1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3 * CDDL HEADER START
4 *
5 * The contents of this file are subject to the terms of the
6 * Common Development and Distribution License (the "License").
7 * You may not use this file except in compliance with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or https://opensource.org/licenses/CDDL-1.0.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23 /*
24 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
25 * Copyright (c) 2012, 2020 by Delphix. All rights reserved.
26 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
27 * Copyright 2020 Oxide Computer Company
28 */
29
30 #include <sys/zfs_context.h>
31 #include <sys/dbuf.h>
32 #include <sys/dnode.h>
33 #include <sys/dmu.h>
34 #include <sys/dmu_tx.h>
35 #include <sys/dmu_objset.h>
36 #include <sys/dmu_recv.h>
37 #include <sys/dsl_dataset.h>
38 #include <sys/spa.h>
39 #include <sys/range_tree.h>
40 #include <sys/zfeature.h>
41
42 static void
dnode_increase_indirection(dnode_t * dn,dmu_tx_t * tx)43 dnode_increase_indirection(dnode_t *dn, dmu_tx_t *tx)
44 {
45 dmu_buf_impl_t *db;
46 int txgoff = tx->tx_txg & TXG_MASK;
47 int nblkptr = dn->dn_phys->dn_nblkptr;
48 int old_toplvl = dn->dn_phys->dn_nlevels - 1;
49 int new_level = dn->dn_next_nlevels[txgoff];
50 int i;
51
52 rw_enter(&dn->dn_struct_rwlock, RW_WRITER);
53
54 /* this dnode can't be paged out because it's dirty */
55 ASSERT(dn->dn_phys->dn_type != DMU_OT_NONE);
56 ASSERT(new_level > 1 && dn->dn_phys->dn_nlevels > 0);
57
58 db = dbuf_hold_level(dn, dn->dn_phys->dn_nlevels, 0, FTAG);
59 ASSERT(db != NULL);
60
61 dn->dn_phys->dn_nlevels = new_level;
62 dprintf("os=%p obj=%llu, increase to %d\n", dn->dn_objset,
63 (u_longlong_t)dn->dn_object, dn->dn_phys->dn_nlevels);
64
65 /*
66 * Lock ordering requires that we hold the children's db_mutexes (by
67 * calling dbuf_find()) before holding the parent's db_rwlock. The lock
68 * order is imposed by dbuf_read's steps of "grab the lock to protect
69 * db_parent, get db_parent, hold db_parent's db_rwlock".
70 */
71 dmu_buf_impl_t *children[DN_MAX_NBLKPTR];
72 ASSERT3U(nblkptr, <=, DN_MAX_NBLKPTR);
73 for (i = 0; i < nblkptr; i++) {
74 children[i] = dbuf_find(dn->dn_objset, dn->dn_object,
75 old_toplvl, i, NULL);
76 }
77
78 /* transfer dnode's block pointers to new indirect block */
79 (void) dbuf_read(db, NULL, DB_RF_MUST_SUCCEED|DB_RF_HAVESTRUCT);
80 if (dn->dn_dbuf != NULL)
81 rw_enter(&dn->dn_dbuf->db_rwlock, RW_WRITER);
82 rw_enter(&db->db_rwlock, RW_WRITER);
83 ASSERT(db->db.db_data);
84 ASSERT(arc_released(db->db_buf));
85 ASSERT3U(sizeof (blkptr_t) * nblkptr, <=, db->db.db_size);
86 memcpy(db->db.db_data, dn->dn_phys->dn_blkptr,
87 sizeof (blkptr_t) * nblkptr);
88 arc_buf_freeze(db->db_buf);
89
90 /* set dbuf's parent pointers to new indirect buf */
91 for (i = 0; i < nblkptr; i++) {
92 dmu_buf_impl_t *child = children[i];
93
94 if (child == NULL)
95 continue;
96 #ifdef ZFS_DEBUG
97 DB_DNODE_ENTER(child);
98 ASSERT3P(DB_DNODE(child), ==, dn);
99 DB_DNODE_EXIT(child);
100 #endif /* DEBUG */
101 if (child->db_parent && child->db_parent != dn->dn_dbuf) {
102 ASSERT(child->db_parent->db_level == db->db_level);
103 ASSERT(child->db_blkptr !=
104 &dn->dn_phys->dn_blkptr[child->db_blkid]);
105 mutex_exit(&child->db_mtx);
106 continue;
107 }
108 ASSERT(child->db_parent == NULL ||
109 child->db_parent == dn->dn_dbuf);
110
111 child->db_parent = db;
112 dbuf_add_ref(db, child);
113 if (db->db.db_data)
114 child->db_blkptr = (blkptr_t *)db->db.db_data + i;
115 else
116 child->db_blkptr = NULL;
117 dprintf_dbuf_bp(child, child->db_blkptr,
118 "changed db_blkptr to new indirect %s", "");
119
120 mutex_exit(&child->db_mtx);
121 }
122
123 memset(dn->dn_phys->dn_blkptr, 0, sizeof (blkptr_t) * nblkptr);
124
125 rw_exit(&db->db_rwlock);
126 if (dn->dn_dbuf != NULL)
127 rw_exit(&dn->dn_dbuf->db_rwlock);
128
129 dbuf_rele(db, FTAG);
130
131 rw_exit(&dn->dn_struct_rwlock);
132 }
133
134 static void
free_blocks(dnode_t * dn,blkptr_t * bp,int num,dmu_tx_t * tx)135 free_blocks(dnode_t *dn, blkptr_t *bp, int num, dmu_tx_t *tx)
136 {
137 dsl_dataset_t *ds = dn->dn_objset->os_dsl_dataset;
138 uint64_t bytesfreed = 0;
139
140 dprintf("ds=%p obj=%llx num=%d\n", ds, (u_longlong_t)dn->dn_object,
141 num);
142
143 for (int i = 0; i < num; i++, bp++) {
144 if (BP_IS_HOLE(bp))
145 continue;
146
147 bytesfreed += dsl_dataset_block_kill(ds, bp, tx, B_FALSE);
148 ASSERT3U(bytesfreed, <=, DN_USED_BYTES(dn->dn_phys));
149
150 /*
151 * Save some useful information on the holes being
152 * punched, including logical size, type, and indirection
153 * level. Retaining birth time enables detection of when
154 * holes are punched for reducing the number of free
155 * records transmitted during a zfs send.
156 */
157
158 uint64_t lsize = BP_GET_LSIZE(bp);
159 dmu_object_type_t type = BP_GET_TYPE(bp);
160 uint64_t lvl = BP_GET_LEVEL(bp);
161
162 memset(bp, 0, sizeof (blkptr_t));
163
164 if (spa_feature_is_active(dn->dn_objset->os_spa,
165 SPA_FEATURE_HOLE_BIRTH)) {
166 BP_SET_LSIZE(bp, lsize);
167 BP_SET_TYPE(bp, type);
168 BP_SET_LEVEL(bp, lvl);
169 BP_SET_BIRTH(bp, dmu_tx_get_txg(tx), 0);
170 }
171 }
172 dnode_diduse_space(dn, -bytesfreed);
173 }
174
175 #ifdef ZFS_DEBUG
176 static void
free_verify(dmu_buf_impl_t * db,uint64_t start,uint64_t end,dmu_tx_t * tx)177 free_verify(dmu_buf_impl_t *db, uint64_t start, uint64_t end, dmu_tx_t *tx)
178 {
179 uint64_t off, num, i, j;
180 unsigned int epbs;
181 int err;
182 uint64_t txg = tx->tx_txg;
183 dnode_t *dn;
184
185 DB_DNODE_ENTER(db);
186 dn = DB_DNODE(db);
187 epbs = dn->dn_phys->dn_indblkshift - SPA_BLKPTRSHIFT;
188 off = start - (db->db_blkid << epbs);
189 num = end - start + 1;
190
191 ASSERT3U(dn->dn_phys->dn_indblkshift, >=, SPA_BLKPTRSHIFT);
192 ASSERT3U(end + 1, >=, start);
193 ASSERT3U(start, >=, (db->db_blkid << epbs));
194 ASSERT3U(db->db_level, >, 0);
195 ASSERT3U(db->db.db_size, ==, 1 << dn->dn_phys->dn_indblkshift);
196 ASSERT3U(off+num, <=, db->db.db_size >> SPA_BLKPTRSHIFT);
197 ASSERT(db->db_blkptr != NULL);
198
199 for (i = off; i < off+num; i++) {
200 uint64_t *buf;
201 dmu_buf_impl_t *child;
202 dbuf_dirty_record_t *dr;
203
204 ASSERT(db->db_level == 1);
205
206 rw_enter(&dn->dn_struct_rwlock, RW_READER);
207 err = dbuf_hold_impl(dn, db->db_level - 1,
208 (db->db_blkid << epbs) + i, TRUE, FALSE, FTAG, &child);
209 rw_exit(&dn->dn_struct_rwlock);
210 if (err == ENOENT)
211 continue;
212 ASSERT0(err);
213 ASSERT0(child->db_level);
214 dr = dbuf_find_dirty_eq(child, txg);
215
216 /* data_old better be zeroed */
217 if (dr) {
218 buf = dr->dt.dl.dr_data->b_data;
219 for (j = 0; j < child->db.db_size >> 3; j++) {
220 if (buf[j] != 0) {
221 panic("freed data not zero: "
222 "child=%p i=%llu off=%llu "
223 "num=%llu\n",
224 (void *)child, (u_longlong_t)i,
225 (u_longlong_t)off,
226 (u_longlong_t)num);
227 }
228 }
229 }
230
231 /*
232 * db_data better be zeroed unless it's dirty in a
233 * future txg.
234 */
235 mutex_enter(&child->db_mtx);
236 buf = child->db.db_data;
237 if (buf != NULL && child->db_state != DB_FILL &&
238 list_is_empty(&child->db_dirty_records)) {
239 for (j = 0; j < child->db.db_size >> 3; j++) {
240 if (buf[j] != 0) {
241 panic("freed data not zero: "
242 "child=%p i=%llu off=%llu "
243 "num=%llu\n",
244 (void *)child, (u_longlong_t)i,
245 (u_longlong_t)off,
246 (u_longlong_t)num);
247 }
248 }
249 }
250 mutex_exit(&child->db_mtx);
251
252 dbuf_rele(child, FTAG);
253 }
254 DB_DNODE_EXIT(db);
255 }
256 #endif
257
258 /*
259 * We don't usually free the indirect blocks here. If in one txg we have a
260 * free_range and a write to the same indirect block, it's important that we
261 * preserve the hole's birth times. Therefore, we don't free any any indirect
262 * blocks in free_children(). If an indirect block happens to turn into all
263 * holes, it will be freed by dbuf_write_children_ready, which happens at a
264 * point in the syncing process where we know for certain the contents of the
265 * indirect block.
266 *
267 * However, if we're freeing a dnode, its space accounting must go to zero
268 * before we actually try to free the dnode, or we will trip an assertion. In
269 * addition, we know the case described above cannot occur, because the dnode is
270 * being freed. Therefore, we free the indirect blocks immediately in that
271 * case.
272 */
273 static void
free_children(dmu_buf_impl_t * db,uint64_t blkid,uint64_t nblks,boolean_t free_indirects,dmu_tx_t * tx)274 free_children(dmu_buf_impl_t *db, uint64_t blkid, uint64_t nblks,
275 boolean_t free_indirects, dmu_tx_t *tx)
276 {
277 dnode_t *dn;
278 blkptr_t *bp;
279 dmu_buf_impl_t *subdb;
280 uint64_t start, end, dbstart, dbend;
281 unsigned int epbs, shift, i;
282
283 /*
284 * There is a small possibility that this block will not be cached:
285 * 1 - if level > 1 and there are no children with level <= 1
286 * 2 - if this block was evicted since we read it from
287 * dmu_tx_hold_free().
288 */
289 if (db->db_state != DB_CACHED)
290 (void) dbuf_read(db, NULL, DB_RF_MUST_SUCCEED);
291
292 /*
293 * If we modify this indirect block, and we are not freeing the
294 * dnode (!free_indirects), then this indirect block needs to get
295 * written to disk by dbuf_write(). If it is dirty, we know it will
296 * be written (otherwise, we would have incorrect on-disk state
297 * because the space would be freed but still referenced by the BP
298 * in this indirect block). Therefore we VERIFY that it is
299 * dirty.
300 *
301 * Our VERIFY covers some cases that do not actually have to be
302 * dirty, but the open-context code happens to dirty. E.g. if the
303 * blocks we are freeing are all holes, because in that case, we
304 * are only freeing part of this indirect block, so it is an
305 * ancestor of the first or last block to be freed. The first and
306 * last L1 indirect blocks are always dirtied by dnode_free_range().
307 */
308 db_lock_type_t dblt = dmu_buf_lock_parent(db, RW_READER, FTAG);
309 VERIFY(BP_GET_FILL(db->db_blkptr) == 0 || db->db_dirtycnt > 0);
310 dmu_buf_unlock_parent(db, dblt, FTAG);
311
312 dbuf_release_bp(db);
313 bp = db->db.db_data;
314
315 DB_DNODE_ENTER(db);
316 dn = DB_DNODE(db);
317 epbs = dn->dn_phys->dn_indblkshift - SPA_BLKPTRSHIFT;
318 ASSERT3U(epbs, <, 31);
319 shift = (db->db_level - 1) * epbs;
320 dbstart = db->db_blkid << epbs;
321 start = blkid >> shift;
322 if (dbstart < start) {
323 bp += start - dbstart;
324 } else {
325 start = dbstart;
326 }
327 dbend = ((db->db_blkid + 1) << epbs) - 1;
328 end = (blkid + nblks - 1) >> shift;
329 if (dbend <= end)
330 end = dbend;
331
332 ASSERT3U(start, <=, end);
333
334 if (db->db_level == 1) {
335 FREE_VERIFY(db, start, end, tx);
336 rw_enter(&db->db_rwlock, RW_WRITER);
337 free_blocks(dn, bp, end - start + 1, tx);
338 rw_exit(&db->db_rwlock);
339 } else {
340 for (uint64_t id = start; id <= end; id++, bp++) {
341 if (BP_IS_HOLE(bp))
342 continue;
343 rw_enter(&dn->dn_struct_rwlock, RW_READER);
344 VERIFY0(dbuf_hold_impl(dn, db->db_level - 1,
345 id, TRUE, FALSE, FTAG, &subdb));
346 rw_exit(&dn->dn_struct_rwlock);
347 ASSERT3P(bp, ==, subdb->db_blkptr);
348
349 free_children(subdb, blkid, nblks, free_indirects, tx);
350 dbuf_rele(subdb, FTAG);
351 }
352 }
353
354 if (free_indirects) {
355 rw_enter(&db->db_rwlock, RW_WRITER);
356 for (i = 0, bp = db->db.db_data; i < 1 << epbs; i++, bp++)
357 ASSERT(BP_IS_HOLE(bp));
358 memset(db->db.db_data, 0, db->db.db_size);
359 free_blocks(dn, db->db_blkptr, 1, tx);
360 rw_exit(&db->db_rwlock);
361 }
362
363 DB_DNODE_EXIT(db);
364 arc_buf_freeze(db->db_buf);
365 }
366
367 /*
368 * Traverse the indicated range of the provided file
369 * and "free" all the blocks contained there.
370 */
371 static void
dnode_sync_free_range_impl(dnode_t * dn,uint64_t blkid,uint64_t nblks,boolean_t free_indirects,dmu_tx_t * tx)372 dnode_sync_free_range_impl(dnode_t *dn, uint64_t blkid, uint64_t nblks,
373 boolean_t free_indirects, dmu_tx_t *tx)
374 {
375 blkptr_t *bp = dn->dn_phys->dn_blkptr;
376 int dnlevel = dn->dn_phys->dn_nlevels;
377 boolean_t trunc = B_FALSE;
378
379 if (blkid > dn->dn_phys->dn_maxblkid)
380 return;
381
382 ASSERT(dn->dn_phys->dn_maxblkid < UINT64_MAX);
383 if (blkid + nblks > dn->dn_phys->dn_maxblkid) {
384 nblks = dn->dn_phys->dn_maxblkid - blkid + 1;
385 trunc = B_TRUE;
386 }
387
388 /* There are no indirect blocks in the object */
389 if (dnlevel == 1) {
390 if (blkid >= dn->dn_phys->dn_nblkptr) {
391 /* this range was never made persistent */
392 return;
393 }
394 ASSERT3U(blkid + nblks, <=, dn->dn_phys->dn_nblkptr);
395 free_blocks(dn, bp + blkid, nblks, tx);
396 } else {
397 int shift = (dnlevel - 1) *
398 (dn->dn_phys->dn_indblkshift - SPA_BLKPTRSHIFT);
399 int start = blkid >> shift;
400 int end = (blkid + nblks - 1) >> shift;
401 dmu_buf_impl_t *db;
402
403 ASSERT(start < dn->dn_phys->dn_nblkptr);
404 bp += start;
405 for (int i = start; i <= end; i++, bp++) {
406 if (BP_IS_HOLE(bp))
407 continue;
408 rw_enter(&dn->dn_struct_rwlock, RW_READER);
409 VERIFY0(dbuf_hold_impl(dn, dnlevel - 1, i,
410 TRUE, FALSE, FTAG, &db));
411 rw_exit(&dn->dn_struct_rwlock);
412 free_children(db, blkid, nblks, free_indirects, tx);
413 dbuf_rele(db, FTAG);
414 }
415 }
416
417 /*
418 * Do not truncate the maxblkid if we are performing a raw
419 * receive. The raw receive sets the maxblkid manually and
420 * must not be overridden. Usually, the last DRR_FREE record
421 * will be at the maxblkid, because the source system sets
422 * the maxblkid when truncating. However, if the last block
423 * was freed by overwriting with zeros and being compressed
424 * away to a hole, the source system will generate a DRR_FREE
425 * record while leaving the maxblkid after the end of that
426 * record. In this case we need to leave the maxblkid as
427 * indicated in the DRR_OBJECT record, so that it matches the
428 * source system, ensuring that the cryptographic hashes will
429 * match.
430 */
431 if (trunc && !dn->dn_objset->os_raw_receive) {
432 uint64_t off __maybe_unused;
433 dn->dn_phys->dn_maxblkid = blkid == 0 ? 0 : blkid - 1;
434
435 off = (dn->dn_phys->dn_maxblkid + 1) *
436 (dn->dn_phys->dn_datablkszsec << SPA_MINBLOCKSHIFT);
437 ASSERT(off < dn->dn_phys->dn_maxblkid ||
438 dn->dn_phys->dn_maxblkid == 0 ||
439 dnode_next_offset(dn, 0, &off, 1, 1, 0) != 0);
440 }
441 }
442
443 /*
444 * Try to kick all the dnode's dbufs out of the cache...
445 */
446 void
dnode_evict_dbufs(dnode_t * dn)447 dnode_evict_dbufs(dnode_t *dn)
448 {
449 dmu_buf_impl_t *db_marker;
450 dmu_buf_impl_t *db, *db_next;
451
452 db_marker = kmem_alloc(sizeof (dmu_buf_impl_t), KM_SLEEP);
453
454 mutex_enter(&dn->dn_dbufs_mtx);
455 for (db = avl_first(&dn->dn_dbufs); db != NULL; db = db_next) {
456
457 #ifdef ZFS_DEBUG
458 DB_DNODE_ENTER(db);
459 ASSERT3P(DB_DNODE(db), ==, dn);
460 DB_DNODE_EXIT(db);
461 #endif /* DEBUG */
462
463 mutex_enter(&db->db_mtx);
464 if (db->db_state != DB_EVICTING &&
465 zfs_refcount_is_zero(&db->db_holds)) {
466 db_marker->db_level = db->db_level;
467 db_marker->db_blkid = db->db_blkid;
468 /*
469 * Insert a MARKER node with the same level and blkid.
470 * And to resolve any ties in dbuf_compare() use the
471 * pointer of the dbuf that we are evicting. Pass the
472 * address in db_parent.
473 */
474 db_marker->db_state = DB_MARKER;
475 db_marker->db_parent = (void *)((uintptr_t)db - 1);
476 avl_insert_here(&dn->dn_dbufs, db_marker, db,
477 AVL_BEFORE);
478
479 /*
480 * We need to use the "marker" dbuf rather than
481 * simply getting the next dbuf, because
482 * dbuf_destroy() may actually remove multiple dbufs.
483 * It can call itself recursively on the parent dbuf,
484 * which may also be removed from dn_dbufs. The code
485 * flow would look like:
486 *
487 * dbuf_destroy():
488 * dnode_rele_and_unlock(parent_dbuf, evicting=TRUE):
489 * if (!cacheable || pending_evict)
490 * dbuf_destroy()
491 */
492 dbuf_destroy(db);
493
494 db_next = AVL_NEXT(&dn->dn_dbufs, db_marker);
495 avl_remove(&dn->dn_dbufs, db_marker);
496 } else {
497 db->db_pending_evict = TRUE;
498 db->db_partial_read = FALSE;
499 mutex_exit(&db->db_mtx);
500 db_next = AVL_NEXT(&dn->dn_dbufs, db);
501 }
502 }
503 mutex_exit(&dn->dn_dbufs_mtx);
504
505 kmem_free(db_marker, sizeof (dmu_buf_impl_t));
506
507 dnode_evict_bonus(dn);
508 }
509
510 void
dnode_evict_bonus(dnode_t * dn)511 dnode_evict_bonus(dnode_t *dn)
512 {
513 rw_enter(&dn->dn_struct_rwlock, RW_WRITER);
514 if (dn->dn_bonus != NULL) {
515 if (zfs_refcount_is_zero(&dn->dn_bonus->db_holds)) {
516 mutex_enter(&dn->dn_bonus->db_mtx);
517 dbuf_destroy(dn->dn_bonus);
518 dn->dn_bonus = NULL;
519 } else {
520 dn->dn_bonus->db_pending_evict = TRUE;
521 }
522 }
523 rw_exit(&dn->dn_struct_rwlock);
524 }
525
526 static void
dnode_undirty_dbufs(list_t * list)527 dnode_undirty_dbufs(list_t *list)
528 {
529 dbuf_dirty_record_t *dr;
530
531 while ((dr = list_head(list))) {
532 dmu_buf_impl_t *db = dr->dr_dbuf;
533 uint64_t txg = dr->dr_txg;
534
535 if (db->db_level != 0)
536 dnode_undirty_dbufs(&dr->dt.di.dr_children);
537
538 mutex_enter(&db->db_mtx);
539 /* XXX - use dbuf_undirty()? */
540 list_remove(list, dr);
541 ASSERT(list_head(&db->db_dirty_records) == dr);
542 list_remove_head(&db->db_dirty_records);
543 ASSERT(list_is_empty(&db->db_dirty_records));
544 db->db_dirtycnt -= 1;
545 if (db->db_level == 0) {
546 ASSERT(db->db_blkid == DMU_BONUS_BLKID ||
547 dr->dt.dl.dr_data == db->db_buf);
548 dbuf_unoverride(dr);
549 } else {
550 mutex_destroy(&dr->dt.di.dr_mtx);
551 list_destroy(&dr->dt.di.dr_children);
552 }
553 kmem_cache_free(dbuf_dirty_kmem_cache, dr);
554 dbuf_rele_and_unlock(db, (void *)(uintptr_t)txg, B_FALSE);
555 }
556 }
557
558 static void
dnode_sync_free(dnode_t * dn,dmu_tx_t * tx)559 dnode_sync_free(dnode_t *dn, dmu_tx_t *tx)
560 {
561 int txgoff = tx->tx_txg & TXG_MASK;
562
563 ASSERT(dmu_tx_is_syncing(tx));
564
565 /*
566 * Our contents should have been freed in dnode_sync() by the
567 * free range record inserted by the caller of dnode_free().
568 */
569 ASSERT0(DN_USED_BYTES(dn->dn_phys));
570 ASSERT(BP_IS_HOLE(dn->dn_phys->dn_blkptr));
571
572 dnode_undirty_dbufs(&dn->dn_dirty_records[txgoff]);
573 dnode_evict_dbufs(dn);
574
575 /*
576 * XXX - It would be nice to assert this, but we may still
577 * have residual holds from async evictions from the arc...
578 *
579 * zfs_obj_to_path() also depends on this being
580 * commented out.
581 *
582 * ASSERT3U(zfs_refcount_count(&dn->dn_holds), ==, 1);
583 */
584
585 /* Undirty next bits */
586 dn->dn_next_nlevels[txgoff] = 0;
587 dn->dn_next_indblkshift[txgoff] = 0;
588 dn->dn_next_blksz[txgoff] = 0;
589 dn->dn_next_maxblkid[txgoff] = 0;
590
591 /* ASSERT(blkptrs are zero); */
592 ASSERT(dn->dn_phys->dn_type != DMU_OT_NONE);
593 ASSERT(dn->dn_type != DMU_OT_NONE);
594
595 ASSERT(dn->dn_free_txg > 0);
596 if (dn->dn_allocated_txg != dn->dn_free_txg)
597 dmu_buf_will_dirty(&dn->dn_dbuf->db, tx);
598 memset(dn->dn_phys, 0, sizeof (dnode_phys_t) * dn->dn_num_slots);
599 dnode_free_interior_slots(dn);
600
601 mutex_enter(&dn->dn_mtx);
602 dn->dn_type = DMU_OT_NONE;
603 dn->dn_maxblkid = 0;
604 dn->dn_allocated_txg = 0;
605 dn->dn_free_txg = 0;
606 dn->dn_have_spill = B_FALSE;
607 dn->dn_num_slots = 1;
608 mutex_exit(&dn->dn_mtx);
609
610 ASSERT(dn->dn_object != DMU_META_DNODE_OBJECT);
611
612 dnode_rele(dn, (void *)(uintptr_t)tx->tx_txg);
613 /*
614 * Now that we've released our hold, the dnode may
615 * be evicted, so we mustn't access it.
616 */
617 }
618
619 /*
620 * We cannot simply detach the range tree (set dn_free_ranges to NULL)
621 * before processing it because dnode_block_freed() relies on it to
622 * correctly identify blocks that have been freed in the current TXG
623 * (for dbuf_read() calls on holes). If we detached it early, a concurrent
624 * reader might see the block as valid on disk and return stale data
625 * instead of zeros.
626 *
627 * We also can't use zfs_range_tree_walk() nor zfs_range_tree_vacate()
628 * with a callback that drops dn_mtx (dnode_sync_free_range()). This is
629 * unsafe because another thread (spa_sync_deferred_frees() ->
630 * dnode_free_range()) could acquire dn_mtx and modify the tree while the
631 * walk or vacate was in progress. This leads to tree corruption or panic
632 * when we resume.
633 *
634 * To fix the race while maintaining visibility, we process the tree
635 * incrementally. We pick a segment, drop the lock to sync it, and
636 * re-acquire the lock to remove it. By always restarting from the head
637 * of the tree, we ensure we are never using an invalid iterator.
638 * We use zfs_range_tree_clear() instead of ..._remove() because the range
639 * might have already been removed while the lock was dropped (specifically
640 * in the dbuf_dirty path mentioned above). ..._clear() handles this
641 * gracefully, while ..._remove() would panic on a missing segment.
642 */
643 static void
dnode_sync_free_ranges(dnode_t * dn,dmu_tx_t * tx)644 dnode_sync_free_ranges(dnode_t *dn, dmu_tx_t *tx)
645 {
646 int txgoff = tx->tx_txg & TXG_MASK;
647
648 mutex_enter(&dn->dn_mtx);
649 zfs_range_tree_t *rt = dn->dn_free_ranges[txgoff];
650 if (rt != NULL) {
651 boolean_t freeing_dnode = dn->dn_free_txg > 0 &&
652 dn->dn_free_txg <= tx->tx_txg;
653 zfs_range_seg_t *rs;
654
655 if (freeing_dnode) {
656 ASSERT(zfs_range_tree_contains(rt, 0,
657 dn->dn_maxblkid + 1));
658 }
659
660 while ((rs = zfs_range_tree_first(rt)) != NULL) {
661 uint64_t start = zfs_rs_get_start(rs, rt);
662 uint64_t size = zfs_rs_get_end(rs, rt) - start;
663
664 mutex_exit(&dn->dn_mtx);
665 dnode_sync_free_range_impl(dn, start, size,
666 freeing_dnode, tx);
667 mutex_enter(&dn->dn_mtx);
668
669 zfs_range_tree_clear(rt, start, size);
670 }
671 zfs_range_tree_destroy(rt);
672 dn->dn_free_ranges[txgoff] = NULL;
673 }
674 mutex_exit(&dn->dn_mtx);
675 }
676
677 /*
678 * Write out the dnode's dirty buffers.
679 * Does not wait for zio completions.
680 */
681 void
dnode_sync(dnode_t * dn,dmu_tx_t * tx)682 dnode_sync(dnode_t *dn, dmu_tx_t *tx)
683 {
684 objset_t *os = dn->dn_objset;
685 dnode_phys_t *dnp = dn->dn_phys;
686 int txgoff = tx->tx_txg & TXG_MASK;
687 list_t *list = &dn->dn_dirty_records[txgoff];
688 static const dnode_phys_t zerodn __maybe_unused = { 0 };
689 boolean_t kill_spill = B_FALSE;
690
691 ASSERT(dmu_tx_is_syncing(tx));
692 ASSERT(dnp->dn_type != DMU_OT_NONE || dn->dn_allocated_txg);
693 ASSERT(dnp->dn_type != DMU_OT_NONE ||
694 memcmp(dnp, &zerodn, DNODE_MIN_SIZE) == 0);
695 DNODE_VERIFY(dn);
696
697 ASSERT(dn->dn_dbuf == NULL || arc_released(dn->dn_dbuf->db_buf));
698
699 /*
700 * Do user accounting if it is enabled and this is not
701 * an encrypted receive.
702 */
703 if (dmu_objset_userused_enabled(os) &&
704 !DMU_OBJECT_IS_SPECIAL(dn->dn_object) &&
705 (!os->os_encrypted || !dmu_objset_is_receiving(os))) {
706 mutex_enter(&dn->dn_mtx);
707 dn->dn_oldused = DN_USED_BYTES(dn->dn_phys);
708 dn->dn_oldflags = dn->dn_phys->dn_flags;
709 dn->dn_phys->dn_flags |= DNODE_FLAG_USERUSED_ACCOUNTED;
710 if (dmu_objset_userobjused_enabled(dn->dn_objset))
711 dn->dn_phys->dn_flags |=
712 DNODE_FLAG_USEROBJUSED_ACCOUNTED;
713 mutex_exit(&dn->dn_mtx);
714 dmu_objset_userquota_get_ids(dn, B_FALSE, tx);
715 } else if (!(os->os_encrypted && dmu_objset_is_receiving(os))) {
716 /*
717 * Once we account for it, we should always account for it,
718 * except for the case of a raw receive. We will not be able
719 * to account for it until the receiving dataset has been
720 * mounted.
721 */
722 ASSERT(!(dn->dn_phys->dn_flags &
723 DNODE_FLAG_USERUSED_ACCOUNTED));
724 ASSERT(!(dn->dn_phys->dn_flags &
725 DNODE_FLAG_USEROBJUSED_ACCOUNTED));
726 }
727
728 mutex_enter(&dn->dn_mtx);
729 if (dn->dn_allocated_txg == tx->tx_txg) {
730 /* The dnode is newly allocated or reallocated */
731 if (dnp->dn_type == DMU_OT_NONE) {
732 /* this is a first alloc, not a realloc */
733 dnp->dn_nlevels = 1;
734 dnp->dn_nblkptr = dn->dn_nblkptr;
735 }
736
737 dnp->dn_type = dn->dn_type;
738 dnp->dn_bonustype = dn->dn_bonustype;
739 dnp->dn_bonuslen = dn->dn_bonuslen;
740 }
741
742 dnp->dn_extra_slots = dn->dn_num_slots - 1;
743
744 ASSERT(dnp->dn_nlevels > 1 ||
745 BP_IS_HOLE(&dnp->dn_blkptr[0]) ||
746 BP_IS_EMBEDDED(&dnp->dn_blkptr[0]) ||
747 BP_GET_LSIZE(&dnp->dn_blkptr[0]) ==
748 dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT);
749 ASSERT(dnp->dn_nlevels < 2 ||
750 BP_IS_HOLE(&dnp->dn_blkptr[0]) ||
751 BP_GET_LSIZE(&dnp->dn_blkptr[0]) == 1 << dnp->dn_indblkshift);
752
753 if (dn->dn_next_type[txgoff] != 0) {
754 dnp->dn_type = dn->dn_type;
755 dn->dn_next_type[txgoff] = 0;
756 }
757
758 if (dn->dn_next_blksz[txgoff] != 0) {
759 ASSERT(P2PHASE(dn->dn_next_blksz[txgoff],
760 SPA_MINBLOCKSIZE) == 0);
761 ASSERT(BP_IS_HOLE(&dnp->dn_blkptr[0]) ||
762 dn->dn_maxblkid == 0 || list_head(list) != NULL ||
763 dn->dn_next_blksz[txgoff] >> SPA_MINBLOCKSHIFT ==
764 dnp->dn_datablkszsec ||
765 !zfs_range_tree_is_empty(dn->dn_free_ranges[txgoff]));
766 dnp->dn_datablkszsec =
767 dn->dn_next_blksz[txgoff] >> SPA_MINBLOCKSHIFT;
768 dn->dn_next_blksz[txgoff] = 0;
769 }
770
771 if (dn->dn_next_bonuslen[txgoff] != 0) {
772 if (dn->dn_next_bonuslen[txgoff] == DN_ZERO_BONUSLEN)
773 dnp->dn_bonuslen = 0;
774 else
775 dnp->dn_bonuslen = dn->dn_next_bonuslen[txgoff];
776 ASSERT(dnp->dn_bonuslen <=
777 DN_SLOTS_TO_BONUSLEN(dnp->dn_extra_slots + 1));
778 dn->dn_next_bonuslen[txgoff] = 0;
779 }
780
781 if (dn->dn_next_bonustype[txgoff] != 0) {
782 ASSERT(DMU_OT_IS_VALID(dn->dn_next_bonustype[txgoff]));
783 dnp->dn_bonustype = dn->dn_next_bonustype[txgoff];
784 dn->dn_next_bonustype[txgoff] = 0;
785 }
786
787 boolean_t freeing_dnode = dn->dn_free_txg > 0 &&
788 dn->dn_free_txg <= tx->tx_txg;
789
790 /*
791 * Remove the spill block if we have been explicitly asked to
792 * remove it, or if the object is being removed.
793 */
794 if (dn->dn_rm_spillblk[txgoff] || freeing_dnode) {
795 if (dnp->dn_flags & DNODE_FLAG_SPILL_BLKPTR)
796 kill_spill = B_TRUE;
797 dn->dn_rm_spillblk[txgoff] = 0;
798 }
799
800 if (dn->dn_next_indblkshift[txgoff] != 0) {
801 ASSERT(dnp->dn_nlevels == 1);
802 dnp->dn_indblkshift = dn->dn_next_indblkshift[txgoff];
803 dn->dn_next_indblkshift[txgoff] = 0;
804 }
805
806 /*
807 * Just take the live (open-context) values for checksum and compress.
808 * Strictly speaking it's a future leak, but nothing bad happens if we
809 * start using the new checksum or compress algorithm a little early.
810 */
811 dnp->dn_checksum = dn->dn_checksum;
812 dnp->dn_compress = dn->dn_compress;
813
814 mutex_exit(&dn->dn_mtx);
815
816 if (kill_spill) {
817 free_blocks(dn, DN_SPILL_BLKPTR(dn->dn_phys), 1, tx);
818 mutex_enter(&dn->dn_mtx);
819 dnp->dn_flags &= ~DNODE_FLAG_SPILL_BLKPTR;
820 mutex_exit(&dn->dn_mtx);
821 }
822
823 /* process all the "freed" ranges in the file */
824 dnode_sync_free_ranges(dn, tx);
825
826 if (freeing_dnode) {
827 dn->dn_objset->os_freed_dnodes++;
828 dnode_sync_free(dn, tx);
829 return;
830 }
831
832 if (dn->dn_num_slots > DNODE_MIN_SLOTS) {
833 dsl_dataset_t *ds = dn->dn_objset->os_dsl_dataset;
834 mutex_enter(&ds->ds_lock);
835 ds->ds_feature_activation[SPA_FEATURE_LARGE_DNODE] =
836 (void *)B_TRUE;
837 mutex_exit(&ds->ds_lock);
838 }
839
840 if (dn->dn_next_nlevels[txgoff]) {
841 dnode_increase_indirection(dn, tx);
842 dn->dn_next_nlevels[txgoff] = 0;
843 }
844
845 /*
846 * This must be done after dnode_sync_free_ranges()
847 * and dnode_increase_indirection(). See dnode_new_blkid()
848 * for an explanation of the high bit being set.
849 */
850 if (dn->dn_next_maxblkid[txgoff]) {
851 mutex_enter(&dn->dn_mtx);
852 dnp->dn_maxblkid =
853 dn->dn_next_maxblkid[txgoff] & ~DMU_NEXT_MAXBLKID_SET;
854 dn->dn_next_maxblkid[txgoff] = 0;
855 mutex_exit(&dn->dn_mtx);
856 }
857
858 if (dn->dn_next_nblkptr[txgoff]) {
859 /* this should only happen on a realloc */
860 ASSERT(dn->dn_allocated_txg == tx->tx_txg);
861 if (dn->dn_next_nblkptr[txgoff] > dnp->dn_nblkptr) {
862 /* zero the new blkptrs we are gaining */
863 memset(dnp->dn_blkptr + dnp->dn_nblkptr, 0,
864 sizeof (blkptr_t) *
865 (dn->dn_next_nblkptr[txgoff] - dnp->dn_nblkptr));
866 #ifdef ZFS_DEBUG
867 } else {
868 int i;
869 ASSERT(dn->dn_next_nblkptr[txgoff] < dnp->dn_nblkptr);
870 /* the blkptrs we are losing better be unallocated */
871 for (i = 0; i < dnp->dn_nblkptr; i++) {
872 if (i >= dn->dn_next_nblkptr[txgoff])
873 ASSERT(BP_IS_HOLE(&dnp->dn_blkptr[i]));
874 }
875 #endif
876 }
877 mutex_enter(&dn->dn_mtx);
878 dnp->dn_nblkptr = dn->dn_next_nblkptr[txgoff];
879 dn->dn_next_nblkptr[txgoff] = 0;
880 mutex_exit(&dn->dn_mtx);
881 }
882
883 dbuf_sync_list(list, dn->dn_phys->dn_nlevels - 1, tx);
884
885 if (!DMU_OBJECT_IS_SPECIAL(dn->dn_object)) {
886 ASSERT0P(list_head(list));
887 dnode_rele(dn, (void *)(uintptr_t)tx->tx_txg);
888 }
889
890 ASSERT3U(dnp->dn_bonuslen, <=, DN_MAX_BONUS_LEN(dnp));
891
892 /*
893 * Although we have dropped our reference to the dnode, it
894 * can't be evicted until its written, and we haven't yet
895 * initiated the IO for the dnode's dbuf. Additionally, the caller
896 * has already added a reference to the dnode because it's on the
897 * os_synced_dnodes list.
898 */
899 }
900