]>
Commit | Line | Data |
---|---|---|
34dc7c2f BB |
1 | /* |
2 | * CDDL HEADER START | |
3 | * | |
4 | * The contents of this file are subject to the terms of the | |
5 | * Common Development and Distribution License (the "License"). | |
6 | * You may not use this file except in compliance with the License. | |
7 | * | |
8 | * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 | * or http://www.opensolaris.org/os/licensing. | |
10 | * See the License for the specific language governing permissions | |
11 | * and limitations under the License. | |
12 | * | |
13 | * When distributing Covered Code, include this CDDL HEADER in each | |
14 | * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 | * If applicable, add the following below this CDDL HEADER, with the | |
16 | * fields enclosed by brackets "[]" replaced with your own identifying | |
17 | * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 | * | |
19 | * CDDL HEADER END | |
20 | */ | |
21 | /* | |
428870ff | 22 | * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. |
39efbde7 | 23 | * Copyright (c) 2012, 2016 by Delphix. All rights reserved. |
b1118acb | 24 | * Copyright (c) 2013 Martin Matuska. All rights reserved. |
788eb90c | 25 | * Copyright (c) 2014 Joyent, Inc. All rights reserved. |
0c66c32d | 26 | * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. |
a0bd735a | 27 | * Copyright (c) 2016 Actifio, Inc. All rights reserved. |
34dc7c2f BB |
28 | */ |
29 | ||
34dc7c2f BB |
30 | #include <sys/dmu.h> |
31 | #include <sys/dmu_objset.h> | |
32 | #include <sys/dmu_tx.h> | |
33 | #include <sys/dsl_dataset.h> | |
34 | #include <sys/dsl_dir.h> | |
35 | #include <sys/dsl_prop.h> | |
36 | #include <sys/dsl_synctask.h> | |
37 | #include <sys/dsl_deleg.h> | |
fa86b5db | 38 | #include <sys/dmu_impl.h> |
34dc7c2f | 39 | #include <sys/spa.h> |
ae76f45c | 40 | #include <sys/spa_impl.h> |
428870ff | 41 | #include <sys/metaslab.h> |
34dc7c2f BB |
42 | #include <sys/zap.h> |
43 | #include <sys/zio.h> | |
44 | #include <sys/arc.h> | |
45 | #include <sys/sunddi.h> | |
788eb90c JJ |
46 | #include <sys/zfeature.h> |
47 | #include <sys/policy.h> | |
48 | #include <sys/zfs_znode.h> | |
ba6a2402 | 49 | #include <sys/zvol.h> |
34dc7c2f | 50 | #include "zfs_namecheck.h" |
788eb90c JJ |
51 | #include "zfs_prop.h" |
52 | ||
53 | /* | |
54 | * Filesystem and Snapshot Limits | |
55 | * ------------------------------ | |
56 | * | |
57 | * These limits are used to restrict the number of filesystems and/or snapshots | |
58 | * that can be created at a given level in the tree or below. A typical | |
59 | * use-case is with a delegated dataset where the administrator wants to ensure | |
60 | * that a user within the zone is not creating too many additional filesystems | |
61 | * or snapshots, even though they're not exceeding their space quota. | |
62 | * | |
63 | * The filesystem and snapshot counts are stored as extensible properties. This | |
64 | * capability is controlled by a feature flag and must be enabled to be used. | |
65 | * Once enabled, the feature is not active until the first limit is set. At | |
66 | * that point, future operations to create/destroy filesystems or snapshots | |
67 | * will validate and update the counts. | |
68 | * | |
69 | * Because the count properties will not exist before the feature is active, | |
70 | * the counts are updated when a limit is first set on an uninitialized | |
71 | * dsl_dir node in the tree (The filesystem/snapshot count on a node includes | |
72 | * all of the nested filesystems/snapshots. Thus, a new leaf node has a | |
73 | * filesystem count of 0 and a snapshot count of 0. Non-existent filesystem and | |
74 | * snapshot count properties on a node indicate uninitialized counts on that | |
75 | * node.) When first setting a limit on an uninitialized node, the code starts | |
76 | * at the filesystem with the new limit and descends into all sub-filesystems | |
77 | * to add the count properties. | |
78 | * | |
79 | * In practice this is lightweight since a limit is typically set when the | |
80 | * filesystem is created and thus has no children. Once valid, changing the | |
81 | * limit value won't require a re-traversal since the counts are already valid. | |
82 | * When recursively fixing the counts, if a node with a limit is encountered | |
83 | * during the descent, the counts are known to be valid and there is no need to | |
84 | * descend into that filesystem's children. The counts on filesystems above the | |
85 | * one with the new limit will still be uninitialized, unless a limit is | |
86 | * eventually set on one of those filesystems. The counts are always recursively | |
87 | * updated when a limit is set on a dataset, unless there is already a limit. | |
88 | * When a new limit value is set on a filesystem with an existing limit, it is | |
89 | * possible for the new limit to be less than the current count at that level | |
90 | * since a user who can change the limit is also allowed to exceed the limit. | |
91 | * | |
92 | * Once the feature is active, then whenever a filesystem or snapshot is | |
93 | * created, the code recurses up the tree, validating the new count against the | |
94 | * limit at each initialized level. In practice, most levels will not have a | |
95 | * limit set. If there is a limit at any initialized level up the tree, the | |
96 | * check must pass or the creation will fail. Likewise, when a filesystem or | |
97 | * snapshot is destroyed, the counts are recursively adjusted all the way up | |
98 | * the initizized nodes in the tree. Renaming a filesystem into different point | |
99 | * in the tree will first validate, then update the counts on each branch up to | |
100 | * the common ancestor. A receive will also validate the counts and then update | |
101 | * them. | |
102 | * | |
103 | * An exception to the above behavior is that the limit is not enforced if the | |
104 | * user has permission to modify the limit. This is primarily so that | |
105 | * recursive snapshots in the global zone always work. We want to prevent a | |
106 | * denial-of-service in which a lower level delegated dataset could max out its | |
107 | * limit and thus block recursive snapshots from being taken in the global zone. | |
108 | * Because of this, it is possible for the snapshot count to be over the limit | |
109 | * and snapshots taken in the global zone could cause a lower level dataset to | |
110 | * hit or exceed its limit. The administrator taking the global zone recursive | |
111 | * snapshot should be aware of this side-effect and behave accordingly. | |
112 | * For consistency, the filesystem limit is also not enforced if the user can | |
113 | * modify the limit. | |
114 | * | |
115 | * The filesystem and snapshot limits are validated by dsl_fs_ss_limit_check() | |
116 | * and updated by dsl_fs_ss_count_adjust(). A new limit value is setup in | |
117 | * dsl_dir_activate_fs_ss_limit() and the counts are adjusted, if necessary, by | |
118 | * dsl_dir_init_fs_ss_count(). | |
119 | * | |
120 | * There is a special case when we receive a filesystem that already exists. In | |
121 | * this case a temporary clone name of %X is created (see dmu_recv_begin). We | |
122 | * never update the filesystem counts for temporary clones. | |
123 | * | |
124 | * Likewise, we do not update the snapshot counts for temporary snapshots, | |
125 | * such as those created by zfs diff. | |
126 | */ | |
34dc7c2f | 127 | |
d683ddbb JG |
128 | extern inline dsl_dir_phys_t *dsl_dir_phys(dsl_dir_t *dd); |
129 | ||
34dc7c2f | 130 | static uint64_t dsl_dir_space_towrite(dsl_dir_t *dd); |
34dc7c2f | 131 | |
34dc7c2f | 132 | static void |
39efbde7 | 133 | dsl_dir_evict_async(void *dbu) |
34dc7c2f | 134 | { |
0c66c32d | 135 | dsl_dir_t *dd = dbu; |
34dc7c2f | 136 | int t; |
d1d7e268 | 137 | ASSERTV(dsl_pool_t *dp = dd->dd_pool); |
34dc7c2f | 138 | |
0c66c32d JG |
139 | dd->dd_dbuf = NULL; |
140 | ||
34dc7c2f BB |
141 | for (t = 0; t < TXG_SIZE; t++) { |
142 | ASSERT(!txg_list_member(&dp->dp_dirty_dirs, dd, t)); | |
143 | ASSERT(dd->dd_tempreserved[t] == 0); | |
144 | ASSERT(dd->dd_space_towrite[t] == 0); | |
145 | } | |
146 | ||
34dc7c2f | 147 | if (dd->dd_parent) |
0c66c32d | 148 | dsl_dir_async_rele(dd->dd_parent, dd); |
34dc7c2f | 149 | |
0c66c32d | 150 | spa_async_close(dd->dd_pool->dp_spa, dd); |
34dc7c2f | 151 | |
0eb21616 | 152 | dsl_prop_fini(dd); |
34dc7c2f BB |
153 | mutex_destroy(&dd->dd_lock); |
154 | kmem_free(dd, sizeof (dsl_dir_t)); | |
155 | } | |
156 | ||
157 | int | |
13fe0198 | 158 | dsl_dir_hold_obj(dsl_pool_t *dp, uint64_t ddobj, |
34dc7c2f BB |
159 | const char *tail, void *tag, dsl_dir_t **ddp) |
160 | { | |
161 | dmu_buf_t *dbuf; | |
162 | dsl_dir_t *dd; | |
b5256303 | 163 | dmu_object_info_t doi; |
34dc7c2f BB |
164 | int err; |
165 | ||
13fe0198 | 166 | ASSERT(dsl_pool_config_held(dp)); |
34dc7c2f BB |
167 | |
168 | err = dmu_bonus_hold(dp->dp_meta_objset, ddobj, tag, &dbuf); | |
13fe0198 | 169 | if (err != 0) |
34dc7c2f BB |
170 | return (err); |
171 | dd = dmu_buf_get_user(dbuf); | |
b5256303 TC |
172 | |
173 | dmu_object_info_from_db(dbuf, &doi); | |
174 | ASSERT3U(doi.doi_bonus_type, ==, DMU_OT_DSL_DIR); | |
175 | ASSERT3U(doi.doi_bonus_size, >=, sizeof (dsl_dir_phys_t)); | |
176 | ||
34dc7c2f BB |
177 | if (dd == NULL) { |
178 | dsl_dir_t *winner; | |
34dc7c2f | 179 | |
79c76d5b | 180 | dd = kmem_zalloc(sizeof (dsl_dir_t), KM_SLEEP); |
34dc7c2f BB |
181 | dd->dd_object = ddobj; |
182 | dd->dd_dbuf = dbuf; | |
183 | dd->dd_pool = dp; | |
b5256303 TC |
184 | |
185 | if (dsl_dir_is_zapified(dd) && | |
186 | zap_contains(dp->dp_meta_objset, ddobj, | |
187 | DD_FIELD_CRYPTO_KEY_OBJ) == 0) { | |
188 | VERIFY0(zap_lookup(dp->dp_meta_objset, | |
189 | ddobj, DD_FIELD_CRYPTO_KEY_OBJ, | |
190 | sizeof (uint64_t), 1, &dd->dd_crypto_obj)); | |
ae76f45c TC |
191 | |
192 | /* check for on-disk format errata */ | |
193 | if (dsl_dir_incompatible_encryption_version(dd)) { | |
194 | dp->dp_spa->spa_errata = | |
195 | ZPOOL_ERRATA_ZOL_6845_ENCRYPTION; | |
196 | } | |
b5256303 TC |
197 | } |
198 | ||
34dc7c2f | 199 | mutex_init(&dd->dd_lock, NULL, MUTEX_DEFAULT, NULL); |
0eb21616 | 200 | dsl_prop_init(dd); |
34dc7c2f | 201 | |
428870ff BB |
202 | dsl_dir_snap_cmtime_update(dd); |
203 | ||
d683ddbb JG |
204 | if (dsl_dir_phys(dd)->dd_parent_obj) { |
205 | err = dsl_dir_hold_obj(dp, | |
206 | dsl_dir_phys(dd)->dd_parent_obj, NULL, dd, | |
207 | &dd->dd_parent); | |
13fe0198 | 208 | if (err != 0) |
b128c09f | 209 | goto errout; |
34dc7c2f BB |
210 | if (tail) { |
211 | #ifdef ZFS_DEBUG | |
212 | uint64_t foundobj; | |
213 | ||
214 | err = zap_lookup(dp->dp_meta_objset, | |
d683ddbb JG |
215 | dsl_dir_phys(dd->dd_parent)-> |
216 | dd_child_dir_zapobj, tail, | |
217 | sizeof (foundobj), 1, &foundobj); | |
34dc7c2f BB |
218 | ASSERT(err || foundobj == ddobj); |
219 | #endif | |
680eada9 | 220 | (void) strlcpy(dd->dd_myname, tail, |
221 | sizeof (dd->dd_myname)); | |
34dc7c2f BB |
222 | } else { |
223 | err = zap_value_search(dp->dp_meta_objset, | |
d683ddbb JG |
224 | dsl_dir_phys(dd->dd_parent)-> |
225 | dd_child_dir_zapobj, | |
34dc7c2f BB |
226 | ddobj, 0, dd->dd_myname); |
227 | } | |
13fe0198 | 228 | if (err != 0) |
b128c09f | 229 | goto errout; |
34dc7c2f BB |
230 | } else { |
231 | (void) strcpy(dd->dd_myname, spa_name(dp->dp_spa)); | |
232 | } | |
233 | ||
428870ff BB |
234 | if (dsl_dir_is_clone(dd)) { |
235 | dmu_buf_t *origin_bonus; | |
236 | dsl_dataset_phys_t *origin_phys; | |
237 | ||
238 | /* | |
239 | * We can't open the origin dataset, because | |
240 | * that would require opening this dsl_dir. | |
241 | * Just look at its phys directly instead. | |
242 | */ | |
243 | err = dmu_bonus_hold(dp->dp_meta_objset, | |
d683ddbb JG |
244 | dsl_dir_phys(dd)->dd_origin_obj, FTAG, |
245 | &origin_bonus); | |
13fe0198 | 246 | if (err != 0) |
428870ff BB |
247 | goto errout; |
248 | origin_phys = origin_bonus->db_data; | |
249 | dd->dd_origin_txg = | |
250 | origin_phys->ds_creation_txg; | |
251 | dmu_buf_rele(origin_bonus, FTAG); | |
252 | } | |
253 | ||
39efbde7 GM |
254 | dmu_buf_init_user(&dd->dd_dbu, NULL, dsl_dir_evict_async, |
255 | &dd->dd_dbuf); | |
0c66c32d JG |
256 | winner = dmu_buf_set_user_ie(dbuf, &dd->dd_dbu); |
257 | if (winner != NULL) { | |
34dc7c2f | 258 | if (dd->dd_parent) |
13fe0198 | 259 | dsl_dir_rele(dd->dd_parent, dd); |
0eb21616 | 260 | dsl_prop_fini(dd); |
34dc7c2f BB |
261 | mutex_destroy(&dd->dd_lock); |
262 | kmem_free(dd, sizeof (dsl_dir_t)); | |
263 | dd = winner; | |
264 | } else { | |
265 | spa_open_ref(dp->dp_spa, dd); | |
266 | } | |
267 | } | |
268 | ||
269 | /* | |
270 | * The dsl_dir_t has both open-to-close and instantiate-to-evict | |
271 | * holds on the spa. We need the open-to-close holds because | |
272 | * otherwise the spa_refcnt wouldn't change when we open a | |
273 | * dir which the spa also has open, so we could incorrectly | |
274 | * think it was OK to unload/export/destroy the pool. We need | |
275 | * the instantiate-to-evict hold because the dsl_dir_t has a | |
276 | * pointer to the dd_pool, which has a pointer to the spa_t. | |
277 | */ | |
278 | spa_open_ref(dp->dp_spa, tag); | |
279 | ASSERT3P(dd->dd_pool, ==, dp); | |
280 | ASSERT3U(dd->dd_object, ==, ddobj); | |
281 | ASSERT3P(dd->dd_dbuf, ==, dbuf); | |
282 | *ddp = dd; | |
283 | return (0); | |
b128c09f BB |
284 | |
285 | errout: | |
286 | if (dd->dd_parent) | |
13fe0198 | 287 | dsl_dir_rele(dd->dd_parent, dd); |
0eb21616 | 288 | dsl_prop_fini(dd); |
b128c09f BB |
289 | mutex_destroy(&dd->dd_lock); |
290 | kmem_free(dd, sizeof (dsl_dir_t)); | |
291 | dmu_buf_rele(dbuf, tag); | |
292 | return (err); | |
34dc7c2f BB |
293 | } |
294 | ||
295 | void | |
13fe0198 | 296 | dsl_dir_rele(dsl_dir_t *dd, void *tag) |
34dc7c2f BB |
297 | { |
298 | dprintf_dd(dd, "%s\n", ""); | |
299 | spa_close(dd->dd_pool->dp_spa, tag); | |
300 | dmu_buf_rele(dd->dd_dbuf, tag); | |
301 | } | |
302 | ||
0c66c32d JG |
303 | /* |
304 | * Remove a reference to the given dsl dir that is being asynchronously | |
305 | * released. Async releases occur from a taskq performing eviction of | |
306 | * dsl datasets and dirs. This process is identical to a normal release | |
307 | * with the exception of using the async API for releasing the reference on | |
308 | * the spa. | |
309 | */ | |
310 | void | |
311 | dsl_dir_async_rele(dsl_dir_t *dd, void *tag) | |
312 | { | |
313 | dprintf_dd(dd, "%s\n", ""); | |
314 | spa_async_close(dd->dd_pool->dp_spa, tag); | |
315 | dmu_buf_rele(dd->dd_dbuf, tag); | |
316 | } | |
317 | ||
eca7b760 | 318 | /* buf must be at least ZFS_MAX_DATASET_NAME_LEN bytes */ |
34dc7c2f BB |
319 | void |
320 | dsl_dir_name(dsl_dir_t *dd, char *buf) | |
321 | { | |
322 | if (dd->dd_parent) { | |
323 | dsl_dir_name(dd->dd_parent, buf); | |
eca7b760 IK |
324 | VERIFY3U(strlcat(buf, "/", ZFS_MAX_DATASET_NAME_LEN), <, |
325 | ZFS_MAX_DATASET_NAME_LEN); | |
34dc7c2f BB |
326 | } else { |
327 | buf[0] = '\0'; | |
328 | } | |
329 | if (!MUTEX_HELD(&dd->dd_lock)) { | |
330 | /* | |
331 | * recursive mutex so that we can use | |
332 | * dprintf_dd() with dd_lock held | |
333 | */ | |
334 | mutex_enter(&dd->dd_lock); | |
eca7b760 IK |
335 | VERIFY3U(strlcat(buf, dd->dd_myname, ZFS_MAX_DATASET_NAME_LEN), |
336 | <, ZFS_MAX_DATASET_NAME_LEN); | |
34dc7c2f BB |
337 | mutex_exit(&dd->dd_lock); |
338 | } else { | |
eca7b760 IK |
339 | VERIFY3U(strlcat(buf, dd->dd_myname, ZFS_MAX_DATASET_NAME_LEN), |
340 | <, ZFS_MAX_DATASET_NAME_LEN); | |
34dc7c2f BB |
341 | } |
342 | } | |
343 | ||
29809a6c | 344 | /* Calculate name length, avoiding all the strcat calls of dsl_dir_name */ |
34dc7c2f BB |
345 | int |
346 | dsl_dir_namelen(dsl_dir_t *dd) | |
347 | { | |
348 | int result = 0; | |
349 | ||
350 | if (dd->dd_parent) { | |
351 | /* parent's name + 1 for the "/" */ | |
352 | result = dsl_dir_namelen(dd->dd_parent) + 1; | |
353 | } | |
354 | ||
355 | if (!MUTEX_HELD(&dd->dd_lock)) { | |
356 | /* see dsl_dir_name */ | |
357 | mutex_enter(&dd->dd_lock); | |
358 | result += strlen(dd->dd_myname); | |
359 | mutex_exit(&dd->dd_lock); | |
360 | } else { | |
361 | result += strlen(dd->dd_myname); | |
362 | } | |
363 | ||
364 | return (result); | |
365 | } | |
366 | ||
34dc7c2f BB |
367 | static int |
368 | getcomponent(const char *path, char *component, const char **nextp) | |
369 | { | |
370 | char *p; | |
13fe0198 | 371 | |
9babb374 | 372 | if ((path == NULL) || (path[0] == '\0')) |
2e528b49 | 373 | return (SET_ERROR(ENOENT)); |
34dc7c2f BB |
374 | /* This would be a good place to reserve some namespace... */ |
375 | p = strpbrk(path, "/@"); | |
376 | if (p && (p[1] == '/' || p[1] == '@')) { | |
377 | /* two separators in a row */ | |
2e528b49 | 378 | return (SET_ERROR(EINVAL)); |
34dc7c2f BB |
379 | } |
380 | if (p == NULL || p == path) { | |
381 | /* | |
382 | * if the first thing is an @ or /, it had better be an | |
383 | * @ and it had better not have any more ats or slashes, | |
384 | * and it had better have something after the @. | |
385 | */ | |
386 | if (p != NULL && | |
387 | (p[0] != '@' || strpbrk(path+1, "/@") || p[1] == '\0')) | |
2e528b49 | 388 | return (SET_ERROR(EINVAL)); |
eca7b760 | 389 | if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) |
2e528b49 | 390 | return (SET_ERROR(ENAMETOOLONG)); |
34dc7c2f BB |
391 | (void) strcpy(component, path); |
392 | p = NULL; | |
393 | } else if (p[0] == '/') { | |
eca7b760 | 394 | if (p - path >= ZFS_MAX_DATASET_NAME_LEN) |
2e528b49 | 395 | return (SET_ERROR(ENAMETOOLONG)); |
34dc7c2f | 396 | (void) strncpy(component, path, p - path); |
13fe0198 | 397 | component[p - path] = '\0'; |
34dc7c2f BB |
398 | p++; |
399 | } else if (p[0] == '@') { | |
400 | /* | |
401 | * if the next separator is an @, there better not be | |
402 | * any more slashes. | |
403 | */ | |
404 | if (strchr(path, '/')) | |
2e528b49 | 405 | return (SET_ERROR(EINVAL)); |
eca7b760 | 406 | if (p - path >= ZFS_MAX_DATASET_NAME_LEN) |
2e528b49 | 407 | return (SET_ERROR(ENAMETOOLONG)); |
34dc7c2f | 408 | (void) strncpy(component, path, p - path); |
13fe0198 | 409 | component[p - path] = '\0'; |
34dc7c2f | 410 | } else { |
13fe0198 | 411 | panic("invalid p=%p", (void *)p); |
34dc7c2f BB |
412 | } |
413 | *nextp = p; | |
414 | return (0); | |
415 | } | |
416 | ||
417 | /* | |
13fe0198 MA |
418 | * Return the dsl_dir_t, and possibly the last component which couldn't |
419 | * be found in *tail. The name must be in the specified dsl_pool_t. This | |
420 | * thread must hold the dp_config_rwlock for the pool. Returns NULL if the | |
421 | * path is bogus, or if tail==NULL and we couldn't parse the whole name. | |
422 | * (*tail)[0] == '@' means that the last component is a snapshot. | |
34dc7c2f BB |
423 | */ |
424 | int | |
13fe0198 | 425 | dsl_dir_hold(dsl_pool_t *dp, const char *name, void *tag, |
34dc7c2f BB |
426 | dsl_dir_t **ddp, const char **tailp) |
427 | { | |
fcf37ec6 | 428 | char *buf; |
13fe0198 | 429 | const char *spaname, *next, *nextnext = NULL; |
34dc7c2f BB |
430 | int err; |
431 | dsl_dir_t *dd; | |
34dc7c2f | 432 | uint64_t ddobj; |
34dc7c2f | 433 | |
eca7b760 | 434 | buf = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN, KM_SLEEP); |
34dc7c2f | 435 | err = getcomponent(name, buf, &next); |
13fe0198 | 436 | if (err != 0) |
fcf37ec6 | 437 | goto error; |
34dc7c2f | 438 | |
13fe0198 MA |
439 | /* Make sure the name is in the specified pool. */ |
440 | spaname = spa_name(dp->dp_spa); | |
441 | if (strcmp(buf, spaname) != 0) { | |
9063f654 | 442 | err = SET_ERROR(EXDEV); |
13fe0198 | 443 | goto error; |
34dc7c2f BB |
444 | } |
445 | ||
13fe0198 | 446 | ASSERT(dsl_pool_config_held(dp)); |
34dc7c2f | 447 | |
13fe0198 MA |
448 | err = dsl_dir_hold_obj(dp, dp->dp_root_dir_obj, NULL, tag, &dd); |
449 | if (err != 0) { | |
fcf37ec6 | 450 | goto error; |
34dc7c2f BB |
451 | } |
452 | ||
453 | while (next != NULL) { | |
0c66c32d | 454 | dsl_dir_t *child_dd; |
34dc7c2f | 455 | err = getcomponent(next, buf, &nextnext); |
13fe0198 | 456 | if (err != 0) |
34dc7c2f BB |
457 | break; |
458 | ASSERT(next[0] != '\0'); | |
459 | if (next[0] == '@') | |
460 | break; | |
461 | dprintf("looking up %s in obj%lld\n", | |
d683ddbb | 462 | buf, dsl_dir_phys(dd)->dd_child_dir_zapobj); |
34dc7c2f BB |
463 | |
464 | err = zap_lookup(dp->dp_meta_objset, | |
d683ddbb | 465 | dsl_dir_phys(dd)->dd_child_dir_zapobj, |
34dc7c2f | 466 | buf, sizeof (ddobj), 1, &ddobj); |
13fe0198 | 467 | if (err != 0) { |
34dc7c2f BB |
468 | if (err == ENOENT) |
469 | err = 0; | |
470 | break; | |
471 | } | |
472 | ||
0c66c32d | 473 | err = dsl_dir_hold_obj(dp, ddobj, buf, tag, &child_dd); |
13fe0198 | 474 | if (err != 0) |
34dc7c2f | 475 | break; |
13fe0198 | 476 | dsl_dir_rele(dd, tag); |
0c66c32d | 477 | dd = child_dd; |
34dc7c2f BB |
478 | next = nextnext; |
479 | } | |
34dc7c2f | 480 | |
13fe0198 MA |
481 | if (err != 0) { |
482 | dsl_dir_rele(dd, tag); | |
fcf37ec6 | 483 | goto error; |
34dc7c2f BB |
484 | } |
485 | ||
486 | /* | |
487 | * It's an error if there's more than one component left, or | |
488 | * tailp==NULL and there's any component left. | |
489 | */ | |
490 | if (next != NULL && | |
491 | (tailp == NULL || (nextnext && nextnext[0] != '\0'))) { | |
492 | /* bad path name */ | |
13fe0198 | 493 | dsl_dir_rele(dd, tag); |
34dc7c2f | 494 | dprintf("next=%p (%s) tail=%p\n", next, next?next:"", tailp); |
2e528b49 | 495 | err = SET_ERROR(ENOENT); |
34dc7c2f | 496 | } |
13fe0198 | 497 | if (tailp != NULL) |
34dc7c2f | 498 | *tailp = next; |
34dc7c2f | 499 | *ddp = dd; |
fcf37ec6 | 500 | error: |
eca7b760 | 501 | kmem_free(buf, ZFS_MAX_DATASET_NAME_LEN); |
34dc7c2f BB |
502 | return (err); |
503 | } | |
504 | ||
788eb90c JJ |
505 | /* |
506 | * If the counts are already initialized for this filesystem and its | |
507 | * descendants then do nothing, otherwise initialize the counts. | |
508 | * | |
509 | * The counts on this filesystem, and those below, may be uninitialized due to | |
510 | * either the use of a pre-existing pool which did not support the | |
511 | * filesystem/snapshot limit feature, or one in which the feature had not yet | |
512 | * been enabled. | |
513 | * | |
514 | * Recursively descend the filesystem tree and update the filesystem/snapshot | |
515 | * counts on each filesystem below, then update the cumulative count on the | |
516 | * current filesystem. If the filesystem already has a count set on it, | |
517 | * then we know that its counts, and the counts on the filesystems below it, | |
518 | * are already correct, so we don't have to update this filesystem. | |
519 | */ | |
520 | static void | |
521 | dsl_dir_init_fs_ss_count(dsl_dir_t *dd, dmu_tx_t *tx) | |
522 | { | |
523 | uint64_t my_fs_cnt = 0; | |
524 | uint64_t my_ss_cnt = 0; | |
525 | dsl_pool_t *dp = dd->dd_pool; | |
526 | objset_t *os = dp->dp_meta_objset; | |
527 | zap_cursor_t *zc; | |
528 | zap_attribute_t *za; | |
529 | dsl_dataset_t *ds; | |
530 | ||
a0c9a17a | 531 | ASSERT(spa_feature_is_active(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT)); |
788eb90c JJ |
532 | ASSERT(dsl_pool_config_held(dp)); |
533 | ASSERT(dmu_tx_is_syncing(tx)); | |
534 | ||
535 | dsl_dir_zapify(dd, tx); | |
536 | ||
537 | /* | |
538 | * If the filesystem count has already been initialized then we | |
539 | * don't need to recurse down any further. | |
540 | */ | |
541 | if (zap_contains(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT) == 0) | |
542 | return; | |
543 | ||
544 | zc = kmem_alloc(sizeof (zap_cursor_t), KM_SLEEP); | |
545 | za = kmem_alloc(sizeof (zap_attribute_t), KM_SLEEP); | |
546 | ||
547 | /* Iterate my child dirs */ | |
d683ddbb | 548 | for (zap_cursor_init(zc, os, dsl_dir_phys(dd)->dd_child_dir_zapobj); |
788eb90c JJ |
549 | zap_cursor_retrieve(zc, za) == 0; zap_cursor_advance(zc)) { |
550 | dsl_dir_t *chld_dd; | |
551 | uint64_t count; | |
552 | ||
553 | VERIFY0(dsl_dir_hold_obj(dp, za->za_first_integer, NULL, FTAG, | |
554 | &chld_dd)); | |
555 | ||
556 | /* | |
557 | * Ignore hidden ($FREE, $MOS & $ORIGIN) objsets and | |
558 | * temporary datasets. | |
559 | */ | |
560 | if (chld_dd->dd_myname[0] == '$' || | |
561 | chld_dd->dd_myname[0] == '%') { | |
562 | dsl_dir_rele(chld_dd, FTAG); | |
563 | continue; | |
564 | } | |
565 | ||
566 | my_fs_cnt++; /* count this child */ | |
567 | ||
568 | dsl_dir_init_fs_ss_count(chld_dd, tx); | |
569 | ||
570 | VERIFY0(zap_lookup(os, chld_dd->dd_object, | |
571 | DD_FIELD_FILESYSTEM_COUNT, sizeof (count), 1, &count)); | |
572 | my_fs_cnt += count; | |
573 | VERIFY0(zap_lookup(os, chld_dd->dd_object, | |
574 | DD_FIELD_SNAPSHOT_COUNT, sizeof (count), 1, &count)); | |
575 | my_ss_cnt += count; | |
576 | ||
577 | dsl_dir_rele(chld_dd, FTAG); | |
578 | } | |
579 | zap_cursor_fini(zc); | |
580 | /* Count my snapshots (we counted children's snapshots above) */ | |
581 | VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, | |
d683ddbb | 582 | dsl_dir_phys(dd)->dd_head_dataset_obj, FTAG, &ds)); |
788eb90c | 583 | |
d683ddbb | 584 | for (zap_cursor_init(zc, os, dsl_dataset_phys(ds)->ds_snapnames_zapobj); |
788eb90c JJ |
585 | zap_cursor_retrieve(zc, za) == 0; |
586 | zap_cursor_advance(zc)) { | |
587 | /* Don't count temporary snapshots */ | |
588 | if (za->za_name[0] != '%') | |
589 | my_ss_cnt++; | |
590 | } | |
ca227e54 | 591 | zap_cursor_fini(zc); |
788eb90c JJ |
592 | |
593 | dsl_dataset_rele(ds, FTAG); | |
594 | ||
595 | kmem_free(zc, sizeof (zap_cursor_t)); | |
596 | kmem_free(za, sizeof (zap_attribute_t)); | |
597 | ||
598 | /* we're in a sync task, update counts */ | |
599 | dmu_buf_will_dirty(dd->dd_dbuf, tx); | |
600 | VERIFY0(zap_add(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT, | |
601 | sizeof (my_fs_cnt), 1, &my_fs_cnt, tx)); | |
602 | VERIFY0(zap_add(os, dd->dd_object, DD_FIELD_SNAPSHOT_COUNT, | |
603 | sizeof (my_ss_cnt), 1, &my_ss_cnt, tx)); | |
604 | } | |
605 | ||
606 | static int | |
607 | dsl_dir_actv_fs_ss_limit_check(void *arg, dmu_tx_t *tx) | |
608 | { | |
609 | char *ddname = (char *)arg; | |
610 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
611 | dsl_dataset_t *ds; | |
612 | dsl_dir_t *dd; | |
613 | int error; | |
614 | ||
615 | error = dsl_dataset_hold(dp, ddname, FTAG, &ds); | |
616 | if (error != 0) | |
617 | return (error); | |
618 | ||
619 | if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT)) { | |
620 | dsl_dataset_rele(ds, FTAG); | |
621 | return (SET_ERROR(ENOTSUP)); | |
622 | } | |
623 | ||
624 | dd = ds->ds_dir; | |
625 | if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT) && | |
626 | dsl_dir_is_zapified(dd) && | |
627 | zap_contains(dp->dp_meta_objset, dd->dd_object, | |
628 | DD_FIELD_FILESYSTEM_COUNT) == 0) { | |
629 | dsl_dataset_rele(ds, FTAG); | |
630 | return (SET_ERROR(EALREADY)); | |
631 | } | |
632 | ||
633 | dsl_dataset_rele(ds, FTAG); | |
634 | return (0); | |
635 | } | |
636 | ||
637 | static void | |
638 | dsl_dir_actv_fs_ss_limit_sync(void *arg, dmu_tx_t *tx) | |
639 | { | |
640 | char *ddname = (char *)arg; | |
641 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
642 | dsl_dataset_t *ds; | |
643 | spa_t *spa; | |
644 | ||
645 | VERIFY0(dsl_dataset_hold(dp, ddname, FTAG, &ds)); | |
646 | ||
647 | spa = dsl_dataset_get_spa(ds); | |
648 | ||
649 | if (!spa_feature_is_active(spa, SPA_FEATURE_FS_SS_LIMIT)) { | |
650 | /* | |
651 | * Since the feature was not active and we're now setting a | |
652 | * limit, increment the feature-active counter so that the | |
653 | * feature becomes active for the first time. | |
654 | * | |
655 | * We are already in a sync task so we can update the MOS. | |
656 | */ | |
657 | spa_feature_incr(spa, SPA_FEATURE_FS_SS_LIMIT, tx); | |
658 | } | |
659 | ||
660 | /* | |
661 | * Since we are now setting a non-UINT64_MAX limit on the filesystem, | |
662 | * we need to ensure the counts are correct. Descend down the tree from | |
663 | * this point and update all of the counts to be accurate. | |
664 | */ | |
665 | dsl_dir_init_fs_ss_count(ds->ds_dir, tx); | |
666 | ||
667 | dsl_dataset_rele(ds, FTAG); | |
668 | } | |
669 | ||
670 | /* | |
671 | * Make sure the feature is enabled and activate it if necessary. | |
672 | * Since we're setting a limit, ensure the on-disk counts are valid. | |
673 | * This is only called by the ioctl path when setting a limit value. | |
674 | * | |
675 | * We do not need to validate the new limit, since users who can change the | |
676 | * limit are also allowed to exceed the limit. | |
677 | */ | |
678 | int | |
679 | dsl_dir_activate_fs_ss_limit(const char *ddname) | |
680 | { | |
681 | int error; | |
682 | ||
683 | error = dsl_sync_task(ddname, dsl_dir_actv_fs_ss_limit_check, | |
3d45fdd6 MA |
684 | dsl_dir_actv_fs_ss_limit_sync, (void *)ddname, 0, |
685 | ZFS_SPACE_CHECK_RESERVED); | |
788eb90c JJ |
686 | |
687 | if (error == EALREADY) | |
688 | error = 0; | |
689 | ||
690 | return (error); | |
691 | } | |
692 | ||
693 | /* | |
694 | * Used to determine if the filesystem_limit or snapshot_limit should be | |
695 | * enforced. We allow the limit to be exceeded if the user has permission to | |
696 | * write the property value. We pass in the creds that we got in the open | |
697 | * context since we will always be the GZ root in syncing context. We also have | |
698 | * to handle the case where we are allowed to change the limit on the current | |
699 | * dataset, but there may be another limit in the tree above. | |
700 | * | |
701 | * We can never modify these two properties within a non-global zone. In | |
702 | * addition, the other checks are modeled on zfs_secpolicy_write_perms. We | |
703 | * can't use that function since we are already holding the dp_config_rwlock. | |
704 | * In addition, we already have the dd and dealing with snapshots is simplified | |
705 | * in this code. | |
706 | */ | |
707 | ||
708 | typedef enum { | |
709 | ENFORCE_ALWAYS, | |
710 | ENFORCE_NEVER, | |
711 | ENFORCE_ABOVE | |
712 | } enforce_res_t; | |
713 | ||
714 | static enforce_res_t | |
715 | dsl_enforce_ds_ss_limits(dsl_dir_t *dd, zfs_prop_t prop, cred_t *cr) | |
716 | { | |
717 | enforce_res_t enforce = ENFORCE_ALWAYS; | |
718 | uint64_t obj; | |
719 | dsl_dataset_t *ds; | |
720 | uint64_t zoned; | |
721 | ||
722 | ASSERT(prop == ZFS_PROP_FILESYSTEM_LIMIT || | |
723 | prop == ZFS_PROP_SNAPSHOT_LIMIT); | |
724 | ||
725 | #ifdef _KERNEL | |
726 | if (crgetzoneid(cr) != GLOBAL_ZONEID) | |
727 | return (ENFORCE_ALWAYS); | |
728 | ||
729 | if (secpolicy_zfs(cr) == 0) | |
730 | return (ENFORCE_NEVER); | |
731 | #endif | |
732 | ||
d683ddbb | 733 | if ((obj = dsl_dir_phys(dd)->dd_head_dataset_obj) == 0) |
788eb90c JJ |
734 | return (ENFORCE_ALWAYS); |
735 | ||
736 | ASSERT(dsl_pool_config_held(dd->dd_pool)); | |
737 | ||
738 | if (dsl_dataset_hold_obj(dd->dd_pool, obj, FTAG, &ds) != 0) | |
739 | return (ENFORCE_ALWAYS); | |
740 | ||
741 | if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL) || zoned) { | |
742 | /* Only root can access zoned fs's from the GZ */ | |
743 | enforce = ENFORCE_ALWAYS; | |
744 | } else { | |
745 | if (dsl_deleg_access_impl(ds, zfs_prop_to_name(prop), cr) == 0) | |
746 | enforce = ENFORCE_ABOVE; | |
747 | } | |
748 | ||
749 | dsl_dataset_rele(ds, FTAG); | |
750 | return (enforce); | |
751 | } | |
752 | ||
753 | /* | |
754 | * Check if adding additional child filesystem(s) would exceed any filesystem | |
755 | * limits or adding additional snapshot(s) would exceed any snapshot limits. | |
756 | * The prop argument indicates which limit to check. | |
757 | * | |
758 | * Note that all filesystem limits up to the root (or the highest | |
759 | * initialized) filesystem or the given ancestor must be satisfied. | |
760 | */ | |
761 | int | |
762 | dsl_fs_ss_limit_check(dsl_dir_t *dd, uint64_t delta, zfs_prop_t prop, | |
763 | dsl_dir_t *ancestor, cred_t *cr) | |
764 | { | |
765 | objset_t *os = dd->dd_pool->dp_meta_objset; | |
766 | uint64_t limit, count; | |
767 | char *count_prop; | |
768 | enforce_res_t enforce; | |
769 | int err = 0; | |
770 | ||
771 | ASSERT(dsl_pool_config_held(dd->dd_pool)); | |
772 | ASSERT(prop == ZFS_PROP_FILESYSTEM_LIMIT || | |
773 | prop == ZFS_PROP_SNAPSHOT_LIMIT); | |
774 | ||
775 | /* | |
776 | * If we're allowed to change the limit, don't enforce the limit | |
777 | * e.g. this can happen if a snapshot is taken by an administrative | |
778 | * user in the global zone (i.e. a recursive snapshot by root). | |
779 | * However, we must handle the case of delegated permissions where we | |
780 | * are allowed to change the limit on the current dataset, but there | |
781 | * is another limit in the tree above. | |
782 | */ | |
783 | enforce = dsl_enforce_ds_ss_limits(dd, prop, cr); | |
784 | if (enforce == ENFORCE_NEVER) | |
785 | return (0); | |
786 | ||
787 | /* | |
788 | * e.g. if renaming a dataset with no snapshots, count adjustment | |
789 | * is 0. | |
790 | */ | |
791 | if (delta == 0) | |
792 | return (0); | |
793 | ||
794 | if (prop == ZFS_PROP_SNAPSHOT_LIMIT) { | |
795 | /* | |
796 | * We don't enforce the limit for temporary snapshots. This is | |
797 | * indicated by a NULL cred_t argument. | |
798 | */ | |
799 | if (cr == NULL) | |
800 | return (0); | |
801 | ||
802 | count_prop = DD_FIELD_SNAPSHOT_COUNT; | |
803 | } else { | |
804 | count_prop = DD_FIELD_FILESYSTEM_COUNT; | |
805 | } | |
806 | ||
807 | /* | |
808 | * If an ancestor has been provided, stop checking the limit once we | |
809 | * hit that dir. We need this during rename so that we don't overcount | |
810 | * the check once we recurse up to the common ancestor. | |
811 | */ | |
812 | if (ancestor == dd) | |
813 | return (0); | |
814 | ||
815 | /* | |
816 | * If we hit an uninitialized node while recursing up the tree, we can | |
817 | * stop since we know there is no limit here (or above). The counts are | |
818 | * not valid on this node and we know we won't touch this node's counts. | |
819 | */ | |
820 | if (!dsl_dir_is_zapified(dd) || zap_lookup(os, dd->dd_object, | |
821 | count_prop, sizeof (count), 1, &count) == ENOENT) | |
822 | return (0); | |
823 | ||
824 | err = dsl_prop_get_dd(dd, zfs_prop_to_name(prop), 8, 1, &limit, NULL, | |
825 | B_FALSE); | |
826 | if (err != 0) | |
827 | return (err); | |
828 | ||
829 | /* Is there a limit which we've hit? */ | |
830 | if (enforce == ENFORCE_ALWAYS && (count + delta) > limit) | |
831 | return (SET_ERROR(EDQUOT)); | |
832 | ||
833 | if (dd->dd_parent != NULL) | |
834 | err = dsl_fs_ss_limit_check(dd->dd_parent, delta, prop, | |
835 | ancestor, cr); | |
836 | ||
837 | return (err); | |
838 | } | |
839 | ||
840 | /* | |
841 | * Adjust the filesystem or snapshot count for the specified dsl_dir_t and all | |
842 | * parents. When a new filesystem/snapshot is created, increment the count on | |
843 | * all parents, and when a filesystem/snapshot is destroyed, decrement the | |
844 | * count. | |
845 | */ | |
846 | void | |
847 | dsl_fs_ss_count_adjust(dsl_dir_t *dd, int64_t delta, const char *prop, | |
848 | dmu_tx_t *tx) | |
849 | { | |
850 | int err; | |
851 | objset_t *os = dd->dd_pool->dp_meta_objset; | |
852 | uint64_t count; | |
853 | ||
854 | ASSERT(dsl_pool_config_held(dd->dd_pool)); | |
855 | ASSERT(dmu_tx_is_syncing(tx)); | |
856 | ASSERT(strcmp(prop, DD_FIELD_FILESYSTEM_COUNT) == 0 || | |
857 | strcmp(prop, DD_FIELD_SNAPSHOT_COUNT) == 0); | |
858 | ||
859 | /* | |
860 | * When we receive an incremental stream into a filesystem that already | |
861 | * exists, a temporary clone is created. We don't count this temporary | |
862 | * clone, whose name begins with a '%'. We also ignore hidden ($FREE, | |
863 | * $MOS & $ORIGIN) objsets. | |
864 | */ | |
865 | if ((dd->dd_myname[0] == '%' || dd->dd_myname[0] == '$') && | |
866 | strcmp(prop, DD_FIELD_FILESYSTEM_COUNT) == 0) | |
867 | return; | |
868 | ||
869 | /* | |
870 | * e.g. if renaming a dataset with no snapshots, count adjustment is 0 | |
871 | */ | |
872 | if (delta == 0) | |
873 | return; | |
874 | ||
875 | /* | |
876 | * If we hit an uninitialized node while recursing up the tree, we can | |
877 | * stop since we know the counts are not valid on this node and we | |
878 | * know we shouldn't touch this node's counts. An uninitialized count | |
879 | * on the node indicates that either the feature has not yet been | |
880 | * activated or there are no limits on this part of the tree. | |
881 | */ | |
882 | if (!dsl_dir_is_zapified(dd) || (err = zap_lookup(os, dd->dd_object, | |
883 | prop, sizeof (count), 1, &count)) == ENOENT) | |
884 | return; | |
885 | VERIFY0(err); | |
886 | ||
887 | count += delta; | |
888 | /* Use a signed verify to make sure we're not neg. */ | |
889 | VERIFY3S(count, >=, 0); | |
890 | ||
891 | VERIFY0(zap_update(os, dd->dd_object, prop, sizeof (count), 1, &count, | |
892 | tx)); | |
893 | ||
894 | /* Roll up this additional count into our ancestors */ | |
895 | if (dd->dd_parent != NULL) | |
896 | dsl_fs_ss_count_adjust(dd->dd_parent, delta, prop, tx); | |
897 | } | |
898 | ||
34dc7c2f | 899 | uint64_t |
b128c09f BB |
900 | dsl_dir_create_sync(dsl_pool_t *dp, dsl_dir_t *pds, const char *name, |
901 | dmu_tx_t *tx) | |
34dc7c2f | 902 | { |
b128c09f | 903 | objset_t *mos = dp->dp_meta_objset; |
34dc7c2f | 904 | uint64_t ddobj; |
428870ff | 905 | dsl_dir_phys_t *ddphys; |
34dc7c2f BB |
906 | dmu_buf_t *dbuf; |
907 | ||
908 | ddobj = dmu_object_alloc(mos, DMU_OT_DSL_DIR, 0, | |
909 | DMU_OT_DSL_DIR, sizeof (dsl_dir_phys_t), tx); | |
b128c09f | 910 | if (pds) { |
d683ddbb | 911 | VERIFY(0 == zap_add(mos, dsl_dir_phys(pds)->dd_child_dir_zapobj, |
b128c09f BB |
912 | name, sizeof (uint64_t), 1, &ddobj, tx)); |
913 | } else { | |
914 | /* it's the root dir */ | |
915 | VERIFY(0 == zap_add(mos, DMU_POOL_DIRECTORY_OBJECT, | |
916 | DMU_POOL_ROOT_DATASET, sizeof (uint64_t), 1, &ddobj, tx)); | |
917 | } | |
34dc7c2f BB |
918 | VERIFY(0 == dmu_bonus_hold(mos, ddobj, FTAG, &dbuf)); |
919 | dmu_buf_will_dirty(dbuf, tx); | |
428870ff | 920 | ddphys = dbuf->db_data; |
34dc7c2f | 921 | |
428870ff | 922 | ddphys->dd_creation_time = gethrestime_sec(); |
788eb90c | 923 | if (pds) { |
428870ff | 924 | ddphys->dd_parent_obj = pds->dd_object; |
788eb90c JJ |
925 | |
926 | /* update the filesystem counts */ | |
927 | dsl_fs_ss_count_adjust(pds, 1, DD_FIELD_FILESYSTEM_COUNT, tx); | |
928 | } | |
428870ff | 929 | ddphys->dd_props_zapobj = zap_create(mos, |
34dc7c2f | 930 | DMU_OT_DSL_PROPS, DMU_OT_NONE, 0, tx); |
428870ff | 931 | ddphys->dd_child_dir_zapobj = zap_create(mos, |
34dc7c2f | 932 | DMU_OT_DSL_DIR_CHILD_MAP, DMU_OT_NONE, 0, tx); |
b128c09f | 933 | if (spa_version(dp->dp_spa) >= SPA_VERSION_USED_BREAKDOWN) |
428870ff | 934 | ddphys->dd_flags |= DD_FLAG_USED_BREAKDOWN; |
b5256303 | 935 | |
34dc7c2f BB |
936 | dmu_buf_rele(dbuf, FTAG); |
937 | ||
938 | return (ddobj); | |
939 | } | |
940 | ||
b128c09f BB |
941 | boolean_t |
942 | dsl_dir_is_clone(dsl_dir_t *dd) | |
34dc7c2f | 943 | { |
d683ddbb | 944 | return (dsl_dir_phys(dd)->dd_origin_obj && |
b128c09f | 945 | (dd->dd_pool->dp_origin_snap == NULL || |
d683ddbb | 946 | dsl_dir_phys(dd)->dd_origin_obj != |
b128c09f | 947 | dd->dd_pool->dp_origin_snap->ds_object)); |
34dc7c2f BB |
948 | } |
949 | ||
d99a0153 CW |
950 | |
951 | uint64_t | |
952 | dsl_dir_get_used(dsl_dir_t *dd) | |
953 | { | |
954 | return (dsl_dir_phys(dd)->dd_used_bytes); | |
955 | } | |
956 | ||
957 | uint64_t | |
958 | dsl_dir_get_quota(dsl_dir_t *dd) | |
959 | { | |
960 | return (dsl_dir_phys(dd)->dd_quota); | |
961 | } | |
962 | ||
963 | uint64_t | |
964 | dsl_dir_get_reservation(dsl_dir_t *dd) | |
965 | { | |
966 | return (dsl_dir_phys(dd)->dd_reserved); | |
967 | } | |
968 | ||
969 | uint64_t | |
970 | dsl_dir_get_compressratio(dsl_dir_t *dd) | |
971 | { | |
972 | /* a fixed point number, 100x the ratio */ | |
973 | return (dsl_dir_phys(dd)->dd_compressed_bytes == 0 ? 100 : | |
974 | (dsl_dir_phys(dd)->dd_uncompressed_bytes * 100 / | |
975 | dsl_dir_phys(dd)->dd_compressed_bytes)); | |
976 | } | |
977 | ||
978 | uint64_t | |
979 | dsl_dir_get_logicalused(dsl_dir_t *dd) | |
980 | { | |
981 | return (dsl_dir_phys(dd)->dd_uncompressed_bytes); | |
982 | } | |
983 | ||
984 | uint64_t | |
985 | dsl_dir_get_usedsnap(dsl_dir_t *dd) | |
986 | { | |
987 | return (dsl_dir_phys(dd)->dd_used_breakdown[DD_USED_SNAP]); | |
988 | } | |
989 | ||
990 | uint64_t | |
991 | dsl_dir_get_usedds(dsl_dir_t *dd) | |
992 | { | |
993 | return (dsl_dir_phys(dd)->dd_used_breakdown[DD_USED_HEAD]); | |
994 | } | |
995 | ||
996 | uint64_t | |
997 | dsl_dir_get_usedrefreserv(dsl_dir_t *dd) | |
998 | { | |
999 | return (dsl_dir_phys(dd)->dd_used_breakdown[DD_USED_REFRSRV]); | |
1000 | } | |
1001 | ||
1002 | uint64_t | |
1003 | dsl_dir_get_usedchild(dsl_dir_t *dd) | |
1004 | { | |
1005 | return (dsl_dir_phys(dd)->dd_used_breakdown[DD_USED_CHILD] + | |
1006 | dsl_dir_phys(dd)->dd_used_breakdown[DD_USED_CHILD_RSRV]); | |
1007 | } | |
1008 | ||
34dc7c2f | 1009 | void |
d99a0153 CW |
1010 | dsl_dir_get_origin(dsl_dir_t *dd, char *buf) |
1011 | { | |
1012 | dsl_dataset_t *ds; | |
1013 | VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, | |
1014 | dsl_dir_phys(dd)->dd_origin_obj, FTAG, &ds)); | |
1015 | ||
1016 | dsl_dataset_name(ds, buf); | |
1017 | ||
1018 | dsl_dataset_rele(ds, FTAG); | |
1019 | } | |
1020 | ||
1021 | int | |
1022 | dsl_dir_get_filesystem_count(dsl_dir_t *dd, uint64_t *count) | |
34dc7c2f | 1023 | { |
d99a0153 CW |
1024 | if (dsl_dir_is_zapified(dd)) { |
1025 | objset_t *os = dd->dd_pool->dp_meta_objset; | |
1026 | return (zap_lookup(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT, | |
1027 | sizeof (*count), 1, count)); | |
1028 | } else { | |
1029 | return (ENOENT); | |
1030 | } | |
1031 | } | |
1032 | ||
1033 | int | |
1034 | dsl_dir_get_snapshot_count(dsl_dir_t *dd, uint64_t *count) | |
1035 | { | |
1036 | if (dsl_dir_is_zapified(dd)) { | |
1037 | objset_t *os = dd->dd_pool->dp_meta_objset; | |
1038 | return (zap_lookup(os, dd->dd_object, DD_FIELD_SNAPSHOT_COUNT, | |
1039 | sizeof (*count), 1, count)); | |
1040 | } else { | |
1041 | return (ENOENT); | |
1042 | } | |
1043 | } | |
b5256303 | 1044 | |
d99a0153 CW |
1045 | void |
1046 | dsl_dir_stats(dsl_dir_t *dd, nvlist_t *nv) | |
1047 | { | |
34dc7c2f | 1048 | mutex_enter(&dd->dd_lock); |
d683ddbb | 1049 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_QUOTA, |
d99a0153 | 1050 | dsl_dir_get_quota(dd)); |
34dc7c2f | 1051 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_RESERVATION, |
d99a0153 | 1052 | dsl_dir_get_reservation(dd)); |
24a64651 | 1053 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_LOGICALUSED, |
d99a0153 | 1054 | dsl_dir_get_logicalused(dd)); |
d683ddbb | 1055 | if (dsl_dir_phys(dd)->dd_flags & DD_FLAG_USED_BREAKDOWN) { |
b128c09f | 1056 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDSNAP, |
d99a0153 | 1057 | dsl_dir_get_usedsnap(dd)); |
b128c09f | 1058 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDDS, |
d99a0153 | 1059 | dsl_dir_get_usedds(dd)); |
b128c09f | 1060 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDREFRESERV, |
d99a0153 | 1061 | dsl_dir_get_usedrefreserv(dd)); |
b128c09f | 1062 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDCHILD, |
d99a0153 | 1063 | dsl_dir_get_usedchild(dd)); |
b128c09f | 1064 | } |
34dc7c2f BB |
1065 | mutex_exit(&dd->dd_lock); |
1066 | ||
d99a0153 CW |
1067 | uint64_t count; |
1068 | if (dsl_dir_get_filesystem_count(dd, &count) == 0) { | |
1069 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_FILESYSTEM_COUNT, | |
1070 | count); | |
1071 | } | |
1072 | if (dsl_dir_get_snapshot_count(dd, &count) == 0) { | |
1073 | dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_SNAPSHOT_COUNT, | |
1074 | count); | |
788eb90c JJ |
1075 | } |
1076 | ||
b128c09f | 1077 | if (dsl_dir_is_clone(dd)) { |
eca7b760 | 1078 | char buf[ZFS_MAX_DATASET_NAME_LEN]; |
d99a0153 | 1079 | dsl_dir_get_origin(dd, buf); |
34dc7c2f BB |
1080 | dsl_prop_nvlist_add_string(nv, ZFS_PROP_ORIGIN, buf); |
1081 | } | |
d99a0153 | 1082 | |
34dc7c2f BB |
1083 | } |
1084 | ||
1085 | void | |
1086 | dsl_dir_dirty(dsl_dir_t *dd, dmu_tx_t *tx) | |
1087 | { | |
1088 | dsl_pool_t *dp = dd->dd_pool; | |
1089 | ||
d683ddbb | 1090 | ASSERT(dsl_dir_phys(dd)); |
34dc7c2f | 1091 | |
13fe0198 | 1092 | if (txg_list_add(&dp->dp_dirty_dirs, dd, tx->tx_txg)) { |
34dc7c2f BB |
1093 | /* up the hold count until we can be written out */ |
1094 | dmu_buf_add_ref(dd->dd_dbuf, dd); | |
1095 | } | |
1096 | } | |
1097 | ||
1098 | static int64_t | |
1099 | parent_delta(dsl_dir_t *dd, uint64_t used, int64_t delta) | |
1100 | { | |
d683ddbb JG |
1101 | uint64_t old_accounted = MAX(used, dsl_dir_phys(dd)->dd_reserved); |
1102 | uint64_t new_accounted = | |
1103 | MAX(used + delta, dsl_dir_phys(dd)->dd_reserved); | |
34dc7c2f BB |
1104 | return (new_accounted - old_accounted); |
1105 | } | |
1106 | ||
1107 | void | |
1108 | dsl_dir_sync(dsl_dir_t *dd, dmu_tx_t *tx) | |
1109 | { | |
1110 | ASSERT(dmu_tx_is_syncing(tx)); | |
1111 | ||
34dc7c2f | 1112 | mutex_enter(&dd->dd_lock); |
c99c9001 | 1113 | ASSERT0(dd->dd_tempreserved[tx->tx_txg&TXG_MASK]); |
34dc7c2f BB |
1114 | dprintf_dd(dd, "txg=%llu towrite=%lluK\n", tx->tx_txg, |
1115 | dd->dd_space_towrite[tx->tx_txg&TXG_MASK] / 1024); | |
1116 | dd->dd_space_towrite[tx->tx_txg&TXG_MASK] = 0; | |
34dc7c2f BB |
1117 | mutex_exit(&dd->dd_lock); |
1118 | ||
1119 | /* release the hold from dsl_dir_dirty */ | |
1120 | dmu_buf_rele(dd->dd_dbuf, dd); | |
1121 | } | |
1122 | ||
1123 | static uint64_t | |
1124 | dsl_dir_space_towrite(dsl_dir_t *dd) | |
1125 | { | |
1126 | uint64_t space = 0; | |
34dc7c2f BB |
1127 | |
1128 | ASSERT(MUTEX_HELD(&dd->dd_lock)); | |
1129 | ||
3ec3bc21 BB |
1130 | for (int i = 0; i < TXG_SIZE; i++) { |
1131 | space += dd->dd_space_towrite[i & TXG_MASK]; | |
1132 | ASSERT3U(dd->dd_space_towrite[i & TXG_MASK], >=, 0); | |
34dc7c2f BB |
1133 | } |
1134 | return (space); | |
1135 | } | |
1136 | ||
1137 | /* | |
1138 | * How much space would dd have available if ancestor had delta applied | |
1139 | * to it? If ondiskonly is set, we're only interested in what's | |
1140 | * on-disk, not estimated pending changes. | |
1141 | */ | |
1142 | uint64_t | |
1143 | dsl_dir_space_available(dsl_dir_t *dd, | |
1144 | dsl_dir_t *ancestor, int64_t delta, int ondiskonly) | |
1145 | { | |
1146 | uint64_t parentspace, myspace, quota, used; | |
1147 | ||
1148 | /* | |
1149 | * If there are no restrictions otherwise, assume we have | |
1150 | * unlimited space available. | |
1151 | */ | |
1152 | quota = UINT64_MAX; | |
1153 | parentspace = UINT64_MAX; | |
1154 | ||
1155 | if (dd->dd_parent != NULL) { | |
1156 | parentspace = dsl_dir_space_available(dd->dd_parent, | |
1157 | ancestor, delta, ondiskonly); | |
1158 | } | |
1159 | ||
1160 | mutex_enter(&dd->dd_lock); | |
d683ddbb JG |
1161 | if (dsl_dir_phys(dd)->dd_quota != 0) |
1162 | quota = dsl_dir_phys(dd)->dd_quota; | |
1163 | used = dsl_dir_phys(dd)->dd_used_bytes; | |
34dc7c2f BB |
1164 | if (!ondiskonly) |
1165 | used += dsl_dir_space_towrite(dd); | |
34dc7c2f BB |
1166 | |
1167 | if (dd->dd_parent == NULL) { | |
1168 | uint64_t poolsize = dsl_pool_adjustedsize(dd->dd_pool, FALSE); | |
1169 | quota = MIN(quota, poolsize); | |
1170 | } | |
1171 | ||
d683ddbb | 1172 | if (dsl_dir_phys(dd)->dd_reserved > used && parentspace != UINT64_MAX) { |
34dc7c2f BB |
1173 | /* |
1174 | * We have some space reserved, in addition to what our | |
1175 | * parent gave us. | |
1176 | */ | |
d683ddbb | 1177 | parentspace += dsl_dir_phys(dd)->dd_reserved - used; |
34dc7c2f BB |
1178 | } |
1179 | ||
b128c09f BB |
1180 | if (dd == ancestor) { |
1181 | ASSERT(delta <= 0); | |
1182 | ASSERT(used >= -delta); | |
1183 | used += delta; | |
1184 | if (parentspace != UINT64_MAX) | |
1185 | parentspace -= delta; | |
1186 | } | |
1187 | ||
34dc7c2f BB |
1188 | if (used > quota) { |
1189 | /* over quota */ | |
1190 | myspace = 0; | |
34dc7c2f BB |
1191 | } else { |
1192 | /* | |
1193 | * the lesser of the space provided by our parent and | |
1194 | * the space left in our quota | |
1195 | */ | |
1196 | myspace = MIN(parentspace, quota - used); | |
1197 | } | |
1198 | ||
1199 | mutex_exit(&dd->dd_lock); | |
1200 | ||
1201 | return (myspace); | |
1202 | } | |
1203 | ||
1204 | struct tempreserve { | |
1205 | list_node_t tr_node; | |
34dc7c2f BB |
1206 | dsl_dir_t *tr_ds; |
1207 | uint64_t tr_size; | |
1208 | }; | |
1209 | ||
1210 | static int | |
1211 | dsl_dir_tempreserve_impl(dsl_dir_t *dd, uint64_t asize, boolean_t netfree, | |
3ec3bc21 | 1212 | boolean_t ignorequota, list_t *tr_list, |
34dc7c2f BB |
1213 | dmu_tx_t *tx, boolean_t first) |
1214 | { | |
419c80e6 | 1215 | uint64_t txg; |
3ec3bc21 | 1216 | uint64_t quota; |
34dc7c2f | 1217 | struct tempreserve *tr; |
419c80e6 D |
1218 | int retval; |
1219 | uint64_t ref_rsrv; | |
1220 | ||
1221 | top_of_function: | |
1222 | txg = tx->tx_txg; | |
1223 | retval = EDQUOT; | |
1224 | ref_rsrv = 0; | |
34dc7c2f BB |
1225 | |
1226 | ASSERT3U(txg, !=, 0); | |
1227 | ASSERT3S(asize, >, 0); | |
1228 | ||
1229 | mutex_enter(&dd->dd_lock); | |
1230 | ||
1231 | /* | |
1232 | * Check against the dsl_dir's quota. We don't add in the delta | |
1233 | * when checking for over-quota because they get one free hit. | |
1234 | */ | |
3ec3bc21 BB |
1235 | uint64_t est_inflight = dsl_dir_space_towrite(dd); |
1236 | for (int i = 0; i < TXG_SIZE; i++) | |
34dc7c2f | 1237 | est_inflight += dd->dd_tempreserved[i]; |
3ec3bc21 | 1238 | uint64_t used_on_disk = dsl_dir_phys(dd)->dd_used_bytes; |
34dc7c2f BB |
1239 | |
1240 | /* | |
1241 | * On the first iteration, fetch the dataset's used-on-disk and | |
1242 | * refreservation values. Also, if checkrefquota is set, test if | |
1243 | * allocating this space would exceed the dataset's refquota. | |
1244 | */ | |
1245 | if (first && tx->tx_objset) { | |
1246 | int error; | |
428870ff | 1247 | dsl_dataset_t *ds = tx->tx_objset->os_dsl_dataset; |
34dc7c2f | 1248 | |
3ec3bc21 | 1249 | error = dsl_dataset_check_quota(ds, !netfree, |
34dc7c2f | 1250 | asize, est_inflight, &used_on_disk, &ref_rsrv); |
3ec3bc21 | 1251 | if (error != 0) { |
34dc7c2f | 1252 | mutex_exit(&dd->dd_lock); |
3d920a15 | 1253 | DMU_TX_STAT_BUMP(dmu_tx_quota); |
34dc7c2f BB |
1254 | return (error); |
1255 | } | |
1256 | } | |
1257 | ||
1258 | /* | |
1259 | * If this transaction will result in a net free of space, | |
1260 | * we want to let it through. | |
1261 | */ | |
d683ddbb | 1262 | if (ignorequota || netfree || dsl_dir_phys(dd)->dd_quota == 0) |
34dc7c2f BB |
1263 | quota = UINT64_MAX; |
1264 | else | |
d683ddbb | 1265 | quota = dsl_dir_phys(dd)->dd_quota; |
34dc7c2f BB |
1266 | |
1267 | /* | |
428870ff BB |
1268 | * Adjust the quota against the actual pool size at the root |
1269 | * minus any outstanding deferred frees. | |
34dc7c2f BB |
1270 | * To ensure that it's possible to remove files from a full |
1271 | * pool without inducing transient overcommits, we throttle | |
1272 | * netfree transactions against a quota that is slightly larger, | |
1273 | * but still within the pool's allocation slop. In cases where | |
1274 | * we're very close to full, this will allow a steady trickle of | |
1275 | * removes to get through. | |
1276 | */ | |
3ec3bc21 | 1277 | uint64_t deferred = 0; |
34dc7c2f | 1278 | if (dd->dd_parent == NULL) { |
428870ff | 1279 | spa_t *spa = dd->dd_pool->dp_spa; |
34dc7c2f | 1280 | uint64_t poolsize = dsl_pool_adjustedsize(dd->dd_pool, netfree); |
428870ff BB |
1281 | deferred = metaslab_class_get_deferred(spa_normal_class(spa)); |
1282 | if (poolsize - deferred < quota) { | |
1283 | quota = poolsize - deferred; | |
1284 | retval = ENOSPC; | |
34dc7c2f BB |
1285 | } |
1286 | } | |
1287 | ||
1288 | /* | |
1289 | * If they are requesting more space, and our current estimate | |
1290 | * is over quota, they get to try again unless the actual | |
1291 | * on-disk is over quota and there are no pending changes (which | |
1292 | * may free up space for us). | |
1293 | */ | |
428870ff BB |
1294 | if (used_on_disk + est_inflight >= quota) { |
1295 | if (est_inflight > 0 || used_on_disk < quota || | |
1296 | (retval == ENOSPC && used_on_disk < quota + deferred)) | |
1297 | retval = ERESTART; | |
34dc7c2f BB |
1298 | dprintf_dd(dd, "failing: used=%lluK inflight = %lluK " |
1299 | "quota=%lluK tr=%lluK err=%d\n", | |
1300 | used_on_disk>>10, est_inflight>>10, | |
428870ff | 1301 | quota>>10, asize>>10, retval); |
34dc7c2f | 1302 | mutex_exit(&dd->dd_lock); |
3d920a15 | 1303 | DMU_TX_STAT_BUMP(dmu_tx_quota); |
2e528b49 | 1304 | return (SET_ERROR(retval)); |
34dc7c2f BB |
1305 | } |
1306 | ||
1307 | /* We need to up our estimated delta before dropping dd_lock */ | |
3ec3bc21 | 1308 | dd->dd_tempreserved[txg & TXG_MASK] += asize; |
34dc7c2f | 1309 | |
3ec3bc21 | 1310 | uint64_t parent_rsrv = parent_delta(dd, used_on_disk + est_inflight, |
34dc7c2f BB |
1311 | asize - ref_rsrv); |
1312 | mutex_exit(&dd->dd_lock); | |
1313 | ||
79c76d5b | 1314 | tr = kmem_zalloc(sizeof (struct tempreserve), KM_SLEEP); |
34dc7c2f BB |
1315 | tr->tr_ds = dd; |
1316 | tr->tr_size = asize; | |
1317 | list_insert_tail(tr_list, tr); | |
1318 | ||
1319 | /* see if it's OK with our parent */ | |
3ec3bc21 | 1320 | if (dd->dd_parent != NULL && parent_rsrv != 0) { |
419c80e6 D |
1321 | /* |
1322 | * Recurse on our parent without recursion. This has been | |
1323 | * observed to be potentially large stack usage even within | |
1324 | * the test suite. Largest seen stack was 7632 bytes on linux. | |
1325 | */ | |
1326 | ||
1327 | dd = dd->dd_parent; | |
1328 | asize = parent_rsrv; | |
1329 | ignorequota = (dsl_dir_phys(dd)->dd_head_dataset_obj == 0); | |
1330 | first = B_FALSE; | |
1331 | goto top_of_function; | |
34dc7c2f | 1332 | |
34dc7c2f BB |
1333 | } else { |
1334 | return (0); | |
1335 | } | |
1336 | } | |
1337 | ||
1338 | /* | |
1339 | * Reserve space in this dsl_dir, to be used in this tx's txg. | |
1340 | * After the space has been dirtied (and dsl_dir_willuse_space() | |
1341 | * has been called), the reservation should be canceled, using | |
1342 | * dsl_dir_tempreserve_clear(). | |
1343 | */ | |
1344 | int | |
1345 | dsl_dir_tempreserve_space(dsl_dir_t *dd, uint64_t lsize, uint64_t asize, | |
3ec3bc21 | 1346 | boolean_t netfree, void **tr_cookiep, dmu_tx_t *tx) |
34dc7c2f BB |
1347 | { |
1348 | int err; | |
1349 | list_t *tr_list; | |
1350 | ||
1351 | if (asize == 0) { | |
1352 | *tr_cookiep = NULL; | |
1353 | return (0); | |
1354 | } | |
1355 | ||
79c76d5b | 1356 | tr_list = kmem_alloc(sizeof (list_t), KM_SLEEP); |
34dc7c2f BB |
1357 | list_create(tr_list, sizeof (struct tempreserve), |
1358 | offsetof(struct tempreserve, tr_node)); | |
1359 | ASSERT3S(asize, >, 0); | |
34dc7c2f BB |
1360 | |
1361 | err = arc_tempreserve_space(lsize, tx->tx_txg); | |
1362 | if (err == 0) { | |
1363 | struct tempreserve *tr; | |
1364 | ||
79c76d5b | 1365 | tr = kmem_zalloc(sizeof (struct tempreserve), KM_SLEEP); |
34dc7c2f BB |
1366 | tr->tr_size = lsize; |
1367 | list_insert_tail(tr_list, tr); | |
34dc7c2f BB |
1368 | } else { |
1369 | if (err == EAGAIN) { | |
e8b96c60 MA |
1370 | /* |
1371 | * If arc_memory_throttle() detected that pageout | |
1372 | * is running and we are low on memory, we delay new | |
1373 | * non-pageout transactions to give pageout an | |
1374 | * advantage. | |
1375 | * | |
1376 | * It is unfortunate to be delaying while the caller's | |
1377 | * locks are held. | |
1378 | */ | |
63fd3c6c AL |
1379 | txg_delay(dd->dd_pool, tx->tx_txg, |
1380 | MSEC2NSEC(10), MSEC2NSEC(10)); | |
2e528b49 | 1381 | err = SET_ERROR(ERESTART); |
34dc7c2f | 1382 | } |
34dc7c2f BB |
1383 | } |
1384 | ||
1385 | if (err == 0) { | |
3ec3bc21 BB |
1386 | err = dsl_dir_tempreserve_impl(dd, asize, netfree, |
1387 | B_FALSE, tr_list, tx, B_TRUE); | |
34dc7c2f BB |
1388 | } |
1389 | ||
13fe0198 | 1390 | if (err != 0) |
34dc7c2f BB |
1391 | dsl_dir_tempreserve_clear(tr_list, tx); |
1392 | else | |
1393 | *tr_cookiep = tr_list; | |
1394 | ||
1395 | return (err); | |
1396 | } | |
1397 | ||
1398 | /* | |
1399 | * Clear a temporary reservation that we previously made with | |
1400 | * dsl_dir_tempreserve_space(). | |
1401 | */ | |
1402 | void | |
1403 | dsl_dir_tempreserve_clear(void *tr_cookie, dmu_tx_t *tx) | |
1404 | { | |
1405 | int txgidx = tx->tx_txg & TXG_MASK; | |
1406 | list_t *tr_list = tr_cookie; | |
1407 | struct tempreserve *tr; | |
1408 | ||
1409 | ASSERT3U(tx->tx_txg, !=, 0); | |
1410 | ||
1411 | if (tr_cookie == NULL) | |
1412 | return; | |
1413 | ||
e8b96c60 MA |
1414 | while ((tr = list_head(tr_list)) != NULL) { |
1415 | if (tr->tr_ds) { | |
34dc7c2f BB |
1416 | mutex_enter(&tr->tr_ds->dd_lock); |
1417 | ASSERT3U(tr->tr_ds->dd_tempreserved[txgidx], >=, | |
1418 | tr->tr_size); | |
1419 | tr->tr_ds->dd_tempreserved[txgidx] -= tr->tr_size; | |
1420 | mutex_exit(&tr->tr_ds->dd_lock); | |
1421 | } else { | |
1422 | arc_tempreserve_clear(tr->tr_size); | |
1423 | } | |
1424 | list_remove(tr_list, tr); | |
1425 | kmem_free(tr, sizeof (struct tempreserve)); | |
1426 | } | |
1427 | ||
1428 | kmem_free(tr_list, sizeof (list_t)); | |
1429 | } | |
1430 | ||
e8b96c60 MA |
1431 | /* |
1432 | * This should be called from open context when we think we're going to write | |
1433 | * or free space, for example when dirtying data. Be conservative; it's okay | |
1434 | * to write less space or free more, but we don't want to write more or free | |
1435 | * less than the amount specified. | |
1ba16159 AB |
1436 | * |
1437 | * NOTE: The behavior of this function is identical to the Illumos / FreeBSD | |
1438 | * version however it has been adjusted to use an iterative rather then | |
1439 | * recursive algorithm to minimize stack usage. | |
e8b96c60 MA |
1440 | */ |
1441 | void | |
1442 | dsl_dir_willuse_space(dsl_dir_t *dd, int64_t space, dmu_tx_t *tx) | |
34dc7c2f BB |
1443 | { |
1444 | int64_t parent_space; | |
1445 | uint64_t est_used; | |
1446 | ||
1ba16159 AB |
1447 | do { |
1448 | mutex_enter(&dd->dd_lock); | |
1449 | if (space > 0) | |
1450 | dd->dd_space_towrite[tx->tx_txg & TXG_MASK] += space; | |
34dc7c2f | 1451 | |
1ba16159 | 1452 | est_used = dsl_dir_space_towrite(dd) + |
d683ddbb | 1453 | dsl_dir_phys(dd)->dd_used_bytes; |
1ba16159 AB |
1454 | parent_space = parent_delta(dd, est_used, space); |
1455 | mutex_exit(&dd->dd_lock); | |
34dc7c2f | 1456 | |
1ba16159 AB |
1457 | /* Make sure that we clean up dd_space_to* */ |
1458 | dsl_dir_dirty(dd, tx); | |
34dc7c2f | 1459 | |
1ba16159 AB |
1460 | dd = dd->dd_parent; |
1461 | space = parent_space; | |
1462 | } while (space && dd); | |
34dc7c2f BB |
1463 | } |
1464 | ||
1465 | /* call from syncing context when we actually write/free space for this dd */ | |
1466 | void | |
b128c09f | 1467 | dsl_dir_diduse_space(dsl_dir_t *dd, dd_used_t type, |
34dc7c2f BB |
1468 | int64_t used, int64_t compressed, int64_t uncompressed, dmu_tx_t *tx) |
1469 | { | |
1470 | int64_t accounted_delta; | |
a169a625 MA |
1471 | |
1472 | /* | |
1473 | * dsl_dataset_set_refreservation_sync_impl() calls this with | |
1474 | * dd_lock held, so that it can atomically update | |
1475 | * ds->ds_reserved and the dsl_dir accounting, so that | |
1476 | * dsl_dataset_check_quota() can see dataset and dir accounting | |
1477 | * consistently. | |
1478 | */ | |
b128c09f | 1479 | boolean_t needlock = !MUTEX_HELD(&dd->dd_lock); |
34dc7c2f BB |
1480 | |
1481 | ASSERT(dmu_tx_is_syncing(tx)); | |
b128c09f | 1482 | ASSERT(type < DD_USED_NUM); |
34dc7c2f | 1483 | |
a169a625 MA |
1484 | dmu_buf_will_dirty(dd->dd_dbuf, tx); |
1485 | ||
b128c09f BB |
1486 | if (needlock) |
1487 | mutex_enter(&dd->dd_lock); | |
d683ddbb JG |
1488 | accounted_delta = |
1489 | parent_delta(dd, dsl_dir_phys(dd)->dd_used_bytes, used); | |
1490 | ASSERT(used >= 0 || dsl_dir_phys(dd)->dd_used_bytes >= -used); | |
34dc7c2f | 1491 | ASSERT(compressed >= 0 || |
d683ddbb | 1492 | dsl_dir_phys(dd)->dd_compressed_bytes >= -compressed); |
34dc7c2f | 1493 | ASSERT(uncompressed >= 0 || |
d683ddbb JG |
1494 | dsl_dir_phys(dd)->dd_uncompressed_bytes >= -uncompressed); |
1495 | dsl_dir_phys(dd)->dd_used_bytes += used; | |
1496 | dsl_dir_phys(dd)->dd_uncompressed_bytes += uncompressed; | |
1497 | dsl_dir_phys(dd)->dd_compressed_bytes += compressed; | |
b128c09f | 1498 | |
d683ddbb | 1499 | if (dsl_dir_phys(dd)->dd_flags & DD_FLAG_USED_BREAKDOWN) { |
b128c09f | 1500 | ASSERT(used > 0 || |
d683ddbb JG |
1501 | dsl_dir_phys(dd)->dd_used_breakdown[type] >= -used); |
1502 | dsl_dir_phys(dd)->dd_used_breakdown[type] += used; | |
b128c09f | 1503 | #ifdef DEBUG |
d6320ddb BB |
1504 | { |
1505 | dd_used_t t; | |
1506 | uint64_t u = 0; | |
1507 | for (t = 0; t < DD_USED_NUM; t++) | |
d683ddbb JG |
1508 | u += dsl_dir_phys(dd)->dd_used_breakdown[t]; |
1509 | ASSERT3U(u, ==, dsl_dir_phys(dd)->dd_used_bytes); | |
d6320ddb | 1510 | } |
b128c09f BB |
1511 | #endif |
1512 | } | |
1513 | if (needlock) | |
1514 | mutex_exit(&dd->dd_lock); | |
34dc7c2f BB |
1515 | |
1516 | if (dd->dd_parent != NULL) { | |
b128c09f | 1517 | dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD, |
34dc7c2f | 1518 | accounted_delta, compressed, uncompressed, tx); |
b128c09f BB |
1519 | dsl_dir_transfer_space(dd->dd_parent, |
1520 | used - accounted_delta, | |
1521 | DD_USED_CHILD_RSRV, DD_USED_CHILD, tx); | |
34dc7c2f BB |
1522 | } |
1523 | } | |
1524 | ||
b128c09f BB |
1525 | void |
1526 | dsl_dir_transfer_space(dsl_dir_t *dd, int64_t delta, | |
1527 | dd_used_t oldtype, dd_used_t newtype, dmu_tx_t *tx) | |
1528 | { | |
b128c09f BB |
1529 | ASSERT(dmu_tx_is_syncing(tx)); |
1530 | ASSERT(oldtype < DD_USED_NUM); | |
1531 | ASSERT(newtype < DD_USED_NUM); | |
1532 | ||
d683ddbb JG |
1533 | if (delta == 0 || |
1534 | !(dsl_dir_phys(dd)->dd_flags & DD_FLAG_USED_BREAKDOWN)) | |
b128c09f BB |
1535 | return; |
1536 | ||
a169a625 MA |
1537 | dmu_buf_will_dirty(dd->dd_dbuf, tx); |
1538 | mutex_enter(&dd->dd_lock); | |
b128c09f | 1539 | ASSERT(delta > 0 ? |
d683ddbb JG |
1540 | dsl_dir_phys(dd)->dd_used_breakdown[oldtype] >= delta : |
1541 | dsl_dir_phys(dd)->dd_used_breakdown[newtype] >= -delta); | |
1542 | ASSERT(dsl_dir_phys(dd)->dd_used_bytes >= ABS(delta)); | |
1543 | dsl_dir_phys(dd)->dd_used_breakdown[oldtype] -= delta; | |
1544 | dsl_dir_phys(dd)->dd_used_breakdown[newtype] += delta; | |
a169a625 | 1545 | mutex_exit(&dd->dd_lock); |
b128c09f BB |
1546 | } |
1547 | ||
13fe0198 MA |
1548 | typedef struct dsl_dir_set_qr_arg { |
1549 | const char *ddsqra_name; | |
1550 | zprop_source_t ddsqra_source; | |
1551 | uint64_t ddsqra_value; | |
1552 | } dsl_dir_set_qr_arg_t; | |
1553 | ||
34dc7c2f | 1554 | static int |
13fe0198 | 1555 | dsl_dir_set_quota_check(void *arg, dmu_tx_t *tx) |
34dc7c2f | 1556 | { |
13fe0198 MA |
1557 | dsl_dir_set_qr_arg_t *ddsqra = arg; |
1558 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1559 | dsl_dataset_t *ds; | |
1560 | int error; | |
1561 | uint64_t towrite, newval; | |
34dc7c2f | 1562 | |
13fe0198 MA |
1563 | error = dsl_dataset_hold(dp, ddsqra->ddsqra_name, FTAG, &ds); |
1564 | if (error != 0) | |
1565 | return (error); | |
1566 | ||
1567 | error = dsl_prop_predict(ds->ds_dir, "quota", | |
1568 | ddsqra->ddsqra_source, ddsqra->ddsqra_value, &newval); | |
1569 | if (error != 0) { | |
1570 | dsl_dataset_rele(ds, FTAG); | |
1571 | return (error); | |
1572 | } | |
428870ff | 1573 | |
13fe0198 MA |
1574 | if (newval == 0) { |
1575 | dsl_dataset_rele(ds, FTAG); | |
34dc7c2f | 1576 | return (0); |
13fe0198 | 1577 | } |
34dc7c2f | 1578 | |
13fe0198 | 1579 | mutex_enter(&ds->ds_dir->dd_lock); |
34dc7c2f BB |
1580 | /* |
1581 | * If we are doing the preliminary check in open context, and | |
1582 | * there are pending changes, then don't fail it, since the | |
1583 | * pending changes could under-estimate the amount of space to be | |
1584 | * freed up. | |
1585 | */ | |
13fe0198 | 1586 | towrite = dsl_dir_space_towrite(ds->ds_dir); |
34dc7c2f | 1587 | if ((dmu_tx_is_syncing(tx) || towrite == 0) && |
d683ddbb JG |
1588 | (newval < dsl_dir_phys(ds->ds_dir)->dd_reserved || |
1589 | newval < dsl_dir_phys(ds->ds_dir)->dd_used_bytes + towrite)) { | |
2e528b49 | 1590 | error = SET_ERROR(ENOSPC); |
34dc7c2f | 1591 | } |
13fe0198 MA |
1592 | mutex_exit(&ds->ds_dir->dd_lock); |
1593 | dsl_dataset_rele(ds, FTAG); | |
1594 | return (error); | |
34dc7c2f BB |
1595 | } |
1596 | ||
34dc7c2f | 1597 | static void |
13fe0198 | 1598 | dsl_dir_set_quota_sync(void *arg, dmu_tx_t *tx) |
34dc7c2f | 1599 | { |
13fe0198 MA |
1600 | dsl_dir_set_qr_arg_t *ddsqra = arg; |
1601 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1602 | dsl_dataset_t *ds; | |
1603 | uint64_t newval; | |
428870ff | 1604 | |
13fe0198 | 1605 | VERIFY0(dsl_dataset_hold(dp, ddsqra->ddsqra_name, FTAG, &ds)); |
34dc7c2f | 1606 | |
b1118acb MM |
1607 | if (spa_version(dp->dp_spa) >= SPA_VERSION_RECVD_PROPS) { |
1608 | dsl_prop_set_sync_impl(ds, zfs_prop_to_name(ZFS_PROP_QUOTA), | |
1609 | ddsqra->ddsqra_source, sizeof (ddsqra->ddsqra_value), 1, | |
1610 | &ddsqra->ddsqra_value, tx); | |
34dc7c2f | 1611 | |
b1118acb MM |
1612 | VERIFY0(dsl_prop_get_int_ds(ds, |
1613 | zfs_prop_to_name(ZFS_PROP_QUOTA), &newval)); | |
1614 | } else { | |
1615 | newval = ddsqra->ddsqra_value; | |
1616 | spa_history_log_internal_ds(ds, "set", tx, "%s=%lld", | |
1617 | zfs_prop_to_name(ZFS_PROP_QUOTA), (longlong_t)newval); | |
1618 | } | |
6f1ffb06 | 1619 | |
13fe0198 MA |
1620 | dmu_buf_will_dirty(ds->ds_dir->dd_dbuf, tx); |
1621 | mutex_enter(&ds->ds_dir->dd_lock); | |
d683ddbb | 1622 | dsl_dir_phys(ds->ds_dir)->dd_quota = newval; |
13fe0198 MA |
1623 | mutex_exit(&ds->ds_dir->dd_lock); |
1624 | dsl_dataset_rele(ds, FTAG); | |
34dc7c2f BB |
1625 | } |
1626 | ||
1627 | int | |
428870ff | 1628 | dsl_dir_set_quota(const char *ddname, zprop_source_t source, uint64_t quota) |
34dc7c2f | 1629 | { |
13fe0198 | 1630 | dsl_dir_set_qr_arg_t ddsqra; |
428870ff | 1631 | |
13fe0198 MA |
1632 | ddsqra.ddsqra_name = ddname; |
1633 | ddsqra.ddsqra_source = source; | |
1634 | ddsqra.ddsqra_value = quota; | |
428870ff | 1635 | |
13fe0198 | 1636 | return (dsl_sync_task(ddname, dsl_dir_set_quota_check, |
3d45fdd6 | 1637 | dsl_dir_set_quota_sync, &ddsqra, 0, ZFS_SPACE_CHECK_NONE)); |
34dc7c2f BB |
1638 | } |
1639 | ||
1640 | int | |
13fe0198 | 1641 | dsl_dir_set_reservation_check(void *arg, dmu_tx_t *tx) |
34dc7c2f | 1642 | { |
13fe0198 MA |
1643 | dsl_dir_set_qr_arg_t *ddsqra = arg; |
1644 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1645 | dsl_dataset_t *ds; | |
1646 | dsl_dir_t *dd; | |
1647 | uint64_t newval, used, avail; | |
1648 | int error; | |
428870ff | 1649 | |
13fe0198 MA |
1650 | error = dsl_dataset_hold(dp, ddsqra->ddsqra_name, FTAG, &ds); |
1651 | if (error != 0) | |
1652 | return (error); | |
1653 | dd = ds->ds_dir; | |
34dc7c2f BB |
1654 | |
1655 | /* | |
1656 | * If we are doing the preliminary check in open context, the | |
1657 | * space estimates may be inaccurate. | |
1658 | */ | |
13fe0198 MA |
1659 | if (!dmu_tx_is_syncing(tx)) { |
1660 | dsl_dataset_rele(ds, FTAG); | |
34dc7c2f | 1661 | return (0); |
13fe0198 MA |
1662 | } |
1663 | ||
1664 | error = dsl_prop_predict(ds->ds_dir, | |
1665 | zfs_prop_to_name(ZFS_PROP_RESERVATION), | |
1666 | ddsqra->ddsqra_source, ddsqra->ddsqra_value, &newval); | |
1667 | if (error != 0) { | |
1668 | dsl_dataset_rele(ds, FTAG); | |
1669 | return (error); | |
1670 | } | |
34dc7c2f BB |
1671 | |
1672 | mutex_enter(&dd->dd_lock); | |
d683ddbb | 1673 | used = dsl_dir_phys(dd)->dd_used_bytes; |
34dc7c2f BB |
1674 | mutex_exit(&dd->dd_lock); |
1675 | ||
1676 | if (dd->dd_parent) { | |
1677 | avail = dsl_dir_space_available(dd->dd_parent, | |
1678 | NULL, 0, FALSE); | |
1679 | } else { | |
1680 | avail = dsl_pool_adjustedsize(dd->dd_pool, B_FALSE) - used; | |
1681 | } | |
1682 | ||
d683ddbb | 1683 | if (MAX(used, newval) > MAX(used, dsl_dir_phys(dd)->dd_reserved)) { |
13fe0198 | 1684 | uint64_t delta = MAX(used, newval) - |
d683ddbb | 1685 | MAX(used, dsl_dir_phys(dd)->dd_reserved); |
d164b209 | 1686 | |
13fe0198 | 1687 | if (delta > avail || |
d683ddbb JG |
1688 | (dsl_dir_phys(dd)->dd_quota > 0 && |
1689 | newval > dsl_dir_phys(dd)->dd_quota)) | |
2e528b49 | 1690 | error = SET_ERROR(ENOSPC); |
d164b209 BB |
1691 | } |
1692 | ||
13fe0198 MA |
1693 | dsl_dataset_rele(ds, FTAG); |
1694 | return (error); | |
34dc7c2f BB |
1695 | } |
1696 | ||
13fe0198 | 1697 | void |
6f1ffb06 | 1698 | dsl_dir_set_reservation_sync_impl(dsl_dir_t *dd, uint64_t value, dmu_tx_t *tx) |
34dc7c2f | 1699 | { |
34dc7c2f BB |
1700 | uint64_t used; |
1701 | int64_t delta; | |
1702 | ||
1703 | dmu_buf_will_dirty(dd->dd_dbuf, tx); | |
1704 | ||
1705 | mutex_enter(&dd->dd_lock); | |
d683ddbb JG |
1706 | used = dsl_dir_phys(dd)->dd_used_bytes; |
1707 | delta = MAX(used, value) - MAX(used, dsl_dir_phys(dd)->dd_reserved); | |
1708 | dsl_dir_phys(dd)->dd_reserved = value; | |
34dc7c2f BB |
1709 | |
1710 | if (dd->dd_parent != NULL) { | |
1711 | /* Roll up this additional usage into our ancestors */ | |
b128c09f BB |
1712 | dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD_RSRV, |
1713 | delta, 0, 0, tx); | |
34dc7c2f | 1714 | } |
b128c09f | 1715 | mutex_exit(&dd->dd_lock); |
34dc7c2f BB |
1716 | } |
1717 | ||
6f1ffb06 | 1718 | static void |
13fe0198 | 1719 | dsl_dir_set_reservation_sync(void *arg, dmu_tx_t *tx) |
6f1ffb06 | 1720 | { |
13fe0198 MA |
1721 | dsl_dir_set_qr_arg_t *ddsqra = arg; |
1722 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1723 | dsl_dataset_t *ds; | |
1724 | uint64_t newval; | |
6f1ffb06 | 1725 | |
13fe0198 MA |
1726 | VERIFY0(dsl_dataset_hold(dp, ddsqra->ddsqra_name, FTAG, &ds)); |
1727 | ||
b1118acb MM |
1728 | if (spa_version(dp->dp_spa) >= SPA_VERSION_RECVD_PROPS) { |
1729 | dsl_prop_set_sync_impl(ds, | |
1730 | zfs_prop_to_name(ZFS_PROP_RESERVATION), | |
1731 | ddsqra->ddsqra_source, sizeof (ddsqra->ddsqra_value), 1, | |
1732 | &ddsqra->ddsqra_value, tx); | |
d1d7e268 | 1733 | |
b1118acb MM |
1734 | VERIFY0(dsl_prop_get_int_ds(ds, |
1735 | zfs_prop_to_name(ZFS_PROP_RESERVATION), &newval)); | |
1736 | } else { | |
1737 | newval = ddsqra->ddsqra_value; | |
1738 | spa_history_log_internal_ds(ds, "set", tx, "%s=%lld", | |
1739 | zfs_prop_to_name(ZFS_PROP_RESERVATION), | |
1740 | (longlong_t)newval); | |
1741 | } | |
1742 | ||
13fe0198 MA |
1743 | dsl_dir_set_reservation_sync_impl(ds->ds_dir, newval, tx); |
1744 | dsl_dataset_rele(ds, FTAG); | |
d1d7e268 | 1745 | } |
6f1ffb06 | 1746 | |
34dc7c2f | 1747 | int |
428870ff BB |
1748 | dsl_dir_set_reservation(const char *ddname, zprop_source_t source, |
1749 | uint64_t reservation) | |
34dc7c2f | 1750 | { |
13fe0198 | 1751 | dsl_dir_set_qr_arg_t ddsqra; |
428870ff | 1752 | |
13fe0198 MA |
1753 | ddsqra.ddsqra_name = ddname; |
1754 | ddsqra.ddsqra_source = source; | |
1755 | ddsqra.ddsqra_value = reservation; | |
428870ff | 1756 | |
13fe0198 | 1757 | return (dsl_sync_task(ddname, dsl_dir_set_reservation_check, |
3d45fdd6 | 1758 | dsl_dir_set_reservation_sync, &ddsqra, 0, ZFS_SPACE_CHECK_NONE)); |
34dc7c2f BB |
1759 | } |
1760 | ||
1761 | static dsl_dir_t * | |
1762 | closest_common_ancestor(dsl_dir_t *ds1, dsl_dir_t *ds2) | |
1763 | { | |
1764 | for (; ds1; ds1 = ds1->dd_parent) { | |
1765 | dsl_dir_t *dd; | |
1766 | for (dd = ds2; dd; dd = dd->dd_parent) { | |
1767 | if (ds1 == dd) | |
1768 | return (dd); | |
1769 | } | |
1770 | } | |
1771 | return (NULL); | |
1772 | } | |
1773 | ||
1774 | /* | |
1775 | * If delta is applied to dd, how much of that delta would be applied to | |
1776 | * ancestor? Syncing context only. | |
1777 | */ | |
1778 | static int64_t | |
1779 | would_change(dsl_dir_t *dd, int64_t delta, dsl_dir_t *ancestor) | |
1780 | { | |
1781 | if (dd == ancestor) | |
1782 | return (delta); | |
1783 | ||
1784 | mutex_enter(&dd->dd_lock); | |
d683ddbb | 1785 | delta = parent_delta(dd, dsl_dir_phys(dd)->dd_used_bytes, delta); |
34dc7c2f BB |
1786 | mutex_exit(&dd->dd_lock); |
1787 | return (would_change(dd->dd_parent, delta, ancestor)); | |
1788 | } | |
1789 | ||
13fe0198 MA |
1790 | typedef struct dsl_dir_rename_arg { |
1791 | const char *ddra_oldname; | |
1792 | const char *ddra_newname; | |
788eb90c | 1793 | cred_t *ddra_cred; |
13fe0198 | 1794 | } dsl_dir_rename_arg_t; |
34dc7c2f | 1795 | |
13fe0198 | 1796 | /* ARGSUSED */ |
34dc7c2f | 1797 | static int |
13fe0198 | 1798 | dsl_valid_rename(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) |
34dc7c2f | 1799 | { |
13fe0198 | 1800 | int *deltap = arg; |
eca7b760 | 1801 | char namebuf[ZFS_MAX_DATASET_NAME_LEN]; |
34dc7c2f | 1802 | |
13fe0198 MA |
1803 | dsl_dataset_name(ds, namebuf); |
1804 | ||
eca7b760 | 1805 | if (strlen(namebuf) + *deltap >= ZFS_MAX_DATASET_NAME_LEN) |
2e528b49 | 1806 | return (SET_ERROR(ENAMETOOLONG)); |
13fe0198 MA |
1807 | return (0); |
1808 | } | |
1809 | ||
1810 | static int | |
1811 | dsl_dir_rename_check(void *arg, dmu_tx_t *tx) | |
1812 | { | |
1813 | dsl_dir_rename_arg_t *ddra = arg; | |
1814 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1815 | dsl_dir_t *dd, *newparent; | |
1816 | const char *mynewname; | |
1817 | int error; | |
1818 | int delta = strlen(ddra->ddra_newname) - strlen(ddra->ddra_oldname); | |
34dc7c2f | 1819 | |
13fe0198 MA |
1820 | /* target dir should exist */ |
1821 | error = dsl_dir_hold(dp, ddra->ddra_oldname, FTAG, &dd, NULL); | |
1822 | if (error != 0) | |
1823 | return (error); | |
1824 | ||
1825 | /* new parent should exist */ | |
1826 | error = dsl_dir_hold(dp, ddra->ddra_newname, FTAG, | |
1827 | &newparent, &mynewname); | |
1828 | if (error != 0) { | |
1829 | dsl_dir_rele(dd, FTAG); | |
1830 | return (error); | |
1831 | } | |
1832 | ||
1833 | /* can't rename to different pool */ | |
1834 | if (dd->dd_pool != newparent->dd_pool) { | |
1835 | dsl_dir_rele(newparent, FTAG); | |
1836 | dsl_dir_rele(dd, FTAG); | |
9063f654 | 1837 | return (SET_ERROR(EXDEV)); |
13fe0198 MA |
1838 | } |
1839 | ||
1840 | /* new name should not already exist */ | |
1841 | if (mynewname == NULL) { | |
1842 | dsl_dir_rele(newparent, FTAG); | |
1843 | dsl_dir_rele(dd, FTAG); | |
2e528b49 | 1844 | return (SET_ERROR(EEXIST)); |
13fe0198 MA |
1845 | } |
1846 | ||
1847 | /* if the name length is growing, validate child name lengths */ | |
1848 | if (delta > 0) { | |
1849 | error = dmu_objset_find_dp(dp, dd->dd_object, dsl_valid_rename, | |
1850 | &delta, DS_FIND_CHILDREN | DS_FIND_SNAPSHOTS); | |
1851 | if (error != 0) { | |
1852 | dsl_dir_rele(newparent, FTAG); | |
1853 | dsl_dir_rele(dd, FTAG); | |
1854 | return (error); | |
1855 | } | |
1856 | } | |
34dc7c2f | 1857 | |
788eb90c | 1858 | if (dmu_tx_is_syncing(tx)) { |
a0c9a17a | 1859 | if (spa_feature_is_active(dp->dp_spa, |
788eb90c JJ |
1860 | SPA_FEATURE_FS_SS_LIMIT)) { |
1861 | /* | |
1862 | * Although this is the check function and we don't | |
1863 | * normally make on-disk changes in check functions, | |
1864 | * we need to do that here. | |
1865 | * | |
1866 | * Ensure this portion of the tree's counts have been | |
1867 | * initialized in case the new parent has limits set. | |
1868 | */ | |
1869 | dsl_dir_init_fs_ss_count(dd, tx); | |
1870 | } | |
1871 | } | |
1872 | ||
13fe0198 | 1873 | if (newparent != dd->dd_parent) { |
34dc7c2f BB |
1874 | /* is there enough space? */ |
1875 | uint64_t myspace = | |
d683ddbb JG |
1876 | MAX(dsl_dir_phys(dd)->dd_used_bytes, |
1877 | dsl_dir_phys(dd)->dd_reserved); | |
788eb90c JJ |
1878 | objset_t *os = dd->dd_pool->dp_meta_objset; |
1879 | uint64_t fs_cnt = 0; | |
1880 | uint64_t ss_cnt = 0; | |
1881 | ||
1882 | if (dsl_dir_is_zapified(dd)) { | |
1883 | int err; | |
1884 | ||
1885 | err = zap_lookup(os, dd->dd_object, | |
1886 | DD_FIELD_FILESYSTEM_COUNT, sizeof (fs_cnt), 1, | |
1887 | &fs_cnt); | |
a0c9a17a JJ |
1888 | if (err != ENOENT && err != 0) { |
1889 | dsl_dir_rele(newparent, FTAG); | |
1890 | dsl_dir_rele(dd, FTAG); | |
788eb90c | 1891 | return (err); |
a0c9a17a | 1892 | } |
788eb90c JJ |
1893 | |
1894 | /* | |
1895 | * have to add 1 for the filesystem itself that we're | |
1896 | * moving | |
1897 | */ | |
1898 | fs_cnt++; | |
1899 | ||
1900 | err = zap_lookup(os, dd->dd_object, | |
1901 | DD_FIELD_SNAPSHOT_COUNT, sizeof (ss_cnt), 1, | |
1902 | &ss_cnt); | |
a0c9a17a JJ |
1903 | if (err != ENOENT && err != 0) { |
1904 | dsl_dir_rele(newparent, FTAG); | |
1905 | dsl_dir_rele(dd, FTAG); | |
788eb90c | 1906 | return (err); |
a0c9a17a | 1907 | } |
788eb90c | 1908 | } |
34dc7c2f | 1909 | |
b5256303 TC |
1910 | /* check for encryption errors */ |
1911 | error = dsl_dir_rename_crypt_check(dd, newparent); | |
1912 | if (error != 0) { | |
1913 | dsl_dir_rele(newparent, FTAG); | |
1914 | dsl_dir_rele(dd, FTAG); | |
1915 | return (SET_ERROR(EACCES)); | |
1916 | } | |
1917 | ||
34dc7c2f | 1918 | /* no rename into our descendant */ |
13fe0198 MA |
1919 | if (closest_common_ancestor(dd, newparent) == dd) { |
1920 | dsl_dir_rele(newparent, FTAG); | |
1921 | dsl_dir_rele(dd, FTAG); | |
2e528b49 | 1922 | return (SET_ERROR(EINVAL)); |
13fe0198 | 1923 | } |
34dc7c2f | 1924 | |
13fe0198 | 1925 | error = dsl_dir_transfer_possible(dd->dd_parent, |
788eb90c | 1926 | newparent, fs_cnt, ss_cnt, myspace, ddra->ddra_cred); |
13fe0198 MA |
1927 | if (error != 0) { |
1928 | dsl_dir_rele(newparent, FTAG); | |
1929 | dsl_dir_rele(dd, FTAG); | |
1930 | return (error); | |
1931 | } | |
34dc7c2f BB |
1932 | } |
1933 | ||
13fe0198 MA |
1934 | dsl_dir_rele(newparent, FTAG); |
1935 | dsl_dir_rele(dd, FTAG); | |
34dc7c2f BB |
1936 | return (0); |
1937 | } | |
1938 | ||
1939 | static void | |
13fe0198 | 1940 | dsl_dir_rename_sync(void *arg, dmu_tx_t *tx) |
34dc7c2f | 1941 | { |
13fe0198 MA |
1942 | dsl_dir_rename_arg_t *ddra = arg; |
1943 | dsl_pool_t *dp = dmu_tx_pool(tx); | |
1944 | dsl_dir_t *dd, *newparent; | |
1945 | const char *mynewname; | |
1946 | int error; | |
34dc7c2f | 1947 | objset_t *mos = dp->dp_meta_objset; |
34dc7c2f | 1948 | |
13fe0198 MA |
1949 | VERIFY0(dsl_dir_hold(dp, ddra->ddra_oldname, FTAG, &dd, NULL)); |
1950 | VERIFY0(dsl_dir_hold(dp, ddra->ddra_newname, FTAG, &newparent, | |
1951 | &mynewname)); | |
34dc7c2f | 1952 | |
6f1ffb06 | 1953 | /* Log this before we change the name. */ |
6f1ffb06 | 1954 | spa_history_log_internal_dd(dd, "rename", tx, |
13fe0198 | 1955 | "-> %s", ddra->ddra_newname); |
6f1ffb06 | 1956 | |
13fe0198 | 1957 | if (newparent != dd->dd_parent) { |
788eb90c JJ |
1958 | objset_t *os = dd->dd_pool->dp_meta_objset; |
1959 | uint64_t fs_cnt = 0; | |
1960 | uint64_t ss_cnt = 0; | |
1961 | ||
1962 | /* | |
1963 | * We already made sure the dd counts were initialized in the | |
1964 | * check function. | |
1965 | */ | |
a0c9a17a | 1966 | if (spa_feature_is_active(dp->dp_spa, |
788eb90c JJ |
1967 | SPA_FEATURE_FS_SS_LIMIT)) { |
1968 | VERIFY0(zap_lookup(os, dd->dd_object, | |
1969 | DD_FIELD_FILESYSTEM_COUNT, sizeof (fs_cnt), 1, | |
1970 | &fs_cnt)); | |
1971 | /* add 1 for the filesystem itself that we're moving */ | |
1972 | fs_cnt++; | |
1973 | ||
1974 | VERIFY0(zap_lookup(os, dd->dd_object, | |
1975 | DD_FIELD_SNAPSHOT_COUNT, sizeof (ss_cnt), 1, | |
1976 | &ss_cnt)); | |
1977 | } | |
1978 | ||
1979 | dsl_fs_ss_count_adjust(dd->dd_parent, -fs_cnt, | |
1980 | DD_FIELD_FILESYSTEM_COUNT, tx); | |
1981 | dsl_fs_ss_count_adjust(newparent, fs_cnt, | |
1982 | DD_FIELD_FILESYSTEM_COUNT, tx); | |
1983 | ||
1984 | dsl_fs_ss_count_adjust(dd->dd_parent, -ss_cnt, | |
1985 | DD_FIELD_SNAPSHOT_COUNT, tx); | |
1986 | dsl_fs_ss_count_adjust(newparent, ss_cnt, | |
1987 | DD_FIELD_SNAPSHOT_COUNT, tx); | |
1988 | ||
b128c09f | 1989 | dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD, |
d683ddbb JG |
1990 | -dsl_dir_phys(dd)->dd_used_bytes, |
1991 | -dsl_dir_phys(dd)->dd_compressed_bytes, | |
1992 | -dsl_dir_phys(dd)->dd_uncompressed_bytes, tx); | |
13fe0198 | 1993 | dsl_dir_diduse_space(newparent, DD_USED_CHILD, |
d683ddbb JG |
1994 | dsl_dir_phys(dd)->dd_used_bytes, |
1995 | dsl_dir_phys(dd)->dd_compressed_bytes, | |
1996 | dsl_dir_phys(dd)->dd_uncompressed_bytes, tx); | |
b128c09f | 1997 | |
d683ddbb JG |
1998 | if (dsl_dir_phys(dd)->dd_reserved > |
1999 | dsl_dir_phys(dd)->dd_used_bytes) { | |
2000 | uint64_t unused_rsrv = dsl_dir_phys(dd)->dd_reserved - | |
2001 | dsl_dir_phys(dd)->dd_used_bytes; | |
b128c09f BB |
2002 | |
2003 | dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD_RSRV, | |
2004 | -unused_rsrv, 0, 0, tx); | |
13fe0198 | 2005 | dsl_dir_diduse_space(newparent, DD_USED_CHILD_RSRV, |
b128c09f BB |
2006 | unused_rsrv, 0, 0, tx); |
2007 | } | |
34dc7c2f BB |
2008 | } |
2009 | ||
2010 | dmu_buf_will_dirty(dd->dd_dbuf, tx); | |
2011 | ||
2012 | /* remove from old parent zapobj */ | |
d683ddbb JG |
2013 | error = zap_remove(mos, |
2014 | dsl_dir_phys(dd->dd_parent)->dd_child_dir_zapobj, | |
34dc7c2f | 2015 | dd->dd_myname, tx); |
13fe0198 | 2016 | ASSERT0(error); |
34dc7c2f | 2017 | |
c9d61adb | 2018 | (void) strlcpy(dd->dd_myname, mynewname, |
2019 | sizeof (dd->dd_myname)); | |
13fe0198 | 2020 | dsl_dir_rele(dd->dd_parent, dd); |
d683ddbb | 2021 | dsl_dir_phys(dd)->dd_parent_obj = newparent->dd_object; |
13fe0198 MA |
2022 | VERIFY0(dsl_dir_hold_obj(dp, |
2023 | newparent->dd_object, NULL, dd, &dd->dd_parent)); | |
34dc7c2f BB |
2024 | |
2025 | /* add to new parent zapobj */ | |
d683ddbb | 2026 | VERIFY0(zap_add(mos, dsl_dir_phys(newparent)->dd_child_dir_zapobj, |
13fe0198 MA |
2027 | dd->dd_myname, 8, 1, &dd->dd_object, tx)); |
2028 | ||
a0bd735a BP |
2029 | zvol_rename_minors(dp->dp_spa, ddra->ddra_oldname, |
2030 | ddra->ddra_newname, B_TRUE); | |
ba6a2402 | 2031 | |
13fe0198 | 2032 | dsl_prop_notify_all(dd); |
34dc7c2f | 2033 | |
13fe0198 MA |
2034 | dsl_dir_rele(newparent, FTAG); |
2035 | dsl_dir_rele(dd, FTAG); | |
34dc7c2f BB |
2036 | } |
2037 | ||
2038 | int | |
13fe0198 | 2039 | dsl_dir_rename(const char *oldname, const char *newname) |
34dc7c2f | 2040 | { |
13fe0198 | 2041 | dsl_dir_rename_arg_t ddra; |
34dc7c2f | 2042 | |
13fe0198 MA |
2043 | ddra.ddra_oldname = oldname; |
2044 | ddra.ddra_newname = newname; | |
788eb90c | 2045 | ddra.ddra_cred = CRED(); |
34dc7c2f | 2046 | |
13fe0198 | 2047 | return (dsl_sync_task(oldname, |
3d45fdd6 MA |
2048 | dsl_dir_rename_check, dsl_dir_rename_sync, &ddra, |
2049 | 3, ZFS_SPACE_CHECK_RESERVED)); | |
34dc7c2f BB |
2050 | } |
2051 | ||
2052 | int | |
788eb90c JJ |
2053 | dsl_dir_transfer_possible(dsl_dir_t *sdd, dsl_dir_t *tdd, |
2054 | uint64_t fs_cnt, uint64_t ss_cnt, uint64_t space, cred_t *cr) | |
34dc7c2f BB |
2055 | { |
2056 | dsl_dir_t *ancestor; | |
2057 | int64_t adelta; | |
2058 | uint64_t avail; | |
788eb90c | 2059 | int err; |
34dc7c2f BB |
2060 | |
2061 | ancestor = closest_common_ancestor(sdd, tdd); | |
2062 | adelta = would_change(sdd, -space, ancestor); | |
2063 | avail = dsl_dir_space_available(tdd, ancestor, adelta, FALSE); | |
2064 | if (avail < space) | |
2e528b49 | 2065 | return (SET_ERROR(ENOSPC)); |
34dc7c2f | 2066 | |
788eb90c JJ |
2067 | err = dsl_fs_ss_limit_check(tdd, fs_cnt, ZFS_PROP_FILESYSTEM_LIMIT, |
2068 | ancestor, cr); | |
2069 | if (err != 0) | |
2070 | return (err); | |
2071 | err = dsl_fs_ss_limit_check(tdd, ss_cnt, ZFS_PROP_SNAPSHOT_LIMIT, | |
2072 | ancestor, cr); | |
2073 | if (err != 0) | |
2074 | return (err); | |
2075 | ||
34dc7c2f BB |
2076 | return (0); |
2077 | } | |
428870ff BB |
2078 | |
2079 | timestruc_t | |
2080 | dsl_dir_snap_cmtime(dsl_dir_t *dd) | |
2081 | { | |
2082 | timestruc_t t; | |
2083 | ||
2084 | mutex_enter(&dd->dd_lock); | |
2085 | t = dd->dd_snap_cmtime; | |
2086 | mutex_exit(&dd->dd_lock); | |
2087 | ||
2088 | return (t); | |
2089 | } | |
2090 | ||
2091 | void | |
2092 | dsl_dir_snap_cmtime_update(dsl_dir_t *dd) | |
2093 | { | |
2094 | timestruc_t t; | |
2095 | ||
2096 | gethrestime(&t); | |
2097 | mutex_enter(&dd->dd_lock); | |
2098 | dd->dd_snap_cmtime = t; | |
2099 | mutex_exit(&dd->dd_lock); | |
2100 | } | |
c28b2279 | 2101 | |
fa86b5db MA |
2102 | void |
2103 | dsl_dir_zapify(dsl_dir_t *dd, dmu_tx_t *tx) | |
2104 | { | |
2105 | objset_t *mos = dd->dd_pool->dp_meta_objset; | |
2106 | dmu_object_zapify(mos, dd->dd_object, DMU_OT_DSL_DIR, tx); | |
2107 | } | |
2108 | ||
788eb90c JJ |
2109 | boolean_t |
2110 | dsl_dir_is_zapified(dsl_dir_t *dd) | |
2111 | { | |
2112 | dmu_object_info_t doi; | |
2113 | ||
2114 | dmu_object_info_from_db(dd->dd_dbuf, &doi); | |
2115 | return (doi.doi_type == DMU_OTN_ZAP_METADATA); | |
2116 | } | |
2117 | ||
c28b2279 BB |
2118 | #if defined(_KERNEL) && defined(HAVE_SPL) |
2119 | EXPORT_SYMBOL(dsl_dir_set_quota); | |
2120 | EXPORT_SYMBOL(dsl_dir_set_reservation); | |
c28b2279 | 2121 | #endif |