4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013, 2014, Delphix. All rights reserved.
24 * Copyright (c) 2021, George Amanakis. All rights reserved.
28 * Routines to manage the on-disk persistent error log.
30 * Each pool stores a log of all logical data errors seen during normal
31 * operation. This is actually the union of two distinct logs: the last log,
32 * and the current log. All errors seen are logged to the current log. When a
33 * scrub completes, the current log becomes the last log, the last log is thrown
34 * out, and the current log is reinitialized. This way, if an error is somehow
35 * corrected, a new scrub will show that it no longer exists, and will be
36 * deleted from the log when the scrub completes.
38 * The log is stored using a ZAP object whose key is a string form of the
39 * zbookmark_phys tuple (objset, object, level, blkid), and whose contents is an
40 * optional 'objset:object' human-readable string describing the data. When an
41 * error is first logged, this string will be empty, indicating that no name is
42 * known. This prevents us from having to issue a potentially large amount of
43 * I/O to discover the object name during an error path. Instead, we do the
44 * calculation when the data is requested, storing the result so future queries
47 * If the head_errlog feature is enabled, a different on-disk format is used.
48 * The error log of each head dataset is stored separately in the zap object
49 * and keyed by the head id. This enables listing every dataset affected in
50 * userland. In order to be able to track whether an error block has been
51 * modified or added to snapshots since it was marked as an error, a new tuple
52 * is introduced: zbookmark_err_phys_t. It allows the storage of the birth
53 * transaction group of an error block on-disk. The birth transaction group is
54 * used by check_filesystem() to assess whether this block was freed,
55 * re-written or added to a snapshot since its marking as an error.
57 * This log is then shipped into an nvlist where the key is the dataset name and
58 * the value is the object name. Userland is then responsible for uniquifying
59 * this list and displaying it to the user.
62 #include <sys/dmu_tx.h>
64 #include <sys/spa_impl.h>
67 #include <sys/dsl_dir.h>
68 #include <sys/dmu_objset.h>
72 * spa_upgrade_errlog_limit : A zfs module parameter that controls the number
73 * of on-disk error log entries that will be converted to the new
74 * format when enabling head_errlog. Defaults to 0 which converts
77 static uint32_t spa_upgrade_errlog_limit = 0;
80 * Convert a bookmark to a string.
83 bookmark_to_name(zbookmark_phys_t *zb, char *buf, size_t len)
85 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx",
86 (u_longlong_t)zb->zb_objset, (u_longlong_t)zb->zb_object,
87 (u_longlong_t)zb->zb_level, (u_longlong_t)zb->zb_blkid);
91 * Convert an err_phys to a string.
94 errphys_to_name(zbookmark_err_phys_t *zep, char *buf, size_t len)
96 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx",
97 (u_longlong_t)zep->zb_object, (u_longlong_t)zep->zb_level,
98 (u_longlong_t)zep->zb_blkid, (u_longlong_t)zep->zb_birth);
102 * Convert a string to a err_phys.
105 name_to_errphys(char *buf, zbookmark_err_phys_t *zep)
107 zep->zb_object = zfs_strtonum(buf, &buf);
109 zep->zb_level = (int)zfs_strtonum(buf + 1, &buf);
111 zep->zb_blkid = zfs_strtonum(buf + 1, &buf);
113 zep->zb_birth = zfs_strtonum(buf + 1, &buf);
114 ASSERT(*buf == '\0');
118 * Convert a string to a bookmark.
121 name_to_bookmark(char *buf, zbookmark_phys_t *zb)
123 zb->zb_objset = zfs_strtonum(buf, &buf);
125 zb->zb_object = zfs_strtonum(buf + 1, &buf);
127 zb->zb_level = (int)zfs_strtonum(buf + 1, &buf);
129 zb->zb_blkid = zfs_strtonum(buf + 1, &buf);
130 ASSERT(*buf == '\0');
135 zep_to_zb(uint64_t dataset, zbookmark_err_phys_t *zep, zbookmark_phys_t *zb)
137 zb->zb_objset = dataset;
138 zb->zb_object = zep->zb_object;
139 zb->zb_level = zep->zb_level;
140 zb->zb_blkid = zep->zb_blkid;
145 name_to_object(char *buf, uint64_t *obj)
147 *obj = zfs_strtonum(buf, &buf);
148 ASSERT(*buf == '\0');
152 get_head_and_birth_txg(spa_t *spa, zbookmark_err_phys_t *zep, uint64_t ds_obj,
153 uint64_t *head_dataset_id)
155 dsl_pool_t *dp = spa->spa_dsl_pool;
159 dsl_pool_config_enter(dp, FTAG);
160 int error = dsl_dataset_hold_obj(dp, ds_obj, FTAG, &ds);
162 dsl_pool_config_exit(dp, FTAG);
165 ASSERT(head_dataset_id);
166 *head_dataset_id = dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
168 error = dmu_objset_from_ds(ds, &os);
170 dsl_dataset_rele(ds, FTAG);
171 dsl_pool_config_exit(dp, FTAG);
178 error = dnode_hold(os, zep->zb_object, FTAG, &dn);
180 dsl_dataset_rele(ds, FTAG);
181 dsl_pool_config_exit(dp, FTAG);
185 rw_enter(&dn->dn_struct_rwlock, RW_READER);
186 error = dbuf_dnode_findbp(dn, zep->zb_level, zep->zb_blkid, &bp, NULL,
189 if (error == 0 && BP_IS_HOLE(&bp))
190 error = SET_ERROR(ENOENT);
192 zep->zb_birth = bp.blk_birth;
193 rw_exit(&dn->dn_struct_rwlock);
194 dnode_rele(dn, FTAG);
195 dsl_dataset_rele(ds, FTAG);
196 dsl_pool_config_exit(dp, FTAG);
201 * Log an uncorrectable error to the persistent error log. We add it to the
202 * spa's list of pending errors. The changes are actually synced out to disk
203 * during spa_errlog_sync().
206 spa_log_error(spa_t *spa, const zbookmark_phys_t *zb)
208 spa_error_entry_t search;
209 spa_error_entry_t *new;
214 * If we are trying to import a pool, ignore any errors, as we won't be
215 * writing to the pool any time soon.
217 if (spa_load_state(spa) == SPA_LOAD_TRYIMPORT)
220 mutex_enter(&spa->spa_errlist_lock);
223 * If we have had a request to rotate the log, log it to the next list
224 * instead of the current one.
226 if (spa->spa_scrub_active || spa->spa_scrub_finished)
227 tree = &spa->spa_errlist_scrub;
229 tree = &spa->spa_errlist_last;
231 search.se_bookmark = *zb;
232 if (avl_find(tree, &search, &where) != NULL) {
233 mutex_exit(&spa->spa_errlist_lock);
237 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP);
238 new->se_bookmark = *zb;
239 avl_insert(tree, new, where);
241 mutex_exit(&spa->spa_errlist_lock);
246 find_birth_txg(dsl_dataset_t *ds, zbookmark_err_phys_t *zep,
250 int error = dmu_objset_from_ds(ds, &os);
257 error = dnode_hold(os, zep->zb_object, FTAG, &dn);
261 rw_enter(&dn->dn_struct_rwlock, RW_READER);
262 error = dbuf_dnode_findbp(dn, zep->zb_level, zep->zb_blkid, &bp, NULL,
265 if (error == 0 && BP_IS_HOLE(&bp))
266 error = SET_ERROR(ENOENT);
268 *birth_txg = bp.blk_birth;
269 rw_exit(&dn->dn_struct_rwlock);
270 dnode_rele(dn, FTAG);
275 * This function serves a double role. If only_count is true, it returns
276 * (in *count) how many times an error block belonging to this filesystem is
277 * referenced by snapshots or clones. If only_count is false, each time the
278 * error block is referenced by a snapshot or clone, it fills the userspace
279 * array at uaddr with the bookmarks of the error blocks. The array is filled
280 * from the back and *count is modified to be the number of unused entries at
281 * the beginning of the array.
284 check_filesystem(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
285 uint64_t *count, void *uaddr, boolean_t only_count)
288 dsl_pool_t *dp = spa->spa_dsl_pool;
290 int error = dsl_dataset_hold_obj(dp, head_ds, FTAG, &ds);
295 uint64_t txg_to_consider = spa->spa_syncing_txg;
296 boolean_t check_snapshot = B_TRUE;
297 error = find_birth_txg(ds, zep, &latest_txg);
299 if (zep->zb_birth == latest_txg) {
300 /* Block neither free nor rewritten. */
303 zep_to_zb(head_ds, zep, &zb);
304 if (copyout(&zb, (char *)uaddr + (*count - 1)
305 * sizeof (zbookmark_phys_t),
306 sizeof (zbookmark_phys_t)) != 0) {
307 dsl_dataset_rele(ds, FTAG);
308 return (SET_ERROR(EFAULT));
314 check_snapshot = B_FALSE;
316 ASSERT3U(zep->zb_birth, <, latest_txg);
317 txg_to_consider = latest_txg;
321 /* How many snapshots reference this block. */
323 error = zap_count(spa->spa_meta_objset,
324 dsl_dataset_phys(ds)->ds_snapnames_zapobj, &snap_count);
326 dsl_dataset_rele(ds, FTAG);
330 if (snap_count == 0) {
331 /* File system has no snapshot. */
332 dsl_dataset_rele(ds, FTAG);
336 uint64_t *snap_obj_array = kmem_alloc(snap_count * sizeof (uint64_t),
339 int aff_snap_count = 0;
340 uint64_t snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
341 uint64_t snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
343 /* Check only snapshots created from this file system. */
344 while (snap_obj != 0 && zep->zb_birth < snap_obj_txg &&
345 snap_obj_txg <= txg_to_consider) {
347 dsl_dataset_rele(ds, FTAG);
348 error = dsl_dataset_hold_obj(dp, snap_obj, FTAG, &ds);
352 if (dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj != head_ds)
355 boolean_t affected = B_TRUE;
356 if (check_snapshot) {
358 error = find_birth_txg(ds, zep, &blk_txg);
359 affected = (error == 0 && zep->zb_birth == blk_txg);
363 snap_obj_array[aff_snap_count] = snap_obj;
368 zep_to_zb(snap_obj, zep, &zb);
369 if (copyout(&zb, (char *)uaddr + (*count - 1) *
370 sizeof (zbookmark_phys_t),
371 sizeof (zbookmark_phys_t)) != 0) {
372 dsl_dataset_rele(ds, FTAG);
373 error = SET_ERROR(EFAULT);
382 * Only clones whose origins were affected could also
383 * have affected snapshots.
387 for (zap_cursor_init(&zc, spa->spa_meta_objset,
388 dsl_dataset_phys(ds)->ds_next_clones_obj);
389 zap_cursor_retrieve(&zc, &za) == 0;
390 zap_cursor_advance(&zc)) {
391 error = check_filesystem(spa,
392 za.za_first_integer, zep,
393 count, uaddr, only_count);
396 zap_cursor_fini(&zc);
400 zap_cursor_fini(&zc);
402 snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
403 snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
405 dsl_dataset_rele(ds, FTAG);
408 kmem_free(snap_obj_array, sizeof (*snap_obj_array));
413 find_top_affected_fs(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
414 uint64_t *top_affected_fs)
416 uint64_t oldest_dsobj;
417 int error = dsl_dataset_oldest_snapshot(spa, head_ds, zep->zb_birth,
423 error = dsl_dataset_hold_obj(spa->spa_dsl_pool, oldest_dsobj,
429 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
430 dsl_dataset_rele(ds, FTAG);
435 process_error_block(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
436 uint64_t *count, void *uaddr, boolean_t only_count)
438 dsl_pool_t *dp = spa->spa_dsl_pool;
439 dsl_pool_config_enter(dp, FTAG);
440 uint64_t top_affected_fs;
442 int error = find_top_affected_fs(spa, head_ds, zep, &top_affected_fs);
444 error = check_filesystem(spa, top_affected_fs, zep, count,
447 dsl_pool_config_exit(dp, FTAG);
452 get_errlog_size(spa_t *spa, uint64_t spa_err_obj)
454 if (spa_err_obj == 0)
460 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
461 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
463 zap_cursor_t head_ds_cursor;
464 zap_attribute_t head_ds_attr;
465 zbookmark_err_phys_t head_ds_block;
468 name_to_object(za.za_name, &head_ds);
470 for (zap_cursor_init(&head_ds_cursor, spa->spa_meta_objset,
471 za.za_first_integer); zap_cursor_retrieve(&head_ds_cursor,
472 &head_ds_attr) == 0; zap_cursor_advance(&head_ds_cursor)) {
474 name_to_errphys(head_ds_attr.za_name, &head_ds_block);
475 (void) process_error_block(spa, head_ds, &head_ds_block,
476 &total, NULL, B_TRUE);
478 zap_cursor_fini(&head_ds_cursor);
480 zap_cursor_fini(&zc);
485 get_errlist_size(spa_t *spa, avl_tree_t *tree)
487 if (avl_numnodes(tree) == 0)
491 spa_error_entry_t *se;
492 for (se = avl_first(tree); se != NULL; se = AVL_NEXT(tree, se)) {
493 zbookmark_err_phys_t zep;
494 zep.zb_object = se->se_bookmark.zb_object;
495 zep.zb_level = se->se_bookmark.zb_level;
496 zep.zb_blkid = se->se_bookmark.zb_blkid;
499 * If we cannot find out the head dataset and birth txg of
500 * the present error block, we opt not to error out. In the
501 * next pool sync this information will be retrieved by
502 * sync_error_list() and written to the on-disk error log.
504 uint64_t head_ds_obj;
505 if (get_head_and_birth_txg(spa, &zep,
506 se->se_bookmark.zb_objset, &head_ds_obj) == 0)
507 (void) process_error_block(spa, head_ds_obj, &zep,
508 &total, NULL, B_TRUE);
515 * Return the number of errors currently in the error log. This is actually the
516 * sum of both the last log and the current log, since we don't know the union
517 * of these logs until we reach userland.
520 spa_get_errlog_size(spa_t *spa)
524 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
525 mutex_enter(&spa->spa_errlog_lock);
527 if (spa->spa_errlog_scrub != 0 &&
528 zap_count(spa->spa_meta_objset, spa->spa_errlog_scrub,
532 if (spa->spa_errlog_last != 0 && !spa->spa_scrub_finished &&
533 zap_count(spa->spa_meta_objset, spa->spa_errlog_last,
536 mutex_exit(&spa->spa_errlog_lock);
538 mutex_enter(&spa->spa_errlist_lock);
539 total += avl_numnodes(&spa->spa_errlist_last);
540 total += avl_numnodes(&spa->spa_errlist_scrub);
541 mutex_exit(&spa->spa_errlist_lock);
544 mutex_enter(&spa->spa_errlog_lock);
545 total += get_errlog_size(spa, spa->spa_errlog_last);
546 total += get_errlog_size(spa, spa->spa_errlog_scrub);
547 mutex_exit(&spa->spa_errlog_lock);
549 mutex_enter(&spa->spa_errlist_lock);
550 total += get_errlist_size(spa, &spa->spa_errlist_last);
551 total += get_errlist_size(spa, &spa->spa_errlist_scrub);
552 mutex_exit(&spa->spa_errlist_lock);
559 * This function sweeps through an on-disk error log and stores all bookmarks
560 * as error bookmarks in a new ZAP object. At the end we discard the old one,
561 * and spa_update_errlog() will set the spa's on-disk error log to new ZAP
565 sync_upgrade_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t *newobj,
573 *newobj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG,
577 * If we cannnot perform the upgrade we should clear the old on-disk
580 if (zap_count(spa->spa_meta_objset, spa_err_obj, &count) != 0) {
581 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
585 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
586 zap_cursor_retrieve(&zc, &za) == 0;
587 zap_cursor_advance(&zc)) {
588 if (spa_upgrade_errlog_limit != 0 &&
589 zc.zc_cd == spa_upgrade_errlog_limit)
592 name_to_bookmark(za.za_name, &zb);
594 zbookmark_err_phys_t zep;
595 zep.zb_object = zb.zb_object;
596 zep.zb_level = zb.zb_level;
597 zep.zb_blkid = zb.zb_blkid;
600 * We cannot use get_head_and_birth_txg() because it will
601 * acquire the pool config lock, which we already have. In case
602 * of an error we simply continue.
604 uint64_t head_dataset_obj;
605 dsl_pool_t *dp = spa->spa_dsl_pool;
609 int error = dsl_dataset_hold_obj(dp, zb.zb_objset, FTAG, &ds);
614 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
617 * The objset and the dnode are required for getting the block
618 * pointer, which is used to determine if BP_IS_HOLE(). If
619 * getting the objset or the dnode fails, do not create a
620 * zap entry (presuming we know the dataset) as this may create
621 * spurious errors that we cannot ever resolve. If an error is
622 * truly persistent, it should re-appear after a scan.
624 if (dmu_objset_from_ds(ds, &os) != 0) {
625 dsl_dataset_rele(ds, FTAG);
632 if (dnode_hold(os, zep.zb_object, FTAG, &dn) != 0) {
633 dsl_dataset_rele(ds, FTAG);
637 rw_enter(&dn->dn_struct_rwlock, RW_READER);
638 error = dbuf_dnode_findbp(dn, zep.zb_level, zep.zb_blkid, &bp,
641 zep.zb_birth = bp.blk_birth;
642 rw_exit(&dn->dn_struct_rwlock);
643 dnode_rele(dn, FTAG);
644 dsl_dataset_rele(ds, FTAG);
646 if (error != 0 || BP_IS_HOLE(&bp))
650 error = zap_lookup_int_key(spa->spa_meta_objset, *newobj,
651 head_dataset_obj, &err_obj);
653 if (error == ENOENT) {
654 err_obj = zap_create(spa->spa_meta_objset,
655 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
657 (void) zap_update_int_key(spa->spa_meta_objset,
658 *newobj, head_dataset_obj, err_obj, tx);
662 errphys_to_name(&zep, buf, sizeof (buf));
664 const char *name = "";
665 (void) zap_update(spa->spa_meta_objset, err_obj,
666 buf, 1, strlen(name) + 1, name, tx);
668 zap_cursor_fini(&zc);
670 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
674 spa_upgrade_errlog(spa_t *spa, dmu_tx_t *tx)
678 mutex_enter(&spa->spa_errlog_lock);
679 if (spa->spa_errlog_last != 0) {
680 sync_upgrade_errlog(spa, spa->spa_errlog_last, &newobj, tx);
681 spa->spa_errlog_last = newobj;
684 if (spa->spa_errlog_scrub != 0) {
685 sync_upgrade_errlog(spa, spa->spa_errlog_scrub, &newobj, tx);
686 spa->spa_errlog_scrub = newobj;
688 mutex_exit(&spa->spa_errlog_lock);
693 * If an error block is shared by two datasets it will be counted twice. For
694 * detailed message see spa_get_errlog_size() above.
697 process_error_log(spa_t *spa, uint64_t obj, void *uaddr, uint64_t *count)
705 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
706 for (zap_cursor_init(&zc, spa->spa_meta_objset, obj);
707 zap_cursor_retrieve(&zc, &za) == 0;
708 zap_cursor_advance(&zc)) {
710 zap_cursor_fini(&zc);
711 return (SET_ERROR(ENOMEM));
715 name_to_bookmark(za.za_name, &zb);
717 if (copyout(&zb, (char *)uaddr +
718 (*count - 1) * sizeof (zbookmark_phys_t),
719 sizeof (zbookmark_phys_t)) != 0) {
720 zap_cursor_fini(&zc);
721 return (SET_ERROR(EFAULT));
726 zap_cursor_fini(&zc);
730 for (zap_cursor_init(&zc, spa->spa_meta_objset, obj);
731 zap_cursor_retrieve(&zc, &za) == 0;
732 zap_cursor_advance(&zc)) {
734 zap_cursor_t head_ds_cursor;
735 zap_attribute_t head_ds_attr;
737 uint64_t head_ds_err_obj = za.za_first_integer;
739 name_to_object(za.za_name, &head_ds);
740 for (zap_cursor_init(&head_ds_cursor, spa->spa_meta_objset,
741 head_ds_err_obj); zap_cursor_retrieve(&head_ds_cursor,
742 &head_ds_attr) == 0; zap_cursor_advance(&head_ds_cursor)) {
744 zbookmark_err_phys_t head_ds_block;
745 name_to_errphys(head_ds_attr.za_name, &head_ds_block);
746 int error = process_error_block(spa, head_ds,
747 &head_ds_block, count, uaddr, B_FALSE);
750 zap_cursor_fini(&head_ds_cursor);
751 zap_cursor_fini(&zc);
755 zap_cursor_fini(&head_ds_cursor);
757 zap_cursor_fini(&zc);
762 process_error_list(spa_t *spa, avl_tree_t *list, void *uaddr, uint64_t *count)
764 spa_error_entry_t *se;
766 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
767 for (se = avl_first(list); se != NULL;
768 se = AVL_NEXT(list, se)) {
771 return (SET_ERROR(ENOMEM));
773 if (copyout(&se->se_bookmark, (char *)uaddr +
774 (*count - 1) * sizeof (zbookmark_phys_t),
775 sizeof (zbookmark_phys_t)) != 0)
776 return (SET_ERROR(EFAULT));
783 for (se = avl_first(list); se != NULL; se = AVL_NEXT(list, se)) {
784 zbookmark_err_phys_t zep;
785 zep.zb_object = se->se_bookmark.zb_object;
786 zep.zb_level = se->se_bookmark.zb_level;
787 zep.zb_blkid = se->se_bookmark.zb_blkid;
789 uint64_t head_ds_obj;
790 int error = get_head_and_birth_txg(spa, &zep,
791 se->se_bookmark.zb_objset, &head_ds_obj);
795 error = process_error_block(spa, head_ds_obj, &zep, count,
805 * Copy all known errors to userland as an array of bookmarks. This is
806 * actually a union of the on-disk last log and current log, as well as any
807 * pending error requests.
809 * Because the act of reading the on-disk log could cause errors to be
810 * generated, we have two separate locks: one for the error log and one for the
811 * in-core error lists. We only need the error list lock to log and error, so
812 * we grab the error log lock while we read the on-disk logs, and only pick up
813 * the error list lock when we are finished.
816 spa_get_errlog(spa_t *spa, void *uaddr, uint64_t *count)
821 mutex_enter(&spa->spa_errlog_lock);
823 ret = process_error_log(spa, spa->spa_errlog_scrub, uaddr, count);
825 if (!ret && !spa->spa_scrub_finished)
826 ret = process_error_log(spa, spa->spa_errlog_last, uaddr,
829 mutex_enter(&spa->spa_errlist_lock);
831 ret = process_error_list(spa, &spa->spa_errlist_scrub, uaddr,
834 ret = process_error_list(spa, &spa->spa_errlist_last, uaddr,
836 mutex_exit(&spa->spa_errlist_lock);
838 mutex_exit(&spa->spa_errlog_lock);
840 (void) spa, (void) uaddr, (void) count;
847 * Called when a scrub completes. This simply set a bit which tells which AVL
848 * tree to add new errors. spa_errlog_sync() is responsible for actually
849 * syncing the changes to the underlying objects.
852 spa_errlog_rotate(spa_t *spa)
854 mutex_enter(&spa->spa_errlist_lock);
855 spa->spa_scrub_finished = B_TRUE;
856 mutex_exit(&spa->spa_errlist_lock);
860 * Discard any pending errors from the spa_t. Called when unloading a faulted
861 * pool, as the errors encountered during the open cannot be synced to disk.
864 spa_errlog_drain(spa_t *spa)
866 spa_error_entry_t *se;
869 mutex_enter(&spa->spa_errlist_lock);
872 while ((se = avl_destroy_nodes(&spa->spa_errlist_last,
874 kmem_free(se, sizeof (spa_error_entry_t));
876 while ((se = avl_destroy_nodes(&spa->spa_errlist_scrub,
878 kmem_free(se, sizeof (spa_error_entry_t));
880 mutex_exit(&spa->spa_errlist_lock);
884 * Process a list of errors into the current on-disk log.
887 sync_error_list(spa_t *spa, avl_tree_t *t, uint64_t *obj, dmu_tx_t *tx)
889 spa_error_entry_t *se;
893 if (avl_numnodes(t) == 0)
896 /* create log if necessary */
898 *obj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG,
901 /* add errors to the current log */
902 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
903 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) {
904 bookmark_to_name(&se->se_bookmark, buf, sizeof (buf));
906 const char *name = se->se_name ? se->se_name : "";
907 (void) zap_update(spa->spa_meta_objset, *obj, buf, 1,
908 strlen(name) + 1, name, tx);
911 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) {
912 zbookmark_err_phys_t zep;
913 zep.zb_object = se->se_bookmark.zb_object;
914 zep.zb_level = se->se_bookmark.zb_level;
915 zep.zb_blkid = se->se_bookmark.zb_blkid;
918 * If we cannot find out the head dataset and birth txg
919 * of the present error block, we simply continue.
920 * Reinserting that error block to the error lists,
921 * even if we are not syncing the final txg, results
922 * in duplicate posting of errors.
924 uint64_t head_dataset_obj;
925 int error = get_head_and_birth_txg(spa, &zep,
926 se->se_bookmark.zb_objset, &head_dataset_obj);
931 error = zap_lookup_int_key(spa->spa_meta_objset,
932 *obj, head_dataset_obj, &err_obj);
934 if (error == ENOENT) {
935 err_obj = zap_create(spa->spa_meta_objset,
936 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
938 (void) zap_update_int_key(spa->spa_meta_objset,
939 *obj, head_dataset_obj, err_obj, tx);
941 errphys_to_name(&zep, buf, sizeof (buf));
943 const char *name = se->se_name ? se->se_name : "";
944 (void) zap_update(spa->spa_meta_objset,
945 err_obj, buf, 1, strlen(name) + 1, name, tx);
948 /* purge the error list */
950 while ((se = avl_destroy_nodes(t, &cookie)) != NULL)
951 kmem_free(se, sizeof (spa_error_entry_t));
955 delete_errlog(spa_t *spa, uint64_t spa_err_obj, dmu_tx_t *tx)
957 if (spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
960 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
961 zap_cursor_retrieve(&zc, &za) == 0;
962 zap_cursor_advance(&zc)) {
963 VERIFY0(dmu_object_free(spa->spa_meta_objset,
964 za.za_first_integer, tx));
966 zap_cursor_fini(&zc);
968 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
972 * Sync the error log out to disk. This is a little tricky because the act of
973 * writing the error log requires the spa_errlist_lock. So, we need to lock the
974 * error lists, take a copy of the lists, and then reinitialize them. Then, we
975 * drop the error list lock and take the error log lock, at which point we
976 * do the errlog processing. Then, if we encounter an I/O error during this
977 * process, we can successfully add the error to the list. Note that this will
978 * result in the perpetual recycling of errors, but it is an unlikely situation
979 * and not a performance critical operation.
982 spa_errlog_sync(spa_t *spa, uint64_t txg)
985 avl_tree_t scrub, last;
988 mutex_enter(&spa->spa_errlist_lock);
991 * Bail out early under normal circumstances.
993 if (avl_numnodes(&spa->spa_errlist_scrub) == 0 &&
994 avl_numnodes(&spa->spa_errlist_last) == 0 &&
995 !spa->spa_scrub_finished) {
996 mutex_exit(&spa->spa_errlist_lock);
1000 spa_get_errlists(spa, &last, &scrub);
1001 scrub_finished = spa->spa_scrub_finished;
1002 spa->spa_scrub_finished = B_FALSE;
1004 mutex_exit(&spa->spa_errlist_lock);
1005 mutex_enter(&spa->spa_errlog_lock);
1007 tx = dmu_tx_create_assigned(spa->spa_dsl_pool, txg);
1010 * Sync out the current list of errors.
1012 sync_error_list(spa, &last, &spa->spa_errlog_last, tx);
1015 * Rotate the log if necessary.
1017 if (scrub_finished) {
1018 if (spa->spa_errlog_last != 0)
1019 delete_errlog(spa, spa->spa_errlog_last, tx);
1020 spa->spa_errlog_last = spa->spa_errlog_scrub;
1021 spa->spa_errlog_scrub = 0;
1023 sync_error_list(spa, &scrub, &spa->spa_errlog_last, tx);
1027 * Sync out any pending scrub errors.
1029 sync_error_list(spa, &scrub, &spa->spa_errlog_scrub, tx);
1032 * Update the MOS to reflect the new values.
1034 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
1035 DMU_POOL_ERRLOG_LAST, sizeof (uint64_t), 1,
1036 &spa->spa_errlog_last, tx);
1037 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
1038 DMU_POOL_ERRLOG_SCRUB, sizeof (uint64_t), 1,
1039 &spa->spa_errlog_scrub, tx);
1043 mutex_exit(&spa->spa_errlog_lock);
1047 delete_dataset_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t ds,
1050 if (spa_err_obj == 0)
1055 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
1056 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
1058 name_to_object(za.za_name, &head_ds);
1059 if (head_ds == ds) {
1060 (void) zap_remove(spa->spa_meta_objset, spa_err_obj,
1062 VERIFY0(dmu_object_free(spa->spa_meta_objset,
1063 za.za_first_integer, tx));
1067 zap_cursor_fini(&zc);
1071 spa_delete_dataset_errlog(spa_t *spa, uint64_t ds, dmu_tx_t *tx)
1073 mutex_enter(&spa->spa_errlog_lock);
1074 delete_dataset_errlog(spa, spa->spa_errlog_scrub, ds, tx);
1075 delete_dataset_errlog(spa, spa->spa_errlog_last, ds, tx);
1076 mutex_exit(&spa->spa_errlog_lock);
1080 find_txg_ancestor_snapshot(spa_t *spa, uint64_t new_head, uint64_t old_head,
1084 dsl_pool_t *dp = spa->spa_dsl_pool;
1086 int error = dsl_dataset_hold_obj(dp, old_head, FTAG, &ds);
1090 uint64_t prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
1091 uint64_t prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
1093 while (prev_obj != 0) {
1094 dsl_dataset_rele(ds, FTAG);
1095 if ((error = dsl_dataset_hold_obj(dp, prev_obj,
1097 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj == new_head)
1103 prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
1104 prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
1106 dsl_dataset_rele(ds, FTAG);
1107 ASSERT(prev_obj != 0);
1108 *txg = prev_obj_txg;
1113 swap_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t new_head, uint64_t
1114 old_head, dmu_tx_t *tx)
1116 if (spa_err_obj == 0)
1119 uint64_t old_head_errlog;
1120 int error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj,
1121 old_head, &old_head_errlog);
1123 /* If no error log, then there is nothing to do. */
1128 error = find_txg_ancestor_snapshot(spa, new_head, old_head, &txg);
1133 * Create an error log if the file system being promoted does not
1136 uint64_t new_head_errlog;
1137 error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj, new_head,
1141 new_head_errlog = zap_create(spa->spa_meta_objset,
1142 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
1144 (void) zap_update_int_key(spa->spa_meta_objset, spa_err_obj,
1145 new_head, new_head_errlog, tx);
1150 zbookmark_err_phys_t err_block;
1151 for (zap_cursor_init(&zc, spa->spa_meta_objset, old_head_errlog);
1152 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
1154 const char *name = "";
1155 name_to_errphys(za.za_name, &err_block);
1156 if (err_block.zb_birth < txg) {
1157 (void) zap_update(spa->spa_meta_objset, new_head_errlog,
1158 za.za_name, 1, strlen(name) + 1, name, tx);
1160 (void) zap_remove(spa->spa_meta_objset, old_head_errlog,
1164 zap_cursor_fini(&zc);
1168 spa_swap_errlog(spa_t *spa, uint64_t new_head_ds, uint64_t old_head_ds,
1171 mutex_enter(&spa->spa_errlog_lock);
1172 swap_errlog(spa, spa->spa_errlog_scrub, new_head_ds, old_head_ds, tx);
1173 swap_errlog(spa, spa->spa_errlog_last, new_head_ds, old_head_ds, tx);
1174 mutex_exit(&spa->spa_errlog_lock);
1177 #if defined(_KERNEL)
1178 /* error handling */
1179 EXPORT_SYMBOL(spa_log_error);
1180 EXPORT_SYMBOL(spa_get_errlog_size);
1181 EXPORT_SYMBOL(spa_get_errlog);
1182 EXPORT_SYMBOL(spa_errlog_rotate);
1183 EXPORT_SYMBOL(spa_errlog_drain);
1184 EXPORT_SYMBOL(spa_errlog_sync);
1185 EXPORT_SYMBOL(spa_get_errlists);
1186 EXPORT_SYMBOL(spa_delete_dataset_errlog);
1187 EXPORT_SYMBOL(spa_swap_errlog);
1188 EXPORT_SYMBOL(sync_error_list);
1189 EXPORT_SYMBOL(spa_upgrade_errlog);
1193 ZFS_MODULE_PARAM(zfs_spa, spa_, upgrade_errlog_limit, INT, ZMOD_RW,
1194 "Limit the number of errors which will be upgraded to the new "
1195 "on-disk error log when enabling head_errlog");
projects / FreeBSD / FreeBSD.git / blob