key lookup failure should always return EACCES

spa_do_crypt_abd() already maps a missing key to EACCES. However
spa_do_crypt_mac_abd(), spa_do_crypt_objset_mac_abd(), and
spa_crypt_get_salt() still return the raw
spa_keystore_lookup_key() error (ENOENT). This is inconsistent
As we want to treat all “no key” failures as a permission
failure. Standardize on EACCES for the unloaded-key case.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alek Pinchuk <alek.pinchuk@connectwise.com>
Closes #18448

Author: alek-p

module/zfs/arc.c

@@ -1874,7 +1874,7 @@ arc_hdr_authenticate(arc_buf_hdr_t *hdr, spa_t *spa, uint64_t dsobj)
 
 	if (ret == 0)
 		arc_hdr_clear_flags(hdr, ARC_FLAG_NOAUTH);
-	else if (ret == ENOENT)
+	else if (ret == EACCES)
 		ret = 0;
 
 	if (free_abd)

module/zfs/dsl_crypt.c

@@ -2677,23 +2677,16 @@ int
 spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt)
 {
 	int ret;
-	dsl_crypto_key_t *dck = NULL;
+	dsl_crypto_key_t *dck;
 
 	/* look up the key from the spa's keystore */
 	ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck);
 	if (ret != 0)
-		goto error;
+		return (SET_ERROR(EACCES));
 
 	ret = zio_crypt_key_get_salt(&dck->dck_key, salt);
-	if (ret != 0)
-		goto error;
-
 	spa_keystore_dsl_key_rele(spa, dck, FTAG);
-	return (0);
 
-error:
-	if (dck != NULL)
-		spa_keystore_dsl_key_rele(spa, dck, FTAG);
 	return (ret);
 }
 
@@ -2708,25 +2701,27 @@ spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj,
     abd_t *abd, uint_t datalen, boolean_t byteswap)
 {
 	int ret;
-	dsl_crypto_key_t *dck = NULL;
-	void *buf = abd_borrow_buf_copy(abd, datalen);
-	objset_phys_t *osp = buf;
+	dsl_crypto_key_t *dck;
 	uint8_t portable_mac[ZIO_OBJSET_MAC_LEN];
 	uint8_t local_mac[ZIO_OBJSET_MAC_LEN];
 	const uint8_t zeroed_mac[ZIO_OBJSET_MAC_LEN] = {0};
 
 	/* look up the key from the spa's keystore */
 	ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck);
 	if (ret != 0)
-		goto error;
+		return (SET_ERROR(EACCES));
+
+	void *buf = abd_borrow_buf_copy(abd, datalen);
+	objset_phys_t *osp = buf;
 
 	/* calculate both HMACs */
 	ret = zio_crypt_do_objset_hmacs(&dck->dck_key, buf, datalen,
 	    byteswap, portable_mac, local_mac);
-	if (ret != 0)
-		goto error;
-
 	spa_keystore_dsl_key_rele(spa, dck, FTAG);
+	if (ret != 0) {
+		abd_return_buf(abd, buf, datalen);
+		return (ret);
+	}
 
 	/* if we are generating encode the HMACs in the objset_phys_t */
 	if (generate) {
@@ -2760,38 +2755,30 @@ spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj,
 	}
 
 	abd_return_buf(abd, buf, datalen);
-
 	return (0);
-
-error:
-	if (dck != NULL)
-		spa_keystore_dsl_key_rele(spa, dck, FTAG);
-	abd_return_buf(abd, buf, datalen);
-	return (ret);
 }
 
 int
 spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, abd_t *abd,
     uint_t datalen, uint8_t *mac)
 {
 	int ret;
-	dsl_crypto_key_t *dck = NULL;
-	uint8_t *buf = abd_borrow_buf_copy(abd, datalen);
+	dsl_crypto_key_t *dck;
 	uint8_t digestbuf[ZIO_DATA_MAC_LEN];
 
 	/* look up the key from the spa's keystore */
 	ret = spa_keystore_lookup_key(spa, dsobj, FTAG, &dck);
 	if (ret != 0)
-		goto error;
+		return (SET_ERROR(EACCES));
 
+	uint8_t *buf = abd_borrow_buf_copy(abd, datalen);
 	/* perform the hmac */
 	ret = zio_crypt_do_hmac(&dck->dck_key, buf, datalen,
 	    digestbuf, ZIO_DATA_MAC_LEN);
-	if (ret != 0)
-		goto error;
-
-	abd_return_buf(abd, buf, datalen);
 	spa_keystore_dsl_key_rele(spa, dck, FTAG);
+	abd_return_buf(abd, buf, datalen);
+	if (ret != 0)
+		return (ret);
 
 	/*
 	 * Truncate and fill in mac buffer if we were asked to generate a MAC.
@@ -2806,12 +2793,6 @@ spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, abd_t *abd,
 		return (SET_ERROR(ECKSUM));
 
 	return (0);
-
-error:
-	if (dck != NULL)
-		spa_keystore_dsl_key_rele(spa, dck, FTAG);
-	abd_return_buf(abd, buf, datalen);
-	return (ret);
 }
 
 /*