diff options
| author | Mark Johnston <[email protected]> | 2021-02-18 18:51:20 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2021-02-18 15:51:20 -0800 |
| commit | e7adccf7f537a4d07281a2b74b360154bae367bc (patch) | |
| tree | e6cccb72ec180cb0cf54417814f67221263eeffd /module/zfs | |
| parent | 778869fa139ab72ed557e7455e4f1126684f2625 (diff) | |
FreeBSD: disable the use of hardware crypto offload drivers for now
First, the crypto request completion handler contains a bug in that it
fails to reset fs_done correctly after the request is completed. This
is only a problem for asynchronous drivers. Second, some hardware
drivers have input constraints which ZFS does not satisfy. For
instance, ccp(4) apparently requires the AAD length for AES-GCM to be a
multiple of the cipher block size, and with qat(4) the AES-GCM AAD
length may not be longer than 240 bytes. FreeBSD's generic crypto
framework doesn't have a mechanism to automatically fall back to a
software implementation if a hardware driver cannot process a request,
and ZFS does not tolerate such errors.
The plan is to implement such a fallback mechanism, but with FreeBSD
13.0 approaching we should simply disable the use hardware drivers for
now.
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: Alexander Motin <[email protected]>
Signed-off-by: Mark Johnston <[email protected]>
Closes #11612
Diffstat (limited to 'module/zfs')
0 files changed, 0 insertions, 0 deletions