libzfs: zfs_mount_at(): load key for encryption root if MS_CRYPT #11875

nabijaczleweli · 2021-04-09T18:02:36Z

Motivation and Context

#11870

Description

See commit message

How Has This Been Tested?

Dunno, ran it, I guess?

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv) – just the noted API change
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the OpenZFS code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes. – none apply i think
I have run the ZFS Test Suite with this change applied. – CI take my hand
All commit messages are properly formatted and contain Signed-off-by.

behlendorf

Generally looks good, thanks for the fix.

lib/libzfs/libzfs_mount.c

zfs_crypto_load_key() only works on encryption roots, and zfs mount -la would fail if it encounted datasets that sorted before their encroots To trigger: truncate -s 40G /tmp/test dd if=/dev/urandom of=/tmp/k bs=128 count=1 status=none zpool create -O encryption=on -O keylocation=file:///tmp/k \ -O keyformat=passphrase test /tmp/test zfs create -o mountpoint=/a test/a zfs create -o mountpoint=/b test/b zfs umount test zfs unload-key test zfs mount -la The final mount errored out with: Key load error: Keys must be loaded for encryption root of 'test/a' (test). Key load error: Keys must be loaded for encryption root of 'test/b' (test). And only /test was mounted This technically breaks the libzfs API, but the previous behaviour was decidedly a bug, so Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#11870

zfs_crypto_load_key() only works on encryption roots, and zfs mount -la would fail if it encounters a datasets that is sorted before their encroots. To trigger: truncate -s 40G /tmp/test dd if=/dev/urandom of=/tmp/k bs=128 count=1 status=none zpool create -O encryption=on -O keylocation=file:///tmp/k \ -O keyformat=passphrase test /tmp/test zfs create -o mountpoint=/a test/a zfs create -o mountpoint=/b test/b zfs umount test zfs unload-key test zfs mount -la The final mount errored out with: Key load error: Keys must be loaded for encryption root of 'test/a' (test). Key load error: Keys must be loaded for encryption root of 'test/b' (test). And only /test was mounted This technically breaks the libzfs API, but the previous behavior was decidedly a bug. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#11870 Closes openzfs#11875

zfs_crypto_load_key() only works on encryption roots, and zfs mount -la would fail if it encounters a datasets that is sorted before their encroots. To trigger: truncate -s 40G /tmp/test dd if=/dev/urandom of=/tmp/k bs=128 count=1 status=none zpool create -O encryption=on -O keylocation=file:///tmp/k \ -O keyformat=passphrase test /tmp/test zfs create -o mountpoint=/a test/a zfs create -o mountpoint=/b test/b zfs umount test zfs unload-key test zfs mount -la The final mount errored out with: Key load error: Keys must be loaded for encryption root of 'test/a' (test). Key load error: Keys must be loaded for encryption root of 'test/b' (test). And only /test was mounted This technically breaks the libzfs API, but the previous behavior was decidedly a bug. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #11870 Closes #11875

zfs_crypto_load_key() only works on encryption roots, and zfs mount -la would fail if it encounters a datasets that is sorted before their encroots. To trigger: truncate -s 40G /tmp/test dd if=/dev/urandom of=/tmp/k bs=128 count=1 status=none zpool create -O encryption=on -O keylocation=file:///tmp/k \ -O keyformat=passphrase test /tmp/test zfs create -o mountpoint=/a test/a zfs create -o mountpoint=/b test/b zfs umount test zfs unload-key test zfs mount -la The final mount errored out with: Key load error: Keys must be loaded for encryption root of 'test/a' (test). Key load error: Keys must be loaded for encryption root of 'test/b' (test). And only /test was mounted This technically breaks the libzfs API, but the previous behavior was decidedly a bug. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#11870 Closes openzfs#11875

zfs_crypto_load_key() only works on encryption roots, and zfs mount -la would fail if it encounters a datasets that is sorted before their encroots. To trigger: truncate -s 40G /tmp/test dd if=/dev/urandom of=/tmp/k bs=128 count=1 status=none zpool create -O encryption=on -O keylocation=file:///tmp/k \ -O keyformat=passphrase test /tmp/test zfs create -o mountpoint=/a test/a zfs create -o mountpoint=/b test/b zfs umount test zfs unload-key test zfs mount -la The final mount errored out with: Key load error: Keys must be loaded for encryption root of 'test/a' (test). Key load error: Keys must be loaded for encryption root of 'test/b' (test). And only /test was mounted This technically breaks the libzfs API, but the previous behavior was decidedly a bug. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #11870 Closes #11875

nabijaczleweli mentioned this pull request Apr 9, 2021

zfs mount -l -a is failing to mount datasets where the encryption root is another dataset #11870

Closed

nabijaczleweli force-pushed the croot branch 3 times, most recently from 097ad6c to 4f3f943 Compare April 9, 2021 18:45

behlendorf reviewed Apr 11, 2021

View reviewed changes

lib/libzfs/libzfs_mount.c Show resolved Hide resolved

behlendorf added the Status: Code Review Needed Ready for review and testing label Apr 11, 2021

nabijaczleweli force-pushed the croot branch from 4f3f943 to 2ff6ac7 Compare April 12, 2021 07:52

behlendorf approved these changes Apr 12, 2021

View reviewed changes

behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Apr 12, 2021

behlendorf merged commit b3530c4 into openzfs:master Apr 13, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libzfs: zfs_mount_at(): load key for encryption root if MS_CRYPT #11875

libzfs: zfs_mount_at(): load key for encryption root if MS_CRYPT #11875

nabijaczleweli commented Apr 9, 2021 •

edited

Loading

behlendorf left a comment

libzfs: zfs_mount_at(): load key for encryption root if MS_CRYPT #11875

libzfs: zfs_mount_at(): load key for encryption root if MS_CRYPT #11875

Conversation

nabijaczleweli commented Apr 9, 2021 • edited Loading

Motivation and Context

Description

How Has This Been Tested?

Types of changes

Checklist:

behlendorf left a comment

Choose a reason for hiding this comment

nabijaczleweli commented Apr 9, 2021 •

edited

Loading