2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* CDDL HEADER START
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
2017-03-23 19:07:27 +03:00
|
|
|
* Copyright (c) 2011, 2017 by Delphix. All rights reserved.
|
2013-08-02 00:02:10 +04:00
|
|
|
* Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
|
2016-05-15 18:02:28 +03:00
|
|
|
* Copyright (c) 2013, Joyent, Inc. All rights reserved.
|
2017-01-27 22:46:39 +03:00
|
|
|
* Copyright (c) 2016, Nexenta Systems, Inc. All rights reserved.
|
2015-07-30 17:24:36 +03:00
|
|
|
* Copyright (c) 2015 by Chunwei Chen. All rights reserved.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/dmu.h>
|
|
|
|
#include <sys/dmu_impl.h>
|
|
|
|
#include <sys/dmu_tx.h>
|
|
|
|
#include <sys/dbuf.h>
|
|
|
|
#include <sys/dnode.h>
|
|
|
|
#include <sys/zfs_context.h>
|
|
|
|
#include <sys/dmu_objset.h>
|
|
|
|
#include <sys/dmu_traverse.h>
|
|
|
|
#include <sys/dsl_dataset.h>
|
|
|
|
#include <sys/dsl_dir.h>
|
|
|
|
#include <sys/dsl_pool.h>
|
|
|
|
#include <sys/dsl_synctask.h>
|
|
|
|
#include <sys/dsl_prop.h>
|
|
|
|
#include <sys/dmu_zfetch.h>
|
|
|
|
#include <sys/zfs_ioctl.h>
|
|
|
|
#include <sys/zap.h>
|
|
|
|
#include <sys/zio_checksum.h>
|
2013-05-10 23:47:54 +04:00
|
|
|
#include <sys/zio_compress.h>
|
2010-05-29 00:45:14 +04:00
|
|
|
#include <sys/sa.h>
|
2014-10-18 19:58:11 +04:00
|
|
|
#include <sys/zfeature.h>
|
2016-07-22 18:52:49 +03:00
|
|
|
#include <sys/abd.h>
|
2017-02-01 01:44:03 +03:00
|
|
|
#include <sys/trace_dmu.h>
|
2017-08-21 18:59:48 +03:00
|
|
|
#include <sys/zfs_rlock.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#ifdef _KERNEL
|
|
|
|
#include <sys/vmsystm.h>
|
2008-12-03 23:09:06 +03:00
|
|
|
#include <sys/zfs_znode.h>
|
2008-11-20 23:01:55 +03:00
|
|
|
#endif
|
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
/*
|
|
|
|
* Enable/disable nopwrite feature.
|
|
|
|
*/
|
|
|
|
int zfs_nopwrite_enabled = 1;
|
|
|
|
|
2017-02-01 01:44:03 +03:00
|
|
|
/*
|
|
|
|
* Tunable to control percentage of dirtied blocks from frees in one TXG.
|
|
|
|
* After this threshold is crossed, additional dirty blocks from frees
|
|
|
|
* wait until the next TXG.
|
|
|
|
* A value of zero will disable this throttle.
|
|
|
|
*/
|
2017-02-07 20:44:03 +03:00
|
|
|
unsigned long zfs_per_txg_dirty_frees_percent = 30;
|
2017-02-01 01:44:03 +03:00
|
|
|
|
2017-03-25 00:28:38 +03:00
|
|
|
/*
|
|
|
|
* Enable/disable forcing txg sync when dirty in dmu_offset_next.
|
|
|
|
*/
|
|
|
|
int zfs_dmu_offset_next_sync = 0;
|
|
|
|
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
/*
|
|
|
|
* This can be used for testing, to ensure that certain actions happen
|
|
|
|
* while in the middle of a remap (which might otherwise complete too
|
|
|
|
* quickly).
|
|
|
|
*/
|
|
|
|
int zfs_object_remap_one_indirect_delay_ticks = 0;
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
const dmu_object_type_info_t dmu_ot[DMU_OT_NUMTYPES] = {
|
2018-07-10 20:49:50 +03:00
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, FALSE, "unallocated" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "object directory" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, TRUE, FALSE, "object array" },
|
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, FALSE, "packed nvlist" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "packed nvlist size" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "bpobj" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "bpobj header" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "SPA space map header" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "SPA space map" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, TRUE, "ZIL intent log" },
|
|
|
|
{DMU_BSWAP_DNODE, TRUE, FALSE, TRUE, "DMU dnode" },
|
|
|
|
{DMU_BSWAP_OBJSET, TRUE, TRUE, FALSE, "DMU objset" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, TRUE, FALSE, "DSL directory" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL directory child map"},
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL dataset snap map" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL props" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, TRUE, FALSE, "DSL dataset" },
|
|
|
|
{DMU_BSWAP_ZNODE, TRUE, FALSE, FALSE, "ZFS znode" },
|
|
|
|
{DMU_BSWAP_OLDACL, TRUE, FALSE, TRUE, "ZFS V0 ACL" },
|
|
|
|
{DMU_BSWAP_UINT8, FALSE, FALSE, TRUE, "ZFS plain file" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "ZFS directory" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "ZFS master node" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "ZFS delete queue" },
|
|
|
|
{DMU_BSWAP_UINT8, FALSE, FALSE, TRUE, "zvol object" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "zvol prop" },
|
|
|
|
{DMU_BSWAP_UINT8, FALSE, FALSE, TRUE, "other uint8[]" },
|
|
|
|
{DMU_BSWAP_UINT64, FALSE, FALSE, TRUE, "other uint64[]" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "other ZAP" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "persistent error log" },
|
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, FALSE, "SPA history" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "SPA history offsets" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "Pool properties" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL permissions" },
|
|
|
|
{DMU_BSWAP_ACL, TRUE, FALSE, TRUE, "ZFS ACL" },
|
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, TRUE, "ZFS SYSACL" },
|
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, TRUE, "FUID table" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "FUID table size" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL dataset next clones"},
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "scan work queue" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "ZFS user/group/project used" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "ZFS user/group/project quota"},
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "snapshot refcount tags"},
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "DDT ZAP algorithm" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "DDT statistics" },
|
|
|
|
{DMU_BSWAP_UINT8, TRUE, FALSE, TRUE, "System attributes" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "SA master node" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "SA attr registration" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, TRUE, "SA attr layouts" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, FALSE, FALSE, "scan translations" },
|
|
|
|
{DMU_BSWAP_UINT8, FALSE, FALSE, TRUE, "deduplicated block" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL deadlist map" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, TRUE, FALSE, "DSL deadlist map hdr" },
|
|
|
|
{DMU_BSWAP_ZAP, TRUE, TRUE, FALSE, "DSL dir clones" },
|
|
|
|
{DMU_BSWAP_UINT64, TRUE, FALSE, FALSE, "bpobj subobj" }
|
2012-12-14 03:24:15 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
const dmu_object_byteswap_info_t dmu_ot_byteswap[DMU_BSWAP_NUMFUNCS] = {
|
|
|
|
{ byteswap_uint8_array, "uint8" },
|
|
|
|
{ byteswap_uint16_array, "uint16" },
|
|
|
|
{ byteswap_uint32_array, "uint32" },
|
|
|
|
{ byteswap_uint64_array, "uint64" },
|
|
|
|
{ zap_byteswap, "zap" },
|
|
|
|
{ dnode_buf_byteswap, "dnode" },
|
|
|
|
{ dmu_objset_byteswap, "objset" },
|
|
|
|
{ zfs_znode_byteswap, "znode" },
|
|
|
|
{ zfs_oldacl_byteswap, "oldacl" },
|
|
|
|
{ zfs_acl_byteswap, "acl" }
|
2008-11-20 23:01:55 +03:00
|
|
|
};
|
|
|
|
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-21 01:42:13 +03:00
|
|
|
int
|
|
|
|
dmu_buf_hold_noread_by_dnode(dnode_t *dn, uint64_t offset,
|
|
|
|
void *tag, dmu_buf_t **dbp)
|
|
|
|
{
|
|
|
|
uint64_t blkid;
|
|
|
|
dmu_buf_impl_t *db;
|
|
|
|
|
|
|
|
blkid = dbuf_whichblock(dn, 0, offset);
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
db = dbuf_hold(dn, blkid, tag);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
|
|
|
if (db == NULL) {
|
|
|
|
*dbp = NULL;
|
|
|
|
return (SET_ERROR(EIO));
|
|
|
|
}
|
|
|
|
|
|
|
|
*dbp = &db->db;
|
|
|
|
return (0);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
2014-06-06 01:19:08 +04:00
|
|
|
dmu_buf_hold_noread(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
void *tag, dmu_buf_t **dbp)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
uint64_t blkid;
|
|
|
|
dmu_buf_impl_t *db;
|
|
|
|
int err;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
2015-12-22 04:31:57 +03:00
|
|
|
blkid = dbuf_whichblock(dn, 0, offset);
|
2008-11-20 23:01:55 +03:00
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
db = dbuf_hold(dn, blkid, tag);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
2014-06-06 01:19:08 +04:00
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
if (db == NULL) {
|
2014-06-06 01:19:08 +04:00
|
|
|
*dbp = NULL;
|
|
|
|
return (SET_ERROR(EIO));
|
|
|
|
}
|
|
|
|
|
|
|
|
*dbp = &db->db;
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-21 01:42:13 +03:00
|
|
|
int
|
|
|
|
dmu_buf_hold_by_dnode(dnode_t *dn, uint64_t offset,
|
|
|
|
void *tag, dmu_buf_t **dbp, int flags)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
int db_flags = DB_RF_CANFAIL;
|
|
|
|
|
|
|
|
if (flags & DMU_READ_NO_PREFETCH)
|
|
|
|
db_flags |= DB_RF_NOPREFETCH;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
if (flags & DMU_READ_NO_DECRYPT)
|
|
|
|
db_flags |= DB_RF_NO_DECRYPT;
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-21 01:42:13 +03:00
|
|
|
|
|
|
|
err = dmu_buf_hold_noread_by_dnode(dn, offset, tag, dbp);
|
|
|
|
if (err == 0) {
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)(*dbp);
|
|
|
|
err = dbuf_read(db, NULL, db_flags);
|
|
|
|
if (err != 0) {
|
|
|
|
dbuf_rele(db, tag);
|
|
|
|
*dbp = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2014-06-06 01:19:08 +04:00
|
|
|
int
|
|
|
|
dmu_buf_hold(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
void *tag, dmu_buf_t **dbp, int flags)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
int db_flags = DB_RF_CANFAIL;
|
|
|
|
|
|
|
|
if (flags & DMU_READ_NO_PREFETCH)
|
|
|
|
db_flags |= DB_RF_NOPREFETCH;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
if (flags & DMU_READ_NO_DECRYPT)
|
|
|
|
db_flags |= DB_RF_NO_DECRYPT;
|
2014-06-06 01:19:08 +04:00
|
|
|
|
|
|
|
err = dmu_buf_hold_noread(os, object, offset, tag, dbp);
|
|
|
|
if (err == 0) {
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)(*dbp);
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dbuf_read(db, NULL, db_flags);
|
2014-06-06 01:19:08 +04:00
|
|
|
if (err != 0) {
|
2008-11-20 23:01:55 +03:00
|
|
|
dbuf_rele(db, tag);
|
2014-06-06 01:19:08 +04:00
|
|
|
*dbp = NULL;
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_bonus_max(void)
|
|
|
|
{
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
return (DN_OLD_MAX_BONUSLEN);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_set_bonus(dmu_buf_t *db_fake, int newsize, dmu_tx_t *tx)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
|
|
|
int error;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
|
|
|
|
if (dn->dn_bonus != db) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else if (newsize < 0 || newsize > db_fake->db_size) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else {
|
|
|
|
dnode_setbonuslen(dn, newsize, tx);
|
|
|
|
error = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
return (error);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
int
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_set_bonustype(dmu_buf_t *db_fake, dmu_object_type_t type, dmu_tx_t *tx)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
|
|
|
int error;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2012-12-14 03:24:15 +04:00
|
|
|
if (!DMU_OT_IS_VALID(type)) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else if (dn->dn_bonus != db) {
|
2013-03-08 22:41:28 +04:00
|
|
|
error = SET_ERROR(EINVAL);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else {
|
|
|
|
dnode_setbonus_type(dn, type, tx);
|
|
|
|
error = 0;
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
dmu_object_type_t
|
|
|
|
dmu_get_bonustype(dmu_buf_t *db_fake)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
|
|
|
dmu_object_type_t type;
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
type = dn->dn_bonustype;
|
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
|
|
|
|
return (type);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_rm_spill(objset_t *os, uint64_t object, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
dbuf_rm_spill(dn, tx);
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_WRITER);
|
|
|
|
dnode_rm_spill(dn, tx);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* returns ENOENT, EIO, or 0.
|
|
|
|
*/
|
|
|
|
int
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_bonus_hold_impl(objset_t *os, uint64_t object, void *tag, uint32_t flags,
|
|
|
|
dmu_buf_t **dbp)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
dmu_buf_impl_t *db;
|
|
|
|
int error;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
uint32_t db_flags = DB_RF_MUST_SUCCEED;
|
|
|
|
|
|
|
|
if (flags & DMU_READ_NO_PREFETCH)
|
|
|
|
db_flags |= DB_RF_NOPREFETCH;
|
|
|
|
if (flags & DMU_READ_NO_DECRYPT)
|
|
|
|
db_flags |= DB_RF_NO_DECRYPT;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
error = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
if (dn->dn_bonus == NULL) {
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_WRITER);
|
|
|
|
if (dn->dn_bonus == NULL)
|
|
|
|
dbuf_create_bonus(dn);
|
|
|
|
}
|
|
|
|
db = dn->dn_bonus;
|
|
|
|
|
|
|
|
/* as long as the bonus buf is held, the dnode will be held */
|
2018-09-26 20:29:26 +03:00
|
|
|
if (zfs_refcount_add(&db->db_holds, tag) == 1) {
|
2008-11-20 23:01:55 +03:00
|
|
|
VERIFY(dnode_add_ref(dn, db));
|
2015-03-12 03:03:31 +03:00
|
|
|
atomic_inc_32(&dn->dn_dbufs_count);
|
2010-08-27 01:24:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Wait to drop dn_struct_rwlock until after adding the bonus dbuf's
|
|
|
|
* hold and incrementing the dbuf count to ensure that dnode_move() sees
|
|
|
|
* a dnode hold for every dbuf.
|
|
|
|
*/
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dbuf_read(db, NULL, db_flags);
|
|
|
|
if (error) {
|
|
|
|
dnode_evict_bonus(dn);
|
|
|
|
dbuf_rele(db, tag);
|
|
|
|
*dbp = NULL;
|
|
|
|
return (error);
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
*dbp = &db->db;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
int
|
|
|
|
dmu_bonus_hold(objset_t *os, uint64_t obj, void *tag, dmu_buf_t **dbp)
|
|
|
|
{
|
|
|
|
return (dmu_bonus_hold_impl(os, obj, tag, DMU_READ_NO_PREFETCH, dbp));
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* returns ENOENT, EIO, or 0.
|
|
|
|
*
|
|
|
|
* This interface will allocate a blank spill dbuf when a spill blk
|
|
|
|
* doesn't already exist on the dnode.
|
|
|
|
*
|
|
|
|
* if you only want to find an already existing spill db, then
|
|
|
|
* dmu_spill_hold_existing() should be used.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_spill_hold_by_dnode(dnode_t *dn, uint32_t flags, void *tag, dmu_buf_t **dbp)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *db = NULL;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if ((flags & DB_RF_HAVESTRUCT) == 0)
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
|
|
|
|
db = dbuf_hold(dn, DMU_SPILL_BLKID, tag);
|
|
|
|
|
|
|
|
if ((flags & DB_RF_HAVESTRUCT) == 0)
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
2016-11-01 02:23:56 +03:00
|
|
|
if (db == NULL) {
|
|
|
|
*dbp = NULL;
|
|
|
|
return (SET_ERROR(EIO));
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
err = dbuf_read(db, NULL, flags);
|
|
|
|
if (err == 0)
|
|
|
|
*dbp = &db->db;
|
2016-11-01 02:23:56 +03:00
|
|
|
else {
|
2010-08-27 01:24:34 +04:00
|
|
|
dbuf_rele(db, tag);
|
2016-11-01 02:23:56 +03:00
|
|
|
*dbp = NULL;
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_spill_hold_existing(dmu_buf_t *bonus, void *tag, dmu_buf_t **dbp)
|
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)bonus;
|
|
|
|
dnode_t *dn;
|
2010-05-29 00:45:14 +04:00
|
|
|
int err;
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
|
|
|
|
if (spa_version(dn->dn_objset->os_spa) < SPA_VERSION_SA) {
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EINVAL);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else {
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
|
|
|
|
if (!dn->dn_have_spill) {
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(ENOENT);
|
2010-08-27 01:24:34 +04:00
|
|
|
} else {
|
|
|
|
err = dmu_spill_hold_by_dnode(dn,
|
|
|
|
DB_RF_HAVESTRUCT | DB_RF_CANFAIL, tag, dbp);
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
}
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
DB_DNODE_EXIT(db);
|
2010-05-29 00:45:14 +04:00
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2018-06-06 20:16:41 +03:00
|
|
|
dmu_spill_hold_by_bonus(dmu_buf_t *bonus, uint32_t flags, void *tag,
|
|
|
|
dmu_buf_t **dbp)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)bonus;
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
2018-06-06 20:16:41 +03:00
|
|
|
uint32_t db_flags = DB_RF_CANFAIL;
|
|
|
|
|
|
|
|
if (flags & DMU_READ_NO_DECRYPT)
|
|
|
|
db_flags |= DB_RF_NO_DECRYPT;
|
2010-08-27 01:24:34 +04:00
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
2018-06-06 20:16:41 +03:00
|
|
|
err = dmu_spill_hold_by_dnode(dn, db_flags, tag, dbp);
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
|
|
|
|
return (err);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
|
|
|
* Note: longer-term, we should modify all of the dmu_buf_*() interfaces
|
|
|
|
* to take a held dnode rather than <os, object> -- the lookup is wasteful,
|
|
|
|
* and can induce severe lock contention when writing to several files
|
|
|
|
* whose dnodes are in the same block.
|
|
|
|
*/
|
|
|
|
static int
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_buf_hold_array_by_dnode(dnode_t *dn, uint64_t offset, uint64_t length,
|
2015-12-27 00:10:31 +03:00
|
|
|
boolean_t read, void *tag, int *numbufsp, dmu_buf_t ***dbpp, uint32_t flags)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
uint64_t blkid, nblks, i;
|
2009-07-03 02:44:48 +04:00
|
|
|
uint32_t dbuf_flags;
|
2008-11-20 23:01:55 +03:00
|
|
|
int err;
|
|
|
|
zio_t *zio;
|
|
|
|
|
|
|
|
ASSERT(length <= DMU_MAX_ACCESS);
|
|
|
|
|
2015-12-27 00:10:31 +03:00
|
|
|
/*
|
|
|
|
* Note: We directly notify the prefetch code of this read, so that
|
|
|
|
* we can tell it about the multi-block read. dbuf_read() only knows
|
|
|
|
* about the one block it is accessing.
|
|
|
|
*/
|
|
|
|
dbuf_flags = DB_RF_CANFAIL | DB_RF_NEVERWAIT | DB_RF_HAVESTRUCT |
|
|
|
|
DB_RF_NOPREFETCH;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
if (dn->dn_datablkshift) {
|
|
|
|
int blkshift = dn->dn_datablkshift;
|
2015-12-27 00:10:31 +03:00
|
|
|
nblks = (P2ROUNDUP(offset + length, 1ULL << blkshift) -
|
|
|
|
P2ALIGN(offset, 1ULL << blkshift)) >> blkshift;
|
2008-11-20 23:01:55 +03:00
|
|
|
} else {
|
|
|
|
if (offset + length > dn->dn_datablksz) {
|
|
|
|
zfs_panic_recover("zfs: accessing past end of object "
|
|
|
|
"%llx/%llx (size=%u access=%llu+%llu)",
|
|
|
|
(longlong_t)dn->dn_objset->
|
|
|
|
os_dsl_dataset->ds_object,
|
|
|
|
(longlong_t)dn->dn_object, dn->dn_datablksz,
|
|
|
|
(longlong_t)offset, (longlong_t)length);
|
2009-08-18 22:43:27 +04:00
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EIO));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
nblks = 1;
|
|
|
|
}
|
2014-11-21 03:09:39 +03:00
|
|
|
dbp = kmem_zalloc(sizeof (dmu_buf_t *) * nblks, KM_SLEEP);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
zio = zio_root(dn->dn_objset->os_spa, NULL, NULL, ZIO_FLAG_CANFAIL);
|
2015-12-22 04:31:57 +03:00
|
|
|
blkid = dbuf_whichblock(dn, 0, offset);
|
2008-11-20 23:01:55 +03:00
|
|
|
for (i = 0; i < nblks; i++) {
|
2015-12-27 00:10:31 +03:00
|
|
|
dmu_buf_impl_t *db = dbuf_hold(dn, blkid + i, tag);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (db == NULL) {
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
dmu_buf_rele_array(dbp, nblks, tag);
|
|
|
|
zio_nowait(zio);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EIO));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2015-12-27 00:10:31 +03:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/* initiate async i/o */
|
2015-12-27 00:10:31 +03:00
|
|
|
if (read)
|
2009-07-03 02:44:48 +04:00
|
|
|
(void) dbuf_read(db, zio, dbuf_flags);
|
2008-11-20 23:01:55 +03:00
|
|
|
dbp[i] = &db->db;
|
|
|
|
}
|
2015-12-27 00:10:31 +03:00
|
|
|
|
2016-08-30 00:36:39 +03:00
|
|
|
if ((flags & DMU_READ_NO_PREFETCH) == 0 &&
|
|
|
|
DNODE_META_IS_CACHEABLE(dn) && length <= zfetch_array_rd_sz) {
|
|
|
|
dmu_zfetch(&dn->dn_zfetch, blkid, nblks,
|
|
|
|
read && DNODE_IS_CACHEABLE(dn));
|
2015-12-27 00:10:31 +03:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
|
|
|
/* wait for async i/o */
|
|
|
|
err = zio_wait(zio);
|
|
|
|
if (err) {
|
|
|
|
dmu_buf_rele_array(dbp, nblks, tag);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* wait for other io to complete */
|
|
|
|
if (read) {
|
|
|
|
for (i = 0; i < nblks; i++) {
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)dbp[i];
|
|
|
|
mutex_enter(&db->db_mtx);
|
|
|
|
while (db->db_state == DB_READ ||
|
|
|
|
db->db_state == DB_FILL)
|
|
|
|
cv_wait(&db->db_changed, &db->db_mtx);
|
|
|
|
if (db->db_state == DB_UNCACHED)
|
2013-03-08 22:41:28 +04:00
|
|
|
err = SET_ERROR(EIO);
|
2008-11-20 23:01:55 +03:00
|
|
|
mutex_exit(&db->db_mtx);
|
|
|
|
if (err) {
|
|
|
|
dmu_buf_rele_array(dbp, nblks, tag);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*numbufsp = nblks;
|
|
|
|
*dbpp = dbp;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
dmu_buf_hold_array(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
uint64_t length, int read, void *tag, int *numbufsp, dmu_buf_t ***dbpp)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
err = dmu_buf_hold_array_by_dnode(dn, offset, length, read, tag,
|
2009-07-03 02:44:48 +04:00
|
|
|
numbufsp, dbpp, DMU_READ_PREFETCH);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_hold_array_by_bonus(dmu_buf_t *db_fake, uint64_t offset,
|
2015-12-27 00:10:31 +03:00
|
|
|
uint64_t length, boolean_t read, void *tag, int *numbufsp,
|
|
|
|
dmu_buf_t ***dbpp)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
2008-11-20 23:01:55 +03:00
|
|
|
int err;
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
err = dmu_buf_hold_array_by_dnode(dn, offset, length, read, tag,
|
2009-07-03 02:44:48 +04:00
|
|
|
numbufsp, dbpp, DMU_READ_PREFETCH);
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_EXIT(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_buf_rele_array(dmu_buf_t **dbp_fake, int numbufs, void *tag)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
dmu_buf_impl_t **dbp = (dmu_buf_impl_t **)dbp_fake;
|
|
|
|
|
|
|
|
if (numbufs == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
|
|
|
if (dbp[i])
|
|
|
|
dbuf_rele(dbp[i], tag);
|
|
|
|
}
|
|
|
|
|
|
|
|
kmem_free(dbp, sizeof (dmu_buf_t *) * numbufs);
|
|
|
|
}
|
|
|
|
|
Illumos #4045 write throttle & i/o scheduler performance work
4045 zfs write throttle & i/o scheduler performance work
1. The ZFS i/o scheduler (vdev_queue.c) now divides i/os into 5 classes: sync
read, sync write, async read, async write, and scrub/resilver. The scheduler
issues a number of concurrent i/os from each class to the device. Once a class
has been selected, an i/o is selected from this class using either an elevator
algorithem (async, scrub classes) or FIFO (sync classes). The number of
concurrent async write i/os is tuned dynamically based on i/o load, to achieve
good sync i/o latency when there is not a high load of writes, and good write
throughput when there is. See the block comment in vdev_queue.c (reproduced
below) for more details.
2. The write throttle (dsl_pool_tempreserve_space() and
txg_constrain_throughput()) is rewritten to produce much more consistent delays
when under constant load. The new write throttle is based on the amount of
dirty data, rather than guesses about future performance of the system. When
there is a lot of dirty data, each transaction (e.g. write() syscall) will be
delayed by the same small amount. This eliminates the "brick wall of wait"
that the old write throttle could hit, causing all transactions to wait several
seconds until the next txg opens. One of the keys to the new write throttle is
decrementing the amount of dirty data as i/o completes, rather than at the end
of spa_sync(). Note that the write throttle is only applied once the i/o
scheduler is issuing the maximum number of outstanding async writes. See the
block comments in dsl_pool.c and above dmu_tx_delay() (reproduced below) for
more details.
This diff has several other effects, including:
* the commonly-tuned global variable zfs_vdev_max_pending has been removed;
use per-class zfs_vdev_*_max_active values or zfs_vdev_max_active instead.
* the size of each txg (meaning the amount of dirty data written, and thus the
time it takes to write out) is now controlled differently. There is no longer
an explicit time goal; the primary determinant is amount of dirty data.
Systems that are under light or medium load will now often see that a txg is
always syncing, but the impact to performance (e.g. read latency) is minimal.
Tune zfs_dirty_data_max and zfs_dirty_data_sync to control this.
* zio_taskq_batch_pct = 75 -- Only use 75% of all CPUs for compression,
checksum, etc. This improves latency by not allowing these CPU-intensive tasks
to consume all CPU (on machines with at least 4 CPU's; the percentage is
rounded up).
--matt
APPENDIX: problems with the current i/o scheduler
The current ZFS i/o scheduler (vdev_queue.c) is deadline based. The problem
with this is that if there are always i/os pending, then certain classes of
i/os can see very long delays.
For example, if there are always synchronous reads outstanding, then no async
writes will be serviced until they become "past due". One symptom of this
situation is that each pass of the txg sync takes at least several seconds
(typically 3 seconds).
If many i/os become "past due" (their deadline is in the past), then we must
service all of these overdue i/os before any new i/os. This happens when we
enqueue a batch of async writes for the txg sync, with deadlines 2.5 seconds in
the future. If we can't complete all the i/os in 2.5 seconds (e.g. because
there were always reads pending), then these i/os will become past due. Now we
must service all the "async" writes (which could be hundreds of megabytes)
before we service any reads, introducing considerable latency to synchronous
i/os (reads or ZIL writes).
Notes on porting to ZFS on Linux:
- zio_t gained new members io_physdone and io_phys_children. Because
object caches in the Linux port call the constructor only once at
allocation time, objects may contain residual data when retrieved
from the cache. Therefore zio_create() was updated to zero out the two
new fields.
- vdev_mirror_pending() relied on the depth of the per-vdev pending queue
(vq->vq_pending_tree) to select the least-busy leaf vdev to read from.
This tree has been replaced by vq->vq_active_tree which is now used
for the same purpose.
- vdev_queue_init() used the value of zfs_vdev_max_pending to determine
the number of vdev I/O buffers to pre-allocate. That global no longer
exists, so we instead use the sum of the *_max_active values for each of
the five I/O classes described above.
- The Illumos implementation of dmu_tx_delay() delays a transaction by
sleeping in condition variable embedded in the thread
(curthread->t_delay_cv). We do not have an equivalent CV to use in
Linux, so this change replaced the delay logic with a wrapper called
zfs_sleep_until(). This wrapper could be adopted upstream and in other
downstream ports to abstract away operating system-specific delay logic.
- These tunables are added as module parameters, and descriptions added
to the zfs-module-parameters.5 man page.
spa_asize_inflation
zfs_deadman_synctime_ms
zfs_vdev_max_active
zfs_vdev_async_write_active_min_dirty_percent
zfs_vdev_async_write_active_max_dirty_percent
zfs_vdev_async_read_max_active
zfs_vdev_async_read_min_active
zfs_vdev_async_write_max_active
zfs_vdev_async_write_min_active
zfs_vdev_scrub_max_active
zfs_vdev_scrub_min_active
zfs_vdev_sync_read_max_active
zfs_vdev_sync_read_min_active
zfs_vdev_sync_write_max_active
zfs_vdev_sync_write_min_active
zfs_dirty_data_max_percent
zfs_delay_min_dirty_percent
zfs_dirty_data_max_max_percent
zfs_dirty_data_max
zfs_dirty_data_max_max
zfs_dirty_data_sync
zfs_delay_scale
The latter four have type unsigned long, whereas they are uint64_t in
Illumos. This accommodates Linux's module_param() supported types, but
means they may overflow on 32-bit architectures.
The values zfs_dirty_data_max and zfs_dirty_data_max_max are the most
likely to overflow on 32-bit systems, since they express physical RAM
sizes in bytes. In fact, Illumos initializes zfs_dirty_data_max_max to
2^32 which does overflow. To resolve that, this port instead initializes
it in arc_init() to 25% of physical RAM, and adds the tunable
zfs_dirty_data_max_max_percent to override that percentage. While this
solution doesn't completely avoid the overflow issue, it should be a
reasonable default for most systems, and the minority of affected
systems can work around the issue by overriding the defaults.
- Fixed reversed logic in comment above zfs_delay_scale declaration.
- Clarified comments in vdev_queue.c regarding when per-queue minimums take
effect.
- Replaced dmu_tx_write_limit in the dmu_tx kstat file
with dmu_tx_dirty_delay and dmu_tx_dirty_over_max. The first counts
how many times a transaction has been delayed because the pool dirty
data has exceeded zfs_delay_min_dirty_percent. The latter counts how
many times the pool dirty data has exceeded zfs_dirty_data_max (which
we expect to never happen).
- The original patch would have regressed the bug fixed in
zfsonlinux/zfs@c418410, which prevented users from setting the
zfs_vdev_aggregation_limit tuning larger than SPA_MAXBLOCKSIZE.
A similar fix is added to vdev_queue_aggregate().
- In vdev_queue_io_to_issue(), dynamically allocate 'zio_t search' on the
heap instead of the stack. In Linux we can't afford such large
structures on the stack.
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Ned Bass <bass6@llnl.gov>
Reviewed by: Brendan Gregg <brendan.gregg@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
References:
http://www.illumos.org/issues/4045
illumos/illumos-gate@69962b5647e4a8b9b14998733b765925381b727e
Ported-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1913
2013-08-29 07:01:20 +04:00
|
|
|
/*
|
2015-12-22 04:31:57 +03:00
|
|
|
* Issue prefetch i/os for the given blocks. If level is greater than 0, the
|
|
|
|
* indirect blocks prefeteched will be those that point to the blocks containing
|
|
|
|
* the data starting at offset, and continuing to offset + len.
|
Illumos #4045 write throttle & i/o scheduler performance work
4045 zfs write throttle & i/o scheduler performance work
1. The ZFS i/o scheduler (vdev_queue.c) now divides i/os into 5 classes: sync
read, sync write, async read, async write, and scrub/resilver. The scheduler
issues a number of concurrent i/os from each class to the device. Once a class
has been selected, an i/o is selected from this class using either an elevator
algorithem (async, scrub classes) or FIFO (sync classes). The number of
concurrent async write i/os is tuned dynamically based on i/o load, to achieve
good sync i/o latency when there is not a high load of writes, and good write
throughput when there is. See the block comment in vdev_queue.c (reproduced
below) for more details.
2. The write throttle (dsl_pool_tempreserve_space() and
txg_constrain_throughput()) is rewritten to produce much more consistent delays
when under constant load. The new write throttle is based on the amount of
dirty data, rather than guesses about future performance of the system. When
there is a lot of dirty data, each transaction (e.g. write() syscall) will be
delayed by the same small amount. This eliminates the "brick wall of wait"
that the old write throttle could hit, causing all transactions to wait several
seconds until the next txg opens. One of the keys to the new write throttle is
decrementing the amount of dirty data as i/o completes, rather than at the end
of spa_sync(). Note that the write throttle is only applied once the i/o
scheduler is issuing the maximum number of outstanding async writes. See the
block comments in dsl_pool.c and above dmu_tx_delay() (reproduced below) for
more details.
This diff has several other effects, including:
* the commonly-tuned global variable zfs_vdev_max_pending has been removed;
use per-class zfs_vdev_*_max_active values or zfs_vdev_max_active instead.
* the size of each txg (meaning the amount of dirty data written, and thus the
time it takes to write out) is now controlled differently. There is no longer
an explicit time goal; the primary determinant is amount of dirty data.
Systems that are under light or medium load will now often see that a txg is
always syncing, but the impact to performance (e.g. read latency) is minimal.
Tune zfs_dirty_data_max and zfs_dirty_data_sync to control this.
* zio_taskq_batch_pct = 75 -- Only use 75% of all CPUs for compression,
checksum, etc. This improves latency by not allowing these CPU-intensive tasks
to consume all CPU (on machines with at least 4 CPU's; the percentage is
rounded up).
--matt
APPENDIX: problems with the current i/o scheduler
The current ZFS i/o scheduler (vdev_queue.c) is deadline based. The problem
with this is that if there are always i/os pending, then certain classes of
i/os can see very long delays.
For example, if there are always synchronous reads outstanding, then no async
writes will be serviced until they become "past due". One symptom of this
situation is that each pass of the txg sync takes at least several seconds
(typically 3 seconds).
If many i/os become "past due" (their deadline is in the past), then we must
service all of these overdue i/os before any new i/os. This happens when we
enqueue a batch of async writes for the txg sync, with deadlines 2.5 seconds in
the future. If we can't complete all the i/os in 2.5 seconds (e.g. because
there were always reads pending), then these i/os will become past due. Now we
must service all the "async" writes (which could be hundreds of megabytes)
before we service any reads, introducing considerable latency to synchronous
i/os (reads or ZIL writes).
Notes on porting to ZFS on Linux:
- zio_t gained new members io_physdone and io_phys_children. Because
object caches in the Linux port call the constructor only once at
allocation time, objects may contain residual data when retrieved
from the cache. Therefore zio_create() was updated to zero out the two
new fields.
- vdev_mirror_pending() relied on the depth of the per-vdev pending queue
(vq->vq_pending_tree) to select the least-busy leaf vdev to read from.
This tree has been replaced by vq->vq_active_tree which is now used
for the same purpose.
- vdev_queue_init() used the value of zfs_vdev_max_pending to determine
the number of vdev I/O buffers to pre-allocate. That global no longer
exists, so we instead use the sum of the *_max_active values for each of
the five I/O classes described above.
- The Illumos implementation of dmu_tx_delay() delays a transaction by
sleeping in condition variable embedded in the thread
(curthread->t_delay_cv). We do not have an equivalent CV to use in
Linux, so this change replaced the delay logic with a wrapper called
zfs_sleep_until(). This wrapper could be adopted upstream and in other
downstream ports to abstract away operating system-specific delay logic.
- These tunables are added as module parameters, and descriptions added
to the zfs-module-parameters.5 man page.
spa_asize_inflation
zfs_deadman_synctime_ms
zfs_vdev_max_active
zfs_vdev_async_write_active_min_dirty_percent
zfs_vdev_async_write_active_max_dirty_percent
zfs_vdev_async_read_max_active
zfs_vdev_async_read_min_active
zfs_vdev_async_write_max_active
zfs_vdev_async_write_min_active
zfs_vdev_scrub_max_active
zfs_vdev_scrub_min_active
zfs_vdev_sync_read_max_active
zfs_vdev_sync_read_min_active
zfs_vdev_sync_write_max_active
zfs_vdev_sync_write_min_active
zfs_dirty_data_max_percent
zfs_delay_min_dirty_percent
zfs_dirty_data_max_max_percent
zfs_dirty_data_max
zfs_dirty_data_max_max
zfs_dirty_data_sync
zfs_delay_scale
The latter four have type unsigned long, whereas they are uint64_t in
Illumos. This accommodates Linux's module_param() supported types, but
means they may overflow on 32-bit architectures.
The values zfs_dirty_data_max and zfs_dirty_data_max_max are the most
likely to overflow on 32-bit systems, since they express physical RAM
sizes in bytes. In fact, Illumos initializes zfs_dirty_data_max_max to
2^32 which does overflow. To resolve that, this port instead initializes
it in arc_init() to 25% of physical RAM, and adds the tunable
zfs_dirty_data_max_max_percent to override that percentage. While this
solution doesn't completely avoid the overflow issue, it should be a
reasonable default for most systems, and the minority of affected
systems can work around the issue by overriding the defaults.
- Fixed reversed logic in comment above zfs_delay_scale declaration.
- Clarified comments in vdev_queue.c regarding when per-queue minimums take
effect.
- Replaced dmu_tx_write_limit in the dmu_tx kstat file
with dmu_tx_dirty_delay and dmu_tx_dirty_over_max. The first counts
how many times a transaction has been delayed because the pool dirty
data has exceeded zfs_delay_min_dirty_percent. The latter counts how
many times the pool dirty data has exceeded zfs_dirty_data_max (which
we expect to never happen).
- The original patch would have regressed the bug fixed in
zfsonlinux/zfs@c418410, which prevented users from setting the
zfs_vdev_aggregation_limit tuning larger than SPA_MAXBLOCKSIZE.
A similar fix is added to vdev_queue_aggregate().
- In vdev_queue_io_to_issue(), dynamically allocate 'zio_t search' on the
heap instead of the stack. In Linux we can't afford such large
structures on the stack.
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Ned Bass <bass6@llnl.gov>
Reviewed by: Brendan Gregg <brendan.gregg@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
References:
http://www.illumos.org/issues/4045
illumos/illumos-gate@69962b5647e4a8b9b14998733b765925381b727e
Ported-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1913
2013-08-29 07:01:20 +04:00
|
|
|
*
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
* Note that if the indirect blocks above the blocks being prefetched are not
|
|
|
|
* in cache, they will be asychronously read in.
|
Illumos #4045 write throttle & i/o scheduler performance work
4045 zfs write throttle & i/o scheduler performance work
1. The ZFS i/o scheduler (vdev_queue.c) now divides i/os into 5 classes: sync
read, sync write, async read, async write, and scrub/resilver. The scheduler
issues a number of concurrent i/os from each class to the device. Once a class
has been selected, an i/o is selected from this class using either an elevator
algorithem (async, scrub classes) or FIFO (sync classes). The number of
concurrent async write i/os is tuned dynamically based on i/o load, to achieve
good sync i/o latency when there is not a high load of writes, and good write
throughput when there is. See the block comment in vdev_queue.c (reproduced
below) for more details.
2. The write throttle (dsl_pool_tempreserve_space() and
txg_constrain_throughput()) is rewritten to produce much more consistent delays
when under constant load. The new write throttle is based on the amount of
dirty data, rather than guesses about future performance of the system. When
there is a lot of dirty data, each transaction (e.g. write() syscall) will be
delayed by the same small amount. This eliminates the "brick wall of wait"
that the old write throttle could hit, causing all transactions to wait several
seconds until the next txg opens. One of the keys to the new write throttle is
decrementing the amount of dirty data as i/o completes, rather than at the end
of spa_sync(). Note that the write throttle is only applied once the i/o
scheduler is issuing the maximum number of outstanding async writes. See the
block comments in dsl_pool.c and above dmu_tx_delay() (reproduced below) for
more details.
This diff has several other effects, including:
* the commonly-tuned global variable zfs_vdev_max_pending has been removed;
use per-class zfs_vdev_*_max_active values or zfs_vdev_max_active instead.
* the size of each txg (meaning the amount of dirty data written, and thus the
time it takes to write out) is now controlled differently. There is no longer
an explicit time goal; the primary determinant is amount of dirty data.
Systems that are under light or medium load will now often see that a txg is
always syncing, but the impact to performance (e.g. read latency) is minimal.
Tune zfs_dirty_data_max and zfs_dirty_data_sync to control this.
* zio_taskq_batch_pct = 75 -- Only use 75% of all CPUs for compression,
checksum, etc. This improves latency by not allowing these CPU-intensive tasks
to consume all CPU (on machines with at least 4 CPU's; the percentage is
rounded up).
--matt
APPENDIX: problems with the current i/o scheduler
The current ZFS i/o scheduler (vdev_queue.c) is deadline based. The problem
with this is that if there are always i/os pending, then certain classes of
i/os can see very long delays.
For example, if there are always synchronous reads outstanding, then no async
writes will be serviced until they become "past due". One symptom of this
situation is that each pass of the txg sync takes at least several seconds
(typically 3 seconds).
If many i/os become "past due" (their deadline is in the past), then we must
service all of these overdue i/os before any new i/os. This happens when we
enqueue a batch of async writes for the txg sync, with deadlines 2.5 seconds in
the future. If we can't complete all the i/os in 2.5 seconds (e.g. because
there were always reads pending), then these i/os will become past due. Now we
must service all the "async" writes (which could be hundreds of megabytes)
before we service any reads, introducing considerable latency to synchronous
i/os (reads or ZIL writes).
Notes on porting to ZFS on Linux:
- zio_t gained new members io_physdone and io_phys_children. Because
object caches in the Linux port call the constructor only once at
allocation time, objects may contain residual data when retrieved
from the cache. Therefore zio_create() was updated to zero out the two
new fields.
- vdev_mirror_pending() relied on the depth of the per-vdev pending queue
(vq->vq_pending_tree) to select the least-busy leaf vdev to read from.
This tree has been replaced by vq->vq_active_tree which is now used
for the same purpose.
- vdev_queue_init() used the value of zfs_vdev_max_pending to determine
the number of vdev I/O buffers to pre-allocate. That global no longer
exists, so we instead use the sum of the *_max_active values for each of
the five I/O classes described above.
- The Illumos implementation of dmu_tx_delay() delays a transaction by
sleeping in condition variable embedded in the thread
(curthread->t_delay_cv). We do not have an equivalent CV to use in
Linux, so this change replaced the delay logic with a wrapper called
zfs_sleep_until(). This wrapper could be adopted upstream and in other
downstream ports to abstract away operating system-specific delay logic.
- These tunables are added as module parameters, and descriptions added
to the zfs-module-parameters.5 man page.
spa_asize_inflation
zfs_deadman_synctime_ms
zfs_vdev_max_active
zfs_vdev_async_write_active_min_dirty_percent
zfs_vdev_async_write_active_max_dirty_percent
zfs_vdev_async_read_max_active
zfs_vdev_async_read_min_active
zfs_vdev_async_write_max_active
zfs_vdev_async_write_min_active
zfs_vdev_scrub_max_active
zfs_vdev_scrub_min_active
zfs_vdev_sync_read_max_active
zfs_vdev_sync_read_min_active
zfs_vdev_sync_write_max_active
zfs_vdev_sync_write_min_active
zfs_dirty_data_max_percent
zfs_delay_min_dirty_percent
zfs_dirty_data_max_max_percent
zfs_dirty_data_max
zfs_dirty_data_max_max
zfs_dirty_data_sync
zfs_delay_scale
The latter four have type unsigned long, whereas they are uint64_t in
Illumos. This accommodates Linux's module_param() supported types, but
means they may overflow on 32-bit architectures.
The values zfs_dirty_data_max and zfs_dirty_data_max_max are the most
likely to overflow on 32-bit systems, since they express physical RAM
sizes in bytes. In fact, Illumos initializes zfs_dirty_data_max_max to
2^32 which does overflow. To resolve that, this port instead initializes
it in arc_init() to 25% of physical RAM, and adds the tunable
zfs_dirty_data_max_max_percent to override that percentage. While this
solution doesn't completely avoid the overflow issue, it should be a
reasonable default for most systems, and the minority of affected
systems can work around the issue by overriding the defaults.
- Fixed reversed logic in comment above zfs_delay_scale declaration.
- Clarified comments in vdev_queue.c regarding when per-queue minimums take
effect.
- Replaced dmu_tx_write_limit in the dmu_tx kstat file
with dmu_tx_dirty_delay and dmu_tx_dirty_over_max. The first counts
how many times a transaction has been delayed because the pool dirty
data has exceeded zfs_delay_min_dirty_percent. The latter counts how
many times the pool dirty data has exceeded zfs_dirty_data_max (which
we expect to never happen).
- The original patch would have regressed the bug fixed in
zfsonlinux/zfs@c418410, which prevented users from setting the
zfs_vdev_aggregation_limit tuning larger than SPA_MAXBLOCKSIZE.
A similar fix is added to vdev_queue_aggregate().
- In vdev_queue_io_to_issue(), dynamically allocate 'zio_t search' on the
heap instead of the stack. In Linux we can't afford such large
structures on the stack.
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Ned Bass <bass6@llnl.gov>
Reviewed by: Brendan Gregg <brendan.gregg@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
References:
http://www.illumos.org/issues/4045
illumos/illumos-gate@69962b5647e4a8b9b14998733b765925381b727e
Ported-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1913
2013-08-29 07:01:20 +04:00
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
void
|
2015-12-22 04:31:57 +03:00
|
|
|
dmu_prefetch(objset_t *os, uint64_t object, int64_t level, uint64_t offset,
|
|
|
|
uint64_t len, zio_priority_t pri)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
uint64_t blkid;
|
Illumos #4045 write throttle & i/o scheduler performance work
4045 zfs write throttle & i/o scheduler performance work
1. The ZFS i/o scheduler (vdev_queue.c) now divides i/os into 5 classes: sync
read, sync write, async read, async write, and scrub/resilver. The scheduler
issues a number of concurrent i/os from each class to the device. Once a class
has been selected, an i/o is selected from this class using either an elevator
algorithem (async, scrub classes) or FIFO (sync classes). The number of
concurrent async write i/os is tuned dynamically based on i/o load, to achieve
good sync i/o latency when there is not a high load of writes, and good write
throughput when there is. See the block comment in vdev_queue.c (reproduced
below) for more details.
2. The write throttle (dsl_pool_tempreserve_space() and
txg_constrain_throughput()) is rewritten to produce much more consistent delays
when under constant load. The new write throttle is based on the amount of
dirty data, rather than guesses about future performance of the system. When
there is a lot of dirty data, each transaction (e.g. write() syscall) will be
delayed by the same small amount. This eliminates the "brick wall of wait"
that the old write throttle could hit, causing all transactions to wait several
seconds until the next txg opens. One of the keys to the new write throttle is
decrementing the amount of dirty data as i/o completes, rather than at the end
of spa_sync(). Note that the write throttle is only applied once the i/o
scheduler is issuing the maximum number of outstanding async writes. See the
block comments in dsl_pool.c and above dmu_tx_delay() (reproduced below) for
more details.
This diff has several other effects, including:
* the commonly-tuned global variable zfs_vdev_max_pending has been removed;
use per-class zfs_vdev_*_max_active values or zfs_vdev_max_active instead.
* the size of each txg (meaning the amount of dirty data written, and thus the
time it takes to write out) is now controlled differently. There is no longer
an explicit time goal; the primary determinant is amount of dirty data.
Systems that are under light or medium load will now often see that a txg is
always syncing, but the impact to performance (e.g. read latency) is minimal.
Tune zfs_dirty_data_max and zfs_dirty_data_sync to control this.
* zio_taskq_batch_pct = 75 -- Only use 75% of all CPUs for compression,
checksum, etc. This improves latency by not allowing these CPU-intensive tasks
to consume all CPU (on machines with at least 4 CPU's; the percentage is
rounded up).
--matt
APPENDIX: problems with the current i/o scheduler
The current ZFS i/o scheduler (vdev_queue.c) is deadline based. The problem
with this is that if there are always i/os pending, then certain classes of
i/os can see very long delays.
For example, if there are always synchronous reads outstanding, then no async
writes will be serviced until they become "past due". One symptom of this
situation is that each pass of the txg sync takes at least several seconds
(typically 3 seconds).
If many i/os become "past due" (their deadline is in the past), then we must
service all of these overdue i/os before any new i/os. This happens when we
enqueue a batch of async writes for the txg sync, with deadlines 2.5 seconds in
the future. If we can't complete all the i/os in 2.5 seconds (e.g. because
there were always reads pending), then these i/os will become past due. Now we
must service all the "async" writes (which could be hundreds of megabytes)
before we service any reads, introducing considerable latency to synchronous
i/os (reads or ZIL writes).
Notes on porting to ZFS on Linux:
- zio_t gained new members io_physdone and io_phys_children. Because
object caches in the Linux port call the constructor only once at
allocation time, objects may contain residual data when retrieved
from the cache. Therefore zio_create() was updated to zero out the two
new fields.
- vdev_mirror_pending() relied on the depth of the per-vdev pending queue
(vq->vq_pending_tree) to select the least-busy leaf vdev to read from.
This tree has been replaced by vq->vq_active_tree which is now used
for the same purpose.
- vdev_queue_init() used the value of zfs_vdev_max_pending to determine
the number of vdev I/O buffers to pre-allocate. That global no longer
exists, so we instead use the sum of the *_max_active values for each of
the five I/O classes described above.
- The Illumos implementation of dmu_tx_delay() delays a transaction by
sleeping in condition variable embedded in the thread
(curthread->t_delay_cv). We do not have an equivalent CV to use in
Linux, so this change replaced the delay logic with a wrapper called
zfs_sleep_until(). This wrapper could be adopted upstream and in other
downstream ports to abstract away operating system-specific delay logic.
- These tunables are added as module parameters, and descriptions added
to the zfs-module-parameters.5 man page.
spa_asize_inflation
zfs_deadman_synctime_ms
zfs_vdev_max_active
zfs_vdev_async_write_active_min_dirty_percent
zfs_vdev_async_write_active_max_dirty_percent
zfs_vdev_async_read_max_active
zfs_vdev_async_read_min_active
zfs_vdev_async_write_max_active
zfs_vdev_async_write_min_active
zfs_vdev_scrub_max_active
zfs_vdev_scrub_min_active
zfs_vdev_sync_read_max_active
zfs_vdev_sync_read_min_active
zfs_vdev_sync_write_max_active
zfs_vdev_sync_write_min_active
zfs_dirty_data_max_percent
zfs_delay_min_dirty_percent
zfs_dirty_data_max_max_percent
zfs_dirty_data_max
zfs_dirty_data_max_max
zfs_dirty_data_sync
zfs_delay_scale
The latter four have type unsigned long, whereas they are uint64_t in
Illumos. This accommodates Linux's module_param() supported types, but
means they may overflow on 32-bit architectures.
The values zfs_dirty_data_max and zfs_dirty_data_max_max are the most
likely to overflow on 32-bit systems, since they express physical RAM
sizes in bytes. In fact, Illumos initializes zfs_dirty_data_max_max to
2^32 which does overflow. To resolve that, this port instead initializes
it in arc_init() to 25% of physical RAM, and adds the tunable
zfs_dirty_data_max_max_percent to override that percentage. While this
solution doesn't completely avoid the overflow issue, it should be a
reasonable default for most systems, and the minority of affected
systems can work around the issue by overriding the defaults.
- Fixed reversed logic in comment above zfs_delay_scale declaration.
- Clarified comments in vdev_queue.c regarding when per-queue minimums take
effect.
- Replaced dmu_tx_write_limit in the dmu_tx kstat file
with dmu_tx_dirty_delay and dmu_tx_dirty_over_max. The first counts
how many times a transaction has been delayed because the pool dirty
data has exceeded zfs_delay_min_dirty_percent. The latter counts how
many times the pool dirty data has exceeded zfs_dirty_data_max (which
we expect to never happen).
- The original patch would have regressed the bug fixed in
zfsonlinux/zfs@c418410, which prevented users from setting the
zfs_vdev_aggregation_limit tuning larger than SPA_MAXBLOCKSIZE.
A similar fix is added to vdev_queue_aggregate().
- In vdev_queue_io_to_issue(), dynamically allocate 'zio_t search' on the
heap instead of the stack. In Linux we can't afford such large
structures on the stack.
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Ned Bass <bass6@llnl.gov>
Reviewed by: Brendan Gregg <brendan.gregg@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
References:
http://www.illumos.org/issues/4045
illumos/illumos-gate@69962b5647e4a8b9b14998733b765925381b727e
Ported-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1913
2013-08-29 07:01:20 +04:00
|
|
|
int nblks, err;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (len == 0) { /* they're interested in the bonus buffer */
|
2010-08-27 01:24:34 +04:00
|
|
|
dn = DMU_META_DNODE(os);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (object == 0 || object >= DN_MAX_OBJECT)
|
|
|
|
return;
|
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
2015-12-22 04:31:57 +03:00
|
|
|
blkid = dbuf_whichblock(dn, level,
|
|
|
|
object * sizeof (dnode_phys_t));
|
|
|
|
dbuf_prefetch(dn, level, blkid, pri, 0);
|
2008-11-20 23:01:55 +03:00
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - Note, if the dnode for the requested object is not
|
|
|
|
* already cached, we will do a *synchronous* read in the
|
|
|
|
* dnode_hold() call. The same is true for any indirects.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err != 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
2015-12-22 04:31:57 +03:00
|
|
|
/*
|
|
|
|
* offset + len - 1 is the last byte we want to prefetch for, and offset
|
|
|
|
* is the first. Then dbuf_whichblk(dn, level, off + len - 1) is the
|
|
|
|
* last block we want to prefetch, and dbuf_whichblock(dn, level,
|
|
|
|
* offset) is the first. Then the number we need to prefetch is the
|
|
|
|
* last - first + 1.
|
|
|
|
*/
|
|
|
|
if (level > 0 || dn->dn_datablkshift != 0) {
|
|
|
|
nblks = dbuf_whichblock(dn, level, offset + len - 1) -
|
|
|
|
dbuf_whichblock(dn, level, offset) + 1;
|
2008-11-20 23:01:55 +03:00
|
|
|
} else {
|
|
|
|
nblks = (offset < dn->dn_datablksz);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nblks != 0) {
|
2015-12-22 04:31:57 +03:00
|
|
|
blkid = dbuf_whichblock(dn, level, offset);
|
2017-11-04 23:25:13 +03:00
|
|
|
for (int i = 0; i < nblks; i++)
|
2015-12-22 04:31:57 +03:00
|
|
|
dbuf_prefetch(dn, level, blkid + i, pri, 0);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
}
|
|
|
|
|
2009-08-18 22:43:27 +04:00
|
|
|
/*
|
|
|
|
* Get the next "chunk" of file data to free. We traverse the file from
|
|
|
|
* the end so that the file gets shorter over time (if we crashes in the
|
|
|
|
* middle, this will leave us in a better state). We find allocated file
|
|
|
|
* data by simply searching the allocated level 1 indirects.
|
2013-08-21 08:11:52 +04:00
|
|
|
*
|
|
|
|
* On input, *start should be the first offset that does not need to be
|
|
|
|
* freed (e.g. "offset + length"). On return, *start will be the first
|
|
|
|
* offset that should be freed.
|
2009-08-18 22:43:27 +04:00
|
|
|
*/
|
2008-12-03 23:09:06 +03:00
|
|
|
static int
|
2013-08-21 08:11:52 +04:00
|
|
|
get_next_chunk(dnode_t *dn, uint64_t *start, uint64_t minimum)
|
2008-12-03 23:09:06 +03:00
|
|
|
{
|
2013-08-21 08:11:52 +04:00
|
|
|
uint64_t maxblks = DMU_MAX_ACCESS >> (dn->dn_indblkshift + 1);
|
|
|
|
/* bytes of data covered by a level-1 indirect block */
|
2009-08-18 22:43:27 +04:00
|
|
|
uint64_t iblkrange =
|
2008-12-03 23:09:06 +03:00
|
|
|
dn->dn_datablksz * EPB(dn->dn_indblkshift, SPA_BLKPTRSHIFT);
|
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
ASSERT3U(minimum, <=, *start);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
if (*start - minimum <= iblkrange * maxblks) {
|
|
|
|
*start = minimum;
|
2008-12-03 23:09:06 +03:00
|
|
|
return (0);
|
|
|
|
}
|
2009-08-18 22:43:27 +04:00
|
|
|
ASSERT(ISP2(iblkrange));
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-11-04 23:25:13 +03:00
|
|
|
for (uint64_t blks = 0; *start > minimum && blks < maxblks; blks++) {
|
2008-12-03 23:09:06 +03:00
|
|
|
int err;
|
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
/*
|
|
|
|
* dnode_next_offset(BACKWARDS) will find an allocated L1
|
|
|
|
* indirect block at or before the input offset. We must
|
|
|
|
* decrement *start so that it is at the end of the region
|
|
|
|
* to search.
|
|
|
|
*/
|
|
|
|
(*start)--;
|
2008-12-03 23:09:06 +03:00
|
|
|
err = dnode_next_offset(dn,
|
2009-08-18 22:43:27 +04:00
|
|
|
DNODE_FIND_BACKWARDS, start, 2, 1, 0);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
/* if there are no indirect blocks before start, we are done */
|
2009-08-18 22:43:27 +04:00
|
|
|
if (err == ESRCH) {
|
2013-08-21 08:11:52 +04:00
|
|
|
*start = minimum;
|
|
|
|
break;
|
|
|
|
} else if (err != 0) {
|
2008-12-03 23:09:06 +03:00
|
|
|
return (err);
|
2009-08-18 22:43:27 +04:00
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
/* set start to the beginning of this L1 indirect */
|
2009-08-18 22:43:27 +04:00
|
|
|
*start = P2ALIGN(*start, iblkrange);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2013-08-21 08:11:52 +04:00
|
|
|
if (*start < minimum)
|
|
|
|
*start = minimum;
|
2008-12-03 23:09:06 +03:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2017-01-27 22:46:39 +03:00
|
|
|
/*
|
|
|
|
* If this objset is of type OST_ZFS return true if vfs's unmounted flag is set,
|
|
|
|
* otherwise return false.
|
|
|
|
* Used below in dmu_free_long_range_impl() to enable abort when unmounting
|
|
|
|
*/
|
|
|
|
/*ARGSUSED*/
|
|
|
|
static boolean_t
|
|
|
|
dmu_objset_zfs_unmounting(objset_t *os)
|
|
|
|
{
|
|
|
|
#ifdef _KERNEL
|
|
|
|
if (dmu_objset_type(os) == DMU_OST_ZFS)
|
|
|
|
return (zfs_get_vfs_flag_unmounted(os));
|
|
|
|
#endif
|
|
|
|
return (B_FALSE);
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
static int
|
|
|
|
dmu_free_long_range_impl(objset_t *os, dnode_t *dn, uint64_t offset,
|
2018-04-17 21:06:54 +03:00
|
|
|
uint64_t length)
|
2008-12-03 23:09:06 +03:00
|
|
|
{
|
2015-07-24 22:08:53 +03:00
|
|
|
uint64_t object_size;
|
2013-08-21 08:11:52 +04:00
|
|
|
int err;
|
2017-02-01 01:44:03 +03:00
|
|
|
uint64_t dirty_frees_threshold;
|
|
|
|
dsl_pool_t *dp = dmu_objset_pool(os);
|
2013-08-21 08:11:52 +04:00
|
|
|
|
2015-07-24 22:08:53 +03:00
|
|
|
if (dn == NULL)
|
|
|
|
return (SET_ERROR(EINVAL));
|
|
|
|
|
|
|
|
object_size = (dn->dn_maxblkid + 1) * dn->dn_datablksz;
|
2013-08-21 08:11:52 +04:00
|
|
|
if (offset >= object_size)
|
2008-12-03 23:09:06 +03:00
|
|
|
return (0);
|
|
|
|
|
2017-02-01 01:44:03 +03:00
|
|
|
if (zfs_per_txg_dirty_frees_percent <= 100)
|
|
|
|
dirty_frees_threshold =
|
|
|
|
zfs_per_txg_dirty_frees_percent * zfs_dirty_data_max / 100;
|
|
|
|
else
|
|
|
|
dirty_frees_threshold = zfs_dirty_data_max / 4;
|
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
if (length == DMU_OBJECT_END || offset + length > object_size)
|
|
|
|
length = object_size - offset;
|
|
|
|
|
|
|
|
while (length != 0) {
|
2017-02-01 01:44:03 +03:00
|
|
|
uint64_t chunk_end, chunk_begin, chunk_len;
|
|
|
|
uint64_t long_free_dirty_all_txgs = 0;
|
2013-08-21 08:11:52 +04:00
|
|
|
dmu_tx_t *tx;
|
|
|
|
|
2017-01-27 22:46:39 +03:00
|
|
|
if (dmu_objset_zfs_unmounting(dn->dn_objset))
|
|
|
|
return (SET_ERROR(EINTR));
|
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
chunk_end = chunk_begin = offset + length;
|
|
|
|
|
|
|
|
/* move chunk_begin backwards to the beginning of this chunk */
|
|
|
|
err = get_next_chunk(dn, &chunk_begin, offset);
|
2008-12-03 23:09:06 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
2013-08-21 08:11:52 +04:00
|
|
|
ASSERT3U(chunk_begin, >=, offset);
|
|
|
|
ASSERT3U(chunk_begin, <=, chunk_end);
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2017-02-01 01:44:03 +03:00
|
|
|
chunk_len = chunk_end - chunk_begin;
|
|
|
|
|
|
|
|
mutex_enter(&dp->dp_lock);
|
2017-11-04 23:25:13 +03:00
|
|
|
for (int t = 0; t < TXG_SIZE; t++) {
|
2017-02-01 01:44:03 +03:00
|
|
|
long_free_dirty_all_txgs +=
|
|
|
|
dp->dp_long_free_dirty_pertxg[t];
|
|
|
|
}
|
|
|
|
mutex_exit(&dp->dp_lock);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To avoid filling up a TXG with just frees wait for
|
|
|
|
* the next TXG to open before freeing more chunks if
|
|
|
|
* we have reached the threshold of frees
|
|
|
|
*/
|
|
|
|
if (dirty_frees_threshold != 0 &&
|
|
|
|
long_free_dirty_all_txgs >= dirty_frees_threshold) {
|
2018-07-25 19:52:27 +03:00
|
|
|
DMU_TX_STAT_BUMP(dmu_tx_dirty_frees_delay);
|
2017-02-01 01:44:03 +03:00
|
|
|
txg_wait_open(dp, 0);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
tx = dmu_tx_create(os);
|
2017-02-01 01:44:03 +03:00
|
|
|
dmu_tx_hold_free(tx, dn->dn_object, chunk_begin, chunk_len);
|
2014-07-07 23:49:36 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Mark this transaction as typically resulting in a net
|
|
|
|
* reduction in space used.
|
|
|
|
*/
|
|
|
|
dmu_tx_mark_netfree(tx);
|
2008-12-03 23:09:06 +03:00
|
|
|
err = dmu_tx_assign(tx, TXG_WAIT);
|
|
|
|
if (err) {
|
|
|
|
dmu_tx_abort(tx);
|
|
|
|
return (err);
|
|
|
|
}
|
2017-02-01 01:44:03 +03:00
|
|
|
|
|
|
|
mutex_enter(&dp->dp_lock);
|
|
|
|
dp->dp_long_free_dirty_pertxg[dmu_tx_get_txg(tx) & TXG_MASK] +=
|
|
|
|
chunk_len;
|
|
|
|
mutex_exit(&dp->dp_lock);
|
|
|
|
DTRACE_PROBE3(free__long__range,
|
|
|
|
uint64_t, long_free_dirty_all_txgs, uint64_t, chunk_len,
|
|
|
|
uint64_t, dmu_tx_get_txg(tx));
|
|
|
|
dnode_free_range(dn, chunk_begin, chunk_len, tx);
|
2017-09-28 18:49:13 +03:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
dmu_tx_commit(tx);
|
2013-08-21 08:11:52 +04:00
|
|
|
|
2017-02-01 01:44:03 +03:00
|
|
|
length -= chunk_len;
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_free_long_range(objset_t *os, uint64_t object,
|
|
|
|
uint64_t offset, uint64_t length)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-12-03 23:09:06 +03:00
|
|
|
if (err != 0)
|
|
|
|
return (err);
|
2018-04-17 21:06:54 +03:00
|
|
|
err = dmu_free_long_range_impl(os, dn, offset, length);
|
2013-08-30 13:19:35 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* It is important to zero out the maxblkid when freeing the entire
|
|
|
|
* file, so that (a) subsequent calls to dmu_free_long_range_impl()
|
|
|
|
* will take the fast path, and (b) dnode_reallocate() can verify
|
|
|
|
* that the entire file has been freed.
|
|
|
|
*/
|
2013-12-09 22:37:51 +04:00
|
|
|
if (err == 0 && offset == 0 && length == DMU_OBJECT_END)
|
2013-08-30 13:19:35 +04:00
|
|
|
dn->dn_maxblkid = 0;
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2018-04-17 21:06:54 +03:00
|
|
|
dmu_free_long_object(objset_t *os, uint64_t object)
|
2008-12-03 23:09:06 +03:00
|
|
|
{
|
|
|
|
dmu_tx_t *tx;
|
|
|
|
int err;
|
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
err = dmu_free_long_range(os, object, 0, DMU_OBJECT_END);
|
2008-12-03 23:09:06 +03:00
|
|
|
if (err != 0)
|
|
|
|
return (err);
|
2013-08-21 08:11:52 +04:00
|
|
|
|
|
|
|
tx = dmu_tx_create(os);
|
|
|
|
dmu_tx_hold_bonus(tx, object);
|
|
|
|
dmu_tx_hold_free(tx, object, 0, DMU_OBJECT_END);
|
2014-07-07 23:49:36 +04:00
|
|
|
dmu_tx_mark_netfree(tx);
|
2013-08-21 08:11:52 +04:00
|
|
|
err = dmu_tx_assign(tx, TXG_WAIT);
|
|
|
|
if (err == 0) {
|
2017-10-18 20:08:36 +03:00
|
|
|
if (err == 0)
|
|
|
|
err = dmu_object_free(os, object, tx);
|
2017-09-28 18:49:13 +03:00
|
|
|
|
2013-08-21 08:11:52 +04:00
|
|
|
dmu_tx_commit(tx);
|
2008-12-03 23:09:06 +03:00
|
|
|
} else {
|
2013-08-21 08:11:52 +04:00
|
|
|
dmu_tx_abort(tx);
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
2013-08-21 08:11:52 +04:00
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
|
|
|
dmu_free_range(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
uint64_t size, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
2010-05-29 00:45:14 +04:00
|
|
|
int err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
ASSERT(offset < UINT64_MAX);
|
2017-10-27 02:58:38 +03:00
|
|
|
ASSERT(size == DMU_OBJECT_END || size <= UINT64_MAX - offset);
|
2008-11-20 23:01:55 +03:00
|
|
|
dnode_free_range(dn, offset, size, tx);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2017-01-14 01:58:41 +03:00
|
|
|
static int
|
|
|
|
dmu_read_impl(dnode_t *dn, uint64_t offset, uint64_t size,
|
2009-07-03 02:44:48 +04:00
|
|
|
void *buf, uint32_t flags)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
2017-01-14 01:58:41 +03:00
|
|
|
int numbufs, err = 0;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Deal with odd block sizes, where there can't be data past the first
|
|
|
|
* block. If we ever do the tail block optimization, we will need to
|
|
|
|
* handle that here as well.
|
|
|
|
*/
|
2009-08-18 22:43:27 +04:00
|
|
|
if (dn->dn_maxblkid == 0) {
|
2015-04-30 15:20:38 +03:00
|
|
|
uint64_t newsz = offset > dn->dn_datablksz ? 0 :
|
2008-11-20 23:01:55 +03:00
|
|
|
MIN(size, dn->dn_datablksz - offset);
|
|
|
|
bzero((char *)buf + newsz, size - newsz);
|
|
|
|
size = newsz;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (size > 0) {
|
|
|
|
uint64_t mylen = MIN(size, DMU_MAX_ACCESS / 2);
|
2009-08-18 22:43:27 +04:00
|
|
|
int i;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* NB: we could do this block-at-a-time, but it's nice
|
|
|
|
* to be reading in parallel.
|
|
|
|
*/
|
|
|
|
err = dmu_buf_hold_array_by_dnode(dn, offset, mylen,
|
2009-07-03 02:44:48 +04:00
|
|
|
TRUE, FTAG, &numbufs, &dbp, flags);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
break;
|
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
2015-04-30 15:20:38 +03:00
|
|
|
uint64_t tocpy;
|
|
|
|
int64_t bufoff;
|
2008-11-20 23:01:55 +03:00
|
|
|
dmu_buf_t *db = dbp[i];
|
|
|
|
|
|
|
|
ASSERT(size > 0);
|
|
|
|
|
|
|
|
bufoff = offset - db->db_offset;
|
2015-04-30 15:20:38 +03:00
|
|
|
tocpy = MIN(db->db_size - bufoff, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2015-04-30 15:20:38 +03:00
|
|
|
(void) memcpy(buf, (char *)db->db_data + bufoff, tocpy);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
offset += tocpy;
|
|
|
|
size -= tocpy;
|
|
|
|
buf = (char *)buf + tocpy;
|
|
|
|
}
|
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
}
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2017-01-14 01:58:41 +03:00
|
|
|
int
|
|
|
|
dmu_read(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
|
|
|
void *buf, uint32_t flags)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2017-01-14 01:58:41 +03:00
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-01-14 01:58:41 +03:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err != 0)
|
|
|
|
return (err);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2017-01-14 01:58:41 +03:00
|
|
|
err = dmu_read_impl(dn, offset, size, buf, flags);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_read_by_dnode(dnode_t *dn, uint64_t offset, uint64_t size, void *buf,
|
|
|
|
uint32_t flags)
|
|
|
|
{
|
|
|
|
return (dmu_read_impl(dn, offset, size, buf, flags));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dmu_write_impl(dmu_buf_t **dbp, int numbufs, uint64_t offset, uint64_t size,
|
|
|
|
const void *buf, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
int i;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
2015-04-30 15:20:38 +03:00
|
|
|
uint64_t tocpy;
|
|
|
|
int64_t bufoff;
|
2008-11-20 23:01:55 +03:00
|
|
|
dmu_buf_t *db = dbp[i];
|
|
|
|
|
|
|
|
ASSERT(size > 0);
|
|
|
|
|
|
|
|
bufoff = offset - db->db_offset;
|
2015-04-30 15:20:38 +03:00
|
|
|
tocpy = MIN(db->db_size - bufoff, size);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
ASSERT(i == 0 || i == numbufs-1 || tocpy == db->db_size);
|
|
|
|
|
|
|
|
if (tocpy == db->db_size)
|
|
|
|
dmu_buf_will_fill(db, tx);
|
|
|
|
else
|
|
|
|
dmu_buf_will_dirty(db, tx);
|
|
|
|
|
2010-08-26 22:45:02 +04:00
|
|
|
(void) memcpy((char *)db->db_data + bufoff, buf, tocpy);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (tocpy == db->db_size)
|
|
|
|
dmu_buf_fill_done(db, tx);
|
|
|
|
|
|
|
|
offset += tocpy;
|
|
|
|
size -= tocpy;
|
|
|
|
buf = (char *)buf + tocpy;
|
|
|
|
}
|
2017-01-14 01:58:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_write(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
|
|
|
const void *buf, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
int numbufs;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
VERIFY0(dmu_buf_hold_array(os, object, offset, size,
|
|
|
|
FALSE, FTAG, &numbufs, &dbp));
|
|
|
|
dmu_write_impl(dbp, numbufs, offset, size, buf, tx);
|
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_write_by_dnode(dnode_t *dn, uint64_t offset, uint64_t size,
|
|
|
|
const void *buf, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
int numbufs;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
VERIFY0(dmu_buf_hold_array_by_dnode(dn, offset, size,
|
|
|
|
FALSE, FTAG, &numbufs, &dbp, DMU_READ_PREFETCH));
|
|
|
|
dmu_write_impl(dbp, numbufs, offset, size, buf, tx);
|
2008-11-20 23:01:55 +03:00
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
}
|
|
|
|
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 19:30:13 +03:00
|
|
|
static int
|
|
|
|
dmu_object_remap_one_indirect(objset_t *os, dnode_t *dn,
|
|
|
|
uint64_t last_removal_txg, uint64_t offset)
|
|
|
|
{
|
|
|
|
uint64_t l1blkid = dbuf_whichblock(dn, 1, offset);
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
dmu_buf_impl_t *dbuf = dbuf_hold_level(dn, 1, l1blkid, FTAG);
|
|
|
|
ASSERT3P(dbuf, !=, NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the block hasn't been written yet, this default will ensure
|
|
|
|
* we don't try to remap it.
|
|
|
|
*/
|
|
|
|
uint64_t birth = UINT64_MAX;
|
|
|
|
ASSERT3U(last_removal_txg, !=, UINT64_MAX);
|
|
|
|
if (dbuf->db_blkptr != NULL)
|
|
|
|
birth = dbuf->db_blkptr->blk_birth;
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If this L1 was already written after the last removal, then we've
|
|
|
|
* already tried to remap it.
|
|
|
|
*/
|
|
|
|
if (birth <= last_removal_txg &&
|
|
|
|
dbuf_read(dbuf, NULL, DB_RF_MUST_SUCCEED) == 0 &&
|
|
|
|
dbuf_can_remap(dbuf)) {
|
|
|
|
dmu_tx_t *tx = dmu_tx_create(os);
|
|
|
|
dmu_tx_hold_remap_l1indirect(tx, dn->dn_object);
|
|
|
|
err = dmu_tx_assign(tx, TXG_WAIT);
|
|
|
|
if (err == 0) {
|
|
|
|
(void) dbuf_dirty(dbuf, tx);
|
|
|
|
dmu_tx_commit(tx);
|
|
|
|
} else {
|
|
|
|
dmu_tx_abort(tx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dbuf_rele(dbuf, FTAG);
|
|
|
|
|
|
|
|
delay(zfs_object_remap_one_indirect_delay_ticks);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remap all blockpointers in the object, if possible, so that they reference
|
|
|
|
* only concrete vdevs.
|
|
|
|
*
|
|
|
|
* To do this, iterate over the L0 blockpointers and remap any that reference
|
|
|
|
* an indirect vdev. Note that we only examine L0 blockpointers; since we
|
|
|
|
* cannot guarantee that we can remap all blockpointer anyways (due to split
|
|
|
|
* blocks), we do not want to make the code unnecessarily complicated to
|
|
|
|
* catch the unlikely case that there is an L1 block on an indirect vdev that
|
|
|
|
* contains no indirect blockpointers.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_object_remap_indirects(objset_t *os, uint64_t object,
|
|
|
|
uint64_t last_removal_txg)
|
|
|
|
{
|
|
|
|
uint64_t offset, l1span;
|
|
|
|
int err;
|
|
|
|
dnode_t *dn;
|
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err != 0) {
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dn->dn_nlevels <= 1) {
|
|
|
|
if (issig(JUSTLOOKING) && issig(FORREAL)) {
|
|
|
|
err = SET_ERROR(EINTR);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the dnode has no indirect blocks, we cannot dirty them.
|
|
|
|
* We still want to remap the blkptr(s) in the dnode if
|
|
|
|
* appropriate, so mark it as dirty.
|
|
|
|
*/
|
|
|
|
if (err == 0 && dnode_needs_remap(dn)) {
|
|
|
|
dmu_tx_t *tx = dmu_tx_create(os);
|
|
|
|
dmu_tx_hold_bonus(tx, dn->dn_object);
|
|
|
|
if ((err = dmu_tx_assign(tx, TXG_WAIT)) == 0) {
|
|
|
|
dnode_setdirty(dn, tx);
|
|
|
|
dmu_tx_commit(tx);
|
|
|
|
} else {
|
|
|
|
dmu_tx_abort(tx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset = 0;
|
|
|
|
l1span = 1ULL << (dn->dn_indblkshift - SPA_BLKPTRSHIFT +
|
|
|
|
dn->dn_datablkshift);
|
|
|
|
/*
|
|
|
|
* Find the next L1 indirect that is not a hole.
|
|
|
|
*/
|
|
|
|
while (dnode_next_offset(dn, 0, &offset, 2, 1, 0) == 0) {
|
|
|
|
if (issig(JUSTLOOKING) && issig(FORREAL)) {
|
|
|
|
err = SET_ERROR(EINTR);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if ((err = dmu_object_remap_one_indirect(os, dn,
|
|
|
|
last_removal_txg, offset)) != 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
offset += l1span;
|
|
|
|
}
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
void
|
|
|
|
dmu_prealloc(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
int numbufs, i;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
VERIFY(0 == dmu_buf_hold_array(os, object, offset, size,
|
|
|
|
FALSE, FTAG, &numbufs, &dbp));
|
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
|
|
|
dmu_buf_t *db = dbp[i];
|
|
|
|
|
|
|
|
dmu_buf_will_not_fill(db, tx);
|
|
|
|
}
|
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
}
|
|
|
|
|
2014-06-06 01:19:08 +04:00
|
|
|
void
|
|
|
|
dmu_write_embedded(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
void *data, uint8_t etype, uint8_t comp, int uncompressed_size,
|
|
|
|
int compressed_size, int byteorder, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t *db;
|
|
|
|
|
|
|
|
ASSERT3U(etype, <, NUM_BP_EMBEDDED_TYPES);
|
|
|
|
ASSERT3U(comp, <, ZIO_COMPRESS_FUNCTIONS);
|
|
|
|
VERIFY0(dmu_buf_hold_noread(os, object, offset,
|
|
|
|
FTAG, &db));
|
|
|
|
|
|
|
|
dmu_buf_write_embedded(db,
|
|
|
|
data, (bp_embedded_type_t)etype, (enum zio_compress)comp,
|
|
|
|
uncompressed_size, compressed_size, byteorder, tx);
|
|
|
|
|
|
|
|
dmu_buf_rele(db, FTAG);
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* DMU support for xuio
|
|
|
|
*/
|
|
|
|
kstat_t *xuio_ksp = NULL;
|
|
|
|
|
2010-08-26 21:26:05 +04:00
|
|
|
typedef struct xuio_stats {
|
|
|
|
/* loaned yet not returned arc_buf */
|
|
|
|
kstat_named_t xuiostat_onloan_rbuf;
|
|
|
|
kstat_named_t xuiostat_onloan_wbuf;
|
|
|
|
/* whether a copy is made when loaning out a read buffer */
|
|
|
|
kstat_named_t xuiostat_rbuf_copied;
|
|
|
|
kstat_named_t xuiostat_rbuf_nocopy;
|
|
|
|
/* whether a copy is made when assigning a write buffer */
|
|
|
|
kstat_named_t xuiostat_wbuf_copied;
|
|
|
|
kstat_named_t xuiostat_wbuf_nocopy;
|
|
|
|
} xuio_stats_t;
|
|
|
|
|
|
|
|
static xuio_stats_t xuio_stats = {
|
|
|
|
{ "onloan_read_buf", KSTAT_DATA_UINT64 },
|
|
|
|
{ "onloan_write_buf", KSTAT_DATA_UINT64 },
|
|
|
|
{ "read_buf_copied", KSTAT_DATA_UINT64 },
|
|
|
|
{ "read_buf_nocopy", KSTAT_DATA_UINT64 },
|
|
|
|
{ "write_buf_copied", KSTAT_DATA_UINT64 },
|
|
|
|
{ "write_buf_nocopy", KSTAT_DATA_UINT64 }
|
|
|
|
};
|
|
|
|
|
2013-11-01 23:26:11 +04:00
|
|
|
#define XUIOSTAT_INCR(stat, val) \
|
|
|
|
atomic_add_64(&xuio_stats.stat.value.ui64, (val))
|
|
|
|
#define XUIOSTAT_BUMP(stat) XUIOSTAT_INCR(stat, 1)
|
2010-08-26 21:26:05 +04:00
|
|
|
|
2016-10-20 21:24:01 +03:00
|
|
|
#ifdef HAVE_UIO_ZEROCOPY
|
2010-05-29 00:45:14 +04:00
|
|
|
int
|
|
|
|
dmu_xuio_init(xuio_t *xuio, int nblk)
|
|
|
|
{
|
|
|
|
dmu_xuio_t *priv;
|
|
|
|
uio_t *uio = &xuio->xu_uio;
|
|
|
|
|
|
|
|
uio->uio_iovcnt = nblk;
|
2014-11-21 03:09:39 +03:00
|
|
|
uio->uio_iov = kmem_zalloc(nblk * sizeof (iovec_t), KM_SLEEP);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2014-11-21 03:09:39 +03:00
|
|
|
priv = kmem_zalloc(sizeof (dmu_xuio_t), KM_SLEEP);
|
2010-05-29 00:45:14 +04:00
|
|
|
priv->cnt = nblk;
|
2014-11-21 03:09:39 +03:00
|
|
|
priv->bufs = kmem_zalloc(nblk * sizeof (arc_buf_t *), KM_SLEEP);
|
2015-07-30 17:24:36 +03:00
|
|
|
priv->iovp = (iovec_t *)uio->uio_iov;
|
2010-05-29 00:45:14 +04:00
|
|
|
XUIO_XUZC_PRIV(xuio) = priv;
|
|
|
|
|
|
|
|
if (XUIO_XUZC_RW(xuio) == UIO_READ)
|
|
|
|
XUIOSTAT_INCR(xuiostat_onloan_rbuf, nblk);
|
|
|
|
else
|
|
|
|
XUIOSTAT_INCR(xuiostat_onloan_wbuf, nblk);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_xuio_fini(xuio_t *xuio)
|
|
|
|
{
|
|
|
|
dmu_xuio_t *priv = XUIO_XUZC_PRIV(xuio);
|
|
|
|
int nblk = priv->cnt;
|
|
|
|
|
|
|
|
kmem_free(priv->iovp, nblk * sizeof (iovec_t));
|
|
|
|
kmem_free(priv->bufs, nblk * sizeof (arc_buf_t *));
|
|
|
|
kmem_free(priv, sizeof (dmu_xuio_t));
|
|
|
|
|
|
|
|
if (XUIO_XUZC_RW(xuio) == UIO_READ)
|
|
|
|
XUIOSTAT_INCR(xuiostat_onloan_rbuf, -nblk);
|
|
|
|
else
|
|
|
|
XUIOSTAT_INCR(xuiostat_onloan_wbuf, -nblk);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize iov[priv->next] and priv->bufs[priv->next] with { off, n, abuf }
|
|
|
|
* and increase priv->next by 1.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_xuio_add(xuio_t *xuio, arc_buf_t *abuf, offset_t off, size_t n)
|
|
|
|
{
|
|
|
|
struct iovec *iov;
|
|
|
|
uio_t *uio = &xuio->xu_uio;
|
|
|
|
dmu_xuio_t *priv = XUIO_XUZC_PRIV(xuio);
|
|
|
|
int i = priv->next++;
|
|
|
|
|
|
|
|
ASSERT(i < priv->cnt);
|
2016-07-11 20:45:52 +03:00
|
|
|
ASSERT(off + n <= arc_buf_lsize(abuf));
|
2015-07-30 17:24:36 +03:00
|
|
|
iov = (iovec_t *)uio->uio_iov + i;
|
2010-05-29 00:45:14 +04:00
|
|
|
iov->iov_base = (char *)abuf->b_data + off;
|
|
|
|
iov->iov_len = n;
|
|
|
|
priv->bufs[i] = abuf;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
dmu_xuio_cnt(xuio_t *xuio)
|
|
|
|
{
|
|
|
|
dmu_xuio_t *priv = XUIO_XUZC_PRIV(xuio);
|
|
|
|
return (priv->cnt);
|
|
|
|
}
|
|
|
|
|
|
|
|
arc_buf_t *
|
|
|
|
dmu_xuio_arcbuf(xuio_t *xuio, int i)
|
|
|
|
{
|
|
|
|
dmu_xuio_t *priv = XUIO_XUZC_PRIV(xuio);
|
|
|
|
|
|
|
|
ASSERT(i < priv->cnt);
|
|
|
|
return (priv->bufs[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_xuio_clear(xuio_t *xuio, int i)
|
|
|
|
{
|
|
|
|
dmu_xuio_t *priv = XUIO_XUZC_PRIV(xuio);
|
|
|
|
|
|
|
|
ASSERT(i < priv->cnt);
|
|
|
|
priv->bufs[i] = NULL;
|
|
|
|
}
|
2016-10-20 21:24:01 +03:00
|
|
|
#endif /* HAVE_UIO_ZEROCOPY */
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
static void
|
|
|
|
xuio_stat_init(void)
|
|
|
|
{
|
|
|
|
xuio_ksp = kstat_create("zfs", 0, "xuio_stats", "misc",
|
|
|
|
KSTAT_TYPE_NAMED, sizeof (xuio_stats) / sizeof (kstat_named_t),
|
|
|
|
KSTAT_FLAG_VIRTUAL);
|
|
|
|
if (xuio_ksp != NULL) {
|
|
|
|
xuio_ksp->ks_data = &xuio_stats;
|
|
|
|
kstat_install(xuio_ksp);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
xuio_stat_fini(void)
|
|
|
|
{
|
|
|
|
if (xuio_ksp != NULL) {
|
|
|
|
kstat_delete(xuio_ksp);
|
|
|
|
xuio_ksp = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2017-01-14 02:33:14 +03:00
|
|
|
xuio_stat_wbuf_copied(void)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
XUIOSTAT_BUMP(xuiostat_wbuf_copied);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2017-01-14 02:33:14 +03:00
|
|
|
xuio_stat_wbuf_nocopy(void)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
XUIOSTAT_BUMP(xuiostat_wbuf_nocopy);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
#ifdef _KERNEL
|
2017-06-13 19:18:08 +03:00
|
|
|
int
|
2015-06-17 00:06:27 +03:00
|
|
|
dmu_read_uio_dnode(dnode_t *dn, uio_t *uio, uint64_t size)
|
2010-12-17 20:14:38 +03:00
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
int numbufs, i, err;
|
2016-10-20 21:24:01 +03:00
|
|
|
#ifdef HAVE_UIO_ZEROCOPY
|
2010-12-17 20:14:38 +03:00
|
|
|
xuio_t *xuio = NULL;
|
2016-10-20 21:24:01 +03:00
|
|
|
#endif
|
2010-12-17 20:14:38 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* NB: we could do this block-at-a-time, but it's nice
|
|
|
|
* to be reading in parallel.
|
|
|
|
*/
|
2015-06-17 00:06:27 +03:00
|
|
|
err = dmu_buf_hold_array_by_dnode(dn, uio->uio_loffset, size,
|
|
|
|
TRUE, FTAG, &numbufs, &dbp, 0);
|
2010-12-17 20:14:38 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
2015-04-30 15:20:38 +03:00
|
|
|
uint64_t tocpy;
|
|
|
|
int64_t bufoff;
|
2010-12-17 20:14:38 +03:00
|
|
|
dmu_buf_t *db = dbp[i];
|
|
|
|
|
|
|
|
ASSERT(size > 0);
|
|
|
|
|
|
|
|
bufoff = uio->uio_loffset - db->db_offset;
|
2015-04-30 15:20:38 +03:00
|
|
|
tocpy = MIN(db->db_size - bufoff, size);
|
2010-12-17 20:14:38 +03:00
|
|
|
|
2016-10-20 21:24:01 +03:00
|
|
|
#ifdef HAVE_UIO_ZEROCOPY
|
2010-12-17 20:14:38 +03:00
|
|
|
if (xuio) {
|
|
|
|
dmu_buf_impl_t *dbi = (dmu_buf_impl_t *)db;
|
|
|
|
arc_buf_t *dbuf_abuf = dbi->db_buf;
|
|
|
|
arc_buf_t *abuf = dbuf_loan_arcbuf(dbi);
|
|
|
|
err = dmu_xuio_add(xuio, abuf, bufoff, tocpy);
|
|
|
|
if (!err) {
|
|
|
|
uio->uio_resid -= tocpy;
|
|
|
|
uio->uio_loffset += tocpy;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (abuf == dbuf_abuf)
|
|
|
|
XUIOSTAT_BUMP(xuiostat_rbuf_nocopy);
|
|
|
|
else
|
|
|
|
XUIOSTAT_BUMP(xuiostat_rbuf_copied);
|
2016-10-20 21:24:01 +03:00
|
|
|
} else
|
|
|
|
#endif
|
2010-12-17 20:14:38 +03:00
|
|
|
err = uiomove((char *)db->db_data + bufoff, tocpy,
|
|
|
|
UIO_READ, uio);
|
|
|
|
if (err)
|
|
|
|
break;
|
|
|
|
|
|
|
|
size -= tocpy;
|
|
|
|
}
|
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2015-06-17 00:06:27 +03:00
|
|
|
/*
|
|
|
|
* Read 'size' bytes into the uio buffer.
|
|
|
|
* From object zdb->db_object.
|
|
|
|
* Starting at offset uio->uio_loffset.
|
|
|
|
*
|
|
|
|
* If the caller already has a dbuf in the target object
|
|
|
|
* (e.g. its bonus buffer), this routine is faster than dmu_read_uio(),
|
|
|
|
* because we don't have to find the dnode_t for the object.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_read_uio_dbuf(dmu_buf_t *zdb, uio_t *uio, uint64_t size)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)zdb;
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
err = dmu_read_uio_dnode(dn, uio, size);
|
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read 'size' bytes into the uio buffer.
|
|
|
|
* From the specified object
|
|
|
|
* Starting at offset uio->uio_loffset.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_read_uio(objset_t *os, uint64_t object, uio_t *uio, uint64_t size)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
err = dmu_read_uio_dnode(dn, uio, size);
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2017-06-13 19:18:08 +03:00
|
|
|
int
|
2010-12-17 20:14:38 +03:00
|
|
|
dmu_write_uio_dnode(dnode_t *dn, uio_t *uio, uint64_t size, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t **dbp;
|
|
|
|
int numbufs;
|
|
|
|
int err = 0;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
err = dmu_buf_hold_array_by_dnode(dn, uio->uio_loffset, size,
|
|
|
|
FALSE, FTAG, &numbufs, &dbp, DMU_READ_PREFETCH);
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
for (i = 0; i < numbufs; i++) {
|
2015-04-30 15:20:38 +03:00
|
|
|
uint64_t tocpy;
|
|
|
|
int64_t bufoff;
|
2010-12-17 20:14:38 +03:00
|
|
|
dmu_buf_t *db = dbp[i];
|
|
|
|
|
|
|
|
ASSERT(size > 0);
|
|
|
|
|
|
|
|
bufoff = uio->uio_loffset - db->db_offset;
|
2015-04-30 15:20:38 +03:00
|
|
|
tocpy = MIN(db->db_size - bufoff, size);
|
2010-12-17 20:14:38 +03:00
|
|
|
|
|
|
|
ASSERT(i == 0 || i == numbufs-1 || tocpy == db->db_size);
|
|
|
|
|
|
|
|
if (tocpy == db->db_size)
|
|
|
|
dmu_buf_will_fill(db, tx);
|
|
|
|
else
|
|
|
|
dmu_buf_will_dirty(db, tx);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX uiomove could block forever (eg.nfs-backed
|
|
|
|
* pages). There needs to be a uiolockdown() function
|
|
|
|
* to lock the pages in memory, so that uiomove won't
|
|
|
|
* block.
|
|
|
|
*/
|
|
|
|
err = uiomove((char *)db->db_data + bufoff, tocpy,
|
|
|
|
UIO_WRITE, uio);
|
|
|
|
|
|
|
|
if (tocpy == db->db_size)
|
|
|
|
dmu_buf_fill_done(db, tx);
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
break;
|
|
|
|
|
|
|
|
size -= tocpy;
|
|
|
|
}
|
|
|
|
|
|
|
|
dmu_buf_rele_array(dbp, numbufs, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2015-06-17 00:06:27 +03:00
|
|
|
/*
|
|
|
|
* Write 'size' bytes from the uio buffer.
|
|
|
|
* To object zdb->db_object.
|
|
|
|
* Starting at offset uio->uio_loffset.
|
|
|
|
*
|
|
|
|
* If the caller already has a dbuf in the target object
|
|
|
|
* (e.g. its bonus buffer), this routine is faster than dmu_write_uio(),
|
|
|
|
* because we don't have to find the dnode_t for the object.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
int
|
|
|
|
dmu_write_uio_dbuf(dmu_buf_t *zdb, uio_t *uio, uint64_t size,
|
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)zdb;
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (size == 0)
|
|
|
|
return (0);
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
err = dmu_write_uio_dnode(dn, uio, size, tx);
|
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
|
|
|
|
return (err);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2015-06-17 00:06:27 +03:00
|
|
|
/*
|
|
|
|
* Write 'size' bytes from the uio buffer.
|
|
|
|
* To the specified object.
|
|
|
|
* Starting at offset uio->uio_loffset.
|
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
int
|
|
|
|
dmu_write_uio(objset_t *os, uint64_t object, uio_t *uio, uint64_t size,
|
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
err = dmu_write_uio_dnode(dn, uio, size, tx);
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
2010-12-17 20:14:38 +03:00
|
|
|
#endif /* _KERNEL */
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
|
|
|
* Allocate a loaned anonymous arc buffer.
|
|
|
|
*/
|
|
|
|
arc_buf_t *
|
|
|
|
dmu_request_arcbuf(dmu_buf_t *handle, int size)
|
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)handle;
|
2009-07-03 02:44:48 +04:00
|
|
|
|
2016-07-11 20:45:52 +03:00
|
|
|
return (arc_loan_buf(db->db_objset->os_spa, B_FALSE, size));
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free a loaned arc buffer.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
dmu_return_arcbuf(arc_buf_t *buf)
|
|
|
|
{
|
|
|
|
arc_return_buf(buf, FTAG);
|
2016-06-02 07:04:53 +03:00
|
|
|
arc_buf_destroy(buf, FTAG);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
void
|
|
|
|
dmu_copy_from_buf(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
dmu_buf_t *handle, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_t *dst_handle;
|
|
|
|
dmu_buf_impl_t *dstdb;
|
|
|
|
dmu_buf_impl_t *srcdb = (dmu_buf_impl_t *)handle;
|
2018-08-20 21:03:56 +03:00
|
|
|
dmu_object_type_t type;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
arc_buf_t *abuf;
|
|
|
|
uint64_t datalen;
|
|
|
|
boolean_t byteorder;
|
|
|
|
uint8_t salt[ZIO_DATA_SALT_LEN];
|
|
|
|
uint8_t iv[ZIO_DATA_IV_LEN];
|
|
|
|
uint8_t mac[ZIO_DATA_MAC_LEN];
|
|
|
|
|
|
|
|
ASSERT3P(srcdb->db_buf, !=, NULL);
|
|
|
|
|
|
|
|
/* hold the db that we want to write to */
|
|
|
|
VERIFY0(dmu_buf_hold(os, object, offset, FTAG, &dst_handle,
|
|
|
|
DMU_READ_NO_DECRYPT));
|
|
|
|
dstdb = (dmu_buf_impl_t *)dst_handle;
|
|
|
|
datalen = arc_buf_size(srcdb->db_buf);
|
|
|
|
|
2018-08-20 21:03:56 +03:00
|
|
|
DB_DNODE_ENTER(dstdb);
|
|
|
|
type = DB_DNODE(dstdb)->dn_type;
|
|
|
|
DB_DNODE_EXIT(dstdb);
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/* allocated an arc buffer that matches the type of srcdb->db_buf */
|
|
|
|
if (arc_is_encrypted(srcdb->db_buf)) {
|
|
|
|
arc_get_raw_params(srcdb->db_buf, &byteorder, salt, iv, mac);
|
|
|
|
abuf = arc_loan_raw_buf(os->os_spa, dmu_objset_id(os),
|
2018-08-20 21:03:56 +03:00
|
|
|
byteorder, salt, iv, mac, type,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
datalen, arc_buf_lsize(srcdb->db_buf),
|
|
|
|
arc_get_compression(srcdb->db_buf));
|
|
|
|
} else {
|
|
|
|
/* we won't get a compressed db back from dmu_buf_hold() */
|
|
|
|
ASSERT3U(arc_get_compression(srcdb->db_buf),
|
|
|
|
==, ZIO_COMPRESS_OFF);
|
|
|
|
abuf = arc_loan_buf(os->os_spa,
|
2018-08-20 21:03:56 +03:00
|
|
|
DMU_OT_IS_METADATA(type), datalen);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
ASSERT3U(datalen, ==, arc_buf_size(abuf));
|
|
|
|
|
|
|
|
/* copy the data to the new buffer and assign it to the dstdb */
|
|
|
|
bcopy(srcdb->db_buf->b_data, abuf->b_data, datalen);
|
|
|
|
dbuf_assign_arcbuf(dstdb, abuf, tx);
|
|
|
|
dmu_buf_rele(dst_handle, FTAG);
|
|
|
|
}
|
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
/*
|
|
|
|
* When possible directly assign passed loaned arc buffer to a dbuf.
|
|
|
|
* If this is not possible copy the contents of passed arc buf via
|
|
|
|
* dmu_write().
|
|
|
|
*/
|
|
|
|
void
|
2017-09-28 18:49:13 +03:00
|
|
|
dmu_assign_arcbuf_by_dnode(dnode_t *dn, uint64_t offset, arc_buf_t *buf,
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *db;
|
2017-09-28 18:49:13 +03:00
|
|
|
objset_t *os = dn->dn_objset;
|
|
|
|
uint64_t object = dn->dn_object;
|
2016-07-11 20:45:52 +03:00
|
|
|
uint32_t blksz = (uint32_t)arc_buf_lsize(buf);
|
2009-07-03 02:44:48 +04:00
|
|
|
uint64_t blkid;
|
|
|
|
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
2015-12-22 04:31:57 +03:00
|
|
|
blkid = dbuf_whichblock(dn, 0, offset);
|
2009-07-03 02:44:48 +04:00
|
|
|
VERIFY((db = dbuf_hold(dn, blkid, FTAG)) != NULL);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
|
2014-09-13 18:02:18 +04:00
|
|
|
/*
|
|
|
|
* We can only assign if the offset is aligned, the arc buf is the
|
2016-07-11 20:45:52 +03:00
|
|
|
* same size as the dbuf, and the dbuf is not metadata.
|
2014-09-13 18:02:18 +04:00
|
|
|
*/
|
2016-07-11 20:45:52 +03:00
|
|
|
if (offset == db->db.db_offset && blksz == db->db.db_size) {
|
2009-07-03 02:44:48 +04:00
|
|
|
dbuf_assign_arcbuf(db, buf, tx);
|
|
|
|
dbuf_rele(db, FTAG);
|
|
|
|
} else {
|
2016-07-11 20:45:52 +03:00
|
|
|
/* compressed bufs must always be assignable to their dbuf */
|
|
|
|
ASSERT3U(arc_get_compression(buf), ==, ZIO_COMPRESS_OFF);
|
2016-07-14 00:17:41 +03:00
|
|
|
ASSERT(!(buf->b_flags & ARC_BUF_FLAG_COMPRESSED));
|
2016-07-11 20:45:52 +03:00
|
|
|
|
2009-07-03 02:44:48 +04:00
|
|
|
dbuf_rele(db, FTAG);
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_write(os, object, offset, blksz, buf->b_data, tx);
|
2009-07-03 02:44:48 +04:00
|
|
|
dmu_return_arcbuf(buf);
|
2010-05-29 00:45:14 +04:00
|
|
|
XUIOSTAT_BUMP(xuiostat_wbuf_copied);
|
2009-07-03 02:44:48 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-28 18:49:13 +03:00
|
|
|
void
|
|
|
|
dmu_assign_arcbuf_by_dbuf(dmu_buf_t *handle, uint64_t offset, arc_buf_t *buf,
|
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *dbuf = (dmu_buf_impl_t *)handle;
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(dbuf);
|
|
|
|
dmu_assign_arcbuf_by_dnode(DB_DNODE(dbuf), offset, buf, tx);
|
|
|
|
DB_DNODE_EXIT(dbuf);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
typedef struct {
|
2010-05-29 00:45:14 +04:00
|
|
|
dbuf_dirty_record_t *dsa_dr;
|
|
|
|
dmu_sync_cb_t *dsa_done;
|
|
|
|
zgd_t *dsa_zgd;
|
|
|
|
dmu_tx_t *dsa_tx;
|
2008-11-20 23:01:55 +03:00
|
|
|
} dmu_sync_arg_t;
|
|
|
|
|
2008-12-03 23:09:06 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static void
|
|
|
|
dmu_sync_ready(zio_t *zio, arc_buf_t *buf, void *varg)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_sync_arg_t *dsa = varg;
|
|
|
|
dmu_buf_t *db = dsa->dsa_zgd->zgd_db;
|
2008-12-03 23:09:06 +03:00
|
|
|
blkptr_t *bp = zio->io_bp;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zio->io_error == 0) {
|
|
|
|
if (BP_IS_HOLE(bp)) {
|
|
|
|
/*
|
|
|
|
* A block of zeros may compress to a hole, but the
|
|
|
|
* block size still needs to be known for replay.
|
|
|
|
*/
|
|
|
|
BP_SET_LSIZE(bp, db->db_size);
|
2014-06-06 01:19:08 +04:00
|
|
|
} else if (!BP_IS_EMBEDDED(bp)) {
|
2010-05-29 00:45:14 +04:00
|
|
|
ASSERT(BP_GET_LEVEL(bp) == 0);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
BP_SET_FILL(bp, 1);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
2008-12-03 23:09:06 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
static void
|
|
|
|
dmu_sync_late_arrival_ready(zio_t *zio)
|
|
|
|
{
|
|
|
|
dmu_sync_ready(zio, NULL, zio->io_private);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
static void
|
|
|
|
dmu_sync_done(zio_t *zio, arc_buf_t *buf, void *varg)
|
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_sync_arg_t *dsa = varg;
|
|
|
|
dbuf_dirty_record_t *dr = dsa->dsa_dr;
|
2008-11-20 23:01:55 +03:00
|
|
|
dmu_buf_impl_t *db = dr->dr_dbuf;
|
|
|
|
|
|
|
|
mutex_enter(&db->db_mtx);
|
|
|
|
ASSERT(dr->dt.dl.dr_override_state == DR_IN_DMU_SYNC);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (zio->io_error == 0) {
|
2013-05-10 23:47:54 +04:00
|
|
|
dr->dt.dl.dr_nopwrite = !!(zio->io_flags & ZIO_FLAG_NOPWRITE);
|
|
|
|
if (dr->dt.dl.dr_nopwrite) {
|
2017-04-14 22:59:18 +03:00
|
|
|
blkptr_t *bp = zio->io_bp;
|
|
|
|
blkptr_t *bp_orig = &zio->io_bp_orig;
|
|
|
|
uint8_t chksum = BP_GET_CHECKSUM(bp_orig);
|
2013-05-10 23:47:54 +04:00
|
|
|
|
|
|
|
ASSERT(BP_EQUAL(bp, bp_orig));
|
2017-04-14 22:59:18 +03:00
|
|
|
VERIFY(BP_EQUAL(bp, db->db_blkptr));
|
2013-05-10 23:47:54 +04:00
|
|
|
ASSERT(zio->io_prop.zp_compress != ZIO_COMPRESS_OFF);
|
2017-04-14 22:59:18 +03:00
|
|
|
VERIFY(zio_checksum_table[chksum].ci_flags &
|
2016-06-16 01:47:05 +03:00
|
|
|
ZCHECKSUM_FLAG_NOPWRITE);
|
2013-05-10 23:47:54 +04:00
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
dr->dt.dl.dr_overridden_by = *zio->io_bp;
|
|
|
|
dr->dt.dl.dr_override_state = DR_OVERRIDDEN;
|
|
|
|
dr->dt.dl.dr_copies = zio->io_prop.zp_copies;
|
2015-03-27 05:03:22 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Old style holes are filled with all zeros, whereas
|
|
|
|
* new-style holes maintain their lsize, type, level,
|
|
|
|
* and birth time (see zio_write_compress). While we
|
|
|
|
* need to reset the BP_SET_LSIZE() call that happened
|
|
|
|
* in dmu_sync_ready for old style holes, we do *not*
|
|
|
|
* want to wipe out the information contained in new
|
|
|
|
* style holes. Thus, only zero out the block pointer if
|
|
|
|
* it's an old style hole.
|
|
|
|
*/
|
|
|
|
if (BP_IS_HOLE(&dr->dt.dl.dr_overridden_by) &&
|
|
|
|
dr->dt.dl.dr_overridden_by.blk_birth == 0)
|
2010-05-29 00:45:14 +04:00
|
|
|
BP_ZERO(&dr->dt.dl.dr_overridden_by);
|
|
|
|
} else {
|
|
|
|
dr->dt.dl.dr_override_state = DR_NOT_OVERRIDDEN;
|
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
cv_broadcast(&db->db_changed);
|
|
|
|
mutex_exit(&db->db_mtx);
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
dsa->dsa_done(dsa->dsa_zgd, zio->io_error);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
kmem_free(dsa, sizeof (*dsa));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dmu_sync_late_arrival_done(zio_t *zio)
|
|
|
|
{
|
|
|
|
blkptr_t *bp = zio->io_bp;
|
|
|
|
dmu_sync_arg_t *dsa = zio->io_private;
|
2013-05-10 23:47:54 +04:00
|
|
|
ASSERTV(blkptr_t *bp_orig = &zio->io_bp_orig);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (zio->io_error == 0 && !BP_IS_HOLE(bp)) {
|
2017-04-14 22:59:18 +03:00
|
|
|
ASSERT(!(zio->io_flags & ZIO_FLAG_NOPWRITE));
|
|
|
|
ASSERT(BP_IS_HOLE(bp_orig) || !BP_EQUAL(bp, bp_orig));
|
|
|
|
ASSERT(zio->io_bp->blk_birth == zio->io_txg);
|
|
|
|
ASSERT(zio->io_txg > spa_syncing_txg(zio->io_spa));
|
|
|
|
zio_free(zio->io_spa, zio->io_txg, zio->io_bp);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
dmu_tx_commit(dsa->dsa_tx);
|
|
|
|
|
|
|
|
dsa->dsa_done(dsa->dsa_zgd, zio->io_error);
|
|
|
|
|
2016-07-22 18:52:49 +03:00
|
|
|
abd_put(zio->io_abd);
|
2010-05-29 00:45:14 +04:00
|
|
|
kmem_free(dsa, sizeof (*dsa));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
dmu_sync_late_arrival(zio_t *pio, objset_t *os, dmu_sync_cb_t *done, zgd_t *zgd,
|
2014-06-25 22:37:59 +04:00
|
|
|
zio_prop_t *zp, zbookmark_phys_t *zb)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
dmu_sync_arg_t *dsa;
|
|
|
|
dmu_tx_t *tx;
|
|
|
|
|
|
|
|
tx = dmu_tx_create(os);
|
|
|
|
dmu_tx_hold_space(tx, zgd->zgd_db->db_size);
|
|
|
|
if (dmu_tx_assign(tx, TXG_WAIT) != 0) {
|
|
|
|
dmu_tx_abort(tx);
|
2013-03-08 22:41:28 +04:00
|
|
|
/* Make zl_get_data do txg_waited_synced() */
|
|
|
|
return (SET_ERROR(EIO));
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
OpenZFS 8585 - improve batching done in zil_commit()
Authored by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Brad Lewis <brad.lewis@delphix.com>
Reviewed by: Matt Ahrens <mahrens@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Dan McDonald <danmcd@joyent.com>
Ported-by: Prakash Surya <prakash.surya@delphix.com>
Problem
=======
The current implementation of zil_commit() can introduce significant
latency, beyond what is inherent due to the latency of the underlying
storage. The additional latency comes from two main problems:
1. When there's outstanding ZIL blocks being written (i.e. there's
already a "writer thread" in progress), then any new calls to
zil_commit() will block waiting for the currently oustanding ZIL
blocks to complete. The blocks written for each "writer thread" is
coined a "batch", and there can only ever be a single "batch" being
written at a time. When a batch is being written, any new ZIL
transactions will have to wait for the next batch to be written,
which won't occur until the current batch finishes.
As a result, the underlying storage may not be used as efficiently
as possible. While "new" threads enter zil_commit() and are blocked
waiting for the next batch, it's possible that the underlying
storage isn't fully utilized by the current batch of ZIL blocks. In
that case, it'd be better to allow these new threads to generate
(and issue) a new ZIL block, such that it could be serviced by the
underlying storage concurrently with the other ZIL blocks that are
being serviced.
2. Any call to zil_commit() must wait for all ZIL blocks in its "batch"
to complete, prior to zil_commit() returning. The size of any given
batch is proportional to the number of ZIL transaction in the queue
at the time that the batch starts processing the queue; which
doesn't occur until the previous batch completes. Thus, if there's a
lot of transactions in the queue, the batch could be composed of
many ZIL blocks, and each call to zil_commit() will have to wait for
all of these writes to complete (even if the thread calling
zil_commit() only cared about one of the transactions in the batch).
To further complicate the situation, these two issues result in the
following side effect:
3. If a given batch takes longer to complete than normal, this results
in larger batch sizes, which then take longer to complete and
further drive up the latency of zil_commit(). This can occur for a
number of reasons, including (but not limited to): transient changes
in the workload, and storage latency irregularites.
Solution
========
The solution attempted by this change has the following goals:
1. no on-disk changes; maintain current on-disk format.
2. modify the "batch size" to be equal to the "ZIL block size".
3. allow new batches to be generated and issued to disk, while there's
already batches being serviced by the disk.
4. allow zil_commit() to wait for as few ZIL blocks as possible.
5. use as few ZIL blocks as possible, for the same amount of ZIL
transactions, without introducing significant latency to any
individual ZIL transaction. i.e. use fewer, but larger, ZIL blocks.
In theory, with these goals met, the new allgorithm will allow the
following improvements:
1. new ZIL blocks can be generated and issued, while there's already
oustanding ZIL blocks being serviced by the storage.
2. the latency of zil_commit() should be proportional to the underlying
storage latency, rather than the incoming synchronous workload.
Porting Notes
=============
Due to the changes made in commit 119a394ab0, the lifetime of an itx
structure differs than in OpenZFS. Specifically, the itx structure is
kept around until the data associated with the itx is considered to be
safe on disk; this is so that the itx's callback can be called after the
data is committed to stable storage. Since OpenZFS doesn't have this itx
callback mechanism, it's able to destroy the itx structure immediately
after the itx is committed to an lwb (before the lwb is written to
disk).
To support this difference, and to ensure the itx's callbacks can still
be called after the itx's data is on disk, a few changes had to be made:
* A list of itxs was added to the lwb structure. This list contains
all of the itxs that have been committed to the lwb, such that the
callbacks for these itxs can be called from zil_lwb_flush_vdevs_done(),
after the data for the itxs is committed to disk.
* A list of itxs was added on the stack of the zil_process_commit_list()
function; the "nolwb_itxs" list. In some circumstances, an itx may
not be committed to an lwb (e.g. if allocating the "next" ZIL block
on disk fails), so this list is used to keep track of which itxs
fall into this state, such that their callbacks can be called after
the ZIL's writer pipeline is "stalled".
* The logic to actually call the itx's callback was moved into the
zil_itx_destroy() function. Since all consumers of zil_itx_destroy()
were effectively performing the same logic (i.e. if callback is
non-null, call the callback), it seemed like useful code cleanup to
consolidate this logic into a single function.
Additionally, the existing Linux tracepoint infrastructure dealing with
the ZIL's probes and structures had to be updated to reflect these code
changes. Specifically:
* The "zil__cw1" and "zil__cw2" probes were removed, so they had to be
removed from "trace_zil.h" as well.
* Some of the zilog structure's fields were removed, which affected
the tracepoint definitions of the structure.
* New tracepoints had to be added for the following 3 new probes:
* zil__process__commit__itx
* zil__process__normal__itx
* zil__commit__io__error
OpenZFS-issue: https://www.illumos.org/issues/8585
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/5d95a3a
Closes #6566
2017-12-05 20:39:16 +03:00
|
|
|
/*
|
|
|
|
* In order to prevent the zgd's lwb from being free'd prior to
|
|
|
|
* dmu_sync_late_arrival_done() being called, we have to ensure
|
|
|
|
* the lwb's "max txg" takes this tx's txg into account.
|
|
|
|
*/
|
|
|
|
zil_lwb_add_txg(zgd->zgd_lwb, dmu_tx_get_txg(tx));
|
|
|
|
|
2014-11-21 03:09:39 +03:00
|
|
|
dsa = kmem_alloc(sizeof (dmu_sync_arg_t), KM_SLEEP);
|
2010-05-29 00:45:14 +04:00
|
|
|
dsa->dsa_dr = NULL;
|
|
|
|
dsa->dsa_done = done;
|
|
|
|
dsa->dsa_zgd = zgd;
|
|
|
|
dsa->dsa_tx = tx;
|
|
|
|
|
2017-04-14 22:59:18 +03:00
|
|
|
/*
|
|
|
|
* Since we are currently syncing this txg, it's nontrivial to
|
|
|
|
* determine what BP to nopwrite against, so we disable nopwrite.
|
|
|
|
*
|
|
|
|
* When syncing, the db_blkptr is initially the BP of the previous
|
|
|
|
* txg. We can not nopwrite against it because it will be changed
|
|
|
|
* (this is similar to the non-late-arrival case where the dbuf is
|
|
|
|
* dirty in a future txg).
|
|
|
|
*
|
|
|
|
* Then dbuf_write_ready() sets bp_blkptr to the location we will write.
|
|
|
|
* We can not nopwrite against it because although the BP will not
|
|
|
|
* (typically) be changed, the data has not yet been persisted to this
|
|
|
|
* location.
|
|
|
|
*
|
|
|
|
* Finally, when dbuf_write_done() is called, it is theoretically
|
|
|
|
* possible to always nopwrite, because the data that was written in
|
|
|
|
* this txg is the same data that we are trying to write. However we
|
|
|
|
* would need to check that this dbuf is not dirty in any future
|
|
|
|
* txg's (as we do in the normal dmu_sync() path). For simplicity, we
|
|
|
|
* don't nopwrite in this case.
|
|
|
|
*/
|
|
|
|
zp->zp_nopwrite = B_FALSE;
|
|
|
|
|
2016-07-22 18:52:49 +03:00
|
|
|
zio_nowait(zio_write(pio, os->os_spa, dmu_tx_get_txg(tx), zgd->zgd_bp,
|
|
|
|
abd_get_from_buf(zgd->zgd_db->db_data, zgd->zgd_db->db_size),
|
|
|
|
zgd->zgd_db->db_size, zgd->zgd_db->db_size, zp,
|
|
|
|
dmu_sync_late_arrival_ready, NULL, NULL, dmu_sync_late_arrival_done,
|
|
|
|
dsa, ZIO_PRIORITY_SYNC_WRITE, ZIO_FLAG_CANFAIL, zb));
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
return (0);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Intent log support: sync the block associated with db to disk.
|
|
|
|
* N.B. and XXX: the caller is responsible for making sure that the
|
|
|
|
* data isn't changing while dmu_sync() is writing it.
|
|
|
|
*
|
|
|
|
* Return values:
|
|
|
|
*
|
2013-05-10 23:47:54 +04:00
|
|
|
* EEXIST: this txg has already been synced, so there's nothing to do.
|
2008-11-20 23:01:55 +03:00
|
|
|
* The caller should not log the write.
|
|
|
|
*
|
|
|
|
* ENOENT: the block was dbuf_free_range()'d, so there's nothing to do.
|
|
|
|
* The caller should not log the write.
|
|
|
|
*
|
|
|
|
* EALREADY: this block is already in the process of being synced.
|
|
|
|
* The caller should track its progress (somehow).
|
|
|
|
*
|
2010-05-29 00:45:14 +04:00
|
|
|
* EIO: could not do the I/O.
|
|
|
|
* The caller should do a txg_wait_synced().
|
2008-11-20 23:01:55 +03:00
|
|
|
*
|
2010-05-29 00:45:14 +04:00
|
|
|
* 0: the I/O has been initiated.
|
|
|
|
* The caller should log this blkptr in the done callback.
|
|
|
|
* It is possible that the I/O will fail, in which case
|
|
|
|
* the error will be reported to the done callback and
|
|
|
|
* propagated to pio from zio_done().
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
|
|
|
int
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_sync(zio_t *pio, uint64_t txg, dmu_sync_cb_t *done, zgd_t *zgd)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)zgd->zgd_db;
|
|
|
|
objset_t *os = db->db_objset;
|
|
|
|
dsl_dataset_t *ds = os->os_dsl_dataset;
|
2008-11-20 23:01:55 +03:00
|
|
|
dbuf_dirty_record_t *dr;
|
2010-05-29 00:45:14 +04:00
|
|
|
dmu_sync_arg_t *dsa;
|
2014-06-25 22:37:59 +04:00
|
|
|
zbookmark_phys_t zb;
|
2010-05-29 00:45:14 +04:00
|
|
|
zio_prop_t zp;
|
2010-08-27 01:24:34 +04:00
|
|
|
dnode_t *dn;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
ASSERT(pio != NULL);
|
2008-11-20 23:01:55 +03:00
|
|
|
ASSERT(txg != 0);
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
SET_BOOKMARK(&zb, ds->ds_object,
|
|
|
|
db->db.db_object, db->db_level, db->db_blkid);
|
|
|
|
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
2017-03-23 19:07:27 +03:00
|
|
|
dmu_write_policy(os, dn, db->db_level, WP_DMU_SYNC, &zp);
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_EXIT(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* If we're frozen (running ziltest), we always need to generate a bp.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
if (txg > spa_freeze_txg(os->os_spa))
|
|
|
|
return (dmu_sync_late_arrival(pio, os, done, zgd, &zp, &zb));
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* Grabbing db_mtx now provides a barrier between dbuf_sync_leaf()
|
|
|
|
* and us. If we determine that this txg is not yet syncing,
|
|
|
|
* but it begins to sync a moment later, that's OK because the
|
|
|
|
* sync thread will block in dbuf_sync_leaf() until we drop db_mtx.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
mutex_enter(&db->db_mtx);
|
|
|
|
|
|
|
|
if (txg <= spa_last_synced_txg(os->os_spa)) {
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* This txg has already synced. There's nothing to do.
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2010-05-29 00:45:14 +04:00
|
|
|
mutex_exit(&db->db_mtx);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EEXIST));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
if (txg <= spa_syncing_txg(os->os_spa)) {
|
|
|
|
/*
|
|
|
|
* This txg is currently syncing, so we can't mess with
|
|
|
|
* the dirty record anymore; just write a new log block.
|
|
|
|
*/
|
|
|
|
mutex_exit(&db->db_mtx);
|
|
|
|
return (dmu_sync_late_arrival(pio, os, done, zgd, &zp, &zb));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
dr = db->db_last_dirty;
|
2010-05-29 00:45:14 +04:00
|
|
|
while (dr && dr->dr_txg != txg)
|
2008-11-20 23:01:55 +03:00
|
|
|
dr = dr->dr_next;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
if (dr == NULL) {
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* There's no dr for this dbuf, so it must have been freed.
|
2008-11-20 23:01:55 +03:00
|
|
|
* There's no need to log writes to freed blocks, so we're done.
|
|
|
|
*/
|
|
|
|
mutex_exit(&db->db_mtx);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOENT));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
ASSERT(dr->dr_next == NULL || dr->dr_next->dr_txg < txg);
|
|
|
|
|
2017-04-14 22:59:18 +03:00
|
|
|
if (db->db_blkptr != NULL) {
|
|
|
|
/*
|
|
|
|
* We need to fill in zgd_bp with the current blkptr so that
|
|
|
|
* the nopwrite code can check if we're writing the same
|
|
|
|
* data that's already on disk. We can only nopwrite if we
|
|
|
|
* are sure that after making the copy, db_blkptr will not
|
|
|
|
* change until our i/o completes. We ensure this by
|
|
|
|
* holding the db_mtx, and only allowing nopwrite if the
|
|
|
|
* block is not already dirty (see below). This is verified
|
|
|
|
* by dmu_sync_done(), which VERIFYs that the db_blkptr has
|
|
|
|
* not changed.
|
|
|
|
*/
|
|
|
|
*zgd->zgd_bp = *db->db_blkptr;
|
|
|
|
}
|
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
/*
|
2015-04-11 21:35:03 +03:00
|
|
|
* Assume the on-disk data is X, the current syncing data (in
|
|
|
|
* txg - 1) is Y, and the current in-memory data is Z (currently
|
|
|
|
* in dmu_sync).
|
|
|
|
*
|
|
|
|
* We usually want to perform a nopwrite if X and Z are the
|
|
|
|
* same. However, if Y is different (i.e. the BP is going to
|
|
|
|
* change before this write takes effect), then a nopwrite will
|
|
|
|
* be incorrect - we would override with X, which could have
|
|
|
|
* been freed when Y was written.
|
|
|
|
*
|
|
|
|
* (Note that this is not a concern when we are nop-writing from
|
|
|
|
* syncing context, because X and Y must be identical, because
|
|
|
|
* all previous txgs have been synced.)
|
|
|
|
*
|
|
|
|
* Therefore, we disable nopwrite if the current BP could change
|
|
|
|
* before this TXG. There are two ways it could change: by
|
|
|
|
* being dirty (dr_next is non-NULL), or by being freed
|
|
|
|
* (dnode_block_freed()). This behavior is verified by
|
|
|
|
* zio_done(), which VERIFYs that the override BP is identical
|
|
|
|
* to the on-disk BP.
|
2013-05-10 23:47:54 +04:00
|
|
|
*/
|
2015-04-11 21:35:03 +03:00
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
if (dr->dr_next != NULL || dnode_block_freed(dn, db->db_blkid))
|
2013-05-10 23:47:54 +04:00
|
|
|
zp.zp_nopwrite = B_FALSE;
|
2015-04-11 21:35:03 +03:00
|
|
|
DB_DNODE_EXIT(db);
|
2013-05-10 23:47:54 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
ASSERT(dr->dr_txg == txg);
|
2010-05-29 00:45:14 +04:00
|
|
|
if (dr->dt.dl.dr_override_state == DR_IN_DMU_SYNC ||
|
|
|
|
dr->dt.dl.dr_override_state == DR_OVERRIDDEN) {
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2010-05-29 00:45:14 +04:00
|
|
|
* We have already issued a sync write for this buffer,
|
|
|
|
* or this buffer has already been synced. It could not
|
2008-11-20 23:01:55 +03:00
|
|
|
* have been dirtied since, or we would have cleared the state.
|
|
|
|
*/
|
|
|
|
mutex_exit(&db->db_mtx);
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EALREADY));
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
ASSERT(dr->dt.dl.dr_override_state == DR_NOT_OVERRIDDEN);
|
2008-11-20 23:01:55 +03:00
|
|
|
dr->dt.dl.dr_override_state = DR_IN_DMU_SYNC;
|
|
|
|
mutex_exit(&db->db_mtx);
|
|
|
|
|
2014-11-21 03:09:39 +03:00
|
|
|
dsa = kmem_alloc(sizeof (dmu_sync_arg_t), KM_SLEEP);
|
2010-05-29 00:45:14 +04:00
|
|
|
dsa->dsa_dr = dr;
|
|
|
|
dsa->dsa_done = done;
|
|
|
|
dsa->dsa_zgd = zgd;
|
|
|
|
dsa->dsa_tx = NULL;
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
zio_nowait(arc_write(pio, os->os_spa, txg,
|
2017-04-14 22:59:18 +03:00
|
|
|
zgd->zgd_bp, dr->dt.dl.dr_data, DBUF_IS_L2CACHEABLE(db),
|
2016-06-02 07:04:53 +03:00
|
|
|
&zp, dmu_sync_ready, NULL, NULL, dmu_sync_done, dsa,
|
2016-05-15 18:02:28 +03:00
|
|
|
ZIO_PRIORITY_SYNC_WRITE, ZIO_FLAG_CANFAIL, &zb));
|
2008-12-03 23:09:06 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
return (0);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
int
|
|
|
|
dmu_object_set_nlevels(objset_t *os, uint64_t object, int nlevels, dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
err = dnode_set_nlevels(dn, nlevels, tx);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
|
|
|
dmu_object_set_blocksize(objset_t *os, uint64_t object, uint64_t size, int ibs,
|
2017-01-21 00:17:55 +03:00
|
|
|
dmu_tx_t *tx)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
err = dnode_set_blksz(dn, size, ibs, tx);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2017-11-08 22:12:59 +03:00
|
|
|
int
|
|
|
|
dmu_object_set_maxblkid(objset_t *os, uint64_t object, uint64_t maxblkid,
|
|
|
|
dmu_tx_t *tx)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_WRITER);
|
|
|
|
dnode_new_blkid(dn, maxblkid, tx, B_FALSE);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
void
|
|
|
|
dmu_object_set_checksum(objset_t *os, uint64_t object, uint8_t checksum,
|
2017-01-21 00:17:55 +03:00
|
|
|
dmu_tx_t *tx)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
|
2014-06-06 01:19:08 +04:00
|
|
|
/*
|
|
|
|
* Send streams include each object's checksum function. This
|
|
|
|
* check ensures that the receiving system can understand the
|
|
|
|
* checksum function transmitted.
|
|
|
|
*/
|
|
|
|
ASSERT3U(checksum, <, ZIO_CHECKSUM_LEGACY_FUNCTIONS);
|
|
|
|
|
|
|
|
VERIFY0(dnode_hold(os, object, FTAG, &dn));
|
|
|
|
ASSERT3U(checksum, <, ZIO_CHECKSUM_FUNCTIONS);
|
2008-11-20 23:01:55 +03:00
|
|
|
dn->dn_checksum = checksum;
|
|
|
|
dnode_setdirty(dn, tx);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_object_set_compress(objset_t *os, uint64_t object, uint8_t compress,
|
2017-01-21 00:17:55 +03:00
|
|
|
dmu_tx_t *tx)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
|
2014-06-06 01:19:08 +04:00
|
|
|
/*
|
|
|
|
* Send streams include each object's compression function. This
|
|
|
|
* check ensures that the receiving system can understand the
|
|
|
|
* compression function transmitted.
|
|
|
|
*/
|
|
|
|
ASSERT3U(compress, <, ZIO_COMPRESS_LEGACY_FUNCTIONS);
|
|
|
|
|
|
|
|
VERIFY0(dnode_hold(os, object, FTAG, &dn));
|
2008-11-20 23:01:55 +03:00
|
|
|
dn->dn_compress = compress;
|
|
|
|
dnode_setdirty(dn, tx);
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
}
|
|
|
|
|
2014-05-23 20:21:07 +04:00
|
|
|
/*
|
|
|
|
* When the "redundant_metadata" property is set to "most", only indirect
|
|
|
|
* blocks of this level and higher will have an additional ditto block.
|
|
|
|
*/
|
|
|
|
int zfs_redundant_metadata_most_ditto_level = 2;
|
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
void
|
2017-03-23 19:07:27 +03:00
|
|
|
dmu_write_policy(objset_t *os, dnode_t *dn, int level, int wp, zio_prop_t *zp)
|
2010-05-29 00:45:14 +04:00
|
|
|
{
|
|
|
|
dmu_object_type_t type = dn ? dn->dn_type : DMU_OT_OBJSET;
|
2012-12-14 03:24:15 +04:00
|
|
|
boolean_t ismd = (level > 0 || DMU_OT_IS_METADATA(type) ||
|
2010-08-27 01:24:34 +04:00
|
|
|
(wp & WP_SPILL));
|
2010-05-29 00:45:14 +04:00
|
|
|
enum zio_checksum checksum = os->os_checksum;
|
|
|
|
enum zio_compress compress = os->os_compress;
|
|
|
|
enum zio_checksum dedup_checksum = os->os_dedup_checksum;
|
2013-05-10 23:47:54 +04:00
|
|
|
boolean_t dedup = B_FALSE;
|
|
|
|
boolean_t nopwrite = B_FALSE;
|
2010-05-29 00:45:14 +04:00
|
|
|
boolean_t dedup_verify = os->os_dedup_verify;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
boolean_t encrypt = B_FALSE;
|
2010-05-29 00:45:14 +04:00
|
|
|
int copies = os->os_copies;
|
2017-04-12 00:56:54 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
2013-05-10 23:47:54 +04:00
|
|
|
* We maintain different write policies for each of the following
|
|
|
|
* types of data:
|
|
|
|
* 1. metadata
|
|
|
|
* 2. preallocated blocks (i.e. level-0 blocks of a dump device)
|
|
|
|
* 3. all other level 0 blocks
|
2010-05-29 00:45:14 +04:00
|
|
|
*/
|
|
|
|
if (ismd) {
|
2018-02-21 23:28:52 +03:00
|
|
|
/*
|
|
|
|
* XXX -- we should design a compression algorithm
|
|
|
|
* that specializes in arrays of bps.
|
|
|
|
*/
|
|
|
|
compress = zio_compress_select(os->os_spa,
|
|
|
|
ZIO_COMPRESS_ON, ZIO_COMPRESS_ON);
|
2013-05-10 23:47:54 +04:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
/*
|
|
|
|
* Metadata always gets checksummed. If the data
|
|
|
|
* checksum is multi-bit correctable, and it's not a
|
|
|
|
* ZBT-style checksum, then it's suitable for metadata
|
|
|
|
* as well. Otherwise, the metadata checksum defaults
|
|
|
|
* to fletcher4.
|
|
|
|
*/
|
2016-06-16 01:47:05 +03:00
|
|
|
if (!(zio_checksum_table[checksum].ci_flags &
|
|
|
|
ZCHECKSUM_FLAG_METADATA) ||
|
|
|
|
(zio_checksum_table[checksum].ci_flags &
|
|
|
|
ZCHECKSUM_FLAG_EMBEDDED))
|
2010-05-29 00:45:14 +04:00
|
|
|
checksum = ZIO_CHECKSUM_FLETCHER_4;
|
2014-05-23 20:21:07 +04:00
|
|
|
|
|
|
|
if (os->os_redundant_metadata == ZFS_REDUNDANT_METADATA_ALL ||
|
|
|
|
(os->os_redundant_metadata ==
|
|
|
|
ZFS_REDUNDANT_METADATA_MOST &&
|
|
|
|
(level >= zfs_redundant_metadata_most_ditto_level ||
|
|
|
|
DMU_OT_IS_METADATA(type) || (wp & WP_SPILL))))
|
|
|
|
copies++;
|
2013-05-10 23:47:54 +04:00
|
|
|
} else if (wp & WP_NOFILL) {
|
|
|
|
ASSERT(level == 0);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
|
|
|
/*
|
2013-05-10 23:47:54 +04:00
|
|
|
* If we're writing preallocated blocks, we aren't actually
|
|
|
|
* writing them so don't set any policy properties. These
|
|
|
|
* blocks are currently only used by an external subsystem
|
|
|
|
* outside of zfs (i.e. dump) and not written by the zio
|
|
|
|
* pipeline.
|
2010-05-29 00:45:14 +04:00
|
|
|
*/
|
2013-05-10 23:47:54 +04:00
|
|
|
compress = ZIO_COMPRESS_OFF;
|
|
|
|
checksum = ZIO_CHECKSUM_OFF;
|
2010-05-29 00:45:14 +04:00
|
|
|
} else {
|
2015-07-06 04:55:32 +03:00
|
|
|
compress = zio_compress_select(os->os_spa, dn->dn_compress,
|
|
|
|
compress);
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
checksum = (dedup_checksum == ZIO_CHECKSUM_OFF) ?
|
|
|
|
zio_checksum_select(dn->dn_checksum, checksum) :
|
|
|
|
dedup_checksum;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
/*
|
|
|
|
* Determine dedup setting. If we are in dmu_sync(),
|
|
|
|
* we won't actually dedup now because that's all
|
|
|
|
* done in syncing context; but we do want to use the
|
|
|
|
* dedup checkum. If the checksum is not strong
|
|
|
|
* enough to ensure unique signatures, force
|
|
|
|
* dedup_verify.
|
|
|
|
*/
|
|
|
|
if (dedup_checksum != ZIO_CHECKSUM_OFF) {
|
|
|
|
dedup = (wp & WP_DMU_SYNC) ? B_FALSE : B_TRUE;
|
2016-06-16 01:47:05 +03:00
|
|
|
if (!(zio_checksum_table[checksum].ci_flags &
|
|
|
|
ZCHECKSUM_FLAG_DEDUP))
|
2013-05-10 23:47:54 +04:00
|
|
|
dedup_verify = B_TRUE;
|
|
|
|
}
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2013-05-10 23:47:54 +04:00
|
|
|
/*
|
2016-06-16 01:47:05 +03:00
|
|
|
* Enable nopwrite if we have secure enough checksum
|
|
|
|
* algorithm (see comment in zio_nop_write) and
|
|
|
|
* compression is enabled. We don't enable nopwrite if
|
|
|
|
* dedup is enabled as the two features are mutually
|
|
|
|
* exclusive.
|
2013-05-10 23:47:54 +04:00
|
|
|
*/
|
2016-06-16 01:47:05 +03:00
|
|
|
nopwrite = (!dedup && (zio_checksum_table[checksum].ci_flags &
|
|
|
|
ZCHECKSUM_FLAG_NOPWRITE) &&
|
2013-05-10 23:47:54 +04:00
|
|
|
compress != ZIO_COMPRESS_OFF && zfs_nopwrite_enabled);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
/*
|
|
|
|
* All objects in an encrypted objset are protected from modification
|
|
|
|
* via a MAC. Encrypted objects store their IV and salt in the last DVA
|
|
|
|
* in the bp, so we cannot use all copies. Encrypted objects are also
|
|
|
|
* not subject to nopwrite since writing the same data will still
|
|
|
|
* result in a new ciphertext. Only encrypted blocks can be dedup'd
|
|
|
|
* to avoid ambiguity in the dedup code since the DDT does not store
|
|
|
|
* object types.
|
|
|
|
*/
|
|
|
|
if (os->os_encrypted && (wp & WP_NOFILL) == 0) {
|
|
|
|
encrypt = B_TRUE;
|
|
|
|
|
|
|
|
if (DMU_OT_IS_ENCRYPTED(type)) {
|
|
|
|
copies = MIN(copies, SPA_DVAS_PER_BP - 1);
|
|
|
|
nopwrite = B_FALSE;
|
|
|
|
} else {
|
|
|
|
dedup = B_FALSE;
|
|
|
|
}
|
|
|
|
|
2017-11-08 22:12:59 +03:00
|
|
|
if (level <= 0 &&
|
|
|
|
(type == DMU_OT_DNODE || type == DMU_OT_OBJSET)) {
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
compress = ZIO_COMPRESS_EMPTY;
|
2017-11-08 22:12:59 +03:00
|
|
|
}
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
}
|
2016-07-11 20:45:52 +03:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zp->zp_compress = compress;
|
|
|
|
zp->zp_checksum = checksum;
|
2010-05-29 00:45:14 +04:00
|
|
|
zp->zp_type = (wp & WP_SPILL) ? dn->dn_bonustype : type;
|
|
|
|
zp->zp_level = level;
|
2014-05-23 20:21:07 +04:00
|
|
|
zp->zp_copies = MIN(copies, spa_max_replication(os->os_spa));
|
2010-05-29 00:45:14 +04:00
|
|
|
zp->zp_dedup = dedup;
|
|
|
|
zp->zp_dedup_verify = dedup && dedup_verify;
|
2013-05-10 23:47:54 +04:00
|
|
|
zp->zp_nopwrite = nopwrite;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
zp->zp_encrypt = encrypt;
|
|
|
|
zp->zp_byteorder = ZFS_HOST_BYTEORDER;
|
|
|
|
bzero(zp->zp_salt, ZIO_DATA_SALT_LEN);
|
|
|
|
bzero(zp->zp_iv, ZIO_DATA_IV_LEN);
|
|
|
|
bzero(zp->zp_mac, ZIO_DATA_MAC_LEN);
|
2018-09-06 04:33:36 +03:00
|
|
|
zp->zp_zpl_smallblk = DMU_OT_IS_FILE(zp->zp_type) ?
|
|
|
|
os->os_zpl_special_smallblock : 0;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
|
|
|
|
ASSERT3U(zp->zp_compress, !=, ZIO_COMPRESS_INHERIT);
|
2010-05-29 00:45:14 +04:00
|
|
|
}
|
|
|
|
|
2017-03-25 00:28:38 +03:00
|
|
|
/*
|
|
|
|
* This function is only called from zfs_holey_common() for zpl_llseek()
|
|
|
|
* in order to determine the location of holes. In order to accurately
|
|
|
|
* report holes all dirty data must be synced to disk. This causes extremely
|
|
|
|
* poor performance when seeking for holes in a dirty file. As a compromise,
|
|
|
|
* only provide hole data when the dnode is clean. When a dnode is dirty
|
|
|
|
* report the dnode as having no holes which is always a safe thing to do.
|
|
|
|
*/
|
2008-11-20 23:01:55 +03:00
|
|
|
int
|
|
|
|
dmu_offset_next(objset_t *os, uint64_t object, boolean_t hole, uint64_t *off)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
|
|
|
int i, err;
|
2017-03-25 00:28:38 +03:00
|
|
|
boolean_t clean = B_TRUE;
|
2008-11-20 23:01:55 +03:00
|
|
|
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
2017-03-25 00:28:38 +03:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
/*
|
2017-03-25 00:28:38 +03:00
|
|
|
* Check if dnode is dirty
|
2008-11-20 23:01:55 +03:00
|
|
|
*/
|
2017-11-15 21:19:32 +03:00
|
|
|
for (i = 0; i < TXG_SIZE; i++) {
|
2018-04-10 21:15:05 +03:00
|
|
|
if (multilist_link_active(&dn->dn_dirty_link[i])) {
|
2017-11-15 21:19:32 +03:00
|
|
|
clean = B_FALSE;
|
|
|
|
break;
|
2017-03-25 00:28:38 +03:00
|
|
|
}
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2017-03-25 00:28:38 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If compatibility option is on, sync any current changes before
|
|
|
|
* we go trundling through the block pointers.
|
|
|
|
*/
|
|
|
|
if (!clean && zfs_dmu_offset_next_sync) {
|
|
|
|
clean = B_TRUE;
|
2008-11-20 23:01:55 +03:00
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
txg_wait_synced(dmu_objset_pool(os), 0);
|
2010-05-29 00:45:14 +04:00
|
|
|
err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
2017-03-25 00:28:38 +03:00
|
|
|
if (clean)
|
|
|
|
err = dnode_next_offset(dn,
|
|
|
|
(hole ? DNODE_FIND_HOLE : 0), off, 1, 1, 0);
|
|
|
|
else
|
|
|
|
err = SET_ERROR(EBUSY);
|
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
|
|
|
|
return (err);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2013-10-03 04:11:19 +04:00
|
|
|
__dmu_object_info_from_dnode(dnode_t *dn, dmu_object_info_t *doi)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2013-10-03 04:11:19 +04:00
|
|
|
dnode_phys_t *dnp = dn->dn_phys;
|
2010-05-29 00:45:14 +04:00
|
|
|
|
2008-11-20 23:01:55 +03:00
|
|
|
doi->doi_data_block_size = dn->dn_datablksz;
|
|
|
|
doi->doi_metadata_block_size = dn->dn_indblkshift ?
|
|
|
|
1ULL << dn->dn_indblkshift : 0;
|
2010-05-29 00:45:14 +04:00
|
|
|
doi->doi_type = dn->dn_type;
|
|
|
|
doi->doi_bonus_type = dn->dn_bonustype;
|
|
|
|
doi->doi_bonus_size = dn->dn_bonuslen;
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
doi->doi_dnodesize = dn->dn_num_slots << DNODE_SHIFT;
|
2008-11-20 23:01:55 +03:00
|
|
|
doi->doi_indirection = dn->dn_nlevels;
|
|
|
|
doi->doi_checksum = dn->dn_checksum;
|
|
|
|
doi->doi_compress = dn->dn_compress;
|
2014-09-12 07:28:35 +04:00
|
|
|
doi->doi_nblkptr = dn->dn_nblkptr;
|
2010-05-29 00:45:14 +04:00
|
|
|
doi->doi_physical_blocks_512 = (DN_USED_BYTES(dnp) + 256) >> 9;
|
2013-07-05 23:37:16 +04:00
|
|
|
doi->doi_max_offset = (dn->dn_maxblkid + 1) * dn->dn_datablksz;
|
2010-05-29 00:45:14 +04:00
|
|
|
doi->doi_fill_count = 0;
|
2017-11-04 23:25:13 +03:00
|
|
|
for (int i = 0; i < dnp->dn_nblkptr; i++)
|
2014-06-06 01:19:08 +04:00
|
|
|
doi->doi_fill_count += BP_GET_FILL(&dnp->dn_blkptr[i]);
|
2013-10-03 04:11:19 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_object_info_from_dnode(dnode_t *dn, dmu_object_info_t *doi)
|
|
|
|
{
|
|
|
|
rw_enter(&dn->dn_struct_rwlock, RW_READER);
|
|
|
|
mutex_enter(&dn->dn_mtx);
|
|
|
|
|
|
|
|
__dmu_object_info_from_dnode(dn, doi);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
mutex_exit(&dn->dn_mtx);
|
|
|
|
rw_exit(&dn->dn_struct_rwlock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get information on a DMU object.
|
|
|
|
* If doi is NULL, just indicates whether the object exists.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dmu_object_info(objset_t *os, uint64_t object, dmu_object_info_t *doi)
|
|
|
|
{
|
|
|
|
dnode_t *dn;
|
2010-05-29 00:45:14 +04:00
|
|
|
int err = dnode_hold(os, object, FTAG, &dn);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
if (err)
|
|
|
|
return (err);
|
|
|
|
|
|
|
|
if (doi != NULL)
|
|
|
|
dmu_object_info_from_dnode(dn, doi);
|
|
|
|
|
|
|
|
dnode_rele(dn, FTAG);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* As above, but faster; can be used when you have a held dbuf in hand.
|
|
|
|
*/
|
|
|
|
void
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_object_info_from_db(dmu_buf_t *db_fake, dmu_object_info_t *doi)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dmu_object_info_from_dnode(DB_DNODE(db), doi);
|
|
|
|
DB_DNODE_EXIT(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Faster still when you only care about the size.
|
|
|
|
* This is specifically optimized for zfs_getattr().
|
|
|
|
*/
|
|
|
|
void
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_object_size_from_db(dmu_buf_t *db_fake, uint32_t *blksize,
|
|
|
|
u_longlong_t *nblk512)
|
2008-11-20 23:01:55 +03:00
|
|
|
{
|
2010-08-27 01:24:34 +04:00
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
|
|
|
|
*blksize = dn->dn_datablksz;
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
/* add in number of slots used for the dnode itself */
|
2008-11-20 23:01:55 +03:00
|
|
|
*nblk512 = ((DN_USED_BYTES(dn->dn_phys) + SPA_MINBLOCKSIZE/2) >>
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
SPA_MINBLOCKSHIFT) + dn->dn_num_slots;
|
|
|
|
DB_DNODE_EXIT(db);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_object_dnsize_from_db(dmu_buf_t *db_fake, int *dnsize)
|
|
|
|
{
|
|
|
|
dmu_buf_impl_t *db = (dmu_buf_impl_t *)db_fake;
|
|
|
|
dnode_t *dn;
|
|
|
|
|
|
|
|
DB_DNODE_ENTER(db);
|
|
|
|
dn = DB_DNODE(db);
|
|
|
|
*dnsize = dn->dn_num_slots << DNODE_SHIFT;
|
2010-08-27 01:24:34 +04:00
|
|
|
DB_DNODE_EXIT(db);
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
byteswap_uint64_array(void *vbuf, size_t size)
|
|
|
|
{
|
|
|
|
uint64_t *buf = vbuf;
|
|
|
|
size_t count = size >> 3;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
ASSERT((size & 7) == 0);
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
buf[i] = BSWAP_64(buf[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
byteswap_uint32_array(void *vbuf, size_t size)
|
|
|
|
{
|
|
|
|
uint32_t *buf = vbuf;
|
|
|
|
size_t count = size >> 2;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
ASSERT((size & 3) == 0);
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
buf[i] = BSWAP_32(buf[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
byteswap_uint16_array(void *vbuf, size_t size)
|
|
|
|
{
|
|
|
|
uint16_t *buf = vbuf;
|
|
|
|
size_t count = size >> 1;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
ASSERT((size & 1) == 0);
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
buf[i] = BSWAP_16(buf[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
void
|
|
|
|
byteswap_uint8_array(void *vbuf, size_t size)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_init(void)
|
|
|
|
{
|
2016-07-22 18:52:49 +03:00
|
|
|
abd_init();
|
2010-05-29 00:45:14 +04:00
|
|
|
zfs_dbgmsg_init();
|
2010-08-27 01:24:34 +04:00
|
|
|
sa_cache_init();
|
|
|
|
xuio_stat_init();
|
|
|
|
dmu_objset_init();
|
2008-11-20 23:01:55 +03:00
|
|
|
dnode_init();
|
2010-05-29 00:45:14 +04:00
|
|
|
zfetch_init();
|
2012-01-20 22:58:57 +04:00
|
|
|
dmu_tx_init();
|
2008-11-20 23:01:55 +03:00
|
|
|
l2arc_init();
|
2012-12-15 04:13:40 +04:00
|
|
|
arc_init();
|
2016-06-02 07:04:53 +03:00
|
|
|
dbuf_init();
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dmu_fini(void)
|
|
|
|
{
|
2013-06-11 21:12:34 +04:00
|
|
|
arc_fini(); /* arc depends on l2arc, so arc must go first */
|
2012-12-15 04:13:40 +04:00
|
|
|
l2arc_fini();
|
2012-01-20 22:58:57 +04:00
|
|
|
dmu_tx_fini();
|
2010-05-29 00:45:14 +04:00
|
|
|
zfetch_fini();
|
2008-11-20 23:01:55 +03:00
|
|
|
dbuf_fini();
|
2010-08-27 01:24:34 +04:00
|
|
|
dnode_fini();
|
|
|
|
dmu_objset_fini();
|
2010-05-29 00:45:14 +04:00
|
|
|
xuio_stat_fini();
|
|
|
|
sa_cache_fini();
|
|
|
|
zfs_dbgmsg_fini();
|
2016-07-22 18:52:49 +03:00
|
|
|
abd_fini();
|
2008-11-20 23:01:55 +03:00
|
|
|
}
|
2010-08-26 22:49:16 +04:00
|
|
|
|
2018-02-16 04:53:18 +03:00
|
|
|
#if defined(_KERNEL)
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_bonus_hold);
|
2012-02-18 00:09:21 +04:00
|
|
|
EXPORT_SYMBOL(dmu_buf_hold_array_by_bonus);
|
|
|
|
EXPORT_SYMBOL(dmu_buf_rele_array);
|
2013-08-01 20:39:46 +04:00
|
|
|
EXPORT_SYMBOL(dmu_prefetch);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_free_range);
|
2013-08-01 20:39:46 +04:00
|
|
|
EXPORT_SYMBOL(dmu_free_long_range);
|
2013-08-21 08:11:52 +04:00
|
|
|
EXPORT_SYMBOL(dmu_free_long_object);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_read);
|
2017-01-14 01:58:41 +03:00
|
|
|
EXPORT_SYMBOL(dmu_read_by_dnode);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_write);
|
2017-01-14 01:58:41 +03:00
|
|
|
EXPORT_SYMBOL(dmu_write_by_dnode);
|
2013-08-01 20:39:46 +04:00
|
|
|
EXPORT_SYMBOL(dmu_prealloc);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_object_info);
|
|
|
|
EXPORT_SYMBOL(dmu_object_info_from_dnode);
|
|
|
|
EXPORT_SYMBOL(dmu_object_info_from_db);
|
|
|
|
EXPORT_SYMBOL(dmu_object_size_from_db);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 04:25:34 +03:00
|
|
|
EXPORT_SYMBOL(dmu_object_dnsize_from_db);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
EXPORT_SYMBOL(dmu_object_set_nlevels);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_object_set_blocksize);
|
2017-11-08 22:12:59 +03:00
|
|
|
EXPORT_SYMBOL(dmu_object_set_maxblkid);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_object_set_checksum);
|
|
|
|
EXPORT_SYMBOL(dmu_object_set_compress);
|
2013-08-01 20:39:46 +04:00
|
|
|
EXPORT_SYMBOL(dmu_write_policy);
|
|
|
|
EXPORT_SYMBOL(dmu_sync);
|
2012-02-10 23:53:09 +04:00
|
|
|
EXPORT_SYMBOL(dmu_request_arcbuf);
|
|
|
|
EXPORT_SYMBOL(dmu_return_arcbuf);
|
2017-09-28 18:49:13 +03:00
|
|
|
EXPORT_SYMBOL(dmu_assign_arcbuf_by_dnode);
|
|
|
|
EXPORT_SYMBOL(dmu_assign_arcbuf_by_dbuf);
|
2012-02-10 23:53:09 +04:00
|
|
|
EXPORT_SYMBOL(dmu_buf_hold);
|
2010-08-26 22:49:16 +04:00
|
|
|
EXPORT_SYMBOL(dmu_ot);
|
2012-04-28 03:20:31 +04:00
|
|
|
|
2017-02-07 20:44:03 +03:00
|
|
|
/* BEGIN CSTYLED */
|
2013-05-10 23:47:54 +04:00
|
|
|
module_param(zfs_nopwrite_enabled, int, 0644);
|
|
|
|
MODULE_PARM_DESC(zfs_nopwrite_enabled, "Enable NOP writes");
|
|
|
|
|
2017-02-07 20:44:03 +03:00
|
|
|
module_param(zfs_per_txg_dirty_frees_percent, ulong, 0644);
|
|
|
|
MODULE_PARM_DESC(zfs_per_txg_dirty_frees_percent,
|
|
|
|
"percentage of dirtied blocks from frees in one TXG");
|
2017-03-25 00:28:38 +03:00
|
|
|
|
|
|
|
module_param(zfs_dmu_offset_next_sync, int, 0644);
|
|
|
|
MODULE_PARM_DESC(zfs_dmu_offset_next_sync,
|
|
|
|
"Enable forcing txg sync to find holes");
|
|
|
|
|
2017-02-07 20:44:03 +03:00
|
|
|
/* END CSTYLED */
|
2017-03-25 00:28:38 +03:00
|
|
|
|
2010-08-26 22:49:16 +04:00
|
|
|
#endif
|