[Gluster-devel] Transparent encryption in GlusterFS
edward at redhat.com
Thu May 5 20:23:45 UTC 2011
We are exploring a possibility to enhance the subject.
Unfortunately many serious encryption modes are "atomic".
That said, cipher transform (encryption/decryption) is
going on by "atoms", i.e. blocks of size more than 1 byte.
In particular this means that we need to read from disk
before performing a partial write. This creates problems
specific for stackable file system: our local copy of data
can get obsolete, if another process modifies the same
block, so that we'll end with loss of operations.
Suppose 2 processes overwrite a large file encrypted in
atomic cipher mode with atom size 8 bytes (e.g. DES-ECB).
Process A wants to overwrite one byte at offset #0, and
process B wants to overwrite one byte at offset #7, i.e.
the same block.
Process A puts a respective "atom" of plain text (the first
8 bytes of the file) to his stack;
Process B puts the same block of plain text to his stack;
Process B modifies its local copy of plain text (overwrite
the byte #7), encrypt the block and write the result to
Process A modifies its local copy of plain text (overwrite
the byte #0), encrypt the block and write the result to
Here we've lost the modification performed by B, since A
were not aware about those modification.
The straightforward solution is to serialize read-modify-writes.
I wonder if GlusterFS has any per-file serialization means,
that would allow to resolve this problem. Or maybe there are
possibilities to create such means. Any hints would be highly
Thank you in advance,
More information about the Gluster-devel