CN117574446B - Data protection method, device, equipment and storage medium - Google Patents
Data protection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117574446B CN117574446B CN202410058042.4A CN202410058042A CN117574446B CN 117574446 B CN117574446 B CN 117574446B CN 202410058042 A CN202410058042 A CN 202410058042A CN 117574446 B CN117574446 B CN 117574446B
- Authority
- CN
- China
- Prior art keywords
- data
- protection
- processing layer
- request
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003860 storage Methods 0.000 title claims abstract description 175
- 238000000034 method Methods 0.000 title claims abstract description 77
- 238000012545 processing Methods 0.000 claims abstract description 247
- 238000012432 intermediate storage Methods 0.000 claims abstract description 112
- 238000013500 data storage Methods 0.000 claims abstract description 36
- 238000013524 data verification Methods 0.000 claims description 32
- 238000012795 verification Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 16
- 238000004364 calculation method Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013075 data extraction Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The embodiment of the application relates to the technical field of data storage, in particular to a data protection method, a device, equipment and a storage medium, aiming at realizing full-path data protection when a host reads data in a storage disk. The method comprises the following steps: under the condition that the intermediate storage equipment receives a data writing request sent by a host, acquiring first data corresponding to the data writing request from a memory of the host through a first data processing layer; the first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area; the first data processing layer writes the first data and the first protection data into two independent data areas in a storage disk through the second data processing layer respectively; checking the protection data according to the data writing request; and returning a writing success message to the host through the intermediate storage device.
Description
Technical Field
The embodiment of the application relates to the technical field of data storage, in particular to a data protection method, a device, equipment and a storage medium.
Background
When a host wants to read data from an nvme (Non-Volatile Memory express, non-volatile memory host controller interface specification) disk, or store data in the nvme disk, the transferred data needs to be protected in order to ensure the security of the data. In the related art, the protection of the transmitted data is achieved by adding protection information of a certain field into the data and verifying the protection information during data transmission.
The data protection method in the related art is only suitable for the data protection of the nvme disk directly connected with the host, and cannot be suitable for the data protection when the host remotely accesses the data from the nvme disk.
Disclosure of Invention
The embodiment of the application provides a data protection method, a device, equipment and a storage medium, which aim to realize the full-path data protection when a host reads data in a storage disk.
An embodiment of the present application provides a data protection method, where the method includes:
under the condition that an intermediate storage device receives a data writing request sent by a host, acquiring first data corresponding to the data writing request from a memory of the host through a first data processing layer, wherein the intermediate storage device comprises the data processing layer and a second data processing layer;
The first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas;
the first data processing layer writes the first data and the first protection data into two independent data areas in a storage disk through the second data processing layer respectively;
the storage disk checks the protection data according to the data writing request under the condition that the first data and the first protection data are written;
and the storage disk returns a writing success message to the host through the intermediate storage device under the condition that the first protection data is successfully checked.
Optionally, the method further comprises:
the intermediate storage device sends the data reading request to the second data processing layer through the first data processing layer under the condition that the data reading request sent by the host is received;
the second data processing layer reads second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk according to the data reading request;
The second data processing layer stores the second data and the second protection data into two independent data areas in the intermediate storage device respectively;
the first data processing layer checks the second protection data according to the data reading request;
and the first data processing layer sends the second data to the host under the condition that the second protection data is successfully checked.
Optionally, before the first data processing layer stores the first data and the first protection data corresponding to the first data into the designated data area, the method further includes:
the first data processing layer determines a data format specified in the data write request;
determining whether the first data needs to be protected or not according to the data format;
and under the condition that the first data needs to be subjected to protection processing, generating the first protection data corresponding to the first data.
Optionally, before the first data corresponding to the data writing request is obtained from the memory of the host through the first data processing layer, the method further includes:
the intermediate storage equipment determines request content corresponding to the received request under the condition of receiving the request sent by the host;
When the request is a read data request or a write data request, protecting the data corresponding to the request.
Optionally, the obtaining, by the first data processing layer, first data corresponding to the data writing request from the memory of the host includes:
determining a storage address of the first data in the host according to the data writing request;
and acquiring the first data from the memory of the host according to the storage address.
Optionally, the first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area, including:
the first data processing layer stores the first data in a data area to be transmitted;
the first data processing layer stores the first protection data into a metadata area.
Optionally, the first data processing layer writes the first data and the first protection data into two independent data areas in the storage disk through the second data processing layer, including:
the first data processing layer sends the data writing request to the second data processing layer;
The second data processing layer sends the data writing request and the corresponding data storage address to the storage disk;
the storage disk acquires the first data and the first protection data from the intermediate storage device according to the data storage address under the condition that the data writing request is received;
the storage disk writes the first data and the first protection data into two independent data areas respectively.
Optionally, the method further comprises:
the storage disk associates a data area corresponding to the first data with an address specified in the data writing request;
and the storage disk associates a data area corresponding to the first protection data with an address designated in the data writing request.
Optionally, when the writing of the first data and the first protection data is completed, the storage disk verifies the protection data according to the data writing request, including:
the storage disk determines protection data information of protection data corresponding to the first data according to the data writing request;
according to the protection data information, determining protection data corresponding to the first data;
Comparing the protection data corresponding to the first data with the first protection data;
under the condition that the protection data corresponding to the first data are the same as the first protection data, determining that the first protection data are successfully checked;
and under the condition that the protection data corresponding to the first data is different from the first protection data, determining that the first protection data fails to check.
Optionally, the method further comprises:
returning a write failure message to the host through the intermediate storage device under the condition that the first protection data check fails;
and the host sends the data writing request to the intermediate storage device again under the condition that the writing failure message is received.
Optionally, the second data processing layer reads, according to the data reading request, second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk, including:
the second data processing layer sends the data reading request to the storage disk;
the storage disk takes out the second data and the second protection data from the corresponding data area according to the data reading request;
The storage disk sends the second data and second protection data to the second data processing layer.
Optionally, the second data processing layer stores the second data and the second protection data into two independent data areas in the intermediate storage device, including:
the second data processing layer stores the second data into a data area to be transmitted;
the second data processing layer stores the second protection data into a metadata area.
Optionally, the first data processing layer checks the second protection data according to the data reading request, including:
the first data processing layer acquires protection data information corresponding to the second protection data from the data reading request;
according to the protection data information, determining protection data corresponding to the second data;
comparing the protection data corresponding to the second data with the second protection data;
under the condition that the protection data corresponding to the second data are the same as the second protection data, determining that the second protection data are successfully checked;
and under the condition that the protection data corresponding to the second data is different from the second protection data, determining that the second protection data fails to check.
Optionally, the first data processing layer sends the second data to the host if the second protection data check is successful, including:
the first data processing layer deletes the second protection data;
the first data processing layer determines a storage address corresponding to the second data designated by the host from the data reading request;
the first data processing layer sends the second data to the memory address.
Optionally, the method further comprises:
sending a verification failure message to the host under the condition that the second protection data fails to be verified;
and sending the data reading request to the intermediate storage device under the condition that the host receives the verification failure message.
Optionally, before the intermediate storage device receives the data write request, the method further comprises:
the host sets an interface card on the host as an adding mode, and the adding mode is used for notifying the intermediate storage device to add protection data into data to be transmitted.
Optionally, before the intermediate storage device receives the data read request, the method further comprises:
The host sets the interface card on the host to a verification-before-stripping mode, and the verification-before-stripping mode is used for informing the intermediate storage device of verifying and stripping the read data and corresponding protection data.
A second aspect of embodiments of the present application provides a data protection apparatus, the apparatus including:
the device comprises a first data acquisition module, a second data processing module and a third data processing module, wherein the first data acquisition module is used for acquiring first data corresponding to a data writing request from a memory of a host through the first data processing layer under the condition that the intermediate storage device receives the data writing request sent by the host, and the intermediate storage device comprises the data processing layer and the second data processing layer;
the first data storage module is used for storing the first data and the first protection data corresponding to the first data into a designated data area by the first data processing layer, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas;
the first data writing module is used for writing the first data and the first protection data into two independent data areas in the storage disk through the second data processing layer by the first data processing layer;
The first data verification module is used for verifying the protection data according to the data writing request when the first data and the first protection data are written by the storage disk;
and the writing success message return module is used for returning the writing success message to the host through the intermediate storage equipment when the first protection data of the storage disk is verified successfully.
Optionally, the apparatus further comprises:
the data reading request forwarding module is used for sending the data reading request to the second data processing layer through the first data processing layer under the condition that the intermediate storage device receives the data reading request sent by the host;
the second data acquisition module is used for reading second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk according to the data reading request by the second data processing layer;
a second data storage module, configured to store the second data and the second protection data in two independent data areas in the intermediate storage device by using the second data processing layer;
The second data verification module is used for verifying the second protection data according to the data reading request by the first data processing layer;
and the second data sending module is used for sending the second data to the host computer by the first data processing layer under the condition that the second protection data is successfully checked.
Optionally, the apparatus further comprises:
a data format determining module, configured to determine a data format specified in the data write request by the first data processing layer;
the protection processing judging module is used for determining whether the first data needs to be subjected to protection processing or not according to the data format;
the first protection data generation module is used for generating the first protection data corresponding to the first data under the condition that the first data needs to be subjected to protection processing.
Optionally, the apparatus further comprises:
the request content determining module is used for determining request content corresponding to the received request under the condition that the intermediate storage device receives the request sent by the host;
and the protection processing module is used for carrying out protection processing on the data corresponding to the request when the request is a read data request or a write data request.
Optionally, the first data acquisition module includes:
a first data storage address determining submodule, configured to determine a storage address of the first data in the host according to the data writing request;
and the first data acquisition sub-module is used for acquiring the first data from the memory of the host according to the storage address.
Optionally, the first data storage module includes:
the first data storage submodule is used for storing the first data into a data area to be transmitted by the first data processing layer;
and the second data storage sub-module is used for storing the first protection data into a metadata area by the first data processing layer.
Optionally, the first data writing module includes:
a first data writing request sending submodule, configured to send the data writing request to the second data processing layer by using the first data processing layer;
a second data writing request sending sub-module, configured to send the data writing request and a corresponding data storage address to the storage disk by using the second data processing layer;
a storage disk data acquisition sub-module, configured to acquire, when the storage disk receives the data writing request, the first data and the first protection data from the intermediate storage device according to the data storage address;
And the storage disc data writing sub-module is used for writing the first data and the first protection data into two independent data areas respectively by the storage disc.
Optionally, the first data writing module further includes:
a first address association sub-module, configured to associate a data area corresponding to the first data with an address specified in the data write request by using the storage disk;
and the second address association sub-module is used for associating the data area corresponding to the first protection data with the address appointed in the data writing request by the storage disk.
Optionally, the first data verification module includes:
the first protection data information determining submodule is used for determining protection data information of protection data corresponding to the first data according to the data writing request by the storage disk;
the first protection data calculation sub-module is used for determining protection data corresponding to the first data according to the protection data information;
the first protection data comparison sub-module is used for comparing the protection data corresponding to the first data with the first protection data;
the first protection data verification success sub-module is used for determining that the first protection data verification is successful under the condition that the protection data corresponding to the first data is identical to the first protection data;
And the first protection data verification failure sub-module is used for determining that the first protection data verification fails under the condition that the protection data corresponding to the first data is different from the first protection data.
Optionally, the first data verification module further includes:
the write-in failure message return sub-module is used for returning a write-in failure message to the host through the intermediate storage device under the condition that the first protection data check fails;
and the data writing request sending submodule is used for sending the data writing request to the intermediate storage equipment again when the host receives the writing failure message.
Optionally, the second data acquisition module includes:
a read request sending sub-module, configured to send the data read request to the storage disk by using the second data processing layer;
the second data extraction sub-module is used for extracting the second data and the second protection data from the corresponding data area according to the data reading request by the storage disk;
and the second data transmission sub-module is used for transmitting the second data and the second protection data to the second data processing layer by the storage disk.
Optionally, the second data storage module includes:
a third data storage sub-module, configured to store the second data into a data area to be transmitted by the second data processing layer;
and the fourth data storage sub-module is used for storing the second protection data into a metadata area by the second data processing layer.
Optionally, the second data verification module includes:
the second protection data information determining submodule is used for acquiring protection data information corresponding to the second protection data from the data reading request by the first data processing layer;
the second protection data determining submodule is used for determining protection data corresponding to the second data according to the protection data information;
the second protection data comparison sub-module is used for comparing the protection data corresponding to the second data with the second protection data;
a second protection data verification success sub-module, configured to determine that the second protection data verification is successful when protection data corresponding to the second data is the same as the second protection data;
and the second protection data verification failure sub-module is used for determining that the second protection data verification fails under the condition that the protection data corresponding to the second data is different from the second protection data.
Optionally, the second data transmission module includes:
the second protection data deleting sub-module is used for deleting the second protection data by the first data processing layer;
a second data storage address determining sub-module, configured to determine, from the data read request, a storage address corresponding to the second data specified by the host by using the first data processing layer;
and the second data transmission sub-module is used for transmitting the second data to the storage address by the first data processing layer.
Optionally, the apparatus further comprises:
a second data verification failure message sending module, configured to send a verification failure message to the host when the second protection data verification fails;
and the reading request sending module is used for sending the data reading request to the intermediate storage device under the condition that the host receives the verification failure message.
Optionally, the apparatus further comprises:
the first mode setting module is used for setting the interface card on the host to be an adding mode by the host, and the adding mode is used for informing the intermediate storage device to add protection data into data to be transmitted.
Optionally, the apparatus further comprises:
the second mode setting module is used for setting the interface card on the host to be in a verification-before-stripping mode by the host, and the verification-before-stripping mode is used for informing the intermediate storage device of verifying and stripping the read data and corresponding protection data.
A third aspect of the embodiments of the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as described in the first aspect of the present application.
A fourth aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the method described in the first aspect of the present application when the processor executes the computer program.
By adopting the data protection method provided by the application, under the condition that the intermediate storage device receives a data writing request sent by a host, acquiring first data corresponding to the data writing request from a memory of the host through a first data processing layer, wherein the intermediate storage device comprises a data processing layer and a second data processing layer; the first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas; the first data processing layer writes the first data and the first protection data into two independent data areas in a storage disk through the second data processing layer respectively; the storage disk checks the protection data according to the data writing request under the condition that the first data and the first protection data are written; and the storage disk returns a writing success message to the host through the intermediate storage device under the condition that the first protection data is successfully checked. In the application, the host reads and writes the data through the intermediate storage device, when the data is written, the protection data is added into the data through the first data processing layer of the intermediate storage device, and the data to be written and the protection data are respectively stored in two independent data areas, so that the integrity of original data is not influenced when the data is verified, and the accuracy of data transmission is ensured. And the second data processing layer is used for sending the data to be written and the protection data to the storage disk, the storage disk also stores the written data and the protection data to two different data areas, so that the integrity of the data to be transmitted is further ensured, the protection data is also conveniently verified, after the data is stored, verification is performed on the data, when the verification passes, verification success information is returned to the host, the end-to-end data protection of the storage disk based on the two-layer structure of the intermediate storage device is realized, the integrity and the correctness of the data are protected on the whole long path, the transmission performance of the data is not influenced because the verification data exist in the independent area during verification, and the high-efficiency and accurate data transmission is realized while the safety of the data is protected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data protection method according to an embodiment of the present application;
FIG. 2 is a diagram showing a DIF protection mechanism data structure;
FIG. 3 is a diagram of a DIX data protection mechanism data structure;
FIG. 4 is a schematic diagram of a format for protecting data information;
FIG. 5 is a schematic diagram of a data protection device according to an embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a data protection method according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
s11: under the condition that the intermediate storage device receives a data writing request sent by a host, acquiring first data corresponding to the data writing request from a memory of the host through a first data processing layer, wherein the intermediate storage device comprises the data processing layer and a second data processing layer.
In this embodiment, the host is an initiating terminal of a task of reading data or writing data, the intermediate storage device is an independent storage device, one end is a roce (Remote Direct Memory Access over Converged Ethernet) data protocol interface in ethernet, the intermediate storage device is connected to the host, data transmission is performed between the intermediate storage device and the host through ethernet, the other end is a pcie (peripheral component interconnect express, high-speed serial bus) interface, and the intermediate storage device is connected to the storage disk, wherein the first data processing layer is an nvme over roce layer and is responsible for data interaction with the host and data processing, and the second data processing layer is an nvme over pcie layer and is responsible for data interaction with the storage disk and data processing. The first data processing layer is provided with an RDMA (Remote Direct Memory Access, remote direct data access) driving module which is used for driving the first data processing layer to execute corresponding operation, and a storage target end module which is used for setting and transmitting data. The data writing request is a request sent by the host to the intermediate storage device, and is used for requesting to write data into the storage disk, where the data writing request includes an address of the data to be written in the host memory, protection information of the data, a storage address specified by the data in the storage disk, and the like. The first data is data that the host requests to write to the storage disk.
In this embodiment, when the host needs to perform data writing, a data writing request is sent to the intermediate storage device, and when the data writing request is received, the first data processing layer obtains the first data according to the storage address of the data to be written included in the data writing request.
In this embodiment, the specific step of obtaining, by the first data processing layer, the first data corresponding to the data writing request from the memory of the host includes:
s11-1: and determining the storage address of the first data in the host according to the data writing request.
In this embodiment, the first data processing layer obtains, according to the write request, a storage address of the first data in the host from the write request.
S11-2: and acquiring the first data from the memory of the host according to the storage address.
In this embodiment, after the first data processing layer obtains the storage address of the first data, the first data is obtained from the memory of the host.
S12: the first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas.
In this embodiment, the first protection data is protection data corresponding to the first data, where the protection data is composed of a certain field for verifying the integrity of the first data, and includes a part of fixed fields and a part of verification information calculated by the first data.
In this embodiment, after receiving the first data and the first protection data, the first data processing layer stores the first data and the first protection data in the designated data area, and when storing, the first data is stored in one data area, and the first protection data is stored in another data area. The method comprises the steps that a data writing request sent by a host is submitted to an RDMA driving module in a first data processing layer, the RDMA driving module calculates first data by using a corresponding algorithm according to protection information of the first data, and the obtained calculation result and a fixed field in the protection information form first protection data. The format of the first protection data may be queried in an nvme namespace identified by an nvme (Non-Volatile Memory express, non-volatile memory host controller interface specification) command, where the storage disk is an nvme disk, and the nvme namespace is a namespace in the storage disk bound to a host.
In this embodiment, an I/O (input/output) processing module inside the intermediate storage device includes a data buffer (register) and a metadata buffer, where the data buffer is used for data to be transmitted, and the metadata buffer is used for storing protection data.
Illustratively, the nvme disk may optionally support multiple metadata layouts, such as 512 bytes of data plus 8 bytes of protection data, 4096 bytes of data plus 64 bytes of protection data, and so forth.
In this embodiment, the specific step of storing the first data and the first protection data corresponding to the first data in the designated data area by the first data processing layer includes:
s12-1: and storing the first data in a data area to be transmitted.
In this embodiment, after the first data and the first protection data are obtained, the first data are stored in a data area to be transmitted, and the data area to be transmitted is the data buffer.
S12-2: the first protection data is stored into a metadata area.
In this embodiment, after the first protection data is obtained, the first protection data is stored in the metadata area, which is the metadata buffer.
S13: the first data processing layer writes the first data and the first protection data into two independent data areas in a storage disk through the second data processing layer.
In this embodiment, the first data processing layer writes the first data and the first protection data into two independent data areas in the storage disk through the second data processing layer. The first data area firstly transmits a data writing request to the second data processing layer, the second data processing layer transmits the data writing request and the storage addresses of the first data and the first protection data in the intermediate storage device to the storage disk, and the storage disk reads the first data and the first protection data according to the acquired addresses and then stores the first data and the first protection data in two independent data areas in the storage disk.
In this embodiment, the specific step of the first data processing layer writing the first data and the first protection data into two independent data areas in the storage disk through the second data processing layer includes:
s13-1: the first data processing layer sends the data write request to the second data processing layer.
In this embodiment, after receiving the data writing request, the first data processing layer modifies the protection information behavior attribute in the data writing request into the pass mode through the roce driver to transmit the protection information behavior attribute to the second data processing layer, and the data writing request is also transmitted to the second data processing layer together.
S13-2: and the second data processing layer sends the data writing request and the corresponding data storage address to the storage disk.
In this embodiment, the second data processing layer is connected to the storage disk through the pcie interface, and the second data processing layer sends the data writing request and the storage addresses of the first data and the first protection data to the storage disk.
S13-3: and under the condition that the storage disk receives the data writing request, acquiring the first data and the first protection data from the intermediate storage device according to the data storage address.
In this embodiment, when the storage disk receives the data writing request, the first data is acquired from the storage address of the first data according to the data storage address, and the first protection data is acquired from the storage address of the first protection data.
S13-4: the storage disk writes the first data and the first protection data into two independent data areas respectively.
In this embodiment, after the storage disc obtains the first data and the first protection data, the first data and the first protection data are written into two different independent data areas respectively.
In this embodiment, the method further includes:
s13-5: and the storage disk associates a data area corresponding to the first data with an address designated in the data writing request.
In this embodiment, the storage disk associates a data area corresponding to the first data with an address (LBA) specified in the data write request.
S13-6: and the storage disk associates a data area corresponding to the first protection data with an address designated in the data writing request.
In this embodiment, the storage disk associates the data area corresponding to the first protection data with the address specified in the data write request.
S14: and under the condition that the first data and the first protection data are written in by the storage disk, checking the protection data according to the data writing request.
In this embodiment, when the writing of the first data and the first protection data is completed, the storage disk calculates the first data according to the data protection information in the data writing request by using a preset algorithm, generates protection data according to the obtained calculation result, and compares the generated protection data with the protection data obtained from the intermediate storage device, thereby completing the verification of the first protection data.
In this embodiment, when the writing of the first data and the first protection data is completed, the specific step of verifying the protection data according to the data writing request by the storage disk includes:
s14-1: and the storage disk determines protection data information of the protection data corresponding to the first data according to the data writing request.
In this embodiment, the storage disc determines protection data information of protection data corresponding to the first data according to the data writing request, where the protection data information includes a part of fixed fields.
S14-2: and determining the protection data corresponding to the first data according to the protection data information.
In this embodiment, after the storage disk obtains the protection data information corresponding to the first data, the storage disk calculates the first data through a preset algorithm, and the result obtained by calculation is combined with the original field in the protection data information to obtain the protection data corresponding to the first data.
In this embodiment, the preset algorithm may be set automatically, which is not limited herein.
For example, referring to fig. 2, fig. 2 is a schematic diagram of a DIF protection mechanism data structure, in which PI (protection info) in DIF (data integrity field, data consistency protection) is an extended logical block formed continuously with logical block data. It includes LBA n data (data address n), LBA n Metadata (Metadata address n), LBA n+1data (data address n+1), LBA n+1metadata (Metadata address n+1).
Referring to fig. 3, fig. 3 is a schematic diagram of a data structure of a DIX data protection mechanism. The PI of DIX (Data integrity extensions, data integrity extension) is stored in a separate Buffer, where LBAdata is placed in a Data Buffer and lbamatada is placed in a Metadata Buffer.
Referring to fig. 4, fig. 4 is a schematic diagram of a format of protection data information, in which MSB (most significant bit) is 7, lsb (least significant bit) is 0, and a total of 8 bits include three parts, guard (protection information), application Tag, reference Tag.
In this embodiment, the data protection mechanism in fig. 3 is adopted, so that the integrity of the data can be ensured not to be affected while the data is verified.
S14-3: and comparing the protection data corresponding to the first data with the first protection data.
In this embodiment, the protection data corresponding to the first data is compared with the first protection data. If the first data is not damaged in transmission, the result calculated by the preset algorithm is the same, the protection data corresponding to the first data calculated by the storage disk is the same as the first protection data directly acquired from the intermediate storage device, and if the data is damaged, the protection data corresponding to the first data calculated by the storage disk is different from the first protection data directly acquired from the intermediate storage device.
S14-4: and under the condition that the protection data corresponding to the first data is the same as the first protection data, determining that the first protection data is successfully checked.
In this embodiment, if the protection data corresponding to the first data is the same as the first protection data, it is determined that the first protection data is successfully checked.
S14-5: and under the condition that the protection data corresponding to the first data is different from the first protection data, determining that the first protection data fails to check.
In this embodiment, if the protection data corresponding to the first data is different from the first protection data, it is determined that the first protection data fails to be checked.
In this embodiment, the method further includes:
s14-6, in the case that the first protection data check fails, returning a writing failure message to the host through the intermediate storage device.
In this embodiment, when the first protection data fails to verify, the storage disk sends a write failure message to the intermediate storage device, and the intermediate storage device transmits the write failure message to the host.
S14-7: and the host sends the data writing request to the intermediate storage device again under the condition that the writing failure message is received.
In this embodiment, when receiving the write failure message, the host sends a data write request to the intermediate storage device again until the data write is successful.
S15: and the storage disk returns a writing success message to the host through the intermediate storage device under the condition that the first protection data is successfully checked.
In this embodiment, the storage disk sends a write success message to the intermediate storage device when the first protection data is verified successfully, and the intermediate storage device sends the write success message to the host.
In this embodiment, under the condition that the first protection data is successfully verified, the first data is transmitted to the storage disk in a complete and lossless manner, and at this time, the storage disk writes the data successfully, and a writing success message is sent to the host through the intermediate storage device.
In another embodiment of the present application, the method further comprises:
s21: and the intermediate storage equipment sends the data reading request to the second data processing layer through the first data processing layer under the condition of receiving the data reading request sent by the host.
In this embodiment, the data read request is a request sent by the host to the intermediate storage device for extracting the data from the storage disk to the host. Including the address of the data to be read.
In this embodiment, the intermediate storage device sends the data read request to the second data processing layer through the first data processing layer when receiving the data read request sent by the host. During transmission, the protection information behavior attribute in the data reading request is modified into a pass mode through the roce driver to be transmitted to the second data processing layer, and the data reading request is also transmitted to the second data processing layer together.
S22: and the second data processing layer reads second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk according to the data reading request.
In this embodiment, the second data is data that the host needs to read from the storage disk, and the second protection data is protection data corresponding to the second data.
In this embodiment, the specific step of the second data processing layer reading, according to the data reading request, the second data corresponding to the data reading request and the second protection data corresponding to the second data from the storage disk includes:
s22-1: the second data processing layer sends the data read request to the storage disk.
In this embodiment, the second data processing layer sends a data read request to the storage disk.
S22-2: and the storage disk takes out the second data and the second protection data from the corresponding data area according to the data reading request.
In this embodiment, after receiving the data read request, the storage disk fetches the second data from the corresponding data area according to the data address of the second data included in the data read request, and fetches the second protection data from the corresponding data area according to the data address of the second protection data included in the data read request.
S22-3: the storage disk sends the second data and second protection data to the second data processing layer.
In this embodiment, after the storage disk fetches the second data and the second protection data, the second data and the second protection data are transmitted to the second data processing layer through the interface.
S23: the second data processing layer stores the second data and the second protection data in two independent data areas in the intermediate storage device respectively.
In this embodiment, the second data processing layer stores the second data and the second protection data in two independent data areas in the intermediate storage device, and the specific steps include:
S23-1: the second data processing layer stores the second data into a data area to be transmitted.
In this embodiment, the second data processing layer stores the second data in the data area to be transmitted.
S23-2: the second data processing layer stores the second protection data into a metadata area.
In this embodiment, the second data processing layer stores the second protection data in the metadata area.
The pass (transparent transfer) mode is used when writing data to the intermediate storage device.
S24: and the first data processing layer checks the second protection data according to the data reading request.
In this embodiment, after the data writing of the intermediate storage device is completed, the first data processing layer performs data verification on the second protection data according to the protection data information included in the data reading request, and specifically includes the steps of:
s24-1: the first data processing layer acquires protection data information corresponding to the second protection data from the data reading request.
In this embodiment, the first data processing layer acquires protection data information corresponding to the second protection data from the data reading request, where the protection data information is data added to the request when the host sends the request.
S24-2: and determining the protection data corresponding to the second data according to the protection data information.
In this embodiment, the first data processing layer performs calculation according to the second data to obtain a corresponding calculation result field, and then combines the calculation result field with a field in the protection data information to obtain protection data corresponding to the second data.
S24-3: and comparing the protection data corresponding to the second data with the second protection data.
In this embodiment, the protection data corresponding to the second data calculated by the first data processing layer is compared with the second protection data directly obtained from the storage disk.
S24-4: and under the condition that the protection data corresponding to the second data is the same as the second protection data, determining that the second protection data is successfully checked.
In this embodiment, when the protection data corresponding to the second data is the same as the second protection data, it is indicated that the second data is complete and error-free in the transmission process, and it is determined that the second protection data is successfully checked.
S24-5: and under the condition that the protection data corresponding to the second data is different from the second protection data, determining that the second protection data fails to check.
In this embodiment, when the protection data corresponding to the second data is different from the second protection data, it is indicated that the second data is damaged in the transmission process, and it is determined that the second protection data fails to verify.
S25: and the first data processing layer sends the second data to the host under the condition that the second protection data is successfully checked.
In this embodiment, the first data processing layer sends the second data to the host under the condition that the second protection data is successfully verified, and the specific steps include:
s25-1: the first data processing layer deletes the second protection data.
In this embodiment, the first data processing layer deletes the second protection data when the second protection data is successfully verified, and only the second data itself remains.
S25-2: and the first data processing layer determines a storage address corresponding to the second data appointed by the host from the data reading request.
In this embodiment, the data read request further includes a storage address corresponding to the second data specified by the host in the host, and the first data processing layer determines, from the data read request, the storage address corresponding to the second data specified by the host in the host.
S25-3: the first data processing layer sends the second data to the memory address.
In this embodiment, after determining the storage address corresponding to the second data in the host, the first data processing layer sends the second data to the storage address.
In another embodiment of the present application, the method further comprises:
s31: and sending a verification failure message to the host under the condition that the second protection data fails to be verified.
In this embodiment, when the second protection data fails to verify, it is indicated that the second data is damaged during transmission, and a verification failure message is sent to the host.
S32: and sending the data reading request to the intermediate storage device under the condition that the host receives the verification failure message.
In this embodiment, the host sends the data reading request again to the intermediate storage device until the data reading is successful when receiving the verification failure message.
In another embodiment of the present application, before the intermediate storage device receives the data write request, the method further comprises:
s41: the host sets an interface card on the host as an adding mode, and the adding mode is used for notifying the intermediate storage device to add protection data into data to be transmitted.
In this embodiment, the interface card on the host is a roce card, which is used to connect to the intermediate device through a network, and the add mode (add mode) is used to notify the intermediate storage device of adding protection data.
In this embodiment, before the host sends a data write request to the intermediate storage device, the interface card needs to be set to an add mode, in which the data write request adds data protection information, and the intermediate storage device generates and adds protection data for the data to be transmitted.
In another embodiment of the present application, the method further comprises:
s51: the host sets the interface card on the host to a verification-before-stripping mode, and the verification-before-stripping mode is used for informing the intermediate storage device of verifying and stripping the read data and corresponding protection data.
In this embodiment, the verify-after-strip mode (valid-after-strip mode) is a mode in which data is verified first and then protection data is stripped.
In this embodiment, before sending a data reading request to the intermediate storage device, the host sets the roce card to a verify-before-strip mode, after setting the mode, the intermediate storage device verifies the data read from the storage disk first, strips off the protection data after the verification is passed, and transmits the data to be transmitted to the host.
In another embodiment of the present application, before the first data processing layer stores the first data and the first protection data corresponding to the first data into the designated data area, the method further includes:
s61: the first data processing layer determines a data format specified in the data write request.
In this embodiment, when the first data processing layer receives the data write request, the data format specified in the data write request is determined.
S62: and determining whether the first data needs to be protected or not according to the data format.
In this embodiment, when determining the data format, when the data format is specified in the data format, it is determined that the first data needs to be subjected to protection processing, and when the data format is not specified in the data format, it is determined that the first data does not need to be subjected to protection processing.
For example, when the specified data in the format of 512 bytes plus 8 bytes of protection data, it is determined that the first data needs to be subjected to protection processing, and when the specified data in the format of 512 bytes does not specify the number of bytes of protection data, it is determined that the first data does not need to be subjected to protection processing.
S63: and under the condition that the first data needs to be subjected to protection processing, generating the first protection data corresponding to the first data.
In this embodiment, when the first data needs to be protected, first protection data corresponding to the first data is generated, and the first protection data is obtained through a calculation result obtained by calculating the first data and an inherent field included in the protection data information.
In another embodiment of the present application, before the first data corresponding to the data writing request is obtained from the memory of the host through the first data processing layer, the method further includes:
s71: and the intermediate storage equipment determines the request content corresponding to the received request under the condition of receiving the request sent by the host.
In this embodiment, the intermediate storage device determines, when receiving a request sent by the host, request contents corresponding to the received request.
S72: when the request is a read data request or a write data request, protecting the data corresponding to the request.
In this embodiment, when the request is a read data request or a write data request, protection processing is performed on data corresponding to the request.
In this embodiment, when the request is a request other than a read data request or a write data request, no data protection processing is performed.
In this embodiment, for data access of the NVMe disk, data is forwarded through the intermediate storage device, and in the forwarding process, through the two-layer structure of NVMe over RoCE and NVMe over PCIe, when data is protected, the protected data and the data to be transmitted are respectively stored in two independent data areas of the intermediate storage device, only the data is stored in the host system, and the hardware unloading mode of the RDMA device only implements operations such as insertion, removal, and verification of the protected data, that is, the purpose of protecting the integrity of the data on the whole complete path is implemented, and the hardware unloading capability of the RDMA card can be utilized, so that the influence of data integrity check on the data transmission performance is reduced, and under the condition of guaranteeing the data integrity, the data transmission is safely protected.
Based on the same inventive concept, an embodiment of the present application provides a data protection device. Referring to fig. 5, fig. 5 is a schematic diagram of a data protection device 500 according to an embodiment of the present application. As shown in fig. 5, the apparatus includes:
a first data obtaining module 501, configured to obtain, by using a first data processing layer, first data corresponding to a data writing request from a memory of a host when an intermediate storage device receives the data writing request sent by the host, where the intermediate storage device includes a data processing layer and a second data processing layer;
A first data storage module 502, configured to store, by the first data processing layer, the first data and first protection data corresponding to the first data into a specified data area, where the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas;
a first data writing module 503, configured to write, by the first data processing layer through the second data processing layer, the first data and the first protection data into two independent data areas in a storage disk respectively;
a first data verification module 504, configured to verify the protection data according to the data write request when the storage disk finishes writing the first data and the first protection data;
and the write success message return module 505 is configured to return, by the storage disk, a write success message to the host through the intermediate storage device if the first protection data is verified successfully.
Optionally, the apparatus further comprises:
the data reading request forwarding module is used for sending the data reading request to the second data processing layer through the first data processing layer under the condition that the intermediate storage device receives the data reading request sent by the host;
The second data acquisition module is used for reading second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk according to the data reading request by the second data processing layer;
a second data storage module, configured to store the second data and the second protection data in two independent data areas in the intermediate storage device by using the second data processing layer;
the second data verification module is used for verifying the second protection data according to the data reading request by the first data processing layer;
and the second data sending module is used for sending the second data to the host computer by the first data processing layer under the condition that the second protection data is successfully checked.
Optionally, the apparatus further comprises:
a data format determining module, configured to determine a data format specified in the data write request by the first data processing layer;
the protection processing judging module is used for determining whether the first data needs to be subjected to protection processing or not according to the data format;
the first protection data generation module is used for generating the first protection data corresponding to the first data under the condition that the first data needs to be subjected to protection processing.
Optionally, the apparatus further comprises:
the request content determining module is used for determining request content corresponding to the received request under the condition that the intermediate storage device receives the request sent by the host;
and the protection processing module is used for carrying out protection processing on the data corresponding to the request when the request is a read data request or a write data request.
Optionally, the first data acquisition module includes:
a first data storage address determining submodule, configured to determine a storage address of the first data in the host according to the data writing request;
and the first data acquisition sub-module is used for acquiring the first data from the memory of the host according to the storage address.
Optionally, the first data storage module includes:
the first data storage submodule is used for storing the first data into a data area to be transmitted by the first data processing layer;
and the second data storage sub-module is used for storing the first protection data into a metadata area by the first data processing layer.
Optionally, the first data writing module includes:
a first data writing request sending submodule, configured to send the data writing request to the second data processing layer by using the first data processing layer;
A second data writing request sending sub-module, configured to send the data writing request and a corresponding data storage address to the storage disk by using the second data processing layer;
a storage disk data acquisition sub-module, configured to acquire, when the storage disk receives the data writing request, the first data and the first protection data from the intermediate storage device according to the data storage address;
and the storage disc data writing sub-module is used for writing the first data and the first protection data into two independent data areas respectively by the storage disc.
Optionally, the first data writing module further includes:
a first address association sub-module, configured to associate a data area corresponding to the first data with an address specified in the data write request by using the storage disk;
and the second address association sub-module is used for associating the data area corresponding to the first protection data with the address appointed in the data writing request by the storage disk.
Optionally, the first data verification module includes:
the first protection data information determining submodule is used for determining protection data information of protection data corresponding to the first data according to the data writing request by the storage disk;
The first protection data calculation sub-module is used for determining protection data corresponding to the first data according to the protection data information;
the first protection data comparison sub-module is used for comparing the protection data corresponding to the first data with the first protection data;
the first protection data verification success sub-module is used for determining that the first protection data verification is successful under the condition that the protection data corresponding to the first data is identical to the first protection data;
and the first protection data verification failure sub-module is used for determining that the first protection data verification fails under the condition that the protection data corresponding to the first data is different from the first protection data.
Optionally, the first data verification module further includes:
the write-in failure message return sub-module is used for returning a write-in failure message to the host through the intermediate storage device under the condition that the first protection data check fails;
and the data writing request sending submodule is used for sending the data writing request to the intermediate storage equipment again when the host receives the writing failure message.
Optionally, the second data acquisition module includes:
A read request sending sub-module, configured to send the data read request to the storage disk by using the second data processing layer;
the second data extraction sub-module is used for extracting the second data and the second protection data from the corresponding data area according to the data reading request by the storage disk;
and the second data transmission sub-module is used for transmitting the second data and the second protection data to the second data processing layer by the storage disk.
Optionally, the second data storage module includes:
a third data storage sub-module, configured to store the second data into a data area to be transmitted by the second data processing layer;
and the fourth data storage sub-module is used for storing the second protection data into a metadata area by the second data processing layer.
Optionally, the second data verification module includes:
the second protection data information determining submodule is used for acquiring protection data information corresponding to the second protection data from the data reading request by the first data processing layer;
the second protection data determining submodule is used for determining protection data corresponding to the second data according to the protection data information;
The second protection data comparison sub-module is used for comparing the protection data corresponding to the second data with the second protection data;
a second protection data verification success sub-module, configured to determine that the second protection data verification is successful when protection data corresponding to the second data is the same as the second protection data;
and the second protection data verification failure sub-module is used for determining that the second protection data verification fails under the condition that the protection data corresponding to the second data is different from the second protection data.
Optionally, the second data transmission module includes:
the second protection data deleting sub-module is used for deleting the second protection data by the first data processing layer;
a second data storage address determining sub-module, configured to determine, from the data read request, a storage address corresponding to the second data specified by the host by using the first data processing layer;
and the second data transmission sub-module is used for transmitting the second data to the storage address by the first data processing layer.
Optionally, the apparatus further comprises:
a second data verification failure message sending module, configured to send a verification failure message to the host when the second protection data verification fails;
And the reading request sending module is used for sending the data reading request to the intermediate storage device under the condition that the host receives the verification failure message.
Optionally, the apparatus further comprises:
the first mode setting module is used for setting the interface card on the host to be an adding mode by the host, and the adding mode is used for informing the intermediate storage device to add protection data into data to be transmitted.
Optionally, the apparatus further comprises:
the second mode setting module is used for setting the interface card on the host to be in a verification-before-stripping mode by the host, and the verification-before-stripping mode is used for informing the intermediate storage device of verifying and stripping the read data and corresponding protection data.
Based on the same inventive concept, another embodiment of the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data protection method according to any of the embodiments of the present application.
Based on the same inventive concept, another embodiment of the present application provides an electronic device, and referring to fig. 6, fig. 6 is a schematic diagram of an electronic device 600 according to an embodiment of the present application, including a memory 602, a processor 601, and a computer program stored on the memory and capable of running on the processor, where the processor executes to implement steps in a data protection method according to any of the foregoing embodiments of the present application.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present embodiments have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the present application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The foregoing has described in detail the methods, apparatuses, devices and storage medium for protecting data provided by the present application, and specific examples have been applied herein to illustrate the principles and embodiments of the present application, and the above examples are only used to help understand the methods and core ideas of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (20)
1. A method of data protection, the method comprising:
under the condition that an intermediate storage device receives a data writing request sent by a host, acquiring first data corresponding to the data writing request from a memory of the host through a first data processing layer, wherein the intermediate storage device comprises the first data processing layer and a second data processing layer;
the first data processing layer stores the first data and the first protection data corresponding to the first data into a designated data area, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas;
the first data processing layer writes the first data and the first protection data into two independent data areas in a storage disk through the second data processing layer, and the method comprises the following steps:
the first data processing layer sends the data writing request to the second data processing layer;
the second data processing layer sends the data writing request and the corresponding data storage address to a storage disk, so that the storage disk obtains the first data and the first protection data according to the storage address, and stores the first data and the first protection data into corresponding data areas respectively;
The storage disk checks the protection data according to the data writing request under the condition that the first data and the first protection data are written;
the storage disk returns a writing success message to the host through the intermediate storage device under the condition that the first protection data is successfully checked;
and under the condition that the intermediate storage device receives a data reading request sent by the host, acquiring second data and second protection data corresponding to the reading request from the storage disk through the second data processing layer, checking the second protection data through the first data processing layer, and under the condition that the second protection data is checked successfully, sending the second data to the host.
2. The method according to claim 1, wherein the method further comprises:
the intermediate storage device sends the data reading request to the second data processing layer through the first data processing layer under the condition that the data reading request sent by the host is received;
the second data processing layer reads second data corresponding to the data reading request and second protection data corresponding to the second data from the storage disk according to the data reading request;
The second data processing layer stores the second data and the second protection data into two independent data areas in the intermediate storage device respectively;
the first data processing layer checks the second protection data according to the data reading request;
and the first data processing layer sends the second data to the host under the condition that the second protection data is successfully checked.
3. The method of claim 1, wherein before the first data processing layer stores the first data and the first protection data corresponding to the first data into a specified data area, the method further comprises:
the first data processing layer determines a data format specified in the data write request;
determining whether the first data needs to be protected or not according to the data format;
and under the condition that the first data needs to be subjected to protection processing, generating the first protection data corresponding to the first data.
4. The method of claim 1, wherein prior to retrieving, by the first data processing layer, first data corresponding to the data write request from the memory of the host, the method further comprises:
The intermediate storage equipment determines request content corresponding to the received request under the condition of receiving the request sent by the host;
when the request is a read data request or a write data request, protecting the data corresponding to the request.
5. The method of claim 1, wherein the obtaining, by the first data processing layer, the first data corresponding to the data write request from the memory of the host includes:
determining a storage address of the first data in the host according to the data writing request;
and acquiring the first data from the memory of the host according to the storage address.
6. The method of claim 1, wherein the first data processing layer storing the first data and the first protection data corresponding to the first data into a specified data area comprises:
the first data processing layer stores the first data in a data area to be transmitted;
the first data processing layer stores the first protection data into a metadata area.
7. The method of claim 1, wherein the first data processing layer writing the first data and the first protection data, respectively, to two separate data areas in a storage disk through the second data processing layer, comprises:
The first data processing layer sends the data writing request to the second data processing layer;
the second data processing layer sends the data writing request and the corresponding data storage address to the storage disk;
the storage disk acquires the first data and the first protection data from the intermediate storage device according to the data storage address under the condition that the data writing request is received;
the storage disk writes the first data and the first protection data into two independent data areas respectively.
8. The method of claim 7, wherein the method further comprises:
the storage disk associates a data area corresponding to the first data with an address specified in the data writing request;
and the storage disk associates a data area corresponding to the first protection data with an address designated in the data writing request.
9. The method of claim 1, wherein the verifying the protection data according to the data write request by the storage disk when the writing of the first data and the first protection data is completed comprises:
The storage disk determines protection data information of protection data corresponding to the first data according to the data writing request;
according to the protection data information, determining protection data corresponding to the first data;
comparing the protection data corresponding to the first data with the first protection data;
under the condition that the protection data corresponding to the first data are the same as the first protection data, determining that the first protection data are successfully checked;
and under the condition that the protection data corresponding to the first data is different from the first protection data, determining that the first protection data fails to check.
10. The method according to claim 9, wherein the method further comprises:
returning a write failure message to the host through the intermediate storage device under the condition that the first protection data check fails;
and the host sends the data writing request to the intermediate storage device under the condition that the writing failure message is received.
11. The method according to claim 2, wherein the second data processing layer reads, according to the data read request, second data corresponding to the data read request and second protection data corresponding to the second data from the storage disk, including:
The second data processing layer sends the data reading request to the storage disk;
the storage disk takes out the second data and the second protection data from the corresponding data area according to the data reading request;
the storage disk sends the second data and second protection data to the second data processing layer.
12. The method of claim 2, wherein the second data processing layer storing the second data and the second protection data in two separate data areas in the intermediate storage device, respectively, comprises:
the second data processing layer stores the second data into a data area to be transmitted in the intermediate storage device;
the second data processing layer stores the second protection data into a metadata area in the intermediate storage device.
13. The method of claim 2, wherein the first data processing layer verifying the second protection data based on the data read request comprises:
the first data processing layer acquires protection data information corresponding to the second protection data from the data reading request;
According to the protection data information, determining protection data corresponding to the second data;
comparing the protection data corresponding to the second data with the second protection data;
under the condition that the protection data corresponding to the second data are the same as the second protection data, determining that the second protection data are successfully checked;
and under the condition that the protection data corresponding to the second data is different from the second protection data, determining that the second protection data fails to check.
14. The method of claim 2, wherein the first data processing layer sending the second data to the host if the second protection data check is successful, comprising:
the first data processing layer deletes the second protection data;
the first data processing layer determines a storage address corresponding to the second data designated by the host from the data reading request;
the first data processing layer sends the second data to the memory address.
15. The method according to claim 2, wherein the method further comprises:
sending a verification failure message to the host under the condition that the second protection data fails to be verified;
And sending the data reading request to the intermediate storage device under the condition that the host receives the verification failure message.
16. The method of claim 1, wherein prior to the intermediate storage device receiving the data write request, the method further comprises:
the host sets an interface card on the host as an adding mode, and the adding mode is used for notifying the intermediate storage device to add protection data into data to be transmitted.
17. The method of claim 2, wherein prior to the intermediate storage device receiving the data read request, the method further comprises:
the host sets the interface card on the host to a verification-before-stripping mode, and the verification-before-stripping mode is used for informing the intermediate storage device of verifying and stripping the read data and corresponding protection data.
18. A data protection device, the device comprising:
the device comprises a first data acquisition module, a second data processing layer and a third data processing layer, wherein the first data acquisition module is used for acquiring first data corresponding to a data writing request from a memory of a host through the first data processing layer under the condition that the intermediate storage device receives the data writing request sent by the host;
The first data storage module is used for storing the first data and the first protection data corresponding to the first data into a designated data area by the first data processing layer, wherein the data area corresponding to the first data and the data area corresponding to the first protection data are two independent data areas;
a first data writing module, configured to write, by the first data processing layer through the second data processing layer, the first data and the first protection data into two independent data areas in a storage disk, where the first data writing module includes:
the first data processing layer sends the data writing request to the second data processing layer;
the second data processing layer sends the data writing request and the corresponding data storage address to a storage disk, so that the storage disk obtains the first data and the first protection data according to the storage address, and stores the first data and the first protection data into corresponding data areas respectively;
the first data verification module is used for verifying the protection data according to the data writing request when the first data and the first protection data are written by the storage disk;
The writing success information return module is used for returning writing success information to the host through the intermediate storage equipment when the first protection data of the storage disk is verified successfully;
and under the condition that the intermediate storage device receives a data reading request sent by the host, acquiring second data and second protection data corresponding to the reading request from the storage disk through the second data processing layer, checking the second protection data through the first data processing layer, and under the condition that the second protection data is checked successfully, sending the second data to the host.
19. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1 to 17.
20. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 17 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410058042.4A CN117574446B (en) | 2024-01-16 | 2024-01-16 | Data protection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410058042.4A CN117574446B (en) | 2024-01-16 | 2024-01-16 | Data protection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117574446A CN117574446A (en) | 2024-02-20 |
| CN117574446B true CN117574446B (en) | 2024-04-05 |
Family
ID=89864761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410058042.4A Active CN117574446B (en) | 2024-01-16 | 2024-01-16 | Data protection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117574446B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111159781A (en) * | 2019-12-31 | 2020-05-15 | 海光信息技术有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
| CN111309245A (en) * | 2018-12-12 | 2020-06-19 | 阿里巴巴集团控股有限公司 | Layered storage writing method and device, reading method and device and system |
| CN115437836A (en) * | 2021-06-04 | 2022-12-06 | 华为技术有限公司 | Metadata processing method and related equipment |
| CN115793985A (en) * | 2023-01-09 | 2023-03-14 | 苏州浪潮智能科技有限公司 | Safe storage method, device, equipment and storage medium |
| CN115981572A (en) * | 2023-02-13 | 2023-04-18 | 浪潮电子信息产业股份有限公司 | Data consistency verification method and device, electronic equipment and readable storage medium |
-
2024
- 2024-01-16 CN CN202410058042.4A patent/CN117574446B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111309245A (en) * | 2018-12-12 | 2020-06-19 | 阿里巴巴集团控股有限公司 | Layered storage writing method and device, reading method and device and system |
| CN111159781A (en) * | 2019-12-31 | 2020-05-15 | 海光信息技术有限公司 | Storage device data integrity protection method, controller thereof and system on chip |
| CN115437836A (en) * | 2021-06-04 | 2022-12-06 | 华为技术有限公司 | Metadata processing method and related equipment |
| CN115793985A (en) * | 2023-01-09 | 2023-03-14 | 苏州浪潮智能科技有限公司 | Safe storage method, device, equipment and storage medium |
| CN115981572A (en) * | 2023-02-13 | 2023-04-18 | 浪潮电子信息产业股份有限公司 | Data consistency verification method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117574446A (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20140040465A1 (en) | Systems and methods for tag information validation in wide port sas connections | |
| US6609152B1 (en) | System for avoiding the assignment of duplicate MAC addresses to network interface devices | |
| JPH10198608A (en) | Memory card | |
| CN117574446B (en) | Data protection method, device, equipment and storage medium | |
| US9170945B2 (en) | Communication management apparatus, communication management method, and computer program product | |
| CN107423157A (en) | A kind of hard disk hanging method, module and operating system | |
| WO2007099584A1 (en) | Error detector | |
| US8850117B2 (en) | Storage apparatus and method maintaining at least an order of writing data | |
| US11269703B2 (en) | Information processing system and storage device control method to determine whether data has been correctly written into a storage device | |
| CN105955916B (en) | A kind of method that writing immediate, equipment and system | |
| JP4433185B2 (en) | Data collection method and apparatus | |
| KR100842257B1 (en) | Method and apparatus for loading applet | |
| JP7319951B2 (en) | Erasing method and erasing system | |
| US8352693B2 (en) | Storage control apparatus | |
| CN114237674A (en) | Burning method, burning system, electronic equipment and computer readable storage medium | |
| CN112882727A (en) | Networking module production testing method, production testing tool and computer equipment | |
| CN107305582A (en) | A kind of metadata processing method and device | |
| KR100940616B1 (en) | System Data Management Apparatus And Method Of Exchange System | |
| KR20220095891A (en) | Method and apparatus for mapping data for personal information management linked to blockchain | |
| CN115469903A (en) | Firmware upgrading method and device, embedded equipment and storage medium | |
| CN116882331A (en) | Chip test equipment and register data read-write method | |
| KR960028408A (en) | Charging Data Processing Method of Optical Creative Maintenance System Using Shared Memory | |
| CN116737181A (en) | Universal flash memory chip and burning method | |
| JP2001320664A (en) | Recording medium for data file management and data file management device | |
| JP2004139609A (en) | Development support device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |