aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Caputi <[email protected]>2019-03-14 19:48:30 -0400
committerBrian Behlendorf <[email protected]>2019-03-14 16:48:30 -0700
commiteaed840542b49b36fb8ed3a2aaf7208629974434 (patch)
tree63091c068eeda538d1e4dfefe8b907ce19547455
parent98310e5d1aebda5a7cd986c8a0dc9932d62ead56 (diff)
Better user experience for errata 4
This patch attempts to address some user concerns that have arisen since errata 4 was introduced. * The errata warning has been made less scary for users without any encrypted datasets. * The errata warning now clears itself without a pool reimport if the bookmark_v2 feature is enabled and no encrypted datasets exist. * It is no longer possible to create new encrypted datasets without enabling the bookmark_v2 feature, thus helping to ensure that the errata is resolved. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Issue ##8308 Closes #8504
-rw-r--r--cmd/zpool/zpool_main.c26
-rw-r--r--module/zfs/dsl_crypt.c7
-rw-r--r--module/zfs/zfeature.c13
-rwxr-xr-xtests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_errata3.ksh5
4 files changed, 39 insertions, 12 deletions
diff --git a/cmd/zpool/zpool_main.c b/cmd/zpool/zpool_main.c
index c36003c98..61403a173 100644
--- a/cmd/zpool/zpool_main.c
+++ b/cmd/zpool/zpool_main.c
@@ -2479,15 +2479,17 @@ show_import(nvlist_t *config)
break;
case ZPOOL_ERRATA_ZOL_8308_ENCRYPTION:
- (void) printf(gettext(" action: Existing "
+ (void) printf(gettext(" action: Any existing "
"encrypted datasets contain an on-disk "
- "incompatibility which\n\tmay cause "
+ "incompatibility\n\twhich may cause "
"on-disk corruption with 'zfs recv' and "
- "which needs to be\n\tcorrected. Enable "
- "the bookmark_v2 feature and backup "
- "these datasets to new encrypted "
- "datasets and\n\tdestroy the "
- "old ones.\n"));
+ "which needs\n\tto be corrected. Enable "
+ "the bookmark_v2 feature, backup "
+ "these datasets\n\tto new encrypted "
+ "datasets, and destroy the old ones. "
+ "If this pool does\n\tnot contain any "
+ "encrypted datasets, simply enable the "
+ "bookmark_v2\n\tfeature.\n"));
break;
default:
/*
@@ -7417,10 +7419,12 @@ status_callback(zpool_handle_t *zhp, void *data)
"contain an on-disk incompatibility\n\twhich "
"needs to be corrected.\n"));
(void) printf(gettext("action: To correct the issue "
- "enable the bookmark_v2 feature and "
- "backup\n\texisting encrypted datasets to new "
- "encrypted datasets and\n\tdestroy the old "
- "ones.\n"));
+ "enable the bookmark_v2 feature, backup\n\tany "
+ "existing encrypted datasets to new encrypted "
+ "datasets,\n\tand destroy the old ones. If this "
+ "pool does not contain any\n\tencrypted "
+ "datasets, simply enable the bookmark_v2 "
+ "feature.\n"));
break;
default:
diff --git a/module/zfs/dsl_crypt.c b/module/zfs/dsl_crypt.c
index a0e7fcce4..21db8e51f 100644
--- a/module/zfs/dsl_crypt.c
+++ b/module/zfs/dsl_crypt.c
@@ -1837,6 +1837,13 @@ dmu_objset_create_crypt_check(dsl_dir_t *parentdd, dsl_crypto_params_t *dcp,
return (SET_ERROR(EOPNOTSUPP));
}
+ /* Check for errata #4 (encryption enabled, bookmark_v2 disabled) */
+ if (parentdd != NULL &&
+ !spa_feature_is_enabled(parentdd->dd_pool->dp_spa,
+ SPA_FEATURE_BOOKMARK_V2)) {
+ return (SET_ERROR(EOPNOTSUPP));
+ }
+
/* handle inheritance */
if (dcp->cp_wkey == NULL) {
ASSERT3P(parentdd, !=, NULL);
diff --git a/module/zfs/zfeature.c b/module/zfs/zfeature.c
index a3ca367e0..e6c1a5355 100644
--- a/module/zfs/zfeature.c
+++ b/module/zfs/zfeature.c
@@ -376,6 +376,19 @@ feature_enable_sync(spa_t *spa, zfeature_info_t *feature, dmu_tx_t *tx)
spa->spa_feat_enabled_txg_obj, feature->fi_guid,
sizeof (uint64_t), 1, &enabling_txg, tx));
}
+
+ /*
+ * Errata #4 is mostly a problem with encrypted datasets, but it
+ * is also a problem where the old encryption feature did not
+ * depend on the bookmark_v2 feature. If the pool does not have
+ * any encrypted datasets we can resolve this issue simply by
+ * enabling this dependency.
+ */
+ if (spa->spa_errata == ZPOOL_ERRATA_ZOL_8308_ENCRYPTION &&
+ spa_feature_is_enabled(spa, SPA_FEATURE_ENCRYPTION) &&
+ !spa_feature_is_active(spa, SPA_FEATURE_ENCRYPTION) &&
+ feature->fi_feature == SPA_FEATURE_BOOKMARK_V2)
+ spa->spa_errata = 0;
}
static void
diff --git a/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_errata3.ksh b/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_errata3.ksh
index b1e37a550..86baf1f6e 100755
--- a/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_errata3.ksh
+++ b/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_errata3.ksh
@@ -75,9 +75,12 @@ log_must eval "ls $old_mntpnt | grep -q testfile"
block_device_wait
log_mustnot dd if=/dev/zero of=/dev/zvol/$POOL_NAME/testvol bs=512 count=1
log_must dd if=/dev/zvol/$POOL_NAME/testvol of=/dev/null bs=512 count=1
+
+log_must zpool set feature@bookmark_v2=enabled $POOL_NAME # necessary for Errata #4
+
log_must eval "echo 'password' | zfs create \
-o encryption=on -o keyformat=passphrase -o keylocation=prompt \
- cryptv0/encroot"
+ $POOL_NAME/encroot"
log_mustnot eval "zfs send -w $POOL_NAME/testfs@snap1 | \
zfs recv $POOL_NAME/encroot/testfs"
log_mustnot eval "zfs send -w $POOL_NAME/testvol@snap1 | \