mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-25 11:47:43 +03:00
Refcounted DSL Crypto Key Mappings
Since native ZFS encryption was merged, we have been fighting against a series of bugs that come down to the same problem: Key mappings (which must be present during all I/O operations) are created and destroyed based on dataset ownership, but I/Os can have traditionally been allowed to "leak" into the next txg after the dataset is disowned. In the past we have attempted to solve this problem by trying to ensure that datasets are disowned ater all I/O is finished by calling txg_wait_synced(), but we have repeatedly found edge cases that need to be squashed and code paths that might incur a high number of txg syncs. This patch attempts to resolve this issue differently, by adding a reference to the key mapping for each txg it is dirtied in. By doing so, we can remove many of the unnecessary calls to txg_wait_synced() we have added in the past and ensure we don't need to deal with this problem in the future. Reviewed-by: Jorgen Lundman <lundman@lundman.net> Reviewed by: Matthew Ahrens <mahrens@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #7949
This commit is contained in:
Tom Caputi
committed by
Brian Behlendorf
Brian Behlendorf
parent
f65fbee1e7
commit
52ce99dd61
+1
-17
@@ -4995,7 +4995,7 @@ spa_create(const char *pool, nvlist_t *nvroot, nvlist_t *props,
|
||||
uint64_t txg = TXG_INITIAL;
|
||||
nvlist_t **spares, **l2cache;
|
||||
uint_t nspares, nl2cache;
|
||||
uint64_t version, obj, root_dsobj = 0;
|
||||
uint64_t version, obj;
|
||||
boolean_t has_features;
|
||||
boolean_t has_encryption;
|
||||
spa_feature_t feat;
|
||||
@@ -5249,27 +5249,11 @@ spa_create(const char *pool, nvlist_t *nvroot, nvlist_t *props,
|
||||
|
||||
dmu_tx_commit(tx);
|
||||
|
||||
/*
|
||||
* If the root dataset is encrypted we will need to create key mappings
|
||||
* for the zio layer before we start to write any data to disk and hold
|
||||
* them until after the first txg has been synced. Waiting for the first
|
||||
* transaction to complete also ensures that our bean counters are
|
||||
* appropriately updated.
|
||||
*/
|
||||
if (dp->dp_root_dir->dd_crypto_obj != 0) {
|
||||
root_dsobj = dsl_dir_phys(dp->dp_root_dir)->dd_head_dataset_obj;
|
||||
VERIFY0(spa_keystore_create_mapping_impl(spa, root_dsobj,
|
||||
dp->dp_root_dir, FTAG));
|
||||
}
|
||||
|
||||
spa->spa_sync_on = B_TRUE;
|
||||
txg_sync_start(dp);
|
||||
mmp_thread_start(spa);
|
||||
txg_wait_synced(dp, txg);
|
||||
|
||||
if (dp->dp_root_dir->dd_crypto_obj != 0)
|
||||
VERIFY0(spa_keystore_remove_mapping(spa, root_dsobj, FTAG));
|
||||
|
||||
spa_spawn_aux_threads(spa);
|
||||
|
||||
spa_write_cachefile(spa, B_FALSE, B_TRUE);
|
||||
|
||||
Reference in New Issue
Block a user