Re: [dm-devel] [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency

From: Arnd Bergmann
Date: Wed Jan 13 2016 - 05:17:47 EST

On Tuesday 12 January 2016 21:18:12 Mikulas Patocka wrote:
> On Wed, 13 Jan 2016, Arnd Bergmann wrote:
> > On Tuesday 12 January 2016 18:31:19 Mikulas Patocka wrote:
> > >
> > > Another possibility is to use dm-crypt block size 4k and use a filesystem
> > > with 4k blocksize on it (it will never send requests not aligned on 4k
> > > boundary, so we could reject such requests with an error).
> >
> > Is there ever a reason to use something other than 4K block size on
> > dm-crypt?
> >
> > Arnd
> You can't use 4k block on CBC (and most other encryption modes). If only a
> part of 4k block is written (and then system crash happens), CBC would
> corrupt the block completely.
> For example, suppose that EXT2 directory block is updated, the first
> 512-byte sector is written and the rest of the sectors is not written
> because of a crash. CBC would corrupt all sectors except the first one in
> this case.
> You could use 4k block on XTS and ECB.

Ah, I did not know that ext2 was doing sub-block writes. This may be
something to address in the ext4 code (and other file systems), as
a lot of flash storage devices (SD cards and eMMC) get really slow
when you do writes smaller than 4K because of the internal
read-modify-write cycle. Ideally you want to always drive those
using 64K writes (for reads, it doesn't matter much).

For hard drives, there are still a couple of older models that have
native 512 byte sectors, but the majority of new drivers also
prefers 4K writes. SSDs are typically optimized for 4K writes because
that is what they expect software to do, but they use larger writes