From bb1be77a35d3cf5389a36f1d13935811962278c3 Mon Sep 17 00:00:00 2001 From: loli10K Date: Wed, 20 Feb 2019 03:41:18 +0100 Subject: Prevent user accounting on readonly pool Trying to mount a dataset from a readonly pool could inadvertently start the user accounting upgrade task, leading to the following failure: VERIFY3(tx->tx_threads == 2) failed (0 == 2) PANIC at txg.c:680:txg_wait_synced() Showing stack for process 2541 CPU: 2 PID: 2541 Comm: z_upgrade Tainted: P O 3.16.0-4-amd64 #1 Debian 3.16.51-3 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: [<0>] ? dump_stack+0x5d/0x78 [<0>] ? spl_panic+0xc9/0x110 [spl] [<0>] ? dnode_next_offset+0x1d4/0x2c0 [zfs] [<0>] ? dmu_object_next+0x77/0x130 [zfs] [<0>] ? dnode_rele_and_unlock+0x4d/0x120 [zfs] [<0>] ? txg_wait_synced+0x91/0x220 [zfs] [<0>] ? dmu_objset_id_quota_upgrade_cb+0x10f/0x140 [zfs] [<0>] ? dmu_objset_upgrade_task_cb+0xe3/0x170 [zfs] [<0>] ? taskq_thread+0x2cc/0x5d0 [spl] [<0>] ? wake_up_state+0x10/0x10 [<0>] ? taskq_thread_should_stop.part.3+0x70/0x70 [spl] [<0>] ? kthread+0xbd/0xe0 [<0>] ? kthread_create_on_node+0x180/0x180 [<0>] ? ret_from_fork+0x58/0x90 [<0>] ? kthread_create_on_node+0x180/0x180 This patch updates both functions responsible for checking if we can perform user accounting to verify the pool is not readonly. Reviewed-by: Alek Pinchuk Reviewed-by: Brian Behlendorf Signed-off-by: loli10K Closes #8424 --- module/zfs/dmu_objset.c | 6 +- tests/runfiles/linux.run | 3 +- .../zfs-tests/tests/functional/upgrade/Makefile.am | 3 +- .../functional/upgrade/upgrade_readonly_pool.ksh | 66 ++++++++++++++++++++++ 4 files changed, 74 insertions(+), 4 deletions(-) create mode 100755 tests/zfs-tests/tests/functional/upgrade/upgrade_readonly_pool.ksh diff --git a/module/zfs/dmu_objset.c b/module/zfs/dmu_objset.c index fa80e3a61..f95915b9e 100644 --- a/module/zfs/dmu_objset.c +++ b/module/zfs/dmu_objset.c @@ -2433,7 +2433,8 @@ dmu_objset_userobjspace_upgradable(objset_t *os) return (dmu_objset_type(os) == DMU_OST_ZFS && !dmu_objset_is_snapshot(os) && dmu_objset_userobjused_enabled(os) && - !dmu_objset_userobjspace_present(os)); + !dmu_objset_userobjspace_present(os) && + spa_writeable(dmu_objset_spa(os))); } boolean_t @@ -2442,7 +2443,8 @@ dmu_objset_projectquota_upgradable(objset_t *os) return (dmu_objset_type(os) == DMU_OST_ZFS && !dmu_objset_is_snapshot(os) && dmu_objset_projectquota_enabled(os) && - !dmu_objset_projectquota_present(os)); + !dmu_objset_projectquota_present(os) && + spa_writeable(dmu_objset_spa(os))); } void diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run index d6bc77a6b..b4dd29fae 100644 --- a/tests/runfiles/linux.run +++ b/tests/runfiles/linux.run @@ -841,7 +841,8 @@ tests = ['truncate_001_pos', 'truncate_002_pos', 'truncate_timestamps'] tags = ['functional', 'truncate'] [tests/functional/upgrade] -tests = ['upgrade_userobj_001_pos', 'upgrade_projectquota_001_pos'] +tests = ['upgrade_userobj_001_pos', 'upgrade_projectquota_001_pos', + 'upgrade_readonly_pool'] tags = ['functional', 'upgrade'] [tests/functional/user_namespace] diff --git a/tests/zfs-tests/tests/functional/upgrade/Makefile.am b/tests/zfs-tests/tests/functional/upgrade/Makefile.am index a774989cc..743baa484 100644 --- a/tests/zfs-tests/tests/functional/upgrade/Makefile.am +++ b/tests/zfs-tests/tests/functional/upgrade/Makefile.am @@ -3,7 +3,8 @@ dist_pkgdata_SCRIPTS = \ setup.ksh \ cleanup.ksh \ upgrade_userobj_001_pos.ksh \ - upgrade_projectquota_001_pos.ksh + upgrade_projectquota_001_pos.ksh \ + upgrade_readonly_pool.ksh dist_pkgdata_DATA = \ upgrade_common.kshlib diff --git a/tests/zfs-tests/tests/functional/upgrade/upgrade_readonly_pool.ksh b/tests/zfs-tests/tests/functional/upgrade/upgrade_readonly_pool.ksh new file mode 100755 index 000000000..750620e6d --- /dev/null +++ b/tests/zfs-tests/tests/functional/upgrade/upgrade_readonly_pool.ksh @@ -0,0 +1,66 @@ +#!/bin/ksh -p +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright 2019, loli10K . All rights reserved. +# + +. $STF_SUITE/tests/functional/upgrade/upgrade_common.kshlib + +# +# DESCRIPTION: +# User accounting upgrade should not be executed on readonly pool +# +# STRATEGY: +# 1. Create a pool with the feature@userobj_accounting disabled to simulate +# a legacy pool from a previous ZFS version. +# 2. Create a file on the "legecy" dataset and store its checksum +# 3. Enable feature@userobj_accounting on the pool and verify it is only +# "enabled" and not "active": upgrading starts when the filesystem is mounted +# 4. Export the pool and re-import is readonly, without mounting any filesystem +# 5. Try to mount the root dataset manually without the "ro" option, then verify +# filesystem status and the pool feature status (not "active") to ensure the +# pool "readonly" status is enforced. +# + +verify_runnable "global" + +TESTFILE="$TESTDIR/file.bin" + +log_assert "User accounting upgrade should not be executed on readonly pool" +log_onexit cleanup_upgrade + +# 1. Create a pool with the feature@userobj_accounting disabled to simulate +# a legacy pool from a previous ZFS version. +log_must zpool create -d -m $TESTDIR $TESTPOOL $TMPDEV + +# 2. Create a file on the "legecy" dataset +log_must touch $TESTDIR/file.bin + +# 3. Enable feature@userobj_accounting on the pool and verify it is only +# "enabled" and not "active": upgrading starts when the filesystem is mounted +log_must zpool set feature@userobj_accounting=enabled $TESTPOOL +log_must test "enabled" == "$(get_pool_prop 'feature@userobj_accounting' $TESTPOOL)" + +# 4. Export the pool and re-import is readonly, without mounting any filesystem +log_must zpool export $TESTPOOL +log_must zpool import -o readonly=on -N -d "$(dirname $TMPDEV)" $TESTPOOL + +# 5. Try to mount the root dataset manually without the "ro" option, then verify +# filesystem status and the pool feature status (not "active") to ensure the +# pool "readonly" status is enforced. +log_must mount -t zfs -o zfsutil $TESTPOOL $TESTDIR +log_must stat "$TESTFILE" +log_mustnot touch "$TESTFILE" +log_must test "enabled" == "$(get_pool_prop 'feature@userobj_accounting' $TESTPOOL)" + +log_pass "User accounting upgrade is not executed on readonly pool" -- cgit v1.2.3