2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* CDDL HEADER START
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
|
|
|
/*
|
2010-05-28 20:45:14 +00:00
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
2014-06-25 18:37:59 +00:00
|
|
|
* Copyright (c) 2011, 2014 by Delphix. All rights reserved.
|
2011-11-11 22:07:54 +00:00
|
|
|
* Copyright 2011 Nexenta Systems, Inc. All rights reserved.
|
2015-04-02 03:44:32 +00:00
|
|
|
* Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
|
2016-06-15 22:47:05 +00:00
|
|
|
* Copyright 2013 Saso Kiselkov. All rights reserved.
|
2017-05-30 18:39:17 +00:00
|
|
|
* Copyright (c) 2014 Integros [integros.com]
|
|
|
|
* Copyright 2017 Joyent, Inc.
|
2017-07-07 05:16:13 +00:00
|
|
|
* Copyright (c) 2017 Datto Inc.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _SYS_SPA_H
|
|
|
|
#define _SYS_SPA_H
|
|
|
|
|
|
|
|
#include <sys/avl.h>
|
|
|
|
#include <sys/zfs_context.h>
|
2014-12-03 19:56:32 +00:00
|
|
|
#include <sys/kstat.h>
|
2008-11-20 20:01:55 +00:00
|
|
|
#include <sys/nvpair.h>
|
|
|
|
#include <sys/sysmacros.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/fs/zfs.h>
|
2015-12-09 23:34:16 +00:00
|
|
|
#include <sys/spa_checksum.h>
|
2016-06-13 02:47:35 +00:00
|
|
|
#include <sys/dmu.h>
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Forward references that lots of things need.
|
|
|
|
*/
|
|
|
|
typedef struct spa spa_t;
|
|
|
|
typedef struct vdev vdev_t;
|
|
|
|
typedef struct metaslab metaslab_t;
|
2010-05-28 20:45:14 +00:00
|
|
|
typedef struct metaslab_group metaslab_group_t;
|
|
|
|
typedef struct metaslab_class metaslab_class_t;
|
|
|
|
typedef struct zio zio_t;
|
2008-11-20 20:01:55 +00:00
|
|
|
typedef struct zilog zilog_t;
|
|
|
|
typedef struct spa_aux_vdev spa_aux_vdev_t;
|
2010-05-28 20:45:14 +00:00
|
|
|
typedef struct ddt ddt_t;
|
|
|
|
typedef struct ddt_entry ddt_entry_t;
|
2014-06-25 18:37:59 +00:00
|
|
|
typedef struct zbookmark_phys zbookmark_phys_t;
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
struct dsl_pool;
|
2013-08-28 11:45:09 +00:00
|
|
|
struct dsl_dataset;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
struct dsl_crypto_params;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* General-purpose 32-bit and 64-bit bitfield encodings.
|
|
|
|
*/
|
|
|
|
#define BF32_DECODE(x, low, len) P2PHASE((x) >> (low), 1U << (len))
|
|
|
|
#define BF64_DECODE(x, low, len) P2PHASE((x) >> (low), 1ULL << (len))
|
|
|
|
#define BF32_ENCODE(x, low, len) (P2PHASE((x), 1U << (len)) << (low))
|
|
|
|
#define BF64_ENCODE(x, low, len) (P2PHASE((x), 1ULL << (len)) << (low))
|
|
|
|
|
|
|
|
#define BF32_GET(x, low, len) BF32_DECODE(x, low, len)
|
|
|
|
#define BF64_GET(x, low, len) BF64_DECODE(x, low, len)
|
|
|
|
|
2013-12-09 18:37:51 +00:00
|
|
|
#define BF32_SET(x, low, len, val) do { \
|
|
|
|
ASSERT3U(val, <, 1U << (len)); \
|
|
|
|
ASSERT3U(low + len, <=, 32); \
|
|
|
|
(x) ^= BF32_ENCODE((x >> low) ^ (val), low, len); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
|
|
|
|
#define BF64_SET(x, low, len, val) do { \
|
|
|
|
ASSERT3U(val, <, 1ULL << (len)); \
|
|
|
|
ASSERT3U(low + len, <=, 64); \
|
|
|
|
((x) ^= BF64_ENCODE((x >> low) ^ (val), low, len)); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define BF32_GET_SB(x, low, len, shift, bias) \
|
|
|
|
((BF32_GET(x, low, len) + (bias)) << (shift))
|
|
|
|
#define BF64_GET_SB(x, low, len, shift, bias) \
|
|
|
|
((BF64_GET(x, low, len) + (bias)) << (shift))
|
|
|
|
|
2013-12-09 18:37:51 +00:00
|
|
|
#define BF32_SET_SB(x, low, len, shift, bias, val) do { \
|
|
|
|
ASSERT(IS_P2ALIGNED(val, 1U << shift)); \
|
|
|
|
ASSERT3S((val) >> (shift), >=, bias); \
|
|
|
|
BF32_SET(x, low, len, ((val) >> (shift)) - (bias)); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
#define BF64_SET_SB(x, low, len, shift, bias, val) do { \
|
|
|
|
ASSERT(IS_P2ALIGNED(val, 1ULL << shift)); \
|
|
|
|
ASSERT3S((val) >> (shift), >=, bias); \
|
|
|
|
BF64_SET(x, low, len, ((val) >> (shift)) - (bias)); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
2014-11-03 20:15:08 +00:00
|
|
|
* We currently support block sizes from 512 bytes to 16MB.
|
|
|
|
* The benefits of larger blocks, and thus larger IO, need to be weighed
|
|
|
|
* against the cost of COWing a giant block to modify one byte, and the
|
|
|
|
* large latency of reading or writing a large block.
|
|
|
|
*
|
|
|
|
* Note that although blocks up to 16MB are supported, the recordsize
|
|
|
|
* property can not be set larger than zfs_max_recordsize (default 1MB).
|
|
|
|
* See the comment near zfs_max_recordsize in dsl_dataset.c for details.
|
|
|
|
*
|
|
|
|
* Note that although the LSIZE field of the blkptr_t can store sizes up
|
|
|
|
* to 32MB, the dnode's dn_datablkszsec can only store sizes up to
|
|
|
|
* 32MB - 512 bytes. Therefore, we limit SPA_MAXBLOCKSIZE to 16MB.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
#define SPA_MINBLOCKSHIFT 9
|
2014-11-03 20:15:08 +00:00
|
|
|
#define SPA_OLD_MAXBLOCKSHIFT 17
|
|
|
|
#define SPA_MAXBLOCKSHIFT 24
|
2008-11-20 20:01:55 +00:00
|
|
|
#define SPA_MINBLOCKSIZE (1ULL << SPA_MINBLOCKSHIFT)
|
2014-11-03 20:15:08 +00:00
|
|
|
#define SPA_OLD_MAXBLOCKSIZE (1ULL << SPA_OLD_MAXBLOCKSHIFT)
|
2008-11-20 20:01:55 +00:00
|
|
|
#define SPA_MAXBLOCKSIZE (1ULL << SPA_MAXBLOCKSHIFT)
|
|
|
|
|
2017-03-29 00:21:11 +00:00
|
|
|
/*
|
|
|
|
* Alignment Shift (ashift) is an immutable, internal top-level vdev property
|
|
|
|
* which can only be set at vdev creation time. Physical writes are always done
|
|
|
|
* according to it, which makes 2^ashift the smallest possible IO on a vdev.
|
|
|
|
*
|
2017-05-03 16:31:05 +00:00
|
|
|
* We currently allow values ranging from 512 bytes (2^9 = 512) to 64 KiB
|
|
|
|
* (2^16 = 65,536).
|
2017-03-29 00:21:11 +00:00
|
|
|
*/
|
|
|
|
#define ASHIFT_MIN 9
|
2017-05-03 16:31:05 +00:00
|
|
|
#define ASHIFT_MAX 16
|
2017-03-29 00:21:11 +00:00
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
/*
|
|
|
|
* Size of block to hold the configuration data (a packed nvlist)
|
|
|
|
*/
|
2012-12-13 23:24:15 +00:00
|
|
|
#define SPA_CONFIG_BLOCKSIZE (1ULL << 14)
|
2008-12-03 20:09:06 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* The DVA size encodings for LSIZE and PSIZE support blocks up to 32MB.
|
|
|
|
* The ASIZE encoding should be at least 64 times larger (6 more bits)
|
|
|
|
* to support up to 4-way RAID-Z mirror mode with worst-case gang block
|
|
|
|
* overhead, three DVAs per bp, plus one more bit in case we do anything
|
|
|
|
* else that expands the ASIZE.
|
|
|
|
*/
|
|
|
|
#define SPA_LSIZEBITS 16 /* LSIZE up to 32M (2^16 * 512) */
|
|
|
|
#define SPA_PSIZEBITS 16 /* PSIZE up to 32M (2^16 * 512) */
|
|
|
|
#define SPA_ASIZEBITS 24 /* ASIZE up to 64 times larger */
|
|
|
|
|
2016-06-02 04:04:53 +00:00
|
|
|
#define SPA_COMPRESSBITS 7
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* All SPA data is represented by 128-bit data virtual addresses (DVAs).
|
|
|
|
* The members of the dva_t should be considered opaque outside the SPA.
|
|
|
|
*/
|
|
|
|
typedef struct dva {
|
|
|
|
uint64_t dva_word[2];
|
|
|
|
} dva_t;
|
|
|
|
|
|
|
|
|
2016-06-15 22:47:05 +00:00
|
|
|
/*
|
|
|
|
* Some checksums/hashes need a 256-bit initialization salt. This salt is kept
|
|
|
|
* secret and is suitable for use in MAC algorithms as the key.
|
|
|
|
*/
|
|
|
|
typedef struct zio_cksum_salt {
|
|
|
|
uint8_t zcs_bytes[32];
|
|
|
|
} zio_cksum_salt_t;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Each block is described by its DVAs, time of birth, checksum, etc.
|
|
|
|
* The word-by-word, bit-by-bit layout of the blkptr is as follows:
|
|
|
|
*
|
|
|
|
* 64 56 48 40 32 24 16 8 0
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 0 | vdev1 | GRID | ASIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 1 |G| offset1 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 2 | vdev2 | GRID | ASIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 3 |G| offset2 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 4 | vdev3 | GRID | ASIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 5 |G| offset3 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
2014-06-05 21:19:08 +00:00
|
|
|
* 6 |BDX|lvl| type | cksum |E| comp| PSIZE | LSIZE |
|
2008-11-20 20:01:55 +00:00
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 7 | padding |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 8 | padding |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
2010-05-28 20:45:14 +00:00
|
|
|
* 9 | physical birth txg |
|
2008-11-20 20:01:55 +00:00
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
2010-05-28 20:45:14 +00:00
|
|
|
* a | logical birth txg |
|
2008-11-20 20:01:55 +00:00
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* b | fill count |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* c | checksum[0] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* d | checksum[1] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* e | checksum[2] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* f | checksum[3] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
*
|
|
|
|
* Legend:
|
|
|
|
*
|
|
|
|
* vdev virtual device ID
|
|
|
|
* offset offset into virtual device
|
|
|
|
* LSIZE logical size
|
|
|
|
* PSIZE physical size (after compression)
|
|
|
|
* ASIZE allocated size (including RAID-Z parity and gang block headers)
|
|
|
|
* GRID RAID-Z layout information (reserved for future use)
|
|
|
|
* cksum checksum function
|
|
|
|
* comp compression function
|
|
|
|
* G gang block indicator
|
2010-05-28 20:45:14 +00:00
|
|
|
* B byteorder (endianness)
|
|
|
|
* D dedup
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
* X encryption
|
2014-06-05 21:19:08 +00:00
|
|
|
* E blkptr_t contains embedded data (see below)
|
2008-11-20 20:01:55 +00:00
|
|
|
* lvl level of indirection
|
2010-05-28 20:45:14 +00:00
|
|
|
* type DMU object type
|
|
|
|
* phys birth txg of block allocation; zero if same as logical birth txg
|
|
|
|
* log. birth transaction group in which the block was logically born
|
2008-11-20 20:01:55 +00:00
|
|
|
* fill count number of non-zero blocks under this bp
|
|
|
|
* checksum[4] 256-bit checksum of the data this bp describes
|
|
|
|
*/
|
2014-06-05 21:19:08 +00:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
/*
|
|
|
|
* The blkptr_t's of encrypted blocks also need to store the encryption
|
|
|
|
* parameters so that the block can be decrypted. This layout is as follows:
|
|
|
|
*
|
|
|
|
* 64 56 48 40 32 24 16 8 0
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 0 | vdev1 | GRID | ASIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 1 |G| offset1 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 2 | vdev2 | GRID | ASIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 3 |G| offset2 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 4 | salt |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 5 | IV1 |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 6 |BDX|lvl| type | cksum |E| comp| PSIZE | LSIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 7 | padding |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 8 | padding |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 9 | physical birth txg |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* a | logical birth txg |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* b | IV2 | fill count |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* c | checksum[0] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* d | checksum[1] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* e | MAC[0] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* f | MAC[1] |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
*
|
|
|
|
* Legend:
|
|
|
|
*
|
|
|
|
* salt Salt for generating encryption keys
|
|
|
|
* IV1 First 64 bits of encryption IV
|
|
|
|
* X Block requires encryption handling (set to 1)
|
|
|
|
* E blkptr_t contains embedded data (set to 0, see below)
|
|
|
|
* fill count number of non-zero blocks under this bp (truncated to 32 bits)
|
|
|
|
* IV2 Last 32 bits of encryption IV
|
|
|
|
* checksum[2] 128-bit checksum of the data this bp describes
|
|
|
|
* MAC[2] 128-bit message authentication code for this data
|
|
|
|
*
|
|
|
|
* The X bit being set indicates that this block is one of 3 types. If this is
|
|
|
|
* a level 0 block with an encrypted object type, the block is encrypted
|
|
|
|
* (see BP_IS_ENCRYPTED()). If this is a level 0 block with an unencrypted
|
|
|
|
* object type, this block is authenticated with an HMAC (see
|
|
|
|
* BP_IS_AUTHENTICATED()). Otherwise (if level > 0), this bp will use the MAC
|
|
|
|
* words to store a checksum-of-MACs from the level below (see
|
|
|
|
* BP_HAS_INDIRECT_MAC_CKSUM()). For convenience in the code, BP_IS_PROTECTED()
|
|
|
|
* refers to both encrypted and authenticated blocks and BP_USES_CRYPT()
|
|
|
|
* refers to any of these 3 kinds of blocks.
|
|
|
|
*
|
|
|
|
* The additional encryption parameters are the salt, IV, and MAC which are
|
|
|
|
* explained in greater detail in the block comment at the top of zio_crypt.c.
|
|
|
|
* The MAC occupies half of the checksum space since it serves a very similar
|
|
|
|
* purpose: to prevent data corruption on disk. The only functional difference
|
|
|
|
* is that the checksum is used to detect on-disk corruption whether or not the
|
|
|
|
* encryption key is loaded and the MAC provides additional protection against
|
|
|
|
* malicious disk tampering. We use the 3rd DVA to store the salt and first
|
|
|
|
* 64 bits of the IV. As a result encrypted blocks can only have 2 copies
|
|
|
|
* maximum instead of the normal 3. The last 32 bits of the IV are stored in
|
|
|
|
* the upper bits of what is usually the fill count. Note that only blocks at
|
|
|
|
* level 0 or -2 are ever encrypted, which allows us to guarantee that these
|
|
|
|
* 32 bits are not trampled over by other code (see zio_crypt.c for details).
|
|
|
|
* The salt and IV are not used for authenticated bps or bps with an indirect
|
|
|
|
* MAC checksum, so these blocks can utilize all 3 DVAs and the full 64 bits
|
|
|
|
* for the fill count.
|
|
|
|
*/
|
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
/*
|
|
|
|
* "Embedded" blkptr_t's don't actually point to a block, instead they
|
|
|
|
* have a data payload embedded in the blkptr_t itself. See the comment
|
|
|
|
* in blkptr.c for more details.
|
|
|
|
*
|
|
|
|
* The blkptr_t is laid out as follows:
|
|
|
|
*
|
|
|
|
* 64 56 48 40 32 24 16 8 0
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 0 | payload |
|
|
|
|
* 1 | payload |
|
|
|
|
* 2 | payload |
|
|
|
|
* 3 | payload |
|
|
|
|
* 4 | payload |
|
|
|
|
* 5 | payload |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 6 |BDX|lvl| type | etype |E| comp| PSIZE| LSIZE |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* 7 | payload |
|
|
|
|
* 8 | payload |
|
|
|
|
* 9 | payload |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* a | logical birth txg |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
* b | payload |
|
|
|
|
* c | payload |
|
|
|
|
* d | payload |
|
|
|
|
* e | payload |
|
|
|
|
* f | payload |
|
|
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
|
|
*
|
|
|
|
* Legend:
|
|
|
|
*
|
|
|
|
* payload contains the embedded data
|
|
|
|
* B (byteorder) byteorder (endianness)
|
|
|
|
* D (dedup) padding (set to zero)
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
* X encryption (set to zero)
|
2014-06-05 21:19:08 +00:00
|
|
|
* E (embedded) set to one
|
|
|
|
* lvl indirection level
|
|
|
|
* type DMU object type
|
|
|
|
* etype how to interpret embedded data (BP_EMBEDDED_TYPE_*)
|
|
|
|
* comp compression function of payload
|
|
|
|
* PSIZE size of payload after compression, in bytes
|
|
|
|
* LSIZE logical size of payload, in bytes
|
|
|
|
* note that 25 bits is enough to store the largest
|
|
|
|
* "normal" BP's LSIZE (2^16 * 2^9) in bytes
|
|
|
|
* log. birth transaction group in which the block was logically born
|
|
|
|
*
|
|
|
|
* Note that LSIZE and PSIZE are stored in bytes, whereas for non-embedded
|
|
|
|
* bp's they are stored in units of SPA_MINBLOCKSHIFT.
|
|
|
|
* Generally, the generic BP_GET_*() macros can be used on embedded BP's.
|
|
|
|
* The B, D, X, lvl, type, and comp fields are stored the same as with normal
|
|
|
|
* BP's so the BP_SET_* macros can be used with them. etype, PSIZE, LSIZE must
|
|
|
|
* be set with the BPE_SET_* macros. BP_SET_EMBEDDED() should be called before
|
|
|
|
* other macros, as they assert that they are only used on BP's of the correct
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
* "embedded-ness". Encrypted blkptr_t's cannot be embedded because they use
|
|
|
|
* the payload space for encryption parameters (see the comment above on
|
|
|
|
* how encryption parameters are stored).
|
2014-06-05 21:19:08 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#define BPE_GET_ETYPE(bp) \
|
|
|
|
(ASSERT(BP_IS_EMBEDDED(bp)), \
|
|
|
|
BF64_GET((bp)->blk_prop, 40, 8))
|
|
|
|
#define BPE_SET_ETYPE(bp, t) do { \
|
|
|
|
ASSERT(BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET((bp)->blk_prop, 40, 8, t); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
|
|
|
|
#define BPE_GET_LSIZE(bp) \
|
|
|
|
(ASSERT(BP_IS_EMBEDDED(bp)), \
|
|
|
|
BF64_GET_SB((bp)->blk_prop, 0, 25, 0, 1))
|
|
|
|
#define BPE_SET_LSIZE(bp, x) do { \
|
|
|
|
ASSERT(BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET_SB((bp)->blk_prop, 0, 25, 0, 1, x); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
|
|
|
|
#define BPE_GET_PSIZE(bp) \
|
|
|
|
(ASSERT(BP_IS_EMBEDDED(bp)), \
|
|
|
|
BF64_GET_SB((bp)->blk_prop, 25, 7, 0, 1))
|
|
|
|
#define BPE_SET_PSIZE(bp, x) do { \
|
|
|
|
ASSERT(BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET_SB((bp)->blk_prop, 25, 7, 0, 1, x); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
|
|
|
|
typedef enum bp_embedded_type {
|
|
|
|
BP_EMBEDDED_TYPE_DATA,
|
|
|
|
BP_EMBEDDED_TYPE_RESERVED, /* Reserved for an unintegrated feature. */
|
|
|
|
NUM_BP_EMBEDDED_TYPES = BP_EMBEDDED_TYPE_RESERVED
|
|
|
|
} bp_embedded_type_t;
|
|
|
|
|
|
|
|
#define BPE_NUM_WORDS 14
|
|
|
|
#define BPE_PAYLOAD_SIZE (BPE_NUM_WORDS * sizeof (uint64_t))
|
|
|
|
#define BPE_IS_PAYLOADWORD(bp, wp) \
|
|
|
|
((wp) != &(bp)->blk_prop && (wp) != &(bp)->blk_birth)
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#define SPA_BLKPTRSHIFT 7 /* blkptr_t is 128 bytes */
|
|
|
|
#define SPA_DVAS_PER_BP 3 /* Number of DVAs in a bp */
|
|
|
|
|
2013-12-09 18:37:51 +00:00
|
|
|
/*
|
|
|
|
* A block is a hole when it has either 1) never been written to, or
|
|
|
|
* 2) is zero-filled. In both cases, ZFS can return all zeroes for all reads
|
|
|
|
* without physically allocating disk space. Holes are represented in the
|
|
|
|
* blkptr_t structure by zeroed blk_dva. Correct checking for holes is
|
|
|
|
* done through the BP_IS_HOLE macro. For holes, the logical size, level,
|
|
|
|
* DMU object type, and birth times are all also stored for holes that
|
|
|
|
* were written to at some point (i.e. were punched after having been filled).
|
|
|
|
*/
|
2010-05-28 20:45:14 +00:00
|
|
|
typedef struct blkptr {
|
|
|
|
dva_t blk_dva[SPA_DVAS_PER_BP]; /* Data Virtual Addresses */
|
|
|
|
uint64_t blk_prop; /* size, compression, type, etc */
|
|
|
|
uint64_t blk_pad[2]; /* Extra space for the future */
|
|
|
|
uint64_t blk_phys_birth; /* txg when block was allocated */
|
|
|
|
uint64_t blk_birth; /* transaction group at birth */
|
|
|
|
uint64_t blk_fill; /* fill count */
|
|
|
|
zio_cksum_t blk_cksum; /* 256-bit checksum */
|
|
|
|
} blkptr_t;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Macros to get and set fields in a bp or DVA.
|
|
|
|
*/
|
|
|
|
#define DVA_GET_ASIZE(dva) \
|
2013-12-09 18:37:51 +00:00
|
|
|
BF64_GET_SB((dva)->dva_word[0], 0, SPA_ASIZEBITS, SPA_MINBLOCKSHIFT, 0)
|
2008-11-20 20:01:55 +00:00
|
|
|
#define DVA_SET_ASIZE(dva, x) \
|
2013-12-09 18:37:51 +00:00
|
|
|
BF64_SET_SB((dva)->dva_word[0], 0, SPA_ASIZEBITS, \
|
|
|
|
SPA_MINBLOCKSHIFT, 0, x)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define DVA_GET_GRID(dva) BF64_GET((dva)->dva_word[0], 24, 8)
|
|
|
|
#define DVA_SET_GRID(dva, x) BF64_SET((dva)->dva_word[0], 24, 8, x)
|
|
|
|
|
|
|
|
#define DVA_GET_VDEV(dva) BF64_GET((dva)->dva_word[0], 32, 32)
|
|
|
|
#define DVA_SET_VDEV(dva, x) BF64_SET((dva)->dva_word[0], 32, 32, x)
|
|
|
|
|
|
|
|
#define DVA_GET_OFFSET(dva) \
|
|
|
|
BF64_GET_SB((dva)->dva_word[1], 0, 63, SPA_MINBLOCKSHIFT, 0)
|
|
|
|
#define DVA_SET_OFFSET(dva, x) \
|
|
|
|
BF64_SET_SB((dva)->dva_word[1], 0, 63, SPA_MINBLOCKSHIFT, 0, x)
|
|
|
|
|
|
|
|
#define DVA_GET_GANG(dva) BF64_GET((dva)->dva_word[1], 63, 1)
|
|
|
|
#define DVA_SET_GANG(dva, x) BF64_SET((dva)->dva_word[1], 63, 1, x)
|
|
|
|
|
|
|
|
#define BP_GET_LSIZE(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? \
|
|
|
|
(BPE_GET_ETYPE(bp) == BP_EMBEDDED_TYPE_DATA ? BPE_GET_LSIZE(bp) : 0): \
|
|
|
|
BF64_GET_SB((bp)->blk_prop, 0, SPA_LSIZEBITS, SPA_MINBLOCKSHIFT, 1))
|
|
|
|
#define BP_SET_LSIZE(bp, x) do { \
|
|
|
|
ASSERT(!BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET_SB((bp)->blk_prop, \
|
|
|
|
0, SPA_LSIZEBITS, SPA_MINBLOCKSHIFT, 1, x); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define BP_GET_PSIZE(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? 0 : \
|
|
|
|
BF64_GET_SB((bp)->blk_prop, 16, SPA_PSIZEBITS, SPA_MINBLOCKSHIFT, 1))
|
|
|
|
#define BP_SET_PSIZE(bp, x) do { \
|
|
|
|
ASSERT(!BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET_SB((bp)->blk_prop, \
|
|
|
|
16, SPA_PSIZEBITS, SPA_MINBLOCKSHIFT, 1, x); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
|
2016-06-02 04:04:53 +00:00
|
|
|
#define BP_GET_COMPRESS(bp) \
|
|
|
|
BF64_GET((bp)->blk_prop, 32, SPA_COMPRESSBITS)
|
|
|
|
#define BP_SET_COMPRESS(bp, x) \
|
|
|
|
BF64_SET((bp)->blk_prop, 32, SPA_COMPRESSBITS, x)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
#define BP_IS_EMBEDDED(bp) BF64_GET((bp)->blk_prop, 39, 1)
|
|
|
|
#define BP_SET_EMBEDDED(bp, x) BF64_SET((bp)->blk_prop, 39, 1, x)
|
2010-05-28 20:45:14 +00:00
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
#define BP_GET_CHECKSUM(bp) \
|
|
|
|
(BP_IS_EMBEDDED(bp) ? ZIO_CHECKSUM_OFF : \
|
|
|
|
BF64_GET((bp)->blk_prop, 40, 8))
|
|
|
|
#define BP_SET_CHECKSUM(bp, x) do { \
|
|
|
|
ASSERT(!BP_IS_EMBEDDED(bp)); \
|
|
|
|
BF64_SET((bp)->blk_prop, 40, 8, x); \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
#define BP_GET_TYPE(bp) BF64_GET((bp)->blk_prop, 48, 8)
|
|
|
|
#define BP_SET_TYPE(bp, x) BF64_SET((bp)->blk_prop, 48, 8, x)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
#define BP_GET_LEVEL(bp) BF64_GET((bp)->blk_prop, 56, 5)
|
|
|
|
#define BP_SET_LEVEL(bp, x) BF64_SET((bp)->blk_prop, 56, 5, x)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
/* encrypted, authenticated, and MAC cksum bps use the same bit */
|
|
|
|
#define BP_USES_CRYPT(bp) BF64_GET((bp)->blk_prop, 61, 1)
|
|
|
|
#define BP_SET_CRYPT(bp, x) BF64_SET((bp)->blk_prop, 61, 1, x)
|
|
|
|
|
|
|
|
#define BP_IS_ENCRYPTED(bp) \
|
|
|
|
(BP_USES_CRYPT(bp) && \
|
|
|
|
BP_GET_LEVEL(bp) <= 0 && \
|
|
|
|
DMU_OT_IS_ENCRYPTED(BP_GET_TYPE(bp)))
|
|
|
|
|
|
|
|
#define BP_IS_AUTHENTICATED(bp) \
|
|
|
|
(BP_USES_CRYPT(bp) && \
|
|
|
|
BP_GET_LEVEL(bp) <= 0 && \
|
|
|
|
!DMU_OT_IS_ENCRYPTED(BP_GET_TYPE(bp)))
|
|
|
|
|
|
|
|
#define BP_HAS_INDIRECT_MAC_CKSUM(bp) \
|
|
|
|
(BP_USES_CRYPT(bp) && BP_GET_LEVEL(bp) > 0)
|
|
|
|
|
|
|
|
#define BP_IS_PROTECTED(bp) \
|
|
|
|
(BP_IS_ENCRYPTED(bp) || BP_IS_AUTHENTICATED(bp))
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
#define BP_GET_DEDUP(bp) BF64_GET((bp)->blk_prop, 62, 1)
|
|
|
|
#define BP_SET_DEDUP(bp, x) BF64_SET((bp)->blk_prop, 62, 1, x)
|
|
|
|
|
2013-12-09 18:37:51 +00:00
|
|
|
#define BP_GET_BYTEORDER(bp) BF64_GET((bp)->blk_prop, 63, 1)
|
2010-05-28 20:45:14 +00:00
|
|
|
#define BP_SET_BYTEORDER(bp, x) BF64_SET((bp)->blk_prop, 63, 1, x)
|
|
|
|
|
|
|
|
#define BP_PHYSICAL_BIRTH(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? 0 : \
|
|
|
|
(bp)->blk_phys_birth ? (bp)->blk_phys_birth : (bp)->blk_birth)
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
#define BP_SET_BIRTH(bp, logical, physical) \
|
|
|
|
{ \
|
2014-06-05 21:19:08 +00:00
|
|
|
ASSERT(!BP_IS_EMBEDDED(bp)); \
|
2010-05-28 20:45:14 +00:00
|
|
|
(bp)->blk_birth = (logical); \
|
|
|
|
(bp)->blk_phys_birth = ((logical) == (physical) ? 0 : (physical)); \
|
|
|
|
}
|
2008-11-20 20:01:55 +00:00
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define BP_GET_FILL(bp) \
|
|
|
|
((BP_IS_ENCRYPTED(bp)) ? BF64_GET((bp)->blk_fill, 0, 32) : \
|
|
|
|
((BP_IS_EMBEDDED(bp)) ? 1 : (bp)->blk_fill))
|
|
|
|
|
|
|
|
#define BP_SET_FILL(bp, fill) \
|
|
|
|
{ \
|
|
|
|
if (BP_IS_ENCRYPTED(bp)) \
|
|
|
|
BF64_SET((bp)->blk_fill, 0, 32, fill); \
|
|
|
|
else \
|
|
|
|
(bp)->blk_fill = fill; \
|
|
|
|
}
|
|
|
|
|
|
|
|
#define BP_GET_IV2(bp) \
|
|
|
|
(ASSERT(BP_IS_ENCRYPTED(bp)), \
|
|
|
|
BF64_GET((bp)->blk_fill, 32, 32))
|
|
|
|
#define BP_SET_IV2(bp, iv2) \
|
|
|
|
{ \
|
|
|
|
ASSERT(BP_IS_ENCRYPTED(bp)); \
|
|
|
|
BF64_SET((bp)->blk_fill, 32, 32, iv2); \
|
|
|
|
}
|
2014-06-05 21:19:08 +00:00
|
|
|
|
2016-07-22 15:52:49 +00:00
|
|
|
#define BP_IS_METADATA(bp) \
|
|
|
|
(BP_GET_LEVEL(bp) > 0 || DMU_OT_IS_METADATA(BP_GET_TYPE(bp)))
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#define BP_GET_ASIZE(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? 0 : \
|
|
|
|
DVA_GET_ASIZE(&(bp)->blk_dva[0]) + \
|
|
|
|
DVA_GET_ASIZE(&(bp)->blk_dva[1]) + \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
(DVA_GET_ASIZE(&(bp)->blk_dva[2]) * !BP_IS_ENCRYPTED(bp)))
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2016-07-22 15:52:49 +00:00
|
|
|
#define BP_GET_UCSIZE(bp) \
|
|
|
|
(BP_IS_METADATA(bp) ? BP_GET_PSIZE(bp) : BP_GET_LSIZE(bp))
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define BP_GET_NDVAS(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? 0 : \
|
|
|
|
!!DVA_GET_ASIZE(&(bp)->blk_dva[0]) + \
|
2008-11-20 20:01:55 +00:00
|
|
|
!!DVA_GET_ASIZE(&(bp)->blk_dva[1]) + \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
(!!DVA_GET_ASIZE(&(bp)->blk_dva[2]) * !BP_IS_ENCRYPTED(bp)))
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define BP_COUNT_GANG(bp) \
|
2014-06-05 21:19:08 +00:00
|
|
|
(BP_IS_EMBEDDED(bp) ? 0 : \
|
2008-11-20 20:01:55 +00:00
|
|
|
(DVA_GET_GANG(&(bp)->blk_dva[0]) + \
|
|
|
|
DVA_GET_GANG(&(bp)->blk_dva[1]) + \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
(DVA_GET_GANG(&(bp)->blk_dva[2]) * !BP_IS_ENCRYPTED(bp))))
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#define DVA_EQUAL(dva1, dva2) \
|
|
|
|
((dva1)->dva_word[1] == (dva2)->dva_word[1] && \
|
|
|
|
(dva1)->dva_word[0] == (dva2)->dva_word[0])
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
#define BP_EQUAL(bp1, bp2) \
|
|
|
|
(BP_PHYSICAL_BIRTH(bp1) == BP_PHYSICAL_BIRTH(bp2) && \
|
2014-06-05 21:19:08 +00:00
|
|
|
(bp1)->blk_birth == (bp2)->blk_birth && \
|
2010-05-28 20:45:14 +00:00
|
|
|
DVA_EQUAL(&(bp1)->blk_dva[0], &(bp2)->blk_dva[0]) && \
|
|
|
|
DVA_EQUAL(&(bp1)->blk_dva[1], &(bp2)->blk_dva[1]) && \
|
|
|
|
DVA_EQUAL(&(bp1)->blk_dva[2], &(bp2)->blk_dva[2]))
|
|
|
|
|
2015-07-06 03:20:31 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#define DVA_IS_VALID(dva) (DVA_GET_ASIZE(dva) != 0)
|
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
#define BP_IDENTITY(bp) (ASSERT(!BP_IS_EMBEDDED(bp)), &(bp)->blk_dva[0])
|
|
|
|
#define BP_IS_GANG(bp) \
|
|
|
|
(BP_IS_EMBEDDED(bp) ? B_FALSE : DVA_GET_GANG(BP_IDENTITY(bp)))
|
2013-12-09 18:37:51 +00:00
|
|
|
#define DVA_IS_EMPTY(dva) ((dva)->dva_word[0] == 0ULL && \
|
|
|
|
(dva)->dva_word[1] == 0ULL)
|
2014-06-05 21:19:08 +00:00
|
|
|
#define BP_IS_HOLE(bp) \
|
|
|
|
(!BP_IS_EMBEDDED(bp) && DVA_IS_EMPTY(BP_IDENTITY(bp)))
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
/* BP_IS_RAIDZ(bp) assumes no block compression */
|
|
|
|
#define BP_IS_RAIDZ(bp) (DVA_GET_ASIZE(&(bp)->blk_dva[0]) > \
|
|
|
|
BP_GET_PSIZE(bp))
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
#define BP_ZERO(bp) \
|
2008-11-20 20:01:55 +00:00
|
|
|
{ \
|
|
|
|
(bp)->blk_dva[0].dva_word[0] = 0; \
|
|
|
|
(bp)->blk_dva[0].dva_word[1] = 0; \
|
|
|
|
(bp)->blk_dva[1].dva_word[0] = 0; \
|
|
|
|
(bp)->blk_dva[1].dva_word[1] = 0; \
|
|
|
|
(bp)->blk_dva[2].dva_word[0] = 0; \
|
|
|
|
(bp)->blk_dva[2].dva_word[1] = 0; \
|
|
|
|
(bp)->blk_prop = 0; \
|
|
|
|
(bp)->blk_pad[0] = 0; \
|
|
|
|
(bp)->blk_pad[1] = 0; \
|
2010-05-28 20:45:14 +00:00
|
|
|
(bp)->blk_phys_birth = 0; \
|
2008-12-03 20:09:06 +00:00
|
|
|
(bp)->blk_birth = 0; \
|
2008-11-20 20:01:55 +00:00
|
|
|
(bp)->blk_fill = 0; \
|
|
|
|
ZIO_SET_CHECKSUM(&(bp)->blk_cksum, 0, 0, 0, 0); \
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef _BIG_ENDIAN
|
|
|
|
#define ZFS_HOST_BYTEORDER (0ULL)
|
|
|
|
#else
|
2013-12-09 18:37:51 +00:00
|
|
|
#define ZFS_HOST_BYTEORDER (1ULL)
|
2008-11-20 20:01:55 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#define BP_SHOULD_BYTESWAP(bp) (BP_GET_BYTEORDER(bp) != ZFS_HOST_BYTEORDER)
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define BP_SPRINTF_LEN 400
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/*
|
|
|
|
* This macro allows code sharing between zfs, libzpool, and mdb.
|
|
|
|
* 'func' is either snprintf() or mdb_snprintf().
|
|
|
|
* 'ws' (whitespace) can be ' ' for single-line format, '\n' for multi-line.
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define SNPRINTF_BLKPTR(func, ws, buf, size, bp, type, checksum, crypt_type, \
|
|
|
|
compress) \
|
2010-05-28 20:45:14 +00:00
|
|
|
{ \
|
|
|
|
static const char *copyname[] = \
|
|
|
|
{ "zero", "single", "double", "triple" }; \
|
|
|
|
int len = 0; \
|
|
|
|
int copies = 0; \
|
|
|
|
\
|
|
|
|
if (bp == NULL) { \
|
2013-12-09 18:37:51 +00:00
|
|
|
len += func(buf + len, size - len, "<NULL>"); \
|
2010-05-28 20:45:14 +00:00
|
|
|
} else if (BP_IS_HOLE(bp)) { \
|
2015-03-27 02:03:22 +00:00
|
|
|
len += func(buf + len, size - len, \
|
|
|
|
"HOLE [L%llu %s] " \
|
|
|
|
"size=%llxL birth=%lluL", \
|
|
|
|
(u_longlong_t)BP_GET_LEVEL(bp), \
|
|
|
|
type, \
|
|
|
|
(u_longlong_t)BP_GET_LSIZE(bp), \
|
|
|
|
(u_longlong_t)bp->blk_birth); \
|
2014-06-05 21:19:08 +00:00
|
|
|
} else if (BP_IS_EMBEDDED(bp)) { \
|
|
|
|
len = func(buf + len, size - len, \
|
|
|
|
"EMBEDDED [L%llu %s] et=%u %s " \
|
|
|
|
"size=%llxL/%llxP birth=%lluL", \
|
|
|
|
(u_longlong_t)BP_GET_LEVEL(bp), \
|
|
|
|
type, \
|
|
|
|
(int)BPE_GET_ETYPE(bp), \
|
|
|
|
compress, \
|
|
|
|
(u_longlong_t)BPE_GET_LSIZE(bp), \
|
|
|
|
(u_longlong_t)BPE_GET_PSIZE(bp), \
|
|
|
|
(u_longlong_t)bp->blk_birth); \
|
2010-05-28 20:45:14 +00:00
|
|
|
} else { \
|
2017-11-04 20:25:13 +00:00
|
|
|
for (int d = 0; d < BP_GET_NDVAS(bp); d++) { \
|
2010-05-28 20:45:14 +00:00
|
|
|
const dva_t *dva = &bp->blk_dva[d]; \
|
|
|
|
if (DVA_IS_VALID(dva)) \
|
|
|
|
copies++; \
|
|
|
|
len += func(buf + len, size - len, \
|
|
|
|
"DVA[%d]=<%llu:%llx:%llx>%c", d, \
|
|
|
|
(u_longlong_t)DVA_GET_VDEV(dva), \
|
|
|
|
(u_longlong_t)DVA_GET_OFFSET(dva), \
|
|
|
|
(u_longlong_t)DVA_GET_ASIZE(dva), \
|
|
|
|
ws); \
|
|
|
|
} \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
if (BP_IS_ENCRYPTED(bp)) { \
|
|
|
|
len += func(buf + len, size - len, \
|
|
|
|
"salt=%llx iv=%llx:%llx%c", \
|
|
|
|
(u_longlong_t)bp->blk_dva[2].dva_word[0], \
|
|
|
|
(u_longlong_t)bp->blk_dva[2].dva_word[1], \
|
|
|
|
(u_longlong_t)BP_GET_IV2(bp), \
|
|
|
|
ws); \
|
|
|
|
} \
|
2010-05-28 20:45:14 +00:00
|
|
|
if (BP_IS_GANG(bp) && \
|
|
|
|
DVA_GET_ASIZE(&bp->blk_dva[2]) <= \
|
|
|
|
DVA_GET_ASIZE(&bp->blk_dva[1]) / 2) \
|
|
|
|
copies--; \
|
|
|
|
len += func(buf + len, size - len, \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
"[L%llu %s] %s %s %s %s %s %s %s%c" \
|
2010-05-28 20:45:14 +00:00
|
|
|
"size=%llxL/%llxP birth=%lluL/%lluP fill=%llu%c" \
|
|
|
|
"cksum=%llx:%llx:%llx:%llx", \
|
|
|
|
(u_longlong_t)BP_GET_LEVEL(bp), \
|
|
|
|
type, \
|
|
|
|
checksum, \
|
|
|
|
compress, \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
crypt_type, \
|
2010-05-28 20:45:14 +00:00
|
|
|
BP_GET_BYTEORDER(bp) == 0 ? "BE" : "LE", \
|
|
|
|
BP_IS_GANG(bp) ? "gang" : "contiguous", \
|
|
|
|
BP_GET_DEDUP(bp) ? "dedup" : "unique", \
|
|
|
|
copyname[copies], \
|
|
|
|
ws, \
|
|
|
|
(u_longlong_t)BP_GET_LSIZE(bp), \
|
|
|
|
(u_longlong_t)BP_GET_PSIZE(bp), \
|
|
|
|
(u_longlong_t)bp->blk_birth, \
|
|
|
|
(u_longlong_t)BP_PHYSICAL_BIRTH(bp), \
|
2014-06-05 21:19:08 +00:00
|
|
|
(u_longlong_t)BP_GET_FILL(bp), \
|
2010-05-28 20:45:14 +00:00
|
|
|
ws, \
|
|
|
|
(u_longlong_t)bp->blk_cksum.zc_word[0], \
|
|
|
|
(u_longlong_t)bp->blk_cksum.zc_word[1], \
|
|
|
|
(u_longlong_t)bp->blk_cksum.zc_word[2], \
|
|
|
|
(u_longlong_t)bp->blk_cksum.zc_word[3]); \
|
|
|
|
} \
|
|
|
|
ASSERT(len < size); \
|
|
|
|
}
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#define BP_GET_BUFC_TYPE(bp) \
|
2016-07-22 15:52:49 +00:00
|
|
|
(BP_IS_METADATA(bp) ? ARC_BUFC_METADATA : ARC_BUFC_DATA)
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
typedef enum spa_import_type {
|
|
|
|
SPA_IMPORT_EXISTING,
|
|
|
|
SPA_IMPORT_ASSEMBLE
|
|
|
|
} spa_import_type_t;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* state manipulation functions */
|
|
|
|
extern int spa_open(const char *pool, spa_t **, void *tag);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern int spa_open_rewind(const char *pool, spa_t **, void *tag,
|
|
|
|
nvlist_t *policy, nvlist_t **config);
|
2012-12-13 23:24:15 +00:00
|
|
|
extern int spa_get_stats(const char *pool, nvlist_t **config, char *altroot,
|
|
|
|
size_t buflen);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
extern int spa_create(const char *pool, nvlist_t *nvroot, nvlist_t *props,
|
|
|
|
nvlist_t *zplprops, struct dsl_crypto_params *dcp);
|
2013-09-04 12:00:57 +00:00
|
|
|
extern int spa_import(char *pool, nvlist_t *config, nvlist_t *props,
|
2010-08-26 21:24:34 +00:00
|
|
|
uint64_t flags);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern nvlist_t *spa_tryimport(nvlist_t *tryconfig);
|
|
|
|
extern int spa_destroy(char *pool);
|
2009-01-15 21:59:39 +00:00
|
|
|
extern int spa_export(char *pool, nvlist_t **oldconfig, boolean_t force,
|
|
|
|
boolean_t hardforce);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_reset(char *pool);
|
|
|
|
extern void spa_async_request(spa_t *spa, int flag);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern void spa_async_unrequest(spa_t *spa, int flag);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_async_suspend(spa_t *spa);
|
|
|
|
extern void spa_async_resume(spa_t *spa);
|
|
|
|
extern spa_t *spa_inject_addref(char *pool);
|
|
|
|
extern void spa_inject_delref(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern void spa_scan_stat_init(spa_t *spa);
|
|
|
|
extern int spa_scan_get_stats(spa_t *spa, pool_scan_stat_t *ps);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
#define SPA_ASYNC_CONFIG_UPDATE 0x01
|
|
|
|
#define SPA_ASYNC_REMOVE 0x02
|
|
|
|
#define SPA_ASYNC_PROBE 0x04
|
|
|
|
#define SPA_ASYNC_RESILVER_DONE 0x08
|
|
|
|
#define SPA_ASYNC_RESILVER 0x10
|
2009-07-02 22:44:48 +00:00
|
|
|
#define SPA_ASYNC_AUTOEXPAND 0x20
|
2010-05-28 20:45:14 +00:00
|
|
|
#define SPA_ASYNC_REMOVE_DONE 0x40
|
|
|
|
#define SPA_ASYNC_REMOVE_STOP 0x80
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Controls the behavior of spa_vdev_remove().
|
|
|
|
*/
|
|
|
|
#define SPA_REMOVE_UNSPARE 0x01
|
|
|
|
#define SPA_REMOVE_DONE 0x02
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* device manipulation */
|
|
|
|
extern int spa_vdev_add(spa_t *spa, nvlist_t *nvroot);
|
|
|
|
extern int spa_vdev_attach(spa_t *spa, uint64_t guid, nvlist_t *nvroot,
|
|
|
|
int replacing);
|
2009-01-15 21:59:39 +00:00
|
|
|
extern int spa_vdev_detach(spa_t *spa, uint64_t guid, uint64_t pguid,
|
|
|
|
int replace_done);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_vdev_remove(spa_t *spa, uint64_t guid, boolean_t unspare);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern boolean_t spa_vdev_remove_active(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_vdev_setpath(spa_t *spa, uint64_t guid, const char *newpath);
|
2009-07-02 22:44:48 +00:00
|
|
|
extern int spa_vdev_setfru(spa_t *spa, uint64_t guid, const char *newfru);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern int spa_vdev_split_mirror(spa_t *spa, char *newname, nvlist_t *config,
|
|
|
|
nvlist_t *props, boolean_t exp);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* spare state (which is global across all pools) */
|
|
|
|
extern void spa_spare_add(vdev_t *vd);
|
|
|
|
extern void spa_spare_remove(vdev_t *vd);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern boolean_t spa_spare_exists(uint64_t guid, uint64_t *pool, int *refcnt);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_spare_activate(vdev_t *vd);
|
|
|
|
|
|
|
|
/* L2ARC state (which is global across all pools) */
|
|
|
|
extern void spa_l2cache_add(vdev_t *vd);
|
|
|
|
extern void spa_l2cache_remove(vdev_t *vd);
|
|
|
|
extern boolean_t spa_l2cache_exists(uint64_t guid, uint64_t *pool);
|
|
|
|
extern void spa_l2cache_activate(vdev_t *vd);
|
|
|
|
extern void spa_l2cache_drop(spa_t *spa);
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/* scanning */
|
|
|
|
extern int spa_scan(spa_t *spa, pool_scan_func_t func);
|
|
|
|
extern int spa_scan_stop(spa_t *spa);
|
2017-07-07 05:16:13 +00:00
|
|
|
extern int spa_scrub_pause_resume(spa_t *spa, pool_scrub_cmd_t flag);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* spa syncing */
|
|
|
|
extern void spa_sync(spa_t *spa, uint64_t txg); /* only for DMU use */
|
|
|
|
extern void spa_sync_allpools(void);
|
|
|
|
|
2013-05-06 17:14:52 +00:00
|
|
|
extern int zfs_sync_pass_deferred_free;
|
2010-05-28 20:45:14 +00:00
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
/* spa namespace global mutex */
|
|
|
|
extern kmutex_t spa_namespace_lock;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* SPA configuration functions in spa_config.c
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define SPA_CONFIG_UPDATE_POOL 0
|
|
|
|
#define SPA_CONFIG_UPDATE_VDEVS 1
|
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
extern void spa_config_sync(spa_t *, boolean_t, boolean_t);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_config_load(void);
|
|
|
|
extern nvlist_t *spa_all_configs(uint64_t *);
|
|
|
|
extern void spa_config_set(spa_t *spa, nvlist_t *config);
|
|
|
|
extern nvlist_t *spa_config_generate(spa_t *spa, vdev_t *vd, uint64_t txg,
|
|
|
|
int getstats);
|
|
|
|
extern void spa_config_update(spa_t *spa, int what);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Miscellaneous SPA routines in spa_misc.c
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Namespace manipulation */
|
|
|
|
extern spa_t *spa_lookup(const char *name);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern spa_t *spa_add(const char *name, nvlist_t *config, const char *altroot);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_remove(spa_t *spa);
|
|
|
|
extern spa_t *spa_next(spa_t *prev);
|
|
|
|
|
|
|
|
/* Refcount functions */
|
|
|
|
extern void spa_open_ref(spa_t *spa, void *tag);
|
|
|
|
extern void spa_close(spa_t *spa, void *tag);
|
2015-04-02 03:44:32 +00:00
|
|
|
extern void spa_async_close(spa_t *spa, void *tag);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern boolean_t spa_refcount_zero(spa_t *spa);
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
#define SCL_NONE 0x00
|
2008-12-03 20:09:06 +00:00
|
|
|
#define SCL_CONFIG 0x01
|
|
|
|
#define SCL_STATE 0x02
|
|
|
|
#define SCL_L2ARC 0x04 /* hack until L2ARC 2.0 */
|
|
|
|
#define SCL_ALLOC 0x08
|
|
|
|
#define SCL_ZIO 0x10
|
|
|
|
#define SCL_FREE 0x20
|
|
|
|
#define SCL_VDEV 0x40
|
|
|
|
#define SCL_LOCKS 7
|
|
|
|
#define SCL_ALL ((1 << SCL_LOCKS) - 1)
|
|
|
|
#define SCL_STATE_ALL (SCL_STATE | SCL_L2ARC | SCL_ZIO)
|
|
|
|
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
/* Historical pool statistics */
|
|
|
|
typedef struct spa_stats_history {
|
|
|
|
kmutex_t lock;
|
|
|
|
uint64_t count;
|
|
|
|
uint64_t size;
|
|
|
|
kstat_t *kstat;
|
|
|
|
void *private;
|
|
|
|
list_t list;
|
|
|
|
} spa_stats_history_t;
|
|
|
|
|
|
|
|
typedef struct spa_stats {
|
|
|
|
spa_stats_history_t read_history;
|
2013-10-01 16:50:50 +00:00
|
|
|
spa_stats_history_t txg_history;
|
2013-10-02 18:43:52 +00:00
|
|
|
spa_stats_history_t tx_assign_histogram;
|
2013-08-27 00:09:29 +00:00
|
|
|
spa_stats_history_t io_history;
|
Multi-modifier protection (MMP)
Add multihost=on|off pool property to control MMP. When enabled
a new thread writes uberblocks to the last slot in each label, at a
set frequency, to indicate to other hosts the pool is actively imported.
These uberblocks are the last synced uberblock with an updated
timestamp. Property defaults to off.
During tryimport, find the "best" uberblock (newest txg and timestamp)
repeatedly, checking for change in the found uberblock. Include the
results of the activity test in the config returned by tryimport.
These results are reported to user in "zpool import".
Allow the user to control the period between MMP writes, and the
duration of the activity test on import, via a new module parameter
zfs_multihost_interval. The period is specified in milliseconds. The
activity test duration is calculated from this value, and from the
mmp_delay in the "best" uberblock found initially.
Add a kstat interface to export statistics about Multiple Modifier
Protection (MMP) updates. Include the last synced txg number, the
timestamp, the delay since the last MMP update, the VDEV GUID, the VDEV
label that received the last MMP update, and the VDEV path. Abbreviated
output below.
$ cat /proc/spl/kstat/zfs/mypool/multihost
31 0 0x01 10 880 105092382393521 105144180101111
txg timestamp mmp_delay vdev_guid vdev_label vdev_path
20468 261337 250274925 68396651780 3 /dev/sda
20468 261339 252023374 6267402363293 1 /dev/sdc
20468 261340 252000858 6698080955233 1 /dev/sdx
20468 261341 251980635 783892869810 2 /dev/sdy
20468 261342 253385953 8923255792467 3 /dev/sdd
20468 261344 253336622 042125143176 0 /dev/sdab
20468 261345 253310522 1200778101278 2 /dev/sde
20468 261346 253286429 0950576198362 2 /dev/sdt
20468 261347 253261545 96209817917 3 /dev/sds
20468 261349 253238188 8555725937673 3 /dev/sdb
Add a new tunable zfs_multihost_history to specify the number of MMP
updates to store history for. By default it is set to zero meaning that
no MMP statistics are stored.
When using ztest to generate activity, for automated tests of the MMP
function, some test functions interfere with the test. For example, the
pool is exported to run zdb and then imported again. Add a new ztest
function, "-M", to alter ztest behavior to prevent this.
Add new tests to verify the new functionality. Tests provided by
Giuseppe Di Natale.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olaf Faaland <faaland1@llnl.gov>
Closes #745
Closes #6279
2017-07-08 03:20:35 +00:00
|
|
|
spa_stats_history_t mmp_history;
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
} spa_stats_t;
|
|
|
|
|
2013-10-01 16:50:50 +00:00
|
|
|
typedef enum txg_state {
|
|
|
|
TXG_STATE_BIRTH = 0,
|
|
|
|
TXG_STATE_OPEN = 1,
|
|
|
|
TXG_STATE_QUIESCED = 2,
|
2014-01-16 09:41:27 +00:00
|
|
|
TXG_STATE_WAIT_FOR_SYNC = 3,
|
|
|
|
TXG_STATE_SYNCED = 4,
|
|
|
|
TXG_STATE_COMMITTED = 5,
|
2013-10-01 16:50:50 +00:00
|
|
|
} txg_state_t;
|
|
|
|
|
2016-12-02 23:57:49 +00:00
|
|
|
typedef struct txg_stat {
|
|
|
|
vdev_stat_t vs1;
|
|
|
|
vdev_stat_t vs2;
|
|
|
|
uint64_t txg;
|
|
|
|
uint64_t ndirty;
|
|
|
|
} txg_stat_t;
|
|
|
|
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
extern void spa_stats_init(spa_t *spa);
|
|
|
|
extern void spa_stats_destroy(spa_t *spa);
|
2014-06-25 18:37:59 +00:00
|
|
|
extern void spa_read_history_add(spa_t *spa, const zbookmark_phys_t *zb,
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
uint32_t aflags);
|
2014-01-15 09:26:12 +00:00
|
|
|
extern void spa_txg_history_add(spa_t *spa, uint64_t txg, hrtime_t birth_time);
|
2013-10-01 16:50:50 +00:00
|
|
|
extern int spa_txg_history_set(spa_t *spa, uint64_t txg,
|
|
|
|
txg_state_t completed_state, hrtime_t completed_time);
|
2016-12-02 23:57:49 +00:00
|
|
|
extern txg_stat_t *spa_txg_history_init_io(spa_t *, uint64_t,
|
|
|
|
struct dsl_pool *);
|
|
|
|
extern void spa_txg_history_fini_io(spa_t *, txg_stat_t *);
|
2013-10-02 18:43:52 +00:00
|
|
|
extern void spa_tx_assign_add_nsecs(spa_t *spa, uint64_t nsecs);
|
2018-02-27 01:32:49 +00:00
|
|
|
extern int spa_mmp_history_set_skip(spa_t *spa, uint64_t mmp_kstat_id);
|
2018-02-22 23:34:34 +00:00
|
|
|
extern int spa_mmp_history_set(spa_t *spa, uint64_t mmp_kstat_id, int io_error,
|
|
|
|
hrtime_t duration);
|
2018-02-27 01:32:49 +00:00
|
|
|
extern void *spa_mmp_history_add(spa_t *spa, uint64_t txg, uint64_t timestamp,
|
|
|
|
uint64_t mmp_delay, vdev_t *vd, int label, uint64_t mmp_kstat_id,
|
|
|
|
int error);
|
Add visibility in to arc_read
This change is an attempt to add visibility into the arc_read calls
occurring on a system, in real time. To do this, a list was added to the
in memory SPA data structure for a pool, with each element on the list
corresponding to a call to arc_read. These entries are then exported
through the kstat interface, which can then be interpreted in userspace.
For each arc_read call, the following information is exported:
* A unique identifier (uint64_t)
* The time the entry was added to the list (hrtime_t)
(*not* wall clock time; relative to the other entries on the list)
* The objset ID (uint64_t)
* The object number (uint64_t)
* The indirection level (uint64_t)
* The block ID (uint64_t)
* The name of the function originating the arc_read call (char[24])
* The arc_flags from the arc_read call (uint32_t)
* The PID of the reading thread (pid_t)
* The command or name of thread originating read (char[16])
From this exported information one can see, in real time, exactly what
is being read, what function is generating the read, and whether or not
the read was found to be already cached.
There is still some work to be done, but this should serve as a good
starting point.
Specifically, dbuf_read's are not accounted for in the currently
exported information. Thus, a follow up patch should probably be added
to export these calls that never call into arc_read (they only hit the
dbuf hash table). In addition, it might be nice to create a utility
similar to "arcstat.py" to digest the exported information and display
it in a more readable format. Or perhaps, log the information and allow
for it to be "replayed" at a later time.
Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2013-09-06 23:09:05 +00:00
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
/* Pool configuration locks */
|
|
|
|
extern int spa_config_tryenter(spa_t *spa, int locks, void *tag, krw_t rw);
|
|
|
|
extern void spa_config_enter(spa_t *spa, int locks, void *tag, krw_t rw);
|
|
|
|
extern void spa_config_exit(spa_t *spa, int locks, void *tag);
|
|
|
|
extern int spa_config_held(spa_t *spa, int locks, krw_t rw);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* Pool vdev add/remove lock */
|
|
|
|
extern uint64_t spa_vdev_enter(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t spa_vdev_config_enter(spa_t *spa);
|
|
|
|
extern void spa_vdev_config_exit(spa_t *spa, vdev_t *vd, uint64_t txg,
|
|
|
|
int error, char *tag);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_vdev_exit(spa_t *spa, vdev_t *vd, uint64_t txg, int error);
|
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
/* Pool vdev state change lock */
|
2010-05-28 20:45:14 +00:00
|
|
|
extern void spa_vdev_state_enter(spa_t *spa, int oplock);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern int spa_vdev_state_exit(spa_t *spa, vdev_t *vd, int error);
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/* Log state */
|
|
|
|
typedef enum spa_log_state {
|
|
|
|
SPA_LOG_UNKNOWN = 0, /* unknown log state */
|
|
|
|
SPA_LOG_MISSING, /* missing log(s) */
|
|
|
|
SPA_LOG_CLEAR, /* clear the log(s) */
|
|
|
|
SPA_LOG_GOOD, /* log(s) are good */
|
|
|
|
} spa_log_state_t;
|
|
|
|
|
|
|
|
extern spa_log_state_t spa_get_log_state(spa_t *spa);
|
|
|
|
extern void spa_set_log_state(spa_t *spa, spa_log_state_t state);
|
|
|
|
extern int spa_offline_log(spa_t *spa);
|
|
|
|
|
|
|
|
/* Log claim callback */
|
|
|
|
extern void spa_claim_notify(zio_t *zio);
|
2013-04-29 22:49:23 +00:00
|
|
|
extern void spa_deadman(void *);
|
2010-05-28 20:45:14 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/* Accessor functions */
|
2008-12-03 20:09:06 +00:00
|
|
|
extern boolean_t spa_shutting_down(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern struct dsl_pool *spa_get_dsl(spa_t *spa);
|
2012-12-13 23:24:15 +00:00
|
|
|
extern boolean_t spa_is_initializing(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern blkptr_t *spa_get_rootblkptr(spa_t *spa);
|
|
|
|
extern void spa_set_rootblkptr(spa_t *spa, const blkptr_t *bp);
|
|
|
|
extern void spa_altroot(spa_t *, char *, size_t);
|
|
|
|
extern int spa_sync_pass(spa_t *spa);
|
|
|
|
extern char *spa_name(spa_t *spa);
|
|
|
|
extern uint64_t spa_guid(spa_t *spa);
|
2011-11-11 22:07:54 +00:00
|
|
|
extern uint64_t spa_load_guid(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern uint64_t spa_last_synced_txg(spa_t *spa);
|
|
|
|
extern uint64_t spa_first_txg(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t spa_syncing_txg(spa_t *spa);
|
2017-04-07 20:50:18 +00:00
|
|
|
extern uint64_t spa_final_dirty_txg(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern uint64_t spa_version(spa_t *spa);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern pool_state_t spa_state(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern spa_load_state_t spa_load_state(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern uint64_t spa_freeze_txg(spa_t *spa);
|
OpenZFS 7793 - ztest fails assertion in dmu_tx_willuse_space
Reviewed by: Steve Gonczi <steve.gonczi@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Pavel Zakharov <pavel.zakharov@delphix.com>
Ported-by: Brian Behlendorf <behlendorf1@llnl.gov>
Background information: This assertion about tx_space_* verifies that we
are not dirtying more stuff than we thought we would. We “need” to know
how much we will dirty so that we can check if we should fail this
transaction with ENOSPC/EDQUOT, in dmu_tx_assign(). While the
transaction is open (i.e. between dmu_tx_assign() and dmu_tx_commit() —
typically less than a millisecond), we call dbuf_dirty() on the exact
blocks that will be modified. Once this happens, the temporary
accounting in tx_space_* is unnecessary, because we know exactly what
blocks are newly dirtied; we call dnode_willuse_space() to track this
more exact accounting.
The fundamental problem causing this bug is that dmu_tx_hold_*() relies
on the current state in the DMU (e.g. dn_nlevels) to predict how much
will be dirtied by this transaction, but this state can change before we
actually perform the transaction (i.e. call dbuf_dirty()).
This bug will be fixed by removing the assertion that the tx_space_*
accounting is perfectly accurate (i.e. we never dirty more than was
predicted by dmu_tx_hold_*()). By removing the requirement that this
accounting be perfectly accurate, we can also vastly simplify it, e.g.
removing most of the logic in dmu_tx_count_*().
The new tx space accounting will be very approximate, and may be more or
less than what is actually dirtied. It will still be used to determine
if this transaction will put us over quota. Transactions that are marked
by dmu_tx_mark_netfree() will be excepted from this check. We won’t make
an attempt to determine how much space will be freed by the transaction
— this was rarely accurate enough to determine if a transaction should
be permitted when we are over quota, which is why dmu_tx_mark_netfree()
was introduced in 2014.
We also won’t attempt to give “credit” when overwriting existing blocks,
if those blocks may be freed. This allows us to remove the
do_free_accounting logic in dbuf_dirty(), and associated routines. This
logic attempted to predict what will be on disk when this txg syncs, to
know if the overwritten block will be freed (i.e. exists, and has no
snapshots).
OpenZFS-issue: https://www.illumos.org/issues/7793
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/3704e0a
Upstream bugs: DLPX-32883a
Closes #5804
Porting notes:
- DNODE_SIZE replaced with DNODE_MIN_SIZE in dmu_tx_count_dnode(),
Using the default dnode size would be slightly better.
- DEBUG_DMU_TX wrappers and configure option removed.
- Resolved _by_dnode() conflicts these changes have not yet been
applied to OpenZFS.
2017-03-07 17:51:59 +00:00
|
|
|
extern uint64_t spa_get_worst_case_asize(spa_t *spa, uint64_t lsize);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t spa_get_dspace(spa_t *spa);
|
2014-11-04 17:35:37 +00:00
|
|
|
extern uint64_t spa_get_slop_space(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern void spa_update_dspace(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern uint64_t spa_version(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern boolean_t spa_deflate(spa_t *spa);
|
|
|
|
extern metaslab_class_t *spa_normal_class(spa_t *spa);
|
|
|
|
extern metaslab_class_t *spa_log_class(spa_t *spa);
|
2015-04-02 03:44:32 +00:00
|
|
|
extern void spa_evicting_os_register(spa_t *, objset_t *os);
|
|
|
|
extern void spa_evicting_os_deregister(spa_t *, objset_t *os);
|
|
|
|
extern void spa_evicting_os_wait(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_max_replication(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern int spa_prev_software_version(spa_t *spa);
|
2017-12-18 22:06:07 +00:00
|
|
|
extern uint64_t spa_get_failmode(spa_t *spa);
|
|
|
|
extern uint64_t spa_get_deadman_failmode(spa_t *spa);
|
|
|
|
extern void spa_set_deadman_failmode(spa_t *spa, const char *failmode);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern boolean_t spa_suspended(spa_t *spa);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t spa_bootfs(spa_t *spa);
|
|
|
|
extern uint64_t spa_delegation(spa_t *spa);
|
|
|
|
extern objset_t *spa_meta_objset(spa_t *spa);
|
2013-04-29 22:49:23 +00:00
|
|
|
extern uint64_t spa_deadman_synctime(spa_t *spa);
|
2017-12-18 22:06:07 +00:00
|
|
|
extern uint64_t spa_deadman_ziotime(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* Miscellaneous support routines */
|
2013-12-09 18:37:51 +00:00
|
|
|
extern void spa_activate_mos_feature(spa_t *spa, const char *feature,
|
|
|
|
dmu_tx_t *tx);
|
2012-12-13 23:24:15 +00:00
|
|
|
extern void spa_deactivate_mos_feature(spa_t *spa, const char *feature);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int spa_rename(const char *oldname, const char *newname);
|
2010-08-26 21:24:34 +00:00
|
|
|
extern spa_t *spa_by_guid(uint64_t pool_guid, uint64_t device_guid);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern boolean_t spa_guid_exists(uint64_t pool_guid, uint64_t device_guid);
|
|
|
|
extern char *spa_strdup(const char *);
|
|
|
|
extern void spa_strfree(char *);
|
|
|
|
extern uint64_t spa_get_random(uint64_t range);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t spa_generate_guid(spa_t *spa);
|
2013-12-09 18:37:51 +00:00
|
|
|
extern void snprintf_blkptr(char *buf, size_t buflen, const blkptr_t *bp);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_freeze(spa_t *spa);
|
2011-11-11 22:07:54 +00:00
|
|
|
extern int spa_change_guid(spa_t *spa);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void spa_upgrade(spa_t *spa, uint64_t version);
|
|
|
|
extern void spa_evict_all(void);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern vdev_t *spa_lookup_by_guid(spa_t *spa, uint64_t guid,
|
|
|
|
boolean_t l2cache);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern boolean_t spa_has_spare(spa_t *, uint64_t guid);
|
2010-05-28 20:45:14 +00:00
|
|
|
extern uint64_t dva_get_dsize_sync(spa_t *spa, const dva_t *dva);
|
|
|
|
extern uint64_t bp_get_dsize_sync(spa_t *spa, const blkptr_t *bp);
|
|
|
|
extern uint64_t bp_get_dsize(spa_t *spa, const blkptr_t *bp);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern boolean_t spa_has_slogs(spa_t *spa);
|
2008-12-03 20:09:06 +00:00
|
|
|
extern boolean_t spa_is_root(spa_t *spa);
|
2009-01-15 21:59:39 +00:00
|
|
|
extern boolean_t spa_writeable(spa_t *spa);
|
2014-07-18 15:08:31 +00:00
|
|
|
extern boolean_t spa_has_pending_synctask(spa_t *spa);
|
2014-11-03 20:15:08 +00:00
|
|
|
extern int spa_maxblocksize(spa_t *spa);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
extern int spa_maxdnodesize(spa_t *spa);
|
2014-11-26 17:57:30 +00:00
|
|
|
extern void zfs_blkptr_verify(spa_t *spa, const blkptr_t *bp);
|
Multi-modifier protection (MMP)
Add multihost=on|off pool property to control MMP. When enabled
a new thread writes uberblocks to the last slot in each label, at a
set frequency, to indicate to other hosts the pool is actively imported.
These uberblocks are the last synced uberblock with an updated
timestamp. Property defaults to off.
During tryimport, find the "best" uberblock (newest txg and timestamp)
repeatedly, checking for change in the found uberblock. Include the
results of the activity test in the config returned by tryimport.
These results are reported to user in "zpool import".
Allow the user to control the period between MMP writes, and the
duration of the activity test on import, via a new module parameter
zfs_multihost_interval. The period is specified in milliseconds. The
activity test duration is calculated from this value, and from the
mmp_delay in the "best" uberblock found initially.
Add a kstat interface to export statistics about Multiple Modifier
Protection (MMP) updates. Include the last synced txg number, the
timestamp, the delay since the last MMP update, the VDEV GUID, the VDEV
label that received the last MMP update, and the VDEV path. Abbreviated
output below.
$ cat /proc/spl/kstat/zfs/mypool/multihost
31 0 0x01 10 880 105092382393521 105144180101111
txg timestamp mmp_delay vdev_guid vdev_label vdev_path
20468 261337 250274925 68396651780 3 /dev/sda
20468 261339 252023374 6267402363293 1 /dev/sdc
20468 261340 252000858 6698080955233 1 /dev/sdx
20468 261341 251980635 783892869810 2 /dev/sdy
20468 261342 253385953 8923255792467 3 /dev/sdd
20468 261344 253336622 042125143176 0 /dev/sdab
20468 261345 253310522 1200778101278 2 /dev/sde
20468 261346 253286429 0950576198362 2 /dev/sdt
20468 261347 253261545 96209817917 3 /dev/sds
20468 261349 253238188 8555725937673 3 /dev/sdb
Add a new tunable zfs_multihost_history to specify the number of MMP
updates to store history for. By default it is set to zero meaning that
no MMP statistics are stored.
When using ztest to generate activity, for automated tests of the MMP
function, some test functions interfere with the test. For example, the
pool is exported to run zdb and then imported again. Add a new ztest
function, "-M", to alter ztest behavior to prevent this.
Add new tests to verify the new functionality. Tests provided by
Giuseppe Di Natale.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Ned Bass <bass6@llnl.gov>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Olaf Faaland <faaland1@llnl.gov>
Closes #745
Closes #6279
2017-07-08 03:20:35 +00:00
|
|
|
extern boolean_t spa_multihost(spa_t *spa);
|
|
|
|
extern unsigned long spa_get_hostid(void);
|
2010-05-28 20:45:14 +00:00
|
|
|
|
2009-01-15 21:59:39 +00:00
|
|
|
extern int spa_mode(spa_t *spa);
|
2017-06-13 03:16:28 +00:00
|
|
|
extern uint64_t zfs_strtonum(const char *str, char **nptr);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
extern char *spa_his_ievent_table[];
|
|
|
|
|
|
|
|
extern void spa_history_create_obj(spa_t *spa, dmu_tx_t *tx);
|
|
|
|
extern int spa_history_get(spa_t *spa, uint64_t *offset, uint64_t *len_read,
|
|
|
|
char *his_buf);
|
2013-08-28 11:45:09 +00:00
|
|
|
extern int spa_history_log(spa_t *spa, const char *his_buf);
|
|
|
|
extern int spa_history_log_nvl(spa_t *spa, nvlist_t *nvl);
|
2017-10-23 16:45:59 +00:00
|
|
|
extern void spa_history_log_version(spa_t *spa, const char *operation,
|
|
|
|
dmu_tx_t *tx);
|
2013-08-28 11:45:09 +00:00
|
|
|
extern void spa_history_log_internal(spa_t *spa, const char *operation,
|
|
|
|
dmu_tx_t *tx, const char *fmt, ...);
|
|
|
|
extern void spa_history_log_internal_ds(struct dsl_dataset *ds, const char *op,
|
|
|
|
dmu_tx_t *tx, const char *fmt, ...);
|
|
|
|
extern void spa_history_log_internal_dd(dsl_dir_t *dd, const char *operation,
|
|
|
|
dmu_tx_t *tx, const char *fmt, ...);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* error handling */
|
2014-06-25 18:37:59 +00:00
|
|
|
struct zbookmark_phys;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
extern void spa_log_error(spa_t *spa, const zbookmark_phys_t *zb);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void zfs_ereport_post(const char *class, spa_t *spa, vdev_t *vd,
|
2018-03-31 18:12:51 +00:00
|
|
|
const zbookmark_phys_t *zb, zio_t *zio, uint64_t stateoroffset,
|
|
|
|
uint64_t length);
|
2017-05-30 18:39:17 +00:00
|
|
|
extern nvlist_t *zfs_event_create(spa_t *spa, vdev_t *vd, const char *type,
|
|
|
|
const char *name, nvlist_t *aux);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void zfs_post_remove(spa_t *spa, vdev_t *vd);
|
2016-08-31 21:46:58 +00:00
|
|
|
extern void zfs_post_state_change(spa_t *spa, vdev_t *vd, uint64_t laststate);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void zfs_post_autoreplace(spa_t *spa, vdev_t *vd);
|
|
|
|
extern uint64_t spa_get_errlog_size(spa_t *spa);
|
|
|
|
extern int spa_get_errlog(spa_t *spa, void *uaddr, size_t *count);
|
|
|
|
extern void spa_errlog_rotate(spa_t *spa);
|
|
|
|
extern void spa_errlog_drain(spa_t *spa);
|
|
|
|
extern void spa_errlog_sync(spa_t *spa, uint64_t txg);
|
|
|
|
extern void spa_get_errlists(spa_t *spa, avl_tree_t *last, avl_tree_t *scrub);
|
|
|
|
|
|
|
|
/* vdev cache */
|
|
|
|
extern void vdev_cache_stat_init(void);
|
|
|
|
extern void vdev_cache_stat_fini(void);
|
|
|
|
|
2017-08-04 10:23:10 +00:00
|
|
|
/* vdev mirror */
|
|
|
|
extern void vdev_mirror_stat_init(void);
|
|
|
|
extern void vdev_mirror_stat_fini(void);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/* Initialization and termination */
|
|
|
|
extern void spa_init(int flags);
|
|
|
|
extern void spa_fini(void);
|
2010-08-26 16:52:41 +00:00
|
|
|
extern void spa_boot_init(void);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* properties */
|
|
|
|
extern int spa_prop_set(spa_t *spa, nvlist_t *nvp);
|
|
|
|
extern int spa_prop_get(spa_t *spa, nvlist_t **nvp);
|
|
|
|
extern void spa_prop_clear_bootfs(spa_t *spa, uint64_t obj, dmu_tx_t *tx);
|
2009-02-18 20:51:31 +00:00
|
|
|
extern void spa_configfile_set(spa_t *, nvlist_t *, boolean_t);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* asynchronous event notification */
|
2017-05-30 18:39:17 +00:00
|
|
|
extern void spa_event_notify(spa_t *spa, vdev_t *vdev, nvlist_t *hist_nvl,
|
|
|
|
const char *name);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#ifdef ZFS_DEBUG
|
2014-11-21 00:09:39 +00:00
|
|
|
#define dprintf_bp(bp, fmt, ...) do { \
|
|
|
|
if (zfs_flags & ZFS_DEBUG_DPRINTF) { \
|
|
|
|
char *__blkbuf = kmem_alloc(BP_SPRINTF_LEN, KM_SLEEP); \
|
|
|
|
snprintf_blkptr(__blkbuf, BP_SPRINTF_LEN, (bp)); \
|
|
|
|
dprintf(fmt " %s\n", __VA_ARGS__, __blkbuf); \
|
|
|
|
kmem_free(__blkbuf, BP_SPRINTF_LEN); \
|
2008-11-20 20:01:55 +00:00
|
|
|
} \
|
|
|
|
_NOTE(CONSTCOND) } while (0)
|
|
|
|
#else
|
|
|
|
#define dprintf_bp(bp, fmt, ...)
|
|
|
|
#endif
|
|
|
|
|
2011-07-26 19:08:52 +00:00
|
|
|
extern boolean_t spa_debug_enabled(spa_t *spa);
|
|
|
|
#define spa_dbgmsg(spa, ...) \
|
|
|
|
{ \
|
|
|
|
if (spa_debug_enabled(spa)) \
|
|
|
|
zfs_dbgmsg(__VA_ARGS__); \
|
|
|
|
}
|
|
|
|
|
2009-01-15 21:59:39 +00:00
|
|
|
extern int spa_mode_global; /* mode, e.g. FREAD | FWRITE */
|
2017-12-18 22:06:07 +00:00
|
|
|
extern int zfs_deadman_enabled;
|
|
|
|
extern unsigned long zfs_deadman_synctime_ms;
|
|
|
|
extern unsigned long zfs_deadman_ziotime_ms;
|
|
|
|
extern unsigned long zfs_deadman_checktime_ms;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* _SYS_SPA_H */
|