diff options
author | Paul Dagnelie <[email protected]> | 2019-06-19 09:48:13 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2019-06-19 09:48:12 -0700 |
commit | 30af21b02569ac192f52ce6e6511015f8a8d5729 (patch) | |
tree | e5f1091c2d3a6e511bbd2414782e490c18e0f59c /module/zfs | |
parent | c1b5801bb5af0055e5f3d263beaa07026103e212 (diff) |
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Reviewed-by: Prashanth Sreenivasa <[email protected]>
Reviewed-by: John Kennedy <[email protected]>
Reviewed-by: George Wilson <[email protected]>
Reviewed-by: Chris Williamson <[email protected]>
Reviewed-by: Pavel Zhakarov <[email protected]>
Reviewed-by: Sebastien Roy <[email protected]>
Reviewed-by: Prakash Surya <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Paul Dagnelie <[email protected]>
Closes #7958
Diffstat (limited to 'module/zfs')
-rw-r--r-- | module/zfs/Makefile.in | 2 | ||||
-rw-r--r-- | module/zfs/arc.c | 2 | ||||
-rw-r--r-- | module/zfs/bptree.c | 5 | ||||
-rw-r--r-- | module/zfs/bqueue.c | 73 | ||||
-rw-r--r-- | module/zfs/dbuf.c | 103 | ||||
-rw-r--r-- | module/zfs/dmu.c | 16 | ||||
-rw-r--r-- | module/zfs/dmu_diff.c | 5 | ||||
-rw-r--r-- | module/zfs/dmu_objset.c | 1 | ||||
-rw-r--r-- | module/zfs/dmu_recv.c | 1254 | ||||
-rw-r--r-- | module/zfs/dmu_redact.c | 1112 | ||||
-rw-r--r-- | module/zfs/dmu_send.c | 2826 | ||||
-rw-r--r-- | module/zfs/dmu_traverse.c | 28 | ||||
-rw-r--r-- | module/zfs/dsl_bookmark.c | 1253 | ||||
-rw-r--r-- | module/zfs/dsl_dataset.c | 410 | ||||
-rw-r--r-- | module/zfs/dsl_deadlist.c | 68 | ||||
-rw-r--r-- | module/zfs/dsl_destroy.c | 170 | ||||
-rw-r--r-- | module/zfs/dsl_pool.c | 3 | ||||
-rw-r--r-- | module/zfs/dsl_scan.c | 14 | ||||
-rw-r--r-- | module/zfs/objlist.c | 84 | ||||
-rw-r--r-- | module/zfs/refcount.c | 6 | ||||
-rw-r--r-- | module/zfs/spa.c | 3 | ||||
-rw-r--r-- | module/zfs/txg.c | 2 | ||||
-rw-r--r-- | module/zfs/zfs_ioctl.c | 380 | ||||
-rw-r--r-- | module/zfs/zfs_vfsops.c | 102 | ||||
-rw-r--r-- | module/zfs/zio.c | 3 |
25 files changed, 6198 insertions, 1727 deletions
diff --git a/module/zfs/Makefile.in b/module/zfs/Makefile.in index b2460f0d6..a9f1ebdc0 100644 --- a/module/zfs/Makefile.in +++ b/module/zfs/Makefile.in @@ -35,6 +35,7 @@ $(MODULE)-objs += dmu_diff.o $(MODULE)-objs += dmu_object.o $(MODULE)-objs += dmu_objset.o $(MODULE)-objs += dmu_recv.o +$(MODULE)-objs += dmu_redact.o $(MODULE)-objs += dmu_send.o $(MODULE)-objs += dmu_traverse.o $(MODULE)-objs += dmu_tx.o @@ -60,6 +61,7 @@ $(MODULE)-objs += lz4.o $(MODULE)-objs += metaslab.o $(MODULE)-objs += mmp.o $(MODULE)-objs += multilist.o +$(MODULE)-objs += objlist.o $(MODULE)-objs += pathname.o $(MODULE)-objs += policy.o $(MODULE)-objs += range_tree.o diff --git a/module/zfs/arc.c b/module/zfs/arc.c index bd2aafc2c..837ef1801 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -6170,6 +6170,8 @@ arc_read(zio_t *pio, spa_t *spa, const blkptr_t *bp, ASSERT(!embedded_bp || BPE_GET_ETYPE(bp) == BP_EMBEDDED_TYPE_DATA); + ASSERT(!BP_IS_HOLE(bp)); + ASSERT(!BP_IS_REDACTED(bp)); top: if (!embedded_bp) { diff --git a/module/zfs/bptree.c b/module/zfs/bptree.c index 8f78e8de5..164216213 100644 --- a/module/zfs/bptree.c +++ b/module/zfs/bptree.c @@ -20,7 +20,7 @@ */ /* - * Copyright (c) 2011, 2015 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. */ #include <sys/arc.h> @@ -156,7 +156,8 @@ bptree_visit_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, int err; struct bptree_args *ba = arg; - if (bp == NULL || BP_IS_HOLE(bp)) + if (zb->zb_level == ZB_DNODE_LEVEL || BP_IS_HOLE(bp) || + BP_IS_REDACTED(bp)) return (0); err = ba->ba_func(ba->ba_arg, bp, ba->ba_tx); diff --git a/module/zfs/bqueue.c b/module/zfs/bqueue.c index 3fc7fcaaa..22539efc4 100644 --- a/module/zfs/bqueue.c +++ b/module/zfs/bqueue.c @@ -13,7 +13,7 @@ * CDDL HEADER END */ /* - * Copyright (c) 2014 by Delphix. All rights reserved. + * Copyright (c) 2014, 2018 by Delphix. All rights reserved. */ #include <sys/bqueue.h> @@ -27,13 +27,27 @@ obj2node(bqueue_t *q, void *data) /* * Initialize a blocking queue The maximum capacity of the queue is set to - * size. Types that want to be stored in a bqueue must contain a bqueue_node_t, - * and offset should give its offset from the start of the struct. Return 0 on - * success, or -1 on failure. + * size. Types that are stored in a bqueue must contain a bqueue_node_t, + * and node_offset must be its offset from the start of the struct. + * fill_fraction is a performance tuning value; when the queue is full, any + * threads attempting to enqueue records will block. They will block until + * they're signaled, which will occur when the queue is at least 1/fill_fraction + * empty. Similar behavior occurs on dequeue; if the queue is empty, threads + * block. They will be signalled when the queue has 1/fill_fraction full, or + * when bqueue_flush is called. As a result, you must call bqueue_flush when + * you enqueue your final record on a thread, in case the dequeueing threads are + * currently blocked and that enqueue does not cause them to be awoken. + * Alternatively, this behavior can be disabled (causing signaling to happen + * immediately) by setting fill_fraction to any value larger than size. + * Return 0 on success, or -1 on failure. */ int -bqueue_init(bqueue_t *q, uint64_t size, size_t node_offset) +bqueue_init(bqueue_t *q, uint64_t fill_fraction, uint64_t size, + size_t node_offset) { + if (fill_fraction == 0) { + return (-1); + } list_create(&q->bq_list, node_offset + sizeof (bqueue_node_t), node_offset + offsetof(bqueue_node_t, bqn_node)); cv_init(&q->bq_add_cv, NULL, CV_DEFAULT, NULL); @@ -42,6 +56,7 @@ bqueue_init(bqueue_t *q, uint64_t size, size_t node_offset) q->bq_node_offset = node_offset; q->bq_size = 0; q->bq_maxsize = size; + q->bq_fill_fraction = fill_fraction; return (0); } @@ -53,20 +68,18 @@ bqueue_init(bqueue_t *q, uint64_t size, size_t node_offset) void bqueue_destroy(bqueue_t *q) { + mutex_enter(&q->bq_lock); ASSERT0(q->bq_size); cv_destroy(&q->bq_add_cv); cv_destroy(&q->bq_pop_cv); - mutex_destroy(&q->bq_lock); list_destroy(&q->bq_list); + mutex_exit(&q->bq_lock); + mutex_destroy(&q->bq_lock); } -/* - * Add data to q, consuming size units of capacity. If there is insufficient - * capacity to consume size units, block until capacity exists. Asserts size is - * > 0. - */ -void -bqueue_enqueue(bqueue_t *q, void *data, uint64_t item_size) +static void +bqueue_enqueue_impl(bqueue_t *q, void *data, uint64_t item_size, + boolean_t flush) { ASSERT3U(item_size, >, 0); ASSERT3U(item_size, <=, q->bq_maxsize); @@ -77,9 +90,38 @@ bqueue_enqueue(bqueue_t *q, void *data, uint64_t item_size) } q->bq_size += item_size; list_insert_tail(&q->bq_list, data); - cv_signal(&q->bq_pop_cv); + if (q->bq_size >= q->bq_maxsize / q->bq_fill_fraction) + cv_signal(&q->bq_pop_cv); + if (flush) + cv_broadcast(&q->bq_pop_cv); mutex_exit(&q->bq_lock); } + +/* + * Add data to q, consuming size units of capacity. If there is insufficient + * capacity to consume size units, block until capacity exists. Asserts size is + * > 0. + */ +void +bqueue_enqueue(bqueue_t *q, void *data, uint64_t item_size) +{ + bqueue_enqueue_impl(q, data, item_size, B_FALSE); +} + +/* + * Enqueue an entry, and then flush the queue. This forces the popping threads + * to wake up, even if we're below the fill fraction. We have this in a single + * function, rather than having a separate call, because it prevents race + * conditions between the enqueuing thread and the dequeueing thread, where the + * enqueueing thread will wake up the dequeueing thread, that thread will + * destroy the condvar before the enqueuing thread is done. + */ +void +bqueue_enqueue_flush(bqueue_t *q, void *data, uint64_t item_size) +{ + bqueue_enqueue_impl(q, data, item_size, B_TRUE); +} + /* * Take the first element off of q. If there are no elements on the queue, wait * until one is put there. Return the removed element. @@ -97,7 +139,8 @@ bqueue_dequeue(bqueue_t *q) ASSERT3P(ret, !=, NULL); item_size = obj2node(q, ret)->bqn_size; q->bq_size -= item_size; - cv_signal(&q->bq_add_cv); + if (q->bq_size <= q->bq_maxsize - (q->bq_maxsize / q->bq_fill_fraction)) + cv_signal(&q->bq_add_cv); mutex_exit(&q->bq_lock); return (ret); } diff --git a/module/zfs/dbuf.c b/module/zfs/dbuf.c index 07e616f6f..8afc3df37 100644 --- a/module/zfs/dbuf.c +++ b/module/zfs/dbuf.c @@ -1359,6 +1359,20 @@ dbuf_read_impl(dmu_buf_impl_t *db, zio_t *zio, uint32_t flags) return (0); } + /* + * Any attempt to read a redacted block should result in an error. This + * will never happen under normal conditions, but can be useful for + * debugging purposes. + */ + if (BP_IS_REDACTED(db->db_blkptr)) { + ASSERT(dsl_dataset_feature_is_active( + db->db_objset->os_dsl_dataset, + SPA_FEATURE_REDACTED_DATASETS)); + DB_DNODE_EXIT(db); + mutex_exit(&db->db_mtx); + return (SET_ERROR(EIO)); + } + SET_BOOKMARK(&zb, dmu_objset_id(db->db_objset), db->db.db_object, db->db_level, db->db_blkid); @@ -2395,11 +2409,23 @@ dmu_buf_set_crypt_params(dmu_buf_t *db_fake, boolean_t byteorder, bcopy(mac, dr->dt.dl.dr_mac, ZIO_DATA_MAC_LEN); } -#pragma weak dmu_buf_fill_done = dbuf_fill_done +static void +dbuf_override_impl(dmu_buf_impl_t *db, const blkptr_t *bp, dmu_tx_t *tx) +{ + struct dirty_leaf *dl; + + ASSERT3U(db->db_last_dirty->dr_txg, ==, tx->tx_txg); + dl = &db->db_last_dirty->dt.dl; + dl->dr_overridden_by = *bp; + dl->dr_override_state = DR_OVERRIDDEN; + dl->dr_overridden_by.blk_birth = db->db_last_dirty->dr_txg; +} + /* ARGSUSED */ void -dbuf_fill_done(dmu_buf_impl_t *db, dmu_tx_t *tx) +dmu_buf_fill_done(dmu_buf_t *dbuf, dmu_tx_t *tx) { + dmu_buf_impl_t *db = (dmu_buf_impl_t *)dbuf; mutex_enter(&db->db_mtx); DBUF_VERIFY(db); @@ -2454,6 +2480,31 @@ dmu_buf_write_embedded(dmu_buf_t *dbuf, void *data, dl->dr_overridden_by.blk_birth = db->db_last_dirty->dr_txg; } +void +dmu_buf_redact(dmu_buf_t *dbuf, dmu_tx_t *tx) +{ + dmu_buf_impl_t *db = (dmu_buf_impl_t *)dbuf; + dmu_object_type_t type; + ASSERT(dsl_dataset_feature_is_active(db->db_objset->os_dsl_dataset, + SPA_FEATURE_REDACTED_DATASETS)); + + DB_DNODE_ENTER(db); + type = DB_DNODE(db)->dn_type; + DB_DNODE_EXIT(db); + + ASSERT0(db->db_level); + dmu_buf_will_not_fill(dbuf, tx); + + blkptr_t bp = { { { {0} } } }; + BP_SET_TYPE(&bp, type); + BP_SET_LEVEL(&bp, 0); + BP_SET_BIRTH(&bp, tx->tx_txg, 0); + BP_SET_REDACTED(&bp); + BPE_SET_LSIZE(&bp, dbuf->db_size); + + dbuf_override_impl(db, &bp, tx); +} + /* * Directly assign a provided arc buf to a given dbuf if it's not referenced * by anybody except our caller. Otherwise copy arcbuf's contents to dbuf. @@ -2820,6 +2871,36 @@ dbuf_create(dnode_t *dn, uint8_t level, uint64_t blkid, return (db); } +/* + * This function returns a block pointer and information about the object, + * given a dnode and a block. This is a publicly accessible version of + * dbuf_findbp that only returns some information, rather than the + * dbuf. Note that the dnode passed in must be held, and the dn_struct_rwlock + * should be locked as (at least) a reader. + */ +int +dbuf_dnode_findbp(dnode_t *dn, uint64_t level, uint64_t blkid, + blkptr_t *bp, uint16_t *datablkszsec, uint8_t *indblkshift) +{ + dmu_buf_impl_t *dbp = NULL; + blkptr_t *bp2; + int err = 0; + ASSERT(RW_LOCK_HELD(&dn->dn_struct_rwlock)); + + err = dbuf_findbp(dn, level, blkid, B_FALSE, &dbp, &bp2); + if (err == 0) { + *bp = *bp2; + if (dbp != NULL) + dbuf_rele(dbp, NULL); + if (datablkszsec != NULL) + *datablkszsec = dn->dn_phys->dn_datablkszsec; + if (indblkshift != NULL) + *indblkshift = dn->dn_phys->dn_indblkshift; + } + + return (err); +} + typedef struct dbuf_prefetch_arg { spa_t *dpa_spa; /* The spa to issue the prefetch in. */ zbookmark_phys_t dpa_zb; /* The target block to prefetch. */ @@ -2837,7 +2918,12 @@ typedef struct dbuf_prefetch_arg { static void dbuf_issue_final_prefetch(dbuf_prefetch_arg_t *dpa, blkptr_t *bp) { - if (BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp)) + ASSERT(!BP_IS_REDACTED(bp) || + dsl_dataset_feature_is_active( + dpa->dpa_dnode->dn_objset->os_dsl_dataset, + SPA_FEATURE_REDACTED_DATASETS)); + + if (BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp) || BP_IS_REDACTED(bp)) return; int zio_flags = ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE; @@ -2921,7 +3007,11 @@ dbuf_prefetch_indirect_done(zio_t *zio, const zbookmark_phys_t *zb, blkptr_t *bp = ((blkptr_t *)abuf->b_data) + P2PHASE(nextblkid, 1ULL << dpa->dpa_epbs); - if (BP_IS_HOLE(bp)) { + ASSERT(!BP_IS_REDACTED(bp) || + dsl_dataset_feature_is_active( + dpa->dpa_dnode->dn_objset->os_dsl_dataset, + SPA_FEATURE_REDACTED_DATASETS)); + if (BP_IS_HOLE(bp) || BP_IS_REDACTED(bp)) { kmem_free(dpa, sizeof (*dpa)); } else if (dpa->dpa_curlevel == dpa->dpa_zb.zb_level) { ASSERT3U(nextblkid, ==, dpa->dpa_zb.zb_blkid); @@ -3025,7 +3115,10 @@ dbuf_prefetch(dnode_t *dn, int64_t level, uint64_t blkid, zio_priority_t prio, ASSERT3U(curblkid, <, dn->dn_phys->dn_nblkptr); bp = dn->dn_phys->dn_blkptr[curblkid]; } - if (BP_IS_HOLE(&bp)) + ASSERT(!BP_IS_REDACTED(&bp) || + dsl_dataset_feature_is_active(dn->dn_objset->os_dsl_dataset, + SPA_FEATURE_REDACTED_DATASETS)); + if (BP_IS_HOLE(&bp) || BP_IS_REDACTED(&bp)) return; ASSERT3U(curlevel, ==, BP_GET_LEVEL(&bp)); diff --git a/module/zfs/dmu.c b/module/zfs/dmu.c index b4131d917..4af2a13e7 100644 --- a/module/zfs/dmu.c +++ b/module/zfs/dmu.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2011, 2017 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. * Copyright (c) 2013, Joyent, Inc. All rights reserved. * Copyright (c) 2016, Nexenta Systems, Inc. All rights reserved. @@ -1285,6 +1285,20 @@ dmu_write_embedded(objset_t *os, uint64_t object, uint64_t offset, dmu_buf_rele(db, FTAG); } +void +dmu_redact(objset_t *os, uint64_t object, uint64_t offset, uint64_t size, + dmu_tx_t *tx) +{ + int numbufs, i; + dmu_buf_t **dbp; + + VERIFY0(dmu_buf_hold_array(os, object, offset, size, FALSE, FTAG, + &numbufs, &dbp)); + for (i = 0; i < numbufs; i++) + dmu_buf_redact(dbp[i], tx); + dmu_buf_rele_array(dbp, numbufs, FTAG); +} + /* * DMU support for xuio */ diff --git a/module/zfs/dmu_diff.c b/module/zfs/dmu_diff.c index 76c32b126..180f90f94 100644 --- a/module/zfs/dmu_diff.c +++ b/module/zfs/dmu_diff.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2015 by Delphix. All rights reserved. + * Copyright (c) 2012, 2018 by Delphix. All rights reserved. */ #include <sys/dmu.h> @@ -115,7 +115,8 @@ diff_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, if (issig(JUSTLOOKING) && issig(FORREAL)) return (SET_ERROR(EINTR)); - if (bp == NULL || zb->zb_object != DMU_META_DNODE_OBJECT) + if (zb->zb_level == ZB_DNODE_LEVEL || + zb->zb_object != DMU_META_DNODE_OBJECT) return (0); if (BP_IS_HOLE(bp)) { diff --git a/module/zfs/dmu_objset.c b/module/zfs/dmu_objset.c index f95915b9e..87fa785df 100644 --- a/module/zfs/dmu_objset.c +++ b/module/zfs/dmu_objset.c @@ -412,6 +412,7 @@ dmu_objset_open_impl(spa_t *spa, dsl_dataset_t *ds, blkptr_t *bp, int i, err; ASSERT(ds == NULL || MUTEX_HELD(&ds->ds_opening_lock)); + ASSERT(!BP_IS_REDACTED(bp)); /* * The $ORIGIN dataset (if it exists) doesn't have an associated diff --git a/module/zfs/dmu_recv.c b/module/zfs/dmu_recv.c index 65a031b42..5a7c9d49c 100644 --- a/module/zfs/dmu_recv.c +++ b/module/zfs/dmu_recv.c @@ -21,16 +21,16 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2011, 2015 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. * Copyright (c) 2014, Joyent, Inc. All rights reserved. * Copyright 2014 HybridCluster. All rights reserved. - * Copyright 2016 RackTop Systems. - * Copyright (c) 2016 Actifio, Inc. All rights reserved. * Copyright (c) 2018, loli10K <[email protected]>. All rights reserved. */ #include <sys/dmu.h> #include <sys/dmu_impl.h> +#include <sys/dmu_send.h> +#include <sys/dmu_recv.h> #include <sys/dmu_tx.h> #include <sys/dbuf.h> #include <sys/dnode.h> @@ -42,30 +42,89 @@ #include <sys/dsl_prop.h> #include <sys/dsl_pool.h> #include <sys/dsl_synctask.h> -#include <sys/spa_impl.h> #include <sys/zfs_ioctl.h> #include <sys/zap.h> +#include <sys/zvol.h> #include <sys/zio_checksum.h> #include <sys/zfs_znode.h> #include <zfs_fletcher.h> #include <sys/avl.h> #include <sys/ddt.h> #include <sys/zfs_onexit.h> -#include <sys/dmu_recv.h> +#include <sys/dmu_send.h> #include <sys/dsl_destroy.h> #include <sys/blkptr.h> #include <sys/dsl_bookmark.h> #include <sys/zfeature.h> #include <sys/bqueue.h> -#include <sys/zvol.h> -#include <sys/policy.h> +#include <sys/objlist.h> +#ifdef _KERNEL +#include <sys/zfs_vfsops.h> +#endif int zfs_recv_queue_length = SPA_MAXBLOCKSIZE; +int zfs_recv_queue_ff = 20; static char *dmu_recv_tag = "dmu_recv_tag"; const char *recv_clone_name = "%recv"; -static void byteswap_record(dmu_replay_record_t *drr); +static int receive_read_payload_and_next_header(dmu_recv_cookie_t *ra, int len, + void *buf); + +struct receive_record_arg { + dmu_replay_record_t header; + void *payload; /* Pointer to a buffer containing the payload */ + /* + * If the record is a write, pointer to the arc_buf_t containing the + * payload. + */ + arc_buf_t *arc_buf; + int payload_size; + uint64_t bytes_read; /* bytes read from stream when record created */ + boolean_t eos_marker; /* Marks the end of the stream */ + bqueue_node_t node; +}; + +struct receive_writer_arg { + objset_t *os; + boolean_t byteswap; + bqueue_t q; + + /* + * These three args are used to signal to the main thread that we're + * done. + */ + kmutex_t mutex; + kcondvar_t cv; + boolean_t done; + + int err; + /* A map from guid to dataset to help handle dedup'd streams. */ + avl_tree_t *guid_to_ds_map; + boolean_t resumable; + boolean_t raw; /* DMU_BACKUP_FEATURE_RAW set */ + boolean_t spill; /* DRR_FLAG_SPILL_BLOCK set */ + uint64_t last_object; + uint64_t last_offset; + uint64_t max_object; /* highest object ID referenced in stream */ + uint64_t bytes_read; /* bytes read when current record created */ + + /* Encryption parameters for the last received DRR_OBJECT_RANGE */ + boolean_t or_crypt_params_present; + uint64_t or_firstobj; + uint64_t or_numslots; + uint8_t or_salt[ZIO_DATA_SALT_LEN]; + uint8_t or_iv[ZIO_DATA_IV_LEN]; + uint8_t or_mac[ZIO_DATA_MAC_LEN]; + boolean_t or_byteorder; +}; + +typedef struct guid_map_entry { + uint64_t guid; + boolean_t raw; + dsl_dataset_t *gme_ds; + avl_node_t avlnode; +} guid_map_entry_t; typedef struct dmu_recv_begin_arg { const char *drba_origin; @@ -74,6 +133,211 @@ typedef struct dmu_recv_begin_arg { dsl_crypto_params_t *drba_dcp; } dmu_recv_begin_arg_t; +static void +byteswap_record(dmu_replay_record_t *drr) +{ +#define DO64(X) (drr->drr_u.X = BSWAP_64(drr->drr_u.X)) +#define DO32(X) (drr->drr_u.X = BSWAP_32(drr->drr_u.X)) + drr->drr_type = BSWAP_32(drr->drr_type); + drr->drr_payloadlen = BSWAP_32(drr->drr_payloadlen); + + switch (drr->drr_type) { + case DRR_BEGIN: + DO64(drr_begin.drr_magic); + DO64(drr_begin.drr_versioninfo); + DO64(drr_begin.drr_creation_time); + DO32(drr_begin.drr_type); + DO32(drr_begin.drr_flags); + DO64(drr_begin.drr_toguid); + DO64(drr_begin.drr_fromguid); + break; + case DRR_OBJECT: + DO64(drr_object.drr_object); + DO32(drr_object.drr_type); + DO32(drr_object.drr_bonustype); + DO32(drr_object.drr_blksz); + DO32(drr_object.drr_bonuslen); + DO32(drr_object.drr_raw_bonuslen); + DO64(drr_object.drr_toguid); + DO64(drr_object.drr_maxblkid); + break; + case DRR_FREEOBJECTS: + DO64(drr_freeobjects.drr_firstobj); + DO64(drr_freeobjects.drr_numobjs); + DO64(drr_freeobjects.drr_toguid); + break; + case DRR_WRITE: + DO64(drr_write.drr_object); + DO32(drr_write.drr_type); + DO64(drr_write.drr_offset); + DO64(drr_write.drr_logical_size); + DO64(drr_write.drr_toguid); + ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_write.drr_key.ddk_cksum); + DO64(drr_write.drr_key.ddk_prop); + DO64(drr_write.drr_compressed_size); + break; + case DRR_WRITE_BYREF: + DO64(drr_write_byref.drr_object); + DO64(drr_write_byref.drr_offset); + DO64(drr_write_byref.drr_length); + DO64(drr_write_byref.drr_toguid); + DO64(drr_write_byref.drr_refguid); + DO64(drr_write_byref.drr_refobject); + DO64(drr_write_byref.drr_refoffset); + ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_write_byref. + drr_key.ddk_cksum); + DO64(drr_write_byref.drr_key.ddk_prop); + break; + case DRR_WRITE_EMBEDDED: + DO64(drr_write_embedded.drr_object); + DO64(drr_write_embedded.drr_offset); + DO64(drr_write_embedded.drr_length); + DO64(drr_write_embedded.drr_toguid); + DO32(drr_write_embedded.drr_lsize); + DO32(drr_write_embedded.drr_psize); + break; + case DRR_FREE: + DO64(drr_free.drr_object); + DO64(drr_free.drr_offset); + DO64(drr_free.drr_length); + DO64(drr_free.drr_toguid); + break; + case DRR_SPILL: + DO64(drr_spill.drr_object); + DO64(drr_spill.drr_length); + DO64(drr_spill.drr_toguid); + DO64(drr_spill.drr_compressed_size); + DO32(drr_spill.drr_type); + break; + case DRR_OBJECT_RANGE: + DO64(drr_object_range.drr_firstobj); + DO64(drr_object_range.drr_numslots); + DO64(drr_object_range.drr_toguid); + break; + case DRR_REDACT: + DO64(drr_redact.drr_object); + DO64(drr_redact.drr_offset); + DO64(drr_redact.drr_length); + DO64(drr_redact.drr_toguid); + break; + case DRR_END: + DO64(drr_end.drr_toguid); + ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_end.drr_checksum); + break; + default: + break; + } + + if (drr->drr_type != DRR_BEGIN) { + ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_checksum.drr_checksum); + } + +#undef DO64 +#undef DO32 +} + +static boolean_t +redact_snaps_contains(uint64_t *snaps, uint64_t num_snaps, uint64_t guid) +{ + for (int i = 0; i < num_snaps; i++) { + if (snaps[i] == guid) + return (B_TRUE); + } + return (B_FALSE); +} + +/* + * Check that the new stream we're trying to receive is redacted with respect to + * a subset of the snapshots that the origin was redacted with respect to. For + * the reasons behind this, see the man page on redacted zfs sends and receives. + */ +static boolean_t +compatible_redact_snaps(uint64_t *origin_snaps, uint64_t origin_num_snaps, + uint64_t *redact_snaps, uint64_t num_redact_snaps) +{ + /* + * Short circuit the comparison; if we are redacted with respect to + * more snapshots than the origin, we can't be redacted with respect + * to a subset. + */ + if (num_redact_snaps > origin_num_snaps) { + return (B_FALSE); + } + + for (int i = 0; i < num_redact_snaps; i++) { + if (!redact_snaps_contains(origin_snaps, origin_num_snaps, + redact_snaps[i])) { + return (B_FALSE); + } + } + return (B_TRUE); +} + +static boolean_t +redact_check(dmu_recv_begin_arg_t *drba, dsl_dataset_t *origin) +{ + uint64_t *origin_snaps; + uint64_t origin_num_snaps; + dmu_recv_cookie_t *drc = drba->drba_cookie; + struct drr_begin *drrb = drc->drc_drrb; + int featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); + int err = 0; + boolean_t ret = B_TRUE; + uint64_t *redact_snaps; + uint_t numredactsnaps; + + /* + * If this is a full send stream, we're safe no matter what. + */ + if (drrb->drr_fromguid == 0) + return (ret); + + VERIFY(dsl_dataset_get_uint64_array_feature(origin, + SPA_FEATURE_REDACTED_DATASETS, &origin_num_snaps, &origin_snaps)); + + if (nvlist_lookup_uint64_array(drc->drc_begin_nvl, + BEGINNV_REDACT_FROM_SNAPS, &redact_snaps, &numredactsnaps) == + 0) { + /* + * If the send stream was sent from the redaction bookmark or + * the redacted version of the dataset, then we're safe. Verify + * that this is from the a compatible redaction bookmark or + * redacted dataset. + */ + if (!compatible_redact_snaps(origin_snaps, origin_num_snaps, + redact_snaps, numredactsnaps)) { + err = EINVAL; + } + } else if (featureflags & DMU_BACKUP_FEATURE_REDACTED) { + /* + * If the stream is redacted, it must be redacted with respect + * to a subset of what the origin is redacted with respect to. + * See case number 2 in the zfs man page section on redacted zfs + * send. + */ + err = nvlist_lookup_uint64_array(drc->drc_begin_nvl, + BEGINNV_REDACT_SNAPS, &redact_snaps, &numredactsnaps); + + if (err != 0 || !compatible_redact_snaps(origin_snaps, + origin_num_snaps, redact_snaps, numredactsnaps)) { + err = EINVAL; + } + } else if (!redact_snaps_contains(origin_snaps, origin_num_snaps, + drrb->drr_toguid)) { + /* + * If the stream isn't redacted but the origin is, this must be + * one of the snapshots the origin is redacted with respect to. + * See case number 1 in the zfs man page section on redacted zfs + * send. + */ + err = EINVAL; + } + + if (err != 0) + ret = B_FALSE; + return (ret); +} + static int recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds, uint64_t fromguid, uint64_t featureflags) @@ -91,14 +355,14 @@ recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds, dsl_dir_phys(ds->ds_dir)->dd_child_dir_zapobj, recv_clone_name, 8, 1, &val); if (error != ENOENT) - return (error == 0 ? EBUSY : error); + return (error == 0 ? SET_ERROR(EBUSY) : error); /* new snapshot name must not exist */ error = zap_lookup(dp->dp_meta_objset, dsl_dataset_phys(ds)->ds_snapnames_zapobj, drba->drba_cookie->drc_tosnap, 8, 1, &val); if (error != ENOENT) - return (error == 0 ? EEXIST : error); + return (error == 0 ? SET_ERROR(EEXIST) : error); /* must not have children if receiving a ZVOL */ error = zap_count(dp->dp_meta_objset, @@ -127,7 +391,7 @@ recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds, dsl_dataset_t *snap; uint64_t obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; - /* Can't raw receive on top of an unencrypted dataset */ + /* Can't perform a raw receive on top of a non-raw receive */ if (!encrypted && raw) return (SET_ERROR(EINVAL)); @@ -175,6 +439,13 @@ recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds, ds->ds_prev->ds_object; } + if (dsl_dataset_feature_is_active(snap, + SPA_FEATURE_REDACTED_DATASETS) && !redact_check(drba, + snap)) { + dsl_dataset_rele(snap, FTAG); + return (SET_ERROR(EINVAL)); + } + dsl_dataset_rele(snap, FTAG); } else { /* if full, then must be forced */ @@ -206,14 +477,66 @@ recv_begin_check_existing_impl(dmu_recv_begin_arg_t *drba, dsl_dataset_t *ds, if (will_encrypt && embed) return (SET_ERROR(EINVAL)); } - - drba->drba_cookie->drc_fromsnapobj = 0; } return (0); } +/* + * Check that any feature flags used in the data stream we're receiving are + * supported by the pool we are receiving into. + * + * Note that some of the features we explicitly check here have additional + * (implicit) features they depend on, but those dependencies are enforced + * through the zfeature_register() calls declaring the features that we + * explicitly check. + */ +static int +recv_begin_check_feature_flags_impl(uint64_t featureflags, spa_t *spa) +{ + /* + * Check if there are any unsupported feature flags. + */ + if (!DMU_STREAM_SUPPORTED(featureflags)) { + return (SET_ERROR(ZFS_ERR_UNKNOWN_SEND_STREAM_FEATURE)); + } + + /* Verify pool version supports SA if SA_SPILL feature set */ + if ((featureflags & DMU_BACKUP_FEATURE_SA_SPILL) && + spa_version(spa) < SPA_VERSION_SA) + return (SET_ERROR(ENOTSUP)); + + /* + * LZ4 compressed, embedded, mooched, large blocks, and large_dnodes + * in the stream can only be used if those pool features are enabled + * because we don't attempt to decompress / un-embed / un-mooch / + * split up the blocks / dnodes during the receive process. + */ + if ((featureflags & DMU_BACKUP_FEATURE_LZ4) && + !spa_feature_is_enabled(spa, SPA_FEATURE_LZ4_COMPRESS)) + return (SET_ERROR(ENOTSUP)); + if ((featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) && + !spa_feature_is_enabled(spa, SPA_FEATURE_EMBEDDED_DATA)) + return (SET_ERROR(ENOTSUP)); + if ((featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && + !spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_BLOCKS)) + return (SET_ERROR(ENOTSUP)); + if ((featureflags & DMU_BACKUP_FEATURE_LARGE_DNODE) && + !spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_DNODE)) + return (SET_ERROR(ENOTSUP)); + + /* + * Receiving redacted streams requires that redacted datasets are + * enabled. + */ + if ((featureflags & DMU_BACKUP_FEATURE_REDACTED) && + !spa_feature_is_enabled(spa, SPA_FEATURE_REDACTED_DATASETS)) + return (SET_ERROR(ENOTSUP)); + + return (0); +} + static int dmu_recv_begin_check(void *arg, dmu_tx_t *tx) { @@ -224,7 +547,7 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) int flags = drrb->drr_flags; ds_hold_flags_t dsflags = 0; int error; - uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); + uint64_t featureflags = drba->drba_cookie->drc_featureflags; dsl_dataset_t *ds; const char *tofs = drba->drba_cookie->drc_tofs; @@ -238,41 +561,15 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) ((flags & DRR_FLAG_CLONE) && drba->drba_origin == NULL)) return (SET_ERROR(EINVAL)); - /* Verify pool version supports SA if SA_SPILL feature set */ - if ((featureflags & DMU_BACKUP_FEATURE_SA_SPILL) && - spa_version(dp->dp_spa) < SPA_VERSION_SA) - return (SET_ERROR(ENOTSUP)); + error = recv_begin_check_feature_flags_impl(featureflags, dp->dp_spa); + if (error != 0) + return (error); + /* Resumable receives require extensible datasets */ if (drba->drba_cookie->drc_resumable && !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_EXTENSIBLE_DATASET)) return (SET_ERROR(ENOTSUP)); - /* - * The receiving code doesn't know how to translate a WRITE_EMBEDDED - * record to a plain WRITE record, so the pool must have the - * EMBEDDED_DATA feature enabled if the stream has WRITE_EMBEDDED - * records. Same with WRITE_EMBEDDED records that use LZ4 compression. - */ - if ((featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA)) - return (SET_ERROR(ENOTSUP)); - if ((featureflags & DMU_BACKUP_FEATURE_LZ4) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS)) - return (SET_ERROR(ENOTSUP)); - - /* - * The receiving code doesn't know how to translate large blocks - * to smaller ones, so the pool must have the LARGE_BLOCKS - * feature enabled if the stream has LARGE_BLOCKS. Same with - * large dnodes. - */ - if ((featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_BLOCKS)) - return (SET_ERROR(ENOTSUP)); - if ((featureflags & DMU_BACKUP_FEATURE_LARGE_DNODE) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_DNODE)) - return (SET_ERROR(ENOTSUP)); - if (featureflags & DMU_BACKUP_FEATURE_RAW) { /* raw receives require the encryption feature */ if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_ENCRYPTION)) @@ -311,7 +608,7 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) * If it's a non-clone incremental, we are missing the * target fs, so fail the recv. */ - if (fromguid != 0 && !(flags & DRR_FLAG_CLONE || + if (fromguid != 0 && !((flags & DRR_FLAG_CLONE) || drba->drba_origin)) return (SET_ERROR(ENOENT)); @@ -320,7 +617,7 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) * contain all the necessary free records and freeobject * records, reject it. */ - if (fromguid == 0 && drba->drba_origin && + if (fromguid == 0 && drba->drba_origin != NULL && !(flags & DRR_FLAG_FREERECORDS)) return (SET_ERROR(EINVAL)); @@ -388,7 +685,6 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) if (drba->drba_origin != NULL) { dsl_dataset_t *origin; - error = dsl_dataset_hold_flags(dp, drba->drba_origin, dsflags, FTAG, &origin); if (error != 0) { @@ -406,14 +702,31 @@ dmu_recv_begin_check(void *arg, dmu_tx_t *tx) dsl_dataset_rele_flags(ds, dsflags, FTAG); return (SET_ERROR(ENODEV)); } + if (origin->ds_dir->dd_crypto_obj != 0 && (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)) { dsl_dataset_rele_flags(origin, dsflags, FTAG); dsl_dataset_rele_flags(ds, dsflags, FTAG); return (SET_ERROR(EINVAL)); } - dsl_dataset_rele_flags(origin, - dsflags, FTAG); + + /* + * If the origin is redacted we need to verify that this + * send stream can safely be received on top of the + * origin. + */ + if (dsl_dataset_feature_is_active(origin, + SPA_FEATURE_REDACTED_DATASETS)) { + if (!redact_check(drba, origin)) { + dsl_dataset_rele_flags(origin, dsflags, + FTAG); + dsl_dataset_rele_flags(ds, dsflags, + FTAG); + return (SET_ERROR(EINVAL)); + } + } + + dsl_dataset_rele_flags(origin, dsflags, FTAG); } dsl_dataset_rele_flags(ds, dsflags, FTAG); @@ -428,9 +741,10 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) dmu_recv_begin_arg_t *drba = arg; dsl_pool_t *dp = dmu_tx_pool(tx); objset_t *mos = dp->dp_meta_objset; - struct drr_begin *drrb = drba->drba_cookie->drc_drrb; - const char *tofs = drba->drba_cookie->drc_tofs; - uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); + dmu_recv_cookie_t *drc = drba->drba_cookie; + struct drr_begin *drrb = drc->drc_drrb; + const char *tofs = drc->drc_tofs; + uint64_t featureflags = drc->drc_featureflags; dsl_dataset_t *ds, *newds; objset_t *os; uint64_t dsobj; @@ -451,7 +765,7 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) * the raw cmd set. Raw incremental recvs do not use a dcp * since the encryption parameters are already set in stone. */ - if (dcp == NULL && drba->drba_cookie->drc_fromsnapobj == 0 && + if (dcp == NULL && drrb->drr_fromguid == 0 && drba->drba_origin == NULL) { ASSERT3P(dcp, ==, NULL); dcp = &dummy_dcp; @@ -470,7 +784,6 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) drba->drba_cookie->drc_fromsnapobj, FTAG, &snap)); ASSERT3P(dcp, ==, NULL); } - dsobj = dsl_dataset_create_sync(ds->ds_dir, recv_clone_name, snap, crflags, drba->drba_cred, dcp, tx); if (drba->drba_cookie->drc_fromsnapobj != 0) @@ -495,13 +808,24 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) if (origin != NULL) dsl_dataset_rele(origin, FTAG); dsl_dir_rele(dd, FTAG); - drba->drba_cookie->drc_newfs = B_TRUE; + drc->drc_newfs = B_TRUE; + } + VERIFY0(dsl_dataset_own_obj_force(dp, dsobj, dsflags, dmu_recv_tag, + &newds)); + if (dsl_dataset_feature_is_active(newds, + SPA_FEATURE_REDACTED_DATASETS)) { + /* + * If the origin dataset is redacted, the child will be redacted + * when we create it. We clear the new dataset's + * redaction info; if it should be redacted, we'll fill + * in its information later. + */ + dsl_dataset_deactivate_feature(newds, + SPA_FEATURE_REDACTED_DATASETS, tx); } - - VERIFY0(dsl_dataset_own_obj(dp, dsobj, dsflags, dmu_recv_tag, &newds)); VERIFY0(dmu_objset_from_ds(newds, &os)); - if (drba->drba_cookie->drc_resumable) { + if (drc->drc_resumable) { dsl_dataset_zapify(newds, tx); if (drrb->drr_fromguid != 0) { VERIFY0(zap_add(mos, dsobj, DS_FIELD_RESUME_FROMGUID, @@ -535,6 +859,17 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) VERIFY0(zap_add(mos, dsobj, DS_FIELD_RESUME_RAWOK, 8, 1, &one, tx)); } + + uint64_t *redact_snaps; + uint_t numredactsnaps; + if (nvlist_lookup_uint64_array(drc->drc_begin_nvl, + BEGINNV_REDACT_FROM_SNAPS, &redact_snaps, + &numredactsnaps) == 0) { + VERIFY0(zap_add(mos, dsobj, + DS_FIELD_RESUME_REDACT_BOOKMARK_SNAPS, + sizeof (*redact_snaps), numredactsnaps, + redact_snaps, tx)); + } } /* @@ -547,6 +882,16 @@ dmu_recv_begin_sync(void *arg, dmu_tx_t *tx) drba->drba_cookie->drc_raw = B_TRUE; } + + if (featureflags & DMU_BACKUP_FEATURE_REDACTED) { + uint64_t *redact_snaps; + uint_t numredactsnaps; + VERIFY0(nvlist_lookup_uint64_array(drc->drc_begin_nvl, + BEGINNV_REDACT_SNAPS, &redact_snaps, &numredactsnaps)); + dsl_dataset_activate_redaction(newds, redact_snaps, + numredactsnaps, tx); + } + dmu_buf_will_dirty(newds->ds_dbuf, tx); dsl_dataset_phys(newds)->ds_flags |= DS_FLAG_INCONSISTENT; @@ -573,60 +918,39 @@ static int dmu_recv_resume_begin_check(void *arg, dmu_tx_t *tx) { dmu_recv_begin_arg_t *drba = arg; + dmu_recv_cookie_t *drc = drba->drba_cookie; dsl_pool_t *dp = dmu_tx_pool(tx); - struct drr_begin *drrb = drba->drba_cookie->drc_drrb; + struct drr_begin *drrb = drc->drc_drrb; int error; ds_hold_flags_t dsflags = 0; - uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); dsl_dataset_t *ds; - const char *tofs = drba->drba_cookie->drc_tofs; + const char *tofs = drc->drc_tofs; /* already checked */ ASSERT3U(drrb->drr_magic, ==, DMU_BACKUP_MAGIC); - ASSERT(featureflags & DMU_BACKUP_FEATURE_RESUMING); + ASSERT(drc->drc_featureflags & DMU_BACKUP_FEATURE_RESUMING); if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == DMU_COMPOUNDSTREAM || drrb->drr_type >= DMU_OST_NUMTYPES) return (SET_ERROR(EINVAL)); - /* Verify pool version supports SA if SA_SPILL feature set */ - if ((featureflags & DMU_BACKUP_FEATURE_SA_SPILL) && - spa_version(dp->dp_spa) < SPA_VERSION_SA) - return (SET_ERROR(ENOTSUP)); - - /* - * The receiving code doesn't know how to translate a WRITE_EMBEDDED - * record to a plain WRITE record, so the pool must have the - * EMBEDDED_DATA feature enabled if the stream has WRITE_EMBEDDED - * records. Same with WRITE_EMBEDDED records that use LZ4 compression. - */ - if ((featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA)) - return (SET_ERROR(ENOTSUP)); - if ((featureflags & DMU_BACKUP_FEATURE_LZ4) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS)) - return (SET_ERROR(ENOTSUP)); - /* - * The receiving code doesn't know how to translate large blocks - * to smaller ones, so the pool must have the LARGE_BLOCKS - * feature enabled if the stream has LARGE_BLOCKS. Same with - * large dnodes. + * This is mostly a sanity check since we should have already done these + * checks during a previous attempt to receive the data. */ - if ((featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_BLOCKS)) - return (SET_ERROR(ENOTSUP)); - if ((featureflags & DMU_BACKUP_FEATURE_LARGE_DNODE) && - !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_LARGE_DNODE)) - return (SET_ERROR(ENOTSUP)); + error = recv_begin_check_feature_flags_impl(drc->drc_featureflags, + dp->dp_spa); + if (error != 0) + return (error); /* 6 extra bytes for /%recv */ char recvname[ZFS_MAX_DATASET_NAME_LEN + 6]; + (void) snprintf(recvname, sizeof (recvname), "%s/%s", tofs, recv_clone_name); - if (featureflags & DMU_BACKUP_FEATURE_RAW) { + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_RAW) { /* raw receives require spill block allocation flag */ if (!(drrb->drr_flags & DRR_FLAG_SPILL_BLOCK)) return (SET_ERROR(ZFS_ERR_SPILL_BLOCK_FLAG_MISSING)); @@ -690,6 +1014,40 @@ dmu_recv_resume_begin_check(void *arg, dmu_tx_t *tx) return (SET_ERROR(EINVAL)); } + /* + * If we're resuming, and the send is redacted, then the original send + * must have been redacted, and must have been redacted with respect to + * the same snapshots. + */ + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_REDACTED) { + uint64_t num_ds_redact_snaps; + uint64_t *ds_redact_snaps; + + uint_t num_stream_redact_snaps; + uint64_t *stream_redact_snaps; + + if (nvlist_lookup_uint64_array(drc->drc_begin_nvl, + BEGINNV_REDACT_SNAPS, &stream_redact_snaps, + &num_stream_redact_snaps) != 0) { + dsl_dataset_rele_flags(ds, dsflags, FTAG); + return (SET_ERROR(EINVAL)); + } + + if (!dsl_dataset_get_uint64_array_feature(ds, + SPA_FEATURE_REDACTED_DATASETS, &num_ds_redact_snaps, + &ds_redact_snaps)) { + dsl_dataset_rele_flags(ds, dsflags, FTAG); + return (SET_ERROR(EINVAL)); + } + + for (int i = 0; i < num_ds_redact_snaps; i++) { + if (!redact_snaps_contains(ds_redact_snaps, + num_ds_redact_snaps, stream_redact_snaps[i])) { + dsl_dataset_rele_flags(ds, dsflags, FTAG); + return (SET_ERROR(EINVAL)); + } + } + } dsl_dataset_rele_flags(ds, dsflags, FTAG); return (0); } @@ -700,17 +1058,14 @@ dmu_recv_resume_begin_sync(void *arg, dmu_tx_t *tx) dmu_recv_begin_arg_t *drba = arg; dsl_pool_t *dp = dmu_tx_pool(tx); const char *tofs = drba->drba_cookie->drc_tofs; - struct drr_begin *drrb = drba->drba_cookie->drc_drrb; - uint64_t featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo); + uint64_t featureflags = drba->drba_cookie->drc_featureflags; dsl_dataset_t *ds; - objset_t *os; ds_hold_flags_t dsflags = 0; - uint64_t dsobj; /* 6 extra bytes for /%recv */ char recvname[ZFS_MAX_DATASET_NAME_LEN + 6]; - (void) snprintf(recvname, sizeof (recvname), "%s/%s", - tofs, recv_clone_name); + (void) snprintf(recvname, sizeof (recvname), "%s/%s", tofs, + recv_clone_name); if (featureflags & DMU_BACKUP_FEATURE_RAW) { drba->drba_cookie->drc_raw = B_TRUE; @@ -718,25 +1073,15 @@ dmu_recv_resume_begin_sync(void *arg, dmu_tx_t *tx) dsflags |= DS_HOLD_FLAG_DECRYPT; } - if (dsl_dataset_hold_flags(dp, recvname, dsflags, FTAG, &ds) != 0) { + if (dsl_dataset_own_force(dp, recvname, dsflags, dmu_recv_tag, &ds) + != 0) { /* %recv does not exist; continue in tofs */ - VERIFY0(dsl_dataset_hold_flags(dp, tofs, dsflags, FTAG, &ds)); + VERIFY0(dsl_dataset_own_force(dp, tofs, dsflags, dmu_recv_tag, + &ds)); drba->drba_cookie->drc_newfs = B_TRUE; } - /* clear the inconsistent flag so that we can own it */ ASSERT(DS_IS_INCONSISTENT(ds)); - dmu_buf_will_dirty(ds->ds_dbuf, tx); - dsl_dataset_phys(ds)->ds_flags &= ~DS_FLAG_INCONSISTENT; - dsobj = ds->ds_object; - dsl_dataset_rele_flags(ds, dsflags, FTAG); - - VERIFY0(dsl_dataset_own_obj(dp, dsobj, dsflags, dmu_recv_tag, &ds)); - VERIFY0(dmu_objset_from_ds(ds, &os)); - - dmu_buf_will_dirty(ds->ds_dbuf, tx); - dsl_dataset_phys(ds)->ds_flags |= DS_FLAG_INCONSISTENT; - rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG); ASSERT(!BP_IS_HOLE(dsl_dataset_get_blkptr(ds)) || drba->drba_cookie->drc_raw); @@ -754,9 +1099,11 @@ dmu_recv_resume_begin_sync(void *arg, dmu_tx_t *tx) int dmu_recv_begin(char *tofs, char *tosnap, dmu_replay_record_t *drr_begin, boolean_t force, boolean_t resumable, nvlist_t *localprops, - nvlist_t *hidden_args, char *origin, dmu_recv_cookie_t *drc) + nvlist_t *hidden_args, char *origin, dmu_recv_cookie_t *drc, vnode_t *vp, + offset_t *voffp) { dmu_recv_begin_arg_t drba = { 0 }; + int err; bzero(drc, sizeof (dmu_recv_cookie_t)); drc->drc_drr_begin = drr_begin; @@ -780,6 +1127,33 @@ dmu_recv_begin(char *tofs, char *tosnap, dmu_replay_record_t *drr_begin, return (SET_ERROR(EINVAL)); } + drc->drc_vp = vp; + drc->drc_voff = *voffp; + drc->drc_featureflags = + DMU_GET_FEATUREFLAGS(drc->drc_drrb->drr_versioninfo); + + uint32_t payloadlen = drc->drc_drr_begin->drr_payloadlen; + void *payload = NULL; + if (payloadlen != 0) + payload = kmem_alloc(payloadlen, KM_SLEEP); + + err = receive_read_payload_and_next_header(drc, payloadlen, + payload); + if (err != 0) { + kmem_free(payload, payloadlen); + return (err); + } + if (payloadlen != 0) { + err = nvlist_unpack(payload, payloadlen, &drc->drc_begin_nvl, + KM_SLEEP); + kmem_free(payload, payloadlen); + if (err != 0) { + kmem_free(drc->drc_next_rrd, + sizeof (*drc->drc_next_rrd)); + return (err); + } + } + if (drc->drc_drrb->drr_flags & DRR_FLAG_SPILL_BLOCK) drc->drc_spill = B_TRUE; @@ -787,13 +1161,11 @@ dmu_recv_begin(char *tofs, char *tosnap, dmu_replay_record_t *drr_begin, drba.drba_cookie = drc; drba.drba_cred = CRED(); - if (DMU_GET_FEATUREFLAGS(drc->drc_drrb->drr_versioninfo) & - DMU_BACKUP_FEATURE_RESUMING) { - return (dsl_sync_task(tofs, + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_RESUMING) { + err = dsl_sync_task(tofs, dmu_recv_resume_begin_check, dmu_recv_resume_begin_sync, - &drba, 5, ZFS_SPACE_CHECK_NORMAL)); - } else { - int err; + &drba, 5, ZFS_SPACE_CHECK_NORMAL); + } else { /* * For non-raw, non-incremental, non-resuming receives the @@ -810,110 +1182,23 @@ dmu_recv_begin(char *tofs, char *tosnap, dmu_replay_record_t *drr_begin, origin == NULL && drc->drc_drrb->drr_fromguid == 0) { err = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, localprops, hidden_args, &drba.drba_dcp); - if (err != 0) - return (err); } - err = dsl_sync_task(tofs, - dmu_recv_begin_check, dmu_recv_begin_sync, - &drba, 5, ZFS_SPACE_CHECK_NORMAL); - dsl_crypto_params_free(drba.drba_dcp, !!err); + if (err == 0) { + err = dsl_sync_task(tofs, + dmu_recv_begin_check, dmu_recv_begin_sync, + &drba, 5, ZFS_SPACE_CHECK_NORMAL); + dsl_crypto_params_free(drba.drba_dcp, !!err); + } + } - return (err); + if (err != 0) { + kmem_free(drc->drc_next_rrd, sizeof (*drc->drc_next_rrd)); + nvlist_free(drc->drc_begin_nvl); } + return (err); } -struct receive_record_arg { - dmu_replay_record_t header; - void *payload; /* Pointer to a buffer containing the payload */ - /* - * If the record is a write, pointer to the arc_buf_t containing the - * payload. - */ - arc_buf_t *arc_buf; - int payload_size; - uint64_t bytes_read; /* bytes read from stream when record created */ - boolean_t eos_marker; /* Marks the end of the stream */ - bqueue_node_t node; -}; - -struct receive_writer_arg { - objset_t *os; - boolean_t byteswap; - bqueue_t q; - - /* - * These three args are used to signal to the main thread that we're - * done. - */ - kmutex_t mutex; - kcondvar_t cv; - boolean_t done; - - int err; - /* A map from guid to dataset to help handle dedup'd streams. */ - avl_tree_t *guid_to_ds_map; - boolean_t resumable; - boolean_t raw; /* DMU_BACKUP_FEATURE_RAW set */ - boolean_t spill; /* DRR_FLAG_SPILL_BLOCK set */ - uint64_t last_object; - uint64_t last_offset; - uint64_t max_object; /* highest object ID referenced in stream */ - uint64_t bytes_read; /* bytes read when current record created */ - - /* Encryption parameters for the last received DRR_OBJECT_RANGE */ - boolean_t or_crypt_params_present; - uint64_t or_firstobj; - uint64_t or_numslots; - uint8_t or_salt[ZIO_DATA_SALT_LEN]; - uint8_t or_iv[ZIO_DATA_IV_LEN]; - uint8_t or_mac[ZIO_DATA_MAC_LEN]; - boolean_t or_byteorder; -}; - -struct objlist { - list_t list; /* List of struct receive_objnode. */ - /* - * Last object looked up. Used to assert that objects are being looked - * up in ascending order. - */ - uint64_t last_lookup; -}; - -struct receive_objnode { - list_node_t node; - uint64_t object; -}; - -struct receive_arg { - objset_t *os; - vnode_t *vp; /* The vnode to read the stream from */ - uint64_t voff; /* The current offset in the stream */ - uint64_t bytes_read; - /* - * A record that has had its payload read in, but hasn't yet been handed - * off to the worker thread. - */ - struct receive_record_arg *rrd; - /* A record that has had its header read in, but not its payload. */ - struct receive_record_arg *next_rrd; - zio_cksum_t cksum; - zio_cksum_t prev_cksum; - int err; - boolean_t byteswap; - boolean_t raw; - uint64_t featureflags; - /* Sorted list of objects not to issue prefetches for. */ - struct objlist ignore_objlist; -}; - -typedef struct guid_map_entry { - uint64_t guid; - boolean_t raw; - dsl_dataset_t *gme_ds; - avl_node_t avlnode; -} guid_map_entry_t; - static int guid_compare(const void *arg1, const void *arg2) { @@ -946,7 +1231,7 @@ free_guid_map_onexit(void *arg) } static int -receive_read(struct receive_arg *ra, int len, void *buf) +receive_read(dmu_recv_cookie_t *drc, int len, void *buf) { int done = 0; @@ -955,14 +1240,14 @@ receive_read(struct receive_arg *ra, int len, void *buf) * comment in dump_bytes. */ ASSERT(len % 8 == 0 || - (ra->featureflags & DMU_BACKUP_FEATURE_RAW) != 0); + (drc->drc_featureflags & DMU_BACKUP_FEATURE_RAW) != 0); while (done < len) { ssize_t resid; - ra->err = vn_rdwr(UIO_READ, ra->vp, + drc->drc_err = vn_rdwr(UIO_READ, drc->drc_vp, (char *)buf + done, len - done, - ra->voff, UIO_SYSSPACE, FAPPEND, + drc->drc_voff, UIO_SYSSPACE, FAPPEND, RLIM64_INFINITY, CRED(), &resid); if (resid == len - done) { @@ -970,117 +1255,20 @@ receive_read(struct receive_arg *ra, int len, void *buf) * Note: ECKSUM indicates that the receive * was interrupted and can potentially be resumed. */ - ra->err = SET_ERROR(ECKSUM); + drc->drc_err = SET_ERROR(ECKSUM); } - ra->voff += len - done - resid; + drc->drc_voff += len - done - resid; done = len - resid; - if (ra->err != 0) - return (ra->err); + if (drc->drc_err != 0) + return (drc->drc_err); } - ra->bytes_read += len; + drc->drc_bytes_read += len; ASSERT3U(done, ==, len); return (0); } -noinline static void -byteswap_record(dmu_replay_record_t *drr) -{ -#define DO64(X) (drr->drr_u.X = BSWAP_64(drr->drr_u.X)) -#define DO32(X) (drr->drr_u.X = BSWAP_32(drr->drr_u.X)) - drr->drr_type = BSWAP_32(drr->drr_type); - drr->drr_payloadlen = BSWAP_32(drr->drr_payloadlen); - - switch (drr->drr_type) { - case DRR_BEGIN: - DO64(drr_begin.drr_magic); - DO64(drr_begin.drr_versioninfo); - DO64(drr_begin.drr_creation_time); - DO32(drr_begin.drr_type); - DO32(drr_begin.drr_flags); - DO64(drr_begin.drr_toguid); - DO64(drr_begin.drr_fromguid); - break; - case DRR_OBJECT: - DO64(drr_object.drr_object); - DO32(drr_object.drr_type); - DO32(drr_object.drr_bonustype); - DO32(drr_object.drr_blksz); - DO32(drr_object.drr_bonuslen); - DO32(drr_object.drr_raw_bonuslen); - DO64(drr_object.drr_toguid); - DO64(drr_object.drr_maxblkid); - break; - case DRR_FREEOBJECTS: - DO64(drr_freeobjects.drr_firstobj); - DO64(drr_freeobjects.drr_numobjs); - DO64(drr_freeobjects.drr_toguid); - break; - case DRR_WRITE: - DO64(drr_write.drr_object); - DO32(drr_write.drr_type); - DO64(drr_write.drr_offset); - DO64(drr_write.drr_logical_size); - DO64(drr_write.drr_toguid); - ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_write.drr_key.ddk_cksum); - DO64(drr_write.drr_key.ddk_prop); - DO64(drr_write.drr_compressed_size); - break; - case DRR_WRITE_BYREF: - DO64(drr_write_byref.drr_object); - DO64(drr_write_byref.drr_offset); - DO64(drr_write_byref.drr_length); - DO64(drr_write_byref.drr_toguid); - DO64(drr_write_byref.drr_refguid); - DO64(drr_write_byref.drr_refobject); - DO64(drr_write_byref.drr_refoffset); - ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_write_byref. - drr_key.ddk_cksum); - DO64(drr_write_byref.drr_key.ddk_prop); - break; - case DRR_WRITE_EMBEDDED: - DO64(drr_write_embedded.drr_object); - DO64(drr_write_embedded.drr_offset); - DO64(drr_write_embedded.drr_length); - DO64(drr_write_embedded.drr_toguid); - DO32(drr_write_embedded.drr_lsize); - DO32(drr_write_embedded.drr_psize); - break; - case DRR_FREE: - DO64(drr_free.drr_object); - DO64(drr_free.drr_offset); - DO64(drr_free.drr_length); - DO64(drr_free.drr_toguid); - break; - case DRR_SPILL: - DO64(drr_spill.drr_object); - DO64(drr_spill.drr_length); - DO64(drr_spill.drr_toguid); - DO64(drr_spill.drr_compressed_size); - DO32(drr_spill.drr_type); - break; - case DRR_OBJECT_RANGE: - DO64(drr_object_range.drr_firstobj); - DO64(drr_object_range.drr_numslots); - DO64(drr_object_range.drr_toguid); - break; - case DRR_END: - DO64(drr_end.drr_toguid); - ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_end.drr_checksum); - break; - default: - break; - } - - if (drr->drr_type != DRR_BEGIN) { - ZIO_CHECKSUM_BSWAP(&drr->drr_u.drr_checksum.drr_checksum); - } - -#undef DO64 -#undef DO32 -} - static inline uint8_t deduce_nblkptr(dmu_object_type_t bonus_type, uint64_t bonus_size) { @@ -1152,7 +1340,7 @@ receive_object(struct receive_writer_arg *rwa, struct drr_object *drro, drro->drr_bonuslen > DN_BONUS_SIZE(spa_maxdnodesize(dmu_objset_spa(rwa->os))) || dn_slots > - (spa_maxdnodesize(dmu_objset_spa(rwa->os)) >> DNODE_SHIFT)) { + (spa_maxdnodesize(dmu_objset_spa(rwa->os)) >> DNODE_SHIFT)) { return (SET_ERROR(EINVAL)); } @@ -1187,6 +1375,7 @@ receive_object(struct receive_writer_arg *rwa, struct drr_object *drro, } err = dmu_object_info(rwa->os, drro->drr_object, &doi); + if (err != 0 && err != ENOENT && err != EEXIST) return (SET_ERROR(EINVAL)); @@ -1231,8 +1420,8 @@ receive_object(struct receive_writer_arg *rwa, struct drr_object *drro, (rwa->raw && (indblksz != doi.doi_metadata_block_size || drro->drr_nlevels < doi.doi_indirection))) { - err = dmu_free_long_range(rwa->os, - drro->drr_object, 0, DMU_OBJECT_END); + err = dmu_free_long_range(rwa->os, drro->drr_object, + 0, DMU_OBJECT_END); if (err != 0) return (SET_ERROR(EINVAL)); else @@ -1477,7 +1666,8 @@ receive_freeobjects(struct receive_writer_arg *rwa, return (SET_ERROR(EINVAL)); for (obj = drrfo->drr_firstobj == 0 ? 1 : drrfo->drr_firstobj; - obj < drrfo->drr_firstobj + drrfo->drr_numobjs && next_err == 0; + obj < drrfo->drr_firstobj + drrfo->drr_numobjs && + obj < DN_MAX_OBJECT && next_err == 0; next_err = dmu_object_next(rwa->os, &obj, FALSE, 0)) { dmu_object_info_t doi; int err; @@ -1492,9 +1682,6 @@ receive_freeobjects(struct receive_writer_arg *rwa, if (err != 0) return (err); - - if (obj > rwa->max_object) - rwa->max_object = obj; } if (next_err != ESRCH) return (next_err); @@ -1548,6 +1735,7 @@ receive_write(struct receive_writer_arg *rwa, struct drr_write *drrw, DRR_WRITE_PAYLOAD_SIZE(drrw)); } + /* use the bonus buf to look up the dnode in dmu_assign_arcbuf */ VERIFY0(dnode_hold(rwa->os, drrw->drr_object, FTAG, &dn)); err = dmu_assign_arcbuf_by_dnode(dn, drrw->drr_offset, abuf, tx); if (err != 0) { @@ -1576,7 +1764,7 @@ receive_write(struct receive_writer_arg *rwa, struct drr_write *drrw, * finds the earlier copy of the data, and uses that copy instead of * data from the stream to fulfill this write. */ -static int +noinline static int receive_write_byref(struct receive_writer_arg *rwa, struct drr_write_byref *drrwbr) { @@ -1696,7 +1884,6 @@ receive_spill(struct receive_writer_arg *rwa, struct drr_spill *drrs, dmu_tx_t *tx; dmu_buf_t *db, *db_spill; int err; - uint32_t flags = 0; if (drrs->drr_length < SPA_MINBLOCKSIZE || drrs->drr_length > spa_maxblocksize(dmu_objset_spa(rwa->os))) @@ -1718,8 +1905,6 @@ receive_spill(struct receive_writer_arg *rwa, struct drr_spill *drrs, drrs->drr_compressiontype >= ZIO_COMPRESS_FUNCTIONS || drrs->drr_compressed_size == 0) return (SET_ERROR(EINVAL)); - - flags |= DMU_READ_NO_DECRYPT; } if (dmu_object_info(rwa->os, drrs->drr_object, NULL) != 0) @@ -1781,7 +1966,7 @@ receive_free(struct receive_writer_arg *rwa, struct drr_free *drrf) { int err; - if (drrf->drr_length != DMU_OBJECT_END && + if (drrf->drr_length != -1ULL && drrf->drr_offset + drrf->drr_length < drrf->drr_offset) return (SET_ERROR(EINVAL)); @@ -1846,6 +2031,22 @@ receive_object_range(struct receive_writer_arg *rwa, return (0); } +/* + * Until we have the ability to redact large ranges of data efficiently, we + * process these records as frees. + */ +/* ARGSUSED */ +noinline static int +receive_redact(struct receive_writer_arg *rwa, struct drr_redact *drrr) +{ + struct drr_free drrf = {0}; + drrf.drr_length = drrr->drr_length; + drrf.drr_object = drrr->drr_object; + drrf.drr_offset = drrr->drr_offset; + drrf.drr_toguid = drrr->drr_toguid; + return (receive_free(rwa, &drrf)); +} + /* used to destroy the drc_ds on error */ static void dmu_recv_cleanup_ds(dmu_recv_cookie_t *drc) @@ -1877,61 +2078,60 @@ dmu_recv_cleanup_ds(dmu_recv_cookie_t *drc) } static void -receive_cksum(struct receive_arg *ra, int len, void *buf) +receive_cksum(dmu_recv_cookie_t *drc, int len, void *buf) { - if (ra->byteswap) { - (void) fletcher_4_incremental_byteswap(buf, len, &ra->cksum); + if (drc->drc_byteswap) { + (void) fletcher_4_incremental_byteswap(buf, len, + &drc->drc_cksum); } else { - (void) fletcher_4_incremental_native(buf, len, &ra->cksum); + (void) fletcher_4_incremental_native(buf, len, &drc->drc_cksum); } } /* * Read the payload into a buffer of size len, and update the current record's * payload field. - * Allocate ra->next_rrd and read the next record's header into - * ra->next_rrd->header. + * Allocate drc->drc_next_rrd and read the next record's header into + * drc->drc_next_rrd->header. * Verify checksum of payload and next record. */ static int -receive_read_payload_and_next_header(struct receive_arg *ra, int len, void *buf) +receive_read_payload_and_next_header(dmu_recv_cookie_t *drc, int len, void *buf) { int err; - zio_cksum_t cksum_orig; - zio_cksum_t *cksump; if (len != 0) { ASSERT3U(len, <=, SPA_MAXBLOCKSIZE); - err = receive_read(ra, len, buf); + err = receive_read(drc, len, buf); if (err != 0) return (err); - receive_cksum(ra, len, buf); + receive_cksum(drc, len, buf); /* note: rrd is NULL when reading the begin record's payload */ - if (ra->rrd != NULL) { - ra->rrd->payload = buf; - ra->rrd->payload_size = len; - ra->rrd->bytes_read = ra->bytes_read; + if (drc->drc_rrd != NULL) { + drc->drc_rrd->payload = buf; + drc->drc_rrd->payload_size = len; + drc->drc_rrd->bytes_read = drc->drc_bytes_read; } } else { ASSERT3P(buf, ==, NULL); } - ra->prev_cksum = ra->cksum; + drc->drc_prev_cksum = drc->drc_cksum; - ra->next_rrd = kmem_zalloc(sizeof (*ra->next_rrd), KM_SLEEP); - err = receive_read(ra, sizeof (ra->next_rrd->header), - &ra->next_rrd->header); - ra->next_rrd->bytes_read = ra->bytes_read; + drc->drc_next_rrd = kmem_zalloc(sizeof (*drc->drc_next_rrd), KM_SLEEP); + err = receive_read(drc, sizeof (drc->drc_next_rrd->header), + &drc->drc_next_rrd->header); + drc->drc_next_rrd->bytes_read = drc->drc_bytes_read; if (err != 0) { - kmem_free(ra->next_rrd, sizeof (*ra->next_rrd)); - ra->next_rrd = NULL; + kmem_free(drc->drc_next_rrd, sizeof (*drc->drc_next_rrd)); + drc->drc_next_rrd = NULL; return (err); } - if (ra->next_rrd->header.drr_type == DRR_BEGIN) { - kmem_free(ra->next_rrd, sizeof (*ra->next_rrd)); - ra->next_rrd = NULL; + if (drc->drc_next_rrd->header.drr_type == DRR_BEGIN) { + kmem_free(drc->drc_next_rrd, sizeof (*drc->drc_next_rrd)); + drc->drc_next_rrd = NULL; return (SET_ERROR(EINVAL)); } @@ -1941,90 +2141,30 @@ receive_read_payload_and_next_header(struct receive_arg *ra, int len, void *buf) */ ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t)); - receive_cksum(ra, + receive_cksum(drc, offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), - &ra->next_rrd->header); + &drc->drc_next_rrd->header); - cksum_orig = ra->next_rrd->header.drr_u.drr_checksum.drr_checksum; - cksump = &ra->next_rrd->header.drr_u.drr_checksum.drr_checksum; + zio_cksum_t cksum_orig = + drc->drc_next_rrd->header.drr_u.drr_checksum.drr_checksum; + zio_cksum_t *cksump = + &drc->drc_next_rrd->header.drr_u.drr_checksum.drr_checksum; - if (ra->byteswap) - byteswap_record(&ra->next_rrd->header); + if (drc->drc_byteswap) + byteswap_record(&drc->drc_next_rrd->header); if ((!ZIO_CHECKSUM_IS_ZERO(cksump)) && - !ZIO_CHECKSUM_EQUAL(ra->cksum, *cksump)) { - kmem_free(ra->next_rrd, sizeof (*ra->next_rrd)); - ra->next_rrd = NULL; + !ZIO_CHECKSUM_EQUAL(drc->drc_cksum, *cksump)) { + kmem_free(drc->drc_next_rrd, sizeof (*drc->drc_next_rrd)); + drc->drc_next_rrd = NULL; return (SET_ERROR(ECKSUM)); } - receive_cksum(ra, sizeof (cksum_orig), &cksum_orig); + receive_cksum(drc, sizeof (cksum_orig), &cksum_orig); return (0); } -static void -objlist_create(struct objlist *list) -{ - list_create(&list->list, sizeof (struct receive_objnode), - offsetof(struct receive_objnode, node)); - list->last_lookup = 0; -} - -static void -objlist_destroy(struct objlist *list) -{ - for (struct receive_objnode *n = list_remove_head(&list->list); - n != NULL; n = list_remove_head(&list->list)) { - kmem_free(n, sizeof (*n)); - } - list_destroy(&list->list); -} - -/* - * This function looks through the objlist to see if the specified object number - * is contained in the objlist. In the process, it will remove all object - * numbers in the list that are smaller than the specified object number. Thus, - * any lookup of an object number smaller than a previously looked up object - * number will always return false; therefore, all lookups should be done in - * ascending order. - */ -static boolean_t -objlist_exists(struct objlist *list, uint64_t object) -{ - struct receive_objnode *node = list_head(&list->list); - ASSERT3U(object, >=, list->last_lookup); - list->last_lookup = object; - while (node != NULL && node->object < object) { - VERIFY3P(node, ==, list_remove_head(&list->list)); - kmem_free(node, sizeof (*node)); - node = list_head(&list->list); - } - return (node != NULL && node->object == object); -} - -/* - * The objlist is a list of object numbers stored in ascending order. However, - * the insertion of new object numbers does not seek out the correct location to - * store a new object number; instead, it appends it to the list for simplicity. - * Thus, any users must take care to only insert new object numbers in ascending - * order. - */ -static void -objlist_insert(struct objlist *list, uint64_t object) -{ - struct receive_objnode *node = kmem_zalloc(sizeof (*node), KM_SLEEP); - node->object = object; -#ifdef ZFS_DEBUG - { - struct receive_objnode *last_object = list_tail(&list->list); - uint64_t last_objnum = (last_object != NULL ? last_object->object : 0); - ASSERT3U(node->object, >, last_objnum); - } -#endif - list_insert_tail(&list->list, node); -} - /* * Issue the prefetch reads for any necessary indirect blocks. * @@ -2044,11 +2184,11 @@ objlist_insert(struct objlist *list, uint64_t object) */ /* ARGSUSED */ static void -receive_read_prefetch(struct receive_arg *ra, - uint64_t object, uint64_t offset, uint64_t length) +receive_read_prefetch(dmu_recv_cookie_t *drc, uint64_t object, uint64_t offset, + uint64_t length) { - if (!objlist_exists(&ra->ignore_objlist, object)) { - dmu_prefetch(ra->os, object, 1, offset, length, + if (!objlist_exists(drc->drc_ignore_objlist, object)) { + dmu_prefetch(drc->drc_os, object, 1, offset, length, ZIO_PRIORITY_SYNC_READ); } } @@ -2057,14 +2197,15 @@ receive_read_prefetch(struct receive_arg *ra, * Read records off the stream, issuing any necessary prefetches. */ static int -receive_read_record(struct receive_arg *ra) +receive_read_record(dmu_recv_cookie_t *drc) { int err; - switch (ra->rrd->header.drr_type) { + switch (drc->drc_rrd->header.drr_type) { case DRR_OBJECT: { - struct drr_object *drro = &ra->rrd->header.drr_u.drr_object; + struct drr_object *drro = + &drc->drc_rrd->header.drr_u.drr_object; uint32_t size = DRR_OBJECT_PAYLOAD_SIZE(drro); void *buf = NULL; dmu_object_info_t doi; @@ -2072,40 +2213,41 @@ receive_read_record(struct receive_arg *ra) if (size != 0) buf = kmem_zalloc(size, KM_SLEEP); - err = receive_read_payload_and_next_header(ra, size, buf); + err = receive_read_payload_and_next_header(drc, size, buf); if (err != 0) { kmem_free(buf, size); return (err); } - err = dmu_object_info(ra->os, drro->drr_object, &doi); + err = dmu_object_info(drc->drc_os, drro->drr_object, &doi); /* * See receive_read_prefetch for an explanation why we're * storing this object in the ignore_obj_list. */ if (err == ENOENT || err == EEXIST || (err == 0 && doi.doi_data_block_size != drro->drr_blksz)) { - objlist_insert(&ra->ignore_objlist, drro->drr_object); + objlist_insert(drc->drc_ignore_objlist, + drro->drr_object); err = 0; } return (err); } case DRR_FREEOBJECTS: { - err = receive_read_payload_and_next_header(ra, 0, NULL); + err = receive_read_payload_and_next_header(drc, 0, NULL); return (err); } case DRR_WRITE: { - struct drr_write *drrw = &ra->rrd->header.drr_u.drr_write; + struct drr_write *drrw = &drc->drc_rrd->header.drr_u.drr_write; arc_buf_t *abuf; boolean_t is_meta = DMU_OT_IS_METADATA(drrw->drr_type); - if (ra->raw) { + if (drc->drc_raw) { boolean_t byteorder = ZFS_HOST_BYTEORDER ^ !!DRR_IS_RAW_BYTESWAPPED(drrw->drr_flags) ^ - ra->byteswap; + drc->drc_byteswap; - abuf = arc_loan_raw_buf(dmu_objset_spa(ra->os), + abuf = arc_loan_raw_buf(dmu_objset_spa(drc->drc_os), drrw->drr_object, byteorder, drrw->drr_salt, drrw->drr_iv, drrw->drr_mac, drrw->drr_type, drrw->drr_compressed_size, drrw->drr_logical_size, @@ -2116,109 +2258,110 @@ receive_read_record(struct receive_arg *ra) drrw->drr_compressed_size); ASSERT(!is_meta); abuf = arc_loan_compressed_buf( - dmu_objset_spa(ra->os), + dmu_objset_spa(drc->drc_os), drrw->drr_compressed_size, drrw->drr_logical_size, drrw->drr_compressiontype); } else { - abuf = arc_loan_buf(dmu_objset_spa(ra->os), + abuf = arc_loan_buf(dmu_objset_spa(drc->drc_os), is_meta, drrw->drr_logical_size); } - err = receive_read_payload_and_next_header(ra, + err = receive_read_payload_and_next_header(drc, DRR_WRITE_PAYLOAD_SIZE(drrw), abuf->b_data); if (err != 0) { dmu_return_arcbuf(abuf); return (err); } - ra->rrd->arc_buf = abuf; - receive_read_prefetch(ra, drrw->drr_object, drrw->drr_offset, + drc->drc_rrd->arc_buf = abuf; + receive_read_prefetch(drc, drrw->drr_object, drrw->drr_offset, drrw->drr_logical_size); return (err); } case DRR_WRITE_BYREF: { struct drr_write_byref *drrwb = - &ra->rrd->header.drr_u.drr_write_byref; - err = receive_read_payload_and_next_header(ra, 0, NULL); - receive_read_prefetch(ra, drrwb->drr_object, drrwb->drr_offset, + &drc->drc_rrd->header.drr_u.drr_write_byref; + err = receive_read_payload_and_next_header(drc, 0, NULL); + receive_read_prefetch(drc, drrwb->drr_object, drrwb->drr_offset, drrwb->drr_length); return (err); } case DRR_WRITE_EMBEDDED: { struct drr_write_embedded *drrwe = - &ra->rrd->header.drr_u.drr_write_embedded; + &drc->drc_rrd->header.drr_u.drr_write_embedded; uint32_t size = P2ROUNDUP(drrwe->drr_psize, 8); void *buf = kmem_zalloc(size, KM_SLEEP); - err = receive_read_payload_and_next_header(ra, size, buf); + err = receive_read_payload_and_next_header(drc, size, buf); if (err != 0) { kmem_free(buf, size); return (err); } - receive_read_prefetch(ra, drrwe->drr_object, drrwe->drr_offset, + receive_read_prefetch(drc, drrwe->drr_object, drrwe->drr_offset, drrwe->drr_length); return (err); } case DRR_FREE: + case DRR_REDACT: { /* * It might be beneficial to prefetch indirect blocks here, but * we don't really have the data to decide for sure. */ - err = receive_read_payload_and_next_header(ra, 0, NULL); + err = receive_read_payload_and_next_header(drc, 0, NULL); return (err); } case DRR_END: { - struct drr_end *drre = &ra->rrd->header.drr_u.drr_end; - if (!ZIO_CHECKSUM_EQUAL(ra->prev_cksum, drre->drr_checksum)) + struct drr_end *drre = &drc->drc_rrd->header.drr_u.drr_end; + if (!ZIO_CHECKSUM_EQUAL(drc->drc_prev_cksum, + drre->drr_checksum)) return (SET_ERROR(ECKSUM)); return (0); } case DRR_SPILL: { - struct drr_spill *drrs = &ra->rrd->header.drr_u.drr_spill; + struct drr_spill *drrs = &drc->drc_rrd->header.drr_u.drr_spill; arc_buf_t *abuf; - int len = DRR_SPILL_PAYLOAD_SIZE(drrs); - /* DRR_SPILL records are either raw or uncompressed */ - if (ra->raw) { + if (drc->drc_raw) { boolean_t byteorder = ZFS_HOST_BYTEORDER ^ !!DRR_IS_RAW_BYTESWAPPED(drrs->drr_flags) ^ - ra->byteswap; + drc->drc_byteswap; - abuf = arc_loan_raw_buf(dmu_objset_spa(ra->os), - dmu_objset_id(ra->os), byteorder, drrs->drr_salt, + abuf = arc_loan_raw_buf(dmu_objset_spa(drc->drc_os), + drrs->drr_object, byteorder, drrs->drr_salt, drrs->drr_iv, drrs->drr_mac, drrs->drr_type, drrs->drr_compressed_size, drrs->drr_length, drrs->drr_compressiontype); } else { - abuf = arc_loan_buf(dmu_objset_spa(ra->os), + abuf = arc_loan_buf(dmu_objset_spa(drc->drc_os), DMU_OT_IS_METADATA(drrs->drr_type), drrs->drr_length); } - - err = receive_read_payload_and_next_header(ra, len, - abuf->b_data); - if (err != 0) { + err = receive_read_payload_and_next_header(drc, + DRR_SPILL_PAYLOAD_SIZE(drrs), abuf->b_data); + if (err != 0) dmu_return_arcbuf(abuf); - return (err); - } - ra->rrd->arc_buf = abuf; + else + drc->drc_rrd->arc_buf = abuf; return (err); } case DRR_OBJECT_RANGE: { - err = receive_read_payload_and_next_header(ra, 0, NULL); + err = receive_read_payload_and_next_header(drc, 0, NULL); return (err); + } default: return (SET_ERROR(EINVAL)); } } + + static void dprintf_drr(struct receive_record_arg *rrd, int err) { @@ -2382,7 +2525,6 @@ receive_process_record(struct receive_writer_arg *rwa, { struct drr_spill *drrs = &rrd->header.drr_u.drr_spill; err = receive_spill(rwa, drrs, rrd->arc_buf); - /* if receive_spill() is successful, it consumes the arc_buf */ if (err != 0) dmu_return_arcbuf(rrd->arc_buf); rrd->arc_buf = NULL; @@ -2396,6 +2538,12 @@ receive_process_record(struct receive_writer_arg *rwa, err = receive_object_range(rwa, drror); break; } + case DRR_REDACT: + { + struct drr_redact *drrr = &rrd->header.drr_u.drr_redact; + err = receive_redact(rwa, drrr); + break; + } default: err = (SET_ERROR(EINVAL)); } @@ -2446,11 +2594,11 @@ receive_writer_thread(void *arg) } static int -resume_check(struct receive_arg *ra, nvlist_t *begin_nvl) +resume_check(dmu_recv_cookie_t *drc, nvlist_t *begin_nvl) { uint64_t val; - objset_t *mos = dmu_objset_pool(ra->os)->dp_meta_objset; - uint64_t dsobj = dmu_objset_id(ra->os); + objset_t *mos = dmu_objset_pool(drc->drc_os)->dp_meta_objset; + uint64_t dsobj = dmu_objset_id(drc->drc_os); uint64_t resume_obj, resume_off; if (nvlist_lookup_uint64(begin_nvl, @@ -2484,33 +2632,21 @@ resume_check(struct receive_arg *ra, nvlist_t *begin_nvl) * NB: callers *must* call dmu_recv_end() if this succeeds. */ int -dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, - int cleanup_fd, uint64_t *action_handlep) +dmu_recv_stream(dmu_recv_cookie_t *drc, int cleanup_fd, + uint64_t *action_handlep, offset_t *voffp) { int err = 0; - struct receive_arg *ra; - struct receive_writer_arg *rwa; - int featureflags; - uint32_t payloadlen; - void *payload; - nvlist_t *begin_nvl = NULL; - - ra = kmem_zalloc(sizeof (*ra), KM_SLEEP); - rwa = kmem_zalloc(sizeof (*rwa), KM_SLEEP); - - ra->byteswap = drc->drc_byteswap; - ra->raw = drc->drc_raw; - ra->cksum = drc->drc_cksum; - ra->vp = vp; - ra->voff = *voffp; + struct receive_writer_arg *rwa = kmem_zalloc(sizeof (*rwa), KM_SLEEP); if (dsl_dataset_is_zapified(drc->drc_ds)) { + uint64_t bytes; (void) zap_lookup(drc->drc_ds->ds_dir->dd_pool->dp_meta_objset, drc->drc_ds->ds_object, DS_FIELD_RESUME_BYTES, - sizeof (ra->bytes_read), 1, &ra->bytes_read); + sizeof (bytes), 1, &bytes); + drc->drc_bytes_read += bytes; } - objlist_create(&ra->ignore_objlist); + drc->drc_ignore_objlist = objlist_create(); /* these were verified in dmu_recv_begin */ ASSERT3U(DMU_GET_STREAM_HDRTYPE(drc->drc_drrb->drr_versioninfo), ==, @@ -2520,18 +2656,13 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, /* * Open the objset we are modifying. */ - VERIFY0(dmu_objset_from_ds(drc->drc_ds, &ra->os)); - + VERIFY0(dmu_objset_from_ds(drc->drc_ds, &drc->drc_os)); ASSERT(dsl_dataset_phys(drc->drc_ds)->ds_flags & DS_FLAG_INCONSISTENT); - - featureflags = DMU_GET_FEATUREFLAGS(drc->drc_drrb->drr_versioninfo); - ra->featureflags = featureflags; - - ASSERT0(ra->os->os_encrypted && - (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)); + ASSERT0(drc->drc_os->os_encrypted && + (drc->drc_featureflags & DMU_BACKUP_FEATURE_EMBED_DATA)); /* if this stream is dedup'ed, set up the avl tree for guid mapping */ - if (featureflags & DMU_BACKUP_FEATURE_DEDUP) { + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_DEDUP) { minor_t minor; if (cleanup_fd == -1) { @@ -2565,32 +2696,15 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, drc->drc_guid_to_ds_map = rwa->guid_to_ds_map; } - payloadlen = drc->drc_drr_begin->drr_payloadlen; - payload = NULL; - if (payloadlen != 0) - payload = kmem_alloc(payloadlen, KM_SLEEP); - - err = receive_read_payload_and_next_header(ra, payloadlen, payload); - if (err != 0) { - if (payloadlen != 0) - kmem_free(payload, payloadlen); - goto out; - } - if (payloadlen != 0) { - err = nvlist_unpack(payload, payloadlen, &begin_nvl, KM_SLEEP); - kmem_free(payload, payloadlen); - if (err != 0) - goto out; - } - /* handle DSL encryption key payload */ - if (featureflags & DMU_BACKUP_FEATURE_RAW) { + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_RAW) { nvlist_t *keynvl = NULL; - ASSERT(ra->os->os_encrypted); + ASSERT(drc->drc_os->os_encrypted); ASSERT(drc->drc_raw); - err = nvlist_lookup_nvlist(begin_nvl, "crypt_keydata", &keynvl); + err = nvlist_lookup_nvlist(drc->drc_begin_nvl, "crypt_keydata", + &keynvl); if (err != 0) goto out; @@ -2600,7 +2714,7 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, * are sure the rest of the receive succeeded so we stash * the keynvl away until then. */ - err = dsl_crypto_recv_raw(spa_name(ra->os->os_spa), + err = dsl_crypto_recv_raw(spa_name(drc->drc_os->os_spa), drc->drc_ds->ds_object, drc->drc_fromsnapobj, drc->drc_drrb->drr_type, keynvl, drc->drc_newfs); if (err != 0) @@ -2615,18 +2729,18 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, drc->drc_keynvl = fnvlist_dup(keynvl); } - if (featureflags & DMU_BACKUP_FEATURE_RESUMING) { - err = resume_check(ra, begin_nvl); + if (drc->drc_featureflags & DMU_BACKUP_FEATURE_RESUMING) { + err = resume_check(drc, drc->drc_begin_nvl); if (err != 0) goto out; } - (void) bqueue_init(&rwa->q, + (void) bqueue_init(&rwa->q, zfs_recv_queue_ff, MAX(zfs_recv_queue_length, 2 * zfs_max_recordsize), offsetof(struct receive_record_arg, node)); cv_init(&rwa->cv, NULL, CV_DEFAULT, NULL); mutex_init(&rwa->mutex, NULL, MUTEX_DEFAULT, NULL); - rwa->os = ra->os; + rwa->os = drc->drc_os; rwa->byteswap = drc->drc_byteswap; rwa->resumable = drc->drc_resumable; rwa->raw = drc->drc_raw; @@ -2645,10 +2759,10 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, * We can leave this loop in 3 ways: First, if rwa->err is * non-zero. In that case, the writer thread will free the rrd we just * pushed. Second, if we're interrupted; in that case, either it's the - * first loop and ra->rrd was never allocated, or it's later and ra->rrd - * has been handed off to the writer thread who will free it. Finally, - * if receive_read_record fails or we're at the end of the stream, then - * we free ra->rrd and exit. + * first loop and drc->drc_rrd was never allocated, or it's later, and + * drc->drc_rrd has been handed off to the writer thread who will free + * it. Finally, if receive_read_record fails or we're at the end of the + * stream, then we free drc->drc_rrd and exit. */ while (rwa->err == 0) { if (issig(JUSTLOOKING) && issig(FORREAL)) { @@ -2656,30 +2770,36 @@ dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp, break; } - ASSERT3P(ra->rrd, ==, NULL); - ra->rrd = ra->next_rrd; - ra->next_rrd = NULL; - /* Allocates and loads header into ra->next_rrd */ - err = receive_read_record(ra); + ASSERT3P(drc->drc_rrd, ==, NULL); + drc->drc_rrd = drc->drc_next_rrd; + drc->drc_next_rrd = NULL; + /* Allocates and loads header into drc->drc_next_rrd */ + err = receive_read_record(drc); - if (ra->rrd->header.drr_type == DRR_END || err != 0) { - kmem_free(ra->rrd, sizeof (*ra->rrd)); - ra->rrd = NULL; + if (drc->drc_rrd->header.drr_type == DRR_END || err != 0) { + kmem_free(drc->drc_rrd, sizeof (*drc->drc_rrd)); + drc->drc_rrd = NULL; break; } - bqueue_enqueue(&rwa->q, ra->rrd, - sizeof (struct receive_record_arg) + ra->rrd->payload_size); - ra->rrd = NULL; + bqueue_enqueue(&rwa->q, drc->drc_rrd, + sizeof (struct receive_record_arg) + + drc->drc_rrd->payload_size); + drc->drc_rrd = NULL; } - ASSERT3P(ra->rrd, ==, NULL); - ra->rrd = kmem_zalloc(sizeof (*ra->rrd), KM_SLEEP); - ra->rrd->eos_marker = B_TRUE; - bqueue_enqueue(&rwa->q, ra->rrd, 1); + + ASSERT3P(drc->drc_rrd, ==, NULL); + drc->drc_rrd = kmem_zalloc(sizeof (*drc->drc_rrd), KM_SLEEP); + drc->drc_rrd->eos_marker = B_TRUE; + bqueue_enqueue_flush(&rwa->q, drc->drc_rrd, 1); mutex_enter(&rwa->mutex); while (!rwa->done) { - cv_wait(&rwa->cv, &rwa->mutex); + /* + * We need to use cv_wait_sig() so that any process that may + * be sleeping here can still fork. + */ + (void) cv_wait_sig(&rwa->cv, &rwa->mutex); } mutex_exit(&rwa->mutex); @@ -2721,11 +2841,13 @@ out: * we need to clean up the next_rrd we create by processing the * DRR_BEGIN record. */ - if (ra->next_rrd != NULL) - kmem_free(ra->next_rrd, sizeof (*ra->next_rrd)); + if (drc->drc_next_rrd != NULL) + kmem_free(drc->drc_next_rrd, sizeof (*drc->drc_next_rrd)); - nvlist_free(begin_nvl); - if ((featureflags & DMU_BACKUP_FEATURE_DEDUP) && (cleanup_fd != -1)) + kmem_free(rwa, sizeof (*rwa)); + nvlist_free(drc->drc_begin_nvl); + if ((drc->drc_featureflags & DMU_BACKUP_FEATURE_DEDUP) && + (cleanup_fd != -1)) zfs_onexit_fd_rele(cleanup_fd); if (err != 0) { @@ -2738,10 +2860,9 @@ out: nvlist_free(drc->drc_keynvl); } - *voffp = ra->voff; - objlist_destroy(&ra->ignore_objlist); - kmem_free(ra, sizeof (*ra)); - kmem_free(rwa, sizeof (*rwa)); + objlist_destroy(drc->drc_ignore_objlist); + drc->drc_ignore_objlist = NULL; + *voffp = drc->drc_voff; return (err); } @@ -2866,7 +2987,8 @@ dmu_recv_end_sync(void *arg, dmu_tx_t *tx) drc->drc_keynvl = NULL; } - VERIFY3P(drc->drc_ds->ds_prev, ==, origin_head->ds_prev); + VERIFY3P(drc->drc_ds->ds_prev, ==, + origin_head->ds_prev); dsl_dataset_clone_swap_sync_impl(drc->drc_ds, origin_head, tx); @@ -2923,6 +3045,8 @@ dmu_recv_end_sync(void *arg, dmu_tx_t *tx) DS_FIELD_RESUME_TOGUID, tx); (void) zap_remove(dp->dp_meta_objset, ds->ds_object, DS_FIELD_RESUME_TONAME, tx); + (void) zap_remove(dp->dp_meta_objset, ds->ds_object, + DS_FIELD_RESUME_REDACT_BOOKMARK_SNAPS, tx); } drc->drc_newsnapobj = dsl_dataset_phys(drc->drc_ds)->ds_prev_snap_obj; @@ -2982,6 +3106,7 @@ add_ds_to_guidmap(const char *name, avl_tree_t *guid_map, uint64_t snapobj, return (err); gmep = kmem_alloc(sizeof (*gmep), KM_SLEEP); err = dsl_dataset_own_obj(dp, snapobj, dsflags, gmep, &snapds); + if (err == 0) { /* * If this is a deduplicated raw send stream, we need @@ -3075,4 +3200,7 @@ dmu_objset_is_receiving(objset_t *os) #if defined(_KERNEL) module_param(zfs_recv_queue_length, int, 0644); MODULE_PARM_DESC(zfs_recv_queue_length, "Maximum receive queue length"); + +module_param(zfs_recv_queue_ff, int, 0644); +MODULE_PARM_DESC(zfs_recv_queue_ff, "Receive queue fill fraction"); #endif diff --git a/module/zfs/dmu_redact.c b/module/zfs/dmu_redact.c new file mode 100644 index 000000000..03a14f696 --- /dev/null +++ b/module/zfs/dmu_redact.c @@ -0,0 +1,1112 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2017, 2018 by Delphix. All rights reserved. + */ + +#include <sys/zfs_context.h> +#include <sys/txg.h> +#include <sys/dmu_objset.h> +#include <sys/dmu_traverse.h> +#include <sys/dmu_redact.h> +#include <sys/bqueue.h> +#include <sys/objlist.h> +#include <sys/dmu_tx.h> +#ifdef _KERNEL +#include <sys/zfs_vfsops.h> +#endif + +/* + * This controls the number of entries in the buffer the redaction_list_update + * synctask uses to buffer writes to the redaction list. + */ +int redact_sync_bufsize = 1024; + +/* + * Controls how often to update the redaction list when creating a redaction + * list. + */ +uint64_t redaction_list_update_interval_ns = 1000 * 1000 * 1000ULL; /* NS */ + +/* + * This tunable controls the length of the queues that zfs redact worker threads + * use to communicate. If the dmu_redact_snap thread is blocking on these + * queues, this variable may need to be increased. If there is a significant + * slowdown at the start of a redact operation as these threads consume all the + * available IO resources, or the queues are consuming too much memory, this + * variable may need to be decreased. + */ +int zfs_redact_queue_length = 1024 * 1024; + +/* + * These tunables control the fill fraction of the queues by zfs redact. The + * fill fraction controls the frequency with which threads have to be + * cv_signaled. If a lot of cpu time is being spent on cv_signal, then these + * should be tuned down. If the queues empty before the signalled thread can + * catch up, then these should be tuned up. + */ +uint64_t zfs_redact_queue_ff = 20; + +struct redact_record { + bqueue_node_t ln; + boolean_t eos_marker; /* Marks the end of the stream */ + uint64_t start_object; + uint64_t start_blkid; + uint64_t end_object; + uint64_t end_blkid; + uint8_t indblkshift; + uint32_t datablksz; +}; + +struct redact_thread_arg { + bqueue_t q; + dsl_dataset_t *ds; /* Dataset to traverse */ + struct redact_record *current_record; + int error_code; + boolean_t cancel; + zbookmark_phys_t resume; + objlist_t *deleted_objs; + uint64_t *num_blocks_visited; + uint64_t ignore_object; /* ignore further callbacks on this */ + uint64_t txg; /* txg to traverse since */ +}; + +/* + * The redaction node is a wrapper around the redaction record that is used + * by the redaction merging thread to sort the records and determine overlaps. + * + * It contains two nodes; one sorts the records by their start_zb, and the other + * sorts the records by their end_zb. + */ +struct redact_node { + avl_node_t avl_node_start; + avl_node_t avl_node_end; + struct redact_record *record; + struct redact_thread_arg *rt_arg; + uint32_t thread_num; +}; + +struct merge_data { + list_t md_redact_block_pending; + redact_block_phys_t md_coalesce_block; + uint64_t md_last_time; + redact_block_phys_t md_furthest[TXG_SIZE]; + /* Lists of struct redact_block_list_node. */ + list_t md_blocks[TXG_SIZE]; + boolean_t md_synctask_txg[TXG_SIZE]; + uint64_t md_latest_synctask_txg; + redaction_list_t *md_redaction_list; +}; + +/* + * A wrapper around struct redact_block so it can be stored in a list_t. + */ +struct redact_block_list_node { + redact_block_phys_t block; + list_node_t node; +}; + +/* + * We've found a new redaction candidate. In order to improve performance, we + * coalesce these blocks when they're adjacent to each other. This function + * handles that. If the new candidate block range is immediately after the + * range we're building, coalesce it into the range we're building. Otherwise, + * put the record we're building on the queue, and update the build pointer to + * point to the new record. + */ +static void +record_merge_enqueue(bqueue_t *q, struct redact_record **build, + struct redact_record *new) +{ + if (new->eos_marker) { + if (*build != NULL) + bqueue_enqueue(q, *build, sizeof (*build)); + bqueue_enqueue_flush(q, new, sizeof (*new)); + return; + } + if (*build == NULL) { + *build = new; + return; + } + struct redact_record *curbuild = *build; + if ((curbuild->end_object == new->start_object && + curbuild->end_blkid + 1 == new->start_blkid && + curbuild->end_blkid != UINT64_MAX) || + (curbuild->end_object + 1 == new->start_object && + curbuild->end_blkid == UINT64_MAX && new->start_blkid == 0)) { + curbuild->end_object = new->end_object; + curbuild->end_blkid = new->end_blkid; + kmem_free(new, sizeof (*new)); + } else { + bqueue_enqueue(q, curbuild, sizeof (*curbuild)); + *build = new; + } +} + +/* + * This is the callback function to traverse_dataset for the redaction threads + * for dmu_redact_snap. This thread is responsible for creating redaction + * records for all the data that is modified by the snapshots we're redacting + * with respect to. Redaction records represent ranges of data that have been + * modified by one of the redaction snapshots, and are stored in the + * redact_record struct. We need to create redaction records for three + * cases: + * + * First, if there's a normal write, we need to create a redaction record for + * that block. + * + * Second, if there's a hole, we need to create a redaction record that covers + * the whole range of the hole. If the hole is in the meta-dnode, it must cover + * every block in all of the objects in the hole. + * + * Third, if there is a deleted object, we need to create a redaction record for + * all of the blocks in that object. + */ +/*ARGSUSED*/ +static int +redact_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, + const zbookmark_phys_t *zb, const struct dnode_phys *dnp, void *arg) +{ + struct redact_thread_arg *rta = arg; + struct redact_record *record; + + ASSERT(zb->zb_object == DMU_META_DNODE_OBJECT || + zb->zb_object >= rta->resume.zb_object); + + if (rta->cancel) + return (SET_ERROR(EINTR)); + + if (rta->ignore_object == zb->zb_object) + return (0); + + /* + * If we're visiting a dnode, we need to handle the case where the + * object has been deleted. + */ + if (zb->zb_level == ZB_DNODE_LEVEL) { + ASSERT3U(zb->zb_level, ==, ZB_DNODE_LEVEL); + + if (zb->zb_object == 0) + return (0); + + /* + * If the object has been deleted, redact all of the blocks in + * it. + */ + if (dnp->dn_type == DMU_OT_NONE || + objlist_exists(rta->deleted_objs, zb->zb_object)) { + rta->ignore_object = zb->zb_object; + record = kmem_zalloc(sizeof (struct redact_record), + KM_SLEEP); + + record->eos_marker = B_FALSE; + record->start_object = record->end_object = + zb->zb_object; + record->start_blkid = 0; + record->end_blkid = UINT64_MAX; + record_merge_enqueue(&rta->q, + &rta->current_record, record); + } + return (0); + } else if (zb->zb_level < 0) { + return (0); + } else if (zb->zb_level > 0 && !BP_IS_HOLE(bp)) { + /* + * If this is an indirect block, but not a hole, it doesn't + * provide any useful information for redaction, so ignore it. + */ + return (0); + } + + /* + * At this point, there are two options left for the type of block we're + * looking at. Either this is a hole (which could be in the dnode or + * the meta-dnode), or it's a level 0 block of some sort. If it's a + * hole, we create a redaction record that covers the whole range. If + * the hole is in a dnode, we need to redact all the blocks in that + * hole. If the hole is in the meta-dnode, we instead need to redact + * all blocks in every object covered by that hole. If it's a level 0 + * block, we only need to redact that single block. + */ + record = kmem_zalloc(sizeof (struct redact_record), KM_SLEEP); + record->eos_marker = B_FALSE; + + record->start_object = record->end_object = zb->zb_object; + if (BP_IS_HOLE(bp)) { + record->start_blkid = zb->zb_blkid * + bp_span_in_blocks(dnp->dn_indblkshift, zb->zb_level); + + record->end_blkid = ((zb->zb_blkid + 1) * + bp_span_in_blocks(dnp->dn_indblkshift, zb->zb_level)) - 1; + + if (zb->zb_object == DMU_META_DNODE_OBJECT) { + record->start_object = record->start_blkid * + ((SPA_MINBLOCKSIZE * dnp->dn_datablkszsec) / + sizeof (dnode_phys_t)); + record->start_blkid = 0; + record->end_object = ((record->end_blkid + + 1) * ((SPA_MINBLOCKSIZE * dnp->dn_datablkszsec) / + sizeof (dnode_phys_t))) - 1; + record->end_blkid = UINT64_MAX; + } + } else if (zb->zb_level != 0 || + zb->zb_object == DMU_META_DNODE_OBJECT) { + kmem_free(record, sizeof (*record)); + return (0); + } else { + record->start_blkid = record->end_blkid = zb->zb_blkid; + } + record->indblkshift = dnp->dn_indblkshift; + record->datablksz = dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT; + record_merge_enqueue(&rta->q, &rta->current_record, record); + + return (0); +} + +static void +redact_traverse_thread(void *arg) +{ + struct redact_thread_arg *rt_arg = arg; + int err; + struct redact_record *data; + objset_t *os; + VERIFY0(dmu_objset_from_ds(rt_arg->ds, &os)); +#ifdef _KERNEL + if (os->os_phys->os_type == DMU_OST_ZFS) + rt_arg->deleted_objs = zfs_get_deleteq(os); + else + rt_arg->deleted_objs = objlist_create(); +#else + rt_arg->deleted_objs = objlist_create(); +#endif + + err = traverse_dataset_resume(rt_arg->ds, rt_arg->txg, + &rt_arg->resume, TRAVERSE_PRE | TRAVERSE_PREFETCH_METADATA, + redact_cb, rt_arg); + + if (err != EINTR) + rt_arg->error_code = err; + objlist_destroy(rt_arg->deleted_objs); + data = kmem_zalloc(sizeof (*data), KM_SLEEP); + data->eos_marker = B_TRUE; + record_merge_enqueue(&rt_arg->q, &rt_arg->current_record, data); + thread_exit(); +} + +static inline void +create_zbookmark_from_obj_off(zbookmark_phys_t *zb, uint64_t object, + uint64_t blkid) +{ + zb->zb_object = object; + zb->zb_level = 0; + zb->zb_blkid = blkid; +} + +/* + * This is a utility function that can do the comparison for the start or ends + * of the ranges in a redact_record. + */ +static int +redact_range_compare(uint64_t obj1, uint64_t off1, uint32_t dbss1, + uint64_t obj2, uint64_t off2, uint32_t dbss2) +{ + zbookmark_phys_t z1, z2; + create_zbookmark_from_obj_off(&z1, obj1, off1); + create_zbookmark_from_obj_off(&z2, obj2, off2); + + return (zbookmark_compare(dbss1 >> SPA_MINBLOCKSHIFT, 0, + dbss2 >> SPA_MINBLOCKSHIFT, 0, &z1, &z2)); +} + +/* + * Compare two redaction records by their range's start location. Also makes + * eos records always compare last. We use the thread number in the redact_node + * to ensure that records do not compare equal (which is not allowed in our avl + * trees). + */ +static int +redact_node_compare_start(const void *arg1, const void *arg2) +{ + const struct redact_node *rn1 = arg1; + const struct redact_node *rn2 = arg2; + const struct redact_record *rr1 = rn1->record; + const struct redact_record *rr2 = rn2->record; + if (rr1->eos_marker) + return (1); + if (rr2->eos_marker) + return (-1); + + int cmp = redact_range_compare(rr1->start_object, rr1->start_blkid, + rr1->datablksz, rr2->start_object, rr2->start_blkid, + rr2->datablksz); + if (cmp == 0) + cmp = (rn1->thread_num < rn2->thread_num ? -1 : 1); + return (cmp); +} + +/* + * Compare two redaction records by their range's end location. Also makes + * eos records always compare last. We use the thread number in the redact_node + * to ensure that records do not compare equal (which is not allowed in our avl + * trees). + */ +static int +redact_node_compare_end(const void *arg1, const void *arg2) +{ + const struct redact_node *rn1 = arg1; + const struct redact_node *rn2 = arg2; + const struct redact_record *srr1 = rn1->record; + const struct redact_record *srr2 = rn2->record; + if (srr1->eos_marker) + return (1); + if (srr2->eos_marker) + return (-1); + + int cmp = redact_range_compare(srr1->end_object, srr1->end_blkid, + srr1->datablksz, srr2->end_object, srr2->end_blkid, + srr2->datablksz); + if (cmp == 0) + cmp = (rn1->thread_num < rn2->thread_num ? -1 : 1); + return (cmp); +} + +/* + * Utility function that compares two redaction records to determine if any part + * of the "from" record is before any part of the "to" record. Also causes End + * of Stream redaction records to compare after all others, so that the + * redaction merging logic can stay simple. + */ +static boolean_t +redact_record_before(const struct redact_record *from, + const struct redact_record *to) +{ + if (from->eos_marker == B_TRUE) + return (B_FALSE); + else if (to->eos_marker == B_TRUE) + return (B_TRUE); + return (redact_range_compare(from->start_object, from->start_blkid, + from->datablksz, to->end_object, to->end_blkid, + to->datablksz) <= 0); +} + +/* + * Pop a new redaction record off the queue, check that the records are in the + * right order, and free the old data. + */ +static struct redact_record * +get_next_redact_record(bqueue_t *bq, struct redact_record *prev) +{ + struct redact_record *next = bqueue_dequeue(bq); + ASSERT(redact_record_before(prev, next)); + kmem_free(prev, sizeof (*prev)); + return (next); +} + +/* + * Remove the given redaction node from both trees, pull a new redaction record + * off the queue, free the old redaction record, update the redaction node, and + * reinsert the node into the trees. + */ +static int +update_avl_trees(avl_tree_t *start_tree, avl_tree_t *end_tree, + struct redact_node *redact_node) +{ + avl_remove(start_tree, redact_node); + avl_remove(end_tree, redact_node); + redact_node->record = get_next_redact_record(&redact_node->rt_arg->q, + redact_node->record); + avl_add(end_tree, redact_node); + avl_add(start_tree, redact_node); + return (redact_node->rt_arg->error_code); +} + +/* + * Synctask for updating redaction lists. We first take this txg's list of + * redacted blocks and append those to the redaction list. We then update the + * redaction list's bonus buffer. We store the furthest blocks we visited and + * the list of snapshots that we're redacting with respect to. We need these so + * that redacted sends and receives can be correctly resumed. + */ +static void +redaction_list_update_sync(void *arg, dmu_tx_t *tx) +{ + struct merge_data *md = arg; + uint64_t txg = dmu_tx_get_txg(tx); + list_t *list = &md->md_blocks[txg & TXG_MASK]; + redact_block_phys_t *furthest_visited = + &md->md_furthest[txg & TXG_MASK]; + objset_t *mos = tx->tx_pool->dp_meta_objset; + redaction_list_t *rl = md->md_redaction_list; + int bufsize = redact_sync_bufsize; + redact_block_phys_t *buf = kmem_alloc(bufsize * sizeof (*buf), + KM_SLEEP); + int index = 0; + + dmu_buf_will_dirty(rl->rl_dbuf, tx); + + for (struct redact_block_list_node *rbln = list_remove_head(list); + rbln != NULL; rbln = list_remove_head(list)) { + ASSERT3U(rbln->block.rbp_object, <=, + furthest_visited->rbp_object); + ASSERT(rbln->block.rbp_object < furthest_visited->rbp_object || + rbln->block.rbp_blkid <= furthest_visited->rbp_blkid); + buf[index] = rbln->block; + index++; + if (index == bufsize) { + dmu_write(mos, rl->rl_object, + rl->rl_phys->rlp_num_entries * sizeof (*buf), + bufsize * sizeof (*buf), buf, tx); + rl->rl_phys->rlp_num_entries += bufsize; + index = 0; + } + kmem_free(rbln, sizeof (*rbln)); + } + if (index > 0) { + dmu_write(mos, rl->rl_object, rl->rl_phys->rlp_num_entries * + sizeof (*buf), index * sizeof (*buf), buf, tx); + rl->rl_phys->rlp_num_entries += index; + } + kmem_free(buf, bufsize * sizeof (*buf)); + + md->md_synctask_txg[txg & TXG_MASK] = B_FALSE; + rl->rl_phys->rlp_last_object = furthest_visited->rbp_object; + rl->rl_phys->rlp_last_blkid = furthest_visited->rbp_blkid; +} + +void +commit_rl_updates(objset_t *os, struct merge_data *md, uint64_t object, + uint64_t blkid) +{ + dmu_tx_t *tx = dmu_tx_create_dd(spa_get_dsl(os->os_spa)->dp_mos_dir); + dmu_tx_hold_space(tx, sizeof (struct redact_block_list_node)); + VERIFY0(dmu_tx_assign(tx, TXG_WAIT)); + uint64_t txg = dmu_tx_get_txg(tx); + if (!md->md_synctask_txg[txg & TXG_MASK]) { + dsl_sync_task_nowait(dmu_tx_pool(tx), + redaction_list_update_sync, md, 5, ZFS_SPACE_CHECK_NONE, + tx); + md->md_synctask_txg[txg & TXG_MASK] = B_TRUE; + md->md_latest_synctask_txg = txg; + } + md->md_furthest[txg & TXG_MASK].rbp_object = object; + md->md_furthest[txg & TXG_MASK].rbp_blkid = blkid; + list_move_tail(&md->md_blocks[txg & TXG_MASK], + &md->md_redact_block_pending); + dmu_tx_commit(tx); + md->md_last_time = gethrtime(); +} + +/* + * We want to store the list of blocks that we're redacting in the bookmark's + * redaction list. However, this list is stored in the MOS, which means it can + * only be written to in syncing context. To get around this, we create a + * synctask that will write to the mos for us. We tell it what to write by + * a linked list for each current transaction group; every time we decide to + * redact a block, we append it to the transaction group that is currently in + * open context. We also update some progress information that the synctask + * will store to enable resumable redacted sends. + */ +static void +update_redaction_list(struct merge_data *md, objset_t *os, + uint64_t object, uint64_t blkid, uint64_t endblkid, uint32_t blksz) +{ + boolean_t enqueue = B_FALSE; + redact_block_phys_t cur = {0}; + uint64_t count = endblkid - blkid + 1; + while (count > REDACT_BLOCK_MAX_COUNT) { + update_redaction_list(md, os, object, blkid, + blkid + REDACT_BLOCK_MAX_COUNT - 1, blksz); + blkid += REDACT_BLOCK_MAX_COUNT; + count -= REDACT_BLOCK_MAX_COUNT; + } + redact_block_phys_t *coalesce = &md->md_coalesce_block; + boolean_t new; + if (coalesce->rbp_size_count == 0) { + new = B_TRUE; + enqueue = B_FALSE; + } else { + uint64_t old_count = redact_block_get_count(coalesce); + if (coalesce->rbp_object == object && + coalesce->rbp_blkid + old_count == blkid && + old_count + count <= REDACT_BLOCK_MAX_COUNT) { + ASSERT3U(redact_block_get_size(coalesce), ==, blksz); + redact_block_set_count(coalesce, old_count + count); + new = B_FALSE; + enqueue = B_FALSE; + } else { + new = B_TRUE; + enqueue = B_TRUE; + } + } + + if (new) { + cur = *coalesce; + coalesce->rbp_blkid = blkid; + coalesce->rbp_object = object; + + redact_block_set_count(coalesce, count); + redact_block_set_size(coalesce, blksz); + } + + if (enqueue && redact_block_get_size(&cur) != 0) { + struct redact_block_list_node *rbln = + kmem_alloc(sizeof (struct redact_block_list_node), + KM_SLEEP); + rbln->block = cur; + list_insert_tail(&md->md_redact_block_pending, rbln); + } + + if (gethrtime() > md->md_last_time + + redaction_list_update_interval_ns) { + commit_rl_updates(os, md, object, blkid); + } +} + +/* + * This thread merges all the redaction records provided by the worker threads, + * and determines which blocks are redacted by all the snapshots. The algorithm + * for doing so is similar to performing a merge in mergesort with n sub-lists + * instead of 2, with some added complexity due to the fact that the entries are + * ranges, not just single blocks. This algorithm relies on the fact that the + * queues are sorted, which is ensured by the fact that traverse_dataset + * traverses the dataset in a consistent order. We pull one entry off the front + * of the queues of each secure dataset traversal thread. Then we repeat the + * following: each record represents a range of blocks modified by one of the + * redaction snapshots, and each block in that range may need to be redacted in + * the send stream. Find the record with the latest start of its range, and the + * record with the earliest end of its range. If the last start is before the + * first end, then we know that the blocks in the range [last_start, first_end] + * are covered by all of the ranges at the front of the queues, which means + * every thread redacts that whole range. For example, let's say the ranges on + * each queue look like this: + * + * Block Id 1 2 3 4 5 6 7 8 9 10 11 + * Thread 1 | [====================] + * Thread 2 | [========] + * Thread 3 | [=================] + * + * Thread 3 has the last start (5), and the thread 2 has the last end (6). All + * three threads modified the range [5,6], so that data should not be sent over + * the wire. After we've determined whether or not to redact anything, we take + * the record with the first end. We discard that record, and pull a new one + * off the front of the queue it came from. In the above example, we would + * discard Thread 2's record, and pull a new one. Let's say the next record we + * pulled from Thread 2 covered range [10,11]. The new layout would look like + * this: + * + * Block Id 1 2 3 4 5 6 7 8 9 10 11 + * Thread 1 | [====================] + * Thread 2 | [==] + * Thread 3 | [=================] + * + * When we compare the last start (10, from Thread 2) and the first end (9, from + * Thread 1), we see that the last start is greater than the first end. + * Therefore, we do not redact anything from these records. We'll iterate by + * replacing the record from Thread 1. + * + * We iterate by replacing the record with the lowest end because we know + * that the record with the lowest end has helped us as much as it can. All the + * ranges before it that we will ever redact have been redacted. In addition, + * by replacing the one with the lowest end, we guarantee we catch all ranges + * that need to be redacted. For example, if in the case above we had replaced + * the record from Thread 1 instead, we might have ended up with the following: + * + * Block Id 1 2 3 4 5 6 7 8 9 10 11 12 + * Thread 1 | [==] + * Thread 2 | [========] + * Thread 3 | [=================] + * + * If the next record from Thread 2 had been [8,10], for example, we should have + * redacted part of that range, but because we updated Thread 1's record, we + * missed it. + * + * We implement this algorithm by using two trees. The first sorts the + * redaction records by their start_zb, and the second sorts them by their + * end_zb. We use these to find the record with the last start and the record + * with the first end. We create a record with that start and end, and send it + * on. The overall runtime of this implementation is O(n log m), where n is the + * total number of redaction records from all the different redaction snapshots, + * and m is the number of redaction snapshots. + * + * If we redact with respect to zero snapshots, we create a redaction + * record with the start object and blkid to 0, and the end object and blkid to + * UINT64_MAX. This will result in us redacting every block. + */ +static int +perform_thread_merge(bqueue_t *q, uint32_t num_threads, + struct redact_thread_arg *thread_args, boolean_t *cancel) +{ + struct redact_node *redact_nodes = NULL; + avl_tree_t start_tree, end_tree; + struct redact_record *record; + struct redact_record *current_record = NULL; + int err = 0; + struct merge_data md = { {0} }; + list_create(&md.md_redact_block_pending, + sizeof (struct redact_block_list_node), + offsetof(struct redact_block_list_node, node)); + + /* + * If we're redacting with respect to zero snapshots, then no data is + * permitted to be sent. We enqueue a record that redacts all blocks, + * and an eos marker. + */ + if (num_threads == 0) { + record = kmem_zalloc(sizeof (struct redact_record), + KM_SLEEP); + // We can't redact object 0, so don't try. + record->start_object = 1; + record->start_blkid = 0; + record->end_object = record->end_blkid = UINT64_MAX; + bqueue_enqueue(q, record, sizeof (*record)); + return (0); + } + if (num_threads > 0) { + redact_nodes = kmem_zalloc(num_threads * + sizeof (*redact_nodes), KM_SLEEP); + } + + avl_create(&start_tree, redact_node_compare_start, + sizeof (struct redact_node), + offsetof(struct redact_node, avl_node_start)); + avl_create(&end_tree, redact_node_compare_end, + sizeof (struct redact_node), + offsetof(struct redact_node, avl_node_end)); + + for (int i = 0; i < num_threads; i++) { + struct redact_node *node = &redact_nodes[i]; + struct redact_thread_arg *targ = &thread_args[i]; + node->record = bqueue_dequeue(&targ->q); + node->rt_arg = targ; + node->thread_num = i; + avl_add(&start_tree, node); + avl_add(&end_tree, node); + } + + /* + * Once the first record in the end tree has returned EOS, every record + * must be an EOS record, so we should stop. + */ + while (err == 0 && !((struct redact_node *)avl_first(&end_tree))-> + record->eos_marker) { + if (*cancel) { + err = EINTR; + break; + } + struct redact_node *last_start = avl_last(&start_tree); + struct redact_node *first_end = avl_first(&end_tree); + + /* + * If the last start record is before the first end record, + * then we have blocks that are redacted by all threads. + * Therefore, we should redact them. Copy the record, and send + * it to the main thread. + */ + if (redact_record_before(last_start->record, + first_end->record)) { + record = kmem_zalloc(sizeof (struct redact_record), + KM_SLEEP); + *record = *first_end->record; + record->start_object = last_start->record->start_object; + record->start_blkid = last_start->record->start_blkid; + record_merge_enqueue(q, ¤t_record, + record); + } + err = update_avl_trees(&start_tree, &end_tree, first_end); + } + + /* + * We're done; if we were cancelled, we need to cancel our workers and + * clear out their queues. Either way, we need to remove every thread's + * redact_node struct from the avl trees. + */ + for (int i = 0; i < num_threads; i++) { + if (err != 0) { + thread_args[i].cancel = B_TRUE; + while (!redact_nodes[i].record->eos_marker) { + (void) update_avl_trees(&start_tree, &end_tree, + &redact_nodes[i]); + } + } + avl_remove(&start_tree, &redact_nodes[i]); + avl_remove(&end_tree, &redact_nodes[i]); + kmem_free(redact_nodes[i].record, + sizeof (struct redact_record)); + } + + avl_destroy(&start_tree); + avl_destroy(&end_tree); + kmem_free(redact_nodes, num_threads * sizeof (*redact_nodes)); + if (current_record != NULL) + bqueue_enqueue(q, current_record, sizeof (current_record)); + return (err); +} + +struct redact_merge_thread_arg { + bqueue_t q; + spa_t *spa; + int numsnaps; + struct redact_thread_arg *thr_args; + boolean_t cancel; + int error_code; +}; + +static void +redact_merge_thread(void *arg) +{ + struct redact_merge_thread_arg *rmta = arg; + rmta->error_code = perform_thread_merge(&rmta->q, + rmta->numsnaps, rmta->thr_args, &rmta->cancel); + struct redact_record *rec = kmem_zalloc(sizeof (*rec), KM_SLEEP); + rec->eos_marker = B_TRUE; + bqueue_enqueue_flush(&rmta->q, rec, 1); + thread_exit(); +} + +/* + * Find the next object in or after the redaction range passed in, and hold + * its dnode with the provided tag. Also update *object to contain the new + * object number. + */ +static int +hold_next_object(objset_t *os, struct redact_record *rec, void *tag, + uint64_t *object, dnode_t **dn) +{ + int err = 0; + if (*dn != NULL) + dnode_rele(*dn, FTAG); + *dn = NULL; + if (*object < rec->start_object) { + *object = rec->start_object - 1; + } + err = dmu_object_next(os, object, B_FALSE, 0); + if (err != 0) + return (err); + + err = dnode_hold(os, *object, tag, dn); + while (err == 0 && (*object < rec->start_object || + DMU_OT_IS_METADATA((*dn)->dn_type))) { + dnode_rele(*dn, tag); + *dn = NULL; + err = dmu_object_next(os, object, B_FALSE, 0); + if (err != 0) + break; + err = dnode_hold(os, *object, tag, dn); + } + return (err); +} + +static int +perform_redaction(objset_t *os, redaction_list_t *rl, + struct redact_merge_thread_arg *rmta) +{ + int err = 0; + bqueue_t *q = &rmta->q; + struct redact_record *rec = NULL; + struct merge_data md = { {0} }; + + list_create(&md.md_redact_block_pending, + sizeof (struct redact_block_list_node), + offsetof(struct redact_block_list_node, node)); + md.md_redaction_list = rl; + + for (int i = 0; i < TXG_SIZE; i++) { + list_create(&md.md_blocks[i], + sizeof (struct redact_block_list_node), + offsetof(struct redact_block_list_node, node)); + } + dnode_t *dn = NULL; + uint64_t prev_obj = 0; + for (rec = bqueue_dequeue(q); !rec->eos_marker && err == 0; + rec = get_next_redact_record(q, rec)) { + ASSERT3U(rec->start_object, !=, 0); + uint64_t object; + if (prev_obj != rec->start_object) { + object = rec->start_object - 1; + err = hold_next_object(os, rec, FTAG, &object, &dn); + } else { + object = prev_obj; + } + while (err == 0 && object <= rec->end_object) { + if (issig(JUSTLOOKING) && issig(FORREAL)) { + err = EINTR; + break; + } + /* + * Part of the current object is contained somewhere in + * the range covered by rec. + */ + uint64_t startblkid; + uint64_t endblkid; + uint64_t maxblkid = dn->dn_phys->dn_maxblkid; + + if (rec->start_object < object) + startblkid = 0; + else if (rec->start_blkid > maxblkid) + break; + else + startblkid = rec->start_blkid; + + if (rec->end_object > object || rec->end_blkid > + maxblkid) { + endblkid = maxblkid; + } else { + endblkid = rec->end_blkid; + } + update_redaction_list(&md, os, object, startblkid, + endblkid, dn->dn_datablksz); + + if (object == rec->end_object) + break; + err = hold_next_object(os, rec, FTAG, &object, &dn); + } + if (err == ESRCH) + err = 0; + if (dn != NULL) + prev_obj = object; + } + if (err == 0 && dn != NULL) + dnode_rele(dn, FTAG); + + if (err == ESRCH) + err = 0; + rmta->cancel = B_TRUE; + while (!rec->eos_marker) + rec = get_next_redact_record(q, rec); + kmem_free(rec, sizeof (*rec)); + + /* + * There may be a block that's being coalesced, sync that out before we + * return. + */ + if (err == 0 && md.md_coalesce_block.rbp_size_count != 0) { + struct redact_block_list_node *rbln = + kmem_alloc(sizeof (struct redact_block_list_node), + KM_SLEEP); + rbln->block = md.md_coalesce_block; + list_insert_tail(&md.md_redact_block_pending, rbln); + } + commit_rl_updates(os, &md, UINT64_MAX, UINT64_MAX); + + /* + * Wait for all the redaction info to sync out before we return, so that + * anyone who attempts to resume this redaction will have all the data + * they need. + */ + dsl_pool_t *dp = spa_get_dsl(os->os_spa); + if (md.md_latest_synctask_txg != 0) + txg_wait_synced(dp, md.md_latest_synctask_txg); + for (int i = 0; i < TXG_SIZE; i++) + list_destroy(&md.md_blocks[i]); + return (err); +} + +static boolean_t +redact_snaps_contains(uint64_t *snaps, uint64_t num_snaps, uint64_t guid) +{ + for (int i = 0; i < num_snaps; i++) { + if (snaps[i] == guid) + return (B_TRUE); + } + return (B_FALSE); +} + +int +dmu_redact_snap(const char *snapname, nvlist_t *redactnvl, + const char *redactbook) +{ + int err = 0; + dsl_pool_t *dp = NULL; + dsl_dataset_t *ds = NULL; + objset_t *os; + int numsnaps = 0; + dsl_dataset_t **redactsnaparr = NULL; + struct redact_thread_arg *args = NULL; + redaction_list_t *new_rl = NULL; + + if ((err = dsl_pool_hold(snapname, FTAG, &dp)) != 0) + return (err); + + if ((err = dsl_dataset_hold_flags(dp, snapname, DS_HOLD_FLAG_DECRYPT, + FTAG, &ds)) != 0) { + goto out; + } + dsl_dataset_long_hold(ds, FTAG); + if (!ds->ds_is_snapshot || dmu_objset_from_ds(ds, &os) != 0) { + err = EINVAL; + goto out; + } + if (dsl_dataset_feature_is_active(ds, SPA_FEATURE_REDACTED_DATASETS)) { + err = EALREADY; + goto out; + } + nvpair_t *pair; + + if (fnvlist_num_pairs(redactnvl) > 0 && err == 0) { + redactsnaparr = kmem_zalloc(fnvlist_num_pairs(redactnvl) * + sizeof (dsl_dataset_t *), KM_SLEEP); + } + for (pair = nvlist_next_nvpair(redactnvl, NULL); err == 0 && + pair != NULL; pair = nvlist_next_nvpair(redactnvl, pair)) { + const char *name = nvpair_name(pair); + err = dsl_dataset_hold_flags(dp, name, DS_HOLD_FLAG_DECRYPT, + FTAG, redactsnaparr + numsnaps); + if (err != 0) + break; + dsl_dataset_long_hold(redactsnaparr[numsnaps], FTAG); + if (!dsl_dataset_is_before(redactsnaparr[numsnaps], ds, 0)) { + err = EINVAL; + numsnaps++; + break; + } + if (dsl_dataset_feature_is_active(redactsnaparr[numsnaps], + SPA_FEATURE_REDACTED_DATASETS)) { + err = EALREADY; + numsnaps++; + break; + + } + numsnaps++; + } + if (err != 0) + goto out; + + ASSERT3U(fnvlist_num_pairs(redactnvl), ==, numsnaps); + + boolean_t resuming = B_FALSE; + char newredactbook[ZFS_MAX_DATASET_NAME_LEN]; + zfs_bookmark_phys_t bookmark; + + (void) strlcpy(newredactbook, snapname, ZFS_MAX_DATASET_NAME_LEN); + char *c = strchr(newredactbook, '@'); + ASSERT3P(c, !=, NULL); + int n = snprintf(c, ZFS_MAX_DATASET_NAME_LEN - (c - newredactbook), + "#%s", redactbook); + if (n >= ZFS_MAX_DATASET_NAME_LEN - (c - newredactbook)) { + dsl_pool_rele(dp, FTAG); + return (SET_ERROR(ENAMETOOLONG)); + } + err = dsl_bookmark_lookup(dp, newredactbook, NULL, &bookmark); + if (err == 0) { + resuming = B_TRUE; + if (bookmark.zbm_redaction_obj == 0) { + err = EEXIST; + goto out; + } + err = dsl_redaction_list_hold_obj(dp, + bookmark.zbm_redaction_obj, FTAG, &new_rl); + if (err != 0) { + err = EIO; + goto out; + } + dsl_redaction_list_long_hold(dp, new_rl, FTAG); + if (new_rl->rl_phys->rlp_num_snaps != numsnaps) { + err = ESRCH; + goto out; + } + for (int i = 0; i < numsnaps; i++) { + if (!redact_snaps_contains(new_rl->rl_phys->rlp_snaps, + new_rl->rl_phys->rlp_num_snaps, + dsl_dataset_phys(redactsnaparr[i])->ds_guid)) { + err = ESRCH; + goto out; + } + } + if (numsnaps > 0) + args = kmem_zalloc(numsnaps * sizeof (*args), KM_SLEEP); + if (new_rl->rl_phys->rlp_last_blkid == UINT64_MAX && + new_rl->rl_phys->rlp_last_object == UINT64_MAX) { + err = EEXIST; + goto out; + } + dsl_pool_rele(dp, FTAG); + dp = NULL; + } else { + uint64_t *guids = NULL; + if (numsnaps > 0) { + guids = kmem_zalloc(numsnaps * sizeof (uint64_t), + KM_SLEEP); + args = kmem_zalloc(numsnaps * sizeof (*args), KM_SLEEP); + } + for (int i = 0; i < numsnaps; i++) + guids[i] = dsl_dataset_phys(redactsnaparr[i])->ds_guid; + + dsl_pool_rele(dp, FTAG); + dp = NULL; + err = dsl_bookmark_create_redacted(newredactbook, snapname, + numsnaps, guids, FTAG, &new_rl); + kmem_free(guids, numsnaps * sizeof (uint64_t)); + if (err != 0) { + goto out; + } + } + + for (int i = 0; i < numsnaps; i++) { + args[i].ds = redactsnaparr[i]; + (void) bqueue_init(&args[i].q, zfs_redact_queue_ff, + zfs_redact_queue_length, + offsetof(struct redact_record, ln)); + if (resuming) { + args[i].resume.zb_blkid = + new_rl->rl_phys->rlp_last_blkid; + args[i].resume.zb_object = + new_rl->rl_phys->rlp_last_object; + } + args[i].txg = dsl_dataset_phys(ds)->ds_creation_txg; + (void) thread_create(NULL, 0, redact_traverse_thread, &args[i], + 0, curproc, TS_RUN, minclsyspri); + } + struct redact_merge_thread_arg rmta = { { {0} } }; + (void) bqueue_init(&rmta.q, zfs_redact_queue_ff, + zfs_redact_queue_length, offsetof(struct redact_record, ln)); + rmta.numsnaps = numsnaps; + rmta.spa = os->os_spa; + rmta.thr_args = args; + (void) thread_create(NULL, 0, redact_merge_thread, &rmta, 0, curproc, + TS_RUN, minclsyspri); + err = perform_redaction(os, new_rl, &rmta); +out: + if (args != NULL) { + kmem_free(args, numsnaps * sizeof (*args)); + } + if (new_rl != NULL) { + dsl_redaction_list_long_rele(new_rl, FTAG); + dsl_redaction_list_rele(new_rl, FTAG); + } + for (int i = 0; i < numsnaps; i++) { + dsl_dataset_long_rele(redactsnaparr[i], FTAG); + dsl_dataset_rele_flags(redactsnaparr[i], DS_HOLD_FLAG_DECRYPT, + FTAG); + } + + if (redactsnaparr != NULL) { + kmem_free(redactsnaparr, fnvlist_num_pairs(redactnvl) * + sizeof (dsl_dataset_t *)); + } + if (dp != NULL) + dsl_pool_rele(dp, FTAG); + if (ds != NULL) { + dsl_dataset_long_rele(ds, FTAG); + dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); + } + return (SET_ERROR(err)); + +} diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c index a6ff5ce3e..884be31bd 100644 --- a/module/zfs/dmu_send.c +++ b/module/zfs/dmu_send.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2011, 2015 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. * Copyright (c) 2014, Joyent, Inc. All rights reserved. * Copyright 2014 HybridCluster. All rights reserved. * Copyright 2016 RackTop Systems. @@ -58,104 +58,213 @@ #include <sys/bqueue.h> #include <sys/zvol.h> #include <sys/policy.h> +#include <sys/objlist.h> +#ifdef _KERNEL +#include <sys/zfs_vfsops.h> +#endif /* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */ int zfs_send_corrupt_data = B_FALSE; +/* + * This tunable controls the amount of data (measured in bytes) that will be + * prefetched by zfs send. If the main thread is blocking on reads that haven't + * completed, this variable might need to be increased. If instead the main + * thread is issuing new reads because the prefetches have fallen out of the + * cache, this may need to be decreased. + */ int zfs_send_queue_length = SPA_MAXBLOCKSIZE; +/* + * This tunable controls the length of the queues that zfs send worker threads + * use to communicate. If the send_main_thread is blocking on these queues, + * this variable may need to be increased. If there is a significant slowdown + * at the start of a send as these threads consume all the available IO + * resources, this variable may need to be decreased. + */ +int zfs_send_no_prefetch_queue_length = 1024 * 1024; +/* + * These tunables control the fill fraction of the queues by zfs send. The fill + * fraction controls the frequency with which threads have to be cv_signaled. + * If a lot of cpu time is being spent on cv_signal, then these should be tuned + * down. If the queues empty before the signalled thread can catch up, then + * these should be tuned up. + */ +int zfs_send_queue_ff = 20; +int zfs_send_no_prefetch_queue_ff = 20; + +/* + * Use this to override the recordsize calculation for fast zfs send estimates. + */ +int zfs_override_estimate_recordsize = 0; + /* Set this tunable to FALSE to disable setting of DRR_FLAG_FREERECORDS */ int zfs_send_set_freerecords_bit = B_TRUE; + /* Set this tunable to FALSE is disable sending unmodified spill blocks. */ int zfs_send_unmodified_spill_blocks = B_TRUE; +static inline boolean_t +overflow_multiply(uint64_t a, uint64_t b, uint64_t *c) +{ + uint64_t temp = a * b; + if (b != 0 && temp / b != a) + return (B_FALSE); + *c = temp; + return (B_TRUE); +} + /* - * Use this to override the recordsize calculation for fast zfs send estimates. + * Return B_TRUE and modifies *out to the span if the span is less than 2^64, + * returns B_FALSE otherwise. */ -unsigned long zfs_override_estimate_recordsize = 0; - -#define BP_SPAN(datablkszsec, indblkshift, level) \ - (((uint64_t)datablkszsec) << (SPA_MINBLOCKSHIFT + \ - (level) * (indblkshift - SPA_BLKPTRSHIFT))) +static inline boolean_t +bp_span(uint32_t datablksz, uint8_t indblkshift, uint64_t level, uint64_t *out) +{ + uint64_t spanb = bp_span_in_blocks(indblkshift, level); + return (overflow_multiply(spanb, datablksz, out)); +} struct send_thread_arg { bqueue_t q; dsl_dataset_t *ds; /* Dataset to traverse */ + redaction_list_t *redaction_list; + struct send_redact_record *current_record; uint64_t fromtxg; /* Traverse from this txg */ int flags; /* flags to pass to traverse_dataset */ int error_code; boolean_t cancel; zbookmark_phys_t resume; + objlist_t *deleted_objs; + uint64_t *num_blocks_visited; }; -struct send_block_record { - boolean_t eos_marker; /* Marks the end of the stream */ - blkptr_t bp; - zbookmark_phys_t zb; - uint8_t indblkshift; - uint16_t datablkszsec; - bqueue_node_t ln; +struct redact_list_thread_arg { + boolean_t cancel; + bqueue_t q; + zbookmark_phys_t resume; + redaction_list_t *rl; + boolean_t mark_redact; + int error_code; + uint64_t *num_blocks_visited; }; -typedef struct dump_bytes_io { - dmu_sendarg_t *dbi_dsp; - void *dbi_buf; - int dbi_len; -} dump_bytes_io_t; - -static int do_dump(dmu_sendarg_t *dsa, struct send_block_record *data); +/* + * A wrapper around struct redact_block so it can be stored in a list_t. + */ +struct redact_block_list_node { + redact_block_phys_t block; + list_node_t node; +}; -static void -dump_bytes_cb(void *arg) -{ - dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg; - dmu_sendarg_t *dsp = dbi->dbi_dsp; - dsl_dataset_t *ds = dmu_objset_ds(dsp->dsa_os); - ssize_t resid; /* have to get resid to get detailed errno */ +struct redact_bookmark_info { + redact_block_phys_t rbi_furthest[TXG_SIZE]; + /* Lists of struct redact_block_list_node. */ + list_t rbi_blocks[TXG_SIZE]; + boolean_t rbi_synctasc_txg[TXG_SIZE]; + uint64_t rbi_latest_synctask_txg; + redaction_list_t *rbi_redaction_list; +}; +struct send_merge_thread_arg { + bqueue_t q; + objset_t *os; + struct redact_list_thread_arg *from_arg; + struct send_thread_arg *to_arg; + struct redact_list_thread_arg *redact_arg; + int error; + boolean_t cancel; + struct redact_bookmark_info rbi; /* - * The code does not rely on len being a multiple of 8. We keep - * this assertion because of the corresponding assertion in - * receive_read(). Keeping this assertion ensures that we do not - * inadvertently break backwards compatibility (causing the assertion - * in receive_read() to trigger on old software). Newer feature flags - * (such as raw send) may break this assertion since they were - * introduced after the requirement was made obsolete. + * If we're resuming a redacted send, then the object/offset from the + * resume token may be different from the object/offset that we have + * updated the bookmark to. resume_redact_zb will store the earlier of + * the two object/offset pairs, and bookmark_before will be B_TRUE if + * resume_redact_zb has the object/offset for resuming the redaction + * bookmark, and B_FALSE if resume_redact_zb is storing the + * object/offset from the resume token. */ + zbookmark_phys_t resume_redact_zb; + boolean_t bookmark_before; +}; - ASSERT(dbi->dbi_len % 8 == 0 || - (dsp->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) != 0); - - dsp->dsa_err = vn_rdwr(UIO_WRITE, dsp->dsa_vp, - (caddr_t)dbi->dbi_buf, dbi->dbi_len, - 0, UIO_SYSSPACE, FAPPEND, RLIM64_INFINITY, CRED(), &resid); +struct send_range { + boolean_t eos_marker; /* Marks the end of the stream */ + uint64_t object; + uint64_t start_blkid; + uint64_t end_blkid; + bqueue_node_t ln; + enum type {DATA, HOLE, OBJECT, OBJECT_RANGE, REDACT, + PREVIOUSLY_REDACTED} type; + union { + struct srd { + dmu_object_type_t obj_type; + uint32_t datablksz; + blkptr_t bp; + } data; + struct srh { + uint32_t datablksz; + } hole; + struct sro { + /* + * This is a pointer because embedding it in the + * struct causes these structures to be massively larger + * for all range types; this makes the code much less + * memory efficient. + */ + dnode_phys_t *dnp; + blkptr_t bp; + } object; + struct srr { + uint32_t datablksz; + } redact; + struct sror { + blkptr_t bp; + } object_range; + } sru; +}; - mutex_enter(&ds->ds_sendstream_lock); - *dsp->dsa_off += dbi->dbi_len; - mutex_exit(&ds->ds_sendstream_lock); -} +/* + * The list of data whose inclusion in a send stream can be pending from + * one call to backup_cb to another. Multiple calls to dump_free(), + * dump_freeobjects(), and dump_redact() can be aggregated into a single + * DRR_FREE, DRR_FREEOBJECTS, or DRR_REDACT replay record. + */ +typedef enum { + PENDING_NONE, + PENDING_FREE, + PENDING_FREEOBJECTS, + PENDING_REDACT +} dmu_pendop_t; + +typedef struct dmu_send_cookie { + dmu_replay_record_t *dsc_drr; + dmu_send_outparams_t *dsc_dso; + offset_t *dsc_off; + objset_t *dsc_os; + zio_cksum_t dsc_zc; + uint64_t dsc_toguid; + uint64_t dsc_fromtxg; + int dsc_err; + dmu_pendop_t dsc_pending_op; + uint64_t dsc_featureflags; + uint64_t dsc_last_data_object; + uint64_t dsc_last_data_offset; + uint64_t dsc_resume_object; + uint64_t dsc_resume_offset; + boolean_t dsc_sent_begin; + boolean_t dsc_sent_end; +} dmu_send_cookie_t; + +static int do_dump(dmu_send_cookie_t *dscp, struct send_range *range); -static int -dump_bytes(dmu_sendarg_t *dsp, void *buf, int len) +static void +range_free(struct send_range *range) { - dump_bytes_io_t dbi; - - dbi.dbi_dsp = dsp; - dbi.dbi_buf = buf; - dbi.dbi_len = len; - -#if defined(HAVE_LARGE_STACKS) - dump_bytes_cb(&dbi); -#else - /* - * The vn_rdwr() call is performed in a taskq to ensure that there is - * always enough stack space to write safely to the target filesystem. - * The ZIO_TYPE_FREE threads are used because there can be a lot of - * them and they are used in vdev_file.c for a similar purpose. - */ - spa_taskq_dispatch_sync(dmu_objset_spa(dsp->dsa_os), ZIO_TYPE_FREE, - ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP); -#endif /* HAVE_LARGE_STACKS */ - - return (dsp->dsa_err); + if (range->type == OBJECT) { + size_t size = sizeof (dnode_phys_t) * + (range->sru.object.dnp->dn_extra_slots + 1); + kmem_free(range->sru.object.dnp, size); + } + kmem_free(range, sizeof (*range)); } /* @@ -164,32 +273,60 @@ dump_bytes(dmu_sendarg_t *dsp, void *buf, int len) * up to the start of the checksum itself. */ static int -dump_record(dmu_sendarg_t *dsp, void *payload, int payload_len) +dump_record(dmu_send_cookie_t *dscp, void *payload, int payload_len) { + dmu_send_outparams_t *dso = dscp->dsc_dso; ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t)); - (void) fletcher_4_incremental_native(dsp->dsa_drr, + (void) fletcher_4_incremental_native(dscp->dsc_drr, offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), - &dsp->dsa_zc); - if (dsp->dsa_drr->drr_type == DRR_BEGIN) { - dsp->dsa_sent_begin = B_TRUE; + &dscp->dsc_zc); + if (dscp->dsc_drr->drr_type == DRR_BEGIN) { + dscp->dsc_sent_begin = B_TRUE; } else { - ASSERT(ZIO_CHECKSUM_IS_ZERO(&dsp->dsa_drr->drr_u. + ASSERT(ZIO_CHECKSUM_IS_ZERO(&dscp->dsc_drr->drr_u. drr_checksum.drr_checksum)); - dsp->dsa_drr->drr_u.drr_checksum.drr_checksum = dsp->dsa_zc; + dscp->dsc_drr->drr_u.drr_checksum.drr_checksum = dscp->dsc_zc; } - if (dsp->dsa_drr->drr_type == DRR_END) { - dsp->dsa_sent_end = B_TRUE; + if (dscp->dsc_drr->drr_type == DRR_END) { + dscp->dsc_sent_end = B_TRUE; } - (void) fletcher_4_incremental_native(&dsp->dsa_drr-> + (void) fletcher_4_incremental_native(&dscp->dsc_drr-> drr_u.drr_checksum.drr_checksum, - sizeof (zio_cksum_t), &dsp->dsa_zc); - if (dump_bytes(dsp, dsp->dsa_drr, sizeof (dmu_replay_record_t)) != 0) + sizeof (zio_cksum_t), &dscp->dsc_zc); + *dscp->dsc_off += sizeof (dmu_replay_record_t); + dscp->dsc_err = dso->dso_outfunc(dscp->dsc_os, dscp->dsc_drr, + sizeof (dmu_replay_record_t), dso->dso_arg); + if (dscp->dsc_err != 0) return (SET_ERROR(EINTR)); if (payload_len != 0) { - (void) fletcher_4_incremental_native(payload, payload_len, - &dsp->dsa_zc); - if (dump_bytes(dsp, payload, payload_len) != 0) + *dscp->dsc_off += payload_len; + /* + * payload is null when dso->ryrun == B_TRUE (i.e. when we're + * doing a send size calculation) + */ + if (payload != NULL) { + (void) fletcher_4_incremental_native( + payload, payload_len, &dscp->dsc_zc); + } + + /* + * The code does not rely on this (len being a multiple of 8). + * We keep this assertion because of the corresponding assertion + * in receive_read(). Keeping this assertion ensures that we do + * not inadvertently break backwards compatibility (causing the + * assertion in receive_read() to trigger on old software). + * + * Raw sends cannot be received on old software, and so can + * bypass this assertion. + */ + + ASSERT((payload_len % 8 == 0) || + (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)); + + dscp->dsc_err = dso->dso_outfunc(dscp->dsc_os, payload, + payload_len, dso->dso_arg); + if (dscp->dsc_err != 0) return (SET_ERROR(EINTR)); } return (0); @@ -204,10 +341,10 @@ dump_record(dmu_sendarg_t *dsp, void *payload, int payload_len) * and freeobject records that were generated on the source. */ static int -dump_free(dmu_sendarg_t *dsp, uint64_t object, uint64_t offset, +dump_free(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, uint64_t length) { - struct drr_free *drrf = &(dsp->dsa_drr->drr_u.drr_free); + struct drr_free *drrf = &(dscp->dsc_drr->drr_u.drr_free); /* * When we receive a free record, dbuf_free_range() assumes @@ -222,87 +359,131 @@ dump_free(dmu_sendarg_t *dsp, uint64_t object, uint64_t offset, * another way to assert that the one-record constraint is still * satisfied. */ - ASSERT(object > dsp->dsa_last_data_object || - (object == dsp->dsa_last_data_object && - offset > dsp->dsa_last_data_offset)); + ASSERT(object > dscp->dsc_last_data_object || + (object == dscp->dsc_last_data_object && + offset > dscp->dsc_last_data_offset)); /* * If there is a pending op, but it's not PENDING_FREE, push it out, * since free block aggregation can only be done for blocks of the * same type (i.e., DRR_FREE records can only be aggregated with * other DRR_FREE records. DRR_FREEOBJECTS records can only be - * aggregated with other DRR_FREEOBJECTS records. + * aggregated with other DRR_FREEOBJECTS records). */ - if (dsp->dsa_pending_op != PENDING_NONE && - dsp->dsa_pending_op != PENDING_FREE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE && + dscp->dsc_pending_op != PENDING_FREE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } - if (dsp->dsa_pending_op == PENDING_FREE) { - /* - * There should never be a PENDING_FREE if length is - * DMU_OBJECT_END (because dump_dnode is the only place where - * this function is called with a DMU_OBJECT_END, and only after - * flushing any pending record). - */ - ASSERT(length != DMU_OBJECT_END); + if (dscp->dsc_pending_op == PENDING_FREE) { /* * Check to see whether this free block can be aggregated * with pending one. */ if (drrf->drr_object == object && drrf->drr_offset + drrf->drr_length == offset) { - if (offset + length < offset) - drrf->drr_length = DMU_OBJECT_END; + if (offset + length < offset || length == UINT64_MAX) + drrf->drr_length = UINT64_MAX; else drrf->drr_length += length; return (0); } else { /* not a continuation. Push out pending record */ - if (dump_record(dsp, NULL, 0) != 0) + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } } /* create a FREE record and make it pending */ - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_FREE; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_FREE; drrf->drr_object = object; drrf->drr_offset = offset; if (offset + length < offset) drrf->drr_length = DMU_OBJECT_END; else drrf->drr_length = length; - drrf->drr_toguid = dsp->dsa_toguid; + drrf->drr_toguid = dscp->dsc_toguid; if (length == DMU_OBJECT_END) { - if (dump_record(dsp, NULL, 0) != 0) + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); } else { - dsp->dsa_pending_op = PENDING_FREE; + dscp->dsc_pending_op = PENDING_FREE; } return (0); } +/* + * Fill in the drr_redact struct, or perform aggregation if the previous record + * is also a redaction record, and the two are adjacent. + */ static int -dump_write(dmu_sendarg_t *dsp, dmu_object_type_t type, uint64_t object, +dump_redact(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, + uint64_t length) +{ + struct drr_redact *drrr = &dscp->dsc_drr->drr_u.drr_redact; + + /* + * If there is a pending op, but it's not PENDING_REDACT, push it out, + * since free block aggregation can only be done for blocks of the + * same type (i.e., DRR_REDACT records can only be aggregated with + * other DRR_REDACT records). + */ + if (dscp->dsc_pending_op != PENDING_NONE && + dscp->dsc_pending_op != PENDING_REDACT) { + if (dump_record(dscp, NULL, 0) != 0) + return (SET_ERROR(EINTR)); + dscp->dsc_pending_op = PENDING_NONE; + } + + if (dscp->dsc_pending_op == PENDING_REDACT) { + /* + * Check to see whether this redacted block can be aggregated + * with pending one. + */ + if (drrr->drr_object == object && drrr->drr_offset + + drrr->drr_length == offset) { + drrr->drr_length += length; + return (0); + } else { + /* not a continuation. Push out pending record */ + if (dump_record(dscp, NULL, 0) != 0) + return (SET_ERROR(EINTR)); + dscp->dsc_pending_op = PENDING_NONE; + } + } + /* create a REDACT record and make it pending */ + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_REDACT; + drrr->drr_object = object; + drrr->drr_offset = offset; + drrr->drr_length = length; + drrr->drr_toguid = dscp->dsc_toguid; + dscp->dsc_pending_op = PENDING_REDACT; + + return (0); +} + +static int +dump_write(dmu_send_cookie_t *dscp, dmu_object_type_t type, uint64_t object, uint64_t offset, int lsize, int psize, const blkptr_t *bp, void *data) { uint64_t payload_size; - boolean_t raw = (dsp->dsa_featureflags & DMU_BACKUP_FEATURE_RAW); - struct drr_write *drrw = &(dsp->dsa_drr->drr_u.drr_write); + boolean_t raw = (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW); + struct drr_write *drrw = &(dscp->dsc_drr->drr_u.drr_write); /* * We send data in increasing object, offset order. * See comment in dump_free() for details. */ - ASSERT(object > dsp->dsa_last_data_object || - (object == dsp->dsa_last_data_object && - offset > dsp->dsa_last_data_offset)); - dsp->dsa_last_data_object = object; - dsp->dsa_last_data_offset = offset + lsize - 1; + ASSERT(object > dscp->dsc_last_data_object || + (object == dscp->dsc_last_data_object && + offset > dscp->dsc_last_data_offset)); + dscp->dsc_last_data_object = object; + dscp->dsc_last_data_offset = offset + lsize - 1; /* * If there is any kind of pending aggregation (currently either @@ -310,22 +491,24 @@ dump_write(dmu_sendarg_t *dsp, dmu_object_type_t type, uint64_t object, * the stream, since aggregation can't be done across operations * of different types. */ - if (dsp->dsa_pending_op != PENDING_NONE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } /* write a WRITE record */ - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_WRITE; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_WRITE; drrw->drr_object = object; drrw->drr_type = type; drrw->drr_offset = offset; - drrw->drr_toguid = dsp->dsa_toguid; + drrw->drr_toguid = dscp->dsc_toguid; drrw->drr_logical_size = lsize; /* only set the compression fields if the buf is compressed or raw */ if (raw || lsize != psize) { + ASSERT(raw || dscp->dsc_featureflags & + DMU_BACKUP_FEATURE_COMPRESSED); ASSERT(!BP_IS_EMBEDDED(bp)); ASSERT3S(psize, >, 0); @@ -345,7 +528,7 @@ dump_write(dmu_sendarg_t *dsp, dmu_object_type_t type, uint64_t object, zio_crypt_decode_mac_bp(bp, drrw->drr_mac); } else { /* this is a compressed block */ - ASSERT(dsp->dsa_featureflags & + ASSERT(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_COMPRESSED); ASSERT(!BP_SHOULD_BYTESWAP(bp)); ASSERT(!DMU_OT_IS_METADATA(BP_GET_TYPE(bp))); @@ -381,33 +564,33 @@ dump_write(dmu_sendarg_t *dsp, dmu_object_type_t type, uint64_t object, drrw->drr_key.ddk_cksum = bp->blk_cksum; } - if (dump_record(dsp, data, payload_size) != 0) + if (dump_record(dscp, data, payload_size) != 0) return (SET_ERROR(EINTR)); return (0); } static int -dump_write_embedded(dmu_sendarg_t *dsp, uint64_t object, uint64_t offset, +dump_write_embedded(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, int blksz, const blkptr_t *bp) { char buf[BPE_PAYLOAD_SIZE]; struct drr_write_embedded *drrw = - &(dsp->dsa_drr->drr_u.drr_write_embedded); + &(dscp->dsc_drr->drr_u.drr_write_embedded); - if (dsp->dsa_pending_op != PENDING_NONE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } ASSERT(BP_IS_EMBEDDED(bp)); - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_WRITE_EMBEDDED; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_WRITE_EMBEDDED; drrw->drr_object = object; drrw->drr_offset = offset; drrw->drr_length = blksz; - drrw->drr_toguid = dsp->dsa_toguid; + drrw->drr_toguid = dscp->dsc_toguid; drrw->drr_compression = BP_GET_COMPRESS(bp); drrw->drr_etype = BPE_GET_ETYPE(bp); drrw->drr_lsize = BPE_GET_LSIZE(bp); @@ -415,39 +598,40 @@ dump_write_embedded(dmu_sendarg_t *dsp, uint64_t object, uint64_t offset, decode_embedded_bp_compressed(bp, buf); - if (dump_record(dsp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0) + if (dump_record(dscp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0) return (SET_ERROR(EINTR)); return (0); } static int -dump_spill(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, void *data) +dump_spill(dmu_send_cookie_t *dscp, const blkptr_t *bp, uint64_t object, + void *data) { - struct drr_spill *drrs = &(dsp->dsa_drr->drr_u.drr_spill); + struct drr_spill *drrs = &(dscp->dsc_drr->drr_u.drr_spill); uint64_t blksz = BP_GET_LSIZE(bp); uint64_t payload_size = blksz; - if (dsp->dsa_pending_op != PENDING_NONE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } /* write a SPILL record */ - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_SPILL; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_SPILL; drrs->drr_object = object; drrs->drr_length = blksz; - drrs->drr_toguid = dsp->dsa_toguid; + drrs->drr_toguid = dscp->dsc_toguid; /* See comment in dump_dnode() for full details */ if (zfs_send_unmodified_spill_blocks && - (bp->blk_birth <= dsp->dsa_fromtxg)) { + (bp->blk_birth <= dscp->dsc_fromtxg)) { drrs->drr_flags |= DRR_SPILL_UNMODIFIED; } /* handle raw send fields */ - if (dsp->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) { + if (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW) { ASSERT(BP_IS_PROTECTED(bp)); if (BP_SHOULD_BYTESWAP(bp)) @@ -459,17 +643,17 @@ dump_spill(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, void *data) payload_size = drrs->drr_compressed_size; } - if (dump_record(dsp, data, payload_size) != 0) + if (dump_record(dscp, data, payload_size) != 0) return (SET_ERROR(EINTR)); return (0); } static int -dump_freeobjects(dmu_sendarg_t *dsp, uint64_t firstobj, uint64_t numobjs) +dump_freeobjects(dmu_send_cookie_t *dscp, uint64_t firstobj, uint64_t numobjs) { - struct drr_freeobjects *drrfo = &(dsp->dsa_drr->drr_u.drr_freeobjects); + struct drr_freeobjects *drrfo = &(dscp->dsc_drr->drr_u.drr_freeobjects); uint64_t maxobj = DNODES_PER_BLOCK * - (DMU_META_DNODE(dsp->dsa_os)->dn_maxblkid + 1); + (DMU_META_DNODE(dscp->dsc_os)->dn_maxblkid + 1); /* * ZoL < 0.7 does not handle large FREEOBJECTS records correctly, @@ -490,15 +674,18 @@ dump_freeobjects(dmu_sendarg_t *dsp, uint64_t firstobj, uint64_t numobjs) * push it out, since free block aggregation can only be done for * blocks of the same type (i.e., DRR_FREE records can only be * aggregated with other DRR_FREE records. DRR_FREEOBJECTS records - * can only be aggregated with other DRR_FREEOBJECTS records. + * can only be aggregated with other DRR_FREEOBJECTS records). */ - if (dsp->dsa_pending_op != PENDING_NONE && - dsp->dsa_pending_op != PENDING_FREEOBJECTS) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE && + dscp->dsc_pending_op != PENDING_FREEOBJECTS) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } - if (dsp->dsa_pending_op == PENDING_FREEOBJECTS) { + if (numobjs == 0) + numobjs = UINT64_MAX - firstobj; + + if (dscp->dsc_pending_op == PENDING_FREEOBJECTS) { /* * See whether this free object array can be aggregated * with pending one @@ -508,32 +695,32 @@ dump_freeobjects(dmu_sendarg_t *dsp, uint64_t firstobj, uint64_t numobjs) return (0); } else { /* can't be aggregated. Push out pending record */ - if (dump_record(dsp, NULL, 0) != 0) + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } } /* write a FREEOBJECTS record */ - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_FREEOBJECTS; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_FREEOBJECTS; drrfo->drr_firstobj = firstobj; drrfo->drr_numobjs = numobjs; - drrfo->drr_toguid = dsp->dsa_toguid; + drrfo->drr_toguid = dscp->dsc_toguid; - dsp->dsa_pending_op = PENDING_FREEOBJECTS; + dscp->dsc_pending_op = PENDING_FREEOBJECTS; return (0); } static int -dump_dnode(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, +dump_dnode(dmu_send_cookie_t *dscp, const blkptr_t *bp, uint64_t object, dnode_phys_t *dnp) { - struct drr_object *drro = &(dsp->dsa_drr->drr_u.drr_object); + struct drr_object *drro = &(dscp->dsc_drr->drr_u.drr_object); int bonuslen; - if (object < dsp->dsa_resume_object) { + if (object < dscp->dsc_resume_object) { /* * Note: when resuming, we will visit all the dnodes in * the block of dnodes that we are resuming from. In @@ -541,23 +728,23 @@ dump_dnode(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, * the one we are resuming from. We should be at most one * block's worth of dnodes behind the resume point. */ - ASSERT3U(dsp->dsa_resume_object - object, <, + ASSERT3U(dscp->dsc_resume_object - object, <, 1 << (DNODE_BLOCK_SHIFT - DNODE_SHIFT)); return (0); } if (dnp == NULL || dnp->dn_type == DMU_OT_NONE) - return (dump_freeobjects(dsp, object, 1)); + return (dump_freeobjects(dscp, object, 1)); - if (dsp->dsa_pending_op != PENDING_NONE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } /* write an OBJECT record */ - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_OBJECT; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_OBJECT; drro->drr_object = object; drro->drr_type = dnp->dn_type; drro->drr_bonustype = dnp->dn_bonustype; @@ -566,15 +753,15 @@ dump_dnode(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, drro->drr_dn_slots = dnp->dn_extra_slots + 1; drro->drr_checksumtype = dnp->dn_checksum; drro->drr_compress = dnp->dn_compress; - drro->drr_toguid = dsp->dsa_toguid; + drro->drr_toguid = dscp->dsc_toguid; - if (!(dsp->dsa_featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && + if (!(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && drro->drr_blksz > SPA_OLD_MAXBLOCKSIZE) drro->drr_blksz = SPA_OLD_MAXBLOCKSIZE; bonuslen = P2ROUNDUP(dnp->dn_bonuslen, 8); - if ((dsp->dsa_featureflags & DMU_BACKUP_FEATURE_RAW)) { + if ((dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)) { ASSERT(BP_IS_ENCRYPTED(bp)); if (BP_SHOULD_BYTESWAP(bp)) @@ -599,22 +786,22 @@ dump_dnode(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, /* * DRR_OBJECT_SPILL is set for every dnode which references a - * spill block. This allows the receiving pool to definitively + * spill block. This allows the receiving pool to definitively * determine when a spill block should be kept or freed. */ if (dnp->dn_flags & DNODE_FLAG_SPILL_BLKPTR) drro->drr_flags |= DRR_OBJECT_SPILL; - if (dump_record(dsp, DN_BONUS(dnp), bonuslen) != 0) + if (dump_record(dscp, DN_BONUS(dnp), bonuslen) != 0) return (SET_ERROR(EINTR)); /* Free anything past the end of the file. */ - if (dump_free(dsp, object, (dnp->dn_maxblkid + 1) * + if (dump_free(dscp, object, (dnp->dn_maxblkid + 1) * (dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT), DMU_OBJECT_END) != 0) return (SET_ERROR(EINTR)); /* - * Send DRR_SPILL records for unmodified spill blocks. This is useful + * Send DRR_SPILL records for unmodified spill blocks. This is useful * because changing certain attributes of the object (e.g. blocksize) * can cause old versions of ZFS to incorrectly remove a spill block. * Including these records in the stream forces an up to date version @@ -624,62 +811,67 @@ dump_dnode(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t object, */ if (zfs_send_unmodified_spill_blocks && (dnp->dn_flags & DNODE_FLAG_SPILL_BLKPTR) && - (DN_SPILL_BLKPTR(dnp)->blk_birth <= dsp->dsa_fromtxg)) { - struct send_block_record record; + (DN_SPILL_BLKPTR(dnp)->blk_birth <= dscp->dsc_fromtxg)) { + struct send_range record; + blkptr_t *bp = DN_SPILL_BLKPTR(dnp); - bzero(&record, sizeof (struct send_block_record)); + bzero(&record, sizeof (struct send_range)); + record.type = DATA; + record.object = object; record.eos_marker = B_FALSE; - record.bp = *DN_SPILL_BLKPTR(dnp); - SET_BOOKMARK(&(record.zb), dmu_objset_id(dsp->dsa_os), - object, 0, DMU_SPILL_BLKID); + record.start_blkid = DMU_SPILL_BLKID; + record.end_blkid = record.start_blkid + 1; + record.sru.data.bp = *bp; + record.sru.data.obj_type = dnp->dn_type; + record.sru.data.datablksz = BP_GET_LSIZE(bp); - if (do_dump(dsp, &record) != 0) + if (do_dump(dscp, &record) != 0) return (SET_ERROR(EINTR)); } - if (dsp->dsa_err != 0) + if (dscp->dsc_err != 0) return (SET_ERROR(EINTR)); return (0); } static int -dump_object_range(dmu_sendarg_t *dsp, const blkptr_t *bp, uint64_t firstobj, - uint64_t numslots) +dump_object_range(dmu_send_cookie_t *dscp, const blkptr_t *bp, + uint64_t firstobj, uint64_t numslots) { struct drr_object_range *drror = - &(dsp->dsa_drr->drr_u.drr_object_range); + &(dscp->dsc_drr->drr_u.drr_object_range); /* we only use this record type for raw sends */ ASSERT(BP_IS_PROTECTED(bp)); - ASSERT(dsp->dsa_featureflags & DMU_BACKUP_FEATURE_RAW); + ASSERT(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW); ASSERT3U(BP_GET_COMPRESS(bp), ==, ZIO_COMPRESS_OFF); ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_DNODE); ASSERT0(BP_GET_LEVEL(bp)); - if (dsp->dsa_pending_op != PENDING_NONE) { - if (dump_record(dsp, NULL, 0) != 0) + if (dscp->dsc_pending_op != PENDING_NONE) { + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); - dsp->dsa_pending_op = PENDING_NONE; + dscp->dsc_pending_op = PENDING_NONE; } - bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t)); - dsp->dsa_drr->drr_type = DRR_OBJECT_RANGE; + bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); + dscp->dsc_drr->drr_type = DRR_OBJECT_RANGE; drror->drr_firstobj = firstobj; drror->drr_numslots = numslots; - drror->drr_toguid = dsp->dsa_toguid; + drror->drr_toguid = dscp->dsc_toguid; if (BP_SHOULD_BYTESWAP(bp)) drror->drr_flags |= DRR_RAW_BYTESWAP; zio_crypt_decode_params_bp(bp, drror->drr_salt, drror->drr_iv); zio_crypt_decode_mac_bp(bp, drror->drr_mac); - if (dump_record(dsp, NULL, 0) != 0) + if (dump_record(dscp, NULL, 0) != 0) return (SET_ERROR(EINTR)); return (0); } static boolean_t -backup_do_embed(dmu_sendarg_t *dsp, const blkptr_t *bp) +send_do_embed(dmu_send_cookie_t *dscp, const blkptr_t *bp) { if (!BP_IS_EMBEDDED(bp)) return (B_FALSE); @@ -688,7 +880,7 @@ backup_do_embed(dmu_sendarg_t *dsp, const blkptr_t *bp) * Compression function must be legacy, or explicitly enabled. */ if ((BP_GET_COMPRESS(bp) >= ZIO_COMPRESS_LEGACY_FUNCTIONS && - !(dsp->dsa_featureflags & DMU_BACKUP_FEATURE_LZ4))) + !(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_LZ4))) return (B_FALSE); /* @@ -696,7 +888,7 @@ backup_do_embed(dmu_sendarg_t *dsp, const blkptr_t *bp) */ switch (BPE_GET_ETYPE(bp)) { case BP_EMBEDDED_TYPE_DATA: - if (dsp->dsa_featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) + if (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) return (B_TRUE); break; default: @@ -706,7 +898,239 @@ backup_do_embed(dmu_sendarg_t *dsp, const blkptr_t *bp) } /* - * This is the callback function to traverse_dataset that acts as the worker + * This function actually handles figuring out what kind of record needs to be + * dumped, reading the data (which has hopefully been prefetched), and calling + * the appropriate helper function. + */ +static int +do_dump(dmu_send_cookie_t *dscp, struct send_range *range) +{ + int err = 0; + switch (range->type) { + case OBJECT: + err = dump_dnode(dscp, &range->sru.object.bp, range->object, + range->sru.object.dnp); + return (err); + case OBJECT_RANGE: { + ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); + if (!(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)) { + return (0); + } + uint64_t epb = BP_GET_LSIZE(&range->sru.object_range.bp) >> + DNODE_SHIFT; + uint64_t firstobj = range->start_blkid * epb; + err = dump_object_range(dscp, &range->sru.object_range.bp, + firstobj, epb); + break; + } + case REDACT: { + struct srr *srrp = &range->sru.redact; + err = dump_redact(dscp, range->object, range->start_blkid * + srrp->datablksz, (range->end_blkid - range->start_blkid) * + srrp->datablksz); + return (err); + } + case DATA: { + struct srd *srdp = &range->sru.data; + blkptr_t *bp = &srdp->bp; + spa_t *spa = + dmu_objset_spa(dscp->dsc_os); + + ASSERT3U(srdp->datablksz, ==, BP_GET_LSIZE(bp)); + ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); + if (BP_GET_TYPE(bp) == DMU_OT_SA) { + arc_flags_t aflags = ARC_FLAG_WAIT; + enum zio_flag zioflags = ZIO_FLAG_CANFAIL; + + if (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW) { + ASSERT(BP_IS_PROTECTED(bp)); + zioflags |= ZIO_FLAG_RAW; + } + + arc_buf_t *abuf; + zbookmark_phys_t zb; + ASSERT3U(range->start_blkid, ==, DMU_SPILL_BLKID); + zb.zb_objset = dmu_objset_id(dscp->dsc_os); + zb.zb_object = range->object; + zb.zb_level = 0; + zb.zb_blkid = range->start_blkid; + + if (!dscp->dsc_dso->dso_dryrun && arc_read(NULL, spa, + bp, arc_getbuf_func, &abuf, ZIO_PRIORITY_ASYNC_READ, + zioflags, &aflags, &zb) != 0) + return (SET_ERROR(EIO)); + + err = dump_spill(dscp, bp, zb.zb_object, abuf->b_data); + arc_buf_destroy(abuf, &abuf); + return (err); + } + if (send_do_embed(dscp, bp)) { + err = dump_write_embedded(dscp, range->object, + range->start_blkid * srdp->datablksz, + srdp->datablksz, bp); + return (err); + } + ASSERT(range->object > dscp->dsc_resume_object || + (range->object == dscp->dsc_resume_object && + range->start_blkid * srdp->datablksz >= + dscp->dsc_resume_offset)); + /* it's a level-0 block of a regular object */ + arc_flags_t aflags = ARC_FLAG_WAIT; + arc_buf_t *abuf = NULL; + uint64_t offset; + + /* + * If we have large blocks stored on disk but the send flags + * don't allow us to send large blocks, we split the data from + * the arc buf into chunks. + */ + boolean_t split_large_blocks = + srdp->datablksz > SPA_OLD_MAXBLOCKSIZE && + !(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS); + + /* + * Raw sends require that we always get raw data as it exists + * on disk, so we assert that we are not splitting blocks here. + */ + boolean_t request_raw = + (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW) != 0; + + /* + * We should only request compressed data from the ARC if all + * the following are true: + * - stream compression was requested + * - we aren't splitting large blocks into smaller chunks + * - the data won't need to be byteswapped before sending + * - this isn't an embedded block + * - this isn't metadata (if receiving on a different endian + * system it can be byteswapped more easily) + */ + boolean_t request_compressed = + (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_COMPRESSED) && + !split_large_blocks && !BP_SHOULD_BYTESWAP(bp) && + !BP_IS_EMBEDDED(bp) && !DMU_OT_IS_METADATA(BP_GET_TYPE(bp)); + + IMPLY(request_raw, !split_large_blocks); + IMPLY(request_raw, BP_IS_PROTECTED(bp)); + if (!dscp->dsc_dso->dso_dryrun) { + enum zio_flag zioflags = ZIO_FLAG_CANFAIL; + + ASSERT3U(srdp->datablksz, ==, BP_GET_LSIZE(bp)); + + if (request_raw) + zioflags |= ZIO_FLAG_RAW; + else if (request_compressed) + zioflags |= ZIO_FLAG_RAW_COMPRESS; + zbookmark_phys_t zb; + zb.zb_objset = dmu_objset_id(dscp->dsc_os); + zb.zb_object = range->object; + zb.zb_level = 0; + zb.zb_blkid = range->start_blkid; + + err = arc_read(NULL, spa, bp, arc_getbuf_func, &abuf, + ZIO_PRIORITY_ASYNC_READ, zioflags, &aflags, &zb); + } + + if (err != 0) { + if (zfs_send_corrupt_data && + !dscp->dsc_dso->dso_dryrun) { + /* Send a block filled with 0x"zfs badd bloc" */ + abuf = arc_alloc_buf(spa, &abuf, ARC_BUFC_DATA, + srdp->datablksz); + uint64_t *ptr; + for (ptr = abuf->b_data; + (char *)ptr < (char *)abuf->b_data + + srdp->datablksz; ptr++) + *ptr = 0x2f5baddb10cULL; + } else { + return (SET_ERROR(EIO)); + } + } + + offset = range->start_blkid * srdp->datablksz; + + if (split_large_blocks) { + ASSERT0(arc_is_encrypted(abuf)); + ASSERT3U(arc_get_compression(abuf), ==, + ZIO_COMPRESS_OFF); + char *buf = abuf->b_data; + while (srdp->datablksz > 0 && err == 0) { + int n = MIN(srdp->datablksz, + SPA_OLD_MAXBLOCKSIZE); + err = dump_write(dscp, srdp->obj_type, + range->object, offset, n, n, NULL, buf); + offset += n; + buf += n; + srdp->datablksz -= n; + } + } else { + int psize; + if (abuf != NULL) { + psize = arc_buf_size(abuf); + if (arc_get_compression(abuf) != + ZIO_COMPRESS_OFF) { + ASSERT3S(psize, ==, BP_GET_PSIZE(bp)); + } + } else if (!request_compressed) { + psize = srdp->datablksz; + } else { + psize = BP_GET_PSIZE(bp); + } + err = dump_write(dscp, srdp->obj_type, range->object, + offset, srdp->datablksz, psize, bp, + (abuf == NULL ? NULL : abuf->b_data)); + } + if (abuf != NULL) + arc_buf_destroy(abuf, &abuf); + return (err); + } + case HOLE: { + struct srh *srhp = &range->sru.hole; + if (range->object == DMU_META_DNODE_OBJECT) { + uint32_t span = srhp->datablksz >> DNODE_SHIFT; + uint64_t first_obj = range->start_blkid * span; + uint64_t numobj = range->end_blkid * span - first_obj; + return (dump_freeobjects(dscp, first_obj, numobj)); + } + uint64_t offset = 0; + + /* + * If this multiply overflows, we don't need to send this block. + * Even if it has a birth time, it can never not be a hole, so + * we don't need to send records for it. + */ + if (!overflow_multiply(range->start_blkid, srhp->datablksz, + &offset)) { + return (0); + } + uint64_t len = 0; + + if (!overflow_multiply(range->end_blkid, srhp->datablksz, &len)) + len = UINT64_MAX; + len = len - offset; + return (dump_free(dscp, range->object, offset, len)); + } + default: + panic("Invalid range type in do_dump: %d", range->type); + } + return (err); +} + +struct send_range * +range_alloc(enum type type, uint64_t object, uint64_t start_blkid, + uint64_t end_blkid, boolean_t eos) +{ + struct send_range *range = kmem_alloc(sizeof (*range), KM_SLEEP); + range->type = type; + range->object = object; + range->start_blkid = start_blkid; + range->end_blkid = end_blkid; + range->eos_marker = eos; + return (range); +} + +/* + * This is the callback function to traverse_dataset that acts as a worker * thread for dmu_send_impl. */ /*ARGSUSED*/ @@ -715,318 +1139,1189 @@ send_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, const zbookmark_phys_t *zb, const struct dnode_phys *dnp, void *arg) { struct send_thread_arg *sta = arg; - struct send_block_record *record; - uint64_t record_size; - int err = 0; + struct send_range *record; ASSERT(zb->zb_object == DMU_META_DNODE_OBJECT || zb->zb_object >= sta->resume.zb_object); ASSERT3P(sta->ds, !=, NULL); + /* + * All bps of an encrypted os should have the encryption bit set. + * If this is not true it indicates tampering and we report an error. + */ + objset_t *os; + VERIFY0(dmu_objset_from_ds(sta->ds, &os)); + if (os->os_encrypted && + !BP_IS_HOLE(bp) && !BP_USES_CRYPT(bp)) { + spa_log_error(spa, zb); + zfs_panic_recover("unencrypted block in encrypted " + "object set %llu", sta->ds->ds_object); + return (SET_ERROR(EIO)); + } + if (sta->cancel) return (SET_ERROR(EINTR)); + if (zb->zb_object != DMU_META_DNODE_OBJECT && + DMU_OBJECT_IS_SPECIAL(zb->zb_object)) + return (0); + atomic_inc_64(sta->num_blocks_visited); - if (bp == NULL) { - ASSERT3U(zb->zb_level, ==, ZB_DNODE_LEVEL); + if (zb->zb_level == ZB_DNODE_LEVEL) { + if (zb->zb_object == DMU_META_DNODE_OBJECT) + return (0); + record = range_alloc(OBJECT, zb->zb_object, 0, 0, B_FALSE); + record->sru.object.bp = *bp; + size_t size = sizeof (*dnp) * (dnp->dn_extra_slots + 1); + record->sru.object.dnp = kmem_alloc(size, KM_SLEEP); + bcopy(dnp, record->sru.object.dnp, size); + bqueue_enqueue(&sta->q, record, sizeof (*record)); return (0); - } else if (zb->zb_level < 0) { + } + if (zb->zb_level == 0 && zb->zb_object == DMU_META_DNODE_OBJECT && + !BP_IS_HOLE(bp)) { + record = range_alloc(OBJECT_RANGE, 0, zb->zb_blkid, + zb->zb_blkid + 1, B_FALSE); + record->sru.object_range.bp = *bp; + bqueue_enqueue(&sta->q, record, sizeof (*record)); return (0); } + if (zb->zb_level < 0 || (zb->zb_level > 0 && !BP_IS_HOLE(bp))) + return (0); + if (zb->zb_object == DMU_META_DNODE_OBJECT && !BP_IS_HOLE(bp)) + return (0); - record = kmem_zalloc(sizeof (struct send_block_record), KM_SLEEP); - record->eos_marker = B_FALSE; - record->bp = *bp; - record->zb = *zb; - record->indblkshift = dnp->dn_indblkshift; - record->datablkszsec = dnp->dn_datablkszsec; - record_size = dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT; - bqueue_enqueue(&sta->q, record, record_size); + uint64_t span = bp_span_in_blocks(dnp->dn_indblkshift, zb->zb_level); + uint64_t start; - return (err); + /* + * If this multiply overflows, we don't need to send this block. + * Even if it has a birth time, it can never not be a hole, so + * we don't need to send records for it. + */ + if (!overflow_multiply(span, zb->zb_blkid, &start) || (!(zb->zb_blkid == + DMU_SPILL_BLKID || DMU_OT_IS_METADATA(dnp->dn_type)) && + span * zb->zb_blkid > dnp->dn_maxblkid)) { + ASSERT(BP_IS_HOLE(bp)); + return (0); + } + + if (zb->zb_blkid == DMU_SPILL_BLKID) + ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA); + + record = range_alloc(DATA, zb->zb_object, start, (start + span < start ? + 0 : start + span), B_FALSE); + + uint64_t datablksz = (zb->zb_blkid == DMU_SPILL_BLKID ? + BP_GET_LSIZE(bp) : dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT); + if (BP_IS_HOLE(bp)) { + record->type = HOLE; + record->sru.hole.datablksz = datablksz; + } else if (BP_IS_REDACTED(bp)) { + record->type = REDACT; + record->sru.redact.datablksz = datablksz; + } else { + record->type = DATA; + record->sru.data.datablksz = datablksz; + record->sru.data.obj_type = dnp->dn_type; + record->sru.data.bp = *bp; + } + bqueue_enqueue(&sta->q, record, sizeof (*record)); + return (0); +} + +struct redact_list_cb_arg { + uint64_t *num_blocks_visited; + bqueue_t *q; + boolean_t *cancel; + boolean_t mark_redact; +}; + +static int +redact_list_cb(redact_block_phys_t *rb, void *arg) +{ + struct redact_list_cb_arg *rlcap = arg; + + atomic_inc_64(rlcap->num_blocks_visited); + if (*rlcap->cancel) + return (-1); + + struct send_range *data = range_alloc(REDACT, rb->rbp_object, + rb->rbp_blkid, rb->rbp_blkid + redact_block_get_count(rb), B_FALSE); + ASSERT3U(data->end_blkid, >, rb->rbp_blkid); + if (rlcap->mark_redact) { + data->type = REDACT; + data->sru.redact.datablksz = redact_block_get_size(rb); + } else { + data->type = PREVIOUSLY_REDACTED; + } + bqueue_enqueue(rlcap->q, data, sizeof (*data)); + + return (0); } /* * This function kicks off the traverse_dataset. It also handles setting the * error code of the thread in case something goes wrong, and pushes the End of * Stream record when the traverse_dataset call has finished. If there is no - * dataset to traverse, the thread immediately pushes End of Stream marker. + * dataset to traverse, then we traverse the redaction list provided and enqueue + * records for that. If neither is provided, the thread immediately pushes an + * End of Stream marker. */ static void send_traverse_thread(void *arg) { struct send_thread_arg *st_arg = arg; - int err; - struct send_block_record *data; + int err = 0; + struct send_range *data; fstrans_cookie_t cookie = spl_fstrans_mark(); if (st_arg->ds != NULL) { + ASSERT3P(st_arg->redaction_list, ==, NULL); err = traverse_dataset_resume(st_arg->ds, st_arg->fromtxg, &st_arg->resume, st_arg->flags, send_cb, st_arg); + } else if (st_arg->redaction_list != NULL) { + struct redact_list_cb_arg rlcba = {0}; + rlcba.cancel = &st_arg->cancel; + rlcba.num_blocks_visited = st_arg->num_blocks_visited; + rlcba.q = &st_arg->q; + rlcba.mark_redact = B_FALSE; + err = dsl_redaction_list_traverse(st_arg->redaction_list, + &st_arg->resume, redact_list_cb, &rlcba); + } + + if (err != EINTR) + st_arg->error_code = err; + data = range_alloc(DATA, 0, 0, 0, B_TRUE); + bqueue_enqueue_flush(&st_arg->q, data, sizeof (*data)); + spl_fstrans_unmark(cookie); + thread_exit(); +} + +/* + * Utility function that causes End of Stream records to compare after of all + * others, so that other threads' comparison logic can stay simple. + */ +static int __attribute__((unused)) +send_range_after(const struct send_range *from, const struct send_range *to) +{ + if (from->eos_marker == B_TRUE) + return (1); + if (to->eos_marker == B_TRUE) + return (-1); + + uint64_t from_obj = from->object; + uint64_t from_end_obj = from->object + 1; + uint64_t to_obj = to->object; + uint64_t to_end_obj = to->object + 1; + if (from_obj == 0) { + ASSERT(from->type == HOLE || from->type == OBJECT_RANGE); + from_obj = from->start_blkid << DNODES_PER_BLOCK_SHIFT; + from_end_obj = from->end_blkid << DNODES_PER_BLOCK_SHIFT; + } + if (to_obj == 0) { + ASSERT(to->type == HOLE || to->type == OBJECT_RANGE); + to_obj = to->start_blkid << DNODES_PER_BLOCK_SHIFT; + to_end_obj = to->end_blkid << DNODES_PER_BLOCK_SHIFT; + } + + if (from_end_obj <= to_obj) + return (-1); + if (from_obj >= to_end_obj) + return (1); + int64_t cmp = AVL_CMP(to->type == OBJECT_RANGE, from->type == + OBJECT_RANGE); + if (unlikely(cmp)) + return (cmp); + cmp = AVL_CMP(to->type == OBJECT, from->type == OBJECT); + if (unlikely(cmp)) + return (cmp); + if (from->end_blkid <= to->start_blkid) + return (-1); + if (from->start_blkid >= to->end_blkid) + return (1); + return (0); +} +/* + * Pop the new data off the queue, check that the records we receive are in + * the right order, but do not free the old data. This is used so that the + * records can be sent on to the main thread without copying the data. + */ +static struct send_range * +get_next_range_nofree(bqueue_t *bq, struct send_range *prev) +{ + struct send_range *next = bqueue_dequeue(bq); + ASSERT3S(send_range_after(prev, next), ==, -1); + return (next); +} + +/* + * Pop the new data off the queue, check that the records we receive are in + * the right order, and free the old data. + */ +static struct send_range * +get_next_range(bqueue_t *bq, struct send_range *prev) +{ + struct send_range *next = get_next_range_nofree(bq, prev); + range_free(prev); + return (next); +} + +static void +redact_list_thread(void *arg) +{ + struct redact_list_thread_arg *rlt_arg = arg; + struct send_range *record; + fstrans_cookie_t cookie = spl_fstrans_mark(); + if (rlt_arg->rl != NULL) { + struct redact_list_cb_arg rlcba = {0}; + rlcba.cancel = &rlt_arg->cancel; + rlcba.q = &rlt_arg->q; + rlcba.num_blocks_visited = rlt_arg->num_blocks_visited; + rlcba.mark_redact = rlt_arg->mark_redact; + int err = dsl_redaction_list_traverse(rlt_arg->rl, + &rlt_arg->resume, redact_list_cb, &rlcba); if (err != EINTR) - st_arg->error_code = err; + rlt_arg->error_code = err; } - data = kmem_zalloc(sizeof (*data), KM_SLEEP); - data->eos_marker = B_TRUE; - bqueue_enqueue(&st_arg->q, data, 1); + record = range_alloc(DATA, 0, 0, 0, B_TRUE); + bqueue_enqueue_flush(&rlt_arg->q, record, sizeof (*record)); spl_fstrans_unmark(cookie); - thread_exit(); } /* - * This function actually handles figuring out what kind of record needs to be - * dumped, reading the data (which has hopefully been prefetched), and calling - * the appropriate helper function. + * Compare the start point of the two provided ranges. End of stream ranges + * compare last, objects compare before any data or hole inside that object and + * multi-object holes that start at the same object. */ static int -do_dump(dmu_sendarg_t *dsa, struct send_block_record *data) +send_range_start_compare(struct send_range *r1, struct send_range *r2) { - dsl_dataset_t *ds = dmu_objset_ds(dsa->dsa_os); - const blkptr_t *bp = &data->bp; - const zbookmark_phys_t *zb = &data->zb; - uint8_t indblkshift = data->indblkshift; - uint16_t dblkszsec = data->datablkszsec; - spa_t *spa = ds->ds_dir->dd_pool->dp_spa; - dmu_object_type_t type = bp ? BP_GET_TYPE(bp) : DMU_OT_NONE; - int err = 0; + uint64_t r1_objequiv = r1->object; + uint64_t r1_l0equiv = r1->start_blkid; + uint64_t r2_objequiv = r2->object; + uint64_t r2_l0equiv = r2->start_blkid; + int64_t cmp = AVL_CMP(r1->eos_marker, r2->eos_marker); + if (unlikely(cmp)) + return (cmp); + if (r1->object == 0) { + r1_objequiv = r1->start_blkid * DNODES_PER_BLOCK; + r1_l0equiv = 0; + } + if (r2->object == 0) { + r2_objequiv = r2->start_blkid * DNODES_PER_BLOCK; + r2_l0equiv = 0; + } - ASSERT3U(zb->zb_level, >=, 0); + cmp = AVL_CMP(r1_objequiv, r2_objequiv); + if (likely(cmp)) + return (cmp); + cmp = AVL_CMP(r2->type == OBJECT_RANGE, r1->type == OBJECT_RANGE); + if (unlikely(cmp)) + return (cmp); + cmp = AVL_CMP(r2->type == OBJECT, r1->type == OBJECT); + if (unlikely(cmp)) + return (cmp); + + return (AVL_CMP(r1_l0equiv, r2_l0equiv)); +} - ASSERT(zb->zb_object == DMU_META_DNODE_OBJECT || - zb->zb_object >= dsa->dsa_resume_object); +enum q_idx { + REDACT_IDX = 0, + TO_IDX, + FROM_IDX, + NUM_THREADS +}; +/* + * This function returns the next range the send_merge_thread should operate on. + * The inputs are two arrays; the first one stores the range at the front of the + * queues stored in the second one. The ranges are sorted in descending + * priority order; the metadata from earlier ranges overrules metadata from + * later ranges. out_mask is used to return which threads the ranges came from; + * bit i is set if ranges[i] started at the same place as the returned range. + * + * This code is not hardcoded to compare a specific number of threads; it could + * be used with any number, just by changing the q_idx enum. + * + * The "next range" is the one with the earliest start; if two starts are equal, + * the highest-priority range is the next to operate on. If a higher-priority + * range starts in the middle of the first range, then the first range will be + * truncated to end where the higher-priority range starts, and we will operate + * on that one next time. In this way, we make sure that each block covered by + * some range gets covered by a returned range, and each block covered is + * returned using the metadata of the highest-priority range it appears in. + * + * For example, if the three ranges at the front of the queues were [2,4), + * [3,5), and [1,3), then the ranges returned would be [1,2) with the metadata + * from the third range, [2,4) with the metadata from the first range, and then + * [4,5) with the metadata from the second. + */ +static struct send_range * +find_next_range(struct send_range **ranges, bqueue_t **qs, uint64_t *out_mask) +{ + int idx = 0; // index of the range with the earliest start + int i; + uint64_t bmask = 0; + for (i = 1; i < NUM_THREADS; i++) { + if (send_range_start_compare(ranges[i], ranges[idx]) < 0) + idx = i; + } + if (ranges[idx]->eos_marker) { + struct send_range *ret = range_alloc(DATA, 0, 0, 0, B_TRUE); + *out_mask = 0; + return (ret); + } /* - * All bps of an encrypted os should have the encryption bit set. - * If this is not true it indicates tampering and we report an error. + * Find all the ranges that start at that same point. */ - if (dsa->dsa_os->os_encrypted && - !BP_IS_HOLE(bp) && !BP_USES_CRYPT(bp)) { - spa_log_error(spa, zb); - zfs_panic_recover("unencrypted block in encrypted " - "object set %llu", ds->ds_object); - return (SET_ERROR(EIO)); + for (i = 0; i < NUM_THREADS; i++) { + if (send_range_start_compare(ranges[i], ranges[idx]) == 0) + bmask |= 1 << i; + } + *out_mask = bmask; + /* + * OBJECT_RANGE records only come from the TO thread, and should always + * be treated as overlapping with nothing and sent on immediately. They + * are only used in raw sends, and are never redacted. + */ + if (ranges[idx]->type == OBJECT_RANGE) { + ASSERT3U(idx, ==, TO_IDX); + ASSERT3U(*out_mask, ==, 1 << TO_IDX); + struct send_range *ret = ranges[idx]; + ranges[idx] = get_next_range_nofree(qs[idx], ranges[idx]); + return (ret); + } + /* + * Find the first start or end point after the start of the first range. + */ + uint64_t first_change = ranges[idx]->end_blkid; + for (i = 0; i < NUM_THREADS; i++) { + if (i == idx || ranges[i]->eos_marker || + ranges[i]->object > ranges[idx]->object || + ranges[i]->object == DMU_META_DNODE_OBJECT) + continue; + ASSERT3U(ranges[i]->object, ==, ranges[idx]->object); + if (first_change > ranges[i]->start_blkid && + (bmask & (1 << i)) == 0) + first_change = ranges[i]->start_blkid; + else if (first_change > ranges[i]->end_blkid) + first_change = ranges[i]->end_blkid; + } + /* + * Update all ranges to no longer overlap with the range we're + * returning. All such ranges must start at the same place as the range + * being returned, and end at or after first_change. Thus we update + * their start to first_change. If that makes them size 0, then free + * them and pull a new range from that thread. + */ + for (i = 0; i < NUM_THREADS; i++) { + if (i == idx || (bmask & (1 << i)) == 0) + continue; + ASSERT3U(first_change, >, ranges[i]->start_blkid); + ranges[i]->start_blkid = first_change; + ASSERT3U(ranges[i]->start_blkid, <=, ranges[i]->end_blkid); + if (ranges[i]->start_blkid == ranges[i]->end_blkid) + ranges[i] = get_next_range(qs[i], ranges[i]); + } + /* + * Short-circuit the simple case; if the range doesn't overlap with + * anything else, or it only overlaps with things that start at the same + * place and are longer, send it on. + */ + if (first_change == ranges[idx]->end_blkid) { + struct send_range *ret = ranges[idx]; + ranges[idx] = get_next_range_nofree(qs[idx], ranges[idx]); + return (ret); } - if (zb->zb_object != DMU_META_DNODE_OBJECT && - DMU_OBJECT_IS_SPECIAL(zb->zb_object)) { - return (0); - } else if (BP_IS_HOLE(bp) && - zb->zb_object == DMU_META_DNODE_OBJECT) { - uint64_t span = BP_SPAN(dblkszsec, indblkshift, zb->zb_level); - uint64_t dnobj = (zb->zb_blkid * span) >> DNODE_SHIFT; - err = dump_freeobjects(dsa, dnobj, span >> DNODE_SHIFT); - } else if (BP_IS_HOLE(bp)) { - uint64_t span = BP_SPAN(dblkszsec, indblkshift, zb->zb_level); - uint64_t offset = zb->zb_blkid * span; - /* Don't dump free records for offsets > DMU_OBJECT_END */ - if (zb->zb_blkid == 0 || span <= DMU_OBJECT_END / zb->zb_blkid) - err = dump_free(dsa, zb->zb_object, offset, span); - } else if (zb->zb_level > 0 || type == DMU_OT_OBJSET) { - return (0); - } else if (type == DMU_OT_DNODE) { - int epb = BP_GET_LSIZE(bp) >> DNODE_SHIFT; - arc_flags_t aflags = ARC_FLAG_WAIT; - arc_buf_t *abuf; - enum zio_flag zioflags = ZIO_FLAG_CANFAIL; + /* + * Otherwise, return a truncated copy of ranges[idx] and move the start + * of ranges[idx] back to first_change. + */ + struct send_range *ret = kmem_alloc(sizeof (*ret), KM_SLEEP); + *ret = *ranges[idx]; + ret->end_blkid = first_change; + ranges[idx]->start_blkid = first_change; + return (ret); +} + +#define FROM_AND_REDACT_BITS ((1 << REDACT_IDX) | (1 << FROM_IDX)) - if (dsa->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) { - ASSERT(BP_IS_ENCRYPTED(bp)); - ASSERT3U(BP_GET_COMPRESS(bp), ==, ZIO_COMPRESS_OFF); - zioflags |= ZIO_FLAG_RAW; +/* + * Merge the results from the from thread and the to thread, and then hand the + * records off to send_prefetch_thread to prefetch them. If this is not a + * send from a redaction bookmark, the from thread will push an end of stream + * record and stop, and we'll just send everything that was changed in the + * to_ds since the ancestor's creation txg. If it is, then since + * traverse_dataset has a canonical order, we can compare each change as + * they're pulled off the queues. That will give us a stream that is + * appropriately sorted, and covers all records. In addition, we pull the + * data from the redact_list_thread and use that to determine which blocks + * should be redacted. + */ +static void +send_merge_thread(void *arg) +{ + struct send_merge_thread_arg *smt_arg = arg; + struct send_range *front_ranges[NUM_THREADS]; + bqueue_t *queues[NUM_THREADS]; + int err = 0; + fstrans_cookie_t cookie = spl_fstrans_mark(); + + if (smt_arg->redact_arg == NULL) { + front_ranges[REDACT_IDX] = + kmem_zalloc(sizeof (struct send_range), KM_SLEEP); + front_ranges[REDACT_IDX]->eos_marker = B_TRUE; + front_ranges[REDACT_IDX]->type = REDACT; + queues[REDACT_IDX] = NULL; + } else { + front_ranges[REDACT_IDX] = + bqueue_dequeue(&smt_arg->redact_arg->q); + queues[REDACT_IDX] = &smt_arg->redact_arg->q; + } + front_ranges[TO_IDX] = bqueue_dequeue(&smt_arg->to_arg->q); + queues[TO_IDX] = &smt_arg->to_arg->q; + front_ranges[FROM_IDX] = bqueue_dequeue(&smt_arg->from_arg->q); + queues[FROM_IDX] = &smt_arg->from_arg->q; + uint64_t mask = 0; + struct send_range *range; + for (range = find_next_range(front_ranges, queues, &mask); + !range->eos_marker && err == 0 && !smt_arg->cancel; + range = find_next_range(front_ranges, queues, &mask)) { + /* + * If the range in question was in both the from redact bookmark + * and the bookmark we're using to redact, then don't send it. + * It's already redacted on the receiving system, so a redaction + * record would be redundant. + */ + if ((mask & FROM_AND_REDACT_BITS) == FROM_AND_REDACT_BITS) { + ASSERT3U(range->type, ==, REDACT); + range_free(range); + continue; } + bqueue_enqueue(&smt_arg->q, range, sizeof (*range)); + + if (smt_arg->to_arg->error_code != 0) { + err = smt_arg->to_arg->error_code; + } else if (smt_arg->from_arg->error_code != 0) { + err = smt_arg->from_arg->error_code; + } else if (smt_arg->redact_arg != NULL && + smt_arg->redact_arg->error_code != 0) { + err = smt_arg->redact_arg->error_code; + } + } + if (smt_arg->cancel && err == 0) + err = SET_ERROR(EINTR); + smt_arg->error = err; + if (smt_arg->error != 0) { + smt_arg->to_arg->cancel = B_TRUE; + smt_arg->from_arg->cancel = B_TRUE; + if (smt_arg->redact_arg != NULL) + smt_arg->redact_arg->cancel = B_TRUE; + } + for (int i = 0; i < NUM_THREADS; i++) { + while (!front_ranges[i]->eos_marker) { + front_ranges[i] = get_next_range(queues[i], + front_ranges[i]); + } + range_free(front_ranges[i]); + } + if (range == NULL) + range = kmem_zalloc(sizeof (*range), KM_SLEEP); + range->eos_marker = B_TRUE; + bqueue_enqueue_flush(&smt_arg->q, range, 1); + spl_fstrans_unmark(cookie); + thread_exit(); +} + +struct send_prefetch_thread_arg { + struct send_merge_thread_arg *smta; + bqueue_t q; + boolean_t cancel; + boolean_t issue_prefetches; + int error; +}; - ASSERT0(zb->zb_level); +/* + * Create a new record with the given values. + */ +static void +enqueue_range(struct send_prefetch_thread_arg *spta, bqueue_t *q, dnode_t *dn, + uint64_t blkid, uint64_t count, const blkptr_t *bp, uint32_t datablksz) +{ + enum type range_type = (bp == NULL || BP_IS_HOLE(bp) ? HOLE : + (BP_IS_REDACTED(bp) ? REDACT : DATA)); - if (arc_read(NULL, spa, bp, arc_getbuf_func, &abuf, - ZIO_PRIORITY_ASYNC_READ, zioflags, &aflags, zb) != 0) - return (SET_ERROR(EIO)); + struct send_range *range = range_alloc(range_type, dn->dn_object, + blkid, blkid + count, B_FALSE); - dnode_phys_t *blk = abuf->b_data; - uint64_t dnobj = zb->zb_blkid * epb; + if (blkid == DMU_SPILL_BLKID) + ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA); - /* - * Raw sends require sending encryption parameters for the - * block of dnodes. Regular sends do not need to send this - * info. - */ - if (dsa->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) { - ASSERT(arc_is_encrypted(abuf)); - err = dump_object_range(dsa, bp, dnobj, epb); + switch (range_type) { + case HOLE: + range->sru.hole.datablksz = datablksz; + break; + case DATA: + ASSERT3U(count, ==, 1); + range->sru.data.datablksz = datablksz; + range->sru.data.obj_type = dn->dn_type; + range->sru.data.bp = *bp; + if (spta->issue_prefetches) { + zbookmark_phys_t zb = {0}; + zb.zb_objset = dmu_objset_id(dn->dn_objset); + zb.zb_object = dn->dn_object; + zb.zb_level = 0; + zb.zb_blkid = blkid; + arc_flags_t aflags = ARC_FLAG_NOWAIT | + ARC_FLAG_PREFETCH; + (void) arc_read(NULL, dn->dn_objset->os_spa, bp, NULL, + NULL, ZIO_PRIORITY_ASYNC_READ, ZIO_FLAG_CANFAIL | + ZIO_FLAG_SPECULATIVE, &aflags, &zb); } + break; + case REDACT: + range->sru.redact.datablksz = datablksz; + break; + default: + break; + } + bqueue_enqueue(q, range, datablksz); +} - if (err == 0) { - for (int i = 0; i < epb; - i += blk[i].dn_extra_slots + 1) { - err = dump_dnode(dsa, bp, dnobj + i, blk + i); +/* + * This thread is responsible for two things: First, it retrieves the correct + * blkptr in the to ds if we need to send the data because of something from + * the from thread. As a result of this, we're the first ones to discover that + * some indirect blocks can be discarded because they're not holes. Second, + * it issues prefetches for the data we need to send. + */ +static void +send_prefetch_thread(void *arg) +{ + struct send_prefetch_thread_arg *spta = arg; + struct send_merge_thread_arg *smta = spta->smta; + bqueue_t *inq = &smta->q; + bqueue_t *outq = &spta->q; + objset_t *os = smta->os; + fstrans_cookie_t cookie = spl_fstrans_mark(); + struct send_range *range = bqueue_dequeue(inq); + int err = 0; + + /* + * If the record we're analyzing is from a redaction bookmark from the + * fromds, then we need to know whether or not it exists in the tods so + * we know whether to create records for it or not. If it does, we need + * the datablksz so we can generate an appropriate record for it. + * Finally, if it isn't redacted, we need the blkptr so that we can send + * a WRITE record containing the actual data. + */ + uint64_t last_obj = UINT64_MAX; + uint64_t last_obj_exists = B_TRUE; + while (!range->eos_marker && !spta->cancel && smta->error == 0 && + err == 0) { + switch (range->type) { + case DATA: { + zbookmark_phys_t zb; + zb.zb_objset = dmu_objset_id(os); + zb.zb_object = range->object; + zb.zb_level = 0; + zb.zb_blkid = range->start_blkid; + ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); + if (!BP_IS_REDACTED(&range->sru.data.bp) && + spta->issue_prefetches && + !BP_IS_EMBEDDED(&range->sru.data.bp)) { + arc_flags_t aflags = ARC_FLAG_NOWAIT | + ARC_FLAG_PREFETCH; + (void) arc_read(NULL, os->os_spa, + &range->sru.data.bp, NULL, NULL, + ZIO_PRIORITY_ASYNC_READ, ZIO_FLAG_CANFAIL | + ZIO_FLAG_SPECULATIVE, &aflags, &zb); + } + bqueue_enqueue(outq, range, range->sru.data.datablksz); + range = get_next_range_nofree(inq, range); + break; + } + case HOLE: + case OBJECT: + case OBJECT_RANGE: + case REDACT: // Redacted blocks must exist + bqueue_enqueue(outq, range, sizeof (*range)); + range = get_next_range_nofree(inq, range); + break; + case PREVIOUSLY_REDACTED: { + /* + * This entry came from the "from bookmark" when + * sending from a bookmark that has a redaction + * list. We need to check if this object/blkid + * exists in the target ("to") dataset, and if + * not then we drop this entry. We also need + * to fill in the block pointer so that we know + * what to prefetch. + * + * To accomplish the above, we first cache whether or + * not the last object we examined exists. If it + * doesn't, we can drop this record. If it does, we hold + * the dnode and use it to call dbuf_dnode_findbp. We do + * this instead of dbuf_bookmark_findbp because we will + * often operate on large ranges, and holding the dnode + * once is more efficient. + */ + boolean_t object_exists = B_TRUE; + /* + * If the data is redacted, we only care if it exists, + * so that we don't send records for objects that have + * been deleted. + */ + dnode_t *dn; + if (range->object == last_obj && !last_obj_exists) { + /* + * If we're still examining the same object as + * previously, and it doesn't exist, we don't + * need to call dbuf_bookmark_findbp. + */ + object_exists = B_FALSE; + } else { + err = dnode_hold(os, range->object, FTAG, &dn); + if (err == ENOENT) { + object_exists = B_FALSE; + err = 0; + } + last_obj = range->object; + last_obj_exists = object_exists; + } + + if (err != 0) { + break; + } else if (!object_exists) { + /* + * The block was modified, but doesn't + * exist in the to dataset; if it was + * deleted in the to dataset, then we'll + * visit the hole bp for it at some point. + */ + range = get_next_range(inq, range); + continue; + } + uint64_t file_max = + (dn->dn_maxblkid < range->end_blkid ? + dn->dn_maxblkid : range->end_blkid); + /* + * The object exists, so we need to try to find the + * blkptr for each block in the range we're processing. + */ + rw_enter(&dn->dn_struct_rwlock, RW_READER); + for (uint64_t blkid = range->start_blkid; + blkid < file_max; blkid++) { + blkptr_t bp; + uint32_t datablksz = + dn->dn_phys->dn_datablkszsec << + SPA_MINBLOCKSHIFT; + uint64_t offset = blkid * datablksz; + /* + * This call finds the next non-hole block in + * the object. This is to prevent a + * performance problem where we're unredacting + * a large hole. Using dnode_next_offset to + * skip over the large hole avoids iterating + * over every block in it. + */ + err = dnode_next_offset(dn, DNODE_FIND_HAVELOCK, + &offset, 1, 1, 0); + if (err == ESRCH) { + offset = UINT64_MAX; + err = 0; + } else if (err != 0) { + break; + } + if (offset != blkid * datablksz) { + /* + * if there is a hole from here + * (blkid) to offset + */ + offset = MIN(offset, file_max * + datablksz); + uint64_t nblks = (offset / datablksz) - + blkid; + enqueue_range(spta, outq, dn, blkid, + nblks, NULL, datablksz); + blkid += nblks; + } + if (blkid >= file_max) + break; + err = dbuf_dnode_findbp(dn, 0, blkid, &bp, + NULL, NULL); if (err != 0) break; + ASSERT(!BP_IS_HOLE(&bp)); + enqueue_range(spta, outq, dn, blkid, 1, &bp, + datablksz); } + rw_exit(&dn->dn_struct_rwlock); + dnode_rele(dn, FTAG); + range = get_next_range(inq, range); } - arc_buf_destroy(abuf, &abuf); - } else if (type == DMU_OT_SA) { - arc_flags_t aflags = ARC_FLAG_WAIT; - arc_buf_t *abuf; - enum zio_flag zioflags = ZIO_FLAG_CANFAIL; - - if (dsa->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) { - ASSERT(BP_IS_PROTECTED(bp)); - zioflags |= ZIO_FLAG_RAW; } + } + if (spta->cancel || err != 0) { + smta->cancel = B_TRUE; + spta->error = err; + } else if (smta->error != 0) { + spta->error = smta->error; + } + while (!range->eos_marker) + range = get_next_range(inq, range); - if (arc_read(NULL, spa, bp, arc_getbuf_func, &abuf, - ZIO_PRIORITY_ASYNC_READ, zioflags, &aflags, zb) != 0) - return (SET_ERROR(EIO)); - - err = dump_spill(dsa, bp, zb->zb_object, abuf->b_data); - arc_buf_destroy(abuf, &abuf); - } else if (backup_do_embed(dsa, bp)) { - /* it's an embedded level-0 block of a regular object */ - int blksz = dblkszsec << SPA_MINBLOCKSHIFT; - ASSERT0(zb->zb_level); - err = dump_write_embedded(dsa, zb->zb_object, - zb->zb_blkid * blksz, blksz, bp); - } else { - /* it's a level-0 block of a regular object */ - arc_flags_t aflags = ARC_FLAG_WAIT; - arc_buf_t *abuf; - int blksz = dblkszsec << SPA_MINBLOCKSHIFT; - uint64_t offset; + bqueue_enqueue_flush(outq, range, 1); + spl_fstrans_unmark(cookie); + thread_exit(); +} - /* - * If we have large blocks stored on disk but the send flags - * don't allow us to send large blocks, we split the data from - * the arc buf into chunks. - */ - boolean_t split_large_blocks = blksz > SPA_OLD_MAXBLOCKSIZE && - !(dsa->dsa_featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS); +#define NUM_SNAPS_NOT_REDACTED UINT64_MAX - /* - * Raw sends require that we always get raw data as it exists - * on disk, so we assert that we are not splitting blocks here. - */ - boolean_t request_raw = - (dsa->dsa_featureflags & DMU_BACKUP_FEATURE_RAW) != 0; +struct dmu_send_params { + /* Pool args */ + void *tag; // Tag that dp was held with, will be used to release dp. + dsl_pool_t *dp; + /* To snapshot args */ + const char *tosnap; + dsl_dataset_t *to_ds; + /* From snapshot args */ + zfs_bookmark_phys_t ancestor_zb; + uint64_t *fromredactsnaps; + /* NUM_SNAPS_NOT_REDACTED if not sending from redaction bookmark */ + uint64_t numfromredactsnaps; + /* Stream params */ + boolean_t is_clone; + boolean_t embedok; + boolean_t large_block_ok; + boolean_t compressok; + uint64_t resumeobj; + uint64_t resumeoff; + zfs_bookmark_phys_t *redactbook; + /* Stream output params */ + dmu_send_outparams_t *dso; + + /* Stream progress params */ + offset_t *off; + int outfd; + boolean_t rawok; +}; - /* - * We should only request compressed data from the ARC if all - * the following are true: - * - stream compression was requested - * - we aren't splitting large blocks into smaller chunks - * - the data won't need to be byteswapped before sending - * - this isn't an embedded block - * - this isn't metadata (if receiving on a different endian - * system it can be byteswapped more easily) - */ - boolean_t request_compressed = - (dsa->dsa_featureflags & DMU_BACKUP_FEATURE_COMPRESSED) && - !split_large_blocks && !BP_SHOULD_BYTESWAP(bp) && - !BP_IS_EMBEDDED(bp) && !DMU_OT_IS_METADATA(BP_GET_TYPE(bp)); +static int +setup_featureflags(struct dmu_send_params *dspp, objset_t *os, + uint64_t *featureflags) +{ + dsl_dataset_t *to_ds = dspp->to_ds; + dsl_pool_t *dp = dspp->dp; +#ifdef _KERNEL + if (dmu_objset_type(os) == DMU_OST_ZFS) { + uint64_t version; + if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &version) != 0) + return (SET_ERROR(EINVAL)); - IMPLY(request_raw, !split_large_blocks); - IMPLY(request_raw, BP_IS_PROTECTED(bp)); - ASSERT0(zb->zb_level); - ASSERT(zb->zb_object > dsa->dsa_resume_object || - (zb->zb_object == dsa->dsa_resume_object && - zb->zb_blkid * blksz >= dsa->dsa_resume_offset)); - - ASSERT3U(blksz, ==, BP_GET_LSIZE(bp)); - - enum zio_flag zioflags = ZIO_FLAG_CANFAIL; - if (request_raw) - zioflags |= ZIO_FLAG_RAW; - else if (request_compressed) - zioflags |= ZIO_FLAG_RAW_COMPRESS; - - if (arc_read(NULL, spa, bp, arc_getbuf_func, &abuf, - ZIO_PRIORITY_ASYNC_READ, zioflags, &aflags, zb) != 0) { - if (zfs_send_corrupt_data) { - /* Send a block filled with 0x"zfs badd bloc" */ - abuf = arc_alloc_buf(spa, &abuf, ARC_BUFC_DATA, - blksz); - uint64_t *ptr; - for (ptr = abuf->b_data; - (char *)ptr < (char *)abuf->b_data + blksz; - ptr++) - *ptr = 0x2f5baddb10cULL; - } else { - return (SET_ERROR(EIO)); - } - } + if (version >= ZPL_VERSION_SA) + *featureflags |= DMU_BACKUP_FEATURE_SA_SPILL; + } +#endif - offset = zb->zb_blkid * blksz; + /* raw sends imply large_block_ok */ + if ((dspp->rawok || dspp->large_block_ok) && + dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_BLOCKS)) { + *featureflags |= DMU_BACKUP_FEATURE_LARGE_BLOCKS; + } - if (split_large_blocks) { - ASSERT0(arc_is_encrypted(abuf)); - ASSERT3U(arc_get_compression(abuf), ==, - ZIO_COMPRESS_OFF); - char *buf = abuf->b_data; - while (blksz > 0 && err == 0) { - int n = MIN(blksz, SPA_OLD_MAXBLOCKSIZE); - err = dump_write(dsa, type, zb->zb_object, - offset, n, n, NULL, buf); - offset += n; - buf += n; - blksz -= n; - } - } else { - err = dump_write(dsa, type, zb->zb_object, offset, - blksz, arc_buf_size(abuf), bp, abuf->b_data); - } - arc_buf_destroy(abuf, &abuf); + /* encrypted datasets will not have embedded blocks */ + if ((dspp->embedok || dspp->rawok) && !os->os_encrypted && + spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA)) { + *featureflags |= DMU_BACKUP_FEATURE_EMBED_DATA; } - ASSERT(err == 0 || err == EINTR); - return (err); + /* raw send implies compressok */ + if (dspp->compressok || dspp->rawok) + *featureflags |= DMU_BACKUP_FEATURE_COMPRESSED; + if (dspp->rawok && os->os_encrypted) + *featureflags |= DMU_BACKUP_FEATURE_RAW; + + if ((*featureflags & + (DMU_BACKUP_FEATURE_EMBED_DATA | DMU_BACKUP_FEATURE_COMPRESSED | + DMU_BACKUP_FEATURE_RAW)) != 0 && + spa_feature_is_active(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS)) { + *featureflags |= DMU_BACKUP_FEATURE_LZ4; + } + + if (dspp->resumeobj != 0 || dspp->resumeoff != 0) { + *featureflags |= DMU_BACKUP_FEATURE_RESUMING; + } + + if (dspp->redactbook != NULL) { + *featureflags |= DMU_BACKUP_FEATURE_REDACTED; + } + + if (dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_DNODE)) { + *featureflags |= DMU_BACKUP_FEATURE_LARGE_DNODE; + } + return (0); } -/* - * Pop the new data off the queue, and free the old data. - */ -static struct send_block_record * -get_next_record(bqueue_t *bq, struct send_block_record *data) +static dmu_replay_record_t * +create_begin_record(struct dmu_send_params *dspp, objset_t *os, + uint64_t featureflags) +{ + dmu_replay_record_t *drr = kmem_zalloc(sizeof (dmu_replay_record_t), + KM_SLEEP); + drr->drr_type = DRR_BEGIN; + + struct drr_begin *drrb = &drr->drr_u.drr_begin; + dsl_dataset_t *to_ds = dspp->to_ds; + + drrb->drr_magic = DMU_BACKUP_MAGIC; + drrb->drr_creation_time = dsl_dataset_phys(to_ds)->ds_creation_time; + drrb->drr_type = dmu_objset_type(os); + drrb->drr_toguid = dsl_dataset_phys(to_ds)->ds_guid; + drrb->drr_fromguid = dspp->ancestor_zb.zbm_guid; + + DMU_SET_STREAM_HDRTYPE(drrb->drr_versioninfo, DMU_SUBSTREAM); + DMU_SET_FEATUREFLAGS(drrb->drr_versioninfo, featureflags); + + if (dspp->is_clone) + drrb->drr_flags |= DRR_FLAG_CLONE; + if (dsl_dataset_phys(dspp->to_ds)->ds_flags & DS_FLAG_CI_DATASET) + drrb->drr_flags |= DRR_FLAG_CI_DATA; + if (zfs_send_set_freerecords_bit) + drrb->drr_flags |= DRR_FLAG_FREERECORDS; + drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_SPILL_BLOCK; + + dsl_dataset_name(to_ds, drrb->drr_toname); + if (!to_ds->ds_is_snapshot) { + (void) strlcat(drrb->drr_toname, "@--head--", + sizeof (drrb->drr_toname)); + } + return (drr); +} + +static void +setup_to_thread(struct send_thread_arg *to_arg, dsl_dataset_t *to_ds, + dmu_sendstatus_t *dssp, uint64_t fromtxg, boolean_t rawok) +{ + VERIFY0(bqueue_init(&to_arg->q, zfs_send_no_prefetch_queue_ff, + MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), + offsetof(struct send_range, ln))); + to_arg->error_code = 0; + to_arg->cancel = B_FALSE; + to_arg->ds = to_ds; + to_arg->fromtxg = fromtxg; + to_arg->flags = TRAVERSE_PRE | TRAVERSE_PREFETCH_METADATA; + if (rawok) + to_arg->flags |= TRAVERSE_NO_DECRYPT; + to_arg->redaction_list = NULL; + to_arg->num_blocks_visited = &dssp->dss_blocks; + (void) thread_create(NULL, 0, send_traverse_thread, to_arg, 0, + curproc, TS_RUN, minclsyspri); +} + +static void +setup_from_thread(struct redact_list_thread_arg *from_arg, + redaction_list_t *from_rl, dmu_sendstatus_t *dssp) +{ + VERIFY0(bqueue_init(&from_arg->q, zfs_send_no_prefetch_queue_ff, + MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), + offsetof(struct send_range, ln))); + from_arg->error_code = 0; + from_arg->cancel = B_FALSE; + from_arg->rl = from_rl; + from_arg->mark_redact = B_FALSE; + from_arg->num_blocks_visited = &dssp->dss_blocks; + /* + * If from_ds is null, send_traverse_thread just returns success and + * enqueues an eos marker. + */ + (void) thread_create(NULL, 0, redact_list_thread, from_arg, 0, + curproc, TS_RUN, minclsyspri); +} + +static void +setup_redact_list_thread(struct redact_list_thread_arg *rlt_arg, + struct dmu_send_params *dspp, redaction_list_t *rl, dmu_sendstatus_t *dssp) { - struct send_block_record *tmp = bqueue_dequeue(bq); - kmem_free(data, sizeof (*data)); - return (tmp); + if (dspp->redactbook == NULL) + return; + + rlt_arg->cancel = B_FALSE; + VERIFY0(bqueue_init(&rlt_arg->q, zfs_send_no_prefetch_queue_ff, + MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), + offsetof(struct send_range, ln))); + rlt_arg->error_code = 0; + rlt_arg->mark_redact = B_TRUE; + rlt_arg->rl = rl; + rlt_arg->num_blocks_visited = &dssp->dss_blocks; + + (void) thread_create(NULL, 0, redact_list_thread, rlt_arg, 0, + curproc, TS_RUN, minclsyspri); +} + +static void +setup_merge_thread(struct send_merge_thread_arg *smt_arg, + struct dmu_send_params *dspp, struct redact_list_thread_arg *from_arg, + struct send_thread_arg *to_arg, struct redact_list_thread_arg *rlt_arg, + objset_t *os) +{ + VERIFY0(bqueue_init(&smt_arg->q, zfs_send_no_prefetch_queue_ff, + MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), + offsetof(struct send_range, ln))); + smt_arg->cancel = B_FALSE; + smt_arg->error = 0; + smt_arg->from_arg = from_arg; + smt_arg->to_arg = to_arg; + if (dspp->redactbook != NULL) + smt_arg->redact_arg = rlt_arg; + + smt_arg->os = os; + (void) thread_create(NULL, 0, send_merge_thread, smt_arg, 0, curproc, + TS_RUN, minclsyspri); +} + +static void +setup_prefetch_thread(struct send_prefetch_thread_arg *spt_arg, + struct dmu_send_params *dspp, struct send_merge_thread_arg *smt_arg) +{ + VERIFY0(bqueue_init(&spt_arg->q, zfs_send_queue_ff, + MAX(zfs_send_queue_length, 2 * zfs_max_recordsize), + offsetof(struct send_range, ln))); + spt_arg->smta = smt_arg; + spt_arg->issue_prefetches = !dspp->dso->dso_dryrun; + (void) thread_create(NULL, 0, send_prefetch_thread, spt_arg, 0, + curproc, TS_RUN, minclsyspri); +} + +static int +setup_resume_points(struct dmu_send_params *dspp, + struct send_thread_arg *to_arg, struct redact_list_thread_arg *from_arg, + struct redact_list_thread_arg *rlt_arg, + struct send_merge_thread_arg *smt_arg, boolean_t resuming, objset_t *os, + redaction_list_t *redact_rl, nvlist_t *nvl) +{ + dsl_dataset_t *to_ds = dspp->to_ds; + int err = 0; + + uint64_t obj = 0; + uint64_t blkid = 0; + if (resuming) { + obj = dspp->resumeobj; + dmu_object_info_t to_doi; + err = dmu_object_info(os, obj, &to_doi); + if (err != 0) + return (err); + + blkid = dspp->resumeoff / to_doi.doi_data_block_size; + } + /* + * If we're resuming a redacted send, we can skip to the appropriate + * point in the redaction bookmark by binary searching through it. + */ + smt_arg->bookmark_before = B_FALSE; + if (redact_rl != NULL) { + SET_BOOKMARK(&rlt_arg->resume, to_ds->ds_object, obj, 0, blkid); + } + + SET_BOOKMARK(&to_arg->resume, to_ds->ds_object, obj, 0, blkid); + if (nvlist_exists(nvl, BEGINNV_REDACT_FROM_SNAPS)) { + uint64_t objset = dspp->ancestor_zb.zbm_redaction_obj; + /* + * Note: If the resume point is in an object whose + * blocksize is different in the from vs to snapshots, + * we will have divided by the "wrong" blocksize. + * However, in this case fromsnap's send_cb() will + * detect that the blocksize has changed and therefore + * ignore this object. + * + * If we're resuming a send from a redaction bookmark, + * we still cannot accidentally suggest blocks behind + * the to_ds. In addition, we know that any blocks in + * the object in the to_ds will have to be sent, since + * the size changed. Therefore, we can't cause any harm + * this way either. + */ + SET_BOOKMARK(&from_arg->resume, objset, obj, 0, blkid); + } + if (resuming) { + fnvlist_add_uint64(nvl, BEGINNV_RESUME_OBJECT, dspp->resumeobj); + fnvlist_add_uint64(nvl, BEGINNV_RESUME_OFFSET, dspp->resumeoff); + } + return (0); +} + +static dmu_sendstatus_t * +setup_send_progress(struct dmu_send_params *dspp) +{ + dmu_sendstatus_t *dssp = kmem_zalloc(sizeof (*dssp), KM_SLEEP); + dssp->dss_outfd = dspp->outfd; + dssp->dss_off = dspp->off; + dssp->dss_proc = curproc; + mutex_enter(&dspp->to_ds->ds_sendstream_lock); + list_insert_head(&dspp->to_ds->ds_sendstreams, dssp); + mutex_exit(&dspp->to_ds->ds_sendstream_lock); + return (dssp); } /* * Actually do the bulk of the work in a zfs send. * + * The idea is that we want to do a send from ancestor_zb to to_ds. We also + * want to not send any data that has been modified by all the datasets in + * redactsnaparr, and store the list of blocks that are redacted in this way in + * a bookmark named redactbook, created on the to_ds. We do this by creating + * several worker threads, whose function is described below. + * + * There are three cases. + * The first case is a redacted zfs send. In this case there are 5 threads. + * The first thread is the to_ds traversal thread: it calls dataset_traverse on + * the to_ds and finds all the blocks that have changed since ancestor_zb (if + * it's a full send, that's all blocks in the dataset). It then sends those + * blocks on to the send merge thread. The redact list thread takes the data + * from the redaction bookmark and sends those blocks on to the send merge + * thread. The send merge thread takes the data from the to_ds traversal + * thread, and combines it with the redaction records from the redact list + * thread. If a block appears in both the to_ds's data and the redaction data, + * the send merge thread will mark it as redacted and send it on to the prefetch + * thread. Otherwise, the send merge thread will send the block on to the + * prefetch thread unchanged. The prefetch thread will issue prefetch reads for + * any data that isn't redacted, and then send the data on to the main thread. + * The main thread behaves the same as in a normal send case, issuing demand + * reads for data blocks and sending out records over the network + * + * The graphic below diagrams the flow of data in the case of a redacted zfs + * send. Each box represents a thread, and each line represents the flow of + * data. + * + * Records from the | + * redaction bookmark | + * +--------------------+ | +---------------------------+ + * | | v | Send Merge Thread | + * | Redact List Thread +----------> Apply redaction marks to | + * | | | records as specified by | + * +--------------------+ | redaction ranges | + * +----^---------------+------+ + * | | Merged data + * | | + * | +------------v--------+ + * | | Prefetch Thread | + * +--------------------+ | | Issues prefetch | + * | to_ds Traversal | | | reads of data blocks| + * | Thread (finds +---------------+ +------------+--------+ + * | candidate blocks) | Blocks modified | Prefetched data + * +--------------------+ by to_ds since | + * ancestor_zb +------------v----+ + * | Main Thread | File Descriptor + * | Sends data over +->(to zfs receive) + * | wire | + * +-----------------+ + * + * The second case is an incremental send from a redaction bookmark. The to_ds + * traversal thread and the main thread behave the same as in the redacted + * send case. The new thread is the from bookmark traversal thread. It + * iterates over the redaction list in the redaction bookmark, and enqueues + * records for each block that was redacted in the original send. The send + * merge thread now has to merge the data from the two threads. For details + * about that process, see the header comment of send_merge_thread(). Any data + * it decides to send on will be prefetched by the prefetch thread. Note that + * you can perform a redacted send from a redaction bookmark; in that case, + * the data flow behaves very similarly to the flow in the redacted send case, + * except with the addition of the bookmark traversal thread iterating over the + * redaction bookmark. The send_merge_thread also has to take on the + * responsibility of merging the redact list thread's records, the bookmark + * traversal thread's records, and the to_ds records. + * + * +---------------------+ + * | | + * | Redact List Thread +--------------+ + * | | | + * +---------------------+ | + * Blocks in redaction list | Ranges modified by every secure snap + * of from bookmark | (or EOS if not readcted) + * | + * +---------------------+ | +----v----------------------+ + * | bookmark Traversal | v | Send Merge Thread | + * | Thread (finds +---------> Merges bookmark, rlt, and | + * | candidate blocks) | | to_ds send records | + * +---------------------+ +----^---------------+------+ + * | | Merged data + * | +------------v--------+ + * | | Prefetch Thread | + * +--------------------+ | | Issues prefetch | + * | to_ds Traversal | | | reads of data blocks| + * | Thread (finds +---------------+ +------------+--------+ + * | candidate blocks) | Blocks modified | Prefetched data + * +--------------------+ by to_ds since +------------v----+ + * ancestor_zb | Main Thread | File Descriptor + * | Sends data over +->(to zfs receive) + * | wire | + * +-----------------+ + * + * The final case is a simple zfs full or incremental send. The to_ds traversal + * thread behaves the same as always. The redact list thread is never started. + * The send merge thread takes all the blocks that the to_ds traveral thread + * sends it, prefetches the data, and sends the blocks on to the main thread. + * The main thread sends the data over the wire. + * + * To keep performance acceptable, we want to prefetch the data in the worker + * threads. While the to_ds thread could simply use the TRAVERSE_PREFETCH + * feature built into traverse_dataset, the combining and deletion of records + * due to redaction and sends from redaction bookmarks mean that we could + * issue many unnecessary prefetches. As a result, we only prefetch data + * after we've determined that the record is not going to be redacted. To + * prevent the prefetching from getting too far ahead of the main thread, the + * blocking queues that are used for communication are capped not by the + * number of entries in the queue, but by the sum of the size of the + * prefetches associated with them. The limit on the amount of data that the + * thread can prefetch beyond what the main thread has reached is controlled + * by the global variable zfs_send_queue_length. In addition, to prevent poor + * performance in the beginning of a send, we also limit the distance ahead + * that the traversal threads can be. That distance is controlled by the + * zfs_send_no_prefetch_queue_length tunable. + * * Note: Releases dp using the specified tag. */ static int -dmu_send_impl(void *tag, dsl_pool_t *dp, dsl_dataset_t *to_ds, - zfs_bookmark_phys_t *ancestor_zb, boolean_t is_clone, - boolean_t embedok, boolean_t large_block_ok, boolean_t compressok, - boolean_t rawok, int outfd, uint64_t resumeobj, uint64_t resumeoff, - vnode_t *vp, offset_t *off) +dmu_send_impl(struct dmu_send_params *dspp) { objset_t *os; dmu_replay_record_t *drr; - dmu_sendarg_t *dsp; + dmu_sendstatus_t *dssp; + dmu_send_cookie_t dsc = {0}; int err; - uint64_t fromtxg = 0; + uint64_t fromtxg = dspp->ancestor_zb.zbm_creation_txg; uint64_t featureflags = 0; - struct send_thread_arg to_arg; - void *payload = NULL; - size_t payload_len = 0; - struct send_block_record *to_data; + struct redact_list_thread_arg *from_arg; + struct send_thread_arg *to_arg; + struct redact_list_thread_arg *rlt_arg; + struct send_merge_thread_arg *smt_arg; + struct send_prefetch_thread_arg *spt_arg; + struct send_range *range; + redaction_list_t *from_rl = NULL; + redaction_list_t *redact_rl = NULL; + boolean_t resuming = (dspp->resumeobj != 0 || dspp->resumeoff != 0); + boolean_t book_resuming = resuming; + + dsl_dataset_t *to_ds = dspp->to_ds; + zfs_bookmark_phys_t *ancestor_zb = &dspp->ancestor_zb; + dsl_pool_t *dp = dspp->dp; + void *tag = dspp->tag; err = dmu_objset_from_ds(to_ds, &os); if (err != 0) { dsl_pool_rele(dp, tag); return (err); } - /* * If this is a non-raw send of an encrypted ds, we can ensure that * the objset_phys_t is authenticated. This is safe because this is * either a snapshot or we have owned the dataset, ensuring that * it can't be modified. */ - if (!rawok && os->os_encrypted && + if (!dspp->rawok && os->os_encrypted && arc_is_unauthenticated(os->os_phys_buf)) { zbookmark_phys_t zb; @@ -1042,225 +2337,236 @@ dmu_send_impl(void *tag, dsl_pool_t *dp, dsl_dataset_t *to_ds, ASSERT0(arc_is_unauthenticated(os->os_phys_buf)); } - drr = kmem_zalloc(sizeof (dmu_replay_record_t), KM_SLEEP); - drr->drr_type = DRR_BEGIN; - drr->drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC; - DMU_SET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo, - DMU_SUBSTREAM); + if ((err = setup_featureflags(dspp, os, &featureflags)) != 0) { + dsl_pool_rele(dp, tag); + return (err); + } - bzero(&to_arg, sizeof (to_arg)); + from_arg = kmem_zalloc(sizeof (*from_arg), KM_SLEEP); + to_arg = kmem_zalloc(sizeof (*to_arg), KM_SLEEP); + rlt_arg = kmem_zalloc(sizeof (*rlt_arg), KM_SLEEP); + smt_arg = kmem_zalloc(sizeof (*smt_arg), KM_SLEEP); + spt_arg = kmem_zalloc(sizeof (*spt_arg), KM_SLEEP); -#ifdef _KERNEL - if (dmu_objset_type(os) == DMU_OST_ZFS) { - uint64_t version; - if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &version) != 0) { - kmem_free(drr, sizeof (dmu_replay_record_t)); + /* + * If we're doing a redacted send, hold the bookmark's redaction list. + */ + if (dspp->redactbook != NULL) { + err = dsl_redaction_list_hold_obj(dp, + dspp->redactbook->zbm_redaction_obj, FTAG, + &redact_rl); + if (err != 0) { dsl_pool_rele(dp, tag); return (SET_ERROR(EINVAL)); } - if (version >= ZPL_VERSION_SA) { - featureflags |= DMU_BACKUP_FEATURE_SA_SPILL; - } + dsl_redaction_list_long_hold(dp, redact_rl, FTAG); } -#endif - /* raw sends imply large_block_ok */ - if ((large_block_ok || rawok) && - dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_BLOCKS)) - featureflags |= DMU_BACKUP_FEATURE_LARGE_BLOCKS; - if (dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_DNODE)) - featureflags |= DMU_BACKUP_FEATURE_LARGE_DNODE; - - /* encrypted datasets will not have embedded blocks */ - if ((embedok || rawok) && !os->os_encrypted && - spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA)) { - featureflags |= DMU_BACKUP_FEATURE_EMBED_DATA; + /* + * If we're sending from a redaction bookmark, hold the redaction list + * so that we can consider sending the redacted blocks. + */ + if (ancestor_zb->zbm_redaction_obj != 0) { + err = dsl_redaction_list_hold_obj(dp, + ancestor_zb->zbm_redaction_obj, FTAG, &from_rl); + if (err != 0) { + if (redact_rl != NULL) { + dsl_redaction_list_long_rele(redact_rl, FTAG); + dsl_redaction_list_rele(redact_rl, FTAG); + } + dsl_pool_rele(dp, tag); + return (SET_ERROR(EINVAL)); + } + dsl_redaction_list_long_hold(dp, from_rl, FTAG); } - /* raw send implies compressok */ - if (compressok || rawok) - featureflags |= DMU_BACKUP_FEATURE_COMPRESSED; + dsl_dataset_long_hold(to_ds, FTAG); - if (rawok && os->os_encrypted) - featureflags |= DMU_BACKUP_FEATURE_RAW; + drr = create_begin_record(dspp, os, featureflags); + dssp = setup_send_progress(dspp); - if ((featureflags & - (DMU_BACKUP_FEATURE_EMBED_DATA | DMU_BACKUP_FEATURE_COMPRESSED | - DMU_BACKUP_FEATURE_RAW)) != 0 && - spa_feature_is_active(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS)) { - featureflags |= DMU_BACKUP_FEATURE_LZ4; - } - - if (resumeobj != 0 || resumeoff != 0) { - featureflags |= DMU_BACKUP_FEATURE_RESUMING; - } + dsc.dsc_drr = drr; + dsc.dsc_dso = dspp->dso; + dsc.dsc_os = os; + dsc.dsc_off = dspp->off; + dsc.dsc_toguid = dsl_dataset_phys(to_ds)->ds_guid; + dsc.dsc_fromtxg = fromtxg; + dsc.dsc_pending_op = PENDING_NONE; + dsc.dsc_featureflags = featureflags; + dsc.dsc_resume_object = dspp->resumeobj; + dsc.dsc_resume_offset = dspp->resumeoff; - DMU_SET_FEATUREFLAGS(drr->drr_u.drr_begin.drr_versioninfo, - featureflags); - - drr->drr_u.drr_begin.drr_creation_time = - dsl_dataset_phys(to_ds)->ds_creation_time; - drr->drr_u.drr_begin.drr_type = dmu_objset_type(os); - if (is_clone) - drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_CLONE; - drr->drr_u.drr_begin.drr_toguid = dsl_dataset_phys(to_ds)->ds_guid; - if (dsl_dataset_phys(to_ds)->ds_flags & DS_FLAG_CI_DATASET) - drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_CI_DATA; - if (zfs_send_set_freerecords_bit) - drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_FREERECORDS; + dsl_pool_rele(dp, tag); - drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_SPILL_BLOCK; + void *payload = NULL; + size_t payload_len = 0; + nvlist_t *nvl = fnvlist_alloc(); - if (ancestor_zb != NULL) { - drr->drr_u.drr_begin.drr_fromguid = - ancestor_zb->zbm_guid; - fromtxg = ancestor_zb->zbm_creation_txg; - } - dsl_dataset_name(to_ds, drr->drr_u.drr_begin.drr_toname); - if (!to_ds->ds_is_snapshot) { - (void) strlcat(drr->drr_u.drr_begin.drr_toname, "@--head--", - sizeof (drr->drr_u.drr_begin.drr_toname)); + /* + * If we're doing a redacted send, we include the snapshots we're + * redacted with respect to so that the target system knows what send + * streams can be correctly received on top of this dataset. If we're + * instead sending a redacted dataset, we include the snapshots that the + * dataset was created with respect to. + */ + if (dspp->redactbook != NULL) { + fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_SNAPS, + redact_rl->rl_phys->rlp_snaps, + redact_rl->rl_phys->rlp_num_snaps); + } else if (dsl_dataset_feature_is_active(to_ds, + SPA_FEATURE_REDACTED_DATASETS)) { + uint64_t *tods_guids; + uint64_t length; + VERIFY(dsl_dataset_get_uint64_array_feature(to_ds, + SPA_FEATURE_REDACTED_DATASETS, &length, &tods_guids)); + fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_SNAPS, tods_guids, + length); } - dsp = kmem_zalloc(sizeof (dmu_sendarg_t), KM_SLEEP); - - dsp->dsa_drr = drr; - dsp->dsa_vp = vp; - dsp->dsa_outfd = outfd; - dsp->dsa_proc = curproc; - dsp->dsa_os = os; - dsp->dsa_off = off; - dsp->dsa_toguid = dsl_dataset_phys(to_ds)->ds_guid; - dsp->dsa_fromtxg = fromtxg; - dsp->dsa_pending_op = PENDING_NONE; - dsp->dsa_featureflags = featureflags; - dsp->dsa_resume_object = resumeobj; - dsp->dsa_resume_offset = resumeoff; + /* + * If we're sending from a redaction bookmark, then we should retrieve + * the guids of that bookmark so we can send them over the wire. + */ + if (from_rl != NULL) { + fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_FROM_SNAPS, + from_rl->rl_phys->rlp_snaps, + from_rl->rl_phys->rlp_num_snaps); + } - mutex_enter(&to_ds->ds_sendstream_lock); - list_insert_head(&to_ds->ds_sendstreams, dsp); - mutex_exit(&to_ds->ds_sendstream_lock); + /* + * If the snapshot we're sending from is redacted, include the redaction + * list in the stream. + */ + if (dspp->numfromredactsnaps != NUM_SNAPS_NOT_REDACTED) { + ASSERT3P(from_rl, ==, NULL); + fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_FROM_SNAPS, + dspp->fromredactsnaps, (uint_t)dspp->numfromredactsnaps); + if (dspp->numfromredactsnaps > 0) { + kmem_free(dspp->fromredactsnaps, + dspp->numfromredactsnaps * sizeof (uint64_t)); + dspp->fromredactsnaps = NULL; + } + } - dsl_dataset_long_hold(to_ds, FTAG); - dsl_pool_rele(dp, tag); + if (resuming || book_resuming) { + err = setup_resume_points(dspp, to_arg, from_arg, + rlt_arg, smt_arg, resuming, os, redact_rl, nvl); + if (err != 0) + goto out; + } - /* handle features that require a DRR_BEGIN payload */ - if (featureflags & - (DMU_BACKUP_FEATURE_RESUMING | DMU_BACKUP_FEATURE_RAW)) { + if (featureflags & DMU_BACKUP_FEATURE_RAW) { + uint64_t ivset_guid = (ancestor_zb != NULL) ? + ancestor_zb->zbm_ivset_guid : 0; nvlist_t *keynvl = NULL; - nvlist_t *nvl = fnvlist_alloc(); - - if (featureflags & DMU_BACKUP_FEATURE_RESUMING) { - dmu_object_info_t to_doi; - err = dmu_object_info(os, resumeobj, &to_doi); - if (err != 0) { - fnvlist_free(nvl); - goto out; - } - - SET_BOOKMARK(&to_arg.resume, to_ds->ds_object, - resumeobj, 0, - resumeoff / to_doi.doi_data_block_size); + ASSERT(os->os_encrypted); - fnvlist_add_uint64(nvl, "resume_object", resumeobj); - fnvlist_add_uint64(nvl, "resume_offset", resumeoff); + err = dsl_crypto_populate_key_nvlist(to_ds, ivset_guid, + &keynvl); + if (err != 0) { + fnvlist_free(nvl); + goto out; } - if (featureflags & DMU_BACKUP_FEATURE_RAW) { - uint64_t ivset_guid = (ancestor_zb != NULL) ? - ancestor_zb->zbm_ivset_guid : 0; - - ASSERT(os->os_encrypted); - - err = dsl_crypto_populate_key_nvlist(to_ds, - ivset_guid, &keynvl); - if (err != 0) { - fnvlist_free(nvl); - goto out; - } - - fnvlist_add_nvlist(nvl, "crypt_keydata", keynvl); - } + fnvlist_add_nvlist(nvl, "crypt_keydata", keynvl); + fnvlist_free(keynvl); + } + if (!nvlist_empty(nvl)) { payload = fnvlist_pack(nvl, &payload_len); drr->drr_payloadlen = payload_len; - fnvlist_free(keynvl); - fnvlist_free(nvl); } - err = dump_record(dsp, payload, payload_len); + fnvlist_free(nvl); + err = dump_record(&dsc, payload, payload_len); fnvlist_pack_free(payload, payload_len); if (err != 0) { - err = dsp->dsa_err; + err = dsc.dsc_err; goto out; } - err = bqueue_init(&to_arg.q, - MAX(zfs_send_queue_length, 2 * zfs_max_recordsize), - offsetof(struct send_block_record, ln)); - to_arg.error_code = 0; - to_arg.cancel = B_FALSE; - to_arg.ds = to_ds; - to_arg.fromtxg = fromtxg; - to_arg.flags = TRAVERSE_PRE | TRAVERSE_PREFETCH; - if (rawok) - to_arg.flags |= TRAVERSE_NO_DECRYPT; - (void) thread_create(NULL, 0, send_traverse_thread, &to_arg, 0, curproc, - TS_RUN, minclsyspri); - - to_data = bqueue_dequeue(&to_arg.q); + setup_to_thread(to_arg, to_ds, dssp, fromtxg, dspp->rawok); + setup_from_thread(from_arg, from_rl, dssp); + setup_redact_list_thread(rlt_arg, dspp, redact_rl, dssp); + setup_merge_thread(smt_arg, dspp, from_arg, to_arg, rlt_arg, os); + setup_prefetch_thread(spt_arg, dspp, smt_arg); - while (!to_data->eos_marker && err == 0) { - err = do_dump(dsp, to_data); - to_data = get_next_record(&to_arg.q, to_data); + range = bqueue_dequeue(&spt_arg->q); + while (err == 0 && !range->eos_marker) { + err = do_dump(&dsc, range); + range = get_next_range(&spt_arg->q, range); if (issig(JUSTLOOKING) && issig(FORREAL)) err = EINTR; } + /* + * If we hit an error or are interrupted, cancel our worker threads and + * clear the queue of any pending records. The threads will pass the + * cancel up the tree of worker threads, and each one will clean up any + * pending records before exiting. + */ if (err != 0) { - to_arg.cancel = B_TRUE; - while (!to_data->eos_marker) { - to_data = get_next_record(&to_arg.q, to_data); + spt_arg->cancel = B_TRUE; + while (!range->eos_marker) { + range = get_next_range(&spt_arg->q, range); } } - kmem_free(to_data, sizeof (*to_data)); + range_free(range); - bqueue_destroy(&to_arg.q); + bqueue_destroy(&spt_arg->q); + bqueue_destroy(&smt_arg->q); + if (dspp->redactbook != NULL) + bqueue_destroy(&rlt_arg->q); + bqueue_destroy(&to_arg->q); + bqueue_destroy(&from_arg->q); - if (err == 0 && to_arg.error_code != 0) - err = to_arg.error_code; + if (err == 0 && spt_arg->error != 0) + err = spt_arg->error; if (err != 0) goto out; - if (dsp->dsa_pending_op != PENDING_NONE) - if (dump_record(dsp, NULL, 0) != 0) + if (dsc.dsc_pending_op != PENDING_NONE) + if (dump_record(&dsc, NULL, 0) != 0) err = SET_ERROR(EINTR); if (err != 0) { - if (err == EINTR && dsp->dsa_err != 0) - err = dsp->dsa_err; + if (err == EINTR && dsc.dsc_err != 0) + err = dsc.dsc_err; goto out; } bzero(drr, sizeof (dmu_replay_record_t)); drr->drr_type = DRR_END; - drr->drr_u.drr_end.drr_checksum = dsp->dsa_zc; - drr->drr_u.drr_end.drr_toguid = dsp->dsa_toguid; + drr->drr_u.drr_end.drr_checksum = dsc.dsc_zc; + drr->drr_u.drr_end.drr_toguid = dsc.dsc_toguid; - if (dump_record(dsp, NULL, 0) != 0) - err = dsp->dsa_err; + if (dump_record(&dsc, NULL, 0) != 0) + err = dsc.dsc_err; out: mutex_enter(&to_ds->ds_sendstream_lock); - list_remove(&to_ds->ds_sendstreams, dsp); + list_remove(&to_ds->ds_sendstreams, dssp); mutex_exit(&to_ds->ds_sendstream_lock); - VERIFY(err != 0 || (dsp->dsa_sent_begin && dsp->dsa_sent_end)); + VERIFY(err != 0 || (dsc.dsc_sent_begin && dsc.dsc_sent_end)); kmem_free(drr, sizeof (dmu_replay_record_t)); - kmem_free(dsp, sizeof (dmu_sendarg_t)); + kmem_free(dssp, sizeof (dmu_sendstatus_t)); + kmem_free(from_arg, sizeof (*from_arg)); + kmem_free(to_arg, sizeof (*to_arg)); + kmem_free(rlt_arg, sizeof (*rlt_arg)); + kmem_free(smt_arg, sizeof (*smt_arg)); + kmem_free(spt_arg, sizeof (*spt_arg)); dsl_dataset_long_rele(to_ds, FTAG); + if (from_rl != NULL) { + dsl_redaction_list_long_rele(from_rl, FTAG); + dsl_redaction_list_rele(from_rl, FTAG); + } + if (redact_rl != NULL) { + dsl_redaction_list_long_rele(redact_rl, FTAG); + dsl_redaction_list_rele(redact_rl, FTAG); + } return (err); } @@ -1268,104 +2574,162 @@ out: int dmu_send_obj(const char *pool, uint64_t tosnap, uint64_t fromsnap, boolean_t embedok, boolean_t large_block_ok, boolean_t compressok, - boolean_t rawok, int outfd, vnode_t *vp, offset_t *off) + boolean_t rawok, int outfd, offset_t *off, dmu_send_outparams_t *dsop) { - dsl_pool_t *dp; - dsl_dataset_t *ds; - dsl_dataset_t *fromds = NULL; - ds_hold_flags_t dsflags = (rawok) ? 0 : DS_HOLD_FLAG_DECRYPT; int err; - - err = dsl_pool_hold(pool, FTAG, &dp); + dsl_dataset_t *fromds; + ds_hold_flags_t dsflags = (rawok) ? 0 : DS_HOLD_FLAG_DECRYPT; + struct dmu_send_params dspp = {0}; + dspp.embedok = embedok; + dspp.large_block_ok = large_block_ok; + dspp.compressok = compressok; + dspp.outfd = outfd; + dspp.off = off; + dspp.dso = dsop; + dspp.tag = FTAG; + dspp.rawok = rawok; + + err = dsl_pool_hold(pool, FTAG, &dspp.dp); if (err != 0) return (err); - err = dsl_dataset_hold_obj_flags(dp, tosnap, dsflags, FTAG, &ds); + err = dsl_dataset_hold_obj_flags(dspp.dp, tosnap, dsflags, FTAG, + &dspp.to_ds); if (err != 0) { - dsl_pool_rele(dp, FTAG); + dsl_pool_rele(dspp.dp, FTAG); return (err); } if (fromsnap != 0) { - zfs_bookmark_phys_t zb = { 0 }; - boolean_t is_clone; - - err = dsl_dataset_hold_obj(dp, fromsnap, FTAG, &fromds); + err = dsl_dataset_hold_obj_flags(dspp.dp, fromsnap, dsflags, + FTAG, &fromds); if (err != 0) { - dsl_dataset_rele_flags(ds, dsflags, FTAG); - dsl_pool_rele(dp, FTAG); + dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); + dsl_pool_rele(dspp.dp, FTAG); return (err); } - if (!dsl_dataset_is_before(ds, fromds, 0)) { - err = SET_ERROR(EXDEV); - dsl_dataset_rele(fromds, FTAG); - dsl_dataset_rele_flags(ds, dsflags, FTAG); - dsl_pool_rele(dp, FTAG); - return (err); - } - - zb.zbm_creation_time = + dspp.ancestor_zb.zbm_guid = dsl_dataset_phys(fromds)->ds_guid; + dspp.ancestor_zb.zbm_creation_txg = + dsl_dataset_phys(fromds)->ds_creation_txg; + dspp.ancestor_zb.zbm_creation_time = dsl_dataset_phys(fromds)->ds_creation_time; - zb.zbm_creation_txg = dsl_dataset_phys(fromds)->ds_creation_txg; - zb.zbm_guid = dsl_dataset_phys(fromds)->ds_guid; if (dsl_dataset_is_zapified(fromds)) { - (void) zap_lookup(dp->dp_meta_objset, + (void) zap_lookup(dspp.dp->dp_meta_objset, fromds->ds_object, DS_FIELD_IVSET_GUID, 8, 1, - &zb.zbm_ivset_guid); + &dspp.ancestor_zb.zbm_ivset_guid); } - is_clone = (fromds->ds_dir != ds->ds_dir); - dsl_dataset_rele(fromds, FTAG); - err = dmu_send_impl(FTAG, dp, ds, &zb, is_clone, - embedok, large_block_ok, compressok, rawok, outfd, - 0, 0, vp, off); + /* See dmu_send for the reasons behind this. */ + uint64_t *fromredact; + + if (!dsl_dataset_get_uint64_array_feature(fromds, + SPA_FEATURE_REDACTED_DATASETS, + &dspp.numfromredactsnaps, + &fromredact)) { + dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; + } else if (dspp.numfromredactsnaps > 0) { + uint64_t size = dspp.numfromredactsnaps * + sizeof (uint64_t); + dspp.fromredactsnaps = kmem_zalloc(size, KM_SLEEP); + bcopy(fromredact, dspp.fromredactsnaps, size); + } + + if (!dsl_dataset_is_before(dspp.to_ds, fromds, 0)) { + err = SET_ERROR(EXDEV); + } else { + dspp.is_clone = (dspp.to_ds->ds_dir != + fromds->ds_dir); + dsl_dataset_rele(fromds, FTAG); + err = dmu_send_impl(&dspp); + } } else { - err = dmu_send_impl(FTAG, dp, ds, NULL, B_FALSE, - embedok, large_block_ok, compressok, rawok, outfd, - 0, 0, vp, off); + dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; + err = dmu_send_impl(&dspp); } - dsl_dataset_rele_flags(ds, dsflags, FTAG); + dsl_dataset_rele(dspp.to_ds, FTAG); return (err); } int dmu_send(const char *tosnap, const char *fromsnap, boolean_t embedok, boolean_t large_block_ok, boolean_t compressok, boolean_t rawok, - int outfd, uint64_t resumeobj, uint64_t resumeoff, vnode_t *vp, - offset_t *off) + uint64_t resumeobj, uint64_t resumeoff, const char *redactbook, int outfd, + offset_t *off, dmu_send_outparams_t *dsop) { - dsl_pool_t *dp; - dsl_dataset_t *ds; - int err; + int err = 0; ds_hold_flags_t dsflags = (rawok) ? 0 : DS_HOLD_FLAG_DECRYPT; boolean_t owned = B_FALSE; + dsl_dataset_t *fromds = NULL; + zfs_bookmark_phys_t book = {0}; + struct dmu_send_params dspp = {0}; + dspp.tosnap = tosnap; + dspp.embedok = embedok; + dspp.large_block_ok = large_block_ok; + dspp.compressok = compressok; + dspp.outfd = outfd; + dspp.off = off; + dspp.dso = dsop; + dspp.tag = FTAG; + dspp.resumeobj = resumeobj; + dspp.resumeoff = resumeoff; + dspp.rawok = rawok; if (fromsnap != NULL && strpbrk(fromsnap, "@#") == NULL) return (SET_ERROR(EINVAL)); - err = dsl_pool_hold(tosnap, FTAG, &dp); + err = dsl_pool_hold(tosnap, FTAG, &dspp.dp); if (err != 0) return (err); - if (strchr(tosnap, '@') == NULL && spa_writeable(dp->dp_spa)) { + if (strchr(tosnap, '@') == NULL && spa_writeable(dspp.dp->dp_spa)) { /* * We are sending a filesystem or volume. Ensure * that it doesn't change by owning the dataset. */ - err = dsl_dataset_own(dp, tosnap, dsflags, FTAG, &ds); + err = dsl_dataset_own(dspp.dp, tosnap, dsflags, FTAG, + &dspp.to_ds); owned = B_TRUE; } else { - err = dsl_dataset_hold_flags(dp, tosnap, dsflags, FTAG, &ds); + err = dsl_dataset_hold_flags(dspp.dp, tosnap, dsflags, FTAG, + &dspp.to_ds); } + if (err != 0) { - dsl_pool_rele(dp, FTAG); + dsl_pool_rele(dspp.dp, FTAG); + return (err); + } + + if (redactbook != NULL) { + char path[ZFS_MAX_DATASET_NAME_LEN]; + (void) strlcpy(path, tosnap, sizeof (path)); + char *at = strchr(path, '@'); + if (at == NULL) { + err = EINVAL; + } else { + (void) snprintf(at, sizeof (path) - (at - path), "#%s", + redactbook); + err = dsl_bookmark_lookup(dspp.dp, path, + NULL, &book); + dspp.redactbook = &book; + } + } + + if (err != 0) { + dsl_pool_rele(dspp.dp, FTAG); + if (owned) + dsl_dataset_disown(dspp.to_ds, dsflags, FTAG); + else + dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); return (err); } if (fromsnap != NULL) { - zfs_bookmark_phys_t zb = { 0 }; - boolean_t is_clone = B_FALSE; - int fsnamelen = strchr(tosnap, '@') - tosnap; + zfs_bookmark_phys_t *zb = &dspp.ancestor_zb; + int fsnamelen; + if (strpbrk(tosnap, "@#") != NULL) + fsnamelen = strpbrk(tosnap, "@#") - tosnap; + else + fsnamelen = strlen(tosnap); /* * If the fromsnap is in a different filesystem, then @@ -1374,55 +2738,88 @@ dmu_send(const char *tosnap, const char *fromsnap, boolean_t embedok, if (strncmp(tosnap, fromsnap, fsnamelen) != 0 || (fromsnap[fsnamelen] != '@' && fromsnap[fsnamelen] != '#')) { - is_clone = B_TRUE; + dspp.is_clone = B_TRUE; } - if (strchr(fromsnap, '@')) { - dsl_dataset_t *fromds; - err = dsl_dataset_hold(dp, fromsnap, FTAG, &fromds); - if (err == 0) { - if (!dsl_dataset_is_before(ds, fromds, 0)) + if (strchr(fromsnap, '@') != NULL) { + err = dsl_dataset_hold(dspp.dp, fromsnap, FTAG, + &fromds); + + if (err != 0) { + ASSERT3P(fromds, ==, NULL); + } else { + /* + * We need to make a deep copy of the redact + * snapshots of the from snapshot, because the + * array will be freed when we evict from_ds. + */ + uint64_t *fromredact; + if (!dsl_dataset_get_uint64_array_feature( + fromds, SPA_FEATURE_REDACTED_DATASETS, + &dspp.numfromredactsnaps, + &fromredact)) { + dspp.numfromredactsnaps = + NUM_SNAPS_NOT_REDACTED; + } else if (dspp.numfromredactsnaps > 0) { + uint64_t size = + dspp.numfromredactsnaps * + sizeof (uint64_t); + dspp.fromredactsnaps = kmem_zalloc(size, + KM_SLEEP); + bcopy(fromredact, dspp.fromredactsnaps, + size); + } + if (!dsl_dataset_is_before(dspp.to_ds, fromds, + 0)) { err = SET_ERROR(EXDEV); - zb.zbm_creation_time = - dsl_dataset_phys(fromds)->ds_creation_time; - zb.zbm_creation_txg = - dsl_dataset_phys(fromds)->ds_creation_txg; - zb.zbm_guid = dsl_dataset_phys(fromds)->ds_guid; - is_clone = (ds->ds_dir != fromds->ds_dir); - - if (dsl_dataset_is_zapified(fromds)) { - (void) zap_lookup(dp->dp_meta_objset, - fromds->ds_object, - DS_FIELD_IVSET_GUID, 8, 1, - &zb.zbm_ivset_guid); + } else { + ASSERT3U(dspp.is_clone, ==, + (dspp.to_ds->ds_dir != + fromds->ds_dir)); + zb->zbm_creation_txg = + dsl_dataset_phys(fromds)-> + ds_creation_txg; + zb->zbm_creation_time = + dsl_dataset_phys(fromds)-> + ds_creation_time; + zb->zbm_guid = + dsl_dataset_phys(fromds)->ds_guid; + zb->zbm_redaction_obj = 0; + + if (dsl_dataset_is_zapified(fromds)) { + (void) zap_lookup( + dspp.dp->dp_meta_objset, + fromds->ds_object, + DS_FIELD_IVSET_GUID, 8, 1, + &zb->zbm_ivset_guid); + } } dsl_dataset_rele(fromds, FTAG); } } else { - err = dsl_bookmark_lookup(dp, fromsnap, ds, &zb); + dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; + err = dsl_bookmark_lookup(dspp.dp, fromsnap, dspp.to_ds, + zb); + if (err == EXDEV && zb->zbm_redaction_obj != 0 && + zb->zbm_guid == + dsl_dataset_phys(dspp.to_ds)->ds_guid) + err = 0; } - if (err != 0) { - if (owned) - dsl_dataset_disown(ds, dsflags, FTAG); - else - dsl_dataset_rele_flags(ds, dsflags, FTAG); - dsl_pool_rele(dp, FTAG); - return (err); + if (err == 0) { + /* dmu_send_impl will call dsl_pool_rele for us. */ + err = dmu_send_impl(&dspp); + } else { + dsl_pool_rele(dspp.dp, FTAG); } - err = dmu_send_impl(FTAG, dp, ds, &zb, is_clone, - embedok, large_block_ok, compressok, rawok, - outfd, resumeobj, resumeoff, vp, off); } else { - err = dmu_send_impl(FTAG, dp, ds, NULL, B_FALSE, - embedok, large_block_ok, compressok, rawok, - outfd, resumeobj, resumeoff, vp, off); + dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; + err = dmu_send_impl(&dspp); } if (owned) - dsl_dataset_disown(ds, dsflags, FTAG); + dsl_dataset_disown(dspp.to_ds, dsflags, FTAG); else - dsl_dataset_rele_flags(ds, dsflags, FTAG); - + dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); return (err); } @@ -1483,39 +2880,40 @@ dmu_adjust_send_estimate_for_indirects(dsl_dataset_t *ds, uint64_t uncompressed, } int -dmu_send_estimate(dsl_dataset_t *ds, dsl_dataset_t *fromds, - boolean_t stream_compressed, uint64_t *sizep) +dmu_send_estimate_fast(dsl_dataset_t *ds, dsl_dataset_t *fromds, + zfs_bookmark_phys_t *frombook, boolean_t stream_compressed, uint64_t *sizep) { int err; uint64_t uncomp, comp; ASSERT(dsl_pool_config_held(ds->ds_dir->dd_pool)); + ASSERT(fromds == NULL || frombook == NULL); /* tosnap must be a snapshot */ if (!ds->ds_is_snapshot) return (SET_ERROR(EINVAL)); - /* fromsnap, if provided, must be a snapshot */ - if (fromds != NULL && !fromds->ds_is_snapshot) - return (SET_ERROR(EINVAL)); + if (fromds != NULL) { + uint64_t used; + if (!fromds->ds_is_snapshot) + return (SET_ERROR(EINVAL)); - /* - * fromsnap must be an earlier snapshot from the same fs as tosnap, - * or the origin's fs. - */ - if (fromds != NULL && !dsl_dataset_is_before(ds, fromds, 0)) - return (SET_ERROR(EXDEV)); + if (!dsl_dataset_is_before(ds, fromds, 0)) + return (SET_ERROR(EXDEV)); - /* Get compressed and uncompressed size estimates of changed data. */ - if (fromds == NULL) { - uncomp = dsl_dataset_phys(ds)->ds_uncompressed_bytes; - comp = dsl_dataset_phys(ds)->ds_compressed_bytes; - } else { + err = dsl_dataset_space_written(fromds, ds, &used, &comp, + &uncomp); + if (err != 0) + return (err); + } else if (frombook != NULL) { uint64_t used; - err = dsl_dataset_space_written(fromds, ds, - &used, &comp, &uncomp); + err = dsl_dataset_space_written_bookmark(frombook, ds, &used, + &comp, &uncomp); if (err != 0) return (err); + } else { + uncomp = dsl_dataset_phys(ds)->ds_uncompressed_bytes; + comp = dsl_dataset_phys(ds)->ds_compressed_bytes; } err = dmu_adjust_send_estimate_for_indirects(ds, uncomp, comp, @@ -1527,74 +2925,7 @@ dmu_send_estimate(dsl_dataset_t *ds, dsl_dataset_t *fromds, return (err); } -struct calculate_send_arg { - uint64_t uncompressed; - uint64_t compressed; -}; - -/* - * Simple callback used to traverse the blocks of a snapshot and sum their - * uncompressed and compressed sizes. - */ -/* ARGSUSED */ -static int -dmu_calculate_send_traversal(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, - const zbookmark_phys_t *zb, const dnode_phys_t *dnp, void *arg) -{ - struct calculate_send_arg *space = arg; - if (bp != NULL && !BP_IS_HOLE(bp)) { - space->uncompressed += BP_GET_UCSIZE(bp); - space->compressed += BP_GET_PSIZE(bp); - } - return (0); -} - -/* - * Given a desination snapshot and a TXG, calculate the approximate size of a - * send stream sent from that TXG. from_txg may be zero, indicating that the - * whole snapshot will be sent. - */ -int -dmu_send_estimate_from_txg(dsl_dataset_t *ds, uint64_t from_txg, - boolean_t stream_compressed, uint64_t *sizep) -{ - int err; - struct calculate_send_arg size = { 0 }; - - ASSERT(dsl_pool_config_held(ds->ds_dir->dd_pool)); - - /* tosnap must be a snapshot */ - if (!dsl_dataset_is_snapshot(ds)) - return (SET_ERROR(EINVAL)); - - /* verify that from_txg is before the provided snapshot was taken */ - if (from_txg >= dsl_dataset_phys(ds)->ds_creation_txg) { - return (SET_ERROR(EXDEV)); - } - /* - * traverse the blocks of the snapshot with birth times after - * from_txg, summing their uncompressed size - */ - err = traverse_dataset(ds, from_txg, - TRAVERSE_POST | TRAVERSE_NO_DECRYPT, - dmu_calculate_send_traversal, &size); - - if (err) - return (err); - - err = dmu_adjust_send_estimate_for_indirects(ds, size.uncompressed, - size.compressed, stream_compressed, sizep); - return (err); -} - - #if defined(_KERNEL) -/* BEGIN CSTYLED */ -module_param(zfs_override_estimate_recordsize, ulong, 0644); -MODULE_PARM_DESC(zfs_override_estimate_recordsize, - "Record size calculation override for zfs send estimates"); -/* END CSTYLED */ - module_param(zfs_send_corrupt_data, int, 0644); MODULE_PARM_DESC(zfs_send_corrupt_data, "Allow sending corrupt data"); @@ -1604,4 +2935,19 @@ MODULE_PARM_DESC(zfs_send_queue_length, "Maximum send queue length"); module_param(zfs_send_unmodified_spill_blocks, int, 0644); MODULE_PARM_DESC(zfs_send_unmodified_spill_blocks, "Send unmodified spill blocks"); + +module_param(zfs_send_no_prefetch_queue_length, int, 0644); +MODULE_PARM_DESC(zfs_send_no_prefetch_queue_length, + "Maximum send queue length for non-prefetch queues"); + +module_param(zfs_send_queue_ff, int, 0644); +MODULE_PARM_DESC(zfs_send_queue_ff, "Send queue fill fraction"); + +module_param(zfs_send_no_prefetch_queue_ff, int, 0644); +MODULE_PARM_DESC(zfs_send_no_prefetch_queue_ff, + "Send queue fill fraction for non-prefetch queues"); + +module_param(zfs_override_estimate_recordsize, int, 0644); +MODULE_PARM_DESC(zfs_override_estimate_recordsize, + "Override block size estimate with fixed size"); #endif diff --git a/module/zfs/dmu_traverse.c b/module/zfs/dmu_traverse.c index f42652099..2a74d569a 100644 --- a/module/zfs/dmu_traverse.c +++ b/module/zfs/dmu_traverse.c @@ -67,8 +67,8 @@ typedef struct traverse_data { boolean_t td_realloc_possible; } traverse_data_t; -static int traverse_dnode(traverse_data_t *td, const dnode_phys_t *dnp, - uint64_t objset, uint64_t object); +static int traverse_dnode(traverse_data_t *td, const blkptr_t *bp, + const dnode_phys_t *dnp, uint64_t objset, uint64_t object); static void prefetch_dnode_metadata(traverse_data_t *td, const dnode_phys_t *, uint64_t objset, uint64_t object); @@ -194,6 +194,7 @@ traverse_prefetch_metadata(traverse_data_t *td, return; if (BP_GET_LEVEL(bp) == 0 && BP_GET_TYPE(bp) != DMU_OT_DNODE) return; + ASSERT(!BP_IS_REDACTED(bp)); if ((td->td_flags & TRAVERSE_NO_DECRYPT) && BP_IS_PROTECTED(bp)) zio_flags |= ZIO_FLAG_RAW; @@ -207,7 +208,7 @@ prefetch_needed(prefetch_data_t *pfd, const blkptr_t *bp) { ASSERT(pfd->pd_flags & TRAVERSE_PREFETCH_DATA); if (BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp) || - BP_GET_TYPE(bp) == DMU_OT_INTENT_LOG) + BP_GET_TYPE(bp) == DMU_OT_INTENT_LOG || BP_IS_REDACTED(bp)) return (B_FALSE); return (B_TRUE); } @@ -274,7 +275,7 @@ traverse_visitbp(traverse_data_t *td, const dnode_phys_t *dnp, mutex_exit(&pd->pd_mtx); } - if (BP_IS_HOLE(bp)) { + if (BP_IS_HOLE(bp) || BP_IS_REDACTED(bp)) { err = td->td_func(td->td_spa, NULL, bp, zb, dnp, td->td_arg); if (err != 0) goto post; @@ -354,7 +355,7 @@ traverse_visitbp(traverse_data_t *td, const dnode_phys_t *dnp, /* recursively visitbp() blocks below this */ for (i = 0; i < epb; i += child_dnp[i].dn_extra_slots + 1) { - err = traverse_dnode(td, &child_dnp[i], + err = traverse_dnode(td, bp, &child_dnp[i], zb->zb_objset, zb->zb_blkid * epb + i); if (err != 0) break; @@ -395,19 +396,19 @@ traverse_visitbp(traverse_data_t *td, const dnode_phys_t *dnp, zb->zb_objset, DMU_USERUSED_OBJECT); } - err = traverse_dnode(td, &osp->os_meta_dnode, zb->zb_objset, + err = traverse_dnode(td, bp, &osp->os_meta_dnode, zb->zb_objset, DMU_META_DNODE_OBJECT); if (err == 0 && OBJSET_BUF_HAS_USERUSED(buf)) { if (OBJSET_BUF_HAS_PROJECTUSED(buf)) - err = traverse_dnode(td, + err = traverse_dnode(td, bp, &osp->os_projectused_dnode, zb->zb_objset, DMU_PROJECTUSED_OBJECT); if (err == 0) - err = traverse_dnode(td, + err = traverse_dnode(td, bp, &osp->os_groupused_dnode, zb->zb_objset, DMU_GROUPUSED_OBJECT); if (err == 0) - err = traverse_dnode(td, + err = traverse_dnode(td, bp, &osp->os_userused_dnode, zb->zb_objset, DMU_USERUSED_OBJECT); } @@ -475,7 +476,7 @@ prefetch_dnode_metadata(traverse_data_t *td, const dnode_phys_t *dnp, } static int -traverse_dnode(traverse_data_t *td, const dnode_phys_t *dnp, +traverse_dnode(traverse_data_t *td, const blkptr_t *bp, const dnode_phys_t *dnp, uint64_t objset, uint64_t object) { int j, err = 0; @@ -488,7 +489,7 @@ traverse_dnode(traverse_data_t *td, const dnode_phys_t *dnp, if (td->td_flags & TRAVERSE_PRE) { SET_BOOKMARK(&czb, objset, object, ZB_DNODE_LEVEL, ZB_DNODE_BLKID); - err = td->td_func(td->td_spa, NULL, NULL, &czb, dnp, + err = td->td_func(td->td_spa, NULL, bp, &czb, dnp, td->td_arg); if (err == TRAVERSE_VISIT_NO_CHILDREN) return (0); @@ -511,7 +512,7 @@ traverse_dnode(traverse_data_t *td, const dnode_phys_t *dnp, if (err == 0 && (td->td_flags & TRAVERSE_POST)) { SET_BOOKMARK(&czb, objset, object, ZB_DNODE_LEVEL, ZB_DNODE_BLKID); - err = td->td_func(td->td_spa, NULL, NULL, &czb, dnp, + err = td->td_func(td->td_spa, NULL, bp, &czb, dnp, td->td_arg); if (err == TRAVERSE_VISIT_NO_CHILDREN) return (0); @@ -532,7 +533,7 @@ traverse_prefetcher(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, ARC_FLAG_PRESCIENT_PREFETCH; ASSERT(pfd->pd_bytes_fetched >= 0); - if (bp == NULL) + if (zb->zb_level == ZB_DNODE_LEVEL) return (0); if (pfd->pd_cancel) return (SET_ERROR(EINTR)); @@ -635,6 +636,7 @@ traverse_impl(spa_t *spa, dsl_dataset_t *ds, uint64_t objset, blkptr_t *rootbp, uint32_t flags = ARC_FLAG_WAIT; objset_phys_t *osp; arc_buf_t *buf; + ASSERT(!BP_IS_REDACTED(rootbp)); if ((td->td_flags & TRAVERSE_NO_DECRYPT) && BP_IS_PROTECTED(rootbp)) diff --git a/module/zfs/dsl_bookmark.c b/module/zfs/dsl_bookmark.c index a32198402..4da17488c 100644 --- a/module/zfs/dsl_bookmark.c +++ b/module/zfs/dsl_bookmark.c @@ -14,7 +14,7 @@ */ /* - * Copyright (c) 2013, 2014 by Delphix. All rights reserved. + * Copyright (c) 2013, 2018 by Delphix. All rights reserved. * Copyright 2017 Nexenta Systems, Inc. */ @@ -23,6 +23,7 @@ #include <sys/dsl_dir.h> #include <sys/dsl_prop.h> #include <sys/dsl_synctask.h> +#include <sys/dsl_destroy.h> #include <sys/dmu_impl.h> #include <sys/dmu_tx.h> #include <sys/arc.h> @@ -31,6 +32,7 @@ #include <sys/spa.h> #include <sys/dsl_bookmark.h> #include <zfs_namecheck.h> +#include <sys/dmu_send.h> static int dsl_bookmark_hold_ds(dsl_pool_t *dp, const char *fullname, @@ -54,13 +56,15 @@ dsl_bookmark_hold_ds(dsl_pool_t *dp, const char *fullname, /* * Returns ESRCH if bookmark is not found. + * Note, we need to use the ZAP rather than the AVL to look up bookmarks + * by name, because only the ZAP honors the casesensitivity setting. */ -static int -dsl_dataset_bmark_lookup(dsl_dataset_t *ds, const char *shortname, +int +dsl_bookmark_lookup_impl(dsl_dataset_t *ds, const char *shortname, zfs_bookmark_phys_t *bmark_phys) { objset_t *mos = ds->ds_dir->dd_pool->dp_meta_objset; - uint64_t bmark_zapobj = ds->ds_bookmarks; + uint64_t bmark_zapobj = ds->ds_bookmarks_obj; matchtype_t mt = 0; int err; @@ -77,15 +81,16 @@ dsl_dataset_bmark_lookup(dsl_dataset_t *ds, const char *shortname, bzero(bmark_phys, sizeof (*bmark_phys)); err = zap_lookup_norm(mos, bmark_zapobj, shortname, sizeof (uint64_t), - sizeof (*bmark_phys) / sizeof (uint64_t), bmark_phys, mt, - NULL, 0, NULL); + sizeof (*bmark_phys) / sizeof (uint64_t), bmark_phys, mt, NULL, 0, + NULL); return (err == ENOENT ? ESRCH : err); } /* * If later_ds is non-NULL, this will return EXDEV if the the specified bookmark - * does not represents an earlier point in later_ds's timeline. + * does not represents an earlier point in later_ds's timeline. However, + * bmp will still be filled in if we return EXDEV. * * Returns ENOENT if the dataset containing the bookmark does not exist. * Returns ESRCH if the dataset exists but the bookmark was not found in it. @@ -102,7 +107,7 @@ dsl_bookmark_lookup(dsl_pool_t *dp, const char *fullname, if (error != 0) return (error); - error = dsl_dataset_bmark_lookup(ds, shortname, bmp); + error = dsl_bookmark_lookup_impl(ds, shortname, bmp); if (error == 0 && later_ds != NULL) { if (!dsl_dataset_is_before(later_ds, ds, bmp->zbm_creation_txg)) error = SET_ERROR(EXDEV); @@ -111,6 +116,15 @@ dsl_bookmark_lookup(dsl_pool_t *dp, const char *fullname, return (error); } +typedef struct dsl_bookmark_create_redacted_arg { + const char *dbcra_bmark; + const char *dbcra_snap; + redaction_list_t **dbcra_rl; + uint64_t dbcra_numsnaps; + uint64_t *dbcra_snaps; + void *dbcra_tag; +} dsl_bookmark_create_redacted_arg_t; + typedef struct dsl_bookmark_create_arg { nvlist_t *dbca_bmarks; nvlist_t *dbca_errors; @@ -124,7 +138,7 @@ dsl_bookmark_create_check_impl(dsl_dataset_t *snapds, const char *bookmark_name, dsl_dataset_t *bmark_fs; char *shortname; int error; - zfs_bookmark_phys_t bmark_phys; + zfs_bookmark_phys_t bmark_phys = { 0 }; if (!snapds->ds_is_snapshot) return (SET_ERROR(EINVAL)); @@ -139,7 +153,7 @@ dsl_bookmark_create_check_impl(dsl_dataset_t *snapds, const char *bookmark_name, return (SET_ERROR(EINVAL)); } - error = dsl_dataset_bmark_lookup(bmark_fs, shortname, + error = dsl_bookmark_lookup_impl(bmark_fs, shortname, &bmark_phys); dsl_dataset_rele(bmark_fs, FTAG); if (error == 0) @@ -182,77 +196,199 @@ dsl_bookmark_create_check(void *arg, dmu_tx_t *tx) return (rv); } +static dsl_bookmark_node_t * +dsl_bookmark_node_alloc(char *shortname) +{ + dsl_bookmark_node_t *dbn = kmem_alloc(sizeof (*dbn), KM_SLEEP); + dbn->dbn_name = spa_strdup(shortname); + dbn->dbn_dirty = B_FALSE; + mutex_init(&dbn->dbn_lock, NULL, MUTEX_DEFAULT, NULL); + return (dbn); +} + +/* + * Set the fields in the zfs_bookmark_phys_t based on the specified snapshot. + */ static void -dsl_bookmark_create_sync(void *arg, dmu_tx_t *tx) +dsl_bookmark_set_phys(zfs_bookmark_phys_t *zbm, dsl_dataset_t *snap) +{ + spa_t *spa = dsl_dataset_get_spa(snap); + objset_t *mos = spa_get_dsl(spa)->dp_meta_objset; + dsl_dataset_phys_t *dsp = dsl_dataset_phys(snap); + zbm->zbm_guid = dsp->ds_guid; + zbm->zbm_creation_txg = dsp->ds_creation_txg; + zbm->zbm_creation_time = dsp->ds_creation_time; + zbm->zbm_redaction_obj = 0; + + /* + * If the dataset is encrypted create a larger bookmark to + * accommodate the IVset guid. The IVset guid was added + * after the encryption feature to prevent a problem with + * raw sends. If we encounter an encrypted dataset without + * an IVset guid we fall back to a normal bookmark. + */ + if (snap->ds_dir->dd_crypto_obj != 0 && + spa_feature_is_enabled(spa, SPA_FEATURE_BOOKMARK_V2)) { + (void) zap_lookup(mos, snap->ds_object, + DS_FIELD_IVSET_GUID, sizeof (uint64_t), 1, + &zbm->zbm_ivset_guid); + } + + if (spa_feature_is_enabled(spa, SPA_FEATURE_BOOKMARK_WRITTEN)) { + zbm->zbm_flags = ZBM_FLAG_SNAPSHOT_EXISTS | ZBM_FLAG_HAS_FBN; + zbm->zbm_referenced_bytes_refd = dsp->ds_referenced_bytes; + zbm->zbm_compressed_bytes_refd = dsp->ds_compressed_bytes; + zbm->zbm_uncompressed_bytes_refd = dsp->ds_uncompressed_bytes; + + dsl_dataset_t *nextds; + VERIFY0(dsl_dataset_hold_obj(snap->ds_dir->dd_pool, + dsp->ds_next_snap_obj, FTAG, &nextds)); + dsl_deadlist_space(&nextds->ds_deadlist, + &zbm->zbm_referenced_freed_before_next_snap, + &zbm->zbm_compressed_freed_before_next_snap, + &zbm->zbm_uncompressed_freed_before_next_snap); + dsl_dataset_rele(nextds, FTAG); + } else { + bzero(&zbm->zbm_flags, + sizeof (zfs_bookmark_phys_t) - + offsetof(zfs_bookmark_phys_t, zbm_flags)); + } +} + +void +dsl_bookmark_node_add(dsl_dataset_t *hds, dsl_bookmark_node_t *dbn, + dmu_tx_t *tx) { - dsl_bookmark_create_arg_t *dbca = arg; dsl_pool_t *dp = dmu_tx_pool(tx); objset_t *mos = dp->dp_meta_objset; - ASSERT(spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_BOOKMARKS)); + if (hds->ds_bookmarks_obj == 0) { + hds->ds_bookmarks_obj = zap_create_norm(mos, + U8_TEXTPREP_TOUPPER, DMU_OTN_ZAP_METADATA, DMU_OT_NONE, 0, + tx); + spa_feature_incr(dp->dp_spa, SPA_FEATURE_BOOKMARKS, tx); + + dsl_dataset_zapify(hds, tx); + VERIFY0(zap_add(mos, hds->ds_object, + DS_FIELD_BOOKMARK_NAMES, + sizeof (hds->ds_bookmarks_obj), 1, + &hds->ds_bookmarks_obj, tx)); + } - for (nvpair_t *pair = nvlist_next_nvpair(dbca->dbca_bmarks, NULL); - pair != NULL; pair = nvlist_next_nvpair(dbca->dbca_bmarks, pair)) { - dsl_dataset_t *snapds, *bmark_fs; - zfs_bookmark_phys_t bmark_phys = { 0 }; - char *shortname; - uint32_t bmark_len = BOOKMARK_PHYS_SIZE_V1; + avl_add(&hds->ds_bookmarks, dbn); - VERIFY0(dsl_dataset_hold(dp, fnvpair_value_string(pair), - FTAG, &snapds)); - VERIFY0(dsl_bookmark_hold_ds(dp, nvpair_name(pair), - &bmark_fs, FTAG, &shortname)); - if (bmark_fs->ds_bookmarks == 0) { - bmark_fs->ds_bookmarks = - zap_create_norm(mos, U8_TEXTPREP_TOUPPER, - DMU_OTN_ZAP_METADATA, DMU_OT_NONE, 0, tx); - spa_feature_incr(dp->dp_spa, SPA_FEATURE_BOOKMARKS, tx); - - dsl_dataset_zapify(bmark_fs, tx); - VERIFY0(zap_add(mos, bmark_fs->ds_object, - DS_FIELD_BOOKMARK_NAMES, - sizeof (bmark_fs->ds_bookmarks), 1, - &bmark_fs->ds_bookmarks, tx)); - } + /* + * To maintain backwards compatibility with software that doesn't + * understand SPA_FEATURE_BOOKMARK_V2, we need to use the smallest + * possible bookmark size. + */ + uint64_t bookmark_phys_size = BOOKMARK_PHYS_SIZE_V1; + if (spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_BOOKMARK_V2) && + (dbn->dbn_phys.zbm_ivset_guid != 0 || dbn->dbn_phys.zbm_flags & + ZBM_FLAG_HAS_FBN || dbn->dbn_phys.zbm_redaction_obj != 0)) { + bookmark_phys_size = BOOKMARK_PHYS_SIZE_V2; + spa_feature_incr(dp->dp_spa, SPA_FEATURE_BOOKMARK_V2, tx); + } - bmark_phys.zbm_guid = dsl_dataset_phys(snapds)->ds_guid; - bmark_phys.zbm_creation_txg = - dsl_dataset_phys(snapds)->ds_creation_txg; - bmark_phys.zbm_creation_time = - dsl_dataset_phys(snapds)->ds_creation_time; + __attribute__((unused)) zfs_bookmark_phys_t zero_phys = { 0 }; + ASSERT0(bcmp(((char *)&dbn->dbn_phys) + bookmark_phys_size, + &zero_phys, sizeof (zfs_bookmark_phys_t) - bookmark_phys_size)); - /* - * If the dataset is encrypted create a larger bookmark to - * accommodate the IVset guid. The IVset guid was added - * after the encryption feature to prevent a problem with - * raw sends. If we encounter an encrypted dataset without - * an IVset guid we fall back to a normal bookmark. - */ - if (snapds->ds_dir->dd_crypto_obj != 0 && - spa_feature_is_enabled(dp->dp_spa, - SPA_FEATURE_BOOKMARK_V2)) { - int err = zap_lookup(mos, snapds->ds_object, - DS_FIELD_IVSET_GUID, sizeof (uint64_t), 1, - &bmark_phys.zbm_ivset_guid); - if (err == 0) { - bmark_len = BOOKMARK_PHYS_SIZE_V2; - spa_feature_incr(dp->dp_spa, - SPA_FEATURE_BOOKMARK_V2, tx); - } + VERIFY0(zap_add(mos, hds->ds_bookmarks_obj, dbn->dbn_name, + sizeof (uint64_t), bookmark_phys_size / sizeof (uint64_t), + &dbn->dbn_phys, tx)); +} + +/* + * If redaction_list is non-null, we create a redacted bookmark and redaction + * list, and store the object number of the redaction list in redact_obj. + */ +static void +dsl_bookmark_create_sync_impl(const char *bookmark, const char *snapshot, + dmu_tx_t *tx, uint64_t num_redact_snaps, uint64_t *redact_snaps, void *tag, + redaction_list_t **redaction_list) +{ + dsl_pool_t *dp = dmu_tx_pool(tx); + objset_t *mos = dp->dp_meta_objset; + dsl_dataset_t *snapds, *bmark_fs; + char *shortname; + boolean_t bookmark_redacted; + uint64_t *dsredactsnaps; + uint64_t dsnumsnaps; + + VERIFY0(dsl_dataset_hold(dp, snapshot, FTAG, &snapds)); + VERIFY0(dsl_bookmark_hold_ds(dp, bookmark, &bmark_fs, FTAG, + &shortname)); + + dsl_bookmark_node_t *dbn = dsl_bookmark_node_alloc(shortname); + dsl_bookmark_set_phys(&dbn->dbn_phys, snapds); + + bookmark_redacted = dsl_dataset_get_uint64_array_feature(snapds, + SPA_FEATURE_REDACTED_DATASETS, &dsnumsnaps, &dsredactsnaps); + if (redaction_list != NULL || bookmark_redacted) { + redaction_list_t *local_rl; + if (bookmark_redacted) { + redact_snaps = dsredactsnaps; + num_redact_snaps = dsnumsnaps; + } + dbn->dbn_phys.zbm_redaction_obj = dmu_object_alloc(mos, + DMU_OTN_UINT64_METADATA, SPA_OLD_MAXBLOCKSIZE, + DMU_OTN_UINT64_METADATA, sizeof (redaction_list_phys_t) + + num_redact_snaps * sizeof (uint64_t), tx); + spa_feature_incr(dp->dp_spa, + SPA_FEATURE_REDACTION_BOOKMARKS, tx); + + VERIFY0(dsl_redaction_list_hold_obj(dp, + dbn->dbn_phys.zbm_redaction_obj, tag, &local_rl)); + dsl_redaction_list_long_hold(dp, local_rl, tag); + + ASSERT3U((local_rl)->rl_dbuf->db_size, >=, + sizeof (redaction_list_phys_t) + num_redact_snaps * + sizeof (uint64_t)); + dmu_buf_will_dirty(local_rl->rl_dbuf, tx); + bcopy(redact_snaps, local_rl->rl_phys->rlp_snaps, + sizeof (uint64_t) * num_redact_snaps); + local_rl->rl_phys->rlp_num_snaps = num_redact_snaps; + if (bookmark_redacted) { + ASSERT3P(redaction_list, ==, NULL); + local_rl->rl_phys->rlp_last_blkid = UINT64_MAX; + local_rl->rl_phys->rlp_last_object = UINT64_MAX; + dsl_redaction_list_long_rele(local_rl, tag); + dsl_redaction_list_rele(local_rl, tag); + } else { + *redaction_list = local_rl; } + } + + if (dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN) { + spa_feature_incr(dp->dp_spa, + SPA_FEATURE_BOOKMARK_WRITTEN, tx); + } - VERIFY0(zap_add(mos, bmark_fs->ds_bookmarks, - shortname, sizeof (uint64_t), - bmark_len / sizeof (uint64_t), &bmark_phys, tx)); + dsl_bookmark_node_add(bmark_fs, dbn, tx); - spa_history_log_internal_ds(bmark_fs, "bookmark", tx, - "name=%s creation_txg=%llu target_snap=%llu", - shortname, - (longlong_t)bmark_phys.zbm_creation_txg, - (longlong_t)snapds->ds_object); + spa_history_log_internal_ds(bmark_fs, "bookmark", tx, + "name=%s creation_txg=%llu target_snap=%llu redact_obj=%llu", + shortname, (longlong_t)dbn->dbn_phys.zbm_creation_txg, + (longlong_t)snapds->ds_object, + (longlong_t)dbn->dbn_phys.zbm_redaction_obj); - dsl_dataset_rele(bmark_fs, FTAG); - dsl_dataset_rele(snapds, FTAG); + dsl_dataset_rele(bmark_fs, FTAG); + dsl_dataset_rele(snapds, FTAG); +} + +static void +dsl_bookmark_create_sync(void *arg, dmu_tx_t *tx) +{ + dsl_bookmark_create_arg_t *dbca = arg; + + ASSERT(spa_feature_is_enabled(dmu_tx_pool(tx)->dp_spa, + SPA_FEATURE_BOOKMARKS)); + + for (nvpair_t *pair = nvlist_next_nvpair(dbca->dbca_bmarks, NULL); + pair != NULL; pair = nvlist_next_nvpair(dbca->dbca_bmarks, pair)) { + dsl_bookmark_create_sync_impl(nvpair_name(pair), + fnvpair_value_string(pair), tx, 0, NULL, NULL, NULL); } } @@ -277,58 +413,270 @@ dsl_bookmark_create(nvlist_t *bmarks, nvlist_t *errors) fnvlist_num_pairs(bmarks), ZFS_SPACE_CHECK_NORMAL)); } -int -dsl_get_bookmarks_impl(dsl_dataset_t *ds, nvlist_t *props, nvlist_t *outnvl) +static int +dsl_bookmark_create_redacted_check(void *arg, dmu_tx_t *tx) { - int err = 0; - zap_cursor_t zc; - zap_attribute_t attr; - dsl_pool_t *dp = ds->ds_dir->dd_pool; + dsl_bookmark_create_redacted_arg_t *dbcra = arg; + dsl_pool_t *dp = dmu_tx_pool(tx); + dsl_dataset_t *snapds; + int rv = 0; - uint64_t bmark_zapobj = ds->ds_bookmarks; - if (bmark_zapobj == 0) - return (0); + if (!spa_feature_is_enabled(dp->dp_spa, + SPA_FEATURE_REDACTION_BOOKMARKS)) + return (SET_ERROR(ENOTSUP)); + /* + * If the list of redact snaps will not fit in the bonus buffer with + * the furthest reached object and offset, fail. + */ + if (dbcra->dbcra_numsnaps > (dmu_bonus_max() - + sizeof (redaction_list_phys_t)) / sizeof (uint64_t)) + return (SET_ERROR(E2BIG)); + + rv = dsl_dataset_hold(dp, dbcra->dbcra_snap, + FTAG, &snapds); + if (rv == 0) { + rv = dsl_bookmark_create_check_impl(snapds, dbcra->dbcra_bmark, + tx); + dsl_dataset_rele(snapds, FTAG); + } + return (rv); +} - for (zap_cursor_init(&zc, dp->dp_meta_objset, bmark_zapobj); - zap_cursor_retrieve(&zc, &attr) == 0; - zap_cursor_advance(&zc)) { - char *bmark_name = attr.za_name; - zfs_bookmark_phys_t bmark_phys = { 0 }; +static void +dsl_bookmark_create_redacted_sync(void *arg, dmu_tx_t *tx) +{ + dsl_bookmark_create_redacted_arg_t *dbcra = arg; + dsl_bookmark_create_sync_impl(dbcra->dbcra_bmark, dbcra->dbcra_snap, tx, + dbcra->dbcra_numsnaps, dbcra->dbcra_snaps, dbcra->dbcra_tag, + dbcra->dbcra_rl); +} - err = dsl_dataset_bmark_lookup(ds, bmark_name, &bmark_phys); - ASSERT3U(err, !=, ENOENT); - if (err != 0) - break; +int +dsl_bookmark_create_redacted(const char *bookmark, const char *snapshot, + uint64_t numsnaps, uint64_t *snapguids, void *tag, redaction_list_t **rl) +{ + dsl_bookmark_create_redacted_arg_t dbcra; + + dbcra.dbcra_bmark = bookmark; + dbcra.dbcra_snap = snapshot; + dbcra.dbcra_rl = rl; + dbcra.dbcra_numsnaps = numsnaps; + dbcra.dbcra_snaps = snapguids; + dbcra.dbcra_tag = tag; + + return (dsl_sync_task(bookmark, dsl_bookmark_create_redacted_check, + dsl_bookmark_create_redacted_sync, &dbcra, 5, + ZFS_SPACE_CHECK_NORMAL)); +} - nvlist_t *out_props = fnvlist_alloc(); - if (nvlist_exists(props, - zfs_prop_to_name(ZFS_PROP_GUID))) { +/* + * Retrieve the list of properties given in the 'props' nvlist for a bookmark. + * If 'props' is NULL, retrieves all properties. + */ +static void +dsl_bookmark_fetch_props(dsl_pool_t *dp, zfs_bookmark_phys_t *bmark_phys, + nvlist_t *props, nvlist_t *out_props) +{ + ASSERT3P(dp, !=, NULL); + ASSERT3P(bmark_phys, !=, NULL); + ASSERT3P(out_props, !=, NULL); + ASSERT(RRW_LOCK_HELD(&dp->dp_config_rwlock)); + + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_GUID))) { + dsl_prop_nvlist_add_uint64(out_props, + ZFS_PROP_GUID, bmark_phys->zbm_guid); + } + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_CREATETXG))) { + dsl_prop_nvlist_add_uint64(out_props, + ZFS_PROP_CREATETXG, bmark_phys->zbm_creation_txg); + } + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_CREATION))) { + dsl_prop_nvlist_add_uint64(out_props, + ZFS_PROP_CREATION, bmark_phys->zbm_creation_time); + } + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_IVSET_GUID))) { + dsl_prop_nvlist_add_uint64(out_props, + ZFS_PROP_IVSET_GUID, bmark_phys->zbm_ivset_guid); + } + if (bmark_phys->zbm_flags & ZBM_FLAG_HAS_FBN) { + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_REFERENCED))) { dsl_prop_nvlist_add_uint64(out_props, - ZFS_PROP_GUID, bmark_phys.zbm_guid); + ZFS_PROP_REFERENCED, + bmark_phys->zbm_referenced_bytes_refd); } - if (nvlist_exists(props, - zfs_prop_to_name(ZFS_PROP_CREATETXG))) { + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_LOGICALREFERENCED))) { dsl_prop_nvlist_add_uint64(out_props, - ZFS_PROP_CREATETXG, bmark_phys.zbm_creation_txg); + ZFS_PROP_LOGICALREFERENCED, + bmark_phys->zbm_uncompressed_bytes_refd); } - if (nvlist_exists(props, - zfs_prop_to_name(ZFS_PROP_CREATION))) { + if (props == NULL || nvlist_exists(props, + zfs_prop_to_name(ZFS_PROP_REFRATIO))) { + uint64_t ratio = + bmark_phys->zbm_compressed_bytes_refd == 0 ? 100 : + bmark_phys->zbm_uncompressed_bytes_refd * 100 / + bmark_phys->zbm_compressed_bytes_refd; dsl_prop_nvlist_add_uint64(out_props, - ZFS_PROP_CREATION, bmark_phys.zbm_creation_time); + ZFS_PROP_REFRATIO, ratio); } - if (nvlist_exists(props, - zfs_prop_to_name(ZFS_PROP_IVSET_GUID))) { - dsl_prop_nvlist_add_uint64(out_props, - ZFS_PROP_IVSET_GUID, bmark_phys.zbm_ivset_guid); + } + + if ((props == NULL || nvlist_exists(props, "redact_snaps") || + nvlist_exists(props, "redact_complete")) && + bmark_phys->zbm_redaction_obj != 0) { + redaction_list_t *rl; + int err = dsl_redaction_list_hold_obj(dp, + bmark_phys->zbm_redaction_obj, FTAG, &rl); + if (err == 0) { + if (nvlist_exists(props, "redact_snaps")) { + nvlist_t *nvl; + nvl = fnvlist_alloc(); + fnvlist_add_uint64_array(nvl, ZPROP_VALUE, + rl->rl_phys->rlp_snaps, + rl->rl_phys->rlp_num_snaps); + fnvlist_add_nvlist(out_props, "redact_snaps", + nvl); + nvlist_free(nvl); + } + if (nvlist_exists(props, "redact_complete")) { + nvlist_t *nvl; + nvl = fnvlist_alloc(); + fnvlist_add_boolean_value(nvl, ZPROP_VALUE, + rl->rl_phys->rlp_last_blkid == UINT64_MAX && + rl->rl_phys->rlp_last_object == UINT64_MAX); + fnvlist_add_nvlist(out_props, "redact_complete", + nvl); + nvlist_free(nvl); + } + dsl_redaction_list_rele(rl, FTAG); } + } +} + +int +dsl_get_bookmarks_impl(dsl_dataset_t *ds, nvlist_t *props, nvlist_t *outnvl) +{ + dsl_pool_t *dp = ds->ds_dir->dd_pool; - fnvlist_add_nvlist(outnvl, bmark_name, out_props); + ASSERT(dsl_pool_config_held(dp)); + + if (dsl_dataset_is_snapshot(ds)) + return (SET_ERROR(EINVAL)); + + for (dsl_bookmark_node_t *dbn = avl_first(&ds->ds_bookmarks); + dbn != NULL; dbn = AVL_NEXT(&ds->ds_bookmarks, dbn)) { + nvlist_t *out_props = fnvlist_alloc(); + + dsl_bookmark_fetch_props(dp, &dbn->dbn_phys, props, out_props); + + fnvlist_add_nvlist(outnvl, dbn->dbn_name, out_props); fnvlist_free(out_props); } + return (0); +} + +/* + * Comparison func for ds_bookmarks AVL tree. We sort the bookmarks by + * their TXG, then by their FBN-ness. The "FBN-ness" component ensures + * that all bookmarks at the same TXG that HAS_FBN are adjacent, which + * dsl_bookmark_destroy_sync_impl() depends on. Note that there may be + * multiple bookmarks at the same TXG (with the same FBN-ness). In this + * case we differentiate them by an arbitrary metric (in this case, + * their names). + */ +static int +dsl_bookmark_compare(const void *l, const void *r) +{ + const dsl_bookmark_node_t *ldbn = l; + const dsl_bookmark_node_t *rdbn = r; + + int64_t cmp = AVL_CMP(ldbn->dbn_phys.zbm_creation_txg, + rdbn->dbn_phys.zbm_creation_txg); + if (likely(cmp)) + return (cmp); + cmp = AVL_CMP((ldbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN), + (rdbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)); + if (likely(cmp)) + return (cmp); + cmp = strcmp(ldbn->dbn_name, rdbn->dbn_name); + return (AVL_ISIGN(cmp)); +} + +/* + * Cache this (head) dataset's bookmarks in the ds_bookmarks AVL tree. + */ +int +dsl_bookmark_init_ds(dsl_dataset_t *ds) +{ + dsl_pool_t *dp = ds->ds_dir->dd_pool; + objset_t *mos = dp->dp_meta_objset; + + ASSERT(!ds->ds_is_snapshot); + + avl_create(&ds->ds_bookmarks, dsl_bookmark_compare, + sizeof (dsl_bookmark_node_t), + offsetof(dsl_bookmark_node_t, dbn_node)); + + if (!dsl_dataset_is_zapified(ds)) + return (0); + + int zaperr = zap_lookup(mos, ds->ds_object, DS_FIELD_BOOKMARK_NAMES, + sizeof (ds->ds_bookmarks_obj), 1, &ds->ds_bookmarks_obj); + if (zaperr == ENOENT) + return (0); + if (zaperr != 0) + return (zaperr); + + if (ds->ds_bookmarks_obj == 0) + return (0); + + int err = 0; + zap_cursor_t zc; + zap_attribute_t attr; + + for (zap_cursor_init(&zc, mos, ds->ds_bookmarks_obj); + (err = zap_cursor_retrieve(&zc, &attr)) == 0; + zap_cursor_advance(&zc)) { + dsl_bookmark_node_t *dbn = + dsl_bookmark_node_alloc(attr.za_name); + + err = dsl_bookmark_lookup_impl(ds, + dbn->dbn_name, &dbn->dbn_phys); + ASSERT3U(err, !=, ENOENT); + if (err != 0) { + kmem_free(dbn, sizeof (*dbn)); + break; + } + avl_add(&ds->ds_bookmarks, dbn); + } zap_cursor_fini(&zc); + if (err == ENOENT) + err = 0; return (err); } +void +dsl_bookmark_fini_ds(dsl_dataset_t *ds) +{ + void *cookie = NULL; + dsl_bookmark_node_t *dbn; + + if (ds->ds_is_snapshot) + return; + + while ((dbn = avl_destroy_nodes(&ds->ds_bookmarks, &cookie)) != NULL) { + spa_strfree(dbn->dbn_name); + mutex_destroy(&dbn->dbn_lock); + kmem_free(dbn, sizeof (*dbn)); + } + avl_destroy(&ds->ds_bookmarks); +} + /* * Retrieve the bookmarks that exist in the specified dataset, and the * requested properties of each bookmark. @@ -359,27 +707,69 @@ dsl_get_bookmarks(const char *dsname, nvlist_t *props, nvlist_t *outnvl) return (err); } +/* + * Retrieve all properties for a single bookmark in the given dataset. + */ +int +dsl_get_bookmark_props(const char *dsname, const char *bmname, nvlist_t *props) +{ + dsl_pool_t *dp; + dsl_dataset_t *ds; + zfs_bookmark_phys_t bmark_phys = { 0 }; + int err; + + err = dsl_pool_hold(dsname, FTAG, &dp); + if (err != 0) + return (err); + err = dsl_dataset_hold(dp, dsname, FTAG, &ds); + if (err != 0) { + dsl_pool_rele(dp, FTAG); + return (err); + } + + err = dsl_bookmark_lookup_impl(ds, bmname, &bmark_phys); + if (err != 0) + goto out; + + dsl_bookmark_fetch_props(dp, &bmark_phys, NULL, props); +out: + dsl_dataset_rele(ds, FTAG); + dsl_pool_rele(dp, FTAG); + return (err); +} + typedef struct dsl_bookmark_destroy_arg { nvlist_t *dbda_bmarks; nvlist_t *dbda_success; nvlist_t *dbda_errors; } dsl_bookmark_destroy_arg_t; -static int -dsl_dataset_bookmark_remove(dsl_dataset_t *ds, const char *name, dmu_tx_t *tx) +static void +dsl_bookmark_destroy_sync_impl(dsl_dataset_t *ds, const char *name, + dmu_tx_t *tx) { - int err; objset_t *mos = ds->ds_dir->dd_pool->dp_meta_objset; - uint64_t bmark_zapobj = ds->ds_bookmarks; + uint64_t bmark_zapobj = ds->ds_bookmarks_obj; matchtype_t mt = 0; uint64_t int_size, num_ints; + /* + * 'search' must be zeroed so that dbn_flags (which is used in + * dsl_bookmark_compare()) will be zeroed even if the on-disk + * (in ZAP) bookmark is shorter than offsetof(dbn_flags). + */ + dsl_bookmark_node_t search = { 0 }; + char realname[ZFS_MAX_DATASET_NAME_LEN]; + + /* + * Find the real name of this bookmark, which may be different + * from the given name if the dataset is case-insensitive. Then + * use the real name to find the node in the ds_bookmarks AVL tree. + */ if (dsl_dataset_phys(ds)->ds_flags & DS_FLAG_CI_DATASET) mt = MT_NORMALIZE; - err = zap_length(mos, bmark_zapobj, name, &int_size, &num_ints); - if (err != 0) - return (err); + VERIFY0(zap_length(mos, bmark_zapobj, name, &int_size, &num_ints)); ASSERT3U(int_size, ==, sizeof (uint64_t)); @@ -387,8 +777,70 @@ dsl_dataset_bookmark_remove(dsl_dataset_t *ds, const char *name, dmu_tx_t *tx) spa_feature_decr(dmu_objset_spa(mos), SPA_FEATURE_BOOKMARK_V2, tx); } + VERIFY0(zap_lookup_norm(mos, bmark_zapobj, name, sizeof (uint64_t), + num_ints, &search.dbn_phys, mt, realname, sizeof (realname), NULL)); + + search.dbn_name = realname; + dsl_bookmark_node_t *dbn = avl_find(&ds->ds_bookmarks, &search, NULL); + ASSERT(dbn != NULL); + + if (dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN) { + /* + * If this bookmark HAS_FBN, and it is before the most + * recent snapshot, then its TXG is a key in the head's + * deadlist (and all clones' heads' deadlists). If this is + * the last thing keeping the key (i.e. there are no more + * bookmarks with HAS_FBN at this TXG, and there is no + * snapshot at this TXG), then remove the key. + * + * Note that this algorithm depends on ds_bookmarks being + * sorted such that all bookmarks at the same TXG with + * HAS_FBN are adjacent (with no non-HAS_FBN bookmarks + * at the same TXG in between them). If this were not + * the case, we would need to examine *all* bookmarks + * at this TXG, rather than just the adjacent ones. + */ + + dsl_bookmark_node_t *dbn_prev = + AVL_PREV(&ds->ds_bookmarks, dbn); + dsl_bookmark_node_t *dbn_next = + AVL_NEXT(&ds->ds_bookmarks, dbn); + + boolean_t more_bookmarks_at_this_txg = + (dbn_prev != NULL && dbn_prev->dbn_phys.zbm_creation_txg == + dbn->dbn_phys.zbm_creation_txg && + (dbn_prev->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)) || + (dbn_next != NULL && dbn_next->dbn_phys.zbm_creation_txg == + dbn->dbn_phys.zbm_creation_txg && + (dbn_next->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)); + + if (!(dbn->dbn_phys.zbm_flags & ZBM_FLAG_SNAPSHOT_EXISTS) && + !more_bookmarks_at_this_txg && + dbn->dbn_phys.zbm_creation_txg < + dsl_dataset_phys(ds)->ds_prev_snap_txg) { + dsl_dir_remove_clones_key(ds->ds_dir, + dbn->dbn_phys.zbm_creation_txg, tx); + dsl_deadlist_remove_key(&ds->ds_deadlist, + dbn->dbn_phys.zbm_creation_txg, tx); + } + + spa_feature_decr(dmu_objset_spa(mos), + SPA_FEATURE_BOOKMARK_WRITTEN, tx); + } + + if (dbn->dbn_phys.zbm_redaction_obj != 0) { + VERIFY0(dmu_object_free(mos, + dbn->dbn_phys.zbm_redaction_obj, tx)); + spa_feature_decr(dmu_objset_spa(mos), + SPA_FEATURE_REDACTION_BOOKMARKS, tx); + } + + avl_remove(&ds->ds_bookmarks, dbn); + spa_strfree(dbn->dbn_name); + mutex_destroy(&dbn->dbn_lock); + kmem_free(dbn, sizeof (*dbn)); - return (zap_remove_norm(mos, bmark_zapobj, name, mt, tx)); + VERIFY0(zap_remove_norm(mos, bmark_zapobj, name, mt, tx)); } static int @@ -419,7 +871,7 @@ dsl_bookmark_destroy_check(void *arg, dmu_tx_t *tx) continue; } if (error == 0) { - error = dsl_dataset_bmark_lookup(ds, shortname, &bm); + error = dsl_bookmark_lookup_impl(ds, shortname, &bm); dsl_dataset_rele(ds, FTAG); if (error == ESRCH) { /* @@ -428,6 +880,20 @@ dsl_bookmark_destroy_check(void *arg, dmu_tx_t *tx) */ continue; } + if (error == 0 && bm.zbm_redaction_obj != 0) { + redaction_list_t *rl = NULL; + error = dsl_redaction_list_hold_obj(tx->tx_pool, + bm.zbm_redaction_obj, FTAG, &rl); + if (error == ENOENT) { + error = 0; + } else if (error == 0 && + dsl_redaction_list_long_held(rl)) { + error = SET_ERROR(EBUSY); + } + if (rl != NULL) { + dsl_redaction_list_rele(rl, FTAG); + } + } } if (error == 0) { if (dmu_tx_is_syncing(tx)) { @@ -457,18 +923,17 @@ dsl_bookmark_destroy_sync(void *arg, dmu_tx_t *tx) VERIFY0(dsl_bookmark_hold_ds(dp, nvpair_name(pair), &ds, FTAG, &shortname)); - VERIFY0(dsl_dataset_bookmark_remove(ds, shortname, tx)); + dsl_bookmark_destroy_sync_impl(ds, shortname, tx); /* * If all of this dataset's bookmarks have been destroyed, * free the zap object and decrement the feature's use count. */ - VERIFY0(zap_count(mos, ds->ds_bookmarks, - &zap_cnt)); + VERIFY0(zap_count(mos, ds->ds_bookmarks_obj, &zap_cnt)); if (zap_cnt == 0) { dmu_buf_will_dirty(ds->ds_dbuf, tx); - VERIFY0(zap_destroy(mos, ds->ds_bookmarks, tx)); - ds->ds_bookmarks = 0; + VERIFY0(zap_destroy(mos, ds->ds_bookmarks_obj, tx)); + ds->ds_bookmarks_obj = 0; spa_feature_decr(dp->dp_spa, SPA_FEATURE_BOOKMARKS, tx); VERIFY0(zap_remove(mos, ds->ds_object, DS_FIELD_BOOKMARK_NAMES, tx)); @@ -503,3 +968,561 @@ dsl_bookmark_destroy(nvlist_t *bmarks, nvlist_t *errors) fnvlist_free(dbda.dbda_success); return (rv); } + +/* Return B_TRUE if there are any long holds on this dataset. */ +boolean_t +dsl_redaction_list_long_held(redaction_list_t *rl) +{ + return (!zfs_refcount_is_zero(&rl->rl_longholds)); +} + +void +dsl_redaction_list_long_hold(dsl_pool_t *dp, redaction_list_t *rl, void *tag) +{ + ASSERT(dsl_pool_config_held(dp)); + (void) zfs_refcount_add(&rl->rl_longholds, tag); +} + +void +dsl_redaction_list_long_rele(redaction_list_t *rl, void *tag) +{ + (void) zfs_refcount_remove(&rl->rl_longholds, tag); +} + +/* ARGSUSED */ +static void +redaction_list_evict_sync(void *rlu) +{ + redaction_list_t *rl = rlu; + zfs_refcount_destroy(&rl->rl_longholds); + + kmem_free(rl, sizeof (redaction_list_t)); +} + +void +dsl_redaction_list_rele(redaction_list_t *rl, void *tag) +{ + dmu_buf_rele(rl->rl_dbuf, tag); +} + +int +dsl_redaction_list_hold_obj(dsl_pool_t *dp, uint64_t rlobj, void *tag, + redaction_list_t **rlp) +{ + objset_t *mos = dp->dp_meta_objset; + dmu_buf_t *dbuf; + redaction_list_t *rl; + int err; + + ASSERT(dsl_pool_config_held(dp)); + + err = dmu_bonus_hold(mos, rlobj, tag, &dbuf); + if (err != 0) + return (err); + + rl = dmu_buf_get_user(dbuf); + if (rl == NULL) { + redaction_list_t *winner = NULL; + + rl = kmem_zalloc(sizeof (redaction_list_t), KM_SLEEP); + rl->rl_dbuf = dbuf; + rl->rl_object = rlobj; + rl->rl_phys = dbuf->db_data; + rl->rl_mos = dp->dp_meta_objset; + zfs_refcount_create(&rl->rl_longholds); + dmu_buf_init_user(&rl->rl_dbu, redaction_list_evict_sync, NULL, + &rl->rl_dbuf); + if ((winner = dmu_buf_set_user_ie(dbuf, &rl->rl_dbu)) != NULL) { + kmem_free(rl, sizeof (*rl)); + rl = winner; + } + } + *rlp = rl; + return (0); +} + +/* + * Snapshot ds is being destroyed. + * + * Adjust the "freed_before_next" of any bookmarks between this snap + * and the previous snapshot, because their "next snapshot" is changing. + * + * If there are any bookmarks with HAS_FBN at this snapshot, remove + * their HAS_SNAP flag (note: there can be at most one snapshot of + * each filesystem at a given txg), and return B_TRUE. In this case + * the caller can not remove the key in the deadlist at this TXG, because + * the HAS_FBN bookmarks require the key be there. + * + * Returns B_FALSE if there are no bookmarks with HAS_FBN at this + * snapshot's TXG. In this case the caller can remove the key in the + * deadlist at this TXG. + */ +boolean_t +dsl_bookmark_ds_destroyed(dsl_dataset_t *ds, dmu_tx_t *tx) +{ + dsl_pool_t *dp = ds->ds_dir->dd_pool; + + dsl_dataset_t *head, *next; + VERIFY0(dsl_dataset_hold_obj(dp, + dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj, FTAG, &head)); + VERIFY0(dsl_dataset_hold_obj(dp, + dsl_dataset_phys(ds)->ds_next_snap_obj, FTAG, &next)); + + /* + * Find the first bookmark that HAS_FBN at or after the + * previous snapshot. + */ + dsl_bookmark_node_t search = { 0 }; + avl_index_t idx; + search.dbn_phys.zbm_creation_txg = + dsl_dataset_phys(ds)->ds_prev_snap_txg; + search.dbn_phys.zbm_flags = ZBM_FLAG_HAS_FBN; + /* + * The empty-string name can't be in the AVL, and it compares + * before any entries with this TXG. + */ + search.dbn_name = ""; + VERIFY3P(avl_find(&head->ds_bookmarks, &search, &idx), ==, NULL); + dsl_bookmark_node_t *dbn = + avl_nearest(&head->ds_bookmarks, idx, AVL_AFTER); + + /* + * Iterate over all bookmarks that are at or after the previous + * snapshot, and before this (being deleted) snapshot. Adjust + * their FBN based on their new next snapshot. + */ + for (; dbn != NULL && dbn->dbn_phys.zbm_creation_txg < + dsl_dataset_phys(ds)->ds_creation_txg; + dbn = AVL_NEXT(&head->ds_bookmarks, dbn)) { + if (!(dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)) + continue; + /* + * Increase our FBN by the amount of space that was live + * (referenced) at the time of this bookmark (i.e. + * birth <= zbm_creation_txg), and killed between this + * (being deleted) snapshot and the next snapshot (i.e. + * on the next snapshot's deadlist). (Space killed before + * this are already on our FBN.) + */ + uint64_t referenced, compressed, uncompressed; + dsl_deadlist_space_range(&next->ds_deadlist, + 0, dbn->dbn_phys.zbm_creation_txg, + &referenced, &compressed, &uncompressed); + dbn->dbn_phys.zbm_referenced_freed_before_next_snap += + referenced; + dbn->dbn_phys.zbm_compressed_freed_before_next_snap += + compressed; + dbn->dbn_phys.zbm_uncompressed_freed_before_next_snap += + uncompressed; + VERIFY0(zap_update(dp->dp_meta_objset, head->ds_bookmarks_obj, + dbn->dbn_name, sizeof (uint64_t), + sizeof (zfs_bookmark_phys_t) / sizeof (uint64_t), + &dbn->dbn_phys, tx)); + } + dsl_dataset_rele(next, FTAG); + + /* + * There may be several bookmarks at this txg (the TXG of the + * snapshot being deleted). We need to clear the SNAPSHOT_EXISTS + * flag on all of them, and return TRUE if there is at least 1 + * bookmark here with HAS_FBN (thus preventing the deadlist + * key from being removed). + */ + boolean_t rv = B_FALSE; + for (; dbn != NULL && dbn->dbn_phys.zbm_creation_txg == + dsl_dataset_phys(ds)->ds_creation_txg; + dbn = AVL_NEXT(&head->ds_bookmarks, dbn)) { + if (!(dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)) { + ASSERT(!(dbn->dbn_phys.zbm_flags & + ZBM_FLAG_SNAPSHOT_EXISTS)); + continue; + } + ASSERT(dbn->dbn_phys.zbm_flags & ZBM_FLAG_SNAPSHOT_EXISTS); + dbn->dbn_phys.zbm_flags &= ~ZBM_FLAG_SNAPSHOT_EXISTS; + VERIFY0(zap_update(dp->dp_meta_objset, head->ds_bookmarks_obj, + dbn->dbn_name, sizeof (uint64_t), + sizeof (zfs_bookmark_phys_t) / sizeof (uint64_t), + &dbn->dbn_phys, tx)); + rv = B_TRUE; + } + dsl_dataset_rele(head, FTAG); + return (rv); +} + +/* + * A snapshot is being created of this (head) dataset. + * + * We don't keep keys in the deadlist for the most recent snapshot, or any + * bookmarks at or after it, because there can't be any blocks on the + * deadlist in this range. Now that the most recent snapshot is after + * all bookmarks, we need to add these keys. Note that the caller always + * adds a key at the previous snapshot, so we only add keys for bookmarks + * after that. + */ +void +dsl_bookmark_snapshotted(dsl_dataset_t *ds, dmu_tx_t *tx) +{ + uint64_t last_key_added = UINT64_MAX; + for (dsl_bookmark_node_t *dbn = avl_last(&ds->ds_bookmarks); + dbn != NULL && dbn->dbn_phys.zbm_creation_txg > + dsl_dataset_phys(ds)->ds_prev_snap_txg; + dbn = AVL_PREV(&ds->ds_bookmarks, dbn)) { + uint64_t creation_txg = dbn->dbn_phys.zbm_creation_txg; + ASSERT3U(creation_txg, <=, last_key_added); + /* + * Note, there may be multiple bookmarks at this TXG, + * and we only want to add the key for this TXG once. + * The ds_bookmarks AVL is sorted by TXG, so we will visit + * these bookmarks in sequence. + */ + if ((dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN) && + creation_txg != last_key_added) { + dsl_deadlist_add_key(&ds->ds_deadlist, + creation_txg, tx); + last_key_added = creation_txg; + } + } +} + +/* + * The next snapshot of the origin dataset has changed, due to + * promote or clone swap. If there are any bookmarks at this dataset, + * we need to update their zbm_*_freed_before_next_snap to reflect this. + * The head dataset has the relevant bookmarks in ds_bookmarks. + */ +void +dsl_bookmark_next_changed(dsl_dataset_t *head, dsl_dataset_t *origin, + dmu_tx_t *tx) +{ + dsl_pool_t *dp = dmu_tx_pool(tx); + + /* + * Find the first bookmark that HAS_FBN at the origin snapshot. + */ + dsl_bookmark_node_t search = { 0 }; + avl_index_t idx; + search.dbn_phys.zbm_creation_txg = + dsl_dataset_phys(origin)->ds_creation_txg; + search.dbn_phys.zbm_flags = ZBM_FLAG_HAS_FBN; + /* + * The empty-string name can't be in the AVL, and it compares + * before any entries with this TXG. + */ + search.dbn_name = ""; + VERIFY3P(avl_find(&head->ds_bookmarks, &search, &idx), ==, NULL); + dsl_bookmark_node_t *dbn = + avl_nearest(&head->ds_bookmarks, idx, AVL_AFTER); + + /* + * Iterate over all bookmarks that are at the origin txg. + * Adjust their FBN based on their new next snapshot. + */ + for (; dbn != NULL && dbn->dbn_phys.zbm_creation_txg == + dsl_dataset_phys(origin)->ds_creation_txg && + (dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN); + dbn = AVL_NEXT(&head->ds_bookmarks, dbn)) { + + /* + * Bookmark is at the origin, therefore its + * "next dataset" is changing, so we need + * to reset its FBN by recomputing it in + * dsl_bookmark_set_phys(). + */ + ASSERT3U(dbn->dbn_phys.zbm_guid, ==, + dsl_dataset_phys(origin)->ds_guid); + ASSERT3U(dbn->dbn_phys.zbm_referenced_bytes_refd, ==, + dsl_dataset_phys(origin)->ds_referenced_bytes); + ASSERT(dbn->dbn_phys.zbm_flags & + ZBM_FLAG_SNAPSHOT_EXISTS); + /* + * Save and restore the zbm_redaction_obj, which + * is zeroed by dsl_bookmark_set_phys(). + */ + uint64_t redaction_obj = + dbn->dbn_phys.zbm_redaction_obj; + dsl_bookmark_set_phys(&dbn->dbn_phys, origin); + dbn->dbn_phys.zbm_redaction_obj = redaction_obj; + + VERIFY0(zap_update(dp->dp_meta_objset, head->ds_bookmarks_obj, + dbn->dbn_name, sizeof (uint64_t), + sizeof (zfs_bookmark_phys_t) / sizeof (uint64_t), + &dbn->dbn_phys, tx)); + } +} + +/* + * This block is no longer referenced by this (head) dataset. + * + * Adjust the FBN of any bookmarks that reference this block, whose "next" + * is the head dataset. + */ +/* ARGSUSED */ +void +dsl_bookmark_block_killed(dsl_dataset_t *ds, const blkptr_t *bp, dmu_tx_t *tx) +{ + /* + * Iterate over bookmarks whose "next" is the head dataset. + */ + for (dsl_bookmark_node_t *dbn = avl_last(&ds->ds_bookmarks); + dbn != NULL && dbn->dbn_phys.zbm_creation_txg >= + dsl_dataset_phys(ds)->ds_prev_snap_txg; + dbn = AVL_PREV(&ds->ds_bookmarks, dbn)) { + /* + * If the block was live (referenced) at the time of this + * bookmark, add its space to the bookmark's FBN. + */ + if (bp->blk_birth <= dbn->dbn_phys.zbm_creation_txg && + (dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN)) { + mutex_enter(&dbn->dbn_lock); + dbn->dbn_phys.zbm_referenced_freed_before_next_snap += + bp_get_dsize_sync(dsl_dataset_get_spa(ds), bp); + dbn->dbn_phys.zbm_compressed_freed_before_next_snap += + BP_GET_PSIZE(bp); + dbn->dbn_phys.zbm_uncompressed_freed_before_next_snap += + BP_GET_UCSIZE(bp); + /* + * Changing the ZAP object here would be too + * expensive. Also, we may be called from the zio + * interrupt thread, which can't block on i/o. + * Therefore, we mark this bookmark as dirty and + * modify the ZAP once per txg, in + * dsl_bookmark_sync_done(). + */ + dbn->dbn_dirty = B_TRUE; + mutex_exit(&dbn->dbn_lock); + } + } +} + +void +dsl_bookmark_sync_done(dsl_dataset_t *ds, dmu_tx_t *tx) +{ + dsl_pool_t *dp = dmu_tx_pool(tx); + + if (dsl_dataset_is_snapshot(ds)) + return; + + /* + * We only dirty bookmarks that are at or after the most recent + * snapshot. We can't create snapshots between + * dsl_bookmark_block_killed() and dsl_bookmark_sync_done(), so we + * don't need to look at any bookmarks before ds_prev_snap_txg. + */ + for (dsl_bookmark_node_t *dbn = avl_last(&ds->ds_bookmarks); + dbn != NULL && dbn->dbn_phys.zbm_creation_txg >= + dsl_dataset_phys(ds)->ds_prev_snap_txg; + dbn = AVL_PREV(&ds->ds_bookmarks, dbn)) { + if (dbn->dbn_dirty) { + /* + * We only dirty nodes with HAS_FBN, therefore + * we can always use the current bookmark struct size. + */ + ASSERT(dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN); + VERIFY0(zap_update(dp->dp_meta_objset, + ds->ds_bookmarks_obj, + dbn->dbn_name, sizeof (uint64_t), + sizeof (zfs_bookmark_phys_t) / sizeof (uint64_t), + &dbn->dbn_phys, tx)); + dbn->dbn_dirty = B_FALSE; + } + } +#ifdef ZFS_DEBUG + for (dsl_bookmark_node_t *dbn = avl_first(&ds->ds_bookmarks); + dbn != NULL; dbn = AVL_NEXT(&ds->ds_bookmarks, dbn)) { + ASSERT(!dbn->dbn_dirty); + } +#endif +} + +/* + * Return the TXG of the most recent bookmark (or 0 if there are no bookmarks). + */ +uint64_t +dsl_bookmark_latest_txg(dsl_dataset_t *ds) +{ + ASSERT(dsl_pool_config_held(ds->ds_dir->dd_pool)); + dsl_bookmark_node_t *dbn = avl_last(&ds->ds_bookmarks); + if (dbn == NULL) + return (0); + return (dbn->dbn_phys.zbm_creation_txg); +} + +static inline unsigned int +redact_block_buf_num_entries(unsigned int size) +{ + return (size / sizeof (redact_block_phys_t)); +} + +/* + * This function calculates the offset of the last entry in the array of + * redact_block_phys_t. If we're reading the redaction list into buffers of + * size bufsize, then for all but the last buffer, the last valid entry in the + * array will be the last entry in the array. However, for the last buffer, any + * amount of it may be filled. Thus, we check to see if we're looking at the + * last buffer in the redaction list, and if so, we return the total number of + * entries modulo the number of entries per buffer. Otherwise, we return the + * number of entries per buffer minus one. + */ +static inline unsigned int +last_entry(redaction_list_t *rl, unsigned int bufsize, uint64_t bufid) +{ + if (bufid == (rl->rl_phys->rlp_num_entries - 1) / + redact_block_buf_num_entries(bufsize)) { + return ((rl->rl_phys->rlp_num_entries - 1) % + redact_block_buf_num_entries(bufsize)); + } + return (redact_block_buf_num_entries(bufsize) - 1); +} + +/* + * Compare the redact_block_phys_t to the bookmark. If the last block in the + * redact_block_phys_t is before the bookmark, return -1. If the first block in + * the redact_block_phys_t is after the bookmark, return 1. Otherwise, the + * bookmark is inside the range of the redact_block_phys_t, and we return 0. + */ +static int +redact_block_zb_compare(redact_block_phys_t *first, + zbookmark_phys_t *second) +{ + /* + * If the block_phys is for a previous object, or the last block in the + * block_phys is strictly before the block in the bookmark, the + * block_phys is earlier. + */ + if (first->rbp_object < second->zb_object || + (first->rbp_object == second->zb_object && + first->rbp_blkid + (redact_block_get_count(first) - 1) < + second->zb_blkid)) { + return (-1); + } + + /* + * If the bookmark is for a previous object, or the block in the + * bookmark is strictly before the first block in the block_phys, the + * bookmark is earlier. + */ + if (first->rbp_object > second->zb_object || + (first->rbp_object == second->zb_object && + first->rbp_blkid > second->zb_blkid)) { + return (1); + } + + return (0); +} + +/* + * Traverse the redaction list in the provided object, and call the callback for + * each entry we find. Don't call the callback for any records before resume. + */ +int +dsl_redaction_list_traverse(redaction_list_t *rl, zbookmark_phys_t *resume, + rl_traverse_callback_t cb, void *arg) +{ + objset_t *mos = rl->rl_mos; + redact_block_phys_t *buf; + unsigned int bufsize = SPA_OLD_MAXBLOCKSIZE; + int err = 0; + + if (rl->rl_phys->rlp_last_object != UINT64_MAX || + rl->rl_phys->rlp_last_blkid != UINT64_MAX) { + /* + * When we finish a send, we update the last object and offset + * to UINT64_MAX. If a send fails partway through, the last + * object and offset will have some other value, indicating how + * far the send got. The redaction list must be complete before + * it can be traversed, so return EINVAL if the last object and + * blkid are not set to UINT64_MAX. + */ + return (SET_ERROR(EINVAL)); + } + + /* + * Binary search for the point to resume from. The goal is to minimize + * the number of disk reads we have to perform. + */ + buf = zio_data_buf_alloc(bufsize); + uint64_t maxbufid = (rl->rl_phys->rlp_num_entries - 1) / + redact_block_buf_num_entries(bufsize); + uint64_t minbufid = 0; + while (resume != NULL && maxbufid - minbufid >= 1) { + ASSERT3U(maxbufid, >, minbufid); + uint64_t midbufid = minbufid + ((maxbufid - minbufid) / 2); + err = dmu_read(mos, rl->rl_object, midbufid * bufsize, bufsize, + buf, DMU_READ_NO_PREFETCH); + if (err != 0) + break; + + int cmp0 = redact_block_zb_compare(&buf[0], resume); + int cmpn = redact_block_zb_compare( + &buf[last_entry(rl, bufsize, maxbufid)], resume); + + /* + * If the first block is before or equal to the resume point, + * and the last one is equal or after, then the resume point is + * in this buf, and we should start here. + */ + if (cmp0 <= 0 && cmpn >= 0) + break; + + if (cmp0 > 0) + maxbufid = midbufid - 1; + else if (cmpn < 0) + minbufid = midbufid + 1; + else + panic("No progress in binary search for resume point"); + } + + for (uint64_t curidx = minbufid * redact_block_buf_num_entries(bufsize); + err == 0 && curidx < rl->rl_phys->rlp_num_entries; + curidx++) { + /* + * We read in the redaction list one block at a time. Once we + * finish with all the entries in a given block, we read in a + * new one. The predictive prefetcher will take care of any + * prefetching, and this code shouldn't be the bottleneck, so we + * don't need to do manual prefetching. + */ + if (curidx % redact_block_buf_num_entries(bufsize) == 0) { + err = dmu_read(mos, rl->rl_object, curidx * + sizeof (*buf), bufsize, buf, + DMU_READ_PREFETCH); + if (err != 0) + break; + } + redact_block_phys_t *rb = &buf[curidx % + redact_block_buf_num_entries(bufsize)]; + /* + * If resume is non-null, we should either not send the data, or + * null out resume so we don't have to keep doing these + * comparisons. + */ + if (resume != NULL) { + if (redact_block_zb_compare(rb, resume) < 0) { + continue; + } else { + /* + * If the place to resume is in the middle of + * the range described by this + * redact_block_phys, then modify the + * redact_block_phys in memory so we generate + * the right records. + */ + if (resume->zb_object == rb->rbp_object && + resume->zb_blkid > rb->rbp_blkid) { + uint64_t diff = resume->zb_blkid - + rb->rbp_blkid; + rb->rbp_blkid = resume->zb_blkid; + redact_block_set_count(rb, + redact_block_get_count(rb) - diff); + } + resume = NULL; + } + } + + if (cb(rb, arg) != 0) + break; + } + + zio_data_buf_free(buf, bufsize); + return (err); +} diff --git a/module/zfs/dsl_dataset.c b/module/zfs/dsl_dataset.c index 966c2cc93..0cd458ef4 100644 --- a/module/zfs/dsl_dataset.c +++ b/module/zfs/dsl_dataset.c @@ -57,6 +57,7 @@ #include <sys/dsl_userhold.h> #include <sys/dsl_bookmark.h> #include <sys/policy.h> +#include <sys/dmu_send.h> #include <sys/dmu_recv.h> #include <sys/zio_compress.h> #include <zfs_fletcher.h> @@ -72,6 +73,7 @@ * of this setting. */ int zfs_max_recordsize = 1 * 1024 * 1024; +int zfs_allow_redacted_dataset_mount = 0; #define SWITCH64(x, y) \ { \ @@ -131,7 +133,7 @@ dsl_dataset_block_born(dsl_dataset_t *ds, const blkptr_t *bp, dmu_tx_t *tx) ASSERT(dmu_tx_is_syncing(tx)); /* It could have been compressed away to nothing */ - if (BP_IS_HOLE(bp)) + if (BP_IS_HOLE(bp) || BP_IS_REDACTED(bp)) return; ASSERT(BP_GET_TYPE(bp) != DMU_OT_NONE); ASSERT(DMU_OT_IS_VALID(BP_GET_TYPE(bp))); @@ -220,7 +222,7 @@ dsl_dataset_block_kill(dsl_dataset_t *ds, const blkptr_t *bp, dmu_tx_t *tx, int compressed = BP_GET_PSIZE(bp); int uncompressed = BP_GET_UCSIZE(bp); - if (BP_IS_HOLE(bp)) + if (BP_IS_HOLE(bp) || BP_IS_REDACTED(bp)) return (0); ASSERT(dmu_tx_is_syncing(tx)); @@ -284,6 +286,9 @@ dsl_dataset_block_kill(dsl_dataset_t *ds, const blkptr_t *bp, dmu_tx_t *tx, DD_USED_HEAD, DD_USED_SNAP, tx); } } + + dsl_bookmark_block_killed(ds, bp, tx); + mutex_enter(&ds->ds_lock); ASSERT3U(dsl_dataset_phys(ds)->ds_referenced_bytes, >=, used); dsl_dataset_phys(ds)->ds_referenced_bytes -= used; @@ -395,6 +400,8 @@ dsl_dataset_evict_async(void *dbu) ds->ds_prev = NULL; } + dsl_bookmark_fini_ds(ds); + bplist_destroy(&ds->ds_pending_deadlist); if (dsl_deadlist_is_open(&ds->ds_deadlist)) dsl_deadlist_close(&ds->ds_deadlist); @@ -564,8 +571,8 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uint64_t dsobj, void *tag, bplist_create(&ds->ds_pending_deadlist); - list_create(&ds->ds_sendstreams, sizeof (dmu_sendarg_t), - offsetof(dmu_sendarg_t, dsa_link)); + list_create(&ds->ds_sendstreams, sizeof (dmu_sendstatus_t), + offsetof(dmu_sendstatus_t, dss_link)); list_create(&ds->ds_prop_cbs, sizeof (dsl_prop_cb_record_t), offsetof(dsl_prop_cb_record_t, cbr_ds_node)); @@ -588,14 +595,7 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uint64_t dsobj, void *tag, dsl_dataset_phys(ds)->ds_prev_snap_obj, ds, &ds->ds_prev); } - if (doi.doi_type == DMU_OTN_ZAP_METADATA) { - int zaperr = zap_lookup(mos, ds->ds_object, - DS_FIELD_BOOKMARK_NAMES, - sizeof (ds->ds_bookmarks), 1, - &ds->ds_bookmarks); - if (zaperr != ENOENT) - VERIFY0(zaperr); - } + err = dsl_bookmark_init_ds(ds); } else { if (zfs_flags & ZFS_DEBUG_SNAPNAMES) err = dsl_dataset_get_snapname(ds); @@ -647,9 +647,15 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uint64_t dsobj, void *tag, dsl_deadlist_close(&ds->ds_deadlist); if (dsl_deadlist_is_open(&ds->ds_remap_deadlist)) dsl_deadlist_close(&ds->ds_remap_deadlist); + dsl_bookmark_fini_ds(ds); if (ds->ds_prev) dsl_dataset_rele(ds->ds_prev, ds); dsl_dir_rele(ds->ds_dir, ds); + for (spa_feature_t f = 0; f < SPA_FEATURES; f++) { + if (dsl_dataset_feature_is_active(ds, f)) + unload_zfeature(ds, f); + } + list_destroy(&ds->ds_prop_cbs); list_destroy(&ds->ds_sendstreams); mutex_destroy(&ds->ds_lock); @@ -784,14 +790,14 @@ dsl_dataset_hold(dsl_pool_t *dp, const char *name, void *tag, return (dsl_dataset_hold_flags(dp, name, 0, tag, dsp)); } -int -dsl_dataset_own_obj(dsl_pool_t *dp, uint64_t dsobj, ds_hold_flags_t flags, - void *tag, dsl_dataset_t **dsp) +static int +dsl_dataset_own_obj_impl(dsl_pool_t *dp, uint64_t dsobj, ds_hold_flags_t flags, + void *tag, boolean_t override, dsl_dataset_t **dsp) { int err = dsl_dataset_hold_obj_flags(dp, dsobj, flags, tag, dsp); if (err != 0) return (err); - if (!dsl_dataset_tryown(*dsp, tag)) { + if (!dsl_dataset_tryown(*dsp, tag, override)) { dsl_dataset_rele_flags(*dsp, flags, tag); *dsp = NULL; return (SET_ERROR(EBUSY)); @@ -799,20 +805,49 @@ dsl_dataset_own_obj(dsl_pool_t *dp, uint64_t dsobj, ds_hold_flags_t flags, return (0); } + int -dsl_dataset_own(dsl_pool_t *dp, const char *name, ds_hold_flags_t flags, +dsl_dataset_own_obj(dsl_pool_t *dp, uint64_t dsobj, ds_hold_flags_t flags, void *tag, dsl_dataset_t **dsp) { + return (dsl_dataset_own_obj_impl(dp, dsobj, flags, tag, B_FALSE, dsp)); +} + +int +dsl_dataset_own_obj_force(dsl_pool_t *dp, uint64_t dsobj, + ds_hold_flags_t flags, void *tag, dsl_dataset_t **dsp) +{ + return (dsl_dataset_own_obj_impl(dp, dsobj, flags, tag, B_TRUE, dsp)); +} + +static int +dsl_dataset_own_impl(dsl_pool_t *dp, const char *name, ds_hold_flags_t flags, + void *tag, boolean_t override, dsl_dataset_t **dsp) +{ int err = dsl_dataset_hold_flags(dp, name, flags, tag, dsp); if (err != 0) return (err); - if (!dsl_dataset_tryown(*dsp, tag)) { + if (!dsl_dataset_tryown(*dsp, tag, override)) { dsl_dataset_rele_flags(*dsp, flags, tag); return (SET_ERROR(EBUSY)); } return (0); } +int +dsl_dataset_own_force(dsl_pool_t *dp, const char *name, ds_hold_flags_t flags, + void *tag, dsl_dataset_t **dsp) +{ + return (dsl_dataset_own_impl(dp, name, flags, tag, B_TRUE, dsp)); +} + +int +dsl_dataset_own(dsl_pool_t *dp, const char *name, ds_hold_flags_t flags, + void *tag, dsl_dataset_t **dsp) +{ + return (dsl_dataset_own_impl(dp, name, flags, tag, B_FALSE, dsp)); +} + /* * See the comment above dsl_pool_hold() for details. In summary, a long * hold is used to prevent destruction of a dataset while the pool hold @@ -927,13 +962,16 @@ dsl_dataset_disown(dsl_dataset_t *ds, ds_hold_flags_t flags, void *tag) } boolean_t -dsl_dataset_tryown(dsl_dataset_t *ds, void *tag) +dsl_dataset_tryown(dsl_dataset_t *ds, void *tag, boolean_t override) { boolean_t gotit = FALSE; ASSERT(dsl_pool_config_held(ds->ds_dir->dd_pool)); mutex_enter(&ds->ds_lock); - if (ds->ds_owner == NULL && !DS_IS_INCONSISTENT(ds)) { + if (ds->ds_owner == NULL && (override || !(DS_IS_INCONSISTENT(ds) || + (dsl_dataset_feature_is_active(ds, + SPA_FEATURE_REDACTED_DATASETS) && + !zfs_allow_redacted_dataset_mount)))) { ds->ds_owner = tag; dsl_dataset_long_hold(ds, tag); gotit = TRUE; @@ -1696,6 +1734,7 @@ dsl_dataset_snapshot_sync_impl(dsl_dataset_t *ds, const char *snapname, dsl_dataset_phys(ds)->ds_deadlist_obj); dsl_deadlist_add_key(&ds->ds_deadlist, dsl_dataset_phys(ds)->ds_prev_snap_txg, tx); + dsl_bookmark_snapshotted(ds, tx); if (dsl_dataset_remap_deadlist_exists(ds)) { uint64_t remap_deadlist_obj = @@ -2013,6 +2052,8 @@ dsl_dataset_sync_done(dsl_dataset_t *ds, dmu_tx_t *tx) bplist_iterate(&ds->ds_pending_deadlist, deadlist_enqueue_cb, &ds->ds_deadlist, tx); + dsl_bookmark_sync_done(ds, tx); + if (os->os_synced_dnodes != NULL) { multilist_destroy(os->os_synced_dnodes); os->os_synced_dnodes = NULL; @@ -2151,6 +2192,34 @@ get_receive_resume_stats_impl(dsl_dataset_t *ds) DS_FIELD_RESUME_RAWOK) == 0) { fnvlist_add_boolean(token_nv, "rawok"); } + if (dsl_dataset_feature_is_active(ds, + SPA_FEATURE_REDACTED_DATASETS)) { + uint64_t num_redact_snaps; + uint64_t *redact_snaps; + VERIFY(dsl_dataset_get_uint64_array_feature(ds, + SPA_FEATURE_REDACTED_DATASETS, &num_redact_snaps, + &redact_snaps)); + fnvlist_add_uint64_array(token_nv, "redact_snaps", + redact_snaps, num_redact_snaps); + } + if (zap_contains(dp->dp_meta_objset, ds->ds_object, + DS_FIELD_RESUME_REDACT_BOOKMARK_SNAPS) == 0) { + uint64_t num_redact_snaps, int_size; + uint64_t *redact_snaps; + VERIFY0(zap_length(dp->dp_meta_objset, ds->ds_object, + DS_FIELD_RESUME_REDACT_BOOKMARK_SNAPS, &int_size, + &num_redact_snaps)); + ASSERT3U(int_size, ==, sizeof (uint64_t)); + + redact_snaps = kmem_alloc(int_size * num_redact_snaps, + KM_SLEEP); + VERIFY0(zap_lookup(dp->dp_meta_objset, ds->ds_object, + DS_FIELD_RESUME_REDACT_BOOKMARK_SNAPS, int_size, + num_redact_snaps, redact_snaps)); + fnvlist_add_uint64_array(token_nv, "book_redact_snaps", + redact_snaps, num_redact_snaps); + kmem_free(redact_snaps, int_size * num_redact_snaps); + } packed = fnvlist_pack(token_nv, &packed_size); fnvlist_free(token_nv); compressed = kmem_alloc(packed_size, KM_SLEEP); @@ -2337,6 +2406,13 @@ dsl_get_inconsistent(dsl_dataset_t *ds) } uint64_t +dsl_get_redacted(dsl_dataset_t *ds) +{ + return (dsl_dataset_feature_is_active(ds, + SPA_FEATURE_REDACTED_DATASETS)); +} + +uint64_t dsl_get_available(dsl_dataset_t *ds) { uint64_t refdbytes = dsl_get_referenced(ds); @@ -2391,6 +2467,18 @@ dsl_get_prev_snap(dsl_dataset_t *ds, char *snap) } } +void +dsl_get_redact_snaps(dsl_dataset_t *ds, nvlist_t *propval) +{ + uint64_t nsnaps; + uint64_t *snaps; + if (dsl_dataset_get_uint64_array_feature(ds, + SPA_FEATURE_REDACTED_DATASETS, &nsnaps, &snaps)) { + fnvlist_add_uint64_array(propval, ZPROP_VALUE, snaps, + nsnaps); + } +} + /* * Returns the mountpoint property and source for the given dataset in the value * and source buffers. The value buffer must be at least as large as MAXPATHLEN @@ -2496,6 +2584,12 @@ dsl_dataset_stats(dsl_dataset_t *ds, nvlist_t *nv) dsl_dir_stats(ds->ds_dir, nv); } + nvlist_t *propval = fnvlist_alloc(); + dsl_get_redact_snaps(ds, propval); + fnvlist_add_nvlist(nv, zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), + propval); + nvlist_free(propval); + dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_AVAILABLE, dsl_get_available(ds)); dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_REFERENCED, @@ -2564,6 +2658,7 @@ dsl_dataset_fast_stat(dsl_dataset_t *ds, dmu_objset_stats_t *stat) stat->dds_creation_txg = dsl_get_creationtxg(ds); stat->dds_inconsistent = dsl_get_inconsistent(ds); stat->dds_guid = dsl_get_guid(ds); + stat->dds_redacted = dsl_get_redacted(ds); stat->dds_origin[0] = '\0'; if (ds->ds_is_snapshot) { stat->dds_is_snapshot = B_TRUE; @@ -2891,28 +2986,11 @@ dsl_dataset_rollback_check(void *arg, dmu_tx_t *tx) } /* must not have any bookmarks after the most recent snapshot */ - nvlist_t *proprequest = fnvlist_alloc(); - fnvlist_add_boolean(proprequest, zfs_prop_to_name(ZFS_PROP_CREATETXG)); - nvlist_t *bookmarks = fnvlist_alloc(); - error = dsl_get_bookmarks_impl(ds, proprequest, bookmarks); - fnvlist_free(proprequest); - if (error != 0) { + if (dsl_bookmark_latest_txg(ds) > + dsl_dataset_phys(ds)->ds_prev_snap_txg) { dsl_dataset_rele(ds, FTAG); - return (error); - } - for (nvpair_t *pair = nvlist_next_nvpair(bookmarks, NULL); - pair != NULL; pair = nvlist_next_nvpair(bookmarks, pair)) { - nvlist_t *valuenv = - fnvlist_lookup_nvlist(fnvpair_value_nvlist(pair), - zfs_prop_to_name(ZFS_PROP_CREATETXG)); - uint64_t createtxg = fnvlist_lookup_uint64(valuenv, "value"); - if (createtxg > dsl_dataset_phys(ds)->ds_prev_snap_txg) { - fnvlist_free(bookmarks); - dsl_dataset_rele(ds, FTAG); - return (SET_ERROR(EEXIST)); - } + return (SET_ERROR(EEXIST)); } - fnvlist_free(bookmarks); error = dsl_dataset_handoff_check(ds, ddra->ddra_owner, tx); if (error != 0) { @@ -3025,7 +3103,7 @@ dsl_dataset_promote_check(void *arg, dmu_tx_t *tx) dsl_pool_t *dp = dmu_tx_pool(tx); dsl_dataset_t *hds; struct promotenode *snap; - dsl_dataset_t *origin_ds; + dsl_dataset_t *origin_ds, *origin_head; int err; uint64_t unused; uint64_t ss_mv_cnt; @@ -3045,6 +3123,7 @@ dsl_dataset_promote_check(void *arg, dmu_tx_t *tx) } snap = list_head(&ddpa->shared_snaps); + origin_head = snap->ds; if (snap == NULL) { err = SET_ERROR(ENOENT); goto out; @@ -3142,6 +3221,32 @@ dsl_dataset_promote_check(void *arg, dmu_tx_t *tx) } /* + * Check that bookmarks that are being transferred don't have + * name conflicts. + */ + for (dsl_bookmark_node_t *dbn = avl_first(&origin_head->ds_bookmarks); + dbn != NULL && dbn->dbn_phys.zbm_creation_txg <= + dsl_dataset_phys(origin_ds)->ds_creation_txg; + dbn = AVL_NEXT(&origin_head->ds_bookmarks, dbn)) { + if (strlen(dbn->dbn_name) >= max_snap_len) { + err = SET_ERROR(ENAMETOOLONG); + goto out; + } + zfs_bookmark_phys_t bm; + err = dsl_bookmark_lookup_impl(ddpa->ddpa_clone, + dbn->dbn_name, &bm); + + if (err == 0) { + fnvlist_add_boolean(ddpa->err_ds, dbn->dbn_name); + conflicting_snaps = B_TRUE; + } else if (err == ESRCH) { + err = 0; + } else if (err != 0) { + goto out; + } + } + + /* * In order to return the full list of conflicting snapshots, we check * whether there was a conflict after traversing all of them. */ @@ -3298,6 +3403,25 @@ dsl_dataset_promote_sync(void *arg, dmu_tx_t *tx) dsl_dir_phys(dd)->dd_clones, origin_head->ds_object, tx)); } + /* + * Move bookmarks to this dir. + */ + dsl_bookmark_node_t *dbn_next; + for (dsl_bookmark_node_t *dbn = avl_first(&origin_head->ds_bookmarks); + dbn != NULL && dbn->dbn_phys.zbm_creation_txg <= + dsl_dataset_phys(origin_ds)->ds_creation_txg; + dbn = dbn_next) { + dbn_next = AVL_NEXT(&origin_head->ds_bookmarks, dbn); + + avl_remove(&origin_head->ds_bookmarks, dbn); + VERIFY0(zap_remove(dp->dp_meta_objset, + origin_head->ds_bookmarks_obj, dbn->dbn_name, tx)); + + dsl_bookmark_node_add(hds, dbn, tx); + } + + dsl_bookmark_next_changed(hds, origin_ds, tx); + /* move snapshots to this dir */ for (snap = list_head(&ddpa->shared_snaps); snap; snap = list_next(&ddpa->shared_snaps, snap)) { @@ -3758,9 +3882,9 @@ dsl_dataset_clone_swap_sync_impl(dsl_dataset_t *clone, dsl_dataset_phys(clone)->ds_unique_bytes); /* - * Reset origin's unique bytes, if it exists. + * Reset origin's unique bytes. */ - if (clone->ds_prev) { + { dsl_dataset_t *origin = clone->ds_prev; uint64_t comp, uncomp; @@ -3858,6 +3982,12 @@ dsl_dataset_clone_swap_sync_impl(dsl_dataset_t *clone, dsl_dataset_phys(origin_head)->ds_deadlist_obj); dsl_dataset_swap_remap_deadlists(clone, origin_head, tx); + /* + * If there is a bookmark at the origin, its "next dataset" is + * changing, so we need to reset its FBN. + */ + dsl_bookmark_next_changed(origin_head, origin_head->ds_prev, tx); + dsl_scan_ds_clone_swapped(origin_head, clone, tx); spa_history_log_internal_ds(clone, "clone swap", tx, @@ -4148,96 +4278,146 @@ dsl_dataset_set_refreservation(const char *dsname, zprop_source_t source, } /* - * Return (in *usedp) the amount of space written in new that is not - * present in oldsnap. New may be a snapshot or the head. Old must be - * a snapshot before new, in new's filesystem (or its origin). If not then - * fail and return EINVAL. + * Return (in *usedp) the amount of space referenced by "new" that was not + * referenced at the time the bookmark corresponds to. "New" may be a + * snapshot or a head. The bookmark must be before new, in + * new's filesystem (or its origin) -- caller verifies this. * * The written space is calculated by considering two components: First, we * ignore any freed space, and calculate the written as new's used space * minus old's used space. Next, we add in the amount of space that was freed - * between the two snapshots, thus reducing new's used space relative to old's. - * Specifically, this is the space that was born before old->ds_creation_txg, - * and freed before new (ie. on new's deadlist or a previous deadlist). + * between the two time points, thus reducing new's used space relative to + * old's. Specifically, this is the space that was born before + * zbm_creation_txg, and freed before new (ie. on new's deadlist or a + * previous deadlist). * * space freed [---------------------] * snapshots ---O-------O--------O-------O------ - * oldsnap new + * bookmark new + * + * Note, the bookmark's zbm_*_bytes_refd must be valid, but if the HAS_FBN + * flag is not set, we will calculate the freed_before_next based on the + * next snapshot's deadlist, rather than using zbm_*_freed_before_next_snap. */ -int -dsl_dataset_space_written(dsl_dataset_t *oldsnap, dsl_dataset_t *new, - uint64_t *usedp, uint64_t *compp, uint64_t *uncompp) +static int +dsl_dataset_space_written_impl(zfs_bookmark_phys_t *bmp, + dsl_dataset_t *new, uint64_t *usedp, uint64_t *compp, uint64_t *uncompp) { int err = 0; - uint64_t snapobj; dsl_pool_t *dp = new->ds_dir->dd_pool; ASSERT(dsl_pool_config_held(dp)); + if (dsl_dataset_is_snapshot(new)) { + ASSERT3U(bmp->zbm_creation_txg, <, + dsl_dataset_phys(new)->ds_creation_txg); + } *usedp = 0; *usedp += dsl_dataset_phys(new)->ds_referenced_bytes; - *usedp -= dsl_dataset_phys(oldsnap)->ds_referenced_bytes; + *usedp -= bmp->zbm_referenced_bytes_refd; *compp = 0; *compp += dsl_dataset_phys(new)->ds_compressed_bytes; - *compp -= dsl_dataset_phys(oldsnap)->ds_compressed_bytes; + *compp -= bmp->zbm_compressed_bytes_refd; *uncompp = 0; *uncompp += dsl_dataset_phys(new)->ds_uncompressed_bytes; - *uncompp -= dsl_dataset_phys(oldsnap)->ds_uncompressed_bytes; + *uncompp -= bmp->zbm_uncompressed_bytes_refd; - snapobj = new->ds_object; - while (snapobj != oldsnap->ds_object) { - dsl_dataset_t *snap; - uint64_t used, comp, uncomp; + dsl_dataset_t *snap = new; - if (snapobj == new->ds_object) { - snap = new; - } else { - err = dsl_dataset_hold_obj(dp, snapobj, FTAG, &snap); - if (err != 0) - break; - } + while (dsl_dataset_phys(snap)->ds_prev_snap_txg > + bmp->zbm_creation_txg) { + uint64_t used, comp, uncomp; - if (dsl_dataset_phys(snap)->ds_prev_snap_txg == - dsl_dataset_phys(oldsnap)->ds_creation_txg) { - /* - * The blocks in the deadlist can not be born after - * ds_prev_snap_txg, so get the whole deadlist space, - * which is more efficient (especially for old-format - * deadlists). Unfortunately the deadlist code - * doesn't have enough information to make this - * optimization itself. - */ - dsl_deadlist_space(&snap->ds_deadlist, - &used, &comp, &uncomp); - } else { - dsl_deadlist_space_range(&snap->ds_deadlist, - 0, dsl_dataset_phys(oldsnap)->ds_creation_txg, - &used, &comp, &uncomp); - } + dsl_deadlist_space_range(&snap->ds_deadlist, + 0, bmp->zbm_creation_txg, + &used, &comp, &uncomp); *usedp += used; *compp += comp; *uncompp += uncomp; - /* - * If we get to the beginning of the chain of snapshots - * (ds_prev_snap_obj == 0) before oldsnap, then oldsnap - * was not a snapshot of/before new. - */ - snapobj = dsl_dataset_phys(snap)->ds_prev_snap_obj; + uint64_t snapobj = dsl_dataset_phys(snap)->ds_prev_snap_obj; if (snap != new) dsl_dataset_rele(snap, FTAG); - if (snapobj == 0) { - err = SET_ERROR(EINVAL); + err = dsl_dataset_hold_obj(dp, snapobj, FTAG, &snap); + if (err != 0) break; - } + } + /* + * We might not have the FBN if we are calculating written from + * a snapshot (because we didn't know the correct "next" snapshot + * until now). + */ + if (bmp->zbm_flags & ZBM_FLAG_HAS_FBN) { + *usedp += bmp->zbm_referenced_freed_before_next_snap; + *compp += bmp->zbm_compressed_freed_before_next_snap; + *uncompp += bmp->zbm_uncompressed_freed_before_next_snap; + } else { + ASSERT3U(dsl_dataset_phys(snap)->ds_prev_snap_txg, ==, + bmp->zbm_creation_txg); + uint64_t used, comp, uncomp; + dsl_deadlist_space(&snap->ds_deadlist, &used, &comp, &uncomp); + *usedp += used; + *compp += comp; + *uncompp += uncomp; } + if (snap != new) + dsl_dataset_rele(snap, FTAG); return (err); } /* + * Return (in *usedp) the amount of space written in new that was not + * present at the time the bookmark corresponds to. New may be a + * snapshot or the head. Old must be a bookmark before new, in + * new's filesystem (or its origin) -- caller verifies this. + */ +int +dsl_dataset_space_written_bookmark(zfs_bookmark_phys_t *bmp, + dsl_dataset_t *new, uint64_t *usedp, uint64_t *compp, uint64_t *uncompp) +{ + if (!(bmp->zbm_flags & ZBM_FLAG_HAS_FBN)) + return (SET_ERROR(ENOTSUP)); + return (dsl_dataset_space_written_impl(bmp, new, + usedp, compp, uncompp)); +} + +/* + * Return (in *usedp) the amount of space written in new that is not + * present in oldsnap. New may be a snapshot or the head. Old must be + * a snapshot before new, in new's filesystem (or its origin). If not then + * fail and return EINVAL. + */ +int +dsl_dataset_space_written(dsl_dataset_t *oldsnap, dsl_dataset_t *new, + uint64_t *usedp, uint64_t *compp, uint64_t *uncompp) +{ + if (!dsl_dataset_is_before(new, oldsnap, 0)) + return (SET_ERROR(EINVAL)); + + zfs_bookmark_phys_t zbm = { 0 }; + dsl_dataset_phys_t *dsp = dsl_dataset_phys(oldsnap); + zbm.zbm_guid = dsp->ds_guid; + zbm.zbm_creation_txg = dsp->ds_creation_txg; + zbm.zbm_creation_time = dsp->ds_creation_time; + zbm.zbm_referenced_bytes_refd = dsp->ds_referenced_bytes; + zbm.zbm_compressed_bytes_refd = dsp->ds_compressed_bytes; + zbm.zbm_uncompressed_bytes_refd = dsp->ds_uncompressed_bytes; + + /* + * If oldsnap is the origin (or origin's origin, ...) of new, + * we can't easily calculate the effective FBN. Therefore, + * we do not set ZBM_FLAG_HAS_FBN, so that the _impl will calculate + * it relative to the correct "next": the next snapshot towards "new", + * rather than the next snapshot in oldsnap's dsl_dir. + */ + return (dsl_dataset_space_written_impl(&zbm, new, + usedp, compp, uncompp)); +} + +/* * Return (in *usedp) the amount of space that will be reclaimed if firstsnap, * lastsnap, and all snapshots in between are deleted. * @@ -4327,16 +4507,26 @@ dsl_dataset_is_before(dsl_dataset_t *later, dsl_dataset_t *earlier, if (later->ds_dir == earlier->ds_dir) return (B_TRUE); - if (!dsl_dir_is_clone(later->ds_dir)) + + /* + * We check dd_origin_obj explicitly here rather than using + * dsl_dir_is_clone() so that we will return TRUE if "earlier" + * is $ORIGIN@$ORIGIN. dsl_dataset_space_written() depends on + * this behavior. + */ + if (dsl_dir_phys(later->ds_dir)->dd_origin_obj == 0) return (B_FALSE); - if (dsl_dir_phys(later->ds_dir)->dd_origin_obj == earlier->ds_object) - return (B_TRUE); dsl_dataset_t *origin; error = dsl_dataset_hold_obj(dp, dsl_dir_phys(later->ds_dir)->dd_origin_obj, FTAG, &origin); if (error != 0) return (B_FALSE); + if (dsl_dataset_phys(origin)->ds_creation_txg == earlier_txg && + origin->ds_dir == earlier->ds_dir) { + dsl_dataset_rele(origin, FTAG); + return (B_TRUE); + } ret = dsl_dataset_is_before(origin, earlier, earlier_txg); dsl_dataset_rele(origin, FTAG); return (ret); @@ -4453,6 +4643,26 @@ dsl_dataset_create_remap_deadlist(dsl_dataset_t *ds, dmu_tx_t *tx) spa_feature_incr(spa, SPA_FEATURE_OBSOLETE_COUNTS, tx); } +void +dsl_dataset_activate_redaction(dsl_dataset_t *ds, uint64_t *redact_snaps, + uint64_t num_redact_snaps, dmu_tx_t *tx) +{ + uint64_t dsobj = ds->ds_object; + struct feature_type_uint64_array_arg *ftuaa = + kmem_zalloc(sizeof (*ftuaa), KM_SLEEP); + ftuaa->length = (int64_t)num_redact_snaps; + if (num_redact_snaps > 0) { + ftuaa->array = kmem_alloc(num_redact_snaps * sizeof (uint64_t), + KM_SLEEP); + bcopy(redact_snaps, ftuaa->array, num_redact_snaps * + sizeof (uint64_t)); + } + dsl_dataset_activate_feature(dsobj, SPA_FEATURE_REDACTED_DATASETS, + ftuaa, tx); + ds->ds_feature[SPA_FEATURE_REDACTED_DATASETS] = ftuaa; +} + + #if defined(_KERNEL) #if defined(_LP64) module_param(zfs_max_recordsize, int, 0644); @@ -4463,6 +4673,10 @@ module_param(zfs_max_recordsize, int, 0444); MODULE_PARM_DESC(zfs_max_recordsize, "Max allowed record size"); #endif +module_param(zfs_allow_redacted_dataset_mount, int, 0644); +MODULE_PARM_DESC(zfs_allow_redacted_dataset_mount, + "Allow mounting of redacted datasets"); + EXPORT_SYMBOL(dsl_dataset_hold); EXPORT_SYMBOL(dsl_dataset_hold_flags); EXPORT_SYMBOL(dsl_dataset_hold_obj); diff --git a/module/zfs/dsl_deadlist.c b/module/zfs/dsl_deadlist.c index 10846a324..9e3a3331b 100644 --- a/module/zfs/dsl_deadlist.c +++ b/module/zfs/dsl_deadlist.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2016 by Delphix. All rights reserved. + * Copyright (c) 2012, 2018 by Delphix. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. */ @@ -80,7 +80,7 @@ dsl_deadlist_load_tree(dsl_deadlist_t *dl) zap_cursor_advance(&zc)) { dsl_deadlist_entry_t *dle = kmem_alloc(sizeof (*dle), KM_SLEEP); dle->dle_mintxg = zfs_strtonum(za.za_name, NULL); - VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, + VERIFY0(bpobj_open(&dle->dle_bpobj, dl->dl_os, za.za_first_integer)); avl_add(&dl->dl_tree, dle); } @@ -98,13 +98,13 @@ dsl_deadlist_open(dsl_deadlist_t *dl, objset_t *os, uint64_t object) mutex_init(&dl->dl_lock, NULL, MUTEX_DEFAULT, NULL); dl->dl_os = os; dl->dl_object = object; - VERIFY3U(0, ==, dmu_bonus_hold(os, object, dl, &dl->dl_dbuf)); + VERIFY0(dmu_bonus_hold(os, object, dl, &dl->dl_dbuf)); dmu_object_info_from_db(dl->dl_dbuf, &doi); if (doi.doi_type == DMU_OT_BPOBJ) { dmu_buf_rele(dl->dl_dbuf, dl); dl->dl_dbuf = NULL; dl->dl_oldfmt = B_TRUE; - VERIFY3U(0, ==, bpobj_open(&dl->dl_bpobj, os, object)); + VERIFY0(bpobj_open(&dl->dl_bpobj, os, object)); return; } @@ -167,7 +167,7 @@ dsl_deadlist_free(objset_t *os, uint64_t dlobj, dmu_tx_t *tx) zap_cursor_t zc; zap_attribute_t za; - VERIFY3U(0, ==, dmu_object_info(os, dlobj, &doi)); + VERIFY0(dmu_object_info(os, dlobj, &doi)); if (doi.doi_type == DMU_OT_BPOBJ) { bpobj_free(os, dlobj, tx); return; @@ -183,7 +183,7 @@ dsl_deadlist_free(objset_t *os, uint64_t dlobj, dmu_tx_t *tx) bpobj_free(os, obj, tx); } zap_cursor_fini(&zc); - VERIFY3U(0, ==, dmu_object_free(os, dlobj, tx)); + VERIFY0(dmu_object_free(os, dlobj, tx)); } static void @@ -196,8 +196,8 @@ dle_enqueue(dsl_deadlist_t *dl, dsl_deadlist_entry_t *dle, uint64_t obj = bpobj_alloc(dl->dl_os, SPA_OLD_MAXBLOCKSIZE, tx); bpobj_close(&dle->dle_bpobj); bpobj_decr_empty(dl->dl_os, tx); - VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); - VERIFY3U(0, ==, zap_update_int_key(dl->dl_os, dl->dl_object, + VERIFY0(bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); + VERIFY0(zap_update_int_key(dl->dl_os, dl->dl_object, dle->dle_mintxg, obj, tx)); } bpobj_enqueue(&dle->dle_bpobj, bp, tx); @@ -214,8 +214,8 @@ dle_enqueue_subobj(dsl_deadlist_t *dl, dsl_deadlist_entry_t *dle, } else { bpobj_close(&dle->dle_bpobj); bpobj_decr_empty(dl->dl_os, tx); - VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); - VERIFY3U(0, ==, zap_update_int_key(dl->dl_os, dl->dl_object, + VERIFY0(bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); + VERIFY0(zap_update_int_key(dl->dl_os, dl->dl_object, dle->dle_mintxg, obj, tx)); } } @@ -279,10 +279,10 @@ dsl_deadlist_add_key(dsl_deadlist_t *dl, uint64_t mintxg, dmu_tx_t *tx) dsl_deadlist_load_tree(dl); obj = bpobj_alloc_empty(dl->dl_os, SPA_OLD_MAXBLOCKSIZE, tx); - VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); + VERIFY0(bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); avl_add(&dl->dl_tree, dle); - VERIFY3U(0, ==, zap_add_int_key(dl->dl_os, dl->dl_object, + VERIFY0(zap_add_int_key(dl->dl_os, dl->dl_object, mintxg, obj, tx)); mutex_exit(&dl->dl_lock); } @@ -298,12 +298,12 @@ dsl_deadlist_remove_key(dsl_deadlist_t *dl, uint64_t mintxg, dmu_tx_t *tx) if (dl->dl_oldfmt) return; - mutex_enter(&dl->dl_lock); dsl_deadlist_load_tree(dl); dle_tofind.dle_mintxg = mintxg; dle = avl_find(&dl->dl_tree, &dle_tofind, NULL); + ASSERT3P(dle, !=, NULL); dle_prev = AVL_PREV(&dl->dl_tree, dle); dle_enqueue_subobj(dl, dle_prev, dle->dle_bpobj.bpo_object, tx); @@ -312,7 +312,7 @@ dsl_deadlist_remove_key(dsl_deadlist_t *dl, uint64_t mintxg, dmu_tx_t *tx) bpobj_close(&dle->dle_bpobj); kmem_free(dle, sizeof (*dle)); - VERIFY3U(0, ==, zap_remove_int(dl->dl_os, dl->dl_object, mintxg, tx)); + VERIFY0(zap_remove_int(dl->dl_os, dl->dl_object, mintxg, tx)); mutex_exit(&dl->dl_lock); } @@ -334,7 +334,7 @@ dsl_deadlist_regenerate(objset_t *os, uint64_t dlobj, while (mrs_obj != 0) { dsl_dataset_t *ds; - VERIFY3U(0, ==, dsl_dataset_hold_obj(dp, mrs_obj, FTAG, &ds)); + VERIFY0(dsl_dataset_hold_obj(dp, mrs_obj, FTAG, &ds)); dsl_deadlist_add_key(&dl, dsl_dataset_phys(ds)->ds_prev_snap_txg, tx); mrs_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; @@ -368,7 +368,7 @@ dsl_deadlist_clone(dsl_deadlist_t *dl, uint64_t maxtxg, break; obj = bpobj_alloc_empty(dl->dl_os, SPA_OLD_MAXBLOCKSIZE, tx); - VERIFY3U(0, ==, zap_add_int_key(dl->dl_os, newobj, + VERIFY0(zap_add_int_key(dl->dl_os, newobj, dle->dle_mintxg, obj, tx)); } mutex_exit(&dl->dl_lock); @@ -381,7 +381,7 @@ dsl_deadlist_space(dsl_deadlist_t *dl, { ASSERT(dsl_deadlist_is_open(dl)); if (dl->dl_oldfmt) { - VERIFY3U(0, ==, bpobj_space(&dl->dl_bpobj, + VERIFY0(bpobj_space(&dl->dl_bpobj, usedp, compp, uncompp)); return; } @@ -397,7 +397,7 @@ dsl_deadlist_space(dsl_deadlist_t *dl, * return space used in the range (mintxg, maxtxg]. * Includes maxtxg, does not include mintxg. * mintxg and maxtxg must both be keys in the deadlist (unless maxtxg is - * larger than any bp in the deadlist (eg. UINT64_MAX)). + * UINT64_MAX). */ void dsl_deadlist_space_range(dsl_deadlist_t *dl, uint64_t mintxg, uint64_t maxtxg, @@ -408,7 +408,7 @@ dsl_deadlist_space_range(dsl_deadlist_t *dl, uint64_t mintxg, uint64_t maxtxg, avl_index_t where; if (dl->dl_oldfmt) { - VERIFY3U(0, ==, bpobj_space_range(&dl->dl_bpobj, + VERIFY0(bpobj_space_range(&dl->dl_bpobj, mintxg, maxtxg, usedp, compp, uncompp)); return; } @@ -430,13 +430,20 @@ dsl_deadlist_space_range(dsl_deadlist_t *dl, uint64_t mintxg, uint64_t maxtxg, dle = AVL_NEXT(&dl->dl_tree, dle)) { uint64_t used, comp, uncomp; - VERIFY3U(0, ==, bpobj_space(&dle->dle_bpobj, + VERIFY0(bpobj_space(&dle->dle_bpobj, &used, &comp, &uncomp)); *usedp += used; *compp += comp; *uncompp += uncomp; } + + /* + * This assertion ensures that the maxtxg is a key in the deadlist + * (unless it's UINT64_MAX). + */ + ASSERT(maxtxg == UINT64_MAX || + (dle != NULL && dle->dle_mintxg == maxtxg)); mutex_exit(&dl->dl_lock); } @@ -452,8 +459,8 @@ dsl_deadlist_insert_bpobj(dsl_deadlist_t *dl, uint64_t obj, uint64_t birth, ASSERT(MUTEX_HELD(&dl->dl_lock)); - VERIFY3U(0, ==, bpobj_open(&bpo, dl->dl_os, obj)); - VERIFY3U(0, ==, bpobj_space(&bpo, &used, &comp, &uncomp)); + VERIFY0(bpobj_open(&bpo, dl->dl_os, obj)); + VERIFY0(bpobj_space(&bpo, &used, &comp, &uncomp)); bpobj_close(&bpo); dsl_deadlist_load_tree(dl); @@ -491,12 +498,11 @@ dsl_deadlist_merge(dsl_deadlist_t *dl, uint64_t obj, dmu_tx_t *tx) dsl_deadlist_phys_t *dlp; dmu_object_info_t doi; - VERIFY3U(0, ==, dmu_object_info(dl->dl_os, obj, &doi)); + VERIFY0(dmu_object_info(dl->dl_os, obj, &doi)); if (doi.doi_type == DMU_OT_BPOBJ) { bpobj_t bpo; - VERIFY3U(0, ==, bpobj_open(&bpo, dl->dl_os, obj)); - VERIFY3U(0, ==, bpobj_iterate(&bpo, - dsl_deadlist_insert_cb, dl, tx)); + VERIFY0(bpobj_open(&bpo, dl->dl_os, obj)); + VERIFY0(bpobj_iterate(&bpo, dsl_deadlist_insert_cb, dl, tx)); bpobj_close(&bpo); return; } @@ -507,11 +513,11 @@ dsl_deadlist_merge(dsl_deadlist_t *dl, uint64_t obj, dmu_tx_t *tx) zap_cursor_advance(&zc)) { uint64_t mintxg = zfs_strtonum(za.za_name, NULL); dsl_deadlist_insert_bpobj(dl, za.za_first_integer, mintxg, tx); - VERIFY3U(0, ==, zap_remove_int(dl->dl_os, obj, mintxg, tx)); + VERIFY0(zap_remove_int(dl->dl_os, obj, mintxg, tx)); } zap_cursor_fini(&zc); - VERIFY3U(0, ==, dmu_bonus_hold(dl->dl_os, obj, FTAG, &bonus)); + VERIFY0(dmu_bonus_hold(dl->dl_os, obj, FTAG, &bonus)); dlp = bonus->db_data; dmu_buf_will_dirty(bonus, tx); bzero(dlp, sizeof (*dlp)); @@ -520,7 +526,7 @@ dsl_deadlist_merge(dsl_deadlist_t *dl, uint64_t obj, dmu_tx_t *tx) } /* - * Remove entries on dl that are >= mintxg, and put them on the bpobj. + * Remove entries on dl that are born > mintxg, and put them on the bpobj. */ void dsl_deadlist_move_bpobj(dsl_deadlist_t *dl, bpobj_t *bpo, uint64_t mintxg, @@ -546,7 +552,7 @@ dsl_deadlist_move_bpobj(dsl_deadlist_t *dl, bpobj_t *bpo, uint64_t mintxg, bpobj_enqueue_subobj(bpo, dle->dle_bpobj.bpo_object, tx); - VERIFY3U(0, ==, bpobj_space(&dle->dle_bpobj, + VERIFY0(bpobj_space(&dle->dle_bpobj, &used, &comp, &uncomp)); ASSERT3U(dl->dl_phys->dl_used, >=, used); ASSERT3U(dl->dl_phys->dl_comp, >=, comp); @@ -555,7 +561,7 @@ dsl_deadlist_move_bpobj(dsl_deadlist_t *dl, bpobj_t *bpo, uint64_t mintxg, dl->dl_phys->dl_comp -= comp; dl->dl_phys->dl_uncomp -= uncomp; - VERIFY3U(0, ==, zap_remove_int(dl->dl_os, dl->dl_object, + VERIFY0(zap_remove_int(dl->dl_os, dl->dl_object, dle->dle_mintxg, tx)); dle_next = AVL_NEXT(&dl->dl_tree, dle); diff --git a/module/zfs/dsl_destroy.c b/module/zfs/dsl_destroy.c index 465b3dfac..d15c446c7 100644 --- a/module/zfs/dsl_destroy.c +++ b/module/zfs/dsl_destroy.c @@ -31,6 +31,7 @@ #include <sys/dsl_dataset.h> #include <sys/dsl_synctask.h> #include <sys/dsl_destroy.h> +#include <sys/dsl_bookmark.h> #include <sys/dmu_tx.h> #include <sys/dsl_pool.h> #include <sys/dsl_dir.h> @@ -181,70 +182,86 @@ process_old_deadlist(dsl_dataset_t *ds, dsl_dataset_t *ds_prev, dsl_dataset_phys(ds_next)->ds_deadlist_obj); } -struct removeclonesnode { - list_node_t link; - dsl_dataset_t *ds; -}; +typedef struct remaining_clones_key { + dsl_dataset_t *rck_clone; + list_node_t rck_node; +} remaining_clones_key_t; + +static remaining_clones_key_t * +rck_alloc(dsl_dataset_t *clone) +{ + remaining_clones_key_t *rck = kmem_alloc(sizeof (*rck), KM_SLEEP); + rck->rck_clone = clone; + return (rck); +} static void -dsl_dataset_remove_clones_key(dsl_dataset_t *ds, uint64_t mintxg, dmu_tx_t *tx) +dsl_dir_remove_clones_key_impl(dsl_dir_t *dd, uint64_t mintxg, dmu_tx_t *tx, + list_t *stack, void *tag) { - objset_t *mos = ds->ds_dir->dd_pool->dp_meta_objset; - list_t clones; - struct removeclonesnode *rcn; + objset_t *mos = dd->dd_pool->dp_meta_objset; + + /* + * If it is the old version, dd_clones doesn't exist so we can't + * find the clones, but dsl_deadlist_remove_key() is a no-op so it + * doesn't matter. + */ + if (dsl_dir_phys(dd)->dd_clones == 0) + return; - list_create(&clones, sizeof (struct removeclonesnode), - offsetof(struct removeclonesnode, link)); + zap_cursor_t *zc = kmem_alloc(sizeof (zap_cursor_t), KM_SLEEP); + zap_attribute_t *za = kmem_alloc(sizeof (zap_attribute_t), KM_SLEEP); - rcn = kmem_zalloc(sizeof (struct removeclonesnode), KM_SLEEP); - rcn->ds = ds; - list_insert_head(&clones, rcn); + for (zap_cursor_init(zc, mos, dsl_dir_phys(dd)->dd_clones); + zap_cursor_retrieve(zc, za) == 0; + zap_cursor_advance(zc)) { + dsl_dataset_t *clone; - for (; rcn != NULL; rcn = list_next(&clones, rcn)) { - zap_cursor_t zc; - zap_attribute_t za; - /* - * If it is the old version, dd_clones doesn't exist so we can't - * find the clones, but dsl_deadlist_remove_key() is a no-op so - * it doesn't matter. - */ - if (dsl_dir_phys(rcn->ds->ds_dir)->dd_clones == 0) - continue; - - for (zap_cursor_init(&zc, mos, - dsl_dir_phys(rcn->ds->ds_dir)->dd_clones); - zap_cursor_retrieve(&zc, &za) == 0; - zap_cursor_advance(&zc)) { - dsl_dataset_t *clone; - - VERIFY0(dsl_dataset_hold_obj(rcn->ds->ds_dir->dd_pool, - za.za_first_integer, FTAG, &clone)); - if (clone->ds_dir->dd_origin_txg > mintxg) { - dsl_deadlist_remove_key(&clone->ds_deadlist, - mintxg, tx); - if (dsl_dataset_remap_deadlist_exists(clone)) { - dsl_deadlist_remove_key( - &clone->ds_remap_deadlist, mintxg, - tx); - } - rcn = kmem_zalloc( - sizeof (struct removeclonesnode), KM_SLEEP); - rcn->ds = clone; - list_insert_tail(&clones, rcn); - } else { - dsl_dataset_rele(clone, FTAG); + VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, + za->za_first_integer, tag, &clone)); + + if (clone->ds_dir->dd_origin_txg > mintxg) { + dsl_deadlist_remove_key(&clone->ds_deadlist, + mintxg, tx); + + if (dsl_dataset_remap_deadlist_exists(clone)) { + dsl_deadlist_remove_key( + &clone->ds_remap_deadlist, mintxg, tx); } + + list_insert_head(stack, rck_alloc(clone)); + } else { + dsl_dataset_rele(clone, tag); } - zap_cursor_fini(&zc); } + zap_cursor_fini(zc); + + kmem_free(za, sizeof (zap_attribute_t)); + kmem_free(zc, sizeof (zap_cursor_t)); +} - rcn = list_remove_head(&clones); - kmem_free(rcn, sizeof (struct removeclonesnode)); - while ((rcn = list_remove_head(&clones)) != NULL) { - dsl_dataset_rele(rcn->ds, FTAG); - kmem_free(rcn, sizeof (struct removeclonesnode)); +void +dsl_dir_remove_clones_key(dsl_dir_t *top_dd, uint64_t mintxg, dmu_tx_t *tx) +{ + list_t stack; + + list_create(&stack, sizeof (remaining_clones_key_t), + offsetof(remaining_clones_key_t, rck_node)); + + dsl_dir_remove_clones_key_impl(top_dd, mintxg, tx, &stack, FTAG); + for (remaining_clones_key_t *rck = list_remove_head(&stack); + rck != NULL; rck = list_remove_head(&stack)) { + dsl_dataset_t *clone = rck->rck_clone; + dsl_dir_t *clone_dir = clone->ds_dir; + + kmem_free(rck, sizeof (*rck)); + + dsl_dir_remove_clones_key_impl(clone_dir, mintxg, tx, + &stack, FTAG); + dsl_dataset_rele(clone, FTAG); } - list_destroy(&clones); + + list_destroy(&stack); } static void @@ -314,6 +331,8 @@ dsl_destroy_snapshot_sync_impl(dsl_dataset_t *ds, boolean_t defer, dmu_tx_t *tx) obj = ds->ds_object; + boolean_t book_exists = dsl_bookmark_ds_destroyed(ds, tx); + for (spa_feature_t f = 0; f < SPA_FEATURES; f++) { if (dsl_dataset_feature_is_active(ds, f)) dsl_dataset_deactivate_feature(ds, f, tx); @@ -400,9 +419,11 @@ dsl_destroy_snapshot_sync_impl(dsl_dataset_t *ds, boolean_t defer, dmu_tx_t *tx) dsl_destroy_snapshot_handle_remaps(ds, ds_next, tx); - /* Collapse range in clone heads */ - dsl_dataset_remove_clones_key(ds, - dsl_dataset_phys(ds)->ds_creation_txg, tx); + if (!book_exists) { + /* Collapse range in clone heads */ + dsl_dir_remove_clones_key(ds->ds_dir, + dsl_dataset_phys(ds)->ds_creation_txg, tx); + } if (ds_next->ds_is_snapshot) { dsl_dataset_t *ds_nextnext; @@ -430,9 +451,13 @@ dsl_destroy_snapshot_sync_impl(dsl_dataset_t *ds, boolean_t defer, dmu_tx_t *tx) /* Collapse range in this head. */ dsl_dataset_t *hds; VERIFY0(dsl_dataset_hold_obj(dp, - dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj, FTAG, &hds)); - dsl_deadlist_remove_key(&hds->ds_deadlist, - dsl_dataset_phys(ds)->ds_creation_txg, tx); + dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj, + FTAG, &hds)); + if (!book_exists) { + /* Collapse range in this head. */ + dsl_deadlist_remove_key(&hds->ds_deadlist, + dsl_dataset_phys(ds)->ds_creation_txg, tx); + } if (dsl_dataset_remap_deadlist_exists(hds)) { dsl_deadlist_remove_key(&hds->ds_remap_deadlist, dsl_dataset_phys(ds)->ds_creation_txg, tx); @@ -675,7 +700,8 @@ kill_blkptr(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, struct killarg *ka = arg; dmu_tx_t *tx = ka->tx; - if (bp == NULL || BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp)) + if (zb->zb_level == ZB_DNODE_LEVEL || BP_IS_HOLE(bp) || + BP_IS_EMBEDDED(bp)) return (0); if (zb->zb_level == ZB_ZIL_LEVEL) { @@ -973,8 +999,28 @@ dsl_destroy_head_sync_impl(dsl_dataset_t *ds, dmu_tx_t *tx) VERIFY0(zap_destroy(mos, dsl_dataset_phys(ds)->ds_snapnames_zapobj, tx)); - if (ds->ds_bookmarks != 0) { - VERIFY0(zap_destroy(mos, ds->ds_bookmarks, tx)); + if (ds->ds_bookmarks_obj != 0) { + void *cookie = NULL; + dsl_bookmark_node_t *dbn; + + while ((dbn = avl_destroy_nodes(&ds->ds_bookmarks, &cookie)) != + NULL) { + if (dbn->dbn_phys.zbm_redaction_obj != 0) { + VERIFY0(dmu_object_free(mos, + dbn->dbn_phys.zbm_redaction_obj, tx)); + spa_feature_decr(dmu_objset_spa(mos), + SPA_FEATURE_REDACTION_BOOKMARKS, tx); + } + if (dbn->dbn_phys.zbm_flags & ZBM_FLAG_HAS_FBN) { + spa_feature_decr(dmu_objset_spa(mos), + SPA_FEATURE_BOOKMARK_WRITTEN, tx); + } + spa_strfree(dbn->dbn_name); + mutex_destroy(&dbn->dbn_lock); + kmem_free(dbn, sizeof (*dbn)); + } + avl_destroy(&ds->ds_bookmarks); + VERIFY0(zap_destroy(mos, ds->ds_bookmarks_obj, tx)); spa_feature_decr(dp->dp_spa, SPA_FEATURE_BOOKMARKS, tx); } diff --git a/module/zfs/dsl_pool.c b/module/zfs/dsl_pool.c index 10e967ab9..864376c1e 100644 --- a/module/zfs/dsl_pool.c +++ b/module/zfs/dsl_pool.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2011, 2017 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. * Copyright (c) 2013 Steven Hartland. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. * Copyright 2016 Nexenta Systems, Inc. All rights reserved. @@ -42,7 +42,6 @@ #include <sys/fs/zfs.h> #include <sys/zfs_znode.h> #include <sys/spa_impl.h> -#include <sys/dsl_deadlist.h> #include <sys/vdev_impl.h> #include <sys/metaslab_impl.h> #include <sys/bptree.h> diff --git a/module/zfs/dsl_scan.c b/module/zfs/dsl_scan.c index 04a439fad..f25a559a9 100644 --- a/module/zfs/dsl_scan.c +++ b/module/zfs/dsl_scan.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2011, 2017 by Delphix. All rights reserved. + * Copyright (c) 2011, 2018 by Delphix. All rights reserved. * Copyright 2016 Gary Mills * Copyright (c) 2017 Datto Inc. * Copyright 2017 Joyent, Inc. @@ -1343,6 +1343,7 @@ dsl_scan_zil_block(zilog_t *zilog, blkptr_t *bp, void *arg, uint64_t claim_txg) zil_header_t *zh = zsa->zsa_zh; zbookmark_phys_t zb; + ASSERT(!BP_IS_REDACTED(bp)); if (BP_IS_HOLE(bp) || bp->blk_birth <= scn->scn_phys.scn_cur_min_txg) return (0); @@ -1375,6 +1376,7 @@ dsl_scan_zil_record(zilog_t *zilog, lr_t *lrc, void *arg, uint64_t claim_txg) blkptr_t *bp = &lr->lr_blkptr; zbookmark_phys_t zb; + ASSERT(!BP_IS_REDACTED(bp)); if (BP_IS_HOLE(bp) || bp->blk_birth <= scn->scn_phys.scn_cur_min_txg) return (0); @@ -1519,7 +1521,7 @@ dsl_scan_prefetch(scan_prefetch_ctx_t *spc, blkptr_t *bp, zbookmark_phys_t *zb) spa_t *spa = scn->scn_dp->dp_spa; scan_prefetch_issue_ctx_t *spic; - if (zfs_no_scrub_prefetch) + if (zfs_no_scrub_prefetch || BP_IS_REDACTED(bp)) return; if (BP_IS_HOLE(bp) || bp->blk_birth <= scn->scn_phys.scn_cur_min_txg || @@ -1771,6 +1773,8 @@ dsl_scan_recurse(dsl_scan_t *scn, dsl_dataset_t *ds, dmu_objset_type_t ostype, int zio_flags = ZIO_FLAG_CANFAIL | ZIO_FLAG_SCAN_THREAD; int err; + ASSERT(!BP_IS_REDACTED(bp)); + if (BP_GET_LEVEL(bp) > 0) { arc_flags_t flags = ARC_FLAG_WAIT; int i; @@ -1924,6 +1928,12 @@ dsl_scan_visitbp(blkptr_t *bp, const zbookmark_phys_t *zb, return; } + if (BP_IS_REDACTED(bp)) { + ASSERT(dsl_dataset_feature_is_active(ds, + SPA_FEATURE_REDACTED_DATASETS)); + return; + } + if (bp->blk_birth <= scn->scn_phys.scn_cur_min_txg) { scn->scn_lt_min_this_txg++; return; diff --git a/module/zfs/objlist.c b/module/zfs/objlist.c new file mode 100644 index 000000000..c80bab2a7 --- /dev/null +++ b/module/zfs/objlist.c @@ -0,0 +1,84 @@ +/* + * CDDL HEADER START + * + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2018 by Delphix. All rights reserved. + */ + +#include <sys/objlist.h> +#include <sys/zfs_context.h> + +objlist_t * +objlist_create(void) +{ + objlist_t *list = kmem_alloc(sizeof (*list), KM_SLEEP); + list_create(&list->ol_list, sizeof (objlist_node_t), + offsetof(objlist_node_t, on_node)); + list->ol_last_lookup = 0; + return (list); +} + +void +objlist_destroy(objlist_t *list) +{ + for (objlist_node_t *n = list_remove_head(&list->ol_list); + n != NULL; n = list_remove_head(&list->ol_list)) { + kmem_free(n, sizeof (*n)); + } + list_destroy(&list->ol_list); + kmem_free(list, sizeof (*list)); +} + +/* + * This function looks through the objlist to see if the specified object number + * is contained in the objlist. In the process, it will remove all object + * numbers in the list that are smaller than the specified object number. Thus, + * any lookup of an object number smaller than a previously looked up object + * number will always return false; therefore, all lookups should be done in + * ascending order. + */ +boolean_t +objlist_exists(objlist_t *list, uint64_t object) +{ + objlist_node_t *node = list_head(&list->ol_list); + ASSERT3U(object, >=, list->ol_last_lookup); + list->ol_last_lookup = object; + while (node != NULL && node->on_object < object) { + VERIFY3P(node, ==, list_remove_head(&list->ol_list)); + kmem_free(node, sizeof (*node)); + node = list_head(&list->ol_list); + } + return (node != NULL && node->on_object == object); +} + +/* + * The objlist is a list of object numbers stored in ascending order. However, + * the insertion of new object numbers does not seek out the correct location to + * store a new object number; instead, it appends it to the list for simplicity. + * Thus, any users must take care to only insert new object numbers in ascending + * order. + */ +void +objlist_insert(objlist_t *list, uint64_t object) +{ + objlist_node_t *node = kmem_zalloc(sizeof (*node), KM_SLEEP); + node->on_object = object; +#ifdef ZFS_DEBUG + objlist_node_t *last_object = list_tail(&list->ol_list); + uint64_t last_objnum = (last_object != NULL ? last_object->on_object : + 0); + ASSERT3U(node->on_object, >, last_objnum); +#endif + list_insert_tail(&list->ol_list, node); +} diff --git a/module/zfs/refcount.c b/module/zfs/refcount.c index bcaa6d387..89528e6d3 100644 --- a/module/zfs/refcount.c +++ b/module/zfs/refcount.c @@ -86,7 +86,7 @@ zfs_refcount_destroy_many(zfs_refcount_t *rc, uint64_t number) { reference_t *ref; - ASSERT(rc->rc_count == number); + ASSERT3U(rc->rc_count, ==, number); while ((ref = list_head(&rc->rc_list))) { list_remove(&rc->rc_list, ref); kmem_cache_free(reference_cache, ref); @@ -132,7 +132,7 @@ zfs_refcount_add_many(zfs_refcount_t *rc, uint64_t number, void *holder) ref->ref_number = number; } mutex_enter(&rc->rc_mtx); - ASSERT(rc->rc_count >= 0); + ASSERT3U(rc->rc_count, >=, 0); if (rc->rc_tracked) list_insert_head(&rc->rc_list, ref); rc->rc_count += number; @@ -155,7 +155,7 @@ zfs_refcount_remove_many(zfs_refcount_t *rc, uint64_t number, void *holder) int64_t count; mutex_enter(&rc->rc_mtx); - ASSERT(rc->rc_count >= number); + ASSERT3U(rc->rc_count, >=, number); if (!rc->rc_tracked) { rc->rc_count -= number; diff --git a/module/zfs/spa.c b/module/zfs/spa.c index eb3ff91a0..5e0338d3e 100644 --- a/module/zfs/spa.c +++ b/module/zfs/spa.c @@ -2119,7 +2119,8 @@ static int spa_load_verify_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, const zbookmark_phys_t *zb, const dnode_phys_t *dnp, void *arg) { - if (bp == NULL || BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp)) + if (zb->zb_level == ZB_DNODE_LEVEL || BP_IS_HOLE(bp) || + BP_IS_EMBEDDED(bp) || BP_IS_REDACTED(bp)) return (0); /* * Note: normally this routine will not be called if diff --git a/module/zfs/txg.c b/module/zfs/txg.c index 0fcd569e3..b01bbe190 100644 --- a/module/zfs/txg.c +++ b/module/zfs/txg.c @@ -692,7 +692,7 @@ txg_wait_synced(dsl_pool_t *dp, uint64_t txg) txg, tx->tx_quiesce_txg_waiting, tx->tx_sync_txg_waiting); while (tx->tx_synced_txg < txg) { dprintf("broadcasting sync more " - "tx_synced=%llu waiting=%llu dp=%p\n", + "tx_synced=%llu waiting=%llu dp=%px\n", tx->tx_synced_txg, tx->tx_sync_txg_waiting, dp); cv_broadcast(&tx->tx_sync_more_cv); cv_wait_io(&tx->tx_sync_done_cv, &tx->tx_sync_lock); diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c index c6b55d24f..2b67761fd 100644 --- a/module/zfs/zfs_ioctl.c +++ b/module/zfs/zfs_ioctl.c @@ -176,6 +176,7 @@ #include <sys/dsl_deleg.h> #include <sys/dmu_objset.h> #include <sys/dmu_impl.h> +#include <sys/dmu_redact.h> #include <sys/dmu_tx.h> #include <sys/sunddi.h> #include <sys/policy.h> @@ -194,6 +195,7 @@ #include <sys/dmu_recv.h> #include <sys/dmu_send.h> +#include <sys/dmu_recv.h> #include <sys/dsl_destroy.h> #include <sys/dsl_bookmark.h> #include <sys/dsl_userhold.h> @@ -271,7 +273,8 @@ typedef struct zfs_ioc_key { typedef enum { NO_NAME, POOL_NAME, - DATASET_NAME + DATASET_NAME, + ENTITY_NAME } zfs_ioc_namecheck_t; typedef enum { @@ -3709,6 +3712,37 @@ zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) } /* + * innvl is not used. + * + * outnvl: { + * property 1, property 2, ... + * } + * + */ +static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = { + /* no nvl keys */ +}; + +/* ARGSUSED */ +static int +zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl, + nvlist_t *outnvl) +{ + char fsname[ZFS_MAX_DATASET_NAME_LEN]; + char *bmname; + + bmname = strchr(bookmark, '#'); + if (bmname == NULL) + return (SET_ERROR(EINVAL)); + bmname++; + + (void) strlcpy(fsname, bookmark, sizeof (fsname)); + *(strchr(fsname, '#')) = '\0'; + + return (dsl_get_bookmark_props(fsname, bmname, outnvl)); +} + +/* * innvl: { * bookmark name 1, bookmark name 2 * } @@ -4112,6 +4146,40 @@ recursive_unmount(const char *fsname, void *arg) } /* + * + * snapname is the snapshot to redact. + * innvl: { + * "bookname" -> (string) + * name of the redaction bookmark to generate + * "snapnv" -> (nvlist, values ignored) + * snapshots to redact snapname with respect to + * } + * + * outnvl is unused + */ + +/* ARGSUSED */ +static const zfs_ioc_key_t zfs_keys_redact[] = { + {"bookname", DATA_TYPE_STRING, 0}, + {"snapnv", DATA_TYPE_NVLIST, 0}, +}; +static int +zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) +{ + nvlist_t *redactnvl = NULL; + char *redactbook = NULL; + + if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0) + return (SET_ERROR(EINVAL)); + if (fnvlist_num_pairs(redactnvl) == 0) + return (SET_ERROR(ENXIO)); + if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0) + return (SET_ERROR(EINVAL)); + + return (dmu_redact_snap(snapname, redactnvl, redactbook)); +} + +/* * inputs: * zc_name old name of dataset * zc_value new name of dataset @@ -4626,6 +4694,7 @@ zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, nvlist_t *origprops = NULL; /* existing properties */ nvlist_t *origrecvd = NULL; /* existing received properties */ boolean_t first_recvd_props = B_FALSE; + boolean_t tofs_was_redacted; file_t *input_fp; *read_bytes = 0; @@ -4636,10 +4705,13 @@ zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, if (input_fp == NULL) return (SET_ERROR(EBADF)); + off = input_fp->f_offset; error = dmu_recv_begin(tofs, tosnap, begin_record, force, - resumable, localprops, hidden_args, origin, &drc); + resumable, localprops, hidden_args, origin, &drc, input_fp->f_vnode, + &off); if (error != 0) goto out; + tofs_was_redacted = dsl_get_redacted(drc.drc_ds); /* * Set properties before we receive the stream so that they are applied @@ -4740,9 +4812,7 @@ zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, nvlist_free(xprops); } - off = input_fp->f_offset; - error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd, - action_handle); + error = dmu_recv_stream(&drc, cleanup_fd, action_handle, &off); if (error == 0) { zfsvfs_t *zfsvfs = NULL; @@ -4752,6 +4822,9 @@ zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, /* online recv */ dsl_dataset_t *ds; int end_err; + boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS( + begin_record->drr_u.drr_begin. + drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED; ds = dmu_objset_ds(zfsvfs->z_os); error = zfs_suspend_fs(zfsvfs); @@ -4760,8 +4833,17 @@ zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin, nvlist_t *recvprops, * likely also fail, and clean up after itself. */ end_err = dmu_recv_end(&drc, zfsvfs); - if (error == 0) + /* + * If the dataset was not redacted, but we received a + * redacted stream onto it, we need to unmount the + * dataset. Otherwise, resume the filesystem. + */ + if (error == 0 && !drc.drc_newfs && + stream_is_redacted && !tofs_was_redacted) { + error = zfs_end_fs(zfsvfs, ds); + } else if (error == 0) { error = zfs_resume_fs(zfsvfs, ds); + } error = error ? error : end_err; deactivate_super(zfsvfs->z_sb); } else if ((zv = zvol_suspend(tofs)) != NULL) { @@ -5118,6 +5200,49 @@ zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) return (error); } +typedef struct dump_bytes_io { + vnode_t *dbi_vp; + void *dbi_buf; + int dbi_len; + int dbi_err; +} dump_bytes_io_t; + +static void +dump_bytes_cb(void *arg) +{ + dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg; + ssize_t resid; /* have to get resid to get detailed errno */ + + dbi->dbi_err = vn_rdwr(UIO_WRITE, dbi->dbi_vp, + (caddr_t)dbi->dbi_buf, dbi->dbi_len, + 0, UIO_SYSSPACE, FAPPEND, RLIM64_INFINITY, CRED(), &resid); +} + +static int +dump_bytes(objset_t *os, void *buf, int len, void *arg) +{ + dump_bytes_io_t dbi; + + dbi.dbi_vp = arg; + dbi.dbi_buf = buf; + dbi.dbi_len = len; + +#if defined(HAVE_LARGE_STACKS) + dump_bytes_cb(&dbi); +#else + /* + * The vn_rdwr() call is performed in a taskq to ensure that there is + * always enough stack space to write safely to the target filesystem. + * The ZIO_TYPE_FREE threads are used because there can be a lot of + * them and they are used in vdev_file.c for a similar purpose. + */ + spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE, + ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP); +#endif /* HAVE_LARGE_STACKS */ + + return (dbi.dbi_err); +} + /* * inputs: * zc_name name of snapshot to send @@ -5193,8 +5318,8 @@ zfs_ioc_send(zfs_cmd_t *zc) } } - error = dmu_send_estimate(tosnap, fromsnap, compressok || rawok, - &zc->zc_objset_type); + error = dmu_send_estimate_fast(tosnap, fromsnap, NULL, + compressok || rawok, &zc->zc_objset_type); if (fromsnap != NULL) dsl_dataset_rele(fromsnap, FTAG); @@ -5206,9 +5331,13 @@ zfs_ioc_send(zfs_cmd_t *zc) return (SET_ERROR(EBADF)); off = fp->f_offset; + dmu_send_outparams_t out = {0}; + out.dso_outfunc = dump_bytes; + out.dso_arg = fp->f_vnode; + out.dso_dryrun = B_FALSE; error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, zc->zc_fromobj, embedok, large_block_ok, compressok, rawok, - zc->zc_cookie, fp->f_vnode, &off); + zc->zc_cookie, &off, &out); if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) fp->f_offset = off; @@ -5219,18 +5348,19 @@ zfs_ioc_send(zfs_cmd_t *zc) /* * inputs: - * zc_name name of snapshot on which to report progress - * zc_cookie file descriptor of send stream + * zc_name name of snapshot on which to report progress + * zc_cookie file descriptor of send stream * * outputs: - * zc_cookie number of bytes written in send stream thus far + * zc_cookie number of bytes written in send stream thus far + * zc_objset_type logical size of data traversed by send thus far */ static int zfs_ioc_send_progress(zfs_cmd_t *zc) { dsl_pool_t *dp; dsl_dataset_t *ds; - dmu_sendarg_t *dsp = NULL; + dmu_sendstatus_t *dsp = NULL; int error; error = dsl_pool_hold(zc->zc_name, FTAG, &dp); @@ -5254,15 +5384,19 @@ zfs_ioc_send_progress(zfs_cmd_t *zc) for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; dsp = list_next(&ds->ds_sendstreams, dsp)) { - if (dsp->dsa_outfd == zc->zc_cookie && - dsp->dsa_proc->group_leader == curproc->group_leader) + if (dsp->dss_outfd == zc->zc_cookie && + dsp->dss_proc == curproc) break; } - if (dsp != NULL) - zc->zc_cookie = *(dsp->dsa_off); - else + if (dsp != NULL) { + zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off, + 0, 0); + /* This is the closest thing we have to atomic_read_64. */ + zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0); + } else { error = SET_ERROR(ENOENT); + } mutex_exit(&ds->ds_sendstream_lock); dsl_dataset_rele(ds, FTAG); @@ -5973,8 +6107,8 @@ zfs_ioc_events_seek(zfs_cmd_t *zc) /* * inputs: - * zc_name name of new filesystem or snapshot - * zc_value full name of old snapshot + * zc_name name of later filesystem or snapshot + * zc_value full name of old snapshot or bookmark * * outputs: * zc_cookie space in bytes @@ -5986,7 +6120,7 @@ zfs_ioc_space_written(zfs_cmd_t *zc) { int error; dsl_pool_t *dp; - dsl_dataset_t *new, *old; + dsl_dataset_t *new; error = dsl_pool_hold(zc->zc_name, FTAG, &dp); if (error != 0) @@ -5996,16 +6130,26 @@ zfs_ioc_space_written(zfs_cmd_t *zc) dsl_pool_rele(dp, FTAG); return (error); } - error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); - if (error != 0) { - dsl_dataset_rele(new, FTAG); - dsl_pool_rele(dp, FTAG); - return (error); - } + if (strchr(zc->zc_value, '#') != NULL) { + zfs_bookmark_phys_t bmp; + error = dsl_bookmark_lookup(dp, zc->zc_value, + new, &bmp); + if (error == 0) { + error = dsl_dataset_space_written_bookmark(&bmp, new, + &zc->zc_cookie, + &zc->zc_objset_type, &zc->zc_perm_action); + } + } else { + dsl_dataset_t *old; + error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); - error = dsl_dataset_space_written(old, new, &zc->zc_cookie, - &zc->zc_objset_type, &zc->zc_perm_action); - dsl_dataset_rele(old, FTAG); + if (error == 0) { + error = dsl_dataset_space_written(old, new, + &zc->zc_cookie, + &zc->zc_objset_type, &zc->zc_perm_action); + dsl_dataset_rele(old, FTAG); + } + } dsl_dataset_rele(new, FTAG); dsl_pool_rele(dp, FTAG); return (error); @@ -6085,6 +6229,9 @@ zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) * presence indicates raw encrypted records should be used. * (optional) "resume_object" and "resume_offset" -> (uint64) * if present, resume send stream from specified object and offset. + * (optional) "redactbook" -> (string) + * if present, use this bookmark's redaction list to generate a redacted + * send stream * } * * outnvl is unused @@ -6098,6 +6245,7 @@ static const zfs_ioc_key_t zfs_keys_send_new[] = { {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL}, {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL}, + {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, }; /* ARGSUSED */ @@ -6115,6 +6263,7 @@ zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) boolean_t rawok; uint64_t resumeobj = 0; uint64_t resumeoff = 0; + char *redactbook = NULL; fd = fnvlist_lookup_int32(innvl, "fd"); @@ -6128,12 +6277,18 @@ zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); + (void) nvlist_lookup_string(innvl, "redactbook", &redactbook); + if ((fp = getf(fd)) == NULL) return (SET_ERROR(EBADF)); off = fp->f_offset; + dmu_send_outparams_t out = {0}; + out.dso_outfunc = dump_bytes; + out.dso_arg = fp->f_vnode; + out.dso_dryrun = B_FALSE; error = dmu_send(snapname, fromname, embedok, largeblockok, compressok, - rawok, fd, resumeobj, resumeoff, fp->f_vnode, &off); + rawok, resumeobj, resumeoff, redactbook, fd, &off, &out); if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) fp->f_offset = off; @@ -6142,6 +6297,15 @@ zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) return (error); } +/* ARGSUSED */ +int +send_space_sum(objset_t *os, void *buf, int len, void *arg) +{ + uint64_t *size = arg; + *size += len; + return (0); +} + /* * Determine approximately how large a zfs send stream will be -- the number * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). @@ -6157,6 +6321,8 @@ zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) * presence indicates compressed DRR_WRITE records are permitted * (optional) "rawok" -> (value ignored) * presence indicates raw encrypted records should be used. + * (optional) "fd" -> file descriptor to use as a cookie for progress + * tracking (int32) * } * * outnvl: { @@ -6170,6 +6336,11 @@ static const zfs_ioc_key_t zfs_keys_send_space[] = { {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL}, + {"fd", DATA_TYPE_INT32, ZK_OPTIONAL}, + {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL}, + {"resumeobj", DATA_TYPE_UINT64, ZK_OPTIONAL}, + {"resumeoff", DATA_TYPE_UINT64, ZK_OPTIONAL}, + {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL}, }; static int @@ -6177,11 +6348,21 @@ zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) { dsl_pool_t *dp; dsl_dataset_t *tosnap; + dsl_dataset_t *fromsnap = NULL; int error; - char *fromname; + char *fromname = NULL; + char *redactlist_book = NULL; + boolean_t largeblockok; + boolean_t embedok; boolean_t compressok; boolean_t rawok; - uint64_t space; + uint64_t space = 0; + boolean_t full_estimate = B_FALSE; + uint64_t resumeobj = 0; + uint64_t resumeoff = 0; + uint64_t resume_bytes = 0; + int32_t fd = -1; + zfs_bookmark_phys_t zbm = {0}; error = dsl_pool_hold(snapname, FTAG, &dp); if (error != 0) @@ -6192,61 +6373,101 @@ zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) dsl_pool_rele(dp, FTAG); return (error); } + (void) nvlist_lookup_int32(innvl, "fd", &fd); + largeblockok = nvlist_exists(innvl, "largeblockok"); + embedok = nvlist_exists(innvl, "embedok"); compressok = nvlist_exists(innvl, "compressok"); rawok = nvlist_exists(innvl, "rawok"); + boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0); + boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook", + &redactlist_book) == 0); + + (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); + (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); + (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes); + + if (altbook) { + full_estimate = B_TRUE; + } else if (from) { + if (strchr(fromname, '#')) { + error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm); - error = nvlist_lookup_string(innvl, "from", &fromname); - if (error == 0) { - if (strchr(fromname, '@') != NULL) { /* - * If from is a snapshot, hold it and use the more - * efficient dmu_send_estimate to estimate send space - * size using deadlists. + * dsl_bookmark_lookup() will fail with EXDEV if + * the from-bookmark and tosnap are at the same txg. + * However, it's valid to do a send (and therefore, + * a send estimate) from and to the same time point, + * if the bookmark is redacted (the incremental send + * can change what's redacted on the target). In + * this case, dsl_bookmark_lookup() fills in zbm + * but returns EXDEV. Ignore this error. */ - dsl_dataset_t *fromsnap; + if (error == EXDEV && zbm.zbm_redaction_obj != 0 && + zbm.zbm_guid == + dsl_dataset_phys(tosnap)->ds_guid) + error = 0; + + if (error != 0) { + dsl_dataset_rele(tosnap, FTAG); + dsl_pool_rele(dp, FTAG); + return (error); + } + if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags & + ZBM_FLAG_HAS_FBN)) { + full_estimate = B_TRUE; + } + } else if (strchr(fromname, '@')) { error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); - if (error != 0) - goto out; - error = dmu_send_estimate(tosnap, fromsnap, - compressok || rawok, &space); - dsl_dataset_rele(fromsnap, FTAG); - } else if (strchr(fromname, '#') != NULL) { - /* - * If from is a bookmark, fetch the creation TXG of the - * snapshot it was created from and use that to find - * blocks that were born after it. - */ - zfs_bookmark_phys_t frombm; + if (error != 0) { + dsl_dataset_rele(tosnap, FTAG); + dsl_pool_rele(dp, FTAG); + return (error); + } - error = dsl_bookmark_lookup(dp, fromname, tosnap, - &frombm); - if (error != 0) - goto out; - error = dmu_send_estimate_from_txg(tosnap, - frombm.zbm_creation_txg, compressok || rawok, - &space); + if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) { + full_estimate = B_TRUE; + dsl_dataset_rele(fromsnap, FTAG); + } } else { /* * from is not properly formatted as a snapshot or * bookmark */ - error = SET_ERROR(EINVAL); - goto out; + dsl_dataset_rele(tosnap, FTAG); + dsl_pool_rele(dp, FTAG); + return (SET_ERROR(EINVAL)); } - } else { + } + + if (full_estimate) { + dmu_send_outparams_t out = {0}; + offset_t off = 0; + out.dso_outfunc = send_space_sum; + out.dso_arg = &space; + out.dso_dryrun = B_TRUE; /* - * If estimating the size of a full send, use dmu_send_estimate. + * We have to release these holds so dmu_send can take them. It + * will do all the error checking we need. */ - error = dmu_send_estimate(tosnap, NULL, compressok || rawok, - &space); + dsl_dataset_rele(tosnap, FTAG); + dsl_pool_rele(dp, FTAG); + error = dmu_send(snapname, fromname, embedok, largeblockok, + compressok, rawok, resumeobj, resumeoff, redactlist_book, + fd, &off, &out); + } else { + error = dmu_send_estimate_fast(tosnap, fromsnap, + (from && strchr(fromname, '#') != NULL ? &zbm : NULL), + compressok || rawok, &space); + space -= resume_bytes; + if (fromsnap != NULL) + dsl_dataset_rele(fromsnap, FTAG); + dsl_dataset_rele(tosnap, FTAG); + dsl_pool_rele(dp, FTAG); } fnvlist_add_uint64(outnvl, "space", space); -out: - dsl_dataset_rele(tosnap, FTAG); - dsl_pool_rele(dp, FTAG); return (error); } @@ -6607,6 +6828,11 @@ zfs_ioctl_init(void) POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks)); + zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS, + zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME, + POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props, + ARRAY_SIZE(zfs_keys_get_bookmark_props)); + zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, POOL_NAME, @@ -6646,6 +6872,11 @@ zfs_ioctl_init(void) B_TRUE, zfs_keys_channel_program, ARRAY_SIZE(zfs_keys_channel_program)); + zfs_ioctl_register("redact", ZFS_IOC_REDACT, + zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME, + POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, + zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact)); + zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT, zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE, @@ -6891,7 +7122,8 @@ pool_status_check(const char *name, zfs_ioc_namecheck_t type, spa_t *spa; int error; - ASSERT(type == POOL_NAME || type == DATASET_NAME); + ASSERT(type == POOL_NAME || type == DATASET_NAME || + type == ENTITY_NAME); if (check & POOL_CHECK_NONE) return (0); @@ -7162,10 +7394,18 @@ zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg) vec->zvec_namecheck, vec->zvec_pool_check); break; + case ENTITY_NAME: + if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) { + error = SET_ERROR(EINVAL); + } else { + error = pool_status_check(zc->zc_name, + vec->zvec_namecheck, vec->zvec_pool_check); + } + break; + case NO_NAME: break; } - /* * Ensure that all input pairs are valid before we pass them down * to the lower layers. diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c index 371c412f6..8d728adea 100644 --- a/module/zfs/zfs_vfsops.c +++ b/module/zfs/zfs_vfsops.c @@ -55,6 +55,7 @@ #include <sys/sunddi.h> #include <sys/dmu_objset.h> #include <sys/spa_boot.h> +#include <sys/objlist.h> #include <sys/zpl.h> #include <linux/vfs_compat.h> #include "zfs_comutil.h" @@ -2205,11 +2206,14 @@ zfs_resume_fs(zfsvfs_t *zfsvfs, dsl_dataset_t *ds) } bail: + if (err != 0) + zfsvfs->z_unmounted = B_TRUE; + /* release the VFS ops */ rw_exit(&zfsvfs->z_teardown_inactive_lock); rrm_exit(&zfsvfs->z_teardown_lock, FTAG); - if (err) { + if (err != 0) { /* * Since we couldn't setup the sa framework, try to force * unmount this file system. @@ -2220,6 +2224,37 @@ bail: return (err); } +/* + * Release VOPs and unmount a suspended filesystem. + */ +int +zfs_end_fs(zfsvfs_t *zfsvfs, dsl_dataset_t *ds) +{ + ASSERT(RRM_WRITE_HELD(&zfsvfs->z_teardown_lock)); + ASSERT(RW_WRITE_HELD(&zfsvfs->z_teardown_inactive_lock)); + + /* + * We already own this, so just hold and rele it to update the + * objset_t, as the one we had before may have been evicted. + */ + objset_t *os; + VERIFY3P(ds->ds_owner, ==, zfsvfs); + VERIFY(dsl_dataset_long_held(ds)); + VERIFY0(dmu_objset_from_ds(ds, &os)); + zfsvfs->z_os = os; + + /* release the VOPs */ + rw_exit(&zfsvfs->z_teardown_inactive_lock); + rrm_exit(&zfsvfs->z_teardown_lock, FTAG); + + /* + * Try to force unmount this file system. + */ + (void) zfs_umount(zfsvfs->z_sb); + zfsvfs->z_unmounted = B_TRUE; + return (0); +} + int zfs_set_version(zfsvfs_t *zfsvfs, uint64_t newvers) { @@ -2394,6 +2429,71 @@ zfs_get_vfs_flag_unmounted(objset_t *os) return (unmounted); } +struct objnode { + avl_node_t node; + uint64_t obj; +}; + +static int +objnode_compare(const void *o1, const void *o2) +{ + const struct objnode *obj1 = o1; + const struct objnode *obj2 = o2; + if (obj1->obj < obj2->obj) + return (-1); + if (obj1->obj > obj2->obj) + return (1); + return (0); +} + +objlist_t * +zfs_get_deleteq(objset_t *os) +{ + objlist_t *deleteq_objlist = objlist_create(); + uint64_t deleteq_obj; + zap_cursor_t zc; + zap_attribute_t za; + dmu_object_info_t doi; + + ASSERT3U(os->os_phys->os_type, ==, DMU_OST_ZFS); + VERIFY0(dmu_object_info(os, MASTER_NODE_OBJ, &doi)); + ASSERT3U(doi.doi_type, ==, DMU_OT_MASTER_NODE); + + VERIFY0(zap_lookup(os, MASTER_NODE_OBJ, + ZFS_UNLINKED_SET, sizeof (uint64_t), 1, &deleteq_obj)); + + /* + * In order to insert objects into the objlist, they must be in sorted + * order. We don't know what order we'll get them out of the ZAP in, so + * we insert them into and remove them from an avl_tree_t to sort them. + */ + avl_tree_t at; + avl_create(&at, objnode_compare, sizeof (struct objnode), + offsetof(struct objnode, node)); + + for (zap_cursor_init(&zc, os, deleteq_obj); + zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) { + struct objnode *obj = kmem_zalloc(sizeof (*obj), KM_SLEEP); + obj->obj = za.za_first_integer; + avl_add(&at, obj); + } + zap_cursor_fini(&zc); + + struct objnode *next, *found = avl_first(&at); + while (found != NULL) { + next = AVL_NEXT(&at, found); + objlist_insert(deleteq_objlist, found->obj); + found = next; + } + + void *cookie = NULL; + while ((found = avl_destroy_nodes(&at, &cookie)) != NULL) + kmem_free(found, sizeof (*found)); + avl_destroy(&at); + return (deleteq_objlist); +} + + void zfs_init(void) { diff --git a/module/zfs/zio.c b/module/zfs/zio.c index a6bf8a27b..78dff51af 100644 --- a/module/zfs/zio.c +++ b/module/zfs/zio.c @@ -4799,6 +4799,9 @@ zbookmark_compare(uint16_t dbss1, uint8_t ibs1, uint16_t dbss2, uint8_t ibs2, zb1->zb_blkid == zb2->zb_blkid) return (0); + IMPLY(zb1->zb_level > 0, ibs1 >= SPA_MINBLOCKSHIFT); + IMPLY(zb2->zb_level > 0, ibs2 >= SPA_MINBLOCKSHIFT); + /* * BP_SPANB calculates the span in blocks. */ |