zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) #12707

riyad · 2021-10-30T08:52:18Z

System information

Type	Version/Name
Distribution Name	Ubuntu
Distribution Version	20.10
Kernel Version	5.13.0
Architecture	x86_64
OpenZFS Version	2.0.6-1ubuntu2

Describe the problem you're observing

Trying to determine if I'm affected by a data corruption bug (#11474) I had to see if file modes had weird values. Running the test command zdb -dAdvv $FILESYSTEM | grep 'mode\s\+[0-9]' | sort | uniq -c I learned that zdb doesn't show this information for encrypted datasets at all. Instead placeholders like "(bonus encrypted)" and "(object encrypted)" are printed even when the dataset keys are loaded and the datasets are mounted.

Describe how to reproduce the problem

Run zdb -dAdvv on an enctypted dataset:

$ sudo zdb -dAdvv $FILESYSTEM
[...]
    Object  lvl   iblk   dblk  dsize  dnsize  lsize   %full  type
       936    1   128K  25.5K     4K      1K  25.5K  100.00  ZFS plain file
                                               176   bonus  System attributes
        dnode flags: USED_BYTES USERUSED_ACCOUNTED USEROBJUSED_ACCOUNTED 
        dnode maxblkid: 0
                (bonus encrypted)
                (object encrypted)
[...]

The text was updated successfully, but these errors were encountered:

stale · 2022-11-01T17:45:25Z

This issue has been automatically marked as "stale" because it has not had any activity for a while. It will be closed in 90 days if no further activity occurs. Thank you for your contributions.

The approach is straightforward: for dataset ops, if a key was offered, find the encryption root and the various encryption parameters, derive a wrapping key if necessary, and then unlock the encryption root. After that all the regular dataset ops will return unencrypted data, and that's kinda the whole thing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Jorgen Lundman <lundman@lundman.net> Signed-off-by: Rob Norris <robn@despairlabs.com> Closes #11551 Closes #12707 Closes #14503

The approach is straightforward: for dataset ops, if a key was offered, find the encryption root and the various encryption parameters, derive a wrapping key if necessary, and then unlock the encryption root. After that all the regular dataset ops will return unencrypted data, and that's kinda the whole thing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Jorgen Lundman <lundman@lundman.net> Signed-off-by: Rob Norris <robn@despairlabs.com> Closes openzfs#11551 Closes openzfs#12707 Closes openzfs#14503

riyad added the Type: Defect Incorrect behavior (e.g. crash, hang) label Oct 30, 2021

riyad changed the title ~~zdb -dAdvv hides file attributes (e.g. mode) for encryted datasets (even when keys are loaded)~~ zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) Oct 30, 2021

stale bot added the Status: Stale No recent activity for issue label Nov 1, 2022

behlendorf added Bot: Not Stale Override for the stale bot and removed Status: Stale No recent activity for issue labels Nov 1, 2022

robn mentioned this issue Feb 17, 2023

zdb: add decryption support #14503

Merged

13 tasks

behlendorf closed this as completed in #14503 Mar 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) #12707

zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) #12707

riyad commented Oct 30, 2021

stale bot commented Nov 1, 2022

zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) #12707

zdb -dAdvv hides file attributes (e.g. mode) for encrypted datasets (even when keys are loaded) #12707

Comments

riyad commented Oct 30, 2021

System information

Describe the problem you're observing

Describe how to reproduce the problem

stale bot commented Nov 1, 2022