Extend dataset zfs_ioc_set_prop() secpolicy
When zc->zc_cookie is set this indicates to zfs_ioc_set_prop() that
these are received properties and ZPROP_HAS_RECVD will be set on the
dataset. This is only done as part of a `zfs receive` so additionally
apply the zfs_secpolicy_recv() policy. Individual property checks
continue to be handled by zfs_check_settable().
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18617
Fix uninitialized variable warning in vdev_prop_get()
Update vdev_prop_get_objid() to set objid on error as the comment
in vdev_prop_get() describes.
"objid is set to 0 when absent and the few cases that call
zap_lookup directly guard against this below."
This resolves the following possible uninitialized variable warning.
module/zfs/vdev.c: In function ‘vdev_prop_get’:
module/zfs/vdev.c:6913:12: error: ‘objid’ may be used uninitialized
in this function [-Werror=maybe-uninitialized]
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18616
sharenfs: Check for invalid characters
Check for invalid characters in sharenfs/sharesmb dataset props.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Tony Hutter <hutter2 at llnl.gov>
Closes #18613
Fix the integer type in zfs_ioc_userspace_many()
Fix the mismatched type in zfs_ioc_userspace_many() and limit the
number of entries returned to 1000. When a size larger than this
is requested the response is truncated, zfs_userspace() already
correctly handles short responses. Historically, zfs_userspace()
has requested 100 entries at a time, this cap allows for 10x larger
batch sizes if needed in the future.
Reported-by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
Reported-by: and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18615
When reading a vdev label skip libzfs_core_init()
There's no need to call libzfs_core_init() when `zdb -l` is used to
read a vdev label.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: tiehexue <tiehexue at hotmail.com>
Closes #18606
unit/zap: test that cursors correctly release all dnode holds
Cursors defer taking holds until they're needed, so if a cursor is
created but not used, it may still hold resources that it would have
cleaned up along the way, but never got chance to.
(this really happened in the first version of
zap_cursor_init_by_dnode(), so not a contrived case!)
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18603
unit/zap: basic cursor tests
These add a bunch of entries to the ZAP, and then ensure that a cursor
walk over the ZAP sees them all once and once only, and no others.
The serialization test takes it a bit further, by serializing and
recreating the cursor half way through and confirming it correctly picks
up from the same spot, and then recreating the cursor from serialized
again and confirming that it also see only the second set of entries.
This ensures that the serialized cursor state is fully self contained
and not reliant on anything left over in the ZAP itself at serialization
time.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18603
unit/zap: check mock dnode refcount before destruction
It should be back at 1, where it started.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18603
unit/mock_dmu: track dnode refcount changes
The thing under test will be taking and releasing dnode refs/holds. By
counting them and exposing the current count, we can assert in test
cleanup that we haven't missed releasing any, especially in cases where
the hold is held across multiple test steps.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18603
zap: add zap_cursor_init_by_dnode() & rework cursor resource lifetime
This commit adds zap_cursor_init_by_dnode() (and
zap_cursor_init_serialized_by_dnode()), which allow the target ZAP to
provided via an existing dnode rather than the traditional objset+object
pair.
This requires some reorganisation of the way that zap_cursor_t is
initialised. Up until now, zap_cursor_init() has merely stored the
objset, object, serialized form and prefetch flag, and left it until
zap_cursor_retrieve() to actually call zap_lock(). This makes a
_by_dnode() form complicated, because it is a held resource that needs
to be released, but might not be used if zap_cursor_retrieve() is not
called. So there's a bunch of state tracking required.
However, all cursor users immediately follow zap_cursor_init() with
zap_cursor_retrieve(), so there's nothing gained by delaying holds. This
allows us to simplify things, by calling zap_lock() directly in
zap_cursor_init() and retaining it until zap_cursor_fini().
[22 lines not shown]
dsl_scan: close errorscrub cursor on pause
If the cursor were ever to actively hold resources, not finalising it
would mean leaking those resources whenever the scrub is paused.
The cursor is already reinitialized from the stored serialized form
if/when it is resumed, so there's nothing we need from the old one, just
to release it.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18603
metaslab: expose condense_pct and sm_blksz tunables on Linux
Expose zfs_metaslab_condense_pct and zfs_metaslab_sm_blksz_* as
module parameters on Linux, matching their existing FreeBSD sysctls.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18594
nvpair: Check for un-terminated strings in packed nvlist
Add additional checks to verify a packed string or string array nvpair
is terminated. Or more specifically, verify doing a strlen() on the
prospective string does not overrun the packed nvlist buffer.
Also add additional checks in the libzfs_input_checks test case to
verify un-terminated strings, and add in a nvlist ioctl payload
fuzz test for good measure.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Tony Hutter <hutter2 at llnl.gov>
Closes #18604
zed: Prefer dRAID distributed spares to regular ones
One of the main dRAID features is avoiding single drive bottlenecks
by using distributed spares. Activation of regular spare will take
more time, during which the dRAID redundancy is even lower than in
case of RAIDZ. But regular spares might still be added to the pool
as a second line of defence, possibly shared by several vdevs.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18578
CI: add concurrency support to zfs-arm
The zfs-arm workflow was the only build/test workflow without a
concurrency block, so superseded runs were not cancelled.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18608
CI: apt-get update before purging host packages
The package removal ran against a stale package index and failed to
fetch a package that had been removed from the repository. Refresh
the index first.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18607
Closes #18609
enforce exact decompressed length for lz4, gzip, and zstd
Decompressors must expand a ZFS block to exactly the expected number
of bytes. Treat decompression to an unexpected length as failure, so
truncated or short output is not accepted as valid decompression. This
makes our handling of decompress return values consistent with the
decompression functions' APIs.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Alek Pinchuk <Alek.Pinchuk at connectwise.com>
Closes #18599
build: add ZFS_DEBUG Kconfig for copy-builtin
... so we can toggle ZFS debug assertions from the
Linux kernel build without having to regenerate the
ZFS patch.
Update the qemu test script to also set this kernel
config.
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Timothy Day <timday at thelustrecollective.com>
Co-authored-by: Timothy Day <timday at thelustrecollective.com>
Closes #18595
CI: skip smatch, zloop, and zfs-arm for documentation-only changes
Follow-up to #18518, which skipped the qemu matrix on doc-only PRs.
zloop, zfs-arm, and smatch are irrelevant to doc-only changes.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18601
CI: Lustre 6.16 kernel compatibility fix (#18602)
Almalinux 9,10 kernels now include a backport of Linux commit
v6.15-13744-g41cb08555c41 which renames the from_timer() function
to timer_container_of(). Apply the upstream Lustre compatibility
patch to our builds. This patch should be included in the next
Lustre release and can be dropped then.
ZFS-CI-Type: quick
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
zed: Prefer spares with matching rotational and size
Before this change zed tried to activate spares just in order they
are stored in configuration, which is quite arbitrary. To make
the result more optimal, sort the spares by their rotational status
and size, so that the most fitting ones have better chances.
To make it more visible, export the rotational status as a vdev
property. While at it, minimally fix vdev properties reading for
spare and L2ARC vdevs, having no ZAPs.
To keep the rotational status for spare activation purposes when
failed device is already gone, save it into the vdev config. The
same is for spare vdevs asize.
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18597
CI: Update checkstyle checkout action to v6
The checkstyle workflow was the only one still pinned to
actions/checkout at v4; the other workflows already use v6.
Bump it to match.
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18600
FreeBSD: Make it possible to build openzfs.ko with sanitizers
Add make options which let one respectively compile the kernel modules
with the address sanitizer, memory sanitizer, and undefined behaviour
sanitizer enabled. This makes it much easier to run the ZTS with those
sanitizers enabled.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Chris Longros <chris.longros at gmail.com>
Signed-off-by: Mark Johnston <markj at FreeBSD.org>
Closes #18596
Linux 5.6 compat: fix fs_parse API mismatch
Added m4 macro to check fs_parse API signature and wrappers. Before
5.6, fs_parse() took a struct fs_parameter_description which wraps
the parameter specs with name and enum pointers. From 5.6, the
description struct was removed and fs_parse() accepts the
fs_parameter_spec directly.
Reviewed-by: Rob Norris <robn at despairlabs.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: tiehexue <tiehexue at hotmail.com>
Closes #18585
spa: expose max_missing_tvds_cachefile and _scan on Linux
Register the two siblings of zfs_max_missing_tvds via
ZFS_MODULE_PARAM in spa.c
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18589
.github: update workflows README
Describe the current zfs-qemu pipeline, ci_type selection, supported
guests, and the code-checking and other auxiliary workflows.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Closes #18590
config: detect the right way to get pthreads
To get at userspace threads, we use a mix of -pthread and -lpthread to
compiler and/or linker. That's fine enough for the platforms we target
but its not exactly right (eg on Linux -pthread defines _REENTRANT, when
-lpthread does not), and won't work properly some other platforms that
we might end up on someday (eg illumos).
There's also a danger if we link together two compilations units, one
compiled with -pthread, one not, as calls between them may not properly
manage thread state.
Here we switch to use the AX_PTHREAD macro to detect the correct set of
flags for CFLAGS and LIBS, and add them to the default compilation
flags for all units.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18588
test_zap: cover all core ZAP operations
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18586
zap: expose _by_dnode() variants of remaining core functions
Exposes the remaining internal implementation functions:
- zap_update_by_dnode()
- zap_length_by_dnode()
- zap_get_stats_by_dnode()
And creates zap_contains_by_dnode(), followng the same structure as the
other functions.
Together, these complete the "core" ZAP _by_dnode() API for the test
suite to use.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18586
unit: TOPT make arg to pass test options through to the test binary
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18586
