1#!/usr/bin/ksh -p 2# 3# 4# This file and its contents are supplied under the terms of the 5# Common Development and Distribution License ("CDDL"), version 1.0. 6# You may only use this file in accordance with the terms of version 7# 1.0 of the CDDL. 8# 9# A full copy of the text of the CDDL should have accompanied this 10# source. A copy of the CDDL is also available via the Internet at 11# http://www.illumos.org/license/CDDL. 12# 13 14# 15# Copyright (c) 2016 by Delphix. All rights reserved. 16# 17 18. $STF_SUITE/include/libtest.shlib 19. $STF_SUITE/tests/functional/snapshot/snapshot.cfg 20 21# 22# DESCRIPTION: 23# 24# This test ensures that the following race condition does not 25# take place: 26# 27# 1] A sync thread inserts a new entry in the deadlist of a 28# snapshot. The dle_bpobj at that entry currently is the 29# empty bpobj (our sentinel), so we close it and we are 30# about to reopen it. (see dle_enqueue()) 31# 32# 2] At the same time a thread executing an administrative 33# command that uses dsl_deadlist_space_range() is about 34# to dereference that same bpobj that was just closed 35# and therefore is NULL. 36# 37# 3] The sync thread loses the race and we dereference the 38# NULL pointer in the kernel. 39# 40# STRATEGY: 41# 42# 1. Setup a folder and create a bunch of test files. Take a 43# snapshot right after you create a new test file. 44# 2. Start DTrace in the background to put a delay in the 45# sync thread after it closes the empty bpobj and before 46# it reopens it. 47# 3. Start a process in the backgroud that runs zfs-destroy 48# dry-runs in an infinite loop. The idea is to keep calling 49# dsl_deadlist_space_range(). 50# 4. Go ahead and start removing the test files. This should 51# start populating the deadlist of each snapshot with 52# entries and go through the dle_enqueue() target code. 53# 5. If the test passes, kill the process running on a loop 54# and dtrace, and cleanup the dataset. 55# 56 57verify_runnable "both" 58 59 60DLDS="dl_race" 61 62function cleanup 63{ 64 log_must kill -9 $DLOOP_PID $DTRACE_PID 65 log_must zfs destroy -fR $TESTPOOL/$TESTFS/$DLDS 66} 67 68function setup 69{ 70 log_must zfs create $TESTPOOL/$TESTFS/$DLDS 71 for i in {1..50}; do 72 log_must mkfile 1m /$TESTDIR/$DLDS/dl_test_file$i 73 log_must zfs snapshot $TESTPOOL/$TESTFS/$DLDS@snap${i} 74 done 75} 76 77function destroy_nv_loop 78{ 79 while true; do 80 log_must zfs destroy -nv $TESTPOOL/$TESTFS/$DLDS@snap1%snap50 81 done 82} 83 84log_onexit cleanup 85 86setup 87log_must sync 88 89log_must dtrace -qwn "fbt::bpobj_decr_empty:entry { chill(500000000); }" & 90DTRACE_PID="$!" 91sleep 1 92 93destroy_nv_loop & 94DLOOP_PID="$!" 95sleep 1 96 97for i in {1..50}; do 98 log_must rm /$TESTDIR/$DLDS/dl_test_file$i 99done 100log_must sync 101 102log_pass "There should be no race condition when an administrative command" \ 103 " attempts to read a deadlist's entries at the same time a that a sync" \ 104 " thread is manipulating it." 105