[Bug 259231] [zfs] zfs recv not properly mixed encrypted/unencrypted stream

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 259231] [zfs] zfs recv not properly handle mixed encrypted/unencrypted stream"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 259231] [zfs] zfs recv not properly handle mixed encrypted/unencrypted stream"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 17 Oct 2021 17:48:23 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259231

            Bug ID: 259231
           Summary: [zfs] zfs recv not properly mixed
                    encrypted/unencrypted stream
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jamcgee@etherealwake.com

When an encrypted ZFS dataset has unencrypted child nodes, this breaks the
handling of a zfs send stream which will erroneously terminate with "inherited
key must be loaded" when encountering the unencrypted dataset.

It's likely this issue will need to be pushed upstream to OpenZFS.

The following script will demonstrate the behavior:

---BEGIN---
#!/bin/sh -eux
if [ ! -f test.key ]; then
  dd if=/dev/random of=test.key bs=32 count=1
fi
KEY=file://$(realpath test.key)

DEV1=$(mdconfig -at swap -s 1G)
zpool create -Oencryption=on -Okeyformat=raw -Okeylocation=${KEY} test1 ${DEV1}
zfs create test1/dir1
zfs create -oencryption=off test1/dir1/dir2
zfs snap -r test1@snap

DEV2=$(mdconfig -at swap -s 1G)
zpool create test2 ${DEV2}
zfs send -Rw test1@snap | zfs recv test2/recv
---END---

And a sample output:

---BEGIN---
+ [ ! -f test.key ]
+ dd 'if=/dev/random' 'of=test.key' 'bs=32' 'count=1'
1+0 records in
1+0 records out
32 bytes transferred in 0.000043 seconds (752569 bytes/sec)
+ realpath test.key
+ KEY=file:///root/test.key
+ mdconfig -at swap -s 1G
+ DEV1=md0
+ zpool create '-Oencryption=on' '-Okeyformat=raw'
'-Okeylocation=file:///root/test.key' test1 md0
+ zfs create test/dir1
+ zfs create '-oencryption=off' test1/dir1/dir2
+ zfs snap -r test1@snap
+ mdconfig -at swap -s 1G
+ DEV2=md1
+ zpool create test2 md1
+ zfs send -Rw test1@snap
+ zfs recv test2/recv
cannot receive new filesystem stream: inherited key must be loaded
warning: cannot send 'test1/dir1/dir2@snap': signal received
---END---

-- 
You are receiving this mail because:
You are the assignee for the bug.