From 8da47297321af784f5c7af5f8daa07f2d4464bae Mon Sep 17 00:00:00 2001 From: Alek P Date: Thu, 23 Apr 2026 16:55:28 -0400 Subject: [PATCH] key lookup failure should always return EACCES MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit spa_do_crypt_abd() already maps a missing key to EACCES. However spa_do_crypt_mac_abd(), spa_do_crypt_objset_mac_abd(), and spa_crypt_get_salt() still return the raw spa_keystore_lookup_key() error (ENOENT). This is inconsistent As we want to treat all “no key” failures as a permission failure. Standardize on EACCES for the unloaded-key case. Reviewed-by: Brian Behlendorf Signed-off-by: Alek Pinchuk Closes #18448 --- module/zfs/arc.c | 2 +- module/zfs/dsl_crypt.c | 53 ++++++++++++++---------------------------- 2 files changed, 18 insertions(+), 37 deletions(-) diff --git a/module/zfs/arc.c b/module/zfs/arc.c index d63c4084839..053314db185 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -1874,7 +1874,7 @@ arc_hdr_authenticate(arc_buf_hdr_t *hdr, spa_t *spa, uint64_t dsobj) if (ret == 0) arc_hdr_clear_flags(hdr, ARC_FLAG_NOAUTH); - else if (ret == ENOENT) + else if (ret == EACCES) ret = 0; if (free_abd) diff --git a/module/zfs/dsl_crypt.c b/module/zfs/dsl_crypt.c index 9207737f908..56004f7fc90 100644 --- a/module/zfs/dsl_crypt.c +++ b/module/zfs/dsl_crypt.c @@ -2677,23 +2677,16 @@ int spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt) { int ret; - dsl_crypto_key_t *dck = NULL; + dsl_crypto_key_t *dck; /* look up the key from the spa's keystore */ ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck); if (ret != 0) - goto error; + return (SET_ERROR(EACCES)); ret = zio_crypt_key_get_salt(&dck->dck_key, salt); - if (ret != 0) - goto error; - spa_keystore_dsl_key_rele(spa, dck, FTAG); - return (0); -error: - if (dck != NULL) - spa_keystore_dsl_key_rele(spa, dck, FTAG); return (ret); } @@ -2708,9 +2701,7 @@ spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, abd_t *abd, uint_t datalen, boolean_t byteswap) { int ret; - dsl_crypto_key_t *dck = NULL; - void *buf = abd_borrow_buf_copy(abd, datalen); - objset_phys_t *osp = buf; + dsl_crypto_key_t *dck; uint8_t portable_mac[ZIO_OBJSET_MAC_LEN]; uint8_t local_mac[ZIO_OBJSET_MAC_LEN]; const uint8_t zeroed_mac[ZIO_OBJSET_MAC_LEN] = {0}; @@ -2718,15 +2709,19 @@ spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, /* look up the key from the spa's keystore */ ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck); if (ret != 0) - goto error; + return (SET_ERROR(EACCES)); + + void *buf = abd_borrow_buf_copy(abd, datalen); + objset_phys_t *osp = buf; /* calculate both HMACs */ ret = zio_crypt_do_objset_hmacs(&dck->dck_key, buf, datalen, byteswap, portable_mac, local_mac); - if (ret != 0) - goto error; - spa_keystore_dsl_key_rele(spa, dck, FTAG); + if (ret != 0) { + abd_return_buf(abd, buf, datalen); + return (ret); + } /* if we are generating encode the HMACs in the objset_phys_t */ if (generate) { @@ -2760,14 +2755,7 @@ spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, } abd_return_buf(abd, buf, datalen); - return (0); - -error: - if (dck != NULL) - spa_keystore_dsl_key_rele(spa, dck, FTAG); - abd_return_buf(abd, buf, datalen); - return (ret); } int @@ -2775,23 +2763,22 @@ spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, abd_t *abd, uint_t datalen, uint8_t *mac) { int ret; - dsl_crypto_key_t *dck = NULL; - uint8_t *buf = abd_borrow_buf_copy(abd, datalen); + dsl_crypto_key_t *dck; uint8_t digestbuf[ZIO_DATA_MAC_LEN]; /* look up the key from the spa's keystore */ ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck); if (ret != 0) - goto error; + return (SET_ERROR(EACCES)); + uint8_t *buf = abd_borrow_buf_copy(abd, datalen); /* perform the hmac */ ret = zio_crypt_do_hmac(&dck->dck_key, buf, datalen, digestbuf, ZIO_DATA_MAC_LEN); - if (ret != 0) - goto error; - - abd_return_buf(abd, buf, datalen); spa_keystore_dsl_key_rele(spa, dck, FTAG); + abd_return_buf(abd, buf, datalen); + if (ret != 0) + return (ret); /* * Truncate and fill in mac buffer if we were asked to generate a MAC. @@ -2806,12 +2793,6 @@ spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, abd_t *abd, return (SET_ERROR(ECKSUM)); return (0); - -error: - if (dck != NULL) - spa_keystore_dsl_key_rele(spa, dck, FTAG); - abd_return_buf(abd, buf, datalen); - return (ret); } /*