bdd6b77e mckusick Dec. 6, 2018, 1:04 a.m.
deletion is active, specifically after a call to ffs_blkrelease_start()
but before the call to ffs_blkrelease_finish(), ffs_blkrelease_start()
will have handed out SINGLETON_KEY rather than starting a collection
sequence. Thus if we get a SINGLETON_KEY passed to ffs_blkrelease_finish(),
we just return rather than trying to finish the nonexistent sequence.

Reported by:  Warner Losh (imp@)
Sponsored by: Netflix
cgit ViewVC
14ed4acf sjg Dec. 6, 2018, 12:13 a.m.
fb14e73c mckusick Dec. 6, 2018, 12:09 a.m.
superblock has a check-hash error, an error message noting the
superblock check-hash failure is printed and the mount fails. The
administrator then runs fsck to repair the filesystem and when
successful, the filesystem can once again be mounted.

This approach fails if the filesystem in question is a root filesystem
from which you are trying to boot. Here, the loader fails when trying
to access the filesystem to get the kernel to boot. So it is necessary
to allow the loader to ignore the superblock check-hash error and make
a best effort to read the kernel. The filesystem may be suffiently
corrupted that the read attempt fails, but there is no harm in trying
since the loader makes no attempt to write to the filesystem.

Once the kernel is loaded and starts to run, it attempts to mount its
root filesystem. Once again, failure means that it breaks to its prompt
to ask where to get its root filesystem. Unless you have an alternate
root filesystem, you are stuck.

Since the root filesystem is initially mounted read-only, it is
safe to make an attempt to mount the root filesystem with the failed
superblock check-hash. Thus, when asked to mount a root filesystem
with a failed superblock check-hash, the kernel prints a warning
message that the root filesystem superblock check-hash needs repair,
but notes that it is ignoring the error and proceeding. It does
mark the filesystem as needing an fsck which prevents it from being
enabled for writing until fsck has been run on it. The net effect
is that the reboot fails to single user, but at least at that point
the administrator has the tools at hand to fix the problem.

Reported by:    Rick Macklem (rmacklem@)
Discussed with: Warner Losh (imp@)
Sponsored by:   Netflix
cgit ViewVC
369d9a2c kp Dec. 5, 2018, 7:53 p.m.
Repeat the pfsync test, this time with the 'defer' option enabled. This
exercises slightly different code paths.
cgit ViewVC
827c3852 brooks Dec. 5, 2018, 7:18 p.m.
With the removal of BOOTCDROM and fastboot support, this code always
passed "-s" or "--". The latter simply terminates getopt(3) processing
in init so we only need to pass "-s" in the single user case, or nothing
in other cases.

The passing of "--" seems to have been done to ensure that the number of
arguments passed to init was always the same and thus that argc was the

Also GC the write-only variable pathlen (not in reviewed version).

Reviewed by:	kib, jhb
Sponsored by:	DARPA, AFRL
Differential Revision:
cgit ViewVC
749cdf6f alc Dec. 5, 2018, 6:26 p.m.
cursor == 0.

Every call to blst_meta_alloc but the one at the root is made only when the
meta-node is known to include a free block, so that either the allocation
will succeed, the node hint will be updated, or the last block of the meta-
node range is, and remains, free.  But the call at the root is made without
checking that there is a free block, so in the case that every block is
allocated, there is no hint update to prevent the current code from looping

Submitted by:	Doug Moore <>
Reported by:	pho
Reviewed by:	pho
Tested by:	pho
X-MFC with:	r340402
Differential Revision:
cgit ViewVC
5e97950d markj Dec. 5, 2018, 6:19 p.m.
Reported by:	kbowling
MFC after:	3 days
cgit ViewVC
68ea829f brooks Dec. 5, 2018, 5:35 p.m.
This has been ifdef notyet since the import of BSD 4.4 Lite Kernel
Sources in r1541.

Sponsored by:	DARPA, AFRL
cgit ViewVC
b53cb02d behlendorf1 Dec. 5, 2018, 5:33 p.m.
When receiving a send stream with forced rollback on a dataset with
snapshots zfs suggests said snapshots must be removed to successfully
receive the stream; however the message is misleading because it
prints the dataset name instead of one of its snapshots.

   $ sudo zfs snap pp/recvfs@snap-orig
   $ sudo zfs recv -F pp/recvfs < sendstream
   cannot receive new filesystem stream: destination has snapshots (eg. pp/recvfs)
   must destroy them to overwrite it

This change simply restores the snapshot name in the error message.

Reviewed-by: George Melikov <>
Reviewed-by: Brian Behlendorf <>
Signed-off-by: loli10K <>
Closes #8167
2aa398f3 behlendorf1 Dec. 5, 2018, 5:31 p.m.
This fixes the build when cross-compiling, where the preprocessor might
be prefixed.

Reviewed-by: George Melikov <>
Reviewed-by: Brian Behlendorf <>
Reviewed-by: Tony Hutter <>
Signed-off-by: Ben Wolsieffer <>
Closes #8180
e3c85c09 behlendorf1 Dec. 5, 2018, 5:30 p.m.
This one line patch moves an assert in the function dump_dir()
below an error check that ensures it ran correctly. This ensures
zdb dumps the error that actually caused the problem, as opposed
to one of its symptoms.

Reviewed-by: George Melikov <>
Reviewed-by: Brian Behlendorf <>
Signed-off-by: Tom Caputi <>
Closes #8171
78e21394 noreply Dec. 5, 2018, 5:29 p.m.
Commit 4c5b89f59 refactored dnode_hold() and in the process
accidentally introduced a slight change in behavior which was
not intended.  The required behavior is that once the ZPL,
or other consumer, declares its intent to free a dnode then
dnode_hold() should immediately start failing.  This updated
code wouldn't return the failure until after it was freed.

When DNODE_MUST_BE_ALLOCATED is set it must return ENOENT, and
when DNODE_MUST_BE_FREE is set it must return EEXIST;

This issue was uncovered by ztest_remap() which attempted
to remap a freeing object which should have been skipped as
described by the comment in dmu_objset_remap_indirects_impl().

Reviewed-by: George Melikov <>
Reviewed-by: Tom Caputi <>
Reviewed-by: Olaf Faaland <>
Signed-off-by: Brian Behlendorf <>
Closes #8172
7a5db3a7 brooks Dec. 5, 2018, 5:29 p.m.
When BOOTCDROM is defined (via CFLAGS as there is no config option)
it causes -C to be passed to init, but our init and the version of
sysinstall I glanced at in 6.x don't support -C. The last plausibly
related support was removed from the tree in 1995.

Reviewed by:	kib
Sponsored by:	DARPA, AFRL
Differential Revision:
cgit ViewVC
006678fd asomers Dec. 5, 2018, 5:28 p.m.
The list of syscalls that modify st_atim, st_mtim, and st_ctim was quite out
of date and probably not accurate to begin with.  Update it, and make it
clear that the list is open-ended.

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:
cgit ViewVC
9d2877fc markj Dec. 5, 2018, 5:06 p.m.
Memory beyond that limit was previously unused, wasting roughly 1MB per
8GB of RAM.  Also retire INP_PCBLBGROUP_PORTHASH, which was identical to

Reviewed by:	glebius
MFC after:	2 weeks
Differential Revision:
cgit ViewVC