Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-78414

[Stratis] Hardware Assisted Integrity

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • stratisd
    • None
    • [Stratis] Hardware Assisted Integrity
    • None
    • rhel-storage-crs
    • ssg_platform_storage
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Acceptance Criteria

      1) Appropriate HW needs to be purchase for development and validation

      NPo2 drives have various modes/capabilities.

      The Samsung PM1735 is known to have 4 modes (512+0, 512+8, 4k+0, 4k+8) and can already be found in a number of beaker machines (beaker search).  This drive does not have a 5th mode (4k+64) and is only suitable for RAID testing.{}

      2) Issues should be created and test plans should be written for the following:

      • Stratis testing with NPo2 storage
      • Stratis can identify and configure NPo2 devices  (might depend on Stratis feature)
      • Stratis can create a pool using configured NPo2 devices
      • Full life cycle testing such as create, destroy, recreate, raid, encryption, starting, stopping, rebooting and the pool activates, and later upgrades work.
      • dm-integrity + RAID with NPo2 storage
      • similar testing as above with the addition of:
        • logs when corrupt data is found
        • can self heal corrupted data
        • All raid related tests, create, destroy, reshape, add / remove device
      • dm-integrity + authenticated encryption with NPo2 storage ( this could be a different feature and out of scope)
      • works with current company's authenticated encryption design
      • Approved by cryptsetup team

       

      Show
      Acceptance Criteria 1) Appropriate HW needs to be purchase for development and validation NPo2 drives have various modes/capabilities. The Samsung PM1735 is known to have 4 modes (512+0, 512+8, 4k+0, 4k+8) and can already be found in a number of beaker machines ( beaker search ).  This drive does not have a 5th mode (4k+64) and is only suitable for RAID testing.{ } 2) Issues should be created and test plans should be written for the following: Stratis testing with NPo2 storage Stratis can identify and configure NPo2 devices  (might depend on Stratis feature) Stratis can create a pool using configured NPo2 devices Full life cycle testing such as create, destroy, recreate, raid, encryption, starting, stopping, rebooting and the pool activates, and later upgrades work. dm-integrity + RAID with NPo2 storage similar testing as above with the addition of: logs when corrupt data is found can self heal corrupted data All raid related tests, create, destroy, reshape, add / remove device dm-integrity + authenticated encryption with NPo2 storage ( this could be a different feature and out of scope) works with current company's authenticated encryption design Approved by cryptsetup team  
    • None
    • None
    • None

      Description

      There are new NVMe drives emerging that have the capability to do non-power-of-2 (NPo2) sector sizes, usually 512+8, 4k+8, or 4k+64 bytes.  dm-integrity has developed support for this hardware.  Stratis can integrate the hardware assisted integrity features to improve performance.

       

      There are new NVMe drives emerging that have the capability to do non-power-of-2 (NPo2) sector sizes, usually 512+8, 4k+8, or 4k+64 bytes.  We can leverage this capability to improve the performance of dm-integrity substantially (> 2x).

      dm-integrity is a target that allows us to store a small bit of information about each sector - usually a checksum or CRC.  If the checksums match, we know that the data has not changed since it has been written - perhaps due to tampering or bit rot.  In effect, we are checking the "integrity" of the data, hence the name.

      Stratis can leverage this target by putting it under RAID.  If a sector is read and found to be bad, an error is returned.  This error will trigger RAID to re-read the data from a redundant source and attempt a rewrite to the original bad sector.  This often corrects the error (especially if due to bit rot) and is a form of self-healing.  The extra amount of data required to store the checksum for this type of use case is small - 8 bytes will do.

      Until this new NPo2 hardware became available, Stratis will use dm-integrity (when implemented - RHEL-23057) to store sector checksums separately on disk from the associated sectors. 

       

              dkeefe@redhat.com Dennis Keefe
              dkeefe@redhat.com Dennis Keefe
              stratis-team stratis-team
              Filip Suba Filip Suba
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: