aboutsummaryrefslogtreecommitdiffstats
path: root/module/zfs/dnode_sync.c
diff options
context:
space:
mode:
authorTom Caputi <[email protected]>2018-06-28 12:20:34 -0400
committerBrian Behlendorf <[email protected]>2018-06-28 09:20:34 -0700
commit69830602de2d836013a91bd42cc8d36bbebb3aae (patch)
tree6141db85a412b76160027e7f6280dd099baedcf1 /module/zfs/dnode_sync.c
parent3be1eb29dab4e96249de7832d9b3dae5740c33c8 (diff)
Raw receive fix and encrypted objset security fix
This patch fixes two problems with the encryption code. First, the current code does not correctly prohibit the DMU from updating dn_maxblkid during object truncation within a raw receive. This usually only causes issues when the truncating DRR_FREE record is aggregated with DRR_FREE records later in the receive, so it is relatively hard to hit. Second, this patch fixes a security issue where reading blocks within an encrypted object did not guarantee that the dnode block itself had ever been verified against its MAC. Usually the verification happened anyway when the bonus buffer was read, but some use cases (notably zvols) might never perform the check. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed by: Matthew Ahrens <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7632
Diffstat (limited to 'module/zfs/dnode_sync.c')
-rw-r--r--module/zfs/dnode_sync.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/module/zfs/dnode_sync.c b/module/zfs/dnode_sync.c
index 044031e4f..830da26f8 100644
--- a/module/zfs/dnode_sync.c
+++ b/module/zfs/dnode_sync.c
@@ -367,7 +367,12 @@ dnode_sync_free_range_impl(dnode_t *dn, uint64_t blkid, uint64_t nblks,
}
}
- if (trunc) {
+ /*
+ * Do not truncate the maxblkid if we are performing a raw
+ * receive. The raw receive sets the mablkid manually and
+ * must not be overriden.
+ */
+ if (trunc && !dn->dn_objset->os_raw_receive) {
ASSERTV(uint64_t off);
dn->dn_phys->dn_maxblkid = blkid == 0 ? 0 : blkid - 1;