zfs code - May 2006 - Help on ZIO pipeline for zfs-crypto

I''ve just resync''d my zfs-crypto workspace to onnv_39 and
started some
more serious work on this.

http://opensolaris.org/os/project/zfs-crypto/files/diffs.onnv_39

[ For those internal to SWAN this is running on mix.sfbay and the
   workspace is /net/borg.sfbay/cube/projects/zfs-crypto/ ]

I need some help with the ZIO pipeline.  I think my code should be 
getting called but it doesn''t appear to be (viewing with the attached 
dtrace script).

Since we don''t yet have the ability to set ZFS options at data set 
creation time I think I am simulating this by using two file systems.

mix:pts/1$ zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
blue                   33.8G    253K   33.7G     0%  ONLINE     -
red                    33.8G   69.5M   33.7G     0%  ONLINE     -

mix:pts/1$ zfs list
NAME                   USED  AVAIL  REFER  MOUNTPOINT
blue                   249K  33.2G  26.5K  /blue
blue/alpha             158K  33.2G   158K  /blue/alpha
red                   69.5M  33.2G  27.5K  /red
red/one               34.7M  33.2G  34.7M  /red/one
red/two               34.7M  33.2G  34.7M  /red/two

mix:pts/1$ zfs get -r encryption,checksum,compression blue
NAME             PROPERTY       VALUE                      SOURCE
blue             encryption     on                         local
blue             checksum       on                         default
blue             compression    off                        default
blue/alpha       encryption     on                         inherited 
from blue
blue/alpha       checksum       on                         default
blue/alpha       compression    off                        default


So this means that writing to /blue/alpha should not do compression but 
should do encryption with the default value (which is ZFS_CRYPT_AES_128 
== 3 in zio.h).  Using the attached D script I see this (other stuff 
removed)


   2  38702              zio_write:entry checksum 7, compress 3, crypt 3
   2  38703                 zio_write:return
   2  37758         zio_write_compress:entry
   2  37762      zio_checksum_generate:entry
   2  37763     zio_checksum_generate:return
   2  37790        zio_checksum_verify:entry
   2  37791       zio_checksum_verify:return
   2  37796        zio_read_decompress:entry
   2  37797       zio_read_decompress:return
   2  37759        zio_write_compress:return

I''m confused as to why I''m not seeing zio_write_encrypt being
called
even though crypt is ZFS_CRYPT_AES_128.

The updates to zio_write() have this in them:

         zio->io_checksum = checksum;
         zio->io_compress = compress;
         zio->io_ndvas = ncopies;
         zio->io_crypt = crypt;

         if (compress != ZIO_COMPRESS_OFF)
                 zio->io_async_stages |= 1U <<
ZIO_STAGE_WRITE_COMPRESS;

         if (crypt != ZIO_CRYPT_OFF)
                 zio->io_async_stages |= 1U << ZIO_STAGE_WRITE_ENCRYPT;

so with crypt being "3" we should be adding encryption into the
pipeline.

See the patch for the full set of changes that show where things
like ZIO_STAGE_WRITE_ENCRYPT are set up.

So what am I missing, I feel like it is something really obvious but
I just can''t see it.


-- 
Darren J Moffat
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: zfs-cryptio.d
URL:
<http://mail.opensolaris.org/pipermail/zfs-code/attachments/20060504/ed811ca2/attachment.ksh>

On Thu, May 04, 2006 at 12:08:23PM +0100, Darren J Moffat
wrote:
> I''ve just resync''d my zfs-crypto workspace to onnv_39 and
started some
> more serious work on this.
Excellent.  I can hardly wait to use this.
> I need some help with the ZIO pipeline.  I think my code should be 
> getting called but it doesn''t appear to be (viewing with the
attached
> dtrace script).
> 
> ...
> 
> The updates to zio_write() have this in them:
> 
>         zio->io_checksum = checksum;
>         zio->io_compress = compress;
>         zio->io_ndvas = ncopies;
>         zio->io_crypt = crypt;
> 
>         if (compress != ZIO_COMPRESS_OFF)
>                 zio->io_async_stages |= 1U <<
ZIO_STAGE_WRITE_COMPRESS;
> 
>         if (crypt != ZIO_CRYPT_OFF)
>                 zio->io_async_stages |= 1U <<
ZIO_STAGE_WRITE_ENCRYPT;
> 
> so with crypt being "3" we should be adding encryption into the
pipeline.
> 
> See the patch for the full set of changes that show where things
> like ZIO_STAGE_WRITE_ENCRYPT are set up.
> 
> So what am I missing, I feel like it is something really obvious but
> I just can''t see it.
You shouldn''t need anything in zio_write() to get going, although the
above code you have will make us dispatch one less thing to a taskq when
compression is off.  In any case, simply add ZIO_STAGE_WRITE_CRYPT to
the definitions for ZIO_WRITE_PHYS_PIPELINE in zio_impl.h (and the same
goes for adding ZIO_STAGE_READ_DECRYPT to ZIO_READ_PHYS_PIPELINE).
Also, if you don''t want to put that code in zio_write(), just add
ZIO_STAGE_WRITE_CRYPT and ZIO_STAGE_READ_DECRYPT to the definition for
ZIO_ASYNC_PIPELINE_STAGES.

The explanation for the above is that io_pipeline defines the stages
that a given zio goes through.  So in order for your encryption stuff
to get called, it must be part of that.  The io_async_stages simply
defines which of the pipeline stages should be asynchronous - that is,
not done in the context of the zio_write() caller.  You don''t want the
I/O issue rate of the caller to be limited by how fast you can do
encryption.

In the zio code, compression is a slightly funny guy, so you should
instead model your changes after how checksums are done.  I think you
should always execute your zio_write_crypt() function since it needs to
set some fields in the bp.  The routine you call to actually do the
encryption will key off of ZIO_CRYPT_OFF and just do no work in that
case.

Does that help?


--Bill

Bill Moore wrote:
> Does that help?
I think it does.  A first glance over your email it makes sense anyway. 
  I''ll go an try implement this now....

-- 
Darren J Moffat