1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2013, 2014, Delphix. All rights reserved. 25 * Copyright (c) 2019 Datto Inc. 26 * Copyright (c) 2021, 2022, George Amanakis. All rights reserved. 27 */ 28 29 /* 30 * Routines to manage the on-disk persistent error log. 31 * 32 * Each pool stores a log of all logical data errors seen during normal 33 * operation. This is actually the union of two distinct logs: the last log, 34 * and the current log. All errors seen are logged to the current log. When a 35 * scrub completes, the current log becomes the last log, the last log is thrown 36 * out, and the current log is reinitialized. This way, if an error is somehow 37 * corrected, a new scrub will show that it no longer exists, and will be 38 * deleted from the log when the scrub completes. 39 * 40 * The log is stored using a ZAP object whose key is a string form of the 41 * zbookmark_phys tuple (objset, object, level, blkid), and whose contents is an 42 * optional 'objset:object' human-readable string describing the data. When an 43 * error is first logged, this string will be empty, indicating that no name is 44 * known. This prevents us from having to issue a potentially large amount of 45 * I/O to discover the object name during an error path. Instead, we do the 46 * calculation when the data is requested, storing the result so future queries 47 * will be faster. 48 * 49 * If the head_errlog feature is enabled, a different on-disk format is used. 50 * The error log of each head dataset is stored separately in the zap object 51 * and keyed by the head id. This enables listing every dataset affected in 52 * userland. In order to be able to track whether an error block has been 53 * modified or added to snapshots since it was marked as an error, a new tuple 54 * is introduced: zbookmark_err_phys_t. It allows the storage of the birth 55 * transaction group of an error block on-disk. The birth transaction group is 56 * used by check_filesystem() to assess whether this block was freed, 57 * re-written or added to a snapshot since its marking as an error. 58 * 59 * This log is then shipped into an nvlist where the key is the dataset name and 60 * the value is the object name. Userland is then responsible for uniquifying 61 * this list and displaying it to the user. 62 */ 63 64 #include <sys/dmu_tx.h> 65 #include <sys/spa.h> 66 #include <sys/spa_impl.h> 67 #include <sys/zap.h> 68 #include <sys/zio.h> 69 #include <sys/dsl_dir.h> 70 #include <sys/dmu_objset.h> 71 #include <sys/dbuf.h> 72 #include <sys/zfs_znode.h> 73 74 #define NAME_MAX_LEN 64 75 76 typedef struct clones { 77 uint64_t clone_ds; 78 list_node_t node; 79 } clones_t; 80 81 /* 82 * spa_upgrade_errlog_limit : A zfs module parameter that controls the number 83 * of on-disk error log entries that will be converted to the new 84 * format when enabling head_errlog. Defaults to 0 which converts 85 * all log entries. 86 */ 87 static uint_t spa_upgrade_errlog_limit = 0; 88 89 /* 90 * Convert a bookmark to a string. 91 */ 92 static void 93 bookmark_to_name(zbookmark_phys_t *zb, char *buf, size_t len) 94 { 95 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx", 96 (u_longlong_t)zb->zb_objset, (u_longlong_t)zb->zb_object, 97 (u_longlong_t)zb->zb_level, (u_longlong_t)zb->zb_blkid); 98 } 99 100 /* 101 * Convert an err_phys to a string. 102 */ 103 static void 104 errphys_to_name(zbookmark_err_phys_t *zep, char *buf, size_t len) 105 { 106 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx", 107 (u_longlong_t)zep->zb_object, (u_longlong_t)zep->zb_level, 108 (u_longlong_t)zep->zb_blkid, (u_longlong_t)zep->zb_birth); 109 } 110 111 /* 112 * Convert a string to a err_phys. 113 */ 114 void 115 name_to_errphys(char *buf, zbookmark_err_phys_t *zep) 116 { 117 zep->zb_object = zfs_strtonum(buf, &buf); 118 ASSERT(*buf == ':'); 119 zep->zb_level = (int)zfs_strtonum(buf + 1, &buf); 120 ASSERT(*buf == ':'); 121 zep->zb_blkid = zfs_strtonum(buf + 1, &buf); 122 ASSERT(*buf == ':'); 123 zep->zb_birth = zfs_strtonum(buf + 1, &buf); 124 ASSERT(*buf == '\0'); 125 } 126 127 /* 128 * Convert a string to a bookmark. 129 */ 130 static void 131 name_to_bookmark(char *buf, zbookmark_phys_t *zb) 132 { 133 zb->zb_objset = zfs_strtonum(buf, &buf); 134 ASSERT(*buf == ':'); 135 zb->zb_object = zfs_strtonum(buf + 1, &buf); 136 ASSERT(*buf == ':'); 137 zb->zb_level = (int)zfs_strtonum(buf + 1, &buf); 138 ASSERT(*buf == ':'); 139 zb->zb_blkid = zfs_strtonum(buf + 1, &buf); 140 ASSERT(*buf == '\0'); 141 } 142 143 void 144 zep_to_zb(uint64_t dataset, zbookmark_err_phys_t *zep, zbookmark_phys_t *zb) 145 { 146 zb->zb_objset = dataset; 147 zb->zb_object = zep->zb_object; 148 zb->zb_level = zep->zb_level; 149 zb->zb_blkid = zep->zb_blkid; 150 } 151 152 static void 153 name_to_object(char *buf, uint64_t *obj) 154 { 155 *obj = zfs_strtonum(buf, &buf); 156 ASSERT(*buf == '\0'); 157 } 158 159 /* 160 * Retrieve the head filesystem. 161 */ 162 static int get_head_ds(spa_t *spa, uint64_t dsobj, uint64_t *head_ds) 163 { 164 dsl_dataset_t *ds; 165 int error = dsl_dataset_hold_obj_flags(spa->spa_dsl_pool, 166 dsobj, DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 167 168 if (error != 0) 169 return (error); 170 171 ASSERT(head_ds); 172 *head_ds = dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj; 173 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 174 175 return (error); 176 } 177 178 /* 179 * Log an uncorrectable error to the persistent error log. We add it to the 180 * spa's list of pending errors. The changes are actually synced out to disk 181 * during spa_errlog_sync(). 182 */ 183 void 184 spa_log_error(spa_t *spa, const zbookmark_phys_t *zb, const uint64_t birth) 185 { 186 spa_error_entry_t search; 187 spa_error_entry_t *new; 188 avl_tree_t *tree; 189 avl_index_t where; 190 191 /* 192 * If we are trying to import a pool, ignore any errors, as we won't be 193 * writing to the pool any time soon. 194 */ 195 if (spa_load_state(spa) == SPA_LOAD_TRYIMPORT) 196 return; 197 198 mutex_enter(&spa->spa_errlist_lock); 199 200 /* 201 * If we have had a request to rotate the log, log it to the next list 202 * instead of the current one. 203 */ 204 if (spa->spa_scrub_active || spa->spa_scrub_finished) 205 tree = &spa->spa_errlist_scrub; 206 else 207 tree = &spa->spa_errlist_last; 208 209 search.se_bookmark = *zb; 210 if (avl_find(tree, &search, &where) != NULL) { 211 mutex_exit(&spa->spa_errlist_lock); 212 return; 213 } 214 215 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP); 216 new->se_bookmark = *zb; 217 218 /* 219 * If the head_errlog feature is enabled, store the birth txg now. In 220 * case the file is deleted before spa_errlog_sync() runs, we will not 221 * be able to retrieve the birth txg. 222 */ 223 if (spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 224 new->se_zep.zb_object = zb->zb_object; 225 new->se_zep.zb_level = zb->zb_level; 226 new->se_zep.zb_blkid = zb->zb_blkid; 227 new->se_zep.zb_birth = birth; 228 } 229 230 avl_insert(tree, new, where); 231 mutex_exit(&spa->spa_errlist_lock); 232 } 233 234 int 235 find_birth_txg(dsl_dataset_t *ds, zbookmark_err_phys_t *zep, 236 uint64_t *birth_txg) 237 { 238 objset_t *os; 239 int error = dmu_objset_from_ds(ds, &os); 240 if (error != 0) 241 return (error); 242 243 dnode_t *dn; 244 blkptr_t bp; 245 246 error = dnode_hold(os, zep->zb_object, FTAG, &dn); 247 if (error != 0) 248 return (error); 249 250 rw_enter(&dn->dn_struct_rwlock, RW_READER); 251 error = dbuf_dnode_findbp(dn, zep->zb_level, zep->zb_blkid, &bp, NULL, 252 NULL); 253 if (error == 0 && BP_IS_HOLE(&bp)) 254 error = SET_ERROR(ENOENT); 255 256 *birth_txg = BP_GET_LOGICAL_BIRTH(&bp); 257 rw_exit(&dn->dn_struct_rwlock); 258 dnode_rele(dn, FTAG); 259 return (error); 260 } 261 262 /* 263 * This function finds the oldest affected filesystem containing an error 264 * block. 265 */ 266 int 267 find_top_affected_fs(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep, 268 uint64_t *top_affected_fs) 269 { 270 uint64_t oldest_dsobj; 271 int error = dsl_dataset_oldest_snapshot(spa, head_ds, zep->zb_birth, 272 &oldest_dsobj); 273 if (error != 0) 274 return (error); 275 276 dsl_dataset_t *ds; 277 error = dsl_dataset_hold_obj_flags(spa->spa_dsl_pool, oldest_dsobj, 278 DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 279 if (error != 0) 280 return (error); 281 282 *top_affected_fs = 283 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj; 284 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 285 return (0); 286 } 287 288 289 #ifdef _KERNEL 290 /* 291 * Copy the bookmark to the end of the user-space buffer which starts at 292 * uaddr and has *count unused entries, and decrement *count by 1. 293 */ 294 static int 295 copyout_entry(const zbookmark_phys_t *zb, void *uaddr, uint64_t *count) 296 { 297 if (*count == 0) 298 return (SET_ERROR(ENOMEM)); 299 300 *count -= 1; 301 if (copyout(zb, (char *)uaddr + (*count) * sizeof (zbookmark_phys_t), 302 sizeof (zbookmark_phys_t)) != 0) 303 return (SET_ERROR(EFAULT)); 304 return (0); 305 } 306 307 /* 308 * Each time the error block is referenced by a snapshot or clone, add a 309 * zbookmark_phys_t entry to the userspace array at uaddr. The array is 310 * filled from the back and the in-out parameter *count is modified to be the 311 * number of unused entries at the beginning of the array. The function 312 * scrub_filesystem() is modelled after this one. 313 */ 314 static int 315 check_filesystem(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep, 316 void *uaddr, uint64_t *count, list_t *clones_list) 317 { 318 dsl_dataset_t *ds; 319 dsl_pool_t *dp = spa->spa_dsl_pool; 320 321 int error = dsl_dataset_hold_obj_flags(dp, head_ds, 322 DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 323 if (error != 0) 324 return (error); 325 326 uint64_t latest_txg; 327 uint64_t txg_to_consider = spa->spa_syncing_txg; 328 boolean_t check_snapshot = B_TRUE; 329 error = find_birth_txg(ds, zep, &latest_txg); 330 331 /* 332 * If find_birth_txg() errors out otherwise, let txg_to_consider be 333 * equal to the spa's syncing txg: if check_filesystem() errors out 334 * then affected snapshots or clones will not be checked. 335 */ 336 if (error == 0 && zep->zb_birth == latest_txg) { 337 /* Block neither free nor rewritten. */ 338 zbookmark_phys_t zb; 339 zep_to_zb(head_ds, zep, &zb); 340 error = copyout_entry(&zb, uaddr, count); 341 if (error != 0) { 342 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 343 return (error); 344 } 345 check_snapshot = B_FALSE; 346 } else if (error == 0) { 347 txg_to_consider = latest_txg; 348 } 349 350 /* 351 * Retrieve the number of snapshots if the dataset is not a snapshot. 352 */ 353 uint64_t snap_count = 0; 354 if (dsl_dataset_phys(ds)->ds_snapnames_zapobj != 0) { 355 356 error = zap_count(spa->spa_meta_objset, 357 dsl_dataset_phys(ds)->ds_snapnames_zapobj, &snap_count); 358 359 if (error != 0) { 360 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 361 return (error); 362 } 363 } 364 365 if (snap_count == 0) { 366 /* Filesystem without snapshots. */ 367 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 368 return (0); 369 } 370 371 uint64_t *snap_obj_array = kmem_zalloc(snap_count * sizeof (uint64_t), 372 KM_SLEEP); 373 374 int aff_snap_count = 0; 375 uint64_t snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; 376 uint64_t snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg; 377 uint64_t zap_clone = dsl_dir_phys(ds->ds_dir)->dd_clones; 378 379 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 380 381 /* Check only snapshots created from this file system. */ 382 while (snap_obj != 0 && zep->zb_birth < snap_obj_txg && 383 snap_obj_txg <= txg_to_consider) { 384 385 error = dsl_dataset_hold_obj_flags(dp, snap_obj, 386 DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 387 if (error != 0) 388 goto out; 389 390 if (dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj != head_ds) { 391 snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; 392 snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg; 393 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 394 continue; 395 } 396 397 boolean_t affected = B_TRUE; 398 if (check_snapshot) { 399 uint64_t blk_txg; 400 error = find_birth_txg(ds, zep, &blk_txg); 401 affected = (error == 0 && zep->zb_birth == blk_txg); 402 } 403 404 /* Report errors in snapshots. */ 405 if (affected) { 406 snap_obj_array[aff_snap_count] = snap_obj; 407 aff_snap_count++; 408 409 zbookmark_phys_t zb; 410 zep_to_zb(snap_obj, zep, &zb); 411 error = copyout_entry(&zb, uaddr, count); 412 if (error != 0) { 413 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, 414 FTAG); 415 goto out; 416 } 417 } 418 snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; 419 snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg; 420 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 421 } 422 423 if (zap_clone == 0 || aff_snap_count == 0) { 424 error = 0; 425 goto out; 426 } 427 428 /* Check clones. */ 429 zap_cursor_t *zc; 430 zap_attribute_t *za; 431 432 zc = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP); 433 za = zap_attribute_alloc(); 434 435 for (zap_cursor_init(zc, spa->spa_meta_objset, zap_clone); 436 zap_cursor_retrieve(zc, za) == 0; 437 zap_cursor_advance(zc)) { 438 439 dsl_dataset_t *clone; 440 error = dsl_dataset_hold_obj_flags(dp, za->za_first_integer, 441 DS_HOLD_FLAG_DECRYPT, FTAG, &clone); 442 443 if (error != 0) 444 break; 445 446 /* 447 * Only clones whose origins were affected could also 448 * have affected snapshots. 449 */ 450 boolean_t found = B_FALSE; 451 for (int i = 0; i < snap_count; i++) { 452 if (dsl_dir_phys(clone->ds_dir)->dd_origin_obj 453 == snap_obj_array[i]) 454 found = B_TRUE; 455 } 456 dsl_dataset_rele_flags(clone, DS_HOLD_FLAG_DECRYPT, FTAG); 457 458 if (!found) 459 continue; 460 461 clones_t *ct = kmem_zalloc(sizeof (*ct), KM_SLEEP); 462 ct->clone_ds = za->za_first_integer; 463 list_insert_tail(clones_list, ct); 464 } 465 466 zap_cursor_fini(zc); 467 zap_attribute_free(za); 468 kmem_free(zc, sizeof (*zc)); 469 470 out: 471 kmem_free(snap_obj_array, sizeof (*snap_obj_array)); 472 return (error); 473 } 474 475 static int 476 process_error_block(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep, 477 void *uaddr, uint64_t *count) 478 { 479 /* 480 * If zb_birth == 0 or head_ds == 0 it means we failed to retrieve the 481 * birth txg or the head filesystem of the block pointer. This may 482 * happen e.g. when an encrypted filesystem is not mounted or when 483 * the key is not loaded. In this case do not proceed to 484 * check_filesystem(), instead do the accounting here. 485 */ 486 if (zep->zb_birth == 0 || head_ds == 0) { 487 zbookmark_phys_t zb; 488 zep_to_zb(head_ds, zep, &zb); 489 int error = copyout_entry(&zb, uaddr, count); 490 if (error != 0) { 491 return (error); 492 } 493 return (0); 494 } 495 496 uint64_t top_affected_fs; 497 uint64_t init_count = *count; 498 int error = find_top_affected_fs(spa, head_ds, zep, &top_affected_fs); 499 if (error == 0) { 500 clones_t *ct; 501 list_t clones_list; 502 503 list_create(&clones_list, sizeof (clones_t), 504 offsetof(clones_t, node)); 505 506 error = check_filesystem(spa, top_affected_fs, zep, 507 uaddr, count, &clones_list); 508 509 while ((ct = list_remove_head(&clones_list)) != NULL) { 510 error = check_filesystem(spa, ct->clone_ds, zep, 511 uaddr, count, &clones_list); 512 kmem_free(ct, sizeof (*ct)); 513 514 if (error) { 515 while (!list_is_empty(&clones_list)) { 516 ct = list_remove_head(&clones_list); 517 kmem_free(ct, sizeof (*ct)); 518 } 519 break; 520 } 521 } 522 523 list_destroy(&clones_list); 524 } 525 if (error == 0 && init_count == *count) { 526 /* 527 * If we reach this point, no errors have been detected 528 * in the checked filesystems/snapshots. Before returning mark 529 * the error block to be removed from the error lists and logs. 530 */ 531 zbookmark_phys_t zb; 532 zep_to_zb(head_ds, zep, &zb); 533 spa_remove_error(spa, &zb, zep->zb_birth); 534 } 535 536 return (error); 537 } 538 #endif 539 540 /* Return the number of errors in the error log */ 541 uint64_t 542 spa_get_last_errlog_size(spa_t *spa) 543 { 544 uint64_t total = 0, count; 545 mutex_enter(&spa->spa_errlog_lock); 546 547 if (spa->spa_errlog_last != 0 && 548 zap_count(spa->spa_meta_objset, spa->spa_errlog_last, 549 &count) == 0) 550 total += count; 551 mutex_exit(&spa->spa_errlog_lock); 552 return (total); 553 } 554 555 /* 556 * If a healed bookmark matches an entry in the error log we stash it in a tree 557 * so that we can later remove the related log entries in sync context. 558 */ 559 static void 560 spa_add_healed_error(spa_t *spa, uint64_t obj, zbookmark_phys_t *healed_zb, 561 const uint64_t birth) 562 { 563 char name[NAME_MAX_LEN]; 564 565 if (obj == 0) 566 return; 567 568 boolean_t held_list = B_FALSE; 569 boolean_t held_log = B_FALSE; 570 571 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 572 bookmark_to_name(healed_zb, name, sizeof (name)); 573 574 if (zap_contains(spa->spa_meta_objset, healed_zb->zb_objset, 575 name) == 0) { 576 if (!MUTEX_HELD(&spa->spa_errlog_lock)) { 577 mutex_enter(&spa->spa_errlog_lock); 578 held_log = B_TRUE; 579 } 580 581 /* 582 * Found an error matching healed zb, add zb to our 583 * tree of healed errors 584 */ 585 avl_tree_t *tree = &spa->spa_errlist_healed; 586 spa_error_entry_t search; 587 spa_error_entry_t *new; 588 avl_index_t where; 589 search.se_bookmark = *healed_zb; 590 if (!MUTEX_HELD(&spa->spa_errlist_lock)) { 591 mutex_enter(&spa->spa_errlist_lock); 592 held_list = B_TRUE; 593 } 594 if (avl_find(tree, &search, &where) != NULL) { 595 if (held_list) 596 mutex_exit(&spa->spa_errlist_lock); 597 if (held_log) 598 mutex_exit(&spa->spa_errlog_lock); 599 return; 600 } 601 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP); 602 new->se_bookmark = *healed_zb; 603 avl_insert(tree, new, where); 604 if (held_list) 605 mutex_exit(&spa->spa_errlist_lock); 606 if (held_log) 607 mutex_exit(&spa->spa_errlog_lock); 608 } 609 return; 610 } 611 612 zbookmark_err_phys_t healed_zep; 613 healed_zep.zb_object = healed_zb->zb_object; 614 healed_zep.zb_level = healed_zb->zb_level; 615 healed_zep.zb_blkid = healed_zb->zb_blkid; 616 healed_zep.zb_birth = birth; 617 618 errphys_to_name(&healed_zep, name, sizeof (name)); 619 620 zap_cursor_t zc; 621 zap_attribute_t *za = zap_attribute_alloc(); 622 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa->spa_errlog_last); 623 zap_cursor_retrieve(&zc, za) == 0; zap_cursor_advance(&zc)) { 624 if (zap_contains(spa->spa_meta_objset, za->za_first_integer, 625 name) == 0) { 626 if (!MUTEX_HELD(&spa->spa_errlog_lock)) { 627 mutex_enter(&spa->spa_errlog_lock); 628 held_log = B_TRUE; 629 } 630 631 avl_tree_t *tree = &spa->spa_errlist_healed; 632 spa_error_entry_t search; 633 spa_error_entry_t *new; 634 avl_index_t where; 635 search.se_bookmark = *healed_zb; 636 637 if (!MUTEX_HELD(&spa->spa_errlist_lock)) { 638 mutex_enter(&spa->spa_errlist_lock); 639 held_list = B_TRUE; 640 } 641 642 if (avl_find(tree, &search, &where) != NULL) { 643 if (held_list) 644 mutex_exit(&spa->spa_errlist_lock); 645 if (held_log) 646 mutex_exit(&spa->spa_errlog_lock); 647 continue; 648 } 649 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP); 650 new->se_bookmark = *healed_zb; 651 new->se_zep = healed_zep; 652 avl_insert(tree, new, where); 653 654 if (held_list) 655 mutex_exit(&spa->spa_errlist_lock); 656 if (held_log) 657 mutex_exit(&spa->spa_errlog_lock); 658 } 659 } 660 zap_cursor_fini(&zc); 661 zap_attribute_free(za); 662 } 663 664 /* 665 * If this error exists in the given tree remove it. 666 */ 667 static void 668 remove_error_from_list(spa_t *spa, avl_tree_t *t, const zbookmark_phys_t *zb) 669 { 670 spa_error_entry_t search, *found; 671 avl_index_t where; 672 673 mutex_enter(&spa->spa_errlist_lock); 674 search.se_bookmark = *zb; 675 if ((found = avl_find(t, &search, &where)) != NULL) { 676 avl_remove(t, found); 677 kmem_free(found, sizeof (spa_error_entry_t)); 678 } 679 mutex_exit(&spa->spa_errlist_lock); 680 } 681 682 683 /* 684 * Removes all of the recv healed errors from both on-disk error logs 685 */ 686 static void 687 spa_remove_healed_errors(spa_t *spa, avl_tree_t *s, avl_tree_t *l, dmu_tx_t *tx) 688 { 689 char name[NAME_MAX_LEN]; 690 spa_error_entry_t *se; 691 void *cookie = NULL; 692 693 ASSERT(MUTEX_HELD(&spa->spa_errlog_lock)); 694 695 while ((se = avl_destroy_nodes(&spa->spa_errlist_healed, 696 &cookie)) != NULL) { 697 remove_error_from_list(spa, s, &se->se_bookmark); 698 remove_error_from_list(spa, l, &se->se_bookmark); 699 700 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 701 bookmark_to_name(&se->se_bookmark, name, sizeof (name)); 702 (void) zap_remove(spa->spa_meta_objset, 703 spa->spa_errlog_last, name, tx); 704 (void) zap_remove(spa->spa_meta_objset, 705 spa->spa_errlog_scrub, name, tx); 706 } else { 707 errphys_to_name(&se->se_zep, name, sizeof (name)); 708 zap_cursor_t zc; 709 zap_attribute_t *za = zap_attribute_alloc(); 710 for (zap_cursor_init(&zc, spa->spa_meta_objset, 711 spa->spa_errlog_last); 712 zap_cursor_retrieve(&zc, za) == 0; 713 zap_cursor_advance(&zc)) { 714 zap_remove(spa->spa_meta_objset, 715 za->za_first_integer, name, tx); 716 } 717 zap_cursor_fini(&zc); 718 719 for (zap_cursor_init(&zc, spa->spa_meta_objset, 720 spa->spa_errlog_scrub); 721 zap_cursor_retrieve(&zc, za) == 0; 722 zap_cursor_advance(&zc)) { 723 zap_remove(spa->spa_meta_objset, 724 za->za_first_integer, name, tx); 725 } 726 zap_cursor_fini(&zc); 727 zap_attribute_free(za); 728 } 729 kmem_free(se, sizeof (spa_error_entry_t)); 730 } 731 } 732 733 /* 734 * Stash away healed bookmarks to remove them from the on-disk error logs 735 * later in spa_remove_healed_errors(). 736 */ 737 void 738 spa_remove_error(spa_t *spa, zbookmark_phys_t *zb, uint64_t birth) 739 { 740 spa_add_healed_error(spa, spa->spa_errlog_last, zb, birth); 741 spa_add_healed_error(spa, spa->spa_errlog_scrub, zb, birth); 742 } 743 744 static uint64_t 745 approx_errlog_size_impl(spa_t *spa, uint64_t spa_err_obj) 746 { 747 if (spa_err_obj == 0) 748 return (0); 749 uint64_t total = 0; 750 751 zap_cursor_t zc; 752 zap_attribute_t *za = zap_attribute_alloc(); 753 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj); 754 zap_cursor_retrieve(&zc, za) == 0; zap_cursor_advance(&zc)) { 755 uint64_t count; 756 if (zap_count(spa->spa_meta_objset, za->za_first_integer, 757 &count) == 0) 758 total += count; 759 } 760 zap_cursor_fini(&zc); 761 zap_attribute_free(za); 762 return (total); 763 } 764 765 /* 766 * Return the approximate number of errors currently in the error log. This 767 * will be nonzero if there are some errors, but otherwise it may be more 768 * or less than the number of entries returned by spa_get_errlog(). 769 */ 770 uint64_t 771 spa_approx_errlog_size(spa_t *spa) 772 { 773 uint64_t total = 0; 774 775 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 776 mutex_enter(&spa->spa_errlog_lock); 777 uint64_t count; 778 if (spa->spa_errlog_scrub != 0 && 779 zap_count(spa->spa_meta_objset, spa->spa_errlog_scrub, 780 &count) == 0) 781 total += count; 782 783 if (spa->spa_errlog_last != 0 && !spa->spa_scrub_finished && 784 zap_count(spa->spa_meta_objset, spa->spa_errlog_last, 785 &count) == 0) 786 total += count; 787 mutex_exit(&spa->spa_errlog_lock); 788 789 } else { 790 mutex_enter(&spa->spa_errlog_lock); 791 total += approx_errlog_size_impl(spa, spa->spa_errlog_last); 792 total += approx_errlog_size_impl(spa, spa->spa_errlog_scrub); 793 mutex_exit(&spa->spa_errlog_lock); 794 } 795 mutex_enter(&spa->spa_errlist_lock); 796 total += avl_numnodes(&spa->spa_errlist_last); 797 total += avl_numnodes(&spa->spa_errlist_scrub); 798 mutex_exit(&spa->spa_errlist_lock); 799 return (total); 800 } 801 802 /* 803 * This function sweeps through an on-disk error log and stores all bookmarks 804 * as error bookmarks in a new ZAP object. At the end we discard the old one, 805 * and spa_update_errlog() will set the spa's on-disk error log to new ZAP 806 * object. 807 */ 808 static void 809 sync_upgrade_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t *newobj, 810 dmu_tx_t *tx) 811 { 812 zap_cursor_t zc; 813 zap_attribute_t *za; 814 zbookmark_phys_t zb; 815 uint64_t count; 816 817 *newobj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG, 818 DMU_OT_NONE, 0, tx); 819 820 /* 821 * If we cannnot perform the upgrade we should clear the old on-disk 822 * error logs. 823 */ 824 if (zap_count(spa->spa_meta_objset, spa_err_obj, &count) != 0) { 825 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx)); 826 return; 827 } 828 829 za = zap_attribute_alloc(); 830 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj); 831 zap_cursor_retrieve(&zc, za) == 0; 832 zap_cursor_advance(&zc)) { 833 if (spa_upgrade_errlog_limit != 0 && 834 zc.zc_cd == spa_upgrade_errlog_limit) 835 break; 836 837 name_to_bookmark(za->za_name, &zb); 838 839 zbookmark_err_phys_t zep; 840 zep.zb_object = zb.zb_object; 841 zep.zb_level = zb.zb_level; 842 zep.zb_blkid = zb.zb_blkid; 843 zep.zb_birth = 0; 844 845 /* 846 * In case of an error we should simply continue instead of 847 * returning prematurely. See the next comment. 848 */ 849 uint64_t head_ds; 850 dsl_pool_t *dp = spa->spa_dsl_pool; 851 dsl_dataset_t *ds; 852 objset_t *os; 853 854 int error = dsl_dataset_hold_obj_flags(dp, zb.zb_objset, 855 DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 856 if (error != 0) 857 continue; 858 859 head_ds = dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj; 860 861 /* 862 * The objset and the dnode are required for getting the block 863 * pointer, which is used to determine if BP_IS_HOLE(). If 864 * getting the objset or the dnode fails, do not create a 865 * zap entry (presuming we know the dataset) as this may create 866 * spurious errors that we cannot ever resolve. If an error is 867 * truly persistent, it should re-appear after a scan. 868 */ 869 if (dmu_objset_from_ds(ds, &os) != 0) { 870 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 871 continue; 872 } 873 874 dnode_t *dn; 875 blkptr_t bp; 876 877 if (dnode_hold(os, zep.zb_object, FTAG, &dn) != 0) { 878 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 879 continue; 880 } 881 882 rw_enter(&dn->dn_struct_rwlock, RW_READER); 883 error = dbuf_dnode_findbp(dn, zep.zb_level, zep.zb_blkid, &bp, 884 NULL, NULL); 885 if (error == EACCES) 886 error = 0; 887 else if (!error) 888 zep.zb_birth = BP_GET_LOGICAL_BIRTH(&bp); 889 890 rw_exit(&dn->dn_struct_rwlock); 891 dnode_rele(dn, FTAG); 892 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 893 894 if (error != 0 || BP_IS_HOLE(&bp)) 895 continue; 896 897 uint64_t err_obj; 898 error = zap_lookup_int_key(spa->spa_meta_objset, *newobj, 899 head_ds, &err_obj); 900 901 if (error == ENOENT) { 902 err_obj = zap_create(spa->spa_meta_objset, 903 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx); 904 905 (void) zap_update_int_key(spa->spa_meta_objset, 906 *newobj, head_ds, err_obj, tx); 907 } 908 909 char buf[64]; 910 errphys_to_name(&zep, buf, sizeof (buf)); 911 912 const char *name = ""; 913 (void) zap_update(spa->spa_meta_objset, err_obj, 914 buf, 1, strlen(name) + 1, name, tx); 915 } 916 zap_cursor_fini(&zc); 917 zap_attribute_free(za); 918 919 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx)); 920 } 921 922 void 923 spa_upgrade_errlog(spa_t *spa, dmu_tx_t *tx) 924 { 925 uint64_t newobj = 0; 926 927 mutex_enter(&spa->spa_errlog_lock); 928 if (spa->spa_errlog_last != 0) { 929 sync_upgrade_errlog(spa, spa->spa_errlog_last, &newobj, tx); 930 spa->spa_errlog_last = newobj; 931 932 (void) zap_update(spa->spa_meta_objset, 933 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ERRLOG_LAST, 934 sizeof (uint64_t), 1, &spa->spa_errlog_last, tx); 935 } 936 937 if (spa->spa_errlog_scrub != 0) { 938 sync_upgrade_errlog(spa, spa->spa_errlog_scrub, &newobj, tx); 939 spa->spa_errlog_scrub = newobj; 940 941 (void) zap_update(spa->spa_meta_objset, 942 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ERRLOG_SCRUB, 943 sizeof (uint64_t), 1, &spa->spa_errlog_scrub, tx); 944 } 945 946 mutex_exit(&spa->spa_errlog_lock); 947 } 948 949 #ifdef _KERNEL 950 /* 951 * If an error block is shared by two datasets it will be counted twice. 952 */ 953 static int 954 process_error_log(spa_t *spa, uint64_t obj, void *uaddr, uint64_t *count) 955 { 956 if (obj == 0) 957 return (0); 958 959 zap_cursor_t *zc; 960 zap_attribute_t *za; 961 962 zc = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP); 963 za = zap_attribute_alloc(); 964 965 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 966 for (zap_cursor_init(zc, spa->spa_meta_objset, obj); 967 zap_cursor_retrieve(zc, za) == 0; 968 zap_cursor_advance(zc)) { 969 if (*count == 0) { 970 zap_cursor_fini(zc); 971 kmem_free(zc, sizeof (*zc)); 972 zap_attribute_free(za); 973 return (SET_ERROR(ENOMEM)); 974 } 975 976 zbookmark_phys_t zb; 977 name_to_bookmark(za->za_name, &zb); 978 979 int error = copyout_entry(&zb, uaddr, count); 980 if (error != 0) { 981 zap_cursor_fini(zc); 982 kmem_free(zc, sizeof (*zc)); 983 zap_attribute_free(za); 984 return (error); 985 } 986 } 987 zap_cursor_fini(zc); 988 kmem_free(zc, sizeof (*zc)); 989 zap_attribute_free(za); 990 return (0); 991 } 992 993 for (zap_cursor_init(zc, spa->spa_meta_objset, obj); 994 zap_cursor_retrieve(zc, za) == 0; 995 zap_cursor_advance(zc)) { 996 997 zap_cursor_t *head_ds_cursor; 998 zap_attribute_t *head_ds_attr; 999 1000 head_ds_cursor = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP); 1001 head_ds_attr = zap_attribute_alloc(); 1002 1003 uint64_t head_ds_err_obj = za->za_first_integer; 1004 uint64_t head_ds; 1005 name_to_object(za->za_name, &head_ds); 1006 for (zap_cursor_init(head_ds_cursor, spa->spa_meta_objset, 1007 head_ds_err_obj); zap_cursor_retrieve(head_ds_cursor, 1008 head_ds_attr) == 0; zap_cursor_advance(head_ds_cursor)) { 1009 1010 zbookmark_err_phys_t head_ds_block; 1011 name_to_errphys(head_ds_attr->za_name, &head_ds_block); 1012 int error = process_error_block(spa, head_ds, 1013 &head_ds_block, uaddr, count); 1014 1015 if (error != 0) { 1016 zap_cursor_fini(head_ds_cursor); 1017 kmem_free(head_ds_cursor, 1018 sizeof (*head_ds_cursor)); 1019 zap_attribute_free(head_ds_attr); 1020 1021 zap_cursor_fini(zc); 1022 zap_attribute_free(za); 1023 kmem_free(zc, sizeof (*zc)); 1024 return (error); 1025 } 1026 } 1027 zap_cursor_fini(head_ds_cursor); 1028 kmem_free(head_ds_cursor, sizeof (*head_ds_cursor)); 1029 zap_attribute_free(head_ds_attr); 1030 } 1031 zap_cursor_fini(zc); 1032 zap_attribute_free(za); 1033 kmem_free(zc, sizeof (*zc)); 1034 return (0); 1035 } 1036 1037 static int 1038 process_error_list(spa_t *spa, avl_tree_t *list, void *uaddr, uint64_t *count) 1039 { 1040 spa_error_entry_t *se; 1041 1042 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 1043 for (se = avl_first(list); se != NULL; 1044 se = AVL_NEXT(list, se)) { 1045 int error = 1046 copyout_entry(&se->se_bookmark, uaddr, count); 1047 if (error != 0) { 1048 return (error); 1049 } 1050 } 1051 return (0); 1052 } 1053 1054 for (se = avl_first(list); se != NULL; se = AVL_NEXT(list, se)) { 1055 uint64_t head_ds = 0; 1056 int error = get_head_ds(spa, se->se_bookmark.zb_objset, 1057 &head_ds); 1058 1059 /* 1060 * If get_head_ds() errors out, set the head filesystem 1061 * to the filesystem stored in the bookmark of the 1062 * error block. 1063 */ 1064 if (error != 0) 1065 head_ds = se->se_bookmark.zb_objset; 1066 1067 error = process_error_block(spa, head_ds, 1068 &se->se_zep, uaddr, count); 1069 if (error != 0) 1070 return (error); 1071 } 1072 return (0); 1073 } 1074 #endif 1075 1076 /* 1077 * Copy all known errors to userland as an array of bookmarks. This is 1078 * actually a union of the on-disk last log and current log, as well as any 1079 * pending error requests. 1080 * 1081 * Because the act of reading the on-disk log could cause errors to be 1082 * generated, we have two separate locks: one for the error log and one for the 1083 * in-core error lists. We only need the error list lock to log and error, so 1084 * we grab the error log lock while we read the on-disk logs, and only pick up 1085 * the error list lock when we are finished. 1086 */ 1087 int 1088 spa_get_errlog(spa_t *spa, void *uaddr, uint64_t *count) 1089 { 1090 int ret = 0; 1091 1092 #ifdef _KERNEL 1093 /* 1094 * The pool config lock is needed to hold a dataset_t via (among other 1095 * places) process_error_list() -> process_error_block()-> 1096 * find_top_affected_fs(), and lock ordering requires that we get it 1097 * before the spa_errlog_lock. 1098 */ 1099 dsl_pool_config_enter(spa->spa_dsl_pool, FTAG); 1100 mutex_enter(&spa->spa_errlog_lock); 1101 1102 ret = process_error_log(spa, spa->spa_errlog_scrub, uaddr, count); 1103 1104 if (!ret && !spa->spa_scrub_finished) 1105 ret = process_error_log(spa, spa->spa_errlog_last, uaddr, 1106 count); 1107 1108 mutex_enter(&spa->spa_errlist_lock); 1109 if (!ret) 1110 ret = process_error_list(spa, &spa->spa_errlist_scrub, uaddr, 1111 count); 1112 if (!ret) 1113 ret = process_error_list(spa, &spa->spa_errlist_last, uaddr, 1114 count); 1115 mutex_exit(&spa->spa_errlist_lock); 1116 1117 mutex_exit(&spa->spa_errlog_lock); 1118 dsl_pool_config_exit(spa->spa_dsl_pool, FTAG); 1119 #else 1120 (void) spa, (void) uaddr, (void) count; 1121 #endif 1122 1123 return (ret); 1124 } 1125 1126 /* 1127 * Called when a scrub completes. This simply set a bit which tells which AVL 1128 * tree to add new errors. spa_errlog_sync() is responsible for actually 1129 * syncing the changes to the underlying objects. 1130 */ 1131 void 1132 spa_errlog_rotate(spa_t *spa) 1133 { 1134 mutex_enter(&spa->spa_errlist_lock); 1135 spa->spa_scrub_finished = B_TRUE; 1136 mutex_exit(&spa->spa_errlist_lock); 1137 } 1138 1139 /* 1140 * Discard any pending errors from the spa_t. Called when unloading a faulted 1141 * pool, as the errors encountered during the open cannot be synced to disk. 1142 */ 1143 void 1144 spa_errlog_drain(spa_t *spa) 1145 { 1146 spa_error_entry_t *se; 1147 void *cookie; 1148 1149 mutex_enter(&spa->spa_errlist_lock); 1150 1151 cookie = NULL; 1152 while ((se = avl_destroy_nodes(&spa->spa_errlist_last, 1153 &cookie)) != NULL) 1154 kmem_free(se, sizeof (spa_error_entry_t)); 1155 cookie = NULL; 1156 while ((se = avl_destroy_nodes(&spa->spa_errlist_scrub, 1157 &cookie)) != NULL) 1158 kmem_free(se, sizeof (spa_error_entry_t)); 1159 1160 mutex_exit(&spa->spa_errlist_lock); 1161 } 1162 1163 /* 1164 * Process a list of errors into the current on-disk log. 1165 */ 1166 void 1167 sync_error_list(spa_t *spa, avl_tree_t *t, uint64_t *obj, dmu_tx_t *tx) 1168 { 1169 spa_error_entry_t *se; 1170 char buf[NAME_MAX_LEN]; 1171 void *cookie; 1172 1173 if (avl_numnodes(t) == 0) 1174 return; 1175 1176 /* create log if necessary */ 1177 if (*obj == 0) 1178 *obj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG, 1179 DMU_OT_NONE, 0, tx); 1180 1181 /* add errors to the current log */ 1182 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 1183 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) { 1184 bookmark_to_name(&se->se_bookmark, buf, sizeof (buf)); 1185 1186 const char *name = se->se_name ? se->se_name : ""; 1187 (void) zap_update(spa->spa_meta_objset, *obj, buf, 1, 1188 strlen(name) + 1, name, tx); 1189 } 1190 } else { 1191 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) { 1192 zbookmark_err_phys_t zep; 1193 zep.zb_object = se->se_zep.zb_object; 1194 zep.zb_level = se->se_zep.zb_level; 1195 zep.zb_blkid = se->se_zep.zb_blkid; 1196 zep.zb_birth = se->se_zep.zb_birth; 1197 1198 uint64_t head_ds = 0; 1199 int error = get_head_ds(spa, se->se_bookmark.zb_objset, 1200 &head_ds); 1201 1202 /* 1203 * If get_head_ds() errors out, set the head filesystem 1204 * to the filesystem stored in the bookmark of the 1205 * error block. 1206 */ 1207 if (error != 0) 1208 head_ds = se->se_bookmark.zb_objset; 1209 1210 uint64_t err_obj; 1211 error = zap_lookup_int_key(spa->spa_meta_objset, 1212 *obj, head_ds, &err_obj); 1213 1214 if (error == ENOENT) { 1215 err_obj = zap_create(spa->spa_meta_objset, 1216 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx); 1217 1218 (void) zap_update_int_key(spa->spa_meta_objset, 1219 *obj, head_ds, err_obj, tx); 1220 } 1221 errphys_to_name(&zep, buf, sizeof (buf)); 1222 1223 const char *name = se->se_name ? se->se_name : ""; 1224 (void) zap_update(spa->spa_meta_objset, 1225 err_obj, buf, 1, strlen(name) + 1, name, tx); 1226 } 1227 } 1228 /* purge the error list */ 1229 cookie = NULL; 1230 while ((se = avl_destroy_nodes(t, &cookie)) != NULL) 1231 kmem_free(se, sizeof (spa_error_entry_t)); 1232 } 1233 1234 static void 1235 delete_errlog(spa_t *spa, uint64_t spa_err_obj, dmu_tx_t *tx) 1236 { 1237 if (spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) { 1238 zap_cursor_t zc; 1239 zap_attribute_t *za = zap_attribute_alloc(); 1240 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj); 1241 zap_cursor_retrieve(&zc, za) == 0; 1242 zap_cursor_advance(&zc)) { 1243 VERIFY0(dmu_object_free(spa->spa_meta_objset, 1244 za->za_first_integer, tx)); 1245 } 1246 zap_cursor_fini(&zc); 1247 zap_attribute_free(za); 1248 } 1249 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx)); 1250 } 1251 1252 /* 1253 * Sync the error log out to disk. This is a little tricky because the act of 1254 * writing the error log requires the spa_errlist_lock. So, we need to lock the 1255 * error lists, take a copy of the lists, and then reinitialize them. Then, we 1256 * drop the error list lock and take the error log lock, at which point we 1257 * do the errlog processing. Then, if we encounter an I/O error during this 1258 * process, we can successfully add the error to the list. Note that this will 1259 * result in the perpetual recycling of errors, but it is an unlikely situation 1260 * and not a performance critical operation. 1261 */ 1262 void 1263 spa_errlog_sync(spa_t *spa, uint64_t txg) 1264 { 1265 dmu_tx_t *tx; 1266 avl_tree_t scrub, last; 1267 int scrub_finished; 1268 1269 mutex_enter(&spa->spa_errlist_lock); 1270 1271 /* 1272 * Bail out early under normal circumstances. 1273 */ 1274 if (avl_numnodes(&spa->spa_errlist_scrub) == 0 && 1275 avl_numnodes(&spa->spa_errlist_last) == 0 && 1276 avl_numnodes(&spa->spa_errlist_healed) == 0 && 1277 !spa->spa_scrub_finished) { 1278 mutex_exit(&spa->spa_errlist_lock); 1279 return; 1280 } 1281 1282 spa_get_errlists(spa, &last, &scrub); 1283 scrub_finished = spa->spa_scrub_finished; 1284 spa->spa_scrub_finished = B_FALSE; 1285 1286 mutex_exit(&spa->spa_errlist_lock); 1287 1288 /* 1289 * The pool config lock is needed to hold a dataset_t via 1290 * sync_error_list() -> get_head_ds(), and lock ordering 1291 * requires that we get it before the spa_errlog_lock. 1292 */ 1293 dsl_pool_config_enter(spa->spa_dsl_pool, FTAG); 1294 mutex_enter(&spa->spa_errlog_lock); 1295 1296 tx = dmu_tx_create_assigned(spa->spa_dsl_pool, txg); 1297 1298 /* 1299 * Remove healed errors from errors. 1300 */ 1301 spa_remove_healed_errors(spa, &last, &scrub, tx); 1302 1303 /* 1304 * Sync out the current list of errors. 1305 */ 1306 sync_error_list(spa, &last, &spa->spa_errlog_last, tx); 1307 1308 /* 1309 * Rotate the log if necessary. 1310 */ 1311 if (scrub_finished) { 1312 if (spa->spa_errlog_last != 0) 1313 delete_errlog(spa, spa->spa_errlog_last, tx); 1314 spa->spa_errlog_last = spa->spa_errlog_scrub; 1315 spa->spa_errlog_scrub = 0; 1316 1317 sync_error_list(spa, &scrub, &spa->spa_errlog_last, tx); 1318 } 1319 1320 /* 1321 * Sync out any pending scrub errors. 1322 */ 1323 sync_error_list(spa, &scrub, &spa->spa_errlog_scrub, tx); 1324 1325 /* 1326 * Update the MOS to reflect the new values. 1327 */ 1328 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT, 1329 DMU_POOL_ERRLOG_LAST, sizeof (uint64_t), 1, 1330 &spa->spa_errlog_last, tx); 1331 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT, 1332 DMU_POOL_ERRLOG_SCRUB, sizeof (uint64_t), 1, 1333 &spa->spa_errlog_scrub, tx); 1334 1335 dmu_tx_commit(tx); 1336 1337 mutex_exit(&spa->spa_errlog_lock); 1338 dsl_pool_config_exit(spa->spa_dsl_pool, FTAG); 1339 } 1340 1341 static void 1342 delete_dataset_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t ds, 1343 dmu_tx_t *tx) 1344 { 1345 if (spa_err_obj == 0) 1346 return; 1347 1348 zap_cursor_t zc; 1349 zap_attribute_t *za = zap_attribute_alloc(); 1350 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj); 1351 zap_cursor_retrieve(&zc, za) == 0; zap_cursor_advance(&zc)) { 1352 uint64_t head_ds; 1353 name_to_object(za->za_name, &head_ds); 1354 if (head_ds == ds) { 1355 (void) zap_remove(spa->spa_meta_objset, spa_err_obj, 1356 za->za_name, tx); 1357 VERIFY0(dmu_object_free(spa->spa_meta_objset, 1358 za->za_first_integer, tx)); 1359 break; 1360 } 1361 } 1362 zap_cursor_fini(&zc); 1363 zap_attribute_free(za); 1364 } 1365 1366 void 1367 spa_delete_dataset_errlog(spa_t *spa, uint64_t ds, dmu_tx_t *tx) 1368 { 1369 mutex_enter(&spa->spa_errlog_lock); 1370 delete_dataset_errlog(spa, spa->spa_errlog_scrub, ds, tx); 1371 delete_dataset_errlog(spa, spa->spa_errlog_last, ds, tx); 1372 mutex_exit(&spa->spa_errlog_lock); 1373 } 1374 1375 static int 1376 find_txg_ancestor_snapshot(spa_t *spa, uint64_t new_head, uint64_t old_head, 1377 uint64_t *txg) 1378 { 1379 dsl_dataset_t *ds; 1380 dsl_pool_t *dp = spa->spa_dsl_pool; 1381 1382 int error = dsl_dataset_hold_obj_flags(dp, old_head, 1383 DS_HOLD_FLAG_DECRYPT, FTAG, &ds); 1384 if (error != 0) 1385 return (error); 1386 1387 uint64_t prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; 1388 uint64_t prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg; 1389 1390 while (prev_obj != 0) { 1391 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 1392 if ((error = dsl_dataset_hold_obj_flags(dp, prev_obj, 1393 DS_HOLD_FLAG_DECRYPT, FTAG, &ds)) == 0 && 1394 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj == new_head) 1395 break; 1396 1397 if (error != 0) 1398 return (error); 1399 1400 prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg; 1401 prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj; 1402 } 1403 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG); 1404 ASSERT(prev_obj != 0); 1405 *txg = prev_obj_txg; 1406 return (0); 1407 } 1408 1409 static void 1410 swap_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t new_head, uint64_t 1411 old_head, dmu_tx_t *tx) 1412 { 1413 if (spa_err_obj == 0) 1414 return; 1415 1416 uint64_t old_head_errlog; 1417 int error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj, 1418 old_head, &old_head_errlog); 1419 1420 /* If no error log, then there is nothing to do. */ 1421 if (error != 0) 1422 return; 1423 1424 uint64_t txg; 1425 error = find_txg_ancestor_snapshot(spa, new_head, old_head, &txg); 1426 if (error != 0) 1427 return; 1428 1429 /* 1430 * Create an error log if the file system being promoted does not 1431 * already have one. 1432 */ 1433 uint64_t new_head_errlog; 1434 error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj, new_head, 1435 &new_head_errlog); 1436 1437 if (error != 0) { 1438 new_head_errlog = zap_create(spa->spa_meta_objset, 1439 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx); 1440 1441 (void) zap_update_int_key(spa->spa_meta_objset, spa_err_obj, 1442 new_head, new_head_errlog, tx); 1443 } 1444 1445 zap_cursor_t zc; 1446 zap_attribute_t *za = zap_attribute_alloc(); 1447 zbookmark_err_phys_t err_block; 1448 for (zap_cursor_init(&zc, spa->spa_meta_objset, old_head_errlog); 1449 zap_cursor_retrieve(&zc, za) == 0; zap_cursor_advance(&zc)) { 1450 1451 const char *name = ""; 1452 name_to_errphys(za->za_name, &err_block); 1453 if (err_block.zb_birth < txg) { 1454 (void) zap_update(spa->spa_meta_objset, new_head_errlog, 1455 za->za_name, 1, strlen(name) + 1, name, tx); 1456 1457 (void) zap_remove(spa->spa_meta_objset, old_head_errlog, 1458 za->za_name, tx); 1459 } 1460 } 1461 zap_cursor_fini(&zc); 1462 zap_attribute_free(za); 1463 } 1464 1465 void 1466 spa_swap_errlog(spa_t *spa, uint64_t new_head_ds, uint64_t old_head_ds, 1467 dmu_tx_t *tx) 1468 { 1469 mutex_enter(&spa->spa_errlog_lock); 1470 swap_errlog(spa, spa->spa_errlog_scrub, new_head_ds, old_head_ds, tx); 1471 swap_errlog(spa, spa->spa_errlog_last, new_head_ds, old_head_ds, tx); 1472 mutex_exit(&spa->spa_errlog_lock); 1473 } 1474 1475 #if defined(_KERNEL) 1476 /* error handling */ 1477 EXPORT_SYMBOL(spa_log_error); 1478 EXPORT_SYMBOL(spa_approx_errlog_size); 1479 EXPORT_SYMBOL(spa_get_last_errlog_size); 1480 EXPORT_SYMBOL(spa_get_errlog); 1481 EXPORT_SYMBOL(spa_errlog_rotate); 1482 EXPORT_SYMBOL(spa_errlog_drain); 1483 EXPORT_SYMBOL(spa_errlog_sync); 1484 EXPORT_SYMBOL(spa_get_errlists); 1485 EXPORT_SYMBOL(spa_delete_dataset_errlog); 1486 EXPORT_SYMBOL(spa_swap_errlog); 1487 EXPORT_SYMBOL(sync_error_list); 1488 EXPORT_SYMBOL(spa_upgrade_errlog); 1489 EXPORT_SYMBOL(find_top_affected_fs); 1490 EXPORT_SYMBOL(find_birth_txg); 1491 EXPORT_SYMBOL(zep_to_zb); 1492 EXPORT_SYMBOL(name_to_errphys); 1493 #endif 1494 1495 ZFS_MODULE_PARAM(zfs_spa, spa_, upgrade_errlog_limit, UINT, ZMOD_RW, 1496 "Limit the number of errors which will be upgraded to the new " 1497 "on-disk error log when enabling head_errlog"); 1498