1 files changed, 34 insertions, 18 deletions
diff --git a/include/sys/zio_impl.h b/include/sys/zio_impl.h
index 4d56e9066..344048c6a 100644
--- a/include/sys/zio_impl.h
+++ b/include/sys/zio_impl.h
@@ -96,6 +96,18 @@ extern "C" {
  * physical I/O.  The nop write feature can handle writes in either
  * syncing or open context (i.e. zil writes) and as a result is mutually
  * exclusive with dedup.
+ *
+ * Encryption:
+ * Encryption and authentication is handled by the ZIO_STAGE_ENCRYPT stage.
+ * This stage determines how the encryption metadata is stored in the bp.
+ * Decryption and MAC verification is performed during zio_decrypt() as a
+ * transform callback. Encryption is mutually exclusive with nopwrite, because
+ * blocks with the same plaintext will be encrypted with different salts and
+ * IV's (if dedup is off), and therefore have different ciphertexts. For dedup
+ * blocks we deterministically generate the IV and salt by performing an HMAC
+ * of the plaintext, which is computationally expensive, but allows us to keep
+ * support for encrypted dedup. See the block comment in zio_crypt.c for
+ * details.
  */
 
 /*
@@ -110,32 +122,33 @@ enum zio_stage {
 	ZIO_STAGE_ISSUE_ASYNC		= 1 << 4,	/* RWF-- */
 	ZIO_STAGE_WRITE_COMPRESS	= 1 << 5,	/* -W--- */
 
-	ZIO_STAGE_CHECKSUM_GENERATE	= 1 << 6,	/* -W--- */
+	ZIO_STAGE_ENCRYPT		= 1 << 6,	/* -W--- */
+	ZIO_STAGE_CHECKSUM_GENERATE	= 1 << 7,	/* -W--- */
 
-	ZIO_STAGE_NOP_WRITE		= 1 << 7,	/* -W--- */
+	ZIO_STAGE_NOP_WRITE		= 1 << 8,	/* -W--- */
 
-	ZIO_STAGE_DDT_READ_START	= 1 << 8,	/* R---- */
-	ZIO_STAGE_DDT_READ_DONE		= 1 << 9,	/* R---- */
-	ZIO_STAGE_DDT_WRITE		= 1 << 10,	/* -W--- */
-	ZIO_STAGE_DDT_FREE		= 1 << 11,	/* --F-- */
+	ZIO_STAGE_DDT_READ_START	= 1 << 9,	/* R---- */
+	ZIO_STAGE_DDT_READ_DONE		= 1 << 10,	/* R---- */
+	ZIO_STAGE_DDT_WRITE		= 1 << 11,	/* -W--- */
+	ZIO_STAGE_DDT_FREE		= 1 << 12,	/* --F-- */
 
-	ZIO_STAGE_GANG_ASSEMBLE		= 1 << 12,	/* RWFC- */
-	ZIO_STAGE_GANG_ISSUE		= 1 << 13,	/* RWFC- */
+	ZIO_STAGE_GANG_ASSEMBLE		= 1 << 13,	/* RWFC- */
+	ZIO_STAGE_GANG_ISSUE		= 1 << 14,	/* RWFC- */
 
-	ZIO_STAGE_DVA_THROTTLE		= 1 << 14,	/* -W--- */
-	ZIO_STAGE_DVA_ALLOCATE		= 1 << 15,	/* -W--- */
-	ZIO_STAGE_DVA_FREE		= 1 << 16,	/* --F-- */
-	ZIO_STAGE_DVA_CLAIM		= 1 << 17,	/* ---C- */
+	ZIO_STAGE_DVA_THROTTLE		= 1 << 15,	/* -W--- */
+	ZIO_STAGE_DVA_ALLOCATE		= 1 << 16,	/* -W--- */
+	ZIO_STAGE_DVA_FREE		= 1 << 17,	/* --F-- */
+	ZIO_STAGE_DVA_CLAIM		= 1 << 18,	/* ---C- */
 
-	ZIO_STAGE_READY			= 1 << 18,	/* RWFCI */
+	ZIO_STAGE_READY			= 1 << 19,	/* RWFCI */
 
-	ZIO_STAGE_VDEV_IO_START		= 1 << 19,	/* RW--I */
-	ZIO_STAGE_VDEV_IO_DONE		= 1 << 20,	/* RW--I */
-	ZIO_STAGE_VDEV_IO_ASSESS	= 1 << 21,	/* RW--I */
+	ZIO_STAGE_VDEV_IO_START		= 1 << 20,	/* RW--I */
+	ZIO_STAGE_VDEV_IO_DONE		= 1 << 21,	/* RW--I */
+	ZIO_STAGE_VDEV_IO_ASSESS	= 1 << 22,	/* RW--I */
 
-	ZIO_STAGE_CHECKSUM_VERIFY	= 1 << 22,	/* R---- */
+	ZIO_STAGE_CHECKSUM_VERIFY	= 1 << 23,	/* R---- */
 
-	ZIO_STAGE_DONE			= 1 << 23	/* RWFCI */
+	ZIO_STAGE_DONE			= 1 << 24	/* RWFCI */
 };
 
 #define	ZIO_INTERLOCK_STAGES			\
@@ -187,12 +200,14 @@ enum zio_stage {
 #define	ZIO_REWRITE_PIPELINE			\
 	(ZIO_WRITE_COMMON_STAGES |		\
 	ZIO_STAGE_WRITE_COMPRESS |		\
+	ZIO_STAGE_ENCRYPT |			\
 	ZIO_STAGE_WRITE_BP_INIT)
 
 #define	ZIO_WRITE_PIPELINE			\
 	(ZIO_WRITE_COMMON_STAGES |		\
 	ZIO_STAGE_WRITE_BP_INIT |		\
 	ZIO_STAGE_WRITE_COMPRESS |		\
+	ZIO_STAGE_ENCRYPT |			\
 	ZIO_STAGE_DVA_THROTTLE |		\
 	ZIO_STAGE_DVA_ALLOCATE)
 
@@ -207,6 +222,7 @@ enum zio_stage {
 	ZIO_STAGE_WRITE_BP_INIT |		\
 	ZIO_STAGE_ISSUE_ASYNC |			\
 	ZIO_STAGE_WRITE_COMPRESS |		\
+	ZIO_STAGE_ENCRYPT |			\
 	ZIO_STAGE_CHECKSUM_GENERATE |		\
 	ZIO_STAGE_DDT_WRITE)