]> granicus.if.org Git - zfs/commit
Refcounted DSL Crypto Key Mappings
authorTom Caputi <tcaputi@datto.com>
Wed, 3 Oct 2018 16:47:11 +0000 (12:47 -0400)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Wed, 3 Oct 2018 16:47:11 +0000 (09:47 -0700)
commit52ce99dd617369ff09d8eef8cfd36fa80dbfca4f
treea7d4a038ff37c7d4eace6b09aa400174bda991be
parentf65fbee1e7a370db24e1aaa2b7bea7865938b9ae
Refcounted DSL Crypto Key Mappings

Since native ZFS encryption was merged, we have been fighting
against a series of bugs that come down to the same problem: Key
mappings (which must be present during all I/O operations) are
created and destroyed based on dataset ownership, but I/Os can
have traditionally been allowed to "leak" into the next txg after
the dataset is disowned.

In the past we have attempted to solve this problem by trying to
ensure that datasets are disowned ater all I/O is finished by
calling txg_wait_synced(), but we have repeatedly found edge cases
that need to be squashed and code paths that might incur a high
number of txg syncs. This patch attempts to resolve this issue
differently, by adding a reference to the key mapping for each txg
it is dirtied in. By doing so, we can remove many of the
unnecessary calls to txg_wait_synced() we have added in the past
and ensure we don't need to deal with this problem in the future.

Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #7949
cmd/ztest/ztest.c
include/sys/dsl_crypt.h
include/sys/dsl_dataset.h
module/zfs/dmu_objset.c
module/zfs/dsl_crypt.c
module/zfs/dsl_dataset.c
module/zfs/dsl_pool.c
module/zfs/spa.c
module/zfs/zil.c