Am 09.02.23 um 15:11 schrieb Matthew Wilcox:
On Thu, Feb 09, 2023 at 02:55:59PM +0100, Stefan Metzmacher wrote:
Hi Linus and others,
as written in a private mail before, I'm currently trying to
make use of IORING_OP_SPLICE in order to get zero copy support
in Samba.
I have to ask why. In a modern network, isn't all data encrypted?
No people use plain connections for performance sensitive
workloads and have client and server in isolated vlans.
So you have to encrypt into a different buffer, and then you checksum
that buffer. So it doesn't matter if writes can change the page cache
after you called splice(), you just need to have the data be consistent
so the checksum doesn't change.
SMB offers checksuming (signing) only as well as authenticated
encryption.
For signing only I experimented with splice() in combination with
tee(), so that I can checksum the data after reading from tee,
while I can still splice() into the socket.
For encryption the async_memcpy flag to preadv2 could be usefull
if we keep using userspace encryption using gnutls.
If using the kernel crypto socket, we could also use splice to
add the file data into the crypto functions and the same problem
can happen, because some algorithms may encrypt and sign the data
in separate steps and it doesn't expect the data to be changed.
metze