zfs crypto discuss - May 2008 - [Bug 1848] New: ''zfs key -l'' should fail if dataset keystatus=available

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848

           Summary: ''zfs key -l'' should fail if dataset
keystatus=available
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P3
         Component: other
        AssignedTo: darrenm at opensolaris.org
        ReportedBy: hua.tang at sun.com
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


# zpool create test /export/home/testfile_2 
# zfs create -o encryption=on -o keyscope=dataset -o
keysource=passphrase,file:///export/home/passfile test/fs
# zfs key -l test/fs
# echo $?
0

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848





--- Comment #1 from Grace <hua.tang at sun.com>  2008-05-08 00:29:45 ---
zfs_key_l_002 fails.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|darrenm at opensolaris.org     |ajscarp at yahoo.com
             Status|NEW                         |CAUSEKNOWN




--- Comment #2 from Darren J Moffat <darrenm at opensolaris.org> 
2008-05-08 00:47:10 ---
This is a userland issue since it is short cutting the attempt the kernel will
return EEXIST if it was ever called to do this.

int
spa_crypto_key_load(spa_t *spa, zfs_ioc_crypto_t *ioc_key)
{
        zio_crypt_key_t *spa_kek = NULL;
        int ret;

        if (spa_keystatus(spa) == ZFS_CRYPT_KEY_AVAILABLE) {
                return (EEXIST);
        }
...
}

braveheart# truss -tioctl zpool key -l t 
ioctl(3, ZFS_IOC_POOL_STATS, 0x08042BA4)        = 0
ioctl(3, ZFS_IOC_POOL_GET_PROPS, 0x08041324)    = 0
braveheart#

Shows we never never attempted the load.  If we had we would have seen a line
line this in the truss output:

ioctl(3, ZFS_IOC_CRYPTO, 0x080423D4)            = 0

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darrenm at opensolaris.org




--- Comment #3 from Darren J Moffat <darrenm at opensolaris.org> 
2008-05-08 00:48:46 ---
braveheart# zfs create -o encryption=on -o keyscope=dataset -o
keysource=passphrase,prompt t/pp 
Enter passphrase for ''t/pp'': 
Enter again: 
braveheart# truss -tioctl zfs key -l t/pp 
ioctl(3, ZFS_IOC_OBJSET_STATS, 0x08045734)      = 0
braveheart# 

So we never asked the kernel to attempt the load.  However it would have failed
in kernel as dsl_crypto_key_load() returns EEXIST.

dsl_crypto_key_load(char *dsname, zfs_ioc_crypto_t *ioc_key)
...
        if (spa_keystore_find(dsl_dataset_get_spa(ds), ds->ds_object) !=
NULL)
{
                dsl_dataset_close(ds, DS_MODE_STANDARD, FTAG);
                return (EEXIST);
        }

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|darrenm at opensolaris.org     |
         AssignedTo|ajscarp at yahoo.com           |darrenm at opensolaris.org
             Status|CAUSEKNOWN                  |CLOSED
         Resolution|                            |FIXINSOURCE




-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1848


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |1849




-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.