c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-01-27 02:14:28 +03:00
Code Issues Packages Projects Releases Wiki Activity
b525630342
mirror_zfs/module/zfs
History
Tom Caputi b525630342 Native Encryption for ZFS on Linux 
This change incorporates three major pieces:

The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.

The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.

The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494 
Closes #5769
2017-08-14 10:36:48 -07:00
..
abd.c minor improvement to abd_free_pages() 2017-05-02 10:06:18 -07:00
arc.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
blkptr.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
bplist.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
bpobj.c Don't dirty bpobj if it has no entries 2017-05-26 11:42:10 -07:00
bptree.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
bqueue.c Call cv_signal() with mutex held 2017-06-26 14:36:49 -07:00
dbuf_stats.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
dbuf.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
ddt_zap.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
ddt.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dmu_diff.c OpenZFS 6950 - ARC should cache compressed data 2016-09-13 09:58:33 -07:00
dmu_object.c Fix dnode allocation race 2017-08-08 08:38:53 -07:00
dmu_objset.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dmu_send.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dmu_traverse.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dmu_tx.c Fix dnode allocation race 2017-08-08 08:38:53 -07:00
dmu_zfetch.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
dmu.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dnode_sync.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dnode.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_bookmark.c OpenZFS 8377 - Panic in bookmark deletion 2017-06-30 11:11:01 -07:00
dsl_crypt.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_dataset.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_deadlist.c OpenZFS 5428 - provide fts(), reallocarray(), and strtonum() 2017-07-08 20:35:35 -07:00
dsl_deleg.c Performance optimization of AVL tree comparator functions 2016-08-31 14:35:34 -07:00
dsl_destroy.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_dir.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_pool.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_prop.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_scan.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
dsl_synctask.c Illumos 4951 - ZFS administrative commands should use reserved space 2015-05-04 09:41:10 -07:00
dsl_userhold.c OpenZFS 5428 - provide fts(), reallocarray(), and strtonum() 2017-07-08 20:35:35 -07:00
edonr_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
fm.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
gzip.c GZIP compression offloading with QAT accelerator 2017-03-22 17:58:47 -07:00
lz4.c Fix LZ4_uncompress_unknownOutputSize caused panic 2017-05-19 13:45:46 -07:00
lzjb.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
Makefile.in Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
metaslab.c OpenZFS 8023 - Panic destroying a metaslab deferred range tree 2017-04-09 16:12:35 -07:00
mmp.c Simplify threads, mutexs, cvs and rwlocks 2017-08-11 08:51:44 -07:00
multilist.c OpenZFS 7968 - multi-threaded spa_sync() 2017-03-20 18:36:00 -07:00
pathname.c Add pn_alloc()/pn_free() functions 2016-04-21 09:49:25 -07:00
policy.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
qat_compress.c Change U16 to U32 due to atomic_inc_32_nv 2017-04-25 17:41:58 -07:00
qat_compress.h GZIP compression offloading with QAT accelerator 2017-03-22 17:58:47 -07:00
range_tree.c Performance optimization of AVL tree comparator functions 2016-08-31 14:35:34 -07:00
refcount.c Linux 4.11 compat: avoid refcount_t name conflict 2017-02-28 16:10:18 -08:00
rrwlock.c Fix spelling 2017-01-03 11:31:18 -06:00
sa.c OpenZFS 8061 - sa_find_idx_tab can be declared more type-safely 2017-04-14 11:11:28 -07:00
sha256.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
skein_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
spa_boot.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_config.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
spa_errlog.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
spa_history.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
spa_misc.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
spa_stats.c Allow longer SPA names in stats 2017-08-11 08:56:24 -07:00
spa.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
space_map.c OpenZFS 8023 - Panic destroying a metaslab deferred range tree 2017-04-09 16:12:35 -07:00
space_reftree.c OpenZFS 6328 - Fix cstyle errors in zfs codebase 2017-01-12 09:42:11 -08:00
trace.c OpenZFS 6531 - Provide mechanism to artificially limit disk performance 2016-05-26 10:11:51 -07:00
txg.c Simplify threads, mutexs, cvs and rwlocks 2017-08-11 08:51:44 -07:00
uberblock.c Multi-modifier protection (MMP) 2017-07-13 13:54:00 -04:00
unique.c Performance optimization of AVL tree comparator functions 2016-08-31 14:35:34 -07:00
vdev_cache.c Fix wrong offset args in vdev_cache_write 2017-03-28 11:06:22 -07:00
vdev_disk.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
vdev_file.c Skip spurious resilver IO on raidz vdev 2017-05-12 17:28:03 -07:00
vdev_label.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
vdev_mirror.c Skip spurious resilver IO on raidz vdev 2017-05-12 17:28:03 -07:00
vdev_missing.c Skip spurious resilver IO on raidz vdev 2017-05-12 17:28:03 -07:00
vdev_queue.c Cap maximum aggregate IO size 2017-06-27 10:09:16 -07:00
vdev_raidz_math_aarch64_neon_common.h ABD raidz NEON support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_aarch64_neon.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_aarch64_neonx2.c ABD raidz NEON support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_avx2.c ABD raidz avx512f support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_avx512bw.c ABD: Adapt avx512bw raidz assembly 2016-12-15 17:31:33 -08:00
vdev_raidz_math_avx512f.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
vdev_raidz_math_impl.h codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_scalar.c ABD Vectorized raidz 2016-11-29 14:34:33 -08:00
vdev_raidz_math_sse2.c ABD raidz avx512f support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_ssse3.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
vdev_root.c Skip spurious resilver IO on raidz vdev 2017-05-12 17:28:03 -07:00
vdev.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zap_leaf.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
zap_micro.c Fix dnode allocation race 2017-08-08 08:38:53 -07:00
zap.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
zfeature.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zfs_acl.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zfs_byteswap.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
zfs_ctldir.c Use SET_ERROR for constant non-zero return codes 2017-08-02 21:16:12 -07:00
zfs_debug.c Add line info and SET_ERROR() to ZFS debug log 2017-07-25 23:09:48 -07:00
zfs_dir.c Rename zfs_sb_t -> zfsvfs_t 2017-03-10 09:51:33 -08:00
zfs_fm.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zfs_fuid.c Rename zfs_sb_t -> zfsvfs_t 2017-03-10 09:51:33 -08:00
zfs_ioctl.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zfs_log.c OpenZFS 7578 - Fix/improve some aspects of ZIL writing 2017-06-09 09:15:37 -07:00
zfs_onexit.c zfsdev_getminor() should check for invalid file handles 2015-06-22 17:02:13 -07:00
zfs_ratelimit.c Add libtpool (thread pools) 2017-08-09 15:31:08 -07:00
zfs_replay.c Rename zfs_sb_t -> zfsvfs_t 2017-03-10 09:51:33 -08:00
zfs_rlock.c Fix spelling 2017-01-03 11:31:18 -06:00
zfs_sa.c Simplify threads, mutexs, cvs and rwlocks 2017-08-11 08:51:44 -07:00
zfs_vfsops.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zfs_vnops.c Fix NULL pointer when O_SYNC read in snapshot 2017-08-11 08:57:54 -07:00
zfs_znode.c Fix dnode allocation race 2017-08-08 08:38:53 -07:00
zil.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zio_checksum.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zio_compress.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
zio_crypt.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zio_inject.c Inject zinject(8) a percentage amount of dev errs 2017-06-16 17:21:11 -07:00
zio.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
zle.c Update core ZFS code from build 121 to build 141. 2010-05-28 13:45:14 -07:00
zpl_ctldir.c Linux 4.12 compat: CURRENT_TIME removed 2017-05-10 09:30:48 -07:00
zpl_export.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
zpl_file.c Rename zfs_sb_t -> zfsvfs_t 2017-03-10 09:51:33 -08:00
zpl_inode.c Linux 4.12 compat: CURRENT_TIME removed 2017-05-10 09:30:48 -07:00
zpl_super.c Restructure mount option handling 2017-03-10 09:51:41 -08:00
zpl_xattr.c Linux 4.12 compat: CURRENT_TIME removed 2017-05-10 09:30:48 -07:00
zrlock.c OpenZFS 3746 - ZRLs are racy 2017-01-23 10:35:58 -08:00
zvol.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00