Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Oct 2021 17:48:23 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 259231] [zfs] zfs recv not properly mixed encrypted/unencrypted stream
Message-ID:  <bug-259231-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259231

            Bug ID: 259231
           Summary: [zfs] zfs recv not properly mixed
                    encrypted/unencrypted stream
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jamcgee@etherealwake.com

When an encrypted ZFS dataset has unencrypted child nodes, this breaks the
handling of a zfs send stream which will erroneously terminate with "inheri=
ted
key must be loaded" when encountering the unencrypted dataset.

It's likely this issue will need to be pushed upstream to OpenZFS.

The following script will demonstrate the behavior:

---BEGIN---
#!/bin/sh -eux
if [ ! -f test.key ]; then
  dd if=3D/dev/random of=3Dtest.key bs=3D32 count=3D1
fi
KEY=3Dfile://$(realpath test.key)

DEV1=3D$(mdconfig -at swap -s 1G)
zpool create -Oencryption=3Don -Okeyformat=3Draw -Okeylocation=3D${KEY} tes=
t1 ${DEV1}
zfs create test1/dir1
zfs create -oencryption=3Doff test1/dir1/dir2
zfs snap -r test1@snap

DEV2=3D$(mdconfig -at swap -s 1G)
zpool create test2 ${DEV2}
zfs send -Rw test1@snap | zfs recv test2/recv
---END---

And a sample output:

---BEGIN---
+ [ ! -f test.key ]
+ dd 'if=3D/dev/random' 'of=3Dtest.key' 'bs=3D32' 'count=3D1'
1+0 records in
1+0 records out
32 bytes transferred in 0.000043 seconds (752569 bytes/sec)
+ realpath test.key
+ KEY=3Dfile:///root/test.key
+ mdconfig -at swap -s 1G
+ DEV1=3Dmd0
+ zpool create '-Oencryption=3Don' '-Okeyformat=3Draw'
'-Okeylocation=3Dfile:///root/test.key' test1 md0
+ zfs create test/dir1
+ zfs create '-oencryption=3Doff' test1/dir1/dir2
+ zfs snap -r test1@snap
+ mdconfig -at swap -s 1G
+ DEV2=3Dmd1
+ zpool create test2 md1
+ zfs send -Rw test1@snap
+ zfs recv test2/recv
cannot receive new filesystem stream: inherited key must be loaded
warning: cannot send 'test1/dir1/dir2@snap': signal received
---END---

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259231-227>