Severe LUKS Encryption Performance Regression on AMD Zen 4 (Ryzen 7 7840HS) with PVE Kernel on PCIe 4.0 NVMe

P

ppedro

Member
Apr 21, 2023
3
1
8

Hello​

I'd like to report and share data on a significant performance issue I've identified with LUKS full-disk encryption on my Gmktek k6 running the latest Proxmox VE.

Summary
When performing an fio benchmark on a standard LUKS-encrypted volume, the performance on Proxmox VE is approximately 8 times slower than on a fresh installation of Ubuntu 24.04 on the same mini PC.
I am convince after spending a whole day around the issue doing extensive testing, it is not user misconfiguration. The CPU governor is set to performance, and the LUKS on-disk format (cipher, data offset, etc.) is identical on both systems. The evidence overwhelmingly points to a performance regression within the PVE kernel's dm-crypt or storage driver stack.

Hardware

  • CPU: AMD Ryzen 7 7840HS w/ Radeon 780M Graphics
  • Proxmox Test Drive: SAMSUNG MZVL4512HBLU (PM9B1 OEM PCIe 4.0 x4 NVMe)
  • Ubuntu Test Drive: Samsung SSD 980 (PCIe 3.0 x4 NVMe)

Comparative Analysis Summary

This table summarizes the key findings from both installations on the same machine.

1750632036712.png

Benchmark Methodology

The following fio command was used to test sequential write performance on the LUKS-encrypted root volume of each OS installation.
Code: 
sudo fio --name=write_seq --directory=/tmp --size=1G --time_based --runtime=60s --ramp_time=2s --ioengine=libaio --direct=1 --verify=0 --bs=1M --iodepth=32 --rw=write --group_reporting=1

Random write performance:
Code: 
sudo fio --name=write_iops --directory=/tmp --size=1G --time_based --runtime=60s --ramp_time=2s --ioengine=libaio --direct=1 --verify=0 --bs=4K --iodepth=64 --rw=randwrite --group_reporting=1

Results:

  • Proxmox VE (on PCIe 4.0 SSD): WRITE: bw=248MiB/s (260MB/s)
  • Ubuntu 24.04 (on PCIe 3.0 SSD): WRITE: bw=1980MB/s (2076MB/s)

Configuration Data: luksDump

The on-disk LUKS format is identical on both systems, specifically the critical offset value.

sudo cryptsetup luksDump from Proxmox:
LUKS header information:
Code: 
LUKS header information
Version:       2
Epoch:         8
...
Data segments:
  0: crypt
    offset: 16777216 [bytes]
    length: (whole device)
    cipher: aes-xts-plain64
    sector: 512 [bytes]
...

sudo cryptsetup luksDump from Ubuntu 24.04:
LUKS header information:
Code: 
LUKS header information
Version:       2
Epoch:         3
...
Data segments:
  0: crypt
    offset: 16777216 [bytes]
    length: (whole device)
    cipher: aes-xts-plain64
    sector: 512 [bytes]
...

I am not raising this as a complain as I am thankful for using proxmox and all the efforts put on to this, this is my way to give to the community and improve the system.

Best regards,
PPedro
 
Last edited:
  • Like
Reactions: UdoB
1. please compare performance of the same device, else you are comparing apples to oranges
2. you can try the 6.14 opt-in kernel to see if there was some improvement on the kernel side, which does basically all of the heavy lifting here.
 
1. please compare performance of the same device, else you are comparing apples to oranges
Click to expand...
You are right, On Ubuntu with both drives with similar configuration (LVM on LUKS) using the fio test:

SAMSUNG MZVL4512HBLU PCIe 4.0SAMSUNG 980 PCIe 3.0
fio Sequential writes415MB/s2100MB/s
fio Random writes77.2MB/s1150MB/s

I never imagined that the drives had such a different performance, and I was using the samsung 980 as a data backup instead of using as my main system drive.

Now I know I took the wrong conclusion and it was a problem of the drives

Edit: more data points

Proxmox encrypted:
SAMSUNG MZVL4512HBLU PCIe 4.0SAMSUNG 980 PCIe 3.0
fio Sequential writes258MB/s2054MB/s
fio Random writes74.7MB/s1189MB/s

Proxmox un-encrypted:
SAMSUNG MZVL4512HBLU PCIe 4.0SAMSUNG 980 PCIe 3.0
fio Sequential writes2415MB/s2114MB/s
fio Random writes560MB/s900MB/s
 
Last edited:
You must log in or register to reply here.
Top Bottom