HomeFreeBSD

Refactor dbuf_read() for safer decryption

Description

Refactor dbuf_read() for safer decryption

In dbuf_read_verify_dnode_crypt():

  • We don't need original dbuf locked there. Instead take a lock

on a dnode dbuf, that is actually manipulated.

  • Block decryption for a dnode dbuf if it is currently being

written. ARC hash lock does not protect anonymous buffers, so
arc_untransform() is unsafe when used on buffers being written,
that may happen in case of encrypted dnode buffers, since they
are not copied by dbuf_dirty()/dbuf_hold_copy().

In dbuf_read():

  • If the buffer is in flight, recheck its compression/encryption

status after it is cached, since it may need arc_untransform().

Tested-by: Rich Ercolani <rincebrain@gmail.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #16104

Details

Provenance
mavAuthored on Apr 22 2024, 6:41 PM
Brian Behlendorf <behlendorf1@llnl.gov>Committed on May 29 2024, 3:54 PM
Parents
rG9edf6af4aed1: Replace P2ALIGN with P2ALIGN_TYPED and delete P2ALIGN.
Branches
Unknown
Tags
Unknown