Bug 221067 - vfs.root.mountfrom.options="ro" did not take effect for a zfs root filesystem
Summary: vfs.root.mountfrom.options="ro" did not take effect for a zfs root filesystem
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-fs (Nobody)
Keywords: patch
Depends on:
Reported: 2017-07-28 10:11 UTC by David NewHamlet
Modified: 2018-11-19 13:09 UTC (History)
4 users (show)

See Also:

prototype fix for reference (702 bytes, patch)
2017-07-28 10:11 UTC, David NewHamlet
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David NewHamlet 2017-07-28 10:11:35 UTC
Created attachment 184793 [details]
prototype fix for reference

when using a readonly filesystem as root filesystem, vfs.root.mountfrom.options="ro" should be the only way to tell kernel mount the filesystem in readonly. This works for UFS but ZFS. 

Currently, during kernel mountroot, zfs_domount always try to open underlayer device for write when try to import the pool and failed.

When kernel try to import pool by calling spa_import_rootpool(pname) in sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c, there is not parameter to tell spa_load to open underlayer device on readonly. This is the source of this issue.

The attachment is a prototype fix for reference. It query vfs.root.mountfrom.options when open underlayer device to set readonly flag.

A new parameter for spa_import_rootpool meight be a better solution.
Comment 1 Allan Jude freebsd_committer 2017-07-28 15:18:14 UTC
/ gets mounted read-only in single user mode, with a mount flag (so the pool is not imported read-only, but the filesystem is mounted read only), and then it is upgraded to readwrite during the switch to multiuser mode.

Are you wanting the entire pool to be imported read only? Or just the one dataset to be mounted readonly?
Comment 2 Andriy Gapon freebsd_committer 2017-07-28 16:08:08 UTC
If I am reading comment #0 correctly, the reporter wants vfs.root.mountfrom.options="ro" to imply the read-only import of the pool.
I think that that's not what vfs.root.mountfrom.options is for.  We could add a different knob for that as it might be useful in certain situations.
Comment 3 Allan Jude freebsd_committer 2017-07-28 16:11:55 UTC
(In reply to Andriy Gapon from comment #2)
I would tend to agree, having the entire pool be readonly would be unexpected when the sysctl suggests only the root filesystem will be readonly.
Comment 4 David NewHamlet 2017-07-28 21:04:36 UTC
(In reply to Allan Jude from comment #1)

I hit this issue when trying to use a zfs as rootfs which use a compressed md_image as underlayer device. A compressed md_image can not be opened in write mode(see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221066).

So in this case I want to open the whole zfs pool in readonly.

A new kenv entry to control this behavior also make sense.