freebsd-nq/module/zfs
Tom Caputi f00ab3f22c Detect and prevent mixed raw and non-raw sends
Currently, there is an issue in the raw receive code where
raw receives are allowed to happen on top of previously
non-raw received datasets. This is a problem because the
source-side dataset doesn't know about how the blocks on
the destination were encrypted. As a result, any MAC in
the objset's checksum-of-MACs tree that is a parent of both
blocks encrypted on the source and blocks encrypted by the
destination will be incorrect. This will result in
authentication errors when we decrypt the dataset.

This patch fixes this issue by adding a new check to the
raw receive code. The code now maintains an "IVset guid",
which acts as an identifier for the set of IVs used to
encrypt a given snapshot. When a snapshot is raw received,
the destination snapshot will take this value from the
DRR_BEGIN payload. Non-raw receives and normal "zfs snap"
operations will cause ZFS to generate a new IVset guid.
When a raw incremental stream is received, ZFS will check
that the "from" IVset guid in the stream matches that of
the "from" destination snapshot. If they do not match, the
code will error out the receive, preventing the problem.

This patch requires an on-disk format change to add the
IVset guids to snapshots and bookmarks. As a result, this
patch has errata handling and a tunable to help affected
users resolve the issue with as little interruption as
possible.

Reviewed-by: Paul Dagnelie <pcd@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #8308
2019-03-13 11:00:43 -07:00
..
abd.c abd_alloc should use scatter for >1K allocations 2019-02-28 17:52:55 -08:00
aggsum.c OpenZFS 9688 - aggsum_fini leaks memory 2018-10-19 12:08:03 -07:00
arc.c Fix most zfs_arc_* mod params not actually being modifiable at runtime 2019-03-12 15:03:59 -07:00
blkptr.c Undo c89 workarounds to match with upstream 2017-11-04 13:25:13 -07:00
bplist.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
bpobj.c Stack overflow in recursive bpobj_iterate_impl 2019-03-06 09:50:55 -08:00
bptree.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
bqueue.c Call cv_signal() with mutex held 2017-06-26 14:36:49 -07:00
cityhash.c OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
dataset_kstats.c port async unlinked drain from illumos-nexenta 2019-02-12 10:41:15 -08:00
dbuf_stats.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
dbuf.c Fix handling of maxblkid for raw sends 2019-03-13 10:52:01 -07:00
ddt_zap.c Update build system and packaging 2018-05-29 16:00:33 -07:00
ddt.c ztest: scrub ddt repair 2019-01-17 15:25:00 -08:00
dmu_diff.c Fix issues found with zfs diff 2018-05-01 11:24:20 -07:00
dmu_object.c Provide more flexible object allocation interface 2019-01-10 14:37:43 -08:00
dmu_objset.c Prevent user accounting on readonly pool 2019-02-19 18:41:18 -08:00
dmu_recv.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
dmu_send.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
dmu_traverse.c Fix traverse_impl() kmem leak 2018-08-15 09:53:44 -07:00
dmu_tx.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
dmu_zfetch.c Update build system and packaging 2018-05-29 16:00:33 -07:00
dmu.c Fix handling of maxblkid for raw sends 2019-03-13 10:52:01 -07:00
dnode_sync.c Fix handling of maxblkid for raw sends 2019-03-13 10:52:01 -07:00
dnode.c Fix handling of maxblkid for raw sends 2019-03-13 10:52:01 -07:00
dsl_bookmark.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
dsl_crypt.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
dsl_dataset.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
dsl_deadlist.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
dsl_deleg.c Update build system and packaging 2018-05-29 16:00:33 -07:00
dsl_destroy.c zfs receive and rollback can skew filesystem_count 2019-01-08 10:17:46 -08:00
dsl_dir.c ZVOLs should not be allowed to have children 2019-02-08 15:44:15 -08:00
dsl_pool.c port async unlinked drain from illumos-nexenta 2019-02-12 10:41:15 -08:00
dsl_prop.c Update build system and packaging 2018-05-29 16:00:33 -07:00
dsl_scan.c Ensure dsl scan prefetch queue is emptied 2018-12-06 09:47:23 -08:00
dsl_synctask.c OpenZFS 9166 - zfs storage pool checkpoint 2018-06-26 10:07:42 -07:00
dsl_userhold.c zfs should optionally send holds 2019-02-15 12:41:38 -08:00
edonr_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
fm.c OpenZFS 9580 - Add a hash-table on top of nvlist to speed-up operations 2018-07-30 11:30:03 -07:00
gzip.c Update build system and packaging 2018-05-29 16:00:33 -07:00
hkdf.c Encryption patch follow-up 2017-10-11 16:54:48 -04:00
lz4.c Fix LZ4_uncompress_unknownOutputSize caused panic 2017-05-19 13:45:46 -07:00
lzjb.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
Makefile.in OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
metaslab.c Error path in metaslab_load_impl() forgets to drop ms_sync_lock 2019-02-25 11:08:52 -08:00
mmp.c MMP writes rotate over leaves 2019-03-12 10:37:06 -07:00
multilist.c Update build system and packaging 2018-05-29 16:00:33 -07:00
pathname.c Update build system and packaging 2018-05-29 16:00:33 -07:00
policy.c Take user namespaces into account in policy checks 2018-03-07 15:40:42 -08:00
qat_compress.c Fix inst_num overflow in qat_crypt.c 2018-05-01 20:44:24 -07:00
qat_crypt.c Fix inst_num overflow in qat_crypt.c 2018-05-01 20:44:24 -07:00
qat.c SHA256 QAT acceleration 2018-03-15 10:53:58 -07:00
qat.h Resolve QAT issues with incompressible data 2018-03-29 17:40:34 -07:00
range_tree.c Rename range_tree_verify to range_tree_verify_not_present 2019-01-25 09:51:24 -08:00
refcount.c Add zfs_refcount_transfer_ownership_many() 2018-10-09 10:05:48 -07:00
rrwlock.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
sa.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
sha256.c SHA256 QAT acceleration 2018-03-15 10:53:58 -07:00
skein_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
spa_boot.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_checkpoint.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
spa_config.c OpenZFS 9591 - ms_shift can be incorrectly changed 2018-06-21 09:35:26 -07:00
spa_errlog.c Update build system and packaging 2018-05-29 16:00:33 -07:00
spa_history.c Create /proc/sys/kernel/spl/gitrev with git hash 2018-10-08 21:57:02 -07:00
spa_misc.c MMP writes rotate over leaves 2019-03-12 10:37:06 -07:00
spa_stats.c Fix overly broad spa config lock 2019-02-27 10:49:22 -08:00
spa.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
space_map.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
space_reftree.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
THIRDPARTYLICENSE.cityhash OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
THIRDPARTYLICENSE.cityhash.descrip OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
trace.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
txg.c Fix lock inversion in txg_sync_thread() 2018-10-24 14:37:02 -07:00
uberblock.c OpenZFS 9166 - zfs storage pool checkpoint 2018-06-26 10:07:42 -07:00
unique.c Performance optimization of AVL tree comparator functions 2016-08-31 14:35:34 -07:00
vdev_cache.c Update build system and packaging 2018-05-29 16:00:33 -07:00
vdev_disk.c zpool reports 16E expandsize on disks with oddball number of sectors 2019-02-22 15:36:34 -08:00
vdev_file.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
vdev_indirect_births.c Update build system and packaging 2018-05-29 16:00:33 -07:00
vdev_indirect_mapping.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
vdev_indirect.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
vdev_initialize.c Fix vdev_initialize_restart / removal race 2019-03-12 10:39:47 -07:00
vdev_label.c Fix coverity defects: CID 184285 2018-11-11 18:09:00 -08:00
vdev_mirror.c OpenZFS 8473 - scrub does not detect errors on active spares 2019-01-08 09:51:30 -08:00
vdev_missing.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
vdev_queue.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
vdev_raidz_math_aarch64_neon_common.h ABD raidz NEON support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_aarch64_neon.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_aarch64_neonx2.c ABD raidz NEON support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_avx2.c ABD raidz avx512f support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_avx512bw.c ABD: Adapt avx512bw raidz assembly 2016-12-15 17:31:33 -08:00
vdev_raidz_math_avx512f.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
vdev_raidz_math_impl.h codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_scalar.c ABD Vectorized raidz 2016-11-29 14:34:33 -08:00
vdev_raidz_math_sse2.c ABD raidz avx512f support 2016-11-29 14:34:33 -08:00
vdev_raidz_math_ssse3.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math.c Update build system and packaging 2018-05-29 16:00:33 -07:00
vdev_raidz.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
vdev_removal.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
vdev_root.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
vdev.c MMP writes rotate over leaves 2019-03-12 10:37:06 -07:00
zap_leaf.c Off-by-one in zap_leaf_array_create() 2019-01-18 09:58:46 -08:00
zap_micro.c Provide more flexible object allocation interface 2019-01-10 14:37:43 -08:00
zap.c OpenZFS 9328 - zap code can take advantage of c99 2018-05-31 10:53:11 -07:00
zcp_get.c Detect and prevent mixed raw and non-raw sends 2019-03-13 11:00:43 -07:00
zcp_global.c OpenZFS 8600 - ZFS channel programs - snapshot 2018-02-08 15:29:24 -08:00
zcp_iter.c OpenZFS 9337 - zfs get all is slow due to uncached metadata 2018-07-12 10:49:27 -07:00
zcp_synctask.c OpenZFS 9166 - zfs storage pool checkpoint 2018-06-26 10:07:42 -07:00
zcp.c OpenZFS 9424 - ztest failure: "unprotected error in call to Lua API (Invalid value type 'function' for key 'error')" 2018-07-10 21:29:23 -07:00
zfeature.c Undo c89 workarounds to match with upstream 2017-11-04 13:25:13 -07:00
zfs_acl.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_byteswap.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_ctldir.c Update zfs_admin_snapshot value (disabled) 2018-11-08 16:17:12 -08:00
zfs_debug.c Fix dbgmsg printing in ztest and zdb 2018-10-24 14:36:50 -07:00
zfs_dir.c port async unlinked drain from illumos-nexenta 2019-02-12 10:41:15 -08:00
zfs_fm.c Add zpool status -s (slow I/Os) and -p (parseable) 2018-11-08 16:47:24 -08:00
zfs_fuid.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_ioctl.c Avoid retrieving unused snapshot props 2019-03-12 13:13:22 -07:00
zfs_log.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_onexit.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_ratelimit.c Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_replay.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_rlock.c OpenZFS 9689 - zfs range lock code should not be zpl-specific 2018-10-11 10:19:33 -07:00
zfs_sa.c Project Quota on ZFS 2018-02-13 14:54:54 -08:00
zfs_sysfs.c OpenZFS 9102 - zfs should be able to initialize storage devices 2019-01-07 10:37:26 -08:00
zfs_vfsops.c port async unlinked drain from illumos-nexenta 2019-02-12 10:41:15 -08:00
zfs_vnops.c Fix error handling incallers of dbuf_hold_level() 2019-01-17 15:47:08 -08:00
zfs_znode.c port async unlinked drain from illumos-nexenta 2019-02-12 10:41:15 -08:00
zil.c OpenZFS 9962 - zil_commit should omit cache thrash 2018-12-07 11:09:42 -08:00
zio_checksum.c Undo c89 workarounds to match with upstream 2017-11-04 13:25:13 -07:00
zio_compress.c OpenZFS 9403 - assertion failed in arc_buf_destroy() 2018-08-29 11:33:33 -07:00
zio_crypt.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zio_inject.c Add libzutil for libzfs or libzpool consumers 2018-11-05 11:22:33 -08:00
zio.c Delay injection can cause indefinitely hung zios 2019-02-15 14:44:56 -08:00
zle.c Fix zle_decompress out of bound access 2018-02-09 10:08:05 -08:00
zpl_ctldir.c RHEL 7.5 compat: FMODE_KABI_ITERATE 2018-05-02 15:01:24 -07:00
zpl_export.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
zpl_file.c zfs does not honor NFS sync write semantics 2019-03-11 09:13:37 -07:00
zpl_inode.c Linux 4.18 compat: inode timespec -> timespec64 2018-06-19 21:51:18 -07:00
zpl_super.c Fix statfs(2) for 32-bit user space 2018-09-24 17:11:25 -07:00
zpl_xattr.c Add missing checks to zpl_xattr_* functions 2018-08-02 14:03:56 -07:00
zrlock.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zthr.c Don't acquire zthr_request_lock in zthr_wakeup 2019-01-30 12:31:16 -08:00
zvol.c zvol: allow rename of in use ZVOL dataset 2019-02-22 15:38:42 -08:00