forked from openzfs/zfs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Receive checks should allow unencrypted child datasets
dmu_recv_begin_check() unconditionally sets the DS_HOLD_FLAG_DECRYPT flag before calling dsl_dataset_hold_flags(). If the key on the receiving side isn't loaded or the send stream contains embedded blocks, the receive check fails for a stream which is perfectly valid and could be received without any problem. This seems like a remnant of the initial design, where unencrypted datasets below encrypted ones weren't allowed. Add a condition to set `DS_HOLD_FLAG_DECRYPT` only for encrypted datasets, modify an existing test to detect this regression and add a test for raw replication streams. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: George Amanakis <gamanakis@gmail.com> Co-authored-by: George Amanakis <gamanakis@gmail.com> Signed-off-by: Attila Fülöp <attila@fueloep.org> Closes openzfs#13033 Closes openzfs#13076
- Loading branch information
1 parent
c28d6ab
commit 68ddc06
Showing
5 changed files
with
102 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
75 changes: 75 additions & 0 deletions
75
tests/zfs-tests/tests/functional/cli_root/zfs_receive/zfs_receive_-wR-encrypted-mix.ksh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
#!/bin/ksh -p | ||
# | ||
# CDDL HEADER START | ||
# | ||
# The contents of this file are subject to the terms of the | ||
# Common Development and Distribution License (the "License"). | ||
# You may not use this file except in compliance with the License. | ||
# | ||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | ||
# or http://www.opensolaris.org/os/licensing. | ||
# See the License for the specific language governing permissions | ||
# and limitations under the License. | ||
# | ||
# When distributing Covered Code, include this CDDL HEADER in each | ||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. | ||
# If applicable, add the following below this CDDL HEADER, with the | ||
# fields enclosed by brackets "[]" replaced with your own identifying | ||
# information: Portions Copyright [yyyy] [name of copyright owner] | ||
# | ||
# CDDL HEADER END | ||
# | ||
|
||
# | ||
# Copyright (c) 2022 by Attila Fülöp <attila@fueloep.org> | ||
# | ||
|
||
. $STF_SUITE/include/libtest.shlib | ||
|
||
# | ||
# DESCRIPTION: | ||
# ZFS should receive a raw send of a mix of unencrypted and encrypted | ||
# child datasets | ||
# | ||
# The layout of the datasets is: enc/unenc/enc/unenc | ||
# | ||
# STRATEGY: | ||
# 1. Create the dataset hierarchy | ||
# 2. Snapshot the dataset hierarchy | ||
# 3. Send -Rw the dataset hierarchy and receive into a top-level dataset | ||
# 4. Check the encryption property of the received datasets | ||
|
||
verify_runnable "both" | ||
|
||
function cleanup | ||
{ | ||
datasetexists "$TESTPOOL/$TESTFS1" && \ | ||
destroy_dataset "$TESTPOOL/$TESTFS1" -r | ||
|
||
datasetexists "$TESTPOOL/$TESTFS2" && \ | ||
destroy_dataset "$TESTPOOL/$TESTFS2" -r | ||
} | ||
|
||
log_onexit cleanup | ||
|
||
log_assert "ZFS should receive a mix of un/encrypted childs" | ||
|
||
typeset src="$TESTPOOL/$TESTFS1" | ||
typeset dst="$TESTPOOL/$TESTFS2" | ||
typeset snap="snap" | ||
|
||
echo "password" | \ | ||
create_dataset "$src" -o encryption=on -o keyformat=passphrase | ||
create_dataset "$src/u" "-o encryption=off" | ||
echo "password" | \ | ||
create_dataset "$src/u/e" -o encryption=on -o keyformat=passphrase | ||
create_dataset "$src/u/e/u" -o encryption=off | ||
|
||
log_must zfs snapshot -r "$src@$snap" | ||
log_must eval "zfs send -Rw $src@$snap | zfs receive -u $dst" | ||
log_must test "$(get_prop 'encryption' $dst)" != "off" | ||
log_must test "$(get_prop 'encryption' $dst/u)" == "off" | ||
log_must test "$(get_prop 'encryption' $dst/u/e)" != "off" | ||
log_must test "$(get_prop 'encryption' $dst/u/e/u)" == "off" | ||
|
||
log_pass "ZFS can receive a mix of un/encrypted childs" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters