Project

General

Profile

Actions

Bug #13697

closed

zfs change-key does not follow clones, data loss ensues

Added by Alex Wilson 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Currently zfs change-key does not properly cross clone boundaries:

root@omniosce:~# zfs create -o encryption=aes-256-gcm -o keyformat=passphrase rpool/enctest
Enter passphrase:
Re-enter passphrase:
root@omniosce:~# zfs create rpool/enctest/empty
root@omniosce:~# zfs snapshot rpool/enctest/empty@final
root@omniosce:~# zfs clone rpool/enctest/empty@final rpool/foobar
root@omniosce:~# zfs create rpool/foobar/baz
root@omniosce:~# echo hi > /rpool/foobar/baz/test.txt
root@omniosce:~# zfs umount rpool/foobar/baz
root@omniosce:~# zfs umount rpool/foobar    
root@omniosce:~# zfs change-key rpool/enctest
Enter new passphrase for 'rpool/enctest':
Re-enter new passphrase for 'rpool/enctest':
root@omniosce:~# zfs mount rpool/foobar
root@omniosce:~# zfs mount rpool/foobar/baz
cannot mount 'rpool/foobar/baz': Permission denied

This EACCES is being triggered by the MAC on the wrapped key failing because we never updated it. Once we get here, the rpool/foobar/baz dataset and all data on it is irretrievable.

Bug was fixed in 2019 in OpenZFS/ZoL: https://github.com/openzfs/zfs/pull/9294

Commit on their side was https://github.com/openzfs/zfs/commit/637f0c6019a67b7cc3f548ec254c5c55e2d1ef1e

My quick-and-dirty cherry-pick: https://github.com/arekinath/illumos-joyent/commit/a430005b58d95a3ab4f74f950abb7fe16e2b9c98 (haven't checked the tests yet)

Actions

Also available in: Atom PDF