On Fri, May 05, 2006 at 05:39:29PM +0100, Darren J Moffat wrote: > With encryption enabled each data set is going to have its own > cryptographic key material (a crypto_key_t and maybe a > crypto_ctx_template_t as well). > > This means I need to be able to find out which data set a given zio_t > belongs to while in the ZIO pipeline functions that do the encrypt > and decrypt of the data. > > Is this a "sane" thing to want to do ? [ ie is my architecture okay ] > Is is a "safe" thing to do ?
You can't really do arbitrary DSL operations (such as looking up a property) from within ZIO context. However, we already pass down information on the logical block (including dataset id) as part of the zbookmark_t. You could either: 1. Create a SPA-wide hash that allows you to lookup crypto functions from arbitrary context without parsing on-disk state. 2. Pass down additional crypto information (a la zbookmark_t) at the time each I/O is created. The latter requires more code but seems cleaner. You could hack up a quick prototype just by sticking an extra field in the zbookmark_t, although you wouldn't want this as a permanent solution (since the zbookmark_t is used elsewhere). - Eric -- Eric Schrock, Solaris Kernel Development http://blogs.sun.com/eschrock
