New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key load error: Failed to get encryption root for dataset #9267
Labels
Component: Encryption
"native encryption" feature
Type: Defect
Incorrect behavior (e.g. crash, hang)
Comments
gusev-vitaliy
changed the title
Key load error: Failed to get encryption root for $dataset
Key load error: Failed to get encryption root for dataset
Sep 2, 2019
behlendorf
added
Component: Encryption
"native encryption" feature
Type: Defect
Incorrect behavior (e.g. crash, hang)
labels
Sep 3, 2019
tcaputi
pushed a commit
to datto/zfs
that referenced
this issue
Sep 6, 2019
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Fixes: openzfs#9267 Signed-off-by: Tom Caputi <tcaputi@datto.com>
12 tasks
@gusev-vitaliy Please confirm that #9294 fixes your issue when you get a chance. |
tcaputi
pushed a commit
to datto/zfs
that referenced
this issue
Sep 6, 2019
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Fixes: openzfs#9267 Signed-off-by: Tom Caputi <tcaputi@datto.com>
behlendorf
pushed a commit
that referenced
this issue
Sep 16, 2019
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #9267 Closes #9294
tonyhutter
pushed a commit
to tonyhutter/zfs
that referenced
this issue
Dec 24, 2019
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes openzfs#9267 Closes openzfs#9294
tonyhutter
pushed a commit
to tonyhutter/zfs
that referenced
this issue
Dec 27, 2019
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes openzfs#9267 Closes openzfs#9294
tonyhutter
pushed a commit
that referenced
this issue
Jan 23, 2020
Currently, spa_keystore_change_key_sync_impl() does not recurse into clones when updating encryption roots for either a call to 'zfs promote' or 'zfs change-key'. This can cause children of these clones to end up in a state where they point to the wrong dataset as the encryption root. It can also trigger ASSERTs in some cases where the code checks reference counts on wrapping keys. This patch fixes this issue by ensuring that this function properly recurses into clones during processing. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #9267 Closes #9294
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Component: Encryption
"native encryption" feature
Type: Defect
Incorrect behavior (e.g. crash, hang)
System information
Describe the problem you're observing
After fixing zfsonlinux#6703 and #8976 dataset cannot be accessed due to lost encryptionroot. So that encrypted data also is lost. Output of run commands:
Describe how to reproduce the problem
Include any warning/errors/backtraces from the system logs
The text was updated successfully, but these errors were encountered: