diff options
author | Tom Caputi <[email protected]> | 2020-01-14 15:25:20 -0500 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2020-01-14 12:25:20 -0800 |
commit | 61152d1069595db08f9b53ee518683382caf313e (patch) | |
tree | 94c02406bced0e296a795506f504361aab935529 /include | |
parent | f744f36ce583ed27dcfcda93ecd0af1df994a891 (diff) |
Fix errata #4 handling for resuming streams
Currently, the handling for errata #4 has two issues which allow
the checks for this issue to be bypassed using resumable sends.
The first issue is that drc->drc_fromsnapobj is not set in the
resuming code as it is in the non-resuming code. This causes
dsl_crypto_recv_key_check() to skip its checks for the
from_ivset_guid. The second issue is that resumable sends do not
clean up their on-disk state if they fail the checks in
dmu_recv_stream() that happen before any data is received.
As a result of these two bugs, a user can attempt a resumable send
of a dataset without a from_ivset_guid. This will fail the initial
dmu_recv_stream() checks, leaving a valid resume state. The send
can then be resumed, which skips those checks, allowing the receive
to be completed.
This commit fixes these issues by setting drc->drc_fromsnapobj in
the resuming receive path and by ensuring that resumablereceives
are properly cleaned up if they fail the initial dmu_recv_stream()
checks.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #9818
Closes #9829
Diffstat (limited to 'include')
-rw-r--r-- | include/sys/dmu_recv.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/sys/dmu_recv.h b/include/sys/dmu_recv.h index 2cbe49c49..e3b54e3d1 100644 --- a/include/sys/dmu_recv.h +++ b/include/sys/dmu_recv.h @@ -49,6 +49,7 @@ typedef struct dmu_recv_cookie { uint64_t drc_featureflags; boolean_t drc_force; boolean_t drc_resumable; + boolean_t drc_should_save; boolean_t drc_raw; boolean_t drc_clone; boolean_t drc_spill; |