Backport #14119 to zfs-2.1.7-staging

module/zfs/dmu_recv.c

@@ -602,7 +602,7 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx)
 		 * so add the DS_HOLD_FLAG_DECRYPT flag only if we are dealing
 		 * with a dataset we may encrypt.
 		 */
-		if (drba->drba_dcp != NULL &&
+		if (drba->drba_dcp == NULL ||
 		    drba->drba_dcp->cp_crypt != ZIO_CRYPT_OFF) {
 			dsflags |= DS_HOLD_FLAG_DECRYPT;
 		}

tests/zfs-tests/tests/functional/cli_root/zfs_receive/zfs_receive_to_encrypted.ksh

@@ -25,20 +25,24 @@
 # ZFS should receive to an encrypted child dataset.
 #
 # STRATEGY:
-# 1. Snapshot the default dataset
-# 2. Create an encrypted dataset
-# 3. Attempt to receive a stream to an encrypted child
-# 4. Attempt to receive a stream with properties to an encrypted child
-# 5. Attempt to receive a replication stream to an encrypted child
-# 6. Unmount and unload the encrypted dataset keys
-# 7. Attempt to receive a snapshot stream to an encrypted child
+#  1. Snapshot the default dataset
+#  2. Create an encrypted dataset
+#  3. Attempt to receive a stream to an encrypted child
+#  4. Unload the key
+#  5. Attempt to receive an incremental stream to an encrypted child (must fail)
+#  6. Attempt to receive a stream with properties to an unencrypted child
+#  7. Attempt to receive an incremental stream to an unencrypted child
+#  8. Attempt to receive with -o encryption=off to an unencrypted child
+#  9. Attempt to receive a replication stream to an unencrypted child
+# 10. Attempt to receive a snapshot stream to an encrypted child (must fail)
 #
 
 verify_runnable "both"
 
 function cleanup
 {
 	snapexists $snap && destroy_dataset $snap -f
+	snapexists $snap2 && destroy_dataset $snap2 -f
 
 	datasetexists $TESTPOOL/$TESTFS1 && \
 		destroy_dataset $TESTPOOL/$TESTFS1 -r
@@ -50,26 +54,35 @@ log_assert "ZFS should receive encrypted filesystems into child dataset"
 
 typeset passphrase="password"
 typeset snap="$TESTPOOL/$TESTFS@snap"
+typeset snap2="$TESTPOOL/$TESTFS@snap2"
 typeset testfile="testfile"
 
 log_must zfs snapshot $snap
+log_must zfs snapshot $snap2
 
 log_must eval "echo $passphrase | zfs create -o encryption=on" \
 	"-o keyformat=passphrase $TESTPOOL/$TESTFS1"
 
 log_note "Verifying ZFS will receive to an encrypted child"
-log_must eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c1"
+log_must eval "zfs send $snap | zfs receive -u $TESTPOOL/$TESTFS1/c1"
 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c1)" != "off"
 
 # Unload the key, the following tests won't require it and we will test
 # the receive checks as well.
 log_must zfs unmount $TESTPOOL/$TESTFS1
 log_must zfs unload-key $TESTPOOL/$TESTFS1
 
+log_note "Verifying ZFS will not receive an incremental into an encrypted" \
+	 "dataset when the key is unloaded"
+log_mustnot eval "zfs send -i $snap $snap2 | zfs receive $TESTPOOL/$TESTFS1/c1"
+
 log_note "Verifying 'send -p' will receive to an unencrypted child"
-log_must eval "zfs send -p $snap | zfs receive $TESTPOOL/$TESTFS1/c2"
+log_must eval "zfs send -p $snap | zfs receive -u $TESTPOOL/$TESTFS1/c2"
 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS1/c2)" == "off"
 
+log_note "Verifying 'send -i' will receive to an unencrypted child"
+log_must eval "zfs send -i $snap $snap2 | zfs receive $TESTPOOL/$TESTFS1/c2"
+
 # For completeness add the property override case.
 log_note "Verifying recv -o encyption=off' will receive to an unencrypted child"
 log_must eval "zfs send $snap | \