HomeFreeBSD

zfs: disable use of hardware crypto offload drivers

Description

zfs: disable use of hardware crypto offload drivers

From openzfs-master e7adccf7f commit message:

First, the crypto request completion handler contains a bug in that it
fails to reset fs_done correctly after the request is completed.  This
is only a problem for asynchronous drivers.  Second, some hardware
drivers have input constraints which ZFS does not satisfy.  For
instance, ccp(4) apparently requires the AAD length for AES-GCM to be a
multiple of the cipher block size, and with qat(4) the AES-GCM AAD
length may not be longer than 240 bytes.  FreeBSD's generic crypto
framework doesn't have a mechanism to automatically fall back to a
software implementation if a hardware driver cannot process a request,
and ZFS does not tolerate such errors.

Patch Author: Mark Johnston <markj@freebsd.org>

Obtained from: openzfs/zfs@e7adccf7f537a4d07281a2b74b360154bae367bc
PR: 252981, 253595
MFS after: 3 days

(direct commit)

Details

Provenance
mmAuthored on Feb 22 2021, 5:37 PM
Parents
rG64649f028542: zfs: fix panic if scrubbing after removing a slog device
Branches
Unknown
Tags
Unknown