For those making use of Device Mapper’s DM-VERITY target for transparent integrity checking of block devices, the upcoming Linux 6.19 kernel has an enticing performance optimization en route that for some processors can lead to nearly doubling the hashing performance.
Google engineer Eric Biggers continues making very significant performance optimizations to the Linux kernel crypto code. One of his latest focuses has been on enhancing dm-verity performance by using two-way interleaved SHA-256 hashing for data blocks.
Biggers explained with the commit achieving this performance breakthrough:
“When the crypto library provides an optimized implementation of sha256_finup_2x(), use it to interleave the hashing of pairs of data blocks. On some CPUs this nearly doubles hashing performance. The increase in overall throughput of cold-cache dm-verity reads that I’m seeing on arm64 and x86_64 is roughly 35% (though this metric is hard to measure as it jumps around a lot).
For now this is done only on data blocks, not Merkle tree blocks. We could use sha256_finup_2x() on Merkle tree blocks too, but that is less important as there aren’t as many Merkle tree blocks as data blocks, and that would require some additional code restructuring.”
A significant win for those relying on DM-VERITY integrity protections. This two-way interleaved SHA-256 hashing for DM-VERITY is queued into Device-Mapper’s “for-next” Git branch and thus is expected to become part of the Linux 6.19 kernel in the coming months.
