diff options
Diffstat (limited to 'lib/geom/eli')
| -rw-r--r-- | lib/geom/eli/Makefile | 5 | ||||
| -rw-r--r-- | lib/geom/eli/geli.8 | 48 | ||||
| -rw-r--r-- | lib/geom/eli/geom_eli.c | 1 |
3 files changed, 44 insertions, 10 deletions
diff --git a/lib/geom/eli/Makefile b/lib/geom/eli/Makefile index 1bc31a5f66b2..a22eacb9d7e8 100644 --- a/lib/geom/eli/Makefile +++ b/lib/geom/eli/Makefile @@ -1,14 +1,11 @@ - PACKAGE=geom -.PATH: ${.CURDIR:H:H}/misc ${SRCTOP}/sys/geom/eli ${SRCTOP}/sys/crypto/sha2 +.PATH: ${SRCTOP}/sys/geom/eli GEOM_CLASS= eli SRCS= g_eli_crypto.c SRCS+= g_eli_hmac.c SRCS+= g_eli_key.c SRCS+= pkcs5v2.c -SRCS+= sha256c.c -SRCS+= sha512c.c LIBADD= md crypto diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8 index c378c591290c..876caf67ab40 100644 --- a/lib/geom/eli/geli.8 +++ b/lib/geom/eli/geli.8 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 18, 2022 +.Dd April 24, 2024 .Dt GELI 8 .Os .Sh NAME @@ -851,6 +851,15 @@ This variable should be set in Specifies how many times the Master Key is overwritten with random values when it is destroyed. After this operation it is filled with zeros. +.It Va kern.geom.eli.use_uma_bytes +.Nm +must allocate a buffer for every write operation, used when performing +encryption. +This sysctl reports the maximum size in bytes for which geli will perform the +allocation using +.Xr uma 9 , +as opposed to +.Xr malloc 9 . .It Va kern.geom.eli.visible_passphrase : No 0 If set to 1, the passphrase entered on boot will be visible. This alternative should be used with caution as the entered @@ -863,11 +872,14 @@ Specifies how many kernel threads should be used for doing software cryptography. Its purpose is to increase performance on SMP systems. If set to 0, a CPU-pinned thread will be started for every active CPU. +Note that this variable must be set prior to attaching +.Nm +to a disk. .It Va kern.geom.eli.batch : No 0 When set to 1, can speed-up crypto operations by using batching. Batching reduces the number of interrupts by responding to a group of crypto requests with one interrupt. -The crypto card and the driver has to support this feature. +The crypto card and the driver have to support this feature. .It Va kern.geom.eli.key_cache_limit : No 8192 Specifies how many Data Keys to cache. The default limit @@ -884,13 +896,41 @@ Reports how many times we were looking up a Data Key and it was not in cache. This sysctl is not updated for providers that need fewer Data Keys than the limit specified in .Va kern.geom.eli.key_cache_limit . -.Va kern.geom.eli.unmapped_io +.It Va kern.geom.eli.unmapped_io Enable support for unmapped I/O buffers, currently implemented only on 64-bit platforms. This is an optimization which reduces the overhead of I/O processing. This variable is intended for debugging purposes and must be set in .Pa /boot/loader.conf . .El +.Sh PERFORMANCE CONSIDERATIONS +The default value of +.Va kern.geom.eli.threads +is usually good for a system with one SSD. +However, it may need to be lowered on systems with many disks, +so as to avoid creating too much thread-switching overhead. +On systems with more disks than CPUs, it's best to set this variable +to 1. +.Pp +.Nm +internally uses +.Xr malloc 9 +to allocate memory for operations larger than +.Va kern.geom.eli.use_uma_bytes , +but malloc is slow for allocations larger than +.Va vm.kmem_zmax . +So it's best to avoid writing more than +.Ms MAX(kern.geom.eli.use_uma_bytes, vm.kmem_zmax) +in a single write operation. +On systems that format +.Xr zfs 4 +on top of +.Nm , +the maximum write size can be controlled by +.Va vfs.zfs.vdev.aggregation_limit +and +.Va vfs.zfs.vdev.aggregation_limit_non_rotating +for HDDs and SSDs, respectively. .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. .Sh EXAMPLES @@ -1202,10 +1242,8 @@ after the first time a provider is attached and before it is initialized in this way. .Sh SEE ALSO .Xr crypto 4 , -.Xr gbde 4 , .Xr geom 4 , .Xr loader.conf 5 , -.Xr gbde 8 , .Xr geom 8 , .Xr crypto 9 .Sh HISTORY diff --git a/lib/geom/eli/geom_eli.c b/lib/geom/eli/geom_eli.c index 1efb760830c4..4dd1c5dea35d 100644 --- a/lib/geom/eli/geom_eli.c +++ b/lib/geom/eli/geom_eli.c @@ -26,7 +26,6 @@ * SUCH DAMAGE. */ -#include <sys/cdefs.h> #include <sys/param.h> #include <sys/mman.h> #include <sys/sysctl.h> |