2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* CDDL HEADER START
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
|
|
|
/*
|
2010-05-28 20:45:14 +00:00
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
* Copyright (c) 2011, 2018 by Delphix. All rights reserved.
|
2013-10-07 10:53:58 +00:00
|
|
|
* Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
|
2017-01-23 18:17:35 +00:00
|
|
|
* Copyright 2016, Joyent, Inc.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/* Portions Copyright 2010 Robert Milkowski */
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#include <sys/zio.h>
|
|
|
|
#include <sys/spa.h>
|
|
|
|
#include <sys/u8_textprep.h>
|
|
|
|
#include <sys/zfs_acl.h>
|
|
|
|
#include <sys/zfs_ioctl.h>
|
|
|
|
#include <sys/zfs_znode.h>
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#include <sys/dsl_crypt.h>
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#include "zfs_prop.h"
|
|
|
|
#include "zfs_deleg.h"
|
2015-12-09 23:34:16 +00:00
|
|
|
#include "zfs_fletcher.h"
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2018-02-16 01:53:18 +00:00
|
|
|
#if !defined(_KERNEL)
|
2008-11-20 20:01:55 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static zprop_desc_t zfs_prop_table[ZFS_NUM_PROPS];
|
|
|
|
|
2009-07-02 22:44:48 +00:00
|
|
|
/* Note this is indexed by zfs_userquota_prop_t, keep the order the same */
|
|
|
|
const char *zfs_userquota_prop_prefixes[] = {
|
|
|
|
"userused@",
|
|
|
|
"userquota@",
|
|
|
|
"groupused@",
|
2016-10-04 18:46:10 +00:00
|
|
|
"groupquota@",
|
|
|
|
"userobjused@",
|
|
|
|
"userobjquota@",
|
|
|
|
"groupobjused@",
|
2018-02-13 22:54:54 +00:00
|
|
|
"groupobjquota@",
|
|
|
|
"projectused@",
|
|
|
|
"projectquota@",
|
|
|
|
"projectobjused@",
|
|
|
|
"projectobjquota@"
|
2009-07-02 22:44:48 +00:00
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
zprop_desc_t *
|
|
|
|
zfs_prop_get_table(void)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
zfs_prop_init(void)
|
|
|
|
{
|
|
|
|
static zprop_index_t checksum_table[] = {
|
|
|
|
{ "on", ZIO_CHECKSUM_ON },
|
|
|
|
{ "off", ZIO_CHECKSUM_OFF },
|
|
|
|
{ "fletcher2", ZIO_CHECKSUM_FLETCHER_2 },
|
|
|
|
{ "fletcher4", ZIO_CHECKSUM_FLETCHER_4 },
|
|
|
|
{ "sha256", ZIO_CHECKSUM_SHA256 },
|
2016-06-15 22:47:05 +00:00
|
|
|
{ "noparity", ZIO_CHECKSUM_NOPARITY },
|
|
|
|
{ "sha512", ZIO_CHECKSUM_SHA512 },
|
|
|
|
{ "skein", ZIO_CHECKSUM_SKEIN },
|
|
|
|
{ "edonr", ZIO_CHECKSUM_EDONR },
|
2008-11-20 20:01:55 +00:00
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
static zprop_index_t dedup_table[] = {
|
|
|
|
{ "on", ZIO_CHECKSUM_ON },
|
|
|
|
{ "off", ZIO_CHECKSUM_OFF },
|
|
|
|
{ "verify", ZIO_CHECKSUM_ON | ZIO_CHECKSUM_VERIFY },
|
|
|
|
{ "sha256", ZIO_CHECKSUM_SHA256 },
|
|
|
|
{ "sha256,verify",
|
|
|
|
ZIO_CHECKSUM_SHA256 | ZIO_CHECKSUM_VERIFY },
|
2016-06-15 22:47:05 +00:00
|
|
|
{ "sha512", ZIO_CHECKSUM_SHA512 },
|
|
|
|
{ "sha512,verify",
|
|
|
|
ZIO_CHECKSUM_SHA512 | ZIO_CHECKSUM_VERIFY },
|
|
|
|
{ "skein", ZIO_CHECKSUM_SKEIN },
|
|
|
|
{ "skein,verify",
|
|
|
|
ZIO_CHECKSUM_SKEIN | ZIO_CHECKSUM_VERIFY },
|
|
|
|
{ "edonr,verify",
|
|
|
|
ZIO_CHECKSUM_EDONR | ZIO_CHECKSUM_VERIFY },
|
2010-05-28 20:45:14 +00:00
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
static zprop_index_t compress_table[] = {
|
|
|
|
{ "on", ZIO_COMPRESS_ON },
|
|
|
|
{ "off", ZIO_COMPRESS_OFF },
|
|
|
|
{ "lzjb", ZIO_COMPRESS_LZJB },
|
|
|
|
{ "gzip", ZIO_COMPRESS_GZIP_6 }, /* gzip default */
|
|
|
|
{ "gzip-1", ZIO_COMPRESS_GZIP_1 },
|
|
|
|
{ "gzip-2", ZIO_COMPRESS_GZIP_2 },
|
|
|
|
{ "gzip-3", ZIO_COMPRESS_GZIP_3 },
|
|
|
|
{ "gzip-4", ZIO_COMPRESS_GZIP_4 },
|
|
|
|
{ "gzip-5", ZIO_COMPRESS_GZIP_5 },
|
|
|
|
{ "gzip-6", ZIO_COMPRESS_GZIP_6 },
|
|
|
|
{ "gzip-7", ZIO_COMPRESS_GZIP_7 },
|
|
|
|
{ "gzip-8", ZIO_COMPRESS_GZIP_8 },
|
|
|
|
{ "gzip-9", ZIO_COMPRESS_GZIP_9 },
|
2010-05-28 20:45:14 +00:00
|
|
|
{ "zle", ZIO_COMPRESS_ZLE },
|
2013-01-23 09:54:30 +00:00
|
|
|
{ "lz4", ZIO_COMPRESS_LZ4 },
|
2008-11-20 20:01:55 +00:00
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
static zprop_index_t crypto_table[] = {
|
|
|
|
{ "on", ZIO_CRYPT_ON },
|
|
|
|
{ "off", ZIO_CRYPT_OFF },
|
|
|
|
{ "aes-128-ccm", ZIO_CRYPT_AES_128_CCM },
|
|
|
|
{ "aes-192-ccm", ZIO_CRYPT_AES_192_CCM },
|
|
|
|
{ "aes-256-ccm", ZIO_CRYPT_AES_256_CCM },
|
|
|
|
{ "aes-128-gcm", ZIO_CRYPT_AES_128_GCM },
|
|
|
|
{ "aes-192-gcm", ZIO_CRYPT_AES_192_GCM },
|
|
|
|
{ "aes-256-gcm", ZIO_CRYPT_AES_256_GCM },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static zprop_index_t keyformat_table[] = {
|
|
|
|
{ "none", ZFS_KEYFORMAT_NONE },
|
|
|
|
{ "raw", ZFS_KEYFORMAT_RAW },
|
|
|
|
{ "hex", ZFS_KEYFORMAT_HEX },
|
|
|
|
{ "passphrase", ZFS_KEYFORMAT_PASSPHRASE },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
static zprop_index_t snapdir_table[] = {
|
|
|
|
{ "hidden", ZFS_SNAPDIR_HIDDEN },
|
|
|
|
{ "visible", ZFS_SNAPDIR_VISIBLE },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2013-02-13 23:11:59 +00:00
|
|
|
static zprop_index_t snapdev_table[] = {
|
|
|
|
{ "hidden", ZFS_SNAPDEV_HIDDEN },
|
|
|
|
{ "visible", ZFS_SNAPDEV_VISIBLE },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2013-10-28 16:22:15 +00:00
|
|
|
static zprop_index_t acltype_table[] = {
|
|
|
|
{ "off", ZFS_ACLTYPE_OFF },
|
|
|
|
{ "disabled", ZFS_ACLTYPE_OFF },
|
|
|
|
{ "noacl", ZFS_ACLTYPE_OFF },
|
|
|
|
{ "posixacl", ZFS_ACLTYPE_POSIXACL },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
static zprop_index_t acl_inherit_table[] = {
|
|
|
|
{ "discard", ZFS_ACL_DISCARD },
|
|
|
|
{ "noallow", ZFS_ACL_NOALLOW },
|
|
|
|
{ "restricted", ZFS_ACL_RESTRICTED },
|
|
|
|
{ "passthrough", ZFS_ACL_PASSTHROUGH },
|
2017-01-03 17:31:18 +00:00
|
|
|
{ "secure", ZFS_ACL_RESTRICTED }, /* bkwrd compatibility */
|
2008-12-03 20:09:06 +00:00
|
|
|
{ "passthrough-x", ZFS_ACL_PASSTHROUGH_X },
|
2008-11-20 20:01:55 +00:00
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static zprop_index_t case_table[] = {
|
|
|
|
{ "sensitive", ZFS_CASE_SENSITIVE },
|
|
|
|
{ "insensitive", ZFS_CASE_INSENSITIVE },
|
|
|
|
{ "mixed", ZFS_CASE_MIXED },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static zprop_index_t copies_table[] = {
|
|
|
|
{ "1", 1 },
|
|
|
|
{ "2", 2 },
|
|
|
|
{ "3", 3 },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Use the unique flags we have to send to u8_strcmp() and/or
|
|
|
|
* u8_textprep() to represent the various normalization property
|
|
|
|
* values.
|
|
|
|
*/
|
|
|
|
static zprop_index_t normalize_table[] = {
|
|
|
|
{ "none", 0 },
|
|
|
|
{ "formD", U8_TEXTPREP_NFD },
|
|
|
|
{ "formKC", U8_TEXTPREP_NFKC },
|
|
|
|
{ "formC", U8_TEXTPREP_NFC },
|
|
|
|
{ "formKD", U8_TEXTPREP_NFKD },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static zprop_index_t version_table[] = {
|
|
|
|
{ "1", 1 },
|
|
|
|
{ "2", 2 },
|
|
|
|
{ "3", 3 },
|
2009-07-02 22:44:48 +00:00
|
|
|
{ "4", 4 },
|
2010-05-28 20:45:14 +00:00
|
|
|
{ "5", 5 },
|
2008-11-20 20:01:55 +00:00
|
|
|
{ "current", ZPL_VERSION },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static zprop_index_t boolean_table[] = {
|
|
|
|
{ "off", 0 },
|
|
|
|
{ "on", 1 },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
static zprop_index_t keystatus_table[] = {
|
|
|
|
{ "none", ZFS_KEYSTATUS_NONE},
|
|
|
|
{ "unavailable", ZFS_KEYSTATUS_UNAVAILABLE},
|
|
|
|
{ "available", ZFS_KEYSTATUS_AVAILABLE},
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
static zprop_index_t logbias_table[] = {
|
|
|
|
{ "latency", ZFS_LOGBIAS_LATENCY },
|
|
|
|
{ "throughput", ZFS_LOGBIAS_THROUGHPUT },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
static zprop_index_t canmount_table[] = {
|
|
|
|
{ "off", ZFS_CANMOUNT_OFF },
|
|
|
|
{ "on", ZFS_CANMOUNT_ON },
|
|
|
|
{ "noauto", ZFS_CANMOUNT_NOAUTO },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-12-03 20:09:06 +00:00
|
|
|
static zprop_index_t cache_table[] = {
|
|
|
|
{ "none", ZFS_CACHE_NONE },
|
|
|
|
{ "metadata", ZFS_CACHE_METADATA },
|
|
|
|
{ "all", ZFS_CACHE_ALL },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
static zprop_index_t sync_table[] = {
|
|
|
|
{ "standard", ZFS_SYNC_STANDARD },
|
|
|
|
{ "always", ZFS_SYNC_ALWAYS },
|
|
|
|
{ "disabled", ZFS_SYNC_DISABLED },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2011-10-24 23:55:20 +00:00
|
|
|
static zprop_index_t xattr_table[] = {
|
|
|
|
{ "off", ZFS_XATTR_OFF },
|
|
|
|
{ "on", ZFS_XATTR_DIR },
|
|
|
|
{ "sa", ZFS_XATTR_SA },
|
|
|
|
{ "dir", ZFS_XATTR_DIR },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
static zprop_index_t dnsize_table[] = {
|
|
|
|
{ "legacy", ZFS_DNSIZE_LEGACY },
|
|
|
|
{ "auto", ZFS_DNSIZE_AUTO },
|
|
|
|
{ "1k", ZFS_DNSIZE_1K },
|
|
|
|
{ "2k", ZFS_DNSIZE_2K },
|
|
|
|
{ "4k", ZFS_DNSIZE_4K },
|
|
|
|
{ "8k", ZFS_DNSIZE_8K },
|
|
|
|
{ "16k", ZFS_DNSIZE_16K },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2014-05-23 16:21:07 +00:00
|
|
|
static zprop_index_t redundant_metadata_table[] = {
|
|
|
|
{ "all", ZFS_REDUNDANT_METADATA_ALL },
|
|
|
|
{ "most", ZFS_REDUNDANT_METADATA_MOST },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2017-07-12 20:05:37 +00:00
|
|
|
static zprop_index_t volmode_table[] = {
|
|
|
|
{ "default", ZFS_VOLMODE_DEFAULT },
|
|
|
|
{ "full", ZFS_VOLMODE_GEOM },
|
|
|
|
{ "geom", ZFS_VOLMODE_GEOM },
|
|
|
|
{ "dev", ZFS_VOLMODE_DEV },
|
|
|
|
{ "none", ZFS_VOLMODE_NONE },
|
|
|
|
{ NULL }
|
|
|
|
};
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/* inherit index properties */
|
2014-05-23 16:21:07 +00:00
|
|
|
zprop_register_index(ZFS_PROP_REDUNDANT_METADATA, "redundant_metadata",
|
|
|
|
ZFS_REDUNDANT_METADATA_ALL,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"all | most", "REDUND_MD",
|
|
|
|
redundant_metadata_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_SYNC, "sync", ZFS_SYNC_STANDARD,
|
2008-11-20 20:01:55 +00:00
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
2010-05-28 20:45:14 +00:00
|
|
|
"standard | always | disabled", "SYNC",
|
|
|
|
sync_table);
|
|
|
|
zprop_register_index(ZFS_PROP_CHECKSUM, "checksum",
|
|
|
|
ZIO_CHECKSUM_DEFAULT, PROP_INHERIT, ZFS_TYPE_FILESYSTEM |
|
|
|
|
ZFS_TYPE_VOLUME,
|
2016-06-15 22:47:05 +00:00
|
|
|
"on | off | fletcher2 | fletcher4 | sha256 | sha512 | "
|
|
|
|
"skein | edonr", "CHECKSUM", checksum_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_DEDUP, "dedup", ZIO_CHECKSUM_OFF,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
2016-06-15 22:47:05 +00:00
|
|
|
"on | off | verify | sha256[,verify], sha512[,verify], "
|
|
|
|
"skein[,verify], edonr,verify", "DEDUP", dedup_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_COMPRESSION, "compression",
|
2008-11-20 20:01:55 +00:00
|
|
|
ZIO_COMPRESS_DEFAULT, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
2013-01-23 09:54:30 +00:00
|
|
|
"on | off | lzjb | gzip | gzip-[1-9] | zle | lz4", "COMPRESS",
|
2010-05-28 20:45:14 +00:00
|
|
|
compress_table);
|
|
|
|
zprop_register_index(ZFS_PROP_SNAPDIR, "snapdir", ZFS_SNAPDIR_HIDDEN,
|
2008-11-20 20:01:55 +00:00
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"hidden | visible", "SNAPDIR", snapdir_table);
|
2013-02-13 23:11:59 +00:00
|
|
|
zprop_register_index(ZFS_PROP_SNAPDEV, "snapdev", ZFS_SNAPDEV_HIDDEN,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"hidden | visible", "SNAPDEV", snapdev_table);
|
2013-10-28 16:22:15 +00:00
|
|
|
zprop_register_index(ZFS_PROP_ACLTYPE, "acltype", ZFS_ACLTYPE_OFF,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
|
|
|
"noacl | posixacl", "ACLTYPE", acltype_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_ACLINHERIT, "aclinherit",
|
|
|
|
ZFS_ACL_RESTRICTED, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
2008-12-03 20:09:06 +00:00
|
|
|
"discard | noallow | restricted | passthrough | passthrough-x",
|
2008-11-20 20:01:55 +00:00
|
|
|
"ACLINHERIT", acl_inherit_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_COPIES, "copies", 1, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
2008-11-20 20:01:55 +00:00
|
|
|
"1 | 2 | 3", "COPIES", copies_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_PRIMARYCACHE, "primarycache",
|
2008-12-03 20:09:06 +00:00
|
|
|
ZFS_CACHE_ALL, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT | ZFS_TYPE_VOLUME,
|
|
|
|
"all | none | metadata", "PRIMARYCACHE", cache_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_SECONDARYCACHE, "secondarycache",
|
2008-12-03 20:09:06 +00:00
|
|
|
ZFS_CACHE_ALL, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT | ZFS_TYPE_VOLUME,
|
|
|
|
"all | none | metadata", "SECONDARYCACHE", cache_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_LOGBIAS, "logbias", ZFS_LOGBIAS_LATENCY,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"latency | throughput", "LOGBIAS", logbias_table);
|
2011-10-24 23:55:20 +00:00
|
|
|
zprop_register_index(ZFS_PROP_XATTR, "xattr", ZFS_XATTR_DIR,
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
|
|
|
"on | off | dir | sa", "XATTR", xattr_table);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
zprop_register_index(ZFS_PROP_DNODESIZE, "dnodesize",
|
|
|
|
ZFS_DNSIZE_LEGACY, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"legacy | auto | 1k | 2k | 4k | 8k | 16k", "DNSIZE", dnsize_table);
|
2017-07-12 20:05:37 +00:00
|
|
|
zprop_register_index(ZFS_PROP_VOLMODE, "volmode",
|
|
|
|
ZFS_VOLMODE_DEFAULT, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"default | full | geom | dev | none", "VOLMODE", volmode_table);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* inherit index (boolean) properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_ATIME, "atime", 1, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "on | off", "ATIME", boolean_table);
|
2014-01-18 19:00:53 +00:00
|
|
|
zprop_register_index(ZFS_PROP_RELATIME, "relatime", 0, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM, "on | off", "RELATIME", boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_DEVICES, "devices", 1, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, "on | off", "DEVICES",
|
|
|
|
boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_EXEC, "exec", 1, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, "on | off", "EXEC",
|
|
|
|
boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_SETUID, "setuid", 1, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, "on | off", "SETUID",
|
|
|
|
boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_READONLY, "readonly", 0, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "on | off", "RDONLY",
|
|
|
|
boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_ZONED, "zoned", 0, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "on | off", "ZONED", boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_VSCAN, "vscan", 0, PROP_INHERIT,
|
2011-10-24 23:55:20 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "on | off", "VSCAN", boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_NBMAND, "nbmand", 0, PROP_INHERIT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT, "on | off", "NBMAND",
|
|
|
|
boolean_table);
|
2014-07-25 10:42:00 +00:00
|
|
|
zprop_register_index(ZFS_PROP_OVERLAY, "overlay", 0, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM, "on | off", "OVERLAY", boolean_table);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* default index properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_VERSION, "version", 0, PROP_DEFAULT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
2011-11-17 18:14:36 +00:00
|
|
|
"1 | 2 | 3 | 4 | 5 | current", "VERSION", version_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_CANMOUNT, "canmount", ZFS_CANMOUNT_ON,
|
2008-11-20 20:01:55 +00:00
|
|
|
PROP_DEFAULT, ZFS_TYPE_FILESYSTEM, "on | off | noauto",
|
|
|
|
"CANMOUNT", canmount_table);
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
/* readonly index properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_MOUNTED, "mounted", 0, PROP_READONLY,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "yes | no", "MOUNTED", boolean_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_DEFER_DESTROY, "defer_destroy", 0,
|
2009-08-18 18:43:27 +00:00
|
|
|
PROP_READONLY, ZFS_TYPE_SNAPSHOT, "yes | no", "DEFER_DESTROY",
|
|
|
|
boolean_table);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zprop_register_index(ZFS_PROP_KEYSTATUS, "keystatus",
|
|
|
|
ZFS_KEYSTATUS_NONE, PROP_READONLY, ZFS_TYPE_DATASET,
|
|
|
|
"none | unavailable | available",
|
|
|
|
"KEYSTATUS", keystatus_table);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* set once index properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_NORMALIZE, "normalization", 0,
|
2008-11-20 20:01:55 +00:00
|
|
|
PROP_ONETIME, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
|
|
|
"none | formC | formD | formKC | formKD", "NORMALIZATION",
|
|
|
|
normalize_table);
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_CASE, "casesensitivity",
|
|
|
|
ZFS_CASE_SENSITIVE, PROP_ONETIME, ZFS_TYPE_FILESYSTEM |
|
|
|
|
ZFS_TYPE_SNAPSHOT,
|
2008-11-20 20:01:55 +00:00
|
|
|
"sensitive | insensitive | mixed", "CASE", case_table);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zprop_register_index(ZFS_PROP_KEYFORMAT, "keyformat",
|
|
|
|
ZFS_KEYFORMAT_NONE, PROP_ONETIME_DEFAULT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"none | raw | hex | passphrase", "KEYFORMAT", keyformat_table);
|
|
|
|
zprop_register_index(ZFS_PROP_ENCRYPTION, "encryption",
|
|
|
|
ZIO_CRYPT_DEFAULT, PROP_ONETIME, ZFS_TYPE_DATASET,
|
|
|
|
"on | off | aes-128-ccm | aes-192-ccm | aes-256-ccm | "
|
|
|
|
"aes-128-gcm | aes-192-gcm | aes-256-gcm", "ENCRYPTION",
|
|
|
|
crypto_table);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* set once index (boolean) properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_index(ZFS_PROP_UTF8ONLY, "utf8only", 0, PROP_ONETIME,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_SNAPSHOT,
|
|
|
|
"on | off", "UTF8ONLY", boolean_table);
|
|
|
|
|
|
|
|
/* string properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_string(ZFS_PROP_ORIGIN, "origin", NULL, PROP_READONLY,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<snapshot>", "ORIGIN");
|
2011-11-17 18:14:36 +00:00
|
|
|
zprop_register_string(ZFS_PROP_CLONES, "clones", NULL, PROP_READONLY,
|
|
|
|
ZFS_TYPE_SNAPSHOT, "<dataset>[,...]", "CLONES");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_string(ZFS_PROP_MOUNTPOINT, "mountpoint", "/",
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "<path> | legacy | none",
|
|
|
|
"MOUNTPOINT");
|
|
|
|
zprop_register_string(ZFS_PROP_SHARENFS, "sharenfs", "off",
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM, "on | off | share(1M) options",
|
|
|
|
"SHARENFS");
|
|
|
|
zprop_register_string(ZFS_PROP_TYPE, "type", NULL, PROP_READONLY,
|
2013-12-11 22:33:41 +00:00
|
|
|
ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK,
|
|
|
|
"filesystem | volume | snapshot | bookmark", "TYPE");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_string(ZFS_PROP_SHARESMB, "sharesmb", "off",
|
|
|
|
PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"on | off | sharemgr(1M) options", "SHARESMB");
|
|
|
|
zprop_register_string(ZFS_PROP_MLSLABEL, "mlslabel",
|
|
|
|
ZFS_MLSLABEL_DEFAULT, PROP_INHERIT, ZFS_TYPE_DATASET,
|
|
|
|
"<sensitivity label>", "MLSLABEL");
|
2013-12-19 06:24:14 +00:00
|
|
|
zprop_register_string(ZFS_PROP_SELINUX_CONTEXT, "context",
|
|
|
|
"none", PROP_DEFAULT, ZFS_TYPE_DATASET, "<selinux context>",
|
|
|
|
"CONTEXT");
|
|
|
|
zprop_register_string(ZFS_PROP_SELINUX_FSCONTEXT, "fscontext",
|
|
|
|
"none", PROP_DEFAULT, ZFS_TYPE_DATASET, "<selinux fscontext>",
|
|
|
|
"FSCONTEXT");
|
|
|
|
zprop_register_string(ZFS_PROP_SELINUX_DEFCONTEXT, "defcontext",
|
|
|
|
"none", PROP_DEFAULT, ZFS_TYPE_DATASET, "<selinux defcontext>",
|
|
|
|
"DEFCONTEXT");
|
|
|
|
zprop_register_string(ZFS_PROP_SELINUX_ROOTCONTEXT, "rootcontext",
|
|
|
|
"none", PROP_DEFAULT, ZFS_TYPE_DATASET, "<selinux rootcontext>",
|
|
|
|
"ROOTCONTEXT");
|
2016-01-06 21:22:48 +00:00
|
|
|
zprop_register_string(ZFS_PROP_RECEIVE_RESUME_TOKEN,
|
|
|
|
"receive_resume_token",
|
|
|
|
NULL, PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<string token>", "RESUMETOK");
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zprop_register_string(ZFS_PROP_ENCRYPTION_ROOT, "encryptionroot", NULL,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "<filesystem | volume>",
|
|
|
|
"ENCROOT");
|
|
|
|
zprop_register_string(ZFS_PROP_KEYLOCATION, "keylocation",
|
|
|
|
"none", PROP_DEFAULT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"prompt | <file URI>", "KEYLOCATION");
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
zprop_register_string(ZFS_PROP_REDACT_SNAPS,
|
|
|
|
"redact_snaps", NULL, PROP_READONLY,
|
|
|
|
ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "<snapshot>[,...]",
|
|
|
|
"RSNAPS");
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* readonly number properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_USED, "used", 0, PROP_READONLY,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_DATASET, "<size>", "USED");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_AVAILABLE, "available", 0, PROP_READONLY,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>", "AVAIL");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_REFERENCED, "referenced", 0,
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "<size>",
|
|
|
|
"REFER");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_COMPRESSRATIO, "compressratio", 0,
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK,
|
2008-11-20 20:01:55 +00:00
|
|
|
"<1.00x or higher if compressed>", "RATIO");
|
2011-07-26 19:23:00 +00:00
|
|
|
zprop_register_number(ZFS_PROP_REFRATIO, "refcompressratio", 0,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET,
|
|
|
|
"<1.00x or higher if compressed>", "REFRATIO");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_VOLBLOCKSIZE, "volblocksize",
|
|
|
|
ZVOL_DEFAULT_BLOCKSIZE, PROP_ONETIME,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_VOLUME, "512 to 128k, power of 2", "VOLBLOCK");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_USEDSNAP, "usedbysnapshots", 0,
|
|
|
|
PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>",
|
|
|
|
"USEDSNAP");
|
|
|
|
zprop_register_number(ZFS_PROP_USEDDS, "usedbydataset", 0,
|
|
|
|
PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>",
|
|
|
|
"USEDDS");
|
|
|
|
zprop_register_number(ZFS_PROP_USEDCHILD, "usedbychildren", 0,
|
|
|
|
PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>",
|
|
|
|
"USEDCHILD");
|
|
|
|
zprop_register_number(ZFS_PROP_USEDREFRESERV, "usedbyrefreservation", 0,
|
2008-12-03 20:09:06 +00:00
|
|
|
PROP_READONLY,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>", "USEDREFRESERV");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_USERREFS, "userrefs", 0, PROP_READONLY,
|
2009-08-18 18:43:27 +00:00
|
|
|
ZFS_TYPE_SNAPSHOT, "<count>", "USERREFS");
|
2011-11-17 18:14:36 +00:00
|
|
|
zprop_register_number(ZFS_PROP_WRITTEN, "written", 0, PROP_READONLY,
|
|
|
|
ZFS_TYPE_DATASET, "<size>", "WRITTEN");
|
2013-02-22 09:23:09 +00:00
|
|
|
zprop_register_number(ZFS_PROP_LOGICALUSED, "logicalused", 0,
|
2018-02-08 16:16:23 +00:00
|
|
|
PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "<size>",
|
|
|
|
"LUSED");
|
2013-02-22 09:23:09 +00:00
|
|
|
zprop_register_number(ZFS_PROP_LOGICALREFERENCED, "logicalreferenced",
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
0, PROP_READONLY, ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "<size>",
|
|
|
|
"LREFER");
|
2017-01-23 18:17:35 +00:00
|
|
|
zprop_register_number(ZFS_PROP_FILESYSTEM_COUNT, "filesystem_count",
|
|
|
|
UINT64_MAX, PROP_READONLY, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"<count>", "FSCOUNT");
|
|
|
|
zprop_register_number(ZFS_PROP_SNAPSHOT_COUNT, "snapshot_count",
|
|
|
|
UINT64_MAX, PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<count>", "SSCOUNT");
|
2017-05-09 22:36:53 +00:00
|
|
|
zprop_register_number(ZFS_PROP_GUID, "guid", 0, PROP_READONLY,
|
|
|
|
ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "<uint64>", "GUID");
|
|
|
|
zprop_register_number(ZFS_PROP_CREATETXG, "createtxg", 0, PROP_READONLY,
|
|
|
|
ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "<uint64>", "CREATETXG");
|
OpenZFS 7614, 9064 - zfs device evacuation/removal
OpenZFS 7614 - zfs device evacuation/removal
OpenZFS 9064 - remove_mirror should wait for device removal to complete
This project allows top-level vdevs to be removed from the storage pool
with "zpool remove", reducing the total amount of storage in the pool.
This operation copies all allocated regions of the device to be removed
onto other devices, recording the mapping from old to new location.
After the removal is complete, read and free operations to the removed
(now "indirect") vdev must be remapped and performed at the new location
on disk. The indirect mapping table is kept in memory whenever the pool
is loaded, so there is minimal performance overhead when doing operations
on the indirect vdev.
The size of the in-memory mapping table will be reduced when its entries
become "obsolete" because they are no longer used by any block pointers
in the pool. An entry becomes obsolete when all the blocks that use
it are freed. An entry can also become obsolete when all the snapshots
that reference it are deleted, and the block pointers that reference it
have been "remapped" in all filesystems/zvols (and clones). Whenever an
indirect block is written, all the block pointers in it will be "remapped"
to their new (concrete) locations if possible. This process can be
accelerated by using the "zfs remap" command to proactively rewrite all
indirect blocks that reference indirect (removed) vdevs.
Note that when a device is removed, we do not verify the checksum of
the data that is copied. This makes the process much faster, but if it
were used on redundant vdevs (i.e. mirror or raidz vdevs), it would be
possible to copy the wrong data, when we have the correct data on e.g.
the other side of the mirror.
At the moment, only mirrors and simple top-level vdevs can be removed
and no removal is allowed if any of the top-level vdevs are raidz.
Porting Notes:
* Avoid zero-sized kmem_alloc() in vdev_compact_children().
The device evacuation code adds a dependency that
vdev_compact_children() be able to properly empty the vdev_child
array by setting it to NULL and zeroing vdev_children. Under Linux,
kmem_alloc() and related functions return a sentinel pointer rather
than NULL for zero-sized allocations.
* Remove comment regarding "mpt" driver where zfs_remove_max_segment
is initialized to SPA_MAXBLOCKSIZE.
Change zfs_condense_indirect_commit_entry_delay_ticks to
zfs_condense_indirect_commit_entry_delay_ms for consistency with
most other tunables in which delays are specified in ms.
* ZTS changes:
Use set_tunable rather than mdb
Use zpool sync as appropriate
Use sync_pool instead of sync
Kill jobs during test_removal_with_operation to allow unmount/export
Don't add non-disk names such as "mirror" or "raidz" to $DISKS
Use $TEST_BASE_DIR instead of /tmp
Increase HZ from 100 to 1000 which is more common on Linux
removal_multiple_indirection.ksh
Reduce iterations in order to not time out on the code
coverage builders.
removal_resume_export:
Functionally, the test case is correct but there exists a race
where the kernel thread hasn't been fully started yet and is
not visible. Wait for up to 1 second for the removal thread
to be started before giving up on it. Also, increase the
amount of data copied in order that the removal not finish
before the export has a chance to fail.
* MMP compatibility, the concept of concrete versus non-concrete devices
has slightly changed the semantics of vdev_writeable(). Update
mmp_random_leaf_impl() accordingly.
* Updated dbuf_remap() to handle the org.zfsonlinux:large_dnode pool
feature which is not supported by OpenZFS.
* Added support for new vdev removal tracepoints.
* Test cases removal_with_zdb and removal_condense_export have been
intentionally disabled. When run manually they pass as intended,
but when running in the automated test environment they produce
unreliable results on the latest Fedora release.
They may work better once the upstream pool import refectoring is
merged into ZoL at which point they will be re-enabled.
Authored by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Alex Reece <alex@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Richard Laager <rlaager@wiktel.com>
Reviewed by: Tim Chase <tim@chase2k.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Garrett D'Amore <garrett@damore.org>
Ported-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Tim Chase <tim@chase2k.com>
OpenZFS-issue: https://www.illumos.org/issues/7614
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/f539f1eb
Closes #6900
2016-09-22 16:30:13 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_REMAPTXG, "remaptxg", PROP_TYPE_NUMBER,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "REMAPTXG");
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zprop_register_number(ZFS_PROP_PBKDF2_ITERS, "pbkdf2iters",
|
|
|
|
0, PROP_ONETIME_DEFAULT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<iters>", "PBKDF2ITERS");
|
2018-08-20 16:52:37 +00:00
|
|
|
zprop_register_number(ZFS_PROP_OBJSETID, "objsetid", 0,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "<uint64>", "OBJSETID");
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* default number properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_QUOTA, "quota", 0, PROP_DEFAULT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "<size> | none", "QUOTA");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_RESERVATION, "reservation", 0,
|
|
|
|
PROP_DEFAULT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<size> | none", "RESERV");
|
|
|
|
zprop_register_number(ZFS_PROP_VOLSIZE, "volsize", 0, PROP_DEFAULT,
|
2014-04-21 18:22:08 +00:00
|
|
|
ZFS_TYPE_SNAPSHOT | ZFS_TYPE_VOLUME, "<size>", "VOLSIZE");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_REFQUOTA, "refquota", 0, PROP_DEFAULT,
|
2008-11-20 20:01:55 +00:00
|
|
|
ZFS_TYPE_FILESYSTEM, "<size> | none", "REFQUOTA");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_REFRESERVATION, "refreservation", 0,
|
2008-11-20 20:01:55 +00:00
|
|
|
PROP_DEFAULT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<size> | none", "REFRESERV");
|
2015-04-01 13:07:48 +00:00
|
|
|
zprop_register_number(ZFS_PROP_FILESYSTEM_LIMIT, "filesystem_limit",
|
|
|
|
UINT64_MAX, PROP_DEFAULT, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"<count> | none", "FSLIMIT");
|
|
|
|
zprop_register_number(ZFS_PROP_SNAPSHOT_LIMIT, "snapshot_limit",
|
|
|
|
UINT64_MAX, PROP_DEFAULT, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME,
|
|
|
|
"<count> | none", "SSLIMIT");
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* inherit number properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_number(ZFS_PROP_RECORDSIZE, "recordsize",
|
2014-11-03 20:15:08 +00:00
|
|
|
SPA_OLD_MAXBLOCKSIZE, PROP_INHERIT,
|
|
|
|
ZFS_TYPE_FILESYSTEM, "512 to 1M, power of 2", "RECSIZE");
|
2018-09-06 01:33:36 +00:00
|
|
|
zprop_register_number(ZFS_PROP_SPECIAL_SMALL_BLOCKS,
|
|
|
|
"special_small_blocks", 0, PROP_INHERIT, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"zero or 512 to 128K, power of 2", "SPECIAL_SMALL_BLOCKS");
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* hidden properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_NUMCLONES, "numclones", PROP_TYPE_NUMBER,
|
|
|
|
PROP_READONLY, ZFS_TYPE_SNAPSHOT, "NUMCLONES");
|
|
|
|
zprop_register_hidden(ZFS_PROP_NAME, "name", PROP_TYPE_STRING,
|
2013-12-11 22:33:41 +00:00
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "NAME");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_ISCSIOPTIONS, "iscsioptions",
|
|
|
|
PROP_TYPE_STRING, PROP_INHERIT, ZFS_TYPE_VOLUME, "ISCSIOPTIONS");
|
|
|
|
zprop_register_hidden(ZFS_PROP_STMF_SHAREINFO, "stmf_sbd_lu",
|
2009-07-02 22:44:48 +00:00
|
|
|
PROP_TYPE_STRING, PROP_INHERIT, ZFS_TYPE_VOLUME,
|
|
|
|
"STMF_SBD_LU");
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_USERACCOUNTING, "useraccounting",
|
|
|
|
PROP_TYPE_NUMBER, PROP_READONLY, ZFS_TYPE_DATASET,
|
|
|
|
"USERACCOUNTING");
|
|
|
|
zprop_register_hidden(ZFS_PROP_UNIQUE, "unique", PROP_TYPE_NUMBER,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "UNIQUE");
|
2013-07-27 17:51:50 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_INCONSISTENT, "inconsistent",
|
|
|
|
PROP_TYPE_NUMBER, PROP_READONLY, ZFS_TYPE_DATASET, "INCONSISTENT");
|
2019-02-04 19:24:55 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_IVSET_GUID, "ivsetguid",
|
|
|
|
PROP_TYPE_NUMBER, PROP_READONLY,
|
|
|
|
ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK, "IVSETGUID");
|
2016-01-01 13:15:31 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_PREV_SNAP, "prevsnap", PROP_TYPE_STRING,
|
|
|
|
PROP_READONLY, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "PREVSNAP");
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_PBKDF2_SALT, "pbkdf2salt",
|
|
|
|
PROP_TYPE_NUMBER, PROP_ONETIME_DEFAULT,
|
|
|
|
ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME, "PBKDF2SALT");
|
|
|
|
zprop_register_hidden(ZFS_PROP_KEY_GUID, "keyguid", PROP_TYPE_NUMBER,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "KEYGUID");
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
zprop_register_hidden(ZFS_PROP_REDACTED, "redacted", PROP_TYPE_NUMBER,
|
|
|
|
PROP_READONLY, ZFS_TYPE_DATASET, "REDACTED");
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Property to be removed once libbe is integrated
|
|
|
|
*/
|
|
|
|
zprop_register_hidden(ZFS_PROP_PRIVATE, "priv_prop",
|
|
|
|
PROP_TYPE_NUMBER, PROP_READONLY, ZFS_TYPE_FILESYSTEM,
|
|
|
|
"PRIV_PROP");
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/* oddball properties */
|
2010-05-28 20:45:14 +00:00
|
|
|
zprop_register_impl(ZFS_PROP_CREATION, "creation", PROP_TYPE_NUMBER, 0,
|
2013-12-11 22:33:41 +00:00
|
|
|
NULL, PROP_READONLY, ZFS_TYPE_DATASET | ZFS_TYPE_BOOKMARK,
|
2008-11-20 20:01:55 +00:00
|
|
|
"<date>", "CREATION", B_FALSE, B_TRUE, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_delegatable(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
zprop_desc_t *pd = &zfs_prop_table[prop];
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
/* The mlslabel property is never delegatable. */
|
|
|
|
if (prop == ZFS_PROP_MLSLABEL)
|
|
|
|
return (B_FALSE);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
return (pd->pd_attr != PROP_READONLY);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given a zfs dataset property name, returns the corresponding property ID.
|
|
|
|
*/
|
|
|
|
zfs_prop_t
|
|
|
|
zfs_name_to_prop(const char *propname)
|
|
|
|
{
|
|
|
|
return (zprop_name_to_prop(propname, ZFS_TYPE_DATASET));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For user property names, we allow all lowercase alphanumeric characters, plus
|
|
|
|
* a few useful punctuation characters.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
valid_char(char c)
|
|
|
|
{
|
|
|
|
return ((c >= 'a' && c <= 'z') ||
|
|
|
|
(c >= '0' && c <= '9') ||
|
|
|
|
c == '-' || c == '_' || c == '.' || c == ':');
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns true if this is a valid user-defined property (one with a ':').
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_user(const char *name)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
char c;
|
|
|
|
boolean_t foundsep = B_FALSE;
|
|
|
|
|
|
|
|
for (i = 0; i < strlen(name); i++) {
|
|
|
|
c = name[i];
|
|
|
|
if (!valid_char(c))
|
|
|
|
return (B_FALSE);
|
|
|
|
if (c == ':')
|
|
|
|
foundsep = B_TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!foundsep)
|
|
|
|
return (B_FALSE);
|
|
|
|
|
|
|
|
return (B_TRUE);
|
|
|
|
}
|
|
|
|
|
2009-07-02 22:44:48 +00:00
|
|
|
/*
|
|
|
|
* Returns true if this is a valid userspace-type property (one with a '@').
|
|
|
|
* Note that after the @, any character is valid (eg, another @, for SID
|
|
|
|
* user@domain).
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_userquota(const char *name)
|
|
|
|
{
|
|
|
|
zfs_userquota_prop_t prop;
|
|
|
|
|
|
|
|
for (prop = 0; prop < ZFS_NUM_USERQUOTA_PROPS; prop++) {
|
|
|
|
if (strncmp(name, zfs_userquota_prop_prefixes[prop],
|
|
|
|
strlen(zfs_userquota_prop_prefixes[prop])) == 0) {
|
|
|
|
return (B_TRUE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return (B_FALSE);
|
|
|
|
}
|
|
|
|
|
2011-11-17 18:14:36 +00:00
|
|
|
/*
|
|
|
|
* Returns true if this is a valid written@ property.
|
|
|
|
* Note that after the @, any character is valid (eg, another @, for
|
|
|
|
* written@pool/fs@origin).
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_written(const char *name)
|
|
|
|
{
|
Implement Redacted Send/Receive
Redacted send/receive allows users to send subsets of their data to
a target system. One possible use case for this feature is to not
transmit sensitive information to a data warehousing, test/dev, or
analytics environment. Another is to save space by not replicating
unimportant data within a given dataset, for example in backup tools
like zrepl.
Redacted send/receive is a three-stage process. First, a clone (or
clones) is made of the snapshot to be sent to the target. In this
clone (or clones), all unnecessary or unwanted data is removed or
modified. This clone is then snapshotted to create the "redaction
snapshot" (or snapshots). Second, the new zfs redact command is used
to create a redaction bookmark. The redaction bookmark stores the
list of blocks in a snapshot that were modified by the redaction
snapshot(s). Finally, the redaction bookmark is passed as a parameter
to zfs send. When sending to the snapshot that was redacted, the
redaction bookmark is used to filter out blocks that contain sensitive
or unwanted information, and those blocks are not included in the send
stream. When sending from the redaction bookmark, the blocks it
contains are considered as candidate blocks in addition to those
blocks in the destination snapshot that were modified since the
creation_txg of the redaction bookmark. This step is necessary to
allow the target to rehydrate data in the case where some blocks are
accidentally or unnecessarily modified in the redaction snapshot.
The changes to bookmarks to enable fast space estimation involve
adding deadlists to bookmarks. There is also logic to manage the
life cycles of these deadlists.
The new size estimation process operates in cases where previously
an accurate estimate could not be provided. In those cases, a send
is performed where no data blocks are read, reducing the runtime
significantly and providing a byte-accurate size estimate.
Reviewed-by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Prashanth Sreenivasa <pks@delphix.com>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Reviewed-by: George Wilson <george.wilson@delphix.com>
Reviewed-by: Chris Williamson <chris.williamson@delphix.com>
Reviewed-by: Pavel Zhakarov <pavel.zakharov@delphix.com>
Reviewed-by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Paul Dagnelie <pcd@delphix.com>
Closes #7958
2019-06-19 16:48:13 +00:00
|
|
|
static const char *prop_prefix = "written@";
|
|
|
|
static const char *book_prefix = "written#";
|
|
|
|
return (strncmp(name, prop_prefix, strlen(prop_prefix)) == 0 ||
|
|
|
|
strncmp(name, book_prefix, strlen(book_prefix)) == 0);
|
2011-11-17 18:14:36 +00:00
|
|
|
}
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Tables of index types, plus functions to convert between the user view
|
|
|
|
* (strings) and internal representation (uint64_t).
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
zfs_prop_string_to_index(zfs_prop_t prop, const char *string, uint64_t *index)
|
|
|
|
{
|
|
|
|
return (zprop_string_to_index(prop, string, index, ZFS_TYPE_DATASET));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
zfs_prop_index_to_string(zfs_prop_t prop, uint64_t index, const char **string)
|
|
|
|
{
|
|
|
|
return (zprop_index_to_string(prop, index, string, ZFS_TYPE_DATASET));
|
|
|
|
}
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
uint64_t
|
|
|
|
zfs_prop_random_value(zfs_prop_t prop, uint64_t seed)
|
|
|
|
{
|
|
|
|
return (zprop_random_value(prop, seed, ZFS_TYPE_DATASET));
|
|
|
|
}
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Returns TRUE if the property applies to any of the given dataset types.
|
|
|
|
*/
|
2008-12-03 20:09:06 +00:00
|
|
|
boolean_t
|
2014-04-21 18:22:08 +00:00
|
|
|
zfs_prop_valid_for_type(int prop, zfs_type_t types, boolean_t headcheck)
|
2008-11-20 20:01:55 +00:00
|
|
|
{
|
2014-04-21 18:22:08 +00:00
|
|
|
return (zprop_valid_for_type(prop, types, headcheck));
|
2008-11-20 20:01:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
zprop_type_t
|
|
|
|
zfs_prop_get_type(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_proptype);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns TRUE if the property is readonly.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_readonly(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_attr == PROP_READONLY ||
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
zfs_prop_table[prop].pd_attr == PROP_ONETIME ||
|
|
|
|
zfs_prop_table[prop].pd_attr == PROP_ONETIME_DEFAULT);
|
2008-11-20 20:01:55 +00:00
|
|
|
}
|
|
|
|
|
2018-02-08 16:16:23 +00:00
|
|
|
/*
|
|
|
|
* Returns TRUE if the property is visible (not hidden).
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_visible(zfs_prop_t prop)
|
|
|
|
{
|
2018-09-02 19:09:53 +00:00
|
|
|
return (zfs_prop_table[prop].pd_visible &&
|
|
|
|
zfs_prop_table[prop].pd_zfs_mod_supported);
|
2018-02-08 16:16:23 +00:00
|
|
|
}
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Returns TRUE if the property is only allowed to be set once.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_setonce(zfs_prop_t prop)
|
|
|
|
{
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
return (zfs_prop_table[prop].pd_attr == PROP_ONETIME ||
|
|
|
|
zfs_prop_table[prop].pd_attr == PROP_ONETIME_DEFAULT);
|
2008-11-20 20:01:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
|
|
|
zfs_prop_default_string(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_strdefault);
|
|
|
|
}
|
|
|
|
|
|
|
|
uint64_t
|
|
|
|
zfs_prop_default_numeric(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_numdefault);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Given a dataset property ID, returns the corresponding name.
|
|
|
|
* Assuming the zfs dataset property ID is valid.
|
|
|
|
*/
|
|
|
|
const char *
|
|
|
|
zfs_prop_to_name(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns TRUE if the property is inheritable.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_inheritable(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_attr == PROP_INHERIT ||
|
|
|
|
zfs_prop_table[prop].pd_attr == PROP_ONETIME);
|
|
|
|
}
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
/*
|
|
|
|
* Returns TRUE if property is one of the encryption properties that requires
|
|
|
|
* a loaded encryption key to modify.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_encryption_key_param(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* keylocation does not count as an encryption property. It can be
|
|
|
|
* changed at will without needing the master keys.
|
|
|
|
*/
|
|
|
|
return (prop == ZFS_PROP_PBKDF2_SALT || prop == ZFS_PROP_PBKDF2_ITERS ||
|
|
|
|
prop == ZFS_PROP_KEYFORMAT);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper function used by both kernelspace and userspace to check the
|
|
|
|
* keylocation property. If encrypted is set, the keylocation must be valid
|
|
|
|
* for an encrypted dataset.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_valid_keylocation(const char *str, boolean_t encrypted)
|
|
|
|
{
|
|
|
|
if (strcmp("none", str) == 0)
|
|
|
|
return (!encrypted);
|
|
|
|
else if (strcmp("prompt", str) == 0)
|
|
|
|
return (B_TRUE);
|
|
|
|
else if (strlen(str) > 8 && strncmp("file:///", str, 8) == 0)
|
|
|
|
return (B_TRUE);
|
|
|
|
|
|
|
|
return (B_FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#ifndef _KERNEL
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns a string describing the set of acceptable values for the given
|
|
|
|
* zfs property, or NULL if it cannot be set.
|
|
|
|
*/
|
|
|
|
const char *
|
|
|
|
zfs_prop_values(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_values);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns TRUE if this property is a string type. Note that index types
|
|
|
|
* (compression, checksum) are treated as strings in userland, even though they
|
|
|
|
* are stored numerically on disk.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
zfs_prop_is_string(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_proptype == PROP_TYPE_STRING ||
|
|
|
|
zfs_prop_table[prop].pd_proptype == PROP_TYPE_INDEX);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns the column header for the given property. Used only in
|
|
|
|
* 'zfs list -o', but centralized here with the other property information.
|
|
|
|
*/
|
|
|
|
const char *
|
|
|
|
zfs_prop_column_name(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_colname);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns whether the given property should be displayed right-justified for
|
|
|
|
* 'zfs list'.
|
|
|
|
*/
|
|
|
|
boolean_t
|
|
|
|
zfs_prop_align_right(zfs_prop_t prop)
|
|
|
|
{
|
|
|
|
return (zfs_prop_table[prop].pd_rightalign);
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
2010-08-26 18:49:16 +00:00
|
|
|
|
2018-02-16 01:53:18 +00:00
|
|
|
#if defined(_KERNEL)
|
2015-02-18 23:39:05 +00:00
|
|
|
static int __init
|
|
|
|
zcommon_init(void)
|
|
|
|
{
|
2015-12-09 23:34:16 +00:00
|
|
|
fletcher_4_init();
|
2015-02-18 23:39:05 +00:00
|
|
|
return (0);
|
|
|
|
}
|
2010-08-26 18:49:16 +00:00
|
|
|
|
2015-02-18 23:39:05 +00:00
|
|
|
static void __exit
|
|
|
|
zcommon_fini(void)
|
|
|
|
{
|
2015-12-09 23:34:16 +00:00
|
|
|
fletcher_4_fini();
|
2015-02-18 23:39:05 +00:00
|
|
|
}
|
2010-08-26 18:49:16 +00:00
|
|
|
|
2015-02-18 23:39:05 +00:00
|
|
|
module_init(zcommon_init);
|
|
|
|
module_exit(zcommon_fini);
|
2010-08-26 18:49:16 +00:00
|
|
|
|
|
|
|
MODULE_DESCRIPTION("Generic ZFS support");
|
|
|
|
MODULE_AUTHOR(ZFS_META_AUTHOR);
|
|
|
|
MODULE_LICENSE(ZFS_META_LICENSE);
|
2013-12-04 18:32:08 +00:00
|
|
|
MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE);
|
2010-08-26 18:49:16 +00:00
|
|
|
|
|
|
|
/* zfs dataset property functions */
|
|
|
|
EXPORT_SYMBOL(zfs_userquota_prop_prefixes);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_init);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_get_type);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_get_table);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_delegatable);
|
2018-02-08 16:16:23 +00:00
|
|
|
EXPORT_SYMBOL(zfs_prop_visible);
|
2010-08-26 18:49:16 +00:00
|
|
|
|
|
|
|
/* Dataset property functions shared between libzfs and kernel. */
|
|
|
|
EXPORT_SYMBOL(zfs_prop_default_string);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_default_numeric);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_readonly);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_inheritable);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
EXPORT_SYMBOL(zfs_prop_encryption_key_param);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_valid_keylocation);
|
2010-08-26 18:49:16 +00:00
|
|
|
EXPORT_SYMBOL(zfs_prop_setonce);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_to_name);
|
|
|
|
EXPORT_SYMBOL(zfs_name_to_prop);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_user);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_userquota);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_index_to_string);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_string_to_index);
|
|
|
|
EXPORT_SYMBOL(zfs_prop_valid_for_type);
|
2018-02-08 16:16:23 +00:00
|
|
|
EXPORT_SYMBOL(zfs_prop_written);
|
2010-08-26 18:49:16 +00:00
|
|
|
|
|
|
|
#endif
|