2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* CDDL HEADER START
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
|
|
|
/*
|
2010-05-28 20:45:14 +00:00
|
|
|
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
2017-03-23 16:07:27 +00:00
|
|
|
* Copyright (c) 2011, 2017 by Delphix. All rights reserved.
|
2013-10-07 10:53:58 +00:00
|
|
|
* Copyright 2011 Nexenta Systems, Inc. All rights reserved.
|
2012-05-09 22:05:14 +00:00
|
|
|
* Copyright (c) 2012, Joyent, Inc. All rights reserved.
|
2014-09-12 03:28:35 +00:00
|
|
|
* Copyright 2014 HybridCluster. All rights reserved.
|
2015-04-02 03:44:32 +00:00
|
|
|
* Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
|
2016-06-15 22:47:05 +00:00
|
|
|
* Copyright 2013 Saso Kiselkov. All rights reserved.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/* Portions Copyright 2010 Robert Milkowski */
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#ifndef _SYS_DMU_H
|
|
|
|
#define _SYS_DMU_H
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This file describes the interface that the DMU provides for its
|
|
|
|
* consumers.
|
|
|
|
*
|
|
|
|
* The DMU also interacts with the SPA. That interface is described in
|
|
|
|
* dmu_spa.h.
|
|
|
|
*/
|
|
|
|
|
2015-04-02 03:44:32 +00:00
|
|
|
#include <sys/zfs_context.h>
|
2008-11-20 20:01:55 +00:00
|
|
|
#include <sys/inttypes.h>
|
|
|
|
#include <sys/cred.h>
|
2013-08-28 11:45:09 +00:00
|
|
|
#include <sys/fs/zfs.h>
|
2016-07-11 17:45:52 +00:00
|
|
|
#include <sys/zio_compress.h>
|
2015-12-22 01:31:57 +00:00
|
|
|
#include <sys/zio_priority.h>
|
2010-08-26 17:26:05 +00:00
|
|
|
#include <sys/uio.h>
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
struct page;
|
|
|
|
struct vnode;
|
|
|
|
struct spa;
|
|
|
|
struct zilog;
|
|
|
|
struct zio;
|
|
|
|
struct blkptr;
|
|
|
|
struct zap_cursor;
|
|
|
|
struct dsl_dataset;
|
|
|
|
struct dsl_pool;
|
|
|
|
struct dnode;
|
|
|
|
struct drr_begin;
|
|
|
|
struct drr_end;
|
2014-06-25 18:37:59 +00:00
|
|
|
struct zbookmark_phys;
|
2008-11-20 20:01:55 +00:00
|
|
|
struct spa;
|
|
|
|
struct nvlist;
|
2009-07-02 22:44:48 +00:00
|
|
|
struct arc_buf;
|
2010-05-28 20:45:14 +00:00
|
|
|
struct zio_prop;
|
|
|
|
struct sa_handle;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
struct dsl_crypto_params;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
typedef struct objset objset_t;
|
|
|
|
typedef struct dmu_tx dmu_tx_t;
|
|
|
|
typedef struct dsl_dir dsl_dir_t;
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-20 22:42:13 +00:00
|
|
|
typedef struct dnode dnode_t;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2012-12-13 23:24:15 +00:00
|
|
|
typedef enum dmu_object_byteswap {
|
|
|
|
DMU_BSWAP_UINT8,
|
|
|
|
DMU_BSWAP_UINT16,
|
|
|
|
DMU_BSWAP_UINT32,
|
|
|
|
DMU_BSWAP_UINT64,
|
|
|
|
DMU_BSWAP_ZAP,
|
|
|
|
DMU_BSWAP_DNODE,
|
|
|
|
DMU_BSWAP_OBJSET,
|
|
|
|
DMU_BSWAP_ZNODE,
|
|
|
|
DMU_BSWAP_OLDACL,
|
|
|
|
DMU_BSWAP_ACL,
|
|
|
|
/*
|
|
|
|
* Allocating a new byteswap type number makes the on-disk format
|
|
|
|
* incompatible with any other format that uses the same number.
|
|
|
|
*
|
|
|
|
* Data can usually be structured to work with one of the
|
|
|
|
* DMU_BSWAP_UINT* or DMU_BSWAP_ZAP types.
|
|
|
|
*/
|
|
|
|
DMU_BSWAP_NUMFUNCS
|
|
|
|
} dmu_object_byteswap_t;
|
|
|
|
|
|
|
|
#define DMU_OT_NEWTYPE 0x80
|
|
|
|
#define DMU_OT_METADATA 0x40
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define DMU_OT_ENCRYPTED 0x20
|
|
|
|
#define DMU_OT_BYTESWAP_MASK 0x1f
|
2012-12-13 23:24:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Defines a uint8_t object type. Object types specify if the data
|
|
|
|
* in the object is metadata (boolean) and how to byteswap the data
|
|
|
|
* (dmu_object_byteswap_t).
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define DMU_OT(byteswap, metadata, encrypted) \
|
2012-12-13 23:24:15 +00:00
|
|
|
(DMU_OT_NEWTYPE | \
|
|
|
|
((metadata) ? DMU_OT_METADATA : 0) | \
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
((encrypted) ? DMU_OT_ENCRYPTED : 0) | \
|
2012-12-13 23:24:15 +00:00
|
|
|
((byteswap) & DMU_OT_BYTESWAP_MASK))
|
|
|
|
|
|
|
|
#define DMU_OT_IS_VALID(ot) (((ot) & DMU_OT_NEWTYPE) ? \
|
|
|
|
((ot) & DMU_OT_BYTESWAP_MASK) < DMU_BSWAP_NUMFUNCS : \
|
|
|
|
(ot) < DMU_OT_NUMTYPES)
|
|
|
|
|
|
|
|
#define DMU_OT_IS_METADATA(ot) (((ot) & DMU_OT_NEWTYPE) ? \
|
|
|
|
((ot) & DMU_OT_METADATA) : \
|
|
|
|
dmu_ot[(int)(ot)].ot_metadata)
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define DMU_OT_IS_ENCRYPTED(ot) (((ot) & DMU_OT_NEWTYPE) ? \
|
|
|
|
((ot) & DMU_OT_ENCRYPTED) : \
|
|
|
|
dmu_ot[(int)(ot)].ot_encrypt)
|
|
|
|
|
2014-06-05 21:19:08 +00:00
|
|
|
/*
|
|
|
|
* These object types use bp_fill != 1 for their L0 bp's. Therefore they can't
|
|
|
|
* have their data embedded (i.e. use a BP_IS_EMBEDDED() bp), because bp_fill
|
|
|
|
* is repurposed for embedded BPs.
|
|
|
|
*/
|
|
|
|
#define DMU_OT_HAS_FILL(ot) \
|
|
|
|
((ot) == DMU_OT_DNODE || (ot) == DMU_OT_OBJSET)
|
|
|
|
|
2012-12-13 23:24:15 +00:00
|
|
|
#define DMU_OT_BYTESWAP(ot) (((ot) & DMU_OT_NEWTYPE) ? \
|
|
|
|
((ot) & DMU_OT_BYTESWAP_MASK) : \
|
|
|
|
dmu_ot[(int)(ot)].ot_byteswap)
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
typedef enum dmu_object_type {
|
|
|
|
DMU_OT_NONE,
|
|
|
|
/* general: */
|
|
|
|
DMU_OT_OBJECT_DIRECTORY, /* ZAP */
|
|
|
|
DMU_OT_OBJECT_ARRAY, /* UINT64 */
|
|
|
|
DMU_OT_PACKED_NVLIST, /* UINT8 (XDR by nvlist_pack/unpack) */
|
|
|
|
DMU_OT_PACKED_NVLIST_SIZE, /* UINT64 */
|
2010-05-28 20:45:14 +00:00
|
|
|
DMU_OT_BPOBJ, /* UINT64 */
|
|
|
|
DMU_OT_BPOBJ_HDR, /* UINT64 */
|
2008-11-20 20:01:55 +00:00
|
|
|
/* spa: */
|
|
|
|
DMU_OT_SPACE_MAP_HEADER, /* UINT64 */
|
|
|
|
DMU_OT_SPACE_MAP, /* UINT64 */
|
|
|
|
/* zil: */
|
|
|
|
DMU_OT_INTENT_LOG, /* UINT64 */
|
|
|
|
/* dmu: */
|
|
|
|
DMU_OT_DNODE, /* DNODE */
|
|
|
|
DMU_OT_OBJSET, /* OBJSET */
|
|
|
|
/* dsl: */
|
|
|
|
DMU_OT_DSL_DIR, /* UINT64 */
|
|
|
|
DMU_OT_DSL_DIR_CHILD_MAP, /* ZAP */
|
|
|
|
DMU_OT_DSL_DS_SNAP_MAP, /* ZAP */
|
|
|
|
DMU_OT_DSL_PROPS, /* ZAP */
|
|
|
|
DMU_OT_DSL_DATASET, /* UINT64 */
|
|
|
|
/* zpl: */
|
|
|
|
DMU_OT_ZNODE, /* ZNODE */
|
|
|
|
DMU_OT_OLDACL, /* Old ACL */
|
|
|
|
DMU_OT_PLAIN_FILE_CONTENTS, /* UINT8 */
|
|
|
|
DMU_OT_DIRECTORY_CONTENTS, /* ZAP */
|
|
|
|
DMU_OT_MASTER_NODE, /* ZAP */
|
|
|
|
DMU_OT_UNLINKED_SET, /* ZAP */
|
|
|
|
/* zvol: */
|
|
|
|
DMU_OT_ZVOL, /* UINT8 */
|
|
|
|
DMU_OT_ZVOL_PROP, /* ZAP */
|
|
|
|
/* other; for testing only! */
|
|
|
|
DMU_OT_PLAIN_OTHER, /* UINT8 */
|
|
|
|
DMU_OT_UINT64_OTHER, /* UINT64 */
|
|
|
|
DMU_OT_ZAP_OTHER, /* ZAP */
|
|
|
|
/* new object types: */
|
|
|
|
DMU_OT_ERROR_LOG, /* ZAP */
|
|
|
|
DMU_OT_SPA_HISTORY, /* UINT8 */
|
|
|
|
DMU_OT_SPA_HISTORY_OFFSETS, /* spa_his_phys_t */
|
|
|
|
DMU_OT_POOL_PROPS, /* ZAP */
|
|
|
|
DMU_OT_DSL_PERMS, /* ZAP */
|
|
|
|
DMU_OT_ACL, /* ACL */
|
|
|
|
DMU_OT_SYSACL, /* SYSACL */
|
|
|
|
DMU_OT_FUID, /* FUID table (Packed NVLIST UINT8) */
|
|
|
|
DMU_OT_FUID_SIZE, /* FUID table size UINT64 */
|
2008-12-03 20:09:06 +00:00
|
|
|
DMU_OT_NEXT_CLONES, /* ZAP */
|
2010-05-28 20:45:14 +00:00
|
|
|
DMU_OT_SCAN_QUEUE, /* ZAP */
|
2009-07-02 22:44:48 +00:00
|
|
|
DMU_OT_USERGROUP_USED, /* ZAP */
|
|
|
|
DMU_OT_USERGROUP_QUOTA, /* ZAP */
|
2009-08-18 18:43:27 +00:00
|
|
|
DMU_OT_USERREFS, /* ZAP */
|
2010-05-28 20:45:14 +00:00
|
|
|
DMU_OT_DDT_ZAP, /* ZAP */
|
|
|
|
DMU_OT_DDT_STATS, /* ZAP */
|
|
|
|
DMU_OT_SA, /* System attr */
|
|
|
|
DMU_OT_SA_MASTER_NODE, /* ZAP */
|
|
|
|
DMU_OT_SA_ATTR_REGISTRATION, /* ZAP */
|
|
|
|
DMU_OT_SA_ATTR_LAYOUTS, /* ZAP */
|
|
|
|
DMU_OT_SCAN_XLATE, /* ZAP */
|
|
|
|
DMU_OT_DEDUP, /* fake dedup BP from ddt_bp_create() */
|
|
|
|
DMU_OT_DEADLIST, /* ZAP */
|
|
|
|
DMU_OT_DEADLIST_HDR, /* UINT64 */
|
|
|
|
DMU_OT_DSL_CLONES, /* ZAP */
|
|
|
|
DMU_OT_BPOBJ_SUBOBJ, /* UINT64 */
|
2012-12-13 23:24:15 +00:00
|
|
|
/*
|
|
|
|
* Do not allocate new object types here. Doing so makes the on-disk
|
|
|
|
* format incompatible with any other format that uses the same object
|
|
|
|
* type number.
|
|
|
|
*
|
|
|
|
* When creating an object which does not have one of the above types
|
|
|
|
* use the DMU_OTN_* type with the correct byteswap and metadata
|
|
|
|
* values.
|
|
|
|
*
|
|
|
|
* The DMU_OTN_* types do not have entries in the dmu_ot table,
|
|
|
|
* use the DMU_OT_IS_METDATA() and DMU_OT_BYTESWAP() macros instead
|
|
|
|
* of indexing into dmu_ot directly (this works for both DMU_OT_* types
|
|
|
|
* and DMU_OTN_* types).
|
|
|
|
*/
|
|
|
|
DMU_OT_NUMTYPES,
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Names for valid types declared with DMU_OT().
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
DMU_OTN_UINT8_DATA = DMU_OT(DMU_BSWAP_UINT8, B_FALSE, B_FALSE),
|
|
|
|
DMU_OTN_UINT8_METADATA = DMU_OT(DMU_BSWAP_UINT8, B_TRUE, B_FALSE),
|
|
|
|
DMU_OTN_UINT16_DATA = DMU_OT(DMU_BSWAP_UINT16, B_FALSE, B_FALSE),
|
|
|
|
DMU_OTN_UINT16_METADATA = DMU_OT(DMU_BSWAP_UINT16, B_TRUE, B_FALSE),
|
|
|
|
DMU_OTN_UINT32_DATA = DMU_OT(DMU_BSWAP_UINT32, B_FALSE, B_FALSE),
|
|
|
|
DMU_OTN_UINT32_METADATA = DMU_OT(DMU_BSWAP_UINT32, B_TRUE, B_FALSE),
|
|
|
|
DMU_OTN_UINT64_DATA = DMU_OT(DMU_BSWAP_UINT64, B_FALSE, B_FALSE),
|
|
|
|
DMU_OTN_UINT64_METADATA = DMU_OT(DMU_BSWAP_UINT64, B_TRUE, B_FALSE),
|
|
|
|
DMU_OTN_ZAP_DATA = DMU_OT(DMU_BSWAP_ZAP, B_FALSE, B_FALSE),
|
|
|
|
DMU_OTN_ZAP_METADATA = DMU_OT(DMU_BSWAP_ZAP, B_TRUE, B_FALSE),
|
|
|
|
|
|
|
|
DMU_OTN_UINT8_ENC_DATA = DMU_OT(DMU_BSWAP_UINT8, B_FALSE, B_TRUE),
|
|
|
|
DMU_OTN_UINT8_ENC_METADATA = DMU_OT(DMU_BSWAP_UINT8, B_TRUE, B_TRUE),
|
|
|
|
DMU_OTN_UINT16_ENC_DATA = DMU_OT(DMU_BSWAP_UINT16, B_FALSE, B_TRUE),
|
|
|
|
DMU_OTN_UINT16_ENC_METADATA = DMU_OT(DMU_BSWAP_UINT16, B_TRUE, B_TRUE),
|
|
|
|
DMU_OTN_UINT32_ENC_DATA = DMU_OT(DMU_BSWAP_UINT32, B_FALSE, B_TRUE),
|
|
|
|
DMU_OTN_UINT32_ENC_METADATA = DMU_OT(DMU_BSWAP_UINT32, B_TRUE, B_TRUE),
|
|
|
|
DMU_OTN_UINT64_ENC_DATA = DMU_OT(DMU_BSWAP_UINT64, B_FALSE, B_TRUE),
|
|
|
|
DMU_OTN_UINT64_ENC_METADATA = DMU_OT(DMU_BSWAP_UINT64, B_TRUE, B_TRUE),
|
|
|
|
DMU_OTN_ZAP_ENC_DATA = DMU_OT(DMU_BSWAP_ZAP, B_FALSE, B_TRUE),
|
|
|
|
DMU_OTN_ZAP_ENC_METADATA = DMU_OT(DMU_BSWAP_ZAP, B_TRUE, B_TRUE),
|
2008-11-20 20:01:55 +00:00
|
|
|
} dmu_object_type_t;
|
|
|
|
|
2013-09-04 12:00:57 +00:00
|
|
|
typedef enum txg_how {
|
|
|
|
TXG_WAIT = 1,
|
|
|
|
TXG_NOWAIT,
|
Illumos #4045 write throttle & i/o scheduler performance work
4045 zfs write throttle & i/o scheduler performance work
1. The ZFS i/o scheduler (vdev_queue.c) now divides i/os into 5 classes: sync
read, sync write, async read, async write, and scrub/resilver. The scheduler
issues a number of concurrent i/os from each class to the device. Once a class
has been selected, an i/o is selected from this class using either an elevator
algorithem (async, scrub classes) or FIFO (sync classes). The number of
concurrent async write i/os is tuned dynamically based on i/o load, to achieve
good sync i/o latency when there is not a high load of writes, and good write
throughput when there is. See the block comment in vdev_queue.c (reproduced
below) for more details.
2. The write throttle (dsl_pool_tempreserve_space() and
txg_constrain_throughput()) is rewritten to produce much more consistent delays
when under constant load. The new write throttle is based on the amount of
dirty data, rather than guesses about future performance of the system. When
there is a lot of dirty data, each transaction (e.g. write() syscall) will be
delayed by the same small amount. This eliminates the "brick wall of wait"
that the old write throttle could hit, causing all transactions to wait several
seconds until the next txg opens. One of the keys to the new write throttle is
decrementing the amount of dirty data as i/o completes, rather than at the end
of spa_sync(). Note that the write throttle is only applied once the i/o
scheduler is issuing the maximum number of outstanding async writes. See the
block comments in dsl_pool.c and above dmu_tx_delay() (reproduced below) for
more details.
This diff has several other effects, including:
* the commonly-tuned global variable zfs_vdev_max_pending has been removed;
use per-class zfs_vdev_*_max_active values or zfs_vdev_max_active instead.
* the size of each txg (meaning the amount of dirty data written, and thus the
time it takes to write out) is now controlled differently. There is no longer
an explicit time goal; the primary determinant is amount of dirty data.
Systems that are under light or medium load will now often see that a txg is
always syncing, but the impact to performance (e.g. read latency) is minimal.
Tune zfs_dirty_data_max and zfs_dirty_data_sync to control this.
* zio_taskq_batch_pct = 75 -- Only use 75% of all CPUs for compression,
checksum, etc. This improves latency by not allowing these CPU-intensive tasks
to consume all CPU (on machines with at least 4 CPU's; the percentage is
rounded up).
--matt
APPENDIX: problems with the current i/o scheduler
The current ZFS i/o scheduler (vdev_queue.c) is deadline based. The problem
with this is that if there are always i/os pending, then certain classes of
i/os can see very long delays.
For example, if there are always synchronous reads outstanding, then no async
writes will be serviced until they become "past due". One symptom of this
situation is that each pass of the txg sync takes at least several seconds
(typically 3 seconds).
If many i/os become "past due" (their deadline is in the past), then we must
service all of these overdue i/os before any new i/os. This happens when we
enqueue a batch of async writes for the txg sync, with deadlines 2.5 seconds in
the future. If we can't complete all the i/os in 2.5 seconds (e.g. because
there were always reads pending), then these i/os will become past due. Now we
must service all the "async" writes (which could be hundreds of megabytes)
before we service any reads, introducing considerable latency to synchronous
i/os (reads or ZIL writes).
Notes on porting to ZFS on Linux:
- zio_t gained new members io_physdone and io_phys_children. Because
object caches in the Linux port call the constructor only once at
allocation time, objects may contain residual data when retrieved
from the cache. Therefore zio_create() was updated to zero out the two
new fields.
- vdev_mirror_pending() relied on the depth of the per-vdev pending queue
(vq->vq_pending_tree) to select the least-busy leaf vdev to read from.
This tree has been replaced by vq->vq_active_tree which is now used
for the same purpose.
- vdev_queue_init() used the value of zfs_vdev_max_pending to determine
the number of vdev I/O buffers to pre-allocate. That global no longer
exists, so we instead use the sum of the *_max_active values for each of
the five I/O classes described above.
- The Illumos implementation of dmu_tx_delay() delays a transaction by
sleeping in condition variable embedded in the thread
(curthread->t_delay_cv). We do not have an equivalent CV to use in
Linux, so this change replaced the delay logic with a wrapper called
zfs_sleep_until(). This wrapper could be adopted upstream and in other
downstream ports to abstract away operating system-specific delay logic.
- These tunables are added as module parameters, and descriptions added
to the zfs-module-parameters.5 man page.
spa_asize_inflation
zfs_deadman_synctime_ms
zfs_vdev_max_active
zfs_vdev_async_write_active_min_dirty_percent
zfs_vdev_async_write_active_max_dirty_percent
zfs_vdev_async_read_max_active
zfs_vdev_async_read_min_active
zfs_vdev_async_write_max_active
zfs_vdev_async_write_min_active
zfs_vdev_scrub_max_active
zfs_vdev_scrub_min_active
zfs_vdev_sync_read_max_active
zfs_vdev_sync_read_min_active
zfs_vdev_sync_write_max_active
zfs_vdev_sync_write_min_active
zfs_dirty_data_max_percent
zfs_delay_min_dirty_percent
zfs_dirty_data_max_max_percent
zfs_dirty_data_max
zfs_dirty_data_max_max
zfs_dirty_data_sync
zfs_delay_scale
The latter four have type unsigned long, whereas they are uint64_t in
Illumos. This accommodates Linux's module_param() supported types, but
means they may overflow on 32-bit architectures.
The values zfs_dirty_data_max and zfs_dirty_data_max_max are the most
likely to overflow on 32-bit systems, since they express physical RAM
sizes in bytes. In fact, Illumos initializes zfs_dirty_data_max_max to
2^32 which does overflow. To resolve that, this port instead initializes
it in arc_init() to 25% of physical RAM, and adds the tunable
zfs_dirty_data_max_max_percent to override that percentage. While this
solution doesn't completely avoid the overflow issue, it should be a
reasonable default for most systems, and the minority of affected
systems can work around the issue by overriding the defaults.
- Fixed reversed logic in comment above zfs_delay_scale declaration.
- Clarified comments in vdev_queue.c regarding when per-queue minimums take
effect.
- Replaced dmu_tx_write_limit in the dmu_tx kstat file
with dmu_tx_dirty_delay and dmu_tx_dirty_over_max. The first counts
how many times a transaction has been delayed because the pool dirty
data has exceeded zfs_delay_min_dirty_percent. The latter counts how
many times the pool dirty data has exceeded zfs_dirty_data_max (which
we expect to never happen).
- The original patch would have regressed the bug fixed in
zfsonlinux/zfs@c418410, which prevented users from setting the
zfs_vdev_aggregation_limit tuning larger than SPA_MAXBLOCKSIZE.
A similar fix is added to vdev_queue_aggregate().
- In vdev_queue_io_to_issue(), dynamically allocate 'zio_t search' on the
heap instead of the stack. In Linux we can't afford such large
structures on the stack.
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Christopher Siden <christopher.siden@delphix.com>
Reviewed by: Ned Bass <bass6@llnl.gov>
Reviewed by: Brendan Gregg <brendan.gregg@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
References:
http://www.illumos.org/issues/4045
illumos/illumos-gate@69962b5647e4a8b9b14998733b765925381b727e
Ported-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1913
2013-08-29 03:01:20 +00:00
|
|
|
TXG_WAITED,
|
2013-09-04 12:00:57 +00:00
|
|
|
} txg_how_t;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
void byteswap_uint64_array(void *buf, size_t size);
|
|
|
|
void byteswap_uint32_array(void *buf, size_t size);
|
|
|
|
void byteswap_uint16_array(void *buf, size_t size);
|
|
|
|
void byteswap_uint8_array(void *buf, size_t size);
|
|
|
|
void zap_byteswap(void *buf, size_t size);
|
|
|
|
void zfs_oldacl_byteswap(void *buf, size_t size);
|
|
|
|
void zfs_acl_byteswap(void *buf, size_t size);
|
|
|
|
void zfs_znode_byteswap(void *buf, size_t size);
|
|
|
|
|
|
|
|
#define DS_FIND_SNAPSHOTS (1<<0)
|
|
|
|
#define DS_FIND_CHILDREN (1<<1)
|
2015-05-06 16:07:55 +00:00
|
|
|
#define DS_FIND_SERIALIZE (1<<2)
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The maximum number of bytes that can be accessed as part of one
|
|
|
|
* operation, including metadata.
|
|
|
|
*/
|
2014-11-03 20:15:08 +00:00
|
|
|
#define DMU_MAX_ACCESS (64 * 1024 * 1024) /* 64MB */
|
2008-12-03 20:09:06 +00:00
|
|
|
#define DMU_MAX_DELETEBLKCNT (20480) /* ~5MB of indirect blocks */
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2009-07-02 22:44:48 +00:00
|
|
|
#define DMU_USERUSED_OBJECT (-1ULL)
|
|
|
|
#define DMU_GROUPUSED_OBJECT (-2ULL)
|
|
|
|
|
2016-10-04 18:46:10 +00:00
|
|
|
/*
|
|
|
|
* Zap prefix for object accounting in DMU_{USER,GROUP}USED_OBJECT.
|
|
|
|
*/
|
|
|
|
#define DMU_OBJACCT_PREFIX "obj-"
|
|
|
|
#define DMU_OBJACCT_PREFIX_LEN 4
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/*
|
|
|
|
* artificial blkids for bonus buffer and spill blocks
|
|
|
|
*/
|
|
|
|
#define DMU_BONUS_BLKID (-1ULL)
|
|
|
|
#define DMU_SPILL_BLKID (-2ULL)
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Public routines to create, destroy, open, and close objsets.
|
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
typedef void dmu_objset_create_sync_func_t(objset_t *os, void *arg,
|
|
|
|
cred_t *cr, dmu_tx_t *tx);
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_objset_hold(const char *name, void *tag, objset_t **osp);
|
|
|
|
int dmu_objset_own(const char *name, dmu_objset_type_t type,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
boolean_t readonly, boolean_t key_required, void *tag, objset_t **osp);
|
2010-05-28 20:45:14 +00:00
|
|
|
void dmu_objset_rele(objset_t *os, void *tag);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
void dmu_objset_disown(objset_t *os, boolean_t key_required, void *tag);
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_objset_open_ds(struct dsl_dataset *ds, objset_t **osp);
|
|
|
|
|
2013-09-04 12:00:57 +00:00
|
|
|
void dmu_objset_evict_dbufs(objset_t *os);
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_objset_create(const char *name, dmu_objset_type_t type, uint64_t flags,
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
struct dsl_crypto_params *dcp, dmu_objset_create_sync_func_t func,
|
|
|
|
void *arg);
|
2013-09-04 12:00:57 +00:00
|
|
|
int dmu_objset_clone(const char *name, const char *origin);
|
|
|
|
int dsl_destroy_snapshots_nvl(struct nvlist *snaps, boolean_t defer,
|
2013-08-28 11:45:09 +00:00
|
|
|
struct nvlist *errlist);
|
|
|
|
int dmu_objset_snapshot_one(const char *fsname, const char *snapname);
|
|
|
|
int dmu_objset_snapshot_tmp(const char *, const char *, int);
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_objset_find(char *name, int func(const char *, void *), void *arg,
|
2008-11-20 20:01:55 +00:00
|
|
|
int flags);
|
|
|
|
void dmu_objset_byteswap(void *buf, size_t size);
|
2013-09-04 12:00:57 +00:00
|
|
|
int dsl_dataset_rename_snapshot(const char *fsname,
|
|
|
|
const char *oldsnapname, const char *newsnapname, boolean_t recursive);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
typedef struct dmu_buf {
|
|
|
|
uint64_t db_object; /* object that this buffer is part of */
|
|
|
|
uint64_t db_offset; /* byte offset in this object */
|
|
|
|
uint64_t db_size; /* size of buffer in bytes */
|
|
|
|
void *db_data; /* data in buffer */
|
|
|
|
} dmu_buf_t;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The names of zap entries in the DIRECTORY_OBJECT of the MOS.
|
|
|
|
*/
|
|
|
|
#define DMU_POOL_DIRECTORY_OBJECT 1
|
|
|
|
#define DMU_POOL_CONFIG "config"
|
2012-12-13 23:24:15 +00:00
|
|
|
#define DMU_POOL_FEATURES_FOR_WRITE "features_for_write"
|
|
|
|
#define DMU_POOL_FEATURES_FOR_READ "features_for_read"
|
|
|
|
#define DMU_POOL_FEATURE_DESCRIPTIONS "feature_descriptions"
|
2013-12-09 18:37:51 +00:00
|
|
|
#define DMU_POOL_FEATURE_ENABLED_TXG "feature_enabled_txg"
|
2008-11-20 20:01:55 +00:00
|
|
|
#define DMU_POOL_ROOT_DATASET "root_dataset"
|
2010-05-28 20:45:14 +00:00
|
|
|
#define DMU_POOL_SYNC_BPOBJ "sync_bplist"
|
2008-11-20 20:01:55 +00:00
|
|
|
#define DMU_POOL_ERRLOG_SCRUB "errlog_scrub"
|
|
|
|
#define DMU_POOL_ERRLOG_LAST "errlog_last"
|
|
|
|
#define DMU_POOL_SPARES "spares"
|
|
|
|
#define DMU_POOL_DEFLATE "deflate"
|
|
|
|
#define DMU_POOL_HISTORY "history"
|
|
|
|
#define DMU_POOL_PROPS "pool_props"
|
|
|
|
#define DMU_POOL_L2CACHE "l2cache"
|
2010-05-28 20:45:14 +00:00
|
|
|
#define DMU_POOL_TMP_USERREFS "tmp_userrefs"
|
|
|
|
#define DMU_POOL_DDT "DDT-%s-%s-%s"
|
|
|
|
#define DMU_POOL_DDT_STATS "DDT-statistics"
|
|
|
|
#define DMU_POOL_CREATION_VERSION "creation_version"
|
|
|
|
#define DMU_POOL_SCAN "scan"
|
|
|
|
#define DMU_POOL_FREE_BPOBJ "free_bpobj"
|
2012-12-13 23:24:15 +00:00
|
|
|
#define DMU_POOL_BPTREE_OBJ "bptree_obj"
|
2012-12-23 23:57:14 +00:00
|
|
|
#define DMU_POOL_EMPTY_BPOBJ "empty_bpobj"
|
2016-06-15 22:47:05 +00:00
|
|
|
#define DMU_POOL_CHECKSUM_SALT "org.illumos:checksum_salt"
|
2016-04-11 20:16:57 +00:00
|
|
|
#define DMU_POOL_VDEV_ZAP_MAP "com.delphix:vdev_zap_map"
|
2008-12-03 20:09:06 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Allocate an object from this objset. The range of object numbers
|
|
|
|
* available is (0, DN_MAX_OBJECT). Object 0 is the meta-dnode.
|
|
|
|
*
|
|
|
|
* The transaction must be assigned to a txg. The newly allocated
|
|
|
|
* object will be "held" in the transaction (ie. you can modify the
|
|
|
|
* newly allocated object in this transaction).
|
|
|
|
*
|
|
|
|
* dmu_object_alloc() chooses an object and returns it in *objectp.
|
|
|
|
*
|
|
|
|
* dmu_object_claim() allocates a specific object number. If that
|
|
|
|
* number is already allocated, it fails and returns EEXIST.
|
|
|
|
*
|
|
|
|
* Return 0 on success, or ENOSPC or EEXIST as specified above.
|
|
|
|
*/
|
|
|
|
uint64_t dmu_object_alloc(objset_t *os, dmu_object_type_t ot,
|
|
|
|
int blocksize, dmu_object_type_t bonus_type, int bonus_len, dmu_tx_t *tx);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
uint64_t dmu_object_alloc_dnsize(objset_t *os, dmu_object_type_t ot,
|
|
|
|
int blocksize, dmu_object_type_t bonus_type, int bonus_len,
|
|
|
|
int dnodesize, dmu_tx_t *tx);
|
2008-11-20 20:01:55 +00:00
|
|
|
int dmu_object_claim(objset_t *os, uint64_t object, dmu_object_type_t ot,
|
|
|
|
int blocksize, dmu_object_type_t bonus_type, int bonus_len, dmu_tx_t *tx);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
int dmu_object_claim_dnsize(objset_t *os, uint64_t object, dmu_object_type_t ot,
|
|
|
|
int blocksize, dmu_object_type_t bonus_type, int bonus_len,
|
|
|
|
int dnodesize, dmu_tx_t *tx);
|
2008-11-20 20:01:55 +00:00
|
|
|
int dmu_object_reclaim(objset_t *os, uint64_t object, dmu_object_type_t ot,
|
2014-09-12 03:28:35 +00:00
|
|
|
int blocksize, dmu_object_type_t bonustype, int bonuslen, dmu_tx_t *txp);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
int dmu_object_reclaim_dnsize(objset_t *os, uint64_t object,
|
|
|
|
dmu_object_type_t ot, int blocksize, dmu_object_type_t bonustype,
|
|
|
|
int bonuslen, int dnodesize, dmu_tx_t *txp);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Free an object from this objset.
|
|
|
|
*
|
|
|
|
* The object's data will be freed as well (ie. you don't need to call
|
|
|
|
* dmu_free(object, 0, -1, tx)).
|
|
|
|
*
|
|
|
|
* The object need not be held in the transaction.
|
|
|
|
*
|
|
|
|
* If there are any holds on this object's buffers (via dmu_buf_hold()),
|
|
|
|
* or tx holds on the object (via dmu_tx_hold_object()), you can not
|
|
|
|
* free it; it fails and returns EBUSY.
|
|
|
|
*
|
|
|
|
* If the object is not allocated, it fails and returns ENOENT.
|
|
|
|
*
|
|
|
|
* Return 0 on success, or EBUSY or ENOENT as specified above.
|
|
|
|
*/
|
|
|
|
int dmu_object_free(objset_t *os, uint64_t object, dmu_tx_t *tx);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the next allocated or free object.
|
|
|
|
*
|
|
|
|
* The objectp parameter is in-out. It will be updated to be the next
|
|
|
|
* object which is allocated. Ignore objects which have not been
|
|
|
|
* modified since txg.
|
|
|
|
*
|
|
|
|
* XXX Can only be called on a objset with no dirty data.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, or ENOENT if there are no more objects.
|
|
|
|
*/
|
|
|
|
int dmu_object_next(objset_t *os, uint64_t *objectp,
|
|
|
|
boolean_t hole, uint64_t txg);
|
|
|
|
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
/*
|
|
|
|
* Set the number of levels on a dnode. nlevels must be greater than the
|
|
|
|
* current number of levels or an EINVAL will be returned.
|
|
|
|
*/
|
|
|
|
int dmu_object_set_nlevels(objset_t *os, uint64_t object, int nlevels,
|
|
|
|
dmu_tx_t *tx);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Set the data blocksize for an object.
|
|
|
|
*
|
|
|
|
* The object cannot have any blocks allcated beyond the first. If
|
|
|
|
* the first block is allocated already, the new size must be greater
|
|
|
|
* than the current block size. If these conditions are not met,
|
|
|
|
* ENOTSUP will be returned.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, or EBUSY if there are any holds on the object
|
|
|
|
* contents, or ENOTSUP as described above.
|
|
|
|
*/
|
|
|
|
int dmu_object_set_blocksize(objset_t *os, uint64_t object, uint64_t size,
|
|
|
|
int ibs, dmu_tx_t *tx);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the checksum property on a dnode. The new checksum algorithm will
|
|
|
|
* apply to all newly written blocks; existing blocks will not be affected.
|
|
|
|
*/
|
|
|
|
void dmu_object_set_checksum(objset_t *os, uint64_t object, uint8_t checksum,
|
|
|
|
dmu_tx_t *tx);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the compress property on a dnode. The new compression algorithm will
|
|
|
|
* apply to all newly written blocks; existing blocks will not be affected.
|
|
|
|
*/
|
|
|
|
void dmu_object_set_compress(objset_t *os, uint64_t object, uint8_t compress,
|
|
|
|
dmu_tx_t *tx);
|
|
|
|
|
2017-08-23 23:54:24 +00:00
|
|
|
int dmu_object_dirty_raw(objset_t *os, uint64_t object, dmu_tx_t *tx);
|
|
|
|
|
|
|
|
void dmu_write_embedded(objset_t *os, uint64_t object, uint64_t offset,
|
2014-06-05 21:19:08 +00:00
|
|
|
void *data, uint8_t etype, uint8_t comp, int uncompressed_size,
|
|
|
|
int compressed_size, int byteorder, dmu_tx_t *tx);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
2010-05-28 20:45:14 +00:00
|
|
|
* Decide how to write a block: checksum, compression, number of copies, etc.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
2010-05-28 20:45:14 +00:00
|
|
|
#define WP_NOFILL 0x1
|
|
|
|
#define WP_DMU_SYNC 0x2
|
|
|
|
#define WP_SPILL 0x4
|
|
|
|
|
2017-03-23 16:07:27 +00:00
|
|
|
void dmu_write_policy(objset_t *os, dnode_t *dn, int level, int wp,
|
|
|
|
struct zio_prop *zp);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* The bonus data is accessed more or less like a regular buffer.
|
|
|
|
* You must dmu_bonus_hold() to get the buffer, which will give you a
|
|
|
|
* dmu_buf_t with db_offset==-1ULL, and db_size = the size of the bonus
|
|
|
|
* data. As with any normal buffer, you must call dmu_buf_read() to
|
|
|
|
* read db_data, dmu_buf_will_dirty() before modifying it, and the
|
|
|
|
* object must be held in an assigned transaction before calling
|
|
|
|
* dmu_buf_will_dirty. You may use dmu_buf_set_user() on the bonus
|
2013-03-30 02:27:50 +00:00
|
|
|
* buffer as well. You must release what you hold with dmu_buf_rele().
|
2013-06-11 17:12:34 +00:00
|
|
|
*
|
|
|
|
* Returns ENOENT, EIO, or 0.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
int dmu_bonus_hold_impl(objset_t *os, uint64_t object, void *tag,
|
|
|
|
uint32_t flags, dmu_buf_t **dbp);
|
2008-11-20 20:01:55 +00:00
|
|
|
int dmu_bonus_hold(objset_t *os, uint64_t object, void *tag, dmu_buf_t **);
|
|
|
|
int dmu_bonus_max(void);
|
|
|
|
int dmu_set_bonus(dmu_buf_t *, int, dmu_tx_t *);
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_set_bonustype(dmu_buf_t *, dmu_object_type_t, dmu_tx_t *);
|
2010-08-26 21:24:34 +00:00
|
|
|
dmu_object_type_t dmu_get_bonustype(dmu_buf_t *);
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_rm_spill(objset_t *, uint64_t, dmu_tx_t *);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Special spill buffer support used by "SA" framework
|
|
|
|
*/
|
|
|
|
|
|
|
|
int dmu_spill_hold_by_bonus(dmu_buf_t *bonus, void *tag, dmu_buf_t **dbp);
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-20 22:42:13 +00:00
|
|
|
int dmu_spill_hold_by_dnode(dnode_t *dn, uint32_t flags,
|
2010-05-28 20:45:14 +00:00
|
|
|
void *tag, dmu_buf_t **dbp);
|
|
|
|
int dmu_spill_hold_existing(dmu_buf_t *bonus, void *tag, dmu_buf_t **dbp);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Obtain the DMU buffer from the specified object which contains the
|
|
|
|
* specified offset. dmu_buf_hold() puts a "hold" on the buffer, so
|
|
|
|
* that it will remain in memory. You must release the hold with
|
2013-03-30 02:27:50 +00:00
|
|
|
* dmu_buf_rele(). You must not access the dmu_buf_t after releasing
|
|
|
|
* what you hold. You must have a hold on any dmu_buf_t* you pass to the DMU.
|
2008-11-20 20:01:55 +00:00
|
|
|
*
|
|
|
|
* You must call dmu_buf_read, dmu_buf_will_dirty, or dmu_buf_will_fill
|
|
|
|
* on the returned buffer before reading or writing the buffer's
|
|
|
|
* db_data. The comments for those routines describe what particular
|
|
|
|
* operations are valid after calling them.
|
|
|
|
*
|
|
|
|
* The object number must be a valid, allocated object number.
|
|
|
|
*/
|
|
|
|
int dmu_buf_hold(objset_t *os, uint64_t object, uint64_t offset,
|
2010-05-28 20:45:14 +00:00
|
|
|
void *tag, dmu_buf_t **, int flags);
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-20 22:42:13 +00:00
|
|
|
int dmu_buf_hold_by_dnode(dnode_t *dn, uint64_t offset,
|
|
|
|
void *tag, dmu_buf_t **dbp, int flags);
|
2015-04-02 11:59:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a reference to a dmu buffer that has already been held via
|
|
|
|
* dmu_buf_hold() in the current context.
|
|
|
|
*/
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_buf_add_ref(dmu_buf_t *db, void* tag);
|
2015-04-02 11:59:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Attempt to add a reference to a dmu buffer that is in an unknown state,
|
|
|
|
* using a pointer that may have been invalidated by eviction processing.
|
|
|
|
* The request will succeed if the passed in dbuf still represents the
|
|
|
|
* same os/object/blkid, is ineligible for eviction, and has at least
|
|
|
|
* one hold by a user other than the syncer.
|
|
|
|
*/
|
|
|
|
boolean_t dmu_buf_try_add_ref(dmu_buf_t *, objset_t *os, uint64_t object,
|
|
|
|
uint64_t blkid, void *tag);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_buf_rele(dmu_buf_t *db, void *tag);
|
|
|
|
uint64_t dmu_buf_refcount(dmu_buf_t *db);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* dmu_buf_hold_array holds the DMU buffers which contain all bytes in a
|
|
|
|
* range of an object. A pointer to an array of dmu_buf_t*'s is
|
|
|
|
* returned (in *dbpp).
|
|
|
|
*
|
|
|
|
* dmu_buf_rele_array releases the hold on an array of dmu_buf_t*'s, and
|
|
|
|
* frees the array. The hold on the array of buffers MUST be released
|
|
|
|
* with dmu_buf_rele_array. You can NOT release the hold on each buffer
|
|
|
|
* individually with dmu_buf_rele.
|
|
|
|
*/
|
|
|
|
int dmu_buf_hold_array_by_bonus(dmu_buf_t *db, uint64_t offset,
|
2015-12-26 21:10:31 +00:00
|
|
|
uint64_t length, boolean_t read, void *tag,
|
|
|
|
int *numbufsp, dmu_buf_t ***dbpp);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_buf_rele_array(dmu_buf_t **, int numbufs, void *tag);
|
|
|
|
|
2015-04-02 03:44:32 +00:00
|
|
|
typedef void dmu_buf_evict_func_t(void *user_ptr);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
2015-04-02 03:44:32 +00:00
|
|
|
* A DMU buffer user object may be associated with a dbuf for the
|
|
|
|
* duration of its lifetime. This allows the user of a dbuf (client)
|
|
|
|
* to attach private data to a dbuf (e.g. in-core only data such as a
|
|
|
|
* dnode_children_t, zap_t, or zap_leaf_t) and be optionally notified
|
|
|
|
* when that dbuf has been evicted. Clients typically respond to the
|
|
|
|
* eviction notification by freeing their private data, thus ensuring
|
|
|
|
* the same lifetime for both dbuf and private data.
|
2008-11-20 20:01:55 +00:00
|
|
|
*
|
2015-04-02 03:44:32 +00:00
|
|
|
* The mapping from a dmu_buf_user_t to any client private data is the
|
|
|
|
* client's responsibility. All current consumers of the API with private
|
|
|
|
* data embed a dmu_buf_user_t as the first member of the structure for
|
|
|
|
* their private data. This allows conversions between the two types
|
|
|
|
* with a simple cast. Since the DMU buf user API never needs access
|
|
|
|
* to the private data, other strategies can be employed if necessary
|
|
|
|
* or convenient for the client (e.g. using container_of() to do the
|
|
|
|
* conversion for private data that cannot have the dmu_buf_user_t as
|
|
|
|
* its first member).
|
2008-11-20 20:01:55 +00:00
|
|
|
*
|
2015-04-02 03:44:32 +00:00
|
|
|
* Eviction callbacks are executed without the dbuf mutex held or any
|
|
|
|
* other type of mechanism to guarantee that the dbuf is still available.
|
|
|
|
* For this reason, users must assume the dbuf has already been freed
|
|
|
|
* and not reference the dbuf from the callback context.
|
2008-11-20 20:01:55 +00:00
|
|
|
*
|
2015-04-02 03:44:32 +00:00
|
|
|
* Users requesting "immediate eviction" are notified as soon as the dbuf
|
|
|
|
* is only referenced by dirty records (dirties == holds). Otherwise the
|
|
|
|
* notification occurs after eviction processing for the dbuf begins.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
2015-04-02 03:44:32 +00:00
|
|
|
typedef struct dmu_buf_user {
|
|
|
|
/*
|
|
|
|
* Asynchronous user eviction callback state.
|
|
|
|
*/
|
|
|
|
taskq_ent_t dbu_tqent;
|
|
|
|
|
2017-01-26 22:43:28 +00:00
|
|
|
/*
|
|
|
|
* This instance's eviction function pointers.
|
|
|
|
*
|
|
|
|
* dbu_evict_func_sync is called synchronously and then
|
|
|
|
* dbu_evict_func_async is executed asynchronously on a taskq.
|
|
|
|
*/
|
|
|
|
dmu_buf_evict_func_t *dbu_evict_func_sync;
|
|
|
|
dmu_buf_evict_func_t *dbu_evict_func_async;
|
2015-04-02 03:44:32 +00:00
|
|
|
#ifdef ZFS_DEBUG
|
|
|
|
/*
|
|
|
|
* Pointer to user's dbuf pointer. NULL for clients that do
|
|
|
|
* not associate a dbuf with their user data.
|
|
|
|
*
|
|
|
|
* The dbuf pointer is cleared upon eviction so as to catch
|
|
|
|
* use-after-evict bugs in clients.
|
|
|
|
*/
|
|
|
|
dmu_buf_t **dbu_clear_on_evict_dbufp;
|
|
|
|
#endif
|
|
|
|
} dmu_buf_user_t;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
2015-04-02 03:44:32 +00:00
|
|
|
* Initialize the given dmu_buf_user_t instance with the eviction function
|
|
|
|
* evict_func, to be called when the user is evicted.
|
|
|
|
*
|
|
|
|
* NOTE: This function should only be called once on a given dmu_buf_user_t.
|
|
|
|
* To allow enforcement of this, dbu must already be zeroed on entry.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
2016-06-13 02:47:35 +00:00
|
|
|
/*ARGSUSED*/
|
2015-04-02 03:44:32 +00:00
|
|
|
static inline void
|
2017-01-26 22:43:28 +00:00
|
|
|
dmu_buf_init_user(dmu_buf_user_t *dbu, dmu_buf_evict_func_t *evict_func_sync,
|
|
|
|
dmu_buf_evict_func_t *evict_func_async, dmu_buf_t **clear_on_evict_dbufp)
|
2015-04-02 03:44:32 +00:00
|
|
|
{
|
2017-01-26 22:43:28 +00:00
|
|
|
ASSERT(dbu->dbu_evict_func_sync == NULL);
|
|
|
|
ASSERT(dbu->dbu_evict_func_async == NULL);
|
|
|
|
|
|
|
|
/* must have at least one evict func */
|
|
|
|
IMPLY(evict_func_sync == NULL, evict_func_async != NULL);
|
|
|
|
dbu->dbu_evict_func_sync = evict_func_sync;
|
|
|
|
dbu->dbu_evict_func_async = evict_func_async;
|
2015-05-16 15:40:45 +00:00
|
|
|
taskq_init_ent(&dbu->dbu_tqent);
|
2015-04-02 03:44:32 +00:00
|
|
|
#ifdef ZFS_DEBUG
|
|
|
|
dbu->dbu_clear_on_evict_dbufp = clear_on_evict_dbufp;
|
|
|
|
#endif
|
|
|
|
}
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
2015-04-02 03:44:32 +00:00
|
|
|
* Attach user data to a dbuf and mark it for normal (when the dbuf's
|
|
|
|
* data is cleared or its reference count goes to zero) eviction processing.
|
|
|
|
*
|
|
|
|
* Returns NULL on success, or the existing user if another user currently
|
|
|
|
* owns the buffer.
|
|
|
|
*/
|
|
|
|
void *dmu_buf_set_user(dmu_buf_t *db, dmu_buf_user_t *user);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attach user data to a dbuf and mark it for immediate (its dirty and
|
|
|
|
* reference counts are equal) eviction processing.
|
|
|
|
*
|
|
|
|
* Returns NULL on success, or the existing user if another user currently
|
|
|
|
* owns the buffer.
|
|
|
|
*/
|
|
|
|
void *dmu_buf_set_user_ie(dmu_buf_t *db, dmu_buf_user_t *user);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Replace the current user of a dbuf.
|
|
|
|
*
|
|
|
|
* If given the current user of a dbuf, replaces the dbuf's user with
|
|
|
|
* "new_user" and returns the user data pointer that was replaced.
|
|
|
|
* Otherwise returns the current, and unmodified, dbuf user pointer.
|
|
|
|
*/
|
|
|
|
void *dmu_buf_replace_user(dmu_buf_t *db,
|
|
|
|
dmu_buf_user_t *old_user, dmu_buf_user_t *new_user);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remove the specified user data for a DMU buffer.
|
|
|
|
*
|
|
|
|
* Returns the user that was removed on success, or the current user if
|
|
|
|
* another user currently owns the buffer.
|
|
|
|
*/
|
|
|
|
void *dmu_buf_remove_user(dmu_buf_t *db, dmu_buf_user_t *user);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns the user data (dmu_buf_user_t *) associated with this dbuf.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
void *dmu_buf_get_user(dmu_buf_t *db);
|
|
|
|
|
2016-07-20 22:39:55 +00:00
|
|
|
objset_t *dmu_buf_get_objset(dmu_buf_t *db);
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-20 22:42:13 +00:00
|
|
|
dnode_t *dmu_buf_dnode_enter(dmu_buf_t *db);
|
|
|
|
void dmu_buf_dnode_exit(dmu_buf_t *db);
|
2016-07-20 22:39:55 +00:00
|
|
|
|
2015-04-02 03:44:32 +00:00
|
|
|
/* Block until any in-progress dmu buf user evictions complete. */
|
|
|
|
void dmu_buf_user_evict_wait(void);
|
|
|
|
|
2013-05-10 19:47:54 +00:00
|
|
|
/*
|
|
|
|
* Returns the blkptr associated with this dbuf, or NULL if not set.
|
|
|
|
*/
|
|
|
|
struct blkptr *dmu_buf_get_blkptr(dmu_buf_t *db);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Indicate that you are going to modify the buffer's data (db_data).
|
|
|
|
*
|
|
|
|
* The transaction (tx) must be assigned to a txg (ie. you've called
|
|
|
|
* dmu_tx_assign()). The buffer's object must be held in the tx
|
|
|
|
* (ie. you've called dmu_tx_hold_object(tx, db->db_object)).
|
|
|
|
*/
|
|
|
|
void dmu_buf_will_dirty(dmu_buf_t *db, dmu_tx_t *tx);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
void dmu_buf_will_change_crypt_params(dmu_buf_t *db, dmu_tx_t *tx);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* You must create a transaction, then hold the objects which you will
|
|
|
|
* (or might) modify as part of this transaction. Then you must assign
|
|
|
|
* the transaction to a transaction group. Once the transaction has
|
|
|
|
* been assigned, you can modify buffers which belong to held objects as
|
|
|
|
* part of this transaction. You can't modify buffers before the
|
|
|
|
* transaction has been assigned; you can't modify buffers which don't
|
|
|
|
* belong to objects which this transaction holds; you can't hold
|
|
|
|
* objects once the transaction has been assigned. You may hold an
|
|
|
|
* object which you are going to free (with dmu_object_free()), but you
|
|
|
|
* don't have to.
|
|
|
|
*
|
|
|
|
* You can abort the transaction before it has been assigned.
|
|
|
|
*
|
|
|
|
* Note that you may hold buffers (with dmu_buf_hold) at any time,
|
|
|
|
* regardless of transaction state.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define DMU_NEW_OBJECT (-1ULL)
|
|
|
|
#define DMU_OBJECT_END (-1ULL)
|
|
|
|
|
|
|
|
dmu_tx_t *dmu_tx_create(objset_t *os);
|
|
|
|
void dmu_tx_hold_write(dmu_tx_t *tx, uint64_t object, uint64_t off, int len);
|
2017-01-13 22:58:41 +00:00
|
|
|
void dmu_tx_hold_write_by_dnode(dmu_tx_t *tx, dnode_t *dn, uint64_t off,
|
|
|
|
int len);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_tx_hold_free(dmu_tx_t *tx, uint64_t object, uint64_t off,
|
|
|
|
uint64_t len);
|
2017-01-13 22:58:41 +00:00
|
|
|
void dmu_tx_hold_free_by_dnode(dmu_tx_t *tx, dnode_t *dn, uint64_t off,
|
|
|
|
uint64_t len);
|
2009-07-02 22:44:48 +00:00
|
|
|
void dmu_tx_hold_zap(dmu_tx_t *tx, uint64_t object, int add, const char *name);
|
2017-01-13 22:58:41 +00:00
|
|
|
void dmu_tx_hold_zap_by_dnode(dmu_tx_t *tx, dnode_t *dn, int add,
|
|
|
|
const char *name);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_tx_hold_bonus(dmu_tx_t *tx, uint64_t object);
|
2017-01-13 22:58:41 +00:00
|
|
|
void dmu_tx_hold_bonus_by_dnode(dmu_tx_t *tx, dnode_t *dn);
|
2010-05-28 20:45:14 +00:00
|
|
|
void dmu_tx_hold_spill(dmu_tx_t *tx, uint64_t object);
|
|
|
|
void dmu_tx_hold_sa(dmu_tx_t *tx, struct sa_handle *hdl, boolean_t may_grow);
|
|
|
|
void dmu_tx_hold_sa_create(dmu_tx_t *tx, int total_size);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_tx_abort(dmu_tx_t *tx);
|
2013-09-04 12:00:57 +00:00
|
|
|
int dmu_tx_assign(dmu_tx_t *tx, enum txg_how txg_how);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_tx_wait(dmu_tx_t *tx);
|
|
|
|
void dmu_tx_commit(dmu_tx_t *tx);
|
2014-07-07 19:49:36 +00:00
|
|
|
void dmu_tx_mark_netfree(dmu_tx_t *tx);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/*
|
|
|
|
* To register a commit callback, dmu_tx_callback_register() must be called.
|
|
|
|
*
|
|
|
|
* dcb_data is a pointer to caller private data that is passed on as a
|
|
|
|
* callback parameter. The caller is responsible for properly allocating and
|
|
|
|
* freeing it.
|
|
|
|
*
|
|
|
|
* When registering a callback, the transaction must be already created, but
|
|
|
|
* it cannot be committed or aborted. It can be assigned to a txg or not.
|
|
|
|
*
|
|
|
|
* The callback will be called after the transaction has been safely written
|
|
|
|
* to stable storage and will also be called if the dmu_tx is aborted.
|
|
|
|
* If there is any error which prevents the transaction from being committed to
|
|
|
|
* disk, the callback will be called with a value of error != 0.
|
|
|
|
*/
|
|
|
|
typedef void dmu_tx_callback_func_t(void *dcb_data, int error);
|
|
|
|
|
|
|
|
void dmu_tx_callback_register(dmu_tx_t *tx, dmu_tx_callback_func_t *dcb_func,
|
|
|
|
void *dcb_data);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/*
|
|
|
|
* Free up the data blocks for a defined range of a file. If size is
|
2012-12-13 23:24:15 +00:00
|
|
|
* -1, the range from offset to end-of-file is freed.
|
2008-11-20 20:01:55 +00:00
|
|
|
*/
|
|
|
|
int dmu_free_range(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
uint64_t size, dmu_tx_t *tx);
|
2008-12-03 20:09:06 +00:00
|
|
|
int dmu_free_long_range(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
uint64_t size);
|
2013-08-21 04:11:52 +00:00
|
|
|
int dmu_free_long_object(objset_t *os, uint64_t object);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Convenience functions.
|
|
|
|
*
|
|
|
|
* Canfail routines will return 0 on success, or an errno if there is a
|
|
|
|
* nonrecoverable I/O error.
|
|
|
|
*/
|
2009-07-02 22:44:48 +00:00
|
|
|
#define DMU_READ_PREFETCH 0 /* prefetch */
|
|
|
|
#define DMU_READ_NO_PREFETCH 1 /* don't prefetch */
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
#define DMU_READ_NO_DECRYPT 2 /* don't decrypt */
|
2008-11-20 20:01:55 +00:00
|
|
|
int dmu_read(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
2009-07-02 22:44:48 +00:00
|
|
|
void *buf, uint32_t flags);
|
2017-01-13 22:58:41 +00:00
|
|
|
int dmu_read_by_dnode(dnode_t *dn, uint64_t offset, uint64_t size, void *buf,
|
|
|
|
uint32_t flags);
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_write(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
|
|
|
const void *buf, dmu_tx_t *tx);
|
2017-01-13 22:58:41 +00:00
|
|
|
void dmu_write_by_dnode(dnode_t *dn, uint64_t offset, uint64_t size,
|
|
|
|
const void *buf, dmu_tx_t *tx);
|
2008-12-03 20:09:06 +00:00
|
|
|
void dmu_prealloc(objset_t *os, uint64_t object, uint64_t offset, uint64_t size,
|
|
|
|
dmu_tx_t *tx);
|
2010-08-26 18:45:02 +00:00
|
|
|
#ifdef _KERNEL
|
2011-02-22 20:15:13 +00:00
|
|
|
#include <linux/blkdev_compat.h>
|
2010-12-17 17:14:38 +00:00
|
|
|
int dmu_read_uio(objset_t *os, uint64_t object, struct uio *uio, uint64_t size);
|
2015-06-16 21:06:27 +00:00
|
|
|
int dmu_read_uio_dbuf(dmu_buf_t *zdb, struct uio *uio, uint64_t size);
|
2017-06-13 16:18:08 +00:00
|
|
|
int dmu_read_uio_dnode(dnode_t *dn, struct uio *uio, uint64_t size);
|
2010-12-17 17:14:38 +00:00
|
|
|
int dmu_write_uio(objset_t *os, uint64_t object, struct uio *uio, uint64_t size,
|
|
|
|
dmu_tx_t *tx);
|
|
|
|
int dmu_write_uio_dbuf(dmu_buf_t *zdb, struct uio *uio, uint64_t size,
|
|
|
|
dmu_tx_t *tx);
|
2017-06-13 16:18:08 +00:00
|
|
|
int dmu_write_uio_dnode(dnode_t *dn, struct uio *uio, uint64_t size,
|
|
|
|
dmu_tx_t *tx);
|
2010-12-17 17:14:38 +00:00
|
|
|
#endif
|
2009-07-02 22:44:48 +00:00
|
|
|
struct arc_buf *dmu_request_arcbuf(dmu_buf_t *handle, int size);
|
|
|
|
void dmu_return_arcbuf(struct arc_buf *buf);
|
|
|
|
void dmu_assign_arcbuf(dmu_buf_t *handle, uint64_t offset, struct arc_buf *buf,
|
|
|
|
dmu_tx_t *tx);
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
void dmu_assign_arcbuf_impl(dmu_buf_t *handle, struct arc_buf *buf,
|
|
|
|
dmu_tx_t *tx);
|
|
|
|
void dmu_convert_to_raw(dmu_buf_t *handle, boolean_t byteorder,
|
|
|
|
const uint8_t *salt, const uint8_t *iv, const uint8_t *mac, dmu_tx_t *tx);
|
|
|
|
void dmu_copy_from_buf(objset_t *os, uint64_t object, uint64_t offset,
|
|
|
|
dmu_buf_t *handle, dmu_tx_t *tx);
|
2016-10-20 18:24:01 +00:00
|
|
|
#ifdef HAVE_UIO_ZEROCOPY
|
2010-05-28 20:45:14 +00:00
|
|
|
int dmu_xuio_init(struct xuio *uio, int niov);
|
|
|
|
void dmu_xuio_fini(struct xuio *uio);
|
|
|
|
int dmu_xuio_add(struct xuio *uio, struct arc_buf *abuf, offset_t off,
|
|
|
|
size_t n);
|
|
|
|
int dmu_xuio_cnt(struct xuio *uio);
|
|
|
|
struct arc_buf *dmu_xuio_arcbuf(struct xuio *uio, int i);
|
|
|
|
void dmu_xuio_clear(struct xuio *uio, int i);
|
2016-10-20 18:24:01 +00:00
|
|
|
#endif /* HAVE_UIO_ZEROCOPY */
|
2010-08-26 16:52:41 +00:00
|
|
|
void xuio_stat_wbuf_copied(void);
|
|
|
|
void xuio_stat_wbuf_nocopy(void);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
extern int zfs_prefetch_disable;
|
2014-11-03 20:15:08 +00:00
|
|
|
extern int zfs_max_recordsize;
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Asynchronously try to read in the data.
|
|
|
|
*/
|
2015-12-22 01:31:57 +00:00
|
|
|
void dmu_prefetch(objset_t *os, uint64_t object, int64_t level, uint64_t offset,
|
|
|
|
uint64_t len, enum zio_priority pri);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
typedef struct dmu_object_info {
|
2010-05-28 20:45:14 +00:00
|
|
|
/* All sizes are in bytes unless otherwise indicated. */
|
2008-11-20 20:01:55 +00:00
|
|
|
uint32_t doi_data_block_size;
|
|
|
|
uint32_t doi_metadata_block_size;
|
|
|
|
dmu_object_type_t doi_type;
|
|
|
|
dmu_object_type_t doi_bonus_type;
|
2010-05-28 20:45:14 +00:00
|
|
|
uint64_t doi_bonus_size;
|
2008-11-20 20:01:55 +00:00
|
|
|
uint8_t doi_indirection; /* 2 = dnode->indirect->data */
|
|
|
|
uint8_t doi_checksum;
|
|
|
|
uint8_t doi_compress;
|
2014-09-12 03:28:35 +00:00
|
|
|
uint8_t doi_nblkptr;
|
|
|
|
uint8_t doi_pad[4];
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
uint64_t doi_dnodesize;
|
2010-05-28 20:45:14 +00:00
|
|
|
uint64_t doi_physical_blocks_512; /* data + metadata, 512b blks */
|
|
|
|
uint64_t doi_max_offset;
|
|
|
|
uint64_t doi_fill_count; /* number of non-empty blocks */
|
2008-11-20 20:01:55 +00:00
|
|
|
} dmu_object_info_t;
|
|
|
|
|
2013-02-15 04:37:43 +00:00
|
|
|
typedef void (*const arc_byteswap_func_t)(void *buf, size_t size);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
typedef struct dmu_object_type_info {
|
2012-12-13 23:24:15 +00:00
|
|
|
dmu_object_byteswap_t ot_byteswap;
|
2008-11-20 20:01:55 +00:00
|
|
|
boolean_t ot_metadata;
|
Native Encryption for ZFS on Linux
This change incorporates three major pieces:
The first change is a keystore that manages wrapping
and encryption keys for encrypted datasets. These
commands mostly involve manipulating the new
DSL Crypto Key ZAP Objects that live in the MOS. Each
encrypted dataset has its own DSL Crypto Key that is
protected with a user's key. This level of indirection
allows users to change their keys without re-encrypting
their entire datasets. The change implements the new
subcommands "zfs load-key", "zfs unload-key" and
"zfs change-key" which allow the user to manage their
encryption keys and settings. In addition, several new
flags and properties have been added to allow dataset
creation and to make mounting and unmounting more
convenient.
The second piece of this patch provides the ability to
encrypt, decyrpt, and authenticate protected datasets.
Each object set maintains a Merkel tree of Message
Authentication Codes that protect the lower layers,
similarly to how checksums are maintained. This part
impacts the zio layer, which handles the actual
encryption and generation of MACs, as well as the ARC
and DMU, which need to be able to handle encrypted
buffers and protected data.
The last addition is the ability to do raw, encrypted
sends and receives. The idea here is to send raw
encrypted and compressed data and receive it exactly
as is on a backup system. This means that the dataset
on the receiving system is protected using the same
user key that is in use on the sending side. By doing
so, datasets can be efficiently backed up to an
untrusted system without fear of data being
compromised.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Jorgen Lundman <lundman@lundman.net>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #494
Closes #5769
2017-08-14 17:36:48 +00:00
|
|
|
boolean_t ot_encrypt;
|
2008-11-20 20:01:55 +00:00
|
|
|
char *ot_name;
|
|
|
|
} dmu_object_type_info_t;
|
|
|
|
|
2013-02-15 04:37:43 +00:00
|
|
|
typedef const struct dmu_object_byteswap_info {
|
|
|
|
arc_byteswap_func_t ob_func;
|
2012-12-13 23:24:15 +00:00
|
|
|
char *ob_name;
|
|
|
|
} dmu_object_byteswap_info_t;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
extern const dmu_object_type_info_t dmu_ot[DMU_OT_NUMTYPES];
|
2012-12-13 23:24:15 +00:00
|
|
|
extern const dmu_object_byteswap_info_t dmu_ot_byteswap[DMU_BSWAP_NUMFUNCS];
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get information on a DMU object.
|
|
|
|
*
|
|
|
|
* Return 0 on success or ENOENT if object is not allocated.
|
|
|
|
*
|
|
|
|
* If doi is NULL, just indicates whether the object exists.
|
|
|
|
*/
|
|
|
|
int dmu_object_info(objset_t *os, uint64_t object, dmu_object_info_t *doi);
|
2013-10-03 00:11:19 +00:00
|
|
|
void __dmu_object_info_from_dnode(struct dnode *dn, dmu_object_info_t *doi);
|
2013-06-11 17:12:34 +00:00
|
|
|
/* Like dmu_object_info, but faster if you have a held dnode in hand. */
|
OpenZFS 7004 - dmu_tx_hold_zap() does dnode_hold() 7x on same object
Using a benchmark which has 32 threads creating 2 million files in the
same directory, on a machine with 16 CPU cores, I observed poor
performance. I noticed that dmu_tx_hold_zap() was using about 30% of
all CPU, and doing dnode_hold() 7 times on the same object (the ZAP
object that is being held).
dmu_tx_hold_zap() keeps a hold on the dnode_t the entire time it is
running, in dmu_tx_hold_t:txh_dnode, so it would be nice to use the
dnode_t that we already have in hand, rather than repeatedly calling
dnode_hold(). To do this, we need to pass the dnode_t down through
all the intermediate calls that dmu_tx_hold_zap() makes, making these
routines take the dnode_t* rather than an objset_t* and a uint64_t
object number. In particular, the following routines will need to have
analogous *_by_dnode() variants created:
dmu_buf_hold_noread()
dmu_buf_hold()
zap_lookup()
zap_lookup_norm()
zap_count_write()
zap_lockdir()
zap_count_write()
This can improve performance on the benchmark described above by 100%,
from 30,000 file creations per second to 60,000. (This improvement is on
top of that provided by working around the object allocation issue. Peak
performance of ~90,000 creations per second was observed with 8 CPUs;
adding CPUs past that decreased performance due to lock contention.) The
CPU used by dmu_tx_hold_zap() was reduced by 88%, from 340 CPU-seconds
to 40 CPU-seconds.
Sponsored by: Intel Corp.
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/7004
OpenZFS-commit: https://github.com/openzfs/openzfs/pull/109
Closes #4641
Closes #4972
2016-07-20 22:42:13 +00:00
|
|
|
void dmu_object_info_from_dnode(dnode_t *dn, dmu_object_info_t *doi);
|
2013-06-11 17:12:34 +00:00
|
|
|
/* Like dmu_object_info, but faster if you have a held dbuf in hand. */
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_object_info_from_db(dmu_buf_t *db, dmu_object_info_t *doi);
|
2013-06-11 17:12:34 +00:00
|
|
|
/*
|
|
|
|
* Like dmu_object_info_from_db, but faster still when you only care about
|
|
|
|
* the size. This is specifically optimized for zfs_getattr().
|
|
|
|
*/
|
2008-11-20 20:01:55 +00:00
|
|
|
void dmu_object_size_from_db(dmu_buf_t *db, uint32_t *blksize,
|
|
|
|
u_longlong_t *nblk512);
|
|
|
|
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
void dmu_object_dnsize_from_db(dmu_buf_t *db, int *dnsize);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
typedef struct dmu_objset_stats {
|
|
|
|
uint64_t dds_num_clones; /* number of clones of this */
|
|
|
|
uint64_t dds_creation_txg;
|
|
|
|
uint64_t dds_guid;
|
|
|
|
dmu_objset_type_t dds_type;
|
|
|
|
uint8_t dds_is_snapshot;
|
|
|
|
uint8_t dds_inconsistent;
|
2016-06-15 21:28:36 +00:00
|
|
|
char dds_origin[ZFS_MAX_DATASET_NAME_LEN];
|
2008-11-20 20:01:55 +00:00
|
|
|
} dmu_objset_stats_t;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get stats on a dataset.
|
|
|
|
*/
|
|
|
|
void dmu_objset_fast_stat(objset_t *os, dmu_objset_stats_t *stat);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add entries to the nvlist for all the objset's properties. See
|
|
|
|
* zfs_prop_table[] and zfs(1m) for details on the properties.
|
|
|
|
*/
|
|
|
|
void dmu_objset_stats(objset_t *os, struct nvlist *nv);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the space usage statistics for statvfs().
|
|
|
|
*
|
|
|
|
* refdbytes is the amount of space "referenced" by this objset.
|
|
|
|
* availbytes is the amount of space available to this objset, taking
|
|
|
|
* into account quotas & reservations, assuming that no other objsets
|
|
|
|
* use the space first. These values correspond to the 'referenced' and
|
|
|
|
* 'available' properties, described in the zfs(1m) manpage.
|
|
|
|
*
|
|
|
|
* usedobjs and availobjs are the number of objects currently allocated,
|
|
|
|
* and available.
|
|
|
|
*/
|
|
|
|
void dmu_objset_space(objset_t *os, uint64_t *refdbytesp, uint64_t *availbytesp,
|
|
|
|
uint64_t *usedobjsp, uint64_t *availobjsp);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The fsid_guid is a 56-bit ID that can change to avoid collisions.
|
|
|
|
* (Contrast with the ds_guid which is a 64-bit ID that will never
|
|
|
|
* change, so there is a small probability that it will collide.)
|
|
|
|
*/
|
|
|
|
uint64_t dmu_objset_fsid_guid(objset_t *os);
|
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
/*
|
|
|
|
* Get the [cm]time for an objset's snapshot dir
|
|
|
|
*/
|
|
|
|
timestruc_t dmu_objset_snap_cmtime(objset_t *os);
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
int dmu_objset_is_snapshot(objset_t *os);
|
|
|
|
|
|
|
|
extern struct spa *dmu_objset_spa(objset_t *os);
|
|
|
|
extern struct zilog *dmu_objset_zil(objset_t *os);
|
|
|
|
extern struct dsl_pool *dmu_objset_pool(objset_t *os);
|
|
|
|
extern struct dsl_dataset *dmu_objset_ds(objset_t *os);
|
|
|
|
extern void dmu_objset_name(objset_t *os, char *buf);
|
|
|
|
extern dmu_objset_type_t dmu_objset_type(objset_t *os);
|
|
|
|
extern uint64_t dmu_objset_id(objset_t *os);
|
Implement large_dnode pool feature
Justification
-------------
This feature adds support for variable length dnodes. Our motivation is
to eliminate the overhead associated with using spill blocks. Spill
blocks are used to store system attribute data (i.e. file metadata) that
does not fit in the dnode's bonus buffer. By allowing a larger bonus
buffer area the use of a spill block can be avoided. Spill blocks
potentially incur an additional read I/O for every dnode in a dnode
block. As a worst case example, reading 32 dnodes from a 16k dnode block
and all of the spill blocks could issue 33 separate reads. Now suppose
those dnodes have size 1024 and therefore don't need spill blocks. Then
the worst case number of blocks read is reduced to from 33 to two--one
per dnode block. In practice spill blocks may tend to be co-located on
disk with the dnode blocks so the reduction in I/O would not be this
drastic. In a badly fragmented pool, however, the improvement could be
significant.
ZFS-on-Linux systems that make heavy use of extended attributes would
benefit from this feature. In particular, ZFS-on-Linux supports the
xattr=sa dataset property which allows file extended attribute data
to be stored in the dnode bonus buffer as an alternative to the
traditional directory-based format. Workloads such as SELinux and the
Lustre distributed filesystem often store enough xattr data to force
spill bocks when xattr=sa is in effect. Large dnodes may therefore
provide a performance benefit to such systems.
Other use cases that may benefit from this feature include files with
large ACLs and symbolic links with long target names. Furthermore,
this feature may be desirable on other platforms in case future
applications or features are developed that could make use of a
larger bonus buffer area.
Implementation
--------------
The size of a dnode may be a multiple of 512 bytes up to the size of
a dnode block (currently 16384 bytes). A dn_extra_slots field was
added to the current on-disk dnode_phys_t structure to describe the
size of the physical dnode on disk. The 8 bits for this field were
taken from the zero filled dn_pad2 field. The field represents how
many "extra" dnode_phys_t slots a dnode consumes in its dnode block.
This convention results in a value of 0 for 512 byte dnodes which
preserves on-disk format compatibility with older software.
Similarly, the in-memory dnode_t structure has a new dn_num_slots field
to represent the total number of dnode_phys_t slots consumed on disk.
Thus dn->dn_num_slots is 1 greater than the corresponding
dnp->dn_extra_slots. This difference in convention was adopted
because, unlike on-disk structures, backward compatibility is not a
concern for in-memory objects, so we used a more natural way to
represent size for a dnode_t.
The default size for newly created dnodes is determined by the value of
a new "dnodesize" dataset property. By default the property is set to
"legacy" which is compatible with older software. Setting the property
to "auto" will allow the filesystem to choose the most suitable dnode
size. Currently this just sets the default dnode size to 1k, but future
code improvements could dynamically choose a size based on observed
workload patterns. Dnodes of varying sizes can coexist within the same
dataset and even within the same dnode block. For example, to enable
automatically-sized dnodes, run
# zfs set dnodesize=auto tank/fish
The user can also specify literal values for the dnodesize property.
These are currently limited to powers of two from 1k to 16k. The
power-of-2 limitation is only for simplicity of the user interface.
Internally the implementation can handle any multiple of 512 up to 16k,
and consumers of the DMU API can specify any legal dnode value.
The size of a new dnode is determined at object allocation time and
stored as a new field in the znode in-memory structure. New DMU
interfaces are added to allow the consumer to specify the dnode size
that a newly allocated object should use. Existing interfaces are
unchanged to avoid having to update every call site and to preserve
compatibility with external consumers such as Lustre. The new
interfaces names are given below. The versions of these functions that
don't take a dnodesize parameter now just call the _dnsize() versions
with a dnodesize of 0, which means use the legacy dnode size.
New DMU interfaces:
dmu_object_alloc_dnsize()
dmu_object_claim_dnsize()
dmu_object_reclaim_dnsize()
New ZAP interfaces:
zap_create_dnsize()
zap_create_norm_dnsize()
zap_create_flags_dnsize()
zap_create_claim_norm_dnsize()
zap_create_link_dnsize()
The constant DN_MAX_BONUSLEN is renamed to DN_OLD_MAX_BONUSLEN. The
spa_maxdnodesize() function should be used to determine the maximum
bonus length for a pool.
These are a few noteworthy changes to key functions:
* The prototype for dnode_hold_impl() now takes a "slots" parameter.
When the DNODE_MUST_BE_FREE flag is set, this parameter is used to
ensure the hole at the specified object offset is large enough to
hold the dnode being created. The slots parameter is also used
to ensure a dnode does not span multiple dnode blocks. In both of
these cases, if a failure occurs, ENOSPC is returned. Keep in mind,
these failure cases are only possible when using DNODE_MUST_BE_FREE.
If the DNODE_MUST_BE_ALLOCATED flag is set, "slots" must be 0.
dnode_hold_impl() will check if the requested dnode is already
consumed as an extra dnode slot by an large dnode, in which case
it returns ENOENT.
* The function dmu_object_alloc() advances to the next dnode block
if dnode_hold_impl() returns an error for a requested object.
This is because the beginning of the next dnode block is the only
location it can safely assume to either be a hole or a valid
starting point for a dnode.
* dnode_next_offset_level() and other functions that iterate
through dnode blocks may no longer use a simple array indexing
scheme. These now use the current dnode's dn_num_slots field to
advance to the next dnode in the block. This is to ensure we
properly skip the current dnode's bonus area and don't interpret it
as a valid dnode.
zdb
---
The zdb command was updated to display a dnode's size under the
"dnsize" column when the object is dumped.
For ZIL create log records, zdb will now display the slot count for
the object.
ztest
-----
Ztest chooses a random dnodesize for every newly created object. The
random distribution is more heavily weighted toward small dnodes to
better simulate real-world datasets.
Unused bonus buffer space is filled with non-zero values computed from
the object number, dataset id, offset, and generation number. This
helps ensure that the dnode traversal code properly skips the interior
regions of large dnodes, and that these interior regions are not
overwritten by data belonging to other dnodes. A new test visits each
object in a dataset. It verifies that the actual dnode size matches what
was stored in the ztest block tag when it was created. It also verifies
that the unused bonus buffer space is filled with the expected data
patterns.
ZFS Test Suite
--------------
Added six new large dnode-specific tests, and integrated the dnodesize
property into existing tests for zfs allow and send/recv.
Send/Receive
------------
ZFS send streams for datasets containing large dnodes cannot be received
on pools that don't support the large_dnode feature. A send stream with
large dnodes sets a DMU_BACKUP_FEATURE_LARGE_DNODE flag which will be
unrecognized by an incompatible receiving pool so that the zfs receive
will fail gracefully.
While not implemented here, it may be possible to generate a
backward-compatible send stream from a dataset containing large
dnodes. The implementation may be tricky, however, because the send
object record for a large dnode would need to be resized to a 512
byte dnode, possibly kicking in a spill block in the process. This
means we would need to construct a new SA layout and possibly
register it in the SA layout object. The SA layout is normally just
sent as an ordinary object record. But if we are constructing new
layouts while generating the send stream we'd have to build the SA
layout object dynamically and send it at the end of the stream.
For sending and receiving between pools that do support large dnodes,
the drr_object send record type is extended with a new field to store
the dnode slot count. This field was repurposed from unused padding
in the structure.
ZIL Replay
----------
The dnode slot count is stored in the uppermost 8 bits of the lr_foid
field. The bits were unused as the object id is currently capped at
48 bits.
Resizing Dnodes
---------------
It should be possible to resize a dnode when it is dirtied if the
current dnodesize dataset property differs from the dnode's size, but
this functionality is not currently implemented. Clearly a dnode can
only grow if there are sufficient contiguous unused slots in the
dnode block, but it should always be possible to shrink a dnode.
Growing dnodes may be useful to reduce fragmentation in a pool with
many spill blocks in use. Shrinking dnodes may be useful to allow
sending a dataset to a pool that doesn't support the large_dnode
feature.
Feature Reference Counting
--------------------------
The reference count for the large_dnode pool feature tracks the
number of datasets that have ever contained a dnode of size larger
than 512 bytes. The first time a large dnode is created in a dataset
the dataset is converted to an extensible dataset. This is a one-way
operation and the only way to decrement the feature count is to
destroy the dataset, even if the dataset no longer contains any large
dnodes. The complexity of reference counting on a per-dnode basis was
too high, so we chose to track it on a per-dataset basis similarly to
the large_block feature.
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3542
2016-03-17 01:25:34 +00:00
|
|
|
extern uint64_t dmu_objset_dnodesize(objset_t *os);
|
2014-05-23 16:21:07 +00:00
|
|
|
extern zfs_sync_type_t dmu_objset_syncprop(objset_t *os);
|
|
|
|
extern zfs_logbias_op_t dmu_objset_logbias(objset_t *os);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int dmu_snapshot_list_next(objset_t *os, int namelen, char *name,
|
|
|
|
uint64_t *id, uint64_t *offp, boolean_t *case_conflict);
|
2013-01-25 22:57:53 +00:00
|
|
|
extern int dmu_snapshot_lookup(objset_t *os, const char *name, uint64_t *val);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern int dmu_snapshot_realname(objset_t *os, char *name, char *real,
|
|
|
|
int maxlen, boolean_t *conflict);
|
|
|
|
extern int dmu_dir_list_next(objset_t *os, int namelen, char *name,
|
|
|
|
uint64_t *idp, uint64_t *offp);
|
2009-07-02 22:44:48 +00:00
|
|
|
|
2010-05-28 20:45:14 +00:00
|
|
|
typedef int objset_used_cb_t(dmu_object_type_t bonustype,
|
|
|
|
void *bonus, uint64_t *userp, uint64_t *groupp);
|
2009-07-02 22:44:48 +00:00
|
|
|
extern void dmu_objset_register_type(dmu_objset_type_t ost,
|
|
|
|
objset_used_cb_t *cb);
|
2008-11-20 20:01:55 +00:00
|
|
|
extern void dmu_objset_set_user(objset_t *os, void *user_ptr);
|
|
|
|
extern void *dmu_objset_get_user(objset_t *os);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the txg number for the given assigned transaction.
|
|
|
|
*/
|
|
|
|
uint64_t dmu_tx_get_txg(dmu_tx_t *tx);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Synchronous write.
|
|
|
|
* If a parent zio is provided this function initiates a write on the
|
|
|
|
* provided buffer as a child of the parent zio.
|
|
|
|
* In the absence of a parent zio, the write is completed synchronously.
|
|
|
|
* At write completion, blk is filled with the bp of the written block.
|
|
|
|
* Note that while the data covered by this function will be on stable
|
|
|
|
* storage when the write completes this new data does not become a
|
|
|
|
* permanent part of the file until the associated transaction commits.
|
|
|
|
*/
|
2010-05-28 20:45:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* {zfs,zvol,ztest}_get_done() args
|
|
|
|
*/
|
|
|
|
typedef struct zgd {
|
|
|
|
struct zilog *zgd_zilog;
|
|
|
|
struct blkptr *zgd_bp;
|
|
|
|
dmu_buf_t *zgd_db;
|
|
|
|
struct rl *zgd_rl;
|
|
|
|
void *zgd_private;
|
|
|
|
} zgd_t;
|
|
|
|
|
|
|
|
typedef void dmu_sync_cb_t(zgd_t *arg, int error);
|
|
|
|
int dmu_sync(struct zio *zio, uint64_t txg, dmu_sync_cb_t *done, zgd_t *zgd);
|
2008-11-20 20:01:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the next hole or data block in file starting at *off
|
|
|
|
* Return found offset in *off. Return ESRCH for end of file.
|
|
|
|
*/
|
|
|
|
int dmu_offset_next(objset_t *os, uint64_t object, boolean_t hole,
|
|
|
|
uint64_t *off);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initial setup and final teardown.
|
|
|
|
*/
|
|
|
|
extern void dmu_init(void);
|
|
|
|
extern void dmu_fini(void);
|
|
|
|
|
|
|
|
typedef void (*dmu_traverse_cb_t)(objset_t *os, void *arg, struct blkptr *bp,
|
|
|
|
uint64_t object, uint64_t offset, int len);
|
|
|
|
void dmu_traverse_objset(objset_t *os, uint64_t txg_start,
|
|
|
|
dmu_traverse_cb_t cb, void *arg);
|
|
|
|
|
2013-09-04 12:00:57 +00:00
|
|
|
int dmu_diff(const char *tosnap_name, const char *fromsnap_name,
|
|
|
|
struct vnode *vp, offset_t *offp);
|
2010-08-26 21:24:34 +00:00
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
/* CRC64 table */
|
|
|
|
#define ZFS_CRC64_POLY 0xC96C5795D7870F42ULL /* ECMA-182, reflected form */
|
|
|
|
extern uint64_t zfs_crc64_table[256];
|
|
|
|
|
2013-08-08 20:33:18 +00:00
|
|
|
extern int zfs_mdcomp_disable;
|
|
|
|
|
2008-11-20 20:01:55 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* _SYS_DMU_H */
|