[Bug 252981] panic with ZFS encryption and QAT: VERIFY3(0 == spa_do_crypt_bad(...
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Feb 22 17:44:16 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252981
--- Comment #10 from commit-hook at FreeBSD.org ---
A commit in branch stable/13 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=940415f20a784156ec0e247989796385896f32a8
commit 940415f20a784156ec0e247989796385896f32a8
Author: Martin Matuska <mm at FreeBSD.org>
AuthorDate: 2021-02-22 17:37:47 +0000
Commit: Martin Matuska <mm at FreeBSD.org>
CommitDate: 2021-02-22 17:42:33 +0000
zfs: disable use of hardware crypto offload drivers
From openzfs-master e7adccf7f commit message:
First, the crypto request completion handler contains a bug in that it
fails to reset fs_done correctly after the request is completed. This
is only a problem for asynchronous drivers. Second, some hardware
drivers have input constraints which ZFS does not satisfy. For
instance, ccp(4) apparently requires the AAD length for AES-GCM to be a
multiple of the cipher block size, and with qat(4) the AES-GCM AAD
length may not be longer than 240 bytes. FreeBSD's generic crypto
framework doesn't have a mechanism to automatically fall back to a
software implementation if a hardware driver cannot process a request,
and ZFS does not tolerate such errors.
Patch Author: Mark Johnston <markj at freebsd.org>
Obtained from: openzfs/zfs at e7adccf7f537a4d07281a2b74b360154bae367bc
PR: 252981, 253595
MFS after: 3 days
(direct commit)
sys/contrib/openzfs/module/os/freebsd/zfs/crypto_os.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-fs
mailing list