10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2011, 2017 by Delphix. All rights reserved.
24 * Copyright (c) 2013 Steven Hartland. All rights reserved.
25 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
26 * Copyright (c) 2014 Integros [integros.com]
27 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
28 */
29
30 #include <sys/dsl_pool.h>
31 #include <sys/dsl_dataset.h>
32 #include <sys/dsl_prop.h>
33 #include <sys/dsl_dir.h>
34 #include <sys/dsl_synctask.h>
35 #include <sys/dsl_scan.h>
36 #include <sys/dnode.h>
37 #include <sys/dmu_tx.h>
38 #include <sys/dmu_objset.h>
39 #include <sys/arc.h>
40 #include <sys/zap.h>
41 #include <sys/zio.h>
42 #include <sys/zfs_context.h>
43 #include <sys/fs/zfs.h>
44 #include <sys/zfs_znode.h>
45 #include <sys/spa_impl.h>
46 #include <sys/dsl_deadlist.h>
47 #include <sys/bptree.h>
48 #include <sys/zfeature.h>
49 #include <sys/zil_impl.h>
50 #include <sys/dsl_userhold.h>
51
52 /*
53 * ZFS Write Throttle
54 * ------------------
55 *
56 * ZFS must limit the rate of incoming writes to the rate at which it is able
57 * to sync data modifications to the backend storage. Throttling by too much
58 * creates an artificial limit; throttling by too little can only be sustained
59 * for short periods and would lead to highly lumpy performance. On a per-pool
60 * basis, ZFS tracks the amount of modified (dirty) data. As operations change
61 * data, the amount of dirty data increases; as ZFS syncs out data, the amount
62 * of dirty data decreases. When the amount of dirty data exceeds a
63 * predetermined threshold further modifications are blocked until the amount
64 * of dirty data decreases (as data is synced out).
65 *
66 * The limit on dirty data is tunable, and should be adjusted according to
67 * both the IO capacity and available memory of the system. The larger the
68 * window, the more ZFS is able to aggregate and amortize metadata (and data)
69 * changes. However, memory is a limited resource, and allowing for more dirty
70 * data comes at the cost of keeping other useful data in memory (for example
71 * ZFS data cached by the ARC).
145 * taskq used by zil_clean(); they determine the number of taskq entries
146 * that are pre-populated when the taskq is first created (via the
147 * "zfs_zil_clean_taskq_minalloc" tunable) and the maximum number of
148 * taskq entries that are cached after an on-demand allocation (via the
149 * "zfs_zil_clean_taskq_maxalloc").
150 *
151 * The idea being, we want to try reasonably hard to ensure there will
152 * already be a taskq entry pre-allocated by the time that it is needed
153 * by zil_clean(). This way, we can avoid the possibility of an
154 * on-demand allocation of a new taskq entry from failing, which would
155 * result in zil_itxg_clean() being called synchronously from zil_clean()
156 * (which can adversely affect performance of spa_sync()).
157 *
158 * Additionally, the number of threads used by the taskq can be
159 * configured via the "zfs_zil_clean_taskq_nthr_pct" tunable.
160 */
161 int zfs_zil_clean_taskq_nthr_pct = 100;
162 int zfs_zil_clean_taskq_minalloc = 1024;
163 int zfs_zil_clean_taskq_maxalloc = 1024 * 1024;
164
165 int
166 dsl_pool_open_special_dir(dsl_pool_t *dp, const char *name, dsl_dir_t **ddp)
167 {
168 uint64_t obj;
169 int err;
170
171 err = zap_lookup(dp->dp_meta_objset,
172 dsl_dir_phys(dp->dp_root_dir)->dd_child_dir_zapobj,
173 name, sizeof (obj), 1, &obj);
174 if (err)
175 return (err);
176
177 return (dsl_dir_hold_obj(dp, obj, name, dp, ddp));
178 }
179
180 static dsl_pool_t *
181 dsl_pool_open_impl(spa_t *spa, uint64_t txg)
182 {
183 dsl_pool_t *dp;
184 blkptr_t *bp = spa_get_rootblkptr(spa);
185
186 dp = kmem_zalloc(sizeof (dsl_pool_t), KM_SLEEP);
187 dp->dp_spa = spa;
188 dp->dp_meta_rootbp = *bp;
189 rrw_init(&dp->dp_config_rwlock, B_TRUE);
190 txg_init(dp, txg);
191
192 txg_list_create(&dp->dp_dirty_datasets, spa,
193 offsetof(dsl_dataset_t, ds_dirty_link));
194 txg_list_create(&dp->dp_dirty_zilogs, spa,
195 offsetof(zilog_t, zl_dirty_link));
196 txg_list_create(&dp->dp_dirty_dirs, spa,
197 offsetof(dsl_dir_t, dd_dirty_link));
198 txg_list_create(&dp->dp_sync_tasks, spa,
199 offsetof(dsl_sync_task_t, dst_node));
200
201 dp->dp_sync_taskq = taskq_create("dp_sync_taskq",
202 zfs_sync_taskq_batch_pct, minclsyspri, 1, INT_MAX,
203 TASKQ_THREADS_CPU_PCT);
204
205 dp->dp_zil_clean_taskq = taskq_create("dp_zil_clean_taskq",
206 zfs_zil_clean_taskq_nthr_pct, minclsyspri,
207 zfs_zil_clean_taskq_minalloc,
208 zfs_zil_clean_taskq_maxalloc,
209 TASKQ_PREPOPULATE | TASKQ_THREADS_CPU_PCT);
210
211 mutex_init(&dp->dp_lock, NULL, MUTEX_DEFAULT, NULL);
212 cv_init(&dp->dp_spaceavail_cv, NULL, CV_DEFAULT, NULL);
213
214 dp->dp_vnrele_taskq = taskq_create("zfs_vn_rele_taskq", 1, minclsyspri,
215 1, 4, 0);
216
217 return (dp);
218 }
219
220 int
221 dsl_pool_init(spa_t *spa, uint64_t txg, dsl_pool_t **dpp)
222 {
223 int err;
224 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
225
226 err = dmu_objset_open_impl(spa, NULL, &dp->dp_meta_rootbp,
227 &dp->dp_meta_objset);
228 if (err != 0)
229 dsl_pool_close(dp);
230 else
231 *dpp = dp;
232
233 return (err);
234 }
235
271 }
272 dsl_dir_rele(dd, dp);
273 if (err)
274 goto out;
275 }
276
277 if (spa_version(dp->dp_spa) >= SPA_VERSION_DEADLISTS) {
278 err = dsl_pool_open_special_dir(dp, FREE_DIR_NAME,
279 &dp->dp_free_dir);
280 if (err)
281 goto out;
282
283 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
284 DMU_POOL_FREE_BPOBJ, sizeof (uint64_t), 1, &obj);
285 if (err)
286 goto out;
287 VERIFY0(bpobj_open(&dp->dp_free_bpobj,
288 dp->dp_meta_objset, obj));
289 }
290
291 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_OBSOLETE_COUNTS)) {
292 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
293 DMU_POOL_OBSOLETE_BPOBJ, sizeof (uint64_t), 1, &obj);
294 if (err == 0) {
295 VERIFY0(bpobj_open(&dp->dp_obsolete_bpobj,
296 dp->dp_meta_objset, obj));
297 } else if (err == ENOENT) {
298 /*
299 * We might not have created the remap bpobj yet.
300 */
301 err = 0;
302 } else {
303 goto out;
304 }
305 }
306
307 /*
308 * Note: errors ignored, because the these special dirs, used for
309 * space accounting, are only created on demand.
310 */
311 (void) dsl_pool_open_special_dir(dp, LEAK_DIR_NAME,
312 &dp->dp_leak_dir);
313
314 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_ASYNC_DESTROY)) {
315 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
316 DMU_POOL_BPTREE_OBJ, sizeof (uint64_t), 1,
317 &dp->dp_bptree_obj);
318 if (err != 0)
319 goto out;
320 }
321
322 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMPTY_BPOBJ)) {
323 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
324 DMU_POOL_EMPTY_BPOBJ, sizeof (uint64_t), 1,
325 &dp->dp_empty_bpobj);
326 if (err != 0)
327 goto out;
328 }
329
330 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
335 if (err)
336 goto out;
337
338 err = dsl_scan_init(dp, dp->dp_tx.tx_open_txg);
339
340 out:
341 rrw_exit(&dp->dp_config_rwlock, FTAG);
342 return (err);
343 }
344
345 void
346 dsl_pool_close(dsl_pool_t *dp)
347 {
348 /*
349 * Drop our references from dsl_pool_open().
350 *
351 * Since we held the origin_snap from "syncing" context (which
352 * includes pool-opening context), it actually only got a "ref"
353 * and not a hold, so just drop that here.
354 */
355 if (dp->dp_origin_snap != NULL)
356 dsl_dataset_rele(dp->dp_origin_snap, dp);
357 if (dp->dp_mos_dir != NULL)
358 dsl_dir_rele(dp->dp_mos_dir, dp);
359 if (dp->dp_free_dir != NULL)
360 dsl_dir_rele(dp->dp_free_dir, dp);
361 if (dp->dp_leak_dir != NULL)
362 dsl_dir_rele(dp->dp_leak_dir, dp);
363 if (dp->dp_root_dir != NULL)
364 dsl_dir_rele(dp->dp_root_dir, dp);
365
366 bpobj_close(&dp->dp_free_bpobj);
367 bpobj_close(&dp->dp_obsolete_bpobj);
368
369 /* undo the dmu_objset_open_impl(mos) from dsl_pool_open() */
370 if (dp->dp_meta_objset != NULL)
371 dmu_objset_evict(dp->dp_meta_objset);
372
373 txg_list_destroy(&dp->dp_dirty_datasets);
374 txg_list_destroy(&dp->dp_dirty_zilogs);
375 txg_list_destroy(&dp->dp_sync_tasks);
376 txg_list_destroy(&dp->dp_dirty_dirs);
377
378 taskq_destroy(dp->dp_zil_clean_taskq);
379 taskq_destroy(dp->dp_sync_taskq);
380
381 /*
382 * We can't set retry to TRUE since we're explicitly specifying
383 * a spa to flush. This is good enough; any missed buffers for
384 * this spa won't cause trouble, and they'll eventually fall
385 * out of the ARC just like any other unused buffer.
386 */
387 arc_flush(dp->dp_spa, FALSE);
388
389 txg_fini(dp);
390 dsl_scan_fini(dp);
391 dmu_buf_user_evict_wait();
392
393 rrw_destroy(&dp->dp_config_rwlock);
394 mutex_destroy(&dp->dp_lock);
395 taskq_destroy(dp->dp_vnrele_taskq);
396 if (dp->dp_blkstats != NULL)
397 kmem_free(dp->dp_blkstats, sizeof (zfs_all_blkstats_t));
398 kmem_free(dp, sizeof (dsl_pool_t));
399 }
400
401 void
402 dsl_pool_create_obsolete_bpobj(dsl_pool_t *dp, dmu_tx_t *tx)
403 {
404 uint64_t obj;
405 /*
406 * Currently, we only create the obsolete_bpobj where there are
407 * indirect vdevs with referenced mappings.
408 */
409 ASSERT(spa_feature_is_active(dp->dp_spa, SPA_FEATURE_DEVICE_REMOVAL));
410 /* create and open the obsolete_bpobj */
411 obj = bpobj_alloc(dp->dp_meta_objset, SPA_OLD_MAXBLOCKSIZE, tx);
412 VERIFY0(bpobj_open(&dp->dp_obsolete_bpobj, dp->dp_meta_objset, obj));
413 VERIFY0(zap_add(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
414 DMU_POOL_OBSOLETE_BPOBJ, sizeof (uint64_t), 1, &obj, tx));
415 spa_feature_incr(dp->dp_spa, SPA_FEATURE_OBSOLETE_COUNTS, tx);
416 }
417
418 void
419 dsl_pool_destroy_obsolete_bpobj(dsl_pool_t *dp, dmu_tx_t *tx)
420 {
421 spa_feature_decr(dp->dp_spa, SPA_FEATURE_OBSOLETE_COUNTS, tx);
422 VERIFY0(zap_remove(dp->dp_meta_objset,
423 DMU_POOL_DIRECTORY_OBJECT,
424 DMU_POOL_OBSOLETE_BPOBJ, tx));
425 bpobj_free(dp->dp_meta_objset,
426 dp->dp_obsolete_bpobj.bpo_object, tx);
427 bpobj_close(&dp->dp_obsolete_bpobj);
428 }
429
430 dsl_pool_t *
431 dsl_pool_create(spa_t *spa, nvlist_t *zplprops, uint64_t txg)
432 {
433 int err;
434 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
435 dmu_tx_t *tx = dmu_tx_create_assigned(dp, txg);
436 dsl_dataset_t *ds;
437 uint64_t obj;
438
439 rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
440
441 /* create and open the MOS (meta-objset) */
442 dp->dp_meta_objset = dmu_objset_create_impl(spa,
443 NULL, &dp->dp_meta_rootbp, DMU_OST_META, tx);
444
445 /* create the pool directory */
446 err = zap_create_claim(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
447 DMU_OT_OBJECT_DIRECTORY, DMU_OT_NONE, 0, tx);
448 ASSERT0(err);
449
536 ASSERT3U(-delta, <=, dp->dp_dirty_total);
537
538 dp->dp_dirty_total += delta;
539
540 /*
541 * Note: we signal even when increasing dp_dirty_total.
542 * This ensures forward progress -- each thread wakes the next waiter.
543 */
544 if (dp->dp_dirty_total < zfs_dirty_data_max)
545 cv_signal(&dp->dp_spaceavail_cv);
546 }
547
548 void
549 dsl_pool_sync(dsl_pool_t *dp, uint64_t txg)
550 {
551 zio_t *zio;
552 dmu_tx_t *tx;
553 dsl_dir_t *dd;
554 dsl_dataset_t *ds;
555 objset_t *mos = dp->dp_meta_objset;
556 list_t synced_datasets;
557
558 list_create(&synced_datasets, sizeof (dsl_dataset_t),
559 offsetof(dsl_dataset_t, ds_synced_link));
560
561 tx = dmu_tx_create_assigned(dp, txg);
562
563 /*
564 * Write out all dirty blocks of dirty datasets.
565 */
566 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
567 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
568 /*
569 * We must not sync any non-MOS datasets twice, because
570 * we may have taken a snapshot of them. However, we
571 * may sync newly-created datasets on pass 2.
572 */
573 ASSERT(!list_link_active(&ds->ds_synced_link));
574 list_insert_tail(&synced_datasets, ds);
575 dsl_dataset_sync(ds, zio, tx);
576 }
577 VERIFY0(zio_wait(zio));
578
579 /*
580 * We have written all of the accounted dirty data, so our
581 * dp_space_towrite should now be zero. However, some seldom-used
582 * code paths do not adhere to this (e.g. dbuf_undirty(), also
583 * rounding error in dbuf_write_physdone).
584 * Shore up the accounting of any dirtied space now.
585 */
586 dsl_pool_undirty_space(dp, dp->dp_dirty_pertxg[txg & TXG_MASK], txg);
587
588 /*
589 * Update the long range free counter after
590 * we're done syncing user data
591 */
592 mutex_enter(&dp->dp_lock);
593 ASSERT(spa_sync_pass(dp->dp_spa) == 1 ||
594 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] == 0);
595 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] = 0;
596 mutex_exit(&dp->dp_lock);
597
598 /*
599 * After the data blocks have been written (ensured by the zio_wait()
600 * above), update the user/group space accounting. This happens
601 * in tasks dispatched to dp_sync_taskq, so wait for them before
602 * continuing.
603 */
604 for (ds = list_head(&synced_datasets); ds != NULL;
605 ds = list_next(&synced_datasets, ds)) {
606 dmu_objset_do_userquota_updates(ds->ds_objset, tx);
607 }
608 taskq_wait(dp->dp_sync_taskq);
609
610 /*
611 * Sync the datasets again to push out the changes due to
612 * userspace updates. This must be done before we process the
613 * sync tasks, so that any snapshots will have the correct
614 * user accounting information (and we won't get confused
615 * about which blocks are part of the snapshot).
616 */
617 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
618 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
619 ASSERT(list_link_active(&ds->ds_synced_link));
620 dmu_buf_rele(ds->ds_dbuf, ds);
621 dsl_dataset_sync(ds, zio, tx);
622 }
623 VERIFY0(zio_wait(zio));
624
625 /*
626 * Now that the datasets have been completely synced, we can
627 * clean up our in-memory structures accumulated while syncing:
628 *
629 * - move dead blocks from the pending deadlist to the on-disk deadlist
630 * - release hold from dsl_dataset_dirty()
631 */
632 while ((ds = list_remove_head(&synced_datasets)) != NULL) {
633 dsl_dataset_sync_done(ds, tx);
634 }
635 while ((dd = txg_list_remove(&dp->dp_dirty_dirs, txg)) != NULL) {
636 dsl_dir_sync(dd, tx);
648 dp->dp_mos_compressed_delta,
649 dp->dp_mos_uncompressed_delta, tx);
650 dp->dp_mos_used_delta = 0;
651 dp->dp_mos_compressed_delta = 0;
652 dp->dp_mos_uncompressed_delta = 0;
653 }
654
655 if (!multilist_is_empty(mos->os_dirty_dnodes[txg & TXG_MASK])) {
656 dsl_pool_sync_mos(dp, tx);
657 }
658
659 /*
660 * If we modify a dataset in the same txg that we want to destroy it,
661 * its dsl_dir's dd_dbuf will be dirty, and thus have a hold on it.
662 * dsl_dir_destroy_check() will fail if there are unexpected holds.
663 * Therefore, we want to sync the MOS (thus syncing the dd_dbuf
664 * and clearing the hold on it) before we process the sync_tasks.
665 * The MOS data dirtied by the sync_tasks will be synced on the next
666 * pass.
667 */
668 if (!txg_list_empty(&dp->dp_sync_tasks, txg)) {
669 dsl_sync_task_t *dst;
670 /*
671 * No more sync tasks should have been added while we
672 * were syncing.
673 */
674 ASSERT3U(spa_sync_pass(dp->dp_spa), ==, 1);
675 while ((dst = txg_list_remove(&dp->dp_sync_tasks, txg)) != NULL)
676 dsl_sync_task_sync(dst, tx);
677 }
678
679 dmu_tx_commit(tx);
680
681 DTRACE_PROBE2(dsl_pool_sync__done, dsl_pool_t *dp, dp, uint64_t, txg);
682 }
683
684 void
685 dsl_pool_sync_done(dsl_pool_t *dp, uint64_t txg)
686 {
687 zilog_t *zilog;
688
689 while (zilog = txg_list_head(&dp->dp_dirty_zilogs, txg)) {
690 dsl_dataset_t *ds = dmu_objset_ds(zilog->zl_os);
691 /*
692 * We don't remove the zilog from the dp_dirty_zilogs
693 * list until after we've cleaned it. This ensures that
694 * callers of zilog_is_dirty() receive an accurate
695 * answer when they are racing with the spa sync thread.
696 */
697 zil_clean(zilog, txg);
698 (void) txg_list_remove_this(&dp->dp_dirty_zilogs, zilog, txg);
722 /*
723 * If we're trying to assess whether it's OK to do a free,
724 * cut the reservation in half to allow forward progress
725 * (e.g. make it possible to rm(1) files from a full pool).
726 */
727 space = spa_get_dspace(dp->dp_spa);
728 resv = spa_get_slop_space(dp->dp_spa);
729 if (netfree)
730 resv >>= 1;
731
732 return (space - resv);
733 }
734
735 boolean_t
736 dsl_pool_need_dirty_delay(dsl_pool_t *dp)
737 {
738 uint64_t delay_min_bytes =
739 zfs_dirty_data_max * zfs_delay_min_dirty_percent / 100;
740 boolean_t rv;
741
742 mutex_enter(&dp->dp_lock);
743 if (dp->dp_dirty_total > zfs_dirty_data_sync)
744 txg_kick(dp);
745 rv = (dp->dp_dirty_total > delay_min_bytes);
746 mutex_exit(&dp->dp_lock);
747 return (rv);
748 }
749
750 void
751 dsl_pool_dirty_space(dsl_pool_t *dp, int64_t space, dmu_tx_t *tx)
752 {
753 if (space > 0) {
754 mutex_enter(&dp->dp_lock);
755 dp->dp_dirty_pertxg[tx->tx_txg & TXG_MASK] += space;
756 dsl_pool_dirty_delta(dp, space);
757 mutex_exit(&dp->dp_lock);
758 }
759 }
760
761 void
762 dsl_pool_undirty_space(dsl_pool_t *dp, int64_t space, uint64_t txg)
763 {
764 ASSERT3S(space, >=, 0);
765 if (space == 0)
766 return;
|
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2011, 2017 by Delphix. All rights reserved.
24 * Copyright (c) 2013 Steven Hartland. All rights reserved.
25 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
26 * Copyright (c) 2014 Integros [integros.com]
27 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
28 */
29
30 #include <sys/autosnap.h>
31 #include <sys/dsl_pool.h>
32 #include <sys/dsl_dataset.h>
33 #include <sys/dsl_prop.h>
34 #include <sys/dsl_dir.h>
35 #include <sys/dsl_synctask.h>
36 #include <sys/dsl_dataset.h>
37 #include <sys/dsl_scan.h>
38 #include <sys/dnode.h>
39 #include <sys/dmu_tx.h>
40 #include <sys/dmu_objset.h>
41 #include <sys/dmu_traverse.h>
42 #include <sys/arc.h>
43 #include <sys/zap.h>
44 #include <sys/zio.h>
45 #include <sys/zfs_context.h>
46 #include <sys/fs/zfs.h>
47 #include <sys/zfs_znode.h>
48 #include <sys/spa_impl.h>
49 #include <sys/dsl_deadlist.h>
50 #include <sys/bptree.h>
51 #include <sys/zfeature.h>
52 #include <sys/zil_impl.h>
53 #include <sys/dsl_userhold.h>
54
55 #include <sys/wbc.h>
56 #include <sys/time.h>
57
58 /*
59 * ZFS Write Throttle
60 * ------------------
61 *
62 * ZFS must limit the rate of incoming writes to the rate at which it is able
63 * to sync data modifications to the backend storage. Throttling by too much
64 * creates an artificial limit; throttling by too little can only be sustained
65 * for short periods and would lead to highly lumpy performance. On a per-pool
66 * basis, ZFS tracks the amount of modified (dirty) data. As operations change
67 * data, the amount of dirty data increases; as ZFS syncs out data, the amount
68 * of dirty data decreases. When the amount of dirty data exceeds a
69 * predetermined threshold further modifications are blocked until the amount
70 * of dirty data decreases (as data is synced out).
71 *
72 * The limit on dirty data is tunable, and should be adjusted according to
73 * both the IO capacity and available memory of the system. The larger the
74 * window, the more ZFS is able to aggregate and amortize metadata (and data)
75 * changes. However, memory is a limited resource, and allowing for more dirty
76 * data comes at the cost of keeping other useful data in memory (for example
77 * ZFS data cached by the ARC).
151 * taskq used by zil_clean(); they determine the number of taskq entries
152 * that are pre-populated when the taskq is first created (via the
153 * "zfs_zil_clean_taskq_minalloc" tunable) and the maximum number of
154 * taskq entries that are cached after an on-demand allocation (via the
155 * "zfs_zil_clean_taskq_maxalloc").
156 *
157 * The idea being, we want to try reasonably hard to ensure there will
158 * already be a taskq entry pre-allocated by the time that it is needed
159 * by zil_clean(). This way, we can avoid the possibility of an
160 * on-demand allocation of a new taskq entry from failing, which would
161 * result in zil_itxg_clean() being called synchronously from zil_clean()
162 * (which can adversely affect performance of spa_sync()).
163 *
164 * Additionally, the number of threads used by the taskq can be
165 * configured via the "zfs_zil_clean_taskq_nthr_pct" tunable.
166 */
167 int zfs_zil_clean_taskq_nthr_pct = 100;
168 int zfs_zil_clean_taskq_minalloc = 1024;
169 int zfs_zil_clean_taskq_maxalloc = 1024 * 1024;
170
171 /*
172 * Tunable to control max number of tasks available for processing of
173 * deferred deletes.
174 */
175 int zfs_vn_rele_max_tasks = 256;
176
177 int
178 dsl_pool_open_special_dir(dsl_pool_t *dp, const char *name, dsl_dir_t **ddp)
179 {
180 uint64_t obj;
181 int err;
182
183 err = zap_lookup(dp->dp_meta_objset,
184 dsl_dir_phys(dp->dp_root_dir)->dd_child_dir_zapobj,
185 name, sizeof (obj), 1, &obj);
186 if (err)
187 return (err);
188
189 return (dsl_dir_hold_obj(dp, obj, name, dp, ddp));
190 }
191
192 static dsl_pool_t *
193 dsl_pool_open_impl(spa_t *spa, uint64_t txg)
194 {
195 dsl_pool_t *dp;
196 blkptr_t *bp = spa_get_rootblkptr(spa);
197
198 dp = kmem_zalloc(sizeof (dsl_pool_t), KM_SLEEP);
199 dp->dp_spa = spa;
200 dp->dp_meta_rootbp = *bp;
201 rrw_init(&dp->dp_config_rwlock, B_TRUE);
202
203 dp->dp_sync_history[0] = dp->dp_sync_history[1] = 0;
204
205 txg_init(dp, txg);
206
207 txg_list_create(&dp->dp_dirty_datasets, spa,
208 offsetof(dsl_dataset_t, ds_dirty_link));
209 txg_list_create(&dp->dp_dirty_zilogs, spa,
210 offsetof(zilog_t, zl_dirty_link));
211 txg_list_create(&dp->dp_dirty_dirs, spa,
212 offsetof(dsl_dir_t, dd_dirty_link));
213 txg_list_create(&dp->dp_sync_tasks, spa,
214 offsetof(dsl_sync_task_t, dst_node));
215
216 dp->dp_sync_taskq = taskq_create("dp_sync_taskq",
217 zfs_sync_taskq_batch_pct, minclsyspri, 1, INT_MAX,
218 TASKQ_THREADS_CPU_PCT);
219
220 dp->dp_zil_clean_taskq = taskq_create("dp_zil_clean_taskq",
221 zfs_zil_clean_taskq_nthr_pct, minclsyspri,
222 zfs_zil_clean_taskq_minalloc,
223 zfs_zil_clean_taskq_maxalloc,
224 TASKQ_PREPOPULATE | TASKQ_THREADS_CPU_PCT);
225
226 mutex_init(&dp->dp_lock, NULL, MUTEX_DEFAULT, NULL);
227 cv_init(&dp->dp_spaceavail_cv, NULL, CV_DEFAULT, NULL);
228
229 dp->dp_vnrele_taskq = taskq_create("zfs_vn_rele_taskq",
230 zfs_vn_rele_max_tasks, minclsyspri,
231 1, zfs_vn_rele_max_tasks, TASKQ_DYNAMIC);
232
233 return (dp);
234 }
235
236 int
237 dsl_pool_init(spa_t *spa, uint64_t txg, dsl_pool_t **dpp)
238 {
239 int err;
240 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
241
242 err = dmu_objset_open_impl(spa, NULL, &dp->dp_meta_rootbp,
243 &dp->dp_meta_objset);
244 if (err != 0)
245 dsl_pool_close(dp);
246 else
247 *dpp = dp;
248
249 return (err);
250 }
251
287 }
288 dsl_dir_rele(dd, dp);
289 if (err)
290 goto out;
291 }
292
293 if (spa_version(dp->dp_spa) >= SPA_VERSION_DEADLISTS) {
294 err = dsl_pool_open_special_dir(dp, FREE_DIR_NAME,
295 &dp->dp_free_dir);
296 if (err)
297 goto out;
298
299 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
300 DMU_POOL_FREE_BPOBJ, sizeof (uint64_t), 1, &obj);
301 if (err)
302 goto out;
303 VERIFY0(bpobj_open(&dp->dp_free_bpobj,
304 dp->dp_meta_objset, obj));
305 }
306
307 /*
308 * Note: errors ignored, because the leak dir will not exist if we
309 * have not encountered a leak yet.
310 */
311 (void) dsl_pool_open_special_dir(dp, LEAK_DIR_NAME,
312 &dp->dp_leak_dir);
313
314 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_ASYNC_DESTROY)) {
315 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
316 DMU_POOL_BPTREE_OBJ, sizeof (uint64_t), 1,
317 &dp->dp_bptree_obj);
318 if (err != 0)
319 goto out;
320 }
321
322 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMPTY_BPOBJ)) {
323 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
324 DMU_POOL_EMPTY_BPOBJ, sizeof (uint64_t), 1,
325 &dp->dp_empty_bpobj);
326 if (err != 0)
327 goto out;
328 }
329
330 err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
335 if (err)
336 goto out;
337
338 err = dsl_scan_init(dp, dp->dp_tx.tx_open_txg);
339
340 out:
341 rrw_exit(&dp->dp_config_rwlock, FTAG);
342 return (err);
343 }
344
345 void
346 dsl_pool_close(dsl_pool_t *dp)
347 {
348 /*
349 * Drop our references from dsl_pool_open().
350 *
351 * Since we held the origin_snap from "syncing" context (which
352 * includes pool-opening context), it actually only got a "ref"
353 * and not a hold, so just drop that here.
354 */
355 if (dp->dp_origin_snap)
356 dsl_dataset_rele(dp->dp_origin_snap, dp);
357 if (dp->dp_mos_dir)
358 dsl_dir_rele(dp->dp_mos_dir, dp);
359 if (dp->dp_free_dir)
360 dsl_dir_rele(dp->dp_free_dir, dp);
361 if (dp->dp_leak_dir)
362 dsl_dir_rele(dp->dp_leak_dir, dp);
363 if (dp->dp_root_dir)
364 dsl_dir_rele(dp->dp_root_dir, dp);
365
366 bpobj_close(&dp->dp_free_bpobj);
367
368 /* undo the dmu_objset_open_impl(mos) from dsl_pool_open() */
369 if (dp->dp_meta_objset)
370 dmu_objset_evict(dp->dp_meta_objset);
371
372 txg_list_destroy(&dp->dp_dirty_datasets);
373 txg_list_destroy(&dp->dp_dirty_zilogs);
374 txg_list_destroy(&dp->dp_sync_tasks);
375 txg_list_destroy(&dp->dp_dirty_dirs);
376
377 taskq_destroy(dp->dp_zil_clean_taskq);
378 taskq_destroy(dp->dp_sync_taskq);
379
380 /*
381 * We can't set retry to TRUE since we're explicitly specifying
382 * a spa to flush. This is good enough; any missed buffers for
383 * this spa won't cause trouble, and they'll eventually fall
384 * out of the ARC just like any other unused buffer.
385 */
386 arc_flush(dp->dp_spa, B_FALSE);
387 txg_fini(dp);
388 dsl_scan_fini(dp);
389 dmu_buf_user_evict_wait();
390
391 rrw_destroy(&dp->dp_config_rwlock);
392 mutex_destroy(&dp->dp_lock);
393 taskq_destroy(dp->dp_vnrele_taskq);
394 if (dp->dp_blkstats)
395 kmem_free(dp->dp_blkstats, sizeof (zfs_all_blkstats_t));
396 kmem_free(dp, sizeof (dsl_pool_t));
397 }
398
399 dsl_pool_t *
400 dsl_pool_create(spa_t *spa, nvlist_t *zplprops, uint64_t txg)
401 {
402 int err;
403 dsl_pool_t *dp = dsl_pool_open_impl(spa, txg);
404 dmu_tx_t *tx = dmu_tx_create_assigned(dp, txg);
405 dsl_dataset_t *ds;
406 uint64_t obj;
407
408 rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
409
410 /* create and open the MOS (meta-objset) */
411 dp->dp_meta_objset = dmu_objset_create_impl(spa,
412 NULL, &dp->dp_meta_rootbp, DMU_OST_META, tx);
413
414 /* create the pool directory */
415 err = zap_create_claim(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
416 DMU_OT_OBJECT_DIRECTORY, DMU_OT_NONE, 0, tx);
417 ASSERT0(err);
418
505 ASSERT3U(-delta, <=, dp->dp_dirty_total);
506
507 dp->dp_dirty_total += delta;
508
509 /*
510 * Note: we signal even when increasing dp_dirty_total.
511 * This ensures forward progress -- each thread wakes the next waiter.
512 */
513 if (dp->dp_dirty_total < zfs_dirty_data_max)
514 cv_signal(&dp->dp_spaceavail_cv);
515 }
516
517 void
518 dsl_pool_sync(dsl_pool_t *dp, uint64_t txg)
519 {
520 zio_t *zio;
521 dmu_tx_t *tx;
522 dsl_dir_t *dd;
523 dsl_dataset_t *ds;
524 objset_t *mos = dp->dp_meta_objset;
525 spa_t *spa = dp->dp_spa;
526 list_t synced_datasets;
527 dsl_sync_task_t *iter;
528 boolean_t wbc_skip_txg = B_FALSE;
529 boolean_t sync_ops = B_FALSE;
530 boolean_t user_snap = B_FALSE;
531 zfs_autosnap_t *autosnap = spa_get_autosnap(spa);
532 boolean_t autosnap_initialized = autosnap->initialized;
533 char snap[ZFS_MAX_DATASET_NAME_LEN];
534
535 /* check if there are ny sync ops in the txg */
536 if (txg_list_head(&dp->dp_sync_tasks, txg) != NULL)
537 sync_ops = B_TRUE;
538
539 /* check if there are user snaps in the txg */
540 for (iter = txg_list_head(&dp->dp_sync_tasks, txg);
541 iter != NULL;
542 iter = txg_list_next(&dp->dp_sync_tasks, iter, txg)) {
543 if (iter->dst_syncfunc == dsl_dataset_snapshot_sync) {
544 user_snap = B_TRUE;
545 break;
546 }
547 }
548
549
550 list_create(&synced_datasets, sizeof (dsl_dataset_t),
551 offsetof(dsl_dataset_t, ds_synced_link));
552
553 tx = dmu_tx_create_assigned(dp, txg);
554
555 (void) sprintf(snap, "%s%llu", AUTOSNAP_PREFIX,
556 (unsigned long long int) txg);
557
558 if (autosnap_initialized && spa->spa_sync_pass == 1) {
559 autosnap_zone_t *azone;
560
561 rrw_enter(&dp->dp_config_rwlock, RW_READER, FTAG);
562 mutex_enter(&autosnap->autosnap_lock);
563
564 /*
565 * WBC: the mechanism to ensure all WBC-ed dirty datasets
566 * are synchronously auto-snapshotted
567 * within (or by) the same TXG sync
568 * The "synchronicity" of the rightmost boundary of the WBC
569 * window is important to avoid used-space leakages
570 * on special vdev.
571 * Note that we skip here the WBC-ed datasets that are
572 * already fully migrated and don't have data on special
573 */
574
575 for (ds = txg_list_head(&dp->dp_dirty_datasets, txg);
576 ds != NULL;
577 ds = txg_list_next(&dp->dp_dirty_datasets, ds, txg)) {
578 char ds_name[ZFS_MAX_DATASET_NAME_LEN];
579 boolean_t wbc_azone;
580
581 dsl_dataset_name(ds, ds_name);
582
583 azone = autosnap_find_zone(autosnap, ds_name, B_TRUE);
584 if (azone == NULL)
585 continue;
586
587 if ((azone->flags & AUTOSNAP_CREATOR) == 0)
588 continue;
589
590 if (azone->created)
591 continue;
592
593 azone->delayed = B_TRUE;
594 azone->dirty = B_TRUE;
595 wbc_azone = (azone->flags & AUTOSNAP_WBC) != 0;
596
597 if (autosnap_confirm_snap(azone, txg)) {
598 if (!wbc_azone && !user_snap && !sync_ops) {
599 autosnap_create_snapshot(azone,
600 snap, dp, txg, tx);
601 }
602 } else if (wbc_azone) {
603 wbc_skip_txg = B_TRUE;
604 }
605 }
606
607 azone = list_head(&autosnap->autosnap_zones);
608 while (azone != NULL) {
609 boolean_t wbc_azone =
610 ((azone->flags & AUTOSNAP_WBC) != 0);
611
612 if (user_snap) {
613 azone->delayed = B_TRUE;
614 } else if (!azone->dirty && azone->delayed) {
615 if (autosnap_confirm_snap(azone, txg)) {
616 if (!wbc_azone && !user_snap &&
617 !sync_ops) {
618 autosnap_create_snapshot(azone,
619 snap, dp, txg, tx);
620 }
621 } else if (wbc_azone) {
622 wbc_skip_txg = B_TRUE;
623 }
624 }
625
626 azone = list_next(&autosnap->autosnap_zones, azone);
627 }
628
629 mutex_exit(&autosnap->autosnap_lock);
630 rrw_exit(&dp->dp_config_rwlock, FTAG);
631 }
632
633
634 /*
635 * Write out all dirty blocks of dirty datasets.
636 */
637 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
638 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
639
640 /*
641 * We must not sync any non-MOS datasets twice, because
642 * we may have taken a snapshot of them. However, we
643 * may sync newly-created datasets on pass 2.
644 */
645 ASSERT(!list_link_active(&ds->ds_synced_link));
646 list_insert_tail(&synced_datasets, ds);
647 dsl_dataset_sync(ds, zio, tx);
648 }
649
650 VERIFY0(zio_wait(zio));
651
652 if (autosnap_initialized && spa->spa_sync_pass == 1 &&
653 !user_snap) {
654 autosnap_zone_t *azone;
655
656 rrw_enter(&dp->dp_config_rwlock, RW_READER, FTAG);
657 mutex_enter(&autosnap->autosnap_lock);
658
659 /*
660 * At this stage we are walking over all delayed zones
661 * to create autosnaps
662 */
663
664 azone = list_head(&autosnap->autosnap_zones);
665 while (azone != NULL) {
666 boolean_t skip_zone =
667 ((azone->flags & AUTOSNAP_CREATOR) == 0);
668
669 if (azone->delayed && !skip_zone) {
670 boolean_t wbc_azone =
671 ((azone->flags & AUTOSNAP_WBC) != 0);
672
673 if ((!wbc_azone || !wbc_skip_txg) &&
674 autosnap_confirm_snap(azone, txg)) {
675 autosnap_create_snapshot(azone,
676 snap, dp, txg, tx);
677 }
678 }
679
680 if (skip_zone)
681 azone->delayed = B_FALSE;
682
683 azone = list_next(&autosnap->autosnap_zones, azone);
684 }
685
686 mutex_exit(&autosnap->autosnap_lock);
687 rrw_exit(&dp->dp_config_rwlock, FTAG);
688 }
689
690 /*
691 * We have written all of the accounted dirty data, so our
692 * dp_space_towrite should now be zero. However, some seldom-used
693 * code paths do not adhere to this (e.g. dbuf_undirty(), also
694 * rounding error in dbuf_write_physdone).
695 * Shore up the accounting of any dirtied space now.
696 */
697 dsl_pool_undirty_space(dp, dp->dp_dirty_pertxg[txg & TXG_MASK], txg);
698
699 /*
700 * Update the long range free counter after
701 * we're done syncing user data
702 */
703 mutex_enter(&dp->dp_lock);
704 ASSERT(spa_sync_pass(dp->dp_spa) == 1 ||
705 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] == 0);
706 dp->dp_long_freeing_total -=
707 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK];
708 dp->dp_long_free_dirty_pertxg[txg & TXG_MASK] = 0;
709 mutex_exit(&dp->dp_lock);
710
711 /*
712 * After the data blocks have been written (ensured by the zio_wait()
713 * above), update the user/group space accounting. This happens
714 * in tasks dispatched to dp_sync_taskq, so wait for them before
715 * continuing.
716 */
717 for (ds = list_head(&synced_datasets); ds != NULL;
718 ds = list_next(&synced_datasets, ds)) {
719 dmu_objset_do_userquota_updates(ds->ds_objset, tx);
720 }
721 taskq_wait(dp->dp_sync_taskq);
722
723 /*
724 * Sync the datasets again to push out the changes due to
725 * userspace updates. This must be done before we process the
726 * sync tasks, so that any snapshots will have the correct
727 * user accounting information (and we won't get confused
728 * about which blocks are part of the snapshot).
729 */
730
731 zio = zio_root(dp->dp_spa, NULL, NULL, ZIO_FLAG_MUSTSUCCEED);
732 while ((ds = txg_list_remove(&dp->dp_dirty_datasets, txg)) != NULL) {
733 ASSERT(list_link_active(&ds->ds_synced_link));
734 dmu_buf_rele(ds->ds_dbuf, ds);
735 dsl_dataset_sync(ds, zio, tx);
736 }
737 VERIFY0(zio_wait(zio));
738
739 /*
740 * Now that the datasets have been completely synced, we can
741 * clean up our in-memory structures accumulated while syncing:
742 *
743 * - move dead blocks from the pending deadlist to the on-disk deadlist
744 * - release hold from dsl_dataset_dirty()
745 */
746 while ((ds = list_remove_head(&synced_datasets)) != NULL) {
747 dsl_dataset_sync_done(ds, tx);
748 }
749 while ((dd = txg_list_remove(&dp->dp_dirty_dirs, txg)) != NULL) {
750 dsl_dir_sync(dd, tx);
762 dp->dp_mos_compressed_delta,
763 dp->dp_mos_uncompressed_delta, tx);
764 dp->dp_mos_used_delta = 0;
765 dp->dp_mos_compressed_delta = 0;
766 dp->dp_mos_uncompressed_delta = 0;
767 }
768
769 if (!multilist_is_empty(mos->os_dirty_dnodes[txg & TXG_MASK])) {
770 dsl_pool_sync_mos(dp, tx);
771 }
772
773 /*
774 * If we modify a dataset in the same txg that we want to destroy it,
775 * its dsl_dir's dd_dbuf will be dirty, and thus have a hold on it.
776 * dsl_dir_destroy_check() will fail if there are unexpected holds.
777 * Therefore, we want to sync the MOS (thus syncing the dd_dbuf
778 * and clearing the hold on it) before we process the sync_tasks.
779 * The MOS data dirtied by the sync_tasks will be synced on the next
780 * pass.
781 */
782
783 if (!txg_list_empty(&dp->dp_sync_tasks, txg)) {
784 dsl_sync_task_t *dst;
785 /*
786 * No more sync tasks should have been added while we
787 * were syncing.
788 */
789 ASSERT3U(spa_sync_pass(dp->dp_spa), ==, 1);
790 while ((dst = txg_list_remove(&dp->dp_sync_tasks, txg)) != NULL)
791 dsl_sync_task_sync(dst, tx);
792 }
793
794 if (spa_feature_is_active(spa, SPA_FEATURE_WBC)) {
795 wbc_trigger_wbcthread(dp->dp_spa,
796 ((dp->dp_sync_history[0] + dp->dp_sync_history[1]) / 2));
797 }
798
799 dmu_tx_commit(tx);
800
801 DTRACE_PROBE2(dsl_pool_sync__done, dsl_pool_t *dp, dp, uint64_t, txg);
802 }
803
804 void
805 dsl_pool_sync_done(dsl_pool_t *dp, uint64_t txg)
806 {
807 zilog_t *zilog;
808
809 while (zilog = txg_list_head(&dp->dp_dirty_zilogs, txg)) {
810 dsl_dataset_t *ds = dmu_objset_ds(zilog->zl_os);
811 /*
812 * We don't remove the zilog from the dp_dirty_zilogs
813 * list until after we've cleaned it. This ensures that
814 * callers of zilog_is_dirty() receive an accurate
815 * answer when they are racing with the spa sync thread.
816 */
817 zil_clean(zilog, txg);
818 (void) txg_list_remove_this(&dp->dp_dirty_zilogs, zilog, txg);
842 /*
843 * If we're trying to assess whether it's OK to do a free,
844 * cut the reservation in half to allow forward progress
845 * (e.g. make it possible to rm(1) files from a full pool).
846 */
847 space = spa_get_dspace(dp->dp_spa);
848 resv = spa_get_slop_space(dp->dp_spa);
849 if (netfree)
850 resv >>= 1;
851
852 return (space - resv);
853 }
854
855 boolean_t
856 dsl_pool_need_dirty_delay(dsl_pool_t *dp)
857 {
858 uint64_t delay_min_bytes =
859 zfs_dirty_data_max * zfs_delay_min_dirty_percent / 100;
860 boolean_t rv;
861
862 if (dp->dp_dirty_total > zfs_dirty_data_sync)
863 txg_kick(dp);
864 rv = (dp->dp_dirty_total > delay_min_bytes);
865
866 return (rv);
867 }
868
869 void
870 dsl_pool_dirty_space(dsl_pool_t *dp, int64_t space, dmu_tx_t *tx)
871 {
872 if (space > 0) {
873 mutex_enter(&dp->dp_lock);
874 dp->dp_dirty_pertxg[tx->tx_txg & TXG_MASK] += space;
875 dsl_pool_dirty_delta(dp, space);
876 mutex_exit(&dp->dp_lock);
877 }
878 }
879
880 void
881 dsl_pool_undirty_space(dsl_pool_t *dp, int64_t space, uint64_t txg)
882 {
883 ASSERT3S(space, >=, 0);
884 if (space == 0)
885 return;
|