zfs promote .../%recv should be an error

[loli10K]

Description

Add more input validation in zfs_ioc_promote() (and its userland counterpart) so we don't promote temporary ".../%recv" datasets.

NOTE: I have not added tests to cover my changes yet: should we update "zfs_promote_006_neg.ksh" ('zfs promote' will fail with invalid arguments) or add a new script?

Motivation and Context

Fix #4843

If we are in the middle of an incremental zfs receive, the child .../%recv will exist. If you concurrently run zfs promote .../%recv, it will "work", but then zfs gets confused. For example, there's no obvious way to destroy the containing filesystem (because it is now a clone of its invisible child).

Attempting to do this promote should be an error. We could fix this by having zfs_ioc_promote() check if zc_name contains a %, similar to zfs_ioc_rename().

How Has This Been Tested?

POOLNAME='testpool'
TMPDIR='/var/tmp'
mountpoint -q $TMPDIR || mount -t tmpfs tmpfs $TMPDIR
zpool destroy $POOLNAME
rm -f $TMPDIR/zpool.dat
fallocate -l 256m $TMPDIR/zpool.dat
zpool create -O mountpoint=$TMPDIR/$POOLNAME $POOLNAME $TMPDIR/zpool.dat
#
zfs create $POOLNAME/src -o mountpoint=$TMPDIR/$POOLNAME/src
#
dd if=/dev/urandom of=/$TMPDIR/$POOLNAME/src/file.dat bs=1M count=10
zfs snap $POOLNAME/src@snap1
#
dd if=/dev/urandom of=/$TMPDIR/$POOLNAME/src/file.dat bs=1M count=10
zfs snap $POOLNAME/src@snap2
#
dd if=/dev/urandom of=/$TMPDIR/$POOLNAME/src/file.dat bs=1M count=10
zfs snap $POOLNAME/src@snap3
#
zfs send -p $POOLNAME/src@snap1 | zfs recv -vu $POOLNAME/dst
zfs send -pI $POOLNAME/src@snap1 $POOLNAME/src@snap3 | dd bs=1M count=15 iflag=fullblock | zfs recv -svu $POOLNAME/dst
#
zfs get name,inconsistent,mountpoint,origin $POOLNAME/dst/%recv
#
zfs promote $POOLNAME/dst/%recv

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the ZFS on Linux code style requirements.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• All commit messages are properly formatted and contain Signed-off-by.
• Change has been approved by a ZFS on Linux member.

[behlendorf]

I'd prefer to extended the existing zfs_promote_006_neg.ksh test case. It wouldn't be a terrible idea to extend the other *_neg test cases where a '%' in the name isn't allowed to check for this.

[behlendorf]

nit: no need for the { } here.

[loli10K]

@behlendorf i'll update zfs_promote_006_neg.ksh and the other nit ASAP: I'm still trying to fix kstat collisions.

[behlendorf]

@loli10K no problem, and don't worry I know this isn't quite right to merge. I've reverted the approved status for now.

[dinatale2]

nit: maybe recvfs instead of destfs?

[loli10K]

recvfs is objectively more appropriate here

[dinatale2]

Thanks for the corrections! Noticed one more thing. Do you mind squashing your commits as well?

[dinatale2]

You could enforce recvfs doesn't exist by calling datasetexists and failing if that returns true. Likewise with sendfs, you'd want to make sure it doesn't exist.

[behlendorf]

@loli10K when you get a chance could you rebase this on master.

[behlendorf]

Thanks for rebasing this and extending the test coverage. This LGTM!