Skip to content

Commit

Permalink
optimize recv_fix_encryption_hierarchy()
Browse files Browse the repository at this point in the history 
Signed-off-by: George Amanakis <gamanakis@gmail.com>
  • Loading branch information
@gamanakis
gamanakis committed Jan 6, 2025
1 parent dc0324b commit 3c2f65b
Show file tree
Hide file tree
Showing 2 changed files with 212 additions and 97 deletions.
202 changes: 130 additions & 72 deletions lib/libzfs/libzfs_sendrecv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3376,30 +3376,28 @@ created_before(libzfs_handle_t *hdl, avl_tree_t *avl,
*/
static int
recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *top_zfs,
nvlist_t *stream_nv)
nvlist_t *stream_nv, avl_tree_t *stream_avl)
{
int err;
nvpair_t *fselem = NULL;
nvlist_t *stream_fss;
nvpair_t *fselem = NULL, *nextfselem;
nvlist_t *local_nv, *stream_fss;
avl_tree_t *local_avl;
boolean_t recursive;
char fsname[ZFS_MAX_DATASET_NAME_LEN], *cp;

stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
ENOENT);

/*
* Go through the send stream and find a snapshot that exists
* locally.
*/
stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
while ((fselem = nvlist_next_nvpair(stream_fss, fselem)) != NULL) {
zfs_handle_t *zhp = NULL;
uint64_t crypt;
nvlist_t *snaps, *props, *stream_nvfs = NULL;
nvlist_t *snaps, *stream_nvfs;
nvpair_t *snapel = NULL;
boolean_t is_encroot, is_clone, stream_encroot;
char *cp;
const char *stream_keylocation = NULL;
char keylocation[MAXNAMELEN];
char fsname[ZFS_MAX_DATASET_NAME_LEN];

keylocation[0] = '\0';
stream_nvfs = fnvpair_value_nvlist(fselem);
snaps = fnvlist_lookup_nvlist(stream_nvfs, "snaps");
props = fnvlist_lookup_nvlist(stream_nvfs, "props");
stream_encroot = nvlist_exists(stream_nvfs, "is_encroot");

/* find a snapshot from the stream that exists locally */
err = ENOENT;
Expand All @@ -3413,87 +3411,147 @@ recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *top_zfs,
break;
}

if (err != 0)
continue;
if (err == 0)
break;
}

cp = strchr(fsname, '@');
if (cp != NULL)
*cp = '\0';
/* If we failed to find a snapshot that exists locally return. */
if (err != 0)
return (0);

zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
/* Convert the snapshot to fs name */
cp = strchr(fsname, '@');
if (cp != NULL)
*cp = '\0';

/* Using the fs name, gather the nvlists for all local filesystems. */
if ((err = gather_nvlist(hdl, fsname, NULL, NULL,
recursive, B_TRUE, B_FALSE, recursive, B_FALSE, B_FALSE, B_FALSE,
B_FALSE, B_TRUE, &local_nv, &local_avl)) != 0)
return (err);

/*
* Go through the nvlists of the local filesystems and check for
* encryption roots.
*/
for (fselem = nvlist_next_nvpair(local_nv, NULL); fselem;
fselem = nextfselem) {
zfs_handle_t *zhp = NULL;
uint64_t crypt;
nvlist_t *stream_props, *snaps, *stream_nvfs = NULL,
*nvfs = NULL;
boolean_t is_encroot, is_clone, stream_encroot;
const char *stream_keylocation = NULL, *fs;
char keylocation[MAXNAMELEN];
nvpair_t *snapelem;

nextfselem = nvlist_next_nvpair(local_nv, fselem);

nvfs = fnvpair_value_nvlist(fselem);
snaps = fnvlist_lookup_nvlist(nvfs, "snaps");
fs = fnvlist_lookup_string(nvfs, "name");
zhp = zfs_open(hdl, fs, ZFS_TYPE_DATASET);
if (zhp == NULL) {
err = ENOENT;
goto error;
}

crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0';
(void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);

/* we don't need to do anything for unencrypted datasets */
crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
if (crypt == ZIO_CRYPT_OFF) {
zfs_close(zhp);
continue;
}

is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0';
(void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
keylocation[0] = '\0';

/*
* If the dataset is flagged as an encryption root, was not
* received as a clone and is not currently an encryption root,
* force it to become one. Fixup the keylocation if necessary.
* Go through the snapshots of the local filesystem and find
* those contained in the send stream. Check for encryption
* roots in their properties and adjust the local filesystems
* accordingly.
*/
if (stream_encroot) {
if (!is_clone && !is_encroot) {
err = lzc_change_key(fsname,
DCP_CMD_FORCE_NEW_KEY, NULL, NULL, 0);
for (snapelem = nvlist_next_nvpair(snaps, NULL);
snapelem; snapelem = nvlist_next_nvpair(snaps, snapelem)) {
uint64_t thisguid;

thisguid = fnvpair_value_uint64(snapelem);
stream_nvfs = fsavl_find(stream_avl, thisguid, NULL);

if (stream_nvfs == NULL)
continue;

stream_props =
fnvlist_lookup_nvlist(stream_nvfs, "props");
stream_encroot =
nvlist_exists(stream_nvfs, "is_encroot");

/*
* If the dataset is flagged as an encryption root, was
* not received as a clone and is not currently an
* encryption root, force it to become one. Fixup the
* keylocation if necessary.
*/
if (stream_encroot) {
if (!is_clone && !is_encroot) {
err = lzc_change_key(fsname,
DCP_CMD_FORCE_NEW_KEY, NULL,
NULL, 0);
if (err != 0) {
zfs_close(zhp);
goto error;
}
}

stream_keylocation =
fnvlist_lookup_string(stream_props,
zfs_prop_to_name(ZFS_PROP_KEYLOCATION));

/*
* Refresh the properties in case the call to
* lzc_change_key() changed the value.
*/
zfs_refresh_properties(zhp);
err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
keylocation, sizeof (keylocation), NULL,
NULL, 0, B_TRUE);
if (err != 0) {
zfs_close(zhp);
goto error;
}
}

stream_keylocation = fnvlist_lookup_string(props,
zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
if (strcmp(keylocation, stream_keylocation)
!= 0) {
err = zfs_prop_set(zhp,
zfs_prop_to_name(
ZFS_PROP_KEYLOCATION),
stream_keylocation);
if (err != 0) {
zfs_close(zhp);
goto error;
}
}
}

/*
* Refresh the properties in case the call to
* lzc_change_key() changed the value.
* If the dataset is not flagged as an encryption root
* and is currently an encryption root, force it to
* inherit from its parent. The root of a raw send
* should never be force-inherited.
*/
zfs_refresh_properties(zhp);
err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
keylocation, sizeof (keylocation), NULL, NULL,
0, B_TRUE);
if (err != 0) {
zfs_close(zhp);
goto error;
}

if (strcmp(keylocation, stream_keylocation) != 0) {
err = zfs_prop_set(zhp,
zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
stream_keylocation);
if (!stream_encroot && is_encroot &&
strcmp(top_zfs, fsname) != 0) {
err = lzc_change_key(fsname,
DCP_CMD_FORCE_INHERIT, NULL, NULL, 0);
if (err != 0) {
zfs_close(zhp);
goto error;
}
}
}

/*
* If the dataset is not flagged as an encryption root and is
* currently an encryption root, force it to inherit from its
* parent. The root of a raw send should never be
* force-inherited.
*/
if (!stream_encroot && is_encroot &&
strcmp(top_zfs, fsname) != 0) {
err = lzc_change_key(fsname, DCP_CMD_FORCE_INHERIT,
NULL, NULL, 0);
if (err != 0) {
zfs_close(zhp);
goto error;
}
}

zfs_close(zhp);
}

Expand All @@ -3518,14 +3576,14 @@ recv_incremental_replication(libzfs_handle_t *hdl, const char *tofs,
boolean_t needagain, progress, recursive;
const char *s1, *s2;

if (flags->dryrun)
return (0);

fromsnap = fnvlist_lookup_string(stream_nv, "fromsnap");

recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
ENOENT);

if (flags->dryrun)
return (0);

again:
needagain = progress = B_FALSE;

Expand Down Expand Up @@ -3999,9 +4057,9 @@ zfs_receive_package(libzfs_handle_t *hdl, int fd, const char *destname,
stream_nv, stream_avl, NULL);
}

if (raw && softerr == 0 && *top_zfs != NULL) {
if (raw && softerr == 0 && *top_zfs != NULL && !flags->dryrun) {
softerr = recv_fix_encryption_hierarchy(hdl, *top_zfs,
stream_nv);
stream_nv, stream_avl);
}

out:
Expand Down
Loading

0 comments on commit 3c2f65b

Please sign in to comment.