FS#63082 - Restore zfs encryption performace
Attached to Project:
Arch Linux
Opened by solenskiner (solenskiner) - Wednesday, 03 July 2019, 11:15 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 03 July 2019, 17:17 GMT
Opened by solenskiner (solenskiner) - Wednesday, 03 July 2019, 11:15 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 03 July 2019, 17:17 GMT
|
Details
Description:
In 5.0 __kernel_fpu_{begin,restore} were removed from the public interface, zfs needs them for AVX/AES-NI support. Without them for example throughput on a encrypted zfs dataset drops to 200 MB/s from 1.2 GB/s. These functions were removed as their was no user within the linux kernel tree itself. Apply the patch to restore said functions. Additional info: Worked in 4.20. Stopped working in 5.0. Has since been backported to -lts kernels linux upstream broke at: https://patchwork.kernel.org/patch/10711603/ linux upstream won't fix: https://marc.info/?l=linux-kernel&m=154714516832389&w=2 stable broke at: https://lkml.org/lkml/2019/4/30/471 zfs upstream issue: https://github.com/zfsonlinux/zfs/issues/8259 patch to restore said functions: https://github.com/NixOS/nixpkgs/pull/61076/commits/7b77c27caa8617c82df5c5af6b9ce6ae010d7f9a Steps to reproduce: make an zfs pool and and dataset on a nvme-drive (or fast enough raid array): zpool create /dev/nvme0 dataset zfs create dataset/test -o encryption=on -o keyformat=passphrase -o keylocation=prompt run any simple benchmark: dd if=/dev/zero of=/dataset/test/test oflags=direct downgrade to a non-affected version (not lts) pacman -U /var/cache/pacman/pkg/linux-4.1* reboot, recompile zfs so that the buildsystem picks up on the functions existing, reboot reboot wget https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=zfs-linux makepkg pacman -U spl* zfs* reboot load key, mount filesystem, run tests again, notice improvement zfs load-keys -a zfs mount -a dd if=/dev/zero of=/dataset/test/test oflags=direct |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 03 July 2019, 17:17 GMT
Reason for closing: Won't implement
Additional comments about closing: If upstream denied it, why should we override their decision?
Wednesday, 03 July 2019, 17:17 GMT
Reason for closing: Won't implement
Additional comments about closing: If upstream denied it, why should we override their decision?
Arch Linux follows upstream. We do not tend to patch software unless the patch is an upstream patch that was accepted by the project's upstream, but not yet released. If upstream has not approved a change, we need some *really* compelling reasons to make that call ourselves.
It adds maintenance burden to our packages, compromises our KISS principles, and results in software that does not behave the way upstream expects it to.
In this case, upstream has seen the proposal and has emphatically said "hell no". That's the end of the discussion. Bug rejected, appeal to reopen rejected rejected rejected and rejected again.
Let's add to that some case-specific details: some portion of the upstream developers don't just say "no", they say "I regard this change as an illegal violation of my copyright". Your politically motivated desire to just use zfs at all costs is insufficient grounds for actively picking a legal fight with upstream.
The zfsonlinux project has resigned itself to not using those functions. There have been suggestions in the community that the zfsonlinux project should never have ever ever used those functions, because using the functions may well be much slower and less performant (or at least more dangerous to stability) than using the kernel's preferred mechanism for such things, which is a userspace helper program.
So you want us to revert upstream changes for no solid technical reason and really, really bad (possibly illegal) political reasons, in order to better support a thirdparty module that we don't even officially support in the first place? What, because NixOS does something stupid we're obligated to do the same?
This opens up a more interesting, general question. Who is responsible to fix software when it breaks -- the developers of the software, the additional software that said software depends on, or downstream distributors of one or the other software? The famous, famous case study in why it is MORONIC for distros to take this on their on shoulders is, of course, the Debian OpenSSL fiasco: https://www.links.org/?p=327
Even if we wanted to patch the linux kernel for the sake of a speed optimization in specific use cases of some unofficial zfs package, we wouldn't do it, simply because it would engender a culture where it is "okay" to patch software just because we disagree with it. And that is something that should ideally be done *never*, and in the rare cases where it is done, it should only be done after much thought, engaging in dialogue with upstream to see whether it can be better solved in a central way, and a clear understanding of the benefits doing so will bring. Patching the kernel for openzfs only fulfills #2, and only by a technicality.
Now, there have already been three reopen requests, all of which have basically just said "but I want it and feel that Linus Torvalds and GregKH are being meaaaaaaaan to me", and don't actually offer any responses to the reason this was closed, which, may I remind you all, was "If upstream denied it, why should we override their decision?", followed up by "You seem to have mistaken Arch Linux for a distribution that has an *interest* in applying politically motivated downstream patches that upstream has explicitly rejected."
If there are further reopen requests, it might be necessary to suspend accounts. We don't care about repeated attempts to rationalize whether the code will still compile.