summaryrefslogtreecommitdiffstats
path: root/module/zfs/dsl_crypt.c
diff options
context:
space:
mode:
authorTom Caputi <[email protected]>2019-06-20 15:29:51 -0400
committerBrian Behlendorf <[email protected]>2019-06-20 12:29:51 -0700
commitda68988708d6e38457ce965103d001e8aa965885 (patch)
tree59041f5508852cb5b3bd3a565003596090444a8c /module/zfs/dsl_crypt.c
parent84b4201f3202fb6bf6beed7a27abf38292f67b41 (diff)
Allow unencrypted children of encrypted datasets
When encryption was first added to ZFS, we made a decision to prevent users from creating unencrypted children of encrypted datasets. The idea was to prevent users from inadvertently leaving some of their data unencrypted. However, since the release of 0.8.0, some legitimate reasons have been brought up for this behavior to be allowed. This patch simply removes this limitation from all code paths that had checks for it and updates the tests accordingly. Reviewed-by: Jason King <[email protected]> Reviewed-by: Sean Eric Fagan <[email protected]> Reviewed-by: Richard Laager <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #8737 Closes #8870
Diffstat (limited to 'module/zfs/dsl_crypt.c')
-rw-r--r--module/zfs/dsl_crypt.c44
1 files changed, 1 insertions, 43 deletions
diff --git a/module/zfs/dsl_crypt.c b/module/zfs/dsl_crypt.c
index 21db8e51f..0c0ffaadd 100644
--- a/module/zfs/dsl_crypt.c
+++ b/module/zfs/dsl_crypt.c
@@ -1610,15 +1610,8 @@ dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent)
int ret;
uint64_t curr_rddobj, parent_rddobj;
- if (dd->dd_crypto_obj == 0) {
- /* children of encrypted parents must be encrypted */
- if (newparent->dd_crypto_obj != 0) {
- ret = SET_ERROR(EACCES);
- goto error;
- }
-
+ if (dd->dd_crypto_obj == 0)
return (0);
- }
ret = dsl_dir_get_encryption_root_ddobj(dd, &curr_rddobj);
if (ret != 0)
@@ -1748,34 +1741,6 @@ dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin,
}
int
-dmu_objset_clone_crypt_check(dsl_dir_t *parentdd, dsl_dir_t *origindd)
-{
- int ret;
- uint64_t pcrypt, crypt;
-
- /*
- * Check that we are not making an unencrypted child of an
- * encrypted parent.
- */
- ret = dsl_dir_get_crypt(parentdd, &pcrypt);
- if (ret != 0)
- return (ret);
-
- ret = dsl_dir_get_crypt(origindd, &crypt);
- if (ret != 0)
- return (ret);
-
- ASSERT3U(pcrypt, !=, ZIO_CRYPT_INHERIT);
- ASSERT3U(crypt, !=, ZIO_CRYPT_INHERIT);
-
- if (crypt == ZIO_CRYPT_OFF && pcrypt != ZIO_CRYPT_OFF)
- return (SET_ERROR(EINVAL));
-
- return (0);
-}
-
-
-int
dmu_objset_create_crypt_check(dsl_dir_t *parentdd, dsl_crypto_params_t *dcp,
boolean_t *will_encrypt)
{
@@ -1805,13 +1770,6 @@ dmu_objset_create_crypt_check(dsl_dir_t *parentdd, dsl_crypto_params_t *dcp,
ASSERT3U(pcrypt, !=, ZIO_CRYPT_INHERIT);
ASSERT3U(crypt, !=, ZIO_CRYPT_INHERIT);
- /*
- * We can't create an unencrypted child of an encrypted parent
- * under any circumstances.
- */
- if (crypt == ZIO_CRYPT_OFF && pcrypt != ZIO_CRYPT_OFF)
- return (SET_ERROR(EINVAL));
-
/* check for valid dcp with no encryption (inherited or local) */
if (crypt == ZIO_CRYPT_OFF) {
/* Must not specify encryption params */