1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013, 2014, Delphix. All rights reserved.
24 * Copyright (c) 2019 Datto Inc.
25 * Copyright (c) 2021, 2022, George Amanakis. All rights reserved.
26 */
27
28 /*
29 * Routines to manage the on-disk persistent error log.
30 *
31 * Each pool stores a log of all logical data errors seen during normal
32 * operation. This is actually the union of two distinct logs: the last log,
33 * and the current log. All errors seen are logged to the current log. When a
34 * scrub completes, the current log becomes the last log, the last log is thrown
35 * out, and the current log is reinitialized. This way, if an error is somehow
36 * corrected, a new scrub will show that it no longer exists, and will be
37 * deleted from the log when the scrub completes.
38 *
39 * The log is stored using a ZAP object whose key is a string form of the
40 * zbookmark_phys tuple (objset, object, level, blkid), and whose contents is an
41 * optional 'objset:object' human-readable string describing the data. When an
42 * error is first logged, this string will be empty, indicating that no name is
43 * known. This prevents us from having to issue a potentially large amount of
44 * I/O to discover the object name during an error path. Instead, we do the
45 * calculation when the data is requested, storing the result so future queries
46 * will be faster.
47 *
48 * If the head_errlog feature is enabled, a different on-disk format is used.
49 * The error log of each head dataset is stored separately in the zap object
50 * and keyed by the head id. This enables listing every dataset affected in
51 * userland. In order to be able to track whether an error block has been
52 * modified or added to snapshots since it was marked as an error, a new tuple
53 * is introduced: zbookmark_err_phys_t. It allows the storage of the birth
54 * transaction group of an error block on-disk. The birth transaction group is
55 * used by check_filesystem() to assess whether this block was freed,
56 * re-written or added to a snapshot since its marking as an error.
57 *
58 * This log is then shipped into an nvlist where the key is the dataset name and
59 * the value is the object name. Userland is then responsible for uniquifying
60 * this list and displaying it to the user.
61 */
62
63 #include <sys/dmu_tx.h>
64 #include <sys/spa.h>
65 #include <sys/spa_impl.h>
66 #include <sys/zap.h>
67 #include <sys/zio.h>
68 #include <sys/dsl_dir.h>
69 #include <sys/dmu_objset.h>
70 #include <sys/dbuf.h>
71 #include <sys/zfs_znode.h>
72
73 #define NAME_MAX_LEN 64
74
75 typedef struct clones {
76 uint64_t clone_ds;
77 list_node_t node;
78 } clones_t;
79
80 /*
81 * spa_upgrade_errlog_limit : A zfs module parameter that controls the number
82 * of on-disk error log entries that will be converted to the new
83 * format when enabling head_errlog. Defaults to 0 which converts
84 * all log entries.
85 */
86 static uint_t spa_upgrade_errlog_limit = 0;
87
88 /*
89 * Convert a bookmark to a string.
90 */
91 static void
bookmark_to_name(zbookmark_phys_t * zb,char * buf,size_t len)92 bookmark_to_name(zbookmark_phys_t *zb, char *buf, size_t len)
93 {
94 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx",
95 (u_longlong_t)zb->zb_objset, (u_longlong_t)zb->zb_object,
96 (u_longlong_t)zb->zb_level, (u_longlong_t)zb->zb_blkid);
97 }
98
99 /*
100 * Convert an err_phys to a string.
101 */
102 static void
errphys_to_name(zbookmark_err_phys_t * zep,char * buf,size_t len)103 errphys_to_name(zbookmark_err_phys_t *zep, char *buf, size_t len)
104 {
105 (void) snprintf(buf, len, "%llx:%llx:%llx:%llx",
106 (u_longlong_t)zep->zb_object, (u_longlong_t)zep->zb_level,
107 (u_longlong_t)zep->zb_blkid, (u_longlong_t)zep->zb_birth);
108 }
109
110 /*
111 * Convert a string to a err_phys.
112 */
113 void
name_to_errphys(char * buf,zbookmark_err_phys_t * zep)114 name_to_errphys(char *buf, zbookmark_err_phys_t *zep)
115 {
116 zep->zb_object = zfs_strtonum(buf, &buf);
117 ASSERT(*buf == ':');
118 zep->zb_level = (int)zfs_strtonum(buf + 1, &buf);
119 ASSERT(*buf == ':');
120 zep->zb_blkid = zfs_strtonum(buf + 1, &buf);
121 ASSERT(*buf == ':');
122 zep->zb_birth = zfs_strtonum(buf + 1, &buf);
123 ASSERT(*buf == '\0');
124 }
125
126 /*
127 * Convert a string to a bookmark.
128 */
129 static void
name_to_bookmark(char * buf,zbookmark_phys_t * zb)130 name_to_bookmark(char *buf, zbookmark_phys_t *zb)
131 {
132 zb->zb_objset = zfs_strtonum(buf, &buf);
133 ASSERT(*buf == ':');
134 zb->zb_object = zfs_strtonum(buf + 1, &buf);
135 ASSERT(*buf == ':');
136 zb->zb_level = (int)zfs_strtonum(buf + 1, &buf);
137 ASSERT(*buf == ':');
138 zb->zb_blkid = zfs_strtonum(buf + 1, &buf);
139 ASSERT(*buf == '\0');
140 }
141
142 void
zep_to_zb(uint64_t dataset,zbookmark_err_phys_t * zep,zbookmark_phys_t * zb)143 zep_to_zb(uint64_t dataset, zbookmark_err_phys_t *zep, zbookmark_phys_t *zb)
144 {
145 zb->zb_objset = dataset;
146 zb->zb_object = zep->zb_object;
147 zb->zb_level = zep->zb_level;
148 zb->zb_blkid = zep->zb_blkid;
149 }
150
151 static void
name_to_object(char * buf,uint64_t * obj)152 name_to_object(char *buf, uint64_t *obj)
153 {
154 *obj = zfs_strtonum(buf, &buf);
155 ASSERT(*buf == '\0');
156 }
157
158 /*
159 * Retrieve the head filesystem.
160 */
get_head_ds(spa_t * spa,uint64_t dsobj,uint64_t * head_ds)161 static int get_head_ds(spa_t *spa, uint64_t dsobj, uint64_t *head_ds)
162 {
163 dsl_dataset_t *ds;
164 int error = dsl_dataset_hold_obj_flags(spa->spa_dsl_pool,
165 dsobj, DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
166
167 if (error != 0)
168 return (error);
169
170 ASSERT(head_ds);
171 *head_ds = dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
172 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
173
174 return (error);
175 }
176
177 /*
178 * Log an uncorrectable error to the persistent error log. We add it to the
179 * spa's list of pending errors. The changes are actually synced out to disk
180 * during spa_errlog_sync().
181 */
182 void
spa_log_error(spa_t * spa,const zbookmark_phys_t * zb,const uint64_t birth)183 spa_log_error(spa_t *spa, const zbookmark_phys_t *zb, const uint64_t birth)
184 {
185 spa_error_entry_t search;
186 spa_error_entry_t *new;
187 avl_tree_t *tree;
188 avl_index_t where;
189
190 /*
191 * If we are trying to import a pool, ignore any errors, as we won't be
192 * writing to the pool any time soon.
193 */
194 if (spa_load_state(spa) == SPA_LOAD_TRYIMPORT)
195 return;
196
197 mutex_enter(&spa->spa_errlist_lock);
198
199 /*
200 * If we have had a request to rotate the log, log it to the next list
201 * instead of the current one.
202 */
203 if (spa->spa_scrub_active || spa->spa_scrub_finished)
204 tree = &spa->spa_errlist_scrub;
205 else
206 tree = &spa->spa_errlist_last;
207
208 search.se_bookmark = *zb;
209 if (avl_find(tree, &search, &where) != NULL) {
210 mutex_exit(&spa->spa_errlist_lock);
211 return;
212 }
213
214 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP);
215 new->se_bookmark = *zb;
216
217 /*
218 * If the head_errlog feature is enabled, store the birth txg now. In
219 * case the file is deleted before spa_errlog_sync() runs, we will not
220 * be able to retrieve the birth txg.
221 */
222 if (spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
223 new->se_zep.zb_object = zb->zb_object;
224 new->se_zep.zb_level = zb->zb_level;
225 new->se_zep.zb_blkid = zb->zb_blkid;
226 new->se_zep.zb_birth = birth;
227 }
228
229 avl_insert(tree, new, where);
230 mutex_exit(&spa->spa_errlist_lock);
231 }
232
233 int
find_birth_txg(dsl_dataset_t * ds,zbookmark_err_phys_t * zep,uint64_t * birth_txg)234 find_birth_txg(dsl_dataset_t *ds, zbookmark_err_phys_t *zep,
235 uint64_t *birth_txg)
236 {
237 objset_t *os;
238 int error = dmu_objset_from_ds(ds, &os);
239 if (error != 0)
240 return (error);
241
242 dnode_t *dn;
243 blkptr_t bp;
244
245 error = dnode_hold(os, zep->zb_object, FTAG, &dn);
246 if (error != 0)
247 return (error);
248
249 rw_enter(&dn->dn_struct_rwlock, RW_READER);
250 error = dbuf_dnode_findbp(dn, zep->zb_level, zep->zb_blkid, &bp, NULL,
251 NULL);
252 if (error == 0 && BP_IS_HOLE(&bp))
253 error = SET_ERROR(ENOENT);
254
255 *birth_txg = BP_GET_LOGICAL_BIRTH(&bp);
256 rw_exit(&dn->dn_struct_rwlock);
257 dnode_rele(dn, FTAG);
258 return (error);
259 }
260
261 /*
262 * This function finds the oldest affected filesystem containing an error
263 * block.
264 */
265 int
find_top_affected_fs(spa_t * spa,uint64_t head_ds,zbookmark_err_phys_t * zep,uint64_t * top_affected_fs)266 find_top_affected_fs(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
267 uint64_t *top_affected_fs)
268 {
269 uint64_t oldest_dsobj;
270 int error = dsl_dataset_oldest_snapshot(spa, head_ds, zep->zb_birth,
271 &oldest_dsobj);
272 if (error != 0)
273 return (error);
274
275 dsl_dataset_t *ds;
276 error = dsl_dataset_hold_obj_flags(spa->spa_dsl_pool, oldest_dsobj,
277 DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
278 if (error != 0)
279 return (error);
280
281 *top_affected_fs =
282 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
283 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
284 return (0);
285 }
286
287
288 #ifdef _KERNEL
289 /*
290 * Copy the bookmark to the end of the user-space buffer which starts at
291 * uaddr and has *count unused entries, and decrement *count by 1.
292 */
293 static int
copyout_entry(const zbookmark_phys_t * zb,void * uaddr,uint64_t * count)294 copyout_entry(const zbookmark_phys_t *zb, void *uaddr, uint64_t *count)
295 {
296 if (*count == 0)
297 return (SET_ERROR(ENOMEM));
298
299 *count -= 1;
300 if (copyout(zb, (char *)uaddr + (*count) * sizeof (zbookmark_phys_t),
301 sizeof (zbookmark_phys_t)) != 0)
302 return (SET_ERROR(EFAULT));
303 return (0);
304 }
305
306 /*
307 * Each time the error block is referenced by a snapshot or clone, add a
308 * zbookmark_phys_t entry to the userspace array at uaddr. The array is
309 * filled from the back and the in-out parameter *count is modified to be the
310 * number of unused entries at the beginning of the array. The function
311 * scrub_filesystem() is modelled after this one.
312 */
313 static int
check_filesystem(spa_t * spa,uint64_t head_ds,zbookmark_err_phys_t * zep,void * uaddr,uint64_t * count,list_t * clones_list)314 check_filesystem(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
315 void *uaddr, uint64_t *count, list_t *clones_list)
316 {
317 dsl_dataset_t *ds;
318 dsl_pool_t *dp = spa->spa_dsl_pool;
319
320 int error = dsl_dataset_hold_obj_flags(dp, head_ds,
321 DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
322 if (error != 0)
323 return (error);
324
325 uint64_t latest_txg;
326 uint64_t txg_to_consider = spa->spa_syncing_txg;
327 boolean_t check_snapshot = B_TRUE;
328 error = find_birth_txg(ds, zep, &latest_txg);
329
330 /*
331 * If find_birth_txg() errors out otherwise, let txg_to_consider be
332 * equal to the spa's syncing txg: if check_filesystem() errors out
333 * then affected snapshots or clones will not be checked.
334 */
335 if (error == 0 && zep->zb_birth == latest_txg) {
336 /* Block neither free nor rewritten. */
337 zbookmark_phys_t zb;
338 zep_to_zb(head_ds, zep, &zb);
339 error = copyout_entry(&zb, uaddr, count);
340 if (error != 0) {
341 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
342 return (error);
343 }
344 check_snapshot = B_FALSE;
345 } else if (error == 0) {
346 txg_to_consider = latest_txg;
347 }
348
349 /*
350 * Retrieve the number of snapshots if the dataset is not a snapshot.
351 */
352 uint64_t snap_count = 0;
353 if (dsl_dataset_phys(ds)->ds_snapnames_zapobj != 0) {
354
355 error = zap_count(spa->spa_meta_objset,
356 dsl_dataset_phys(ds)->ds_snapnames_zapobj, &snap_count);
357
358 if (error != 0) {
359 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
360 return (error);
361 }
362 }
363
364 if (snap_count == 0) {
365 /* Filesystem without snapshots. */
366 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
367 return (0);
368 }
369
370 uint64_t *snap_obj_array = kmem_zalloc(snap_count * sizeof (uint64_t),
371 KM_SLEEP);
372
373 int aff_snap_count = 0;
374 uint64_t snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
375 uint64_t snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
376 uint64_t zap_clone = dsl_dir_phys(ds->ds_dir)->dd_clones;
377
378 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
379
380 /* Check only snapshots created from this file system. */
381 while (snap_obj != 0 && zep->zb_birth < snap_obj_txg &&
382 snap_obj_txg <= txg_to_consider) {
383
384 error = dsl_dataset_hold_obj_flags(dp, snap_obj,
385 DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
386 if (error != 0)
387 goto out;
388
389 if (dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj != head_ds) {
390 snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
391 snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
392 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
393 continue;
394 }
395
396 boolean_t affected = B_TRUE;
397 if (check_snapshot) {
398 uint64_t blk_txg;
399 error = find_birth_txg(ds, zep, &blk_txg);
400 affected = (error == 0 && zep->zb_birth == blk_txg);
401 }
402
403 /* Report errors in snapshots. */
404 if (affected) {
405 snap_obj_array[aff_snap_count] = snap_obj;
406 aff_snap_count++;
407
408 zbookmark_phys_t zb;
409 zep_to_zb(snap_obj, zep, &zb);
410 error = copyout_entry(&zb, uaddr, count);
411 if (error != 0) {
412 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT,
413 FTAG);
414 goto out;
415 }
416 }
417 snap_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
418 snap_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
419 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
420 }
421
422 if (zap_clone == 0 || aff_snap_count == 0) {
423 error = 0;
424 goto out;
425 }
426
427 /* Check clones. */
428 zap_cursor_t *zc;
429 zap_attribute_t *za;
430
431 zc = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP);
432 za = kmem_zalloc(sizeof (zap_attribute_t), KM_SLEEP);
433
434 for (zap_cursor_init(zc, spa->spa_meta_objset, zap_clone);
435 zap_cursor_retrieve(zc, za) == 0;
436 zap_cursor_advance(zc)) {
437
438 dsl_dataset_t *clone;
439 error = dsl_dataset_hold_obj_flags(dp, za->za_first_integer,
440 DS_HOLD_FLAG_DECRYPT, FTAG, &clone);
441
442 if (error != 0)
443 break;
444
445 /*
446 * Only clones whose origins were affected could also
447 * have affected snapshots.
448 */
449 boolean_t found = B_FALSE;
450 for (int i = 0; i < snap_count; i++) {
451 if (dsl_dir_phys(clone->ds_dir)->dd_origin_obj
452 == snap_obj_array[i])
453 found = B_TRUE;
454 }
455 dsl_dataset_rele_flags(clone, DS_HOLD_FLAG_DECRYPT, FTAG);
456
457 if (!found)
458 continue;
459
460 clones_t *ct = kmem_zalloc(sizeof (*ct), KM_SLEEP);
461 ct->clone_ds = za->za_first_integer;
462 list_insert_tail(clones_list, ct);
463 }
464
465 zap_cursor_fini(zc);
466 kmem_free(za, sizeof (*za));
467 kmem_free(zc, sizeof (*zc));
468
469 out:
470 kmem_free(snap_obj_array, sizeof (*snap_obj_array));
471 return (error);
472 }
473
474 static int
process_error_block(spa_t * spa,uint64_t head_ds,zbookmark_err_phys_t * zep,void * uaddr,uint64_t * count)475 process_error_block(spa_t *spa, uint64_t head_ds, zbookmark_err_phys_t *zep,
476 void *uaddr, uint64_t *count)
477 {
478 /*
479 * If zb_birth == 0 or head_ds == 0 it means we failed to retrieve the
480 * birth txg or the head filesystem of the block pointer. This may
481 * happen e.g. when an encrypted filesystem is not mounted or when
482 * the key is not loaded. In this case do not proceed to
483 * check_filesystem(), instead do the accounting here.
484 */
485 if (zep->zb_birth == 0 || head_ds == 0) {
486 zbookmark_phys_t zb;
487 zep_to_zb(head_ds, zep, &zb);
488 int error = copyout_entry(&zb, uaddr, count);
489 if (error != 0) {
490 return (error);
491 }
492 return (0);
493 }
494
495 uint64_t top_affected_fs;
496 uint64_t init_count = *count;
497 int error = find_top_affected_fs(spa, head_ds, zep, &top_affected_fs);
498 if (error == 0) {
499 clones_t *ct;
500 list_t clones_list;
501
502 list_create(&clones_list, sizeof (clones_t),
503 offsetof(clones_t, node));
504
505 error = check_filesystem(spa, top_affected_fs, zep,
506 uaddr, count, &clones_list);
507
508 while ((ct = list_remove_head(&clones_list)) != NULL) {
509 error = check_filesystem(spa, ct->clone_ds, zep,
510 uaddr, count, &clones_list);
511 kmem_free(ct, sizeof (*ct));
512
513 if (error) {
514 while (!list_is_empty(&clones_list)) {
515 ct = list_remove_head(&clones_list);
516 kmem_free(ct, sizeof (*ct));
517 }
518 break;
519 }
520 }
521
522 list_destroy(&clones_list);
523 }
524 if (error == 0 && init_count == *count) {
525 /*
526 * If we reach this point, no errors have been detected
527 * in the checked filesystems/snapshots. Before returning mark
528 * the error block to be removed from the error lists and logs.
529 */
530 zbookmark_phys_t zb;
531 zep_to_zb(head_ds, zep, &zb);
532 spa_remove_error(spa, &zb, zep->zb_birth);
533 }
534
535 return (error);
536 }
537 #endif
538
539 /* Return the number of errors in the error log */
540 uint64_t
spa_get_last_errlog_size(spa_t * spa)541 spa_get_last_errlog_size(spa_t *spa)
542 {
543 uint64_t total = 0, count;
544 mutex_enter(&spa->spa_errlog_lock);
545
546 if (spa->spa_errlog_last != 0 &&
547 zap_count(spa->spa_meta_objset, spa->spa_errlog_last,
548 &count) == 0)
549 total += count;
550 mutex_exit(&spa->spa_errlog_lock);
551 return (total);
552 }
553
554 /*
555 * If a healed bookmark matches an entry in the error log we stash it in a tree
556 * so that we can later remove the related log entries in sync context.
557 */
558 static void
spa_add_healed_error(spa_t * spa,uint64_t obj,zbookmark_phys_t * healed_zb,const uint64_t birth)559 spa_add_healed_error(spa_t *spa, uint64_t obj, zbookmark_phys_t *healed_zb,
560 const uint64_t birth)
561 {
562 char name[NAME_MAX_LEN];
563
564 if (obj == 0)
565 return;
566
567 boolean_t held_list = B_FALSE;
568 boolean_t held_log = B_FALSE;
569
570 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
571 bookmark_to_name(healed_zb, name, sizeof (name));
572
573 if (zap_contains(spa->spa_meta_objset, healed_zb->zb_objset,
574 name) == 0) {
575 if (!MUTEX_HELD(&spa->spa_errlog_lock)) {
576 mutex_enter(&spa->spa_errlog_lock);
577 held_log = B_TRUE;
578 }
579
580 /*
581 * Found an error matching healed zb, add zb to our
582 * tree of healed errors
583 */
584 avl_tree_t *tree = &spa->spa_errlist_healed;
585 spa_error_entry_t search;
586 spa_error_entry_t *new;
587 avl_index_t where;
588 search.se_bookmark = *healed_zb;
589 if (!MUTEX_HELD(&spa->spa_errlist_lock)) {
590 mutex_enter(&spa->spa_errlist_lock);
591 held_list = B_TRUE;
592 }
593 if (avl_find(tree, &search, &where) != NULL) {
594 if (held_list)
595 mutex_exit(&spa->spa_errlist_lock);
596 if (held_log)
597 mutex_exit(&spa->spa_errlog_lock);
598 return;
599 }
600 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP);
601 new->se_bookmark = *healed_zb;
602 avl_insert(tree, new, where);
603 if (held_list)
604 mutex_exit(&spa->spa_errlist_lock);
605 if (held_log)
606 mutex_exit(&spa->spa_errlog_lock);
607 }
608 return;
609 }
610
611 zbookmark_err_phys_t healed_zep;
612 healed_zep.zb_object = healed_zb->zb_object;
613 healed_zep.zb_level = healed_zb->zb_level;
614 healed_zep.zb_blkid = healed_zb->zb_blkid;
615 healed_zep.zb_birth = birth;
616
617 errphys_to_name(&healed_zep, name, sizeof (name));
618
619 zap_cursor_t zc;
620 zap_attribute_t za;
621 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa->spa_errlog_last);
622 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
623 if (zap_contains(spa->spa_meta_objset, za.za_first_integer,
624 name) == 0) {
625 if (!MUTEX_HELD(&spa->spa_errlog_lock)) {
626 mutex_enter(&spa->spa_errlog_lock);
627 held_log = B_TRUE;
628 }
629
630 avl_tree_t *tree = &spa->spa_errlist_healed;
631 spa_error_entry_t search;
632 spa_error_entry_t *new;
633 avl_index_t where;
634 search.se_bookmark = *healed_zb;
635
636 if (!MUTEX_HELD(&spa->spa_errlist_lock)) {
637 mutex_enter(&spa->spa_errlist_lock);
638 held_list = B_TRUE;
639 }
640
641 if (avl_find(tree, &search, &where) != NULL) {
642 if (held_list)
643 mutex_exit(&spa->spa_errlist_lock);
644 if (held_log)
645 mutex_exit(&spa->spa_errlog_lock);
646 continue;
647 }
648 new = kmem_zalloc(sizeof (spa_error_entry_t), KM_SLEEP);
649 new->se_bookmark = *healed_zb;
650 new->se_zep = healed_zep;
651 avl_insert(tree, new, where);
652
653 if (held_list)
654 mutex_exit(&spa->spa_errlist_lock);
655 if (held_log)
656 mutex_exit(&spa->spa_errlog_lock);
657 }
658 }
659 zap_cursor_fini(&zc);
660 }
661
662 /*
663 * If this error exists in the given tree remove it.
664 */
665 static void
remove_error_from_list(spa_t * spa,avl_tree_t * t,const zbookmark_phys_t * zb)666 remove_error_from_list(spa_t *spa, avl_tree_t *t, const zbookmark_phys_t *zb)
667 {
668 spa_error_entry_t search, *found;
669 avl_index_t where;
670
671 mutex_enter(&spa->spa_errlist_lock);
672 search.se_bookmark = *zb;
673 if ((found = avl_find(t, &search, &where)) != NULL) {
674 avl_remove(t, found);
675 kmem_free(found, sizeof (spa_error_entry_t));
676 }
677 mutex_exit(&spa->spa_errlist_lock);
678 }
679
680
681 /*
682 * Removes all of the recv healed errors from both on-disk error logs
683 */
684 static void
spa_remove_healed_errors(spa_t * spa,avl_tree_t * s,avl_tree_t * l,dmu_tx_t * tx)685 spa_remove_healed_errors(spa_t *spa, avl_tree_t *s, avl_tree_t *l, dmu_tx_t *tx)
686 {
687 char name[NAME_MAX_LEN];
688 spa_error_entry_t *se;
689 void *cookie = NULL;
690
691 ASSERT(MUTEX_HELD(&spa->spa_errlog_lock));
692
693 while ((se = avl_destroy_nodes(&spa->spa_errlist_healed,
694 &cookie)) != NULL) {
695 remove_error_from_list(spa, s, &se->se_bookmark);
696 remove_error_from_list(spa, l, &se->se_bookmark);
697
698 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
699 bookmark_to_name(&se->se_bookmark, name, sizeof (name));
700 (void) zap_remove(spa->spa_meta_objset,
701 spa->spa_errlog_last, name, tx);
702 (void) zap_remove(spa->spa_meta_objset,
703 spa->spa_errlog_scrub, name, tx);
704 } else {
705 errphys_to_name(&se->se_zep, name, sizeof (name));
706 zap_cursor_t zc;
707 zap_attribute_t za;
708 for (zap_cursor_init(&zc, spa->spa_meta_objset,
709 spa->spa_errlog_last);
710 zap_cursor_retrieve(&zc, &za) == 0;
711 zap_cursor_advance(&zc)) {
712 zap_remove(spa->spa_meta_objset,
713 za.za_first_integer, name, tx);
714 }
715 zap_cursor_fini(&zc);
716
717 for (zap_cursor_init(&zc, spa->spa_meta_objset,
718 spa->spa_errlog_scrub);
719 zap_cursor_retrieve(&zc, &za) == 0;
720 zap_cursor_advance(&zc)) {
721 zap_remove(spa->spa_meta_objset,
722 za.za_first_integer, name, tx);
723 }
724 zap_cursor_fini(&zc);
725 }
726 kmem_free(se, sizeof (spa_error_entry_t));
727 }
728 }
729
730 /*
731 * Stash away healed bookmarks to remove them from the on-disk error logs
732 * later in spa_remove_healed_errors().
733 */
734 void
spa_remove_error(spa_t * spa,zbookmark_phys_t * zb,uint64_t birth)735 spa_remove_error(spa_t *spa, zbookmark_phys_t *zb, uint64_t birth)
736 {
737 spa_add_healed_error(spa, spa->spa_errlog_last, zb, birth);
738 spa_add_healed_error(spa, spa->spa_errlog_scrub, zb, birth);
739 }
740
741 static uint64_t
approx_errlog_size_impl(spa_t * spa,uint64_t spa_err_obj)742 approx_errlog_size_impl(spa_t *spa, uint64_t spa_err_obj)
743 {
744 if (spa_err_obj == 0)
745 return (0);
746 uint64_t total = 0;
747
748 zap_cursor_t zc;
749 zap_attribute_t za;
750 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
751 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
752 uint64_t count;
753 if (zap_count(spa->spa_meta_objset, za.za_first_integer,
754 &count) == 0)
755 total += count;
756 }
757 zap_cursor_fini(&zc);
758 return (total);
759 }
760
761 /*
762 * Return the approximate number of errors currently in the error log. This
763 * will be nonzero if there are some errors, but otherwise it may be more
764 * or less than the number of entries returned by spa_get_errlog().
765 */
766 uint64_t
spa_approx_errlog_size(spa_t * spa)767 spa_approx_errlog_size(spa_t *spa)
768 {
769 uint64_t total = 0;
770
771 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
772 mutex_enter(&spa->spa_errlog_lock);
773 uint64_t count;
774 if (spa->spa_errlog_scrub != 0 &&
775 zap_count(spa->spa_meta_objset, spa->spa_errlog_scrub,
776 &count) == 0)
777 total += count;
778
779 if (spa->spa_errlog_last != 0 && !spa->spa_scrub_finished &&
780 zap_count(spa->spa_meta_objset, spa->spa_errlog_last,
781 &count) == 0)
782 total += count;
783 mutex_exit(&spa->spa_errlog_lock);
784
785 } else {
786 mutex_enter(&spa->spa_errlog_lock);
787 total += approx_errlog_size_impl(spa, spa->spa_errlog_last);
788 total += approx_errlog_size_impl(spa, spa->spa_errlog_scrub);
789 mutex_exit(&spa->spa_errlog_lock);
790 }
791 mutex_enter(&spa->spa_errlist_lock);
792 total += avl_numnodes(&spa->spa_errlist_last);
793 total += avl_numnodes(&spa->spa_errlist_scrub);
794 mutex_exit(&spa->spa_errlist_lock);
795 return (total);
796 }
797
798 /*
799 * This function sweeps through an on-disk error log and stores all bookmarks
800 * as error bookmarks in a new ZAP object. At the end we discard the old one,
801 * and spa_update_errlog() will set the spa's on-disk error log to new ZAP
802 * object.
803 */
804 static void
sync_upgrade_errlog(spa_t * spa,uint64_t spa_err_obj,uint64_t * newobj,dmu_tx_t * tx)805 sync_upgrade_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t *newobj,
806 dmu_tx_t *tx)
807 {
808 zap_cursor_t zc;
809 zap_attribute_t za;
810 zbookmark_phys_t zb;
811 uint64_t count;
812
813 *newobj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG,
814 DMU_OT_NONE, 0, tx);
815
816 /*
817 * If we cannnot perform the upgrade we should clear the old on-disk
818 * error logs.
819 */
820 if (zap_count(spa->spa_meta_objset, spa_err_obj, &count) != 0) {
821 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
822 return;
823 }
824
825 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
826 zap_cursor_retrieve(&zc, &za) == 0;
827 zap_cursor_advance(&zc)) {
828 if (spa_upgrade_errlog_limit != 0 &&
829 zc.zc_cd == spa_upgrade_errlog_limit)
830 break;
831
832 name_to_bookmark(za.za_name, &zb);
833
834 zbookmark_err_phys_t zep;
835 zep.zb_object = zb.zb_object;
836 zep.zb_level = zb.zb_level;
837 zep.zb_blkid = zb.zb_blkid;
838 zep.zb_birth = 0;
839
840 /*
841 * In case of an error we should simply continue instead of
842 * returning prematurely. See the next comment.
843 */
844 uint64_t head_ds;
845 dsl_pool_t *dp = spa->spa_dsl_pool;
846 dsl_dataset_t *ds;
847 objset_t *os;
848
849 int error = dsl_dataset_hold_obj_flags(dp, zb.zb_objset,
850 DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
851 if (error != 0)
852 continue;
853
854 head_ds = dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj;
855
856 /*
857 * The objset and the dnode are required for getting the block
858 * pointer, which is used to determine if BP_IS_HOLE(). If
859 * getting the objset or the dnode fails, do not create a
860 * zap entry (presuming we know the dataset) as this may create
861 * spurious errors that we cannot ever resolve. If an error is
862 * truly persistent, it should re-appear after a scan.
863 */
864 if (dmu_objset_from_ds(ds, &os) != 0) {
865 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
866 continue;
867 }
868
869 dnode_t *dn;
870 blkptr_t bp;
871
872 if (dnode_hold(os, zep.zb_object, FTAG, &dn) != 0) {
873 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
874 continue;
875 }
876
877 rw_enter(&dn->dn_struct_rwlock, RW_READER);
878 error = dbuf_dnode_findbp(dn, zep.zb_level, zep.zb_blkid, &bp,
879 NULL, NULL);
880 if (error == EACCES)
881 error = 0;
882 else if (!error)
883 zep.zb_birth = BP_GET_LOGICAL_BIRTH(&bp);
884
885 rw_exit(&dn->dn_struct_rwlock);
886 dnode_rele(dn, FTAG);
887 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
888
889 if (error != 0 || BP_IS_HOLE(&bp))
890 continue;
891
892 uint64_t err_obj;
893 error = zap_lookup_int_key(spa->spa_meta_objset, *newobj,
894 head_ds, &err_obj);
895
896 if (error == ENOENT) {
897 err_obj = zap_create(spa->spa_meta_objset,
898 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
899
900 (void) zap_update_int_key(spa->spa_meta_objset,
901 *newobj, head_ds, err_obj, tx);
902 }
903
904 char buf[64];
905 errphys_to_name(&zep, buf, sizeof (buf));
906
907 const char *name = "";
908 (void) zap_update(spa->spa_meta_objset, err_obj,
909 buf, 1, strlen(name) + 1, name, tx);
910 }
911 zap_cursor_fini(&zc);
912
913 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
914 }
915
916 void
spa_upgrade_errlog(spa_t * spa,dmu_tx_t * tx)917 spa_upgrade_errlog(spa_t *spa, dmu_tx_t *tx)
918 {
919 uint64_t newobj = 0;
920
921 mutex_enter(&spa->spa_errlog_lock);
922 if (spa->spa_errlog_last != 0) {
923 sync_upgrade_errlog(spa, spa->spa_errlog_last, &newobj, tx);
924 spa->spa_errlog_last = newobj;
925
926 (void) zap_update(spa->spa_meta_objset,
927 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ERRLOG_LAST,
928 sizeof (uint64_t), 1, &spa->spa_errlog_last, tx);
929 }
930
931 if (spa->spa_errlog_scrub != 0) {
932 sync_upgrade_errlog(spa, spa->spa_errlog_scrub, &newobj, tx);
933 spa->spa_errlog_scrub = newobj;
934
935 (void) zap_update(spa->spa_meta_objset,
936 DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ERRLOG_SCRUB,
937 sizeof (uint64_t), 1, &spa->spa_errlog_scrub, tx);
938 }
939
940 mutex_exit(&spa->spa_errlog_lock);
941 }
942
943 #ifdef _KERNEL
944 /*
945 * If an error block is shared by two datasets it will be counted twice.
946 */
947 static int
process_error_log(spa_t * spa,uint64_t obj,void * uaddr,uint64_t * count)948 process_error_log(spa_t *spa, uint64_t obj, void *uaddr, uint64_t *count)
949 {
950 if (obj == 0)
951 return (0);
952
953 zap_cursor_t *zc;
954 zap_attribute_t *za;
955
956 zc = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP);
957 za = kmem_zalloc(sizeof (zap_attribute_t), KM_SLEEP);
958
959 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
960 for (zap_cursor_init(zc, spa->spa_meta_objset, obj);
961 zap_cursor_retrieve(zc, za) == 0;
962 zap_cursor_advance(zc)) {
963 if (*count == 0) {
964 zap_cursor_fini(zc);
965 kmem_free(zc, sizeof (*zc));
966 kmem_free(za, sizeof (*za));
967 return (SET_ERROR(ENOMEM));
968 }
969
970 zbookmark_phys_t zb;
971 name_to_bookmark(za->za_name, &zb);
972
973 int error = copyout_entry(&zb, uaddr, count);
974 if (error != 0) {
975 zap_cursor_fini(zc);
976 kmem_free(zc, sizeof (*zc));
977 kmem_free(za, sizeof (*za));
978 return (error);
979 }
980 }
981 zap_cursor_fini(zc);
982 kmem_free(zc, sizeof (*zc));
983 kmem_free(za, sizeof (*za));
984 return (0);
985 }
986
987 for (zap_cursor_init(zc, spa->spa_meta_objset, obj);
988 zap_cursor_retrieve(zc, za) == 0;
989 zap_cursor_advance(zc)) {
990
991 zap_cursor_t *head_ds_cursor;
992 zap_attribute_t *head_ds_attr;
993
994 head_ds_cursor = kmem_zalloc(sizeof (zap_cursor_t), KM_SLEEP);
995 head_ds_attr = kmem_zalloc(sizeof (zap_attribute_t), KM_SLEEP);
996
997 uint64_t head_ds_err_obj = za->za_first_integer;
998 uint64_t head_ds;
999 name_to_object(za->za_name, &head_ds);
1000 for (zap_cursor_init(head_ds_cursor, spa->spa_meta_objset,
1001 head_ds_err_obj); zap_cursor_retrieve(head_ds_cursor,
1002 head_ds_attr) == 0; zap_cursor_advance(head_ds_cursor)) {
1003
1004 zbookmark_err_phys_t head_ds_block;
1005 name_to_errphys(head_ds_attr->za_name, &head_ds_block);
1006 int error = process_error_block(spa, head_ds,
1007 &head_ds_block, uaddr, count);
1008
1009 if (error != 0) {
1010 zap_cursor_fini(head_ds_cursor);
1011 kmem_free(head_ds_cursor,
1012 sizeof (*head_ds_cursor));
1013 kmem_free(head_ds_attr, sizeof (*head_ds_attr));
1014
1015 zap_cursor_fini(zc);
1016 kmem_free(za, sizeof (*za));
1017 kmem_free(zc, sizeof (*zc));
1018 return (error);
1019 }
1020 }
1021 zap_cursor_fini(head_ds_cursor);
1022 kmem_free(head_ds_cursor, sizeof (*head_ds_cursor));
1023 kmem_free(head_ds_attr, sizeof (*head_ds_attr));
1024 }
1025 zap_cursor_fini(zc);
1026 kmem_free(za, sizeof (*za));
1027 kmem_free(zc, sizeof (*zc));
1028 return (0);
1029 }
1030
1031 static int
process_error_list(spa_t * spa,avl_tree_t * list,void * uaddr,uint64_t * count)1032 process_error_list(spa_t *spa, avl_tree_t *list, void *uaddr, uint64_t *count)
1033 {
1034 spa_error_entry_t *se;
1035
1036 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
1037 for (se = avl_first(list); se != NULL;
1038 se = AVL_NEXT(list, se)) {
1039 int error =
1040 copyout_entry(&se->se_bookmark, uaddr, count);
1041 if (error != 0) {
1042 return (error);
1043 }
1044 }
1045 return (0);
1046 }
1047
1048 for (se = avl_first(list); se != NULL; se = AVL_NEXT(list, se)) {
1049 uint64_t head_ds = 0;
1050 int error = get_head_ds(spa, se->se_bookmark.zb_objset,
1051 &head_ds);
1052
1053 /*
1054 * If get_head_ds() errors out, set the head filesystem
1055 * to the filesystem stored in the bookmark of the
1056 * error block.
1057 */
1058 if (error != 0)
1059 head_ds = se->se_bookmark.zb_objset;
1060
1061 error = process_error_block(spa, head_ds,
1062 &se->se_zep, uaddr, count);
1063 if (error != 0)
1064 return (error);
1065 }
1066 return (0);
1067 }
1068 #endif
1069
1070 /*
1071 * Copy all known errors to userland as an array of bookmarks. This is
1072 * actually a union of the on-disk last log and current log, as well as any
1073 * pending error requests.
1074 *
1075 * Because the act of reading the on-disk log could cause errors to be
1076 * generated, we have two separate locks: one for the error log and one for the
1077 * in-core error lists. We only need the error list lock to log and error, so
1078 * we grab the error log lock while we read the on-disk logs, and only pick up
1079 * the error list lock when we are finished.
1080 */
1081 int
spa_get_errlog(spa_t * spa,void * uaddr,uint64_t * count)1082 spa_get_errlog(spa_t *spa, void *uaddr, uint64_t *count)
1083 {
1084 int ret = 0;
1085
1086 #ifdef _KERNEL
1087 /*
1088 * The pool config lock is needed to hold a dataset_t via (among other
1089 * places) process_error_list() -> process_error_block()->
1090 * find_top_affected_fs(), and lock ordering requires that we get it
1091 * before the spa_errlog_lock.
1092 */
1093 dsl_pool_config_enter(spa->spa_dsl_pool, FTAG);
1094 mutex_enter(&spa->spa_errlog_lock);
1095
1096 ret = process_error_log(spa, spa->spa_errlog_scrub, uaddr, count);
1097
1098 if (!ret && !spa->spa_scrub_finished)
1099 ret = process_error_log(spa, spa->spa_errlog_last, uaddr,
1100 count);
1101
1102 mutex_enter(&spa->spa_errlist_lock);
1103 if (!ret)
1104 ret = process_error_list(spa, &spa->spa_errlist_scrub, uaddr,
1105 count);
1106 if (!ret)
1107 ret = process_error_list(spa, &spa->spa_errlist_last, uaddr,
1108 count);
1109 mutex_exit(&spa->spa_errlist_lock);
1110
1111 mutex_exit(&spa->spa_errlog_lock);
1112 dsl_pool_config_exit(spa->spa_dsl_pool, FTAG);
1113 #else
1114 (void) spa, (void) uaddr, (void) count;
1115 #endif
1116
1117 return (ret);
1118 }
1119
1120 /*
1121 * Called when a scrub completes. This simply set a bit which tells which AVL
1122 * tree to add new errors. spa_errlog_sync() is responsible for actually
1123 * syncing the changes to the underlying objects.
1124 */
1125 void
spa_errlog_rotate(spa_t * spa)1126 spa_errlog_rotate(spa_t *spa)
1127 {
1128 mutex_enter(&spa->spa_errlist_lock);
1129 spa->spa_scrub_finished = B_TRUE;
1130 mutex_exit(&spa->spa_errlist_lock);
1131 }
1132
1133 /*
1134 * Discard any pending errors from the spa_t. Called when unloading a faulted
1135 * pool, as the errors encountered during the open cannot be synced to disk.
1136 */
1137 void
spa_errlog_drain(spa_t * spa)1138 spa_errlog_drain(spa_t *spa)
1139 {
1140 spa_error_entry_t *se;
1141 void *cookie;
1142
1143 mutex_enter(&spa->spa_errlist_lock);
1144
1145 cookie = NULL;
1146 while ((se = avl_destroy_nodes(&spa->spa_errlist_last,
1147 &cookie)) != NULL)
1148 kmem_free(se, sizeof (spa_error_entry_t));
1149 cookie = NULL;
1150 while ((se = avl_destroy_nodes(&spa->spa_errlist_scrub,
1151 &cookie)) != NULL)
1152 kmem_free(se, sizeof (spa_error_entry_t));
1153
1154 mutex_exit(&spa->spa_errlist_lock);
1155 }
1156
1157 /*
1158 * Process a list of errors into the current on-disk log.
1159 */
1160 void
sync_error_list(spa_t * spa,avl_tree_t * t,uint64_t * obj,dmu_tx_t * tx)1161 sync_error_list(spa_t *spa, avl_tree_t *t, uint64_t *obj, dmu_tx_t *tx)
1162 {
1163 spa_error_entry_t *se;
1164 char buf[NAME_MAX_LEN];
1165 void *cookie;
1166
1167 if (avl_numnodes(t) == 0)
1168 return;
1169
1170 /* create log if necessary */
1171 if (*obj == 0)
1172 *obj = zap_create(spa->spa_meta_objset, DMU_OT_ERROR_LOG,
1173 DMU_OT_NONE, 0, tx);
1174
1175 /* add errors to the current log */
1176 if (!spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
1177 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) {
1178 bookmark_to_name(&se->se_bookmark, buf, sizeof (buf));
1179
1180 const char *name = se->se_name ? se->se_name : "";
1181 (void) zap_update(spa->spa_meta_objset, *obj, buf, 1,
1182 strlen(name) + 1, name, tx);
1183 }
1184 } else {
1185 for (se = avl_first(t); se != NULL; se = AVL_NEXT(t, se)) {
1186 zbookmark_err_phys_t zep;
1187 zep.zb_object = se->se_zep.zb_object;
1188 zep.zb_level = se->se_zep.zb_level;
1189 zep.zb_blkid = se->se_zep.zb_blkid;
1190 zep.zb_birth = se->se_zep.zb_birth;
1191
1192 uint64_t head_ds = 0;
1193 int error = get_head_ds(spa, se->se_bookmark.zb_objset,
1194 &head_ds);
1195
1196 /*
1197 * If get_head_ds() errors out, set the head filesystem
1198 * to the filesystem stored in the bookmark of the
1199 * error block.
1200 */
1201 if (error != 0)
1202 head_ds = se->se_bookmark.zb_objset;
1203
1204 uint64_t err_obj;
1205 error = zap_lookup_int_key(spa->spa_meta_objset,
1206 *obj, head_ds, &err_obj);
1207
1208 if (error == ENOENT) {
1209 err_obj = zap_create(spa->spa_meta_objset,
1210 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
1211
1212 (void) zap_update_int_key(spa->spa_meta_objset,
1213 *obj, head_ds, err_obj, tx);
1214 }
1215 errphys_to_name(&zep, buf, sizeof (buf));
1216
1217 const char *name = se->se_name ? se->se_name : "";
1218 (void) zap_update(spa->spa_meta_objset,
1219 err_obj, buf, 1, strlen(name) + 1, name, tx);
1220 }
1221 }
1222 /* purge the error list */
1223 cookie = NULL;
1224 while ((se = avl_destroy_nodes(t, &cookie)) != NULL)
1225 kmem_free(se, sizeof (spa_error_entry_t));
1226 }
1227
1228 static void
delete_errlog(spa_t * spa,uint64_t spa_err_obj,dmu_tx_t * tx)1229 delete_errlog(spa_t *spa, uint64_t spa_err_obj, dmu_tx_t *tx)
1230 {
1231 if (spa_feature_is_enabled(spa, SPA_FEATURE_HEAD_ERRLOG)) {
1232 zap_cursor_t zc;
1233 zap_attribute_t za;
1234 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
1235 zap_cursor_retrieve(&zc, &za) == 0;
1236 zap_cursor_advance(&zc)) {
1237 VERIFY0(dmu_object_free(spa->spa_meta_objset,
1238 za.za_first_integer, tx));
1239 }
1240 zap_cursor_fini(&zc);
1241 }
1242 VERIFY0(dmu_object_free(spa->spa_meta_objset, spa_err_obj, tx));
1243 }
1244
1245 /*
1246 * Sync the error log out to disk. This is a little tricky because the act of
1247 * writing the error log requires the spa_errlist_lock. So, we need to lock the
1248 * error lists, take a copy of the lists, and then reinitialize them. Then, we
1249 * drop the error list lock and take the error log lock, at which point we
1250 * do the errlog processing. Then, if we encounter an I/O error during this
1251 * process, we can successfully add the error to the list. Note that this will
1252 * result in the perpetual recycling of errors, but it is an unlikely situation
1253 * and not a performance critical operation.
1254 */
1255 void
spa_errlog_sync(spa_t * spa,uint64_t txg)1256 spa_errlog_sync(spa_t *spa, uint64_t txg)
1257 {
1258 dmu_tx_t *tx;
1259 avl_tree_t scrub, last;
1260 int scrub_finished;
1261
1262 mutex_enter(&spa->spa_errlist_lock);
1263
1264 /*
1265 * Bail out early under normal circumstances.
1266 */
1267 if (avl_numnodes(&spa->spa_errlist_scrub) == 0 &&
1268 avl_numnodes(&spa->spa_errlist_last) == 0 &&
1269 avl_numnodes(&spa->spa_errlist_healed) == 0 &&
1270 !spa->spa_scrub_finished) {
1271 mutex_exit(&spa->spa_errlist_lock);
1272 return;
1273 }
1274
1275 spa_get_errlists(spa, &last, &scrub);
1276 scrub_finished = spa->spa_scrub_finished;
1277 spa->spa_scrub_finished = B_FALSE;
1278
1279 mutex_exit(&spa->spa_errlist_lock);
1280
1281 /*
1282 * The pool config lock is needed to hold a dataset_t via
1283 * sync_error_list() -> get_head_ds(), and lock ordering
1284 * requires that we get it before the spa_errlog_lock.
1285 */
1286 dsl_pool_config_enter(spa->spa_dsl_pool, FTAG);
1287 mutex_enter(&spa->spa_errlog_lock);
1288
1289 tx = dmu_tx_create_assigned(spa->spa_dsl_pool, txg);
1290
1291 /*
1292 * Remove healed errors from errors.
1293 */
1294 spa_remove_healed_errors(spa, &last, &scrub, tx);
1295
1296 /*
1297 * Sync out the current list of errors.
1298 */
1299 sync_error_list(spa, &last, &spa->spa_errlog_last, tx);
1300
1301 /*
1302 * Rotate the log if necessary.
1303 */
1304 if (scrub_finished) {
1305 if (spa->spa_errlog_last != 0)
1306 delete_errlog(spa, spa->spa_errlog_last, tx);
1307 spa->spa_errlog_last = spa->spa_errlog_scrub;
1308 spa->spa_errlog_scrub = 0;
1309
1310 sync_error_list(spa, &scrub, &spa->spa_errlog_last, tx);
1311 }
1312
1313 /*
1314 * Sync out any pending scrub errors.
1315 */
1316 sync_error_list(spa, &scrub, &spa->spa_errlog_scrub, tx);
1317
1318 /*
1319 * Update the MOS to reflect the new values.
1320 */
1321 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
1322 DMU_POOL_ERRLOG_LAST, sizeof (uint64_t), 1,
1323 &spa->spa_errlog_last, tx);
1324 (void) zap_update(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
1325 DMU_POOL_ERRLOG_SCRUB, sizeof (uint64_t), 1,
1326 &spa->spa_errlog_scrub, tx);
1327
1328 dmu_tx_commit(tx);
1329
1330 mutex_exit(&spa->spa_errlog_lock);
1331 dsl_pool_config_exit(spa->spa_dsl_pool, FTAG);
1332 }
1333
1334 static void
delete_dataset_errlog(spa_t * spa,uint64_t spa_err_obj,uint64_t ds,dmu_tx_t * tx)1335 delete_dataset_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t ds,
1336 dmu_tx_t *tx)
1337 {
1338 if (spa_err_obj == 0)
1339 return;
1340
1341 zap_cursor_t zc;
1342 zap_attribute_t za;
1343 for (zap_cursor_init(&zc, spa->spa_meta_objset, spa_err_obj);
1344 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
1345 uint64_t head_ds;
1346 name_to_object(za.za_name, &head_ds);
1347 if (head_ds == ds) {
1348 (void) zap_remove(spa->spa_meta_objset, spa_err_obj,
1349 za.za_name, tx);
1350 VERIFY0(dmu_object_free(spa->spa_meta_objset,
1351 za.za_first_integer, tx));
1352 break;
1353 }
1354 }
1355 zap_cursor_fini(&zc);
1356 }
1357
1358 void
spa_delete_dataset_errlog(spa_t * spa,uint64_t ds,dmu_tx_t * tx)1359 spa_delete_dataset_errlog(spa_t *spa, uint64_t ds, dmu_tx_t *tx)
1360 {
1361 mutex_enter(&spa->spa_errlog_lock);
1362 delete_dataset_errlog(spa, spa->spa_errlog_scrub, ds, tx);
1363 delete_dataset_errlog(spa, spa->spa_errlog_last, ds, tx);
1364 mutex_exit(&spa->spa_errlog_lock);
1365 }
1366
1367 static int
find_txg_ancestor_snapshot(spa_t * spa,uint64_t new_head,uint64_t old_head,uint64_t * txg)1368 find_txg_ancestor_snapshot(spa_t *spa, uint64_t new_head, uint64_t old_head,
1369 uint64_t *txg)
1370 {
1371 dsl_dataset_t *ds;
1372 dsl_pool_t *dp = spa->spa_dsl_pool;
1373
1374 int error = dsl_dataset_hold_obj_flags(dp, old_head,
1375 DS_HOLD_FLAG_DECRYPT, FTAG, &ds);
1376 if (error != 0)
1377 return (error);
1378
1379 uint64_t prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
1380 uint64_t prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
1381
1382 while (prev_obj != 0) {
1383 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
1384 if ((error = dsl_dataset_hold_obj_flags(dp, prev_obj,
1385 DS_HOLD_FLAG_DECRYPT, FTAG, &ds)) == 0 &&
1386 dsl_dir_phys(ds->ds_dir)->dd_head_dataset_obj == new_head)
1387 break;
1388
1389 if (error != 0)
1390 return (error);
1391
1392 prev_obj_txg = dsl_dataset_phys(ds)->ds_prev_snap_txg;
1393 prev_obj = dsl_dataset_phys(ds)->ds_prev_snap_obj;
1394 }
1395 dsl_dataset_rele_flags(ds, DS_HOLD_FLAG_DECRYPT, FTAG);
1396 ASSERT(prev_obj != 0);
1397 *txg = prev_obj_txg;
1398 return (0);
1399 }
1400
1401 static void
swap_errlog(spa_t * spa,uint64_t spa_err_obj,uint64_t new_head,uint64_t old_head,dmu_tx_t * tx)1402 swap_errlog(spa_t *spa, uint64_t spa_err_obj, uint64_t new_head, uint64_t
1403 old_head, dmu_tx_t *tx)
1404 {
1405 if (spa_err_obj == 0)
1406 return;
1407
1408 uint64_t old_head_errlog;
1409 int error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj,
1410 old_head, &old_head_errlog);
1411
1412 /* If no error log, then there is nothing to do. */
1413 if (error != 0)
1414 return;
1415
1416 uint64_t txg;
1417 error = find_txg_ancestor_snapshot(spa, new_head, old_head, &txg);
1418 if (error != 0)
1419 return;
1420
1421 /*
1422 * Create an error log if the file system being promoted does not
1423 * already have one.
1424 */
1425 uint64_t new_head_errlog;
1426 error = zap_lookup_int_key(spa->spa_meta_objset, spa_err_obj, new_head,
1427 &new_head_errlog);
1428
1429 if (error != 0) {
1430 new_head_errlog = zap_create(spa->spa_meta_objset,
1431 DMU_OT_ERROR_LOG, DMU_OT_NONE, 0, tx);
1432
1433 (void) zap_update_int_key(spa->spa_meta_objset, spa_err_obj,
1434 new_head, new_head_errlog, tx);
1435 }
1436
1437 zap_cursor_t zc;
1438 zap_attribute_t za;
1439 zbookmark_err_phys_t err_block;
1440 for (zap_cursor_init(&zc, spa->spa_meta_objset, old_head_errlog);
1441 zap_cursor_retrieve(&zc, &za) == 0; zap_cursor_advance(&zc)) {
1442
1443 const char *name = "";
1444 name_to_errphys(za.za_name, &err_block);
1445 if (err_block.zb_birth < txg) {
1446 (void) zap_update(spa->spa_meta_objset, new_head_errlog,
1447 za.za_name, 1, strlen(name) + 1, name, tx);
1448
1449 (void) zap_remove(spa->spa_meta_objset, old_head_errlog,
1450 za.za_name, tx);
1451 }
1452 }
1453 zap_cursor_fini(&zc);
1454 }
1455
1456 void
spa_swap_errlog(spa_t * spa,uint64_t new_head_ds,uint64_t old_head_ds,dmu_tx_t * tx)1457 spa_swap_errlog(spa_t *spa, uint64_t new_head_ds, uint64_t old_head_ds,
1458 dmu_tx_t *tx)
1459 {
1460 mutex_enter(&spa->spa_errlog_lock);
1461 swap_errlog(spa, spa->spa_errlog_scrub, new_head_ds, old_head_ds, tx);
1462 swap_errlog(spa, spa->spa_errlog_last, new_head_ds, old_head_ds, tx);
1463 mutex_exit(&spa->spa_errlog_lock);
1464 }
1465
1466 #if defined(_KERNEL)
1467 /* error handling */
1468 EXPORT_SYMBOL(spa_log_error);
1469 EXPORT_SYMBOL(spa_approx_errlog_size);
1470 EXPORT_SYMBOL(spa_get_last_errlog_size);
1471 EXPORT_SYMBOL(spa_get_errlog);
1472 EXPORT_SYMBOL(spa_errlog_rotate);
1473 EXPORT_SYMBOL(spa_errlog_drain);
1474 EXPORT_SYMBOL(spa_errlog_sync);
1475 EXPORT_SYMBOL(spa_get_errlists);
1476 EXPORT_SYMBOL(spa_delete_dataset_errlog);
1477 EXPORT_SYMBOL(spa_swap_errlog);
1478 EXPORT_SYMBOL(sync_error_list);
1479 EXPORT_SYMBOL(spa_upgrade_errlog);
1480 EXPORT_SYMBOL(find_top_affected_fs);
1481 EXPORT_SYMBOL(find_birth_txg);
1482 EXPORT_SYMBOL(zep_to_zb);
1483 EXPORT_SYMBOL(name_to_errphys);
1484 #endif
1485
1486 /* BEGIN CSTYLED */
1487 ZFS_MODULE_PARAM(zfs_spa, spa_, upgrade_errlog_limit, UINT, ZMOD_RW,
1488 "Limit the number of errors which will be upgraded to the new "
1489 "on-disk error log when enabling head_errlog");
1490 /* END CSTYLED */
1491