So, when I do: ``` # zfs create -o encryption=on -o checksum=off -o keyformat=passphrase -V 4G tank/testvol ```
I get this panic: ``` > ::status debugging crash dump ./vmcore.9 (64-bit) from 00-0c-29-5d-4c-f7 operating system: 5.11 joyent_20170807T220431Z (i86pc) image uuid: (not set) panic message: assertion failed: spa_do_crypt_abd(B_TRUE, spa, zio->io_bookmark.zb_objset, bp, zio->io_txg, psize, zio->io_abd, eabd, iv, mac, salt, &no_crypt) == 0 (0x5 == 0x0), file: ../../common/fs/zfs/zio.c, line: 3558 dump content: kernel pages only > $C ffffff000f613900 vpanic() ffffff000f613950 0xfffffffffba7bfad() ffffff000f613a40 zio_encrypt+0x5cf(ffffff0378abd7d0) ffffff000f613a70 zio_execute+0x7f(ffffff0378abd7d0) ffffff000f613b30 taskq_thread+0x2d0(ffffff0377006a20) ffffff000f613b40 thread_start+8() ``` Happy to provide the dump for further debugging, or look more into it if you want. I'm guessing that this is probably not going to work, and should be blocked off as a combination of properties (i.e. refuse to set encryption=on with checksum=off). I guess this also means that having a dump zvol be inside an encrypted pool is not going to work. So.. anyone have any ideas about what do about dump zvols on an encrypted pool? I'm trying to think through how we can use this at Joyent, where we only have one pool on the system and our dump and swap need to go on it -- since we can't make encrypted clones of an unencrypted dataset, and can't have some things unencrypted under an encrypted sub-tree, it would make the most sense I think to add encryption at the top of the pool (so all our existing code bits that do clones of datasets underneath that continue to work). But then we have the problem of what to do about the dump zvol. Would it be possible to allow unencrypted children of an encrypted dataset at some point in the future? I must admit I haven't understood the design well enough yet to tell that for myself, sorry. I've also noticed some odd rendering issues looking at the new man pages. Might be a mis-merge on my part, I'll follow up on them later. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/openzfs/openzfs/pull/124#issuecomment-321112170 ------------------------------------------ openzfs-developer Archives: https://openzfs.topicbox.com/groups/developer/discussions/T1625245905c55186-M33abc8e7fc85e15556ce3be6 Powered by Topicbox: https://topicbox.com
