[Bug 252981] panic with ZFS encryption and QAT: VERIFY3(0 == spa_do_crypt_bad(...

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252981

--- Comment #11 from commit-hook at FreeBSD.org ---
A commit in branch releng/13.0 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=442719c0c6de93051d4bf9820420e9863ed3de53

commit 442719c0c6de93051d4bf9820420e9863ed3de53
Author:     Martin Matuska <mm at FreeBSD.org>
AuthorDate: 2021-02-22 17:37:47 +0000
Commit:     Martin Matuska <mm at FreeBSD.org>
CommitDate: 2021-02-25 16:20:20 +0000

    zfs: disable use of hardware crypto offload drivers

    From openzfs-master e7adccf7f commit message:
      First, the crypto request completion handler contains a bug in that it
      fails to reset fs_done correctly after the request is completed.  This
      is only a problem for asynchronous drivers.  Second, some hardware
      drivers have input constraints which ZFS does not satisfy.  For
      instance, ccp(4) apparently requires the AAD length for AES-GCM to be a
      multiple of the cipher block size, and with qat(4) the AES-GCM AAD
      length may not be longer than 240 bytes.  FreeBSD's generic crypto
      framework doesn't have a mechanism to automatically fall back to a
      software implementation if a hardware driver cannot process a request,
      and ZFS does not tolerate such errors.

    Patch Author:   Mark Johnston <markj at freebsd.org>

    Obtained from:  openzfs/zfs at e7adccf7f537a4d07281a2b74b360154bae367bc
    PR:             252981, 253595
    Approved by:    re (gjb)

    (cherry picked from commit 940415f20a784156ec0e247989796385896f32a8)

 sys/contrib/openzfs/module/os/freebsd/zfs/crypto_os.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.