On Mon, Jun 17, 2013 at 11:48:18AM +0000, Myklebust, Trond wrote: > > On Jun 17, 2013, at 7:01 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > Encryption certainly can be a problem, but integrity isn't > > necessarily one. > > > > Basically the idea would be to receive the data off the socket into > > a set of pages and then splice those into the correct spot in the > > local file. In both the privacy and integrity cases, you just have > > an extra step in between. Privacy *may* mean an extra copy too > > (though some of the crypto routines can decrypt data in place), but > > handling integrity shouldn't. > > > > The tricky parts (I think) are determining how to lay out the > > received data into the pages you eventually want to splice into the > > file before you receive that data in, and how to deal with it when > > the WRITE doesn't cover an entire page. > > Once you've copied the data one time, most of the advantage of > splice() is gone, since a copy will then exist in processor cache > memory and can be duplicated quickly. Well, worst case you could turn it off in krb5i/krb5p cases and maybe still get some benefit in the auth_sys case? I suspect it will be a fair amount of work just to get enough of a prototype up that you can start to measure the benefit (if any). So this isn't going to happen without someone pretty committed to the idea. (And such a person would be better off starting by describing the actual probem they're trying to solve before jumping to the conclusion that splice is the solution.) --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
