Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Feb 2021 15:35:42 +0000
From:      bugzilla-noreply@freebsd.org
To:        fs@FreeBSD.org
Subject:   [Bug 252981] panic with ZFS encryption and QAT: VERIFY3(0 == spa_do_crypt_bad(...
Message-ID:  <bug-252981-3630-tyF74FmqGO@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-252981-3630@https.bugs.freebsd.org/bugzilla/>
References:  <bug-252981-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252981

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jhb@FreeBSD.org

--- Comment #7 from Mark Johnston <markj@FreeBSD.org> ---
I think for 13.0 we should just modify ZFS to not use hardware crypto drive=
rs.=20
Per comment 1 the OCF wrapper in ZFS is buggy with respect to asynchronous
completions.

Going forward there are at least three possible solutions:
1. Modify ZFS to use separate sessions for hardware and software crypto, and
only use hardware crypto when ot !=3D DMU_OT_INTENT_LOG && ot !=3D DMU_OT_D=
NODE in
zio_do_crypto_data().  This side-steps the AAD problem.
2. Modify qat(4) to authenticate AAD and perform encryption/decryption in
separate requests, passing intermediate hash state from the first request to
the second.  qat(4) can handle arbitrarily large GMAC requests.  I'm not su=
re
how easy this is but I think it's possible.
3. Modify opencrypto to fall back to software crypto if the hardware can't
handle the request for some reason.  jhb suggested that this would be useful
for other purposes, e.g., if one is decrypting small packets, where the CPU
cost of handling the request in software is the same as the request setup c=
ost
in a hardware driver.  This requires some thought around reordering of requ=
ests
within a session.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-252981-3630-tyF74FmqGO>