diff options
author | Keith M Wesolowski <wesolows@foobazco.org> | 2013-07-08 15:55:18 +0000 |
---|---|---|
committer | Keith M Wesolowski <wesolows@foobazco.org> | 2013-07-17 18:10:37 +0000 |
commit | a10b75ba73b72084745194b447c6efa6db5c9125 (patch) | |
tree | bc2245817b9b963831d2cae845117b810132cec0 | |
parent | 561cd70963fd3f154ab8378b9d1fafa576c8677f (diff) | |
download | illumos-joyent-a10b75ba73b72084745194b447c6efa6db5c9125.tar.gz |
OS-2345 panic in zfs_root() due to NULL z_os
-rw-r--r-- | usr/src/uts/common/fs/zfs/dmu_objset.c | 33 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/dmu_send.c | 9 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/dsl_dataset.c | 72 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/sys/dmu_objset.h | 1 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/sys/dmu_send.h | 3 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/sys/dsl_dataset.h | 4 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/zfs_ioctl.c | 13 | ||||
-rw-r--r-- | usr/src/uts/common/fs/zfs/zfs_vfsops.c | 93 |
8 files changed, 165 insertions, 63 deletions
diff --git a/usr/src/uts/common/fs/zfs/dmu_objset.c b/usr/src/uts/common/fs/zfs/dmu_objset.c index 572b02a16c..a19902aa42 100644 --- a/usr/src/uts/common/fs/zfs/dmu_objset.c +++ b/usr/src/uts/common/fs/zfs/dmu_objset.c @@ -517,6 +517,39 @@ dmu_objset_rele(objset_t *os, void *tag) dsl_pool_rele(dp, tag); } +/* + * When we are called, os MUST refer to an objset associated with a dataset + * that is owned by 'tag'; that is, is held and long held by 'tag' and ds_owner + * == tag. We will then release and reacquire ownership of the dataset while + * holding the pool config_rwlock to avoid intervening namespace or ownership + * changes may occur. + * + * This exists solely to accommodate zfs_ioc_userspace_upgrade()'s desire to + * release the hold on its dataset and acquire a new one on the dataset of the + * same name so that it can be partially torn down and reconstructed. + */ +void +dmu_objset_refresh_ownership(objset_t *os, void *tag) +{ + dsl_pool_t *dp; + dsl_dataset_t *ds, *newds; + char name[MAXNAMELEN]; + int err; + + ds = os->os_dsl_dataset; + VERIFY3P(ds, !=, NULL); + VERIFY3P(ds->ds_owner, ==, tag); + VERIFY(dsl_dataset_long_held(ds)); + + dsl_dataset_name(ds, name); + dp = dmu_objset_pool(os); + dsl_pool_config_enter(dp, FTAG); + dmu_objset_disown(os, tag); + VERIFY0(dsl_dataset_own(dp, name, tag, &newds)); + VERIFY3P(newds, ==, os->os_dsl_dataset); + dsl_pool_rele(dp, FTAG); +} + void dmu_objset_disown(objset_t *os, void *tag) { diff --git a/usr/src/uts/common/fs/zfs/dmu_send.c b/usr/src/uts/common/fs/zfs/dmu_send.c index 843516325e..83cac19497 100644 --- a/usr/src/uts/common/fs/zfs/dmu_send.c +++ b/usr/src/uts/common/fs/zfs/dmu_send.c @@ -1547,7 +1547,7 @@ dmu_recv_end_check(void *arg, dmu_tx_t *tx) if (error != 0) return (error); error = dsl_dataset_clone_swap_check_impl(drc->drc_ds, - origin_head, drc->drc_force); + origin_head, drc->drc_force, drc->drc_owner, tx); if (error != 0) { dsl_dataset_rele(origin_head, FTAG); return (error); @@ -1599,6 +1599,9 @@ dmu_recv_end_sync(void *arg, dmu_tx_t *tx) dsl_dataset_rele(origin_head, FTAG); dsl_destroy_head_sync_impl(drc->drc_ds, tx); + + if (drc->drc_owner != NULL) + VERIFY3P(origin_head->ds_owner, ==, drc->drc_owner); } else { dsl_dataset_t *ds = drc->drc_ds; @@ -1698,8 +1701,10 @@ dmu_recv_new_end(dmu_recv_cookie_t *drc) } int -dmu_recv_end(dmu_recv_cookie_t *drc) +dmu_recv_end(dmu_recv_cookie_t *drc, void *owner) { + drc->drc_owner = owner; + if (drc->drc_newfs) return (dmu_recv_new_end(drc)); else diff --git a/usr/src/uts/common/fs/zfs/dsl_dataset.c b/usr/src/uts/common/fs/zfs/dsl_dataset.c index e455c2b712..2a3f162faf 100644 --- a/usr/src/uts/common/fs/zfs/dsl_dataset.c +++ b/usr/src/uts/common/fs/zfs/dsl_dataset.c @@ -1694,16 +1694,52 @@ dsl_dataset_rename_snapshot(const char *fsname, dsl_dataset_rename_snapshot_sync, &ddrsa, 1)); } +/* + * If we're doing an ownership handoff, we need to make sure that there is + * only one long hold on the dataset. We're not allowed to change anything here + * so we don't permanently release the long hold or regular hold here. We want + * to do this only when syncing to avoid the dataset unexpectedly going away + * when we release the long hold. + */ +static int +dsl_dataset_handoff_check(dsl_dataset_t *ds, void *owner, dmu_tx_t *tx) +{ + boolean_t held; + + if (!dmu_tx_is_syncing(tx)) + return (0); + + if (owner != NULL) { + VERIFY3P(ds->ds_owner, ==, owner); + dsl_dataset_long_rele(ds, owner); + } + + held = dsl_dataset_long_held(ds); + + if (owner != NULL) + dsl_dataset_long_hold(ds, owner); + + if (held) + return (SET_ERROR(EBUSY)); + + return (0); +} + +typedef struct dsl_dataset_rollback_arg { + const char *ddra_fsname; + void *ddra_owner; +} dsl_dataset_rollback_arg_t; + static int dsl_dataset_rollback_check(void *arg, dmu_tx_t *tx) { - const char *fsname = arg; + dsl_dataset_rollback_arg_t *ddra = arg; dsl_pool_t *dp = dmu_tx_pool(tx); dsl_dataset_t *ds; int64_t unused_refres_delta; int error; - error = dsl_dataset_hold(dp, fsname, FTAG, &ds); + error = dsl_dataset_hold(dp, ddra->ddra_fsname, FTAG, &ds); if (error != 0) return (error); @@ -1719,9 +1755,10 @@ dsl_dataset_rollback_check(void *arg, dmu_tx_t *tx) return (SET_ERROR(EINVAL)); } - if (dsl_dataset_long_held(ds)) { + error = dsl_dataset_handoff_check(ds, ddra->ddra_owner, tx); + if (error != 0) { dsl_dataset_rele(ds, FTAG); - return (SET_ERROR(EBUSY)); + return (error); } /* @@ -1758,12 +1795,12 @@ dsl_dataset_rollback_check(void *arg, dmu_tx_t *tx) static void dsl_dataset_rollback_sync(void *arg, dmu_tx_t *tx) { - const char *fsname = arg; + dsl_dataset_rollback_arg_t *ddra = arg; dsl_pool_t *dp = dmu_tx_pool(tx); dsl_dataset_t *ds, *clone; uint64_t cloneobj; - VERIFY0(dsl_dataset_hold(dp, fsname, FTAG, &ds)); + VERIFY0(dsl_dataset_hold(dp, ddra->ddra_fsname, FTAG, &ds)); cloneobj = dsl_dataset_create_sync(ds->ds_dir, "%rollback", ds->ds_prev, DS_CREATE_FLAG_NODIRTY, kcred, tx); @@ -1779,11 +1816,26 @@ dsl_dataset_rollback_sync(void *arg, dmu_tx_t *tx) dsl_dataset_rele(ds, FTAG); } +/* + * If owner != NULL: + * + * - The existing dataset MUST be owned by the specified owner at entry + * - Upon return, dataset will still be held by the same owner, whether we + * succeed or not. + * + * This mode is required any time the existing filesystem is mounted. See + * notes above zfs_suspend_fs() for further details. + */ int -dsl_dataset_rollback(const char *fsname) +dsl_dataset_rollback(const char *fsname, void *owner) { + dsl_dataset_rollback_arg_t ddra; + + ddra.ddra_fsname = fsname; + ddra.ddra_owner = owner; + return (dsl_sync_task(fsname, dsl_dataset_rollback_check, - dsl_dataset_rollback_sync, (void *)fsname, 1)); + dsl_dataset_rollback_sync, (void *)&ddra, 1)); } struct promotenode { @@ -2301,7 +2353,7 @@ dsl_dataset_promote(const char *name, char *conflsnap) int dsl_dataset_clone_swap_check_impl(dsl_dataset_t *clone, - dsl_dataset_t *origin_head, boolean_t force) + dsl_dataset_t *origin_head, boolean_t force, void *owner, dmu_tx_t *tx) { int64_t unused_refres_delta; @@ -2330,7 +2382,7 @@ dsl_dataset_clone_swap_check_impl(dsl_dataset_t *clone, return (SET_ERROR(ETXTBSY)); /* origin_head should have no long holds (e.g. is not mounted) */ - if (dsl_dataset_long_held(origin_head)) + if (dsl_dataset_handoff_check(origin_head, owner, tx)) return (SET_ERROR(EBUSY)); /* check amount of any unconsumed refreservation */ diff --git a/usr/src/uts/common/fs/zfs/sys/dmu_objset.h b/usr/src/uts/common/fs/zfs/sys/dmu_objset.h index 9e52329286..f1f5ac2028 100644 --- a/usr/src/uts/common/fs/zfs/sys/dmu_objset.h +++ b/usr/src/uts/common/fs/zfs/sys/dmu_objset.h @@ -136,6 +136,7 @@ struct objset { int dmu_objset_hold(const char *name, void *tag, objset_t **osp); int dmu_objset_own(const char *name, dmu_objset_type_t type, boolean_t readonly, void *tag, objset_t **osp); +void dmu_objset_refresh_ownership(objset_t *os, void *tag); void dmu_objset_rele(objset_t *os, void *tag); void dmu_objset_disown(objset_t *os, void *tag); int dmu_objset_from_ds(struct dsl_dataset *ds, objset_t **osp); diff --git a/usr/src/uts/common/fs/zfs/sys/dmu_send.h b/usr/src/uts/common/fs/zfs/sys/dmu_send.h index ee0885a60f..6442b20f7b 100644 --- a/usr/src/uts/common/fs/zfs/sys/dmu_send.h +++ b/usr/src/uts/common/fs/zfs/sys/dmu_send.h @@ -55,12 +55,13 @@ typedef struct dmu_recv_cookie { struct avl_tree *drc_guid_to_ds_map; zio_cksum_t drc_cksum; uint64_t drc_newsnapobj; + void *drc_owner; } dmu_recv_cookie_t; int dmu_recv_begin(char *tofs, char *tosnap, struct drr_begin *drrb, boolean_t force, char *origin, dmu_recv_cookie_t *drc); int dmu_recv_stream(dmu_recv_cookie_t *drc, struct vnode *vp, offset_t *voffp, int cleanup_fd, uint64_t *action_handlep); -int dmu_recv_end(dmu_recv_cookie_t *drc); +int dmu_recv_end(dmu_recv_cookie_t *drc, void *owner); #endif /* _DMU_SEND_H */ diff --git a/usr/src/uts/common/fs/zfs/sys/dsl_dataset.h b/usr/src/uts/common/fs/zfs/sys/dsl_dataset.h index 58e4c58286..2a6e0b85a3 100644 --- a/usr/src/uts/common/fs/zfs/sys/dsl_dataset.h +++ b/usr/src/uts/common/fs/zfs/sys/dsl_dataset.h @@ -247,7 +247,7 @@ void dsl_dataset_long_rele(dsl_dataset_t *ds, void *tag); boolean_t dsl_dataset_long_held(dsl_dataset_t *ds); int dsl_dataset_clone_swap_check_impl(dsl_dataset_t *clone, - dsl_dataset_t *origin_head, boolean_t force); + dsl_dataset_t *origin_head, boolean_t force, void *owner, dmu_tx_t *tx); void dsl_dataset_clone_swap_sync_impl(dsl_dataset_t *clone, dsl_dataset_t *origin_head, dmu_tx_t *tx); int dsl_dataset_snapshot_check_impl(dsl_dataset_t *ds, const char *snapname, @@ -264,7 +264,7 @@ int dsl_dataset_snap_lookup(dsl_dataset_t *ds, const char *name, int dsl_dataset_snap_remove(dsl_dataset_t *ds, const char *name, dmu_tx_t *tx); void dsl_dataset_set_refreservation_sync_impl(dsl_dataset_t *ds, zprop_source_t source, uint64_t value, dmu_tx_t *tx); -int dsl_dataset_rollback(const char *fsname); +int dsl_dataset_rollback(const char *fsname, void *owner); #ifdef ZFS_DEBUG #define dprintf_ds(ds, fmt, ...) do { \ diff --git a/usr/src/uts/common/fs/zfs/zfs_ioctl.c b/usr/src/uts/common/fs/zfs/zfs_ioctl.c index cd7be6d353..7a15cd4a40 100644 --- a/usr/src/uts/common/fs/zfs/zfs_ioctl.c +++ b/usr/src/uts/common/fs/zfs/zfs_ioctl.c @@ -3544,13 +3544,13 @@ zfs_ioc_rollback(zfs_cmd_t *zc) if (error == 0) { int resume_err; - error = dsl_dataset_rollback(zc->zc_name); + error = dsl_dataset_rollback(zc->zc_name, zfsvfs); resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); error = error ? error : resume_err; } VFS_RELE(zfsvfs->z_vfs); } else { - error = dsl_dataset_rollback(zc->zc_name); + error = dsl_dataset_rollback(zc->zc_name, NULL); } return (error); } @@ -4070,13 +4070,13 @@ zfs_ioc_recv(zfs_cmd_t *zc) * If the suspend fails, then the recv_end will * likely also fail, and clean up after itself. */ - end_err = dmu_recv_end(&drc); + end_err = dmu_recv_end(&drc, zfsvfs); if (error == 0) error = zfs_resume_fs(zfsvfs, tofs); error = error ? error : end_err; VFS_RELE(zfsvfs->z_vfs); } else { - error = dmu_recv_end(&drc); + error = dmu_recv_end(&drc, NULL); } } @@ -4557,8 +4557,11 @@ zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) * objset_phys_t). Suspend/resume the fs will do that. */ error = zfs_suspend_fs(zfsvfs); - if (error == 0) + if (error == 0) { + dmu_objset_refresh_ownership(zfsvfs->z_os, + zfsvfs); error = zfs_resume_fs(zfsvfs, zc->zc_name); + } } if (error == 0) error = dmu_objset_userspace_upgrade(zfsvfs->z_os); diff --git a/usr/src/uts/common/fs/zfs/zfs_vfsops.c b/usr/src/uts/common/fs/zfs/zfs_vfsops.c index c7d4444722..7a6437cbd4 100644 --- a/usr/src/uts/common/fs/zfs/zfs_vfsops.c +++ b/usr/src/uts/common/fs/zfs/zfs_vfsops.c @@ -2056,7 +2056,9 @@ zfs_vget(vfs_t *vfsp, vnode_t **vpp, fid_t *fidp) * Block out VOPs and close zfsvfs_t::z_os * * Note, if successful, then we return with the 'z_teardown_lock' and - * 'z_teardown_inactive_lock' write held. + * 'z_teardown_inactive_lock' write held. We leave ownership of the underlying + * dataset and objset intact so that they can be atomically handed off during + * a subsequent rollback or recv operation and the resume thereafter. */ int zfs_suspend_fs(zfsvfs_t *zfsvfs) @@ -2065,71 +2067,76 @@ zfs_suspend_fs(zfsvfs_t *zfsvfs) if ((error = zfsvfs_teardown(zfsvfs, B_FALSE)) != 0) return (error); - dmu_objset_disown(zfsvfs->z_os, zfsvfs); return (0); } /* - * Reopen zfsvfs_t::z_os and release VOPs. + * Rebuild SA and release VOPs. Note that ownership of the underlying dataset + * is an invariant across any of the operations that can be performed while the + * filesystem was suspended. Whether it succeeded or failed, the preconditions + * are the same: the relevant objset and associated dataset are owned by + * zfsvfs, held, and long held on entry. */ int zfs_resume_fs(zfsvfs_t *zfsvfs, const char *osname) { int err; + znode_t *zp; + uint64_t sa_obj = 0; ASSERT(RRW_WRITE_HELD(&zfsvfs->z_teardown_lock)); ASSERT(RW_WRITE_HELD(&zfsvfs->z_teardown_inactive_lock)); - err = dmu_objset_own(osname, DMU_OST_ZFS, B_FALSE, zfsvfs, - &zfsvfs->z_os); - if (err) { - zfsvfs->z_os = NULL; - } else { - znode_t *zp; - uint64_t sa_obj = 0; + /* + * We already own this, so just hold and rele it to update the + * objset_t, as the one we had before may have been evicted. + */ + VERIFY0(dmu_objset_hold(osname, zfsvfs, &zfsvfs->z_os)); + VERIFY3P(zfsvfs->z_os->os_dsl_dataset->ds_owner, ==, zfsvfs); + VERIFY(dsl_dataset_long_held(zfsvfs->z_os->os_dsl_dataset)); + dmu_objset_rele(zfsvfs->z_os, zfsvfs); - /* - * Make sure version hasn't changed - */ + /* + * Make sure version hasn't changed + */ - err = zfs_get_zplprop(zfsvfs->z_os, ZFS_PROP_VERSION, - &zfsvfs->z_version); + err = zfs_get_zplprop(zfsvfs->z_os, ZFS_PROP_VERSION, + &zfsvfs->z_version); - if (err) - goto bail; + if (err) + goto bail; - err = zap_lookup(zfsvfs->z_os, MASTER_NODE_OBJ, - ZFS_SA_ATTRS, 8, 1, &sa_obj); + err = zap_lookup(zfsvfs->z_os, MASTER_NODE_OBJ, + ZFS_SA_ATTRS, 8, 1, &sa_obj); - if (err && zfsvfs->z_version >= ZPL_VERSION_SA) - goto bail; + if (err && zfsvfs->z_version >= ZPL_VERSION_SA) + goto bail; - if ((err = sa_setup(zfsvfs->z_os, sa_obj, - zfs_attr_table, ZPL_END, &zfsvfs->z_attr_table)) != 0) - goto bail; + if ((err = sa_setup(zfsvfs->z_os, sa_obj, + zfs_attr_table, ZPL_END, &zfsvfs->z_attr_table)) != 0) + goto bail; - if (zfsvfs->z_version >= ZPL_VERSION_SA) - sa_register_update_callback(zfsvfs->z_os, - zfs_sa_upgrade); + if (zfsvfs->z_version >= ZPL_VERSION_SA) + sa_register_update_callback(zfsvfs->z_os, + zfs_sa_upgrade); - VERIFY(zfsvfs_setup(zfsvfs, B_FALSE) == 0); + VERIFY(zfsvfs_setup(zfsvfs, B_FALSE) == 0); - zfs_set_fuid_feature(zfsvfs); + zfs_set_fuid_feature(zfsvfs); - /* - * Attempt to re-establish all the active znodes with - * their dbufs. If a zfs_rezget() fails, then we'll let - * any potential callers discover that via ZFS_ENTER_VERIFY_VP - * when they try to use their znode. - */ - mutex_enter(&zfsvfs->z_znodes_lock); - for (zp = list_head(&zfsvfs->z_all_znodes); zp; - zp = list_next(&zfsvfs->z_all_znodes, zp)) { - (void) zfs_rezget(zp); - } - mutex_exit(&zfsvfs->z_znodes_lock); + /* + * Attempt to re-establish all the active znodes with + * their dbufs. If a zfs_rezget() fails, then we'll let + * any potential callers discover that via ZFS_ENTER_VERIFY_VP + * when they try to use their znode. + */ + mutex_enter(&zfsvfs->z_znodes_lock); + for (zp = list_head(&zfsvfs->z_all_znodes); zp; + zp = list_next(&zfsvfs->z_all_znodes, zp)) { + (void) zfs_rezget(zp); } + mutex_exit(&zfsvfs->z_znodes_lock); bail: /* release the VOPs */ @@ -2138,8 +2145,8 @@ bail: if (err) { /* - * Since we couldn't reopen zfsvfs::z_os, or - * setup the sa framework force unmount this file system. + * Since we couldn't setup the sa framework, try to force + * unmount this file system. */ if (vn_vfswlock(zfsvfs->z_vfs->vfs_vnodecovered) == 0) (void) dounmount(zfsvfs->z_vfs, MS_FORCE, CRED()); |