FSVERITY/DM-Verity Can Yield Much Better Performance With Multi-Buffer Hashing

In addition to recently working out AES-XTS implementations for AVX2, AVX-512, and other versions for speeding up disk/file encryption, Google's Eric Biggers has additionally been working on some nice performance improvements for the Linux kernel's DM-Verity code.

DM-Verity as a reminder is the Device Mapper means of providing transparent integrity checking of block devices using a cryptographic digest. With the pending code by Eric Biggers, there is improved performance coming by making use of multi-buffer hashing. He explained in this patch culminating the series:

"When supported by the hash algorithm, use crypto_shash_finup2x() to interleave the hashing of pairs of data blocks. On some CPUs this nearly doubles hashing performance. The increase in overall throughput of cold-cache dm-verity reads that I'm seeing on arm64 and x86_64 is roughly 35% (though this metric is hard to measure as it jumps around a lot)."

There's also a patch for FSVERITY to provide a similar performance benefit for file-based authenticity protection.

Quite a nice improvement coming to a kernel near you for those making use of DM-Verity and/or FSVERITY.