Make encrypted "zfs mount -a" failures consistent

Currently, "zfs mount -a" will print a warning and fail to mount any encrypted datasets that do not have a key loaded. This patch makes the behavior of this failure consistent with other failure modes ("zfs mount -a" will silently continue, explict "zfs mount" will print a message and return an error code. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #7382
openzfs · Apr 6, 2018 · 1bf9a55 · 1bf9a55
1 parent 533ea04
commit 1bf9a55
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c
@@ -6228,6 +6228,22 @@ share_mount_one(zfs_handle_t *zhp, int op, int flags, char *protocol,
 		return (0);
 	}
 
+	/*
+	 * If this filesystem is encrypted and does not have
+	 * a loaded key, we can not mount it.
+	 */
+	if ((flags & MS_CRYPT) == 0 &&
+	    zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF &&
+	    zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS) ==
+	    ZFS_KEYSTATUS_UNAVAILABLE) {
+		if (!explicit)
+			return (0);
+
+		(void) fprintf(stderr, gettext("cannot %s '%s': "
+		    "encryption key not loaded\n"), cmdname, zfs_get_name(zhp));
+		return (1);
+	}
+
 	/*
 	 * If this filesystem is inconsistent and has a receive resume
 	 * token, we can not mount it.

diff --git a/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh b/tests/zfs-tests/tests/functional/cli_root/zfs_mount/zfs_mount_encrypted.ksh
@@ -29,9 +29,12 @@
 # 1. Create an encrypted dataset
 # 2. Unmount and unload the dataset's key
 # 3. Verify the key is unloaded
-# 4. Attempt to load the key while mounting the dataset
-# 5. Verify the key is loaded
-# 6. Verify the dataset is mounted
+# 4. Attempt to mount all datasets in the pool
+# 5. Verify that no error code is produced
+# 6. Verify that the encrypted dataset is not mounted
+# 7. Attempt to load the key while mounting the dataset
+# 8. Verify the key is loaded
+# 9. Verify the dataset is mounted
 #
 
 verify_runnable "both"
@@ -53,6 +56,10 @@ log_must zfs unmount $TESTPOOL/$TESTFS1
 log_must zfs unload-key $TESTPOOL/$TESTFS1
 log_must key_unavailable $TESTPOOL/$TESTFS1
 
+log_must zfs mount -a
+unmounted $TESTPOOL/$TESTFS1 || \
+	log_fail "Filesystem $TESTPOOL/$TESTFS1 is mounted"
+
 log_must eval "echo $PASSPHRASE | zfs mount -l $TESTPOOL/$TESTFS1"
 log_must key_available $TESTPOOL/$TESTFS1