mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2025-01-13 19:50:25 +03:00
Fix hash_lock / keystore.sk_dk_lock lock inversion
The keystore.sk_dk_lock should not be held while performing I/O. Drop the lock when reading from disk and update the code so they the first successful caller adds the key. Improve error handling in spa_keystore_create_mapping_impl(). Reviewed by: Thomas Caputi <tcaputi@datto.com> Reviewed-by: RageLtMan <rageltman@sempervictus> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #7112 Closes #7115
This commit is contained in:
parent
fbd4254268
commit
0d23f5e2e4
@ -655,57 +655,58 @@ spa_keystore_dsl_key_hold_dd(spa_t *spa, dsl_dir_t *dd, void *tag,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
avl_index_t where;
|
avl_index_t where;
|
||||||
dsl_crypto_key_t *dck = NULL;
|
dsl_crypto_key_t *dck_io = NULL, *dck_ks = NULL;
|
||||||
dsl_wrapping_key_t *wkey = NULL;
|
dsl_wrapping_key_t *wkey = NULL;
|
||||||
uint64_t dckobj = dd->dd_crypto_obj;
|
uint64_t dckobj = dd->dd_crypto_obj;
|
||||||
|
|
||||||
rw_enter(&spa->spa_keystore.sk_dk_lock, RW_WRITER);
|
/* Lookup the key in the tree of currently loaded keys */
|
||||||
|
rw_enter(&spa->spa_keystore.sk_dk_lock, RW_READER);
|
||||||
/* lookup the key in the tree of currently loaded keys */
|
ret = spa_keystore_dsl_key_hold_impl(spa, dckobj, tag, &dck_ks);
|
||||||
ret = spa_keystore_dsl_key_hold_impl(spa, dckobj, tag, &dck);
|
|
||||||
if (!ret) {
|
|
||||||
rw_exit(&spa->spa_keystore.sk_dk_lock);
|
rw_exit(&spa->spa_keystore.sk_dk_lock);
|
||||||
*dck_out = dck;
|
if (ret == 0) {
|
||||||
|
*dck_out = dck_ks;
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* lookup the wrapping key from the keystore */
|
/* Lookup the wrapping key from the keystore */
|
||||||
ret = spa_keystore_wkey_hold_dd(spa, dd, FTAG, &wkey);
|
ret = spa_keystore_wkey_hold_dd(spa, dd, FTAG, &wkey);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
ret = SET_ERROR(EACCES);
|
*dck_out = NULL;
|
||||||
goto error_unlock;
|
return (SET_ERROR(EACCES));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* read the key from disk */
|
/* Read the key from disk */
|
||||||
ret = dsl_crypto_key_open(spa->spa_meta_objset, wkey, dckobj,
|
ret = dsl_crypto_key_open(spa->spa_meta_objset, wkey, dckobj,
|
||||||
tag, &dck);
|
tag, &dck_io);
|
||||||
if (ret != 0)
|
if (ret != 0) {
|
||||||
goto error_unlock;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* add the key to the keystore (this should always succeed
|
|
||||||
* since we made sure it didn't exist before)
|
|
||||||
*/
|
|
||||||
avl_find(&spa->spa_keystore.sk_dsl_keys, dck, &where);
|
|
||||||
avl_insert(&spa->spa_keystore.sk_dsl_keys, dck, where);
|
|
||||||
|
|
||||||
/* release the wrapping key (the dsl key now has a reference to it) */
|
|
||||||
dsl_wrapping_key_rele(wkey, FTAG);
|
dsl_wrapping_key_rele(wkey, FTAG);
|
||||||
|
|
||||||
rw_exit(&spa->spa_keystore.sk_dk_lock);
|
|
||||||
|
|
||||||
*dck_out = dck;
|
|
||||||
return (0);
|
|
||||||
|
|
||||||
error_unlock:
|
|
||||||
rw_exit(&spa->spa_keystore.sk_dk_lock);
|
|
||||||
if (wkey != NULL)
|
|
||||||
dsl_wrapping_key_rele(wkey, FTAG);
|
|
||||||
|
|
||||||
*dck_out = NULL;
|
*dck_out = NULL;
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Add the key to the keystore. It may already exist if it was
|
||||||
|
* added while performing the read from disk. In this case discard
|
||||||
|
* it and return the key from the keystore.
|
||||||
|
*/
|
||||||
|
rw_enter(&spa->spa_keystore.sk_dk_lock, RW_WRITER);
|
||||||
|
ret = spa_keystore_dsl_key_hold_impl(spa, dckobj, tag, &dck_ks);
|
||||||
|
if (ret != 0) {
|
||||||
|
avl_find(&spa->spa_keystore.sk_dsl_keys, dck_io, &where);
|
||||||
|
avl_insert(&spa->spa_keystore.sk_dsl_keys, dck_io, where);
|
||||||
|
*dck_out = dck_io;
|
||||||
|
} else {
|
||||||
|
dsl_crypto_key_free(dck_io);
|
||||||
|
*dck_out = dck_ks;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Release the wrapping key (the dsl key now has a reference to it) */
|
||||||
|
dsl_wrapping_key_rele(wkey, FTAG);
|
||||||
|
rw_exit(&spa->spa_keystore.sk_dk_lock);
|
||||||
|
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, void *tag)
|
spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, void *tag)
|
||||||
{
|
{
|
||||||
@ -934,20 +935,19 @@ spa_keystore_create_mapping_impl(spa_t *spa, uint64_t dsobj,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
avl_index_t where;
|
avl_index_t where;
|
||||||
dsl_key_mapping_t *km = NULL, *found_km;
|
dsl_key_mapping_t *km, *found_km;
|
||||||
boolean_t should_free = B_FALSE;
|
boolean_t should_free = B_FALSE;
|
||||||
|
|
||||||
/* allocate the mapping */
|
/* Allocate and initialize the mapping */
|
||||||
km = kmem_alloc(sizeof (dsl_key_mapping_t), KM_SLEEP);
|
km = kmem_zalloc(sizeof (dsl_key_mapping_t), KM_SLEEP);
|
||||||
if (!km)
|
|
||||||
return (SET_ERROR(ENOMEM));
|
|
||||||
|
|
||||||
/* initialize the mapping */
|
|
||||||
refcount_create(&km->km_refcnt);
|
refcount_create(&km->km_refcnt);
|
||||||
|
|
||||||
ret = spa_keystore_dsl_key_hold_dd(spa, dd, km, &km->km_key);
|
ret = spa_keystore_dsl_key_hold_dd(spa, dd, km, &km->km_key);
|
||||||
if (ret != 0)
|
if (ret != 0) {
|
||||||
goto error;
|
refcount_destroy(&km->km_refcnt);
|
||||||
|
kmem_free(km, sizeof (dsl_key_mapping_t));
|
||||||
|
return (ret);
|
||||||
|
}
|
||||||
|
|
||||||
km->km_dsobj = dsobj;
|
km->km_dsobj = dsobj;
|
||||||
|
|
||||||
@ -979,15 +979,6 @@ spa_keystore_create_mapping_impl(spa_t *spa, uint64_t dsobj,
|
|||||||
}
|
}
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
error:
|
|
||||||
if (km->km_key)
|
|
||||||
spa_keystore_dsl_key_rele(spa, km->km_key, km);
|
|
||||||
|
|
||||||
refcount_destroy(&km->km_refcnt);
|
|
||||||
kmem_free(km, sizeof (dsl_key_mapping_t));
|
|
||||||
|
|
||||||
return (ret);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
Loading…
Reference in New Issue
Block a user