async zvol minor node creation interferes with receive

[ahrens]

Motivation and Context

When we finish a zfs receive, dmu_recv_end_sync() calls
zvol_create_minors(async=TRUE). This kicks off some other threads that
create the minor device nodes (in /dev/zvol/poolname/...). These async
threads call zvol_prefetch_minors_impl() and zvol_create_minor(), which
both call dmu_objset_own(), which puts a "long hold" on the dataset.
Since the zvol minor node creation is asynchronous, this can happen
after the ZFS_IOC_RECV[_NEW] ioctl and zfs receive process have
completed.

After the first receive ioctl has completed, userland may attempt to do
another receive into the same dataset (e.g. the next incremental
stream). This second receive and the asynchronous minor node creation
can interfere with one another in several different ways, because they
both require exclusive access to the dataset:

1. When the second receive is finishing up, dmu_recv_end_check() does
   dsl_dataset_handoff_check(), which can fail with EBUSY if the async
   minor node creation already has a "long hold" on this dataset. This
   causes the 2nd receive to fail.

2. The async udev rule can fail if zvol_id and/or systemd-udevd try to
   open the device while the the second receive's async attempt at minor
   node creation owns the dataset (via zvol_prefetch_minors_impl). This
   causes the minor node (/dev/zd*) to exist, but the udev-generated
   /dev/zvol/... to not exist.

3. The async minor node creation can silently fail with EBUSY if the
   first receive's zvol_create_minor() trys to own the dataset while the
   second receive's zvol_prefetch_minors_impl already owns the dataset.

See also #7863

Description

To address these problems, this change synchronously creates the minor
node. To avoid the lock ordering problems that the asynchrony was
introduced to fix (see #3681), we create the minor nodes from open
context, with no locks held, rather than from syncing contex as was
originally done.

Implementation notes:

We generally do not need to traverse children or prefetch anything (e.g.
when running the recv, snapshot, create, or clone subcommands of zfs).
We only need recursion when importing/opening a pool and when loading
encryption keys. The existing recursive, asynchronous, prefetching code
is preserved for use in these cases.

Channel programs may need to create zvol minor nodes, when creating a
snapshot of a zvol with the snapdev property set. We figure out what
snapshots are created when running the LUA program in syncing context.
In this case we need to remember what snapshots were created, and then
try to create their minor nodes from open context, after the LUA code
has completed.

There are additional zvol use cases that asynchronously own the dataset,
which can cause similar problems. E.g. changing the volmode or snapdev
properties. These are less problematic because they are not recursive
and don't touch datasets that are not involved in the operation, there
is still potential for interference with subsequent operations. In the
future, these cases should be similarly converted to create the zvol
minor node synchronously from open context.

The async tasks of removing and renaming minors do not own the objset,
so they do not have this problem. However, it may make sense to also
convert these operations to happen synchronously from open context, in
the future.

How Has This Been Tested?

Test script from #7863.

ZFS test suite.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the ZFS on Linux code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• I have run the ZFS Test Suite with this change applied.
• All commit messages are properly formatted and contain Signed-off-by.

[ahrens]

cc @bprotopopov

[pcd1193182]

Do we need to do anything with these error values?

[ahrens]

Note that the one caller of zvol_create_minors_impl() discarded its return value. I'm maintaining this semantic that minor node creation is "best effort", i.e. it fails silently (even though it should not fail as often now, and at least for the non-recursive cases it is synchronous and therefore we could report the error).

I'll change this to discard the return value here, rather than setting error, which is not used after this point.

[bprotopopov]

Its been a while Will take a look Typos courtesy of my iPhone On Jan 24, 2020, at 3:36 PM, Matthew Ahrens <[email protected]> wrote:  cc @bprotopopov<https://github.com/bprotopopov> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#9885>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7ROK6I2KYEHXAAUEHBTTQ7NGLJANCNFSM4KLLIK6A>.

[codecov]

Codecov Report

Merging #9885 into master will increase coverage by <1%.
The diff coverage is 94%.

@@           Coverage Diff            @@
##           master    #9885    +/-   ##
========================================
+ Coverage      79%      80%   +<1%     
========================================
  Files         384      384            
  Lines      121683   121697    +14     
========================================
+ Hits        96584    96927   +343     
+ Misses      25099    24770   -329

Flag	Coverage Δ
#kernel	80% <91%> (ø)	⬆️
#user	68% <63%> (+1%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8e9e90b...6d2bb5f. Read the comment docs.