Darren J Moffat
2006-May-25 16:07 UTC
[zfs-code] zio_push/pop_transform how and when to use it.
So today I believe I have encrypted data (part of Hamlet in case you care[1]) in a ZFS file system for the first time without having a panic.[2] However.... when I read the data back using cat(1) I get garbage. Garbage of the correct size that looks very much like it would be the ciphertext! Now I think this is because I used crypto_encrypt(9f) with the inplace encryption. I believe this means that we now have the ciphertext in the ARC. Now that might actually be a good thing in some cases since it means that if the key goes away (ie user removed it) we don''t need to flush the cache; it wasn''t what I was trying to do at the moment though and I actually thought that was going to be one of the harder problems to solve :-) So I went back and looked at how compression works and noticed that it uses zio_push/pop_transform. I had tried using that before but it just resulted in panics so I put it aside for a while. So should I be using the zio transform stuff here ? If so how is it supposed to work, who allocates memory etc. Assuming that I do want to actually have the data encrypted in the ARC is there a hook some where that I can have zio_decrypt_data called or is this something I''ll need to add myself ? Cheers [1] Yeah I should use something else since that is already in the Solaris source base (and put there by me). [2] NOTE: This is still a prototype and is using a hardcoded key because this is for ZIO pipeline testing not even beta test. -- Darren J Moffat
Darren J Moffat
2006-May-31 13:51 UTC
[zfs-code] zio_push/pop_transform how and when to use it.
Trying again since I didn''t see any responses.... So today[0] I believe I have encrypted data (part of Hamlet in case you care[1]) in a ZFS file system for the first time without having a panic.[2] However.... when I read the data back using cat(1) I get garbage. Garbage of the correct size that looks very much like it would be the ciphertext! Now I think this is because I used crypto_encrypt(9f) with the inplace encryption. I believe this means that we now have the ciphertext in the ARC. Now that might actually be a good thing in some cases since it means that if the key goes away (ie user removed it) we don''t need to flush the cache; it wasn''t what I was trying to do at the moment though and I actually thought that was going to be one of the harder problems to solve :-) So I went back and looked at how compression works and noticed that it uses zio_push/pop_transform. I had tried using that before but it just resulted in panics so I put it aside for a while. So should I be using the zio transform stuff here ? If so how is it supposed to work, who allocates memory etc. Assuming that I do want to actually have the data encrypted in the ARC is there a hook some where that I can have zio_decrypt_data called or is this something I''ll need to add myself ? Cheers [0] It was on 25th May :-) [1] Yeah I should use something else since that is already in the Solaris source base (and put there by me). [2] NOTE: This is still a prototype and is using a hardcoded key because this is for ZIO pipeline testing not even beta test. -- Darren J Moffat
Mark Maybee
2006-Jun-01 16:12 UTC
[zfs-code] zio_push/pop_transform how and when to use it.
Hi Darren, Sorry about the slow response (from me). I was on vacation last week (and am on semi-vacation this week). I can''t answer your question about using the zio transform stuff. You will have to get Jeff or Bill''s attention for that. As far as the ARC "hook" goes: it doesn''t yet exist. You will have to add this functionality yourself. I will be happy to help you design this if you decide to go down this path. -Mark Darren J Moffat wrote:> Trying again since I didn''t see any responses.... > > > So today[0] I believe I have encrypted data (part of Hamlet in case you > care[1]) in a ZFS file system for the first time without having a panic.[2] > > However.... when I read the data back using cat(1) I get garbage. > Garbage of the correct size that looks very much like it would be the > ciphertext! > > Now I think this is because I used crypto_encrypt(9f) with the inplace > encryption. I believe this means that we now have the ciphertext in the > ARC. Now that might actually be a good thing in some cases since it > means that if the key goes away (ie user removed it) we don''t need to > flush the cache; it wasn''t what I was trying to do at the moment though > and I actually thought that was going to be one of the harder problems > to solve :-) > > So I went back and looked at how compression works and noticed that it > uses zio_push/pop_transform. I had tried using that before but it just > resulted in panics so I put it aside for a while. > > So should I be using the zio transform stuff here ? If so how is it > supposed to work, who allocates memory etc. > > Assuming that I do want to actually have the data encrypted in the ARC > is there a hook some where that I can have zio_decrypt_data called or is > this something I''ll need to add myself ? > > Cheers > > > [0] It was on 25th May :-) > > [1] Yeah I should use something else since that is already in the > Solaris source base (and put there by me). > > [2] NOTE: This is still a prototype and is using a hardcoded key because > this is for ZIO pipeline testing not even beta test. > > -- > Darren J Moffat > > _______________________________________________ > zfs-code mailing list > zfs-code at opensolaris.org > http://opensolaris.org/mailman/listinfo/zfs-code