From: David Howells <dhowells@redhat.com>
To: Patrick Donnelly <pdonnell@redhat.com>
Cc: dhowells@redhat.com, Alex Markuze <amarkuze@redhat.com>,
Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>,
Ilya Dryomov <idryomov@gmail.com>, Xiubo Li <xiubli@redhat.com>,
Jeff Layton <jlayton@kernel.org>,
ceph-devel@vger.kernel.org, netfs@lists.linux.dev,
linux-fsdevel@vger.kernel.org
Subject: Re: Ceph and Netfslib
Date: Wed, 18 Dec 2024 19:36:56 +0000 [thread overview]
Message-ID: <3991743.1734550616@warthog.procyon.org.uk> (raw)
In-Reply-To: <CA+2bHPbSWHEkJso18Ua=k+OccZq4HzuOLAmZYTD1d5auDxQ9Vw@mail.gmail.com>
Patrick Donnelly <pdonnell@redhat.com> wrote:
> On Wed, Dec 18, 2024 at 1:33 PM David Howells <dhowells@redhat.com> wrote:
> > Also, that would include doing things like content encryption, since that
> > is generally useful in filesystems and I have plans to support it in both
> > AFS and CIFS as well.
>
> Would this be done with fscrypt? Can you expand on this part?
Since ceph already uses fscrypt, I would need to maintain that.
If you look here:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=netfs-crypt
I have patches to provide content crypto for netfslib (not upstream yet). If
you look at the afs patch at the top, you can see my hacked up AFS testing
implementation - though it isn't a complete solution as I don't currently have
a way to store the actual EOF there[*].
I add two new methods, encrypt_block and decrypt_block, for netfslib to call
out to the filesystem to actually do the encryption.
On the write/encryption side, netfslib creates one or more subrequests to do
the encryption, allowing it to be done asynchronously (I have it offloading to
my Intel QAT card), collecting the completed encryption subreqs as they're
done and dispatching the write I/O subrequests to the server and/or the local
cache as the ciphertext becomes available.
[Note: one reason I'm doing this in netfslib is so that the same
content-encrypted data is written to both the server and the local cache]
Currently, I create one subreq per fscrypt block to be encrypted (e.g. 4KiB),
but that feels a bit on the heavy side and some throttling is probably
necessary.
Netfslib takes care of encrypting multipage folios that are spanned by
multiple crypto blocks, calling out to the filesystem for each.
How and where the filesystem does the crypto is up to the filesystem - it can
offload it to fscrypt. It may be possible to have the filesystem load what it
needs into netfs_io_request for fscrypt to pick up and then make the method
pointers point directly to fscrypt. I don't really want to make the netfslib
module directly dependent on fscrypt, though this could be done to improve
performance.
On the read/decryption side, netfslib currently expects the filesystem to
synchronously decrypt the data, though I should also look at making that
asynchronous now that I have patches to do move read collection for a single
request to working in a single work item instead of a bunch of work items all
competing with each other. One thing I want to avoid is scheduling async
decryption out of order just because the RPC ops finish out of order.
David
[*] Actually, I may have thought of a way to store the EOF in AFS today. The
problem is that I have to round up the EOF to a full crypto block (e.g. 16 or
32 bytes for AES) but don't have anywhere to store the real EOF (no xattrs for
example).
So what I'm thinking is that I can just store a trailer of the crypto block
size of all zeros and then encrypt whatever of it that I need. The trailer
will always be there (unless a zero-length file), always be right after the
EOF and always be the same length, so the AFS fs can trivially calculate the
real EOF size if it knows the algorithm used.
Further, AFS has a StoreData op that "atomically" does a truncate and write,
so maintaining a trailer is pretty straightforward.
next prev parent reply other threads:[~2024-12-18 19:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-18 18:33 Ceph and Netfslib David Howells
2024-12-18 18:47 ` Patrick Donnelly
2024-12-18 19:36 ` David Howells [this message]
2024-12-18 19:06 ` Viacheslav Dubeyko
2024-12-18 19:48 ` David Howells
2024-12-23 23:13 ` Viacheslav Dubeyko
2024-12-24 12:56 ` Matthew Wilcox
2024-12-24 21:52 ` Viacheslav Dubeyko
2025-01-09 0:53 ` Viacheslav Dubeyko
2024-12-18 19:43 ` David Howells
2025-03-05 16:34 ` Is EOLDSNAPC actually generated? -- " David Howells
2025-03-05 19:23 ` Alex Markuze
2025-03-05 20:22 ` David Howells
2025-03-06 13:19 ` Alex Markuze
2025-03-06 13:48 ` David Howells
2025-03-06 13:55 ` Alex Markuze
2025-03-06 13:58 ` Venky Shankar
2025-03-06 14:13 ` David Howells
2025-03-06 14:23 ` Alex Markuze
2025-03-06 16:21 ` Gregory Farnum
2025-03-06 17:18 ` Alex Markuze
2025-03-06 15:55 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3991743.1734550616@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=Slava.Dubeyko@ibm.com \
--cc=amarkuze@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=netfs@lists.linux.dev \
--cc=pdonnell@redhat.com \
--cc=xiubli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox