Diffusion FreeBSD src repository cd1f0238463a

Deny receiving into encrypted datasets if the keys are not loaded (#14139)
cd1f0238463a
Actions

Description

Deny receiving into encrypted datasets if the keys are not loaded (#14139)

Commit 68ddc06b611854560fefa377437eb3c9480e084b introduced support
for receiving unencrypted datasets as children of encrypted ones but
unfortunately got the logic upside down. This resulted in failing to
deny receives of incremental sends into encrypted datasets without
their keys loaded. If receiving a filesystem, the receive was done
into a newly created unencrypted child dataset of the target. In
case of volumes the receive made the target volume undeletable since
a dataset was created below it, which we obviously can't handle.
Incremental streams with embedded blocks are affected as well.

We fix the broken logic to properly deny receives in such cases.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #13598
Closes #14055
Closes #14119

Details

Provenance

Attila Fülöp <attila@fueloep.org>	Authored on Nov 4 2022, 6:07 PM
GitHub <noreply@github.com>	Committed on Nov 4 2022, 6:07 PM

Parents

rGb27c7a1457e2: zil: Relax assertion in zil_parse

Branches

Unknown

Tags

Unknown

Event Timeline

GitHub <noreply@github.com> committed rGcd1f0238463a: Deny receiving into encrypted datasets if the keys are not loaded (#14139) (authored by Attila Fülöp <attila@fueloep.org>).Nov 4 2022, 6:07 PM

Changes (2)

Path

Size

module/

zfs/

dmu_recv.c

tests/

zfs-tests/

tests/

functional/

cli_root/

zfs_receive/

zfs_receive_to_encrypted.ksh

rGcd1f0238463a

View Options

module/zfs/dmu_recv.c