Skip to content

Commit

Permalink
"zpool create -O encryption=on" would not set dataset properties corr…
Browse files Browse the repository at this point in the history
…ectly

nor load key.

ZVOL key inheritance (under an encrypted ZFS dataset) would pick wrong
cipher (use parent cipher instead of zvol's aes-128-ctr).

ZVOLs from key inheritance would not call zvol_create_minor() to populate
/dev/zd* nodes.
  • Loading branch information
lundman committed Feb 18, 2013
1 parent 108ce34 commit e2bd05c
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 6 deletions.
4 changes: 4 additions & 0 deletions lib/libzfs/libzfs_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -1477,6 +1477,10 @@ zfs_crypto_zckey(libzfs_handle_t *hdl, zfs_crypto_zckey_t cmd,
/* If encryption is on, and volume, change it to valid cipher. */
if ((type == ZFS_TYPE_VOLUME) && (crypt != ZIO_CRYPT_OFF)) {
crypt = ZIO_CRYPT_AES_128_CTR;
/* We also have to write out the prop, in the case of inheritance
or it will be using the wrong cipher */
VERIFY(nvlist_add_uint64(props,
zfs_prop_to_name(ZFS_PROP_ENCRYPTION), crypt) == 0);
}


Expand Down
18 changes: 12 additions & 6 deletions lib/libzfs/libzfs_pool.c
Original file line number Diff line number Diff line change
Expand Up @@ -1135,6 +1135,8 @@ zpool_create(libzfs_handle_t *hdl, const char *pool, nvlist_t *nvroot,
}
}

(void) strlcpy(zc.zc_name, pool, sizeof (zc.zc_name));

if (fsprops) {
uint64_t zoned;
char *zonestr;
Expand All @@ -1151,17 +1153,21 @@ zpool_create(libzfs_handle_t *hdl, const char *pool, nvlist_t *nvroot,
(nvlist_alloc(&zc_props, NV_UNIQUE_NAME, 0) != 0)) {
goto create_failed;
}
if (nvlist_add_nvlist(zc_props,
ZPOOL_ROOTFS_PROPS, zc_fsprops) != 0) {
goto create_failed;
}
}

/* zfs_crypto_create may update zc_fsprops */
if (zfs_crypto_zckey(hdl, ZFS_CRYPTO_PCREATE, zc_fsprops, &zc,
ZFS_TYPE_FILESYSTEM) != 0)
goto create_failed;

if (fsprops && nvlist_add_nvlist(zc_props,
ZPOOL_ROOTFS_PROPS, zc_fsprops) != 0) {
goto create_failed;
}

if (zc_props && zcmd_write_src_nvlist(hdl, &zc, zc_props) != 0)
goto create_failed;

(void) strlcpy(zc.zc_name, pool, sizeof (zc.zc_name));

if ((ret = zfs_ioctl(hdl, ZFS_IOC_POOL_CREATE, &zc)) != 0) {

zcmd_free_nvlists(&zc);
Expand Down
10 changes: 10 additions & 0 deletions module/zfs/zfs_ioctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -4960,6 +4960,7 @@ zfs_ioc_crypto_key_inherit(zfs_cmd_t *zc)
{
spa_t *spa;
int error;
objset_t *os;

if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
return (error);
Expand All @@ -4971,8 +4972,17 @@ zfs_ioc_crypto_key_inherit(zfs_cmd_t *zc)
}

error = dsl_crypto_key_inherit(zc->zc_name);

spa_close(spa, FTAG);

if (!dmu_objset_hold(zc->zc_name, FTAG, &os)) {
if (dmu_objset_type(os) == DMU_OST_ZVOL) {
/* returns EEXISTS if already mounted */
zvol_create_minor(zc->zc_name);
}
dmu_objset_rele(os, FTAG);
}

return (error);
}

Expand Down

0 comments on commit e2bd05c

Please sign in to comment.