31W6HHbQWGd3vJv9fNW9Jg3cAm+2TqDGmrFuKLAFdvINVrNW+AzCJytIYJ/JvNGRx23hRuFaG+5P+DqWca5zDmvZ/+x24E7LGjlcO33eJc8VbIvkWtgjY/7pSwdbC+wWdkjeTuQ= Received: by 10.78.167.12 with SMTP id p12mr925301hue; Fri, 07 Jul 2006 17:25:03 -0700 (PDT) Received: by 10.78.20.11 with HTTP; Fri, 7 Jul 2006 17:25:03 -0700 (PDT) Message-ID: <7573e9640607071725w48544a1bk5a92a224f1cef9cc@mail.gmail.com> Date: Fri, 7 Jul 2006 17:25:03 -0700 From: "Richard Fish" Sender: richard.j.fish@gmail.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] xfs recovery + kernel panic In-Reply-To: <44AEED06.5060202@ilievnet.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44AEB69A.1050109@ilievnet.com> <7573e9640607071327m640bdddej77cd08a9f5b4ace0@mail.gmail.com> <44AECE23.7050201@ilievnet.com> <7573e9640607071516w70014009pd149bff67efde9f0@mail.gmail.com> <44AEED06.5060202@ilievnet.com> X-Google-Sender-Auth: 0c2b8d43313059ba X-Archives-Salt: a725468e-29c6-471f-835b-b64541621b2d X-Archives-Hash: 8a98ebe341f13ca95531a58501cfbfa6 On 7/7/06, Daniel Iliev wrote: > A way out of the topic, but its a question that I want to ask. > What is the performance hit of using encrypted file system? > I hate laptops, but you never know ;-) Not so bad. I really don't notice any real performance problem using it, certainly not much worse than a typical laptop HD: carcharias rjf # hdparm -Tt /dev/sda /dev/sys/swap /dev/sda: Timing cached reads: 4096 MB in 1.99 seconds = 2053.20 MB/sec Timing buffered disk reads: 142 MB in 3.01 seconds = 47.17 MB/sec /dev/sys/swap: Timing cached reads: 4848 MB in 1.99 seconds = 2432.13 MB/sec HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate ioctl for device Timing buffered disk reads: 138 MB in 3.01 seconds = 45.79 MB/sec HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate ioctl for device The biggest hit is in CPU, and having a dual-core system helps *a lot* here. Running a "dd if=/dev/sys/root of=/dev/null bs=64k" while running top at the same time shows that kcryptd consumes about 75% of the processor time on a *single* CPU. BTW, I also use dm-crypt on my AMD X2 desktop at home. There I have a raid0 array which can read at almost 130MB/sec total bandwidth. If memory serves, using dm-crypt there cut my read bandwidth down to about 105MB/s, and writes to 90MB/s. The issue there seems mostly that dm-crypt is a single-thread, even when encrypting multiple devices, so cannot really take advantage of my dual-core processor in that system. I think loop-AES gives higher performance on that box due to having one thread per encrypted device, but it isn't enough for me to worry about. Side note: I think it is appalling that government and business laptops are generally so insecure. Every week brings news of yet another laptop theft that contained sensitive data for hundreds of thousands to millions of people, and oh, btw, we didn't encrypt it "because it's hard". Maybe I'm paranoid, but I like knowing that if my house is ever robbed and my computer stolen, I don't have to worry that the crooks have all my financial records! > Bug-report...Well I'm very confused here. Isn't it Gentoo the right > place to file > a bug-report at? After all these sources get patched with gentoo > patches. I haven't Well you can certainly file on bugs.gentoo.org, and let the gentoo devs work with upstream to find a fix. And in many cases that is the right thing to do, so I'll leave it up to you. My view is that Gentoo devs are all volunteers, and very busy, so if I come across an issue that is clearly a problem with $upstream, and not with any gentoo patches or compile options, and I feel confident that I can communicate properly with $upstream, then I will file the bug there instead. The fix can then get filtered down to Gentoo. In fact, if it might be awhile before the fix filters down, I would file a bug both places, with the gentoo one being "please apply patch referenced in http://bugs.upstream.org/#12345". > On the other hand gentoo people have masked these sources with "~" so they > could also refuse to take the report (unlikely,but..). Yeah, unlikely, considering that ~arch is supposed to be for testing!! > them and send bug-reports directly to the mainstream developers who of > course refuse to accept the report because Gentoo has patched their sources Well, like I said, for me this depends on the nature of the bug. So far I've never had $upstream reject a bug report because I was using Gentoo. Well, ok, I have, but that was a commercial software company that just said "try {RedHat,SuSe}". -Richard -- gentoo-user@gentoo.org mailing list