Merge pull request openzfs#14 from lundman/master

Key inheritance fixes for ZVOL, root dataset encryption fixes.
FransUrbo · Feb 18, 2013 · f6d78a7 · f6d78a7
2 parents 8722008 + e2bd05c
commit f6d78a7
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 6 deletions.
diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c
@@ -1477,6 +1477,10 @@ zfs_crypto_zckey(libzfs_handle_t *hdl, zfs_crypto_zckey_t cmd,
     /* If encryption is on, and volume, change it to valid cipher. */
     if ((type == ZFS_TYPE_VOLUME) && (crypt != ZIO_CRYPT_OFF)) {
         crypt = ZIO_CRYPT_AES_128_CTR;
+        /* We also have to write out the prop, in the case of inheritance
+           or it will be using the wrong cipher */
+        VERIFY(nvlist_add_uint64(props,
+               zfs_prop_to_name(ZFS_PROP_ENCRYPTION), crypt) == 0);
     }
 
 

diff --git a/lib/libzfs/libzfs_pool.c b/lib/libzfs/libzfs_pool.c
@@ -1135,6 +1135,8 @@ zpool_create(libzfs_handle_t *hdl, const char *pool, nvlist_t *nvroot,
 		}
 	}
 
+	(void) strlcpy(zc.zc_name, pool, sizeof (zc.zc_name));
+
 	if (fsprops) {
 		uint64_t zoned;
 		char *zonestr;
@@ -1151,17 +1153,21 @@ zpool_create(libzfs_handle_t *hdl, const char *pool, nvlist_t *nvroot,
 		    (nvlist_alloc(&zc_props, NV_UNIQUE_NAME, 0) != 0)) {
 			goto create_failed;
 		}
-		if (nvlist_add_nvlist(zc_props,
-		    ZPOOL_ROOTFS_PROPS, zc_fsprops) != 0) {
-			goto create_failed;
-		}
 	}
 
+    /* zfs_crypto_create may update zc_fsprops */
+    if (zfs_crypto_zckey(hdl, ZFS_CRYPTO_PCREATE, zc_fsprops, &zc,
+                         ZFS_TYPE_FILESYSTEM) != 0)
+        goto create_failed;
+
+    if (fsprops && nvlist_add_nvlist(zc_props,
+        ZPOOL_ROOTFS_PROPS, zc_fsprops) != 0) {
+        goto create_failed;
+    }
+
 	if (zc_props && zcmd_write_src_nvlist(hdl, &zc, zc_props) != 0)
 		goto create_failed;
 
-	(void) strlcpy(zc.zc_name, pool, sizeof (zc.zc_name));
-
 	if ((ret = zfs_ioctl(hdl, ZFS_IOC_POOL_CREATE, &zc)) != 0) {
 
 		zcmd_free_nvlists(&zc);

diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c
@@ -4960,6 +4960,7 @@ zfs_ioc_crypto_key_inherit(zfs_cmd_t *zc)
 {
     spa_t *spa;
     int error;
+    objset_t *os;
 
     if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
         return (error);
@@ -4971,8 +4972,17 @@ zfs_ioc_crypto_key_inherit(zfs_cmd_t *zc)
     }
 
     error = dsl_crypto_key_inherit(zc->zc_name);
+
     spa_close(spa, FTAG);
 
+    if (!dmu_objset_hold(zc->zc_name, FTAG, &os)) {
+        if (dmu_objset_type(os) == DMU_OST_ZVOL) {
+            /* returns EEXISTS if already mounted */
+            zvol_create_minor(zc->zc_name);
+        }
+        dmu_objset_rele(os, FTAG);
+    }
+
     return (error);
 }