4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2011, 2017 by Delphix. All rights reserved.
24 * Copyright (c) 2013 Steven Hartland. All rights reserved.
25 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
26 * Copyright (c) 2014 Integros [integros.com]
27 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
30 #include <sys/dsl_pool.h>
31 #include <sys/dsl_dataset.h>
32 #include <sys/dsl_prop.h>
33 #include <sys/dsl_dir.h>
34 #include <sys/dsl_synctask.h>
35 #include <sys/dsl_scan.h>
36 #include <sys/dnode.h>
37 #include <sys/dmu_tx.h>
38 #include <sys/dmu_objset.h>
42 #include <sys/zfs_context.h>
43 #include <sys/fs/zfs.h>
44 #include <sys/zfs_znode.h>
45 #include <sys/spa_impl.h>
46 #include <sys/dsl_deadlist.h>
47 #include <sys/bptree.h>
48 #include <sys/zfeature.h>
49 #include <sys/zil_impl.h>
50 #include <sys/dsl_userhold.h>
52 #if defined(__FreeBSD__) && defined(_KERNEL)
53 #include <sys/types.h>
54 #include <sys/sysctl.h>
61 * ZFS must limit the rate of incoming writes to the rate at which it is able
62 * to sync data modifications to the backend storage. Throttling by too much
63 * creates an artificial limit; throttling by too little can only be sustained
64 * for short periods and would lead to highly lumpy performance. On a per-pool
65 * basis, ZFS tracks the amount of modified (dirty) data. As operations change
66 * data, the amount of dirty data increases; as ZFS syncs out data, the amount
67 * of dirty data decreases. When the amount of dirty data exceeds a
68 * predetermined threshold further modifications are blocked until the amount
69 * of dirty data decreases (as data is synced out).
71 * The limit on dirty data is tunable, and should be adjusted according to
72 * both the IO capacity and available memory of the system. The larger the
73 * window, the more ZFS is able to aggregate and amortize metadata (and data)
74 * changes. However, memory is a limited resource, and allowing for more dirty
75 * data comes at the cost of keeping other useful data in memory (for example
76 * ZFS data cached by the ARC).
80 * As buffers are modified dsl_pool_willuse_space() increments both the per-
81 * txg (dp_dirty_pertxg[]) and poolwide (dp_dirty_total) accounting of
82 * dirty space used; dsl_pool_dirty_space() decrements those values as data
83 * is synced out from dsl_pool_sync(). While only the poolwide value is
84 * relevant, the per-txg value is useful for debugging. The tunable
85 * zfs_dirty_data_max determines the dirty space limit. Once that value is
86 * exceeded, new writes are halted until space frees up.
88 * The zfs_dirty_data_sync tunable dictates the threshold at which we
89 * ensure that there is a txg syncing (see the comment in txg.c for a full
90 * description of transaction group stages).
92 * The IO scheduler uses both the dirty space limit and current amount of
93 * dirty data as inputs. Those values affect the number of concurrent IOs ZFS
94 * issues. See the comment in vdev_queue.c for details of the IO scheduler.
96 * The delay is also calculated based on the amount of dirty data. See the
97 * comment above dmu_tx_delay() for details.
101 * zfs_dirty_data_max will be set to zfs_dirty_data_max_percent% of all memory,
102 * capped at zfs_dirty_data_max_max. It can also be overridden in /etc/system.
104 uint64_t zfs_dirty_data_max;
105 uint64_t zfs_dirty_data_max_max = 4ULL * 1024 * 1024 * 1024;
106 int zfs_dirty_data_max_percent = 10;
109 * If there is at least this much dirty data, push out a txg.
111 uint64_t zfs_dirty_data_sync = 64 * 1024 * 1024;
114 * Once there is this amount of dirty data, the dmu_tx_delay() will kick in
115 * and delay each transaction.
116 * This value should be >= zfs_vdev_async_write_active_max_dirty_percent.
118 int zfs_delay_min_dirty_percent = 60;
121 * This controls how quickly the delay approaches infinity.
122 * Larger values cause it to delay more for a given amount of dirty data.
123 * Therefore larger values will cause there to be less dirty data for a
126 * For the smoothest delay, this value should be about 1 billion divided
127 * by the maximum number of operations per second. This will smoothly
128 * handle between 10x and 1/10th this number.
130 * Note: zfs_delay_scale * zfs_dirty_data_max must be < 2^64, due to the
131 * multiply in dmu_tx_delay().
133 uint64_t zfs_delay_scale = 1000 * 1000 * 1000 / 2000;
136 * This determines the number of threads used by the dp_sync_taskq.
138 int zfs_sync_taskq_batch_pct = 75;
141 * These tunables determine the behavior of how zil_itxg_clean() is
142 * called via zil_clean() in the context of spa_sync(). When an itxg
143 * list needs to be cleaned, TQ_NOSLEEP will be used when dispatching.
144 * If the dispatch fails, the call to zil_itxg_clean() will occur
145 * synchronously in the context of spa_sync(), which can negatively
146 * impact the performance of spa_sync() (e.g. in the case of the itxg
147 * list having a large number of itxs that needs to be cleaned).
149 * Thus, these tunables can be used to manipulate the behavior of the
150 * taskq used by zil_clean(); they determine the number of taskq entries
151 * that are pre-populated when the taskq is first created (via the
152 * "zfs_zil_clean_taskq_minalloc" tunable) and the maximum number of
153 * taskq entries that are cached after an on-demand allocation (via the
154 * "zfs_zil_clean_taskq_maxalloc").
156 * The idea being, we want to try reasonably hard to ensure there will
157 * already be a taskq entry pre-allocated by the time that it is needed
158 * by zil_clean(). This way, we can avoid the possibility of an
159 * on-demand allocation of a new taskq entry from failing, which would
160 * result in zil_itxg_clean() being called synchronously from zil_clean()
161 * (which can adversely affect performance of spa_sync()).
163 * Additionally, the number of threads used by the taskq can be
164 * configured via the "zfs_zil_clean_taskq_nthr_pct" tunable.
166 int zfs_zil_clean_taskq_nthr_pct = 100;
167 int zfs_zil_clean_taskq_minalloc = 1024;
168 int zfs_zil_clean_taskq_maxalloc = 1024 * 1024;
170 #if defined(__FreeBSD__) && defined(_KERNEL)
172 extern int zfs_vdev_async_write_active_max_dirty_percent;
174 SYSCTL_DECL(_vfs_zfs);
176 SYSCTL_UQUAD(_vfs_zfs, OID_AUTO, dirty_data_max, CTLFLAG_RWTUN,
177 &zfs_dirty_data_max, 0,
178 "The maximum amount of dirty data in bytes after which new writes are "
179 "halted until space becomes available");
181 SYSCTL_UQUAD(_vfs_zfs, OID_AUTO, dirty_data_max_max, CTLFLAG_RDTUN,
182 &zfs_dirty_data_max_max, 0,
183 "The absolute cap on dirty_data_max when auto calculating");
185 static int sysctl_zfs_dirty_data_max_percent(SYSCTL_HANDLER_ARGS);
186 SYSCTL_PROC(_vfs_zfs, OID_AUTO, dirty_data_max_percent,
187 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RWTUN, 0, sizeof(int),
188 sysctl_zfs_dirty_data_max_percent, "I",
189 "The percent of physical memory used to auto calculate dirty_data_max");
191 SYSCTL_UQUAD(_vfs_zfs, OID_AUTO, dirty_data_sync, CTLFLAG_RWTUN,
192 &zfs_dirty_data_sync, 0,
193 "Force a txg if the number of dirty buffer bytes exceed this value");
195 static int sysctl_zfs_delay_min_dirty_percent(SYSCTL_HANDLER_ARGS);
196 /* No zfs_delay_min_dirty_percent tunable due to limit requirements */
197 SYSCTL_PROC(_vfs_zfs, OID_AUTO, delay_min_dirty_percent,
198 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, 0, sizeof(int),
199 sysctl_zfs_delay_min_dirty_percent, "I",
200 "The limit of outstanding dirty data before transactions are delayed");
202 static int sysctl_zfs_delay_scale(SYSCTL_HANDLER_ARGS);
203 /* No zfs_delay_scale tunable due to limit requirements */
204 SYSCTL_PROC(_vfs_zfs, OID_AUTO, delay_scale,
205 CTLTYPE_U64 | CTLFLAG_MPSAFE | CTLFLAG_RW, 0, sizeof(uint64_t),
206 sysctl_zfs_delay_scale, "QU",
207 "Controls how quickly the delay approaches infinity");
210 sysctl_zfs_dirty_data_max_percent(SYSCTL_HANDLER_ARGS)
214 val = zfs_dirty_data_max_percent;
215 err = sysctl_handle_int(oidp, &val, 0, req);
216 if (err != 0 || req->newptr == NULL)
219 if (val < 0 || val > 100)
222 zfs_dirty_data_max_percent = val;
228 sysctl_zfs_delay_min_dirty_percent(SYSCTL_HANDLER_ARGS)
232 val = zfs_delay_min_dirty_percent;
233 err = sysctl_handle_int(oidp, &val, 0, req);
234 if (err != 0 || req->newptr == NULL)
237 if (val < zfs_vdev_async_write_active_max_dirty_percent)
240 zfs_delay_min_dirty_percent = val;
246 sysctl_zfs_delay_scale(SYSCTL_HANDLER_ARGS)
251 val = zfs_delay_scale;
252 err = sysctl_handle_64(oidp, &val, 0, req);
253 if (err != 0 || req->newptr == NULL)
256 if (val > UINT64_MAX / zfs_dirty_data_max)
259 zfs_delay_scale = val;
266 dsl_pool_open_special_dir(dsl_pool_t *dp, const char *name, dsl_dir_t **ddp)
271 err = zap_lookup(dp->dp_meta_objset,
272 dsl_dir_phys(dp->dp_root_dir)->dd_child_dir_zapobj,
273 name, sizeof (obj), 1, &obj);
277 return (dsl_dir_hold_obj(dp, obj, name, dp, ddp));
281 dsl_pool_open_impl(spa_t *spa, uint64_t txg)
284 blkptr_t *bp = spa_get_rootblkptr(spa);
286 dp = kmem_zalloc(sizeof (dsl_pool_t), KM_SLEEP);
288 dp->dp_meta_rootbp = *bp;
289 rrw_init(&dp->dp_config_rwlock, B_TRUE);
292 txg_list_create(&dp->dp_dirty_datasets, spa,
293 offsetof(dsl_dataset_t, ds_dirty_link));
294 txg_list_create(&dp->dp_dirty_zilogs, spa,
295 offsetof(zilog_t, zl_dirty_link));
296 txg_list_create(&dp->dp_dirty_dirs, spa,
297 offsetof(dsl_dir_t, dd_dirty_link));
298 txg_list_create(&dp->dp_sync_tasks, spa,
299 offsetof(dsl_sync_task_t, dst_node));
301 dp->dp_sync_taskq = taskq_create("dp_sync_taskq",
302 zfs_sync_taskq_batch_pct, minclsyspri, 1, INT_MAX,
303 TASKQ_THREADS_CPU_PCT);
305 dp->dp_zil_clean_taskq = taskq_create("dp_zil_clean_taskq",
306 zfs_zil_clean_taskq_nthr_pct, minclsyspri,
307 zfs_zil_clean_taskq_minalloc,
308 zfs_zil_clean_taskq_maxalloc,
309 TASKQ_PREPOPULATE | TASKQ_THREADS_CPU_PCT);
311 mutex_init(&dp->dp_lock, NULL, MUTEX_DEFAULT, NULL);
312 cv_init(&dp->dp_spaceavail_cv, NULL, CV_DEFAULT, NULL);
314 dp->dp_vnrele_taskq = taskq_create("zfs_vn_rele_taskq", 1, minclsyspri,
321 dsl_pool_init(spa_t *spa, uint64_t txg, dsl_pool_t **dpp)
324 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
326 err = dmu_objset_open_impl(spa, NULL, &dp->dp_meta_rootbp,
327 &dp->dp_meta_objset);
337 dsl_pool_open(dsl_pool_t *dp)
344 rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
345 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
346 DMU_POOL_ROOT_DATASET, sizeof (uint64_t), 1,
347 &dp->dp_root_dir_obj);
351 err = dsl_dir_hold_obj(dp, dp->dp_root_dir_obj,
352 NULL, dp, &dp->dp_root_dir);
356 err = dsl_pool_open_special_dir(dp, MOS_DIR_NAME, &dp->dp_mos_dir);
360 if (spa_version(dp->dp_spa) >= SPA_VERSION_ORIGIN) {
361 err = dsl_pool_open_special_dir(dp, ORIGIN_DIR_NAME, &dd);
364 err = dsl_dataset_hold_obj(dp,
365 dsl_dir_phys(dd)->dd_head_dataset_obj, FTAG, &ds);
367 err = dsl_dataset_hold_obj(dp,
368 dsl_dataset_phys(ds)->ds_prev_snap_obj, dp,
369 &dp->dp_origin_snap);
370 dsl_dataset_rele(ds, FTAG);
372 dsl_dir_rele(dd, dp);
377 if (spa_version(dp->dp_spa) >= SPA_VERSION_DEADLISTS) {
378 err = dsl_pool_open_special_dir(dp, FREE_DIR_NAME,
383 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
384 DMU_POOL_FREE_BPOBJ, sizeof (uint64_t), 1, &obj);
387 VERIFY0(bpobj_open(&dp->dp_free_bpobj,
388 dp->dp_meta_objset, obj));
392 * Note: errors ignored, because the leak dir will not exist if we
393 * have not encountered a leak yet.
395 (void) dsl_pool_open_special_dir(dp, LEAK_DIR_NAME,
398 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_ASYNC_DESTROY)) {
399 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
400 DMU_POOL_BPTREE_OBJ, sizeof (uint64_t), 1,
406 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMPTY_BPOBJ)) {
407 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
408 DMU_POOL_EMPTY_BPOBJ, sizeof (uint64_t), 1,
409 &dp->dp_empty_bpobj);
414 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
415 DMU_POOL_TMP_USERREFS, sizeof (uint64_t), 1,
416 &dp->dp_tmp_userrefs_obj);
422 err = dsl_scan_init(dp, dp->dp_tx.tx_open_txg);
425 rrw_exit(&dp->dp_config_rwlock, FTAG);
430 dsl_pool_close(dsl_pool_t *dp)
433 * Drop our references from dsl_pool_open().
435 * Since we held the origin_snap from "syncing" context (which
436 * includes pool-opening context), it actually only got a "ref"
437 * and not a hold, so just drop that here.
439 if (dp->dp_origin_snap)
440 dsl_dataset_rele(dp->dp_origin_snap, dp);
442 dsl_dir_rele(dp->dp_mos_dir, dp);
444 dsl_dir_rele(dp->dp_free_dir, dp);
446 dsl_dir_rele(dp->dp_leak_dir, dp);
448 dsl_dir_rele(dp->dp_root_dir, dp);
450 bpobj_close(&dp->dp_free_bpobj);
452 /* undo the dmu_objset_open_impl(mos) from dsl_pool_open() */
453 if (dp->dp_meta_objset)
454 dmu_objset_evict(dp->dp_meta_objset);
456 txg_list_destroy(&dp->dp_dirty_datasets);
457 txg_list_destroy(&dp->dp_dirty_zilogs);
458 txg_list_destroy(&dp->dp_sync_tasks);
459 txg_list_destroy(&dp->dp_dirty_dirs);
461 taskq_destroy(dp->dp_zil_clean_taskq);
462 taskq_destroy(dp->dp_sync_taskq);
465 * We can't set retry to TRUE since we're explicitly specifying
466 * a spa to flush. This is good enough; any missed buffers for
467 * this spa won't cause trouble, and they'll eventually fall
468 * out of the ARC just like any other unused buffer.
470 arc_flush(dp->dp_spa, FALSE);
474 dmu_buf_user_evict_wait();
476 rrw_destroy(&dp->dp_config_rwlock);
477 mutex_destroy(&dp->dp_lock);
478 taskq_destroy(dp->dp_vnrele_taskq);
480 kmem_free(dp->dp_blkstats, sizeof (zfs_all_blkstats_t));
481 kmem_free(dp, sizeof (dsl_pool_t));
485 dsl_pool_create(spa_t *spa, nvlist_t *zplprops, uint64_t txg)
488 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
489 dmu_tx_t *tx = dmu_tx_create_assigned(dp, txg);
494 rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
496 /* create and open the MOS (meta-objset) */
497 dp->dp_meta_objset = dmu_objset_create_impl(spa,
498 NULL, &dp->dp_meta_rootbp, DMU_OST_META, tx);
500 /* create the pool directory */
501 err = zap_create_claim(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
502 DMU_OT_OBJECT_DIRECTORY, DMU_OT_NONE, 0, tx);
505 /* Initialize scan structures */
506 VERIFY0(dsl_scan_init(dp, txg));
508 /* create and open the root dir */
509 dp->dp_root_dir_obj = dsl_dir_create_sync(dp, NULL, NULL, tx);
510 VERIFY0(dsl_dir_hold_obj(dp, dp->dp_root_dir_obj,
511 NULL, dp, &dp->dp_root_dir));
513 /* create and open the meta-objset dir */
514 (void) dsl_dir_create_sync(dp, dp->dp_root_dir, MOS_DIR_NAME, tx);
515 VERIFY0(dsl_pool_open_special_dir(dp,
516 MOS_DIR_NAME, &dp->dp_mos_dir));
518 if (spa_version(spa) >= SPA_VERSION_DEADLISTS) {
519 /* create and open the free dir */
520 (void) dsl_dir_create_sync(dp, dp->dp_root_dir,
522 VERIFY0(dsl_pool_open_special_dir(dp,
523 FREE_DIR_NAME, &dp->dp_free_dir));
525 /* create and open the free_bplist */
526 obj = bpobj_alloc(dp->dp_meta_objset, SPA_OLD_MAXBLOCKSIZE, tx);
527 VERIFY(zap_add(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
528 DMU_POOL_FREE_BPOBJ, sizeof (uint64_t), 1, &obj, tx) == 0);
529 VERIFY0(bpobj_open(&dp->dp_free_bpobj,
530 dp->dp_meta_objset, obj));
533 if (spa_version(spa) >= SPA_VERSION_DSL_SCRUB)
534 dsl_pool_create_origin(dp, tx);
536 /* create the root dataset */
537 obj = dsl_dataset_create_sync_dd(dp->dp_root_dir, NULL, 0, tx);
539 /* create the root objset */
540 VERIFY0(dsl_dataset_hold_obj(dp, obj, FTAG, &ds));
541 rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG);
542 os = dmu_objset_create_impl(dp->dp_spa, ds,
543 dsl_dataset_get_blkptr(ds), DMU_OST_ZFS, tx);
544 rrw_exit(&ds->ds_bp_rwlock, FTAG);
546 zfs_create_fs(os, kcred, zplprops, tx);
548 dsl_dataset_rele(ds, FTAG);
552 rrw_exit(&dp->dp_config_rwlock, FTAG);
558 * Account for the meta-objset space in its placeholder dsl_dir.
561 dsl_pool_mos_diduse_space(dsl_pool_t *dp,
562 int64_t used, int64_t comp, int64_t uncomp)
564 ASSERT3U(comp, ==, uncomp); /* it's all metadata */
565 mutex_enter(&dp->dp_lock);
566 dp->dp_mos_used_delta += used;
567 dp->dp_mos_compressed_delta += comp;
568 dp->dp_mos_uncompressed_delta += uncomp;
569 mutex_exit(&dp->dp_lock);
573 dsl_pool_sync_mos(dsl_pool_t *dp, dmu_tx_t *tx)
575 zio_t *zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
576 dmu_objset_sync(dp->dp_meta_objset, zio, tx);
577 VERIFY0(zio_wait(zio));
578 dprintf_bp(&dp->dp_meta_rootbp, "meta objset rootbp is %s", "");
579 spa_set_rootblkptr(dp->dp_spa, &dp->dp_meta_rootbp);
583 dsl_pool_dirty_delta(dsl_pool_t *dp, int64_t delta)
585 ASSERT(MUTEX_HELD(&dp->dp_lock));
588 ASSERT3U(-delta, <=, dp->dp_dirty_total);
590 dp->dp_dirty_total += delta;
593 * Note: we signal even when increasing dp_dirty_total.
594 * This ensures forward progress -- each thread wakes the next waiter.
596 if (dp->dp_dirty_total < zfs_dirty_data_max)
597 cv_signal(&dp->dp_spaceavail_cv);
601 dsl_pool_sync(dsl_pool_t *dp, uint64_t txg)
607 objset_t *mos = dp->dp_meta_objset;
608 list_t synced_datasets;
610 list_create(&synced_datasets, sizeof (dsl_dataset_t),
611 offsetof(dsl_dataset_t, ds_synced_link));
613 tx = dmu_tx_create_assigned(dp, txg);
616 * Write out all dirty blocks of dirty datasets.
618 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
619 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
621 * We must not sync any non-MOS datasets twice, because
622 * we may have taken a snapshot of them. However, we
623 * may sync newly-created datasets on pass 2.
625 ASSERT(!list_link_active(&ds->ds_synced_link));
626 list_insert_tail(&synced_datasets, ds);
627 dsl_dataset_sync(ds, zio, tx);
629 VERIFY0(zio_wait(zio));
632 * We have written all of the accounted dirty data, so our
633 * dp_space_towrite should now be zero. However, some seldom-used
634 * code paths do not adhere to this (e.g. dbuf_undirty(), also
635 * rounding error in dbuf_write_physdone).
636 * Shore up the accounting of any dirtied space now.
638 dsl_pool_undirty_space(dp, dp->dp_dirty_pertxg[txg & TXG_MASK], txg);
641 * Update the long range free counter after
642 * we're done syncing user data
644 mutex_enter(&dp->dp_lock);
645 ASSERT(spa_sync_pass(dp->dp_spa) == 1 ||
646 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] == 0);
647 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] = 0;
648 mutex_exit(&dp->dp_lock);
651 * After the data blocks have been written (ensured by the zio_wait()
652 * above), update the user/group space accounting. This happens
653 * in tasks dispatched to dp_sync_taskq, so wait for them before
656 for (ds = list_head(&synced_datasets); ds != NULL;
657 ds = list_next(&synced_datasets, ds)) {
658 dmu_objset_do_userquota_updates(ds->ds_objset, tx);
660 taskq_wait(dp->dp_sync_taskq);
663 * Sync the datasets again to push out the changes due to
664 * userspace updates. This must be done before we process the
665 * sync tasks, so that any snapshots will have the correct
666 * user accounting information (and we won't get confused
667 * about which blocks are part of the snapshot).
669 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
670 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
671 ASSERT(list_link_active(&ds->ds_synced_link));
672 dmu_buf_rele(ds->ds_dbuf, ds);
673 dsl_dataset_sync(ds, zio, tx);
675 VERIFY0(zio_wait(zio));
678 * Now that the datasets have been completely synced, we can
679 * clean up our in-memory structures accumulated while syncing:
681 * - move dead blocks from the pending deadlist to the on-disk deadlist
682 * - release hold from dsl_dataset_dirty()
684 while ((ds = list_remove_head(&synced_datasets)) != NULL) {
685 dsl_dataset_sync_done(ds, tx);
687 while ((dd = txg_list_remove(&dp->dp_dirty_dirs, txg)) != NULL) {
688 dsl_dir_sync(dd, tx);
692 * The MOS's space is accounted for in the pool/$MOS
693 * (dp_mos_dir). We can't modify the mos while we're syncing
694 * it, so we remember the deltas and apply them here.
696 if (dp->dp_mos_used_delta != 0 || dp->dp_mos_compressed_delta != 0 ||
697 dp->dp_mos_uncompressed_delta != 0) {
698 dsl_dir_diduse_space(dp->dp_mos_dir, DD_USED_HEAD,
699 dp->dp_mos_used_delta,
700 dp->dp_mos_compressed_delta,
701 dp->dp_mos_uncompressed_delta, tx);
702 dp->dp_mos_used_delta = 0;
703 dp->dp_mos_compressed_delta = 0;
704 dp->dp_mos_uncompressed_delta = 0;
707 if (!multilist_is_empty(mos->os_dirty_dnodes[txg & TXG_MASK])) {
708 dsl_pool_sync_mos(dp, tx);
712 * If we modify a dataset in the same txg that we want to destroy it,
713 * its dsl_dir's dd_dbuf will be dirty, and thus have a hold on it.
714 * dsl_dir_destroy_check() will fail if there are unexpected holds.
715 * Therefore, we want to sync the MOS (thus syncing the dd_dbuf
716 * and clearing the hold on it) before we process the sync_tasks.
717 * The MOS data dirtied by the sync_tasks will be synced on the next
720 if (!txg_list_empty(&dp->dp_sync_tasks, txg)) {
721 dsl_sync_task_t *dst;
723 * No more sync tasks should have been added while we
726 ASSERT3U(spa_sync_pass(dp->dp_spa), ==, 1);
727 while ((dst = txg_list_remove(&dp->dp_sync_tasks, txg)) != NULL)
728 dsl_sync_task_sync(dst, tx);
733 DTRACE_PROBE2(dsl_pool_sync__done, dsl_pool_t *dp, dp, uint64_t, txg);
737 dsl_pool_sync_done(dsl_pool_t *dp, uint64_t txg)
741 while (zilog = txg_list_head(&dp->dp_dirty_zilogs, txg)) {
742 dsl_dataset_t *ds = dmu_objset_ds(zilog->zl_os);
744 * We don't remove the zilog from the dp_dirty_zilogs
745 * list until after we've cleaned it. This ensures that
746 * callers of zilog_is_dirty() receive an accurate
747 * answer when they are racing with the spa sync thread.
749 zil_clean(zilog, txg);
750 (void) txg_list_remove_this(&dp->dp_dirty_zilogs, zilog, txg);
751 ASSERT(!dmu_objset_is_dirty(zilog->zl_os, txg));
752 dmu_buf_rele(ds->ds_dbuf, zilog);
754 ASSERT(!dmu_objset_is_dirty(dp->dp_meta_objset, txg));
758 * TRUE if the current thread is the tx_sync_thread or if we
759 * are being called from SPA context during pool initialization.
762 dsl_pool_sync_context(dsl_pool_t *dp)
764 return (curthread == dp->dp_tx.tx_sync_thread ||
765 spa_is_initializing(dp->dp_spa) ||
766 taskq_member(dp->dp_sync_taskq, curthread));
770 dsl_pool_adjustedsize(dsl_pool_t *dp, boolean_t netfree)
772 uint64_t space, resv;
775 * If we're trying to assess whether it's OK to do a free,
776 * cut the reservation in half to allow forward progress
777 * (e.g. make it possible to rm(1) files from a full pool).
779 space = spa_get_dspace(dp->dp_spa);
780 resv = spa_get_slop_space(dp->dp_spa);
784 return (space - resv);
788 dsl_pool_need_dirty_delay(dsl_pool_t *dp)
790 uint64_t delay_min_bytes =
791 zfs_dirty_data_max * zfs_delay_min_dirty_percent / 100;
794 mutex_enter(&dp->dp_lock);
795 if (dp->dp_dirty_total > zfs_dirty_data_sync)
797 rv = (dp->dp_dirty_total > delay_min_bytes);
798 mutex_exit(&dp->dp_lock);
803 dsl_pool_dirty_space(dsl_pool_t *dp, int64_t space, dmu_tx_t *tx)
806 mutex_enter(&dp->dp_lock);
807 dp->dp_dirty_pertxg[tx->tx_txg & TXG_MASK] += space;
808 dsl_pool_dirty_delta(dp, space);
809 mutex_exit(&dp->dp_lock);
814 dsl_pool_undirty_space(dsl_pool_t *dp, int64_t space, uint64_t txg)
816 ASSERT3S(space, >=, 0);
819 mutex_enter(&dp->dp_lock);
820 if (dp->dp_dirty_pertxg[txg & TXG_MASK] < space) {
821 /* XXX writing something we didn't dirty? */
822 space = dp->dp_dirty_pertxg[txg & TXG_MASK];
824 ASSERT3U(dp->dp_dirty_pertxg[txg & TXG_MASK], >=, space);
825 dp->dp_dirty_pertxg[txg & TXG_MASK] -= space;
826 ASSERT3U(dp->dp_dirty_total, >=, space);
827 dsl_pool_dirty_delta(dp, -space);
828 mutex_exit(&dp->dp_lock);
833 upgrade_clones_cb(dsl_pool_t *dp, dsl_dataset_t *hds, void *arg)
836 dsl_dataset_t *ds, *prev = NULL;
839 err = dsl_dataset_hold_obj(dp, hds->ds_object, FTAG, &ds);
843 while (dsl_dataset_phys(ds)->ds_prev_snap_obj != 0) {
844 err = dsl_dataset_hold_obj(dp,
845 dsl_dataset_phys(ds)->ds_prev_snap_obj, FTAG, &prev);
847 dsl_dataset_rele(ds, FTAG);
851 if (dsl_dataset_phys(prev)->ds_next_snap_obj != ds->ds_object)
853 dsl_dataset_rele(ds, FTAG);
859 prev = dp->dp_origin_snap;
862 * The $ORIGIN can't have any data, or the accounting
865 rrw_enter(&ds->ds_bp_rwlock, RW_READER, FTAG);
866 ASSERT0(dsl_dataset_phys(prev)->ds_bp.blk_birth);
867 rrw_exit(&ds->ds_bp_rwlock, FTAG);
869 /* The origin doesn't get attached to itself */
870 if (ds->ds_object == prev->ds_object) {
871 dsl_dataset_rele(ds, FTAG);
875 dmu_buf_will_dirty(ds->ds_dbuf, tx);
876 dsl_dataset_phys(ds)->ds_prev_snap_obj = prev->ds_object;
877 dsl_dataset_phys(ds)->ds_prev_snap_txg =
878 dsl_dataset_phys(prev)->ds_creation_txg;
880 dmu_buf_will_dirty(ds->ds_dir->dd_dbuf, tx);
881 dsl_dir_phys(ds->ds_dir)->dd_origin_obj = prev->ds_object;
883 dmu_buf_will_dirty(prev->ds_dbuf, tx);
884 dsl_dataset_phys(prev)->ds_num_children++;
886 if (dsl_dataset_phys(ds)->ds_next_snap_obj == 0) {
887 ASSERT(ds->ds_prev == NULL);
888 VERIFY0(dsl_dataset_hold_obj(dp,
889 dsl_dataset_phys(ds)->ds_prev_snap_obj,
894 ASSERT3U(dsl_dir_phys(ds->ds_dir)->dd_origin_obj, ==, prev->ds_object);
895 ASSERT3U(dsl_dataset_phys(ds)->ds_prev_snap_obj, ==, prev->ds_object);
897 if (dsl_dataset_phys(prev)->ds_next_clones_obj == 0) {
898 dmu_buf_will_dirty(prev->ds_dbuf, tx);
899 dsl_dataset_phys(prev)->ds_next_clones_obj =
900 zap_create(dp->dp_meta_objset,
901 DMU_OT_NEXT_CLONES, DMU_OT_NONE, 0, tx);
903 VERIFY0(zap_add_int(dp->dp_meta_objset,
904 dsl_dataset_phys(prev)->ds_next_clones_obj, ds->ds_object, tx));
906 dsl_dataset_rele(ds, FTAG);
907 if (prev != dp->dp_origin_snap)
908 dsl_dataset_rele(prev, FTAG);
913 dsl_pool_upgrade_clones(dsl_pool_t *dp, dmu_tx_t *tx)
915 ASSERT(dmu_tx_is_syncing(tx));
916 ASSERT(dp->dp_origin_snap != NULL);
918 VERIFY0(dmu_objset_find_dp(dp, dp->dp_root_dir_obj, upgrade_clones_cb,
919 tx, DS_FIND_CHILDREN | DS_FIND_SERIALIZE));
924 upgrade_dir_clones_cb(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg)
927 objset_t *mos = dp->dp_meta_objset;
929 if (dsl_dir_phys(ds->ds_dir)->dd_origin_obj != 0) {
930 dsl_dataset_t *origin;
932 VERIFY0(dsl_dataset_hold_obj(dp,
933 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &origin));
935 if (dsl_dir_phys(origin->ds_dir)->dd_clones == 0) {
936 dmu_buf_will_dirty(origin->ds_dir->dd_dbuf, tx);
937 dsl_dir_phys(origin->ds_dir)->dd_clones =
938 zap_create(mos, DMU_OT_DSL_CLONES, DMU_OT_NONE,
942 VERIFY0(zap_add_int(dp->dp_meta_objset,
943 dsl_dir_phys(origin->ds_dir)->dd_clones,
946 dsl_dataset_rele(origin, FTAG);
952 dsl_pool_upgrade_dir_clones(dsl_pool_t *dp, dmu_tx_t *tx)
954 ASSERT(dmu_tx_is_syncing(tx));
957 (void) dsl_dir_create_sync(dp, dp->dp_root_dir, FREE_DIR_NAME, tx);
958 VERIFY0(dsl_pool_open_special_dir(dp,
959 FREE_DIR_NAME, &dp->dp_free_dir));
962 * We can't use bpobj_alloc(), because spa_version() still
963 * returns the old version, and we need a new-version bpobj with
964 * subobj support. So call dmu_object_alloc() directly.
966 obj = dmu_object_alloc(dp->dp_meta_objset, DMU_OT_BPOBJ,
967 SPA_OLD_MAXBLOCKSIZE, DMU_OT_BPOBJ_HDR, sizeof (bpobj_phys_t), tx);
968 VERIFY0(zap_add(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
969 DMU_POOL_FREE_BPOBJ, sizeof (uint64_t), 1, &obj, tx));
970 VERIFY0(bpobj_open(&dp->dp_free_bpobj, dp->dp_meta_objset, obj));
972 VERIFY0(dmu_objset_find_dp(dp, dp->dp_root_dir_obj,
973 upgrade_dir_clones_cb, tx, DS_FIND_CHILDREN | DS_FIND_SERIALIZE));
977 dsl_pool_create_origin(dsl_pool_t *dp, dmu_tx_t *tx)
982 ASSERT(dmu_tx_is_syncing(tx));
983 ASSERT(dp->dp_origin_snap == NULL);
984 ASSERT(rrw_held(&dp->dp_config_rwlock, RW_WRITER));
986 /* create the origin dir, ds, & snap-ds */
987 dsobj = dsl_dataset_create_sync(dp->dp_root_dir, ORIGIN_DIR_NAME,
989 VERIFY0(dsl_dataset_hold_obj(dp, dsobj, FTAG, &ds));
990 dsl_dataset_snapshot_sync_impl(ds, ORIGIN_DIR_NAME, tx);
991 VERIFY0(dsl_dataset_hold_obj(dp, dsl_dataset_phys(ds)->ds_prev_snap_obj,
992 dp, &dp->dp_origin_snap));
993 dsl_dataset_rele(ds, FTAG);
997 dsl_pool_vnrele_taskq(dsl_pool_t *dp)
999 return (dp->dp_vnrele_taskq);
1003 * Walk through the pool-wide zap object of temporary snapshot user holds
1007 dsl_pool_clean_tmp_userrefs(dsl_pool_t *dp)
1011 objset_t *mos = dp->dp_meta_objset;
1012 uint64_t zapobj = dp->dp_tmp_userrefs_obj;
1017 ASSERT(spa_version(dp->dp_spa) >= SPA_VERSION_USERREFS);
1019 holds = fnvlist_alloc();
1021 for (zap_cursor_init(&zc, mos, zapobj);
1022 zap_cursor_retrieve(&zc, &za) == 0;
1023 zap_cursor_advance(&zc)) {
1027 htag = strchr(za.za_name, '-');
1030 if (nvlist_lookup_nvlist(holds, za.za_name, &tags) != 0) {
1031 tags = fnvlist_alloc();
1032 fnvlist_add_boolean(tags, htag);
1033 fnvlist_add_nvlist(holds, za.za_name, tags);
1036 fnvlist_add_boolean(tags, htag);
1039 dsl_dataset_user_release_tmp(dp, holds);
1040 fnvlist_free(holds);
1041 zap_cursor_fini(&zc);
1045 * Create the pool-wide zap object for storing temporary snapshot holds.
1048 dsl_pool_user_hold_create_obj(dsl_pool_t *dp, dmu_tx_t *tx)
1050 objset_t *mos = dp->dp_meta_objset;
1052 ASSERT(dp->dp_tmp_userrefs_obj == 0);
1053 ASSERT(dmu_tx_is_syncing(tx));
1055 dp->dp_tmp_userrefs_obj = zap_create_link(mos, DMU_OT_USERREFS,
1056 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_TMP_USERREFS, tx);
1060 dsl_pool_user_hold_rele_impl(dsl_pool_t *dp, uint64_t dsobj,
1061 const char *tag, uint64_t now, dmu_tx_t *tx, boolean_t holding)
1063 objset_t *mos = dp->dp_meta_objset;
1064 uint64_t zapobj = dp->dp_tmp_userrefs_obj;
1068 ASSERT(spa_version(dp->dp_spa) >= SPA_VERSION_USERREFS);
1069 ASSERT(dmu_tx_is_syncing(tx));
1072 * If the pool was created prior to SPA_VERSION_USERREFS, the
1073 * zap object for temporary holds might not exist yet.
1077 dsl_pool_user_hold_create_obj(dp, tx);
1078 zapobj = dp->dp_tmp_userrefs_obj;
1080 return (SET_ERROR(ENOENT));
1084 name = kmem_asprintf("%llx-%s", (u_longlong_t)dsobj, tag);
1086 error = zap_add(mos, zapobj, name, 8, 1, &now, tx);
1088 error = zap_remove(mos, zapobj, name, tx);
1095 * Add a temporary hold for the given dataset object and tag.
1098 dsl_pool_user_hold(dsl_pool_t *dp, uint64_t dsobj, const char *tag,
1099 uint64_t now, dmu_tx_t *tx)
1101 return (dsl_pool_user_hold_rele_impl(dp, dsobj, tag, now, tx, B_TRUE));
1105 * Release a temporary hold for the given dataset object and tag.
1108 dsl_pool_user_release(dsl_pool_t *dp, uint64_t dsobj, const char *tag,
1111 return (dsl_pool_user_hold_rele_impl(dp, dsobj, tag, 0,
1116 * DSL Pool Configuration Lock
1118 * The dp_config_rwlock protects against changes to DSL state (e.g. dataset
1119 * creation / destruction / rename / property setting). It must be held for
1120 * read to hold a dataset or dsl_dir. I.e. you must call
1121 * dsl_pool_config_enter() or dsl_pool_hold() before calling
1122 * dsl_{dataset,dir}_hold{_obj}. In most circumstances, the dp_config_rwlock
1123 * must be held continuously until all datasets and dsl_dirs are released.
1125 * The only exception to this rule is that if a "long hold" is placed on
1126 * a dataset, then the dp_config_rwlock may be dropped while the dataset
1127 * is still held. The long hold will prevent the dataset from being
1128 * destroyed -- the destroy will fail with EBUSY. A long hold can be
1129 * obtained by calling dsl_dataset_long_hold(), or by "owning" a dataset
1130 * (by calling dsl_{dataset,objset}_{try}own{_obj}).
1132 * Legitimate long-holders (including owners) should be long-running, cancelable
1133 * tasks that should cause "zfs destroy" to fail. This includes DMU
1134 * consumers (i.e. a ZPL filesystem being mounted or ZVOL being open),
1135 * "zfs send", and "zfs diff". There are several other long-holders whose
1136 * uses are suboptimal (e.g. "zfs promote", and zil_suspend()).
1138 * The usual formula for long-holding would be:
1140 * dsl_dataset_hold()
1141 * ... perform checks ...
1142 * dsl_dataset_long_hold()
1144 * ... perform long-running task ...
1145 * dsl_dataset_long_rele()
1146 * dsl_dataset_rele()
1148 * Note that when the long hold is released, the dataset is still held but
1149 * the pool is not held. The dataset may change arbitrarily during this time
1150 * (e.g. it could be destroyed). Therefore you shouldn't do anything to the
1151 * dataset except release it.
1153 * User-initiated operations (e.g. ioctls, zfs_ioc_*()) are either read-only
1154 * or modifying operations.
1156 * Modifying operations should generally use dsl_sync_task(). The synctask
1157 * infrastructure enforces proper locking strategy with respect to the
1158 * dp_config_rwlock. See the comment above dsl_sync_task() for details.
1160 * Read-only operations will manually hold the pool, then the dataset, obtain
1161 * information from the dataset, then release the pool and dataset.
1162 * dmu_objset_{hold,rele}() are convenience routines that also do the pool
1167 dsl_pool_hold(const char *name, void *tag, dsl_pool_t **dp)
1172 error = spa_open(name, &spa, tag);
1174 *dp = spa_get_dsl(spa);
1175 dsl_pool_config_enter(*dp, tag);
1181 dsl_pool_rele(dsl_pool_t *dp, void *tag)
1183 dsl_pool_config_exit(dp, tag);
1184 spa_close(dp->dp_spa, tag);
1188 dsl_pool_config_enter(dsl_pool_t *dp, void *tag)
1191 * We use a "reentrant" reader-writer lock, but not reentrantly.
1193 * The rrwlock can (with the track_all flag) track all reading threads,
1194 * which is very useful for debugging which code path failed to release
1195 * the lock, and for verifying that the *current* thread does hold
1198 * (Unlike a rwlock, which knows that N threads hold it for
1199 * read, but not *which* threads, so rw_held(RW_READER) returns TRUE
1200 * if any thread holds it for read, even if this thread doesn't).
1202 ASSERT(!rrw_held(&dp->dp_config_rwlock, RW_READER));
1203 rrw_enter(&dp->dp_config_rwlock, RW_READER, tag);
1207 dsl_pool_config_enter_prio(dsl_pool_t *dp, void *tag)
1209 ASSERT(!rrw_held(&dp->dp_config_rwlock, RW_READER));
1210 rrw_enter_read_prio(&dp->dp_config_rwlock, tag);
1214 dsl_pool_config_exit(dsl_pool_t *dp, void *tag)
1216 rrw_exit(&dp->dp_config_rwlock, tag);
1220 dsl_pool_config_held(dsl_pool_t *dp)
1222 return (RRW_LOCK_HELD(&dp->dp_config_rwlock));
1226 dsl_pool_config_held_writer(dsl_pool_t *dp)
1228 return (RRW_WRITE_HELD(&dp->dp_config_rwlock));