ZTS: snapdir: ensure mounts only occur when accessing beyond the snapdir
On Linux, automount only occurs for paths that are "beyond" the snapdir.
Accessing the snapdir itself eg with `stat()` does not itself trigger
the automount. Confirm that this is the case.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: ensure the SNAPSHOT_NO_SUID tunable performs correctly
When set, zfs_snapshot_no_setuid will add the nosuid option to new
snapdir mounts, preventing setuid executables from being run as a
different user.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: test that snapdir mounts are expired when idle
A snapdir mount that has not been used for some time should be
automatically unmounted. Test that that happens, and also that accessing
the mount resets the timer.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: test that explicit unmount allows new automount
It's always possible to manually unmount a snapdir mount. When that
happens, the next access should mount the snapshot again, even though
the snapmount system may have no knowledge that the unmount actually
happened.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: test ADMIN_SNAPSHOT=0 prevents snapdir admin ops
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapshot: remove need for snapdir admin feature in snapshot tests
The only reason it was enabled/used was to remove the snapshot automount
dirs during cleanup. Those are already removed when the snapshot is
destroyed, so it doesn't need to be done at all.
Disabling it also helps to ensure that we aren't accidentally using it
or relying on side-effects in the snapshot tests proper. Those effects
should be tested separately in a snapdir test.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: limit ADMIN_SNAPSHOT tunable use to the tests that need it
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: snapdir: cleanup
Rename tests to match their group and function, and removed unused
config vars.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ZTS: create snapdir test group, move relevant tests from snapshot group
The intent of the snapdir group is to test the behaviour of the snapshot
automount and admin facility itself. The snapshot group is left to test
the behaviour of snapshots and the data within, without worrying about
the behaviour of snapdirs beyond them working to provide access to the
snapshot data via the filesystem.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Ameer Hamza <ahamza at ixsystems.com>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18705
ABI: bump for spacemap condense
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
zts: add test for log spacemap flushall + zpool condense
Sponsored-by: TrueNAS
Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
ztest: periodically start/stop log spacemap flush
Sponsored-by: TrueNAS
Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
log_spacemap: extend pool flushall to have "request" and "export" modes
Normally, log spacemaps are flushed out to the metaslabs when the pool
is exported. For large logs, this can lead to export taking an
inordinate amount of time.
This commit adds a "mode" parameter for the log spacemap "flushall"
operation, and functions for starting and stopping it in a particular
mode. The existing behaviour of flushing everything is now the "export"
mode.
Then, we add a new "request" mode, that can be triggered externally.
This activates the same flushall code, with a few differences:
- we only consider flushing metaslabs that were dirtied on the txg
before the flushall operation was started
- we close and issue the txg immediately when the flushall is active,
rather than wait for zfs_txg_timeout each time (similar to how scrub
[18 lines not shown]
log_spacemap: add counter for unflushed metaslabs
Useful for understanding, but also a convenient place to grab the
current count without needing to walk over the metaslab list.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
spa_stats: kstats for unflushed log spacemaps
Sponsored-by: TrueNAS
Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
zts: zpool-condense sanity tests
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #16747
zpool: add condense verb
The idea is to have a single command that could signal to any background
cleanup task that it should do its work faster, or care less about not
getting in the way of user IO, or whatever.
This adds the the `zpool condense` command, the `ZFS_IOC_POOL_CONDENSE`
ioctl and counters so userspace can get progress. Because the type could
be anything, there's no particular unit, just a total number of items to
condense and count of how many done.
Included is a "debug" condense type. In debug builds, issuing condense
with this type will start a background process that will simply bump the
condense counters every second for ten seconds. This is intended for use
by the test suite and for debugging the condense infrastructure itself,
and will be compiled out production builds.
Sponsored-by: TrueNAS
Sponsored-by: Klara, Inc.
[5 lines not shown]
ZTS: delegate: test send:encrypted
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18673
(cherry picked from commit 166a6672502c6398b3ef549d4a17f113f5cb2e8d)
ZTS: delegate: check send permissions on encrypted datasets
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18673
(cherry picked from commit bce9a8ef7d0b4c1b8e323ef2b045379177c20410)
ZTS: delegate: add encryption option for test fixture datasets
The delegate test framework doesn't care about the encryption status of
the dataset under test, so by adding an option to create with encryption
the framework can be used to check encryption-related permissions
without any further fanfare.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18673
(cherry picked from commit 8303a36488da79c13d0fcca4365d71d5180407c3)
ZTS: remove send_delegation tests
These tests are doing the same tests as delegate/zfs_allow_send, and are
hard to follow and maintain. There's no need for them now, so drop them.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18672
(cherry picked from commit 562b96ced9f28b8517913e5e9f7eaf1686db7cd0)
delegate: add 'send:encrypted' permission
send:encrypted is like send:raw, but only permits encrypted datasets to
be sent - raw send is not permitted for unencrypted datasets.
This commit creates the permission, wires it up, and adds the check for
it in zfs_secpolicy_send_impl(), if it is the last send permission
standing, the dataset is checked for its encryption state.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18673
(cherry picked from commit 97b9ba7a982e36d39a3cf7db271da2fab110769d)
ZTS: delegate: add test for send sub-permissions
Regular send and raw send are actually separate operations with separate
permissions. This adds a test to test the combinations properly using
the existing permission test infrastructure.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18672
(cherry picked from commit 4d1d00f9fe0c87b2334613a0efaa758275f938b8)
zfs_secpolicy_send: lift checks to common function for both
The permissions checks for send are a little involved because different
permissions grant different abilities, and there's two ways to initiate
a send.
This lifts the common permissions checks into a single function, and
ensures that we maintain a single dataset hold across all checks. This
will become important in the next commit when we need to check a
specific dataset property as part of the permission check.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18673
(cherry picked from commit f0d69e6b16d93ab49f1914a29e64d5df6e4f7bc2)
Linux 7.2: zpl_super: convert to sget_fc()
The old sget() superblock matcher has been removed in favour of the
fscontext-based sget_fc(). This converts to it. Its largely a signature
change, no functional change.
sget_fc() has existed since fscontext was introduced, so there's no need
for separate feature tests.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18677
linux/abd: remove BIO support functions
Not used since the "classic" vdev_disk implementation was removed in
5764e218ba.
Sponsored-by: TrueNAS
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Rob Norris <rob.norris at truenas.com>
Closes #18719
Using net/cloud-init to unpin specific python
These days freebsd 15/16 fail when fetching py311-cloud-init.
Switch to net/cloud-init to avoid python version pinning.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: tiehexue <tiehexue at hotmail.com>
Closes #18717
linux: handle mmap read beyond file size
When performing a mmap read past the end of a file there is no data to
read, so simply zero-fill the page and return success. zfs_getpage()
limits the range lock appropriately to cover the offset being read.
Reported-by: Iliya Polihronov (@vnsavage) (Automattic)
Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18715
RAIDZ: Fix parity regeneration/check condition
Profiling RAIDZ1/dRAID1 resilver I've noticed that they calculate
the parity twice for most of blocks: first to reconstruct the data
column and then to "verify" the parity column. Same time it is
obvious that parity generated from data reconstructed from the
parity will be identical to the original. The code even had this
condition, but it was overridden by ZIO_FLAG_RESILVER check.
I think the ZIO_FLAG_RESILVER condition is not right. Instead we
should check for parity_errors > 0, when we failed to read some
parity columns that we'll need to rewrite. It should not matter
if we are resilvering or just doing self healing on regular read.
Profiling shows this saving ~16% of ZFS CPU time when resilvering
RAIDZ1. RAIDZ2+ are out of luck, unless two disks are replaced
same time, since there is still a parity to verify.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18707
ZTS: Pass dec instead of hex to mknod
On Ubuntu 26.04 the default mknod command returns an error when
provided the major and minor numbers in hex. Switch to passing
decimal values.
Reviewed-by: Tino Reichardt <milky-zfs at mcmilk.de>
Reviewed-by: George Melikov <mail at gmelikov.ru>
Reviewed-by: Tony Hutter <hutter2 at llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18547