1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 24 * Copyright (c) 2011, 2018 by Delphix. All rights reserved. 25 * Copyright (c) 2014, Joyent, Inc. All rights reserved. 26 * Copyright 2014 HybridCluster. All rights reserved. 27 * Copyright 2016 RackTop Systems. 28 * Copyright (c) 2016 Actifio, Inc. All rights reserved. 29 * Copyright (c) 2019, Klara Inc. 30 * Copyright (c) 2019, Allan Jude 31 */ 32 33 #include <sys/dmu.h> 34 #include <sys/dmu_impl.h> 35 #include <sys/dmu_tx.h> 36 #include <sys/dbuf.h> 37 #include <sys/dnode.h> 38 #include <sys/zfs_context.h> 39 #include <sys/dmu_objset.h> 40 #include <sys/dmu_traverse.h> 41 #include <sys/dsl_dataset.h> 42 #include <sys/dsl_dir.h> 43 #include <sys/dsl_prop.h> 44 #include <sys/dsl_pool.h> 45 #include <sys/dsl_synctask.h> 46 #include <sys/spa_impl.h> 47 #include <sys/zfs_ioctl.h> 48 #include <sys/zap.h> 49 #include <sys/zio_checksum.h> 50 #include <sys/zfs_znode.h> 51 #include <zfs_fletcher.h> 52 #include <sys/avl.h> 53 #include <sys/ddt.h> 54 #include <sys/zfs_onexit.h> 55 #include <sys/dmu_send.h> 56 #include <sys/dmu_recv.h> 57 #include <sys/dsl_destroy.h> 58 #include <sys/blkptr.h> 59 #include <sys/dsl_bookmark.h> 60 #include <sys/zfeature.h> 61 #include <sys/bqueue.h> 62 #include <sys/zvol.h> 63 #include <sys/policy.h> 64 #include <sys/objlist.h> 65 #ifdef _KERNEL 66 #include <sys/zfs_vfsops.h> 67 #endif 68 69 /* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */ 70 int zfs_send_corrupt_data = B_FALSE; 71 /* 72 * This tunable controls the amount of data (measured in bytes) that will be 73 * prefetched by zfs send. If the main thread is blocking on reads that haven't 74 * completed, this variable might need to be increased. If instead the main 75 * thread is issuing new reads because the prefetches have fallen out of the 76 * cache, this may need to be decreased. 77 */ 78 int zfs_send_queue_length = SPA_MAXBLOCKSIZE; 79 /* 80 * This tunable controls the length of the queues that zfs send worker threads 81 * use to communicate. If the send_main_thread is blocking on these queues, 82 * this variable may need to be increased. If there is a significant slowdown 83 * at the start of a send as these threads consume all the available IO 84 * resources, this variable may need to be decreased. 85 */ 86 int zfs_send_no_prefetch_queue_length = 1024 * 1024; 87 /* 88 * These tunables control the fill fraction of the queues by zfs send. The fill 89 * fraction controls the frequency with which threads have to be cv_signaled. 90 * If a lot of cpu time is being spent on cv_signal, then these should be tuned 91 * down. If the queues empty before the signalled thread can catch up, then 92 * these should be tuned up. 93 */ 94 int zfs_send_queue_ff = 20; 95 int zfs_send_no_prefetch_queue_ff = 20; 96 97 /* 98 * Use this to override the recordsize calculation for fast zfs send estimates. 99 */ 100 int zfs_override_estimate_recordsize = 0; 101 102 /* Set this tunable to FALSE to disable setting of DRR_FLAG_FREERECORDS */ 103 int zfs_send_set_freerecords_bit = B_TRUE; 104 105 /* Set this tunable to FALSE is disable sending unmodified spill blocks. */ 106 int zfs_send_unmodified_spill_blocks = B_TRUE; 107 108 static inline boolean_t 109 overflow_multiply(uint64_t a, uint64_t b, uint64_t *c) 110 { 111 uint64_t temp = a * b; 112 if (b != 0 && temp / b != a) 113 return (B_FALSE); 114 *c = temp; 115 return (B_TRUE); 116 } 117 118 struct send_thread_arg { 119 bqueue_t q; 120 objset_t *os; /* Objset to traverse */ 121 uint64_t fromtxg; /* Traverse from this txg */ 122 int flags; /* flags to pass to traverse_dataset */ 123 int error_code; 124 boolean_t cancel; 125 zbookmark_phys_t resume; 126 uint64_t *num_blocks_visited; 127 }; 128 129 struct redact_list_thread_arg { 130 boolean_t cancel; 131 bqueue_t q; 132 zbookmark_phys_t resume; 133 redaction_list_t *rl; 134 boolean_t mark_redact; 135 int error_code; 136 uint64_t *num_blocks_visited; 137 }; 138 139 struct send_merge_thread_arg { 140 bqueue_t q; 141 objset_t *os; 142 struct redact_list_thread_arg *from_arg; 143 struct send_thread_arg *to_arg; 144 struct redact_list_thread_arg *redact_arg; 145 int error; 146 boolean_t cancel; 147 }; 148 149 struct send_range { 150 boolean_t eos_marker; /* Marks the end of the stream */ 151 uint64_t object; 152 uint64_t start_blkid; 153 uint64_t end_blkid; 154 bqueue_node_t ln; 155 enum type {DATA, HOLE, OBJECT, OBJECT_RANGE, REDACT, 156 PREVIOUSLY_REDACTED} type; 157 union { 158 struct srd { 159 dmu_object_type_t obj_type; 160 uint32_t datablksz; // logical size 161 uint32_t datasz; // payload size 162 blkptr_t bp; 163 arc_buf_t *abuf; 164 abd_t *abd; 165 kmutex_t lock; 166 kcondvar_t cv; 167 boolean_t io_outstanding; 168 int io_err; 169 } data; 170 struct srh { 171 uint32_t datablksz; 172 } hole; 173 struct sro { 174 /* 175 * This is a pointer because embedding it in the 176 * struct causes these structures to be massively larger 177 * for all range types; this makes the code much less 178 * memory efficient. 179 */ 180 dnode_phys_t *dnp; 181 blkptr_t bp; 182 } object; 183 struct srr { 184 uint32_t datablksz; 185 } redact; 186 struct sror { 187 blkptr_t bp; 188 } object_range; 189 } sru; 190 }; 191 192 /* 193 * The list of data whose inclusion in a send stream can be pending from 194 * one call to backup_cb to another. Multiple calls to dump_free(), 195 * dump_freeobjects(), and dump_redact() can be aggregated into a single 196 * DRR_FREE, DRR_FREEOBJECTS, or DRR_REDACT replay record. 197 */ 198 typedef enum { 199 PENDING_NONE, 200 PENDING_FREE, 201 PENDING_FREEOBJECTS, 202 PENDING_REDACT 203 } dmu_pendop_t; 204 205 typedef struct dmu_send_cookie { 206 dmu_replay_record_t *dsc_drr; 207 dmu_send_outparams_t *dsc_dso; 208 offset_t *dsc_off; 209 objset_t *dsc_os; 210 zio_cksum_t dsc_zc; 211 uint64_t dsc_toguid; 212 uint64_t dsc_fromtxg; 213 int dsc_err; 214 dmu_pendop_t dsc_pending_op; 215 uint64_t dsc_featureflags; 216 uint64_t dsc_last_data_object; 217 uint64_t dsc_last_data_offset; 218 uint64_t dsc_resume_object; 219 uint64_t dsc_resume_offset; 220 boolean_t dsc_sent_begin; 221 boolean_t dsc_sent_end; 222 } dmu_send_cookie_t; 223 224 static int do_dump(dmu_send_cookie_t *dscp, struct send_range *range); 225 226 static void 227 range_free(struct send_range *range) 228 { 229 if (range->type == OBJECT) { 230 size_t size = sizeof (dnode_phys_t) * 231 (range->sru.object.dnp->dn_extra_slots + 1); 232 kmem_free(range->sru.object.dnp, size); 233 } else if (range->type == DATA) { 234 mutex_enter(&range->sru.data.lock); 235 while (range->sru.data.io_outstanding) 236 cv_wait(&range->sru.data.cv, &range->sru.data.lock); 237 if (range->sru.data.abd != NULL) 238 abd_free(range->sru.data.abd); 239 if (range->sru.data.abuf != NULL) { 240 arc_buf_destroy(range->sru.data.abuf, 241 &range->sru.data.abuf); 242 } 243 mutex_exit(&range->sru.data.lock); 244 245 cv_destroy(&range->sru.data.cv); 246 mutex_destroy(&range->sru.data.lock); 247 } 248 kmem_free(range, sizeof (*range)); 249 } 250 251 /* 252 * For all record types except BEGIN, fill in the checksum (overlaid in 253 * drr_u.drr_checksum.drr_checksum). The checksum verifies everything 254 * up to the start of the checksum itself. 255 */ 256 static int 257 dump_record(dmu_send_cookie_t *dscp, void *payload, int payload_len) 258 { 259 dmu_send_outparams_t *dso = dscp->dsc_dso; 260 ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), 261 ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t)); 262 (void) fletcher_4_incremental_native(dscp->dsc_drr, 263 offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), 264 &dscp->dsc_zc); 265 if (dscp->dsc_drr->drr_type == DRR_BEGIN) { 266 dscp->dsc_sent_begin = B_TRUE; 267 } else { 268 ASSERT(ZIO_CHECKSUM_IS_ZERO(&dscp->dsc_drr->drr_u. 269 drr_checksum.drr_checksum)); 270 dscp->dsc_drr->drr_u.drr_checksum.drr_checksum = dscp->dsc_zc; 271 } 272 if (dscp->dsc_drr->drr_type == DRR_END) { 273 dscp->dsc_sent_end = B_TRUE; 274 } 275 (void) fletcher_4_incremental_native(&dscp->dsc_drr-> 276 drr_u.drr_checksum.drr_checksum, 277 sizeof (zio_cksum_t), &dscp->dsc_zc); 278 *dscp->dsc_off += sizeof (dmu_replay_record_t); 279 dscp->dsc_err = dso->dso_outfunc(dscp->dsc_os, dscp->dsc_drr, 280 sizeof (dmu_replay_record_t), dso->dso_arg); 281 if (dscp->dsc_err != 0) 282 return (SET_ERROR(EINTR)); 283 if (payload_len != 0) { 284 *dscp->dsc_off += payload_len; 285 /* 286 * payload is null when dso_dryrun == B_TRUE (i.e. when we're 287 * doing a send size calculation) 288 */ 289 if (payload != NULL) { 290 (void) fletcher_4_incremental_native( 291 payload, payload_len, &dscp->dsc_zc); 292 } 293 294 /* 295 * The code does not rely on this (len being a multiple of 8). 296 * We keep this assertion because of the corresponding assertion 297 * in receive_read(). Keeping this assertion ensures that we do 298 * not inadvertently break backwards compatibility (causing the 299 * assertion in receive_read() to trigger on old software). 300 * 301 * Raw sends cannot be received on old software, and so can 302 * bypass this assertion. 303 */ 304 305 ASSERT((payload_len % 8 == 0) || 306 (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)); 307 308 dscp->dsc_err = dso->dso_outfunc(dscp->dsc_os, payload, 309 payload_len, dso->dso_arg); 310 if (dscp->dsc_err != 0) 311 return (SET_ERROR(EINTR)); 312 } 313 return (0); 314 } 315 316 /* 317 * Fill in the drr_free struct, or perform aggregation if the previous record is 318 * also a free record, and the two are adjacent. 319 * 320 * Note that we send free records even for a full send, because we want to be 321 * able to receive a full send as a clone, which requires a list of all the free 322 * and freeobject records that were generated on the source. 323 */ 324 static int 325 dump_free(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, 326 uint64_t length) 327 { 328 struct drr_free *drrf = &(dscp->dsc_drr->drr_u.drr_free); 329 330 /* 331 * When we receive a free record, dbuf_free_range() assumes 332 * that the receiving system doesn't have any dbufs in the range 333 * being freed. This is always true because there is a one-record 334 * constraint: we only send one WRITE record for any given 335 * object,offset. We know that the one-record constraint is 336 * true because we always send data in increasing order by 337 * object,offset. 338 * 339 * If the increasing-order constraint ever changes, we should find 340 * another way to assert that the one-record constraint is still 341 * satisfied. 342 */ 343 ASSERT(object > dscp->dsc_last_data_object || 344 (object == dscp->dsc_last_data_object && 345 offset > dscp->dsc_last_data_offset)); 346 347 /* 348 * If there is a pending op, but it's not PENDING_FREE, push it out, 349 * since free block aggregation can only be done for blocks of the 350 * same type (i.e., DRR_FREE records can only be aggregated with 351 * other DRR_FREE records. DRR_FREEOBJECTS records can only be 352 * aggregated with other DRR_FREEOBJECTS records). 353 */ 354 if (dscp->dsc_pending_op != PENDING_NONE && 355 dscp->dsc_pending_op != PENDING_FREE) { 356 if (dump_record(dscp, NULL, 0) != 0) 357 return (SET_ERROR(EINTR)); 358 dscp->dsc_pending_op = PENDING_NONE; 359 } 360 361 if (dscp->dsc_pending_op == PENDING_FREE) { 362 /* 363 * Check to see whether this free block can be aggregated 364 * with pending one. 365 */ 366 if (drrf->drr_object == object && drrf->drr_offset + 367 drrf->drr_length == offset) { 368 if (offset + length < offset || length == UINT64_MAX) 369 drrf->drr_length = UINT64_MAX; 370 else 371 drrf->drr_length += length; 372 return (0); 373 } else { 374 /* not a continuation. Push out pending record */ 375 if (dump_record(dscp, NULL, 0) != 0) 376 return (SET_ERROR(EINTR)); 377 dscp->dsc_pending_op = PENDING_NONE; 378 } 379 } 380 /* create a FREE record and make it pending */ 381 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 382 dscp->dsc_drr->drr_type = DRR_FREE; 383 drrf->drr_object = object; 384 drrf->drr_offset = offset; 385 if (offset + length < offset) 386 drrf->drr_length = DMU_OBJECT_END; 387 else 388 drrf->drr_length = length; 389 drrf->drr_toguid = dscp->dsc_toguid; 390 if (length == DMU_OBJECT_END) { 391 if (dump_record(dscp, NULL, 0) != 0) 392 return (SET_ERROR(EINTR)); 393 } else { 394 dscp->dsc_pending_op = PENDING_FREE; 395 } 396 397 return (0); 398 } 399 400 /* 401 * Fill in the drr_redact struct, or perform aggregation if the previous record 402 * is also a redaction record, and the two are adjacent. 403 */ 404 static int 405 dump_redact(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, 406 uint64_t length) 407 { 408 struct drr_redact *drrr = &dscp->dsc_drr->drr_u.drr_redact; 409 410 /* 411 * If there is a pending op, but it's not PENDING_REDACT, push it out, 412 * since free block aggregation can only be done for blocks of the 413 * same type (i.e., DRR_REDACT records can only be aggregated with 414 * other DRR_REDACT records). 415 */ 416 if (dscp->dsc_pending_op != PENDING_NONE && 417 dscp->dsc_pending_op != PENDING_REDACT) { 418 if (dump_record(dscp, NULL, 0) != 0) 419 return (SET_ERROR(EINTR)); 420 dscp->dsc_pending_op = PENDING_NONE; 421 } 422 423 if (dscp->dsc_pending_op == PENDING_REDACT) { 424 /* 425 * Check to see whether this redacted block can be aggregated 426 * with pending one. 427 */ 428 if (drrr->drr_object == object && drrr->drr_offset + 429 drrr->drr_length == offset) { 430 drrr->drr_length += length; 431 return (0); 432 } else { 433 /* not a continuation. Push out pending record */ 434 if (dump_record(dscp, NULL, 0) != 0) 435 return (SET_ERROR(EINTR)); 436 dscp->dsc_pending_op = PENDING_NONE; 437 } 438 } 439 /* create a REDACT record and make it pending */ 440 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 441 dscp->dsc_drr->drr_type = DRR_REDACT; 442 drrr->drr_object = object; 443 drrr->drr_offset = offset; 444 drrr->drr_length = length; 445 drrr->drr_toguid = dscp->dsc_toguid; 446 dscp->dsc_pending_op = PENDING_REDACT; 447 448 return (0); 449 } 450 451 static int 452 dmu_dump_write(dmu_send_cookie_t *dscp, dmu_object_type_t type, uint64_t object, 453 uint64_t offset, int lsize, int psize, const blkptr_t *bp, void *data) 454 { 455 uint64_t payload_size; 456 boolean_t raw = (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW); 457 struct drr_write *drrw = &(dscp->dsc_drr->drr_u.drr_write); 458 459 /* 460 * We send data in increasing object, offset order. 461 * See comment in dump_free() for details. 462 */ 463 ASSERT(object > dscp->dsc_last_data_object || 464 (object == dscp->dsc_last_data_object && 465 offset > dscp->dsc_last_data_offset)); 466 dscp->dsc_last_data_object = object; 467 dscp->dsc_last_data_offset = offset + lsize - 1; 468 469 /* 470 * If there is any kind of pending aggregation (currently either 471 * a grouping of free objects or free blocks), push it out to 472 * the stream, since aggregation can't be done across operations 473 * of different types. 474 */ 475 if (dscp->dsc_pending_op != PENDING_NONE) { 476 if (dump_record(dscp, NULL, 0) != 0) 477 return (SET_ERROR(EINTR)); 478 dscp->dsc_pending_op = PENDING_NONE; 479 } 480 /* write a WRITE record */ 481 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 482 dscp->dsc_drr->drr_type = DRR_WRITE; 483 drrw->drr_object = object; 484 drrw->drr_type = type; 485 drrw->drr_offset = offset; 486 drrw->drr_toguid = dscp->dsc_toguid; 487 drrw->drr_logical_size = lsize; 488 489 /* only set the compression fields if the buf is compressed or raw */ 490 if (raw || lsize != psize) { 491 ASSERT(raw || dscp->dsc_featureflags & 492 DMU_BACKUP_FEATURE_COMPRESSED); 493 ASSERT(!BP_IS_EMBEDDED(bp)); 494 ASSERT3S(psize, >, 0); 495 496 if (raw) { 497 ASSERT(BP_IS_PROTECTED(bp)); 498 499 /* 500 * This is a raw protected block so we need to pass 501 * along everything the receiving side will need to 502 * interpret this block, including the byteswap, salt, 503 * IV, and MAC. 504 */ 505 if (BP_SHOULD_BYTESWAP(bp)) 506 drrw->drr_flags |= DRR_RAW_BYTESWAP; 507 zio_crypt_decode_params_bp(bp, drrw->drr_salt, 508 drrw->drr_iv); 509 zio_crypt_decode_mac_bp(bp, drrw->drr_mac); 510 } else { 511 /* this is a compressed block */ 512 ASSERT(dscp->dsc_featureflags & 513 DMU_BACKUP_FEATURE_COMPRESSED); 514 ASSERT(!BP_SHOULD_BYTESWAP(bp)); 515 ASSERT(!DMU_OT_IS_METADATA(BP_GET_TYPE(bp))); 516 ASSERT3U(BP_GET_COMPRESS(bp), !=, ZIO_COMPRESS_OFF); 517 ASSERT3S(lsize, >=, psize); 518 } 519 520 /* set fields common to compressed and raw sends */ 521 drrw->drr_compressiontype = BP_GET_COMPRESS(bp); 522 drrw->drr_compressed_size = psize; 523 payload_size = drrw->drr_compressed_size; 524 } else { 525 payload_size = drrw->drr_logical_size; 526 } 527 528 if (bp == NULL || BP_IS_EMBEDDED(bp) || (BP_IS_PROTECTED(bp) && !raw)) { 529 /* 530 * There's no pre-computed checksum for partial-block writes, 531 * embedded BP's, or encrypted BP's that are being sent as 532 * plaintext, so (like fletcher4-checksummed blocks) userland 533 * will have to compute a dedup-capable checksum itself. 534 */ 535 drrw->drr_checksumtype = ZIO_CHECKSUM_OFF; 536 } else { 537 drrw->drr_checksumtype = BP_GET_CHECKSUM(bp); 538 if (zio_checksum_table[drrw->drr_checksumtype].ci_flags & 539 ZCHECKSUM_FLAG_DEDUP) 540 drrw->drr_flags |= DRR_CHECKSUM_DEDUP; 541 DDK_SET_LSIZE(&drrw->drr_key, BP_GET_LSIZE(bp)); 542 DDK_SET_PSIZE(&drrw->drr_key, BP_GET_PSIZE(bp)); 543 DDK_SET_COMPRESS(&drrw->drr_key, BP_GET_COMPRESS(bp)); 544 DDK_SET_CRYPT(&drrw->drr_key, BP_IS_PROTECTED(bp)); 545 drrw->drr_key.ddk_cksum = bp->blk_cksum; 546 } 547 548 if (dump_record(dscp, data, payload_size) != 0) 549 return (SET_ERROR(EINTR)); 550 return (0); 551 } 552 553 static int 554 dump_write_embedded(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, 555 int blksz, const blkptr_t *bp) 556 { 557 char buf[BPE_PAYLOAD_SIZE]; 558 struct drr_write_embedded *drrw = 559 &(dscp->dsc_drr->drr_u.drr_write_embedded); 560 561 if (dscp->dsc_pending_op != PENDING_NONE) { 562 if (dump_record(dscp, NULL, 0) != 0) 563 return (SET_ERROR(EINTR)); 564 dscp->dsc_pending_op = PENDING_NONE; 565 } 566 567 ASSERT(BP_IS_EMBEDDED(bp)); 568 569 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 570 dscp->dsc_drr->drr_type = DRR_WRITE_EMBEDDED; 571 drrw->drr_object = object; 572 drrw->drr_offset = offset; 573 drrw->drr_length = blksz; 574 drrw->drr_toguid = dscp->dsc_toguid; 575 drrw->drr_compression = BP_GET_COMPRESS(bp); 576 drrw->drr_etype = BPE_GET_ETYPE(bp); 577 drrw->drr_lsize = BPE_GET_LSIZE(bp); 578 drrw->drr_psize = BPE_GET_PSIZE(bp); 579 580 decode_embedded_bp_compressed(bp, buf); 581 582 if (dump_record(dscp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0) 583 return (SET_ERROR(EINTR)); 584 return (0); 585 } 586 587 static int 588 dump_spill(dmu_send_cookie_t *dscp, const blkptr_t *bp, uint64_t object, 589 void *data) 590 { 591 struct drr_spill *drrs = &(dscp->dsc_drr->drr_u.drr_spill); 592 uint64_t blksz = BP_GET_LSIZE(bp); 593 uint64_t payload_size = blksz; 594 595 if (dscp->dsc_pending_op != PENDING_NONE) { 596 if (dump_record(dscp, NULL, 0) != 0) 597 return (SET_ERROR(EINTR)); 598 dscp->dsc_pending_op = PENDING_NONE; 599 } 600 601 /* write a SPILL record */ 602 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 603 dscp->dsc_drr->drr_type = DRR_SPILL; 604 drrs->drr_object = object; 605 drrs->drr_length = blksz; 606 drrs->drr_toguid = dscp->dsc_toguid; 607 608 /* See comment in dump_dnode() for full details */ 609 if (zfs_send_unmodified_spill_blocks && 610 (bp->blk_birth <= dscp->dsc_fromtxg)) { 611 drrs->drr_flags |= DRR_SPILL_UNMODIFIED; 612 } 613 614 /* handle raw send fields */ 615 if (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW) { 616 ASSERT(BP_IS_PROTECTED(bp)); 617 618 if (BP_SHOULD_BYTESWAP(bp)) 619 drrs->drr_flags |= DRR_RAW_BYTESWAP; 620 drrs->drr_compressiontype = BP_GET_COMPRESS(bp); 621 drrs->drr_compressed_size = BP_GET_PSIZE(bp); 622 zio_crypt_decode_params_bp(bp, drrs->drr_salt, drrs->drr_iv); 623 zio_crypt_decode_mac_bp(bp, drrs->drr_mac); 624 payload_size = drrs->drr_compressed_size; 625 } 626 627 if (dump_record(dscp, data, payload_size) != 0) 628 return (SET_ERROR(EINTR)); 629 return (0); 630 } 631 632 static int 633 dump_freeobjects(dmu_send_cookie_t *dscp, uint64_t firstobj, uint64_t numobjs) 634 { 635 struct drr_freeobjects *drrfo = &(dscp->dsc_drr->drr_u.drr_freeobjects); 636 uint64_t maxobj = DNODES_PER_BLOCK * 637 (DMU_META_DNODE(dscp->dsc_os)->dn_maxblkid + 1); 638 639 /* 640 * ZoL < 0.7 does not handle large FREEOBJECTS records correctly, 641 * leading to zfs recv never completing. to avoid this issue, don't 642 * send FREEOBJECTS records for object IDs which cannot exist on the 643 * receiving side. 644 */ 645 if (maxobj > 0) { 646 if (maxobj < firstobj) 647 return (0); 648 649 if (maxobj < firstobj + numobjs) 650 numobjs = maxobj - firstobj; 651 } 652 653 /* 654 * If there is a pending op, but it's not PENDING_FREEOBJECTS, 655 * push it out, since free block aggregation can only be done for 656 * blocks of the same type (i.e., DRR_FREE records can only be 657 * aggregated with other DRR_FREE records. DRR_FREEOBJECTS records 658 * can only be aggregated with other DRR_FREEOBJECTS records). 659 */ 660 if (dscp->dsc_pending_op != PENDING_NONE && 661 dscp->dsc_pending_op != PENDING_FREEOBJECTS) { 662 if (dump_record(dscp, NULL, 0) != 0) 663 return (SET_ERROR(EINTR)); 664 dscp->dsc_pending_op = PENDING_NONE; 665 } 666 if (numobjs == 0) 667 numobjs = UINT64_MAX - firstobj; 668 669 if (dscp->dsc_pending_op == PENDING_FREEOBJECTS) { 670 /* 671 * See whether this free object array can be aggregated 672 * with pending one 673 */ 674 if (drrfo->drr_firstobj + drrfo->drr_numobjs == firstobj) { 675 drrfo->drr_numobjs += numobjs; 676 return (0); 677 } else { 678 /* can't be aggregated. Push out pending record */ 679 if (dump_record(dscp, NULL, 0) != 0) 680 return (SET_ERROR(EINTR)); 681 dscp->dsc_pending_op = PENDING_NONE; 682 } 683 } 684 685 /* write a FREEOBJECTS record */ 686 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 687 dscp->dsc_drr->drr_type = DRR_FREEOBJECTS; 688 drrfo->drr_firstobj = firstobj; 689 drrfo->drr_numobjs = numobjs; 690 drrfo->drr_toguid = dscp->dsc_toguid; 691 692 dscp->dsc_pending_op = PENDING_FREEOBJECTS; 693 694 return (0); 695 } 696 697 static int 698 dump_dnode(dmu_send_cookie_t *dscp, const blkptr_t *bp, uint64_t object, 699 dnode_phys_t *dnp) 700 { 701 struct drr_object *drro = &(dscp->dsc_drr->drr_u.drr_object); 702 int bonuslen; 703 704 if (object < dscp->dsc_resume_object) { 705 /* 706 * Note: when resuming, we will visit all the dnodes in 707 * the block of dnodes that we are resuming from. In 708 * this case it's unnecessary to send the dnodes prior to 709 * the one we are resuming from. We should be at most one 710 * block's worth of dnodes behind the resume point. 711 */ 712 ASSERT3U(dscp->dsc_resume_object - object, <, 713 1 << (DNODE_BLOCK_SHIFT - DNODE_SHIFT)); 714 return (0); 715 } 716 717 if (dnp == NULL || dnp->dn_type == DMU_OT_NONE) 718 return (dump_freeobjects(dscp, object, 1)); 719 720 if (dscp->dsc_pending_op != PENDING_NONE) { 721 if (dump_record(dscp, NULL, 0) != 0) 722 return (SET_ERROR(EINTR)); 723 dscp->dsc_pending_op = PENDING_NONE; 724 } 725 726 /* write an OBJECT record */ 727 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 728 dscp->dsc_drr->drr_type = DRR_OBJECT; 729 drro->drr_object = object; 730 drro->drr_type = dnp->dn_type; 731 drro->drr_bonustype = dnp->dn_bonustype; 732 drro->drr_blksz = dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT; 733 drro->drr_bonuslen = dnp->dn_bonuslen; 734 drro->drr_dn_slots = dnp->dn_extra_slots + 1; 735 drro->drr_checksumtype = dnp->dn_checksum; 736 drro->drr_compress = dnp->dn_compress; 737 drro->drr_toguid = dscp->dsc_toguid; 738 739 if (!(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS) && 740 drro->drr_blksz > SPA_OLD_MAXBLOCKSIZE) 741 drro->drr_blksz = SPA_OLD_MAXBLOCKSIZE; 742 743 bonuslen = P2ROUNDUP(dnp->dn_bonuslen, 8); 744 745 if ((dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)) { 746 ASSERT(BP_IS_ENCRYPTED(bp)); 747 748 if (BP_SHOULD_BYTESWAP(bp)) 749 drro->drr_flags |= DRR_RAW_BYTESWAP; 750 751 /* needed for reconstructing dnp on recv side */ 752 drro->drr_maxblkid = dnp->dn_maxblkid; 753 drro->drr_indblkshift = dnp->dn_indblkshift; 754 drro->drr_nlevels = dnp->dn_nlevels; 755 drro->drr_nblkptr = dnp->dn_nblkptr; 756 757 /* 758 * Since we encrypt the entire bonus area, the (raw) part 759 * beyond the bonuslen is actually nonzero, so we need 760 * to send it. 761 */ 762 if (bonuslen != 0) { 763 drro->drr_raw_bonuslen = DN_MAX_BONUS_LEN(dnp); 764 bonuslen = drro->drr_raw_bonuslen; 765 } 766 } 767 768 /* 769 * DRR_OBJECT_SPILL is set for every dnode which references a 770 * spill block. This allows the receiving pool to definitively 771 * determine when a spill block should be kept or freed. 772 */ 773 if (dnp->dn_flags & DNODE_FLAG_SPILL_BLKPTR) 774 drro->drr_flags |= DRR_OBJECT_SPILL; 775 776 if (dump_record(dscp, DN_BONUS(dnp), bonuslen) != 0) 777 return (SET_ERROR(EINTR)); 778 779 /* Free anything past the end of the file. */ 780 if (dump_free(dscp, object, (dnp->dn_maxblkid + 1) * 781 (dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT), DMU_OBJECT_END) != 0) 782 return (SET_ERROR(EINTR)); 783 784 /* 785 * Send DRR_SPILL records for unmodified spill blocks. This is useful 786 * because changing certain attributes of the object (e.g. blocksize) 787 * can cause old versions of ZFS to incorrectly remove a spill block. 788 * Including these records in the stream forces an up to date version 789 * to always be written ensuring they're never lost. Current versions 790 * of the code which understand the DRR_FLAG_SPILL_BLOCK feature can 791 * ignore these unmodified spill blocks. 792 */ 793 if (zfs_send_unmodified_spill_blocks && 794 (dnp->dn_flags & DNODE_FLAG_SPILL_BLKPTR) && 795 (DN_SPILL_BLKPTR(dnp)->blk_birth <= dscp->dsc_fromtxg)) { 796 struct send_range record; 797 blkptr_t *bp = DN_SPILL_BLKPTR(dnp); 798 799 bzero(&record, sizeof (struct send_range)); 800 record.type = DATA; 801 record.object = object; 802 record.eos_marker = B_FALSE; 803 record.start_blkid = DMU_SPILL_BLKID; 804 record.end_blkid = record.start_blkid + 1; 805 record.sru.data.bp = *bp; 806 record.sru.data.obj_type = dnp->dn_type; 807 record.sru.data.datablksz = BP_GET_LSIZE(bp); 808 809 if (do_dump(dscp, &record) != 0) 810 return (SET_ERROR(EINTR)); 811 } 812 813 if (dscp->dsc_err != 0) 814 return (SET_ERROR(EINTR)); 815 816 return (0); 817 } 818 819 static int 820 dump_object_range(dmu_send_cookie_t *dscp, const blkptr_t *bp, 821 uint64_t firstobj, uint64_t numslots) 822 { 823 struct drr_object_range *drror = 824 &(dscp->dsc_drr->drr_u.drr_object_range); 825 826 /* we only use this record type for raw sends */ 827 ASSERT(BP_IS_PROTECTED(bp)); 828 ASSERT(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW); 829 ASSERT3U(BP_GET_COMPRESS(bp), ==, ZIO_COMPRESS_OFF); 830 ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_DNODE); 831 ASSERT0(BP_GET_LEVEL(bp)); 832 833 if (dscp->dsc_pending_op != PENDING_NONE) { 834 if (dump_record(dscp, NULL, 0) != 0) 835 return (SET_ERROR(EINTR)); 836 dscp->dsc_pending_op = PENDING_NONE; 837 } 838 839 bzero(dscp->dsc_drr, sizeof (dmu_replay_record_t)); 840 dscp->dsc_drr->drr_type = DRR_OBJECT_RANGE; 841 drror->drr_firstobj = firstobj; 842 drror->drr_numslots = numslots; 843 drror->drr_toguid = dscp->dsc_toguid; 844 if (BP_SHOULD_BYTESWAP(bp)) 845 drror->drr_flags |= DRR_RAW_BYTESWAP; 846 zio_crypt_decode_params_bp(bp, drror->drr_salt, drror->drr_iv); 847 zio_crypt_decode_mac_bp(bp, drror->drr_mac); 848 849 if (dump_record(dscp, NULL, 0) != 0) 850 return (SET_ERROR(EINTR)); 851 return (0); 852 } 853 854 static boolean_t 855 send_do_embed(const blkptr_t *bp, uint64_t featureflags) 856 { 857 if (!BP_IS_EMBEDDED(bp)) 858 return (B_FALSE); 859 860 /* 861 * Compression function must be legacy, or explicitly enabled. 862 */ 863 if ((BP_GET_COMPRESS(bp) >= ZIO_COMPRESS_LEGACY_FUNCTIONS && 864 !(featureflags & DMU_BACKUP_FEATURE_LZ4))) 865 return (B_FALSE); 866 867 /* 868 * If we have not set the ZSTD feature flag, we can't send ZSTD 869 * compressed embedded blocks, as the receiver may not support them. 870 */ 871 if ((BP_GET_COMPRESS(bp) == ZIO_COMPRESS_ZSTD && 872 !(featureflags & DMU_BACKUP_FEATURE_ZSTD))) 873 return (B_FALSE); 874 875 /* 876 * Embed type must be explicitly enabled. 877 */ 878 switch (BPE_GET_ETYPE(bp)) { 879 case BP_EMBEDDED_TYPE_DATA: 880 if (featureflags & DMU_BACKUP_FEATURE_EMBED_DATA) 881 return (B_TRUE); 882 break; 883 default: 884 return (B_FALSE); 885 } 886 return (B_FALSE); 887 } 888 889 /* 890 * This function actually handles figuring out what kind of record needs to be 891 * dumped, and calling the appropriate helper function. In most cases, 892 * the data has already been read by send_reader_thread(). 893 */ 894 static int 895 do_dump(dmu_send_cookie_t *dscp, struct send_range *range) 896 { 897 int err = 0; 898 switch (range->type) { 899 case OBJECT: 900 err = dump_dnode(dscp, &range->sru.object.bp, range->object, 901 range->sru.object.dnp); 902 return (err); 903 case OBJECT_RANGE: { 904 ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); 905 if (!(dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW)) { 906 return (0); 907 } 908 uint64_t epb = BP_GET_LSIZE(&range->sru.object_range.bp) >> 909 DNODE_SHIFT; 910 uint64_t firstobj = range->start_blkid * epb; 911 err = dump_object_range(dscp, &range->sru.object_range.bp, 912 firstobj, epb); 913 break; 914 } 915 case REDACT: { 916 struct srr *srrp = &range->sru.redact; 917 err = dump_redact(dscp, range->object, range->start_blkid * 918 srrp->datablksz, (range->end_blkid - range->start_blkid) * 919 srrp->datablksz); 920 return (err); 921 } 922 case DATA: { 923 struct srd *srdp = &range->sru.data; 924 blkptr_t *bp = &srdp->bp; 925 spa_t *spa = 926 dmu_objset_spa(dscp->dsc_os); 927 928 ASSERT3U(srdp->datablksz, ==, BP_GET_LSIZE(bp)); 929 ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); 930 if (BP_GET_TYPE(bp) == DMU_OT_SA) { 931 arc_flags_t aflags = ARC_FLAG_WAIT; 932 enum zio_flag zioflags = ZIO_FLAG_CANFAIL; 933 934 if (dscp->dsc_featureflags & DMU_BACKUP_FEATURE_RAW) { 935 ASSERT(BP_IS_PROTECTED(bp)); 936 zioflags |= ZIO_FLAG_RAW; 937 } 938 939 zbookmark_phys_t zb; 940 ASSERT3U(range->start_blkid, ==, DMU_SPILL_BLKID); 941 zb.zb_objset = dmu_objset_id(dscp->dsc_os); 942 zb.zb_object = range->object; 943 zb.zb_level = 0; 944 zb.zb_blkid = range->start_blkid; 945 946 arc_buf_t *abuf = NULL; 947 if (!dscp->dsc_dso->dso_dryrun && arc_read(NULL, spa, 948 bp, arc_getbuf_func, &abuf, ZIO_PRIORITY_ASYNC_READ, 949 zioflags, &aflags, &zb) != 0) 950 return (SET_ERROR(EIO)); 951 952 err = dump_spill(dscp, bp, zb.zb_object, 953 (abuf == NULL ? NULL : abuf->b_data)); 954 if (abuf != NULL) 955 arc_buf_destroy(abuf, &abuf); 956 return (err); 957 } 958 if (send_do_embed(bp, dscp->dsc_featureflags)) { 959 err = dump_write_embedded(dscp, range->object, 960 range->start_blkid * srdp->datablksz, 961 srdp->datablksz, bp); 962 return (err); 963 } 964 ASSERT(range->object > dscp->dsc_resume_object || 965 (range->object == dscp->dsc_resume_object && 966 range->start_blkid * srdp->datablksz >= 967 dscp->dsc_resume_offset)); 968 /* it's a level-0 block of a regular object */ 969 970 mutex_enter(&srdp->lock); 971 while (srdp->io_outstanding) 972 cv_wait(&srdp->cv, &srdp->lock); 973 err = srdp->io_err; 974 mutex_exit(&srdp->lock); 975 976 if (err != 0) { 977 if (zfs_send_corrupt_data && 978 !dscp->dsc_dso->dso_dryrun) { 979 /* 980 * Send a block filled with 0x"zfs badd bloc" 981 */ 982 srdp->abuf = arc_alloc_buf(spa, &srdp->abuf, 983 ARC_BUFC_DATA, srdp->datablksz); 984 uint64_t *ptr; 985 for (ptr = srdp->abuf->b_data; 986 (char *)ptr < (char *)srdp->abuf->b_data + 987 srdp->datablksz; ptr++) 988 *ptr = 0x2f5baddb10cULL; 989 } else { 990 return (SET_ERROR(EIO)); 991 } 992 } 993 994 ASSERT(dscp->dsc_dso->dso_dryrun || 995 srdp->abuf != NULL || srdp->abd != NULL); 996 997 uint64_t offset = range->start_blkid * srdp->datablksz; 998 999 char *data = NULL; 1000 if (srdp->abd != NULL) { 1001 data = abd_to_buf(srdp->abd); 1002 ASSERT3P(srdp->abuf, ==, NULL); 1003 } else if (srdp->abuf != NULL) { 1004 data = srdp->abuf->b_data; 1005 } 1006 1007 /* 1008 * If we have large blocks stored on disk but the send flags 1009 * don't allow us to send large blocks, we split the data from 1010 * the arc buf into chunks. 1011 */ 1012 if (srdp->datablksz > SPA_OLD_MAXBLOCKSIZE && 1013 !(dscp->dsc_featureflags & 1014 DMU_BACKUP_FEATURE_LARGE_BLOCKS)) { 1015 while (srdp->datablksz > 0 && err == 0) { 1016 int n = MIN(srdp->datablksz, 1017 SPA_OLD_MAXBLOCKSIZE); 1018 err = dmu_dump_write(dscp, srdp->obj_type, 1019 range->object, offset, n, n, NULL, data); 1020 offset += n; 1021 /* 1022 * When doing dry run, data==NULL is used as a 1023 * sentinel value by 1024 * dmu_dump_write()->dump_record(). 1025 */ 1026 if (data != NULL) 1027 data += n; 1028 srdp->datablksz -= n; 1029 } 1030 } else { 1031 err = dmu_dump_write(dscp, srdp->obj_type, 1032 range->object, offset, 1033 srdp->datablksz, srdp->datasz, bp, data); 1034 } 1035 return (err); 1036 } 1037 case HOLE: { 1038 struct srh *srhp = &range->sru.hole; 1039 if (range->object == DMU_META_DNODE_OBJECT) { 1040 uint32_t span = srhp->datablksz >> DNODE_SHIFT; 1041 uint64_t first_obj = range->start_blkid * span; 1042 uint64_t numobj = range->end_blkid * span - first_obj; 1043 return (dump_freeobjects(dscp, first_obj, numobj)); 1044 } 1045 uint64_t offset = 0; 1046 1047 /* 1048 * If this multiply overflows, we don't need to send this block. 1049 * Even if it has a birth time, it can never not be a hole, so 1050 * we don't need to send records for it. 1051 */ 1052 if (!overflow_multiply(range->start_blkid, srhp->datablksz, 1053 &offset)) { 1054 return (0); 1055 } 1056 uint64_t len = 0; 1057 1058 if (!overflow_multiply(range->end_blkid, srhp->datablksz, &len)) 1059 len = UINT64_MAX; 1060 len = len - offset; 1061 return (dump_free(dscp, range->object, offset, len)); 1062 } 1063 default: 1064 panic("Invalid range type in do_dump: %d", range->type); 1065 } 1066 return (err); 1067 } 1068 1069 static struct send_range * 1070 range_alloc(enum type type, uint64_t object, uint64_t start_blkid, 1071 uint64_t end_blkid, boolean_t eos) 1072 { 1073 struct send_range *range = kmem_alloc(sizeof (*range), KM_SLEEP); 1074 range->type = type; 1075 range->object = object; 1076 range->start_blkid = start_blkid; 1077 range->end_blkid = end_blkid; 1078 range->eos_marker = eos; 1079 if (type == DATA) { 1080 range->sru.data.abd = NULL; 1081 range->sru.data.abuf = NULL; 1082 mutex_init(&range->sru.data.lock, NULL, MUTEX_DEFAULT, NULL); 1083 cv_init(&range->sru.data.cv, NULL, CV_DEFAULT, NULL); 1084 range->sru.data.io_outstanding = 0; 1085 range->sru.data.io_err = 0; 1086 } 1087 return (range); 1088 } 1089 1090 /* 1091 * This is the callback function to traverse_dataset that acts as a worker 1092 * thread for dmu_send_impl. 1093 */ 1094 /*ARGSUSED*/ 1095 static int 1096 send_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, 1097 const zbookmark_phys_t *zb, const struct dnode_phys *dnp, void *arg) 1098 { 1099 struct send_thread_arg *sta = arg; 1100 struct send_range *record; 1101 1102 ASSERT(zb->zb_object == DMU_META_DNODE_OBJECT || 1103 zb->zb_object >= sta->resume.zb_object); 1104 1105 /* 1106 * All bps of an encrypted os should have the encryption bit set. 1107 * If this is not true it indicates tampering and we report an error. 1108 */ 1109 if (sta->os->os_encrypted && 1110 !BP_IS_HOLE(bp) && !BP_USES_CRYPT(bp)) { 1111 spa_log_error(spa, zb); 1112 zfs_panic_recover("unencrypted block in encrypted " 1113 "object set %llu", dmu_objset_id(sta->os)); 1114 return (SET_ERROR(EIO)); 1115 } 1116 1117 if (sta->cancel) 1118 return (SET_ERROR(EINTR)); 1119 if (zb->zb_object != DMU_META_DNODE_OBJECT && 1120 DMU_OBJECT_IS_SPECIAL(zb->zb_object)) 1121 return (0); 1122 atomic_inc_64(sta->num_blocks_visited); 1123 1124 if (zb->zb_level == ZB_DNODE_LEVEL) { 1125 if (zb->zb_object == DMU_META_DNODE_OBJECT) 1126 return (0); 1127 record = range_alloc(OBJECT, zb->zb_object, 0, 0, B_FALSE); 1128 record->sru.object.bp = *bp; 1129 size_t size = sizeof (*dnp) * (dnp->dn_extra_slots + 1); 1130 record->sru.object.dnp = kmem_alloc(size, KM_SLEEP); 1131 bcopy(dnp, record->sru.object.dnp, size); 1132 bqueue_enqueue(&sta->q, record, sizeof (*record)); 1133 return (0); 1134 } 1135 if (zb->zb_level == 0 && zb->zb_object == DMU_META_DNODE_OBJECT && 1136 !BP_IS_HOLE(bp)) { 1137 record = range_alloc(OBJECT_RANGE, 0, zb->zb_blkid, 1138 zb->zb_blkid + 1, B_FALSE); 1139 record->sru.object_range.bp = *bp; 1140 bqueue_enqueue(&sta->q, record, sizeof (*record)); 1141 return (0); 1142 } 1143 if (zb->zb_level < 0 || (zb->zb_level > 0 && !BP_IS_HOLE(bp))) 1144 return (0); 1145 if (zb->zb_object == DMU_META_DNODE_OBJECT && !BP_IS_HOLE(bp)) 1146 return (0); 1147 1148 uint64_t span = bp_span_in_blocks(dnp->dn_indblkshift, zb->zb_level); 1149 uint64_t start; 1150 1151 /* 1152 * If this multiply overflows, we don't need to send this block. 1153 * Even if it has a birth time, it can never not be a hole, so 1154 * we don't need to send records for it. 1155 */ 1156 if (!overflow_multiply(span, zb->zb_blkid, &start) || (!(zb->zb_blkid == 1157 DMU_SPILL_BLKID || DMU_OT_IS_METADATA(dnp->dn_type)) && 1158 span * zb->zb_blkid > dnp->dn_maxblkid)) { 1159 ASSERT(BP_IS_HOLE(bp)); 1160 return (0); 1161 } 1162 1163 if (zb->zb_blkid == DMU_SPILL_BLKID) 1164 ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA); 1165 1166 enum type record_type = DATA; 1167 if (BP_IS_HOLE(bp)) 1168 record_type = HOLE; 1169 else if (BP_IS_REDACTED(bp)) 1170 record_type = REDACT; 1171 else 1172 record_type = DATA; 1173 1174 record = range_alloc(record_type, zb->zb_object, start, 1175 (start + span < start ? 0 : start + span), B_FALSE); 1176 1177 uint64_t datablksz = (zb->zb_blkid == DMU_SPILL_BLKID ? 1178 BP_GET_LSIZE(bp) : dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT); 1179 1180 if (BP_IS_HOLE(bp)) { 1181 record->sru.hole.datablksz = datablksz; 1182 } else if (BP_IS_REDACTED(bp)) { 1183 record->sru.redact.datablksz = datablksz; 1184 } else { 1185 record->sru.data.datablksz = datablksz; 1186 record->sru.data.obj_type = dnp->dn_type; 1187 record->sru.data.bp = *bp; 1188 } 1189 1190 bqueue_enqueue(&sta->q, record, sizeof (*record)); 1191 return (0); 1192 } 1193 1194 struct redact_list_cb_arg { 1195 uint64_t *num_blocks_visited; 1196 bqueue_t *q; 1197 boolean_t *cancel; 1198 boolean_t mark_redact; 1199 }; 1200 1201 static int 1202 redact_list_cb(redact_block_phys_t *rb, void *arg) 1203 { 1204 struct redact_list_cb_arg *rlcap = arg; 1205 1206 atomic_inc_64(rlcap->num_blocks_visited); 1207 if (*rlcap->cancel) 1208 return (-1); 1209 1210 struct send_range *data = range_alloc(REDACT, rb->rbp_object, 1211 rb->rbp_blkid, rb->rbp_blkid + redact_block_get_count(rb), B_FALSE); 1212 ASSERT3U(data->end_blkid, >, rb->rbp_blkid); 1213 if (rlcap->mark_redact) { 1214 data->type = REDACT; 1215 data->sru.redact.datablksz = redact_block_get_size(rb); 1216 } else { 1217 data->type = PREVIOUSLY_REDACTED; 1218 } 1219 bqueue_enqueue(rlcap->q, data, sizeof (*data)); 1220 1221 return (0); 1222 } 1223 1224 /* 1225 * This function kicks off the traverse_dataset. It also handles setting the 1226 * error code of the thread in case something goes wrong, and pushes the End of 1227 * Stream record when the traverse_dataset call has finished. 1228 */ 1229 static void 1230 send_traverse_thread(void *arg) 1231 { 1232 struct send_thread_arg *st_arg = arg; 1233 int err = 0; 1234 struct send_range *data; 1235 fstrans_cookie_t cookie = spl_fstrans_mark(); 1236 1237 err = traverse_dataset_resume(st_arg->os->os_dsl_dataset, 1238 st_arg->fromtxg, &st_arg->resume, 1239 st_arg->flags, send_cb, st_arg); 1240 1241 if (err != EINTR) 1242 st_arg->error_code = err; 1243 data = range_alloc(DATA, 0, 0, 0, B_TRUE); 1244 bqueue_enqueue_flush(&st_arg->q, data, sizeof (*data)); 1245 spl_fstrans_unmark(cookie); 1246 thread_exit(); 1247 } 1248 1249 /* 1250 * Utility function that causes End of Stream records to compare after of all 1251 * others, so that other threads' comparison logic can stay simple. 1252 */ 1253 static int __attribute__((unused)) 1254 send_range_after(const struct send_range *from, const struct send_range *to) 1255 { 1256 if (from->eos_marker == B_TRUE) 1257 return (1); 1258 if (to->eos_marker == B_TRUE) 1259 return (-1); 1260 1261 uint64_t from_obj = from->object; 1262 uint64_t from_end_obj = from->object + 1; 1263 uint64_t to_obj = to->object; 1264 uint64_t to_end_obj = to->object + 1; 1265 if (from_obj == 0) { 1266 ASSERT(from->type == HOLE || from->type == OBJECT_RANGE); 1267 from_obj = from->start_blkid << DNODES_PER_BLOCK_SHIFT; 1268 from_end_obj = from->end_blkid << DNODES_PER_BLOCK_SHIFT; 1269 } 1270 if (to_obj == 0) { 1271 ASSERT(to->type == HOLE || to->type == OBJECT_RANGE); 1272 to_obj = to->start_blkid << DNODES_PER_BLOCK_SHIFT; 1273 to_end_obj = to->end_blkid << DNODES_PER_BLOCK_SHIFT; 1274 } 1275 1276 if (from_end_obj <= to_obj) 1277 return (-1); 1278 if (from_obj >= to_end_obj) 1279 return (1); 1280 int64_t cmp = TREE_CMP(to->type == OBJECT_RANGE, from->type == 1281 OBJECT_RANGE); 1282 if (unlikely(cmp)) 1283 return (cmp); 1284 cmp = TREE_CMP(to->type == OBJECT, from->type == OBJECT); 1285 if (unlikely(cmp)) 1286 return (cmp); 1287 if (from->end_blkid <= to->start_blkid) 1288 return (-1); 1289 if (from->start_blkid >= to->end_blkid) 1290 return (1); 1291 return (0); 1292 } 1293 1294 /* 1295 * Pop the new data off the queue, check that the records we receive are in 1296 * the right order, but do not free the old data. This is used so that the 1297 * records can be sent on to the main thread without copying the data. 1298 */ 1299 static struct send_range * 1300 get_next_range_nofree(bqueue_t *bq, struct send_range *prev) 1301 { 1302 struct send_range *next = bqueue_dequeue(bq); 1303 ASSERT3S(send_range_after(prev, next), ==, -1); 1304 return (next); 1305 } 1306 1307 /* 1308 * Pop the new data off the queue, check that the records we receive are in 1309 * the right order, and free the old data. 1310 */ 1311 static struct send_range * 1312 get_next_range(bqueue_t *bq, struct send_range *prev) 1313 { 1314 struct send_range *next = get_next_range_nofree(bq, prev); 1315 range_free(prev); 1316 return (next); 1317 } 1318 1319 static void 1320 redact_list_thread(void *arg) 1321 { 1322 struct redact_list_thread_arg *rlt_arg = arg; 1323 struct send_range *record; 1324 fstrans_cookie_t cookie = spl_fstrans_mark(); 1325 if (rlt_arg->rl != NULL) { 1326 struct redact_list_cb_arg rlcba = {0}; 1327 rlcba.cancel = &rlt_arg->cancel; 1328 rlcba.q = &rlt_arg->q; 1329 rlcba.num_blocks_visited = rlt_arg->num_blocks_visited; 1330 rlcba.mark_redact = rlt_arg->mark_redact; 1331 int err = dsl_redaction_list_traverse(rlt_arg->rl, 1332 &rlt_arg->resume, redact_list_cb, &rlcba); 1333 if (err != EINTR) 1334 rlt_arg->error_code = err; 1335 } 1336 record = range_alloc(DATA, 0, 0, 0, B_TRUE); 1337 bqueue_enqueue_flush(&rlt_arg->q, record, sizeof (*record)); 1338 spl_fstrans_unmark(cookie); 1339 1340 thread_exit(); 1341 } 1342 1343 /* 1344 * Compare the start point of the two provided ranges. End of stream ranges 1345 * compare last, objects compare before any data or hole inside that object and 1346 * multi-object holes that start at the same object. 1347 */ 1348 static int 1349 send_range_start_compare(struct send_range *r1, struct send_range *r2) 1350 { 1351 uint64_t r1_objequiv = r1->object; 1352 uint64_t r1_l0equiv = r1->start_blkid; 1353 uint64_t r2_objequiv = r2->object; 1354 uint64_t r2_l0equiv = r2->start_blkid; 1355 int64_t cmp = TREE_CMP(r1->eos_marker, r2->eos_marker); 1356 if (unlikely(cmp)) 1357 return (cmp); 1358 if (r1->object == 0) { 1359 r1_objequiv = r1->start_blkid * DNODES_PER_BLOCK; 1360 r1_l0equiv = 0; 1361 } 1362 if (r2->object == 0) { 1363 r2_objequiv = r2->start_blkid * DNODES_PER_BLOCK; 1364 r2_l0equiv = 0; 1365 } 1366 1367 cmp = TREE_CMP(r1_objequiv, r2_objequiv); 1368 if (likely(cmp)) 1369 return (cmp); 1370 cmp = TREE_CMP(r2->type == OBJECT_RANGE, r1->type == OBJECT_RANGE); 1371 if (unlikely(cmp)) 1372 return (cmp); 1373 cmp = TREE_CMP(r2->type == OBJECT, r1->type == OBJECT); 1374 if (unlikely(cmp)) 1375 return (cmp); 1376 1377 return (TREE_CMP(r1_l0equiv, r2_l0equiv)); 1378 } 1379 1380 enum q_idx { 1381 REDACT_IDX = 0, 1382 TO_IDX, 1383 FROM_IDX, 1384 NUM_THREADS 1385 }; 1386 1387 /* 1388 * This function returns the next range the send_merge_thread should operate on. 1389 * The inputs are two arrays; the first one stores the range at the front of the 1390 * queues stored in the second one. The ranges are sorted in descending 1391 * priority order; the metadata from earlier ranges overrules metadata from 1392 * later ranges. out_mask is used to return which threads the ranges came from; 1393 * bit i is set if ranges[i] started at the same place as the returned range. 1394 * 1395 * This code is not hardcoded to compare a specific number of threads; it could 1396 * be used with any number, just by changing the q_idx enum. 1397 * 1398 * The "next range" is the one with the earliest start; if two starts are equal, 1399 * the highest-priority range is the next to operate on. If a higher-priority 1400 * range starts in the middle of the first range, then the first range will be 1401 * truncated to end where the higher-priority range starts, and we will operate 1402 * on that one next time. In this way, we make sure that each block covered by 1403 * some range gets covered by a returned range, and each block covered is 1404 * returned using the metadata of the highest-priority range it appears in. 1405 * 1406 * For example, if the three ranges at the front of the queues were [2,4), 1407 * [3,5), and [1,3), then the ranges returned would be [1,2) with the metadata 1408 * from the third range, [2,4) with the metadata from the first range, and then 1409 * [4,5) with the metadata from the second. 1410 */ 1411 static struct send_range * 1412 find_next_range(struct send_range **ranges, bqueue_t **qs, uint64_t *out_mask) 1413 { 1414 int idx = 0; // index of the range with the earliest start 1415 int i; 1416 uint64_t bmask = 0; 1417 for (i = 1; i < NUM_THREADS; i++) { 1418 if (send_range_start_compare(ranges[i], ranges[idx]) < 0) 1419 idx = i; 1420 } 1421 if (ranges[idx]->eos_marker) { 1422 struct send_range *ret = range_alloc(DATA, 0, 0, 0, B_TRUE); 1423 *out_mask = 0; 1424 return (ret); 1425 } 1426 /* 1427 * Find all the ranges that start at that same point. 1428 */ 1429 for (i = 0; i < NUM_THREADS; i++) { 1430 if (send_range_start_compare(ranges[i], ranges[idx]) == 0) 1431 bmask |= 1 << i; 1432 } 1433 *out_mask = bmask; 1434 /* 1435 * OBJECT_RANGE records only come from the TO thread, and should always 1436 * be treated as overlapping with nothing and sent on immediately. They 1437 * are only used in raw sends, and are never redacted. 1438 */ 1439 if (ranges[idx]->type == OBJECT_RANGE) { 1440 ASSERT3U(idx, ==, TO_IDX); 1441 ASSERT3U(*out_mask, ==, 1 << TO_IDX); 1442 struct send_range *ret = ranges[idx]; 1443 ranges[idx] = get_next_range_nofree(qs[idx], ranges[idx]); 1444 return (ret); 1445 } 1446 /* 1447 * Find the first start or end point after the start of the first range. 1448 */ 1449 uint64_t first_change = ranges[idx]->end_blkid; 1450 for (i = 0; i < NUM_THREADS; i++) { 1451 if (i == idx || ranges[i]->eos_marker || 1452 ranges[i]->object > ranges[idx]->object || 1453 ranges[i]->object == DMU_META_DNODE_OBJECT) 1454 continue; 1455 ASSERT3U(ranges[i]->object, ==, ranges[idx]->object); 1456 if (first_change > ranges[i]->start_blkid && 1457 (bmask & (1 << i)) == 0) 1458 first_change = ranges[i]->start_blkid; 1459 else if (first_change > ranges[i]->end_blkid) 1460 first_change = ranges[i]->end_blkid; 1461 } 1462 /* 1463 * Update all ranges to no longer overlap with the range we're 1464 * returning. All such ranges must start at the same place as the range 1465 * being returned, and end at or after first_change. Thus we update 1466 * their start to first_change. If that makes them size 0, then free 1467 * them and pull a new range from that thread. 1468 */ 1469 for (i = 0; i < NUM_THREADS; i++) { 1470 if (i == idx || (bmask & (1 << i)) == 0) 1471 continue; 1472 ASSERT3U(first_change, >, ranges[i]->start_blkid); 1473 ranges[i]->start_blkid = first_change; 1474 ASSERT3U(ranges[i]->start_blkid, <=, ranges[i]->end_blkid); 1475 if (ranges[i]->start_blkid == ranges[i]->end_blkid) 1476 ranges[i] = get_next_range(qs[i], ranges[i]); 1477 } 1478 /* 1479 * Short-circuit the simple case; if the range doesn't overlap with 1480 * anything else, or it only overlaps with things that start at the same 1481 * place and are longer, send it on. 1482 */ 1483 if (first_change == ranges[idx]->end_blkid) { 1484 struct send_range *ret = ranges[idx]; 1485 ranges[idx] = get_next_range_nofree(qs[idx], ranges[idx]); 1486 return (ret); 1487 } 1488 1489 /* 1490 * Otherwise, return a truncated copy of ranges[idx] and move the start 1491 * of ranges[idx] back to first_change. 1492 */ 1493 struct send_range *ret = kmem_alloc(sizeof (*ret), KM_SLEEP); 1494 *ret = *ranges[idx]; 1495 ret->end_blkid = first_change; 1496 ranges[idx]->start_blkid = first_change; 1497 return (ret); 1498 } 1499 1500 #define FROM_AND_REDACT_BITS ((1 << REDACT_IDX) | (1 << FROM_IDX)) 1501 1502 /* 1503 * Merge the results from the from thread and the to thread, and then hand the 1504 * records off to send_prefetch_thread to prefetch them. If this is not a 1505 * send from a redaction bookmark, the from thread will push an end of stream 1506 * record and stop, and we'll just send everything that was changed in the 1507 * to_ds since the ancestor's creation txg. If it is, then since 1508 * traverse_dataset has a canonical order, we can compare each change as 1509 * they're pulled off the queues. That will give us a stream that is 1510 * appropriately sorted, and covers all records. In addition, we pull the 1511 * data from the redact_list_thread and use that to determine which blocks 1512 * should be redacted. 1513 */ 1514 static void 1515 send_merge_thread(void *arg) 1516 { 1517 struct send_merge_thread_arg *smt_arg = arg; 1518 struct send_range *front_ranges[NUM_THREADS]; 1519 bqueue_t *queues[NUM_THREADS]; 1520 int err = 0; 1521 fstrans_cookie_t cookie = spl_fstrans_mark(); 1522 1523 if (smt_arg->redact_arg == NULL) { 1524 front_ranges[REDACT_IDX] = 1525 kmem_zalloc(sizeof (struct send_range), KM_SLEEP); 1526 front_ranges[REDACT_IDX]->eos_marker = B_TRUE; 1527 front_ranges[REDACT_IDX]->type = REDACT; 1528 queues[REDACT_IDX] = NULL; 1529 } else { 1530 front_ranges[REDACT_IDX] = 1531 bqueue_dequeue(&smt_arg->redact_arg->q); 1532 queues[REDACT_IDX] = &smt_arg->redact_arg->q; 1533 } 1534 front_ranges[TO_IDX] = bqueue_dequeue(&smt_arg->to_arg->q); 1535 queues[TO_IDX] = &smt_arg->to_arg->q; 1536 front_ranges[FROM_IDX] = bqueue_dequeue(&smt_arg->from_arg->q); 1537 queues[FROM_IDX] = &smt_arg->from_arg->q; 1538 uint64_t mask = 0; 1539 struct send_range *range; 1540 for (range = find_next_range(front_ranges, queues, &mask); 1541 !range->eos_marker && err == 0 && !smt_arg->cancel; 1542 range = find_next_range(front_ranges, queues, &mask)) { 1543 /* 1544 * If the range in question was in both the from redact bookmark 1545 * and the bookmark we're using to redact, then don't send it. 1546 * It's already redacted on the receiving system, so a redaction 1547 * record would be redundant. 1548 */ 1549 if ((mask & FROM_AND_REDACT_BITS) == FROM_AND_REDACT_BITS) { 1550 ASSERT3U(range->type, ==, REDACT); 1551 range_free(range); 1552 continue; 1553 } 1554 bqueue_enqueue(&smt_arg->q, range, sizeof (*range)); 1555 1556 if (smt_arg->to_arg->error_code != 0) { 1557 err = smt_arg->to_arg->error_code; 1558 } else if (smt_arg->from_arg->error_code != 0) { 1559 err = smt_arg->from_arg->error_code; 1560 } else if (smt_arg->redact_arg != NULL && 1561 smt_arg->redact_arg->error_code != 0) { 1562 err = smt_arg->redact_arg->error_code; 1563 } 1564 } 1565 if (smt_arg->cancel && err == 0) 1566 err = SET_ERROR(EINTR); 1567 smt_arg->error = err; 1568 if (smt_arg->error != 0) { 1569 smt_arg->to_arg->cancel = B_TRUE; 1570 smt_arg->from_arg->cancel = B_TRUE; 1571 if (smt_arg->redact_arg != NULL) 1572 smt_arg->redact_arg->cancel = B_TRUE; 1573 } 1574 for (int i = 0; i < NUM_THREADS; i++) { 1575 while (!front_ranges[i]->eos_marker) { 1576 front_ranges[i] = get_next_range(queues[i], 1577 front_ranges[i]); 1578 } 1579 range_free(front_ranges[i]); 1580 } 1581 if (range == NULL) 1582 range = kmem_zalloc(sizeof (*range), KM_SLEEP); 1583 range->eos_marker = B_TRUE; 1584 bqueue_enqueue_flush(&smt_arg->q, range, 1); 1585 spl_fstrans_unmark(cookie); 1586 thread_exit(); 1587 } 1588 1589 struct send_reader_thread_arg { 1590 struct send_merge_thread_arg *smta; 1591 bqueue_t q; 1592 boolean_t cancel; 1593 boolean_t issue_reads; 1594 uint64_t featureflags; 1595 int error; 1596 }; 1597 1598 static void 1599 dmu_send_read_done(zio_t *zio) 1600 { 1601 struct send_range *range = zio->io_private; 1602 1603 mutex_enter(&range->sru.data.lock); 1604 if (zio->io_error != 0) { 1605 abd_free(range->sru.data.abd); 1606 range->sru.data.abd = NULL; 1607 range->sru.data.io_err = zio->io_error; 1608 } 1609 1610 ASSERT(range->sru.data.io_outstanding); 1611 range->sru.data.io_outstanding = B_FALSE; 1612 cv_broadcast(&range->sru.data.cv); 1613 mutex_exit(&range->sru.data.lock); 1614 } 1615 1616 static void 1617 issue_data_read(struct send_reader_thread_arg *srta, struct send_range *range) 1618 { 1619 struct srd *srdp = &range->sru.data; 1620 blkptr_t *bp = &srdp->bp; 1621 objset_t *os = srta->smta->os; 1622 1623 ASSERT3U(range->type, ==, DATA); 1624 ASSERT3U(range->start_blkid + 1, ==, range->end_blkid); 1625 /* 1626 * If we have large blocks stored on disk but 1627 * the send flags don't allow us to send large 1628 * blocks, we split the data from the arc buf 1629 * into chunks. 1630 */ 1631 boolean_t split_large_blocks = 1632 srdp->datablksz > SPA_OLD_MAXBLOCKSIZE && 1633 !(srta->featureflags & DMU_BACKUP_FEATURE_LARGE_BLOCKS); 1634 /* 1635 * We should only request compressed data from the ARC if all 1636 * the following are true: 1637 * - stream compression was requested 1638 * - we aren't splitting large blocks into smaller chunks 1639 * - the data won't need to be byteswapped before sending 1640 * - this isn't an embedded block 1641 * - this isn't metadata (if receiving on a different endian 1642 * system it can be byteswapped more easily) 1643 */ 1644 boolean_t request_compressed = 1645 (srta->featureflags & DMU_BACKUP_FEATURE_COMPRESSED) && 1646 !split_large_blocks && !BP_SHOULD_BYTESWAP(bp) && 1647 !BP_IS_EMBEDDED(bp) && !DMU_OT_IS_METADATA(BP_GET_TYPE(bp)); 1648 1649 enum zio_flag zioflags = ZIO_FLAG_CANFAIL; 1650 1651 if (srta->featureflags & DMU_BACKUP_FEATURE_RAW) 1652 zioflags |= ZIO_FLAG_RAW; 1653 else if (request_compressed) 1654 zioflags |= ZIO_FLAG_RAW_COMPRESS; 1655 1656 srdp->datasz = (zioflags & ZIO_FLAG_RAW_COMPRESS) ? 1657 BP_GET_PSIZE(bp) : BP_GET_LSIZE(bp); 1658 1659 if (!srta->issue_reads) 1660 return; 1661 if (BP_IS_REDACTED(bp)) 1662 return; 1663 if (send_do_embed(bp, srta->featureflags)) 1664 return; 1665 1666 zbookmark_phys_t zb = { 1667 .zb_objset = dmu_objset_id(os), 1668 .zb_object = range->object, 1669 .zb_level = 0, 1670 .zb_blkid = range->start_blkid, 1671 }; 1672 1673 arc_flags_t aflags = ARC_FLAG_CACHED_ONLY; 1674 1675 int arc_err = arc_read(NULL, os->os_spa, bp, 1676 arc_getbuf_func, &srdp->abuf, ZIO_PRIORITY_ASYNC_READ, 1677 zioflags, &aflags, &zb); 1678 /* 1679 * If the data is not already cached in the ARC, we read directly 1680 * from zio. This avoids the performance overhead of adding a new 1681 * entry to the ARC, and we also avoid polluting the ARC cache with 1682 * data that is not likely to be used in the future. 1683 */ 1684 if (arc_err != 0) { 1685 srdp->abd = abd_alloc_linear(srdp->datasz, B_FALSE); 1686 srdp->io_outstanding = B_TRUE; 1687 zio_nowait(zio_read(NULL, os->os_spa, bp, srdp->abd, 1688 srdp->datasz, dmu_send_read_done, range, 1689 ZIO_PRIORITY_ASYNC_READ, zioflags, &zb)); 1690 } 1691 } 1692 1693 /* 1694 * Create a new record with the given values. 1695 */ 1696 static void 1697 enqueue_range(struct send_reader_thread_arg *srta, bqueue_t *q, dnode_t *dn, 1698 uint64_t blkid, uint64_t count, const blkptr_t *bp, uint32_t datablksz) 1699 { 1700 enum type range_type = (bp == NULL || BP_IS_HOLE(bp) ? HOLE : 1701 (BP_IS_REDACTED(bp) ? REDACT : DATA)); 1702 1703 struct send_range *range = range_alloc(range_type, dn->dn_object, 1704 blkid, blkid + count, B_FALSE); 1705 1706 if (blkid == DMU_SPILL_BLKID) 1707 ASSERT3U(BP_GET_TYPE(bp), ==, DMU_OT_SA); 1708 1709 switch (range_type) { 1710 case HOLE: 1711 range->sru.hole.datablksz = datablksz; 1712 break; 1713 case DATA: 1714 ASSERT3U(count, ==, 1); 1715 range->sru.data.datablksz = datablksz; 1716 range->sru.data.obj_type = dn->dn_type; 1717 range->sru.data.bp = *bp; 1718 issue_data_read(srta, range); 1719 break; 1720 case REDACT: 1721 range->sru.redact.datablksz = datablksz; 1722 break; 1723 default: 1724 break; 1725 } 1726 bqueue_enqueue(q, range, datablksz); 1727 } 1728 1729 /* 1730 * This thread is responsible for two things: First, it retrieves the correct 1731 * blkptr in the to ds if we need to send the data because of something from 1732 * the from thread. As a result of this, we're the first ones to discover that 1733 * some indirect blocks can be discarded because they're not holes. Second, 1734 * it issues prefetches for the data we need to send. 1735 */ 1736 static void 1737 send_reader_thread(void *arg) 1738 { 1739 struct send_reader_thread_arg *srta = arg; 1740 struct send_merge_thread_arg *smta = srta->smta; 1741 bqueue_t *inq = &smta->q; 1742 bqueue_t *outq = &srta->q; 1743 objset_t *os = smta->os; 1744 fstrans_cookie_t cookie = spl_fstrans_mark(); 1745 struct send_range *range = bqueue_dequeue(inq); 1746 int err = 0; 1747 1748 /* 1749 * If the record we're analyzing is from a redaction bookmark from the 1750 * fromds, then we need to know whether or not it exists in the tods so 1751 * we know whether to create records for it or not. If it does, we need 1752 * the datablksz so we can generate an appropriate record for it. 1753 * Finally, if it isn't redacted, we need the blkptr so that we can send 1754 * a WRITE record containing the actual data. 1755 */ 1756 uint64_t last_obj = UINT64_MAX; 1757 uint64_t last_obj_exists = B_TRUE; 1758 while (!range->eos_marker && !srta->cancel && smta->error == 0 && 1759 err == 0) { 1760 switch (range->type) { 1761 case DATA: 1762 issue_data_read(srta, range); 1763 bqueue_enqueue(outq, range, range->sru.data.datablksz); 1764 range = get_next_range_nofree(inq, range); 1765 break; 1766 case HOLE: 1767 case OBJECT: 1768 case OBJECT_RANGE: 1769 case REDACT: // Redacted blocks must exist 1770 bqueue_enqueue(outq, range, sizeof (*range)); 1771 range = get_next_range_nofree(inq, range); 1772 break; 1773 case PREVIOUSLY_REDACTED: { 1774 /* 1775 * This entry came from the "from bookmark" when 1776 * sending from a bookmark that has a redaction 1777 * list. We need to check if this object/blkid 1778 * exists in the target ("to") dataset, and if 1779 * not then we drop this entry. We also need 1780 * to fill in the block pointer so that we know 1781 * what to prefetch. 1782 * 1783 * To accomplish the above, we first cache whether or 1784 * not the last object we examined exists. If it 1785 * doesn't, we can drop this record. If it does, we hold 1786 * the dnode and use it to call dbuf_dnode_findbp. We do 1787 * this instead of dbuf_bookmark_findbp because we will 1788 * often operate on large ranges, and holding the dnode 1789 * once is more efficient. 1790 */ 1791 boolean_t object_exists = B_TRUE; 1792 /* 1793 * If the data is redacted, we only care if it exists, 1794 * so that we don't send records for objects that have 1795 * been deleted. 1796 */ 1797 dnode_t *dn; 1798 if (range->object == last_obj && !last_obj_exists) { 1799 /* 1800 * If we're still examining the same object as 1801 * previously, and it doesn't exist, we don't 1802 * need to call dbuf_bookmark_findbp. 1803 */ 1804 object_exists = B_FALSE; 1805 } else { 1806 err = dnode_hold(os, range->object, FTAG, &dn); 1807 if (err == ENOENT) { 1808 object_exists = B_FALSE; 1809 err = 0; 1810 } 1811 last_obj = range->object; 1812 last_obj_exists = object_exists; 1813 } 1814 1815 if (err != 0) { 1816 break; 1817 } else if (!object_exists) { 1818 /* 1819 * The block was modified, but doesn't 1820 * exist in the to dataset; if it was 1821 * deleted in the to dataset, then we'll 1822 * visit the hole bp for it at some point. 1823 */ 1824 range = get_next_range(inq, range); 1825 continue; 1826 } 1827 uint64_t file_max = 1828 (dn->dn_maxblkid < range->end_blkid ? 1829 dn->dn_maxblkid : range->end_blkid); 1830 /* 1831 * The object exists, so we need to try to find the 1832 * blkptr for each block in the range we're processing. 1833 */ 1834 rw_enter(&dn->dn_struct_rwlock, RW_READER); 1835 for (uint64_t blkid = range->start_blkid; 1836 blkid < file_max; blkid++) { 1837 blkptr_t bp; 1838 uint32_t datablksz = 1839 dn->dn_phys->dn_datablkszsec << 1840 SPA_MINBLOCKSHIFT; 1841 uint64_t offset = blkid * datablksz; 1842 /* 1843 * This call finds the next non-hole block in 1844 * the object. This is to prevent a 1845 * performance problem where we're unredacting 1846 * a large hole. Using dnode_next_offset to 1847 * skip over the large hole avoids iterating 1848 * over every block in it. 1849 */ 1850 err = dnode_next_offset(dn, DNODE_FIND_HAVELOCK, 1851 &offset, 1, 1, 0); 1852 if (err == ESRCH) { 1853 offset = UINT64_MAX; 1854 err = 0; 1855 } else if (err != 0) { 1856 break; 1857 } 1858 if (offset != blkid * datablksz) { 1859 /* 1860 * if there is a hole from here 1861 * (blkid) to offset 1862 */ 1863 offset = MIN(offset, file_max * 1864 datablksz); 1865 uint64_t nblks = (offset / datablksz) - 1866 blkid; 1867 enqueue_range(srta, outq, dn, blkid, 1868 nblks, NULL, datablksz); 1869 blkid += nblks; 1870 } 1871 if (blkid >= file_max) 1872 break; 1873 err = dbuf_dnode_findbp(dn, 0, blkid, &bp, 1874 NULL, NULL); 1875 if (err != 0) 1876 break; 1877 ASSERT(!BP_IS_HOLE(&bp)); 1878 enqueue_range(srta, outq, dn, blkid, 1, &bp, 1879 datablksz); 1880 } 1881 rw_exit(&dn->dn_struct_rwlock); 1882 dnode_rele(dn, FTAG); 1883 range = get_next_range(inq, range); 1884 } 1885 } 1886 } 1887 if (srta->cancel || err != 0) { 1888 smta->cancel = B_TRUE; 1889 srta->error = err; 1890 } else if (smta->error != 0) { 1891 srta->error = smta->error; 1892 } 1893 while (!range->eos_marker) 1894 range = get_next_range(inq, range); 1895 1896 bqueue_enqueue_flush(outq, range, 1); 1897 spl_fstrans_unmark(cookie); 1898 thread_exit(); 1899 } 1900 1901 #define NUM_SNAPS_NOT_REDACTED UINT64_MAX 1902 1903 struct dmu_send_params { 1904 /* Pool args */ 1905 void *tag; // Tag that dp was held with, will be used to release dp. 1906 dsl_pool_t *dp; 1907 /* To snapshot args */ 1908 const char *tosnap; 1909 dsl_dataset_t *to_ds; 1910 /* From snapshot args */ 1911 zfs_bookmark_phys_t ancestor_zb; 1912 uint64_t *fromredactsnaps; 1913 /* NUM_SNAPS_NOT_REDACTED if not sending from redaction bookmark */ 1914 uint64_t numfromredactsnaps; 1915 /* Stream params */ 1916 boolean_t is_clone; 1917 boolean_t embedok; 1918 boolean_t large_block_ok; 1919 boolean_t compressok; 1920 boolean_t rawok; 1921 boolean_t savedok; 1922 uint64_t resumeobj; 1923 uint64_t resumeoff; 1924 uint64_t saved_guid; 1925 zfs_bookmark_phys_t *redactbook; 1926 /* Stream output params */ 1927 dmu_send_outparams_t *dso; 1928 1929 /* Stream progress params */ 1930 offset_t *off; 1931 int outfd; 1932 char saved_toname[MAXNAMELEN]; 1933 }; 1934 1935 static int 1936 setup_featureflags(struct dmu_send_params *dspp, objset_t *os, 1937 uint64_t *featureflags) 1938 { 1939 dsl_dataset_t *to_ds = dspp->to_ds; 1940 dsl_pool_t *dp = dspp->dp; 1941 #ifdef _KERNEL 1942 if (dmu_objset_type(os) == DMU_OST_ZFS) { 1943 uint64_t version; 1944 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &version) != 0) 1945 return (SET_ERROR(EINVAL)); 1946 1947 if (version >= ZPL_VERSION_SA) 1948 *featureflags |= DMU_BACKUP_FEATURE_SA_SPILL; 1949 } 1950 #endif 1951 1952 /* raw sends imply large_block_ok */ 1953 if ((dspp->rawok || dspp->large_block_ok) && 1954 dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_BLOCKS)) { 1955 *featureflags |= DMU_BACKUP_FEATURE_LARGE_BLOCKS; 1956 } 1957 1958 /* encrypted datasets will not have embedded blocks */ 1959 if ((dspp->embedok || dspp->rawok) && !os->os_encrypted && 1960 spa_feature_is_active(dp->dp_spa, SPA_FEATURE_EMBEDDED_DATA)) { 1961 *featureflags |= DMU_BACKUP_FEATURE_EMBED_DATA; 1962 } 1963 1964 /* raw send implies compressok */ 1965 if (dspp->compressok || dspp->rawok) 1966 *featureflags |= DMU_BACKUP_FEATURE_COMPRESSED; 1967 1968 if (dspp->rawok && os->os_encrypted) 1969 *featureflags |= DMU_BACKUP_FEATURE_RAW; 1970 1971 if ((*featureflags & 1972 (DMU_BACKUP_FEATURE_EMBED_DATA | DMU_BACKUP_FEATURE_COMPRESSED | 1973 DMU_BACKUP_FEATURE_RAW)) != 0 && 1974 spa_feature_is_active(dp->dp_spa, SPA_FEATURE_LZ4_COMPRESS)) { 1975 *featureflags |= DMU_BACKUP_FEATURE_LZ4; 1976 } 1977 1978 /* 1979 * We specifically do not include DMU_BACKUP_FEATURE_EMBED_DATA here to 1980 * allow sending ZSTD compressed datasets to a receiver that does not 1981 * support ZSTD 1982 */ 1983 if ((*featureflags & 1984 (DMU_BACKUP_FEATURE_COMPRESSED | DMU_BACKUP_FEATURE_RAW)) != 0 && 1985 dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_ZSTD_COMPRESS)) { 1986 *featureflags |= DMU_BACKUP_FEATURE_ZSTD; 1987 } 1988 1989 if (dspp->resumeobj != 0 || dspp->resumeoff != 0) { 1990 *featureflags |= DMU_BACKUP_FEATURE_RESUMING; 1991 } 1992 1993 if (dspp->redactbook != NULL) { 1994 *featureflags |= DMU_BACKUP_FEATURE_REDACTED; 1995 } 1996 1997 if (dsl_dataset_feature_is_active(to_ds, SPA_FEATURE_LARGE_DNODE)) { 1998 *featureflags |= DMU_BACKUP_FEATURE_LARGE_DNODE; 1999 } 2000 return (0); 2001 } 2002 2003 static dmu_replay_record_t * 2004 create_begin_record(struct dmu_send_params *dspp, objset_t *os, 2005 uint64_t featureflags) 2006 { 2007 dmu_replay_record_t *drr = kmem_zalloc(sizeof (dmu_replay_record_t), 2008 KM_SLEEP); 2009 drr->drr_type = DRR_BEGIN; 2010 2011 struct drr_begin *drrb = &drr->drr_u.drr_begin; 2012 dsl_dataset_t *to_ds = dspp->to_ds; 2013 2014 drrb->drr_magic = DMU_BACKUP_MAGIC; 2015 drrb->drr_creation_time = dsl_dataset_phys(to_ds)->ds_creation_time; 2016 drrb->drr_type = dmu_objset_type(os); 2017 drrb->drr_toguid = dsl_dataset_phys(to_ds)->ds_guid; 2018 drrb->drr_fromguid = dspp->ancestor_zb.zbm_guid; 2019 2020 DMU_SET_STREAM_HDRTYPE(drrb->drr_versioninfo, DMU_SUBSTREAM); 2021 DMU_SET_FEATUREFLAGS(drrb->drr_versioninfo, featureflags); 2022 2023 if (dspp->is_clone) 2024 drrb->drr_flags |= DRR_FLAG_CLONE; 2025 if (dsl_dataset_phys(dspp->to_ds)->ds_flags & DS_FLAG_CI_DATASET) 2026 drrb->drr_flags |= DRR_FLAG_CI_DATA; 2027 if (zfs_send_set_freerecords_bit) 2028 drrb->drr_flags |= DRR_FLAG_FREERECORDS; 2029 drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_SPILL_BLOCK; 2030 2031 if (dspp->savedok) { 2032 drrb->drr_toguid = dspp->saved_guid; 2033 strlcpy(drrb->drr_toname, dspp->saved_toname, 2034 sizeof (drrb->drr_toname)); 2035 } else { 2036 dsl_dataset_name(to_ds, drrb->drr_toname); 2037 if (!to_ds->ds_is_snapshot) { 2038 (void) strlcat(drrb->drr_toname, "@--head--", 2039 sizeof (drrb->drr_toname)); 2040 } 2041 } 2042 return (drr); 2043 } 2044 2045 static void 2046 setup_to_thread(struct send_thread_arg *to_arg, objset_t *to_os, 2047 dmu_sendstatus_t *dssp, uint64_t fromtxg, boolean_t rawok) 2048 { 2049 VERIFY0(bqueue_init(&to_arg->q, zfs_send_no_prefetch_queue_ff, 2050 MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), 2051 offsetof(struct send_range, ln))); 2052 to_arg->error_code = 0; 2053 to_arg->cancel = B_FALSE; 2054 to_arg->os = to_os; 2055 to_arg->fromtxg = fromtxg; 2056 to_arg->flags = TRAVERSE_PRE | TRAVERSE_PREFETCH_METADATA; 2057 if (rawok) 2058 to_arg->flags |= TRAVERSE_NO_DECRYPT; 2059 to_arg->num_blocks_visited = &dssp->dss_blocks; 2060 (void) thread_create(NULL, 0, send_traverse_thread, to_arg, 0, 2061 curproc, TS_RUN, minclsyspri); 2062 } 2063 2064 static void 2065 setup_from_thread(struct redact_list_thread_arg *from_arg, 2066 redaction_list_t *from_rl, dmu_sendstatus_t *dssp) 2067 { 2068 VERIFY0(bqueue_init(&from_arg->q, zfs_send_no_prefetch_queue_ff, 2069 MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), 2070 offsetof(struct send_range, ln))); 2071 from_arg->error_code = 0; 2072 from_arg->cancel = B_FALSE; 2073 from_arg->rl = from_rl; 2074 from_arg->mark_redact = B_FALSE; 2075 from_arg->num_blocks_visited = &dssp->dss_blocks; 2076 /* 2077 * If from_ds is null, send_traverse_thread just returns success and 2078 * enqueues an eos marker. 2079 */ 2080 (void) thread_create(NULL, 0, redact_list_thread, from_arg, 0, 2081 curproc, TS_RUN, minclsyspri); 2082 } 2083 2084 static void 2085 setup_redact_list_thread(struct redact_list_thread_arg *rlt_arg, 2086 struct dmu_send_params *dspp, redaction_list_t *rl, dmu_sendstatus_t *dssp) 2087 { 2088 if (dspp->redactbook == NULL) 2089 return; 2090 2091 rlt_arg->cancel = B_FALSE; 2092 VERIFY0(bqueue_init(&rlt_arg->q, zfs_send_no_prefetch_queue_ff, 2093 MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), 2094 offsetof(struct send_range, ln))); 2095 rlt_arg->error_code = 0; 2096 rlt_arg->mark_redact = B_TRUE; 2097 rlt_arg->rl = rl; 2098 rlt_arg->num_blocks_visited = &dssp->dss_blocks; 2099 2100 (void) thread_create(NULL, 0, redact_list_thread, rlt_arg, 0, 2101 curproc, TS_RUN, minclsyspri); 2102 } 2103 2104 static void 2105 setup_merge_thread(struct send_merge_thread_arg *smt_arg, 2106 struct dmu_send_params *dspp, struct redact_list_thread_arg *from_arg, 2107 struct send_thread_arg *to_arg, struct redact_list_thread_arg *rlt_arg, 2108 objset_t *os) 2109 { 2110 VERIFY0(bqueue_init(&smt_arg->q, zfs_send_no_prefetch_queue_ff, 2111 MAX(zfs_send_no_prefetch_queue_length, 2 * zfs_max_recordsize), 2112 offsetof(struct send_range, ln))); 2113 smt_arg->cancel = B_FALSE; 2114 smt_arg->error = 0; 2115 smt_arg->from_arg = from_arg; 2116 smt_arg->to_arg = to_arg; 2117 if (dspp->redactbook != NULL) 2118 smt_arg->redact_arg = rlt_arg; 2119 2120 smt_arg->os = os; 2121 (void) thread_create(NULL, 0, send_merge_thread, smt_arg, 0, curproc, 2122 TS_RUN, minclsyspri); 2123 } 2124 2125 static void 2126 setup_reader_thread(struct send_reader_thread_arg *srt_arg, 2127 struct dmu_send_params *dspp, struct send_merge_thread_arg *smt_arg, 2128 uint64_t featureflags) 2129 { 2130 VERIFY0(bqueue_init(&srt_arg->q, zfs_send_queue_ff, 2131 MAX(zfs_send_queue_length, 2 * zfs_max_recordsize), 2132 offsetof(struct send_range, ln))); 2133 srt_arg->smta = smt_arg; 2134 srt_arg->issue_reads = !dspp->dso->dso_dryrun; 2135 srt_arg->featureflags = featureflags; 2136 (void) thread_create(NULL, 0, send_reader_thread, srt_arg, 0, 2137 curproc, TS_RUN, minclsyspri); 2138 } 2139 2140 static int 2141 setup_resume_points(struct dmu_send_params *dspp, 2142 struct send_thread_arg *to_arg, struct redact_list_thread_arg *from_arg, 2143 struct redact_list_thread_arg *rlt_arg, 2144 struct send_merge_thread_arg *smt_arg, boolean_t resuming, objset_t *os, 2145 redaction_list_t *redact_rl, nvlist_t *nvl) 2146 { 2147 dsl_dataset_t *to_ds = dspp->to_ds; 2148 int err = 0; 2149 2150 uint64_t obj = 0; 2151 uint64_t blkid = 0; 2152 if (resuming) { 2153 obj = dspp->resumeobj; 2154 dmu_object_info_t to_doi; 2155 err = dmu_object_info(os, obj, &to_doi); 2156 if (err != 0) 2157 return (err); 2158 2159 blkid = dspp->resumeoff / to_doi.doi_data_block_size; 2160 } 2161 /* 2162 * If we're resuming a redacted send, we can skip to the appropriate 2163 * point in the redaction bookmark by binary searching through it. 2164 */ 2165 if (redact_rl != NULL) { 2166 SET_BOOKMARK(&rlt_arg->resume, to_ds->ds_object, obj, 0, blkid); 2167 } 2168 2169 SET_BOOKMARK(&to_arg->resume, to_ds->ds_object, obj, 0, blkid); 2170 if (nvlist_exists(nvl, BEGINNV_REDACT_FROM_SNAPS)) { 2171 uint64_t objset = dspp->ancestor_zb.zbm_redaction_obj; 2172 /* 2173 * Note: If the resume point is in an object whose 2174 * blocksize is different in the from vs to snapshots, 2175 * we will have divided by the "wrong" blocksize. 2176 * However, in this case fromsnap's send_cb() will 2177 * detect that the blocksize has changed and therefore 2178 * ignore this object. 2179 * 2180 * If we're resuming a send from a redaction bookmark, 2181 * we still cannot accidentally suggest blocks behind 2182 * the to_ds. In addition, we know that any blocks in 2183 * the object in the to_ds will have to be sent, since 2184 * the size changed. Therefore, we can't cause any harm 2185 * this way either. 2186 */ 2187 SET_BOOKMARK(&from_arg->resume, objset, obj, 0, blkid); 2188 } 2189 if (resuming) { 2190 fnvlist_add_uint64(nvl, BEGINNV_RESUME_OBJECT, dspp->resumeobj); 2191 fnvlist_add_uint64(nvl, BEGINNV_RESUME_OFFSET, dspp->resumeoff); 2192 } 2193 return (0); 2194 } 2195 2196 static dmu_sendstatus_t * 2197 setup_send_progress(struct dmu_send_params *dspp) 2198 { 2199 dmu_sendstatus_t *dssp = kmem_zalloc(sizeof (*dssp), KM_SLEEP); 2200 dssp->dss_outfd = dspp->outfd; 2201 dssp->dss_off = dspp->off; 2202 dssp->dss_proc = curproc; 2203 mutex_enter(&dspp->to_ds->ds_sendstream_lock); 2204 list_insert_head(&dspp->to_ds->ds_sendstreams, dssp); 2205 mutex_exit(&dspp->to_ds->ds_sendstream_lock); 2206 return (dssp); 2207 } 2208 2209 /* 2210 * Actually do the bulk of the work in a zfs send. 2211 * 2212 * The idea is that we want to do a send from ancestor_zb to to_ds. We also 2213 * want to not send any data that has been modified by all the datasets in 2214 * redactsnaparr, and store the list of blocks that are redacted in this way in 2215 * a bookmark named redactbook, created on the to_ds. We do this by creating 2216 * several worker threads, whose function is described below. 2217 * 2218 * There are three cases. 2219 * The first case is a redacted zfs send. In this case there are 5 threads. 2220 * The first thread is the to_ds traversal thread: it calls dataset_traverse on 2221 * the to_ds and finds all the blocks that have changed since ancestor_zb (if 2222 * it's a full send, that's all blocks in the dataset). It then sends those 2223 * blocks on to the send merge thread. The redact list thread takes the data 2224 * from the redaction bookmark and sends those blocks on to the send merge 2225 * thread. The send merge thread takes the data from the to_ds traversal 2226 * thread, and combines it with the redaction records from the redact list 2227 * thread. If a block appears in both the to_ds's data and the redaction data, 2228 * the send merge thread will mark it as redacted and send it on to the prefetch 2229 * thread. Otherwise, the send merge thread will send the block on to the 2230 * prefetch thread unchanged. The prefetch thread will issue prefetch reads for 2231 * any data that isn't redacted, and then send the data on to the main thread. 2232 * The main thread behaves the same as in a normal send case, issuing demand 2233 * reads for data blocks and sending out records over the network 2234 * 2235 * The graphic below diagrams the flow of data in the case of a redacted zfs 2236 * send. Each box represents a thread, and each line represents the flow of 2237 * data. 2238 * 2239 * Records from the | 2240 * redaction bookmark | 2241 * +--------------------+ | +---------------------------+ 2242 * | | v | Send Merge Thread | 2243 * | Redact List Thread +----------> Apply redaction marks to | 2244 * | | | records as specified by | 2245 * +--------------------+ | redaction ranges | 2246 * +----^---------------+------+ 2247 * | | Merged data 2248 * | | 2249 * | +------------v--------+ 2250 * | | Prefetch Thread | 2251 * +--------------------+ | | Issues prefetch | 2252 * | to_ds Traversal | | | reads of data blocks| 2253 * | Thread (finds +---------------+ +------------+--------+ 2254 * | candidate blocks) | Blocks modified | Prefetched data 2255 * +--------------------+ by to_ds since | 2256 * ancestor_zb +------------v----+ 2257 * | Main Thread | File Descriptor 2258 * | Sends data over +->(to zfs receive) 2259 * | wire | 2260 * +-----------------+ 2261 * 2262 * The second case is an incremental send from a redaction bookmark. The to_ds 2263 * traversal thread and the main thread behave the same as in the redacted 2264 * send case. The new thread is the from bookmark traversal thread. It 2265 * iterates over the redaction list in the redaction bookmark, and enqueues 2266 * records for each block that was redacted in the original send. The send 2267 * merge thread now has to merge the data from the two threads. For details 2268 * about that process, see the header comment of send_merge_thread(). Any data 2269 * it decides to send on will be prefetched by the prefetch thread. Note that 2270 * you can perform a redacted send from a redaction bookmark; in that case, 2271 * the data flow behaves very similarly to the flow in the redacted send case, 2272 * except with the addition of the bookmark traversal thread iterating over the 2273 * redaction bookmark. The send_merge_thread also has to take on the 2274 * responsibility of merging the redact list thread's records, the bookmark 2275 * traversal thread's records, and the to_ds records. 2276 * 2277 * +---------------------+ 2278 * | | 2279 * | Redact List Thread +--------------+ 2280 * | | | 2281 * +---------------------+ | 2282 * Blocks in redaction list | Ranges modified by every secure snap 2283 * of from bookmark | (or EOS if not readcted) 2284 * | 2285 * +---------------------+ | +----v----------------------+ 2286 * | bookmark Traversal | v | Send Merge Thread | 2287 * | Thread (finds +---------> Merges bookmark, rlt, and | 2288 * | candidate blocks) | | to_ds send records | 2289 * +---------------------+ +----^---------------+------+ 2290 * | | Merged data 2291 * | +------------v--------+ 2292 * | | Prefetch Thread | 2293 * +--------------------+ | | Issues prefetch | 2294 * | to_ds Traversal | | | reads of data blocks| 2295 * | Thread (finds +---------------+ +------------+--------+ 2296 * | candidate blocks) | Blocks modified | Prefetched data 2297 * +--------------------+ by to_ds since +------------v----+ 2298 * ancestor_zb | Main Thread | File Descriptor 2299 * | Sends data over +->(to zfs receive) 2300 * | wire | 2301 * +-----------------+ 2302 * 2303 * The final case is a simple zfs full or incremental send. The to_ds traversal 2304 * thread behaves the same as always. The redact list thread is never started. 2305 * The send merge thread takes all the blocks that the to_ds traversal thread 2306 * sends it, prefetches the data, and sends the blocks on to the main thread. 2307 * The main thread sends the data over the wire. 2308 * 2309 * To keep performance acceptable, we want to prefetch the data in the worker 2310 * threads. While the to_ds thread could simply use the TRAVERSE_PREFETCH 2311 * feature built into traverse_dataset, the combining and deletion of records 2312 * due to redaction and sends from redaction bookmarks mean that we could 2313 * issue many unnecessary prefetches. As a result, we only prefetch data 2314 * after we've determined that the record is not going to be redacted. To 2315 * prevent the prefetching from getting too far ahead of the main thread, the 2316 * blocking queues that are used for communication are capped not by the 2317 * number of entries in the queue, but by the sum of the size of the 2318 * prefetches associated with them. The limit on the amount of data that the 2319 * thread can prefetch beyond what the main thread has reached is controlled 2320 * by the global variable zfs_send_queue_length. In addition, to prevent poor 2321 * performance in the beginning of a send, we also limit the distance ahead 2322 * that the traversal threads can be. That distance is controlled by the 2323 * zfs_send_no_prefetch_queue_length tunable. 2324 * 2325 * Note: Releases dp using the specified tag. 2326 */ 2327 static int 2328 dmu_send_impl(struct dmu_send_params *dspp) 2329 { 2330 objset_t *os; 2331 dmu_replay_record_t *drr; 2332 dmu_sendstatus_t *dssp; 2333 dmu_send_cookie_t dsc = {0}; 2334 int err; 2335 uint64_t fromtxg = dspp->ancestor_zb.zbm_creation_txg; 2336 uint64_t featureflags = 0; 2337 struct redact_list_thread_arg *from_arg; 2338 struct send_thread_arg *to_arg; 2339 struct redact_list_thread_arg *rlt_arg; 2340 struct send_merge_thread_arg *smt_arg; 2341 struct send_reader_thread_arg *srt_arg; 2342 struct send_range *range; 2343 redaction_list_t *from_rl = NULL; 2344 redaction_list_t *redact_rl = NULL; 2345 boolean_t resuming = (dspp->resumeobj != 0 || dspp->resumeoff != 0); 2346 boolean_t book_resuming = resuming; 2347 2348 dsl_dataset_t *to_ds = dspp->to_ds; 2349 zfs_bookmark_phys_t *ancestor_zb = &dspp->ancestor_zb; 2350 dsl_pool_t *dp = dspp->dp; 2351 void *tag = dspp->tag; 2352 2353 err = dmu_objset_from_ds(to_ds, &os); 2354 if (err != 0) { 2355 dsl_pool_rele(dp, tag); 2356 return (err); 2357 } 2358 2359 /* 2360 * If this is a non-raw send of an encrypted ds, we can ensure that 2361 * the objset_phys_t is authenticated. This is safe because this is 2362 * either a snapshot or we have owned the dataset, ensuring that 2363 * it can't be modified. 2364 */ 2365 if (!dspp->rawok && os->os_encrypted && 2366 arc_is_unauthenticated(os->os_phys_buf)) { 2367 zbookmark_phys_t zb; 2368 2369 SET_BOOKMARK(&zb, to_ds->ds_object, ZB_ROOT_OBJECT, 2370 ZB_ROOT_LEVEL, ZB_ROOT_BLKID); 2371 err = arc_untransform(os->os_phys_buf, os->os_spa, 2372 &zb, B_FALSE); 2373 if (err != 0) { 2374 dsl_pool_rele(dp, tag); 2375 return (err); 2376 } 2377 2378 ASSERT0(arc_is_unauthenticated(os->os_phys_buf)); 2379 } 2380 2381 if ((err = setup_featureflags(dspp, os, &featureflags)) != 0) { 2382 dsl_pool_rele(dp, tag); 2383 return (err); 2384 } 2385 2386 /* 2387 * If we're doing a redacted send, hold the bookmark's redaction list. 2388 */ 2389 if (dspp->redactbook != NULL) { 2390 err = dsl_redaction_list_hold_obj(dp, 2391 dspp->redactbook->zbm_redaction_obj, FTAG, 2392 &redact_rl); 2393 if (err != 0) { 2394 dsl_pool_rele(dp, tag); 2395 return (SET_ERROR(EINVAL)); 2396 } 2397 dsl_redaction_list_long_hold(dp, redact_rl, FTAG); 2398 } 2399 2400 /* 2401 * If we're sending from a redaction bookmark, hold the redaction list 2402 * so that we can consider sending the redacted blocks. 2403 */ 2404 if (ancestor_zb->zbm_redaction_obj != 0) { 2405 err = dsl_redaction_list_hold_obj(dp, 2406 ancestor_zb->zbm_redaction_obj, FTAG, &from_rl); 2407 if (err != 0) { 2408 if (redact_rl != NULL) { 2409 dsl_redaction_list_long_rele(redact_rl, FTAG); 2410 dsl_redaction_list_rele(redact_rl, FTAG); 2411 } 2412 dsl_pool_rele(dp, tag); 2413 return (SET_ERROR(EINVAL)); 2414 } 2415 dsl_redaction_list_long_hold(dp, from_rl, FTAG); 2416 } 2417 2418 dsl_dataset_long_hold(to_ds, FTAG); 2419 2420 from_arg = kmem_zalloc(sizeof (*from_arg), KM_SLEEP); 2421 to_arg = kmem_zalloc(sizeof (*to_arg), KM_SLEEP); 2422 rlt_arg = kmem_zalloc(sizeof (*rlt_arg), KM_SLEEP); 2423 smt_arg = kmem_zalloc(sizeof (*smt_arg), KM_SLEEP); 2424 srt_arg = kmem_zalloc(sizeof (*srt_arg), KM_SLEEP); 2425 2426 drr = create_begin_record(dspp, os, featureflags); 2427 dssp = setup_send_progress(dspp); 2428 2429 dsc.dsc_drr = drr; 2430 dsc.dsc_dso = dspp->dso; 2431 dsc.dsc_os = os; 2432 dsc.dsc_off = dspp->off; 2433 dsc.dsc_toguid = dsl_dataset_phys(to_ds)->ds_guid; 2434 dsc.dsc_fromtxg = fromtxg; 2435 dsc.dsc_pending_op = PENDING_NONE; 2436 dsc.dsc_featureflags = featureflags; 2437 dsc.dsc_resume_object = dspp->resumeobj; 2438 dsc.dsc_resume_offset = dspp->resumeoff; 2439 2440 dsl_pool_rele(dp, tag); 2441 2442 void *payload = NULL; 2443 size_t payload_len = 0; 2444 nvlist_t *nvl = fnvlist_alloc(); 2445 2446 /* 2447 * If we're doing a redacted send, we include the snapshots we're 2448 * redacted with respect to so that the target system knows what send 2449 * streams can be correctly received on top of this dataset. If we're 2450 * instead sending a redacted dataset, we include the snapshots that the 2451 * dataset was created with respect to. 2452 */ 2453 if (dspp->redactbook != NULL) { 2454 fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_SNAPS, 2455 redact_rl->rl_phys->rlp_snaps, 2456 redact_rl->rl_phys->rlp_num_snaps); 2457 } else if (dsl_dataset_feature_is_active(to_ds, 2458 SPA_FEATURE_REDACTED_DATASETS)) { 2459 uint64_t *tods_guids; 2460 uint64_t length; 2461 VERIFY(dsl_dataset_get_uint64_array_feature(to_ds, 2462 SPA_FEATURE_REDACTED_DATASETS, &length, &tods_guids)); 2463 fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_SNAPS, tods_guids, 2464 length); 2465 } 2466 2467 /* 2468 * If we're sending from a redaction bookmark, then we should retrieve 2469 * the guids of that bookmark so we can send them over the wire. 2470 */ 2471 if (from_rl != NULL) { 2472 fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_FROM_SNAPS, 2473 from_rl->rl_phys->rlp_snaps, 2474 from_rl->rl_phys->rlp_num_snaps); 2475 } 2476 2477 /* 2478 * If the snapshot we're sending from is redacted, include the redaction 2479 * list in the stream. 2480 */ 2481 if (dspp->numfromredactsnaps != NUM_SNAPS_NOT_REDACTED) { 2482 ASSERT3P(from_rl, ==, NULL); 2483 fnvlist_add_uint64_array(nvl, BEGINNV_REDACT_FROM_SNAPS, 2484 dspp->fromredactsnaps, (uint_t)dspp->numfromredactsnaps); 2485 if (dspp->numfromredactsnaps > 0) { 2486 kmem_free(dspp->fromredactsnaps, 2487 dspp->numfromredactsnaps * sizeof (uint64_t)); 2488 dspp->fromredactsnaps = NULL; 2489 } 2490 } 2491 2492 if (resuming || book_resuming) { 2493 err = setup_resume_points(dspp, to_arg, from_arg, 2494 rlt_arg, smt_arg, resuming, os, redact_rl, nvl); 2495 if (err != 0) 2496 goto out; 2497 } 2498 2499 if (featureflags & DMU_BACKUP_FEATURE_RAW) { 2500 uint64_t ivset_guid = (ancestor_zb != NULL) ? 2501 ancestor_zb->zbm_ivset_guid : 0; 2502 nvlist_t *keynvl = NULL; 2503 ASSERT(os->os_encrypted); 2504 2505 err = dsl_crypto_populate_key_nvlist(os, ivset_guid, 2506 &keynvl); 2507 if (err != 0) { 2508 fnvlist_free(nvl); 2509 goto out; 2510 } 2511 2512 fnvlist_add_nvlist(nvl, "crypt_keydata", keynvl); 2513 fnvlist_free(keynvl); 2514 } 2515 2516 if (!nvlist_empty(nvl)) { 2517 payload = fnvlist_pack(nvl, &payload_len); 2518 drr->drr_payloadlen = payload_len; 2519 } 2520 2521 fnvlist_free(nvl); 2522 err = dump_record(&dsc, payload, payload_len); 2523 fnvlist_pack_free(payload, payload_len); 2524 if (err != 0) { 2525 err = dsc.dsc_err; 2526 goto out; 2527 } 2528 2529 setup_to_thread(to_arg, os, dssp, fromtxg, dspp->rawok); 2530 setup_from_thread(from_arg, from_rl, dssp); 2531 setup_redact_list_thread(rlt_arg, dspp, redact_rl, dssp); 2532 setup_merge_thread(smt_arg, dspp, from_arg, to_arg, rlt_arg, os); 2533 setup_reader_thread(srt_arg, dspp, smt_arg, featureflags); 2534 2535 range = bqueue_dequeue(&srt_arg->q); 2536 while (err == 0 && !range->eos_marker) { 2537 err = do_dump(&dsc, range); 2538 range = get_next_range(&srt_arg->q, range); 2539 if (issig(JUSTLOOKING) && issig(FORREAL)) 2540 err = SET_ERROR(EINTR); 2541 } 2542 2543 /* 2544 * If we hit an error or are interrupted, cancel our worker threads and 2545 * clear the queue of any pending records. The threads will pass the 2546 * cancel up the tree of worker threads, and each one will clean up any 2547 * pending records before exiting. 2548 */ 2549 if (err != 0) { 2550 srt_arg->cancel = B_TRUE; 2551 while (!range->eos_marker) { 2552 range = get_next_range(&srt_arg->q, range); 2553 } 2554 } 2555 range_free(range); 2556 2557 bqueue_destroy(&srt_arg->q); 2558 bqueue_destroy(&smt_arg->q); 2559 if (dspp->redactbook != NULL) 2560 bqueue_destroy(&rlt_arg->q); 2561 bqueue_destroy(&to_arg->q); 2562 bqueue_destroy(&from_arg->q); 2563 2564 if (err == 0 && srt_arg->error != 0) 2565 err = srt_arg->error; 2566 2567 if (err != 0) 2568 goto out; 2569 2570 if (dsc.dsc_pending_op != PENDING_NONE) 2571 if (dump_record(&dsc, NULL, 0) != 0) 2572 err = SET_ERROR(EINTR); 2573 2574 if (err != 0) { 2575 if (err == EINTR && dsc.dsc_err != 0) 2576 err = dsc.dsc_err; 2577 goto out; 2578 } 2579 2580 /* 2581 * Send the DRR_END record if this is not a saved stream. 2582 * Otherwise, the omitted DRR_END record will signal to 2583 * the receive side that the stream is incomplete. 2584 */ 2585 if (!dspp->savedok) { 2586 bzero(drr, sizeof (dmu_replay_record_t)); 2587 drr->drr_type = DRR_END; 2588 drr->drr_u.drr_end.drr_checksum = dsc.dsc_zc; 2589 drr->drr_u.drr_end.drr_toguid = dsc.dsc_toguid; 2590 2591 if (dump_record(&dsc, NULL, 0) != 0) 2592 err = dsc.dsc_err; 2593 } 2594 out: 2595 mutex_enter(&to_ds->ds_sendstream_lock); 2596 list_remove(&to_ds->ds_sendstreams, dssp); 2597 mutex_exit(&to_ds->ds_sendstream_lock); 2598 2599 VERIFY(err != 0 || (dsc.dsc_sent_begin && 2600 (dsc.dsc_sent_end || dspp->savedok))); 2601 2602 kmem_free(drr, sizeof (dmu_replay_record_t)); 2603 kmem_free(dssp, sizeof (dmu_sendstatus_t)); 2604 kmem_free(from_arg, sizeof (*from_arg)); 2605 kmem_free(to_arg, sizeof (*to_arg)); 2606 kmem_free(rlt_arg, sizeof (*rlt_arg)); 2607 kmem_free(smt_arg, sizeof (*smt_arg)); 2608 kmem_free(srt_arg, sizeof (*srt_arg)); 2609 2610 dsl_dataset_long_rele(to_ds, FTAG); 2611 if (from_rl != NULL) { 2612 dsl_redaction_list_long_rele(from_rl, FTAG); 2613 dsl_redaction_list_rele(from_rl, FTAG); 2614 } 2615 if (redact_rl != NULL) { 2616 dsl_redaction_list_long_rele(redact_rl, FTAG); 2617 dsl_redaction_list_rele(redact_rl, FTAG); 2618 } 2619 2620 return (err); 2621 } 2622 2623 int 2624 dmu_send_obj(const char *pool, uint64_t tosnap, uint64_t fromsnap, 2625 boolean_t embedok, boolean_t large_block_ok, boolean_t compressok, 2626 boolean_t rawok, boolean_t savedok, int outfd, offset_t *off, 2627 dmu_send_outparams_t *dsop) 2628 { 2629 int err; 2630 dsl_dataset_t *fromds; 2631 ds_hold_flags_t dsflags = (rawok) ? 0 : DS_HOLD_FLAG_DECRYPT; 2632 struct dmu_send_params dspp = {0}; 2633 dspp.embedok = embedok; 2634 dspp.large_block_ok = large_block_ok; 2635 dspp.compressok = compressok; 2636 dspp.outfd = outfd; 2637 dspp.off = off; 2638 dspp.dso = dsop; 2639 dspp.tag = FTAG; 2640 dspp.rawok = rawok; 2641 dspp.savedok = savedok; 2642 2643 err = dsl_pool_hold(pool, FTAG, &dspp.dp); 2644 if (err != 0) 2645 return (err); 2646 2647 err = dsl_dataset_hold_obj_flags(dspp.dp, tosnap, dsflags, FTAG, 2648 &dspp.to_ds); 2649 if (err != 0) { 2650 dsl_pool_rele(dspp.dp, FTAG); 2651 return (err); 2652 } 2653 2654 if (fromsnap != 0) { 2655 err = dsl_dataset_hold_obj_flags(dspp.dp, fromsnap, dsflags, 2656 FTAG, &fromds); 2657 if (err != 0) { 2658 dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); 2659 dsl_pool_rele(dspp.dp, FTAG); 2660 return (err); 2661 } 2662 dspp.ancestor_zb.zbm_guid = dsl_dataset_phys(fromds)->ds_guid; 2663 dspp.ancestor_zb.zbm_creation_txg = 2664 dsl_dataset_phys(fromds)->ds_creation_txg; 2665 dspp.ancestor_zb.zbm_creation_time = 2666 dsl_dataset_phys(fromds)->ds_creation_time; 2667 2668 if (dsl_dataset_is_zapified(fromds)) { 2669 (void) zap_lookup(dspp.dp->dp_meta_objset, 2670 fromds->ds_object, DS_FIELD_IVSET_GUID, 8, 1, 2671 &dspp.ancestor_zb.zbm_ivset_guid); 2672 } 2673 2674 /* See dmu_send for the reasons behind this. */ 2675 uint64_t *fromredact; 2676 2677 if (!dsl_dataset_get_uint64_array_feature(fromds, 2678 SPA_FEATURE_REDACTED_DATASETS, 2679 &dspp.numfromredactsnaps, 2680 &fromredact)) { 2681 dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; 2682 } else if (dspp.numfromredactsnaps > 0) { 2683 uint64_t size = dspp.numfromredactsnaps * 2684 sizeof (uint64_t); 2685 dspp.fromredactsnaps = kmem_zalloc(size, KM_SLEEP); 2686 bcopy(fromredact, dspp.fromredactsnaps, size); 2687 } 2688 2689 if (!dsl_dataset_is_before(dspp.to_ds, fromds, 0)) { 2690 err = SET_ERROR(EXDEV); 2691 } else { 2692 dspp.is_clone = (dspp.to_ds->ds_dir != 2693 fromds->ds_dir); 2694 dsl_dataset_rele(fromds, FTAG); 2695 err = dmu_send_impl(&dspp); 2696 } 2697 } else { 2698 dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; 2699 err = dmu_send_impl(&dspp); 2700 } 2701 dsl_dataset_rele(dspp.to_ds, FTAG); 2702 return (err); 2703 } 2704 2705 int 2706 dmu_send(const char *tosnap, const char *fromsnap, boolean_t embedok, 2707 boolean_t large_block_ok, boolean_t compressok, boolean_t rawok, 2708 boolean_t savedok, uint64_t resumeobj, uint64_t resumeoff, 2709 const char *redactbook, int outfd, offset_t *off, 2710 dmu_send_outparams_t *dsop) 2711 { 2712 int err = 0; 2713 ds_hold_flags_t dsflags = (rawok) ? 0 : DS_HOLD_FLAG_DECRYPT; 2714 boolean_t owned = B_FALSE; 2715 dsl_dataset_t *fromds = NULL; 2716 zfs_bookmark_phys_t book = {0}; 2717 struct dmu_send_params dspp = {0}; 2718 2719 dspp.tosnap = tosnap; 2720 dspp.embedok = embedok; 2721 dspp.large_block_ok = large_block_ok; 2722 dspp.compressok = compressok; 2723 dspp.outfd = outfd; 2724 dspp.off = off; 2725 dspp.dso = dsop; 2726 dspp.tag = FTAG; 2727 dspp.resumeobj = resumeobj; 2728 dspp.resumeoff = resumeoff; 2729 dspp.rawok = rawok; 2730 dspp.savedok = savedok; 2731 2732 if (fromsnap != NULL && strpbrk(fromsnap, "@#") == NULL) 2733 return (SET_ERROR(EINVAL)); 2734 2735 err = dsl_pool_hold(tosnap, FTAG, &dspp.dp); 2736 if (err != 0) 2737 return (err); 2738 2739 if (strchr(tosnap, '@') == NULL && spa_writeable(dspp.dp->dp_spa)) { 2740 /* 2741 * We are sending a filesystem or volume. Ensure 2742 * that it doesn't change by owning the dataset. 2743 */ 2744 2745 if (savedok) { 2746 /* 2747 * We are looking for the dataset that represents the 2748 * partially received send stream. If this stream was 2749 * received as a new snapshot of an existing dataset, 2750 * this will be saved in a hidden clone named 2751 * "<pool>/<dataset>/%recv". Otherwise, the stream 2752 * will be saved in the live dataset itself. In 2753 * either case we need to use dsl_dataset_own_force() 2754 * because the stream is marked as inconsistent, 2755 * which would normally make it unavailable to be 2756 * owned. 2757 */ 2758 char *name = kmem_asprintf("%s/%s", tosnap, 2759 recv_clone_name); 2760 err = dsl_dataset_own_force(dspp.dp, name, dsflags, 2761 FTAG, &dspp.to_ds); 2762 if (err == ENOENT) { 2763 err = dsl_dataset_own_force(dspp.dp, tosnap, 2764 dsflags, FTAG, &dspp.to_ds); 2765 } 2766 2767 if (err == 0) { 2768 err = zap_lookup(dspp.dp->dp_meta_objset, 2769 dspp.to_ds->ds_object, 2770 DS_FIELD_RESUME_TOGUID, 8, 1, 2771 &dspp.saved_guid); 2772 } 2773 2774 if (err == 0) { 2775 err = zap_lookup(dspp.dp->dp_meta_objset, 2776 dspp.to_ds->ds_object, 2777 DS_FIELD_RESUME_TONAME, 1, 2778 sizeof (dspp.saved_toname), 2779 dspp.saved_toname); 2780 } 2781 if (err != 0) 2782 dsl_dataset_disown(dspp.to_ds, dsflags, FTAG); 2783 2784 kmem_strfree(name); 2785 } else { 2786 err = dsl_dataset_own(dspp.dp, tosnap, dsflags, 2787 FTAG, &dspp.to_ds); 2788 } 2789 owned = B_TRUE; 2790 } else { 2791 err = dsl_dataset_hold_flags(dspp.dp, tosnap, dsflags, FTAG, 2792 &dspp.to_ds); 2793 } 2794 2795 if (err != 0) { 2796 dsl_pool_rele(dspp.dp, FTAG); 2797 return (err); 2798 } 2799 2800 if (redactbook != NULL) { 2801 char path[ZFS_MAX_DATASET_NAME_LEN]; 2802 (void) strlcpy(path, tosnap, sizeof (path)); 2803 char *at = strchr(path, '@'); 2804 if (at == NULL) { 2805 err = EINVAL; 2806 } else { 2807 (void) snprintf(at, sizeof (path) - (at - path), "#%s", 2808 redactbook); 2809 err = dsl_bookmark_lookup(dspp.dp, path, 2810 NULL, &book); 2811 dspp.redactbook = &book; 2812 } 2813 } 2814 2815 if (err != 0) { 2816 dsl_pool_rele(dspp.dp, FTAG); 2817 if (owned) 2818 dsl_dataset_disown(dspp.to_ds, dsflags, FTAG); 2819 else 2820 dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); 2821 return (err); 2822 } 2823 2824 if (fromsnap != NULL) { 2825 zfs_bookmark_phys_t *zb = &dspp.ancestor_zb; 2826 int fsnamelen; 2827 if (strpbrk(tosnap, "@#") != NULL) 2828 fsnamelen = strpbrk(tosnap, "@#") - tosnap; 2829 else 2830 fsnamelen = strlen(tosnap); 2831 2832 /* 2833 * If the fromsnap is in a different filesystem, then 2834 * mark the send stream as a clone. 2835 */ 2836 if (strncmp(tosnap, fromsnap, fsnamelen) != 0 || 2837 (fromsnap[fsnamelen] != '@' && 2838 fromsnap[fsnamelen] != '#')) { 2839 dspp.is_clone = B_TRUE; 2840 } 2841 2842 if (strchr(fromsnap, '@') != NULL) { 2843 err = dsl_dataset_hold(dspp.dp, fromsnap, FTAG, 2844 &fromds); 2845 2846 if (err != 0) { 2847 ASSERT3P(fromds, ==, NULL); 2848 } else { 2849 /* 2850 * We need to make a deep copy of the redact 2851 * snapshots of the from snapshot, because the 2852 * array will be freed when we evict from_ds. 2853 */ 2854 uint64_t *fromredact; 2855 if (!dsl_dataset_get_uint64_array_feature( 2856 fromds, SPA_FEATURE_REDACTED_DATASETS, 2857 &dspp.numfromredactsnaps, 2858 &fromredact)) { 2859 dspp.numfromredactsnaps = 2860 NUM_SNAPS_NOT_REDACTED; 2861 } else if (dspp.numfromredactsnaps > 0) { 2862 uint64_t size = 2863 dspp.numfromredactsnaps * 2864 sizeof (uint64_t); 2865 dspp.fromredactsnaps = kmem_zalloc(size, 2866 KM_SLEEP); 2867 bcopy(fromredact, dspp.fromredactsnaps, 2868 size); 2869 } 2870 if (!dsl_dataset_is_before(dspp.to_ds, fromds, 2871 0)) { 2872 err = SET_ERROR(EXDEV); 2873 } else { 2874 zb->zbm_creation_txg = 2875 dsl_dataset_phys(fromds)-> 2876 ds_creation_txg; 2877 zb->zbm_creation_time = 2878 dsl_dataset_phys(fromds)-> 2879 ds_creation_time; 2880 zb->zbm_guid = 2881 dsl_dataset_phys(fromds)->ds_guid; 2882 zb->zbm_redaction_obj = 0; 2883 2884 if (dsl_dataset_is_zapified(fromds)) { 2885 (void) zap_lookup( 2886 dspp.dp->dp_meta_objset, 2887 fromds->ds_object, 2888 DS_FIELD_IVSET_GUID, 8, 1, 2889 &zb->zbm_ivset_guid); 2890 } 2891 } 2892 dsl_dataset_rele(fromds, FTAG); 2893 } 2894 } else { 2895 dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; 2896 err = dsl_bookmark_lookup(dspp.dp, fromsnap, dspp.to_ds, 2897 zb); 2898 if (err == EXDEV && zb->zbm_redaction_obj != 0 && 2899 zb->zbm_guid == 2900 dsl_dataset_phys(dspp.to_ds)->ds_guid) 2901 err = 0; 2902 } 2903 2904 if (err == 0) { 2905 /* dmu_send_impl will call dsl_pool_rele for us. */ 2906 err = dmu_send_impl(&dspp); 2907 } else { 2908 dsl_pool_rele(dspp.dp, FTAG); 2909 } 2910 } else { 2911 dspp.numfromredactsnaps = NUM_SNAPS_NOT_REDACTED; 2912 err = dmu_send_impl(&dspp); 2913 } 2914 if (owned) 2915 dsl_dataset_disown(dspp.to_ds, dsflags, FTAG); 2916 else 2917 dsl_dataset_rele_flags(dspp.to_ds, dsflags, FTAG); 2918 return (err); 2919 } 2920 2921 static int 2922 dmu_adjust_send_estimate_for_indirects(dsl_dataset_t *ds, uint64_t uncompressed, 2923 uint64_t compressed, boolean_t stream_compressed, uint64_t *sizep) 2924 { 2925 int err = 0; 2926 uint64_t size; 2927 /* 2928 * Assume that space (both on-disk and in-stream) is dominated by 2929 * data. We will adjust for indirect blocks and the copies property, 2930 * but ignore per-object space used (eg, dnodes and DRR_OBJECT records). 2931 */ 2932 2933 uint64_t recordsize; 2934 uint64_t record_count; 2935 objset_t *os; 2936 VERIFY0(dmu_objset_from_ds(ds, &os)); 2937 2938 /* Assume all (uncompressed) blocks are recordsize. */ 2939 if (zfs_override_estimate_recordsize != 0) { 2940 recordsize = zfs_override_estimate_recordsize; 2941 } else if (os->os_phys->os_type == DMU_OST_ZVOL) { 2942 err = dsl_prop_get_int_ds(ds, 2943 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), &recordsize); 2944 } else { 2945 err = dsl_prop_get_int_ds(ds, 2946 zfs_prop_to_name(ZFS_PROP_RECORDSIZE), &recordsize); 2947 } 2948 if (err != 0) 2949 return (err); 2950 record_count = uncompressed / recordsize; 2951 2952 /* 2953 * If we're estimating a send size for a compressed stream, use the 2954 * compressed data size to estimate the stream size. Otherwise, use the 2955 * uncompressed data size. 2956 */ 2957 size = stream_compressed ? compressed : uncompressed; 2958 2959 /* 2960 * Subtract out approximate space used by indirect blocks. 2961 * Assume most space is used by data blocks (non-indirect, non-dnode). 2962 * Assume no ditto blocks or internal fragmentation. 2963 * 2964 * Therefore, space used by indirect blocks is sizeof(blkptr_t) per 2965 * block. 2966 */ 2967 size -= record_count * sizeof (blkptr_t); 2968 2969 /* Add in the space for the record associated with each block. */ 2970 size += record_count * sizeof (dmu_replay_record_t); 2971 2972 *sizep = size; 2973 2974 return (0); 2975 } 2976 2977 int 2978 dmu_send_estimate_fast(dsl_dataset_t *origds, dsl_dataset_t *fromds, 2979 zfs_bookmark_phys_t *frombook, boolean_t stream_compressed, 2980 boolean_t saved, uint64_t *sizep) 2981 { 2982 int err; 2983 dsl_dataset_t *ds = origds; 2984 uint64_t uncomp, comp; 2985 2986 ASSERT(dsl_pool_config_held(origds->ds_dir->dd_pool)); 2987 ASSERT(fromds == NULL || frombook == NULL); 2988 2989 /* 2990 * If this is a saved send we may actually be sending 2991 * from the %recv clone used for resuming. 2992 */ 2993 if (saved) { 2994 objset_t *mos = origds->ds_dir->dd_pool->dp_meta_objset; 2995 uint64_t guid; 2996 char dsname[ZFS_MAX_DATASET_NAME_LEN + 6]; 2997 2998 dsl_dataset_name(origds, dsname); 2999 (void) strcat(dsname, "/"); 3000 (void) strcat(dsname, recv_clone_name); 3001 3002 err = dsl_dataset_hold(origds->ds_dir->dd_pool, 3003 dsname, FTAG, &ds); 3004 if (err != ENOENT && err != 0) { 3005 return (err); 3006 } else if (err == ENOENT) { 3007 ds = origds; 3008 } 3009 3010 /* check that this dataset has partially received data */ 3011 err = zap_lookup(mos, ds->ds_object, 3012 DS_FIELD_RESUME_TOGUID, 8, 1, &guid); 3013 if (err != 0) { 3014 err = SET_ERROR(err == ENOENT ? EINVAL : err); 3015 goto out; 3016 } 3017 3018 err = zap_lookup(mos, ds->ds_object, 3019 DS_FIELD_RESUME_TONAME, 1, sizeof (dsname), dsname); 3020 if (err != 0) { 3021 err = SET_ERROR(err == ENOENT ? EINVAL : err); 3022 goto out; 3023 } 3024 } 3025 3026 /* tosnap must be a snapshot or the target of a saved send */ 3027 if (!ds->ds_is_snapshot && ds == origds) 3028 return (SET_ERROR(EINVAL)); 3029 3030 if (fromds != NULL) { 3031 uint64_t used; 3032 if (!fromds->ds_is_snapshot) { 3033 err = SET_ERROR(EINVAL); 3034 goto out; 3035 } 3036 3037 if (!dsl_dataset_is_before(ds, fromds, 0)) { 3038 err = SET_ERROR(EXDEV); 3039 goto out; 3040 } 3041 3042 err = dsl_dataset_space_written(fromds, ds, &used, &comp, 3043 &uncomp); 3044 if (err != 0) 3045 goto out; 3046 } else if (frombook != NULL) { 3047 uint64_t used; 3048 err = dsl_dataset_space_written_bookmark(frombook, ds, &used, 3049 &comp, &uncomp); 3050 if (err != 0) 3051 goto out; 3052 } else { 3053 uncomp = dsl_dataset_phys(ds)->ds_uncompressed_bytes; 3054 comp = dsl_dataset_phys(ds)->ds_compressed_bytes; 3055 } 3056 3057 err = dmu_adjust_send_estimate_for_indirects(ds, uncomp, comp, 3058 stream_compressed, sizep); 3059 /* 3060 * Add the size of the BEGIN and END records to the estimate. 3061 */ 3062 *sizep += 2 * sizeof (dmu_replay_record_t); 3063 3064 out: 3065 if (ds != origds) 3066 dsl_dataset_rele(ds, FTAG); 3067 return (err); 3068 } 3069 3070 /* BEGIN CSTYLED */ 3071 ZFS_MODULE_PARAM(zfs_send, zfs_send_, corrupt_data, INT, ZMOD_RW, 3072 "Allow sending corrupt data"); 3073 3074 ZFS_MODULE_PARAM(zfs_send, zfs_send_, queue_length, INT, ZMOD_RW, 3075 "Maximum send queue length"); 3076 3077 ZFS_MODULE_PARAM(zfs_send, zfs_send_, unmodified_spill_blocks, INT, ZMOD_RW, 3078 "Send unmodified spill blocks"); 3079 3080 ZFS_MODULE_PARAM(zfs_send, zfs_send_, no_prefetch_queue_length, INT, ZMOD_RW, 3081 "Maximum send queue length for non-prefetch queues"); 3082 3083 ZFS_MODULE_PARAM(zfs_send, zfs_send_, queue_ff, INT, ZMOD_RW, 3084 "Send queue fill fraction"); 3085 3086 ZFS_MODULE_PARAM(zfs_send, zfs_send_, no_prefetch_queue_ff, INT, ZMOD_RW, 3087 "Send queue fill fraction for non-prefetch queues"); 3088 3089 ZFS_MODULE_PARAM(zfs_send, zfs_, override_estimate_recordsize, INT, ZMOD_RW, 3090 "Override block size estimate with fixed size"); 3091 /* END CSTYLED */ 3092