Darren J Moffat wrote: > George Wilson wrote: >> >> Darren J Moffat wrote: >>> George Wilson wrote: >>>> Darren J Moffat wrote: >>>>> Mark Maybee wrote: >>>>>> Darren J Moffat wrote: >>>>>>> For an encrypted dataset it is possible that by the time we arrive >>>>>>> in zio_write() [ zio_write_encrypt() ] that when we lookup which >>>>>>> key is needed to encrypted this data that key isn't available to us. >>>>>>> >>>>>>> Is there some value of zio->io_error I can set that will not >>>>>>> result in a panic ? but will put the write in to some state where >>>>>>> we can try again later - I guess not just this write but maybe the >>>>>>> whole transaction group ? >>>>>>> >>>>>> No, we have no ability to do this. With George's fix for 6565042, we >>>>>> will introduce the ability to "hang" the pool on an IO failure... this >>>>>> may give you what you want. >>>>> It might well do, but will it allow "unhanging" later ? I couldn't >>>>> tell much from that bug unfortunately. >>>>> >>>> Once the error is corrected you will be able to resume the IOs. >>> Great. I'm thinking I might in the missing encryption key case even >>> want to fire off a sysevent so that someone knows the key is missing. >>> Does that sound reasonable ? >>> >> BTW, you will need to ensure that if you set the io_error in >> zio_encrypt_write() that it does not get overwritten in a later stage. >> Would you send the sysevent in zio_write_encrypt() or wait till zio_done()? > > I'd probably sent it in zio_crypt_key_lookup() which zio_write_encrypt() > and zio_read_decrypt() both call. > > Any opinion on what a suitable value for io_error would be ? EIO feels > wrong, EPERM is maybe closer but not quite correct.
What about EACCES? > >> Keep in mind that the user may decide to set the failure mode to one of >> three options: >> >> 1). wait - stop all IOs and block until the error is cleared >> 2). continue - new IOs will return EIO but in-flight IOs will block >> until the error is cleared >> 3). panic - same behavior, nicer message. > > This sounds like a new pool level property, would that be the correct > interpretation ? > Yep, that is the correct interpretation. Thanks, George
