►
From YouTube: January 2023 OpenZFS Leadership Meeting
Description
Agenda: encryption; mmap bug; on-disk format doc
full notes: https://docs.google.com/document/d/1w2jv2XVYFmBVvG1EGf-9A5HBVsjAYoLIFZAnWHhV-BM/edit#
C
C
D
B
G
B
I
think
the
the
one
we
were
investigating
the
initial
report
was
null
pointer,
D
references
in
like
lz4
decompress,
but
they
kind
of
when
we
enabled
assertions
and
so
on
that
it
tended
to
panic
in
other
places
much
sooner,
but
it
would
seem
that
the
the
raw
ABD
pointer
would
get
changed
to
null
at
some
point
and
not
contain
the
data
anymore.
When
it,
the
buffer,
was
in
the
the
state
where
it
should
contain
the
the
raw
ABD
still.
B
But
we
haven't
managed
to
track
that
one
down
it
started
hitting
one
where,
when
they
use
a
clone
for
Docker,
the
M
map
isn't
working
properly.
I
think
there's
a
different
PR
about
this
issue.
I,
don't
know
that
it's
necessarily
related
to
encryption,
but
the
an
assertion
fails
about
the
the
M
map
and
ZFS
copies
of
the
data
being
in
sync,
and
it's.
B
But
mostly
so
far,
we
don't
have
a
great
use
case,
for
you
know
triggering
the
encryption
problem
on
demand
and
it
sounds
a
little
related
to
what
some
lumos
people
found
specifically
having
to
do
with
clones.
So
we're
gonna
dig
into
that
direction
of
it
and
see
because
I
think
the
other
place
people
report,
a
lot
of
problems
was
send
receive
and
when
you
do
a
send
receive,
there's
a
clone
that
happens
under
the
hood
right
temporarily
for
the
the
temporary
hidden
data
set
or
whatever.
A
A
C
E
Thank
you
similar
to
what
Alan
was
saying.
I
was
trying
to
look
at
a
bug
that
somebody
reported
about
encryption,
where
you
can
end
up
with
an
embedded
block
pointer
record
on
an
encrypted
data
set.
So
that's
good
and
that
works
fine
right
up
until
you
try
to
do
anything
with
it
and
then
the
code
goes.
What
and
I
tried
to
reproduce
that
and
I
accidentally
reproduced
a
different
bug
which
was
about
the
point
at
which
I
thought
I'd
bring
this
up
today
because
it
was
like.
E
A
G
E
G
Oh
yeah,
obviously
I
heard
from
other
from
a
few
developers
that
everything
better
stay
and
terrible,
but
on
other
side
like
I,
don't
have
any
like
huge
Stoppers
reports
or
anything
that
would
tell
that
it's
like
more
broken
than
not
it's
it's
kind
of
working
and
we
are
creating
some
minor
PRS
polished
here.
Is
there
what
I
think
was
just
one
was
just
opened
last
week,
so
it's
mostly
working.
Maybe
there
are
some
corruption
somewhere,
but
again
we
have
no
reproduction
or
specific
reports.
E
At
least
at
least
the
one
that
you're
investigating
Alan
seems
like
a
really
narrow
to
me
race,
so
I'm
not
entirely
surprised.
Something
with
a
very
different
scheduling
system
has
different
properties
for
triggering
it
right
for
that
one
I
could
try
one
of
the
ones
that
I
think
I
know
that
I
have
a
reliable
reproducer
for
which
is
not
a
crash,
but
just
it
screws
up
setting
the
key
and
I
would
bet
that
would
work
on
FreeBSD,
but
okay
I
haven't
tried.
It.
E
B
E
B
E
You
can
reproduce
it
reliably
doing
that,
because
then
you
can
force
the
ZFS
upgrade
whenever
you
want
right.
It
still
happens.
If
that's
not
true
like
that
is
I
believe
what
happens
with
the
failure.
The
bug
that
you're
investigating
is
when
it
goes
to
trigger
the
recomputation
of
that
it
goes
and
touches
everything
and
that's
how
you
do
the
recalculation
and
when
it
touches,
object,
zero.
E
B
That
sounds
like
one
of
the
panics
we're
seeing
with
debug
enabled
is
during
I.
Think
it's
Arc
release
that
the
ilm
progress
Isn't
false,
and
so
it
sounds
like
like
we
suspected
something
with
the
ref
counting
where
something
is
still
using.
This
buffer
I
was
in
progress,
but
we're
trying
to
free
it.
At
the
same
time,.
E
E
I
had
a
patch
to
do
that,
but
if
I
recall
the
user
who
tried
it
reported
other
problems.
Okay
with
the
patch
just
forcing
it
off,
doesn't
have
problems
right,
but
that
seems
to
be
what
was
happening
is
that
it
tries
dirtying
it
and
it
thinks
the
ref
count
is
zero
when
it's
not
and
does
something
unfortunate
okay,
but
in
any
case
I,
don't
know
what
I'd
phrase
a
warning
like
for
this
right
like
see.
C
E
G
But
I
think
I
tend
to
disagree
in
case
because
they're
growing
from
design
yeah.
If
we
have
problems
with
encryption,
that's
that's
a
box
that
should
be
fixed
and
just
telling
there
are
bugs
like
there
are
dragons
it
doesn't.
It
won't
help
anybody
with
anything.
It
won't
help
with
debugging.
It
won't
solve
the
problem.
A
Yeah
I
kind
of
agree
with
Alexander
the
the
issues
like
it's
hard
to
write,
something
that
says
like
oh
see,
if
you're
affected
by
these
bugs,
but
then
like
the
bugs,
don't
necessarily
the
bugs
aren't
narrowly
constrained
they
aren't
like.
Oh,
if
you're
you
know
doing
encryption
and
encryption
replication
and
you've
turned
off.
You
know
some
are
some.
You
know
weird
flags
and
you
know.
Okay,
then
don't
do
that,
but
it's
just
like
you
have
you
know
we
only
all
that
we
know
is
like
sometimes
the
machine,
panics
and
they're
using
ZFS
encryption.
A
You
know
we
haven't
really
narrowed
it
down
like
that.
Much
then
it's
not
that
helpful
to
tell
people
unless
we're
just
gonna
say:
don't
use
DFS
encryption
like
we
put
it
behind
some
flag
or
something,
and
it's
not
enabled
by
default
anymore,
which
is
I
mean
it's
tough,
because
you
know
the
cat's
already
out
of
the
bag.
Very
people
are
using
it
yep.
A
So
that
is
not
a
great
solution.
Obviously
the
best
solution
is
fixing
the
bugs,
but
you
know
we
need
people
that
know
enough
about
it
and
care
enough
about
it
and
have
the
time
to
spend
on
it
and
I.
Think,
unfortunately,
like
the
original
authors
and
maybe
also
other
folks,
working
at
that
company
are
not
super
active
anymore
in
the
community,
so
you
know
we
need
to,
like
you
know,
find
some
new
experts
find
people
who
are
willing
to
put
in
the
time
to
learn
about
this
subsystem.
D
G
Where
you
send
the
web
UI
signs,
I,
don't
remember
when,
but
a
couple
years,
probably,
but
again
we
added
it
in
parallel
to
existing
software
on
this
encryption
and
we're
also
in
all
our
Enterprise
systems,
we
asked
by
default.
Cell
full
disk
encryption
drives,
so
it's
not
used
in
100
cases,
but
it's
in
web
UI,
it's
not
behind
any
license
or
anything
like
anybody
installed
through
nuts
at
home
can
start
using
it.
It's
like
I,
don't
know
any
Gates
for
quite
a
while.
G
On
said,
I
don't
know,
I
didn't
dive
so
much.
You
know
to
our
QE
to
say
what
exactly
tested,
but
obviously
there
are
some
basic
things
of
all
the
creation
since
replication
things
there's
also
obviously
tested
but
I
suppose
this
happens
in
some
rare
cases
under
some
workloads
we
are
not
doing
active
a
lot
of
benchmarks
under
encryption
because
for
anybody
who
care
about
performance,
we
just
recommend
the
CD
drives
since
they
cost
the
same,
but
don't
have
performance
problems.
A
So
I
think
you
know
currently
we're
kind
of
at
a
progress
on
this
is
stalled.
A
little
bit
sounds
like
you
know.
Understandably,
you
know
IX
might
be
using
this,
but
they
aren't
experiencing
the
problems.
Maybe
their
customers
are
using
it
in
a
way.
That's
different
than
the
people
who
are
reporting
problems
are
using
it.
A
A
B
Clara
is
investigating
one
specific
issue
for
a
specific
customer
related
to
this,
and
hopefully
we'll
have
we'll
find
something,
and
maybe
it'll
solve
everybody's
problem,
but
I'm
not
gonna,
promise
that
but
we're
you
know
looking
at
one
specific
cause
of
this,
although
every
time
we
poke
at
it,
it
moves.
So
we're
not
sure
which
subset
of
the
problems
will
be
solved
by
by
getting
to
the
root
cause
of
this.
The
specific
one
that
we're
investigating
now.
A
E
To
be
clear,
to
the
best
of
my
knowledge,
the
closest
you
get
to
a
data
loss
bug
with
this
currently
is
that
sometimes
it
will
set
the
key
for
the
data
set
incorrectly,
so
it
will
change
what
key
the
metadata
says
it's
encrypted
with
without
rekeying
it
so,
the
next
time
you
try
to
unlock
it.
It
fails
other
than
any
sort
of
just
general
rep
consequences
of
panicking
in
the
middle
of
doing
something,
I,
don't
recall,
seeing
any
that
actually
caused
data
loss
more
than
what
I
just
described.
A
B
E
A
E
A
A
E
There's
I
believe
in
a
couple
reports
that
are
probably
what
I
just
described
with
a
couple
different
ways:
there's
a
very
good
reproducer
for
it,
so
it
should
be
okay,
demonstratable
I.
Also
there
was
another
one
that
sort
of
had
overlap
in
the
failure
mode
that
it
looked
like
where
it
wouldn't
unlock,
but
it
was
a
different
problem
where
it
didn't
update
the
Mac
for
the
user,
accounting
metadata
correctly,
so
I
added
a
patch
that
just
throws
us
out.
If
that
happens,
because
we
can
just
recalculate
it.
Okay,.
E
A
A
E
A
E
A
A
A
E
A
A
A
E
E
E
H
I
am
still
invested
in
the
encryption
and
I
use
it
quite
heavily,
but
and
I'm
willing
to
help.
But
every
time
I
look
at
issue
tickets,
they're,
always
raw
sand
and
not
encryption.
So
I,
don't
every
attack
every
all
the
problems.
You
guys
talk
about
how
encryption
isn't
encryption?
It
seems
to
be
raw,
send
which.
H
A
B
B
E
A
A
B
And
it's
a
customer
investigating
the
encryption
problems
for
ran
into
this,
where
I
think
they're,
running
Google,
Chrome
in
a
Docker
container,
so
docker's
doing
a
clone
and
then
firing
up
Google,
Chrome
and
then
Chrome's
panicking
trying
to
read
the
executable
when
it
tries
to
end
map
it
and
the
page.
Up-To-Date
macro
returns
false
and
somehow,
basically,
the
MF
copy
and
ZFS
copy
of
the
data.
Don't
think
they're
the
same.
H
C
B
A
We're
doing
we're
doing
like
a
read
syscall
is
that
right,
yeah.
We
do
reads
this
call
and
then
it
thinks
that
the
you
know
the
reasons
call
normally.
It
should
be
getting
the
if
the.
If
the
data
is
nmapped,
then
that
might
have
been
modified.
So
it
needs
to
read
the
data
from
there
instead
of
from
like
from
The
Arc.
But
this
assertion
is
is
saying:
like
you
know,
page
up
to
date
is
saying
that
the
page
is
the
same
like
be
you.
A
A
B
A
A
B
F
A
E
A
Yeah,
so
it's
not
that
it's
dirty
like
there
have
been
stores
that
haven't
been
written
to
the
file
system,
but
rather
there
might
have
been
like
rights
to
the
file
that
aren't
reflected
in
the
page,
which
shouldn't
normally
be
the
case.
Because,
like
you
were
saying,
when
we
do
the
right,
then
we
always
you
know,
write
to
the
page
as
well
and.
B
A
A
There's
some
more
digging
to
do
here
to
understand
like
what
what
exactly
all
these
terms
mean
and
do
in
terms
of
the
interaction
with
the
Linux
kernel-
and
you
know-
hopefully
this
page
up
to
date
thing
is
that
page,
up-to-date
Panic
is
the
same
as
the
issue
with
returning
the
wrong
data,
since
obviously,
that's
like
the
page
up
to
date.
Thing
is
a
lot
more
of
a
clue
as
to
what's
going
on.
C
A
The
last
thing
on
the
agenda
is
a
question
about
the
on
disk
format
document.
If
there's
been
any
effort
to
update
it,
I
don't
know
of
any
efforts
to
update
it.
I
posted
it
on
GitHub,
including
the
source,
so
that's
available
for
folks
who
want
to
work
on
updating
it,
but
I
don't
know
if
anyone's
taking
that
up.
I
Okay,
I
think
I,
don't
remember
where
it
came
up.
I,
remember
recall:
there
was
some
effort
or
some
interest
in
updating
it
and
I
was
always
curious
about
the
results
of
that,
because
I've
used
it
to
write
a
little
bit
of
software
to
kind
of
examine.
Zfs
volume
I
had
trouble
with
and
I.
That
document
is
really
useful,
but
I
didn't
know
whether
or
not
it
was
current
or
if
you
know
could
use
some
anyway.
I
B
Yeah
I
imagine
that
might
have
been
useful
when
Mark
Johnson
from
FreeBSD
created
ZFS
support
in
our
makefs
Tool
yeah.
Also
wonder
if
that'd
be
interesting
to
anybody
here,
you
can
take
a
directory
full
of
files
and,
as
a
non-user,
be
able
to
create
a
z-pool
image
where
you
can
lay
out
the
data
sets
and
it'll
copy
all
the
files
and
basically
write
a
whole
ZFS
file
system.
But
you
know
without
the
ZFS
kernel
module
or
anything.
A
Yeah,
of
course,
the
link
in
the
chat.
It's
on
my
GitHub
yeah
cool
thanks
the
doc
I
mean
it
should
be
accurate,
but
not
complete,
because
it's
you
know
15
plus
years
out
of
date.
So
you
know
it
should
get
you
somewhere.
But
if
you're
using
newer
on
disk
formats,
then
there's
additional
stuff-
that's
not
in
the
doc
in
the
document
is.
A
Yeah
I
mean
I
think
that
this
is
written
very
early
on
so
maybe
like
version
1.
version,
one
or
two
or
three
on
this
format,
so
you
can
look
at
like
what
all
the
changes
were
since
then,
and
you
know
see
kind
of
which
ones
are
relevant
to
whatever
you're
trying
to
do
with
this.
So
you
know
like,
if
you
are
not,
you
know,
some
of
the
stuff
is
like
we
added
d-rade
okay.
Well,
if
you're
not
reading
derayed,
then
you
don't
need
to
worry
about
that.
A
A
A
A
Yeah
that
was
so
long
ago
that
forgot
about
it
but
yeah
yeah.
So
it's
not
blog
and
other
stuff
and
again
that
that
kind
of
stuff
is
not
necessarily
needed.
If
you
just
want
to
like
read
an
existing
pool,
read
user
data
from
an
existing
pool,
because
that's
kind
of
like
metadata
that
you
would
need
to
understand
to
be
able
to
make
changes
or
if
you
wanted
to
like
kind
of
print
everything
out
for
completeness
sake,.