mirror of
				https://git.proxmox.com/git/mirror_zfs
				synced 2025-10-26 08:54:43 +00:00 
			
		
		
		
	 5caeef02fa
			
		
	
	
		5caeef02fa
		
			
		
	
	
	
	
		
			
			This feature allows disks to be added one at a time to a RAID-Z group, expanding its capacity incrementally. This feature is especially useful for small pools (typically with only one RAID-Z group), where there isn't sufficient hardware to add capacity by adding a whole new RAID-Z group (typically doubling the number of disks). == Initiating expansion == A new device (disk) can be attached to an existing RAIDZ vdev, by running `zpool attach POOL raidzP-N NEW_DEVICE`, e.g. `zpool attach tank raidz2-0 sda`. The new device will become part of the RAIDZ group. A "raidz expansion" will be initiated, and the new device will contribute additional space to the RAIDZ group once the expansion completes. The `feature@raidz_expansion` on-disk feature flag must be `enabled` to initiate an expansion, and it remains `active` for the life of the pool. In other words, pools with expanded RAIDZ vdevs can not be imported by older releases of the ZFS software. == During expansion == The expansion entails reading all allocated space from existing disks in the RAIDZ group, and rewriting it to the new disks in the RAIDZ group (including the newly added device). The expansion progress can be monitored with `zpool status`. Data redundancy is maintained during (and after) the expansion. If a disk fails while the expansion is in progress, the expansion pauses until the health of the RAIDZ vdev is restored (e.g. by replacing the failed disk and waiting for reconstruction to complete). The pool remains accessible during expansion. Following a reboot or export/import, the expansion resumes where it left off. == After expansion == When the expansion completes, the additional space is available for use, and is reflected in the `available` zfs property (as seen in `zfs list`, `df`, etc). Expansion does not change the number of failures that can be tolerated without data loss (e.g. a RAIDZ2 is still a RAIDZ2 even after expansion). A RAIDZ vdev can be expanded multiple times. After the expansion completes, old blocks remain with their old data-to-parity ratio (e.g. 5-wide RAIDZ2, has 3 data to 2 parity), but distributed among the larger set of disks. New blocks will be written with the new data-to-parity ratio (e.g. a 5-wide RAIDZ2 which has been expanded once to 6-wide, has 4 data to 2 parity). However, the RAIDZ vdev's "assumed parity ratio" does not change, so slightly less space than is expected may be reported for newly-written blocks, according to `zfs list`, `df`, `ls -s`, and similar tools. Sponsored-by: The FreeBSD Foundation Sponsored-by: iXsystems, Inc. Sponsored-by: vStack Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Mark Maybee <mark.maybee@delphix.com> Authored-by: Matthew Ahrens <mahrens@delphix.com> Contributions-by: Fedor Uporov <fuporov.vstack@gmail.com> Contributions-by: Stuart Maybee <stuart.maybee@comcast.net> Contributions-by: Thorsten Behrens <tbehrens@outlook.com> Contributions-by: Fmstrat <nospam@nowsci.com> Contributions-by: Don Brady <dev.fs.zfs@gmail.com> Signed-off-by: Don Brady <dev.fs.zfs@gmail.com> Closes #15022
		
			
				
	
	
		
			641 lines
		
	
	
		
			22 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			641 lines
		
	
	
		
			22 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * CDDL HEADER START
 | |
|  *
 | |
|  * The contents of this file are subject to the terms of the
 | |
|  * Common Development and Distribution License (the "License").
 | |
|  * You may not use this file except in compliance with the License.
 | |
|  *
 | |
|  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 | |
|  * or https://opensource.org/licenses/CDDL-1.0.
 | |
|  * See the License for the specific language governing permissions
 | |
|  * and limitations under the License.
 | |
|  *
 | |
|  * When distributing Covered Code, include this CDDL HEADER in each
 | |
|  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 | |
|  * If applicable, add the following below this CDDL HEADER, with the
 | |
|  * fields enclosed by brackets "[]" replaced with your own identifying
 | |
|  * information: Portions Copyright [yyyy] [name of copyright owner]
 | |
|  *
 | |
|  * CDDL HEADER END
 | |
|  */
 | |
| 
 | |
| /*
 | |
|  * Copyright (c) 2017 by Delphix. All rights reserved.
 | |
|  */
 | |
| 
 | |
| /*
 | |
|  * Storage Pool Checkpoint
 | |
|  *
 | |
|  * A storage pool checkpoint can be thought of as a pool-wide snapshot or
 | |
|  * a stable version of extreme rewind that guarantees no blocks from the
 | |
|  * checkpointed state will have been overwritten. It remembers the entire
 | |
|  * state of the storage pool (e.g. snapshots, dataset names, etc..) from the
 | |
|  * point that it was taken and the user can rewind back to that point even if
 | |
|  * they applied destructive operations on their datasets or even enabled new
 | |
|  * zpool on-disk features. If a pool has a checkpoint that is no longer
 | |
|  * needed, the user can discard it.
 | |
|  *
 | |
|  * == On disk data structures used ==
 | |
|  *
 | |
|  * - The pool has a new feature flag and a new entry in the MOS. The feature
 | |
|  *   flag is set to active when we create the checkpoint and remains active
 | |
|  *   until the checkpoint is fully discarded. The entry in the MOS config
 | |
|  *   (DMU_POOL_ZPOOL_CHECKPOINT) is populated with the uberblock that
 | |
|  *   references the state of the pool when we take the checkpoint. The entry
 | |
|  *   remains populated until we start discarding the checkpoint or we rewind
 | |
|  *   back to it.
 | |
|  *
 | |
|  * - Each vdev contains a vdev-wide space map while the pool has a checkpoint,
 | |
|  *   which persists until the checkpoint is fully discarded. The space map
 | |
|  *   contains entries that have been freed in the current state of the pool
 | |
|  *   but we want to keep around in case we decide to rewind to the checkpoint.
 | |
|  *   [see vdev_checkpoint_sm]
 | |
|  *
 | |
|  * - Each metaslab's ms_sm space map behaves the same as without the
 | |
|  *   checkpoint, with the only exception being the scenario when we free
 | |
|  *   blocks that belong to the checkpoint. In this case, these blocks remain
 | |
|  *   ALLOCATED in the metaslab's space map and they are added as FREE in the
 | |
|  *   vdev's checkpoint space map.
 | |
|  *
 | |
|  * - Each uberblock has a field (ub_checkpoint_txg) which holds the txg that
 | |
|  *   the uberblock was checkpointed. For normal uberblocks this field is 0.
 | |
|  *
 | |
|  * == Overview of operations ==
 | |
|  *
 | |
|  * - To create a checkpoint, we first wait for the current TXG to be synced,
 | |
|  *   so we can use the most recently synced uberblock (spa_ubsync) as the
 | |
|  *   checkpointed uberblock. Then we use an early synctask to place that
 | |
|  *   uberblock in MOS config, increment the feature flag for the checkpoint
 | |
|  *   (marking it active), and setting spa_checkpoint_txg (see its use below)
 | |
|  *   to the TXG of the checkpointed uberblock. We use an early synctask for
 | |
|  *   the aforementioned operations to ensure that no blocks were dirtied
 | |
|  *   between the current TXG and the TXG of the checkpointed uberblock
 | |
|  *   (e.g the previous txg).
 | |
|  *
 | |
|  * - When a checkpoint exists, we need to ensure that the blocks that
 | |
|  *   belong to the checkpoint are freed but never reused. This means that
 | |
|  *   these blocks should never end up in the ms_allocatable or the ms_freeing
 | |
|  *   trees of a metaslab. Therefore, whenever there is a checkpoint the new
 | |
|  *   ms_checkpointing tree is used in addition to the aforementioned ones.
 | |
|  *
 | |
|  *   Whenever a block is freed and we find out that it is referenced by the
 | |
|  *   checkpoint (we find out by comparing its birth to spa_checkpoint_txg),
 | |
|  *   we place it in the ms_checkpointing tree instead of the ms_freeingtree.
 | |
|  *   This way, we divide the blocks that are being freed into checkpointed
 | |
|  *   and not-checkpointed blocks.
 | |
|  *
 | |
|  *   In order to persist these frees, we write the extents from the
 | |
|  *   ms_freeingtree to the ms_sm as usual, and the extents from the
 | |
|  *   ms_checkpointing tree to the vdev_checkpoint_sm. This way, these
 | |
|  *   checkpointed extents will remain allocated in the metaslab's ms_sm space
 | |
|  *   map, and therefore won't be reused [see metaslab_sync()]. In addition,
 | |
|  *   when we discard the checkpoint, we can find the entries that have
 | |
|  *   actually been freed in vdev_checkpoint_sm.
 | |
|  *   [see spa_checkpoint_discard_thread_sync()]
 | |
|  *
 | |
|  * - To discard the checkpoint we use an early synctask to delete the
 | |
|  *   checkpointed uberblock from the MOS config, set spa_checkpoint_txg to 0,
 | |
|  *   and wakeup the discarding zthr thread (an open-context async thread).
 | |
|  *   We use an early synctask to ensure that the operation happens before any
 | |
|  *   new data end up in the checkpoint's data structures.
 | |
|  *
 | |
|  *   Once the synctask is done and the discarding zthr is awake, we discard
 | |
|  *   the checkpointed data over multiple TXGs by having the zthr prefetching
 | |
|  *   entries from vdev_checkpoint_sm and then starting a synctask that places
 | |
|  *   them as free blocks into their respective ms_allocatable and ms_sm
 | |
|  *   structures.
 | |
|  *   [see spa_checkpoint_discard_thread()]
 | |
|  *
 | |
|  *   When there are no entries left in the vdev_checkpoint_sm of all
 | |
|  *   top-level vdevs, a final synctask runs that decrements the feature flag.
 | |
|  *
 | |
|  * - To rewind to the checkpoint, we first use the current uberblock and
 | |
|  *   open the MOS so we can access the checkpointed uberblock from the MOS
 | |
|  *   config. After we retrieve the checkpointed uberblock, we use it as the
 | |
|  *   current uberblock for the pool by writing it to disk with an updated
 | |
|  *   TXG, opening its version of the MOS, and moving on as usual from there.
 | |
|  *   [see spa_ld_checkpoint_rewind()]
 | |
|  *
 | |
|  *   An important note on rewinding to the checkpoint has to do with how we
 | |
|  *   handle ZIL blocks. In the scenario of a rewind, we clear out any ZIL
 | |
|  *   blocks that have not been claimed by the time we took the checkpoint
 | |
|  *   as they should no longer be valid.
 | |
|  *   [see comment in zil_claim()]
 | |
|  *
 | |
|  * == Miscellaneous information ==
 | |
|  *
 | |
|  * - In the hypothetical event that we take a checkpoint, remove a vdev,
 | |
|  *   and attempt to rewind, the rewind would fail as the checkpointed
 | |
|  *   uberblock would reference data in the removed device. For this reason
 | |
|  *   and others of similar nature, we disallow the following operations that
 | |
|  *   can change the config:
 | |
|  *   	vdev removal and attach/detach, mirror splitting, and pool reguid.
 | |
|  *
 | |
|  * - As most of the checkpoint logic is implemented in the SPA and doesn't
 | |
|  *   distinguish datasets when it comes to space accounting, having a
 | |
|  *   checkpoint can potentially break the boundaries set by dataset
 | |
|  *   reservations.
 | |
|  */
 | |
| 
 | |
| #include <sys/dmu_tx.h>
 | |
| #include <sys/dsl_dir.h>
 | |
| #include <sys/dsl_synctask.h>
 | |
| #include <sys/metaslab_impl.h>
 | |
| #include <sys/spa.h>
 | |
| #include <sys/spa_impl.h>
 | |
| #include <sys/spa_checkpoint.h>
 | |
| #include <sys/vdev_impl.h>
 | |
| #include <sys/zap.h>
 | |
| #include <sys/zfeature.h>
 | |
| 
 | |
| /*
 | |
|  * The following parameter limits the amount of memory to be used for the
 | |
|  * prefetching of the checkpoint space map done on each vdev while
 | |
|  * discarding the checkpoint.
 | |
|  *
 | |
|  * The reason it exists is because top-level vdevs with long checkpoint
 | |
|  * space maps can potentially take up a lot of memory depending on the
 | |
|  * amount of checkpointed data that has been freed within them while
 | |
|  * the pool had a checkpoint.
 | |
|  */
 | |
| static uint64_t zfs_spa_discard_memory_limit = 16 * 1024 * 1024;
 | |
| 
 | |
| int
 | |
| spa_checkpoint_get_stats(spa_t *spa, pool_checkpoint_stat_t *pcs)
 | |
| {
 | |
| 	if (!spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT))
 | |
| 		return (SET_ERROR(ZFS_ERR_NO_CHECKPOINT));
 | |
| 
 | |
| 	memset(pcs, 0, sizeof (pool_checkpoint_stat_t));
 | |
| 
 | |
| 	int error = zap_contains(spa_meta_objset(spa),
 | |
| 	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ZPOOL_CHECKPOINT);
 | |
| 	ASSERT(error == 0 || error == ENOENT);
 | |
| 
 | |
| 	if (error == ENOENT)
 | |
| 		pcs->pcs_state = CS_CHECKPOINT_DISCARDING;
 | |
| 	else
 | |
| 		pcs->pcs_state = CS_CHECKPOINT_EXISTS;
 | |
| 
 | |
| 	pcs->pcs_space = spa->spa_checkpoint_info.sci_dspace;
 | |
| 	pcs->pcs_start_time = spa->spa_checkpoint_info.sci_timestamp;
 | |
| 
 | |
| 	return (0);
 | |
| }
 | |
| 
 | |
| static void
 | |
| spa_checkpoint_discard_complete_sync(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	spa_t *spa = arg;
 | |
| 
 | |
| 	spa->spa_checkpoint_info.sci_timestamp = 0;
 | |
| 
 | |
| 	spa_feature_decr(spa, SPA_FEATURE_POOL_CHECKPOINT, tx);
 | |
| 	spa_notify_waiters(spa);
 | |
| 
 | |
| 	spa_history_log_internal(spa, "spa discard checkpoint", tx,
 | |
| 	    "finished discarding checkpointed state from the pool");
 | |
| }
 | |
| 
 | |
| typedef struct spa_checkpoint_discard_sync_callback_arg {
 | |
| 	vdev_t *sdc_vd;
 | |
| 	uint64_t sdc_txg;
 | |
| 	uint64_t sdc_entry_limit;
 | |
| } spa_checkpoint_discard_sync_callback_arg_t;
 | |
| 
 | |
| static int
 | |
| spa_checkpoint_discard_sync_callback(space_map_entry_t *sme, void *arg)
 | |
| {
 | |
| 	spa_checkpoint_discard_sync_callback_arg_t *sdc = arg;
 | |
| 	vdev_t *vd = sdc->sdc_vd;
 | |
| 	metaslab_t *ms = vd->vdev_ms[sme->sme_offset >> vd->vdev_ms_shift];
 | |
| 	uint64_t end = sme->sme_offset + sme->sme_run;
 | |
| 
 | |
| 	if (sdc->sdc_entry_limit == 0)
 | |
| 		return (SET_ERROR(EINTR));
 | |
| 
 | |
| 	/*
 | |
| 	 * Since the space map is not condensed, we know that
 | |
| 	 * none of its entries is crossing the boundaries of
 | |
| 	 * its respective metaslab.
 | |
| 	 *
 | |
| 	 * That said, there is no fundamental requirement that
 | |
| 	 * the checkpoint's space map entries should not cross
 | |
| 	 * metaslab boundaries. So if needed we could add code
 | |
| 	 * that handles metaslab-crossing segments in the future.
 | |
| 	 */
 | |
| 	VERIFY3U(sme->sme_type, ==, SM_FREE);
 | |
| 	VERIFY3U(sme->sme_offset, >=, ms->ms_start);
 | |
| 	VERIFY3U(end, <=, ms->ms_start + ms->ms_size);
 | |
| 
 | |
| 	/*
 | |
| 	 * At this point we should not be processing any
 | |
| 	 * other frees concurrently, so the lock is technically
 | |
| 	 * unnecessary. We use the lock anyway though to
 | |
| 	 * potentially save ourselves from future headaches.
 | |
| 	 */
 | |
| 	mutex_enter(&ms->ms_lock);
 | |
| 	if (range_tree_is_empty(ms->ms_freeing))
 | |
| 		vdev_dirty(vd, VDD_METASLAB, ms, sdc->sdc_txg);
 | |
| 	range_tree_add(ms->ms_freeing, sme->sme_offset, sme->sme_run);
 | |
| 	mutex_exit(&ms->ms_lock);
 | |
| 
 | |
| 	ASSERT3U(vd->vdev_spa->spa_checkpoint_info.sci_dspace, >=,
 | |
| 	    sme->sme_run);
 | |
| 	ASSERT3U(vd->vdev_stat.vs_checkpoint_space, >=, sme->sme_run);
 | |
| 
 | |
| 	vd->vdev_spa->spa_checkpoint_info.sci_dspace -= sme->sme_run;
 | |
| 	vd->vdev_stat.vs_checkpoint_space -= sme->sme_run;
 | |
| 	sdc->sdc_entry_limit--;
 | |
| 
 | |
| 	return (0);
 | |
| }
 | |
| 
 | |
| #ifdef ZFS_DEBUG
 | |
| static void
 | |
| spa_checkpoint_accounting_verify(spa_t *spa)
 | |
| {
 | |
| 	vdev_t *rvd = spa->spa_root_vdev;
 | |
| 	uint64_t ckpoint_sm_space_sum = 0;
 | |
| 	uint64_t vs_ckpoint_space_sum = 0;
 | |
| 
 | |
| 	for (uint64_t c = 0; c < rvd->vdev_children; c++) {
 | |
| 		vdev_t *vd = rvd->vdev_child[c];
 | |
| 
 | |
| 		if (vd->vdev_checkpoint_sm != NULL) {
 | |
| 			ckpoint_sm_space_sum +=
 | |
| 			    -space_map_allocated(vd->vdev_checkpoint_sm);
 | |
| 			vs_ckpoint_space_sum +=
 | |
| 			    vd->vdev_stat.vs_checkpoint_space;
 | |
| 			ASSERT3U(ckpoint_sm_space_sum, ==,
 | |
| 			    vs_ckpoint_space_sum);
 | |
| 		} else {
 | |
| 			ASSERT0(vd->vdev_stat.vs_checkpoint_space);
 | |
| 		}
 | |
| 	}
 | |
| 	ASSERT3U(spa->spa_checkpoint_info.sci_dspace, ==, ckpoint_sm_space_sum);
 | |
| }
 | |
| #endif
 | |
| 
 | |
| static void
 | |
| spa_checkpoint_discard_thread_sync(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	vdev_t *vd = arg;
 | |
| 	int error;
 | |
| 
 | |
| 	/*
 | |
| 	 * The space map callback is applied only to non-debug entries.
 | |
| 	 * Because the number of debug entries is less or equal to the
 | |
| 	 * number of non-debug entries, we want to ensure that we only
 | |
| 	 * read what we prefetched from open-context.
 | |
| 	 *
 | |
| 	 * Thus, we set the maximum entries that the space map callback
 | |
| 	 * will be applied to be half the entries that could fit in the
 | |
| 	 * imposed memory limit.
 | |
| 	 *
 | |
| 	 * Note that since this is a conservative estimate we also
 | |
| 	 * assume the worst case scenario in our computation where each
 | |
| 	 * entry is two-word.
 | |
| 	 */
 | |
| 	uint64_t max_entry_limit =
 | |
| 	    (zfs_spa_discard_memory_limit / (2 * sizeof (uint64_t))) >> 1;
 | |
| 
 | |
| 	/*
 | |
| 	 * Iterate from the end of the space map towards the beginning,
 | |
| 	 * placing its entries on ms_freeing and removing them from the
 | |
| 	 * space map. The iteration stops if one of the following
 | |
| 	 * conditions is true:
 | |
| 	 *
 | |
| 	 * 1] We reached the beginning of the space map. At this point
 | |
| 	 *    the space map should be completely empty and
 | |
| 	 *    space_map_incremental_destroy should have returned 0.
 | |
| 	 *    The next step would be to free and close the space map
 | |
| 	 *    and remove its entry from its vdev's top zap. This allows
 | |
| 	 *    spa_checkpoint_discard_thread() to move on to the next vdev.
 | |
| 	 *
 | |
| 	 * 2] We reached the memory limit (amount of memory used to hold
 | |
| 	 *    space map entries in memory) and space_map_incremental_destroy
 | |
| 	 *    returned EINTR. This means that there are entries remaining
 | |
| 	 *    in the space map that will be cleared in a future invocation
 | |
| 	 *    of this function by spa_checkpoint_discard_thread().
 | |
| 	 */
 | |
| 	spa_checkpoint_discard_sync_callback_arg_t sdc;
 | |
| 	sdc.sdc_vd = vd;
 | |
| 	sdc.sdc_txg = tx->tx_txg;
 | |
| 	sdc.sdc_entry_limit = max_entry_limit;
 | |
| 
 | |
| 	uint64_t words_before =
 | |
| 	    space_map_length(vd->vdev_checkpoint_sm) / sizeof (uint64_t);
 | |
| 
 | |
| 	error = space_map_incremental_destroy(vd->vdev_checkpoint_sm,
 | |
| 	    spa_checkpoint_discard_sync_callback, &sdc, tx);
 | |
| 
 | |
| 	uint64_t words_after =
 | |
| 	    space_map_length(vd->vdev_checkpoint_sm) / sizeof (uint64_t);
 | |
| 
 | |
| #ifdef ZFS_DEBUG
 | |
| 	spa_checkpoint_accounting_verify(vd->vdev_spa);
 | |
| #endif
 | |
| 
 | |
| 	zfs_dbgmsg("discarding checkpoint: txg %llu, vdev id %lld, "
 | |
| 	    "deleted %llu words - %llu words are left",
 | |
| 	    (u_longlong_t)tx->tx_txg, (longlong_t)vd->vdev_id,
 | |
| 	    (u_longlong_t)(words_before - words_after),
 | |
| 	    (u_longlong_t)words_after);
 | |
| 
 | |
| 	if (error != EINTR) {
 | |
| 		if (error != 0) {
 | |
| 			zfs_panic_recover("zfs: error %lld was returned "
 | |
| 			    "while incrementally destroying the checkpoint "
 | |
| 			    "space map of vdev %llu\n",
 | |
| 			    (longlong_t)error, vd->vdev_id);
 | |
| 		}
 | |
| 		ASSERT0(words_after);
 | |
| 		ASSERT0(space_map_allocated(vd->vdev_checkpoint_sm));
 | |
| 		ASSERT0(space_map_length(vd->vdev_checkpoint_sm));
 | |
| 
 | |
| 		space_map_free(vd->vdev_checkpoint_sm, tx);
 | |
| 		space_map_close(vd->vdev_checkpoint_sm);
 | |
| 		vd->vdev_checkpoint_sm = NULL;
 | |
| 
 | |
| 		VERIFY0(zap_remove(spa_meta_objset(vd->vdev_spa),
 | |
| 		    vd->vdev_top_zap, VDEV_TOP_ZAP_POOL_CHECKPOINT_SM, tx));
 | |
| 	}
 | |
| }
 | |
| 
 | |
| static boolean_t
 | |
| spa_checkpoint_discard_is_done(spa_t *spa)
 | |
| {
 | |
| 	vdev_t *rvd = spa->spa_root_vdev;
 | |
| 
 | |
| 	ASSERT(!spa_has_checkpoint(spa));
 | |
| 	ASSERT(spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT));
 | |
| 
 | |
| 	for (uint64_t c = 0; c < rvd->vdev_children; c++) {
 | |
| 		if (rvd->vdev_child[c]->vdev_checkpoint_sm != NULL)
 | |
| 			return (B_FALSE);
 | |
| 		ASSERT0(rvd->vdev_child[c]->vdev_stat.vs_checkpoint_space);
 | |
| 	}
 | |
| 
 | |
| 	return (B_TRUE);
 | |
| }
 | |
| 
 | |
| boolean_t
 | |
| spa_checkpoint_discard_thread_check(void *arg, zthr_t *zthr)
 | |
| {
 | |
| 	(void) zthr;
 | |
| 	spa_t *spa = arg;
 | |
| 
 | |
| 	if (!spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT))
 | |
| 		return (B_FALSE);
 | |
| 
 | |
| 	if (spa_has_checkpoint(spa))
 | |
| 		return (B_FALSE);
 | |
| 
 | |
| 	return (B_TRUE);
 | |
| }
 | |
| 
 | |
| void
 | |
| spa_checkpoint_discard_thread(void *arg, zthr_t *zthr)
 | |
| {
 | |
| 	spa_t *spa = arg;
 | |
| 	vdev_t *rvd = spa->spa_root_vdev;
 | |
| 
 | |
| 	for (uint64_t c = 0; c < rvd->vdev_children; c++) {
 | |
| 		vdev_t *vd = rvd->vdev_child[c];
 | |
| 
 | |
| 		while (vd->vdev_checkpoint_sm != NULL) {
 | |
| 			space_map_t *checkpoint_sm = vd->vdev_checkpoint_sm;
 | |
| 			int numbufs;
 | |
| 			dmu_buf_t **dbp;
 | |
| 
 | |
| 			if (zthr_iscancelled(zthr))
 | |
| 				return;
 | |
| 
 | |
| 			ASSERT3P(vd->vdev_ops, !=, &vdev_indirect_ops);
 | |
| 
 | |
| 			uint64_t size = MIN(space_map_length(checkpoint_sm),
 | |
| 			    zfs_spa_discard_memory_limit);
 | |
| 			uint64_t offset =
 | |
| 			    space_map_length(checkpoint_sm) - size;
 | |
| 
 | |
| 			/*
 | |
| 			 * Ensure that the part of the space map that will
 | |
| 			 * be destroyed by the synctask, is prefetched in
 | |
| 			 * memory before the synctask runs.
 | |
| 			 */
 | |
| 			int error = dmu_buf_hold_array_by_bonus(
 | |
| 			    checkpoint_sm->sm_dbuf, offset, size,
 | |
| 			    B_TRUE, FTAG, &numbufs, &dbp);
 | |
| 			if (error != 0) {
 | |
| 				zfs_panic_recover("zfs: error %d was returned "
 | |
| 				    "while prefetching checkpoint space map "
 | |
| 				    "entries of vdev %llu\n",
 | |
| 				    error, vd->vdev_id);
 | |
| 			}
 | |
| 
 | |
| 			VERIFY0(dsl_sync_task(spa->spa_name, NULL,
 | |
| 			    spa_checkpoint_discard_thread_sync, vd,
 | |
| 			    0, ZFS_SPACE_CHECK_NONE));
 | |
| 
 | |
| 			dmu_buf_rele_array(dbp, numbufs, FTAG);
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	VERIFY(spa_checkpoint_discard_is_done(spa));
 | |
| 	VERIFY0(spa->spa_checkpoint_info.sci_dspace);
 | |
| 	VERIFY0(dsl_sync_task(spa->spa_name, NULL,
 | |
| 	    spa_checkpoint_discard_complete_sync, spa,
 | |
| 	    0, ZFS_SPACE_CHECK_NONE));
 | |
| }
 | |
| 
 | |
| 
 | |
| static int
 | |
| spa_checkpoint_check(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	(void) arg;
 | |
| 	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
 | |
| 
 | |
| 	if (!spa_feature_is_enabled(spa, SPA_FEATURE_POOL_CHECKPOINT))
 | |
| 		return (SET_ERROR(ENOTSUP));
 | |
| 
 | |
| 	if (!spa_top_vdevs_spacemap_addressable(spa))
 | |
| 		return (SET_ERROR(ZFS_ERR_VDEV_TOO_BIG));
 | |
| 
 | |
| 	if (spa->spa_removing_phys.sr_state == DSS_SCANNING)
 | |
| 		return (SET_ERROR(ZFS_ERR_DEVRM_IN_PROGRESS));
 | |
| 
 | |
| 	if (spa->spa_raidz_expand != NULL)
 | |
| 		return (SET_ERROR(ZFS_ERR_RAIDZ_EXPAND_IN_PROGRESS));
 | |
| 
 | |
| 	if (spa->spa_checkpoint_txg != 0)
 | |
| 		return (SET_ERROR(ZFS_ERR_CHECKPOINT_EXISTS));
 | |
| 
 | |
| 	if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT))
 | |
| 		return (SET_ERROR(ZFS_ERR_DISCARDING_CHECKPOINT));
 | |
| 
 | |
| 	return (0);
 | |
| }
 | |
| 
 | |
| static void
 | |
| spa_checkpoint_sync(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	(void) arg;
 | |
| 	dsl_pool_t *dp = dmu_tx_pool(tx);
 | |
| 	spa_t *spa = dp->dp_spa;
 | |
| 	uberblock_t checkpoint = spa->spa_ubsync;
 | |
| 
 | |
| 	/*
 | |
| 	 * At this point, there should not be a checkpoint in the MOS.
 | |
| 	 */
 | |
| 	ASSERT3U(zap_contains(spa_meta_objset(spa), DMU_POOL_DIRECTORY_OBJECT,
 | |
| 	    DMU_POOL_ZPOOL_CHECKPOINT), ==, ENOENT);
 | |
| 
 | |
| 	ASSERT0(spa->spa_checkpoint_info.sci_timestamp);
 | |
| 	ASSERT0(spa->spa_checkpoint_info.sci_dspace);
 | |
| 
 | |
| 	/*
 | |
| 	 * Since the checkpointed uberblock is the one that just got synced
 | |
| 	 * (we use spa_ubsync), its txg must be equal to the txg number of
 | |
| 	 * the txg we are syncing, minus 1.
 | |
| 	 */
 | |
| 	ASSERT3U(checkpoint.ub_txg, ==, spa->spa_syncing_txg - 1);
 | |
| 
 | |
| 	/*
 | |
| 	 * Once the checkpoint is in place, we need to ensure that none of
 | |
| 	 * its blocks will be marked for reuse after it has been freed.
 | |
| 	 * When there is a checkpoint and a block is freed, we compare its
 | |
| 	 * birth txg to the txg of the checkpointed uberblock to see if the
 | |
| 	 * block is part of the checkpoint or not. Therefore, we have to set
 | |
| 	 * spa_checkpoint_txg before any frees happen in this txg (which is
 | |
| 	 * why this is done as an early_synctask as explained in the comment
 | |
| 	 * in spa_checkpoint()).
 | |
| 	 */
 | |
| 	spa->spa_checkpoint_txg = checkpoint.ub_txg;
 | |
| 	spa->spa_checkpoint_info.sci_timestamp = checkpoint.ub_timestamp;
 | |
| 
 | |
| 	checkpoint.ub_checkpoint_txg = checkpoint.ub_txg;
 | |
| 	VERIFY0(zap_add(spa->spa_dsl_pool->dp_meta_objset,
 | |
| 	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ZPOOL_CHECKPOINT,
 | |
| 	    sizeof (uint64_t), sizeof (uberblock_t) / sizeof (uint64_t),
 | |
| 	    &checkpoint, tx));
 | |
| 
 | |
| 	/*
 | |
| 	 * Increment the feature refcount and thus activate the feature.
 | |
| 	 * Note that the feature will be deactivated when we've
 | |
| 	 * completely discarded all checkpointed state (both vdev
 | |
| 	 * space maps and uberblock).
 | |
| 	 */
 | |
| 	spa_feature_incr(spa, SPA_FEATURE_POOL_CHECKPOINT, tx);
 | |
| 
 | |
| 	spa_history_log_internal(spa, "spa checkpoint", tx,
 | |
| 	    "checkpointed uberblock txg=%llu", (u_longlong_t)checkpoint.ub_txg);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Create a checkpoint for the pool.
 | |
|  */
 | |
| int
 | |
| spa_checkpoint(const char *pool)
 | |
| {
 | |
| 	int error;
 | |
| 	spa_t *spa;
 | |
| 
 | |
| 	error = spa_open(pool, &spa, FTAG);
 | |
| 	if (error != 0)
 | |
| 		return (error);
 | |
| 
 | |
| 	mutex_enter(&spa->spa_vdev_top_lock);
 | |
| 
 | |
| 	/*
 | |
| 	 * Wait for current syncing txg to finish so the latest synced
 | |
| 	 * uberblock (spa_ubsync) has all the changes that we expect
 | |
| 	 * to see if we were to revert later to the checkpoint. In other
 | |
| 	 * words we want the checkpointed uberblock to include/reference
 | |
| 	 * all the changes that were pending at the time that we issued
 | |
| 	 * the checkpoint command.
 | |
| 	 */
 | |
| 	txg_wait_synced(spa_get_dsl(spa), 0);
 | |
| 
 | |
| 	/*
 | |
| 	 * As the checkpointed uberblock references blocks from the previous
 | |
| 	 * txg (spa_ubsync) we want to ensure that are not freeing any of
 | |
| 	 * these blocks in the same txg that the following synctask will
 | |
| 	 * run. Thus, we run it as an early synctask, so the dirty changes
 | |
| 	 * that are synced to disk afterwards during zios and other synctasks
 | |
| 	 * do not reuse checkpointed blocks.
 | |
| 	 */
 | |
| 	error = dsl_early_sync_task(pool, spa_checkpoint_check,
 | |
| 	    spa_checkpoint_sync, NULL, 0, ZFS_SPACE_CHECK_NORMAL);
 | |
| 
 | |
| 	mutex_exit(&spa->spa_vdev_top_lock);
 | |
| 
 | |
| 	spa_close(spa, FTAG);
 | |
| 	return (error);
 | |
| }
 | |
| 
 | |
| static int
 | |
| spa_checkpoint_discard_check(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	(void) arg;
 | |
| 	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
 | |
| 
 | |
| 	if (!spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT))
 | |
| 		return (SET_ERROR(ZFS_ERR_NO_CHECKPOINT));
 | |
| 
 | |
| 	if (spa->spa_checkpoint_txg == 0)
 | |
| 		return (SET_ERROR(ZFS_ERR_DISCARDING_CHECKPOINT));
 | |
| 
 | |
| 	VERIFY0(zap_contains(spa_meta_objset(spa),
 | |
| 	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ZPOOL_CHECKPOINT));
 | |
| 
 | |
| 	return (0);
 | |
| }
 | |
| 
 | |
| static void
 | |
| spa_checkpoint_discard_sync(void *arg, dmu_tx_t *tx)
 | |
| {
 | |
| 	(void) arg;
 | |
| 	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
 | |
| 
 | |
| 	VERIFY0(zap_remove(spa_meta_objset(spa), DMU_POOL_DIRECTORY_OBJECT,
 | |
| 	    DMU_POOL_ZPOOL_CHECKPOINT, tx));
 | |
| 
 | |
| 	spa->spa_checkpoint_txg = 0;
 | |
| 
 | |
| 	zthr_wakeup(spa->spa_checkpoint_discard_zthr);
 | |
| 
 | |
| 	spa_history_log_internal(spa, "spa discard checkpoint", tx,
 | |
| 	    "started discarding checkpointed state from the pool");
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Discard the checkpoint from a pool.
 | |
|  */
 | |
| int
 | |
| spa_checkpoint_discard(const char *pool)
 | |
| {
 | |
| 	/*
 | |
| 	 * Similarly to spa_checkpoint(), we want our synctask to run
 | |
| 	 * before any pending dirty data are written to disk so they
 | |
| 	 * won't end up in the checkpoint's data structures (e.g.
 | |
| 	 * ms_checkpointing and vdev_checkpoint_sm) and re-create any
 | |
| 	 * space maps that the discarding open-context thread has
 | |
| 	 * deleted.
 | |
| 	 * [see spa_discard_checkpoint_sync and spa_discard_checkpoint_thread]
 | |
| 	 */
 | |
| 	return (dsl_early_sync_task(pool, spa_checkpoint_discard_check,
 | |
| 	    spa_checkpoint_discard_sync, NULL, 0,
 | |
| 	    ZFS_SPACE_CHECK_DISCARD_CHECKPOINT));
 | |
| }
 | |
| 
 | |
| EXPORT_SYMBOL(spa_checkpoint_get_stats);
 | |
| EXPORT_SYMBOL(spa_checkpoint_discard_thread);
 | |
| EXPORT_SYMBOL(spa_checkpoint_discard_thread_check);
 | |
| 
 | |
| /* BEGIN CSTYLED */
 | |
| ZFS_MODULE_PARAM(zfs_spa, zfs_spa_, discard_memory_limit, U64, ZMOD_RW,
 | |
| 	"Limit for memory used in prefetching the checkpoint space map done "
 | |
| 	"on each vdev while discarding the checkpoint");
 | |
| /* END CSTYLED */
 |