diff options
| author | Attila Fülöp <[email protected]> | 2022-11-04 19:07:29 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-11-04 11:07:29 -0700 |
| commit | cd1f0238463ae5777a58022c422c489606221dca (patch) | |
| tree | c4e9c8ad0bc02c930ad883792e421baacf86b130 /module | |
| parent | b27c7a1457e202435914403ddf6708cb6b53bfa0 (diff) | |
Deny receiving into encrypted datasets if the keys are not loaded (#14139)
Commit 68ddc06b611854560fefa377437eb3c9480e084b introduced support
for receiving unencrypted datasets as children of encrypted ones but
unfortunately got the logic upside down. This resulted in failing to
deny receives of incremental sends into encrypted datasets without
their keys loaded. If receiving a filesystem, the receive was done
into a newly created unencrypted child dataset of the target. In
case of volumes the receive made the target volume undeletable since
a dataset was created below it, which we obviously can't handle.
Incremental streams with embedded blocks are affected as well.
We fix the broken logic to properly deny receives in such cases.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Attila Fülöp <[email protected]>
Closes #13598
Closes #14055
Closes #14119
Diffstat (limited to 'module')
| -rw-r--r-- | module/zfs/dmu_recv.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/module/zfs/dmu_recv.c b/module/zfs/dmu_recv.c index 99eeceeb4..98ca2b3bc 100644 --- a/module/zfs/dmu_recv.c +++ b/module/zfs/dmu_recv.c @@ -602,7 +602,7 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) * so add the DS_HOLD_FLAG_DECRYPT flag only if we are dealing * with a dataset we may encrypt. */ - if (drba->drba_dcp != NULL && + if (drba->drba_dcp == NULL || drba->drba_dcp->cp_crypt != ZIO_CRYPT_OFF) { dsflags |= DS_HOLD_FLAG_DECRYPT; } |