4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011, 2019 by Delphix. All rights reserved.
25 * Copyright (c) 2018, Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
27 * Copyright 2013 Saso Kiselkov. All rights reserved.
28 * Copyright (c) 2014 Integros [integros.com]
29 * Copyright 2016 Toomas Soome <tsoome@me.com>
30 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
31 * Copyright 2018 Joyent, Inc.
32 * Copyright (c) 2017, 2019, Datto Inc. All rights reserved.
33 * Copyright 2017 Joyent, Inc.
34 * Copyright (c) 2017, Intel Corporation.
38 * SPA: Storage Pool Allocator
40 * This file contains all the routines used when modifying on-disk SPA state.
41 * This includes opening, importing, destroying, exporting a pool, and syncing a
45 #include <sys/zfs_context.h>
46 #include <sys/fm/fs/zfs.h>
47 #include <sys/spa_impl.h>
49 #include <sys/zio_checksum.h>
51 #include <sys/dmu_tx.h>
55 #include <sys/vdev_impl.h>
56 #include <sys/vdev_removal.h>
57 #include <sys/vdev_indirect_mapping.h>
58 #include <sys/vdev_indirect_births.h>
59 #include <sys/vdev_initialize.h>
60 #include <sys/vdev_trim.h>
61 #include <sys/vdev_disk.h>
62 #include <sys/metaslab.h>
63 #include <sys/metaslab_impl.h>
65 #include <sys/uberblock_impl.h>
68 #include <sys/bpobj.h>
69 #include <sys/dmu_traverse.h>
70 #include <sys/dmu_objset.h>
71 #include <sys/unique.h>
72 #include <sys/dsl_pool.h>
73 #include <sys/dsl_dataset.h>
74 #include <sys/dsl_dir.h>
75 #include <sys/dsl_prop.h>
76 #include <sys/dsl_synctask.h>
77 #include <sys/fs/zfs.h>
79 #include <sys/callb.h>
80 #include <sys/systeminfo.h>
81 #include <sys/spa_boot.h>
82 #include <sys/zfs_ioctl.h>
83 #include <sys/dsl_scan.h>
84 #include <sys/zfeature.h>
85 #include <sys/dsl_destroy.h>
89 #include <sys/fm/protocol.h>
90 #include <sys/fm/util.h>
91 #include <sys/callb.h>
93 #include <sys/vmsystm.h>
97 #include "zfs_comutil.h"
100 * The interval, in seconds, at which failed configuration cache file writes
103 int zfs_ccw_retry_interval = 300;
105 typedef enum zti_modes {
106 ZTI_MODE_FIXED, /* value is # of threads (min 1) */
107 ZTI_MODE_BATCH, /* cpu-intensive; value is ignored */
108 ZTI_MODE_NULL, /* don't create a taskq */
112 #define ZTI_P(n, q) { ZTI_MODE_FIXED, (n), (q) }
113 #define ZTI_PCT(n) { ZTI_MODE_ONLINE_PERCENT, (n), 1 }
114 #define ZTI_BATCH { ZTI_MODE_BATCH, 0, 1 }
115 #define ZTI_NULL { ZTI_MODE_NULL, 0, 0 }
117 #define ZTI_N(n) ZTI_P(n, 1)
118 #define ZTI_ONE ZTI_N(1)
120 typedef struct zio_taskq_info {
121 zti_modes_t zti_mode;
126 static const char *const zio_taskq_types[ZIO_TASKQ_TYPES] = {
127 "iss", "iss_h", "int", "int_h"
131 * This table defines the taskq settings for each ZFS I/O type. When
132 * initializing a pool, we use this table to create an appropriately sized
133 * taskq. Some operations are low volume and therefore have a small, static
134 * number of threads assigned to their taskqs using the ZTI_N(#) or ZTI_ONE
135 * macros. Other operations process a large amount of data; the ZTI_BATCH
136 * macro causes us to create a taskq oriented for throughput. Some operations
137 * are so high frequency and short-lived that the taskq itself can become a
138 * point of lock contention. The ZTI_P(#, #) macro indicates that we need an
139 * additional degree of parallelism specified by the number of threads per-
140 * taskq and the number of taskqs; when dispatching an event in this case, the
141 * particular taskq is chosen at random.
143 * The different taskq priorities are to handle the different contexts (issue
144 * and interrupt) and then to reserve threads for ZIO_PRIORITY_NOW I/Os that
145 * need to be handled with minimum delay.
147 const zio_taskq_info_t zio_taskqs[ZIO_TYPES][ZIO_TASKQ_TYPES] = {
148 /* ISSUE ISSUE_HIGH INTR INTR_HIGH */
149 { ZTI_ONE, ZTI_NULL, ZTI_ONE, ZTI_NULL }, /* NULL */
150 { ZTI_N(8), ZTI_NULL, ZTI_P(12, 8), ZTI_NULL }, /* READ */
151 { ZTI_BATCH, ZTI_N(5), ZTI_P(12, 8), ZTI_N(5) }, /* WRITE */
152 { ZTI_P(12, 8), ZTI_NULL, ZTI_ONE, ZTI_NULL }, /* FREE */
153 { ZTI_ONE, ZTI_NULL, ZTI_ONE, ZTI_NULL }, /* CLAIM */
154 { ZTI_ONE, ZTI_NULL, ZTI_ONE, ZTI_NULL }, /* IOCTL */
155 { ZTI_N(4), ZTI_NULL, ZTI_ONE, ZTI_NULL }, /* TRIM */
158 static void spa_sync_version(void *arg, dmu_tx_t *tx);
159 static void spa_sync_props(void *arg, dmu_tx_t *tx);
160 static boolean_t spa_has_active_shared_spare(spa_t *spa);
161 static int spa_load_impl(spa_t *spa, spa_import_type_t type, char **ereport);
162 static void spa_vdev_resilver_done(spa_t *spa);
164 uint_t zio_taskq_batch_pct = 75; /* 1 thread per cpu in pset */
165 boolean_t zio_taskq_sysdc = B_TRUE; /* use SDC scheduling class */
166 uint_t zio_taskq_basedc = 80; /* base duty cycle */
168 boolean_t spa_create_process = B_TRUE; /* no process ==> no sysdc */
171 * Report any spa_load_verify errors found, but do not fail spa_load.
172 * This is used by zdb to analyze non-idle pools.
174 boolean_t spa_load_verify_dryrun = B_FALSE;
177 * This (illegal) pool name is used when temporarily importing a spa_t in order
178 * to get the vdev stats associated with the imported devices.
180 #define TRYIMPORT_NAME "$import"
183 * For debugging purposes: print out vdev tree during pool import.
185 int spa_load_print_vdev_tree = B_FALSE;
188 * A non-zero value for zfs_max_missing_tvds means that we allow importing
189 * pools with missing top-level vdevs. This is strictly intended for advanced
190 * pool recovery cases since missing data is almost inevitable. Pools with
191 * missing devices can only be imported read-only for safety reasons, and their
192 * fail-mode will be automatically set to "continue".
194 * With 1 missing vdev we should be able to import the pool and mount all
195 * datasets. User data that was not modified after the missing device has been
196 * added should be recoverable. This means that snapshots created prior to the
197 * addition of that device should be completely intact.
199 * With 2 missing vdevs, some datasets may fail to mount since there are
200 * dataset statistics that are stored as regular metadata. Some data might be
201 * recoverable if those vdevs were added recently.
203 * With 3 or more missing vdevs, the pool is severely damaged and MOS entries
204 * may be missing entirely. Chances of data recovery are very low. Note that
205 * there are also risks of performing an inadvertent rewind as we might be
206 * missing all the vdevs with the latest uberblocks.
208 unsigned long zfs_max_missing_tvds = 0;
211 * The parameters below are similar to zfs_max_missing_tvds but are only
212 * intended for a preliminary open of the pool with an untrusted config which
213 * might be incomplete or out-dated.
215 * We are more tolerant for pools opened from a cachefile since we could have
216 * an out-dated cachefile where a device removal was not registered.
217 * We could have set the limit arbitrarily high but in the case where devices
218 * are really missing we would want to return the proper error codes; we chose
219 * SPA_DVAS_PER_BP - 1 so that some copies of the MOS would still be available
220 * and we get a chance to retrieve the trusted config.
222 uint64_t zfs_max_missing_tvds_cachefile = SPA_DVAS_PER_BP - 1;
225 * In the case where config was assembled by scanning device paths (/dev/dsks
226 * by default) we are less tolerant since all the existing devices should have
227 * been detected and we want spa_load to return the right error codes.
229 uint64_t zfs_max_missing_tvds_scan = 0;
232 * Debugging aid that pauses spa_sync() towards the end.
234 boolean_t zfs_pause_spa_sync = B_FALSE;
237 * Variables to indicate the livelist condense zthr func should wait at certain
238 * points for the livelist to be removed - used to test condense/destroy races
240 int zfs_livelist_condense_zthr_pause = 0;
241 int zfs_livelist_condense_sync_pause = 0;
244 * Variables to track whether or not condense cancellation has been
245 * triggered in testing.
247 int zfs_livelist_condense_sync_cancel = 0;
248 int zfs_livelist_condense_zthr_cancel = 0;
251 * Variable to track whether or not extra ALLOC blkptrs were added to a
252 * livelist entry while it was being condensed (caused by the way we track
253 * remapped blkptrs in dbuf_remap_impl)
255 int zfs_livelist_condense_new_alloc = 0;
258 * ==========================================================================
259 * SPA properties routines
260 * ==========================================================================
264 * Add a (source=src, propname=propval) list to an nvlist.
267 spa_prop_add_list(nvlist_t *nvl, zpool_prop_t prop, char *strval,
268 uint64_t intval, zprop_source_t src)
270 const char *propname = zpool_prop_to_name(prop);
273 VERIFY(nvlist_alloc(&propval, NV_UNIQUE_NAME, KM_SLEEP) == 0);
274 VERIFY(nvlist_add_uint64(propval, ZPROP_SOURCE, src) == 0);
277 VERIFY(nvlist_add_string(propval, ZPROP_VALUE, strval) == 0);
279 VERIFY(nvlist_add_uint64(propval, ZPROP_VALUE, intval) == 0);
281 VERIFY(nvlist_add_nvlist(nvl, propname, propval) == 0);
282 nvlist_free(propval);
286 * Get property values from the spa configuration.
289 spa_prop_get_config(spa_t *spa, nvlist_t **nvp)
291 vdev_t *rvd = spa->spa_root_vdev;
292 dsl_pool_t *pool = spa->spa_dsl_pool;
293 uint64_t size, alloc, cap, version;
294 const zprop_source_t src = ZPROP_SRC_NONE;
295 spa_config_dirent_t *dp;
296 metaslab_class_t *mc = spa_normal_class(spa);
298 ASSERT(MUTEX_HELD(&spa->spa_props_lock));
301 alloc = metaslab_class_get_alloc(mc);
302 alloc += metaslab_class_get_alloc(spa_special_class(spa));
303 alloc += metaslab_class_get_alloc(spa_dedup_class(spa));
305 size = metaslab_class_get_space(mc);
306 size += metaslab_class_get_space(spa_special_class(spa));
307 size += metaslab_class_get_space(spa_dedup_class(spa));
309 spa_prop_add_list(*nvp, ZPOOL_PROP_NAME, spa_name(spa), 0, src);
310 spa_prop_add_list(*nvp, ZPOOL_PROP_SIZE, NULL, size, src);
311 spa_prop_add_list(*nvp, ZPOOL_PROP_ALLOCATED, NULL, alloc, src);
312 spa_prop_add_list(*nvp, ZPOOL_PROP_FREE, NULL,
314 spa_prop_add_list(*nvp, ZPOOL_PROP_CHECKPOINT, NULL,
315 spa->spa_checkpoint_info.sci_dspace, src);
317 spa_prop_add_list(*nvp, ZPOOL_PROP_FRAGMENTATION, NULL,
318 metaslab_class_fragmentation(mc), src);
319 spa_prop_add_list(*nvp, ZPOOL_PROP_EXPANDSZ, NULL,
320 metaslab_class_expandable_space(mc), src);
321 spa_prop_add_list(*nvp, ZPOOL_PROP_READONLY, NULL,
322 (spa_mode(spa) == SPA_MODE_READ), src);
324 cap = (size == 0) ? 0 : (alloc * 100 / size);
325 spa_prop_add_list(*nvp, ZPOOL_PROP_CAPACITY, NULL, cap, src);
327 spa_prop_add_list(*nvp, ZPOOL_PROP_DEDUPRATIO, NULL,
328 ddt_get_pool_dedup_ratio(spa), src);
330 spa_prop_add_list(*nvp, ZPOOL_PROP_HEALTH, NULL,
331 rvd->vdev_state, src);
333 version = spa_version(spa);
334 if (version == zpool_prop_default_numeric(ZPOOL_PROP_VERSION)) {
335 spa_prop_add_list(*nvp, ZPOOL_PROP_VERSION, NULL,
336 version, ZPROP_SRC_DEFAULT);
338 spa_prop_add_list(*nvp, ZPOOL_PROP_VERSION, NULL,
339 version, ZPROP_SRC_LOCAL);
341 spa_prop_add_list(*nvp, ZPOOL_PROP_LOAD_GUID,
342 NULL, spa_load_guid(spa), src);
347 * The $FREE directory was introduced in SPA_VERSION_DEADLISTS,
348 * when opening pools before this version freedir will be NULL.
350 if (pool->dp_free_dir != NULL) {
351 spa_prop_add_list(*nvp, ZPOOL_PROP_FREEING, NULL,
352 dsl_dir_phys(pool->dp_free_dir)->dd_used_bytes,
355 spa_prop_add_list(*nvp, ZPOOL_PROP_FREEING,
359 if (pool->dp_leak_dir != NULL) {
360 spa_prop_add_list(*nvp, ZPOOL_PROP_LEAKED, NULL,
361 dsl_dir_phys(pool->dp_leak_dir)->dd_used_bytes,
364 spa_prop_add_list(*nvp, ZPOOL_PROP_LEAKED,
369 spa_prop_add_list(*nvp, ZPOOL_PROP_GUID, NULL, spa_guid(spa), src);
371 if (spa->spa_comment != NULL) {
372 spa_prop_add_list(*nvp, ZPOOL_PROP_COMMENT, spa->spa_comment,
376 if (spa->spa_root != NULL)
377 spa_prop_add_list(*nvp, ZPOOL_PROP_ALTROOT, spa->spa_root,
380 if (spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_BLOCKS)) {
381 spa_prop_add_list(*nvp, ZPOOL_PROP_MAXBLOCKSIZE, NULL,
382 MIN(zfs_max_recordsize, SPA_MAXBLOCKSIZE), ZPROP_SRC_NONE);
384 spa_prop_add_list(*nvp, ZPOOL_PROP_MAXBLOCKSIZE, NULL,
385 SPA_OLD_MAXBLOCKSIZE, ZPROP_SRC_NONE);
388 if (spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_DNODE)) {
389 spa_prop_add_list(*nvp, ZPOOL_PROP_MAXDNODESIZE, NULL,
390 DNODE_MAX_SIZE, ZPROP_SRC_NONE);
392 spa_prop_add_list(*nvp, ZPOOL_PROP_MAXDNODESIZE, NULL,
393 DNODE_MIN_SIZE, ZPROP_SRC_NONE);
396 if ((dp = list_head(&spa->spa_config_list)) != NULL) {
397 if (dp->scd_path == NULL) {
398 spa_prop_add_list(*nvp, ZPOOL_PROP_CACHEFILE,
399 "none", 0, ZPROP_SRC_LOCAL);
400 } else if (strcmp(dp->scd_path, spa_config_path) != 0) {
401 spa_prop_add_list(*nvp, ZPOOL_PROP_CACHEFILE,
402 dp->scd_path, 0, ZPROP_SRC_LOCAL);
408 * Get zpool property values.
411 spa_prop_get(spa_t *spa, nvlist_t **nvp)
413 objset_t *mos = spa->spa_meta_objset;
418 err = nvlist_alloc(nvp, NV_UNIQUE_NAME, KM_SLEEP);
422 mutex_enter(&spa->spa_props_lock);
425 * Get properties from the spa config.
427 spa_prop_get_config(spa, nvp);
429 /* If no pool property object, no more prop to get. */
430 if (mos == NULL || spa->spa_pool_props_object == 0) {
431 mutex_exit(&spa->spa_props_lock);
436 * Get properties from the MOS pool property object.
438 for (zap_cursor_init(&zc, mos, spa->spa_pool_props_object);
439 (err = zap_cursor_retrieve(&zc, &za)) == 0;
440 zap_cursor_advance(&zc)) {
443 zprop_source_t src = ZPROP_SRC_DEFAULT;
446 if ((prop = zpool_name_to_prop(za.za_name)) == ZPOOL_PROP_INVAL)
449 switch (za.za_integer_length) {
451 /* integer property */
452 if (za.za_first_integer !=
453 zpool_prop_default_numeric(prop))
454 src = ZPROP_SRC_LOCAL;
456 if (prop == ZPOOL_PROP_BOOTFS) {
458 dsl_dataset_t *ds = NULL;
460 dp = spa_get_dsl(spa);
461 dsl_pool_config_enter(dp, FTAG);
462 err = dsl_dataset_hold_obj(dp,
463 za.za_first_integer, FTAG, &ds);
465 dsl_pool_config_exit(dp, FTAG);
469 strval = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN,
471 dsl_dataset_name(ds, strval);
472 dsl_dataset_rele(ds, FTAG);
473 dsl_pool_config_exit(dp, FTAG);
476 intval = za.za_first_integer;
479 spa_prop_add_list(*nvp, prop, strval, intval, src);
482 kmem_free(strval, ZFS_MAX_DATASET_NAME_LEN);
487 /* string property */
488 strval = kmem_alloc(za.za_num_integers, KM_SLEEP);
489 err = zap_lookup(mos, spa->spa_pool_props_object,
490 za.za_name, 1, za.za_num_integers, strval);
492 kmem_free(strval, za.za_num_integers);
495 spa_prop_add_list(*nvp, prop, strval, 0, src);
496 kmem_free(strval, za.za_num_integers);
503 zap_cursor_fini(&zc);
504 mutex_exit(&spa->spa_props_lock);
506 if (err && err != ENOENT) {
516 * Validate the given pool properties nvlist and modify the list
517 * for the property values to be set.
520 spa_prop_validate(spa_t *spa, nvlist_t *props)
523 int error = 0, reset_bootfs = 0;
525 boolean_t has_feature = B_FALSE;
528 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
530 char *strval, *slash, *check, *fname;
531 const char *propname = nvpair_name(elem);
532 zpool_prop_t prop = zpool_name_to_prop(propname);
535 case ZPOOL_PROP_INVAL:
536 if (!zpool_prop_feature(propname)) {
537 error = SET_ERROR(EINVAL);
542 * Sanitize the input.
544 if (nvpair_type(elem) != DATA_TYPE_UINT64) {
545 error = SET_ERROR(EINVAL);
549 if (nvpair_value_uint64(elem, &intval) != 0) {
550 error = SET_ERROR(EINVAL);
555 error = SET_ERROR(EINVAL);
559 fname = strchr(propname, '@') + 1;
560 if (zfeature_lookup_name(fname, NULL) != 0) {
561 error = SET_ERROR(EINVAL);
565 has_feature = B_TRUE;
568 case ZPOOL_PROP_VERSION:
569 error = nvpair_value_uint64(elem, &intval);
571 (intval < spa_version(spa) ||
572 intval > SPA_VERSION_BEFORE_FEATURES ||
574 error = SET_ERROR(EINVAL);
577 case ZPOOL_PROP_DELEGATION:
578 case ZPOOL_PROP_AUTOREPLACE:
579 case ZPOOL_PROP_LISTSNAPS:
580 case ZPOOL_PROP_AUTOEXPAND:
581 case ZPOOL_PROP_AUTOTRIM:
582 error = nvpair_value_uint64(elem, &intval);
583 if (!error && intval > 1)
584 error = SET_ERROR(EINVAL);
587 case ZPOOL_PROP_MULTIHOST:
588 error = nvpair_value_uint64(elem, &intval);
589 if (!error && intval > 1)
590 error = SET_ERROR(EINVAL);
593 uint32_t hostid = zone_get_hostid(NULL);
595 spa->spa_hostid = hostid;
597 error = SET_ERROR(ENOTSUP);
602 case ZPOOL_PROP_BOOTFS:
604 * If the pool version is less than SPA_VERSION_BOOTFS,
605 * or the pool is still being created (version == 0),
606 * the bootfs property cannot be set.
608 if (spa_version(spa) < SPA_VERSION_BOOTFS) {
609 error = SET_ERROR(ENOTSUP);
614 * Make sure the vdev config is bootable
616 if (!vdev_is_bootable(spa->spa_root_vdev)) {
617 error = SET_ERROR(ENOTSUP);
623 error = nvpair_value_string(elem, &strval);
629 if (strval == NULL || strval[0] == '\0') {
630 objnum = zpool_prop_default_numeric(
635 error = dmu_objset_hold(strval, FTAG, &os);
640 * Must be ZPL, and its property settings
641 * must be supported by GRUB (compression
642 * is not gzip, and large dnodes are not
646 if (dmu_objset_type(os) != DMU_OST_ZFS) {
647 error = SET_ERROR(ENOTSUP);
649 dsl_prop_get_int_ds(dmu_objset_ds(os),
650 zfs_prop_to_name(ZFS_PROP_COMPRESSION),
652 !BOOTFS_COMPRESS_VALID(propval)) {
653 error = SET_ERROR(ENOTSUP);
655 dsl_prop_get_int_ds(dmu_objset_ds(os),
656 zfs_prop_to_name(ZFS_PROP_DNODESIZE),
658 propval != ZFS_DNSIZE_LEGACY) {
659 error = SET_ERROR(ENOTSUP);
661 objnum = dmu_objset_id(os);
663 dmu_objset_rele(os, FTAG);
667 case ZPOOL_PROP_FAILUREMODE:
668 error = nvpair_value_uint64(elem, &intval);
669 if (!error && intval > ZIO_FAILURE_MODE_PANIC)
670 error = SET_ERROR(EINVAL);
673 * This is a special case which only occurs when
674 * the pool has completely failed. This allows
675 * the user to change the in-core failmode property
676 * without syncing it out to disk (I/Os might
677 * currently be blocked). We do this by returning
678 * EIO to the caller (spa_prop_set) to trick it
679 * into thinking we encountered a property validation
682 if (!error && spa_suspended(spa)) {
683 spa->spa_failmode = intval;
684 error = SET_ERROR(EIO);
688 case ZPOOL_PROP_CACHEFILE:
689 if ((error = nvpair_value_string(elem, &strval)) != 0)
692 if (strval[0] == '\0')
695 if (strcmp(strval, "none") == 0)
698 if (strval[0] != '/') {
699 error = SET_ERROR(EINVAL);
703 slash = strrchr(strval, '/');
704 ASSERT(slash != NULL);
706 if (slash[1] == '\0' || strcmp(slash, "/.") == 0 ||
707 strcmp(slash, "/..") == 0)
708 error = SET_ERROR(EINVAL);
711 case ZPOOL_PROP_COMMENT:
712 if ((error = nvpair_value_string(elem, &strval)) != 0)
714 for (check = strval; *check != '\0'; check++) {
715 if (!isprint(*check)) {
716 error = SET_ERROR(EINVAL);
720 if (strlen(strval) > ZPROP_MAX_COMMENT)
721 error = SET_ERROR(E2BIG);
732 (void) nvlist_remove_all(props,
733 zpool_prop_to_name(ZPOOL_PROP_DEDUPDITTO));
735 if (!error && reset_bootfs) {
736 error = nvlist_remove(props,
737 zpool_prop_to_name(ZPOOL_PROP_BOOTFS), DATA_TYPE_STRING);
740 error = nvlist_add_uint64(props,
741 zpool_prop_to_name(ZPOOL_PROP_BOOTFS), objnum);
749 spa_configfile_set(spa_t *spa, nvlist_t *nvp, boolean_t need_sync)
752 spa_config_dirent_t *dp;
754 if (nvlist_lookup_string(nvp, zpool_prop_to_name(ZPOOL_PROP_CACHEFILE),
758 dp = kmem_alloc(sizeof (spa_config_dirent_t),
761 if (cachefile[0] == '\0')
762 dp->scd_path = spa_strdup(spa_config_path);
763 else if (strcmp(cachefile, "none") == 0)
766 dp->scd_path = spa_strdup(cachefile);
768 list_insert_head(&spa->spa_config_list, dp);
770 spa_async_request(spa, SPA_ASYNC_CONFIG_UPDATE);
774 spa_prop_set(spa_t *spa, nvlist_t *nvp)
777 nvpair_t *elem = NULL;
778 boolean_t need_sync = B_FALSE;
780 if ((error = spa_prop_validate(spa, nvp)) != 0)
783 while ((elem = nvlist_next_nvpair(nvp, elem)) != NULL) {
784 zpool_prop_t prop = zpool_name_to_prop(nvpair_name(elem));
786 if (prop == ZPOOL_PROP_CACHEFILE ||
787 prop == ZPOOL_PROP_ALTROOT ||
788 prop == ZPOOL_PROP_READONLY)
791 if (prop == ZPOOL_PROP_VERSION || prop == ZPOOL_PROP_INVAL) {
794 if (prop == ZPOOL_PROP_VERSION) {
795 VERIFY(nvpair_value_uint64(elem, &ver) == 0);
797 ASSERT(zpool_prop_feature(nvpair_name(elem)));
798 ver = SPA_VERSION_FEATURES;
802 /* Save time if the version is already set. */
803 if (ver == spa_version(spa))
807 * In addition to the pool directory object, we might
808 * create the pool properties object, the features for
809 * read object, the features for write object, or the
810 * feature descriptions object.
812 error = dsl_sync_task(spa->spa_name, NULL,
813 spa_sync_version, &ver,
814 6, ZFS_SPACE_CHECK_RESERVED);
825 return (dsl_sync_task(spa->spa_name, NULL, spa_sync_props,
826 nvp, 6, ZFS_SPACE_CHECK_RESERVED));
833 * If the bootfs property value is dsobj, clear it.
836 spa_prop_clear_bootfs(spa_t *spa, uint64_t dsobj, dmu_tx_t *tx)
838 if (spa->spa_bootfs == dsobj && spa->spa_pool_props_object != 0) {
839 VERIFY(zap_remove(spa->spa_meta_objset,
840 spa->spa_pool_props_object,
841 zpool_prop_to_name(ZPOOL_PROP_BOOTFS), tx) == 0);
848 spa_change_guid_check(void *arg, dmu_tx_t *tx)
850 uint64_t *newguid __maybe_unused = arg;
851 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
852 vdev_t *rvd = spa->spa_root_vdev;
855 if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
856 int error = (spa_has_checkpoint(spa)) ?
857 ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
858 return (SET_ERROR(error));
861 spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
862 vdev_state = rvd->vdev_state;
863 spa_config_exit(spa, SCL_STATE, FTAG);
865 if (vdev_state != VDEV_STATE_HEALTHY)
866 return (SET_ERROR(ENXIO));
868 ASSERT3U(spa_guid(spa), !=, *newguid);
874 spa_change_guid_sync(void *arg, dmu_tx_t *tx)
876 uint64_t *newguid = arg;
877 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
879 vdev_t *rvd = spa->spa_root_vdev;
881 oldguid = spa_guid(spa);
883 spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
884 rvd->vdev_guid = *newguid;
885 rvd->vdev_guid_sum += (*newguid - oldguid);
886 vdev_config_dirty(rvd);
887 spa_config_exit(spa, SCL_STATE, FTAG);
889 spa_history_log_internal(spa, "guid change", tx, "old=%llu new=%llu",
890 (u_longlong_t)oldguid, (u_longlong_t)*newguid);
894 * Change the GUID for the pool. This is done so that we can later
895 * re-import a pool built from a clone of our own vdevs. We will modify
896 * the root vdev's guid, our own pool guid, and then mark all of our
897 * vdevs dirty. Note that we must make sure that all our vdevs are
898 * online when we do this, or else any vdevs that weren't present
899 * would be orphaned from our pool. We are also going to issue a
900 * sysevent to update any watchers.
903 spa_change_guid(spa_t *spa)
908 mutex_enter(&spa->spa_vdev_top_lock);
909 mutex_enter(&spa_namespace_lock);
910 guid = spa_generate_guid(NULL);
912 error = dsl_sync_task(spa->spa_name, spa_change_guid_check,
913 spa_change_guid_sync, &guid, 5, ZFS_SPACE_CHECK_RESERVED);
916 spa_write_cachefile(spa, B_FALSE, B_TRUE);
917 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_REGUID);
920 mutex_exit(&spa_namespace_lock);
921 mutex_exit(&spa->spa_vdev_top_lock);
927 * ==========================================================================
928 * SPA state manipulation (open/create/destroy/import/export)
929 * ==========================================================================
933 spa_error_entry_compare(const void *a, const void *b)
935 const spa_error_entry_t *sa = (const spa_error_entry_t *)a;
936 const spa_error_entry_t *sb = (const spa_error_entry_t *)b;
939 ret = memcmp(&sa->se_bookmark, &sb->se_bookmark,
940 sizeof (zbookmark_phys_t));
942 return (TREE_ISIGN(ret));
946 * Utility function which retrieves copies of the current logs and
947 * re-initializes them in the process.
950 spa_get_errlists(spa_t *spa, avl_tree_t *last, avl_tree_t *scrub)
952 ASSERT(MUTEX_HELD(&spa->spa_errlist_lock));
954 bcopy(&spa->spa_errlist_last, last, sizeof (avl_tree_t));
955 bcopy(&spa->spa_errlist_scrub, scrub, sizeof (avl_tree_t));
957 avl_create(&spa->spa_errlist_scrub,
958 spa_error_entry_compare, sizeof (spa_error_entry_t),
959 offsetof(spa_error_entry_t, se_avl));
960 avl_create(&spa->spa_errlist_last,
961 spa_error_entry_compare, sizeof (spa_error_entry_t),
962 offsetof(spa_error_entry_t, se_avl));
966 spa_taskqs_init(spa_t *spa, zio_type_t t, zio_taskq_type_t q)
968 const zio_taskq_info_t *ztip = &zio_taskqs[t][q];
969 enum zti_modes mode = ztip->zti_mode;
970 uint_t value = ztip->zti_value;
971 uint_t count = ztip->zti_count;
972 spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
974 boolean_t batch = B_FALSE;
976 if (mode == ZTI_MODE_NULL) {
978 tqs->stqs_taskq = NULL;
982 ASSERT3U(count, >, 0);
984 tqs->stqs_count = count;
985 tqs->stqs_taskq = kmem_alloc(count * sizeof (taskq_t *), KM_SLEEP);
989 ASSERT3U(value, >=, 1);
990 value = MAX(value, 1);
991 flags |= TASKQ_DYNAMIC;
996 flags |= TASKQ_THREADS_CPU_PCT;
997 value = MIN(zio_taskq_batch_pct, 100);
1001 panic("unrecognized mode for %s_%s taskq (%u:%u) in "
1003 zio_type_name[t], zio_taskq_types[q], mode, value);
1007 for (uint_t i = 0; i < count; i++) {
1011 (void) snprintf(name, sizeof (name), "%s_%s",
1012 zio_type_name[t], zio_taskq_types[q]);
1014 if (zio_taskq_sysdc && spa->spa_proc != &p0) {
1016 flags |= TASKQ_DC_BATCH;
1018 tq = taskq_create_sysdc(name, value, 50, INT_MAX,
1019 spa->spa_proc, zio_taskq_basedc, flags);
1021 pri_t pri = maxclsyspri;
1023 * The write issue taskq can be extremely CPU
1024 * intensive. Run it at slightly less important
1025 * priority than the other taskqs. Under Linux this
1026 * means incrementing the priority value on platforms
1027 * like illumos it should be decremented.
1029 if (t == ZIO_TYPE_WRITE && q == ZIO_TASKQ_ISSUE)
1032 tq = taskq_create_proc(name, value, pri, 50,
1033 INT_MAX, spa->spa_proc, flags);
1036 tqs->stqs_taskq[i] = tq;
1041 spa_taskqs_fini(spa_t *spa, zio_type_t t, zio_taskq_type_t q)
1043 spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
1045 if (tqs->stqs_taskq == NULL) {
1046 ASSERT3U(tqs->stqs_count, ==, 0);
1050 for (uint_t i = 0; i < tqs->stqs_count; i++) {
1051 ASSERT3P(tqs->stqs_taskq[i], !=, NULL);
1052 taskq_destroy(tqs->stqs_taskq[i]);
1055 kmem_free(tqs->stqs_taskq, tqs->stqs_count * sizeof (taskq_t *));
1056 tqs->stqs_taskq = NULL;
1060 * Dispatch a task to the appropriate taskq for the ZFS I/O type and priority.
1061 * Note that a type may have multiple discrete taskqs to avoid lock contention
1062 * on the taskq itself. In that case we choose which taskq at random by using
1063 * the low bits of gethrtime().
1066 spa_taskq_dispatch_ent(spa_t *spa, zio_type_t t, zio_taskq_type_t q,
1067 task_func_t *func, void *arg, uint_t flags, taskq_ent_t *ent)
1069 spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
1072 ASSERT3P(tqs->stqs_taskq, !=, NULL);
1073 ASSERT3U(tqs->stqs_count, !=, 0);
1075 if (tqs->stqs_count == 1) {
1076 tq = tqs->stqs_taskq[0];
1078 tq = tqs->stqs_taskq[((uint64_t)gethrtime()) % tqs->stqs_count];
1081 taskq_dispatch_ent(tq, func, arg, flags, ent);
1085 * Same as spa_taskq_dispatch_ent() but block on the task until completion.
1088 spa_taskq_dispatch_sync(spa_t *spa, zio_type_t t, zio_taskq_type_t q,
1089 task_func_t *func, void *arg, uint_t flags)
1091 spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
1095 ASSERT3P(tqs->stqs_taskq, !=, NULL);
1096 ASSERT3U(tqs->stqs_count, !=, 0);
1098 if (tqs->stqs_count == 1) {
1099 tq = tqs->stqs_taskq[0];
1101 tq = tqs->stqs_taskq[((uint64_t)gethrtime()) % tqs->stqs_count];
1104 id = taskq_dispatch(tq, func, arg, flags);
1106 taskq_wait_id(tq, id);
1110 spa_create_zio_taskqs(spa_t *spa)
1112 for (int t = 0; t < ZIO_TYPES; t++) {
1113 for (int q = 0; q < ZIO_TASKQ_TYPES; q++) {
1114 spa_taskqs_init(spa, t, q);
1120 * Disabled until spa_thread() can be adapted for Linux.
1122 #undef HAVE_SPA_THREAD
1124 #if defined(_KERNEL) && defined(HAVE_SPA_THREAD)
1126 spa_thread(void *arg)
1128 psetid_t zio_taskq_psrset_bind = PS_NONE;
1129 callb_cpr_t cprinfo;
1132 user_t *pu = PTOU(curproc);
1134 CALLB_CPR_INIT(&cprinfo, &spa->spa_proc_lock, callb_generic_cpr,
1137 ASSERT(curproc != &p0);
1138 (void) snprintf(pu->u_psargs, sizeof (pu->u_psargs),
1139 "zpool-%s", spa->spa_name);
1140 (void) strlcpy(pu->u_comm, pu->u_psargs, sizeof (pu->u_comm));
1142 /* bind this thread to the requested psrset */
1143 if (zio_taskq_psrset_bind != PS_NONE) {
1145 mutex_enter(&cpu_lock);
1146 mutex_enter(&pidlock);
1147 mutex_enter(&curproc->p_lock);
1149 if (cpupart_bind_thread(curthread, zio_taskq_psrset_bind,
1150 0, NULL, NULL) == 0) {
1151 curthread->t_bind_pset = zio_taskq_psrset_bind;
1154 "Couldn't bind process for zfs pool \"%s\" to "
1155 "pset %d\n", spa->spa_name, zio_taskq_psrset_bind);
1158 mutex_exit(&curproc->p_lock);
1159 mutex_exit(&pidlock);
1160 mutex_exit(&cpu_lock);
1164 if (zio_taskq_sysdc) {
1165 sysdc_thread_enter(curthread, 100, 0);
1168 spa->spa_proc = curproc;
1169 spa->spa_did = curthread->t_did;
1171 spa_create_zio_taskqs(spa);
1173 mutex_enter(&spa->spa_proc_lock);
1174 ASSERT(spa->spa_proc_state == SPA_PROC_CREATED);
1176 spa->spa_proc_state = SPA_PROC_ACTIVE;
1177 cv_broadcast(&spa->spa_proc_cv);
1179 CALLB_CPR_SAFE_BEGIN(&cprinfo);
1180 while (spa->spa_proc_state == SPA_PROC_ACTIVE)
1181 cv_wait(&spa->spa_proc_cv, &spa->spa_proc_lock);
1182 CALLB_CPR_SAFE_END(&cprinfo, &spa->spa_proc_lock);
1184 ASSERT(spa->spa_proc_state == SPA_PROC_DEACTIVATE);
1185 spa->spa_proc_state = SPA_PROC_GONE;
1186 spa->spa_proc = &p0;
1187 cv_broadcast(&spa->spa_proc_cv);
1188 CALLB_CPR_EXIT(&cprinfo); /* drops spa_proc_lock */
1190 mutex_enter(&curproc->p_lock);
1196 * Activate an uninitialized pool.
1199 spa_activate(spa_t *spa, spa_mode_t mode)
1201 ASSERT(spa->spa_state == POOL_STATE_UNINITIALIZED);
1203 spa->spa_state = POOL_STATE_ACTIVE;
1204 spa->spa_mode = mode;
1206 spa->spa_normal_class = metaslab_class_create(spa, zfs_metaslab_ops);
1207 spa->spa_log_class = metaslab_class_create(spa, zfs_metaslab_ops);
1208 spa->spa_special_class = metaslab_class_create(spa, zfs_metaslab_ops);
1209 spa->spa_dedup_class = metaslab_class_create(spa, zfs_metaslab_ops);
1211 /* Try to create a covering process */
1212 mutex_enter(&spa->spa_proc_lock);
1213 ASSERT(spa->spa_proc_state == SPA_PROC_NONE);
1214 ASSERT(spa->spa_proc == &p0);
1217 #ifdef HAVE_SPA_THREAD
1218 /* Only create a process if we're going to be around a while. */
1219 if (spa_create_process && strcmp(spa->spa_name, TRYIMPORT_NAME) != 0) {
1220 if (newproc(spa_thread, (caddr_t)spa, syscid, maxclsyspri,
1222 spa->spa_proc_state = SPA_PROC_CREATED;
1223 while (spa->spa_proc_state == SPA_PROC_CREATED) {
1224 cv_wait(&spa->spa_proc_cv,
1225 &spa->spa_proc_lock);
1227 ASSERT(spa->spa_proc_state == SPA_PROC_ACTIVE);
1228 ASSERT(spa->spa_proc != &p0);
1229 ASSERT(spa->spa_did != 0);
1233 "Couldn't create process for zfs pool \"%s\"\n",
1238 #endif /* HAVE_SPA_THREAD */
1239 mutex_exit(&spa->spa_proc_lock);
1241 /* If we didn't create a process, we need to create our taskqs. */
1242 if (spa->spa_proc == &p0) {
1243 spa_create_zio_taskqs(spa);
1246 for (size_t i = 0; i < TXG_SIZE; i++) {
1247 spa->spa_txg_zio[i] = zio_root(spa, NULL, NULL,
1251 list_create(&spa->spa_config_dirty_list, sizeof (vdev_t),
1252 offsetof(vdev_t, vdev_config_dirty_node));
1253 list_create(&spa->spa_evicting_os_list, sizeof (objset_t),
1254 offsetof(objset_t, os_evicting_node));
1255 list_create(&spa->spa_state_dirty_list, sizeof (vdev_t),
1256 offsetof(vdev_t, vdev_state_dirty_node));
1258 txg_list_create(&spa->spa_vdev_txg_list, spa,
1259 offsetof(struct vdev, vdev_txg_node));
1261 avl_create(&spa->spa_errlist_scrub,
1262 spa_error_entry_compare, sizeof (spa_error_entry_t),
1263 offsetof(spa_error_entry_t, se_avl));
1264 avl_create(&spa->spa_errlist_last,
1265 spa_error_entry_compare, sizeof (spa_error_entry_t),
1266 offsetof(spa_error_entry_t, se_avl));
1268 spa_keystore_init(&spa->spa_keystore);
1271 * This taskq is used to perform zvol-minor-related tasks
1272 * asynchronously. This has several advantages, including easy
1273 * resolution of various deadlocks (zfsonlinux bug #3681).
1275 * The taskq must be single threaded to ensure tasks are always
1276 * processed in the order in which they were dispatched.
1278 * A taskq per pool allows one to keep the pools independent.
1279 * This way if one pool is suspended, it will not impact another.
1281 * The preferred location to dispatch a zvol minor task is a sync
1282 * task. In this context, there is easy access to the spa_t and minimal
1283 * error handling is required because the sync task must succeed.
1285 spa->spa_zvol_taskq = taskq_create("z_zvol", 1, defclsyspri,
1289 * Taskq dedicated to prefetcher threads: this is used to prevent the
1290 * pool traverse code from monopolizing the global (and limited)
1291 * system_taskq by inappropriately scheduling long running tasks on it.
1293 spa->spa_prefetch_taskq = taskq_create("z_prefetch", boot_ncpus,
1294 defclsyspri, 1, INT_MAX, TASKQ_DYNAMIC);
1297 * The taskq to upgrade datasets in this pool. Currently used by
1298 * feature SPA_FEATURE_USEROBJ_ACCOUNTING/SPA_FEATURE_PROJECT_QUOTA.
1300 spa->spa_upgrade_taskq = taskq_create("z_upgrade", boot_ncpus,
1301 defclsyspri, 1, INT_MAX, TASKQ_DYNAMIC);
1305 * Opposite of spa_activate().
1308 spa_deactivate(spa_t *spa)
1310 ASSERT(spa->spa_sync_on == B_FALSE);
1311 ASSERT(spa->spa_dsl_pool == NULL);
1312 ASSERT(spa->spa_root_vdev == NULL);
1313 ASSERT(spa->spa_async_zio_root == NULL);
1314 ASSERT(spa->spa_state != POOL_STATE_UNINITIALIZED);
1316 spa_evicting_os_wait(spa);
1318 if (spa->spa_zvol_taskq) {
1319 taskq_destroy(spa->spa_zvol_taskq);
1320 spa->spa_zvol_taskq = NULL;
1323 if (spa->spa_prefetch_taskq) {
1324 taskq_destroy(spa->spa_prefetch_taskq);
1325 spa->spa_prefetch_taskq = NULL;
1328 if (spa->spa_upgrade_taskq) {
1329 taskq_destroy(spa->spa_upgrade_taskq);
1330 spa->spa_upgrade_taskq = NULL;
1333 txg_list_destroy(&spa->spa_vdev_txg_list);
1335 list_destroy(&spa->spa_config_dirty_list);
1336 list_destroy(&spa->spa_evicting_os_list);
1337 list_destroy(&spa->spa_state_dirty_list);
1339 taskq_cancel_id(system_delay_taskq, spa->spa_deadman_tqid);
1341 for (int t = 0; t < ZIO_TYPES; t++) {
1342 for (int q = 0; q < ZIO_TASKQ_TYPES; q++) {
1343 spa_taskqs_fini(spa, t, q);
1347 for (size_t i = 0; i < TXG_SIZE; i++) {
1348 ASSERT3P(spa->spa_txg_zio[i], !=, NULL);
1349 VERIFY0(zio_wait(spa->spa_txg_zio[i]));
1350 spa->spa_txg_zio[i] = NULL;
1353 metaslab_class_destroy(spa->spa_normal_class);
1354 spa->spa_normal_class = NULL;
1356 metaslab_class_destroy(spa->spa_log_class);
1357 spa->spa_log_class = NULL;
1359 metaslab_class_destroy(spa->spa_special_class);
1360 spa->spa_special_class = NULL;
1362 metaslab_class_destroy(spa->spa_dedup_class);
1363 spa->spa_dedup_class = NULL;
1366 * If this was part of an import or the open otherwise failed, we may
1367 * still have errors left in the queues. Empty them just in case.
1369 spa_errlog_drain(spa);
1370 avl_destroy(&spa->spa_errlist_scrub);
1371 avl_destroy(&spa->spa_errlist_last);
1373 spa_keystore_fini(&spa->spa_keystore);
1375 spa->spa_state = POOL_STATE_UNINITIALIZED;
1377 mutex_enter(&spa->spa_proc_lock);
1378 if (spa->spa_proc_state != SPA_PROC_NONE) {
1379 ASSERT(spa->spa_proc_state == SPA_PROC_ACTIVE);
1380 spa->spa_proc_state = SPA_PROC_DEACTIVATE;
1381 cv_broadcast(&spa->spa_proc_cv);
1382 while (spa->spa_proc_state == SPA_PROC_DEACTIVATE) {
1383 ASSERT(spa->spa_proc != &p0);
1384 cv_wait(&spa->spa_proc_cv, &spa->spa_proc_lock);
1386 ASSERT(spa->spa_proc_state == SPA_PROC_GONE);
1387 spa->spa_proc_state = SPA_PROC_NONE;
1389 ASSERT(spa->spa_proc == &p0);
1390 mutex_exit(&spa->spa_proc_lock);
1393 * We want to make sure spa_thread() has actually exited the ZFS
1394 * module, so that the module can't be unloaded out from underneath
1397 if (spa->spa_did != 0) {
1398 thread_join(spa->spa_did);
1404 * Verify a pool configuration, and construct the vdev tree appropriately. This
1405 * will create all the necessary vdevs in the appropriate layout, with each vdev
1406 * in the CLOSED state. This will prep the pool before open/creation/import.
1407 * All vdev validation is done by the vdev_alloc() routine.
1410 spa_config_parse(spa_t *spa, vdev_t **vdp, nvlist_t *nv, vdev_t *parent,
1411 uint_t id, int atype)
1417 if ((error = vdev_alloc(spa, vdp, nv, parent, id, atype)) != 0)
1420 if ((*vdp)->vdev_ops->vdev_op_leaf)
1423 error = nvlist_lookup_nvlist_array(nv, ZPOOL_CONFIG_CHILDREN,
1426 if (error == ENOENT)
1432 return (SET_ERROR(EINVAL));
1435 for (int c = 0; c < children; c++) {
1437 if ((error = spa_config_parse(spa, &vd, child[c], *vdp, c,
1445 ASSERT(*vdp != NULL);
1451 spa_should_flush_logs_on_unload(spa_t *spa)
1453 if (!spa_feature_is_active(spa, SPA_FEATURE_LOG_SPACEMAP))
1456 if (!spa_writeable(spa))
1459 if (!spa->spa_sync_on)
1462 if (spa_state(spa) != POOL_STATE_EXPORTED)
1465 if (zfs_keep_log_spacemaps_at_export)
1472 * Opens a transaction that will set the flag that will instruct
1473 * spa_sync to attempt to flush all the metaslabs for that txg.
1476 spa_unload_log_sm_flush_all(spa_t *spa)
1478 dmu_tx_t *tx = dmu_tx_create_dd(spa_get_dsl(spa)->dp_mos_dir);
1479 VERIFY0(dmu_tx_assign(tx, TXG_WAIT));
1481 ASSERT3U(spa->spa_log_flushall_txg, ==, 0);
1482 spa->spa_log_flushall_txg = dmu_tx_get_txg(tx);
1485 txg_wait_synced(spa_get_dsl(spa), spa->spa_log_flushall_txg);
1489 spa_unload_log_sm_metadata(spa_t *spa)
1491 void *cookie = NULL;
1493 while ((sls = avl_destroy_nodes(&spa->spa_sm_logs_by_txg,
1494 &cookie)) != NULL) {
1495 VERIFY0(sls->sls_mscount);
1496 kmem_free(sls, sizeof (spa_log_sm_t));
1499 for (log_summary_entry_t *e = list_head(&spa->spa_log_summary);
1500 e != NULL; e = list_head(&spa->spa_log_summary)) {
1501 VERIFY0(e->lse_mscount);
1502 list_remove(&spa->spa_log_summary, e);
1503 kmem_free(e, sizeof (log_summary_entry_t));
1506 spa->spa_unflushed_stats.sus_nblocks = 0;
1507 spa->spa_unflushed_stats.sus_memused = 0;
1508 spa->spa_unflushed_stats.sus_blocklimit = 0;
1512 spa_destroy_aux_threads(spa_t *spa)
1514 if (spa->spa_condense_zthr != NULL) {
1515 zthr_destroy(spa->spa_condense_zthr);
1516 spa->spa_condense_zthr = NULL;
1518 if (spa->spa_checkpoint_discard_zthr != NULL) {
1519 zthr_destroy(spa->spa_checkpoint_discard_zthr);
1520 spa->spa_checkpoint_discard_zthr = NULL;
1522 if (spa->spa_livelist_delete_zthr != NULL) {
1523 zthr_destroy(spa->spa_livelist_delete_zthr);
1524 spa->spa_livelist_delete_zthr = NULL;
1526 if (spa->spa_livelist_condense_zthr != NULL) {
1527 zthr_destroy(spa->spa_livelist_condense_zthr);
1528 spa->spa_livelist_condense_zthr = NULL;
1533 * Opposite of spa_load().
1536 spa_unload(spa_t *spa)
1538 ASSERT(MUTEX_HELD(&spa_namespace_lock));
1539 ASSERT(spa_state(spa) != POOL_STATE_UNINITIALIZED);
1541 spa_import_progress_remove(spa_guid(spa));
1542 spa_load_note(spa, "UNLOADING");
1544 spa_wake_waiters(spa);
1547 * If the log space map feature is enabled and the pool is getting
1548 * exported (but not destroyed), we want to spend some time flushing
1549 * as many metaslabs as we can in an attempt to destroy log space
1550 * maps and save import time.
1552 if (spa_should_flush_logs_on_unload(spa))
1553 spa_unload_log_sm_flush_all(spa);
1558 spa_async_suspend(spa);
1560 if (spa->spa_root_vdev) {
1561 vdev_t *root_vdev = spa->spa_root_vdev;
1562 vdev_initialize_stop_all(root_vdev, VDEV_INITIALIZE_ACTIVE);
1563 vdev_trim_stop_all(root_vdev, VDEV_TRIM_ACTIVE);
1564 vdev_autotrim_stop_all(spa);
1570 if (spa->spa_sync_on) {
1571 txg_sync_stop(spa->spa_dsl_pool);
1572 spa->spa_sync_on = B_FALSE;
1576 * This ensures that there is no async metaslab prefetching
1577 * while we attempt to unload the spa.
1579 if (spa->spa_root_vdev != NULL) {
1580 for (int c = 0; c < spa->spa_root_vdev->vdev_children; c++) {
1581 vdev_t *vc = spa->spa_root_vdev->vdev_child[c];
1582 if (vc->vdev_mg != NULL)
1583 taskq_wait(vc->vdev_mg->mg_taskq);
1587 if (spa->spa_mmp.mmp_thread)
1588 mmp_thread_stop(spa);
1591 * Wait for any outstanding async I/O to complete.
1593 if (spa->spa_async_zio_root != NULL) {
1594 for (int i = 0; i < max_ncpus; i++)
1595 (void) zio_wait(spa->spa_async_zio_root[i]);
1596 kmem_free(spa->spa_async_zio_root, max_ncpus * sizeof (void *));
1597 spa->spa_async_zio_root = NULL;
1600 if (spa->spa_vdev_removal != NULL) {
1601 spa_vdev_removal_destroy(spa->spa_vdev_removal);
1602 spa->spa_vdev_removal = NULL;
1605 spa_destroy_aux_threads(spa);
1607 spa_condense_fini(spa);
1609 bpobj_close(&spa->spa_deferred_bpobj);
1611 spa_config_enter(spa, SCL_ALL, spa, RW_WRITER);
1616 if (spa->spa_root_vdev)
1617 vdev_free(spa->spa_root_vdev);
1618 ASSERT(spa->spa_root_vdev == NULL);
1621 * Close the dsl pool.
1623 if (spa->spa_dsl_pool) {
1624 dsl_pool_close(spa->spa_dsl_pool);
1625 spa->spa_dsl_pool = NULL;
1626 spa->spa_meta_objset = NULL;
1630 spa_unload_log_sm_metadata(spa);
1633 * Drop and purge level 2 cache
1635 spa_l2cache_drop(spa);
1637 for (int i = 0; i < spa->spa_spares.sav_count; i++)
1638 vdev_free(spa->spa_spares.sav_vdevs[i]);
1639 if (spa->spa_spares.sav_vdevs) {
1640 kmem_free(spa->spa_spares.sav_vdevs,
1641 spa->spa_spares.sav_count * sizeof (void *));
1642 spa->spa_spares.sav_vdevs = NULL;
1644 if (spa->spa_spares.sav_config) {
1645 nvlist_free(spa->spa_spares.sav_config);
1646 spa->spa_spares.sav_config = NULL;
1648 spa->spa_spares.sav_count = 0;
1650 for (int i = 0; i < spa->spa_l2cache.sav_count; i++) {
1651 vdev_clear_stats(spa->spa_l2cache.sav_vdevs[i]);
1652 vdev_free(spa->spa_l2cache.sav_vdevs[i]);
1654 if (spa->spa_l2cache.sav_vdevs) {
1655 kmem_free(spa->spa_l2cache.sav_vdevs,
1656 spa->spa_l2cache.sav_count * sizeof (void *));
1657 spa->spa_l2cache.sav_vdevs = NULL;
1659 if (spa->spa_l2cache.sav_config) {
1660 nvlist_free(spa->spa_l2cache.sav_config);
1661 spa->spa_l2cache.sav_config = NULL;
1663 spa->spa_l2cache.sav_count = 0;
1665 spa->spa_async_suspended = 0;
1667 spa->spa_indirect_vdevs_loaded = B_FALSE;
1669 if (spa->spa_comment != NULL) {
1670 spa_strfree(spa->spa_comment);
1671 spa->spa_comment = NULL;
1674 spa_config_exit(spa, SCL_ALL, spa);
1678 * Load (or re-load) the current list of vdevs describing the active spares for
1679 * this pool. When this is called, we have some form of basic information in
1680 * 'spa_spares.sav_config'. We parse this into vdevs, try to open them, and
1681 * then re-generate a more complete list including status information.
1684 spa_load_spares(spa_t *spa)
1693 * zdb opens both the current state of the pool and the
1694 * checkpointed state (if present), with a different spa_t.
1696 * As spare vdevs are shared among open pools, we skip loading
1697 * them when we load the checkpointed state of the pool.
1699 if (!spa_writeable(spa))
1703 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
1706 * First, close and free any existing spare vdevs.
1708 for (i = 0; i < spa->spa_spares.sav_count; i++) {
1709 vd = spa->spa_spares.sav_vdevs[i];
1711 /* Undo the call to spa_activate() below */
1712 if ((tvd = spa_lookup_by_guid(spa, vd->vdev_guid,
1713 B_FALSE)) != NULL && tvd->vdev_isspare)
1714 spa_spare_remove(tvd);
1719 if (spa->spa_spares.sav_vdevs)
1720 kmem_free(spa->spa_spares.sav_vdevs,
1721 spa->spa_spares.sav_count * sizeof (void *));
1723 if (spa->spa_spares.sav_config == NULL)
1726 VERIFY(nvlist_lookup_nvlist_array(spa->spa_spares.sav_config,
1727 ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
1729 spa->spa_spares.sav_count = (int)nspares;
1730 spa->spa_spares.sav_vdevs = NULL;
1736 * Construct the array of vdevs, opening them to get status in the
1737 * process. For each spare, there is potentially two different vdev_t
1738 * structures associated with it: one in the list of spares (used only
1739 * for basic validation purposes) and one in the active vdev
1740 * configuration (if it's spared in). During this phase we open and
1741 * validate each vdev on the spare list. If the vdev also exists in the
1742 * active configuration, then we also mark this vdev as an active spare.
1744 spa->spa_spares.sav_vdevs = kmem_zalloc(nspares * sizeof (void *),
1746 for (i = 0; i < spa->spa_spares.sav_count; i++) {
1747 VERIFY(spa_config_parse(spa, &vd, spares[i], NULL, 0,
1748 VDEV_ALLOC_SPARE) == 0);
1751 spa->spa_spares.sav_vdevs[i] = vd;
1753 if ((tvd = spa_lookup_by_guid(spa, vd->vdev_guid,
1754 B_FALSE)) != NULL) {
1755 if (!tvd->vdev_isspare)
1759 * We only mark the spare active if we were successfully
1760 * able to load the vdev. Otherwise, importing a pool
1761 * with a bad active spare would result in strange
1762 * behavior, because multiple pool would think the spare
1763 * is actively in use.
1765 * There is a vulnerability here to an equally bizarre
1766 * circumstance, where a dead active spare is later
1767 * brought back to life (onlined or otherwise). Given
1768 * the rarity of this scenario, and the extra complexity
1769 * it adds, we ignore the possibility.
1771 if (!vdev_is_dead(tvd))
1772 spa_spare_activate(tvd);
1776 vd->vdev_aux = &spa->spa_spares;
1778 if (vdev_open(vd) != 0)
1781 if (vdev_validate_aux(vd) == 0)
1786 * Recompute the stashed list of spares, with status information
1789 VERIFY(nvlist_remove(spa->spa_spares.sav_config, ZPOOL_CONFIG_SPARES,
1790 DATA_TYPE_NVLIST_ARRAY) == 0);
1792 spares = kmem_alloc(spa->spa_spares.sav_count * sizeof (void *),
1794 for (i = 0; i < spa->spa_spares.sav_count; i++)
1795 spares[i] = vdev_config_generate(spa,
1796 spa->spa_spares.sav_vdevs[i], B_TRUE, VDEV_CONFIG_SPARE);
1797 VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
1798 ZPOOL_CONFIG_SPARES, spares, spa->spa_spares.sav_count) == 0);
1799 for (i = 0; i < spa->spa_spares.sav_count; i++)
1800 nvlist_free(spares[i]);
1801 kmem_free(spares, spa->spa_spares.sav_count * sizeof (void *));
1805 * Load (or re-load) the current list of vdevs describing the active l2cache for
1806 * this pool. When this is called, we have some form of basic information in
1807 * 'spa_l2cache.sav_config'. We parse this into vdevs, try to open them, and
1808 * then re-generate a more complete list including status information.
1809 * Devices which are already active have their details maintained, and are
1813 spa_load_l2cache(spa_t *spa)
1815 nvlist_t **l2cache = NULL;
1817 int i, j, oldnvdevs;
1819 vdev_t *vd, **oldvdevs, **newvdevs;
1820 spa_aux_vdev_t *sav = &spa->spa_l2cache;
1824 * zdb opens both the current state of the pool and the
1825 * checkpointed state (if present), with a different spa_t.
1827 * As L2 caches are part of the ARC which is shared among open
1828 * pools, we skip loading them when we load the checkpointed
1829 * state of the pool.
1831 if (!spa_writeable(spa))
1835 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
1837 oldvdevs = sav->sav_vdevs;
1838 oldnvdevs = sav->sav_count;
1839 sav->sav_vdevs = NULL;
1842 if (sav->sav_config == NULL) {
1848 VERIFY(nvlist_lookup_nvlist_array(sav->sav_config,
1849 ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
1850 newvdevs = kmem_alloc(nl2cache * sizeof (void *), KM_SLEEP);
1853 * Process new nvlist of vdevs.
1855 for (i = 0; i < nl2cache; i++) {
1856 VERIFY(nvlist_lookup_uint64(l2cache[i], ZPOOL_CONFIG_GUID,
1860 for (j = 0; j < oldnvdevs; j++) {
1862 if (vd != NULL && guid == vd->vdev_guid) {
1864 * Retain previous vdev for add/remove ops.
1872 if (newvdevs[i] == NULL) {
1876 VERIFY(spa_config_parse(spa, &vd, l2cache[i], NULL, 0,
1877 VDEV_ALLOC_L2CACHE) == 0);
1882 * Commit this vdev as an l2cache device,
1883 * even if it fails to open.
1885 spa_l2cache_add(vd);
1890 spa_l2cache_activate(vd);
1892 if (vdev_open(vd) != 0)
1895 (void) vdev_validate_aux(vd);
1897 if (!vdev_is_dead(vd))
1898 l2arc_add_vdev(spa, vd);
1902 sav->sav_vdevs = newvdevs;
1903 sav->sav_count = (int)nl2cache;
1906 * Recompute the stashed list of l2cache devices, with status
1907 * information this time.
1909 VERIFY(nvlist_remove(sav->sav_config, ZPOOL_CONFIG_L2CACHE,
1910 DATA_TYPE_NVLIST_ARRAY) == 0);
1912 if (sav->sav_count > 0)
1913 l2cache = kmem_alloc(sav->sav_count * sizeof (void *),
1915 for (i = 0; i < sav->sav_count; i++)
1916 l2cache[i] = vdev_config_generate(spa,
1917 sav->sav_vdevs[i], B_TRUE, VDEV_CONFIG_L2CACHE);
1918 VERIFY(nvlist_add_nvlist_array(sav->sav_config,
1919 ZPOOL_CONFIG_L2CACHE, l2cache, sav->sav_count) == 0);
1923 * Purge vdevs that were dropped
1925 for (i = 0; i < oldnvdevs; i++) {
1930 ASSERT(vd->vdev_isl2cache);
1932 if (spa_l2cache_exists(vd->vdev_guid, &pool) &&
1933 pool != 0ULL && l2arc_vdev_present(vd))
1934 l2arc_remove_vdev(vd);
1935 vdev_clear_stats(vd);
1941 kmem_free(oldvdevs, oldnvdevs * sizeof (void *));
1943 for (i = 0; i < sav->sav_count; i++)
1944 nvlist_free(l2cache[i]);
1946 kmem_free(l2cache, sav->sav_count * sizeof (void *));
1950 load_nvlist(spa_t *spa, uint64_t obj, nvlist_t **value)
1953 char *packed = NULL;
1958 error = dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db);
1962 nvsize = *(uint64_t *)db->db_data;
1963 dmu_buf_rele(db, FTAG);
1965 packed = vmem_alloc(nvsize, KM_SLEEP);
1966 error = dmu_read(spa->spa_meta_objset, obj, 0, nvsize, packed,
1969 error = nvlist_unpack(packed, nvsize, value, 0);
1970 vmem_free(packed, nvsize);
1976 * Concrete top-level vdevs that are not missing and are not logs. At every
1977 * spa_sync we write new uberblocks to at least SPA_SYNC_MIN_VDEVS core tvds.
1980 spa_healthy_core_tvds(spa_t *spa)
1982 vdev_t *rvd = spa->spa_root_vdev;
1985 for (uint64_t i = 0; i < rvd->vdev_children; i++) {
1986 vdev_t *vd = rvd->vdev_child[i];
1989 if (vdev_is_concrete(vd) && !vdev_is_dead(vd))
1997 * Checks to see if the given vdev could not be opened, in which case we post a
1998 * sysevent to notify the autoreplace code that the device has been removed.
2001 spa_check_removed(vdev_t *vd)
2003 for (uint64_t c = 0; c < vd->vdev_children; c++)
2004 spa_check_removed(vd->vdev_child[c]);
2006 if (vd->vdev_ops->vdev_op_leaf && vdev_is_dead(vd) &&
2007 vdev_is_concrete(vd)) {
2008 zfs_post_autoreplace(vd->vdev_spa, vd);
2009 spa_event_notify(vd->vdev_spa, vd, NULL, ESC_ZFS_VDEV_CHECK);
2014 spa_check_for_missing_logs(spa_t *spa)
2016 vdev_t *rvd = spa->spa_root_vdev;
2019 * If we're doing a normal import, then build up any additional
2020 * diagnostic information about missing log devices.
2021 * We'll pass this up to the user for further processing.
2023 if (!(spa->spa_import_flags & ZFS_IMPORT_MISSING_LOG)) {
2024 nvlist_t **child, *nv;
2027 child = kmem_alloc(rvd->vdev_children * sizeof (nvlist_t *),
2029 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2031 for (uint64_t c = 0; c < rvd->vdev_children; c++) {
2032 vdev_t *tvd = rvd->vdev_child[c];
2035 * We consider a device as missing only if it failed
2036 * to open (i.e. offline or faulted is not considered
2039 if (tvd->vdev_islog &&
2040 tvd->vdev_state == VDEV_STATE_CANT_OPEN) {
2041 child[idx++] = vdev_config_generate(spa, tvd,
2042 B_FALSE, VDEV_CONFIG_MISSING);
2047 fnvlist_add_nvlist_array(nv,
2048 ZPOOL_CONFIG_CHILDREN, child, idx);
2049 fnvlist_add_nvlist(spa->spa_load_info,
2050 ZPOOL_CONFIG_MISSING_DEVICES, nv);
2052 for (uint64_t i = 0; i < idx; i++)
2053 nvlist_free(child[i]);
2056 kmem_free(child, rvd->vdev_children * sizeof (char **));
2059 spa_load_failed(spa, "some log devices are missing");
2060 vdev_dbgmsg_print_tree(rvd, 2);
2061 return (SET_ERROR(ENXIO));
2064 for (uint64_t c = 0; c < rvd->vdev_children; c++) {
2065 vdev_t *tvd = rvd->vdev_child[c];
2067 if (tvd->vdev_islog &&
2068 tvd->vdev_state == VDEV_STATE_CANT_OPEN) {
2069 spa_set_log_state(spa, SPA_LOG_CLEAR);
2070 spa_load_note(spa, "some log devices are "
2071 "missing, ZIL is dropped.");
2072 vdev_dbgmsg_print_tree(rvd, 2);
2082 * Check for missing log devices
2085 spa_check_logs(spa_t *spa)
2087 boolean_t rv = B_FALSE;
2088 dsl_pool_t *dp = spa_get_dsl(spa);
2090 switch (spa->spa_log_state) {
2093 case SPA_LOG_MISSING:
2094 /* need to recheck in case slog has been restored */
2095 case SPA_LOG_UNKNOWN:
2096 rv = (dmu_objset_find_dp(dp, dp->dp_root_dir_obj,
2097 zil_check_log_chain, NULL, DS_FIND_CHILDREN) != 0);
2099 spa_set_log_state(spa, SPA_LOG_MISSING);
2106 spa_passivate_log(spa_t *spa)
2108 vdev_t *rvd = spa->spa_root_vdev;
2109 boolean_t slog_found = B_FALSE;
2111 ASSERT(spa_config_held(spa, SCL_ALLOC, RW_WRITER));
2113 if (!spa_has_slogs(spa))
2116 for (int c = 0; c < rvd->vdev_children; c++) {
2117 vdev_t *tvd = rvd->vdev_child[c];
2118 metaslab_group_t *mg = tvd->vdev_mg;
2120 if (tvd->vdev_islog) {
2121 metaslab_group_passivate(mg);
2122 slog_found = B_TRUE;
2126 return (slog_found);
2130 spa_activate_log(spa_t *spa)
2132 vdev_t *rvd = spa->spa_root_vdev;
2134 ASSERT(spa_config_held(spa, SCL_ALLOC, RW_WRITER));
2136 for (int c = 0; c < rvd->vdev_children; c++) {
2137 vdev_t *tvd = rvd->vdev_child[c];
2138 metaslab_group_t *mg = tvd->vdev_mg;
2140 if (tvd->vdev_islog)
2141 metaslab_group_activate(mg);
2146 spa_reset_logs(spa_t *spa)
2150 error = dmu_objset_find(spa_name(spa), zil_reset,
2151 NULL, DS_FIND_CHILDREN);
2154 * We successfully offlined the log device, sync out the
2155 * current txg so that the "stubby" block can be removed
2158 txg_wait_synced(spa->spa_dsl_pool, 0);
2164 spa_aux_check_removed(spa_aux_vdev_t *sav)
2166 for (int i = 0; i < sav->sav_count; i++)
2167 spa_check_removed(sav->sav_vdevs[i]);
2171 spa_claim_notify(zio_t *zio)
2173 spa_t *spa = zio->io_spa;
2178 mutex_enter(&spa->spa_props_lock); /* any mutex will do */
2179 if (spa->spa_claim_max_txg < zio->io_bp->blk_birth)
2180 spa->spa_claim_max_txg = zio->io_bp->blk_birth;
2181 mutex_exit(&spa->spa_props_lock);
2184 typedef struct spa_load_error {
2185 uint64_t sle_meta_count;
2186 uint64_t sle_data_count;
2190 spa_load_verify_done(zio_t *zio)
2192 blkptr_t *bp = zio->io_bp;
2193 spa_load_error_t *sle = zio->io_private;
2194 dmu_object_type_t type = BP_GET_TYPE(bp);
2195 int error = zio->io_error;
2196 spa_t *spa = zio->io_spa;
2198 abd_free(zio->io_abd);
2200 if ((BP_GET_LEVEL(bp) != 0 || DMU_OT_IS_METADATA(type)) &&
2201 type != DMU_OT_INTENT_LOG)
2202 atomic_inc_64(&sle->sle_meta_count);
2204 atomic_inc_64(&sle->sle_data_count);
2207 mutex_enter(&spa->spa_scrub_lock);
2208 spa->spa_load_verify_bytes -= BP_GET_PSIZE(bp);
2209 cv_broadcast(&spa->spa_scrub_io_cv);
2210 mutex_exit(&spa->spa_scrub_lock);
2214 * Maximum number of inflight bytes is the log2 fraction of the arc size.
2215 * By default, we set it to 1/16th of the arc.
2217 int spa_load_verify_shift = 4;
2218 int spa_load_verify_metadata = B_TRUE;
2219 int spa_load_verify_data = B_TRUE;
2223 spa_load_verify_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp,
2224 const zbookmark_phys_t *zb, const dnode_phys_t *dnp, void *arg)
2226 if (zb->zb_level == ZB_DNODE_LEVEL || BP_IS_HOLE(bp) ||
2227 BP_IS_EMBEDDED(bp) || BP_IS_REDACTED(bp))
2230 * Note: normally this routine will not be called if
2231 * spa_load_verify_metadata is not set. However, it may be useful
2232 * to manually set the flag after the traversal has begun.
2234 if (!spa_load_verify_metadata)
2236 if (!BP_IS_METADATA(bp) && !spa_load_verify_data)
2239 uint64_t maxinflight_bytes =
2240 arc_target_bytes() >> spa_load_verify_shift;
2242 size_t size = BP_GET_PSIZE(bp);
2244 mutex_enter(&spa->spa_scrub_lock);
2245 while (spa->spa_load_verify_bytes >= maxinflight_bytes)
2246 cv_wait(&spa->spa_scrub_io_cv, &spa->spa_scrub_lock);
2247 spa->spa_load_verify_bytes += size;
2248 mutex_exit(&spa->spa_scrub_lock);
2250 zio_nowait(zio_read(rio, spa, bp, abd_alloc_for_io(size, B_FALSE), size,
2251 spa_load_verify_done, rio->io_private, ZIO_PRIORITY_SCRUB,
2252 ZIO_FLAG_SPECULATIVE | ZIO_FLAG_CANFAIL |
2253 ZIO_FLAG_SCRUB | ZIO_FLAG_RAW, zb));
2259 verify_dataset_name_len(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg)
2261 if (dsl_dataset_namelen(ds) >= ZFS_MAX_DATASET_NAME_LEN)
2262 return (SET_ERROR(ENAMETOOLONG));
2268 spa_load_verify(spa_t *spa)
2271 spa_load_error_t sle = { 0 };
2272 zpool_load_policy_t policy;
2273 boolean_t verify_ok = B_FALSE;
2276 zpool_get_load_policy(spa->spa_config, &policy);
2278 if (policy.zlp_rewind & ZPOOL_NEVER_REWIND)
2281 dsl_pool_config_enter(spa->spa_dsl_pool, FTAG);
2282 error = dmu_objset_find_dp(spa->spa_dsl_pool,
2283 spa->spa_dsl_pool->dp_root_dir_obj, verify_dataset_name_len, NULL,
2285 dsl_pool_config_exit(spa->spa_dsl_pool, FTAG);
2289 rio = zio_root(spa, NULL, &sle,
2290 ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE);
2292 if (spa_load_verify_metadata) {
2293 if (spa->spa_extreme_rewind) {
2294 spa_load_note(spa, "performing a complete scan of the "
2295 "pool since extreme rewind is on. This may take "
2296 "a very long time.\n (spa_load_verify_data=%u, "
2297 "spa_load_verify_metadata=%u)",
2298 spa_load_verify_data, spa_load_verify_metadata);
2301 error = traverse_pool(spa, spa->spa_verify_min_txg,
2302 TRAVERSE_PRE | TRAVERSE_PREFETCH_METADATA |
2303 TRAVERSE_NO_DECRYPT, spa_load_verify_cb, rio);
2306 (void) zio_wait(rio);
2307 ASSERT0(spa->spa_load_verify_bytes);
2309 spa->spa_load_meta_errors = sle.sle_meta_count;
2310 spa->spa_load_data_errors = sle.sle_data_count;
2312 if (sle.sle_meta_count != 0 || sle.sle_data_count != 0) {
2313 spa_load_note(spa, "spa_load_verify found %llu metadata errors "
2314 "and %llu data errors", (u_longlong_t)sle.sle_meta_count,
2315 (u_longlong_t)sle.sle_data_count);
2318 if (spa_load_verify_dryrun ||
2319 (!error && sle.sle_meta_count <= policy.zlp_maxmeta &&
2320 sle.sle_data_count <= policy.zlp_maxdata)) {
2324 spa->spa_load_txg = spa->spa_uberblock.ub_txg;
2325 spa->spa_load_txg_ts = spa->spa_uberblock.ub_timestamp;
2327 loss = spa->spa_last_ubsync_txg_ts - spa->spa_load_txg_ts;
2328 VERIFY(nvlist_add_uint64(spa->spa_load_info,
2329 ZPOOL_CONFIG_LOAD_TIME, spa->spa_load_txg_ts) == 0);
2330 VERIFY(nvlist_add_int64(spa->spa_load_info,
2331 ZPOOL_CONFIG_REWIND_TIME, loss) == 0);
2332 VERIFY(nvlist_add_uint64(spa->spa_load_info,
2333 ZPOOL_CONFIG_LOAD_DATA_ERRORS, sle.sle_data_count) == 0);
2335 spa->spa_load_max_txg = spa->spa_uberblock.ub_txg;
2338 if (spa_load_verify_dryrun)
2342 if (error != ENXIO && error != EIO)
2343 error = SET_ERROR(EIO);
2347 return (verify_ok ? 0 : EIO);
2351 * Find a value in the pool props object.
2354 spa_prop_find(spa_t *spa, zpool_prop_t prop, uint64_t *val)
2356 (void) zap_lookup(spa->spa_meta_objset, spa->spa_pool_props_object,
2357 zpool_prop_to_name(prop), sizeof (uint64_t), 1, val);
2361 * Find a value in the pool directory object.
2364 spa_dir_prop(spa_t *spa, const char *name, uint64_t *val, boolean_t log_enoent)
2366 int error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
2367 name, sizeof (uint64_t), 1, val);
2369 if (error != 0 && (error != ENOENT || log_enoent)) {
2370 spa_load_failed(spa, "couldn't get '%s' value in MOS directory "
2371 "[error=%d]", name, error);
2378 spa_vdev_err(vdev_t *vdev, vdev_aux_t aux, int err)
2380 vdev_set_state(vdev, B_TRUE, VDEV_STATE_CANT_OPEN, aux);
2381 return (SET_ERROR(err));
2385 spa_livelist_delete_check(spa_t *spa)
2387 return (spa->spa_livelists_to_delete != 0);
2392 spa_livelist_delete_cb_check(void *arg, zthr_t *z)
2395 return (spa_livelist_delete_check(spa));
2399 delete_blkptr_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
2402 zio_free(spa, tx->tx_txg, bp);
2403 dsl_dir_diduse_space(tx->tx_pool->dp_free_dir, DD_USED_HEAD,
2404 -bp_get_dsize_sync(spa, bp),
2405 -BP_GET_PSIZE(bp), -BP_GET_UCSIZE(bp), tx);
2410 dsl_get_next_livelist_obj(objset_t *os, uint64_t zap_obj, uint64_t *llp)
2415 zap_cursor_init(&zc, os, zap_obj);
2416 err = zap_cursor_retrieve(&zc, &za);
2417 zap_cursor_fini(&zc);
2419 *llp = za.za_first_integer;
2424 * Components of livelist deletion that must be performed in syncing
2425 * context: freeing block pointers and updating the pool-wide data
2426 * structures to indicate how much work is left to do
2428 typedef struct sublist_delete_arg {
2433 } sublist_delete_arg_t;
2436 sublist_delete_sync(void *arg, dmu_tx_t *tx)
2438 sublist_delete_arg_t *sda = arg;
2439 spa_t *spa = sda->spa;
2440 dsl_deadlist_t *ll = sda->ll;
2441 uint64_t key = sda->key;
2442 bplist_t *to_free = sda->to_free;
2444 bplist_iterate(to_free, delete_blkptr_cb, spa, tx);
2445 dsl_deadlist_remove_entry(ll, key, tx);
2448 typedef struct livelist_delete_arg {
2452 } livelist_delete_arg_t;
2455 livelist_delete_sync(void *arg, dmu_tx_t *tx)
2457 livelist_delete_arg_t *lda = arg;
2458 spa_t *spa = lda->spa;
2459 uint64_t ll_obj = lda->ll_obj;
2460 uint64_t zap_obj = lda->zap_obj;
2461 objset_t *mos = spa->spa_meta_objset;
2464 /* free the livelist and decrement the feature count */
2465 VERIFY0(zap_remove_int(mos, zap_obj, ll_obj, tx));
2466 dsl_deadlist_free(mos, ll_obj, tx);
2467 spa_feature_decr(spa, SPA_FEATURE_LIVELIST, tx);
2468 VERIFY0(zap_count(mos, zap_obj, &count));
2470 /* no more livelists to delete */
2471 VERIFY0(zap_remove(mos, DMU_POOL_DIRECTORY_OBJECT,
2472 DMU_POOL_DELETED_CLONES, tx));
2473 VERIFY0(zap_destroy(mos, zap_obj, tx));
2474 spa->spa_livelists_to_delete = 0;
2475 spa_notify_waiters(spa);
2480 * Load in the value for the livelist to be removed and open it. Then,
2481 * load its first sublist and determine which block pointers should actually
2482 * be freed. Then, call a synctask which performs the actual frees and updates
2483 * the pool-wide livelist data.
2487 spa_livelist_delete_cb(void *arg, zthr_t *z)
2490 uint64_t ll_obj = 0, count;
2491 objset_t *mos = spa->spa_meta_objset;
2492 uint64_t zap_obj = spa->spa_livelists_to_delete;
2494 * Determine the next livelist to delete. This function should only
2495 * be called if there is at least one deleted clone.
2497 VERIFY0(dsl_get_next_livelist_obj(mos, zap_obj, &ll_obj));
2498 VERIFY0(zap_count(mos, ll_obj, &count));
2500 dsl_deadlist_t ll = { 0 };
2501 dsl_deadlist_entry_t *dle;
2503 dsl_deadlist_open(&ll, mos, ll_obj);
2504 dle = dsl_deadlist_first(&ll);
2505 ASSERT3P(dle, !=, NULL);
2506 bplist_create(&to_free);
2507 int err = dsl_process_sub_livelist(&dle->dle_bpobj, &to_free,
2510 sublist_delete_arg_t sync_arg = {
2513 .key = dle->dle_mintxg,
2516 zfs_dbgmsg("deleting sublist (id %llu) from"
2517 " livelist %llu, %d remaining",
2518 dle->dle_bpobj.bpo_object, ll_obj, count - 1);
2519 VERIFY0(dsl_sync_task(spa_name(spa), NULL,
2520 sublist_delete_sync, &sync_arg, 0,
2521 ZFS_SPACE_CHECK_DESTROY));
2523 ASSERT(err == EINTR);
2525 bplist_clear(&to_free);
2526 bplist_destroy(&to_free);
2527 dsl_deadlist_close(&ll);
2529 livelist_delete_arg_t sync_arg = {
2534 zfs_dbgmsg("deletion of livelist %llu completed", ll_obj);
2535 VERIFY0(dsl_sync_task(spa_name(spa), NULL, livelist_delete_sync,
2536 &sync_arg, 0, ZFS_SPACE_CHECK_DESTROY));
2541 spa_start_livelist_destroy_thread(spa_t *spa)
2543 ASSERT3P(spa->spa_livelist_delete_zthr, ==, NULL);
2544 spa->spa_livelist_delete_zthr = zthr_create(
2545 spa_livelist_delete_cb_check, spa_livelist_delete_cb, spa);
2548 typedef struct livelist_new_arg {
2551 } livelist_new_arg_t;
2554 livelist_track_new_cb(void *arg, const blkptr_t *bp, boolean_t bp_freed,
2558 livelist_new_arg_t *lna = arg;
2560 bplist_append(lna->frees, bp);
2562 bplist_append(lna->allocs, bp);
2563 zfs_livelist_condense_new_alloc++;
2568 typedef struct livelist_condense_arg {
2571 uint64_t first_size;
2573 } livelist_condense_arg_t;
2576 spa_livelist_condense_sync(void *arg, dmu_tx_t *tx)
2578 livelist_condense_arg_t *lca = arg;
2579 spa_t *spa = lca->spa;
2581 dsl_dataset_t *ds = spa->spa_to_condense.ds;
2583 /* Have we been cancelled? */
2584 if (spa->spa_to_condense.cancelled) {
2585 zfs_livelist_condense_sync_cancel++;
2589 dsl_deadlist_entry_t *first = spa->spa_to_condense.first;
2590 dsl_deadlist_entry_t *next = spa->spa_to_condense.next;
2591 dsl_deadlist_t *ll = &ds->ds_dir->dd_livelist;
2594 * It's possible that the livelist was changed while the zthr was
2595 * running. Therefore, we need to check for new blkptrs in the two
2596 * entries being condensed and continue to track them in the livelist.
2597 * Because of the way we handle remapped blkptrs (see dbuf_remap_impl),
2598 * it's possible that the newly added blkptrs are FREEs or ALLOCs so
2599 * we need to sort them into two different bplists.
2601 uint64_t first_obj = first->dle_bpobj.bpo_object;
2602 uint64_t next_obj = next->dle_bpobj.bpo_object;
2603 uint64_t cur_first_size = first->dle_bpobj.bpo_phys->bpo_num_blkptrs;
2604 uint64_t cur_next_size = next->dle_bpobj.bpo_phys->bpo_num_blkptrs;
2606 bplist_create(&new_frees);
2607 livelist_new_arg_t new_bps = {
2608 .allocs = &lca->to_keep,
2609 .frees = &new_frees,
2612 if (cur_first_size > lca->first_size) {
2613 VERIFY0(livelist_bpobj_iterate_from_nofree(&first->dle_bpobj,
2614 livelist_track_new_cb, &new_bps, lca->first_size));
2616 if (cur_next_size > lca->next_size) {
2617 VERIFY0(livelist_bpobj_iterate_from_nofree(&next->dle_bpobj,
2618 livelist_track_new_cb, &new_bps, lca->next_size));
2621 dsl_deadlist_clear_entry(first, ll, tx);
2622 ASSERT(bpobj_is_empty(&first->dle_bpobj));
2623 dsl_deadlist_remove_entry(ll, next->dle_mintxg, tx);
2625 bplist_iterate(&lca->to_keep, dsl_deadlist_insert_alloc_cb, ll, tx);
2626 bplist_iterate(&new_frees, dsl_deadlist_insert_free_cb, ll, tx);
2627 bplist_destroy(&new_frees);
2629 char dsname[ZFS_MAX_DATASET_NAME_LEN];
2630 dsl_dataset_name(ds, dsname);
2631 zfs_dbgmsg("txg %llu condensing livelist of %s (id %llu), bpobj %llu "
2632 "(%llu blkptrs) and bpobj %llu (%llu blkptrs) -> bpobj %llu "
2633 "(%llu blkptrs)", tx->tx_txg, dsname, ds->ds_object, first_obj,
2634 cur_first_size, next_obj, cur_next_size,
2635 first->dle_bpobj.bpo_object,
2636 first->dle_bpobj.bpo_phys->bpo_num_blkptrs);
2638 dmu_buf_rele(ds->ds_dbuf, spa);
2639 spa->spa_to_condense.ds = NULL;
2640 bplist_clear(&lca->to_keep);
2641 bplist_destroy(&lca->to_keep);
2642 kmem_free(lca, sizeof (livelist_condense_arg_t));
2643 spa->spa_to_condense.syncing = B_FALSE;
2647 spa_livelist_condense_cb(void *arg, zthr_t *t)
2649 while (zfs_livelist_condense_zthr_pause &&
2650 !(zthr_has_waiters(t) || zthr_iscancelled(t)))
2654 dsl_deadlist_entry_t *first = spa->spa_to_condense.first;
2655 dsl_deadlist_entry_t *next = spa->spa_to_condense.next;
2656 uint64_t first_size, next_size;
2658 livelist_condense_arg_t *lca =
2659 kmem_alloc(sizeof (livelist_condense_arg_t), KM_SLEEP);
2660 bplist_create(&lca->to_keep);
2663 * Process the livelists (matching FREEs and ALLOCs) in open context
2664 * so we have minimal work in syncing context to condense.
2666 * We save bpobj sizes (first_size and next_size) to use later in
2667 * syncing context to determine if entries were added to these sublists
2668 * while in open context. This is possible because the clone is still
2669 * active and open for normal writes and we want to make sure the new,
2670 * unprocessed blockpointers are inserted into the livelist normally.
2672 * Note that dsl_process_sub_livelist() both stores the size number of
2673 * blockpointers and iterates over them while the bpobj's lock held, so
2674 * the sizes returned to us are consistent which what was actually
2677 int err = dsl_process_sub_livelist(&first->dle_bpobj, &lca->to_keep, t,
2680 err = dsl_process_sub_livelist(&next->dle_bpobj, &lca->to_keep,
2684 while (zfs_livelist_condense_sync_pause &&
2685 !(zthr_has_waiters(t) || zthr_iscancelled(t)))
2688 dmu_tx_t *tx = dmu_tx_create_dd(spa_get_dsl(spa)->dp_mos_dir);
2689 dmu_tx_mark_netfree(tx);
2690 dmu_tx_hold_space(tx, 1);
2691 err = dmu_tx_assign(tx, TXG_NOWAIT | TXG_NOTHROTTLE);
2694 * Prevent the condense zthr restarting before
2695 * the synctask completes.
2697 spa->spa_to_condense.syncing = B_TRUE;
2699 lca->first_size = first_size;
2700 lca->next_size = next_size;
2701 dsl_sync_task_nowait(spa_get_dsl(spa),
2702 spa_livelist_condense_sync, lca, 0,
2703 ZFS_SPACE_CHECK_NONE, tx);
2709 * Condensing can not continue: either it was externally stopped or
2710 * we were unable to assign to a tx because the pool has run out of
2711 * space. In the second case, we'll just end up trying to condense
2712 * again in a later txg.
2715 bplist_clear(&lca->to_keep);
2716 bplist_destroy(&lca->to_keep);
2717 kmem_free(lca, sizeof (livelist_condense_arg_t));
2718 dmu_buf_rele(spa->spa_to_condense.ds->ds_dbuf, spa);
2719 spa->spa_to_condense.ds = NULL;
2721 zfs_livelist_condense_zthr_cancel++;
2726 * Check that there is something to condense but that a condense is not
2727 * already in progress and that condensing has not been cancelled.
2730 spa_livelist_condense_cb_check(void *arg, zthr_t *z)
2733 if ((spa->spa_to_condense.ds != NULL) &&
2734 (spa->spa_to_condense.syncing == B_FALSE) &&
2735 (spa->spa_to_condense.cancelled == B_FALSE)) {
2742 spa_start_livelist_condensing_thread(spa_t *spa)
2744 spa->spa_to_condense.ds = NULL;
2745 spa->spa_to_condense.first = NULL;
2746 spa->spa_to_condense.next = NULL;
2747 spa->spa_to_condense.syncing = B_FALSE;
2748 spa->spa_to_condense.cancelled = B_FALSE;
2750 ASSERT3P(spa->spa_livelist_condense_zthr, ==, NULL);
2751 spa->spa_livelist_condense_zthr = zthr_create(
2752 spa_livelist_condense_cb_check, spa_livelist_condense_cb, spa);
2756 spa_spawn_aux_threads(spa_t *spa)
2758 ASSERT(spa_writeable(spa));
2760 ASSERT(MUTEX_HELD(&spa_namespace_lock));
2762 spa_start_indirect_condensing_thread(spa);
2763 spa_start_livelist_destroy_thread(spa);
2764 spa_start_livelist_condensing_thread(spa);
2766 ASSERT3P(spa->spa_checkpoint_discard_zthr, ==, NULL);
2767 spa->spa_checkpoint_discard_zthr =
2768 zthr_create(spa_checkpoint_discard_thread_check,
2769 spa_checkpoint_discard_thread, spa);
2773 * Fix up config after a partly-completed split. This is done with the
2774 * ZPOOL_CONFIG_SPLIT nvlist. Both the splitting pool and the split-off
2775 * pool have that entry in their config, but only the splitting one contains
2776 * a list of all the guids of the vdevs that are being split off.
2778 * This function determines what to do with that list: either rejoin
2779 * all the disks to the pool, or complete the splitting process. To attempt
2780 * the rejoin, each disk that is offlined is marked online again, and
2781 * we do a reopen() call. If the vdev label for every disk that was
2782 * marked online indicates it was successfully split off (VDEV_AUX_SPLIT_POOL)
2783 * then we call vdev_split() on each disk, and complete the split.
2785 * Otherwise we leave the config alone, with all the vdevs in place in
2786 * the original pool.
2789 spa_try_repair(spa_t *spa, nvlist_t *config)
2796 boolean_t attempt_reopen;
2798 if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_SPLIT, &nvl) != 0)
2801 /* check that the config is complete */
2802 if (nvlist_lookup_uint64_array(nvl, ZPOOL_CONFIG_SPLIT_LIST,
2803 &glist, &gcount) != 0)
2806 vd = kmem_zalloc(gcount * sizeof (vdev_t *), KM_SLEEP);
2808 /* attempt to online all the vdevs & validate */
2809 attempt_reopen = B_TRUE;
2810 for (i = 0; i < gcount; i++) {
2811 if (glist[i] == 0) /* vdev is hole */
2814 vd[i] = spa_lookup_by_guid(spa, glist[i], B_FALSE);
2815 if (vd[i] == NULL) {
2817 * Don't bother attempting to reopen the disks;
2818 * just do the split.
2820 attempt_reopen = B_FALSE;
2822 /* attempt to re-online it */
2823 vd[i]->vdev_offline = B_FALSE;
2827 if (attempt_reopen) {
2828 vdev_reopen(spa->spa_root_vdev);
2830 /* check each device to see what state it's in */
2831 for (extracted = 0, i = 0; i < gcount; i++) {
2832 if (vd[i] != NULL &&
2833 vd[i]->vdev_stat.vs_aux != VDEV_AUX_SPLIT_POOL)
2840 * If every disk has been moved to the new pool, or if we never
2841 * even attempted to look at them, then we split them off for
2844 if (!attempt_reopen || gcount == extracted) {
2845 for (i = 0; i < gcount; i++)
2848 vdev_reopen(spa->spa_root_vdev);
2851 kmem_free(vd, gcount * sizeof (vdev_t *));
2855 spa_load(spa_t *spa, spa_load_state_t state, spa_import_type_t type)
2857 char *ereport = FM_EREPORT_ZFS_POOL;
2860 spa->spa_load_state = state;
2861 (void) spa_import_progress_set_state(spa_guid(spa),
2862 spa_load_state(spa));
2864 gethrestime(&spa->spa_loaded_ts);
2865 error = spa_load_impl(spa, type, &ereport);
2868 * Don't count references from objsets that are already closed
2869 * and are making their way through the eviction process.
2871 spa_evicting_os_wait(spa);
2872 spa->spa_minref = zfs_refcount_count(&spa->spa_refcount);
2874 if (error != EEXIST) {
2875 spa->spa_loaded_ts.tv_sec = 0;
2876 spa->spa_loaded_ts.tv_nsec = 0;
2878 if (error != EBADF) {
2879 zfs_ereport_post(ereport, spa, NULL, NULL, NULL, 0, 0);
2882 spa->spa_load_state = error ? SPA_LOAD_ERROR : SPA_LOAD_NONE;
2885 (void) spa_import_progress_set_state(spa_guid(spa),
2886 spa_load_state(spa));
2893 * Count the number of per-vdev ZAPs associated with all of the vdevs in the
2894 * vdev tree rooted in the given vd, and ensure that each ZAP is present in the
2895 * spa's per-vdev ZAP list.
2898 vdev_count_verify_zaps(vdev_t *vd)
2900 spa_t *spa = vd->vdev_spa;
2903 if (vd->vdev_top_zap != 0) {
2905 ASSERT0(zap_lookup_int(spa->spa_meta_objset,
2906 spa->spa_all_vdev_zaps, vd->vdev_top_zap));
2908 if (vd->vdev_leaf_zap != 0) {
2910 ASSERT0(zap_lookup_int(spa->spa_meta_objset,
2911 spa->spa_all_vdev_zaps, vd->vdev_leaf_zap));
2914 for (uint64_t i = 0; i < vd->vdev_children; i++) {
2915 total += vdev_count_verify_zaps(vd->vdev_child[i]);
2923 * Determine whether the activity check is required.
2926 spa_activity_check_required(spa_t *spa, uberblock_t *ub, nvlist_t *label,
2930 uint64_t hostid = 0;
2931 uint64_t tryconfig_txg = 0;
2932 uint64_t tryconfig_timestamp = 0;
2933 uint16_t tryconfig_mmp_seq = 0;
2936 if (nvlist_exists(config, ZPOOL_CONFIG_LOAD_INFO)) {
2937 nvinfo = fnvlist_lookup_nvlist(config, ZPOOL_CONFIG_LOAD_INFO);
2938 (void) nvlist_lookup_uint64(nvinfo, ZPOOL_CONFIG_MMP_TXG,
2940 (void) nvlist_lookup_uint64(config, ZPOOL_CONFIG_TIMESTAMP,
2941 &tryconfig_timestamp);
2942 (void) nvlist_lookup_uint16(nvinfo, ZPOOL_CONFIG_MMP_SEQ,
2943 &tryconfig_mmp_seq);
2946 (void) nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_STATE, &state);
2949 * Disable the MMP activity check - This is used by zdb which
2950 * is intended to be used on potentially active pools.
2952 if (spa->spa_import_flags & ZFS_IMPORT_SKIP_MMP)
2956 * Skip the activity check when the MMP feature is disabled.
2958 if (ub->ub_mmp_magic == MMP_MAGIC && ub->ub_mmp_delay == 0)
2962 * If the tryconfig_ values are nonzero, they are the results of an
2963 * earlier tryimport. If they all match the uberblock we just found,
2964 * then the pool has not changed and we return false so we do not test
2967 if (tryconfig_txg && tryconfig_txg == ub->ub_txg &&
2968 tryconfig_timestamp && tryconfig_timestamp == ub->ub_timestamp &&
2969 tryconfig_mmp_seq && tryconfig_mmp_seq ==
2970 (MMP_SEQ_VALID(ub) ? MMP_SEQ(ub) : 0))
2974 * Allow the activity check to be skipped when importing the pool
2975 * on the same host which last imported it. Since the hostid from
2976 * configuration may be stale use the one read from the label.
2978 if (nvlist_exists(label, ZPOOL_CONFIG_HOSTID))
2979 hostid = fnvlist_lookup_uint64(label, ZPOOL_CONFIG_HOSTID);
2981 if (hostid == spa_get_hostid(spa))
2985 * Skip the activity test when the pool was cleanly exported.
2987 if (state != POOL_STATE_ACTIVE)
2994 * Nanoseconds the activity check must watch for changes on-disk.
2997 spa_activity_check_duration(spa_t *spa, uberblock_t *ub)
2999 uint64_t import_intervals = MAX(zfs_multihost_import_intervals, 1);
3000 uint64_t multihost_interval = MSEC2NSEC(
3001 MMP_INTERVAL_OK(zfs_multihost_interval));
3002 uint64_t import_delay = MAX(NANOSEC, import_intervals *
3003 multihost_interval);
3006 * Local tunables determine a minimum duration except for the case
3007 * where we know when the remote host will suspend the pool if MMP
3008 * writes do not land.
3010 * See Big Theory comment at the top of mmp.c for the reasoning behind
3011 * these cases and times.
3014 ASSERT(MMP_IMPORT_SAFETY_FACTOR >= 100);
3016 if (MMP_INTERVAL_VALID(ub) && MMP_FAIL_INT_VALID(ub) &&
3017 MMP_FAIL_INT(ub) > 0) {
3019 /* MMP on remote host will suspend pool after failed writes */
3020 import_delay = MMP_FAIL_INT(ub) * MSEC2NSEC(MMP_INTERVAL(ub)) *
3021 MMP_IMPORT_SAFETY_FACTOR / 100;
3023 zfs_dbgmsg("fail_intvals>0 import_delay=%llu ub_mmp "
3024 "mmp_fails=%llu ub_mmp mmp_interval=%llu "
3025 "import_intervals=%u", import_delay, MMP_FAIL_INT(ub),
3026 MMP_INTERVAL(ub), import_intervals);
3028 } else if (MMP_INTERVAL_VALID(ub) && MMP_FAIL_INT_VALID(ub) &&
3029 MMP_FAIL_INT(ub) == 0) {
3031 /* MMP on remote host will never suspend pool */
3032 import_delay = MAX(import_delay, (MSEC2NSEC(MMP_INTERVAL(ub)) +
3033 ub->ub_mmp_delay) * import_intervals);
3035 zfs_dbgmsg("fail_intvals=0 import_delay=%llu ub_mmp "
3036 "mmp_interval=%llu ub_mmp_delay=%llu "
3037 "import_intervals=%u", import_delay, MMP_INTERVAL(ub),
3038 ub->ub_mmp_delay, import_intervals);
3040 } else if (MMP_VALID(ub)) {
3042 * zfs-0.7 compatibility case
3045 import_delay = MAX(import_delay, (multihost_interval +
3046 ub->ub_mmp_delay) * import_intervals);
3048 zfs_dbgmsg("import_delay=%llu ub_mmp_delay=%llu "
3049 "import_intervals=%u leaves=%u", import_delay,
3050 ub->ub_mmp_delay, import_intervals,
3051 vdev_count_leaves(spa));
3053 /* Using local tunings is the only reasonable option */
3054 zfs_dbgmsg("pool last imported on non-MMP aware "
3055 "host using import_delay=%llu multihost_interval=%llu "
3056 "import_intervals=%u", import_delay, multihost_interval,
3060 return (import_delay);
3064 * Perform the import activity check. If the user canceled the import or
3065 * we detected activity then fail.
3068 spa_activity_check(spa_t *spa, uberblock_t *ub, nvlist_t *config)
3070 uint64_t txg = ub->ub_txg;
3071 uint64_t timestamp = ub->ub_timestamp;
3072 uint64_t mmp_config = ub->ub_mmp_config;
3073 uint16_t mmp_seq = MMP_SEQ_VALID(ub) ? MMP_SEQ(ub) : 0;
3074 uint64_t import_delay;
3075 hrtime_t import_expire;
3076 nvlist_t *mmp_label = NULL;
3077 vdev_t *rvd = spa->spa_root_vdev;
3082 cv_init(&cv, NULL, CV_DEFAULT, NULL);
3083 mutex_init(&mtx, NULL, MUTEX_DEFAULT, NULL);
3087 * If ZPOOL_CONFIG_MMP_TXG is present an activity check was performed
3088 * during the earlier tryimport. If the txg recorded there is 0 then
3089 * the pool is known to be active on another host.
3091 * Otherwise, the pool might be in use on another host. Check for
3092 * changes in the uberblocks on disk if necessary.
3094 if (nvlist_exists(config, ZPOOL_CONFIG_LOAD_INFO)) {
3095 nvlist_t *nvinfo = fnvlist_lookup_nvlist(config,
3096 ZPOOL_CONFIG_LOAD_INFO);
3098 if (nvlist_exists(nvinfo, ZPOOL_CONFIG_MMP_TXG) &&
3099 fnvlist_lookup_uint64(nvinfo, ZPOOL_CONFIG_MMP_TXG) == 0) {
3100 vdev_uberblock_load(rvd, ub, &mmp_label);
3101 error = SET_ERROR(EREMOTEIO);
3106 import_delay = spa_activity_check_duration(spa, ub);
3108 /* Add a small random factor in case of simultaneous imports (0-25%) */
3109 import_delay += import_delay * spa_get_random(250) / 1000;
3111 import_expire = gethrtime() + import_delay;
3113 while (gethrtime() < import_expire) {
3114 (void) spa_import_progress_set_mmp_check(spa_guid(spa),
3115 NSEC2SEC(import_expire - gethrtime()));
3117 vdev_uberblock_load(rvd, ub, &mmp_label);
3119 if (txg != ub->ub_txg || timestamp != ub->ub_timestamp ||
3120 mmp_seq != (MMP_SEQ_VALID(ub) ? MMP_SEQ(ub) : 0)) {
3121 zfs_dbgmsg("multihost activity detected "
3122 "txg %llu ub_txg %llu "
3123 "timestamp %llu ub_timestamp %llu "
3124 "mmp_config %#llx ub_mmp_config %#llx",
3125 txg, ub->ub_txg, timestamp, ub->ub_timestamp,
3126 mmp_config, ub->ub_mmp_config);
3128 error = SET_ERROR(EREMOTEIO);
3133 nvlist_free(mmp_label);
3137 error = cv_timedwait_sig(&cv, &mtx, ddi_get_lbolt() + hz);
3139 error = SET_ERROR(EINTR);
3147 mutex_destroy(&mtx);
3151 * If the pool is determined to be active store the status in the
3152 * spa->spa_load_info nvlist. If the remote hostname or hostid are
3153 * available from configuration read from disk store them as well.
3154 * This allows 'zpool import' to generate a more useful message.
3156 * ZPOOL_CONFIG_MMP_STATE - observed pool status (mandatory)
3157 * ZPOOL_CONFIG_MMP_HOSTNAME - hostname from the active pool
3158 * ZPOOL_CONFIG_MMP_HOSTID - hostid from the active pool
3160 if (error == EREMOTEIO) {
3161 char *hostname = "<unknown>";
3162 uint64_t hostid = 0;
3165 if (nvlist_exists(mmp_label, ZPOOL_CONFIG_HOSTNAME)) {
3166 hostname = fnvlist_lookup_string(mmp_label,
3167 ZPOOL_CONFIG_HOSTNAME);
3168 fnvlist_add_string(spa->spa_load_info,
3169 ZPOOL_CONFIG_MMP_HOSTNAME, hostname);
3172 if (nvlist_exists(mmp_label, ZPOOL_CONFIG_HOSTID)) {
3173 hostid = fnvlist_lookup_uint64(mmp_label,
3174 ZPOOL_CONFIG_HOSTID);
3175 fnvlist_add_uint64(spa->spa_load_info,
3176 ZPOOL_CONFIG_MMP_HOSTID, hostid);
3180 fnvlist_add_uint64(spa->spa_load_info,
3181 ZPOOL_CONFIG_MMP_STATE, MMP_STATE_ACTIVE);
3182 fnvlist_add_uint64(spa->spa_load_info,
3183 ZPOOL_CONFIG_MMP_TXG, 0);
3185 error = spa_vdev_err(rvd, VDEV_AUX_ACTIVE, EREMOTEIO);
3189 nvlist_free(mmp_label);
3195 spa_verify_host(spa_t *spa, nvlist_t *mos_config)
3199 uint64_t myhostid = 0;
3201 if (!spa_is_root(spa) && nvlist_lookup_uint64(mos_config,
3202 ZPOOL_CONFIG_HOSTID, &hostid) == 0) {
3203 hostname = fnvlist_lookup_string(mos_config,
3204 ZPOOL_CONFIG_HOSTNAME);
3206 myhostid = zone_get_hostid(NULL);
3208 if (hostid != 0 && myhostid != 0 && hostid != myhostid) {
3209 cmn_err(CE_WARN, "pool '%s' could not be "
3210 "loaded as it was last accessed by "
3211 "another system (host: %s hostid: 0x%llx). "
3212 "See: http://illumos.org/msg/ZFS-8000-EY",
3213 spa_name(spa), hostname, (u_longlong_t)hostid);
3214 spa_load_failed(spa, "hostid verification failed: pool "
3215 "last accessed by host: %s (hostid: 0x%llx)",
3216 hostname, (u_longlong_t)hostid);
3217 return (SET_ERROR(EBADF));
3225 spa_ld_parse_config(spa_t *spa, spa_import_type_t type)
3228 nvlist_t *nvtree, *nvl, *config = spa->spa_config;
3235 * Versioning wasn't explicitly added to the label until later, so if
3236 * it's not present treat it as the initial version.
3238 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_VERSION,
3239 &spa->spa_ubsync.ub_version) != 0)
3240 spa->spa_ubsync.ub_version = SPA_VERSION_INITIAL;
3242 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &pool_guid)) {
3243 spa_load_failed(spa, "invalid config provided: '%s' missing",
3244 ZPOOL_CONFIG_POOL_GUID);
3245 return (SET_ERROR(EINVAL));
3249 * If we are doing an import, ensure that the pool is not already
3250 * imported by checking if its pool guid already exists in the
3253 * The only case that we allow an already imported pool to be
3254 * imported again, is when the pool is checkpointed and we want to
3255 * look at its checkpointed state from userland tools like zdb.
3258 if ((spa->spa_load_state == SPA_LOAD_IMPORT ||
3259 spa->spa_load_state == SPA_LOAD_TRYIMPORT) &&
3260 spa_guid_exists(pool_guid, 0)) {
3262 if ((spa->spa_load_state == SPA_LOAD_IMPORT ||
3263 spa->spa_load_state == SPA_LOAD_TRYIMPORT) &&
3264 spa_guid_exists(pool_guid, 0) &&
3265 !spa_importing_readonly_checkpoint(spa)) {
3267 spa_load_failed(spa, "a pool with guid %llu is already open",
3268 (u_longlong_t)pool_guid);
3269 return (SET_ERROR(EEXIST));
3272 spa->spa_config_guid = pool_guid;
3274 nvlist_free(spa->spa_load_info);
3275 spa->spa_load_info = fnvlist_alloc();
3277 ASSERT(spa->spa_comment == NULL);
3278 if (nvlist_lookup_string(config, ZPOOL_CONFIG_COMMENT, &comment) == 0)
3279 spa->spa_comment = spa_strdup(comment);
3281 (void) nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_TXG,
3282 &spa->spa_config_txg);
3284 if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_SPLIT, &nvl) == 0)
3285 spa->spa_config_splitting = fnvlist_dup(nvl);
3287 if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &nvtree)) {
3288 spa_load_failed(spa, "invalid config provided: '%s' missing",
3289 ZPOOL_CONFIG_VDEV_TREE);
3290 return (SET_ERROR(EINVAL));
3294 * Create "The Godfather" zio to hold all async IOs
3296 spa->spa_async_zio_root = kmem_alloc(max_ncpus * sizeof (void *),
3298 for (int i = 0; i < max_ncpus; i++) {
3299 spa->spa_async_zio_root[i] = zio_root(spa, NULL, NULL,
3300 ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE |
3301 ZIO_FLAG_GODFATHER);
3305 * Parse the configuration into a vdev tree. We explicitly set the
3306 * value that will be returned by spa_version() since parsing the
3307 * configuration requires knowing the version number.
3309 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
3310 parse = (type == SPA_IMPORT_EXISTING ?
3311 VDEV_ALLOC_LOAD : VDEV_ALLOC_SPLIT);
3312 error = spa_config_parse(spa, &rvd, nvtree, NULL, 0, parse);
3313 spa_config_exit(spa, SCL_ALL, FTAG);
3316 spa_load_failed(spa, "unable to parse config [error=%d]",
3321 ASSERT(spa->spa_root_vdev == rvd);
3322 ASSERT3U(spa->spa_min_ashift, >=, SPA_MINBLOCKSHIFT);
3323 ASSERT3U(spa->spa_max_ashift, <=, SPA_MAXBLOCKSHIFT);
3325 if (type != SPA_IMPORT_ASSEMBLE) {
3326 ASSERT(spa_guid(spa) == pool_guid);
3333 * Recursively open all vdevs in the vdev tree. This function is called twice:
3334 * first with the untrusted config, then with the trusted config.
3337 spa_ld_open_vdevs(spa_t *spa)
3342 * spa_missing_tvds_allowed defines how many top-level vdevs can be
3343 * missing/unopenable for the root vdev to be still considered openable.
3345 if (spa->spa_trust_config) {
3346 spa->spa_missing_tvds_allowed = zfs_max_missing_tvds;
3347 } else if (spa->spa_config_source == SPA_CONFIG_SRC_CACHEFILE) {
3348 spa->spa_missing_tvds_allowed = zfs_max_missing_tvds_cachefile;
3349 } else if (spa->spa_config_source == SPA_CONFIG_SRC_SCAN) {
3350 spa->spa_missing_tvds_allowed = zfs_max_missing_tvds_scan;
3352 spa->spa_missing_tvds_allowed = 0;
3355 spa->spa_missing_tvds_allowed =
3356 MAX(zfs_max_missing_tvds, spa->spa_missing_tvds_allowed);
3358 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
3359 error = vdev_open(spa->spa_root_vdev);
3360 spa_config_exit(spa, SCL_ALL, FTAG);
3362 if (spa->spa_missing_tvds != 0) {
3363 spa_load_note(spa, "vdev tree has %lld missing top-level "
3364 "vdevs.", (u_longlong_t)spa->spa_missing_tvds);
3365 if (spa->spa_trust_config && (spa->spa_mode & SPA_MODE_WRITE)) {
3367 * Although theoretically we could allow users to open
3368 * incomplete pools in RW mode, we'd need to add a lot
3369 * of extra logic (e.g. adjust pool space to account
3370 * for missing vdevs).
3371 * This limitation also prevents users from accidentally
3372 * opening the pool in RW mode during data recovery and
3373 * damaging it further.
3375 spa_load_note(spa, "pools with missing top-level "
3376 "vdevs can only be opened in read-only mode.");
3377 error = SET_ERROR(ENXIO);
3379 spa_load_note(spa, "current settings allow for maximum "
3380 "%lld missing top-level vdevs at this stage.",
3381 (u_longlong_t)spa->spa_missing_tvds_allowed);
3385 spa_load_failed(spa, "unable to open vdev tree [error=%d]",
3388 if (spa->spa_missing_tvds != 0 || error != 0)
3389 vdev_dbgmsg_print_tree(spa->spa_root_vdev, 2);
3395 * We need to validate the vdev labels against the configuration that
3396 * we have in hand. This function is called twice: first with an untrusted
3397 * config, then with a trusted config. The validation is more strict when the
3398 * config is trusted.
3401 spa_ld_validate_vdevs(spa_t *spa)
3404 vdev_t *rvd = spa->spa_root_vdev;
3406 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
3407 error = vdev_validate(rvd);
3408 spa_config_exit(spa, SCL_ALL, FTAG);
3411 spa_load_failed(spa, "vdev_validate failed [error=%d]", error);
3415 if (rvd->vdev_state <= VDEV_STATE_CANT_OPEN) {
3416 spa_load_failed(spa, "cannot open vdev tree after invalidating "
3418 vdev_dbgmsg_print_tree(rvd, 2);
3419 return (SET_ERROR(ENXIO));
3426 spa_ld_select_uberblock_done(spa_t *spa, uberblock_t *ub)
3428 spa->spa_state = POOL_STATE_ACTIVE;
3429 spa->spa_ubsync = spa->spa_uberblock;
3430 spa->spa_verify_min_txg = spa->spa_extreme_rewind ?
3431 TXG_INITIAL - 1 : spa_last_synced_txg(spa) - TXG_DEFER_SIZE - 1;
3432 spa->spa_first_txg = spa->spa_last_ubsync_txg ?
3433 spa->spa_last_ubsync_txg : spa_last_synced_txg(spa) + 1;
3434 spa->spa_claim_max_txg = spa->spa_first_txg;
3435 spa->spa_prev_software_version = ub->ub_software_version;
3439 spa_ld_select_uberblock(spa_t *spa, spa_import_type_t type)
3441 vdev_t *rvd = spa->spa_root_vdev;
3443 uberblock_t *ub = &spa->spa_uberblock;
3444 boolean_t activity_check = B_FALSE;
3447 * If we are opening the checkpointed state of the pool by
3448 * rewinding to it, at this point we will have written the
3449 * checkpointed uberblock to the vdev labels, so searching
3450 * the labels will find the right uberblock. However, if
3451 * we are opening the checkpointed state read-only, we have
3452 * not modified the labels. Therefore, we must ignore the
3453 * labels and continue using the spa_uberblock that was set
3454 * by spa_ld_checkpoint_rewind.
3456 * Note that it would be fine to ignore the labels when
3457 * rewinding (opening writeable) as well. However, if we
3458 * crash just after writing the labels, we will end up
3459 * searching the labels. Doing so in the common case means
3460 * that this code path gets exercised normally, rather than
3461 * just in the edge case.
3463 if (ub->ub_checkpoint_txg != 0 &&
3464 spa_importing_readonly_checkpoint(spa)) {
3465 spa_ld_select_uberblock_done(spa, ub);
3470 * Find the best uberblock.
3472 vdev_uberblock_load(rvd, ub, &label);
3475 * If we weren't able to find a single valid uberblock, return failure.
3477 if (ub->ub_txg == 0) {
3479 spa_load_failed(spa, "no valid uberblock found");
3480 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, ENXIO));
3483 if (spa->spa_load_max_txg != UINT64_MAX) {
3484 (void) spa_import_progress_set_max_txg(spa_guid(spa),
3485 (u_longlong_t)spa->spa_load_max_txg);
3487 spa_load_note(spa, "using uberblock with txg=%llu",
3488 (u_longlong_t)ub->ub_txg);
3492 * For pools which have the multihost property on determine if the
3493 * pool is truly inactive and can be safely imported. Prevent
3494 * hosts which don't have a hostid set from importing the pool.
3496 activity_check = spa_activity_check_required(spa, ub, label,
3498 if (activity_check) {
3499 if (ub->ub_mmp_magic == MMP_MAGIC && ub->ub_mmp_delay &&
3500 spa_get_hostid(spa) == 0) {
3502 fnvlist_add_uint64(spa->spa_load_info,
3503 ZPOOL_CONFIG_MMP_STATE, MMP_STATE_NO_HOSTID);
3504 return (spa_vdev_err(rvd, VDEV_AUX_ACTIVE, EREMOTEIO));
3507 int error = spa_activity_check(spa, ub, spa->spa_config);
3513 fnvlist_add_uint64(spa->spa_load_info,
3514 ZPOOL_CONFIG_MMP_STATE, MMP_STATE_INACTIVE);
3515 fnvlist_add_uint64(spa->spa_load_info,
3516 ZPOOL_CONFIG_MMP_TXG, ub->ub_txg);
3517 fnvlist_add_uint16(spa->spa_load_info,
3518 ZPOOL_CONFIG_MMP_SEQ,
3519 (MMP_SEQ_VALID(ub) ? MMP_SEQ(ub) : 0));
3523 * If the pool has an unsupported version we can't open it.
3525 if (!SPA_VERSION_IS_SUPPORTED(ub->ub_version)) {
3527 spa_load_failed(spa, "version %llu is not supported",
3528 (u_longlong_t)ub->ub_version);
3529 return (spa_vdev_err(rvd, VDEV_AUX_VERSION_NEWER, ENOTSUP));
3532 if (ub->ub_version >= SPA_VERSION_FEATURES) {
3536 * If we weren't able to find what's necessary for reading the
3537 * MOS in the label, return failure.
3539 if (label == NULL) {
3540 spa_load_failed(spa, "label config unavailable");
3541 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
3545 if (nvlist_lookup_nvlist(label, ZPOOL_CONFIG_FEATURES_FOR_READ,
3548 spa_load_failed(spa, "invalid label: '%s' missing",
3549 ZPOOL_CONFIG_FEATURES_FOR_READ);
3550 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
3555 * Update our in-core representation with the definitive values
3558 nvlist_free(spa->spa_label_features);
3559 VERIFY(nvlist_dup(features, &spa->spa_label_features, 0) == 0);
3565 * Look through entries in the label nvlist's features_for_read. If
3566 * there is a feature listed there which we don't understand then we
3567 * cannot open a pool.
3569 if (ub->ub_version >= SPA_VERSION_FEATURES) {
3570 nvlist_t *unsup_feat;
3572 VERIFY(nvlist_alloc(&unsup_feat, NV_UNIQUE_NAME, KM_SLEEP) ==
3575 for (nvpair_t *nvp = nvlist_next_nvpair(spa->spa_label_features,
3577 nvp = nvlist_next_nvpair(spa->spa_label_features, nvp)) {
3578 if (!zfeature_is_supported(nvpair_name(nvp))) {
3579 VERIFY(nvlist_add_string(unsup_feat,
3580 nvpair_name(nvp), "") == 0);
3584 if (!nvlist_empty(unsup_feat)) {
3585 VERIFY(nvlist_add_nvlist(spa->spa_load_info,
3586 ZPOOL_CONFIG_UNSUP_FEAT, unsup_feat) == 0);
3587 nvlist_free(unsup_feat);
3588 spa_load_failed(spa, "some features are unsupported");
3589 return (spa_vdev_err(rvd, VDEV_AUX_UNSUP_FEAT,
3593 nvlist_free(unsup_feat);
3596 if (type != SPA_IMPORT_ASSEMBLE && spa->spa_config_splitting) {
3597 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
3598 spa_try_repair(spa, spa->spa_config);
3599 spa_config_exit(spa, SCL_ALL, FTAG);
3600 nvlist_free(spa->spa_config_splitting);
3601 spa->spa_config_splitting = NULL;
3605 * Initialize internal SPA structures.
3607 spa_ld_select_uberblock_done(spa, ub);
3613 spa_ld_open_rootbp(spa_t *spa)
3616 vdev_t *rvd = spa->spa_root_vdev;
3618 error = dsl_pool_init(spa, spa->spa_first_txg, &spa->spa_dsl_pool);
3620 spa_load_failed(spa, "unable to open rootbp in dsl_pool_init "
3621 "[error=%d]", error);
3622 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3624 spa->spa_meta_objset = spa->spa_dsl_pool->dp_meta_objset;
3630 spa_ld_trusted_config(spa_t *spa, spa_import_type_t type,
3631 boolean_t reloading)
3633 vdev_t *mrvd, *rvd = spa->spa_root_vdev;
3634 nvlist_t *nv, *mos_config, *policy;
3635 int error = 0, copy_error;
3636 uint64_t healthy_tvds, healthy_tvds_mos;
3637 uint64_t mos_config_txg;
3639 if (spa_dir_prop(spa, DMU_POOL_CONFIG, &spa->spa_config_object, B_TRUE)
3641 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3644 * If we're assembling a pool from a split, the config provided is
3645 * already trusted so there is nothing to do.
3647 if (type == SPA_IMPORT_ASSEMBLE)
3650 healthy_tvds = spa_healthy_core_tvds(spa);
3652 if (load_nvlist(spa, spa->spa_config_object, &mos_config)
3654 spa_load_failed(spa, "unable to retrieve MOS config");
3655 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3659 * If we are doing an open, pool owner wasn't verified yet, thus do
3660 * the verification here.
3662 if (spa->spa_load_state == SPA_LOAD_OPEN) {
3663 error = spa_verify_host(spa, mos_config);
3665 nvlist_free(mos_config);
3670 nv = fnvlist_lookup_nvlist(mos_config, ZPOOL_CONFIG_VDEV_TREE);
3672 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
3675 * Build a new vdev tree from the trusted config
3677 VERIFY(spa_config_parse(spa, &mrvd, nv, NULL, 0, VDEV_ALLOC_LOAD) == 0);
3680 * Vdev paths in the MOS may be obsolete. If the untrusted config was
3681 * obtained by scanning /dev/dsk, then it will have the right vdev
3682 * paths. We update the trusted MOS config with this information.
3683 * We first try to copy the paths with vdev_copy_path_strict, which
3684 * succeeds only when both configs have exactly the same vdev tree.
3685 * If that fails, we fall back to a more flexible method that has a
3686 * best effort policy.
3688 copy_error = vdev_copy_path_strict(rvd, mrvd);
3689 if (copy_error != 0 || spa_load_print_vdev_tree) {
3690 spa_load_note(spa, "provided vdev tree:");
3691 vdev_dbgmsg_print_tree(rvd, 2);
3692 spa_load_note(spa, "MOS vdev tree:");
3693 vdev_dbgmsg_print_tree(mrvd, 2);
3695 if (copy_error != 0) {
3696 spa_load_note(spa, "vdev_copy_path_strict failed, falling "
3697 "back to vdev_copy_path_relaxed");
3698 vdev_copy_path_relaxed(rvd, mrvd);
3703 spa->spa_root_vdev = mrvd;
3705 spa_config_exit(spa, SCL_ALL, FTAG);
3708 * We will use spa_config if we decide to reload the spa or if spa_load
3709 * fails and we rewind. We must thus regenerate the config using the
3710 * MOS information with the updated paths. ZPOOL_LOAD_POLICY is used to
3711 * pass settings on how to load the pool and is not stored in the MOS.
3712 * We copy it over to our new, trusted config.
3714 mos_config_txg = fnvlist_lookup_uint64(mos_config,
3715 ZPOOL_CONFIG_POOL_TXG);
3716 nvlist_free(mos_config);
3717 mos_config = spa_config_generate(spa, NULL, mos_config_txg, B_FALSE);
3718 if (nvlist_lookup_nvlist(spa->spa_config, ZPOOL_LOAD_POLICY,
3720 fnvlist_add_nvlist(mos_config, ZPOOL_LOAD_POLICY, policy);
3721 spa_config_set(spa, mos_config);
3722 spa->spa_config_source = SPA_CONFIG_SRC_MOS;
3725 * Now that we got the config from the MOS, we should be more strict
3726 * in checking blkptrs and can make assumptions about the consistency
3727 * of the vdev tree. spa_trust_config must be set to true before opening
3728 * vdevs in order for them to be writeable.
3730 spa->spa_trust_config = B_TRUE;
3733 * Open and validate the new vdev tree
3735 error = spa_ld_open_vdevs(spa);
3739 error = spa_ld_validate_vdevs(spa);
3743 if (copy_error != 0 || spa_load_print_vdev_tree) {
3744 spa_load_note(spa, "final vdev tree:");
3745 vdev_dbgmsg_print_tree(rvd, 2);
3748 if (spa->spa_load_state != SPA_LOAD_TRYIMPORT &&
3749 !spa->spa_extreme_rewind && zfs_max_missing_tvds == 0) {
3751 * Sanity check to make sure that we are indeed loading the
3752 * latest uberblock. If we missed SPA_SYNC_MIN_VDEVS tvds
3753 * in the config provided and they happened to be the only ones
3754 * to have the latest uberblock, we could involuntarily perform
3755 * an extreme rewind.
3757 healthy_tvds_mos = spa_healthy_core_tvds(spa);
3758 if (healthy_tvds_mos - healthy_tvds >=
3759 SPA_SYNC_MIN_VDEVS) {
3760 spa_load_note(spa, "config provided misses too many "
3761 "top-level vdevs compared to MOS (%lld vs %lld). ",
3762 (u_longlong_t)healthy_tvds,
3763 (u_longlong_t)healthy_tvds_mos);
3764 spa_load_note(spa, "vdev tree:");
3765 vdev_dbgmsg_print_tree(rvd, 2);
3767 spa_load_failed(spa, "config was already "
3768 "provided from MOS. Aborting.");
3769 return (spa_vdev_err(rvd,
3770 VDEV_AUX_CORRUPT_DATA, EIO));
3772 spa_load_note(spa, "spa must be reloaded using MOS "
3774 return (SET_ERROR(EAGAIN));
3778 error = spa_check_for_missing_logs(spa);
3780 return (spa_vdev_err(rvd, VDEV_AUX_BAD_GUID_SUM, ENXIO));
3782 if (rvd->vdev_guid_sum != spa->spa_uberblock.ub_guid_sum) {
3783 spa_load_failed(spa, "uberblock guid sum doesn't match MOS "
3784 "guid sum (%llu != %llu)",
3785 (u_longlong_t)spa->spa_uberblock.ub_guid_sum,
3786 (u_longlong_t)rvd->vdev_guid_sum);
3787 return (spa_vdev_err(rvd, VDEV_AUX_BAD_GUID_SUM,
3795 spa_ld_open_indirect_vdev_metadata(spa_t *spa)
3798 vdev_t *rvd = spa->spa_root_vdev;
3801 * Everything that we read before spa_remove_init() must be stored
3802 * on concreted vdevs. Therefore we do this as early as possible.
3804 error = spa_remove_init(spa);
3806 spa_load_failed(spa, "spa_remove_init failed [error=%d]",
3808 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3812 * Retrieve information needed to condense indirect vdev mappings.
3814 error = spa_condense_init(spa);
3816 spa_load_failed(spa, "spa_condense_init failed [error=%d]",
3818 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, error));
3825 spa_ld_check_features(spa_t *spa, boolean_t *missing_feat_writep)
3828 vdev_t *rvd = spa->spa_root_vdev;
3830 if (spa_version(spa) >= SPA_VERSION_FEATURES) {
3831 boolean_t missing_feat_read = B_FALSE;
3832 nvlist_t *unsup_feat, *enabled_feat;
3834 if (spa_dir_prop(spa, DMU_POOL_FEATURES_FOR_READ,
3835 &spa->spa_feat_for_read_obj, B_TRUE) != 0) {
3836 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3839 if (spa_dir_prop(spa, DMU_POOL_FEATURES_FOR_WRITE,
3840 &spa->spa_feat_for_write_obj, B_TRUE) != 0) {
3841 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3844 if (spa_dir_prop(spa, DMU_POOL_FEATURE_DESCRIPTIONS,
3845 &spa->spa_feat_desc_obj, B_TRUE) != 0) {
3846 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3849 enabled_feat = fnvlist_alloc();
3850 unsup_feat = fnvlist_alloc();
3852 if (!spa_features_check(spa, B_FALSE,
3853 unsup_feat, enabled_feat))
3854 missing_feat_read = B_TRUE;
3856 if (spa_writeable(spa) ||
3857 spa->spa_load_state == SPA_LOAD_TRYIMPORT) {
3858 if (!spa_features_check(spa, B_TRUE,
3859 unsup_feat, enabled_feat)) {
3860 *missing_feat_writep = B_TRUE;
3864 fnvlist_add_nvlist(spa->spa_load_info,
3865 ZPOOL_CONFIG_ENABLED_FEAT, enabled_feat);
3867 if (!nvlist_empty(unsup_feat)) {
3868 fnvlist_add_nvlist(spa->spa_load_info,
3869 ZPOOL_CONFIG_UNSUP_FEAT, unsup_feat);
3872 fnvlist_free(enabled_feat);
3873 fnvlist_free(unsup_feat);
3875 if (!missing_feat_read) {
3876 fnvlist_add_boolean(spa->spa_load_info,
3877 ZPOOL_CONFIG_CAN_RDONLY);
3881 * If the state is SPA_LOAD_TRYIMPORT, our objective is
3882 * twofold: to determine whether the pool is available for
3883 * import in read-write mode and (if it is not) whether the
3884 * pool is available for import in read-only mode. If the pool
3885 * is available for import in read-write mode, it is displayed
3886 * as available in userland; if it is not available for import
3887 * in read-only mode, it is displayed as unavailable in
3888 * userland. If the pool is available for import in read-only
3889 * mode but not read-write mode, it is displayed as unavailable
3890 * in userland with a special note that the pool is actually
3891 * available for open in read-only mode.
3893 * As a result, if the state is SPA_LOAD_TRYIMPORT and we are
3894 * missing a feature for write, we must first determine whether
3895 * the pool can be opened read-only before returning to
3896 * userland in order to know whether to display the
3897 * abovementioned note.
3899 if (missing_feat_read || (*missing_feat_writep &&
3900 spa_writeable(spa))) {
3901 spa_load_failed(spa, "pool uses unsupported features");
3902 return (spa_vdev_err(rvd, VDEV_AUX_UNSUP_FEAT,
3907 * Load refcounts for ZFS features from disk into an in-memory
3908 * cache during SPA initialization.
3910 for (spa_feature_t i = 0; i < SPA_FEATURES; i++) {
3913 error = feature_get_refcount_from_disk(spa,
3914 &spa_feature_table[i], &refcount);
3916 spa->spa_feat_refcount_cache[i] = refcount;
3917 } else if (error == ENOTSUP) {
3918 spa->spa_feat_refcount_cache[i] =
3919 SPA_FEATURE_DISABLED;
3921 spa_load_failed(spa, "error getting refcount "
3922 "for feature %s [error=%d]",
3923 spa_feature_table[i].fi_guid, error);
3924 return (spa_vdev_err(rvd,
3925 VDEV_AUX_CORRUPT_DATA, EIO));
3930 if (spa_feature_is_active(spa, SPA_FEATURE_ENABLED_TXG)) {
3931 if (spa_dir_prop(spa, DMU_POOL_FEATURE_ENABLED_TXG,
3932 &spa->spa_feat_enabled_txg_obj, B_TRUE) != 0)
3933 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3937 * Encryption was added before bookmark_v2, even though bookmark_v2
3938 * is now a dependency. If this pool has encryption enabled without
3939 * bookmark_v2, trigger an errata message.
3941 if (spa_feature_is_enabled(spa, SPA_FEATURE_ENCRYPTION) &&
3942 !spa_feature_is_enabled(spa, SPA_FEATURE_BOOKMARK_V2)) {
3943 spa->spa_errata = ZPOOL_ERRATA_ZOL_8308_ENCRYPTION;
3950 spa_ld_load_special_directories(spa_t *spa)
3953 vdev_t *rvd = spa->spa_root_vdev;
3955 spa->spa_is_initializing = B_TRUE;
3956 error = dsl_pool_open(spa->spa_dsl_pool);
3957 spa->spa_is_initializing = B_FALSE;
3959 spa_load_failed(spa, "dsl_pool_open failed [error=%d]", error);
3960 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3967 spa_ld_get_props(spa_t *spa)
3971 vdev_t *rvd = spa->spa_root_vdev;
3973 /* Grab the checksum salt from the MOS. */
3974 error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
3975 DMU_POOL_CHECKSUM_SALT, 1,
3976 sizeof (spa->spa_cksum_salt.zcs_bytes),
3977 spa->spa_cksum_salt.zcs_bytes);
3978 if (error == ENOENT) {
3979 /* Generate a new salt for subsequent use */
3980 (void) random_get_pseudo_bytes(spa->spa_cksum_salt.zcs_bytes,
3981 sizeof (spa->spa_cksum_salt.zcs_bytes));
3982 } else if (error != 0) {
3983 spa_load_failed(spa, "unable to retrieve checksum salt from "
3984 "MOS [error=%d]", error);
3985 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3988 if (spa_dir_prop(spa, DMU_POOL_SYNC_BPOBJ, &obj, B_TRUE) != 0)
3989 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3990 error = bpobj_open(&spa->spa_deferred_bpobj, spa->spa_meta_objset, obj);
3992 spa_load_failed(spa, "error opening deferred-frees bpobj "
3993 "[error=%d]", error);
3994 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
3998 * Load the bit that tells us to use the new accounting function
3999 * (raid-z deflation). If we have an older pool, this will not
4002 error = spa_dir_prop(spa, DMU_POOL_DEFLATE, &spa->spa_deflate, B_FALSE);
4003 if (error != 0 && error != ENOENT)
4004 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4006 error = spa_dir_prop(spa, DMU_POOL_CREATION_VERSION,
4007 &spa->spa_creation_version, B_FALSE);
4008 if (error != 0 && error != ENOENT)
4009 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4012 * Load the persistent error log. If we have an older pool, this will
4015 error = spa_dir_prop(spa, DMU_POOL_ERRLOG_LAST, &spa->spa_errlog_last,
4017 if (error != 0 && error != ENOENT)
4018 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4020 error = spa_dir_prop(spa, DMU_POOL_ERRLOG_SCRUB,
4021 &spa->spa_errlog_scrub, B_FALSE);
4022 if (error != 0 && error != ENOENT)
4023 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4026 * Load the livelist deletion field. If a livelist is queued for
4027 * deletion, indicate that in the spa
4029 error = spa_dir_prop(spa, DMU_POOL_DELETED_CLONES,
4030 &spa->spa_livelists_to_delete, B_FALSE);
4031 if (error != 0 && error != ENOENT)
4032 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4035 * Load the history object. If we have an older pool, this
4036 * will not be present.
4038 error = spa_dir_prop(spa, DMU_POOL_HISTORY, &spa->spa_history, B_FALSE);
4039 if (error != 0 && error != ENOENT)
4040 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4043 * Load the per-vdev ZAP map. If we have an older pool, this will not
4044 * be present; in this case, defer its creation to a later time to
4045 * avoid dirtying the MOS this early / out of sync context. See
4046 * spa_sync_config_object.
4049 /* The sentinel is only available in the MOS config. */
4050 nvlist_t *mos_config;
4051 if (load_nvlist(spa, spa->spa_config_object, &mos_config) != 0) {
4052 spa_load_failed(spa, "unable to retrieve MOS config");
4053 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4056 error = spa_dir_prop(spa, DMU_POOL_VDEV_ZAP_MAP,
4057 &spa->spa_all_vdev_zaps, B_FALSE);
4059 if (error == ENOENT) {
4060 VERIFY(!nvlist_exists(mos_config,
4061 ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS));
4062 spa->spa_avz_action = AVZ_ACTION_INITIALIZE;
4063 ASSERT0(vdev_count_verify_zaps(spa->spa_root_vdev));
4064 } else if (error != 0) {
4065 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4066 } else if (!nvlist_exists(mos_config, ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS)) {
4068 * An older version of ZFS overwrote the sentinel value, so
4069 * we have orphaned per-vdev ZAPs in the MOS. Defer their
4070 * destruction to later; see spa_sync_config_object.
4072 spa->spa_avz_action = AVZ_ACTION_DESTROY;
4074 * We're assuming that no vdevs have had their ZAPs created
4075 * before this. Better be sure of it.
4077 ASSERT0(vdev_count_verify_zaps(spa->spa_root_vdev));
4079 nvlist_free(mos_config);
4081 spa->spa_delegation = zpool_prop_default_numeric(ZPOOL_PROP_DELEGATION);
4083 error = spa_dir_prop(spa, DMU_POOL_PROPS, &spa->spa_pool_props_object,
4085 if (error && error != ENOENT)
4086 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4089 uint64_t autoreplace;
4091 spa_prop_find(spa, ZPOOL_PROP_BOOTFS, &spa->spa_bootfs);
4092 spa_prop_find(spa, ZPOOL_PROP_AUTOREPLACE, &autoreplace);
4093 spa_prop_find(spa, ZPOOL_PROP_DELEGATION, &spa->spa_delegation);
4094 spa_prop_find(spa, ZPOOL_PROP_FAILUREMODE, &spa->spa_failmode);
4095 spa_prop_find(spa, ZPOOL_PROP_AUTOEXPAND, &spa->spa_autoexpand);
4096 spa_prop_find(spa, ZPOOL_PROP_MULTIHOST, &spa->spa_multihost);
4097 spa_prop_find(spa, ZPOOL_PROP_AUTOTRIM, &spa->spa_autotrim);
4098 spa->spa_autoreplace = (autoreplace != 0);
4102 * If we are importing a pool with missing top-level vdevs,
4103 * we enforce that the pool doesn't panic or get suspended on
4104 * error since the likelihood of missing data is extremely high.
4106 if (spa->spa_missing_tvds > 0 &&
4107 spa->spa_failmode != ZIO_FAILURE_MODE_CONTINUE &&
4108 spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
4109 spa_load_note(spa, "forcing failmode to 'continue' "
4110 "as some top level vdevs are missing");
4111 spa->spa_failmode = ZIO_FAILURE_MODE_CONTINUE;
4118 spa_ld_open_aux_vdevs(spa_t *spa, spa_import_type_t type)
4121 vdev_t *rvd = spa->spa_root_vdev;
4124 * If we're assembling the pool from the split-off vdevs of
4125 * an existing pool, we don't want to attach the spares & cache
4130 * Load any hot spares for this pool.
4132 error = spa_dir_prop(spa, DMU_POOL_SPARES, &spa->spa_spares.sav_object,
4134 if (error != 0 && error != ENOENT)
4135 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4136 if (error == 0 && type != SPA_IMPORT_ASSEMBLE) {
4137 ASSERT(spa_version(spa) >= SPA_VERSION_SPARES);
4138 if (load_nvlist(spa, spa->spa_spares.sav_object,
4139 &spa->spa_spares.sav_config) != 0) {
4140 spa_load_failed(spa, "error loading spares nvlist");
4141 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4144 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
4145 spa_load_spares(spa);
4146 spa_config_exit(spa, SCL_ALL, FTAG);
4147 } else if (error == 0) {
4148 spa->spa_spares.sav_sync = B_TRUE;
4152 * Load any level 2 ARC devices for this pool.
4154 error = spa_dir_prop(spa, DMU_POOL_L2CACHE,
4155 &spa->spa_l2cache.sav_object, B_FALSE);
4156 if (error != 0 && error != ENOENT)
4157 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4158 if (error == 0 && type != SPA_IMPORT_ASSEMBLE) {
4159 ASSERT(spa_version(spa) >= SPA_VERSION_L2CACHE);
4160 if (load_nvlist(spa, spa->spa_l2cache.sav_object,
4161 &spa->spa_l2cache.sav_config) != 0) {
4162 spa_load_failed(spa, "error loading l2cache nvlist");
4163 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4166 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
4167 spa_load_l2cache(spa);
4168 spa_config_exit(spa, SCL_ALL, FTAG);
4169 } else if (error == 0) {
4170 spa->spa_l2cache.sav_sync = B_TRUE;
4177 spa_ld_load_vdev_metadata(spa_t *spa)
4180 vdev_t *rvd = spa->spa_root_vdev;
4183 * If the 'multihost' property is set, then never allow a pool to
4184 * be imported when the system hostid is zero. The exception to
4185 * this rule is zdb which is always allowed to access pools.
4187 if (spa_multihost(spa) && spa_get_hostid(spa) == 0 &&
4188 (spa->spa_import_flags & ZFS_IMPORT_SKIP_MMP) == 0) {
4189 fnvlist_add_uint64(spa->spa_load_info,
4190 ZPOOL_CONFIG_MMP_STATE, MMP_STATE_NO_HOSTID);
4191 return (spa_vdev_err(rvd, VDEV_AUX_ACTIVE, EREMOTEIO));
4195 * If the 'autoreplace' property is set, then post a resource notifying
4196 * the ZFS DE that it should not issue any faults for unopenable
4197 * devices. We also iterate over the vdevs, and post a sysevent for any
4198 * unopenable vdevs so that the normal autoreplace handler can take
4201 if (spa->spa_autoreplace && spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
4202 spa_check_removed(spa->spa_root_vdev);
4204 * For the import case, this is done in spa_import(), because
4205 * at this point we're using the spare definitions from
4206 * the MOS config, not necessarily from the userland config.
4208 if (spa->spa_load_state != SPA_LOAD_IMPORT) {
4209 spa_aux_check_removed(&spa->spa_spares);
4210 spa_aux_check_removed(&spa->spa_l2cache);
4215 * Load the vdev metadata such as metaslabs, DTLs, spacemap object, etc.
4217 error = vdev_load(rvd);
4219 spa_load_failed(spa, "vdev_load failed [error=%d]", error);
4220 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, error));
4223 error = spa_ld_log_spacemaps(spa);
4225 spa_load_failed(spa, "spa_ld_log_sm_data failed [error=%d]",
4227 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, error));
4231 * Propagate the leaf DTLs we just loaded all the way up the vdev tree.
4233 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
4234 vdev_dtl_reassess(rvd, 0, 0, B_FALSE);
4235 spa_config_exit(spa, SCL_ALL, FTAG);
4241 spa_ld_load_dedup_tables(spa_t *spa)
4244 vdev_t *rvd = spa->spa_root_vdev;
4246 error = ddt_load(spa);
4248 spa_load_failed(spa, "ddt_load failed [error=%d]", error);
4249 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
4256 spa_ld_verify_logs(spa_t *spa, spa_import_type_t type, char **ereport)
4258 vdev_t *rvd = spa->spa_root_vdev;
4260 if (type != SPA_IMPORT_ASSEMBLE && spa_writeable(spa)) {
4261 boolean_t missing = spa_check_logs(spa);
4263 if (spa->spa_missing_tvds != 0) {
4264 spa_load_note(spa, "spa_check_logs failed "
4265 "so dropping the logs");
4267 *ereport = FM_EREPORT_ZFS_LOG_REPLAY;
4268 spa_load_failed(spa, "spa_check_logs failed");
4269 return (spa_vdev_err(rvd, VDEV_AUX_BAD_LOG,
4279 spa_ld_verify_pool_data(spa_t *spa)
4282 vdev_t *rvd = spa->spa_root_vdev;
4285 * We've successfully opened the pool, verify that we're ready
4286 * to start pushing transactions.
4288 if (spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
4289 error = spa_load_verify(spa);
4291 spa_load_failed(spa, "spa_load_verify failed "
4292 "[error=%d]", error);
4293 return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
4302 spa_ld_claim_log_blocks(spa_t *spa)
4305 dsl_pool_t *dp = spa_get_dsl(spa);
4308 * Claim log blocks that haven't been committed yet.
4309 * This must all happen in a single txg.
4310 * Note: spa_claim_max_txg is updated by spa_claim_notify(),
4311 * invoked from zil_claim_log_block()'s i/o done callback.
4312 * Price of rollback is that we abandon the log.
4314 spa->spa_claiming = B_TRUE;
4316 tx = dmu_tx_create_assigned(dp, spa_first_txg(spa));
4317 (void) dmu_objset_find_dp(dp, dp->dp_root_dir_obj,
4318 zil_claim, tx, DS_FIND_CHILDREN);
4321 spa->spa_claiming = B_FALSE;
4323 spa_set_log_state(spa, SPA_LOG_GOOD);
4327 spa_ld_check_for_config_update(spa_t *spa, uint64_t config_cache_txg,
4328 boolean_t update_config_cache)
4330 vdev_t *rvd = spa->spa_root_vdev;
4331 int need_update = B_FALSE;
4334 * If the config cache is stale, or we have uninitialized
4335 * metaslabs (see spa_vdev_add()), then update the config.
4337 * If this is a verbatim import, trust the current
4338 * in-core spa_config and update the disk labels.
4340 if (update_config_cache || config_cache_txg != spa->spa_config_txg ||
4341 spa->spa_load_state == SPA_LOAD_IMPORT ||
4342 spa->spa_load_state == SPA_LOAD_RECOVER ||
4343 (spa->spa_import_flags & ZFS_IMPORT_VERBATIM))
4344 need_update = B_TRUE;
4346 for (int c = 0; c < rvd->vdev_children; c++)
4347 if (rvd->vdev_child[c]->vdev_ms_array == 0)
4348 need_update = B_TRUE;
4351 * Update the config cache asynchronously in case we're the
4352 * root pool, in which case the config cache isn't writable yet.
4355 spa_async_request(spa, SPA_ASYNC_CONFIG_UPDATE);
4359 spa_ld_prepare_for_reload(spa_t *spa)
4361 spa_mode_t mode = spa->spa_mode;
4362 int async_suspended = spa->spa_async_suspended;
4365 spa_deactivate(spa);
4366 spa_activate(spa, mode);
4369 * We save the value of spa_async_suspended as it gets reset to 0 by
4370 * spa_unload(). We want to restore it back to the original value before
4371 * returning as we might be calling spa_async_resume() later.
4373 spa->spa_async_suspended = async_suspended;
4377 spa_ld_read_checkpoint_txg(spa_t *spa)
4379 uberblock_t checkpoint;
4382 ASSERT0(spa->spa_checkpoint_txg);
4383 ASSERT(MUTEX_HELD(&spa_namespace_lock));
4385 error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
4386 DMU_POOL_ZPOOL_CHECKPOINT, sizeof (uint64_t),
4387 sizeof (uberblock_t) / sizeof (uint64_t), &checkpoint);
4389 if (error == ENOENT)
4395 ASSERT3U(checkpoint.ub_txg, !=, 0);
4396 ASSERT3U(checkpoint.ub_checkpoint_txg, !=, 0);
4397 ASSERT3U(checkpoint.ub_timestamp, !=, 0);
4398 spa->spa_checkpoint_txg = checkpoint.ub_txg;
4399 spa->spa_checkpoint_info.sci_timestamp = checkpoint.ub_timestamp;
4405 spa_ld_mos_init(spa_t *spa, spa_import_type_t type)
4409 ASSERT(MUTEX_HELD(&spa_namespace_lock));
4410 ASSERT(spa->spa_config_source != SPA_CONFIG_SRC_NONE);
4413 * Never trust the config that is provided unless we are assembling
4414 * a pool following a split.
4415 * This means don't trust blkptrs and the vdev tree in general. This
4416 * also effectively puts the spa in read-only mode since
4417 * spa_writeable() checks for spa_trust_config to be true.
4418 * We will later load a trusted config from the MOS.
4420 if (type != SPA_IMPORT_ASSEMBLE)
4421 spa->spa_trust_config = B_FALSE;
4424 * Parse the config provided to create a vdev tree.
4426 error = spa_ld_parse_config(spa, type);
4430 spa_import_progress_add(spa);
4433 * Now that we have the vdev tree, try to open each vdev. This involves
4434 * opening the underlying physical device, retrieving its geometry and
4435 * probing the vdev with a dummy I/O. The state of each vdev will be set
4436 * based on the success of those operations. After this we'll be ready
4437 * to read from the vdevs.
4439 error = spa_ld_open_vdevs(spa);
4444 * Read the label of each vdev and make sure that the GUIDs stored
4445 * there match the GUIDs in the config provided.
4446 * If we're assembling a new pool that's been split off from an
4447 * existing pool, the labels haven't yet been updated so we skip
4448 * validation for now.
4450 if (type != SPA_IMPORT_ASSEMBLE) {
4451 error = spa_ld_validate_vdevs(spa);
4457 * Read all vdev labels to find the best uberblock (i.e. latest,
4458 * unless spa_load_max_txg is set) and store it in spa_uberblock. We
4459 * get the list of features required to read blkptrs in the MOS from
4460 * the vdev label with the best uberblock and verify that our version
4461 * of zfs supports them all.
4463 error = spa_ld_select_uberblock(spa, type);
4468 * Pass that uberblock to the dsl_pool layer which will open the root
4469 * blkptr. This blkptr points to the latest version of the MOS and will
4470 * allow us to read its contents.
4472 error = spa_ld_open_rootbp(spa);
4480 spa_ld_checkpoint_rewind(spa_t *spa)
4482 uberblock_t checkpoint;
4485 ASSERT(MUTEX_HELD(&spa_namespace_lock));
4486 ASSERT(spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
4488 error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
4489 DMU_POOL_ZPOOL_CHECKPOINT, sizeof (uint64_t),
4490 sizeof (uberblock_t) / sizeof (uint64_t), &checkpoint);
4493 spa_load_failed(spa, "unable to retrieve checkpointed "
4494 "uberblock from the MOS config [error=%d]", error);
4496 if (error == ENOENT)
4497 error = ZFS_ERR_NO_CHECKPOINT;
4502 ASSERT3U(checkpoint.ub_txg, <, spa->spa_uberblock.ub_txg);
4503 ASSERT3U(checkpoint.ub_txg, ==, checkpoint.ub_checkpoint_txg);
4506 * We need to update the txg and timestamp of the checkpointed
4507 * uberblock to be higher than the latest one. This ensures that
4508 * the checkpointed uberblock is selected if we were to close and
4509 * reopen the pool right after we've written it in the vdev labels.
4510 * (also see block comment in vdev_uberblock_compare)
4512 checkpoint.ub_txg = spa->spa_uberblock.ub_txg + 1;
4513 checkpoint.ub_timestamp = gethrestime_sec();
4516 * Set current uberblock to be the checkpointed uberblock.
4518 spa->spa_uberblock = checkpoint;
4521 * If we are doing a normal rewind, then the pool is open for
4522 * writing and we sync the "updated" checkpointed uberblock to
4523 * disk. Once this is done, we've basically rewound the whole
4524 * pool and there is no way back.
4526 * There are cases when we don't want to attempt and sync the
4527 * checkpointed uberblock to disk because we are opening a
4528 * pool as read-only. Specifically, verifying the checkpointed
4529 * state with zdb, and importing the checkpointed state to get
4530 * a "preview" of its content.
4532 if (spa_writeable(spa)) {
4533 vdev_t *rvd = spa->spa_root_vdev;
4535 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
4536 vdev_t *svd[SPA_SYNC_MIN_VDEVS] = { NULL };
4538 int children = rvd->vdev_children;
4539 int c0 = spa_get_random(children);
4541 for (int c = 0; c < children; c++) {
4542 vdev_t *vd = rvd->vdev_child[(c0 + c) % children];
4544 /* Stop when revisiting the first vdev */
4545 if (c > 0 && svd[0] == vd)
4548 if (vd->vdev_ms_array == 0 || vd->vdev_islog ||
4549 !vdev_is_concrete(vd))
4552 svd[svdcount++] = vd;
4553 if (svdcount == SPA_SYNC_MIN_VDEVS)
4556 error = vdev_config_sync(svd, svdcount, spa->spa_first_txg);
4558 spa->spa_last_synced_guid = rvd->vdev_guid;
4559 spa_config_exit(spa, SCL_ALL, FTAG);
4562 spa_load_failed(spa, "failed to write checkpointed "
4563 "uberblock to the vdev labels [error=%d]", error);
4572 spa_ld_mos_with_trusted_config(spa_t *spa, spa_import_type_t type,
4573 boolean_t *update_config_cache)
4578 * Parse the config for pool, open and validate vdevs,
4579 * select an uberblock, and use that uberblock to open
4582 error = spa_ld_mos_init(spa, type);
4587 * Retrieve the trusted config stored in the MOS and use it to create
4588 * a new, exact version of the vdev tree, then reopen all vdevs.
4590 error = spa_ld_trusted_config(spa, type, B_FALSE);
4591 if (error == EAGAIN) {
4592 if (update_config_cache != NULL)
4593 *update_config_cache = B_TRUE;
4596 * Redo the loading process with the trusted config if it is
4597 * too different from the untrusted config.
4599 spa_ld_prepare_for_reload(spa);
4600 spa_load_note(spa, "RELOADING");
4601 error = spa_ld_mos_init(spa, type);
4605 error = spa_ld_trusted_config(spa, type, B_TRUE);
4609 } else if (error != 0) {
4617 * Load an existing storage pool, using the config provided. This config
4618 * describes which vdevs are part of the pool and is later validated against
4619 * partial configs present in each vdev's label and an entire copy of the
4620 * config stored in the MOS.
4623 spa_load_impl(spa_t *spa, spa_import_type_t type, char **ereport)
4626 boolean_t missing_feat_write = B_FALSE;
4627 boolean_t checkpoint_rewind =
4628 (spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
4629 boolean_t update_config_cache = B_FALSE;
4631 ASSERT(MUTEX_HELD(&spa_namespace_lock));
4632 ASSERT(spa->spa_config_source != SPA_CONFIG_SRC_NONE);
4634 spa_load_note(spa, "LOADING");
4636 error = spa_ld_mos_with_trusted_config(spa, type, &update_config_cache);
4641 * If we are rewinding to the checkpoint then we need to repeat
4642 * everything we've done so far in this function but this time
4643 * selecting the checkpointed uberblock and using that to open
4646 if (checkpoint_rewind) {
4648 * If we are rewinding to the checkpoint update config cache
4651 update_config_cache = B_TRUE;
4654 * Extract the checkpointed uberblock from the current MOS
4655 * and use this as the pool's uberblock from now on. If the
4656 * pool is imported as writeable we also write the checkpoint
4657 * uberblock to the labels, making the rewind permanent.
4659 error = spa_ld_checkpoint_rewind(spa);
4664 * Redo the loading process again with the
4665 * checkpointed uberblock.
4667 spa_ld_prepare_for_reload(spa);
4668 spa_load_note(spa, "LOADING checkpointed uberblock");
4669 error = spa_ld_mos_with_trusted_config(spa, type, NULL);
4675 * Retrieve the checkpoint txg if the pool has a checkpoint.
4677 error = spa_ld_read_checkpoint_txg(spa);
4682 * Retrieve the mapping of indirect vdevs. Those vdevs were removed
4683 * from the pool and their contents were re-mapped to other vdevs. Note
4684 * that everything that we read before this step must have been
4685 * rewritten on concrete vdevs after the last device removal was
4686 * initiated. Otherwise we could be reading from indirect vdevs before
4687 * we have loaded their mappings.
4689 error = spa_ld_open_indirect_vdev_metadata(spa);
4694 * Retrieve the full list of active features from the MOS and check if
4695 * they are all supported.
4697 error = spa_ld_check_features(spa, &missing_feat_write);
4702 * Load several special directories from the MOS needed by the dsl_pool
4705 error = spa_ld_load_special_directories(spa);
4710 * Retrieve pool properties from the MOS.
4712 error = spa_ld_get_props(spa);
4717 * Retrieve the list of auxiliary devices - cache devices and spares -
4720 error = spa_ld_open_aux_vdevs(spa, type);
4725 * Load the metadata for all vdevs. Also check if unopenable devices
4726 * should be autoreplaced.
4728 error = spa_ld_load_vdev_metadata(spa);
4732 error = spa_ld_load_dedup_tables(spa);
4737 * Verify the logs now to make sure we don't have any unexpected errors
4738 * when we claim log blocks later.
4740 error = spa_ld_verify_logs(spa, type, ereport);
4744 if (missing_feat_write) {
4745 ASSERT(spa->spa_load_state == SPA_LOAD_TRYIMPORT);
4748 * At this point, we know that we can open the pool in
4749 * read-only mode but not read-write mode. We now have enough
4750 * information and can return to userland.
4752 return (spa_vdev_err(spa->spa_root_vdev, VDEV_AUX_UNSUP_FEAT,
4757 * Traverse the last txgs to make sure the pool was left off in a safe
4758 * state. When performing an extreme rewind, we verify the whole pool,
4759 * which can take a very long time.
4761 error = spa_ld_verify_pool_data(spa);
4766 * Calculate the deflated space for the pool. This must be done before
4767 * we write anything to the pool because we'd need to update the space
4768 * accounting using the deflated sizes.
4770 spa_update_dspace(spa);
4773 * We have now retrieved all the information we needed to open the
4774 * pool. If we are importing the pool in read-write mode, a few
4775 * additional steps must be performed to finish the import.
4777 if (spa_writeable(spa) && (spa->spa_load_state == SPA_LOAD_RECOVER ||
4778 spa->spa_load_max_txg == UINT64_MAX)) {
4779 uint64_t config_cache_txg = spa->spa_config_txg;
4781 ASSERT(spa->spa_load_state != SPA_LOAD_TRYIMPORT);
4784 * In case of a checkpoint rewind, log the original txg
4785 * of the checkpointed uberblock.
4787 if (checkpoint_rewind) {
4788 spa_history_log_internal(spa, "checkpoint rewind",
4789 NULL, "rewound state to txg=%llu",
4790 (u_longlong_t)spa->spa_uberblock.ub_checkpoint_txg);
4794 * Traverse the ZIL and claim all blocks.
4796 spa_ld_claim_log_blocks(spa);
4799 * Kick-off the syncing thread.
4801 spa->spa_sync_on = B_TRUE;
4802 txg_sync_start(spa->spa_dsl_pool);
4803 mmp_thread_start(spa);
4806 * Wait for all claims to sync. We sync up to the highest
4807 * claimed log block birth time so that claimed log blocks
4808 * don't appear to be from the future. spa_claim_max_txg
4809 * will have been set for us by ZIL traversal operations
4812 txg_wait_synced(spa->spa_dsl_pool, spa->spa_claim_max_txg);
4815 * Check if we need to request an update of the config. On the
4816 * next sync, we would update the config stored in vdev labels
4817 * and the cachefile (by default /etc/zfs/zpool.cache).
4819 spa_ld_check_for_config_update(spa, config_cache_txg,
4820 update_config_cache);
4823 * Check all DTLs to see if anything needs resilvering.
4825 if (!dsl_scan_resilvering(spa->spa_dsl_pool) &&
4826 vdev_resilver_needed(spa->spa_root_vdev, NULL, NULL))
4827 spa_async_request(spa, SPA_ASYNC_RESILVER);
4830 * Log the fact that we booted up (so that we can detect if
4831 * we rebooted in the middle of an operation).
4833 spa_history_log_version(spa, "open", NULL);
4835 spa_restart_removal(spa);
4836 spa_spawn_aux_threads(spa);
4839 * Delete any inconsistent datasets.
4842 * Since we may be issuing deletes for clones here,
4843 * we make sure to do so after we've spawned all the
4844 * auxiliary threads above (from which the livelist
4845 * deletion zthr is part of).
4847 (void) dmu_objset_find(spa_name(spa),
4848 dsl_destroy_inconsistent, NULL, DS_FIND_CHILDREN);
4851 * Clean up any stale temporary dataset userrefs.
4853 dsl_pool_clean_tmp_userrefs(spa->spa_dsl_pool);
4855 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
4856 vdev_initialize_restart(spa->spa_root_vdev);
4857 vdev_trim_restart(spa->spa_root_vdev);
4858 vdev_autotrim_restart(spa);
4859 spa_config_exit(spa, SCL_CONFIG, FTAG);
4862 spa_import_progress_remove(spa_guid(spa));
4863 spa_async_request(spa, SPA_ASYNC_L2CACHE_REBUILD);
4865 spa_load_note(spa, "LOADED");
4871 spa_load_retry(spa_t *spa, spa_load_state_t state)
4873 spa_mode_t mode = spa->spa_mode;
4876 spa_deactivate(spa);
4878 spa->spa_load_max_txg = spa->spa_uberblock.ub_txg - 1;
4880 spa_activate(spa, mode);
4881 spa_async_suspend(spa);
4883 spa_load_note(spa, "spa_load_retry: rewind, max txg: %llu",
4884 (u_longlong_t)spa->spa_load_max_txg);
4886 return (spa_load(spa, state, SPA_IMPORT_EXISTING));
4890 * If spa_load() fails this function will try loading prior txg's. If
4891 * 'state' is SPA_LOAD_RECOVER and one of these loads succeeds the pool
4892 * will be rewound to that txg. If 'state' is not SPA_LOAD_RECOVER this
4893 * function will not rewind the pool and will return the same error as
4897 spa_load_best(spa_t *spa, spa_load_state_t state, uint64_t max_request,
4900 nvlist_t *loadinfo = NULL;
4901 nvlist_t *config = NULL;
4902 int load_error, rewind_error;
4903 uint64_t safe_rewind_txg;
4906 if (spa->spa_load_txg && state == SPA_LOAD_RECOVER) {
4907 spa->spa_load_max_txg = spa->spa_load_txg;
4908 spa_set_log_state(spa, SPA_LOG_CLEAR);
4910 spa->spa_load_max_txg = max_request;
4911 if (max_request != UINT64_MAX)
4912 spa->spa_extreme_rewind = B_TRUE;
4915 load_error = rewind_error = spa_load(spa, state, SPA_IMPORT_EXISTING);
4916 if (load_error == 0)
4918 if (load_error == ZFS_ERR_NO_CHECKPOINT) {
4920 * When attempting checkpoint-rewind on a pool with no
4921 * checkpoint, we should not attempt to load uberblocks
4922 * from previous txgs when spa_load fails.
4924 ASSERT(spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
4925 spa_import_progress_remove(spa_guid(spa));
4926 return (load_error);
4929 if (spa->spa_root_vdev != NULL)
4930 config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
4932 spa->spa_last_ubsync_txg = spa->spa_uberblock.ub_txg;
4933 spa->spa_last_ubsync_txg_ts = spa->spa_uberblock.ub_timestamp;
4935 if (rewind_flags & ZPOOL_NEVER_REWIND) {
4936 nvlist_free(config);
4937 spa_import_progress_remove(spa_guid(spa));
4938 return (load_error);
4941 if (state == SPA_LOAD_RECOVER) {
4942 /* Price of rolling back is discarding txgs, including log */
4943 spa_set_log_state(spa, SPA_LOG_CLEAR);
4946 * If we aren't rolling back save the load info from our first
4947 * import attempt so that we can restore it after attempting
4950 loadinfo = spa->spa_load_info;
4951 spa->spa_load_info = fnvlist_alloc();
4954 spa->spa_load_max_txg = spa->spa_last_ubsync_txg;
4955 safe_rewind_txg = spa->spa_last_ubsync_txg - TXG_DEFER_SIZE;
4956 min_txg = (rewind_flags & ZPOOL_EXTREME_REWIND) ?
4957 TXG_INITIAL : safe_rewind_txg;
4960 * Continue as long as we're finding errors, we're still within
4961 * the acceptable rewind range, and we're still finding uberblocks
4963 while (rewind_error && spa->spa_uberblock.ub_txg >= min_txg &&
4964 spa->spa_uberblock.ub_txg <= spa->spa_load_max_txg) {
4965 if (spa->spa_load_max_txg < safe_rewind_txg)
4966 spa->spa_extreme_rewind = B_TRUE;
4967 rewind_error = spa_load_retry(spa, state);
4970 spa->spa_extreme_rewind = B_FALSE;
4971 spa->spa_load_max_txg = UINT64_MAX;
4973 if (config && (rewind_error || state != SPA_LOAD_RECOVER))
4974 spa_config_set(spa, config);
4976 nvlist_free(config);
4978 if (state == SPA_LOAD_RECOVER) {
4979 ASSERT3P(loadinfo, ==, NULL);
4980 spa_import_progress_remove(spa_guid(spa));
4981 return (rewind_error);
4983 /* Store the rewind info as part of the initial load info */
4984 fnvlist_add_nvlist(loadinfo, ZPOOL_CONFIG_REWIND_INFO,
4985 spa->spa_load_info);
4987 /* Restore the initial load info */
4988 fnvlist_free(spa->spa_load_info);
4989 spa->spa_load_info = loadinfo;
4991 spa_import_progress_remove(spa_guid(spa));
4992 return (load_error);
4999 * The import case is identical to an open except that the configuration is sent
5000 * down from userland, instead of grabbed from the configuration cache. For the
5001 * case of an open, the pool configuration will exist in the
5002 * POOL_STATE_UNINITIALIZED state.
5004 * The stats information (gen/count/ustats) is used to gather vdev statistics at
5005 * the same time open the pool, without having to keep around the spa_t in some
5009 spa_open_common(const char *pool, spa_t **spapp, void *tag, nvlist_t *nvpolicy,
5013 spa_load_state_t state = SPA_LOAD_OPEN;
5015 int locked = B_FALSE;
5016 int firstopen = B_FALSE;
5021 * As disgusting as this is, we need to support recursive calls to this
5022 * function because dsl_dir_open() is called during spa_load(), and ends
5023 * up calling spa_open() again. The real fix is to figure out how to
5024 * avoid dsl_dir_open() calling this in the first place.
5026 if (MUTEX_NOT_HELD(&spa_namespace_lock)) {
5027 mutex_enter(&spa_namespace_lock);
5031 if ((spa = spa_lookup(pool)) == NULL) {
5033 mutex_exit(&spa_namespace_lock);
5034 return (SET_ERROR(ENOENT));
5037 if (spa->spa_state == POOL_STATE_UNINITIALIZED) {
5038 zpool_load_policy_t policy;
5042 zpool_get_load_policy(nvpolicy ? nvpolicy : spa->spa_config,
5044 if (policy.zlp_rewind & ZPOOL_DO_REWIND)
5045 state = SPA_LOAD_RECOVER;
5047 spa_activate(spa, spa_mode_global);
5049 if (state != SPA_LOAD_RECOVER)
5050 spa->spa_last_ubsync_txg = spa->spa_load_txg = 0;
5051 spa->spa_config_source = SPA_CONFIG_SRC_CACHEFILE;
5053 zfs_dbgmsg("spa_open_common: opening %s", pool);
5054 error = spa_load_best(spa, state, policy.zlp_txg,
5057 if (error == EBADF) {
5059 * If vdev_validate() returns failure (indicated by
5060 * EBADF), it indicates that one of the vdevs indicates
5061 * that the pool has been exported or destroyed. If
5062 * this is the case, the config cache is out of sync and
5063 * we should remove the pool from the namespace.
5066 spa_deactivate(spa);
5067 spa_write_cachefile(spa, B_TRUE, B_TRUE);
5070 mutex_exit(&spa_namespace_lock);
5071 return (SET_ERROR(ENOENT));
5076 * We can't open the pool, but we still have useful
5077 * information: the state of each vdev after the
5078 * attempted vdev_open(). Return this to the user.
5080 if (config != NULL && spa->spa_config) {
5081 VERIFY(nvlist_dup(spa->spa_config, config,
5083 VERIFY(nvlist_add_nvlist(*config,
5084 ZPOOL_CONFIG_LOAD_INFO,
5085 spa->spa_load_info) == 0);
5088 spa_deactivate(spa);
5089 spa->spa_last_open_failed = error;
5091 mutex_exit(&spa_namespace_lock);
5097 spa_open_ref(spa, tag);
5100 *config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
5103 * If we've recovered the pool, pass back any information we
5104 * gathered while doing the load.
5106 if (state == SPA_LOAD_RECOVER) {
5107 VERIFY(nvlist_add_nvlist(*config, ZPOOL_CONFIG_LOAD_INFO,
5108 spa->spa_load_info) == 0);
5112 spa->spa_last_open_failed = 0;
5113 spa->spa_last_ubsync_txg = 0;
5114 spa->spa_load_txg = 0;
5115 mutex_exit(&spa_namespace_lock);
5119 zvol_create_minors_recursive(spa_name(spa));
5127 spa_open_rewind(const char *name, spa_t **spapp, void *tag, nvlist_t *policy,
5130 return (spa_open_common(name, spapp, tag, policy, config));
5134 spa_open(const char *name, spa_t **spapp, void *tag)
5136 return (spa_open_common(name, spapp, tag, NULL, NULL));
5140 * Lookup the given spa_t, incrementing the inject count in the process,
5141 * preventing it from being exported or destroyed.
5144 spa_inject_addref(char *name)
5148 mutex_enter(&spa_namespace_lock);
5149 if ((spa = spa_lookup(name)) == NULL) {
5150 mutex_exit(&spa_namespace_lock);
5153 spa->spa_inject_ref++;
5154 mutex_exit(&spa_namespace_lock);
5160 spa_inject_delref(spa_t *spa)
5162 mutex_enter(&spa_namespace_lock);
5163 spa->spa_inject_ref--;
5164 mutex_exit(&spa_namespace_lock);
5168 * Add spares device information to the nvlist.
5171 spa_add_spares(spa_t *spa, nvlist_t *config)
5181 ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
5183 if (spa->spa_spares.sav_count == 0)
5186 VERIFY(nvlist_lookup_nvlist(config,
5187 ZPOOL_CONFIG_VDEV_TREE, &nvroot) == 0);
5188 VERIFY(nvlist_lookup_nvlist_array(spa->spa_spares.sav_config,
5189 ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
5191 VERIFY(nvlist_add_nvlist_array(nvroot,
5192 ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
5193 VERIFY(nvlist_lookup_nvlist_array(nvroot,
5194 ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
5197 * Go through and find any spares which have since been
5198 * repurposed as an active spare. If this is the case, update
5199 * their status appropriately.
5201 for (i = 0; i < nspares; i++) {
5202 VERIFY(nvlist_lookup_uint64(spares[i],
5203 ZPOOL_CONFIG_GUID, &guid) == 0);
5204 if (spa_spare_exists(guid, &pool, NULL) &&
5206 VERIFY(nvlist_lookup_uint64_array(
5207 spares[i], ZPOOL_CONFIG_VDEV_STATS,
5208 (uint64_t **)&vs, &vsc) == 0);
5209 vs->vs_state = VDEV_STATE_CANT_OPEN;
5210 vs->vs_aux = VDEV_AUX_SPARED;
5217 * Add l2cache device information to the nvlist, including vdev stats.
5220 spa_add_l2cache(spa_t *spa, nvlist_t *config)
5223 uint_t i, j, nl2cache;
5230 ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
5232 if (spa->spa_l2cache.sav_count == 0)
5235 VERIFY(nvlist_lookup_nvlist(config,
5236 ZPOOL_CONFIG_VDEV_TREE, &nvroot) == 0);
5237 VERIFY(nvlist_lookup_nvlist_array(spa->spa_l2cache.sav_config,
5238 ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
5239 if (nl2cache != 0) {
5240 VERIFY(nvlist_add_nvlist_array(nvroot,
5241 ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
5242 VERIFY(nvlist_lookup_nvlist_array(nvroot,
5243 ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
5246 * Update level 2 cache device stats.
5249 for (i = 0; i < nl2cache; i++) {
5250 VERIFY(nvlist_lookup_uint64(l2cache[i],
5251 ZPOOL_CONFIG_GUID, &guid) == 0);
5254 for (j = 0; j < spa->spa_l2cache.sav_count; j++) {
5256 spa->spa_l2cache.sav_vdevs[j]->vdev_guid) {
5257 vd = spa->spa_l2cache.sav_vdevs[j];
5263 VERIFY(nvlist_lookup_uint64_array(l2cache[i],
5264 ZPOOL_CONFIG_VDEV_STATS, (uint64_t **)&vs, &vsc)
5266 vdev_get_stats(vd, vs);
5267 vdev_config_generate_stats(vd, l2cache[i]);
5274 spa_feature_stats_from_disk(spa_t *spa, nvlist_t *features)
5279 if (spa->spa_feat_for_read_obj != 0) {
5280 for (zap_cursor_init(&zc, spa->spa_meta_objset,
5281 spa->spa_feat_for_read_obj);
5282 zap_cursor_retrieve(&zc, &za) == 0;
5283 zap_cursor_advance(&zc)) {
5284 ASSERT(za.za_integer_length == sizeof (uint64_t) &&
5285 za.za_num_integers == 1);
5286 VERIFY0(nvlist_add_uint64(features, za.za_name,
5287 za.za_first_integer));
5289 zap_cursor_fini(&zc);
5292 if (spa->spa_feat_for_write_obj != 0) {
5293 for (zap_cursor_init(&zc, spa->spa_meta_objset,
5294 spa->spa_feat_for_write_obj);
5295 zap_cursor_retrieve(&zc, &za) == 0;
5296 zap_cursor_advance(&zc)) {
5297 ASSERT(za.za_integer_length == sizeof (uint64_t) &&
5298 za.za_num_integers == 1);
5299 VERIFY0(nvlist_add_uint64(features, za.za_name,
5300 za.za_first_integer));
5302 zap_cursor_fini(&zc);
5307 spa_feature_stats_from_cache(spa_t *spa, nvlist_t *features)
5311 for (i = 0; i < SPA_FEATURES; i++) {
5312 zfeature_info_t feature = spa_feature_table[i];
5315 if (feature_get_refcount(spa, &feature, &refcount) != 0)
5318 VERIFY0(nvlist_add_uint64(features, feature.fi_guid, refcount));
5323 * Store a list of pool features and their reference counts in the
5326 * The first time this is called on a spa, allocate a new nvlist, fetch
5327 * the pool features and reference counts from disk, then save the list
5328 * in the spa. In subsequent calls on the same spa use the saved nvlist
5329 * and refresh its values from the cached reference counts. This
5330 * ensures we don't block here on I/O on a suspended pool so 'zpool
5331 * clear' can resume the pool.
5334 spa_add_feature_stats(spa_t *spa, nvlist_t *config)
5338 ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
5340 mutex_enter(&spa->spa_feat_stats_lock);
5341 features = spa->spa_feat_stats;
5343 if (features != NULL) {
5344 spa_feature_stats_from_cache(spa, features);
5346 VERIFY0(nvlist_alloc(&features, NV_UNIQUE_NAME, KM_SLEEP));
5347 spa->spa_feat_stats = features;
5348 spa_feature_stats_from_disk(spa, features);
5351 VERIFY0(nvlist_add_nvlist(config, ZPOOL_CONFIG_FEATURE_STATS,
5354 mutex_exit(&spa->spa_feat_stats_lock);
5358 spa_get_stats(const char *name, nvlist_t **config,
5359 char *altroot, size_t buflen)
5365 error = spa_open_common(name, &spa, FTAG, NULL, config);
5369 * This still leaves a window of inconsistency where the spares
5370 * or l2cache devices could change and the config would be
5371 * self-inconsistent.
5373 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
5375 if (*config != NULL) {
5376 uint64_t loadtimes[2];
5378 loadtimes[0] = spa->spa_loaded_ts.tv_sec;
5379 loadtimes[1] = spa->spa_loaded_ts.tv_nsec;
5380 VERIFY(nvlist_add_uint64_array(*config,
5381 ZPOOL_CONFIG_LOADED_TIME, loadtimes, 2) == 0);
5383 VERIFY(nvlist_add_uint64(*config,
5384 ZPOOL_CONFIG_ERRCOUNT,
5385 spa_get_errlog_size(spa)) == 0);
5387 if (spa_suspended(spa)) {
5388 VERIFY(nvlist_add_uint64(*config,
5389 ZPOOL_CONFIG_SUSPENDED,
5390 spa->spa_failmode) == 0);
5391 VERIFY(nvlist_add_uint64(*config,
5392 ZPOOL_CONFIG_SUSPENDED_REASON,
5393 spa->spa_suspended) == 0);
5396 spa_add_spares(spa, *config);
5397 spa_add_l2cache(spa, *config);
5398 spa_add_feature_stats(spa, *config);
5403 * We want to get the alternate root even for faulted pools, so we cheat
5404 * and call spa_lookup() directly.
5408 mutex_enter(&spa_namespace_lock);
5409 spa = spa_lookup(name);
5411 spa_altroot(spa, altroot, buflen);
5415 mutex_exit(&spa_namespace_lock);
5417 spa_altroot(spa, altroot, buflen);
5422 spa_config_exit(spa, SCL_CONFIG, FTAG);
5423 spa_close(spa, FTAG);
5430 * Validate that the auxiliary device array is well formed. We must have an
5431 * array of nvlists, each which describes a valid leaf vdev. If this is an
5432 * import (mode is VDEV_ALLOC_SPARE), then we allow corrupted spares to be
5433 * specified, as long as they are well-formed.
5436 spa_validate_aux_devs(spa_t *spa, nvlist_t *nvroot, uint64_t crtxg, int mode,
5437 spa_aux_vdev_t *sav, const char *config, uint64_t version,
5438 vdev_labeltype_t label)
5445 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
5448 * It's acceptable to have no devs specified.
5450 if (nvlist_lookup_nvlist_array(nvroot, config, &dev, &ndev) != 0)
5454 return (SET_ERROR(EINVAL));
5457 * Make sure the pool is formatted with a version that supports this
5460 if (spa_version(spa) < version)
5461 return (SET_ERROR(ENOTSUP));
5464 * Set the pending device list so we correctly handle device in-use
5467 sav->sav_pending = dev;
5468 sav->sav_npending = ndev;
5470 for (i = 0; i < ndev; i++) {
5471 if ((error = spa_config_parse(spa, &vd, dev[i], NULL, 0,
5475 if (!vd->vdev_ops->vdev_op_leaf) {
5477 error = SET_ERROR(EINVAL);
5483 if ((error = vdev_open(vd)) == 0 &&
5484 (error = vdev_label_init(vd, crtxg, label)) == 0) {
5485 VERIFY(nvlist_add_uint64(dev[i], ZPOOL_CONFIG_GUID,
5486 vd->vdev_guid) == 0);
5492 (mode != VDEV_ALLOC_SPARE && mode != VDEV_ALLOC_L2CACHE))
5499 sav->sav_pending = NULL;
5500 sav->sav_npending = 0;
5505 spa_validate_aux(spa_t *spa, nvlist_t *nvroot, uint64_t crtxg, int mode)
5509 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
5511 if ((error = spa_validate_aux_devs(spa, nvroot, crtxg, mode,
5512 &spa->spa_spares, ZPOOL_CONFIG_SPARES, SPA_VERSION_SPARES,
5513 VDEV_LABEL_SPARE)) != 0) {
5517 return (spa_validate_aux_devs(spa, nvroot, crtxg, mode,
5518 &spa->spa_l2cache, ZPOOL_CONFIG_L2CACHE, SPA_VERSION_L2CACHE,
5519 VDEV_LABEL_L2CACHE));
5523 spa_set_aux_vdevs(spa_aux_vdev_t *sav, nvlist_t **devs, int ndevs,
5528 if (sav->sav_config != NULL) {
5534 * Generate new dev list by concatenating with the
5537 VERIFY(nvlist_lookup_nvlist_array(sav->sav_config, config,
5538 &olddevs, &oldndevs) == 0);
5540 newdevs = kmem_alloc(sizeof (void *) *
5541 (ndevs + oldndevs), KM_SLEEP);
5542 for (i = 0; i < oldndevs; i++)
5543 VERIFY(nvlist_dup(olddevs[i], &newdevs[i],
5545 for (i = 0; i < ndevs; i++)
5546 VERIFY(nvlist_dup(devs[i], &newdevs[i + oldndevs],
5549 VERIFY(nvlist_remove(sav->sav_config, config,
5550 DATA_TYPE_NVLIST_ARRAY) == 0);
5552 VERIFY(nvlist_add_nvlist_array(sav->sav_config,
5553 config, newdevs, ndevs + oldndevs) == 0);
5554 for (i = 0; i < oldndevs + ndevs; i++)
5555 nvlist_free(newdevs[i]);
5556 kmem_free(newdevs, (oldndevs + ndevs) * sizeof (void *));
5559 * Generate a new dev list.
5561 VERIFY(nvlist_alloc(&sav->sav_config, NV_UNIQUE_NAME,
5563 VERIFY(nvlist_add_nvlist_array(sav->sav_config, config,
5569 * Stop and drop level 2 ARC devices
5572 spa_l2cache_drop(spa_t *spa)
5576 spa_aux_vdev_t *sav = &spa->spa_l2cache;
5578 for (i = 0; i < sav->sav_count; i++) {
5581 vd = sav->sav_vdevs[i];
5584 if (spa_l2cache_exists(vd->vdev_guid, &pool) &&
5585 pool != 0ULL && l2arc_vdev_present(vd))
5586 l2arc_remove_vdev(vd);
5591 * Verify encryption parameters for spa creation. If we are encrypting, we must
5592 * have the encryption feature flag enabled.
5595 spa_create_check_encryption_params(dsl_crypto_params_t *dcp,
5596 boolean_t has_encryption)
5598 if (dcp->cp_crypt != ZIO_CRYPT_OFF &&
5599 dcp->cp_crypt != ZIO_CRYPT_INHERIT &&
5601 return (SET_ERROR(ENOTSUP));
5603 return (dmu_objset_create_crypt_check(NULL, dcp, NULL));
5610 spa_create(const char *pool, nvlist_t *nvroot, nvlist_t *props,
5611 nvlist_t *zplprops, dsl_crypto_params_t *dcp)
5614 char *altroot = NULL;
5619 uint64_t txg = TXG_INITIAL;
5620 nvlist_t **spares, **l2cache;
5621 uint_t nspares, nl2cache;
5622 uint64_t version, obj;
5623 boolean_t has_features;
5624 boolean_t has_encryption;
5625 boolean_t has_allocclass;
5631 if (props == NULL ||
5632 nvlist_lookup_string(props, "tname", &poolname) != 0)
5633 poolname = (char *)pool;
5636 * If this pool already exists, return failure.
5638 mutex_enter(&spa_namespace_lock);
5639 if (spa_lookup(poolname) != NULL) {
5640 mutex_exit(&spa_namespace_lock);
5641 return (SET_ERROR(EEXIST));
5645 * Allocate a new spa_t structure.
5647 nvl = fnvlist_alloc();
5648 fnvlist_add_string(nvl, ZPOOL_CONFIG_POOL_NAME, pool);
5649 (void) nvlist_lookup_string(props,
5650 zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
5651 spa = spa_add(poolname, nvl, altroot);
5653 spa_activate(spa, spa_mode_global);
5655 if (props && (error = spa_prop_validate(spa, props))) {
5656 spa_deactivate(spa);
5658 mutex_exit(&spa_namespace_lock);
5663 * Temporary pool names should never be written to disk.
5665 if (poolname != pool)
5666 spa->spa_import_flags |= ZFS_IMPORT_TEMP_NAME;
5668 has_features = B_FALSE;
5669 has_encryption = B_FALSE;
5670 has_allocclass = B_FALSE;
5671 for (nvpair_t *elem = nvlist_next_nvpair(props, NULL);
5672 elem != NULL; elem = nvlist_next_nvpair(props, elem)) {
5673 if (zpool_prop_feature(nvpair_name(elem))) {
5674 has_features = B_TRUE;
5676 feat_name = strchr(nvpair_name(elem), '@') + 1;
5677 VERIFY0(zfeature_lookup_name(feat_name, &feat));
5678 if (feat == SPA_FEATURE_ENCRYPTION)
5679 has_encryption = B_TRUE;
5680 if (feat == SPA_FEATURE_ALLOCATION_CLASSES)
5681 has_allocclass = B_TRUE;
5685 /* verify encryption params, if they were provided */
5687 error = spa_create_check_encryption_params(dcp, has_encryption);
5689 spa_deactivate(spa);
5691 mutex_exit(&spa_namespace_lock);
5695 if (!has_allocclass && zfs_special_devs(nvroot, NULL)) {
5696 spa_deactivate(spa);
5698 mutex_exit(&spa_namespace_lock);
5702 if (has_features || nvlist_lookup_uint64(props,
5703 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version) != 0) {
5704 version = SPA_VERSION;
5706 ASSERT(SPA_VERSION_IS_SUPPORTED(version));
5708 spa->spa_first_txg = txg;
5709 spa->spa_uberblock.ub_txg = txg - 1;
5710 spa->spa_uberblock.ub_version = version;
5711 spa->spa_ubsync = spa->spa_uberblock;
5712 spa->spa_load_state = SPA_LOAD_CREATE;
5713 spa->spa_removing_phys.sr_state = DSS_NONE;
5714 spa->spa_removing_phys.sr_removing_vdev = -1;
5715 spa->spa_removing_phys.sr_prev_indirect_vdev = -1;
5716 spa->spa_indirect_vdevs_loaded = B_TRUE;
5719 * Create "The Godfather" zio to hold all async IOs
5721 spa->spa_async_zio_root = kmem_alloc(max_ncpus * sizeof (void *),
5723 for (int i = 0; i < max_ncpus; i++) {
5724 spa->spa_async_zio_root[i] = zio_root(spa, NULL, NULL,
5725 ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE |
5726 ZIO_FLAG_GODFATHER);
5730 * Create the root vdev.
5732 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
5734 error = spa_config_parse(spa, &rvd, nvroot, NULL, 0, VDEV_ALLOC_ADD);
5736 ASSERT(error != 0 || rvd != NULL);
5737 ASSERT(error != 0 || spa->spa_root_vdev == rvd);
5739 if (error == 0 && !zfs_allocatable_devs(nvroot))
5740 error = SET_ERROR(EINVAL);
5743 (error = vdev_create(rvd, txg, B_FALSE)) == 0 &&
5744 (error = spa_validate_aux(spa, nvroot, txg,
5745 VDEV_ALLOC_ADD)) == 0) {
5747 * instantiate the metaslab groups (this will dirty the vdevs)
5748 * we can no longer error exit past this point
5750 for (int c = 0; error == 0 && c < rvd->vdev_children; c++) {
5751 vdev_t *vd = rvd->vdev_child[c];
5753 vdev_metaslab_set_size(vd);
5754 vdev_expand(vd, txg);
5758 spa_config_exit(spa, SCL_ALL, FTAG);
5762 spa_deactivate(spa);
5764 mutex_exit(&spa_namespace_lock);
5769 * Get the list of spares, if specified.
5771 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES,
5772 &spares, &nspares) == 0) {
5773 VERIFY(nvlist_alloc(&spa->spa_spares.sav_config, NV_UNIQUE_NAME,
5775 VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
5776 ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
5777 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
5778 spa_load_spares(spa);
5779 spa_config_exit(spa, SCL_ALL, FTAG);
5780 spa->spa_spares.sav_sync = B_TRUE;
5784 * Get the list of level 2 cache devices, if specified.
5786 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE,
5787 &l2cache, &nl2cache) == 0) {
5788 VERIFY(nvlist_alloc(&spa->spa_l2cache.sav_config,
5789 NV_UNIQUE_NAME, KM_SLEEP) == 0);
5790 VERIFY(nvlist_add_nvlist_array(spa->spa_l2cache.sav_config,
5791 ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
5792 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
5793 spa_load_l2cache(spa);
5794 spa_config_exit(spa, SCL_ALL, FTAG);
5795 spa->spa_l2cache.sav_sync = B_TRUE;
5798 spa->spa_is_initializing = B_TRUE;
5799 spa->spa_dsl_pool = dp = dsl_pool_create(spa, zplprops, dcp, txg);
5800 spa->spa_is_initializing = B_FALSE;
5803 * Create DDTs (dedup tables).
5807 spa_update_dspace(spa);
5809 tx = dmu_tx_create_assigned(dp, txg);
5812 * Create the pool's history object.
5814 if (version >= SPA_VERSION_ZPOOL_HISTORY && !spa->spa_history)
5815 spa_history_create_obj(spa, tx);
5817 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_CREATE);
5818 spa_history_log_version(spa, "create", tx);
5821 * Create the pool config object.
5823 spa->spa_config_object = dmu_object_alloc(spa->spa_meta_objset,
5824 DMU_OT_PACKED_NVLIST, SPA_CONFIG_BLOCKSIZE,
5825 DMU_OT_PACKED_NVLIST_SIZE, sizeof (uint64_t), tx);
5827 if (zap_add(spa->spa_meta_objset,
5828 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CONFIG,
5829 sizeof (uint64_t), 1, &spa->spa_config_object, tx) != 0) {
5830 cmn_err(CE_PANIC, "failed to add pool config");
5833 if (zap_add(spa->spa_meta_objset,
5834 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CREATION_VERSION,
5835 sizeof (uint64_t), 1, &version, tx) != 0) {
5836 cmn_err(CE_PANIC, "failed to add pool version");
5839 /* Newly created pools with the right version are always deflated. */
5840 if (version >= SPA_VERSION_RAIDZ_DEFLATE) {
5841 spa->spa_deflate = TRUE;
5842 if (zap_add(spa->spa_meta_objset,
5843 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_DEFLATE,
5844 sizeof (uint64_t), 1, &spa->spa_deflate, tx) != 0) {
5845 cmn_err(CE_PANIC, "failed to add deflate");
5850 * Create the deferred-free bpobj. Turn off compression
5851 * because sync-to-convergence takes longer if the blocksize
5854 obj = bpobj_alloc(spa->spa_meta_objset, 1 << 14, tx);
5855 dmu_object_set_compress(spa->spa_meta_objset, obj,
5856 ZIO_COMPRESS_OFF, tx);
5857 if (zap_add(spa->spa_meta_objset,
5858 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_SYNC_BPOBJ,
5859 sizeof (uint64_t), 1, &obj, tx) != 0) {
5860 cmn_err(CE_PANIC, "failed to add bpobj");
5862 VERIFY3U(0, ==, bpobj_open(&spa->spa_deferred_bpobj,
5863 spa->spa_meta_objset, obj));
5866 * Generate some random noise for salted checksums to operate on.
5868 (void) random_get_pseudo_bytes(spa->spa_cksum_salt.zcs_bytes,
5869 sizeof (spa->spa_cksum_salt.zcs_bytes));
5872 * Set pool properties.
5874 spa->spa_bootfs = zpool_prop_default_numeric(ZPOOL_PROP_BOOTFS);
5875 spa->spa_delegation = zpool_prop_default_numeric(ZPOOL_PROP_DELEGATION);
5876 spa->spa_failmode = zpool_prop_default_numeric(ZPOOL_PROP_FAILUREMODE);
5877 spa->spa_autoexpand = zpool_prop_default_numeric(ZPOOL_PROP_AUTOEXPAND);
5878 spa->spa_multihost = zpool_prop_default_numeric(ZPOOL_PROP_MULTIHOST);
5879 spa->spa_autotrim = zpool_prop_default_numeric(ZPOOL_PROP_AUTOTRIM);
5881 if (props != NULL) {
5882 spa_configfile_set(spa, props, B_FALSE);
5883 spa_sync_props(props, tx);
5888 spa->spa_sync_on = B_TRUE;
5890 mmp_thread_start(spa);
5891 txg_wait_synced(dp, txg);
5893 spa_spawn_aux_threads(spa);
5895 spa_write_cachefile(spa, B_FALSE, B_TRUE);
5898 * Don't count references from objsets that are already closed
5899 * and are making their way through the eviction process.
5901 spa_evicting_os_wait(spa);
5902 spa->spa_minref = zfs_refcount_count(&spa->spa_refcount);
5903 spa->spa_load_state = SPA_LOAD_NONE;
5905 mutex_exit(&spa_namespace_lock);
5911 * Import a non-root pool into the system.
5914 spa_import(char *pool, nvlist_t *config, nvlist_t *props, uint64_t flags)
5917 char *altroot = NULL;
5918 spa_load_state_t state = SPA_LOAD_IMPORT;
5919 zpool_load_policy_t policy;
5920 spa_mode_t mode = spa_mode_global;
5921 uint64_t readonly = B_FALSE;
5924 nvlist_t **spares, **l2cache;
5925 uint_t nspares, nl2cache;
5928 * If a pool with this name exists, return failure.
5930 mutex_enter(&spa_namespace_lock);
5931 if (spa_lookup(pool) != NULL) {
5932 mutex_exit(&spa_namespace_lock);
5933 return (SET_ERROR(EEXIST));
5937 * Create and initialize the spa structure.
5939 (void) nvlist_lookup_string(props,
5940 zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
5941 (void) nvlist_lookup_uint64(props,
5942 zpool_prop_to_name(ZPOOL_PROP_READONLY), &readonly);
5944 mode = SPA_MODE_READ;
5945 spa = spa_add(pool, config, altroot);
5946 spa->spa_import_flags = flags;
5949 * Verbatim import - Take a pool and insert it into the namespace
5950 * as if it had been loaded at boot.
5952 if (spa->spa_import_flags & ZFS_IMPORT_VERBATIM) {
5954 spa_configfile_set(spa, props, B_FALSE);
5956 spa_write_cachefile(spa, B_FALSE, B_TRUE);
5957 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_IMPORT);
5958 zfs_dbgmsg("spa_import: verbatim import of %s", pool);
5959 mutex_exit(&spa_namespace_lock);
5963 spa_activate(spa, mode);
5966 * Don't start async tasks until we know everything is healthy.
5968 spa_async_suspend(spa);
5970 zpool_get_load_policy(config, &policy);
5971 if (policy.zlp_rewind & ZPOOL_DO_REWIND)
5972 state = SPA_LOAD_RECOVER;
5974 spa->spa_config_source = SPA_CONFIG_SRC_TRYIMPORT;
5976 if (state != SPA_LOAD_RECOVER) {
5977 spa->spa_last_ubsync_txg = spa->spa_load_txg = 0;
5978 zfs_dbgmsg("spa_import: importing %s", pool);
5980 zfs_dbgmsg("spa_import: importing %s, max_txg=%lld "
5981 "(RECOVERY MODE)", pool, (longlong_t)policy.zlp_txg);
5983 error = spa_load_best(spa, state, policy.zlp_txg, policy.zlp_rewind);
5986 * Propagate anything learned while loading the pool and pass it
5987 * back to caller (i.e. rewind info, missing devices, etc).
5989 VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_LOAD_INFO,
5990 spa->spa_load_info) == 0);
5992 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
5994 * Toss any existing sparelist, as it doesn't have any validity
5995 * anymore, and conflicts with spa_has_spare().
5997 if (spa->spa_spares.sav_config) {
5998 nvlist_free(spa->spa_spares.sav_config);
5999 spa->spa_spares.sav_config = NULL;
6000 spa_load_spares(spa);
6002 if (spa->spa_l2cache.sav_config) {
6003 nvlist_free(spa->spa_l2cache.sav_config);
6004 spa->spa_l2cache.sav_config = NULL;
6005 spa_load_l2cache(spa);
6008 VERIFY(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
6010 spa_config_exit(spa, SCL_ALL, FTAG);
6013 spa_configfile_set(spa, props, B_FALSE);
6015 if (error != 0 || (props && spa_writeable(spa) &&
6016 (error = spa_prop_set(spa, props)))) {
6018 spa_deactivate(spa);
6020 mutex_exit(&spa_namespace_lock);
6024 spa_async_resume(spa);
6027 * Override any spares and level 2 cache devices as specified by
6028 * the user, as these may have correct device names/devids, etc.
6030 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES,
6031 &spares, &nspares) == 0) {
6032 if (spa->spa_spares.sav_config)
6033 VERIFY(nvlist_remove(spa->spa_spares.sav_config,
6034 ZPOOL_CONFIG_SPARES, DATA_TYPE_NVLIST_ARRAY) == 0);
6036 VERIFY(nvlist_alloc(&spa->spa_spares.sav_config,
6037 NV_UNIQUE_NAME, KM_SLEEP) == 0);
6038 VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
6039 ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
6040 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
6041 spa_load_spares(spa);
6042 spa_config_exit(spa, SCL_ALL, FTAG);
6043 spa->spa_spares.sav_sync = B_TRUE;
6045 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE,
6046 &l2cache, &nl2cache) == 0) {
6047 if (spa->spa_l2cache.sav_config)
6048 VERIFY(nvlist_remove(spa->spa_l2cache.sav_config,
6049 ZPOOL_CONFIG_L2CACHE, DATA_TYPE_NVLIST_ARRAY) == 0);
6051 VERIFY(nvlist_alloc(&spa->spa_l2cache.sav_config,
6052 NV_UNIQUE_NAME, KM_SLEEP) == 0);
6053 VERIFY(nvlist_add_nvlist_array(spa->spa_l2cache.sav_config,
6054 ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
6055 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
6056 spa_load_l2cache(spa);
6057 spa_config_exit(spa, SCL_ALL, FTAG);
6058 spa->spa_l2cache.sav_sync = B_TRUE;
6062 * Check for any removed devices.
6064 if (spa->spa_autoreplace) {
6065 spa_aux_check_removed(&spa->spa_spares);
6066 spa_aux_check_removed(&spa->spa_l2cache);
6069 if (spa_writeable(spa)) {
6071 * Update the config cache to include the newly-imported pool.
6073 spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
6077 * It's possible that the pool was expanded while it was exported.
6078 * We kick off an async task to handle this for us.
6080 spa_async_request(spa, SPA_ASYNC_AUTOEXPAND);
6082 spa_history_log_version(spa, "import", NULL);
6084 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_IMPORT);
6086 mutex_exit(&spa_namespace_lock);
6088 zvol_create_minors_recursive(pool);
6094 spa_tryimport(nvlist_t *tryconfig)
6096 nvlist_t *config = NULL;
6097 char *poolname, *cachefile;
6101 zpool_load_policy_t policy;
6103 if (nvlist_lookup_string(tryconfig, ZPOOL_CONFIG_POOL_NAME, &poolname))
6106 if (nvlist_lookup_uint64(tryconfig, ZPOOL_CONFIG_POOL_STATE, &state))
6110 * Create and initialize the spa structure.
6112 mutex_enter(&spa_namespace_lock);
6113 spa = spa_add(TRYIMPORT_NAME, tryconfig, NULL);
6114 spa_activate(spa, SPA_MODE_READ);
6117 * Rewind pool if a max txg was provided.
6119 zpool_get_load_policy(spa->spa_config, &policy);
6120 if (policy.zlp_txg != UINT64_MAX) {
6121 spa->spa_load_max_txg = policy.zlp_txg;
6122 spa->spa_extreme_rewind = B_TRUE;
6123 zfs_dbgmsg("spa_tryimport: importing %s, max_txg=%lld",
6124 poolname, (longlong_t)policy.zlp_txg);
6126 zfs_dbgmsg("spa_tryimport: importing %s", poolname);
6129 if (nvlist_lookup_string(tryconfig, ZPOOL_CONFIG_CACHEFILE, &cachefile)
6131 zfs_dbgmsg("spa_tryimport: using cachefile '%s'", cachefile);
6132 spa->spa_config_source = SPA_CONFIG_SRC_CACHEFILE;
6134 spa->spa_config_source = SPA_CONFIG_SRC_SCAN;
6137 error = spa_load(spa, SPA_LOAD_TRYIMPORT, SPA_IMPORT_EXISTING);
6140 * If 'tryconfig' was at least parsable, return the current config.
6142 if (spa->spa_root_vdev != NULL) {
6143 config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
6144 VERIFY(nvlist_add_string(config, ZPOOL_CONFIG_POOL_NAME,
6146 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_STATE,
6148 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_TIMESTAMP,
6149 spa->spa_uberblock.ub_timestamp) == 0);
6150 VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_LOAD_INFO,
6151 spa->spa_load_info) == 0);
6152 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_ERRATA,
6153 spa->spa_errata) == 0);
6156 * If the bootfs property exists on this pool then we
6157 * copy it out so that external consumers can tell which
6158 * pools are bootable.
6160 if ((!error || error == EEXIST) && spa->spa_bootfs) {
6161 char *tmpname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
6164 * We have to play games with the name since the
6165 * pool was opened as TRYIMPORT_NAME.
6167 if (dsl_dsobj_to_dsname(spa_name(spa),
6168 spa->spa_bootfs, tmpname) == 0) {
6172 dsname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
6174 cp = strchr(tmpname, '/');
6176 (void) strlcpy(dsname, tmpname,
6179 (void) snprintf(dsname, MAXPATHLEN,
6180 "%s/%s", poolname, ++cp);
6182 VERIFY(nvlist_add_string(config,
6183 ZPOOL_CONFIG_BOOTFS, dsname) == 0);
6184 kmem_free(dsname, MAXPATHLEN);
6186 kmem_free(tmpname, MAXPATHLEN);
6190 * Add the list of hot spares and level 2 cache devices.
6192 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
6193 spa_add_spares(spa, config);
6194 spa_add_l2cache(spa, config);
6195 spa_config_exit(spa, SCL_CONFIG, FTAG);
6199 spa_deactivate(spa);
6201 mutex_exit(&spa_namespace_lock);
6207 * Pool export/destroy
6209 * The act of destroying or exporting a pool is very simple. We make sure there
6210 * is no more pending I/O and any references to the pool are gone. Then, we
6211 * update the pool state and sync all the labels to disk, removing the
6212 * configuration from the cache afterwards. If the 'hardforce' flag is set, then
6213 * we don't sync the labels or remove the configuration cache.
6216 spa_export_common(char *pool, int new_state, nvlist_t **oldconfig,
6217 boolean_t force, boolean_t hardforce)
6224 if (!(spa_mode_global & SPA_MODE_WRITE))
6225 return (SET_ERROR(EROFS));
6227 mutex_enter(&spa_namespace_lock);
6228 if ((spa = spa_lookup(pool)) == NULL) {
6229 mutex_exit(&spa_namespace_lock);
6230 return (SET_ERROR(ENOENT));
6233 if (spa->spa_is_exporting) {
6234 /* the pool is being exported by another thread */
6235 mutex_exit(&spa_namespace_lock);
6236 return (SET_ERROR(ZFS_ERR_EXPORT_IN_PROGRESS));
6238 spa->spa_is_exporting = B_TRUE;
6241 * Put a hold on the pool, drop the namespace lock, stop async tasks,
6242 * reacquire the namespace lock, and see if we can export.
6244 spa_open_ref(spa, FTAG);
6245 mutex_exit(&spa_namespace_lock);
6246 spa_async_suspend(spa);
6247 if (spa->spa_zvol_taskq) {
6248 zvol_remove_minors(spa, spa_name(spa), B_TRUE);
6249 taskq_wait(spa->spa_zvol_taskq);
6251 mutex_enter(&spa_namespace_lock);
6252 spa_close(spa, FTAG);
6254 if (spa->spa_state == POOL_STATE_UNINITIALIZED)
6257 * The pool will be in core if it's openable, in which case we can
6258 * modify its state. Objsets may be open only because they're dirty,
6259 * so we have to force it to sync before checking spa_refcnt.
6261 if (spa->spa_sync_on) {
6262 txg_wait_synced(spa->spa_dsl_pool, 0);
6263 spa_evicting_os_wait(spa);
6267 * A pool cannot be exported or destroyed if there are active
6268 * references. If we are resetting a pool, allow references by
6269 * fault injection handlers.
6271 if (!spa_refcount_zero(spa) ||
6272 (spa->spa_inject_ref != 0 &&
6273 new_state != POOL_STATE_UNINITIALIZED)) {
6274 spa_async_resume(spa);
6275 spa->spa_is_exporting = B_FALSE;
6276 mutex_exit(&spa_namespace_lock);
6277 return (SET_ERROR(EBUSY));
6280 if (spa->spa_sync_on) {
6282 * A pool cannot be exported if it has an active shared spare.
6283 * This is to prevent other pools stealing the active spare
6284 * from an exported pool. At user's own will, such pool can
6285 * be forcedly exported.
6287 if (!force && new_state == POOL_STATE_EXPORTED &&
6288 spa_has_active_shared_spare(spa)) {
6289 spa_async_resume(spa);
6290 spa->spa_is_exporting = B_FALSE;
6291 mutex_exit(&spa_namespace_lock);
6292 return (SET_ERROR(EXDEV));
6296 * We're about to export or destroy this pool. Make sure
6297 * we stop all initialization and trim activity here before
6298 * we set the spa_final_txg. This will ensure that all
6299 * dirty data resulting from the initialization is
6300 * committed to disk before we unload the pool.
6302 if (spa->spa_root_vdev != NULL) {
6303 vdev_t *rvd = spa->spa_root_vdev;
6304 vdev_initialize_stop_all(rvd, VDEV_INITIALIZE_ACTIVE);
6305 vdev_trim_stop_all(rvd, VDEV_TRIM_ACTIVE);
6306 vdev_autotrim_stop_all(spa);
6310 * We want this to be reflected on every label,
6311 * so mark them all dirty. spa_unload() will do the
6312 * final sync that pushes these changes out.
6314 if (new_state != POOL_STATE_UNINITIALIZED && !hardforce) {
6315 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
6316 spa->spa_state = new_state;
6317 spa->spa_final_txg = spa_last_synced_txg(spa) +
6319 vdev_config_dirty(spa->spa_root_vdev);
6320 spa_config_exit(spa, SCL_ALL, FTAG);
6325 if (new_state == POOL_STATE_DESTROYED)
6326 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_DESTROY);
6327 else if (new_state == POOL_STATE_EXPORTED)
6328 spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_EXPORT);
6330 if (spa->spa_state != POOL_STATE_UNINITIALIZED) {
6332 spa_deactivate(spa);
6335 if (oldconfig && spa->spa_config)
6336 VERIFY(nvlist_dup(spa->spa_config, oldconfig, 0) == 0);
6338 if (new_state != POOL_STATE_UNINITIALIZED) {
6340 spa_write_cachefile(spa, B_TRUE, B_TRUE);
6344 * If spa_remove() is not called for this spa_t and
6345 * there is any possibility that it can be reused,
6346 * we make sure to reset the exporting flag.
6348 spa->spa_is_exporting = B_FALSE;
6351 mutex_exit(&spa_namespace_lock);
6356 * Destroy a storage pool.
6359 spa_destroy(char *pool)
6361 return (spa_export_common(pool, POOL_STATE_DESTROYED, NULL,
6366 * Export a storage pool.
6369 spa_export(char *pool, nvlist_t **oldconfig, boolean_t force,
6370 boolean_t hardforce)
6372 return (spa_export_common(pool, POOL_STATE_EXPORTED, oldconfig,
6377 * Similar to spa_export(), this unloads the spa_t without actually removing it
6378 * from the namespace in any way.
6381 spa_reset(char *pool)
6383 return (spa_export_common(pool, POOL_STATE_UNINITIALIZED, NULL,
6388 * ==========================================================================
6389 * Device manipulation
6390 * ==========================================================================
6394 * Add a device to a storage pool.
6397 spa_vdev_add(spa_t *spa, nvlist_t *nvroot)
6401 vdev_t *rvd = spa->spa_root_vdev;
6403 nvlist_t **spares, **l2cache;
6404 uint_t nspares, nl2cache;
6406 ASSERT(spa_writeable(spa));
6408 txg = spa_vdev_enter(spa);
6410 if ((error = spa_config_parse(spa, &vd, nvroot, NULL, 0,
6411 VDEV_ALLOC_ADD)) != 0)
6412 return (spa_vdev_exit(spa, NULL, txg, error));
6414 spa->spa_pending_vdev = vd; /* spa_vdev_exit() will clear this */
6416 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES, &spares,
6420 if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE, &l2cache,
6424 if (vd->vdev_children == 0 && nspares == 0 && nl2cache == 0)
6425 return (spa_vdev_exit(spa, vd, txg, EINVAL));
6427 if (vd->vdev_children != 0 &&
6428 (error = vdev_create(vd, txg, B_FALSE)) != 0)
6429 return (spa_vdev_exit(spa, vd, txg, error));
6432 * We must validate the spares and l2cache devices after checking the
6433 * children. Otherwise, vdev_inuse() will blindly overwrite the spare.
6435 if ((error = spa_validate_aux(spa, nvroot, txg, VDEV_ALLOC_ADD)) != 0)
6436 return (spa_vdev_exit(spa, vd, txg, error));
6439 * If we are in the middle of a device removal, we can only add
6440 * devices which match the existing devices in the pool.
6441 * If we are in the middle of a removal, or have some indirect
6442 * vdevs, we can not add raidz toplevels.
6444 if (spa->spa_vdev_removal != NULL ||
6445 spa->spa_removing_phys.sr_prev_indirect_vdev != -1) {
6446 for (int c = 0; c < vd->vdev_children; c++) {
6447 tvd = vd->vdev_child[c];
6448 if (spa->spa_vdev_removal != NULL &&
6449 tvd->vdev_ashift != spa->spa_max_ashift) {
6450 return (spa_vdev_exit(spa, vd, txg, EINVAL));
6452 /* Fail if top level vdev is raidz */
6453 if (tvd->vdev_ops == &vdev_raidz_ops) {
6454 return (spa_vdev_exit(spa, vd, txg, EINVAL));
6457 * Need the top level mirror to be
6458 * a mirror of leaf vdevs only
6460 if (tvd->vdev_ops == &vdev_mirror_ops) {
6461 for (uint64_t cid = 0;
6462 cid < tvd->vdev_children; cid++) {
6463 vdev_t *cvd = tvd->vdev_child[cid];
6464 if (!cvd->vdev_ops->vdev_op_leaf) {
6465 return (spa_vdev_exit(spa, vd,
6473 for (int c = 0; c < vd->vdev_children; c++) {
6474 tvd = vd->vdev_child[c];
6475 vdev_remove_child(vd, tvd);
6476 tvd->vdev_id = rvd->vdev_children;
6477 vdev_add_child(rvd, tvd);
6478 vdev_config_dirty(tvd);
6482 spa_set_aux_vdevs(&spa->spa_spares, spares, nspares,
6483 ZPOOL_CONFIG_SPARES);
6484 spa_load_spares(spa);
6485 spa->spa_spares.sav_sync = B_TRUE;
6488 if (nl2cache != 0) {
6489 spa_set_aux_vdevs(&spa->spa_l2cache, l2cache, nl2cache,
6490 ZPOOL_CONFIG_L2CACHE);
6491 spa_load_l2cache(spa);
6492 spa->spa_l2cache.sav_sync = B_TRUE;
6496 * We have to be careful when adding new vdevs to an existing pool.
6497 * If other threads start allocating from these vdevs before we
6498 * sync the config cache, and we lose power, then upon reboot we may
6499 * fail to open the pool because there are DVAs that the config cache
6500 * can't translate. Therefore, we first add the vdevs without
6501 * initializing metaslabs; sync the config cache (via spa_vdev_exit());
6502 * and then let spa_config_update() initialize the new metaslabs.
6504 * spa_load() checks for added-but-not-initialized vdevs, so that
6505 * if we lose power at any point in this sequence, the remaining
6506 * steps will be completed the next time we load the pool.
6508 (void) spa_vdev_exit(spa, vd, txg, 0);
6510 mutex_enter(&spa_namespace_lock);
6511 spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
6512 spa_event_notify(spa, NULL, NULL, ESC_ZFS_VDEV_ADD);
6513 mutex_exit(&spa_namespace_lock);
6519 * Attach a device to a mirror. The arguments are the path to any device
6520 * in the mirror, and the nvroot for the new device. If the path specifies
6521 * a device that is not mirrored, we automatically insert the mirror vdev.
6523 * If 'replacing' is specified, the new device is intended to replace the
6524 * existing device; in this case the two devices are made into their own
6525 * mirror using the 'replacing' vdev, which is functionally identical to
6526 * the mirror vdev (it actually reuses all the same ops) but has a few
6527 * extra rules: you can't attach to it after it's been created, and upon
6528 * completion of resilvering, the first disk (the one being replaced)
6529 * is automatically detached.
6532 spa_vdev_attach(spa_t *spa, uint64_t guid, nvlist_t *nvroot, int replacing)
6534 uint64_t txg, dtl_max_txg;
6535 vdev_t *rvd __maybe_unused = spa->spa_root_vdev;
6536 vdev_t *oldvd, *newvd, *newrootvd, *pvd, *tvd;
6538 char *oldvdpath, *newvdpath;
6542 ASSERT(spa_writeable(spa));
6544 txg = spa_vdev_enter(spa);
6546 oldvd = spa_lookup_by_guid(spa, guid, B_FALSE);
6548 ASSERT(MUTEX_HELD(&spa_namespace_lock));
6549 if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
6550 error = (spa_has_checkpoint(spa)) ?
6551 ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
6552 return (spa_vdev_exit(spa, NULL, txg, error));
6555 if (spa->spa_vdev_removal != NULL)
6556 return (spa_vdev_exit(spa, NULL, txg, EBUSY));
6559 return (spa_vdev_exit(spa, NULL, txg, ENODEV));
6561 if (!oldvd->vdev_ops->vdev_op_leaf)
6562 return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
6564 pvd = oldvd->vdev_parent;
6566 if ((error = spa_config_parse(spa, &newrootvd, nvroot, NULL, 0,
6567 VDEV_ALLOC_ATTACH)) != 0)
6568 return (spa_vdev_exit(spa, NULL, txg, EINVAL));
6570 if (newrootvd->vdev_children != 1)
6571 return (spa_vdev_exit(spa, newrootvd, txg, EINVAL));
6573 newvd = newrootvd->vdev_child[0];
6575 if (!newvd->vdev_ops->vdev_op_leaf)
6576 return (spa_vdev_exit(spa, newrootvd, txg, EINVAL));
6578 if ((error = vdev_create(newrootvd, txg, replacing)) != 0)
6579 return (spa_vdev_exit(spa, newrootvd, txg, error));
6582 * Spares can't replace logs
6584 if (oldvd->vdev_top->vdev_islog && newvd->vdev_isspare)
6585 return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
6589 * For attach, the only allowable parent is a mirror or the root
6592 if (pvd->vdev_ops != &vdev_mirror_ops &&
6593 pvd->vdev_ops != &vdev_root_ops)
6594 return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
6596 pvops = &vdev_mirror_ops;
6599 * Active hot spares can only be replaced by inactive hot
6602 if (pvd->vdev_ops == &vdev_spare_ops &&
6603 oldvd->vdev_isspare &&
6604 !spa_has_spare(spa, newvd->vdev_guid))
6605 return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
6608 * If the source is a hot spare, and the parent isn't already a
6609 * spare, then we want to create a new hot spare. Otherwise, we
6610 * want to create a replacing vdev. The user is not allowed to
6611 * attach to a spared vdev child unless the 'isspare' state is
6612 * the same (spare replaces spare, non-spare replaces
6615 if (pvd->vdev_ops == &vdev_replacing_ops &&
6616 spa_version(spa) < SPA_VERSION_MULTI_REPLACE) {
6617 return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
6618 } else if (pvd->vdev_ops == &vdev_spare_ops &&
6619 newvd->vdev_isspare != oldvd->vdev_isspare) {
6620 return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
6623 if (newvd->vdev_isspare)
6624 pvops = &vdev_spare_ops;
6626 pvops = &vdev_replacing_ops;
6630 * Make sure the new device is big enough.
6632 if (newvd->vdev_asize < vdev_get_min_asize(oldvd))
6633 return (spa_vdev_exit(spa, newrootvd, txg, EOVERFLOW));
6636 * The new device cannot have a higher alignment requirement
6637 * than the top-level vdev.
6639 if (newvd->vdev_ashift > oldvd->vdev_top->vdev_ashift)
6640 return (spa_vdev_exit(spa, newrootvd, txg, EDOM));
6643 * If this is an in-place replacement, update oldvd's path and devid
6644 * to make it distinguishable from newvd, and unopenable from now on.
6646 if (strcmp(oldvd->vdev_path, newvd->vdev_path) == 0) {
6647 spa_strfree(oldvd->vdev_path);
6648 oldvd->vdev_path = kmem_alloc(strlen(newvd->vdev_path) + 5,
6650 (void) sprintf(oldvd->vdev_path, "%s/%s",
6651 newvd->vdev_path, "old");
6652 if (oldvd->vdev_devid != NULL) {
6653 spa_strfree(oldvd->vdev_devid);
6654 oldvd->vdev_devid = NULL;
6658 /* mark the device being resilvered */
6659 newvd->vdev_resilver_txg = txg;
6662 * If the parent is not a mirror, or if we're replacing, insert the new
6663 * mirror/replacing/spare vdev above oldvd.
6665 if (pvd->vdev_ops != pvops)
6666 pvd = vdev_add_parent(oldvd, pvops);
6668 ASSERT(pvd->vdev_top->vdev_parent == rvd);
6669 ASSERT(pvd->vdev_ops == pvops);
6670 ASSERT(oldvd->vdev_parent == pvd);
6673 * Extract the new device from its root and add it to pvd.
6675 vdev_remove_child(newrootvd, newvd);
6676 newvd->vdev_id = pvd->vdev_children;
6677 newvd->vdev_crtxg = oldvd->vdev_crtxg;
6678 vdev_add_child(pvd, newvd);
6681 * Reevaluate the parent vdev state.
6683 vdev_propagate_state(pvd);
6685 tvd = newvd->vdev_top;
6686 ASSERT(pvd->vdev_top == tvd);
6687 ASSERT(tvd->vdev_parent == rvd);
6689 vdev_config_dirty(tvd);
6692 * Set newvd's DTL to [TXG_INITIAL, dtl_max_txg) so that we account
6693 * for any dmu_sync-ed blocks. It will propagate upward when
6694 * spa_vdev_exit() calls vdev_dtl_reassess().
6696 dtl_max_txg = txg + TXG_CONCURRENT_STATES;
6698 vdev_dtl_dirty(newvd, DTL_MISSING, TXG_INITIAL,
6699 dtl_max_txg - TXG_INITIAL);
6701 if (newvd->vdev_isspare) {
6702 spa_spare_activate(newvd);
6703 spa_event_notify(spa, newvd, NULL, ESC_ZFS_VDEV_SPARE);
6706 oldvdpath = spa_strdup(oldvd->vdev_path);
6707 newvdpath = spa_strdup(newvd->vdev_path);
6708 newvd_isspare = newvd->vdev_isspare;
6711 * Mark newvd's DTL dirty in this txg.
6713 vdev_dirty(tvd, VDD_DTL, newvd, txg);
6716 * Schedule the resilver to restart in the future. We do this to
6717 * ensure that dmu_sync-ed blocks have been stitched into the
6718 * respective datasets. We do not do this if resilvers have been
6721 if (dsl_scan_resilvering(spa_get_dsl(spa)) &&
6722 spa_feature_is_enabled(spa, SPA_FEATURE_RESILVER_DEFER))
6723 vdev_defer_resilver(newvd);
6725 dsl_scan_restart_resilver(spa->spa_dsl_pool, dtl_max_txg);
6727 if (spa->spa_bootfs)
6728 spa_event_notify(spa, newvd, NULL, ESC_ZFS_BOOTFS_VDEV_ATTACH);
6730 spa_event_notify(spa, newvd, NULL, ESC_ZFS_VDEV_ATTACH);
6735 (void) spa_vdev_exit(spa, newrootvd, dtl_max_txg, 0);
6737 spa_history_log_internal(spa, "vdev attach", NULL,
6738 "%s vdev=%s %s vdev=%s",
6739 replacing && newvd_isspare ? "spare in" :
6740 replacing ? "replace" : "attach", newvdpath,
6741 replacing ? "for" : "to", oldvdpath);
6743 spa_strfree(oldvdpath);
6744 spa_strfree(newvdpath);
6750 * Detach a device from a mirror or replacing vdev.
6752 * If 'replace_done' is specified, only detach if the parent
6753 * is a replacing vdev.
6756 spa_vdev_detach(spa_t *spa, uint64_t guid, uint64_t pguid, int replace_done)
6760 vdev_t *rvd __maybe_unused = spa->spa_root_vdev;
6761 vdev_t *vd, *pvd, *cvd, *tvd;
6762 boolean_t unspare = B_FALSE;
6763 uint64_t unspare_guid = 0;
6766 ASSERT(spa_writeable(spa));
6768 txg = spa_vdev_enter(spa);
6770 vd = spa_lookup_by_guid(spa, guid, B_FALSE);
6773 * Besides being called directly from the userland through the
6774 * ioctl interface, spa_vdev_detach() can be potentially called
6775 * at the end of spa_vdev_resilver_done().
6777 * In the regular case, when we have a checkpoint this shouldn't
6778 * happen as we never empty the DTLs of a vdev during the scrub
6779 * [see comment in dsl_scan_done()]. Thus spa_vdev_resilvering_done()
6780 * should never get here when we have a checkpoint.
6782 * That said, even in a case when we checkpoint the pool exactly
6783 * as spa_vdev_resilver_done() calls this function everything
6784 * should be fine as the resilver will return right away.
6786 ASSERT(MUTEX_HELD(&spa_namespace_lock));
6787 if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
6788 error = (spa_has_checkpoint(spa)) ?
6789 ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
6790 return (spa_vdev_exit(spa, NULL, txg, error));
6794 return (spa_vdev_exit(spa, NULL, txg, ENODEV));
6796 if (!vd->vdev_ops->vdev_op_leaf)
6797 return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
6799 pvd = vd->vdev_parent;
6802 * If the parent/child relationship is not as expected, don't do it.
6803 * Consider M(A,R(B,C)) -- that is, a mirror of A with a replacing
6804 * vdev that's replacing B with C. The user's intent in replacing
6805 * is to go from M(A,B) to M(A,C). If the user decides to cancel
6806 * the replace by detaching C, the expected behavior is to end up
6807 * M(A,B). But suppose that right after deciding to detach C,
6808 * the replacement of B completes. We would have M(A,C), and then
6809 * ask to detach C, which would leave us with just A -- not what
6810 * the user wanted. To prevent this, we make sure that the
6811 * parent/child relationship hasn't changed -- in this example,
6812 * that C's parent is still the replacing vdev R.
6814 if (pvd->vdev_guid != pguid && pguid != 0)
6815 return (spa_vdev_exit(spa, NULL, txg, EBUSY));
6818 * Only 'replacing' or 'spare' vdevs can be replaced.
6820 if (replace_done && pvd->vdev_ops != &vdev_replacing_ops &&
6821 pvd->vdev_ops != &vdev_spare_ops)
6822 return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
6824 ASSERT(pvd->vdev_ops != &vdev_spare_ops ||
6825 spa_version(spa) >= SPA_VERSION_SPARES);
6828 * Only mirror, replacing, and spare vdevs support detach.
6830 if (pvd->vdev_ops != &vdev_replacing_ops &&
6831 pvd->vdev_ops != &vdev_mirror_ops &&
6832 pvd->vdev_ops != &vdev_spare_ops)
6833 return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
6836 * If this device has the only valid copy of some data,
6837 * we cannot safely detach it.
6839 if (vdev_dtl_required(vd))
6840 return (spa_vdev_exit(spa, NULL, txg, EBUSY));
6842 ASSERT(pvd->vdev_children >= 2);
6845 * If we are detaching the second disk from a replacing vdev, then
6846 * check to see if we changed the original vdev's path to have "/old"
6847 * at the end in spa_vdev_attach(). If so, undo that change now.
6849 if (pvd->vdev_ops == &vdev_replacing_ops && vd->vdev_id > 0 &&
6850 vd->vdev_path != NULL) {
6851 size_t len = strlen(vd->vdev_path);
6853 for (int c = 0; c < pvd->vdev_children; c++) {
6854 cvd = pvd->vdev_child[c];
6856 if (cvd == vd || cvd->vdev_path == NULL)
6859 if (strncmp(cvd->vdev_path, vd->vdev_path, len) == 0 &&
6860 strcmp(cvd->vdev_path + len, "/old") == 0) {
6861 spa_strfree(cvd->vdev_path);
6862 cvd->vdev_path = spa_strdup(vd->vdev_path);
6869 * If we are detaching the original disk from a spare, then it implies
6870 * that the spare should become a real disk, and be removed from the
6871 * active spare list for the pool.
6873 if (pvd->vdev_ops == &vdev_spare_ops &&
6875 pvd->vdev_child[pvd->vdev_children - 1]->vdev_isspare)
6879 * Erase the disk labels so the disk can be used for other things.
6880 * This must be done after all other error cases are handled,
6881 * but before we disembowel vd (so we can still do I/O to it).
6882 * But if we can't do it, don't treat the error as fatal --
6883 * it may be that the unwritability of the disk is the reason
6884 * it's being detached!
6886 error = vdev_label_init(vd, 0, VDEV_LABEL_REMOVE);
6889 * Remove vd from its parent and compact the parent's children.
6891 vdev_remove_child(pvd, vd);
6892 vdev_compact_children(pvd);
6895 * Remember one of the remaining children so we can get tvd below.
6897 cvd = pvd->vdev_child[pvd->vdev_children - 1];
6900 * If we need to remove the remaining child from the list of hot spares,
6901 * do it now, marking the vdev as no longer a spare in the process.
6902 * We must do this before vdev_remove_parent(), because that can
6903 * change the GUID if it creates a new toplevel GUID. For a similar
6904 * reason, we must remove the spare now, in the same txg as the detach;
6905 * otherwise someone could attach a new sibling, change the GUID, and
6906 * the subsequent attempt to spa_vdev_remove(unspare_guid) would fail.
6909 ASSERT(cvd->vdev_isspare);
6910 spa_spare_remove(cvd);
6911 unspare_guid = cvd->vdev_guid;
6912 (void) spa_vdev_remove(spa, unspare_guid, B_TRUE);
6913 cvd->vdev_unspare = B_TRUE;
6917 * If the parent mirror/replacing vdev only has one child,
6918 * the parent is no longer needed. Remove it from the tree.
6920 if (pvd->vdev_children == 1) {
6921 if (pvd->vdev_ops == &vdev_spare_ops)
6922 cvd->vdev_unspare = B_FALSE;
6923 vdev_remove_parent(cvd);
6927 * We don't set tvd until now because the parent we just removed
6928 * may have been the previous top-level vdev.
6930 tvd = cvd->vdev_top;
6931 ASSERT(tvd->vdev_parent == rvd);
6934 * Reevaluate the parent vdev state.
6936 vdev_propagate_state(cvd);
6939 * If the 'autoexpand' property is set on the pool then automatically
6940 * try to expand the size of the pool. For example if the device we
6941 * just detached was smaller than the others, it may be possible to
6942 * add metaslabs (i.e. grow the pool). We need to reopen the vdev
6943 * first so that we can obtain the updated sizes of the leaf vdevs.
6945 if (spa->spa_autoexpand) {
6947 vdev_expand(tvd, txg);
6950 vdev_config_dirty(tvd);
6953 * Mark vd's DTL as dirty in this txg. vdev_dtl_sync() will see that
6954 * vd->vdev_detached is set and free vd's DTL object in syncing context.
6955 * But first make sure we're not on any *other* txg's DTL list, to
6956 * prevent vd from being accessed after it's freed.
6958 vdpath = spa_strdup(vd->vdev_path ? vd->vdev_path : "none");
6959 for (int t = 0; t < TXG_SIZE; t++)
6960 (void) txg_list_remove_this(&tvd->vdev_dtl_list, vd, t);
6961 vd->vdev_detached = B_TRUE;
6962 vdev_dirty(tvd, VDD_DTL, vd, txg);
6964 spa_event_notify(spa, vd, NULL, ESC_ZFS_VDEV_REMOVE);
6965 spa_notify_waiters(spa);
6967 /* hang on to the spa before we release the lock */
6968 spa_open_ref(spa, FTAG);
6970 error = spa_vdev_exit(spa, vd, txg, 0);
6972 spa_history_log_internal(spa, "detach", NULL,
6974 spa_strfree(vdpath);
6977 * If this was the removal of the original device in a hot spare vdev,
6978 * then we want to go through and remove the device from the hot spare
6979 * list of every other pool.
6982 spa_t *altspa = NULL;
6984 mutex_enter(&spa_namespace_lock);
6985 while ((altspa = spa_next(altspa)) != NULL) {
6986 if (altspa->spa_state != POOL_STATE_ACTIVE ||
6990 spa_open_ref(altspa, FTAG);
6991 mutex_exit(&spa_namespace_lock);
6992 (void) spa_vdev_remove(altspa, unspare_guid, B_TRUE);
6993 mutex_enter(&spa_namespace_lock);
6994 spa_close(altspa, FTAG);
6996 mutex_exit(&spa_namespace_lock);
6998 /* search the rest of the vdevs for spares to remove */
6999 spa_vdev_resilver_done(spa);
7002 /* all done with the spa; OK to release */
7003 mutex_enter(&spa_namespace_lock);
7004 spa_close(spa, FTAG);
7005 mutex_exit(&spa_namespace_lock);
7011 spa_vdev_initialize_impl(spa_t *spa, uint64_t guid, uint64_t cmd_type,
7014 ASSERT(MUTEX_HELD(&spa_namespace_lock));
7016 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
7018 /* Look up vdev and ensure it's a leaf. */
7019 vdev_t *vd = spa_lookup_by_guid(spa, guid, B_FALSE);
7020 if (vd == NULL || vd->vdev_detached) {
7021 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7022 return (SET_ERROR(ENODEV));
7023 } else if (!vd->vdev_ops->vdev_op_leaf || !vdev_is_concrete(vd)) {
7024 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7025 return (SET_ERROR(EINVAL));
7026 } else if (!vdev_writeable(vd)) {
7027 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7028 return (SET_ERROR(EROFS));
7030 mutex_enter(&vd->vdev_initialize_lock);
7031 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7034 * When we activate an initialize action we check to see
7035 * if the vdev_initialize_thread is NULL. We do this instead
7036 * of using the vdev_initialize_state since there might be
7037 * a previous initialization process which has completed but
7038 * the thread is not exited.
7040 if (cmd_type == POOL_INITIALIZE_START &&
7041 (vd->vdev_initialize_thread != NULL ||
7042 vd->vdev_top->vdev_removing)) {
7043 mutex_exit(&vd->vdev_initialize_lock);
7044 return (SET_ERROR(EBUSY));
7045 } else if (cmd_type == POOL_INITIALIZE_CANCEL &&
7046 (vd->vdev_initialize_state != VDEV_INITIALIZE_ACTIVE &&
7047 vd->vdev_initialize_state != VDEV_INITIALIZE_SUSPENDED)) {
7048 mutex_exit(&vd->vdev_initialize_lock);
7049 return (SET_ERROR(ESRCH));
7050 } else if (cmd_type == POOL_INITIALIZE_SUSPEND &&
7051 vd->vdev_initialize_state != VDEV_INITIALIZE_ACTIVE) {
7052 mutex_exit(&vd->vdev_initialize_lock);
7053 return (SET_ERROR(ESRCH));
7057 case POOL_INITIALIZE_START:
7058 vdev_initialize(vd);
7060 case POOL_INITIALIZE_CANCEL:
7061 vdev_initialize_stop(vd, VDEV_INITIALIZE_CANCELED, vd_list);
7063 case POOL_INITIALIZE_SUSPEND:
7064 vdev_initialize_stop(vd, VDEV_INITIALIZE_SUSPENDED, vd_list);
7067 panic("invalid cmd_type %llu", (unsigned long long)cmd_type);
7069 mutex_exit(&vd->vdev_initialize_lock);
7075 spa_vdev_initialize(spa_t *spa, nvlist_t *nv, uint64_t cmd_type,
7076 nvlist_t *vdev_errlist)
7078 int total_errors = 0;
7081 list_create(&vd_list, sizeof (vdev_t),
7082 offsetof(vdev_t, vdev_initialize_node));
7085 * We hold the namespace lock through the whole function
7086 * to prevent any changes to the pool while we're starting or
7087 * stopping initialization. The config and state locks are held so that
7088 * we can properly assess the vdev state before we commit to
7089 * the initializing operation.
7091 mutex_enter(&spa_namespace_lock);
7093 for (nvpair_t *pair = nvlist_next_nvpair(nv, NULL);
7094 pair != NULL; pair = nvlist_next_nvpair(nv, pair)) {
7095 uint64_t vdev_guid = fnvpair_value_uint64(pair);
7097 int error = spa_vdev_initialize_impl(spa, vdev_guid, cmd_type,
7100 char guid_as_str[MAXNAMELEN];
7102 (void) snprintf(guid_as_str, sizeof (guid_as_str),
7103 "%llu", (unsigned long long)vdev_guid);
7104 fnvlist_add_int64(vdev_errlist, guid_as_str, error);
7109 /* Wait for all initialize threads to stop. */
7110 vdev_initialize_stop_wait(spa, &vd_list);
7112 /* Sync out the initializing state */
7113 txg_wait_synced(spa->spa_dsl_pool, 0);
7114 mutex_exit(&spa_namespace_lock);
7116 list_destroy(&vd_list);
7118 return (total_errors);
7122 spa_vdev_trim_impl(spa_t *spa, uint64_t guid, uint64_t cmd_type,
7123 uint64_t rate, boolean_t partial, boolean_t secure, list_t *vd_list)
7125 ASSERT(MUTEX_HELD(&spa_namespace_lock));
7127 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
7129 /* Look up vdev and ensure it's a leaf. */
7130 vdev_t *vd = spa_lookup_by_guid(spa, guid, B_FALSE);
7131 if (vd == NULL || vd->vdev_detached) {
7132 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7133 return (SET_ERROR(ENODEV));
7134 } else if (!vd->vdev_ops->vdev_op_leaf || !vdev_is_concrete(vd)) {
7135 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7136 return (SET_ERROR(EINVAL));
7137 } else if (!vdev_writeable(vd)) {
7138 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7139 return (SET_ERROR(EROFS));
7140 } else if (!vd->vdev_has_trim) {
7141 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7142 return (SET_ERROR(EOPNOTSUPP));
7143 } else if (secure && !vd->vdev_has_securetrim) {
7144 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7145 return (SET_ERROR(EOPNOTSUPP));
7147 mutex_enter(&vd->vdev_trim_lock);
7148 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
7151 * When we activate a TRIM action we check to see if the
7152 * vdev_trim_thread is NULL. We do this instead of using the
7153 * vdev_trim_state since there might be a previous TRIM process
7154 * which has completed but the thread is not exited.
7156 if (cmd_type == POOL_TRIM_START &&
7157 (vd->vdev_trim_thread != NULL || vd->vdev_top->vdev_removing)) {
7158 mutex_exit(&vd->vdev_trim_lock);
7159 return (SET_ERROR(EBUSY));
7160 } else if (cmd_type == POOL_TRIM_CANCEL &&
7161 (vd->vdev_trim_state != VDEV_TRIM_ACTIVE &&
7162 vd->vdev_trim_state != VDEV_TRIM_SUSPENDED)) {
7163 mutex_exit(&vd->vdev_trim_lock);
7164 return (SET_ERROR(ESRCH));
7165 } else if (cmd_type == POOL_TRIM_SUSPEND &&
7166 vd->vdev_trim_state != VDEV_TRIM_ACTIVE) {
7167 mutex_exit(&vd->vdev_trim_lock);
7168 return (SET_ERROR(ESRCH));
7172 case POOL_TRIM_START:
7173 vdev_trim(vd, rate, partial, secure);
7175 case POOL_TRIM_CANCEL:
7176 vdev_trim_stop(vd, VDEV_TRIM_CANCELED, vd_list);
7178 case POOL_TRIM_SUSPEND:
7179 vdev_trim_stop(vd, VDEV_TRIM_SUSPENDED, vd_list);
7182 panic("invalid cmd_type %llu", (unsigned long long)cmd_type);
7184 mutex_exit(&vd->vdev_trim_lock);
7190 * Initiates a manual TRIM for the requested vdevs. This kicks off individual
7191 * TRIM threads for each child vdev. These threads pass over all of the free
7192 * space in the vdev's metaslabs and issues TRIM commands for that space.
7195 spa_vdev_trim(spa_t *spa, nvlist_t *nv, uint64_t cmd_type, uint64_t rate,
7196 boolean_t partial, boolean_t secure, nvlist_t *vdev_errlist)
7198 int total_errors = 0;
7201 list_create(&vd_list, sizeof (vdev_t),
7202 offsetof(vdev_t, vdev_trim_node));
7205 * We hold the namespace lock through the whole function
7206 * to prevent any changes to the pool while we're starting or
7207 * stopping TRIM. The config and state locks are held so that
7208 * we can properly assess the vdev state before we commit to
7209 * the TRIM operation.
7211 mutex_enter(&spa_namespace_lock);
7213 for (nvpair_t *pair = nvlist_next_nvpair(nv, NULL);
7214 pair != NULL; pair = nvlist_next_nvpair(nv, pair)) {
7215 uint64_t vdev_guid = fnvpair_value_uint64(pair);
7217 int error = spa_vdev_trim_impl(spa, vdev_guid, cmd_type,
7218 rate, partial, secure, &vd_list);
7220 char guid_as_str[MAXNAMELEN];
7222 (void) snprintf(guid_as_str, sizeof (guid_as_str),
7223 "%llu", (unsigned long long)vdev_guid);
7224 fnvlist_add_int64(vdev_errlist, guid_as_str, error);
7229 /* Wait for all TRIM threads to stop. */
7230 vdev_trim_stop_wait(spa, &vd_list);
7232 /* Sync out the TRIM state */
7233 txg_wait_synced(spa->spa_dsl_pool, 0);
7234 mutex_exit(&spa_namespace_lock);
7236 list_destroy(&vd_list);
7238 return (total_errors);
7242 * Split a set of devices from their mirrors, and create a new pool from them.
7245 spa_vdev_split_mirror(spa_t *spa, char *newname, nvlist_t *config,
7246 nvlist_t *props, boolean_t exp)
7249 uint64_t txg, *glist;
7251 uint_t c, children, lastlog;
7252 nvlist_t **child, *nvl, *tmp;
7254 char *altroot = NULL;
7255 vdev_t *rvd, **vml = NULL; /* vdev modify list */
7256 boolean_t activate_slog;
7258 ASSERT(spa_writeable(spa));
7260 txg = spa_vdev_enter(spa);
7262 ASSERT(MUTEX_HELD(&spa_namespace_lock));
7263 if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
7264 error = (spa_has_checkpoint(spa)) ?
7265 ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
7266 return (spa_vdev_exit(spa, NULL, txg, error));
7269 /* clear the log and flush everything up to now */
7270 activate_slog = spa_passivate_log(spa);
7271 (void) spa_vdev_config_exit(spa, NULL, txg, 0, FTAG);
7272 error = spa_reset_logs(spa);
7273 txg = spa_vdev_config_enter(spa);
7276 spa_activate_log(spa);
7279 return (spa_vdev_exit(spa, NULL, txg, error));
7281 /* check new spa name before going any further */
7282 if (spa_lookup(newname) != NULL)
7283 return (spa_vdev_exit(spa, NULL, txg, EEXIST));
7286 * scan through all the children to ensure they're all mirrors
7288 if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &nvl) != 0 ||
7289 nvlist_lookup_nvlist_array(nvl, ZPOOL_CONFIG_CHILDREN, &child,
7291 return (spa_vdev_exit(spa, NULL, txg, EINVAL));
7293 /* first, check to ensure we've got the right child count */
7294 rvd = spa->spa_root_vdev;
7296 for (c = 0; c < rvd->vdev_children; c++) {
7297 vdev_t *vd = rvd->vdev_child[c];
7299 /* don't count the holes & logs as children */
7300 if (vd->vdev_islog || (vd->vdev_ops != &vdev_indirect_ops &&
7301 !vdev_is_concrete(vd))) {
7309 if (children != (lastlog != 0 ? lastlog : rvd->vdev_children))
7310 return (spa_vdev_exit(spa, NULL, txg, EINVAL));
7312 /* next, ensure no spare or cache devices are part of the split */
7313 if (nvlist_lookup_nvlist(nvl, ZPOOL_CONFIG_SPARES, &tmp) == 0 ||
7314 nvlist_lookup_nvlist(nvl, ZPOOL_CONFIG_L2CACHE, &tmp) == 0)
7315 return (spa_vdev_exit(spa, NULL, txg, EINVAL));
7317 vml = kmem_zalloc(children * sizeof (vdev_t *), KM_SLEEP);
7318 glist = kmem_zalloc(children * sizeof (uint64_t), KM_SLEEP);
7320 /* then, loop over each vdev and validate it */
7321 for (c = 0; c < children; c++) {
7322 uint64_t is_hole = 0;
7324 (void) nvlist_lookup_uint64(child[c], ZPOOL_CONFIG_IS_HOLE,
7328 if (spa->spa_root_vdev->vdev_child[c]->vdev_ishole ||
7329 spa->spa_root_vdev->vdev_child[c]->vdev_islog) {
7332 error = SET_ERROR(EINVAL);
7337 /* deal with indirect vdevs */
7338 if (spa->spa_root_vdev->vdev_child[c]->vdev_ops ==
7342 /* which disk is going to be split? */
7343 if (nvlist_lookup_uint64(child[c], ZPOOL_CONFIG_GUID,
7345 error = SET_ERROR(EINVAL);
7349 /* look it up in the spa */
7350 vml[c] = spa_lookup_by_guid(spa, glist[c], B_FALSE);
7351 if (vml[c] == NULL) {
7352 error = SET_ERROR(ENODEV);
7356 /* make sure there's nothing stopping the split */
7357 if (vml[c]->vdev_parent->vdev_ops != &vdev_mirror_ops ||
7358 vml[c]->vdev_islog ||
7359 !vdev_is_concrete(vml[c]) ||
7360 vml[c]->vdev_isspare ||
7361 vml[c]->vdev_isl2cache ||
7362 !vdev_writeable(vml[c]) ||
7363 vml[c]->vdev_children != 0 ||
7364 vml[c]->vdev_state != VDEV_STATE_HEALTHY ||
7365 c != spa->spa_root_vdev->vdev_child[c]->vdev_id) {
7366 error = SET_ERROR(EINVAL);
7370 if (vdev_dtl_required(vml[c]) ||
7371 vdev_resilver_needed(vml[c], NULL, NULL)) {
7372 error = SET_ERROR(EBUSY);
7376 /* we need certain info from the top level */
7377 VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_METASLAB_ARRAY,
7378 vml[c]->vdev_top->vdev_ms_array) == 0);
7379 VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_METASLAB_SHIFT,
7380 vml[c]->vdev_top->vdev_ms_shift) == 0);
7381 VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_ASIZE,
7382 vml[c]->vdev_top->vdev_asize) == 0);
7383 VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_ASHIFT,
7384 vml[c]->vdev_top->vdev_ashift) == 0);
7386 /* transfer per-vdev ZAPs */
7387 ASSERT3U(vml[c]->vdev_leaf_zap, !=, 0);
7388 VERIFY0(nvlist_add_uint64(child[c],
7389 ZPOOL_CONFIG_VDEV_LEAF_ZAP, vml[c]->vdev_leaf_zap));
7391 ASSERT3U(vml[c]->vdev_top->vdev_top_zap, !=, 0);
7392 VERIFY0(nvlist_add_uint64(child[c],
7393 ZPOOL_CONFIG_VDEV_TOP_ZAP,
7394 vml[c]->vdev_parent->vdev_top_zap));
7398 kmem_free(vml, children * sizeof (vdev_t *));
7399 kmem_free(glist, children * sizeof (uint64_t));
7400 return (spa_vdev_exit(spa, NULL, txg, error));
7403 /* stop writers from using the disks */
7404 for (c = 0; c < children; c++) {
7406 vml[c]->vdev_offline = B_TRUE;
7408 vdev_reopen(spa->spa_root_vdev);
7411 * Temporarily record the splitting vdevs in the spa config. This
7412 * will disappear once the config is regenerated.
7414 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
7415 VERIFY(nvlist_add_uint64_array(nvl, ZPOOL_CONFIG_SPLIT_LIST,
7416 glist, children) == 0);
7417 kmem_free(glist, children * sizeof (uint64_t));
7419 mutex_enter(&spa->spa_props_lock);
7420 VERIFY(nvlist_add_nvlist(spa->spa_config, ZPOOL_CONFIG_SPLIT,
7422 mutex_exit(&spa->spa_props_lock);
7423 spa->spa_config_splitting = nvl;
7424 vdev_config_dirty(spa->spa_root_vdev);
7426 /* configure and create the new pool */
7427 VERIFY(nvlist_add_string(config, ZPOOL_CONFIG_POOL_NAME, newname) == 0);
7428 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_STATE,
7429 exp ? POOL_STATE_EXPORTED : POOL_STATE_ACTIVE) == 0);
7430 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_VERSION,
7431 spa_version(spa)) == 0);
7432 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_TXG,
7433 spa->spa_config_txg) == 0);
7434 VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_GUID,
7435 spa_generate_guid(NULL)) == 0);
7436 VERIFY0(nvlist_add_boolean(config, ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS));
7437 (void) nvlist_lookup_string(props,
7438 zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
7440 /* add the new pool to the namespace */
7441 newspa = spa_add(newname, config, altroot);
7442 newspa->spa_avz_action = AVZ_ACTION_REBUILD;
7443 newspa->spa_config_txg = spa->spa_config_txg;
7444 spa_set_log_state(newspa, SPA_LOG_CLEAR);
7446 /* release the spa config lock, retaining the namespace lock */
7447 spa_vdev_config_exit(spa, NULL, txg, 0, FTAG);
7449 if (zio_injection_enabled)
7450 zio_handle_panic_injection(spa, FTAG, 1);
7452 spa_activate(newspa, spa_mode_global);
7453 spa_async_suspend(newspa);
7456 * Temporarily stop the initializing and TRIM activity. We set the
7457 * state to ACTIVE so that we know to resume initializing or TRIM
7458 * once the split has completed.
7460 list_t vd_initialize_list;
7461 list_create(&vd_initialize_list, sizeof (vdev_t),
7462 offsetof(vdev_t, vdev_initialize_node));
7464 list_t vd_trim_list;
7465 list_create(&vd_trim_list, sizeof (vdev_t),
7466 offsetof(vdev_t, vdev_trim_node));
7468 for (c = 0; c < children; c++) {
7469 if (vml[c] != NULL && vml[c]->vdev_ops != &vdev_indirect_ops) {
7470 mutex_enter(&vml[c]->vdev_initialize_lock);
7471 vdev_initialize_stop(vml[c],
7472 VDEV_INITIALIZE_ACTIVE, &vd_initialize_list);
7473 mutex_exit(&vml[c]->vdev_initialize_lock);
7475 mutex_enter(&vml[c]->vdev_trim_lock);
7476 vdev_trim_stop(vml[c], VDEV_TRIM_ACTIVE, &vd_trim_list);
7477 mutex_exit(&vml[c]->vdev_trim_lock);
7481 vdev_initialize_stop_wait(spa, &vd_initialize_list);
7482 vdev_trim_stop_wait(spa, &vd_trim_list);
7484 list_destroy(&vd_initialize_list);
7485 list_destroy(&vd_trim_list);
7487 newspa->spa_config_source = SPA_CONFIG_SRC_SPLIT;
7488 newspa->spa_is_splitting = B_TRUE;
7490 /* create the new pool from the disks of the original pool */
7491 error = spa_load(newspa, SPA_LOAD_IMPORT, SPA_IMPORT_ASSEMBLE);
7495 /* if that worked, generate a real config for the new pool */
7496 if (newspa->spa_root_vdev != NULL) {
7497 VERIFY(nvlist_alloc(&newspa->spa_config_splitting,
7498 NV_UNIQUE_NAME, KM_SLEEP) == 0);
7499 VERIFY(nvlist_add_uint64(newspa->spa_config_splitting,
7500 ZPOOL_CONFIG_SPLIT_GUID, spa_guid(spa)) == 0);
7501 spa_config_set(newspa, spa_config_generate(newspa, NULL, -1ULL,
7506 if (props != NULL) {
7507 spa_configfile_set(newspa, props, B_FALSE);
7508 error = spa_prop_set(newspa, props);
7513 /* flush everything */
7514 txg = spa_vdev_config_enter(newspa);
7515 vdev_config_dirty(newspa->spa_root_vdev);
7516 (void) spa_vdev_config_exit(newspa, NULL, txg, 0, FTAG);
7518 if (zio_injection_enabled)
7519 zio_handle_panic_injection(spa, FTAG, 2);
7521 spa_async_resume(newspa);
7523 /* finally, update the original pool's config */
7524 txg = spa_vdev_config_enter(spa);
7525 tx = dmu_tx_create_dd(spa_get_dsl(spa)->dp_mos_dir);
7526 error = dmu_tx_assign(tx, TXG_WAIT);
7529 for (c = 0; c < children; c++) {
7530 if (vml[c] != NULL && vml[c]->vdev_ops != &vdev_indirect_ops) {
7531 vdev_t *tvd = vml[c]->vdev_top;
7534 * Need to be sure the detachable VDEV is not
7535 * on any *other* txg's DTL list to prevent it
7536 * from being accessed after it's freed.
7538 for (int t = 0; t < TXG_SIZE; t++) {
7539 (void) txg_list_remove_this(
7540 &tvd->vdev_dtl_list, vml[c], t);
7545 spa_history_log_internal(spa, "detach", tx,
7546 "vdev=%s", vml[c]->vdev_path);
7551 spa->spa_avz_action = AVZ_ACTION_REBUILD;
7552 vdev_config_dirty(spa->spa_root_vdev);
7553 spa->spa_config_splitting = NULL;
7557 (void) spa_vdev_exit(spa, NULL, txg, 0);
7559 if (zio_injection_enabled)
7560 zio_handle_panic_injection(spa, FTAG, 3);
7562 /* split is complete; log a history record */
7563 spa_history_log_internal(newspa, "split", NULL,
7564 "from pool %s", spa_name(spa));
7566 newspa->spa_is_splitting = B_FALSE;
7567 kmem_free(vml, children * sizeof (vdev_t *));
7569 /* if we're not going to mount the filesystems in userland, export */
7571 error = spa_export_common(newname, POOL_STATE_EXPORTED, NULL,
7578 spa_deactivate(newspa);
7581 txg = spa_vdev_config_enter(spa);
7583 /* re-online all offlined disks */
7584 for (c = 0; c < children; c++) {
7586 vml[c]->vdev_offline = B_FALSE;
7589 /* restart initializing or trimming disks as necessary */
7590 spa_async_request(spa, SPA_ASYNC_INITIALIZE_RESTART);
7591 spa_async_request(spa, SPA_ASYNC_TRIM_RESTART);
7592 spa_async_request(spa, SPA_ASYNC_AUTOTRIM_RESTART);
7594 vdev_reopen(spa->spa_root_vdev);
7596 nvlist_free(spa->spa_config_splitting);
7597 spa->spa_config_splitting = NULL;
7598 (void) spa_vdev_exit(spa, NULL, txg, error);
7600 kmem_free(vml, children * sizeof (vdev_t *));
7605 * Find any device that's done replacing, or a vdev marked 'unspare' that's
7606 * currently spared, so we can detach it.
7609 spa_vdev_resilver_done_hunt(vdev_t *vd)
7611 vdev_t *newvd, *oldvd;
7613 for (int c = 0; c < vd->vdev_children; c++) {
7614 oldvd = spa_vdev_resilver_done_hunt(vd->vdev_child[c]);
7620 * Check for a completed replacement. We always consider the first
7621 * vdev in the list to be the oldest vdev, and the last one to be
7622 * the newest (see spa_vdev_attach() for how that works). In
7623 * the case where the newest vdev is faulted, we will not automatically
7624 * remove it after a resilver completes. This is OK as it will require
7625 * user intervention to determine which disk the admin wishes to keep.
7627 if (vd->vdev_ops == &vdev_replacing_ops) {
7628 ASSERT(vd->vdev_children > 1);
7630 newvd = vd->vdev_child[vd->vdev_children - 1];
7631 oldvd = vd->vdev_child[0];
7633 if (vdev_dtl_empty(newvd, DTL_MISSING) &&
7634 vdev_dtl_empty(newvd, DTL_OUTAGE) &&
7635 !vdev_dtl_required(oldvd))
7640 * Check for a completed resilver with the 'unspare' flag set.
7641 * Also potentially update faulted state.
7643 if (vd->vdev_ops == &vdev_spare_ops) {
7644 vdev_t *first = vd->vdev_child[0];
7645 vdev_t *last = vd->vdev_child[vd->vdev_children - 1];
7647 if (last->vdev_unspare) {
7650 } else if (first->vdev_unspare) {
7657 if (oldvd != NULL &&
7658 vdev_dtl_empty(newvd, DTL_MISSING) &&
7659 vdev_dtl_empty(newvd, DTL_OUTAGE) &&
7660 !vdev_dtl_required(oldvd))
7663 vdev_propagate_state(vd);
7666 * If there are more than two spares attached to a disk,
7667 * and those spares are not required, then we want to
7668 * attempt to free them up now so that they can be used
7669 * by other pools. Once we're back down to a single
7670 * disk+spare, we stop removing them.
7672 if (vd->vdev_children > 2) {
7673 newvd = vd->vdev_child[1];
7675 if (newvd->vdev_isspare && last->vdev_isspare &&
7676 vdev_dtl_empty(last, DTL_MISSING) &&
7677 vdev_dtl_empty(last, DTL_OUTAGE) &&
7678 !vdev_dtl_required(newvd))
7687 spa_vdev_resilver_done(spa_t *spa)
7689 vdev_t *vd, *pvd, *ppvd;
7690 uint64_t guid, sguid, pguid, ppguid;
7692 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
7694 while ((vd = spa_vdev_resilver_done_hunt(spa->spa_root_vdev)) != NULL) {
7695 pvd = vd->vdev_parent;
7696 ppvd = pvd->vdev_parent;
7697 guid = vd->vdev_guid;
7698 pguid = pvd->vdev_guid;
7699 ppguid = ppvd->vdev_guid;
7702 * If we have just finished replacing a hot spared device, then
7703 * we need to detach the parent's first child (the original hot
7706 if (ppvd->vdev_ops == &vdev_spare_ops && pvd->vdev_id == 0 &&
7707 ppvd->vdev_children == 2) {
7708 ASSERT(pvd->vdev_ops == &vdev_replacing_ops);
7709 sguid = ppvd->vdev_child[1]->vdev_guid;
7711 ASSERT(vd->vdev_resilver_txg == 0 || !vdev_dtl_required(vd));
7713 spa_config_exit(spa, SCL_ALL, FTAG);
7714 if (spa_vdev_detach(spa, guid, pguid, B_TRUE) != 0)
7716 if (sguid && spa_vdev_detach(spa, sguid, ppguid, B_TRUE) != 0)
7718 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
7721 spa_config_exit(spa, SCL_ALL, FTAG);
7725 * Update the stored path or FRU for this vdev.
7728 spa_vdev_set_common(spa_t *spa, uint64_t guid, const char *value,
7732 boolean_t sync = B_FALSE;
7734 ASSERT(spa_writeable(spa));
7736 spa_vdev_state_enter(spa, SCL_ALL);
7738 if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
7739 return (spa_vdev_state_exit(spa, NULL, ENOENT));
7741 if (!vd->vdev_ops->vdev_op_leaf)
7742 return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
7745 if (strcmp(value, vd->vdev_path) != 0) {
7746 spa_strfree(vd->vdev_path);
7747 vd->vdev_path = spa_strdup(value);
7751 if (vd->vdev_fru == NULL) {
7752 vd->vdev_fru = spa_strdup(value);
7754 } else if (strcmp(value, vd->vdev_fru) != 0) {
7755 spa_strfree(vd->vdev_fru);
7756 vd->vdev_fru = spa_strdup(value);
7761 return (spa_vdev_state_exit(spa, sync ? vd : NULL, 0));
7765 spa_vdev_setpath(spa_t *spa, uint64_t guid, const char *newpath)
7767 return (spa_vdev_set_common(spa, guid, newpath, B_TRUE));
7771 spa_vdev_setfru(spa_t *spa, uint64_t guid, const char *newfru)
7773 return (spa_vdev_set_common(spa, guid, newfru, B_FALSE));
7777 * ==========================================================================
7779 * ==========================================================================
7782 spa_scrub_pause_resume(spa_t *spa, pool_scrub_cmd_t cmd)
7784 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
7786 if (dsl_scan_resilvering(spa->spa_dsl_pool))
7787 return (SET_ERROR(EBUSY));
7789 return (dsl_scrub_set_pause_resume(spa->spa_dsl_pool, cmd));
7793 spa_scan_stop(spa_t *spa)
7795 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
7796 if (dsl_scan_resilvering(spa->spa_dsl_pool))
7797 return (SET_ERROR(EBUSY));
7798 return (dsl_scan_cancel(spa->spa_dsl_pool));
7802 spa_scan(spa_t *spa, pool_scan_func_t func)
7804 ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
7806 if (func >= POOL_SCAN_FUNCS || func == POOL_SCAN_NONE)
7807 return (SET_ERROR(ENOTSUP));
7809 if (func == POOL_SCAN_RESILVER &&
7810 !spa_feature_is_enabled(spa, SPA_FEATURE_RESILVER_DEFER))
7811 return (SET_ERROR(ENOTSUP));
7814 * If a resilver was requested, but there is no DTL on a
7815 * writeable leaf device, we have nothing to do.
7817 if (func == POOL_SCAN_RESILVER &&
7818 !vdev_resilver_needed(spa->spa_root_vdev, NULL, NULL)) {
7819 spa_async_request(spa, SPA_ASYNC_RESILVER_DONE);
7823 return (dsl_scan(spa->spa_dsl_pool, func));
7827 * ==========================================================================
7828 * SPA async task processing
7829 * ==========================================================================
7833 spa_async_remove(spa_t *spa, vdev_t *vd)
7835 if (vd->vdev_remove_wanted) {
7836 vd->vdev_remove_wanted = B_FALSE;
7837 vd->vdev_delayed_close = B_FALSE;
7838 vdev_set_state(vd, B_FALSE, VDEV_STATE_REMOVED, VDEV_AUX_NONE);
7841 * We want to clear the stats, but we don't want to do a full
7842 * vdev_clear() as that will cause us to throw away
7843 * degraded/faulted state as well as attempt to reopen the
7844 * device, all of which is a waste.
7846 vd->vdev_stat.vs_read_errors = 0;
7847 vd->vdev_stat.vs_write_errors = 0;
7848 vd->vdev_stat.vs_checksum_errors = 0;
7850 vdev_state_dirty(vd->vdev_top);
7853 for (int c = 0; c < vd->vdev_children; c++)
7854 spa_async_remove(spa, vd->vdev_child[c]);
7858 spa_async_probe(spa_t *spa, vdev_t *vd)
7860 if (vd->vdev_probe_wanted) {
7861 vd->vdev_probe_wanted = B_FALSE;
7862 vdev_reopen(vd); /* vdev_open() does the actual probe */
7865 for (int c = 0; c < vd->vdev_children; c++)
7866 spa_async_probe(spa, vd->vdev_child[c]);
7870 spa_async_autoexpand(spa_t *spa, vdev_t *vd)
7872 if (!spa->spa_autoexpand)
7875 for (int c = 0; c < vd->vdev_children; c++) {
7876 vdev_t *cvd = vd->vdev_child[c];
7877 spa_async_autoexpand(spa, cvd);
7880 if (!vd->vdev_ops->vdev_op_leaf || vd->vdev_physpath == NULL)
7883 spa_event_notify(vd->vdev_spa, vd, NULL, ESC_ZFS_VDEV_AUTOEXPAND);
7887 spa_async_thread(void *arg)
7889 spa_t *spa = (spa_t *)arg;
7890 dsl_pool_t *dp = spa->spa_dsl_pool;
7893 ASSERT(spa->spa_sync_on);
7895 mutex_enter(&spa->spa_async_lock);
7896 tasks = spa->spa_async_tasks;
7897 spa->spa_async_tasks = 0;
7898 mutex_exit(&spa->spa_async_lock);
7901 * See if the config needs to be updated.
7903 if (tasks & SPA_ASYNC_CONFIG_UPDATE) {
7904 uint64_t old_space, new_space;
7906 mutex_enter(&spa_namespace_lock);
7907 old_space = metaslab_class_get_space(spa_normal_class(spa));
7908 old_space += metaslab_class_get_space(spa_special_class(spa));
7909 old_space += metaslab_class_get_space(spa_dedup_class(spa));
7911 spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
7913 new_space = metaslab_class_get_space(spa_normal_class(spa));
7914 new_space += metaslab_class_get_space(spa_special_class(spa));
7915 new_space += metaslab_class_get_space(spa_dedup_class(spa));
7916 mutex_exit(&spa_namespace_lock);
7919 * If the pool grew as a result of the config update,
7920 * then log an internal history event.
7922 if (new_space != old_space) {
7923 spa_history_log_internal(spa, "vdev online", NULL,
7924 "pool '%s' size: %llu(+%llu)",
7925 spa_name(spa), (u_longlong_t)new_space,
7926 (u_longlong_t)(new_space - old_space));
7931 * See if any devices need to be marked REMOVED.
7933 if (tasks & SPA_ASYNC_REMOVE) {
7934 spa_vdev_state_enter(spa, SCL_NONE);
7935 spa_async_remove(spa, spa->spa_root_vdev);
7936 for (int i = 0; i < spa->spa_l2cache.sav_count; i++)
7937 spa_async_remove(spa, spa->spa_l2cache.sav_vdevs[i]);
7938 for (int i = 0; i < spa->spa_spares.sav_count; i++)
7939 spa_async_remove(spa, spa->spa_spares.sav_vdevs[i]);
7940 (void) spa_vdev_state_exit(spa, NULL, 0);
7943 if ((tasks & SPA_ASYNC_AUTOEXPAND) && !spa_suspended(spa)) {
7944 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
7945 spa_async_autoexpand(spa, spa->spa_root_vdev);
7946 spa_config_exit(spa, SCL_CONFIG, FTAG);
7950 * See if any devices need to be probed.
7952 if (tasks & SPA_ASYNC_PROBE) {
7953 spa_vdev_state_enter(spa, SCL_NONE);
7954 spa_async_probe(spa, spa->spa_root_vdev);
7955 (void) spa_vdev_state_exit(spa, NULL, 0);
7959 * If any devices are done replacing, detach them.
7961 if (tasks & SPA_ASYNC_RESILVER_DONE)
7962 spa_vdev_resilver_done(spa);
7965 * Kick off a resilver.
7967 if (tasks & SPA_ASYNC_RESILVER &&
7968 (!dsl_scan_resilvering(dp) ||
7969 !spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_RESILVER_DEFER)))
7970 dsl_scan_restart_resilver(dp, 0);
7972 if (tasks & SPA_ASYNC_INITIALIZE_RESTART) {
7973 mutex_enter(&spa_namespace_lock);
7974 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
7975 vdev_initialize_restart(spa->spa_root_vdev);
7976 spa_config_exit(spa, SCL_CONFIG, FTAG);
7977 mutex_exit(&spa_namespace_lock);
7980 if (tasks & SPA_ASYNC_TRIM_RESTART) {
7981 mutex_enter(&spa_namespace_lock);
7982 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
7983 vdev_trim_restart(spa->spa_root_vdev);
7984 spa_config_exit(spa, SCL_CONFIG, FTAG);
7985 mutex_exit(&spa_namespace_lock);
7988 if (tasks & SPA_ASYNC_AUTOTRIM_RESTART) {
7989 mutex_enter(&spa_namespace_lock);
7990 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
7991 vdev_autotrim_restart(spa);
7992 spa_config_exit(spa, SCL_CONFIG, FTAG);
7993 mutex_exit(&spa_namespace_lock);
7997 * Kick off L2 cache rebuilding.
7999 if (tasks & SPA_ASYNC_L2CACHE_REBUILD) {
8000 mutex_enter(&spa_namespace_lock);
8001 spa_config_enter(spa, SCL_L2ARC, FTAG, RW_READER);
8002 l2arc_spa_rebuild_start(spa);
8003 spa_config_exit(spa, SCL_L2ARC, FTAG);
8004 mutex_exit(&spa_namespace_lock);
8008 * Let the world know that we're done.
8010 mutex_enter(&spa->spa_async_lock);
8011 spa->spa_async_thread = NULL;
8012 cv_broadcast(&spa->spa_async_cv);
8013 mutex_exit(&spa->spa_async_lock);
8018 spa_async_suspend(spa_t *spa)
8020 mutex_enter(&spa->spa_async_lock);
8021 spa->spa_async_suspended++;
8022 while (spa->spa_async_thread != NULL)
8023 cv_wait(&spa->spa_async_cv, &spa->spa_async_lock);
8024 mutex_exit(&spa->spa_async_lock);
8026 spa_vdev_remove_suspend(spa);
8028 zthr_t *condense_thread = spa->spa_condense_zthr;
8029 if (condense_thread != NULL)
8030 zthr_cancel(condense_thread);
8032 zthr_t *discard_thread = spa->spa_checkpoint_discard_zthr;
8033 if (discard_thread != NULL)
8034 zthr_cancel(discard_thread);
8036 zthr_t *ll_delete_thread = spa->spa_livelist_delete_zthr;
8037 if (ll_delete_thread != NULL)
8038 zthr_cancel(ll_delete_thread);
8040 zthr_t *ll_condense_thread = spa->spa_livelist_condense_zthr;
8041 if (ll_condense_thread != NULL)
8042 zthr_cancel(ll_condense_thread);
8046 spa_async_resume(spa_t *spa)
8048 mutex_enter(&spa->spa_async_lock);
8049 ASSERT(spa->spa_async_suspended != 0);
8050 spa->spa_async_suspended--;
8051 mutex_exit(&spa->spa_async_lock);
8052 spa_restart_removal(spa);
8054 zthr_t *condense_thread = spa->spa_condense_zthr;
8055 if (condense_thread != NULL)
8056 zthr_resume(condense_thread);
8058 zthr_t *discard_thread = spa->spa_checkpoint_discard_zthr;
8059 if (discard_thread != NULL)
8060 zthr_resume(discard_thread);
8062 zthr_t *ll_delete_thread = spa->spa_livelist_delete_zthr;
8063 if (ll_delete_thread != NULL)
8064 zthr_resume(ll_delete_thread);
8066 zthr_t *ll_condense_thread = spa->spa_livelist_condense_zthr;
8067 if (ll_condense_thread != NULL)
8068 zthr_resume(ll_condense_thread);
8072 spa_async_tasks_pending(spa_t *spa)
8074 uint_t non_config_tasks;
8076 boolean_t config_task_suspended;
8078 non_config_tasks = spa->spa_async_tasks & ~SPA_ASYNC_CONFIG_UPDATE;
8079 config_task = spa->spa_async_tasks & SPA_ASYNC_CONFIG_UPDATE;
8080 if (spa->spa_ccw_fail_time == 0) {
8081 config_task_suspended = B_FALSE;
8083 config_task_suspended =
8084 (gethrtime() - spa->spa_ccw_fail_time) <
8085 ((hrtime_t)zfs_ccw_retry_interval * NANOSEC);
8088 return (non_config_tasks || (config_task && !config_task_suspended));
8092 spa_async_dispatch(spa_t *spa)
8094 mutex_enter(&spa->spa_async_lock);
8095 if (spa_async_tasks_pending(spa) &&
8096 !spa->spa_async_suspended &&
8097 spa->spa_async_thread == NULL)
8098 spa->spa_async_thread = thread_create(NULL, 0,
8099 spa_async_thread, spa, 0, &p0, TS_RUN, maxclsyspri);
8100 mutex_exit(&spa->spa_async_lock);
8104 spa_async_request(spa_t *spa, int task)
8106 zfs_dbgmsg("spa=%s async request task=%u", spa->spa_name, task);
8107 mutex_enter(&spa->spa_async_lock);
8108 spa->spa_async_tasks |= task;
8109 mutex_exit(&spa->spa_async_lock);
8113 spa_async_tasks(spa_t *spa)
8115 return (spa->spa_async_tasks);
8119 * ==========================================================================
8120 * SPA syncing routines
8121 * ==========================================================================
8126 bpobj_enqueue_cb(void *arg, const blkptr_t *bp, boolean_t bp_freed,
8130 bpobj_enqueue(bpo, bp, bp_freed, tx);
8135 bpobj_enqueue_alloc_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
8137 return (bpobj_enqueue_cb(arg, bp, B_FALSE, tx));
8141 bpobj_enqueue_free_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
8143 return (bpobj_enqueue_cb(arg, bp, B_TRUE, tx));
8147 spa_free_sync_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
8151 zio_nowait(zio_free_sync(pio, pio->io_spa, dmu_tx_get_txg(tx), bp,
8157 bpobj_spa_free_sync_cb(void *arg, const blkptr_t *bp, boolean_t bp_freed,
8161 return (spa_free_sync_cb(arg, bp, tx));
8165 * Note: this simple function is not inlined to make it easier to dtrace the
8166 * amount of time spent syncing frees.
8169 spa_sync_frees(spa_t *spa, bplist_t *bpl, dmu_tx_t *tx)
8171 zio_t *zio = zio_root(spa, NULL, NULL, 0);
8172 bplist_iterate(bpl, spa_free_sync_cb, zio, tx);
8173 VERIFY(zio_wait(zio) == 0);
8177 * Note: this simple function is not inlined to make it easier to dtrace the
8178 * amount of time spent syncing deferred frees.
8181 spa_sync_deferred_frees(spa_t *spa, dmu_tx_t *tx)
8183 if (spa_sync_pass(spa) != 1)
8188 * If the log space map feature is active, we stop deferring
8189 * frees to the next TXG and therefore running this function
8190 * would be considered a no-op as spa_deferred_bpobj should
8191 * not have any entries.
8193 * That said we run this function anyway (instead of returning
8194 * immediately) for the edge-case scenario where we just
8195 * activated the log space map feature in this TXG but we have
8196 * deferred frees from the previous TXG.
8198 zio_t *zio = zio_root(spa, NULL, NULL, 0);
8199 VERIFY3U(bpobj_iterate(&spa->spa_deferred_bpobj,
8200 bpobj_spa_free_sync_cb, zio, tx), ==, 0);
8201 VERIFY0(zio_wait(zio));
8205 spa_sync_nvlist(spa_t *spa, uint64_t obj, nvlist_t *nv, dmu_tx_t *tx)
8207 char *packed = NULL;
8212 VERIFY(nvlist_size(nv, &nvsize, NV_ENCODE_XDR) == 0);
8215 * Write full (SPA_CONFIG_BLOCKSIZE) blocks of configuration
8216 * information. This avoids the dmu_buf_will_dirty() path and
8217 * saves us a pre-read to get data we don't actually care about.
8219 bufsize = P2ROUNDUP((uint64_t)nvsize, SPA_CONFIG_BLOCKSIZE);
8220 packed = vmem_alloc(bufsize, KM_SLEEP);
8222 VERIFY(nvlist_pack(nv, &packed, &nvsize, NV_ENCODE_XDR,
8224 bzero(packed + nvsize, bufsize - nvsize);
8226 dmu_write(spa->spa_meta_objset, obj, 0, bufsize, packed, tx);
8228 vmem_free(packed, bufsize);
8230 VERIFY(0 == dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db));
8231 dmu_buf_will_dirty(db, tx);
8232 *(uint64_t *)db->db_data = nvsize;
8233 dmu_buf_rele(db, FTAG);
8237 spa_sync_aux_dev(spa_t *spa, spa_aux_vdev_t *sav, dmu_tx_t *tx,
8238 const char *config, const char *entry)
8248 * Update the MOS nvlist describing the list of available devices.
8249 * spa_validate_aux() will have already made sure this nvlist is
8250 * valid and the vdevs are labeled appropriately.
8252 if (sav->sav_object == 0) {
8253 sav->sav_object = dmu_object_alloc(spa->spa_meta_objset,
8254 DMU_OT_PACKED_NVLIST, 1 << 14, DMU_OT_PACKED_NVLIST_SIZE,
8255 sizeof (uint64_t), tx);
8256 VERIFY(zap_update(spa->spa_meta_objset,
8257 DMU_POOL_DIRECTORY_OBJECT, entry, sizeof (uint64_t), 1,
8258 &sav->sav_object, tx) == 0);
8261 VERIFY(nvlist_alloc(&nvroot, NV_UNIQUE_NAME, KM_SLEEP) == 0);
8262 if (sav->sav_count == 0) {
8263 VERIFY(nvlist_add_nvlist_array(nvroot, config, NULL, 0) == 0);
8265 list = kmem_alloc(sav->sav_count*sizeof (void *), KM_SLEEP);
8266 for (i = 0; i < sav->sav_count; i++)
8267 list[i] = vdev_config_generate(spa, sav->sav_vdevs[i],
8268 B_FALSE, VDEV_CONFIG_L2CACHE);
8269 VERIFY(nvlist_add_nvlist_array(nvroot, config, list,
8270 sav->sav_count) == 0);
8271 for (i = 0; i < sav->sav_count; i++)
8272 nvlist_free(list[i]);
8273 kmem_free(list, sav->sav_count * sizeof (void *));
8276 spa_sync_nvlist(spa, sav->sav_object, nvroot, tx);
8277 nvlist_free(nvroot);
8279 sav->sav_sync = B_FALSE;
8283 * Rebuild spa's all-vdev ZAP from the vdev ZAPs indicated in each vdev_t.
8284 * The all-vdev ZAP must be empty.
8287 spa_avz_build(vdev_t *vd, uint64_t avz, dmu_tx_t *tx)
8289 spa_t *spa = vd->vdev_spa;
8291 if (vd->vdev_top_zap != 0) {
8292 VERIFY0(zap_add_int(spa->spa_meta_objset, avz,
8293 vd->vdev_top_zap, tx));
8295 if (vd->vdev_leaf_zap != 0) {
8296 VERIFY0(zap_add_int(spa->spa_meta_objset, avz,
8297 vd->vdev_leaf_zap, tx));
8299 for (uint64_t i = 0; i < vd->vdev_children; i++) {
8300 spa_avz_build(vd->vdev_child[i], avz, tx);
8305 spa_sync_config_object(spa_t *spa, dmu_tx_t *tx)
8310 * If the pool is being imported from a pre-per-vdev-ZAP version of ZFS,
8311 * its config may not be dirty but we still need to build per-vdev ZAPs.
8312 * Similarly, if the pool is being assembled (e.g. after a split), we
8313 * need to rebuild the AVZ although the config may not be dirty.
8315 if (list_is_empty(&spa->spa_config_dirty_list) &&
8316 spa->spa_avz_action == AVZ_ACTION_NONE)
8319 spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
8321 ASSERT(spa->spa_avz_action == AVZ_ACTION_NONE ||
8322 spa->spa_avz_action == AVZ_ACTION_INITIALIZE ||
8323 spa->spa_all_vdev_zaps != 0);
8325 if (spa->spa_avz_action == AVZ_ACTION_REBUILD) {
8326 /* Make and build the new AVZ */
8327 uint64_t new_avz = zap_create(spa->spa_meta_objset,
8328 DMU_OTN_ZAP_METADATA, DMU_OT_NONE, 0, tx);
8329 spa_avz_build(spa->spa_root_vdev, new_avz, tx);
8331 /* Diff old AVZ with new one */
8335 for (zap_cursor_init(&zc, spa->spa_meta_objset,
8336 spa->spa_all_vdev_zaps);
8337 zap_cursor_retrieve(&zc, &za) == 0;
8338 zap_cursor_advance(&zc)) {
8339 uint64_t vdzap = za.za_first_integer;
8340 if (zap_lookup_int(spa->spa_meta_objset, new_avz,
8343 * ZAP is listed in old AVZ but not in new one;
8346 VERIFY0(zap_destroy(spa->spa_meta_objset, vdzap,
8351 zap_cursor_fini(&zc);
8353 /* Destroy the old AVZ */
8354 VERIFY0(zap_destroy(spa->spa_meta_objset,
8355 spa->spa_all_vdev_zaps, tx));
8357 /* Replace the old AVZ in the dir obj with the new one */
8358 VERIFY0(zap_update(spa->spa_meta_objset,
8359 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_VDEV_ZAP_MAP,
8360 sizeof (new_avz), 1, &new_avz, tx));
8362 spa->spa_all_vdev_zaps = new_avz;
8363 } else if (spa->spa_avz_action == AVZ_ACTION_DESTROY) {
8367 /* Walk through the AVZ and destroy all listed ZAPs */
8368 for (zap_cursor_init(&zc, spa->spa_meta_objset,
8369 spa->spa_all_vdev_zaps);
8370 zap_cursor_retrieve(&zc, &za) == 0;
8371 zap_cursor_advance(&zc)) {
8372 uint64_t zap = za.za_first_integer;
8373 VERIFY0(zap_destroy(spa->spa_meta_objset, zap, tx));
8376 zap_cursor_fini(&zc);
8378 /* Destroy and unlink the AVZ itself */
8379 VERIFY0(zap_destroy(spa->spa_meta_objset,
8380 spa->spa_all_vdev_zaps, tx));
8381 VERIFY0(zap_remove(spa->spa_meta_objset,
8382 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_VDEV_ZAP_MAP, tx));
8383 spa->spa_all_vdev_zaps = 0;
8386 if (spa->spa_all_vdev_zaps == 0) {
8387 spa->spa_all_vdev_zaps = zap_create_link(spa->spa_meta_objset,
8388 DMU_OTN_ZAP_METADATA, DMU_POOL_DIRECTORY_OBJECT,
8389 DMU_POOL_VDEV_ZAP_MAP, tx);
8391 spa->spa_avz_action = AVZ_ACTION_NONE;
8393 /* Create ZAPs for vdevs that don't have them. */
8394 vdev_construct_zaps(spa->spa_root_vdev, tx);
8396 config = spa_config_generate(spa, spa->spa_root_vdev,
8397 dmu_tx_get_txg(tx), B_FALSE);
8400 * If we're upgrading the spa version then make sure that
8401 * the config object gets updated with the correct version.
8403 if (spa->spa_ubsync.ub_version < spa->spa_uberblock.ub_version)
8404 fnvlist_add_uint64(config, ZPOOL_CONFIG_VERSION,
8405 spa->spa_uberblock.ub_version);
8407 spa_config_exit(spa, SCL_STATE, FTAG);
8409 nvlist_free(spa->spa_config_syncing);
8410 spa->spa_config_syncing = config;
8412 spa_sync_nvlist(spa, spa->spa_config_object, config, tx);
8416 spa_sync_version(void *arg, dmu_tx_t *tx)
8418 uint64_t *versionp = arg;
8419 uint64_t version = *versionp;
8420 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
8423 * Setting the version is special cased when first creating the pool.
8425 ASSERT(tx->tx_txg != TXG_INITIAL);
8427 ASSERT(SPA_VERSION_IS_SUPPORTED(version));
8428 ASSERT(version >= spa_version(spa));
8430 spa->spa_uberblock.ub_version = version;
8431 vdev_config_dirty(spa->spa_root_vdev);
8432 spa_history_log_internal(spa, "set", tx, "version=%lld",
8433 (longlong_t)version);
8437 * Set zpool properties.
8440 spa_sync_props(void *arg, dmu_tx_t *tx)
8442 nvlist_t *nvp = arg;
8443 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
8444 objset_t *mos = spa->spa_meta_objset;
8445 nvpair_t *elem = NULL;
8447 mutex_enter(&spa->spa_props_lock);
8449 while ((elem = nvlist_next_nvpair(nvp, elem))) {
8451 char *strval, *fname;
8453 const char *propname;
8454 zprop_type_t proptype;
8457 switch (prop = zpool_name_to_prop(nvpair_name(elem))) {
8458 case ZPOOL_PROP_INVAL:
8460 * We checked this earlier in spa_prop_validate().
8462 ASSERT(zpool_prop_feature(nvpair_name(elem)));
8464 fname = strchr(nvpair_name(elem), '@') + 1;
8465 VERIFY0(zfeature_lookup_name(fname, &fid));
8467 spa_feature_enable(spa, fid, tx);
8468 spa_history_log_internal(spa, "set", tx,
8469 "%s=enabled", nvpair_name(elem));
8472 case ZPOOL_PROP_VERSION:
8473 intval = fnvpair_value_uint64(elem);
8475 * The version is synced separately before other
8476 * properties and should be correct by now.
8478 ASSERT3U(spa_version(spa), >=, intval);
8481 case ZPOOL_PROP_ALTROOT:
8483 * 'altroot' is a non-persistent property. It should
8484 * have been set temporarily at creation or import time.
8486 ASSERT(spa->spa_root != NULL);
8489 case ZPOOL_PROP_READONLY:
8490 case ZPOOL_PROP_CACHEFILE:
8492 * 'readonly' and 'cachefile' are also non-persistent
8496 case ZPOOL_PROP_COMMENT:
8497 strval = fnvpair_value_string(elem);
8498 if (spa->spa_comment != NULL)
8499 spa_strfree(spa->spa_comment);
8500 spa->spa_comment = spa_strdup(strval);
8502 * We need to dirty the configuration on all the vdevs
8503 * so that their labels get updated. It's unnecessary
8504 * to do this for pool creation since the vdev's
8505 * configuration has already been dirtied.
8507 if (tx->tx_txg != TXG_INITIAL)
8508 vdev_config_dirty(spa->spa_root_vdev);
8509 spa_history_log_internal(spa, "set", tx,
8510 "%s=%s", nvpair_name(elem), strval);
8514 * Set pool property values in the poolprops mos object.
8516 if (spa->spa_pool_props_object == 0) {
8517 spa->spa_pool_props_object =
8518 zap_create_link(mos, DMU_OT_POOL_PROPS,
8519 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_PROPS,
8523 /* normalize the property name */
8524 propname = zpool_prop_to_name(prop);
8525 proptype = zpool_prop_get_type(prop);
8527 if (nvpair_type(elem) == DATA_TYPE_STRING) {
8528 ASSERT(proptype == PROP_TYPE_STRING);
8529 strval = fnvpair_value_string(elem);
8530 VERIFY0(zap_update(mos,
8531 spa->spa_pool_props_object, propname,
8532 1, strlen(strval) + 1, strval, tx));
8533 spa_history_log_internal(spa, "set", tx,
8534 "%s=%s", nvpair_name(elem), strval);
8535 } else if (nvpair_type(elem) == DATA_TYPE_UINT64) {
8536 intval = fnvpair_value_uint64(elem);
8538 if (proptype == PROP_TYPE_INDEX) {
8540 VERIFY0(zpool_prop_index_to_string(
8541 prop, intval, &unused));
8543 VERIFY0(zap_update(mos,
8544 spa->spa_pool_props_object, propname,
8545 8, 1, &intval, tx));
8546 spa_history_log_internal(spa, "set", tx,
8547 "%s=%lld", nvpair_name(elem),
8548 (longlong_t)intval);
8550 ASSERT(0); /* not allowed */
8554 case ZPOOL_PROP_DELEGATION:
8555 spa->spa_delegation = intval;
8557 case ZPOOL_PROP_BOOTFS:
8558 spa->spa_bootfs = intval;
8560 case ZPOOL_PROP_FAILUREMODE:
8561 spa->spa_failmode = intval;
8563 case ZPOOL_PROP_AUTOTRIM:
8564 spa->spa_autotrim = intval;
8565 spa_async_request(spa,
8566 SPA_ASYNC_AUTOTRIM_RESTART);
8568 case ZPOOL_PROP_AUTOEXPAND:
8569 spa->spa_autoexpand = intval;
8570 if (tx->tx_txg != TXG_INITIAL)
8571 spa_async_request(spa,
8572 SPA_ASYNC_AUTOEXPAND);
8574 case ZPOOL_PROP_MULTIHOST:
8575 spa->spa_multihost = intval;
8584 mutex_exit(&spa->spa_props_lock);
8588 * Perform one-time upgrade on-disk changes. spa_version() does not
8589 * reflect the new version this txg, so there must be no changes this
8590 * txg to anything that the upgrade code depends on after it executes.
8591 * Therefore this must be called after dsl_pool_sync() does the sync
8595 spa_sync_upgrades(spa_t *spa, dmu_tx_t *tx)
8597 if (spa_sync_pass(spa) != 1)
8600 dsl_pool_t *dp = spa->spa_dsl_pool;
8601 rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
8603 if (spa->spa_ubsync.ub_version < SPA_VERSION_ORIGIN &&
8604 spa->spa_uberblock.ub_version >= SPA_VERSION_ORIGIN) {
8605 dsl_pool_create_origin(dp, tx);
8607 /* Keeping the origin open increases spa_minref */
8608 spa->spa_minref += 3;
8611 if (spa->spa_ubsync.ub_version < SPA_VERSION_NEXT_CLONES &&
8612 spa->spa_uberblock.ub_version >= SPA_VERSION_NEXT_CLONES) {
8613 dsl_pool_upgrade_clones(dp, tx);
8616 if (spa->spa_ubsync.ub_version < SPA_VERSION_DIR_CLONES &&
8617 spa->spa_uberblock.ub_version >= SPA_VERSION_DIR_CLONES) {
8618 dsl_pool_upgrade_dir_clones(dp, tx);
8620 /* Keeping the freedir open increases spa_minref */
8621 spa->spa_minref += 3;
8624 if (spa->spa_ubsync.ub_version < SPA_VERSION_FEATURES &&
8625 spa->spa_uberblock.ub_version >= SPA_VERSION_FEATURES) {
8626 spa_feature_create_zap_objects(spa, tx);
8630 * LZ4_COMPRESS feature's behaviour was changed to activate_on_enable
8631 * when possibility to use lz4 compression for metadata was added
8632 * Old pools that have this feature enabled must be upgraded to have
8633 * this feature active
8635 if (spa->spa_uberblock.ub_version >= SPA_VERSION_FEATURES) {
8636 boolean_t lz4_en = spa_feature_is_enabled(spa,
8637 SPA_FEATURE_LZ4_COMPRESS);
8638 boolean_t lz4_ac = spa_feature_is_active(spa,
8639 SPA_FEATURE_LZ4_COMPRESS);
8641 if (lz4_en && !lz4_ac)
8642 spa_feature_incr(spa, SPA_FEATURE_LZ4_COMPRESS, tx);
8646 * If we haven't written the salt, do so now. Note that the
8647 * feature may not be activated yet, but that's fine since
8648 * the presence of this ZAP entry is backwards compatible.
8650 if (zap_contains(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
8651 DMU_POOL_CHECKSUM_SALT) == ENOENT) {
8652 VERIFY0(zap_add(spa->spa_meta_objset,
8653 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CHECKSUM_SALT, 1,
8654 sizeof (spa->spa_cksum_salt.zcs_bytes),
8655 spa->spa_cksum_salt.zcs_bytes, tx));
8658 rrw_exit(&dp->dp_config_rwlock, FTAG);
8662 vdev_indirect_state_sync_verify(vdev_t *vd)
8664 vdev_indirect_mapping_t *vim __maybe_unused = vd->vdev_indirect_mapping;
8665 vdev_indirect_births_t *vib __maybe_unused = vd->vdev_indirect_births;
8667 if (vd->vdev_ops == &vdev_indirect_ops) {
8668 ASSERT(vim != NULL);
8669 ASSERT(vib != NULL);
8672 uint64_t obsolete_sm_object = 0;
8673 ASSERT0(vdev_obsolete_sm_object(vd, &obsolete_sm_object));
8674 if (obsolete_sm_object != 0) {
8675 ASSERT(vd->vdev_obsolete_sm != NULL);
8676 ASSERT(vd->vdev_removing ||
8677 vd->vdev_ops == &vdev_indirect_ops);
8678 ASSERT(vdev_indirect_mapping_num_entries(vim) > 0);
8679 ASSERT(vdev_indirect_mapping_bytes_mapped(vim) > 0);
8680 ASSERT3U(obsolete_sm_object, ==,
8681 space_map_object(vd->vdev_obsolete_sm));
8682 ASSERT3U(vdev_indirect_mapping_bytes_mapped(vim), >=,
8683 space_map_allocated(vd->vdev_obsolete_sm));
8685 ASSERT(vd->vdev_obsolete_segments != NULL);
8688 * Since frees / remaps to an indirect vdev can only
8689 * happen in syncing context, the obsolete segments
8690 * tree must be empty when we start syncing.
8692 ASSERT0(range_tree_space(vd->vdev_obsolete_segments));
8696 * Set the top-level vdev's max queue depth. Evaluate each top-level's
8697 * async write queue depth in case it changed. The max queue depth will
8698 * not change in the middle of syncing out this txg.
8701 spa_sync_adjust_vdev_max_queue_depth(spa_t *spa)
8703 ASSERT(spa_writeable(spa));
8705 vdev_t *rvd = spa->spa_root_vdev;
8706 uint32_t max_queue_depth = zfs_vdev_async_write_max_active *
8707 zfs_vdev_queue_depth_pct / 100;
8708 metaslab_class_t *normal = spa_normal_class(spa);
8709 metaslab_class_t *special = spa_special_class(spa);
8710 metaslab_class_t *dedup = spa_dedup_class(spa);
8712 uint64_t slots_per_allocator = 0;
8713 for (int c = 0; c < rvd->vdev_children; c++) {
8714 vdev_t *tvd = rvd->vdev_child[c];
8716 metaslab_group_t *mg = tvd->vdev_mg;
8717 if (mg == NULL || !metaslab_group_initialized(mg))
8720 metaslab_class_t *mc = mg->mg_class;
8721 if (mc != normal && mc != special && mc != dedup)
8725 * It is safe to do a lock-free check here because only async
8726 * allocations look at mg_max_alloc_queue_depth, and async
8727 * allocations all happen from spa_sync().
8729 for (int i = 0; i < mg->mg_allocators; i++) {
8730 ASSERT0(zfs_refcount_count(
8731 &(mg->mg_allocator[i].mga_alloc_queue_depth)));
8733 mg->mg_max_alloc_queue_depth = max_queue_depth;
8735 for (int i = 0; i < mg->mg_allocators; i++) {
8736 mg->mg_allocator[i].mga_cur_max_alloc_queue_depth =
8737 zfs_vdev_def_queue_depth;
8739 slots_per_allocator += zfs_vdev_def_queue_depth;
8742 for (int i = 0; i < spa->spa_alloc_count; i++) {
8743 ASSERT0(zfs_refcount_count(&normal->mc_alloc_slots[i]));
8744 ASSERT0(zfs_refcount_count(&special->mc_alloc_slots[i]));
8745 ASSERT0(zfs_refcount_count(&dedup->mc_alloc_slots[i]));
8746 normal->mc_alloc_max_slots[i] = slots_per_allocator;
8747 special->mc_alloc_max_slots[i] = slots_per_allocator;
8748 dedup->mc_alloc_max_slots[i] = slots_per_allocator;
8750 normal->mc_alloc_throttle_enabled = zio_dva_throttle_enabled;
8751 special->mc_alloc_throttle_enabled = zio_dva_throttle_enabled;
8752 dedup->mc_alloc_throttle_enabled = zio_dva_throttle_enabled;
8756 spa_sync_condense_indirect(spa_t *spa, dmu_tx_t *tx)
8758 ASSERT(spa_writeable(spa));
8760 vdev_t *rvd = spa->spa_root_vdev;
8761 for (int c = 0; c < rvd->vdev_children; c++) {
8762 vdev_t *vd = rvd->vdev_child[c];
8763 vdev_indirect_state_sync_verify(vd);
8765 if (vdev_indirect_should_condense(vd)) {
8766 spa_condense_indirect_start_sync(vd, tx);
8773 spa_sync_iterate_to_convergence(spa_t *spa, dmu_tx_t *tx)
8775 objset_t *mos = spa->spa_meta_objset;
8776 dsl_pool_t *dp = spa->spa_dsl_pool;
8777 uint64_t txg = tx->tx_txg;
8778 bplist_t *free_bpl = &spa->spa_free_bplist[txg & TXG_MASK];
8781 int pass = ++spa->spa_sync_pass;
8783 spa_sync_config_object(spa, tx);
8784 spa_sync_aux_dev(spa, &spa->spa_spares, tx,
8785 ZPOOL_CONFIG_SPARES, DMU_POOL_SPARES);
8786 spa_sync_aux_dev(spa, &spa->spa_l2cache, tx,
8787 ZPOOL_CONFIG_L2CACHE, DMU_POOL_L2CACHE);
8788 spa_errlog_sync(spa, txg);
8789 dsl_pool_sync(dp, txg);
8791 if (pass < zfs_sync_pass_deferred_free ||
8792 spa_feature_is_active(spa, SPA_FEATURE_LOG_SPACEMAP)) {
8794 * If the log space map feature is active we don't
8795 * care about deferred frees and the deferred bpobj
8796 * as the log space map should effectively have the
8797 * same results (i.e. appending only to one object).
8799 spa_sync_frees(spa, free_bpl, tx);
8802 * We can not defer frees in pass 1, because
8803 * we sync the deferred frees later in pass 1.
8805 ASSERT3U(pass, >, 1);
8806 bplist_iterate(free_bpl, bpobj_enqueue_alloc_cb,
8807 &spa->spa_deferred_bpobj, tx);
8811 dsl_scan_sync(dp, tx);
8813 spa_sync_upgrades(spa, tx);
8815 spa_flush_metaslabs(spa, tx);
8818 while ((vd = txg_list_remove(&spa->spa_vdev_txg_list, txg))
8823 * Note: We need to check if the MOS is dirty because we could
8824 * have marked the MOS dirty without updating the uberblock
8825 * (e.g. if we have sync tasks but no dirty user data). We need
8826 * to check the uberblock's rootbp because it is updated if we
8827 * have synced out dirty data (though in this case the MOS will
8828 * most likely also be dirty due to second order effects, we
8829 * don't want to rely on that here).
8832 spa->spa_uberblock.ub_rootbp.blk_birth < txg &&
8833 !dmu_objset_is_dirty(mos, txg)) {
8835 * Nothing changed on the first pass, therefore this
8836 * TXG is a no-op. Avoid syncing deferred frees, so
8837 * that we can keep this TXG as a no-op.
8839 ASSERT(txg_list_empty(&dp->dp_dirty_datasets, txg));
8840 ASSERT(txg_list_empty(&dp->dp_dirty_dirs, txg));
8841 ASSERT(txg_list_empty(&dp->dp_sync_tasks, txg));
8842 ASSERT(txg_list_empty(&dp->dp_early_sync_tasks, txg));
8846 spa_sync_deferred_frees(spa, tx);
8847 } while (dmu_objset_is_dirty(mos, txg));
8851 * Rewrite the vdev configuration (which includes the uberblock) to
8852 * commit the transaction group.
8854 * If there are no dirty vdevs, we sync the uberblock to a few random
8855 * top-level vdevs that are known to be visible in the config cache
8856 * (see spa_vdev_add() for a complete description). If there *are* dirty
8857 * vdevs, sync the uberblock to all vdevs.
8860 spa_sync_rewrite_vdev_config(spa_t *spa, dmu_tx_t *tx)
8862 vdev_t *rvd = spa->spa_root_vdev;
8863 uint64_t txg = tx->tx_txg;
8869 * We hold SCL_STATE to prevent vdev open/close/etc.
8870 * while we're attempting to write the vdev labels.
8872 spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
8874 if (list_is_empty(&spa->spa_config_dirty_list)) {
8875 vdev_t *svd[SPA_SYNC_MIN_VDEVS] = { NULL };
8877 int children = rvd->vdev_children;
8878 int c0 = spa_get_random(children);
8880 for (int c = 0; c < children; c++) {
8882 rvd->vdev_child[(c0 + c) % children];
8884 /* Stop when revisiting the first vdev */
8885 if (c > 0 && svd[0] == vd)
8888 if (vd->vdev_ms_array == 0 ||
8890 !vdev_is_concrete(vd))
8893 svd[svdcount++] = vd;
8894 if (svdcount == SPA_SYNC_MIN_VDEVS)
8897 error = vdev_config_sync(svd, svdcount, txg);
8899 error = vdev_config_sync(rvd->vdev_child,
8900 rvd->vdev_children, txg);
8904 spa->spa_last_synced_guid = rvd->vdev_guid;
8906 spa_config_exit(spa, SCL_STATE, FTAG);
8910 zio_suspend(spa, NULL, ZIO_SUSPEND_IOERR);
8911 zio_resume_wait(spa);
8916 * Sync the specified transaction group. New blocks may be dirtied as
8917 * part of the process, so we iterate until it converges.
8920 spa_sync(spa_t *spa, uint64_t txg)
8924 VERIFY(spa_writeable(spa));
8927 * Wait for i/os issued in open context that need to complete
8928 * before this txg syncs.
8930 (void) zio_wait(spa->spa_txg_zio[txg & TXG_MASK]);
8931 spa->spa_txg_zio[txg & TXG_MASK] = zio_root(spa, NULL, NULL,
8935 * Lock out configuration changes.
8937 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
8939 spa->spa_syncing_txg = txg;
8940 spa->spa_sync_pass = 0;
8942 for (int i = 0; i < spa->spa_alloc_count; i++) {
8943 mutex_enter(&spa->spa_alloc_locks[i]);
8944 VERIFY0(avl_numnodes(&spa->spa_alloc_trees[i]));
8945 mutex_exit(&spa->spa_alloc_locks[i]);
8949 * If there are any pending vdev state changes, convert them
8950 * into config changes that go out with this transaction group.
8952 spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
8953 while (list_head(&spa->spa_state_dirty_list) != NULL) {
8955 * We need the write lock here because, for aux vdevs,
8956 * calling vdev_config_dirty() modifies sav_config.
8957 * This is ugly and will become unnecessary when we
8958 * eliminate the aux vdev wart by integrating all vdevs
8959 * into the root vdev tree.
8961 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
8962 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_WRITER);
8963 while ((vd = list_head(&spa->spa_state_dirty_list)) != NULL) {
8964 vdev_state_clean(vd);
8965 vdev_config_dirty(vd);
8967 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
8968 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
8970 spa_config_exit(spa, SCL_STATE, FTAG);
8972 dsl_pool_t *dp = spa->spa_dsl_pool;
8973 dmu_tx_t *tx = dmu_tx_create_assigned(dp, txg);
8975 spa->spa_sync_starttime = gethrtime();
8976 taskq_cancel_id(system_delay_taskq, spa->spa_deadman_tqid);
8977 spa->spa_deadman_tqid = taskq_dispatch_delay(system_delay_taskq,
8978 spa_deadman, spa, TQ_SLEEP, ddi_get_lbolt() +
8979 NSEC_TO_TICK(spa->spa_deadman_synctime));
8982 * If we are upgrading to SPA_VERSION_RAIDZ_DEFLATE this txg,
8983 * set spa_deflate if we have no raid-z vdevs.
8985 if (spa->spa_ubsync.ub_version < SPA_VERSION_RAIDZ_DEFLATE &&
8986 spa->spa_uberblock.ub_version >= SPA_VERSION_RAIDZ_DEFLATE) {
8987 vdev_t *rvd = spa->spa_root_vdev;
8990 for (i = 0; i < rvd->vdev_children; i++) {
8991 vd = rvd->vdev_child[i];
8992 if (vd->vdev_deflate_ratio != SPA_MINBLOCKSIZE)
8995 if (i == rvd->vdev_children) {
8996 spa->spa_deflate = TRUE;
8997 VERIFY0(zap_add(spa->spa_meta_objset,
8998 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_DEFLATE,
8999 sizeof (uint64_t), 1, &spa->spa_deflate, tx));
9003 spa_sync_adjust_vdev_max_queue_depth(spa);
9005 spa_sync_condense_indirect(spa, tx);
9007 spa_sync_iterate_to_convergence(spa, tx);
9010 if (!list_is_empty(&spa->spa_config_dirty_list)) {
9012 * Make sure that the number of ZAPs for all the vdevs matches
9013 * the number of ZAPs in the per-vdev ZAP list. This only gets
9014 * called if the config is dirty; otherwise there may be
9015 * outstanding AVZ operations that weren't completed in
9016 * spa_sync_config_object.
9018 uint64_t all_vdev_zap_entry_count;
9019 ASSERT0(zap_count(spa->spa_meta_objset,
9020 spa->spa_all_vdev_zaps, &all_vdev_zap_entry_count));
9021 ASSERT3U(vdev_count_verify_zaps(spa->spa_root_vdev), ==,
9022 all_vdev_zap_entry_count);
9026 if (spa->spa_vdev_removal != NULL) {
9027 ASSERT0(spa->spa_vdev_removal->svr_bytes_done[txg & TXG_MASK]);
9030 spa_sync_rewrite_vdev_config(spa, tx);
9033 taskq_cancel_id(system_delay_taskq, spa->spa_deadman_tqid);
9034 spa->spa_deadman_tqid = 0;
9037 * Clear the dirty config list.
9039 while ((vd = list_head(&spa->spa_config_dirty_list)) != NULL)
9040 vdev_config_clean(vd);
9043 * Now that the new config has synced transactionally,
9044 * let it become visible to the config cache.
9046 if (spa->spa_config_syncing != NULL) {
9047 spa_config_set(spa, spa->spa_config_syncing);
9048 spa->spa_config_txg = txg;
9049 spa->spa_config_syncing = NULL;
9052 dsl_pool_sync_done(dp, txg);
9054 for (int i = 0; i < spa->spa_alloc_count; i++) {
9055 mutex_enter(&spa->spa_alloc_locks[i]);
9056 VERIFY0(avl_numnodes(&spa->spa_alloc_trees[i]));
9057 mutex_exit(&spa->spa_alloc_locks[i]);
9061 * Update usable space statistics.
9063 while ((vd = txg_list_remove(&spa->spa_vdev_txg_list, TXG_CLEAN(txg)))
9065 vdev_sync_done(vd, txg);
9067 metaslab_class_evict_old(spa->spa_normal_class, txg);
9068 metaslab_class_evict_old(spa->spa_log_class, txg);
9070 spa_sync_close_syncing_log_sm(spa);
9072 spa_update_dspace(spa);
9075 * It had better be the case that we didn't dirty anything
9076 * since vdev_config_sync().
9078 ASSERT(txg_list_empty(&dp->dp_dirty_datasets, txg));
9079 ASSERT(txg_list_empty(&dp->dp_dirty_dirs, txg));
9080 ASSERT(txg_list_empty(&spa->spa_vdev_txg_list, txg));
9082 while (zfs_pause_spa_sync)
9085 spa->spa_sync_pass = 0;
9088 * Update the last synced uberblock here. We want to do this at
9089 * the end of spa_sync() so that consumers of spa_last_synced_txg()
9090 * will be guaranteed that all the processing associated with
9091 * that txg has been completed.
9093 spa->spa_ubsync = spa->spa_uberblock;
9094 spa_config_exit(spa, SCL_CONFIG, FTAG);
9096 spa_handle_ignored_writes(spa);
9099 * If any async tasks have been requested, kick them off.
9101 spa_async_dispatch(spa);
9105 * Sync all pools. We don't want to hold the namespace lock across these
9106 * operations, so we take a reference on the spa_t and drop the lock during the
9110 spa_sync_allpools(void)
9113 mutex_enter(&spa_namespace_lock);
9114 while ((spa = spa_next(spa)) != NULL) {
9115 if (spa_state(spa) != POOL_STATE_ACTIVE ||
9116 !spa_writeable(spa) || spa_suspended(spa))
9118 spa_open_ref(spa, FTAG);
9119 mutex_exit(&spa_namespace_lock);
9120 txg_wait_synced(spa_get_dsl(spa), 0);
9121 mutex_enter(&spa_namespace_lock);
9122 spa_close(spa, FTAG);
9124 mutex_exit(&spa_namespace_lock);
9128 * ==========================================================================
9129 * Miscellaneous routines
9130 * ==========================================================================
9134 * Remove all pools in the system.
9142 * Remove all cached state. All pools should be closed now,
9143 * so every spa in the AVL tree should be unreferenced.
9145 mutex_enter(&spa_namespace_lock);
9146 while ((spa = spa_next(NULL)) != NULL) {
9148 * Stop async tasks. The async thread may need to detach
9149 * a device that's been replaced, which requires grabbing
9150 * spa_namespace_lock, so we must drop it here.
9152 spa_open_ref(spa, FTAG);
9153 mutex_exit(&spa_namespace_lock);
9154 spa_async_suspend(spa);
9155 mutex_enter(&spa_namespace_lock);
9156 spa_close(spa, FTAG);
9158 if (spa->spa_state != POOL_STATE_UNINITIALIZED) {
9160 spa_deactivate(spa);
9164 mutex_exit(&spa_namespace_lock);
9168 spa_lookup_by_guid(spa_t *spa, uint64_t guid, boolean_t aux)
9173 if ((vd = vdev_lookup_by_guid(spa->spa_root_vdev, guid)) != NULL)
9177 for (i = 0; i < spa->spa_l2cache.sav_count; i++) {
9178 vd = spa->spa_l2cache.sav_vdevs[i];
9179 if (vd->vdev_guid == guid)
9183 for (i = 0; i < spa->spa_spares.sav_count; i++) {
9184 vd = spa->spa_spares.sav_vdevs[i];
9185 if (vd->vdev_guid == guid)
9194 spa_upgrade(spa_t *spa, uint64_t version)
9196 ASSERT(spa_writeable(spa));
9198 spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
9201 * This should only be called for a non-faulted pool, and since a
9202 * future version would result in an unopenable pool, this shouldn't be
9205 ASSERT(SPA_VERSION_IS_SUPPORTED(spa->spa_uberblock.ub_version));
9206 ASSERT3U(version, >=, spa->spa_uberblock.ub_version);
9208 spa->spa_uberblock.ub_version = version;
9209 vdev_config_dirty(spa->spa_root_vdev);
9211 spa_config_exit(spa, SCL_ALL, FTAG);
9213 txg_wait_synced(spa_get_dsl(spa), 0);
9217 spa_has_spare(spa_t *spa, uint64_t guid)
9221 spa_aux_vdev_t *sav = &spa->spa_spares;
9223 for (i = 0; i < sav->sav_count; i++)
9224 if (sav->sav_vdevs[i]->vdev_guid == guid)
9227 for (i = 0; i < sav->sav_npending; i++) {
9228 if (nvlist_lookup_uint64(sav->sav_pending[i], ZPOOL_CONFIG_GUID,
9229 &spareguid) == 0 && spareguid == guid)
9237 * Check if a pool has an active shared spare device.
9238 * Note: reference count of an active spare is 2, as a spare and as a replace
9241 spa_has_active_shared_spare(spa_t *spa)
9245 spa_aux_vdev_t *sav = &spa->spa_spares;
9247 for (i = 0; i < sav->sav_count; i++) {
9248 if (spa_spare_exists(sav->sav_vdevs[i]->vdev_guid, &pool,
9249 &refcnt) && pool != 0ULL && pool == spa_guid(spa) &&
9258 spa_total_metaslabs(spa_t *spa)
9260 vdev_t *rvd = spa->spa_root_vdev;
9263 for (uint64_t c = 0; c < rvd->vdev_children; c++) {
9264 vdev_t *vd = rvd->vdev_child[c];
9265 if (!vdev_is_concrete(vd))
9267 m += vd->vdev_ms_count;
9273 * Notify any waiting threads that some activity has switched from being in-
9274 * progress to not-in-progress so that the thread can wake up and determine
9275 * whether it is finished waiting.
9278 spa_notify_waiters(spa_t *spa)
9281 * Acquiring spa_activities_lock here prevents the cv_broadcast from
9282 * happening between the waiting thread's check and cv_wait.
9284 mutex_enter(&spa->spa_activities_lock);
9285 cv_broadcast(&spa->spa_activities_cv);
9286 mutex_exit(&spa->spa_activities_lock);
9290 * Notify any waiting threads that the pool is exporting, and then block until
9291 * they are finished using the spa_t.
9294 spa_wake_waiters(spa_t *spa)
9296 mutex_enter(&spa->spa_activities_lock);
9297 spa->spa_waiters_cancel = B_TRUE;
9298 cv_broadcast(&spa->spa_activities_cv);
9299 while (spa->spa_waiters != 0)
9300 cv_wait(&spa->spa_waiters_cv, &spa->spa_activities_lock);
9301 spa->spa_waiters_cancel = B_FALSE;
9302 mutex_exit(&spa->spa_activities_lock);
9305 /* Whether the vdev or any of its descendants are being initialized/trimmed. */
9307 spa_vdev_activity_in_progress_impl(vdev_t *vd, zpool_wait_activity_t activity)
9309 spa_t *spa = vd->vdev_spa;
9311 ASSERT(spa_config_held(spa, SCL_CONFIG | SCL_STATE, RW_READER));
9312 ASSERT(MUTEX_HELD(&spa->spa_activities_lock));
9313 ASSERT(activity == ZPOOL_WAIT_INITIALIZE ||
9314 activity == ZPOOL_WAIT_TRIM);
9316 kmutex_t *lock = activity == ZPOOL_WAIT_INITIALIZE ?
9317 &vd->vdev_initialize_lock : &vd->vdev_trim_lock;
9319 mutex_exit(&spa->spa_activities_lock);
9321 mutex_enter(&spa->spa_activities_lock);
9323 boolean_t in_progress = (activity == ZPOOL_WAIT_INITIALIZE) ?
9324 (vd->vdev_initialize_state == VDEV_INITIALIZE_ACTIVE) :
9325 (vd->vdev_trim_state == VDEV_TRIM_ACTIVE);
9331 for (int i = 0; i < vd->vdev_children; i++) {
9332 if (spa_vdev_activity_in_progress_impl(vd->vdev_child[i],
9341 * If use_guid is true, this checks whether the vdev specified by guid is
9342 * being initialized/trimmed. Otherwise, it checks whether any vdev in the pool
9343 * is being initialized/trimmed. The caller must hold the config lock and
9344 * spa_activities_lock.
9347 spa_vdev_activity_in_progress(spa_t *spa, boolean_t use_guid, uint64_t guid,
9348 zpool_wait_activity_t activity, boolean_t *in_progress)
9350 mutex_exit(&spa->spa_activities_lock);
9351 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
9352 mutex_enter(&spa->spa_activities_lock);
9356 vd = spa_lookup_by_guid(spa, guid, B_FALSE);
9357 if (vd == NULL || !vd->vdev_ops->vdev_op_leaf) {
9358 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
9362 vd = spa->spa_root_vdev;
9365 *in_progress = spa_vdev_activity_in_progress_impl(vd, activity);
9367 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
9372 * Locking for waiting threads
9373 * ---------------------------
9375 * Waiting threads need a way to check whether a given activity is in progress,
9376 * and then, if it is, wait for it to complete. Each activity will have some
9377 * in-memory representation of the relevant on-disk state which can be used to
9378 * determine whether or not the activity is in progress. The in-memory state and
9379 * the locking used to protect it will be different for each activity, and may
9380 * not be suitable for use with a cvar (e.g., some state is protected by the
9381 * config lock). To allow waiting threads to wait without any races, another
9382 * lock, spa_activities_lock, is used.
9384 * When the state is checked, both the activity-specific lock (if there is one)
9385 * and spa_activities_lock are held. In some cases, the activity-specific lock
9386 * is acquired explicitly (e.g. the config lock). In others, the locking is
9387 * internal to some check (e.g. bpobj_is_empty). After checking, the waiting
9388 * thread releases the activity-specific lock and, if the activity is in
9389 * progress, then cv_waits using spa_activities_lock.
9391 * The waiting thread is woken when another thread, one completing some
9392 * activity, updates the state of the activity and then calls
9393 * spa_notify_waiters, which will cv_broadcast. This 'completing' thread only
9394 * needs to hold its activity-specific lock when updating the state, and this
9395 * lock can (but doesn't have to) be dropped before calling spa_notify_waiters.
9397 * Because spa_notify_waiters acquires spa_activities_lock before broadcasting,
9398 * and because it is held when the waiting thread checks the state of the
9399 * activity, it can never be the case that the completing thread both updates
9400 * the activity state and cv_broadcasts in between the waiting thread's check
9401 * and cv_wait. Thus, a waiting thread can never miss a wakeup.
9403 * In order to prevent deadlock, when the waiting thread does its check, in some
9404 * cases it will temporarily drop spa_activities_lock in order to acquire the
9405 * activity-specific lock. The order in which spa_activities_lock and the
9406 * activity specific lock are acquired in the waiting thread is determined by
9407 * the order in which they are acquired in the completing thread; if the
9408 * completing thread calls spa_notify_waiters with the activity-specific lock
9409 * held, then the waiting thread must also acquire the activity-specific lock
9414 spa_activity_in_progress(spa_t *spa, zpool_wait_activity_t activity,
9415 boolean_t use_tag, uint64_t tag, boolean_t *in_progress)
9419 ASSERT(MUTEX_HELD(&spa->spa_activities_lock));
9422 case ZPOOL_WAIT_CKPT_DISCARD:
9424 (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT) &&
9425 zap_contains(spa_meta_objset(spa),
9426 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ZPOOL_CHECKPOINT) ==
9429 case ZPOOL_WAIT_FREE:
9430 *in_progress = ((spa_version(spa) >= SPA_VERSION_DEADLISTS &&
9431 !bpobj_is_empty(&spa->spa_dsl_pool->dp_free_bpobj)) ||
9432 spa_feature_is_active(spa, SPA_FEATURE_ASYNC_DESTROY) ||
9433 spa_livelist_delete_check(spa));
9435 case ZPOOL_WAIT_INITIALIZE:
9436 case ZPOOL_WAIT_TRIM:
9437 error = spa_vdev_activity_in_progress(spa, use_tag, tag,
9438 activity, in_progress);
9440 case ZPOOL_WAIT_REPLACE:
9441 mutex_exit(&spa->spa_activities_lock);
9442 spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
9443 mutex_enter(&spa->spa_activities_lock);
9445 *in_progress = vdev_replace_in_progress(spa->spa_root_vdev);
9446 spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
9448 case ZPOOL_WAIT_REMOVE:
9449 *in_progress = (spa->spa_removing_phys.sr_state ==
9452 case ZPOOL_WAIT_RESILVER:
9453 case ZPOOL_WAIT_SCRUB:
9455 boolean_t scanning, paused, is_scrub;
9456 dsl_scan_t *scn = spa->spa_dsl_pool->dp_scan;
9458 is_scrub = (scn->scn_phys.scn_func == POOL_SCAN_SCRUB);
9459 scanning = (scn->scn_phys.scn_state == DSS_SCANNING);
9460 paused = dsl_scan_is_paused_scrub(scn);
9461 *in_progress = (scanning && !paused &&
9462 is_scrub == (activity == ZPOOL_WAIT_SCRUB));
9466 panic("unrecognized value for activity %d", activity);
9473 spa_wait_common(const char *pool, zpool_wait_activity_t activity,
9474 boolean_t use_tag, uint64_t tag, boolean_t *waited)
9477 * The tag is used to distinguish between instances of an activity.
9478 * 'initialize' and 'trim' are the only activities that we use this for.
9479 * The other activities can only have a single instance in progress in a
9480 * pool at one time, making the tag unnecessary.
9482 * There can be multiple devices being replaced at once, but since they
9483 * all finish once resilvering finishes, we don't bother keeping track
9484 * of them individually, we just wait for them all to finish.
9486 if (use_tag && activity != ZPOOL_WAIT_INITIALIZE &&
9487 activity != ZPOOL_WAIT_TRIM)
9490 if (activity < 0 || activity >= ZPOOL_WAIT_NUM_ACTIVITIES)
9494 int error = spa_open(pool, &spa, FTAG);
9499 * Increment the spa's waiter count so that we can call spa_close and
9500 * still ensure that the spa_t doesn't get freed before this thread is
9501 * finished with it when the pool is exported. We want to call spa_close
9502 * before we start waiting because otherwise the additional ref would
9503 * prevent the pool from being exported or destroyed throughout the
9504 * potentially long wait.
9506 mutex_enter(&spa->spa_activities_lock);
9508 spa_close(spa, FTAG);
9512 boolean_t in_progress;
9513 error = spa_activity_in_progress(spa, activity, use_tag, tag,
9516 if (error || !in_progress || spa->spa_waiters_cancel)
9521 if (cv_wait_sig(&spa->spa_activities_cv,
9522 &spa->spa_activities_lock) == 0) {
9529 cv_signal(&spa->spa_waiters_cv);
9530 mutex_exit(&spa->spa_activities_lock);
9536 * Wait for a particular instance of the specified activity to complete, where
9537 * the instance is identified by 'tag'
9540 spa_wait_tag(const char *pool, zpool_wait_activity_t activity, uint64_t tag,
9543 return (spa_wait_common(pool, activity, B_TRUE, tag, waited));
9547 * Wait for all instances of the specified activity complete
9550 spa_wait(const char *pool, zpool_wait_activity_t activity, boolean_t *waited)
9553 return (spa_wait_common(pool, activity, B_FALSE, 0, waited));
9557 spa_event_create(spa_t *spa, vdev_t *vd, nvlist_t *hist_nvl, const char *name)
9559 sysevent_t *ev = NULL;
9563 resource = zfs_event_create(spa, vd, FM_SYSEVENT_CLASS, name, hist_nvl);
9565 ev = kmem_alloc(sizeof (sysevent_t), KM_SLEEP);
9566 ev->resource = resource;
9573 spa_event_post(sysevent_t *ev)
9577 zfs_zevent_post(ev->resource, NULL, zfs_zevent_post_cb);
9578 kmem_free(ev, sizeof (*ev));
9584 * Post a zevent corresponding to the given sysevent. The 'name' must be one
9585 * of the event definitions in sys/sysevent/eventdefs.h. The payload will be
9586 * filled in from the spa and (optionally) the vdev. This doesn't do anything
9587 * in the userland libzpool, as we don't want consumers to misinterpret ztest
9588 * or zdb as real changes.
9591 spa_event_notify(spa_t *spa, vdev_t *vd, nvlist_t *hist_nvl, const char *name)
9593 spa_event_post(spa_event_create(spa, vd, hist_nvl, name));
9596 /* state manipulation functions */
9597 EXPORT_SYMBOL(spa_open);
9598 EXPORT_SYMBOL(spa_open_rewind);
9599 EXPORT_SYMBOL(spa_get_stats);
9600 EXPORT_SYMBOL(spa_create);
9601 EXPORT_SYMBOL(spa_import);
9602 EXPORT_SYMBOL(spa_tryimport);
9603 EXPORT_SYMBOL(spa_destroy);
9604 EXPORT_SYMBOL(spa_export);
9605 EXPORT_SYMBOL(spa_reset);
9606 EXPORT_SYMBOL(spa_async_request);
9607 EXPORT_SYMBOL(spa_async_suspend);
9608 EXPORT_SYMBOL(spa_async_resume);
9609 EXPORT_SYMBOL(spa_inject_addref);
9610 EXPORT_SYMBOL(spa_inject_delref);
9611 EXPORT_SYMBOL(spa_scan_stat_init);
9612 EXPORT_SYMBOL(spa_scan_get_stats);
9614 /* device manipulation */
9615 EXPORT_SYMBOL(spa_vdev_add);
9616 EXPORT_SYMBOL(spa_vdev_attach);
9617 EXPORT_SYMBOL(spa_vdev_detach);
9618 EXPORT_SYMBOL(spa_vdev_setpath);
9619 EXPORT_SYMBOL(spa_vdev_setfru);
9620 EXPORT_SYMBOL(spa_vdev_split_mirror);
9622 /* spare statech is global across all pools) */
9623 EXPORT_SYMBOL(spa_spare_add);
9624 EXPORT_SYMBOL(spa_spare_remove);
9625 EXPORT_SYMBOL(spa_spare_exists);
9626 EXPORT_SYMBOL(spa_spare_activate);
9628 /* L2ARC statech is global across all pools) */
9629 EXPORT_SYMBOL(spa_l2cache_add);
9630 EXPORT_SYMBOL(spa_l2cache_remove);
9631 EXPORT_SYMBOL(spa_l2cache_exists);
9632 EXPORT_SYMBOL(spa_l2cache_activate);
9633 EXPORT_SYMBOL(spa_l2cache_drop);
9636 EXPORT_SYMBOL(spa_scan);
9637 EXPORT_SYMBOL(spa_scan_stop);
9640 EXPORT_SYMBOL(spa_sync); /* only for DMU use */
9641 EXPORT_SYMBOL(spa_sync_allpools);
9644 EXPORT_SYMBOL(spa_prop_set);
9645 EXPORT_SYMBOL(spa_prop_get);
9646 EXPORT_SYMBOL(spa_prop_clear_bootfs);
9648 /* asynchronous event notification */
9649 EXPORT_SYMBOL(spa_event_notify);
9652 ZFS_MODULE_PARAM(zfs_spa, spa_, load_verify_shift, INT, ZMOD_RW,
9653 "log2(fraction of arc that can be used by inflight I/Os when "
9654 "verifying pool during import");
9656 ZFS_MODULE_PARAM(zfs_spa, spa_, load_verify_metadata, INT, ZMOD_RW,
9657 "Set to traverse metadata on pool import");
9659 ZFS_MODULE_PARAM(zfs_spa, spa_, load_verify_data, INT, ZMOD_RW,
9660 "Set to traverse data on pool import");
9662 ZFS_MODULE_PARAM(zfs_spa, spa_, load_print_vdev_tree, INT, ZMOD_RW,
9663 "Print vdev tree to zfs_dbgmsg during pool import");
9665 ZFS_MODULE_PARAM(zfs_zio, zio_, taskq_batch_pct, UINT, ZMOD_RD,
9666 "Percentage of CPUs to run an IO worker thread");
9668 ZFS_MODULE_PARAM(zfs, zfs_, max_missing_tvds, ULONG, ZMOD_RW,
9669 "Allow importing pool with up to this number of missing top-level "
9670 "vdevs (in read-only mode)");
9672 ZFS_MODULE_PARAM(zfs_livelist_condense, zfs_livelist_condense_, zthr_pause, INT, ZMOD_RW,
9673 "Set the livelist condense zthr to pause");
9675 ZFS_MODULE_PARAM(zfs_livelist_condense, zfs_livelist_condense_, sync_pause, INT, ZMOD_RW,
9676 "Set the livelist condense synctask to pause");
9678 ZFS_MODULE_PARAM(zfs_livelist_condense, zfs_livelist_condense_, sync_cancel, INT, ZMOD_RW,
9679 "Whether livelist condensing was canceled in the synctask");
9681 ZFS_MODULE_PARAM(zfs_livelist_condense, zfs_livelist_condense_, zthr_cancel, INT, ZMOD_RW,
9682 "Whether livelist condensing was canceled in the zthr function");
9684 ZFS_MODULE_PARAM(zfs_livelist_condense, zfs_livelist_condense_, new_alloc, INT, ZMOD_RW,
9685 "Whether extra ALLOC blkptrs were added to a livelist entry while it "
9686 "was being condensed");
projects / FreeBSD / FreeBSD.git / blob