Illumos #3639 zpool.cache should skip over readonly pools

3639 zpool.cache should skip over readonly pools
Reviewed by: Eric Schrock <eric.schrock@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Basil Crow <basil.crow@delphix.com>
Approved by: Gordon Ross <gwr@nexenta.com>

References:
  illumos/illumos-gate@fb02ae025247e3b662600e5a9c1b4c33ecab7d72
  https://www.illumos.org/issues/3639

Normally we don't list pools that are imported read-only in the cache
file, however you can accidentally get one into the cache file by
importing and exporting a read-write pool while a read-only pool is
imported:

$ zpool import -o readonly test1
$ zpool import test2
$ zpool export test2
$ zdb -C

This is a problem because if the machine reboots we import all pools in
the cache file as read-write.

Ported-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>

diff --git a/module/zfs/spa_config.c b/module/zfs/spa_config.c
index 849ae46ec6c8f0594fd2999c6e629e174d4ca279..5e5b4052620d1e69b6beedd9606e5842efc30387 100644 (file)
--- a/module/zfs/spa_config.c
+++ b/module/zfs/spa_config.c
@@ -225,7 +225,15 @@ spa_config_sync(spa_t *target, boolean_t removing, boolean_t postsysevent)
                 */
                nvl = NULL;
                while ((spa = spa_next(spa)) != NULL) {
-                       if (spa == target && removing)
+                       /*
+                        * Skip over our own pool if we're about to remove
+                        * ourselves from the spa namespace or any pool that
+                        * is readonly. Since we cannot guarantee that a
+                        * readonly pool would successfully import upon reboot,
+                        * we don't allow them to be written to the cache file.
+                        */
+                       if ((spa == target && removing) ||
+                           !spa_writeable(spa))
                                continue;
 
                        mutex_enter(&spa->spa_props_lock);