2013-09-04 16:00:57 +04:00
|
|
|
/*
|
|
|
|
|
* CDDL HEADER START
|
|
|
|
|
*
|
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
|
*
|
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
|
* and limitations under the License.
|
|
|
|
|
*
|
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
|
*
|
|
|
|
|
* CDDL HEADER END
|
|
|
|
|
*/
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
2015-07-24 19:53:55 +03:00
|
|
|
* Copyright (c) 2012, 2015 by Delphix. All rights reserved.
|
2013-05-25 06:06:23 +04:00
|
|
|
* Copyright (c) 2013 Steven Hartland. All rights reserved.
|
2015-04-01 16:07:48 +03:00
|
|
|
* Copyright (c) 2013 by Joyent, Inc. All rights reserved.
|
2014-03-22 13:07:14 +04:00
|
|
|
* Copyright (c) 2016 Actifio, Inc. All rights reserved.
|
2013-09-04 16:00:57 +04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <sys/zfs_context.h>
|
|
|
|
|
#include <sys/dsl_userhold.h>
|
|
|
|
|
#include <sys/dsl_dataset.h>
|
|
|
|
|
#include <sys/dsl_synctask.h>
|
|
|
|
|
#include <sys/dmu_tx.h>
|
|
|
|
|
#include <sys/dsl_pool.h>
|
|
|
|
|
#include <sys/dsl_dir.h>
|
|
|
|
|
#include <sys/dmu_traverse.h>
|
|
|
|
|
#include <sys/dsl_scan.h>
|
|
|
|
|
#include <sys/dmu_objset.h>
|
|
|
|
|
#include <sys/zap.h>
|
|
|
|
|
#include <sys/zfeature.h>
|
|
|
|
|
#include <sys/zfs_ioctl.h>
|
|
|
|
|
#include <sys/dsl_deleg.h>
|
2013-10-08 21:13:05 +04:00
|
|
|
#include <sys/dmu_impl.h>
|
2014-03-22 13:07:14 +04:00
|
|
|
#include <sys/zvol.h>
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
typedef struct dmu_snapshots_destroy_arg {
|
|
|
|
|
nvlist_t *dsda_snaps;
|
|
|
|
|
nvlist_t *dsda_successful_snaps;
|
|
|
|
|
boolean_t dsda_defer;
|
|
|
|
|
nvlist_t *dsda_errlist;
|
|
|
|
|
} dmu_snapshots_destroy_arg_t;
|
|
|
|
|
|
2013-07-29 22:55:16 +04:00
|
|
|
int
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_destroy_snapshot_check_impl(dsl_dataset_t *ds, boolean_t defer)
|
|
|
|
|
{
|
2015-04-02 06:44:32 +03:00
|
|
|
if (!ds->ds_is_snapshot)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
if (dsl_dataset_long_held(ds))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Only allow deferred destroy on pools that support it.
|
|
|
|
|
* NOTE: deferred destroy is only supported on snapshots.
|
|
|
|
|
*/
|
|
|
|
|
if (defer) {
|
|
|
|
|
if (spa_version(ds->ds_dir->dd_pool->dp_spa) <
|
|
|
|
|
SPA_VERSION_USERREFS)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(ENOTSUP));
|
2013-09-04 16:00:57 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If this snapshot has an elevated user reference count,
|
|
|
|
|
* we can't destroy it yet.
|
|
|
|
|
*/
|
|
|
|
|
if (ds->ds_userrefs > 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Can't delete a branch point.
|
|
|
|
|
*/
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_num_children > 1)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EEXIST));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dsl_destroy_snapshot_check(void *arg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dmu_snapshots_destroy_arg_t *dsda = arg;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
nvpair_t *pair;
|
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
|
|
if (!dmu_tx_is_syncing(tx))
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
for (pair = nvlist_next_nvpair(dsda->dsda_snaps, NULL);
|
|
|
|
|
pair != NULL; pair = nvlist_next_nvpair(dsda->dsda_snaps, pair)) {
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
|
|
|
|
|
error = dsl_dataset_hold(dp, nvpair_name(pair),
|
|
|
|
|
FTAG, &ds);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the snapshot does not exist, silently ignore it
|
|
|
|
|
* (it's "already destroyed").
|
|
|
|
|
*/
|
|
|
|
|
if (error == ENOENT)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
error = dsl_destroy_snapshot_check_impl(ds,
|
|
|
|
|
dsda->dsda_defer);
|
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
fnvlist_add_boolean(dsda->dsda_successful_snaps,
|
|
|
|
|
nvpair_name(pair));
|
|
|
|
|
} else {
|
|
|
|
|
fnvlist_add_int32(dsda->dsda_errlist,
|
|
|
|
|
nvpair_name(pair), error);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pair = nvlist_next_nvpair(dsda->dsda_errlist, NULL);
|
|
|
|
|
if (pair != NULL)
|
|
|
|
|
return (fnvpair_value_int32(pair));
|
2013-05-25 06:06:23 +04:00
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct process_old_arg {
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
dsl_dataset_t *ds_prev;
|
|
|
|
|
boolean_t after_branch_point;
|
|
|
|
|
zio_t *pio;
|
|
|
|
|
uint64_t used, comp, uncomp;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
process_old_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
struct process_old_arg *poa = arg;
|
|
|
|
|
dsl_pool_t *dp = poa->ds->ds_dir->dd_pool;
|
|
|
|
|
|
2013-12-09 22:37:51 +04:00
|
|
|
ASSERT(!BP_IS_HOLE(bp));
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
if (bp->blk_birth <= dsl_dataset_phys(poa->ds)->ds_prev_snap_txg) {
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_deadlist_insert(&poa->ds->ds_deadlist, bp, tx);
|
|
|
|
|
if (poa->ds_prev && !poa->after_branch_point &&
|
|
|
|
|
bp->blk_birth >
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(poa->ds_prev)->ds_prev_snap_txg) {
|
|
|
|
|
dsl_dataset_phys(poa->ds_prev)->ds_unique_bytes +=
|
2013-09-04 16:00:57 +04:00
|
|
|
bp_get_dsize_sync(dp->dp_spa, bp);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
poa->used += bp_get_dsize_sync(dp->dp_spa, bp);
|
|
|
|
|
poa->comp += BP_GET_PSIZE(bp);
|
|
|
|
|
poa->uncomp += BP_GET_UCSIZE(bp);
|
|
|
|
|
dsl_free_sync(poa->pio, dp, tx->tx_txg, bp);
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
process_old_deadlist(dsl_dataset_t *ds, dsl_dataset_t *ds_prev,
|
|
|
|
|
dsl_dataset_t *ds_next, boolean_t after_branch_point, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
struct process_old_arg poa = { 0 };
|
|
|
|
|
dsl_pool_t *dp = ds->ds_dir->dd_pool;
|
|
|
|
|
objset_t *mos = dp->dp_meta_objset;
|
|
|
|
|
uint64_t deadlist_obj;
|
|
|
|
|
|
|
|
|
|
ASSERT(ds->ds_deadlist.dl_oldfmt);
|
|
|
|
|
ASSERT(ds_next->ds_deadlist.dl_oldfmt);
|
|
|
|
|
|
|
|
|
|
poa.ds = ds;
|
|
|
|
|
poa.ds_prev = ds_prev;
|
|
|
|
|
poa.after_branch_point = after_branch_point;
|
|
|
|
|
poa.pio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
|
|
|
|
|
VERIFY0(bpobj_iterate(&ds_next->ds_deadlist.dl_bpobj,
|
|
|
|
|
process_old_cb, &poa, tx));
|
|
|
|
|
VERIFY0(zio_wait(poa.pio));
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(poa.used, ==, dsl_dataset_phys(ds)->ds_unique_bytes);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/* change snapused */
|
|
|
|
|
dsl_dir_diduse_space(ds->ds_dir, DD_USED_SNAP,
|
|
|
|
|
-poa.used, -poa.comp, -poa.uncomp, tx);
|
|
|
|
|
|
|
|
|
|
/* swap next's deadlist to our deadlist */
|
|
|
|
|
dsl_deadlist_close(&ds->ds_deadlist);
|
|
|
|
|
dsl_deadlist_close(&ds_next->ds_deadlist);
|
2015-04-01 18:14:34 +03:00
|
|
|
deadlist_obj = dsl_dataset_phys(ds)->ds_deadlist_obj;
|
|
|
|
|
dsl_dataset_phys(ds)->ds_deadlist_obj =
|
|
|
|
|
dsl_dataset_phys(ds_next)->ds_deadlist_obj;
|
|
|
|
|
dsl_dataset_phys(ds_next)->ds_deadlist_obj = deadlist_obj;
|
|
|
|
|
dsl_deadlist_open(&ds->ds_deadlist, mos,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_deadlist_obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_deadlist_open(&ds_next->ds_deadlist, mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_next)->ds_deadlist_obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dsl_dataset_remove_clones_key(dsl_dataset_t *ds, uint64_t mintxg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
objset_t *mos = ds->ds_dir->dd_pool->dp_meta_objset;
|
2013-09-26 02:14:47 +04:00
|
|
|
zap_cursor_t *zc;
|
|
|
|
|
zap_attribute_t *za;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If it is the old version, dd_clones doesn't exist so we can't
|
|
|
|
|
* find the clones, but dsl_deadlist_remove_key() is a no-op so it
|
|
|
|
|
* doesn't matter.
|
|
|
|
|
*/
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dir_phys(ds->ds_dir)->dd_clones == 0)
|
2013-09-04 16:00:57 +04:00
|
|
|
return;
|
|
|
|
|
|
2014-11-21 03:09:39 +03:00
|
|
|
zc = kmem_alloc(sizeof (zap_cursor_t), KM_SLEEP);
|
|
|
|
|
za = kmem_alloc(sizeof (zap_attribute_t), KM_SLEEP);
|
2013-09-26 02:14:47 +04:00
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
for (zap_cursor_init(zc, mos, dsl_dir_phys(ds->ds_dir)->dd_clones);
|
2013-09-26 02:14:47 +04:00
|
|
|
zap_cursor_retrieve(zc, za) == 0;
|
|
|
|
|
zap_cursor_advance(zc)) {
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_t *clone;
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(ds->ds_dir->dd_pool,
|
2013-09-26 02:14:47 +04:00
|
|
|
za->za_first_integer, FTAG, &clone));
|
2013-09-04 16:00:57 +04:00
|
|
|
if (clone->ds_dir->dd_origin_txg > mintxg) {
|
|
|
|
|
dsl_deadlist_remove_key(&clone->ds_deadlist,
|
|
|
|
|
mintxg, tx);
|
|
|
|
|
dsl_dataset_remove_clones_key(clone, mintxg, tx);
|
|
|
|
|
}
|
|
|
|
|
dsl_dataset_rele(clone, FTAG);
|
|
|
|
|
}
|
2013-09-26 02:14:47 +04:00
|
|
|
zap_cursor_fini(zc);
|
|
|
|
|
|
|
|
|
|
kmem_free(za, sizeof (zap_attribute_t));
|
|
|
|
|
kmem_free(zc, sizeof (zap_cursor_t));
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dsl_destroy_snapshot_sync_impl(dsl_dataset_t *ds, boolean_t defer, dmu_tx_t *tx)
|
|
|
|
|
{
|
2015-07-24 19:53:55 +03:00
|
|
|
spa_feature_t f;
|
2013-09-04 16:00:57 +04:00
|
|
|
int after_branch_point = FALSE;
|
|
|
|
|
dsl_pool_t *dp = ds->ds_dir->dd_pool;
|
|
|
|
|
objset_t *mos = dp->dp_meta_objset;
|
|
|
|
|
dsl_dataset_t *ds_prev = NULL;
|
|
|
|
|
uint64_t obj, old_unique, used = 0, comp = 0, uncomp = 0;
|
|
|
|
|
dsl_dataset_t *ds_next, *ds_head, *hds;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ASSERT(RRW_WRITE_HELD(&dp->dp_config_rwlock));
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG);
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds)->ds_bp.blk_birth, <=, tx->tx_txg);
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_exit(&ds->ds_bp_rwlock, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERT(refcount_is_zero(&ds->ds_longholds));
|
|
|
|
|
|
|
|
|
|
if (defer &&
|
2015-04-01 18:14:34 +03:00
|
|
|
(ds->ds_userrefs > 0 ||
|
|
|
|
|
dsl_dataset_phys(ds)->ds_num_children > 1)) {
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERT(spa_version(dp->dp_spa) >= SPA_VERSION_USERREFS);
|
|
|
|
|
dmu_buf_will_dirty(ds->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_flags |= DS_FLAG_DEFER_DESTROY;
|
2013-09-04 16:00:57 +04:00
|
|
|
spa_history_log_internal_ds(ds, "defer_destroy", tx, "");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds)->ds_num_children, <=, 1);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/* We need to log before removing it from the namespace. */
|
|
|
|
|
spa_history_log_internal_ds(ds, "destroy", tx, "");
|
|
|
|
|
|
|
|
|
|
dsl_scan_ds_destroyed(ds, tx);
|
|
|
|
|
|
|
|
|
|
obj = ds->ds_object;
|
|
|
|
|
|
2015-07-24 19:53:55 +03:00
|
|
|
for (f = 0; f < SPA_FEATURES; f++) {
|
|
|
|
|
if (ds->ds_feature_inuse[f]) {
|
|
|
|
|
dsl_dataset_deactivate_feature(obj, f, tx);
|
|
|
|
|
ds->ds_feature_inuse[f] = B_FALSE;
|
|
|
|
|
}
|
2014-11-03 23:15:08 +03:00
|
|
|
}
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_prev_snap_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERT3P(ds->ds_prev, ==, NULL);
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_obj, FTAG, &ds_prev));
|
2013-09-04 16:00:57 +04:00
|
|
|
after_branch_point =
|
2015-04-01 18:14:34 +03:00
|
|
|
(dsl_dataset_phys(ds_prev)->ds_next_snap_obj != obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
dmu_buf_will_dirty(ds_prev->ds_dbuf, tx);
|
|
|
|
|
if (after_branch_point &&
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_prev)->ds_next_clones_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_remove_from_next_clones(ds_prev, obj, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_next_snap_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
VERIFY0(zap_add_int(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_prev)->
|
|
|
|
|
ds_next_clones_obj,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_next_snap_obj,
|
|
|
|
|
tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!after_branch_point) {
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_prev)->ds_next_snap_obj =
|
|
|
|
|
dsl_dataset_phys(ds)->ds_next_snap_obj;
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_next_snap_obj, FTAG, &ds_next));
|
|
|
|
|
ASSERT3U(dsl_dataset_phys(ds_next)->ds_prev_snap_obj, ==, obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
old_unique = dsl_dataset_phys(ds_next)->ds_unique_bytes;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
dmu_buf_will_dirty(ds_next->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_next)->ds_prev_snap_obj =
|
|
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_obj;
|
|
|
|
|
dsl_dataset_phys(ds_next)->ds_prev_snap_txg =
|
|
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg;
|
|
|
|
|
ASSERT3U(dsl_dataset_phys(ds)->ds_prev_snap_txg, ==,
|
|
|
|
|
ds_prev ? dsl_dataset_phys(ds_prev)->ds_creation_txg : 0);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
if (ds_next->ds_deadlist.dl_oldfmt) {
|
|
|
|
|
process_old_deadlist(ds, ds_prev, ds_next,
|
|
|
|
|
after_branch_point, tx);
|
|
|
|
|
} else {
|
|
|
|
|
/* Adjust prev's unique space. */
|
|
|
|
|
if (ds_prev && !after_branch_point) {
|
|
|
|
|
dsl_deadlist_space_range(&ds_next->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_prev)->ds_prev_snap_txg,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg,
|
2013-09-04 16:00:57 +04:00
|
|
|
&used, &comp, &uncomp);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_prev)->ds_unique_bytes += used;
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Adjust snapused. */
|
|
|
|
|
dsl_deadlist_space_range(&ds_next->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg, UINT64_MAX,
|
2013-09-04 16:00:57 +04:00
|
|
|
&used, &comp, &uncomp);
|
|
|
|
|
dsl_dir_diduse_space(ds->ds_dir, DD_USED_SNAP,
|
|
|
|
|
-used, -comp, -uncomp, tx);
|
|
|
|
|
|
|
|
|
|
/* Move blocks to be freed to pool's free list. */
|
|
|
|
|
dsl_deadlist_move_bpobj(&ds_next->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
&dp->dp_free_bpobj, dsl_dataset_phys(ds)->ds_prev_snap_txg,
|
2013-09-04 16:00:57 +04:00
|
|
|
tx);
|
|
|
|
|
dsl_dir_diduse_space(tx->tx_pool->dp_free_dir,
|
|
|
|
|
DD_USED_HEAD, used, comp, uncomp, tx);
|
|
|
|
|
|
|
|
|
|
/* Merge our deadlist into next's and free it. */
|
|
|
|
|
dsl_deadlist_merge(&ds_next->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_deadlist_obj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
dsl_deadlist_close(&ds->ds_deadlist);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_deadlist_free(mos, dsl_dataset_phys(ds)->ds_deadlist_obj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
dmu_buf_will_dirty(ds->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_deadlist_obj = 0;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/* Collapse range in clone heads */
|
|
|
|
|
dsl_dataset_remove_clones_key(ds,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_creation_txg, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2015-04-02 06:44:32 +03:00
|
|
|
if (ds_next->ds_is_snapshot) {
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_t *ds_nextnext;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Update next's unique to include blocks which
|
|
|
|
|
* were previously shared by only this snapshot
|
|
|
|
|
* and it. Those blocks will be born after the
|
|
|
|
|
* prev snap and before this snap, and will have
|
|
|
|
|
* died after the next snap and before the one
|
|
|
|
|
* after that (ie. be on the snap after next's
|
|
|
|
|
* deadlist).
|
|
|
|
|
*/
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_next)->ds_next_snap_obj,
|
|
|
|
|
FTAG, &ds_nextnext));
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_deadlist_space_range(&ds_nextnext->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_creation_txg,
|
2013-09-04 16:00:57 +04:00
|
|
|
&used, &comp, &uncomp);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_next)->ds_unique_bytes += used;
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(ds_nextnext, FTAG);
|
|
|
|
|
ASSERT3P(ds_next->ds_prev, ==, NULL);
|
|
|
|
|
|
|
|
|
|
/* Collapse range in this head. */
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj, FTAG, &hds));
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_deadlist_remove_key(&hds->ds_deadlist,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_creation_txg, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(hds, FTAG);
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
ASSERT3P(ds_next->ds_prev, ==, ds);
|
|
|
|
|
dsl_dataset_rele(ds_next->ds_prev, ds_next);
|
|
|
|
|
ds_next->ds_prev = NULL;
|
|
|
|
|
if (ds_prev) {
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_obj,
|
2013-09-04 16:00:57 +04:00
|
|
|
ds_next, &ds_next->ds_prev));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dsl_dataset_recalc_head_uniq(ds_next);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Reduce the amount of our unconsumed refreservation
|
|
|
|
|
* being charged to our parent by the amount of
|
|
|
|
|
* new unique data we have gained.
|
|
|
|
|
*/
|
|
|
|
|
if (old_unique < ds_next->ds_reserved) {
|
|
|
|
|
int64_t mrsdelta;
|
|
|
|
|
uint64_t new_unique =
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds_next)->ds_unique_bytes;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
ASSERT(old_unique <= new_unique);
|
|
|
|
|
mrsdelta = MIN(new_unique - old_unique,
|
|
|
|
|
ds_next->ds_reserved - old_unique);
|
|
|
|
|
dsl_dir_diduse_space(ds->ds_dir,
|
|
|
|
|
DD_USED_REFRSRV, -mrsdelta, 0, 0, tx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dsl_dataset_rele(ds_next, FTAG);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This must be done after the dsl_traverse(), because it will
|
|
|
|
|
* re-open the objset.
|
|
|
|
|
*/
|
|
|
|
|
if (ds->ds_objset) {
|
|
|
|
|
dmu_objset_evict(ds->ds_objset);
|
|
|
|
|
ds->ds_objset = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* remove from snapshot namespace */
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT(dsl_dataset_phys(ds)->ds_snapnames_zapobj == 0);
|
2013-09-04 16:00:57 +04:00
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj, FTAG, &ds_head));
|
2013-09-04 16:00:57 +04:00
|
|
|
VERIFY0(dsl_dataset_get_snapname(ds));
|
|
|
|
|
#ifdef ZFS_DEBUG
|
|
|
|
|
{
|
|
|
|
|
uint64_t val;
|
2014-03-22 13:07:14 +04:00
|
|
|
int err;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
err = dsl_dataset_snap_lookup(ds_head,
|
|
|
|
|
ds->ds_snapname, &val);
|
|
|
|
|
ASSERT0(err);
|
|
|
|
|
ASSERT3U(val, ==, obj);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2015-04-01 16:07:48 +03:00
|
|
|
VERIFY0(dsl_dataset_snap_remove(ds_head, ds->ds_snapname, tx, B_TRUE));
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(ds_head, FTAG);
|
|
|
|
|
|
|
|
|
|
if (ds_prev != NULL)
|
|
|
|
|
dsl_dataset_rele(ds_prev, FTAG);
|
|
|
|
|
|
|
|
|
|
spa_prop_clear_bootfs(dp->dp_spa, ds->ds_object, tx);
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_next_clones_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERTV(uint64_t count);
|
|
|
|
|
ASSERT0(zap_count(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_next_clones_obj, &count) &&
|
|
|
|
|
count == 0);
|
2013-09-04 16:00:57 +04:00
|
|
|
VERIFY0(dmu_object_free(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_next_clones_obj, tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_props_obj != 0)
|
|
|
|
|
VERIFY0(zap_destroy(mos, dsl_dataset_phys(ds)->ds_props_obj,
|
|
|
|
|
tx));
|
|
|
|
|
if (dsl_dataset_phys(ds)->ds_userrefs_obj != 0)
|
|
|
|
|
VERIFY0(zap_destroy(mos, dsl_dataset_phys(ds)->ds_userrefs_obj,
|
|
|
|
|
tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dir_rele(ds->ds_dir, ds);
|
|
|
|
|
ds->ds_dir = NULL;
|
2013-10-08 21:13:05 +04:00
|
|
|
dmu_object_free_zapified(mos, obj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dsl_destroy_snapshot_sync(void *arg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dmu_snapshots_destroy_arg_t *dsda = arg;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
nvpair_t *pair;
|
|
|
|
|
|
|
|
|
|
for (pair = nvlist_next_nvpair(dsda->dsda_successful_snaps, NULL);
|
|
|
|
|
pair != NULL;
|
|
|
|
|
pair = nvlist_next_nvpair(dsda->dsda_successful_snaps, pair)) {
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dataset_hold(dp, nvpair_name(pair), FTAG, &ds));
|
|
|
|
|
|
|
|
|
|
dsl_destroy_snapshot_sync_impl(ds, dsda->dsda_defer, tx);
|
2014-03-22 13:07:14 +04:00
|
|
|
zvol_remove_minors(dp->dp_spa, nvpair_name(pair), B_TRUE);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The semantics of this function are described in the comment above
|
|
|
|
|
* lzc_destroy_snaps(). To summarize:
|
|
|
|
|
*
|
|
|
|
|
* The snapshots must all be in the same pool.
|
|
|
|
|
*
|
|
|
|
|
* Snapshots that don't exist will be silently ignored (considered to be
|
|
|
|
|
* "already deleted").
|
|
|
|
|
*
|
|
|
|
|
* On success, all snaps will be destroyed and this will return 0.
|
|
|
|
|
* On failure, no snaps will be destroyed, the errlist will be filled in,
|
|
|
|
|
* and this will return an errno.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
dsl_destroy_snapshots_nvl(nvlist_t *snaps, boolean_t defer,
|
|
|
|
|
nvlist_t *errlist)
|
|
|
|
|
{
|
|
|
|
|
dmu_snapshots_destroy_arg_t dsda;
|
|
|
|
|
int error;
|
|
|
|
|
nvpair_t *pair;
|
|
|
|
|
|
|
|
|
|
pair = nvlist_next_nvpair(snaps, NULL);
|
|
|
|
|
if (pair == NULL)
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
dsda.dsda_snaps = snaps;
|
2013-11-01 23:26:11 +04:00
|
|
|
VERIFY0(nvlist_alloc(&dsda.dsda_successful_snaps,
|
2014-11-21 03:09:39 +03:00
|
|
|
NV_UNIQUE_NAME, KM_SLEEP));
|
2013-09-04 16:00:57 +04:00
|
|
|
dsda.dsda_defer = defer;
|
|
|
|
|
dsda.dsda_errlist = errlist;
|
|
|
|
|
|
|
|
|
|
error = dsl_sync_task(nvpair_name(pair),
|
|
|
|
|
dsl_destroy_snapshot_check, dsl_destroy_snapshot_sync,
|
2014-11-03 23:28:43 +03:00
|
|
|
&dsda, 0, ZFS_SPACE_CHECK_NONE);
|
2013-09-04 16:00:57 +04:00
|
|
|
fnvlist_free(dsda.dsda_successful_snaps);
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
dsl_destroy_snapshot(const char *name, boolean_t defer)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
2014-11-21 03:09:39 +03:00
|
|
|
nvlist_t *nvl = fnvlist_alloc();
|
|
|
|
|
nvlist_t *errlist = fnvlist_alloc();
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
fnvlist_add_boolean(nvl, name);
|
|
|
|
|
error = dsl_destroy_snapshots_nvl(nvl, defer, errlist);
|
|
|
|
|
fnvlist_free(errlist);
|
|
|
|
|
fnvlist_free(nvl);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct killarg {
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
dmu_tx_t *tx;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
static int
|
|
|
|
|
kill_blkptr(spa_t *spa, zilog_t *zilog, const blkptr_t *bp,
|
2014-06-25 22:37:59 +04:00
|
|
|
const zbookmark_phys_t *zb, const dnode_phys_t *dnp, void *arg)
|
2013-09-04 16:00:57 +04:00
|
|
|
{
|
|
|
|
|
struct killarg *ka = arg;
|
|
|
|
|
dmu_tx_t *tx = ka->tx;
|
|
|
|
|
|
2015-12-22 04:31:57 +03:00
|
|
|
if (bp == NULL || BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp))
|
2013-09-04 16:00:57 +04:00
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
if (zb->zb_level == ZB_ZIL_LEVEL) {
|
|
|
|
|
ASSERT(zilog != NULL);
|
|
|
|
|
/*
|
|
|
|
|
* It's a block in the intent log. It has no
|
|
|
|
|
* accounting, so just free it.
|
|
|
|
|
*/
|
|
|
|
|
dsl_free(ka->tx->tx_pool, ka->tx->tx_txg, bp);
|
|
|
|
|
} else {
|
|
|
|
|
ASSERT(zilog == NULL);
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(bp->blk_birth, >,
|
|
|
|
|
dsl_dataset_phys(ka->ds)->ds_prev_snap_txg);
|
2013-09-04 16:00:57 +04:00
|
|
|
(void) dsl_dataset_block_kill(ka->ds, bp, tx, B_FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
old_synchronous_dataset_destroy(dsl_dataset_t *ds, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
struct killarg ka;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free everything that we point to (that's born after
|
|
|
|
|
* the previous snapshot, if we are a clone)
|
|
|
|
|
*
|
|
|
|
|
* NB: this should be very quick, because we already
|
|
|
|
|
* freed all the objects in open context.
|
|
|
|
|
*/
|
|
|
|
|
ka.ds = ds;
|
|
|
|
|
ka.tx = tx;
|
|
|
|
|
VERIFY0(traverse_dataset(ds,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg, TRAVERSE_POST |
|
|
|
|
|
TRAVERSE_NO_DECRYPT, kill_blkptr, &ka));
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT(!DS_UNIQUE_IS_ACCURATE(ds) ||
|
|
|
|
|
dsl_dataset_phys(ds)->ds_unique_bytes == 0);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typedef struct dsl_destroy_head_arg {
|
|
|
|
|
const char *ddha_name;
|
|
|
|
|
} dsl_destroy_head_arg_t;
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
dsl_destroy_head_check_impl(dsl_dataset_t *ds, int expected_holds)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
uint64_t count;
|
|
|
|
|
objset_t *mos;
|
|
|
|
|
|
2015-04-02 06:44:32 +03:00
|
|
|
ASSERT(!ds->ds_is_snapshot);
|
|
|
|
|
if (ds->ds_is_snapshot)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EINVAL));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
if (refcount_count(&ds->ds_longholds) != expected_holds)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
mos = ds->ds_dir->dd_pool->dp_meta_objset;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Can't delete a head dataset if there are snapshots of it.
|
|
|
|
|
* (Except if the only snapshots are from the branch we cloned
|
|
|
|
|
* from.)
|
|
|
|
|
*/
|
|
|
|
|
if (ds->ds_prev != NULL &&
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds->ds_prev)->ds_next_snap_obj == ds->ds_object)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Can't delete if there are children of this fs.
|
|
|
|
|
*/
|
|
|
|
|
error = zap_count(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(ds->ds_dir)->dd_child_dir_zapobj, &count);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
if (count != 0)
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EEXIST));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev) &&
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds->ds_prev)->ds_num_children == 2 &&
|
2013-09-04 16:00:57 +04:00
|
|
|
ds->ds_prev->ds_userrefs == 0) {
|
|
|
|
|
/* We need to remove the origin snapshot as well. */
|
|
|
|
|
if (!refcount_is_zero(&ds->ds_prev->ds_longholds))
|
2013-03-08 22:41:28 +04:00
|
|
|
return (SET_ERROR(EBUSY));
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
dsl_destroy_head_check(void *arg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dsl_destroy_head_arg_t *ddha = arg;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
error = dsl_dataset_hold(dp, ddha->ddha_name, FTAG, &ds);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
error = dsl_destroy_head_check_impl(ds, 0);
|
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dsl_dir_destroy_sync(uint64_t ddobj, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dsl_dir_t *dd;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
objset_t *mos = dp->dp_meta_objset;
|
|
|
|
|
dd_used_t t;
|
|
|
|
|
|
|
|
|
|
ASSERT(RRW_WRITE_HELD(&dmu_tx_pool(tx)->dp_config_rwlock));
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dir_hold_obj(dp, ddobj, NULL, FTAG, &dd));
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT0(dsl_dir_phys(dd)->dd_head_dataset_obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2015-04-01 16:07:48 +03:00
|
|
|
/*
|
|
|
|
|
* Decrement the filesystem count for all parent filesystems.
|
|
|
|
|
*
|
|
|
|
|
* When we receive an incremental stream into a filesystem that already
|
|
|
|
|
* exists, a temporary clone is created. We never count this temporary
|
|
|
|
|
* clone, whose name begins with a '%'.
|
|
|
|
|
*/
|
|
|
|
|
if (dd->dd_myname[0] != '%' && dd->dd_parent != NULL)
|
|
|
|
|
dsl_fs_ss_count_adjust(dd->dd_parent, -1,
|
|
|
|
|
DD_FIELD_FILESYSTEM_COUNT, tx);
|
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
/*
|
|
|
|
|
* Remove our reservation. The impl() routine avoids setting the
|
|
|
|
|
* actual property, which would require the (already destroyed) ds.
|
|
|
|
|
*/
|
|
|
|
|
dsl_dir_set_reservation_sync_impl(dd, 0, tx);
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT0(dsl_dir_phys(dd)->dd_used_bytes);
|
|
|
|
|
ASSERT0(dsl_dir_phys(dd)->dd_reserved);
|
2013-09-04 16:00:57 +04:00
|
|
|
for (t = 0; t < DD_USED_NUM; t++)
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT0(dsl_dir_phys(dd)->dd_used_breakdown[t]);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
if (dd->dd_crypto_obj != 0) {
|
|
|
|
|
dsl_crypto_key_destroy_sync(dd->dd_crypto_obj, tx);
|
|
|
|
|
(void) spa_keystore_unload_wkey_impl(dp->dp_spa, dd->dd_object);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
VERIFY0(zap_destroy(mos, dsl_dir_phys(dd)->dd_child_dir_zapobj, tx));
|
|
|
|
|
VERIFY0(zap_destroy(mos, dsl_dir_phys(dd)->dd_props_zapobj, tx));
|
|
|
|
|
VERIFY0(dsl_deleg_destroy(mos, dsl_dir_phys(dd)->dd_deleg_zapobj, tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
VERIFY0(zap_remove(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(dd->dd_parent)->dd_child_dir_zapobj,
|
|
|
|
|
dd->dd_myname, tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
dsl_dir_rele(dd, FTAG);
|
2013-10-08 21:13:05 +04:00
|
|
|
dmu_object_free_zapified(mos, ddobj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dsl_destroy_head_sync_impl(dsl_dataset_t *ds, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
2015-07-24 19:53:55 +03:00
|
|
|
spa_feature_t f;
|
2013-09-04 16:00:57 +04:00
|
|
|
objset_t *mos = dp->dp_meta_objset;
|
|
|
|
|
uint64_t obj, ddobj, prevobj = 0;
|
|
|
|
|
boolean_t rmorigin;
|
|
|
|
|
objset_t *os;
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds)->ds_num_children, <=, 1);
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERT(ds->ds_prev == NULL ||
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds->ds_prev)->ds_next_snap_obj != ds->ds_object);
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG);
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds)->ds_bp.blk_birth, <=, tx->tx_txg);
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_exit(&ds->ds_bp_rwlock, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
ASSERT(RRW_WRITE_HELD(&dp->dp_config_rwlock));
|
|
|
|
|
|
|
|
|
|
/* We need to log before removing it from the namespace. */
|
|
|
|
|
spa_history_log_internal_ds(ds, "destroy", tx, "");
|
|
|
|
|
|
|
|
|
|
rmorigin = (dsl_dir_is_clone(ds->ds_dir) &&
|
|
|
|
|
DS_IS_DEFER_DESTROY(ds->ds_prev) &&
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds->ds_prev)->ds_num_children == 2 &&
|
2013-09-04 16:00:57 +04:00
|
|
|
ds->ds_prev->ds_userrefs == 0);
|
|
|
|
|
|
2014-06-06 01:19:08 +04:00
|
|
|
/* Remove our reservation. */
|
2013-09-04 16:00:57 +04:00
|
|
|
if (ds->ds_reserved != 0) {
|
|
|
|
|
dsl_dataset_set_refreservation_sync_impl(ds,
|
|
|
|
|
(ZPROP_SRC_NONE | ZPROP_SRC_LOCAL | ZPROP_SRC_RECEIVED),
|
|
|
|
|
0, tx);
|
|
|
|
|
ASSERT0(ds->ds_reserved);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-24 19:53:55 +03:00
|
|
|
obj = ds->ds_object;
|
2014-11-03 23:15:08 +03:00
|
|
|
|
2015-07-24 19:53:55 +03:00
|
|
|
for (f = 0; f < SPA_FEATURES; f++) {
|
|
|
|
|
if (ds->ds_feature_inuse[f]) {
|
|
|
|
|
dsl_dataset_deactivate_feature(obj, f, tx);
|
|
|
|
|
ds->ds_feature_inuse[f] = B_FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2015-07-24 19:53:55 +03:00
|
|
|
dsl_scan_ds_destroyed(ds, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds)->ds_prev_snap_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
/* This is a clone */
|
|
|
|
|
ASSERT(ds->ds_prev != NULL);
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds->ds_prev)->ds_next_snap_obj, !=,
|
|
|
|
|
obj);
|
|
|
|
|
ASSERT0(dsl_dataset_phys(ds)->ds_next_snap_obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
dmu_buf_will_dirty(ds->ds_prev->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
if (dsl_dataset_phys(ds->ds_prev)->ds_next_clones_obj != 0) {
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_remove_from_next_clones(ds->ds_prev,
|
|
|
|
|
obj, tx);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT3U(dsl_dataset_phys(ds->ds_prev)->ds_num_children, >, 1);
|
|
|
|
|
dsl_dataset_phys(ds->ds_prev)->ds_num_children--;
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Destroy the deadlist. Unless it's a clone, the
|
|
|
|
|
* deadlist should be empty. (If it's a clone, it's
|
|
|
|
|
* safe to ignore the deadlist contents.)
|
|
|
|
|
*/
|
|
|
|
|
dsl_deadlist_close(&ds->ds_deadlist);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_deadlist_free(mos, dsl_dataset_phys(ds)->ds_deadlist_obj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
dmu_buf_will_dirty(ds->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_deadlist_obj = 0;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
VERIFY0(dmu_objset_from_ds(ds, &os));
|
|
|
|
|
|
2013-10-08 21:13:05 +04:00
|
|
|
if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_ASYNC_DESTROY)) {
|
2013-09-04 16:00:57 +04:00
|
|
|
old_synchronous_dataset_destroy(ds, tx);
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Move the bptree into the pool's list of trees to
|
|
|
|
|
* clean up and update space accounting information.
|
|
|
|
|
*/
|
|
|
|
|
uint64_t used, comp, uncomp;
|
|
|
|
|
|
|
|
|
|
zil_destroy_sync(dmu_objset_zil(os), tx);
|
|
|
|
|
|
2013-10-08 21:13:05 +04:00
|
|
|
if (!spa_feature_is_active(dp->dp_spa,
|
|
|
|
|
SPA_FEATURE_ASYNC_DESTROY)) {
|
2013-04-23 21:31:42 +04:00
|
|
|
dsl_scan_t *scn = dp->dp_scan;
|
2013-10-08 21:13:05 +04:00
|
|
|
spa_feature_incr(dp->dp_spa, SPA_FEATURE_ASYNC_DESTROY,
|
|
|
|
|
tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
dp->dp_bptree_obj = bptree_alloc(mos, tx);
|
|
|
|
|
VERIFY0(zap_add(mos,
|
|
|
|
|
DMU_POOL_DIRECTORY_OBJECT,
|
|
|
|
|
DMU_POOL_BPTREE_OBJ, sizeof (uint64_t), 1,
|
|
|
|
|
&dp->dp_bptree_obj, tx));
|
2013-04-23 21:31:42 +04:00
|
|
|
ASSERT(!scn->scn_async_destroying);
|
|
|
|
|
scn->scn_async_destroying = B_TRUE;
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
used = dsl_dir_phys(ds->ds_dir)->dd_used_bytes;
|
|
|
|
|
comp = dsl_dir_phys(ds->ds_dir)->dd_compressed_bytes;
|
|
|
|
|
uncomp = dsl_dir_phys(ds->ds_dir)->dd_uncompressed_bytes;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
ASSERT(!DS_UNIQUE_IS_ACCURATE(ds) ||
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_unique_bytes == used);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
bptree_add(mos, dp->dp_bptree_obj,
|
2015-04-01 18:14:34 +03:00
|
|
|
&dsl_dataset_phys(ds)->ds_bp,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_prev_snap_txg,
|
2013-09-04 16:00:57 +04:00
|
|
|
used, comp, uncomp, tx);
|
2017-01-27 22:43:42 +03:00
|
|
|
rrw_exit(&ds->ds_bp_rwlock, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dir_diduse_space(ds->ds_dir, DD_USED_HEAD,
|
|
|
|
|
-used, -comp, -uncomp, tx);
|
|
|
|
|
dsl_dir_diduse_space(dp->dp_free_dir, DD_USED_HEAD,
|
|
|
|
|
used, comp, uncomp, tx);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ds->ds_prev != NULL) {
|
|
|
|
|
if (spa_version(dp->dp_spa) >= SPA_VERSION_DIR_CLONES) {
|
|
|
|
|
VERIFY0(zap_remove_int(mos,
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(ds->ds_prev->ds_dir)->dd_clones,
|
2013-09-04 16:00:57 +04:00
|
|
|
ds->ds_object, tx));
|
|
|
|
|
}
|
|
|
|
|
prevobj = ds->ds_prev->ds_object;
|
|
|
|
|
dsl_dataset_rele(ds->ds_prev, ds);
|
|
|
|
|
ds->ds_prev = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This must be done after the dsl_traverse(), because it will
|
|
|
|
|
* re-open the objset.
|
|
|
|
|
*/
|
|
|
|
|
if (ds->ds_objset) {
|
|
|
|
|
dmu_objset_evict(ds->ds_objset);
|
|
|
|
|
ds->ds_objset = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Erase the link in the dir */
|
|
|
|
|
dmu_buf_will_dirty(ds->ds_dir->dd_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj = 0;
|
2013-09-04 16:00:57 +04:00
|
|
|
ddobj = ds->ds_dir->dd_object;
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT(dsl_dataset_phys(ds)->ds_snapnames_zapobj != 0);
|
|
|
|
|
VERIFY0(zap_destroy(mos,
|
|
|
|
|
dsl_dataset_phys(ds)->ds_snapnames_zapobj, tx));
|
2013-09-04 16:00:57 +04:00
|
|
|
|
2013-12-12 02:33:41 +04:00
|
|
|
if (ds->ds_bookmarks != 0) {
|
2015-04-01 18:14:34 +03:00
|
|
|
VERIFY0(zap_destroy(mos, ds->ds_bookmarks, tx));
|
2013-12-12 02:33:41 +04:00
|
|
|
spa_feature_decr(dp->dp_spa, SPA_FEATURE_BOOKMARKS, tx);
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
spa_prop_clear_bootfs(dp->dp_spa, ds->ds_object, tx);
|
|
|
|
|
|
2015-04-01 18:14:34 +03:00
|
|
|
ASSERT0(dsl_dataset_phys(ds)->ds_next_clones_obj);
|
|
|
|
|
ASSERT0(dsl_dataset_phys(ds)->ds_props_obj);
|
|
|
|
|
ASSERT0(dsl_dataset_phys(ds)->ds_userrefs_obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dir_rele(ds->ds_dir, ds);
|
|
|
|
|
ds->ds_dir = NULL;
|
2013-10-08 21:13:05 +04:00
|
|
|
dmu_object_free_zapified(mos, obj, tx);
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
dsl_dir_destroy_sync(ddobj, tx);
|
|
|
|
|
|
|
|
|
|
if (rmorigin) {
|
|
|
|
|
dsl_dataset_t *prev;
|
|
|
|
|
VERIFY0(dsl_dataset_hold_obj(dp, prevobj, FTAG, &prev));
|
|
|
|
|
dsl_destroy_snapshot_sync_impl(prev, B_FALSE, tx);
|
|
|
|
|
dsl_dataset_rele(prev, FTAG);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dsl_destroy_head_sync(void *arg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dsl_destroy_head_arg_t *ddha = arg;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dataset_hold(dp, ddha->ddha_name, FTAG, &ds));
|
|
|
|
|
dsl_destroy_head_sync_impl(ds, tx);
|
2014-03-22 13:07:14 +04:00
|
|
|
zvol_remove_minors(dp->dp_spa, ddha->ddha_name, B_TRUE);
|
2013-09-04 16:00:57 +04:00
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dsl_destroy_head_begin_sync(void *arg, dmu_tx_t *tx)
|
|
|
|
|
{
|
|
|
|
|
dsl_destroy_head_arg_t *ddha = arg;
|
|
|
|
|
dsl_pool_t *dp = dmu_tx_pool(tx);
|
|
|
|
|
dsl_dataset_t *ds;
|
|
|
|
|
|
|
|
|
|
VERIFY0(dsl_dataset_hold(dp, ddha->ddha_name, FTAG, &ds));
|
|
|
|
|
|
|
|
|
|
/* Mark it as inconsistent on-disk, in case we crash */
|
|
|
|
|
dmu_buf_will_dirty(ds->ds_dbuf, tx);
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(ds)->ds_flags |= DS_FLAG_INCONSISTENT;
|
2013-09-04 16:00:57 +04:00
|
|
|
|
|
|
|
|
spa_history_log_internal_ds(ds, "destroy begin", tx, "");
|
|
|
|
|
dsl_dataset_rele(ds, FTAG);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
dsl_destroy_head(const char *name)
|
|
|
|
|
{
|
|
|
|
|
dsl_destroy_head_arg_t ddha;
|
|
|
|
|
int error;
|
|
|
|
|
spa_t *spa;
|
|
|
|
|
boolean_t isenabled;
|
|
|
|
|
|
|
|
|
|
#ifdef _KERNEL
|
|
|
|
|
zfs_destroy_unmount_origin(name);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
error = spa_open(name, &spa, FTAG);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
2013-10-08 21:13:05 +04:00
|
|
|
isenabled = spa_feature_is_enabled(spa, SPA_FEATURE_ASYNC_DESTROY);
|
2013-09-04 16:00:57 +04:00
|
|
|
spa_close(spa, FTAG);
|
|
|
|
|
|
|
|
|
|
ddha.ddha_name = name;
|
|
|
|
|
|
|
|
|
|
if (!isenabled) {
|
|
|
|
|
objset_t *os;
|
|
|
|
|
|
|
|
|
|
error = dsl_sync_task(name, dsl_destroy_head_check,
|
2014-11-03 23:28:43 +03:00
|
|
|
dsl_destroy_head_begin_sync, &ddha,
|
|
|
|
|
0, ZFS_SPACE_CHECK_NONE);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Head deletion is processed in one txg on old pools;
|
|
|
|
|
* remove the objects from open context so that the txg sync
|
|
|
|
|
* is not too long.
|
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
error = dmu_objset_own(name, DMU_OST_ANY, B_FALSE, B_FALSE,
|
|
|
|
|
FTAG, &os);
|
2013-09-04 16:00:57 +04:00
|
|
|
if (error == 0) {
|
|
|
|
|
uint64_t obj;
|
|
|
|
|
uint64_t prev_snap_txg =
|
2015-04-01 18:14:34 +03:00
|
|
|
dsl_dataset_phys(dmu_objset_ds(os))->
|
|
|
|
|
ds_prev_snap_txg;
|
2013-09-04 16:00:57 +04:00
|
|
|
for (obj = 0; error == 0;
|
|
|
|
|
error = dmu_object_next(os, &obj, FALSE,
|
|
|
|
|
prev_snap_txg))
|
2013-08-21 08:11:52 +04:00
|
|
|
(void) dmu_free_long_object(os, obj);
|
2013-09-04 16:00:57 +04:00
|
|
|
/* sync out all frees */
|
|
|
|
|
txg_wait_synced(dmu_objset_pool(os), 0);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 20:36:48 +03:00
|
|
|
dmu_objset_disown(os, B_FALSE, FTAG);
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (dsl_sync_task(name, dsl_destroy_head_check,
|
2014-11-03 23:28:43 +03:00
|
|
|
dsl_destroy_head_sync, &ddha, 0, ZFS_SPACE_CHECK_NONE));
|
2013-09-04 16:00:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note, this function is used as the callback for dmu_objset_find(). We
|
|
|
|
|
* always return 0 so that we will continue to find and process
|
|
|
|
|
* inconsistent datasets, even if we encounter an error trying to
|
|
|
|
|
* process one of them.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
|
|
|
|
dsl_destroy_inconsistent(const char *dsname, void *arg)
|
|
|
|
|
{
|
|
|
|
|
objset_t *os;
|
|
|
|
|
|
|
|
|
|
if (dmu_objset_hold(dsname, FTAG, &os) == 0) {
|
2016-01-07 00:22:48 +03:00
|
|
|
boolean_t need_destroy = DS_IS_INCONSISTENT(dmu_objset_ds(os));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the dataset is inconsistent because a resumable receive
|
|
|
|
|
* has failed, then do not destroy it.
|
|
|
|
|
*/
|
|
|
|
|
if (dsl_dataset_has_resume_receive_state(dmu_objset_ds(os)))
|
|
|
|
|
need_destroy = B_FALSE;
|
|
|
|
|
|
2013-09-04 16:00:57 +04:00
|
|
|
dmu_objset_rele(os, FTAG);
|
2016-01-07 00:22:48 +03:00
|
|
|
if (need_destroy)
|
2013-09-04 16:00:57 +04:00
|
|
|
(void) dsl_destroy_head(dsname);
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#if defined(_KERNEL) && defined(HAVE_SPL)
|
|
|
|
|
EXPORT_SYMBOL(dsl_destroy_head);
|
|
|
|
|
EXPORT_SYMBOL(dsl_destroy_head_sync_impl);
|
|
|
|
|
EXPORT_SYMBOL(dsl_dataset_user_hold_check_one);
|
|
|
|
|
EXPORT_SYMBOL(dsl_destroy_snapshot_sync_impl);
|
|
|
|
|
EXPORT_SYMBOL(dsl_destroy_inconsistent);
|
|
|
|
|
EXPORT_SYMBOL(dsl_dataset_user_release_tmp);
|
|
|
|
|
EXPORT_SYMBOL(dsl_destroy_head_check_impl);
|
|
|
|
|
#endif
|