Re: [Qemu-devel] encrypt in threads

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] encrypt in threads

From:	Vladimir Sementsov-Ogievskiy
Subject:	Re: [Qemu-devel] encrypt in threads
Date:	Fri, 30 Nov 2018 10:04:57 +0000

30.11.2018 12:48, Daniel P. Berrangé wrote:
> On Thu, Nov 29, 2018 at 06:28:44PM +0000, Vladimir Sementsov-Ogievskiy wrote:
>>
>> On 27.11.2018 16:08, Daniel P. Berrangé wrote:
>>> On Thu, Nov 22, 2018 at 01:01:20PM +0000, Vladimir Sementsov-Ogievskiy 
>>> wrote:
>>>> 21.11.2018 20:30, Vladimir Sementsov-Ogievskiy wrote:
>>>>> Hi Daniel!
>>>>>
>>>>> After moving compression to threads in Qcow2 it's an obvious next step to
>>>>> "threadyfy" encryption in Qcow2 too.
>>>>>
>>>>> But it turned out to be not as simple as I assumed. If I call 
>>>>> qcrypto_block_encrypt
>>>>> in parallel threads with the same first argument (block), it just produce 
>>>>> wrong
>>>>> things (pattern verification fails in iotests)..
>>>>>
>>>>> So, can you advise the way to parallelize encryption/decryption?
>>>>>
>>>> Hmm, just creating QCryptoBlock per each thread helped. Is it correct 
>>>> thing to do?
>>> That's rather a heavy weight approach and would cause pain when we want
>>> to support future options such as keyslot updates, and in the future,
>>> LUKSv2 with master key changes.
>>>
>>> Probably what's needed is change to QCryptoBlock struct so that there
>>> can be multiple QCryptoCipher instances allocated - one per thread.
>>>
>>> We might also need to introduce some locking around usage of the
>>> QCryptoIVGen object, since that has a QCryptoCipher handle too.
>>
>>
>> Can we also create QCryptoIVGen per thread, as QCryptoCipher? Or it
>> should be one? If one, why my implementation with QCryptoBlock per
>> thread works (at least it passes iotests, hmm)
> 
> The only IV generator that uses ciphers is the "essiv" one. Even that
> one uses the cipher in ECB mode, so there is no initialization vector
> required for its internal cipher. This means there's no critical
> shared state that would be overwritten by threads. Thus using a
> separate QCryptoCipher per thread for the essiv IV gen is overkill.
> None the less I think we should protect the IV generator calls with
> a mutex just to be safe. I don't think the mutex would have a notable
> impact on performance of the iv generator.

But if we use mutex, it means that we can't generate two ivs in parallel,
and then, it becomes better to have separate iv-gen per thread, instead
of only one, protected by mutex. (or I don't follow)

> 
> Regards,
> Daniel
> 


-- 
Best regards,
Vladimir

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/21
- Re: [Qemu-devel] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/22
  - Re: [Qemu-devel] encrypt in threads, Daniel P . Berrangé, 2018/11/27
    - Re: [Qemu-devel] encrypt in threads, Vladimir Sementsov-Ogievskiy, 2018/11/29
    - Re: [Qemu-devel] encrypt in threads, Daniel P . Berrangé, 2018/11/30
    - Re: [Qemu-devel] encrypt in threads, Vladimir Sementsov-Ogievskiy <=
    - Re: [Qemu-devel] encrypt in threads, Daniel P . Berrangé, 2018/11/30
- Re: [Qemu-devel] encrypt in threads, Daniel P . Berrangé, 2018/11/27

Prev by Date: Re: [Qemu-devel] [PATCH v2] glib-compat: work around g_test_message bug with subprocess tests
Next by Date: Re: [Qemu-devel] [PATCH for-3.2 0/4] build-sys: require Vista API by default globally
Previous by thread: Re: [Qemu-devel] encrypt in threads
Next by thread: Re: [Qemu-devel] encrypt in threads
Index(es):
- Date
- Thread