Ensure dsl_destroy_head() decrypts objsets

This patch corrects a small issue where the dsl_destroy_head()
code that runs when the async_destroy feature is disabled would
not properly decrypt the dataset before beginning processing.
If the dataset is not able to be decrypted, the optimization
code now simply does not run and the dataset is completely
destroyed in the DSL sync task.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #9021

diff --git a/module/zfs/dsl_destroy.c b/module/zfs/dsl_destroy.c
index d15c446c701c8ba60744c790fb5902acefcc0e68..2f98e87ed343a3d749e612766b2b2ce54f37cecb 100644 (file)
--- a/module/zfs/dsl_destroy.c
+++ b/module/zfs/dsl_destroy.c
@@ -1105,9 +1105,10 @@ dsl_destroy_head(const char *name)
                /*
                 * Head deletion is processed in one txg on old pools;
                 * remove the objects from open context so that the txg sync
-                * is not too long.
+                * is not too long. This optimization can only work for
+                * encrypted datasets if the wrapping key is loaded.
                 */
-               error = dmu_objset_own(name, DMU_OST_ANY, B_FALSE, B_FALSE,
+               error = dmu_objset_own(name, DMU_OST_ANY, B_FALSE, B_TRUE,
                    FTAG, &os);
                if (error == 0) {
                        uint64_t prev_snap_txg =
@@ -1119,7 +1120,7 @@ dsl_destroy_head(const char *name)
                                (void) dmu_free_long_object(os, obj);
                        /* sync out all frees */
                        txg_wait_synced(dmu_objset_pool(os), 0);
-                       dmu_objset_disown(os, B_FALSE, FTAG);
+                       dmu_objset_disown(os, B_TRUE, FTAG);
                }
        }