Home / ubuntu / Questions / 138820
Accepted
Leo
Asked: 2012-05-19 00:41:04 +0800 CST

Why is ecryptfs so slow when running du -s?

  • 772

I have been using Ubuntu's encrypted home folder system for some time now and have not really noticed any slowdowns except in two specific cases.

  1. When I run du -s in my home folder, it takes several times longer than when doing it on the same data on an unencrypted partition.
  2. When entering a folder containing >1000 images in Krusader, it takes 10-20 seconds before Krusader shows the files (it is completely unresponsive during that time).

Both seem to have to do with accessing several thousands of files without really reading any of their data, which seems to mean that the system will have to traverse lots and lots of inodes. I can't see why this would be slower on ecryptfs than when not using encryption though since this should still be IO-bound rather than CPU-bound even if the inodes are all encrypted.

Does anyone have any ideas?

encryption performance ecryptfs

1 Answers

  1. Best Answer

    Here's why, based on an explanation by one of the lead Canonical developers:

    • Getting a list of all filenames in a directory requires decoding, parsing and decrypting the lower filenames.

    • The stat() calls from du cause a lookup, which requires allocating an eCryptfs inode, reading part of the lower file metadata, checking to make sure it is an eCryptfs file and then parsing out the unencrypted file size to set the eCryptfs inode's i_size field. Keep in mind that reading the metadata from the lower filesystem involves reading a page into the lower filesystem's page cache.

    Put simply, the problem is not I/O rate, but IOPs -- huge numbers of IOPs!

    eCryptFS is getting better as it evolves: compare the Phoronix benchmarks of 9.10 vs. 11.10.

    You may want to consider dm-crypt, which has historically been faster and still seems to have an edge.

    • 5