From nobody Tue Mar 29 15:53:32 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 471441A3454B; Tue, 29 Mar 2022 15:53:42 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSYyF5RhQz3tBd; Tue, 29 Mar 2022 15:53:41 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: by mail-lf1-x133.google.com with SMTP id e16so30998419lfc.13; Tue, 29 Mar 2022 08:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NjT3o1ONN5Cnc/38ssdNPZXUCRLXIenblY2cnj2T36c=; b=Z7LsMEM4BDzdoRpVflpQCKKVew8xXdpCpQt38jUkrsaAEO1N6599Xh5MUM66W/7sm0 SehSkqSqbj77SGRmsUpWfHeETT+rrAPk8tQDu2EqmLevVP6izfwh4eSbvkd2cEXrokw3 HsJPHyQppUgJmhUO+tQt7QmwdBeIIXr3U05fmlBzkSplwUjERadwpKHLI1s9insee0Ie 0kMXcxRSb+mfAuF+hOSL9KLea2bIJdUkuQJbAgaNIDSvLPKToOKMto4Z9E21EForuyRT ZBVZVyWrVNh7fEd3nOA5+HWkzCp28LtmLVJUociWzlWvtmpVDFFpJs95NU0c2Z+orSPS d6QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NjT3o1ONN5Cnc/38ssdNPZXUCRLXIenblY2cnj2T36c=; b=QyntqHAdYc/et7NI+kYpyUrK4QrYp6L45ijyHM0q6v3OQHJmVtMpTCQuob0yyXePoF XlqEo7asjMFzwpUdTW5mm5RjqzDE32mIJlDZ8ukQrZ/tpU4YVeCdJzL88VK0gjz2KQvN ZwqXDghVOlQ5JhCtI2tngQJKWhvyOxwvIQU/av2UfAO21j7meRdi13QZwogXmDCuDLJi Yz77p+n/pf6bN+DrDB0XQUqiTNLFvsxNtJebgWtpONH1a/ntyPaa/hri4zuUHFEea4r8 tZe4a0mliZvoXGynJu8zIkupYRRqfdgMtC9YvjCpBXpbQHbSkyExPPIj8b4r2HXSH/sV uLMg== X-Gm-Message-State: AOAM530cEQEsfBPZPon/cJltA9cHS8NO+gvlnUtYr21NXTcGhzTgUVIl YULqPGA2KbAN2rSdoO7vyoLB/DTyKQ077OQNiRfJjrfe X-Google-Smtp-Source: ABdhPJwde0SkqT5qBpJwPzYqA5usX+f+zGY4aSbw+W49c5eosZcx+uE/Th+f03QcNGamp+AdUszU2tZeQU1fmoeZNiQ= X-Received: by 2002:a05:6512:15a4:b0:44a:96c:b7c0 with SMTP id bp36-20020a05651215a400b0044a096cb7c0mr3353475lfb.366.1648569213382; Tue, 29 Mar 2022 08:53:33 -0700 (PDT) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Received: by 2002:aa6:cb4a:0:b0:1a5:d1a4:cb83 with HTTP; Tue, 29 Mar 2022 08:53:32 -0700 (PDT) In-Reply-To: <0712c3eb-0a36-c3f0-a8da-aef99a0cb363@FreeBSD.org> References: <202203291353.22TDr3cf008660@gitrepo.freebsd.org> <0712c3eb-0a36-c3f0-a8da-aef99a0cb363@FreeBSD.org> From: Mateusz Guzik Date: Tue, 29 Mar 2022 17:53:32 +0200 Message-ID: Subject: Re: git: 99c3f1577459 - releng/13.1 - zfs: merge openzfs/zfs@52bad4f23 (zfs-2.1-release) into stable/13 To: Martin Matuska Cc: Rob Wing , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-branches@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4KSYyF5RhQz3tBd X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N whoa, stop right there. The commit at hand introduces a security problem by modifying proc credentials. Another thread in the same process can race to snatch these creds permanently for itself. The patch is definitely wrong. On 3/29/22, Martin Matuska wrote: > Looks like nobody proposed the commit for zfs-2.1-release at OpenZFS > > I am going to cherry-pick it to stable/13 > > Cheers, > mm > > On 29. 3. 2022 17:41, Rob Wing wrote: >> Martin, >> >> Is there any reason not to cherry-pick this commit in: >> https://github.com/openzfs/zfs/commit/4a1195ca5041cbff2a6b025a31937fef84876c52? >> >> I bring it up because a few users have expressed interest in it. >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260160 >> >> >> On Tue, Mar 29, 2022 at 5:53 AM Martin Matuska wrote: >> >> The branch releng/13.1 has been updated by mm: >> >> URL: >> >> https://cgit.FreeBSD.org/src/commit/?id=99c3f15774595c1163ecec87aa8cb157ccdc7d96 >> >> >> >> commit 99c3f15774595c1163ecec87aa8cb157ccdc7d96 >> Author: Martin Matuska >> AuthorDate: 2022-03-29 10:41:53 +0000 >> Commit: Martin Matuska >> CommitDate: 2022-03-29 13:50:47 +0000 >> >> zfs: merge openzfs/zfs@52bad4f23 (zfs-2.1-release) into stable/13 >> >> OpenZFS release 2.1.4 >> >> Notable upstream pull request merges: >> #13219 FreeBSD: add missing replay check to an assert in >> zfs_xvattr_set >> #13220 module: freebsd: avoid a taking a destroyed lock in >> zfs_zevent bits >> #13221 Fix ACL checks for NFS kernel server >> >> Obtained from: OpenZFS >> OpenZFS tag: zfs-2.1.4 >> OpenZFS commit: 52bad4f23daaa5f827f802c8d05785a27b80275d >> Relnotes: yes >> Approved by: re (gjb) >> >> (cherry picked from commit >> c088e4d539e4cc947896a3b156646b831d932539) >> --- >> sys/conf/kern.pre.mk >> | 2 +- >> sys/contrib/openzfs/META | 4 +- >> sys/contrib/openzfs/cmd/zed/agents/zfs_mod.c | 179 >> +++++++++++++++++++-- >> sys/contrib/openzfs/cmd/zed/zed_disk_event.c | 10 ++ >> .../openzfs/include/os/freebsd/spl/sys/Makefile.am | 1 - >> .../openzfs/include/os/freebsd/spl/sys/cred.h | 136 >> ++-------------- >> .../openzfs/include/os/freebsd/spl/sys/kidmap.h | 41 ----- >> .../openzfs/include/os/freebsd/spl/sys/sid.h | 25 --- >> .../include/os/linux/kernel/linux/simd_x86.h | 4 +- >> .../openzfs/include/os/linux/spl/sys/cred.h | 5 - >> sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c | 1 - >> .../lib/libzutil/os/linux/zutil_device_path_os.c | 28 ++-- >> sys/contrib/openzfs/module/Makefile.bsd | 2 +- >> .../openzfs/module/os/freebsd/spl/spl_sysevent.c | 12 +- >> .../openzfs/module/os/freebsd/zfs/zfs_acl.c | 6 +- >> .../openzfs/module/os/freebsd/zfs/zfs_vnops_os.c | 19 +-- >> .../openzfs/module/os/freebsd/zfs/zfs_znode.c | 4 +- >> sys/contrib/openzfs/module/os/linux/spl/spl-cred.c | 42 +---- >> sys/contrib/openzfs/module/os/linux/zfs/policy.c | 10 +- >> .../openzfs/module/os/linux/zfs/zpl_inode.c | 4 +- >> .../openzfs/module/os/linux/zfs/zpl_xattr.c | 4 +- >> sys/contrib/openzfs/module/zfs/arc.c | 2 +- >> sys/modules/zfs/Makefile | 2 +- >> sys/modules/zfs/zfs_config.h | 8 +- >> sys/modules/zfs/zfs_gitrev.h | 3 +- >> 25 files changed, 242 insertions(+), 312 deletions(-) >> >> diff --git a/sys/conf/kern.pre.mk >> b/sys/conf/kern.pre.mk >> index d6ab5e17a82a..6be49642b04e 100644 >> --- a/sys/conf/kern.pre.mk >> +++ b/sys/conf/kern.pre.mk >> @@ -262,7 +262,7 @@ CDDL_C= ${CC} -c ${CDDL_CFLAGS} >> ${WERROR} ${PROF} ${.IMPSRC} >> # Special flags for managing the compat compiles for ZFS >> ZFS_CFLAGS+= ${CDDL_CFLAGS} -DBUILDING_ZFS -DHAVE_UIO_ZEROCOPY \ >> -DWITH_NETDUMP -D__KERNEL__ -D_SYS_CONDVAR_H_ -DSMP \ >> - -DIN_FREEBSD_BASE -DHAVE_KSID >> + -DIN_FREEBSD_BASE >> >> .if ${MACHINE_ARCH} == "amd64" >> ZFS_CFLAGS+= -DHAVE_AVX2 -DHAVE_AVX -D__x86_64 -DHAVE_SSE2 >> -DHAVE_AVX512F \ >> diff --git a/sys/contrib/openzfs/META b/sys/contrib/openzfs/META >> index 0437224b403f..76e59a42074c 100644 >> --- a/sys/contrib/openzfs/META >> +++ b/sys/contrib/openzfs/META >> @@ -1,10 +1,10 @@ >> Meta: 1 >> Name: zfs >> Branch: 1.0 >> -Version: 2.1.3 >> +Version: 2.1.4 >> Release: 1 >> Release-Tags: relext >> License: CDDL >> Author: OpenZFS >> -Linux-Maximum: 5.16 >> +Linux-Maximum: 5.17 >> Linux-Minimum: 3.10 >> diff --git a/sys/contrib/openzfs/cmd/zed/agents/zfs_mod.c >> b/sys/contrib/openzfs/cmd/zed/agents/zfs_mod.c >> index 3bcdf6e1d718..a510d646e1f9 100644 >> --- a/sys/contrib/openzfs/cmd/zed/agents/zfs_mod.c >> +++ b/sys/contrib/openzfs/cmd/zed/agents/zfs_mod.c >> @@ -183,14 +183,14 @@ zfs_process_add(zpool_handle_t *zhp, >> nvlist_t *vdev, boolean_t labeled) >> nvlist_t *nvroot, *newvd; >> pendingdev_t *device; >> uint64_t wholedisk = 0ULL; >> - uint64_t offline = 0ULL; >> + uint64_t offline = 0ULL, faulted = 0ULL; >> uint64_t guid = 0ULL; >> char *physpath = NULL, *new_devid = NULL, *enc_sysfs_path >> = NULL; >> char rawpath[PATH_MAX], fullpath[PATH_MAX]; >> char devpath[PATH_MAX]; >> int ret; >> - boolean_t is_dm = B_FALSE; >> boolean_t is_sd = B_FALSE; >> + boolean_t is_mpath_wholedisk = B_FALSE; >> uint_t c; >> vdev_stat_t *vs; >> >> @@ -211,15 +211,73 @@ zfs_process_add(zpool_handle_t *zhp, >> nvlist_t *vdev, boolean_t labeled) >> &enc_sysfs_path); >> (void) nvlist_lookup_uint64(vdev, ZPOOL_CONFIG_WHOLE_DISK, >> &wholedisk); >> (void) nvlist_lookup_uint64(vdev, ZPOOL_CONFIG_OFFLINE, >> &offline); >> + (void) nvlist_lookup_uint64(vdev, ZPOOL_CONFIG_FAULTED, >> &faulted); >> + >> (void) nvlist_lookup_uint64(vdev, ZPOOL_CONFIG_GUID, &guid); >> >> - if (offline) >> - return; /* don't intervene if it was taken offline >> */ >> + /* >> + * Special case: >> + * >> + * We've seen times where a disk won't have a >> ZPOOL_CONFIG_PHYS_PATH >> + * entry in their config. For example, on this >> force-faulted disk: >> + * >> + * children[0]: >> + * type: 'disk' >> + * id: 0 >> + * guid: 14309659774640089719 >> + * path: '/dev/disk/by-vdev/L28' >> + * whole_disk: 0 >> + * DTL: 654 >> + * create_txg: 4 >> + * com.delphix:vdev_zap_leaf: 1161 >> + * faulted: 1 >> + * aux_state: 'external' >> + * children[1]: >> + * type: 'disk' >> + * id: 1 >> + * guid: 16002508084177980912 >> + * path: '/dev/disk/by-vdev/L29' >> + * devid: 'dm-uuid-mpath-35000c500a61d68a3' >> + * phys_path: 'L29' >> + * vdev_enc_sysfs_path: >> '/sys/class/enclosure/0:0:1:0/SLOT 30 32' >> + * whole_disk: 0 >> + * DTL: 1028 >> + * create_txg: 4 >> + * com.delphix:vdev_zap_leaf: 131 >> + * >> + * If the disk's path is a /dev/disk/by-vdev/ path, then >> we can infer >> + * the ZPOOL_CONFIG_PHYS_PATH from the by-vdev disk name. >> + */ >> + if (physpath == NULL && path != NULL) { >> + /* If path begins with "/dev/disk/by-vdev/" ... */ >> + if (strncmp(path, DEV_BYVDEV_PATH, >> + strlen(DEV_BYVDEV_PATH)) == 0) { >> + /* Set physpath to the char after >> "/dev/disk/by-vdev" */ >> + physpath = &path[strlen(DEV_BYVDEV_PATH)]; >> + } >> + } >> + >> + /* >> + * We don't want to autoreplace offlined disks. However, >> we do want to >> + * replace force-faulted disks (`zpool offline -f`). >> Force-faulted >> + * disks have both offline=1 and faulted=1 in the nvlist. >> + */ >> + if (offline && !faulted) { >> + zed_log_msg(LOG_INFO, "%s: %s is offline, skip >> autoreplace", >> + __func__, path); >> + return; >> + } >> >> - is_dm = zfs_dev_is_dm(path); >> + is_mpath_wholedisk = is_mpath_whole_disk(path); >> zed_log_msg(LOG_INFO, "zfs_process_add: pool '%s' vdev >> '%s', phys '%s'" >> - " wholedisk %d, %s dm (guid %llu)", >> zpool_get_name(zhp), path, >> - physpath ? physpath : "NULL", wholedisk, is_dm ? "is" >> : "not", >> + " %s blank disk, %s mpath blank disk, %s labeled, enc >> sysfs '%s', " >> + "(guid %llu)", >> + zpool_get_name(zhp), path, >> + physpath ? physpath : "NULL", >> + wholedisk ? "is" : "not", >> + is_mpath_wholedisk? "is" : "not", >> + labeled ? "is" : "not", >> + enc_sysfs_path, >> (long long unsigned int)guid); >> >> /* >> @@ -253,8 +311,9 @@ zfs_process_add(zpool_handle_t *zhp, nvlist_t >> *vdev, boolean_t labeled) >> ZFS_ONLINE_CHECKREMOVE | ZFS_ONLINE_UNSPARE, >> &newstate) == 0 && >> (newstate == VDEV_STATE_HEALTHY || >> newstate == VDEV_STATE_DEGRADED)) { >> - zed_log_msg(LOG_INFO, " zpool_vdev_online: vdev >> %s is %s", >> - fullpath, (newstate == VDEV_STATE_HEALTHY) ? >> + zed_log_msg(LOG_INFO, >> + " zpool_vdev_online: vdev '%s' ('%s') is " >> + "%s", fullpath, physpath, (newstate == >> VDEV_STATE_HEALTHY) ? >> "HEALTHY" : "DEGRADED"); >> return; >> } >> @@ -271,11 +330,12 @@ zfs_process_add(zpool_handle_t *zhp, >> nvlist_t *vdev, boolean_t labeled) >> * vdev online to trigger a FMA fault by posting an ereport. >> */ >> if (!zpool_get_prop_int(zhp, ZPOOL_PROP_AUTOREPLACE, NULL) || >> - !(wholedisk || is_dm) || (physpath == NULL)) { >> + !(wholedisk || is_mpath_wholedisk) || (physpath == >> NULL)) { >> (void) zpool_vdev_online(zhp, fullpath, >> ZFS_ONLINE_FORCEFAULT, >> &newstate); >> zed_log_msg(LOG_INFO, "Pool's autoreplace is not >> enabled or " >> - "not a whole disk for '%s'", fullpath); >> + "not a blank disk for '%s' ('%s')", fullpath, >> + physpath); >> return; >> } >> >> @@ -287,7 +347,7 @@ zfs_process_add(zpool_handle_t *zhp, nvlist_t >> *vdev, boolean_t labeled) >> (void) snprintf(rawpath, sizeof (rawpath), "%s%s", >> is_sd ? DEV_BYVDEV_PATH : DEV_BYPATH_PATH, physpath); >> >> - if (realpath(rawpath, devpath) == NULL && !is_dm) { >> + if (realpath(rawpath, devpath) == NULL && >> !is_mpath_wholedisk) { >> zed_log_msg(LOG_INFO, " realpath: %s failed (%s)", >> rawpath, strerror(errno)); >> >> @@ -303,12 +363,14 @@ zfs_process_add(zpool_handle_t *zhp, >> nvlist_t *vdev, boolean_t labeled) >> if ((vs->vs_state != VDEV_STATE_DEGRADED) && >> (vs->vs_state != VDEV_STATE_FAULTED) && >> (vs->vs_state != VDEV_STATE_CANT_OPEN)) { >> + zed_log_msg(LOG_INFO, " not autoreplacing since >> disk isn't in " >> + "a bad state (currently %d)", vs->vs_state); >> return; >> } >> >> nvlist_lookup_string(vdev, "new_devid", &new_devid); >> >> - if (is_dm) { >> + if (is_mpath_wholedisk) { >> /* Don't label device mapper or multipath disks. */ >> } else if (!labeled) { >> /* >> @@ -522,8 +584,11 @@ zfs_iter_vdev(zpool_handle_t *zhp, nvlist_t >> *nvl, void *data) >> * the dp->dd_compare value. >> */ >> if (nvlist_lookup_string(nvl, dp->dd_prop, &path) >> != 0 || >> - strcmp(dp->dd_compare, path) != 0) >> + strcmp(dp->dd_compare, path) != 0) { >> + zed_log_msg(LOG_INFO, " %s: no match (%s >> != vdev %s)", >> + __func__, dp->dd_compare, path); >> return; >> + } >> >> zed_log_msg(LOG_INFO, " zfs_iter_vdev: matched %s >> on %s", >> dp->dd_prop, path); >> @@ -571,6 +636,8 @@ zfs_iter_pool(zpool_handle_t *zhp, void *data) >> ZPOOL_CONFIG_VDEV_TREE, &nvl); >> zfs_iter_vdev(zhp, nvl, data); >> } >> + } else { >> + zed_log_msg(LOG_INFO, "%s: no config\n", __func__); >> } >> >> /* >> @@ -619,6 +686,72 @@ devphys_iter(const char *physical, const char >> *devid, zfs_process_func_t func, >> return (data.dd_found); >> } >> >> +/* >> + * Given a device identifier, find any vdevs with a matching by-vdev >> + * path. Normally we shouldn't need this as the comparison would be >> + * made earlier in the devphys_iter(). For example, if we were >> replacing >> + * /dev/disk/by-vdev/L28, normally devphys_iter() would match the >> + * ZPOOL_CONFIG_PHYS_PATH of "L28" from the old disk config to "L28" >> + * of the new disk config. However, we've seen cases where >> + * ZPOOL_CONFIG_PHYS_PATH was not in the config for the old >> disk. Here's >> + * an example of a real 2-disk mirror pool where one disk was force >> + * faulted: >> + * >> + * com.delphix:vdev_zap_top: 129 >> + * children[0]: >> + * type: 'disk' >> + * id: 0 >> + * guid: 14309659774640089719 >> + * path: '/dev/disk/by-vdev/L28' >> + * whole_disk: 0 >> + * DTL: 654 >> + * create_txg: 4 >> + * com.delphix:vdev_zap_leaf: 1161 >> + * faulted: 1 >> + * aux_state: 'external' >> + * children[1]: >> + * type: 'disk' >> + * id: 1 >> + * guid: 16002508084177980912 >> + * path: '/dev/disk/by-vdev/L29' >> + * devid: 'dm-uuid-mpath-35000c500a61d68a3' >> + * phys_path: 'L29' >> + * vdev_enc_sysfs_path: >> '/sys/class/enclosure/0:0:1:0/SLOT 30 32' >> + * whole_disk: 0 >> + * DTL: 1028 >> + * create_txg: 4 >> + * com.delphix:vdev_zap_leaf: 131 >> + * >> + * So in the case above, the only thing we could compare is the >> path. >> + * >> + * We can do this because we assume by-vdev paths are >> authoritative as physical >> + * paths. We could not assume this for normal paths like >> /dev/sda since the >> + * physical location /dev/sda points to could change over time. >> + */ >> +static boolean_t >> +by_vdev_path_iter(const char *by_vdev_path, const char *devid, >> + zfs_process_func_t func, boolean_t is_slice) >> +{ >> + dev_data_t data = { 0 }; >> + >> + data.dd_compare = by_vdev_path; >> + data.dd_func = func; >> + data.dd_prop = ZPOOL_CONFIG_PATH; >> + data.dd_found = B_FALSE; >> + data.dd_islabeled = is_slice; >> + data.dd_new_devid = devid; >> + >> + if (strncmp(by_vdev_path, DEV_BYVDEV_PATH, >> + strlen(DEV_BYVDEV_PATH)) != 0) { >> + /* by_vdev_path doesn't start with >> "/dev/disk/by-vdev/" */ >> + return (B_FALSE); >> + } >> + >> + (void) zpool_iter(g_zfshdl, zfs_iter_pool, &data); >> + >> + return (data.dd_found); >> +} >> + >> /* >> * Given a device identifier, find any vdevs with a matching devid. >> * On Linux we can match devid directly which is always a whole >> disk. >> @@ -683,15 +816,17 @@ guid_iter(uint64_t pool_guid, uint64_t >> vdev_guid, const char *devid, >> static int >> zfs_deliver_add(nvlist_t *nvl, boolean_t is_lofi) >> { >> - char *devpath = NULL, *devid; >> + char *devpath = NULL, *devid = NULL; >> uint64_t pool_guid = 0, vdev_guid = 0; >> boolean_t is_slice; >> >> /* >> * Expecting a devid string and an optional physical >> location and guid >> */ >> - if (nvlist_lookup_string(nvl, DEV_IDENTIFIER, &devid) != 0) >> + if (nvlist_lookup_string(nvl, DEV_IDENTIFIER, &devid) != 0) { >> + zed_log_msg(LOG_INFO, "%s: no dev identifier\n", >> __func__); >> return (-1); >> + } >> >> (void) nvlist_lookup_string(nvl, DEV_PHYS_PATH, &devpath); >> (void) nvlist_lookup_uint64(nvl, ZFS_EV_POOL_GUID, >> &pool_guid); >> @@ -707,6 +842,8 @@ zfs_deliver_add(nvlist_t *nvl, boolean_t is_lofi) >> * 1. ZPOOL_CONFIG_DEVID (identifies the unique disk) >> * 2. ZPOOL_CONFIG_PHYS_PATH (identifies disk physical >> location). >> * 3. ZPOOL_CONFIG_GUID (identifies unique vdev). >> + * 4. ZPOOL_CONFIG_PATH for /dev/disk/by-vdev devices only >> (since >> + * by-vdev paths represent physical paths). >> */ >> if (devid_iter(devid, zfs_process_add, is_slice)) >> return (0); >> @@ -717,6 +854,16 @@ zfs_deliver_add(nvlist_t *nvl, boolean_t >> is_lofi) >> (void) guid_iter(pool_guid, vdev_guid, devid, >> zfs_process_add, >> is_slice); >> >> + if (devpath != NULL) { >> + /* Can we match a /dev/disk/by-vdev/ path? */ >> + char by_vdev_path[MAXPATHLEN]; >> + snprintf(by_vdev_path, sizeof (by_vdev_path), >> + "/dev/disk/by-vdev/%s", devpath); >> + if (by_vdev_path_iter(by_vdev_path, devid, >> zfs_process_add, >> + is_slice)) >> + return (0); >> + } >> + >> return (0); >> } >> >> diff --git a/sys/contrib/openzfs/cmd/zed/zed_disk_event.c >> b/sys/contrib/openzfs/cmd/zed/zed_disk_event.c >> index 94e24236063c..52b80d8c4c93 100644 >> --- a/sys/contrib/openzfs/cmd/zed/zed_disk_event.c >> +++ b/sys/contrib/openzfs/cmd/zed/zed_disk_event.c >> @@ -215,6 +215,11 @@ zed_udev_monitor(void *arg) >> if (type != NULL && type[0] != '\0' && >> strcmp(type, "disk") == 0 && >> part != NULL && part[0] != '\0') { >> + zed_log_msg(LOG_INFO, >> + "%s: skip %s since it has a %s >> partition already", >> + __func__, >> + udev_device_get_property_value(dev, "DEVNAME"), >> + part); >> /* skip and wait for partition event */ >> udev_device_unref(dev); >> continue; >> @@ -229,6 +234,11 @@ zed_udev_monitor(void *arg) >> sectors = >> udev_device_get_sysattr_value(dev, "size"); >> if (sectors != NULL && >> strtoull(sectors, NULL, 10) < MINIMUM_SECTORS) { >> + zed_log_msg(LOG_INFO, >> + "%s: %s sectors %s < %llu (minimum)", >> + __func__, >> + udev_device_get_property_value(dev, "DEVNAME"), >> + sectors, MINIMUM_SECTORS); >> udev_device_unref(dev); >> continue; >> } >> diff --git >> a/sys/contrib/openzfs/include/os/freebsd/spl/sys/Makefile.am >> b/sys/contrib/openzfs/include/os/freebsd/spl/sys/Makefile.am >> index 232aaf569fa2..7488e56c7649 100644 >> --- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/Makefile.am >> +++ b/sys/contrib/openzfs/include/os/freebsd/spl/sys/Makefile.am >> @@ -22,7 +22,6 @@ KERNEL_H = \ >> inttypes.h \ >> isa_defs.h \ >> kmem_cache.h \ >> - kidmap.h \ >> kmem.h \ >> kstat.h \ >> list_impl.h \ >> diff --git a/sys/contrib/openzfs/include/os/freebsd/spl/sys/cred.h >> b/sys/contrib/openzfs/include/os/freebsd/spl/sys/cred.h >> index 86f79011d6da..db986af57bf5 100644 >> --- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/cred.h >> +++ b/sys/contrib/openzfs/include/os/freebsd/spl/sys/cred.h >> @@ -48,138 +48,20 @@ extern "C" { >> typedef struct ucred cred_t; >> >> #define CRED() curthread->td_ucred >> -#define kcred (thread0.td_ucred) >> - >> -#define KUID_TO_SUID(x) (x) >> -#define KGID_TO_SGID(x) (x) >> -#define crgetuid(cred) ((cred)->cr_uid) >> -#define crgetruid(cred) ((cred)->cr_ruid) >> -#define crgetgid(cred) ((cred)->cr_gid) >> -#define crgetgroups(cred) ((cred)->cr_groups) >> -#define crgetngroups(cred) ((cred)->cr_ngroups) >> -#define crgetsid(cred, i) (NULL) >> >> -struct proc; /* cred.h is included in >> proc.h */ >> -struct prcred; >> -struct ksid; >> -struct ksidlist; >> -struct credklpd; >> -struct credgrp; >> - >> -struct auditinfo_addr; /* cred.h is included in >> audit.h */ >> - >> -extern int ngroups_max; >> /* >> * kcred is used when you need all privileges. >> */ >> +#define kcred (thread0.td_ucred) >> >> -extern void cred_init(void); >> -extern void crfree(cred_t *); >> -extern cred_t *cralloc(void); /* all but ref >> uninitialized */ >> -extern cred_t *cralloc_ksid(void); /* cralloc() + ksid >> alloc'ed */ >> -extern cred_t *crget(void); /* initialized */ >> -extern void crcopy_to(cred_t *, cred_t *); >> -extern cred_t *crdup(cred_t *); >> -extern void crdup_to(cred_t *, cred_t *); >> -extern cred_t *crgetcred(void); >> -extern void crset(struct proc *, cred_t *); >> -extern void crset_zone_privall(cred_t *); >> -extern int supgroupmember(gid_t, const cred_t *); >> -extern int hasprocperm(const cred_t *, const cred_t *); >> -extern int prochasprocperm(struct proc *, struct proc *, const >> cred_t *); >> -extern int crcmp(const cred_t *, const cred_t *); >> -extern cred_t *zone_kcred(void); >> - >> -extern gid_t crgetrgid(const cred_t *); >> -extern gid_t crgetsgid(const cred_t *); >> - >> -#define crgetzoneid(cr) ((cr)->cr_prison->pr_id) >> -extern projid_t crgetprojid(const cred_t *); >> - >> -extern cred_t *crgetmapped(const cred_t *); >> - >> - >> -extern const struct auditinfo_addr *crgetauinfo(const cred_t *); >> -extern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *); >> - >> -extern uint_t crgetref(const cred_t *); >> - >> -extern const gid_t *crgetggroups(const struct credgrp *); >> - >> - >> -/* >> - * Sets real, effective and/or saved uid/gid; >> - * -1 argument accepted as "no change". >> - */ >> -extern int crsetresuid(cred_t *, uid_t, uid_t, uid_t); >> -extern int crsetresgid(cred_t *, gid_t, gid_t, gid_t); >> - >> -/* >> - * Sets real, effective and saved uids/gids all to the same >> - * values. Both values must be non-negative and <= MAXUID >> - */ >> -extern int crsetugid(cred_t *, uid_t, gid_t); >> - >> -/* >> - * Functions to handle the supplemental group list. >> - */ >> -extern struct credgrp *crgrpcopyin(int, gid_t *); >> -extern void crgrprele(struct credgrp *); >> -extern void crsetcredgrp(cred_t *, struct credgrp *); >> - >> -/* >> - * Private interface for setting zone association of credential. >> - */ >> -struct zone; >> -extern void crsetzone(cred_t *, struct zone *); >> -extern struct zone *crgetzone(const cred_t *); >> - >> -/* >> - * Private interface for setting project id in credential. >> - */ >> -extern void crsetprojid(cred_t *, projid_t); >> - >> -/* >> - * Private interface for nfs. >> - */ >> -extern cred_t *crnetadjust(cred_t *); >> - >> -/* >> - * Private interface for procfs. >> - */ >> -extern void cred2prcred(const cred_t *, struct prcred *); >> - >> -/* >> - * Private interfaces for Rampart Trusted Solaris. >> - */ >> -struct ts_label_s; >> -extern struct ts_label_s *crgetlabel(const cred_t *); >> -extern boolean_t crisremote(const cred_t *); >> - >> -/* >> - * Private interfaces for ephemeral uids. >> - */ >> -#define VALID_UID(id, zn) \ >> - ((id) <= MAXUID || valid_ephemeral_uid((zn), (id))) >> - >> -#define VALID_GID(id, zn) \ >> - ((id) <= MAXUID || valid_ephemeral_gid((zn), (id))) >> - >> -extern boolean_t valid_ephemeral_uid(struct zone *, uid_t); >> -extern boolean_t valid_ephemeral_gid(struct zone *, gid_t); >> - >> -extern int eph_uid_alloc(struct zone *, int, uid_t *, int); >> -extern int eph_gid_alloc(struct zone *, int, gid_t *, int); >> - >> -extern void crsetsid(cred_t *, struct ksid *, int); >> -extern void crsetsidlist(cred_t *, struct ksidlist *); >> - >> -extern struct ksidlist *crgetsidlist(const cred_t *); >> - >> -extern int crsetpriv(cred_t *, ...); >> - >> -extern struct credklpd *crgetcrklpd(const cred_t *); >> -extern void crsetcrklpd(cred_t *, struct credklpd *); >> +#define KUID_TO_SUID(x) (x) >> +#define KGID_TO_SGID(x) (x) >> +#define crgetuid(cr) ((cr)->cr_uid) >> +#define crgetruid(cr) ((cr)->cr_ruid) >> +#define crgetgid(cr) ((cr)->cr_gid) >> +#define crgetgroups(cr) ((cr)->cr_groups) >> +#define crgetngroups(cr) ((cr)->cr_ngroups) >> +#define crgetzoneid(cr) ((cr)->cr_prison->pr_id) >> >> #ifdef __cplusplus >> } >> diff --git >> a/sys/contrib/openzfs/include/os/freebsd/spl/sys/kidmap.h >> b/sys/contrib/openzfs/include/os/freebsd/spl/sys/kidmap.h >> deleted file mode 100644 >> index dc0cf5988a42..000000000000 >> --- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/kidmap.h >> +++ /dev/null >> @@ -1,41 +0,0 @@ >> -/* >> - * Copyright (c) 2007 Pawel Jakub Dawidek >> - * All rights reserved. >> - * >> - * Redistribution and use in source and binary forms, with or >> without >> - * modification, are permitted provided that the following >> conditions >> - * are met: >> - * 1. Redistributions of source code must retain the above copyright >> - * notice, this list of conditions and the following disclaimer. >> - * 2. Redistributions in binary form must reproduce the above >> copyright >> - * notice, this list of conditions and the following >> disclaimer in the >> - * documentation and/or other materials provided with the >> distribution. >> - * >> - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS >> IS'' AND >> - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED >> TO, THE >> - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A >> PARTICULAR PURPOSE >> - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS >> BE LIABLE >> - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >> CONSEQUENTIAL >> - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >> SUBSTITUTE GOODS >> - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >> INTERRUPTION) >> - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >> CONTRACT, STRICT >> - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING >> IN ANY WAY >> - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE >> POSSIBILITY OF >> - * SUCH DAMAGE. >> - * >> - * $FreeBSD$ >> - */ >> - >> -#ifndef _OPENSOLARIS_SYS_KIDMAP_H_ >> -#define _OPENSOLARIS_SYS_KIDMAP_H_ >> - >> -#include >> - >> -typedef int32_t idmap_stat; >> -typedef void idmap_get_handle_t; >> - >> -#define kidmap_get_create() (NULL) >> -#define kidmap_get_destroy(hdl) do { } while (0) >> -#define kidmap_get_mappings(hdl) (NULL) >> - >> -#endif /* _OPENSOLARIS_SYS_KIDMAP_H_ */ >> diff --git a/sys/contrib/openzfs/include/os/freebsd/spl/sys/sid.h >> b/sys/contrib/openzfs/include/os/freebsd/spl/sys/sid.h >> index d3fab8b24744..f249d05d55a0 100644 >> --- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/sid.h >> +++ b/sys/contrib/openzfs/include/os/freebsd/spl/sys/sid.h >> @@ -29,7 +29,6 @@ >> #ifndef _OPENSOLARIS_SYS_SID_H_ >> #define _OPENSOLARIS_SYS_SID_H_ >> #include >> -#include >> >> typedef struct ksiddomain { >> char *kd_name; /* Domain part of SID */ >> @@ -59,28 +58,4 @@ ksiddomain_rele(ksiddomain_t *kd) >> kmem_free(kd, sizeof (*kd)); >> } >> >> -static __inline uint_t >> -ksid_getid(ksid_t *ks) >> -{ >> - >> - panic("%s has been unexpectedly called", __func__); >> -} >> - >> -static __inline const char * >> -ksid_getdomain(ksid_t *ks) >> -{ >> - >> - panic("%s has been unexpectedly called", __func__); >> -} >> - >> -static __inline uint_t >> -ksid_getrid(ksid_t *ks) >> -{ >> - >> - panic("%s has been unexpectedly called", __func__); >> -} >> - >> -#define kidmap_getsidbyuid(zone, uid, sid_prefix, rid) (1) >> -#define kidmap_getsidbygid(zone, gid, sid_prefix, rid) (1) >> - >> #endif /* _OPENSOLARIS_SYS_SID_H_ */ >> diff --git >> a/sys/contrib/openzfs/include/os/linux/kernel/linux/simd_x86.h >> b/sys/contrib/openzfs/include/os/linux/kernel/linux/simd_x86.h >> index 6d4c7a09fe82..0f6a222ba667 100644 >> --- a/sys/contrib/openzfs/include/os/linux/kernel/linux/simd_x86.h >> +++ b/sys/contrib/openzfs/include/os/linux/kernel/linux/simd_x86.h >> @@ -420,9 +420,9 @@ kfpu_end(void) >> if (static_cpu_has(X86_FEATURE_XSAVE)) { >> kfpu_do_xrstor("xrstor", &state->xsave, ~0); >> } else if (static_cpu_has(X86_FEATURE_FXSR)) { >> - kfpu_save_fxsr(&state->fxsave); >> + kfpu_restore_fxsr(&state->fxsave); >> } else { >> - kfpu_save_fsave(&state->fsave); >> + kfpu_restore_fsave(&state->fsave); >> } >> out: >> local_irq_enable(); >> diff --git a/sys/contrib/openzfs/include/os/linux/spl/sys/cred.h >> b/sys/contrib/openzfs/include/os/linux/spl/sys/cred.h >> index 9cc85deb5c8a..b7d3f38d70bb 100644 >> --- a/sys/contrib/openzfs/include/os/linux/spl/sys/cred.h >> +++ b/sys/contrib/openzfs/include/os/linux/spl/sys/cred.h >> @@ -49,12 +49,7 @@ extern void crhold(cred_t *cr); >> extern void crfree(cred_t *cr); >> extern uid_t crgetuid(const cred_t *cr); >> extern uid_t crgetruid(const cred_t *cr); >> -extern uid_t crgetsuid(const cred_t *cr); >> -extern uid_t crgetfsuid(const cred_t *cr); >> extern gid_t crgetgid(const cred_t *cr); >> -extern gid_t crgetrgid(const cred_t *cr); >> -extern gid_t crgetsgid(const cred_t *cr); >> -extern gid_t crgetfsgid(const cred_t *cr); >> extern int crgetngroups(const cred_t *cr); >> extern gid_t *crgetgroups(const cred_t *cr); >> extern int groupmember(gid_t gid, const cred_t *cr); >> diff --git a/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c >> b/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c >> index 644dd26859f1..f77becd6a5c1 100644 >> --- a/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c >> +++ b/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c >> @@ -606,7 +606,6 @@ get_key_material_https(libzfs_handle_t *hdl, >> const char *uri, >> kfdok: >> if ((key = fdopen(kfd, "r+")) == NULL) { >> ret = errno; >> - free(path); >> (void) close(kfd); >> zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, >> "Couldn't reopen temporary file: %s"), >> strerror(ret)); >> diff --git >> a/sys/contrib/openzfs/lib/libzutil/os/linux/zutil_device_path_os.c >> b/sys/contrib/openzfs/lib/libzutil/os/linux/zutil_device_path_os.c >> index 13f8bd031612..45a6f6f5935b 100644 >> --- >> a/sys/contrib/openzfs/lib/libzutil/os/linux/zutil_device_path_os.c >> +++ >> b/sys/contrib/openzfs/lib/libzutil/os/linux/zutil_device_path_os.c >> @@ -527,7 +527,7 @@ zfs_dev_is_dm(const char *dev_name) >> boolean_t >> zfs_dev_is_whole_disk(const char *dev_name) >> { >> - struct dk_gpt *label; >> + struct dk_gpt *label = NULL; >> int fd; >> >> if ((fd = open(dev_name, O_RDONLY | O_DIRECT | O_CLOEXEC)) >> < 0) >> @@ -613,22 +613,24 @@ zfs_get_underlying_path(const char *dev_name) >> /* >> * A disk is considered a multipath whole disk when: >> * DEVNAME key value has "dm-" >> - * DM_NAME key value has "mpath" prefix >> - * DM_UUID key exists >> + * DM_UUID key exists and starts with 'mpath-' >> * ID_PART_TABLE_TYPE key does not exist or is not gpt >> + * ID_FS_LABEL key does not exist (disk isn't labeled) >> */ >> static boolean_t >> -udev_mpath_whole_disk(struct udev_device *dev) >> +is_mpath_udev_sane(struct udev_device *dev) >> { >> - const char *devname, *type, *uuid; >> + const char *devname, *type, *uuid, *label; >> >> devname = udev_device_get_property_value(dev, "DEVNAME"); >> type = udev_device_get_property_value(dev, >> "ID_PART_TABLE_TYPE"); >> uuid = udev_device_get_property_value(dev, "DM_UUID"); >> + label = udev_device_get_property_value(dev, "ID_FS_LABEL"); >> >> if ((devname != NULL && strncmp(devname, "/dev/dm-", 8) == >> 0) && >> ((type == NULL) || (strcmp(type, "gpt") != 0)) && >> - (uuid != NULL)) { >> + ((uuid != NULL) && (strncmp(uuid, "mpath-", 6) == 0)) && >> + (label == NULL)) { >> return (B_TRUE); >> } >> >> @@ -636,7 +638,11 @@ udev_mpath_whole_disk(struct udev_device *dev) >> } >> >> /* >> - * Check if a disk is effectively a multipath whole disk >> + * Check if a disk is a multipath "blank" disk: >> + * >> + * 1. The disk has udev values that suggest it's a multipath disk >> + * 2. The disk is not currently labeled with a filesystem of any >> type >> + * 3. There are no partitions on the disk >> */ >> boolean_t >> is_mpath_whole_disk(const char *path) >> @@ -645,7 +651,6 @@ is_mpath_whole_disk(const char *path) >> struct udev_device *dev = NULL; >> char nodepath[MAXPATHLEN]; >> char *sysname; >> - boolean_t wholedisk = B_FALSE; >> >> if (realpath(path, nodepath) == NULL) >> return (B_FALSE); >> @@ -660,10 +665,11 @@ is_mpath_whole_disk(const char *path) >> return (B_FALSE); >> } >> >> - wholedisk = udev_mpath_whole_disk(dev); >> - >> + /* Sanity check some udev values */ >> + boolean_t is_sane = is_mpath_udev_sane(dev); >> udev_device_unref(dev); >> - return (wholedisk); >> + >> + return (is_sane); >> } >> >> #else /* HAVE_LIBUDEV */ >> diff --git a/sys/contrib/openzfs/module/Makefile.bsd >> b/sys/contrib/openzfs/module/Makefile.bsd >> index 8aa4ed22275e..dc6cc2b74243 100644 >> --- a/sys/contrib/openzfs/module/Makefile.bsd >> +++ b/sys/contrib/openzfs/module/Makefile.bsd >> @@ -32,7 +32,7 @@ CFLAGS+= -include >> ${INCDIR}/os/freebsd/spl/sys/ccompile.h >> >> CFLAGS+= -D__KERNEL__ -DFREEBSD_NAMECACHE -DBUILDING_ZFS >> -D__BSD_VISIBLE=1 \ >> -DHAVE_UIO_ZEROCOPY -DWITHOUT_NETDUMP -D__KERNEL >> -D_SYS_CONDVAR_H_ \ >> - -D_SYS_VMEM_H_ -DKDTRACE_HOOKS -DSMP -DHAVE_KSID >> -DCOMPAT_FREEBSD11 >> + -D_SYS_VMEM_H_ -DKDTRACE_HOOKS -DSMP -DCOMPAT_FREEBSD11 >> >> .if ${MACHINE_ARCH} == "amd64" >> CFLAGS+= -DHAVE_AVX2 -DHAVE_AVX -D__x86_64 -DHAVE_SSE2 >> -DHAVE_AVX512F -DHAVE_SSSE3 >> diff --git >> a/sys/contrib/openzfs/module/os/freebsd/spl/spl_sysevent.c >> b/sys/contrib/openzfs/module/os/freebsd/spl/spl_sysevent.c >> index d5d50080fafd..16188c71b53d 100644 >> --- a/sys/contrib/openzfs/module/os/freebsd/spl/spl_sysevent.c >> +++ b/sys/contrib/openzfs/module/os/freebsd/spl/spl_sysevent.c >> @@ -250,7 +250,17 @@ sysevent_worker(void *arg __unused) >> nvlist_free(event); >> } >> } >> - zfs_zevent_destroy(ze); >> + >> + /* >> + * We avoid zfs_zevent_destroy() here because we're >> otherwise racing >> + * against fm_fini() destroying the zevent_lock. >> zfs_zevent_destroy() >> + * will currently only clear `ze->ze_zevent` from an event >> list then >> + * free `ze`, so just inline the free() here -- events >> have already >> + * been drained. >> + */ >> + VERIFY3P(ze->ze_zevent, ==, NULL); >> + kmem_free(ze, sizeof (zfs_zevent_t)); >> + >> kthread_exit(); >> } >> >> diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c >> b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c >> index ae758bcefe21..fe0f69132321 100644 >> --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c >> +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c >> @@ -1653,8 +1653,10 @@ zfs_acl_ids_create(znode_t *dzp, int flag, >> vattr_t *vap, cred_t *cr, >> ZFS_GROUP, &acl_ids->z_fuidp); >> gid = vap->va_gid; >> } else { >> - acl_ids->z_fuid = zfs_fuid_create_cred(zfsvfs, >> ZFS_OWNER, >> - cr, &acl_ids->z_fuidp); >> + uid_t id = crgetuid(cr); >> + if (IS_EPHEMERAL(id)) >> + id = UID_NOBODY; >> + acl_ids->z_fuid = (uint64_t)id; >> acl_ids->z_fgid = 0; >> if (vap->va_mask & AT_GID) { >> acl_ids->z_fgid = zfs_fuid_create(zfsvfs, >> diff --git >> a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c >> b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c >> index 7bcf80bf5a94..b2cc3d063f9c 100644 >> --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c >> +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c >> @@ -1060,8 +1060,7 @@ zfs_create(znode_t *dzp, const char *name, >> vattr_t *vap, int excl, int mode, >> objset_t *os; >> dmu_tx_t *tx; >> int error; >> - ksid_t *ksid; >> - uid_t uid; >> + uid_t uid = crgetuid(cr); >> gid_t gid = crgetgid(cr); >> uint64_t projid = ZFS_DEFAULT_PROJID; >> zfs_acl_ids_t acl_ids; >> @@ -1075,13 +1074,6 @@ zfs_create(znode_t *dzp, const char *name, >> vattr_t *vap, int excl, int mode, >> * If we have an ephemeral id, ACL, or XVATTR then >> * make sure file system is at proper version >> */ >> - >> - ksid = crgetsid(cr, KSID_OWNER); >> - if (ksid) >> - uid = ksid_getid(ksid); >> - else >> - uid = crgetuid(cr); >> - >> if (zfsvfs->z_use_fuids == B_FALSE && >> (vsecp || (vap->va_mask & AT_XVATTR) || >> IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid))) >> @@ -1415,8 +1407,7 @@ zfs_mkdir(znode_t *dzp, const char *dirname, >> vattr_t *vap, znode_t **zpp, >> uint64_t txtype; >> dmu_tx_t *tx; >> int error; >> - ksid_t *ksid; >> - uid_t uid; >> + uid_t uid = crgetuid(cr); >> gid_t gid = crgetgid(cr); >> zfs_acl_ids_t acl_ids; >> boolean_t fuid_dirtied; >> @@ -1427,12 +1418,6 @@ zfs_mkdir(znode_t *dzp, const char >> *dirname, vattr_t *vap, znode_t **zpp, >> * If we have an ephemeral id, ACL, or XVATTR then >> * make sure file system is at proper version >> */ >> - >> - ksid = crgetsid(cr, KSID_OWNER); >> - if (ksid) >> - uid = ksid_getid(ksid); >> - else >> - uid = crgetuid(cr); >> if (zfsvfs->z_use_fuids == B_FALSE && >> ((vap->va_mask & AT_XVATTR) || >> IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid))) >> diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_znode.c >> b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_znode.c >> index d14df9d88a35..8a2773ac7971 100644 >> --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_znode.c >> +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_znode.c >> @@ -839,7 +839,9 @@ zfs_xvattr_set(znode_t *zp, xvattr_t *xvap, >> dmu_tx_t *tx) >> xoap = xva_getxoptattr(xvap); >> ASSERT3P(xoap, !=, NULL); >> >> - ASSERT_VOP_IN_SEQC(ZTOV(zp)); >> + if (zp->z_zfsvfs->z_replay == B_FALSE) { >> + ASSERT_VOP_IN_SEQC(ZTOV(zp)); >> + } >> >> if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) { >> uint64_t times[2]; >> diff --git a/sys/contrib/openzfs/module/os/linux/spl/spl-cred.c >> b/sys/contrib/openzfs/module/os/linux/spl/spl-cred.c >> index 8fe1cc30ba99..f81b9540a639 100644 >> --- a/sys/contrib/openzfs/module/os/linux/spl/spl-cred.c >> +++ b/sys/contrib/openzfs/module/os/linux/spl/spl-cred.c >> @@ -128,7 +128,7 @@ groupmember(gid_t gid, const cred_t *cr) >> uid_t >> crgetuid(const cred_t *cr) >> { >> - return (KUID_TO_SUID(cr->euid)); >> + return (KUID_TO_SUID(cr->fsuid)); >> } >> >> /* Return the real user id */ >> @@ -138,44 +138,9 @@ crgetruid(const cred_t *cr) >> return (KUID_TO_SUID(cr->uid)); >> } >> >> -/* Return the saved user id */ >> -uid_t >> -crgetsuid(const cred_t *cr) >> -{ >> - return (KUID_TO_SUID(cr->suid)); >> -} >> - >> -/* Return the filesystem user id */ >> -uid_t >> -crgetfsuid(const cred_t *cr) >> -{ >> - return (KUID_TO_SUID(cr->fsuid)); >> -} >> - >> /* Return the effective group id */ >> gid_t >> crgetgid(const cred_t *cr) >> -{ >> - return (KGID_TO_SGID(cr->egid)); >> -} >> - >> -/* Return the real group id */ >> -gid_t >> -crgetrgid(const cred_t *cr) >> -{ >> - return (KGID_TO_SGID(cr->gid)); >> -} >> - >> -/* Return the saved group id */ >> -gid_t >> -crgetsgid(const cred_t *cr) >> -{ >> - return (KGID_TO_SGID(cr->sgid)); >> -} >> - >> -/* Return the filesystem group id */ >> -gid_t >> -crgetfsgid(const cred_t *cr) >> { >> return (KGID_TO_SGID(cr->fsgid)); >> } >> @@ -184,12 +149,7 @@ EXPORT_SYMBOL(crhold); >> EXPORT_SYMBOL(crfree); >> EXPORT_SYMBOL(crgetuid); >> EXPORT_SYMBOL(crgetruid); >> -EXPORT_SYMBOL(crgetsuid); >> -EXPORT_SYMBOL(crgetfsuid); >> EXPORT_SYMBOL(crgetgid); >> -EXPORT_SYMBOL(crgetrgid); >> -EXPORT_SYMBOL(crgetsgid); >> -EXPORT_SYMBOL(crgetfsgid); >> EXPORT_SYMBOL(crgetngroups); >> EXPORT_SYMBOL(crgetgroups); >> EXPORT_SYMBOL(groupmember); >> diff --git a/sys/contrib/openzfs/module/os/linux/zfs/policy.c >> b/sys/contrib/openzfs/module/os/linux/zfs/policy.c >> index bbccb2e572d9..5a52092bb90a 100644 >> --- a/sys/contrib/openzfs/module/os/linux/zfs/policy.c >> +++ b/sys/contrib/openzfs/module/os/linux/zfs/policy.c >> @@ -121,7 +121,7 @@ secpolicy_vnode_access2(const cred_t *cr, >> struct inode *ip, uid_t owner, >> int >> secpolicy_vnode_any_access(const cred_t *cr, struct inode *ip, >> uid_t owner) >> { >> - if (crgetfsuid(cr) == owner) >> + if (crgetuid(cr) == owner) >> return (0); >> >> if (zpl_inode_owner_or_capable(kcred->user_ns, ip)) >> @@ -147,7 +147,7 @@ secpolicy_vnode_any_access(const cred_t *cr, >> struct inode *ip, uid_t owner) >> int >> secpolicy_vnode_chown(const cred_t *cr, uid_t owner) >> *** 141 LINES SKIPPED *** >> -- Mateusz Guzik