Allow unencrypted children of encrypted datasets #8870

tcaputi · 2019-06-07T20:14:58Z

When encryption was first added to ZFS, we made a decision to
prevent users from creating unencrypted children of encrypted
datasets. The idea was to prevent users from inadvertently
leaving some of their data unencrypted. However, since the
release of 0.8.0, some legitimate reasons have been brought up
for this behavior to be allowed. This patch simply removes this
limitation from all code paths that had checks for it and updates
the tests accordingly.

Fixes: #8737

Signed-off-by: Tom Caputi tcaputi@datto.com

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the ZFS on Linux code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
All new and existing tests passed.
All commit messages are properly formatted and contain Signed-off-by.

behlendorf · 2019-06-13T20:26:52Z

@kithrup @jasonbking @rlaager would you mind reviewing this change.

lib/libzfs/libzfs_dataset.c

kithrup

Other than the one question about verb tense (which isn't a code issue, just a grammar question), this looks good to me. It's mostly removing code that isn't used with the new philosophy.

jasonbking · 2019-06-13T21:04:33Z

Other than the wording @kithrup noted, LGTM.

rlaager

LGTM

ahrens · 2019-06-16T03:02:42Z

I didn't look at the code in detail, but the idea is fine with me.

When encryption was first added to ZFS, we made a decision to prevent users from creating unencrypted children of encrypted datasets. The idea was to prevent users from inadvertently leaving some of their data unencrypted. However, since the release of 0.8.0, some legitimate reasons have been brought up for this behavior to be allowed. This patch simply removes this limitation from all code paths that had checks for it and updates the tests accordingly. Fixes: openzfs#8737 Signed-off-by: Tom Caputi <tcaputi@datto.com>

codecov · 2019-06-20T05:15:48Z

Codecov Report

Merging #8870 into master will increase coverage by 12.47%.
The diff coverage is 60%.

@@             Coverage Diff             @@
##           master    #8870       +/-   ##
===========================================
+ Coverage   66.26%   78.73%   +12.47%     
===========================================
  Files         324      382       +58     
  Lines      103014   117727    +14713     
===========================================
+ Hits        68261    92693    +24432     
+ Misses      34753    25034     -9719

Flag	Coverage Δ
#kernel	`79.27% <38.46%> (?)`
#user	`67.36% <35%> (+1.1%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fb0be12...231ac3f. Read the comment docs.

When encryption was first added to ZFS, we made a decision to prevent users from creating unencrypted children of encrypted datasets. The idea was to prevent users from inadvertently leaving some of their data unencrypted. However, since the release of 0.8.0, some legitimate reasons have been brought up for this behavior to be allowed. This patch simply removes this limitation from all code paths that had checks for it and updates the tests accordingly. Reviewed-by: Jason King <jason.king@joyent.com> Reviewed-by: Sean Eric Fagan <sef@ixsystems.com> Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes openzfs#8737 Closes openzfs#8870

When encryption was first added to ZFS, we made a decision to prevent users from creating unencrypted children of encrypted datasets. The idea was to prevent users from inadvertently leaving some of their data unencrypted. However, since the release of 0.8.0, some legitimate reasons have been brought up for this behavior to be allowed. This patch simply removes this limitation from all code paths that had checks for it and updates the tests accordingly. Reviewed-by: Jason King <jason.king@joyent.com> Reviewed-by: Sean Eric Fagan <sef@ixsystems.com> Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #8737 Closes #8870

behlendorf added the Status: Code Review Needed Ready for review and testing label Jun 7, 2019

behlendorf requested review from ahrens and behlendorf June 7, 2019 20:19

behlendorf added Status: Design Review Needed Architecture or design is under discussion and removed Status: Code Review Needed Ready for review and testing labels Jun 13, 2019

kithrup reviewed Jun 13, 2019

View reviewed changes

lib/libzfs/libzfs_dataset.c Outdated Show resolved Hide resolved

kithrup approved these changes Jun 13, 2019

View reviewed changes

rlaager approved these changes Jun 14, 2019

View reviewed changes

behlendorf approved these changes Jun 19, 2019

View reviewed changes

behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Design Review Needed Architecture or design is under discussion labels Jun 19, 2019

tcaputi force-pushed the unencrypted_children branch from 179374c to 231ac3f Compare June 19, 2019 20:28

behlendorf merged commit da68988 into openzfs:master Jun 20, 2019

FiloSottile mentioned this pull request Aug 2, 2019

Unencrypted children of encrypted datasets are dangerous #9116

Closed

AttilaFueloep mentioned this pull request Jan 28, 2022

Cannot zfs receive unencrypted dataset as a child of encrypted dataset ('cannot receive new filesystem stream: inherited key must be loaded') #13033

Closed

rincebrain mentioned this pull request Nov 1, 2023

Fix dataset cloning and renaming to and from an encryption root #15475

Closed

13 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow unencrypted children of encrypted datasets #8870

Allow unencrypted children of encrypted datasets #8870

tcaputi commented Jun 7, 2019

behlendorf commented Jun 13, 2019

kithrup left a comment

jasonbking commented Jun 13, 2019

rlaager left a comment

ahrens commented Jun 16, 2019

codecov bot commented Jun 20, 2019 •

edited

Loading

Allow unencrypted children of encrypted datasets #8870

Allow unencrypted children of encrypted datasets #8870

Conversation

tcaputi commented Jun 7, 2019

Types of changes

Checklist:

behlendorf commented Jun 13, 2019

kithrup left a comment

Choose a reason for hiding this comment

jasonbking commented Jun 13, 2019

rlaager left a comment

Choose a reason for hiding this comment

ahrens commented Jun 16, 2019

codecov bot commented Jun 20, 2019 • edited Loading

Codecov Report

codecov bot commented Jun 20, 2019 •

edited

Loading