Search

CN-121598411-B - Fine granularity encryption metadata protection method, device and equipment for persistent memory

CN121598411BCN 121598411 BCN121598411 BCN 121598411BCN-121598411-B

Abstract

The application relates to a method, a device and equipment for protecting fine granularity encryption metadata facing to a persistent memory, which relate to the technical field of computer storage and comprise the steps of responding to a write request of metadata corresponding to received plaintext data in the process of carrying out fine granularity encryption on the plaintext data in the persistent memory, and generating a versioned write-before log entry corresponding to the metadata; the method comprises the steps of taking a minimum consistency unit as a merging granularity, merging log entries before versioning writing to obtain a log micro batch, responding to successful execution of an atomic commit operation corresponding to the log micro batch, generating committed micro-transactions corresponding to metadata and generating stability certificates corresponding to the committed micro-transactions, and executing recovery judgment and data restoration flow according to daemon predicates and stability certificates in the log entries before versioning writing after system crash to generate persistent metadata.

Inventors

  • ZHU XINYU
  • LI HUI
  • FEI YICHAO
  • WANG HAI
  • Liu Liluo
  • BAO JIAKUN
  • YANG SHAOJIE

Assignees

  • 中国铁塔股份有限公司江苏省分公司

Dates

Publication Date
20260508
Application Date
20260130

Claims (9)

  1. 1. The fine granularity encryption metadata protection method for the persistent memory is characterized by comprising the following steps of: In the process of carrying out fine-granularity encryption on the plaintext data in the persistent memory, responding to a write request of the metadata corresponding to the plaintext data, generating a versioned write-ahead log entry corresponding to the metadata, wherein the versioned write-ahead log entry is a versioned log entry, is associated with a system version domain, is generated before the write operation corresponding to the write request is executed, and is embedded with a guard predicate, and is used for formally describing the consistency state which the metadata must satisfy before and after the write operation; Merging the log entries before versioning writing by taking a minimum consistency unit as merging granularity to obtain a log micro batch, wherein the minimum consistency unit comprises cotyledon nodes corresponding to the same cache line in the persistent memory and associated father leaf nodes; responding to successful execution of the atomic commit operation corresponding to the log micro batch, generating committed micro-transactions corresponding to the metadata, and generating stability certificates corresponding to the committed micro-transactions; after the system crashes, executing recovery judgment and data restoration processes according to the daemon predicate in the versioned write-ahead log entry and the stability certificate to generate persistent metadata; The generating the versioned write-ahead log entry corresponding to the metadata includes: obtaining a counter row version snapshot and a father leaf node version snapshot of a target address of the plaintext data in the persistent memory; Constructing a front daemon predicate corresponding to the metadata according to the counter row version snapshot and the father leaf node version snapshot, wherein the front daemon predicate comprises local consistency assertion corresponding to the current state of the metadata and is used for judging the consistency of the metadata before the write operation is executed; generating the versioned pre-write log entry based on the pre-daemon predicate and pre-stored version propulsion evidence, wherein the version propulsion evidence is used for forcing version unidirectional propulsion; The method further comprises the steps of: and constructing a post daemon predicate corresponding to the metadata, wherein the post daemon predicate comprises local consistency assertion corresponding to the metadata target state and is used for judging the consistency of the metadata after the write operation is executed.
  2. 2. The method of claim 1, wherein prior to the successful execution of the atomic commit operation corresponding to the log micro-batch, generating a committed micro-transaction corresponding to the metadata, and generating a stability credential corresponding to the committed micro-transaction, the method further comprises: Based on the disjunctive paradigm, integrating the post-daemon predicates in the versioned write-ahead log entries belonging to the same father leaf node to obtain a final daemon corresponding to the metadata, wherein the final daemon is used for checking the overall consistency of the metadata corresponding to the log micro batch when the atomic commit operation corresponding to the log micro batch is executed; Constructing an atomic predicate fence, wherein the atomic predicate fence is used for packaging the final daemon abstract and the version pushing evidence and is used as a double verification point of metadata consistency and version security when recovering data after system crash; the atomic predicate fence is persisted to the persistent memory before the committed micro-transaction is marked according to a set commit bit.
  3. 3. The method of claim 2, wherein integrating the post-daemon predicates in the versioned write-ahead log entries attributed to the same parent leaf node based on the disjunctive paradigm to obtain the final daemon digest corresponding to the metadata comprises: dividing the post daemon predicate into a safety predicate corresponding to a system verifiability index and a performance predicate corresponding to a system performance index according to semantic rules and application requirements corresponding to the disjunctive paradigm; And respectively aggregating the security predicates and the performance predicates based on different processing strategies, and generating a final daemon digest according to a final aggregation state obtained by aggregation.
  4. 4. The method of claim 2, wherein after the obtaining the log micro batch, the method further comprises: based on the real-time state of the father leaf node related to the log micro batch and the cotyledon update abstract of the child leaf node in the log micro batch, generating father front image promise corresponding to the father leaf node, wherein the father front image promise is used for verifying the integrity of father-son data relationship in the log micro batch during system crash recovery; And recording a tearing prevention allowance in the father leaf node associated with the log micro batch, wherein the tearing prevention allowance is used for representing the number of cotyledon nodes which do not finish persistent storage in the log micro batch so as to provide a rollback boundary for the incompletely written log micro batch during system crash recovery.
  5. 5. The method of claim 4, wherein the generating the stability credential corresponding to the committed micro-transaction comprises: Generating a credential fragment corresponding to the submitted micro-transaction, wherein the credential fragment is used for packaging intra-batch self-certification information of the submitted micro-transaction and independently verifying the submitted micro-transaction; and compiling the certificate fragments corresponding to the submitted micro-transaction into a constant time complexity certificate head, and generating the stability certificate according to the constant time complexity certificate head, wherein the constant time complexity certificate head is used for carrying out stability judgment of constant time complexity during system crash recovery.
  6. 6. The method according to claim 1, wherein the method further comprises: when the system is started, a consistent state signature corresponding to metadata stored in the persistent memory during last shutdown is obtained, and a real-time state signature is recalculated according to current system parameters; and determining the initial state of the system according to the comparison result of the consistent state signature and the real-time state signature.
  7. 7. A fine granularity encryption metadata protection device for persistent memory, comprising: The receiving module is used for responding to a write request of metadata corresponding to the plaintext data in the process of carrying out fine-granularity encryption on the plaintext data in the persistent memory, generating a versioned log entry corresponding to the metadata, wherein the versioned log entry is a versioned log entry which is associated with a system version domain, is generated before write operation corresponding to the write request is executed, and is embedded with a daemon predicate for formally describing the consistency state which the metadata must meet before and after the write operation; the method comprises the steps of generating a version write front log entry corresponding to metadata, wherein the version write front log entry comprises a counter row version snapshot and a father leaf node version snapshot of a target address of plaintext data in a persistent memory, constructing a front daemon corresponding to the metadata according to the counter row version snapshot and the father leaf node version snapshot, wherein the front daemon comprises a local consistency assertion corresponding to the current state of the metadata and is used for judging the consistency of the metadata before the execution of the write operation, generating the version write front log entry based on the front daemon and a prestored version propulsion evidence, and the version propulsion evidence is used for forcing the version to advance in one direction; the merging module is used for merging the log entries before versioning writing by taking a minimum consistency unit as merging granularity to obtain a log micro batch, wherein the minimum consistency unit comprises cotyledon nodes corresponding to the same cache line in the persistent memory and associated father leaf nodes; the generation module is used for responding to successful execution of the atomic commit operation corresponding to the log micro batch, generating committed micro-transactions corresponding to the metadata and generating stability certificates corresponding to the committed micro-transactions; And the recovery module is used for executing recovery judgment and data restoration processes according to the daemon predicate in the versioned write-ahead log entry and the stability certificate after the system crashes, and generating persistent metadata.
  8. 8. An electronic device, comprising: At least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
  9. 9. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-6.

Description

Fine granularity encryption metadata protection method, device and equipment for persistent memory Technical Field The application relates to the technical field of computer storage, in particular to a method, a device and equipment for protecting fine granularity encryption metadata facing a persistent memory. Background The persistent memory (PERSISTENT MEMORY, PMem) has both DRAM-level access delay and nonvolatile memory characteristics, and high-frequency fine-grained encryption operation on data in the persistent memory can generate massive metadata with complex structures, and the integrity, consistency and recoverability of the metadata directly determine the reliability and safety of the system. In the related art, the state is recovered by recording the change content in advance, and replaying after the system crashes, and the database system generally uses a pre-written log protocol to ensure that the corresponding redo and undo logs are persisted before the data page is modified. However, when the protection framework is directly used for a fine-granularity encryption metadata protection scene of a persistent memory, metadata parent-child tearing is easy to occur due to write granularity mismatch, and structural atomicity loss exists. Disclosure of Invention In view of the above, the application provides a method, a device and equipment for protecting fine-granularity encrypted metadata facing to persistent memory, which mainly aims to solve the technical problems that metadata father-son tearing is easy to cause and structural atomicity is lost in the related technology. According to a first aspect of the present application, there is provided a method for protecting fine granularity encrypted metadata for persistent memory, the method comprising: In the process of carrying out fine granularity encryption on plaintext data in a persistent memory, responding to a write request of metadata corresponding to the received plaintext data, and generating a versioned write-before log entry corresponding to the metadata; Merging the log entries before versioning writing by taking the minimum consistency unit as merging granularity to obtain a log micro batch, wherein the minimum consistency unit comprises cotyledon nodes corresponding to the same cache line in the persistent memory and associated father leaf nodes; responding to successful execution of the atomic commit operation corresponding to the log micro batch, generating committed micro-transactions corresponding to metadata, and generating stability certificates corresponding to the committed micro-transactions; After the system crashes, a recovery judgment and data restoration process is executed according to the daemon predicate and the stability credential in the versioned write-ahead log entry, and persistent metadata is generated. According to a second aspect of the present application, there is provided a fine granularity encryption metadata protection apparatus for persistent memory, the apparatus comprising: The receiving module is used for responding to a write request of metadata corresponding to the received plaintext data in the process of carrying out fine granularity encryption on the plaintext data in the persistent memory, and generating a versioned write-before log entry corresponding to the metadata; the merging module is used for merging the log entries before versioning writing by taking the minimum consistency unit as merging granularity to obtain a log micro batch, wherein the minimum consistency unit comprises cotyledon nodes corresponding to the same cache line in the persistent memory and associated father leaf nodes; The generation module is used for responding to successful execution of the atomic commit operation corresponding to the log micro batch, generating committed micro-transactions corresponding to the metadata and generating stability certificates corresponding to the committed micro-transactions; and the recovery module is used for executing recovery judgment and data restoration processes according to the daemon predicate and the stability credential in the versioned write-before log entry after the system crashes, and generating persistent metadata. According to a third aspect of the present application there is provided an electronic device comprising at least one processor and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect. According to a fourth aspect of the present application there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of the first aspect described above. Compared with the related art, the method, the device and the equipment for protecting the fine-granularity encryption metadata of the persistent memory are characterized in that i