Re: [Qemu-block] encrypt in threads

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] encrypt in threads

From:	Daniel P . Berrangé
Subject:	Re: [Qemu-block] encrypt in threads
Date:	Fri, 30 Nov 2018 09:48:47 +0000
User-agent:	Mutt/1.10.1 (2018-07-13)

On Thu, Nov 29, 2018 at 06:28:44PM +0000, Vladimir Sementsov-Ogievskiy wrote:
> 
> On 27.11.2018 16:08, Daniel P. Berrangé wrote:
> > On Thu, Nov 22, 2018 at 01:01:20PM +0000, Vladimir Sementsov-Ogievskiy 
> > wrote:
> >> 21.11.2018 20:30, Vladimir Sementsov-Ogievskiy wrote:
> >>> Hi Daniel!
> >>>
> >>> After moving compression to threads in Qcow2 it's an obvious next step to
> >>> "threadyfy" encryption in Qcow2 too.
> >>>
> >>> But it turned out to be not as simple as I assumed. If I call 
> >>> qcrypto_block_encrypt
> >>> in parallel threads with the same first argument (block), it just produce 
> >>> wrong
> >>> things (pattern verification fails in iotests)..
> >>>
> >>> So, can you advise the way to parallelize encryption/decryption?
> >>>
> >> Hmm, just creating QCryptoBlock per each thread helped. Is it correct 
> >> thing to do?
> > That's rather a heavy weight approach and would cause pain when we want
> > to support future options such as keyslot updates, and in the future,
> > LUKSv2 with master key changes.
> >
> > Probably what's needed is change to QCryptoBlock struct so that there
> > can be multiple QCryptoCipher instances allocated - one per thread.
> >
> > We might also need to introduce some locking around usage of the
> > QCryptoIVGen object, since that has a QCryptoCipher handle too.
> 
> 
> Can we also create QCryptoIVGen per thread, as QCryptoCipher? Or it 
> should be one? If one, why my implementation with QCryptoBlock per 
> thread works (at least it passes iotests, hmm)

The only IV generator that uses ciphers is the "essiv" one. Even that
one uses the cipher in ECB mode, so there is no initialization vector
required for its internal cipher. This means there's no critical
shared state that would be overwritten by threads. Thus using a
separate QCryptoCipher per thread for the essiv IV gen is overkill.
None the less I think we should protect the IV generator calls with
a mutex just to be safe. I don't think the mutex would have a notable
impact on performance of the iv generator.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-block] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/21
- Re: [Qemu-block] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/22
  - Re: [Qemu-block] encrypt in threads, Daniel P . Berrangé, 2018/11/27
    - Re: [Qemu-block] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/29
    - Re: [Qemu-block] encrypt in threads, Daniel P . Berrangé <=
    - Re: [Qemu-block] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/30
    - Re: [Qemu-block] encrypt in threads, Daniel P . Berrangé, 2018/11/30
- Re: [Qemu-block] encrypt in threads, Daniel P . Berrangé, 2018/11/27

Prev by Date: [Qemu-block] [PATCH v3 02/21] block/noenand: Convert sysbus init function to realize function
Next by Date: Re: [Qemu-block] [Qemu-devel] qemu-iotests 232 fails when running the test as root user
Previous by thread: Re: [Qemu-block] encrypt in threads
Next by thread: Re: [Qemu-block] encrypt in threads
Index(es):
- Date
- Thread