Diffusion FreeBSD src repository 211ec1b9fde3

Deny receiving into encrypted datasets if the keys are not loaded
211ec1b9fde3
Actions

Description

Deny receiving into encrypted datasets if the keys are not loaded

Commit 68ddc06b611854560fefa377437eb3c9480e084b introduced support
for receiving unencrypted datasets as children of encrypted ones but
unfortunately got the logic upside down. This resulted in failing to
deny receives of incremental sends into encrypted datasets without
their keys loaded. If receiving a filesystem, the receive was done
into a newly created unencrypted child dataset of the target. In
case of volumes the receive made the target volume undeletable since
a dataset was created below it, which we obviously can't handle.
Incremental streams with embedded blocks are affected as well.

We fix the broken logic to properly deny receives in such cases.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #13598
Closes #14055
Closes #14119

Details

Provenance

Attila Fülöp <attila@fueloep.org>	Authored on Nov 3 2022, 4:55 PM
GitHub <noreply@github.com>	Committed on Nov 3 2022, 4:55 PM

Parents

rG84477e148dcc: lua: cast through uintptr_t when return a pointer

Branches

Unknown

Tags

Unknown

Event Timeline

GitHub <noreply@github.com> committed rG211ec1b9fde3: Deny receiving into encrypted datasets if the keys are not loaded (authored by Attila Fülöp <attila@fueloep.org>).Nov 3 2022, 4:55 PM

Changes (2)

Path

Size

module/

zfs/

dmu_recv.c

tests/

zfs-tests/

tests/

functional/

cli_root/

zfs_receive/

zfs_receive_to_encrypted.ksh

rG211ec1b9fde3

View Options

module/zfs/dmu_recv.c