From: Paul Millar <paul.millar@desy.de>
To: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Chris Mason <chris.mason@oracle.com>, linux-btrfs@vger.kernel.org
Subject: Re: A couple of questions
Date: Wed, 2 Jun 2010 15:40:24 +0200 [thread overview]
Message-ID: <201006021540.25725.paul.millar@desy.de> (raw)
In-Reply-To: <yq1ljaykh1z.fsf@sermon.lab.mkp.net>
On Tuesday 01 June 2010 15:39:52 Martin K. Petersen wrote:
> >>>>> "Paul" == Paul Millar <paul.millar@desy.de> writes:
> Paul> My concern is that, if the server-software doesn't push the
> Paul> client-provided checksum then the FS checksum (plus T-10 DIF/DIX)
> Paul> would not provide a rigorous assurance that the bytes are the
> Paul> same. Without this assurance, corruption could still occur; for
> Paul> example, within the server's memory.
>
> For DIX we allow integrity metadata conversion. Once the data is
> received, the server generates appropriate IMD for the next layer. Then
> the server verifies that the original IMD matches the data buffer. That
> way there's no window of error. But obviously the ideal case is where
> the same IMD can be passed throughout the stack without conversion.
I think we may be talking slightly at cross-purposes here: in my case, one of
the end-points (for "end-to-end data integrity") is a remote computer, that is
uploading a file with a corresponding checksum.
Please correct me if I'm wrong here, but T10 DIF/DIX refers only to data
integrity protection from the OS's FS-level down to the block device: a
userland application doesn't know that it is writing into a FS that is
utilising DIX with a DIF-enabled storage system.
When a file is uploaded from a remote client to an application with the
checksum, the app can verify this checksum internally. However, there's then
a (logical) gap between userland and FS where data integrity is no longer
assured. For example, corruption that occurs after the app has verified the
checksum value would not be picked up, even with T10 DIX/DIF, since the FS
would receive and store the already-corrupted data "in good faith".
In principle, one can add a btrfs-specific mechanism to continue this
assurance from userland down to the FS. Perhaps the simplest would be to
allow userland applications to read the FS's internal checksum (app would read
the FS internal checksum after writing and verify it is consistent), but I
guess more sophisticated (interleaved IMD, T10-like) mechanisms are also
possible.
Unfortunately, any such solution would be btrfs-specific, since (I believe) no
one has standardised how to extend T10 into userspace.
> Not sure what you use for file service? I believe NFSv4 allows for
> checksums to be passed along. I have not looked at them closely yet,
> though.
I believe NFS currently doesn't support checksums (as per v4.1). Looking into
more detail, Alok Aggarwal gave a talk at 2006 connectathon about this.
Alok's slides have a nice diagram (slide 11) showing the kind of end-to-end
integrity I'm after. The issue is how to achieve the assurance between "NFS
Server" and "Local FS" on the right.
For NFS, I believe there aren't any plans for introducing checksum support for
v4.2. Perhaps it'll appear with the later minor versions of the standard.
Cheers,
Paul.
next prev parent reply other threads:[~2010-06-02 13:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-27 13:39 A couple of questions Paul Millar
2010-05-27 14:56 ` Hubert Kario
2010-05-31 17:59 ` Paul Millar
2010-06-02 16:19 ` Hubert Kario
2010-05-27 16:00 ` Chris Mason
2010-05-31 18:06 ` Paul Millar
2010-05-31 20:33 ` Mike Fedyk
2010-06-02 11:56 ` Paul Millar
2010-06-01 13:39 ` Martin K. Petersen
2010-06-02 13:40 ` Paul Millar [this message]
2010-06-04 1:17 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201006021540.25725.paul.millar@desy.de \
--to=paul.millar@desy.de \
--cc=chris.mason@oracle.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).