[Bug 252981] panic with ZFS encryption and QAT: VERIFY3(0 == spa_do_crypt_bad(...
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Feb 12 15:35:42 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252981
Mark Johnston <markj at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhb at FreeBSD.org
--- Comment #7 from Mark Johnston <markj at FreeBSD.org> ---
I think for 13.0 we should just modify ZFS to not use hardware crypto drivers.
Per comment 1 the OCF wrapper in ZFS is buggy with respect to asynchronous
completions.
Going forward there are at least three possible solutions:
1. Modify ZFS to use separate sessions for hardware and software crypto, and
only use hardware crypto when ot != DMU_OT_INTENT_LOG && ot != DMU_OT_DNODE in
zio_do_crypto_data(). This side-steps the AAD problem.
2. Modify qat(4) to authenticate AAD and perform encryption/decryption in
separate requests, passing intermediate hash state from the first request to
the second. qat(4) can handle arbitrarily large GMAC requests. I'm not sure
how easy this is but I think it's possible.
3. Modify opencrypto to fall back to software crypto if the hardware can't
handle the request for some reason. jhb suggested that this would be useful
for other purposes, e.g., if one is decrypting small packets, where the CPU
cost of handling the request in software is the same as the request setup cost
in a hardware driver. This requires some thought around reordering of requests
within a session.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-fs
mailing list