1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2011, 2017 by Delphix. All rights reserved.
24 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25 * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
26 * Copyright 2013 Saso Kiselkov. All rights reserved.
27 * Copyright (c) 2014 Integros [integros.com]
28 * Copyright (c) 2017 Datto Inc.
29 */
30
31#include <sys/zfs_context.h>
32#include <sys/spa_impl.h>
33#include <sys/spa_boot.h>
34#include <sys/zio.h>
35#include <sys/zio_checksum.h>
36#include <sys/zio_compress.h>
37#include <sys/dmu.h>
38#include <sys/dmu_tx.h>
39#include <sys/zap.h>
40#include <sys/zil.h>
41#include <sys/vdev_impl.h>
42#include <sys/metaslab.h>
43#include <sys/uberblock_impl.h>
44#include <sys/txg.h>
45#include <sys/avl.h>
46#include <sys/unique.h>
47#include <sys/dsl_pool.h>
48#include <sys/dsl_dir.h>
49#include <sys/dsl_prop.h>
50#include <sys/dsl_scan.h>
51#include <sys/fs/zfs.h>
52#include <sys/metaslab_impl.h>
53#include <sys/arc.h>
54#include <sys/ddt.h>
55#include "zfs_prop.h"
56#include <sys/zfeature.h>
57
58/*
59 * SPA locking
60 *
61 * There are four basic locks for managing spa_t structures:
62 *
63 * spa_namespace_lock (global mutex)
64 *
65 *	This lock must be acquired to do any of the following:
66 *
67 *		- Lookup a spa_t by name
68 *		- Add or remove a spa_t from the namespace
69 *		- Increase spa_refcount from non-zero
70 *		- Check if spa_refcount is zero
71 *		- Rename a spa_t
72 *		- add/remove/attach/detach devices
73 *		- Held for the duration of create/destroy/import/export
74 *
75 *	It does not need to handle recursion.  A create or destroy may
76 *	reference objects (files or zvols) in other pools, but by
77 *	definition they must have an existing reference, and will never need
78 *	to lookup a spa_t by name.
79 *
80 * spa_refcount (per-spa refcount_t protected by mutex)
81 *
82 *	This reference count keep track of any active users of the spa_t.  The
83 *	spa_t cannot be destroyed or freed while this is non-zero.  Internally,
84 *	the refcount is never really 'zero' - opening a pool implicitly keeps
85 *	some references in the DMU.  Internally we check against spa_minref, but
86 *	present the image of a zero/non-zero value to consumers.
87 *
88 * spa_config_lock[] (per-spa array of rwlocks)
89 *
90 *	This protects the spa_t from config changes, and must be held in
91 *	the following circumstances:
92 *
93 *		- RW_READER to perform I/O to the spa
94 *		- RW_WRITER to change the vdev config
95 *
96 * The locking order is fairly straightforward:
97 *
98 *		spa_namespace_lock	->	spa_refcount
99 *
100 *	The namespace lock must be acquired to increase the refcount from 0
101 *	or to check if it is zero.
102 *
103 *		spa_refcount		->	spa_config_lock[]
104 *
105 *	There must be at least one valid reference on the spa_t to acquire
106 *	the config lock.
107 *
108 *		spa_namespace_lock	->	spa_config_lock[]
109 *
110 *	The namespace lock must always be taken before the config lock.
111 *
112 *
113 * The spa_namespace_lock can be acquired directly and is globally visible.
114 *
115 * The namespace is manipulated using the following functions, all of which
116 * require the spa_namespace_lock to be held.
117 *
118 *	spa_lookup()		Lookup a spa_t by name.
119 *
120 *	spa_add()		Create a new spa_t in the namespace.
121 *
122 *	spa_remove()		Remove a spa_t from the namespace.  This also
123 *				frees up any memory associated with the spa_t.
124 *
125 *	spa_next()		Returns the next spa_t in the system, or the
126 *				first if NULL is passed.
127 *
128 *	spa_evict_all()		Shutdown and remove all spa_t structures in
129 *				the system.
130 *
131 *	spa_guid_exists()	Determine whether a pool/device guid exists.
132 *
133 * The spa_refcount is manipulated using the following functions:
134 *
135 *	spa_open_ref()		Adds a reference to the given spa_t.  Must be
136 *				called with spa_namespace_lock held if the
137 *				refcount is currently zero.
138 *
139 *	spa_close()		Remove a reference from the spa_t.  This will
140 *				not free the spa_t or remove it from the
141 *				namespace.  No locking is required.
142 *
143 *	spa_refcount_zero()	Returns true if the refcount is currently
144 *				zero.  Must be called with spa_namespace_lock
145 *				held.
146 *
147 * The spa_config_lock[] is an array of rwlocks, ordered as follows:
148 * SCL_CONFIG > SCL_STATE > SCL_ALLOC > SCL_ZIO > SCL_FREE > SCL_VDEV.
149 * spa_config_lock[] is manipulated with spa_config_{enter,exit,held}().
150 *
151 * To read the configuration, it suffices to hold one of these locks as reader.
152 * To modify the configuration, you must hold all locks as writer.  To modify
153 * vdev state without altering the vdev tree's topology (e.g. online/offline),
154 * you must hold SCL_STATE and SCL_ZIO as writer.
155 *
156 * We use these distinct config locks to avoid recursive lock entry.
157 * For example, spa_sync() (which holds SCL_CONFIG as reader) induces
158 * block allocations (SCL_ALLOC), which may require reading space maps
159 * from disk (dmu_read() -> zio_read() -> SCL_ZIO).
160 *
161 * The spa config locks cannot be normal rwlocks because we need the
162 * ability to hand off ownership.  For example, SCL_ZIO is acquired
163 * by the issuing thread and later released by an interrupt thread.
164 * They do, however, obey the usual write-wanted semantics to prevent
165 * writer (i.e. system administrator) starvation.
166 *
167 * The lock acquisition rules are as follows:
168 *
169 * SCL_CONFIG
170 *	Protects changes to the vdev tree topology, such as vdev
171 *	add/remove/attach/detach.  Protects the dirty config list
172 *	(spa_config_dirty_list) and the set of spares and l2arc devices.
173 *
174 * SCL_STATE
175 *	Protects changes to pool state and vdev state, such as vdev
176 *	online/offline/fault/degrade/clear.  Protects the dirty state list
177 *	(spa_state_dirty_list) and global pool state (spa_state).
178 *
179 * SCL_ALLOC
180 *	Protects changes to metaslab groups and classes.
181 *	Held as reader by metaslab_alloc() and metaslab_claim().
182 *
183 * SCL_ZIO
184 *	Held by bp-level zios (those which have no io_vd upon entry)
185 *	to prevent changes to the vdev tree.  The bp-level zio implicitly
186 *	protects all of its vdev child zios, which do not hold SCL_ZIO.
187 *
188 * SCL_FREE
189 *	Protects changes to metaslab groups and classes.
190 *	Held as reader by metaslab_free().  SCL_FREE is distinct from
191 *	SCL_ALLOC, and lower than SCL_ZIO, so that we can safely free
192 *	blocks in zio_done() while another i/o that holds either
193 *	SCL_ALLOC or SCL_ZIO is waiting for this i/o to complete.
194 *
195 * SCL_VDEV
196 *	Held as reader to prevent changes to the vdev tree during trivial
197 *	inquiries such as bp_get_dsize().  SCL_VDEV is distinct from the
198 *	other locks, and lower than all of them, to ensure that it's safe
199 *	to acquire regardless of caller context.
200 *
201 * In addition, the following rules apply:
202 *
203 * (a)	spa_props_lock protects pool properties, spa_config and spa_config_list.
204 *	The lock ordering is SCL_CONFIG > spa_props_lock.
205 *
206 * (b)	I/O operations on leaf vdevs.  For any zio operation that takes
207 *	an explicit vdev_t argument -- such as zio_ioctl(), zio_read_phys(),
208 *	or zio_write_phys() -- the caller must ensure that the config cannot
209 *	cannot change in the interim, and that the vdev cannot be reopened.
210 *	SCL_STATE as reader suffices for both.
211 *
212 * The vdev configuration is protected by spa_vdev_enter() / spa_vdev_exit().
213 *
214 *	spa_vdev_enter()	Acquire the namespace lock and the config lock
215 *				for writing.
216 *
217 *	spa_vdev_exit()		Release the config lock, wait for all I/O
218 *				to complete, sync the updated configs to the
219 *				cache, and release the namespace lock.
220 *
221 * vdev state is protected by spa_vdev_state_enter() / spa_vdev_state_exit().
222 * Like spa_vdev_enter/exit, these are convenience wrappers -- the actual
223 * locking is, always, based on spa_namespace_lock and spa_config_lock[].
224 *
225 * spa_rename() is also implemented within this file since it requires
226 * manipulation of the namespace.
227 */
228
229static avl_tree_t spa_namespace_avl;
230kmutex_t spa_namespace_lock;
231static kcondvar_t spa_namespace_cv;
232static int spa_active_count;
233int spa_max_replication_override = SPA_DVAS_PER_BP;
234
235static kmutex_t spa_spare_lock;
236static avl_tree_t spa_spare_avl;
237static kmutex_t spa_l2cache_lock;
238static avl_tree_t spa_l2cache_avl;
239
240kmem_cache_t *spa_buffer_pool;
241int spa_mode_global;
242
243#ifdef ZFS_DEBUG
244/* Everything except dprintf and spa is on by default in debug builds */
245int zfs_flags = ~(ZFS_DEBUG_DPRINTF | ZFS_DEBUG_SPA);
246#else
247int zfs_flags = 0;
248#endif
249
250/*
251 * zfs_recover can be set to nonzero to attempt to recover from
252 * otherwise-fatal errors, typically caused by on-disk corruption.  When
253 * set, calls to zfs_panic_recover() will turn into warning messages.
254 * This should only be used as a last resort, as it typically results
255 * in leaked space, or worse.
256 */
257boolean_t zfs_recover = B_FALSE;
258
259/*
260 * If destroy encounters an EIO while reading metadata (e.g. indirect
261 * blocks), space referenced by the missing metadata can not be freed.
262 * Normally this causes the background destroy to become "stalled", as
263 * it is unable to make forward progress.  While in this stalled state,
264 * all remaining space to free from the error-encountering filesystem is
265 * "temporarily leaked".  Set this flag to cause it to ignore the EIO,
266 * permanently leak the space from indirect blocks that can not be read,
267 * and continue to free everything else that it can.
268 *
269 * The default, "stalling" behavior is useful if the storage partially
270 * fails (i.e. some but not all i/os fail), and then later recovers.  In
271 * this case, we will be able to continue pool operations while it is
272 * partially failed, and when it recovers, we can continue to free the
273 * space, with no leaks.  However, note that this case is actually
274 * fairly rare.
275 *
276 * Typically pools either (a) fail completely (but perhaps temporarily,
277 * e.g. a top-level vdev going offline), or (b) have localized,
278 * permanent errors (e.g. disk returns the wrong data due to bit flip or
279 * firmware bug).  In case (a), this setting does not matter because the
280 * pool will be suspended and the sync thread will not be able to make
281 * forward progress regardless.  In case (b), because the error is
282 * permanent, the best we can do is leak the minimum amount of space,
283 * which is what setting this flag will do.  Therefore, it is reasonable
284 * for this flag to normally be set, but we chose the more conservative
285 * approach of not setting it, so that there is no possibility of
286 * leaking space in the "partial temporary" failure case.
287 */
288boolean_t zfs_free_leak_on_eio = B_FALSE;
289
290/*
291 * Expiration time in milliseconds. This value has two meanings. First it is
292 * used to determine when the spa_deadman() logic should fire. By default the
293 * spa_deadman() will fire if spa_sync() has not completed in 1000 seconds.
294 * Secondly, the value determines if an I/O is considered "hung". Any I/O that
295 * has not completed in zfs_deadman_synctime_ms is considered "hung" resulting
296 * in a system panic.
297 */
298uint64_t zfs_deadman_synctime_ms = 1000000ULL;
299
300/*
301 * Check time in milliseconds. This defines the frequency at which we check
302 * for hung I/O.
303 */
304uint64_t zfs_deadman_checktime_ms = 5000ULL;
305
306/*
307 * Override the zfs deadman behavior via /etc/system. By default the
308 * deadman is enabled except on VMware and sparc deployments.
309 */
310int zfs_deadman_enabled = -1;
311
312/*
313 * The worst case is single-sector max-parity RAID-Z blocks, in which
314 * case the space requirement is exactly (VDEV_RAIDZ_MAXPARITY + 1)
315 * times the size; so just assume that.  Add to this the fact that
316 * we can have up to 3 DVAs per bp, and one more factor of 2 because
317 * the block may be dittoed with up to 3 DVAs by ddt_sync().  All together,
318 * the worst case is:
319 *     (VDEV_RAIDZ_MAXPARITY + 1) * SPA_DVAS_PER_BP * 2 == 24
320 */
321int spa_asize_inflation = 24;
322
323/*
324 * Normally, we don't allow the last 3.2% (1/(2^spa_slop_shift)) of space in
325 * the pool to be consumed.  This ensures that we don't run the pool
326 * completely out of space, due to unaccounted changes (e.g. to the MOS).
327 * It also limits the worst-case time to allocate space.  If we have
328 * less than this amount of free space, most ZPL operations (e.g. write,
329 * create) will return ENOSPC.
330 *
331 * Certain operations (e.g. file removal, most administrative actions) can
332 * use half the slop space.  They will only return ENOSPC if less than half
333 * the slop space is free.  Typically, once the pool has less than the slop
334 * space free, the user will use these operations to free up space in the pool.
335 * These are the operations that call dsl_pool_adjustedsize() with the netfree
336 * argument set to TRUE.
337 *
338 * A very restricted set of operations are always permitted, regardless of
339 * the amount of free space.  These are the operations that call
340 * dsl_sync_task(ZFS_SPACE_CHECK_NONE), e.g. "zfs destroy".  If these
341 * operations result in a net increase in the amount of space used,
342 * it is possible to run the pool completely out of space, causing it to
343 * be permanently read-only.
344 *
345 * Note that on very small pools, the slop space will be larger than
346 * 3.2%, in an effort to have it be at least spa_min_slop (128MB),
347 * but we never allow it to be more than half the pool size.
348 *
349 * See also the comments in zfs_space_check_t.
350 */
351int spa_slop_shift = 5;
352uint64_t spa_min_slop = 128 * 1024 * 1024;
353
354/*
355 * ==========================================================================
356 * SPA config locking
357 * ==========================================================================
358 */
359static void
360spa_config_lock_init(spa_t *spa)
361{
362	for (int i = 0; i < SCL_LOCKS; i++) {
363		spa_config_lock_t *scl = &spa->spa_config_lock[i];
364		mutex_init(&scl->scl_lock, NULL, MUTEX_DEFAULT, NULL);
365		cv_init(&scl->scl_cv, NULL, CV_DEFAULT, NULL);
366		refcount_create_untracked(&scl->scl_count);
367		scl->scl_writer = NULL;
368		scl->scl_write_wanted = 0;
369	}
370}
371
372static void
373spa_config_lock_destroy(spa_t *spa)
374{
375	for (int i = 0; i < SCL_LOCKS; i++) {
376		spa_config_lock_t *scl = &spa->spa_config_lock[i];
377		mutex_destroy(&scl->scl_lock);
378		cv_destroy(&scl->scl_cv);
379		refcount_destroy(&scl->scl_count);
380		ASSERT(scl->scl_writer == NULL);
381		ASSERT(scl->scl_write_wanted == 0);
382	}
383}
384
385int
386spa_config_tryenter(spa_t *spa, int locks, void *tag, krw_t rw)
387{
388	for (int i = 0; i < SCL_LOCKS; i++) {
389		spa_config_lock_t *scl = &spa->spa_config_lock[i];
390		if (!(locks & (1 << i)))
391			continue;
392		mutex_enter(&scl->scl_lock);
393		if (rw == RW_READER) {
394			if (scl->scl_writer || scl->scl_write_wanted) {
395				mutex_exit(&scl->scl_lock);
396				spa_config_exit(spa, locks & ((1 << i) - 1),
397				    tag);
398				return (0);
399			}
400		} else {
401			ASSERT(scl->scl_writer != curthread);
402			if (!refcount_is_zero(&scl->scl_count)) {
403				mutex_exit(&scl->scl_lock);
404				spa_config_exit(spa, locks & ((1 << i) - 1),
405				    tag);
406				return (0);
407			}
408			scl->scl_writer = curthread;
409		}
410		(void) refcount_add(&scl->scl_count, tag);
411		mutex_exit(&scl->scl_lock);
412	}
413	return (1);
414}
415
416void
417spa_config_enter(spa_t *spa, int locks, void *tag, krw_t rw)
418{
419	int wlocks_held = 0;
420
421	ASSERT3U(SCL_LOCKS, <, sizeof (wlocks_held) * NBBY);
422
423	for (int i = 0; i < SCL_LOCKS; i++) {
424		spa_config_lock_t *scl = &spa->spa_config_lock[i];
425		if (scl->scl_writer == curthread)
426			wlocks_held |= (1 << i);
427		if (!(locks & (1 << i)))
428			continue;
429		mutex_enter(&scl->scl_lock);
430		if (rw == RW_READER) {
431			while (scl->scl_writer || scl->scl_write_wanted) {
432				cv_wait(&scl->scl_cv, &scl->scl_lock);
433			}
434		} else {
435			ASSERT(scl->scl_writer != curthread);
436			while (!refcount_is_zero(&scl->scl_count)) {
437				scl->scl_write_wanted++;
438				cv_wait(&scl->scl_cv, &scl->scl_lock);
439				scl->scl_write_wanted--;
440			}
441			scl->scl_writer = curthread;
442		}
443		(void) refcount_add(&scl->scl_count, tag);
444		mutex_exit(&scl->scl_lock);
445	}
446	ASSERT(wlocks_held <= locks);
447}
448
449void
450spa_config_exit(spa_t *spa, int locks, void *tag)
451{
452	for (int i = SCL_LOCKS - 1; i >= 0; i--) {
453		spa_config_lock_t *scl = &spa->spa_config_lock[i];
454		if (!(locks & (1 << i)))
455			continue;
456		mutex_enter(&scl->scl_lock);
457		ASSERT(!refcount_is_zero(&scl->scl_count));
458		if (refcount_remove(&scl->scl_count, tag) == 0) {
459			ASSERT(scl->scl_writer == NULL ||
460			    scl->scl_writer == curthread);
461			scl->scl_writer = NULL;	/* OK in either case */
462			cv_broadcast(&scl->scl_cv);
463		}
464		mutex_exit(&scl->scl_lock);
465	}
466}
467
468int
469spa_config_held(spa_t *spa, int locks, krw_t rw)
470{
471	int locks_held = 0;
472
473	for (int i = 0; i < SCL_LOCKS; i++) {
474		spa_config_lock_t *scl = &spa->spa_config_lock[i];
475		if (!(locks & (1 << i)))
476			continue;
477		if ((rw == RW_READER && !refcount_is_zero(&scl->scl_count)) ||
478		    (rw == RW_WRITER && scl->scl_writer == curthread))
479			locks_held |= 1 << i;
480	}
481
482	return (locks_held);
483}
484
485/*
486 * ==========================================================================
487 * SPA namespace functions
488 * ==========================================================================
489 */
490
491/*
492 * Lookup the named spa_t in the AVL tree.  The spa_namespace_lock must be held.
493 * Returns NULL if no matching spa_t is found.
494 */
495spa_t *
496spa_lookup(const char *name)
497{
498	static spa_t search;	/* spa_t is large; don't allocate on stack */
499	spa_t *spa;
500	avl_index_t where;
501	char *cp;
502
503	ASSERT(MUTEX_HELD(&spa_namespace_lock));
504
505	(void) strlcpy(search.spa_name, name, sizeof (search.spa_name));
506
507	/*
508	 * If it's a full dataset name, figure out the pool name and
509	 * just use that.
510	 */
511	cp = strpbrk(search.spa_name, "/@#");
512	if (cp != NULL)
513		*cp = '\0';
514
515	spa = avl_find(&spa_namespace_avl, &search, &where);
516
517	return (spa);
518}
519
520/*
521 * Fires when spa_sync has not completed within zfs_deadman_synctime_ms.
522 * If the zfs_deadman_enabled flag is set then it inspects all vdev queues
523 * looking for potentially hung I/Os.
524 */
525void
526spa_deadman(void *arg)
527{
528	spa_t *spa = arg;
529
530	/*
531	 * Disable the deadman timer if the pool is suspended.
532	 */
533	if (spa_suspended(spa)) {
534		VERIFY(cyclic_reprogram(spa->spa_deadman_cycid, CY_INFINITY));
535		return;
536	}
537
538	zfs_dbgmsg("slow spa_sync: started %llu seconds ago, calls %llu",
539	    (gethrtime() - spa->spa_sync_starttime) / NANOSEC,
540	    ++spa->spa_deadman_calls);
541	if (zfs_deadman_enabled)
542		vdev_deadman(spa->spa_root_vdev);
543}
544
545/*
546 * Create an uninitialized spa_t with the given name.  Requires
547 * spa_namespace_lock.  The caller must ensure that the spa_t doesn't already
548 * exist by calling spa_lookup() first.
549 */
550spa_t *
551spa_add(const char *name, nvlist_t *config, const char *altroot)
552{
553	spa_t *spa;
554	spa_config_dirent_t *dp;
555	cyc_handler_t hdlr;
556	cyc_time_t when;
557
558	ASSERT(MUTEX_HELD(&spa_namespace_lock));
559
560	spa = kmem_zalloc(sizeof (spa_t), KM_SLEEP);
561
562	mutex_init(&spa->spa_async_lock, NULL, MUTEX_DEFAULT, NULL);
563	mutex_init(&spa->spa_errlist_lock, NULL, MUTEX_DEFAULT, NULL);
564	mutex_init(&spa->spa_errlog_lock, NULL, MUTEX_DEFAULT, NULL);
565	mutex_init(&spa->spa_evicting_os_lock, NULL, MUTEX_DEFAULT, NULL);
566	mutex_init(&spa->spa_history_lock, NULL, MUTEX_DEFAULT, NULL);
567	mutex_init(&spa->spa_proc_lock, NULL, MUTEX_DEFAULT, NULL);
568	mutex_init(&spa->spa_props_lock, NULL, MUTEX_DEFAULT, NULL);
569	mutex_init(&spa->spa_cksum_tmpls_lock, NULL, MUTEX_DEFAULT, NULL);
570	mutex_init(&spa->spa_scrub_lock, NULL, MUTEX_DEFAULT, NULL);
571	mutex_init(&spa->spa_suspend_lock, NULL, MUTEX_DEFAULT, NULL);
572	mutex_init(&spa->spa_vdev_top_lock, NULL, MUTEX_DEFAULT, NULL);
573	mutex_init(&spa->spa_iokstat_lock, NULL, MUTEX_DEFAULT, NULL);
574	mutex_init(&spa->spa_alloc_lock, NULL, MUTEX_DEFAULT, NULL);
575
576	cv_init(&spa->spa_async_cv, NULL, CV_DEFAULT, NULL);
577	cv_init(&spa->spa_evicting_os_cv, NULL, CV_DEFAULT, NULL);
578	cv_init(&spa->spa_proc_cv, NULL, CV_DEFAULT, NULL);
579	cv_init(&spa->spa_scrub_io_cv, NULL, CV_DEFAULT, NULL);
580	cv_init(&spa->spa_suspend_cv, NULL, CV_DEFAULT, NULL);
581
582	for (int t = 0; t < TXG_SIZE; t++)
583		bplist_create(&spa->spa_free_bplist[t]);
584
585	(void) strlcpy(spa->spa_name, name, sizeof (spa->spa_name));
586	spa->spa_state = POOL_STATE_UNINITIALIZED;
587	spa->spa_freeze_txg = UINT64_MAX;
588	spa->spa_final_txg = UINT64_MAX;
589	spa->spa_load_max_txg = UINT64_MAX;
590	spa->spa_proc = &p0;
591	spa->spa_proc_state = SPA_PROC_NONE;
592
593	hdlr.cyh_func = spa_deadman;
594	hdlr.cyh_arg = spa;
595	hdlr.cyh_level = CY_LOW_LEVEL;
596
597	spa->spa_deadman_synctime = MSEC2NSEC(zfs_deadman_synctime_ms);
598
599	/*
600	 * This determines how often we need to check for hung I/Os after
601	 * the cyclic has already fired. Since checking for hung I/Os is
602	 * an expensive operation we don't want to check too frequently.
603	 * Instead wait for 5 seconds before checking again.
604	 */
605	when.cyt_interval = MSEC2NSEC(zfs_deadman_checktime_ms);
606	when.cyt_when = CY_INFINITY;
607	mutex_enter(&cpu_lock);
608	spa->spa_deadman_cycid = cyclic_add(&hdlr, &when);
609	mutex_exit(&cpu_lock);
610
611	refcount_create(&spa->spa_refcount);
612	spa_config_lock_init(spa);
613
614	avl_add(&spa_namespace_avl, spa);
615
616	/*
617	 * Set the alternate root, if there is one.
618	 */
619	if (altroot) {
620		spa->spa_root = spa_strdup(altroot);
621		spa_active_count++;
622	}
623
624	avl_create(&spa->spa_alloc_tree, zio_bookmark_compare,
625	    sizeof (zio_t), offsetof(zio_t, io_alloc_node));
626
627	/*
628	 * Every pool starts with the default cachefile
629	 */
630	list_create(&spa->spa_config_list, sizeof (spa_config_dirent_t),
631	    offsetof(spa_config_dirent_t, scd_link));
632
633	dp = kmem_zalloc(sizeof (spa_config_dirent_t), KM_SLEEP);
634	dp->scd_path = altroot ? NULL : spa_strdup(spa_config_path);
635	list_insert_head(&spa->spa_config_list, dp);
636
637	VERIFY(nvlist_alloc(&spa->spa_load_info, NV_UNIQUE_NAME,
638	    KM_SLEEP) == 0);
639
640	if (config != NULL) {
641		nvlist_t *features;
642
643		if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_FEATURES_FOR_READ,
644		    &features) == 0) {
645			VERIFY(nvlist_dup(features, &spa->spa_label_features,
646			    0) == 0);
647		}
648
649		VERIFY(nvlist_dup(config, &spa->spa_config, 0) == 0);
650	}
651
652	if (spa->spa_label_features == NULL) {
653		VERIFY(nvlist_alloc(&spa->spa_label_features, NV_UNIQUE_NAME,
654		    KM_SLEEP) == 0);
655	}
656
657	spa->spa_iokstat = kstat_create("zfs", 0, name,
658	    "disk", KSTAT_TYPE_IO, 1, 0);
659	if (spa->spa_iokstat) {
660		spa->spa_iokstat->ks_lock = &spa->spa_iokstat_lock;
661		kstat_install(spa->spa_iokstat);
662	}
663
664	spa->spa_debug = ((zfs_flags & ZFS_DEBUG_SPA) != 0);
665
666	spa->spa_min_ashift = INT_MAX;
667	spa->spa_max_ashift = 0;
668
669	/*
670	 * As a pool is being created, treat all features as disabled by
671	 * setting SPA_FEATURE_DISABLED for all entries in the feature
672	 * refcount cache.
673	 */
674	for (int i = 0; i < SPA_FEATURES; i++) {
675		spa->spa_feat_refcount_cache[i] = SPA_FEATURE_DISABLED;
676	}
677
678	return (spa);
679}
680
681/*
682 * Removes a spa_t from the namespace, freeing up any memory used.  Requires
683 * spa_namespace_lock.  This is called only after the spa_t has been closed and
684 * deactivated.
685 */
686void
687spa_remove(spa_t *spa)
688{
689	spa_config_dirent_t *dp;
690
691	ASSERT(MUTEX_HELD(&spa_namespace_lock));
692	ASSERT(spa->spa_state == POOL_STATE_UNINITIALIZED);
693	ASSERT3U(refcount_count(&spa->spa_refcount), ==, 0);
694
695	nvlist_free(spa->spa_config_splitting);
696
697	avl_remove(&spa_namespace_avl, spa);
698	cv_broadcast(&spa_namespace_cv);
699
700	if (spa->spa_root) {
701		spa_strfree(spa->spa_root);
702		spa_active_count--;
703	}
704
705	while ((dp = list_head(&spa->spa_config_list)) != NULL) {
706		list_remove(&spa->spa_config_list, dp);
707		if (dp->scd_path != NULL)
708			spa_strfree(dp->scd_path);
709		kmem_free(dp, sizeof (spa_config_dirent_t));
710	}
711
712	avl_destroy(&spa->spa_alloc_tree);
713	list_destroy(&spa->spa_config_list);
714
715	nvlist_free(spa->spa_label_features);
716	nvlist_free(spa->spa_load_info);
717	spa_config_set(spa, NULL);
718
719	mutex_enter(&cpu_lock);
720	if (spa->spa_deadman_cycid != CYCLIC_NONE)
721		cyclic_remove(spa->spa_deadman_cycid);
722	mutex_exit(&cpu_lock);
723	spa->spa_deadman_cycid = CYCLIC_NONE;
724
725	refcount_destroy(&spa->spa_refcount);
726
727	spa_config_lock_destroy(spa);
728
729	kstat_delete(spa->spa_iokstat);
730	spa->spa_iokstat = NULL;
731
732	for (int t = 0; t < TXG_SIZE; t++)
733		bplist_destroy(&spa->spa_free_bplist[t]);
734
735	zio_checksum_templates_free(spa);
736
737	cv_destroy(&spa->spa_async_cv);
738	cv_destroy(&spa->spa_evicting_os_cv);
739	cv_destroy(&spa->spa_proc_cv);
740	cv_destroy(&spa->spa_scrub_io_cv);
741	cv_destroy(&spa->spa_suspend_cv);
742
743	mutex_destroy(&spa->spa_alloc_lock);
744	mutex_destroy(&spa->spa_async_lock);
745	mutex_destroy(&spa->spa_errlist_lock);
746	mutex_destroy(&spa->spa_errlog_lock);
747	mutex_destroy(&spa->spa_evicting_os_lock);
748	mutex_destroy(&spa->spa_history_lock);
749	mutex_destroy(&spa->spa_proc_lock);
750	mutex_destroy(&spa->spa_props_lock);
751	mutex_destroy(&spa->spa_cksum_tmpls_lock);
752	mutex_destroy(&spa->spa_scrub_lock);
753	mutex_destroy(&spa->spa_suspend_lock);
754	mutex_destroy(&spa->spa_vdev_top_lock);
755	mutex_destroy(&spa->spa_iokstat_lock);
756
757	kmem_free(spa, sizeof (spa_t));
758}
759
760/*
761 * Given a pool, return the next pool in the namespace, or NULL if there is
762 * none.  If 'prev' is NULL, return the first pool.
763 */
764spa_t *
765spa_next(spa_t *prev)
766{
767	ASSERT(MUTEX_HELD(&spa_namespace_lock));
768
769	if (prev)
770		return (AVL_NEXT(&spa_namespace_avl, prev));
771	else
772		return (avl_first(&spa_namespace_avl));
773}
774
775/*
776 * ==========================================================================
777 * SPA refcount functions
778 * ==========================================================================
779 */
780
781/*
782 * Add a reference to the given spa_t.  Must have at least one reference, or
783 * have the namespace lock held.
784 */
785void
786spa_open_ref(spa_t *spa, void *tag)
787{
788	ASSERT(refcount_count(&spa->spa_refcount) >= spa->spa_minref ||
789	    MUTEX_HELD(&spa_namespace_lock));
790	(void) refcount_add(&spa->spa_refcount, tag);
791}
792
793/*
794 * Remove a reference to the given spa_t.  Must have at least one reference, or
795 * have the namespace lock held.
796 */
797void
798spa_close(spa_t *spa, void *tag)
799{
800	ASSERT(refcount_count(&spa->spa_refcount) > spa->spa_minref ||
801	    MUTEX_HELD(&spa_namespace_lock));
802	(void) refcount_remove(&spa->spa_refcount, tag);
803}
804
805/*
806 * Remove a reference to the given spa_t held by a dsl dir that is
807 * being asynchronously released.  Async releases occur from a taskq
808 * performing eviction of dsl datasets and dirs.  The namespace lock
809 * isn't held and the hold by the object being evicted may contribute to
810 * spa_minref (e.g. dataset or directory released during pool export),
811 * so the asserts in spa_close() do not apply.
812 */
813void
814spa_async_close(spa_t *spa, void *tag)
815{
816	(void) refcount_remove(&spa->spa_refcount, tag);
817}
818
819/*
820 * Check to see if the spa refcount is zero.  Must be called with
821 * spa_namespace_lock held.  We really compare against spa_minref, which is the
822 * number of references acquired when opening a pool
823 */
824boolean_t
825spa_refcount_zero(spa_t *spa)
826{
827	ASSERT(MUTEX_HELD(&spa_namespace_lock));
828
829	return (refcount_count(&spa->spa_refcount) == spa->spa_minref);
830}
831
832/*
833 * ==========================================================================
834 * SPA spare and l2cache tracking
835 * ==========================================================================
836 */
837
838/*
839 * Hot spares and cache devices are tracked using the same code below,
840 * for 'auxiliary' devices.
841 */
842
843typedef struct spa_aux {
844	uint64_t	aux_guid;
845	uint64_t	aux_pool;
846	avl_node_t	aux_avl;
847	int		aux_count;
848} spa_aux_t;
849
850static int
851spa_aux_compare(const void *a, const void *b)
852{
853	const spa_aux_t *sa = a;
854	const spa_aux_t *sb = b;
855
856	if (sa->aux_guid < sb->aux_guid)
857		return (-1);
858	else if (sa->aux_guid > sb->aux_guid)
859		return (1);
860	else
861		return (0);
862}
863
864void
865spa_aux_add(vdev_t *vd, avl_tree_t *avl)
866{
867	avl_index_t where;
868	spa_aux_t search;
869	spa_aux_t *aux;
870
871	search.aux_guid = vd->vdev_guid;
872	if ((aux = avl_find(avl, &search, &where)) != NULL) {
873		aux->aux_count++;
874	} else {
875		aux = kmem_zalloc(sizeof (spa_aux_t), KM_SLEEP);
876		aux->aux_guid = vd->vdev_guid;
877		aux->aux_count = 1;
878		avl_insert(avl, aux, where);
879	}
880}
881
882void
883spa_aux_remove(vdev_t *vd, avl_tree_t *avl)
884{
885	spa_aux_t search;
886	spa_aux_t *aux;
887	avl_index_t where;
888
889	search.aux_guid = vd->vdev_guid;
890	aux = avl_find(avl, &search, &where);
891
892	ASSERT(aux != NULL);
893
894	if (--aux->aux_count == 0) {
895		avl_remove(avl, aux);
896		kmem_free(aux, sizeof (spa_aux_t));
897	} else if (aux->aux_pool == spa_guid(vd->vdev_spa)) {
898		aux->aux_pool = 0ULL;
899	}
900}
901
902boolean_t
903spa_aux_exists(uint64_t guid, uint64_t *pool, int *refcnt, avl_tree_t *avl)
904{
905	spa_aux_t search, *found;
906
907	search.aux_guid = guid;
908	found = avl_find(avl, &search, NULL);
909
910	if (pool) {
911		if (found)
912			*pool = found->aux_pool;
913		else
914			*pool = 0ULL;
915	}
916
917	if (refcnt) {
918		if (found)
919			*refcnt = found->aux_count;
920		else
921			*refcnt = 0;
922	}
923
924	return (found != NULL);
925}
926
927void
928spa_aux_activate(vdev_t *vd, avl_tree_t *avl)
929{
930	spa_aux_t search, *found;
931	avl_index_t where;
932
933	search.aux_guid = vd->vdev_guid;
934	found = avl_find(avl, &search, &where);
935	ASSERT(found != NULL);
936	ASSERT(found->aux_pool == 0ULL);
937
938	found->aux_pool = spa_guid(vd->vdev_spa);
939}
940
941/*
942 * Spares are tracked globally due to the following constraints:
943 *
944 * 	- A spare may be part of multiple pools.
945 * 	- A spare may be added to a pool even if it's actively in use within
946 *	  another pool.
947 * 	- A spare in use in any pool can only be the source of a replacement if
948 *	  the target is a spare in the same pool.
949 *
950 * We keep track of all spares on the system through the use of a reference
951 * counted AVL tree.  When a vdev is added as a spare, or used as a replacement
952 * spare, then we bump the reference count in the AVL tree.  In addition, we set
953 * the 'vdev_isspare' member to indicate that the device is a spare (active or
954 * inactive).  When a spare is made active (used to replace a device in the
955 * pool), we also keep track of which pool its been made a part of.
956 *
957 * The 'spa_spare_lock' protects the AVL tree.  These functions are normally
958 * called under the spa_namespace lock as part of vdev reconfiguration.  The
959 * separate spare lock exists for the status query path, which does not need to
960 * be completely consistent with respect to other vdev configuration changes.
961 */
962
963static int
964spa_spare_compare(const void *a, const void *b)
965{
966	return (spa_aux_compare(a, b));
967}
968
969void
970spa_spare_add(vdev_t *vd)
971{
972	mutex_enter(&spa_spare_lock);
973	ASSERT(!vd->vdev_isspare);
974	spa_aux_add(vd, &spa_spare_avl);
975	vd->vdev_isspare = B_TRUE;
976	mutex_exit(&spa_spare_lock);
977}
978
979void
980spa_spare_remove(vdev_t *vd)
981{
982	mutex_enter(&spa_spare_lock);
983	ASSERT(vd->vdev_isspare);
984	spa_aux_remove(vd, &spa_spare_avl);
985	vd->vdev_isspare = B_FALSE;
986	mutex_exit(&spa_spare_lock);
987}
988
989boolean_t
990spa_spare_exists(uint64_t guid, uint64_t *pool, int *refcnt)
991{
992	boolean_t found;
993
994	mutex_enter(&spa_spare_lock);
995	found = spa_aux_exists(guid, pool, refcnt, &spa_spare_avl);
996	mutex_exit(&spa_spare_lock);
997
998	return (found);
999}
1000
1001void
1002spa_spare_activate(vdev_t *vd)
1003{
1004	mutex_enter(&spa_spare_lock);
1005	ASSERT(vd->vdev_isspare);
1006	spa_aux_activate(vd, &spa_spare_avl);
1007	mutex_exit(&spa_spare_lock);
1008}
1009
1010/*
1011 * Level 2 ARC devices are tracked globally for the same reasons as spares.
1012 * Cache devices currently only support one pool per cache device, and so
1013 * for these devices the aux reference count is currently unused beyond 1.
1014 */
1015
1016static int
1017spa_l2cache_compare(const void *a, const void *b)
1018{
1019	return (spa_aux_compare(a, b));
1020}
1021
1022void
1023spa_l2cache_add(vdev_t *vd)
1024{
1025	mutex_enter(&spa_l2cache_lock);
1026	ASSERT(!vd->vdev_isl2cache);
1027	spa_aux_add(vd, &spa_l2cache_avl);
1028	vd->vdev_isl2cache = B_TRUE;
1029	mutex_exit(&spa_l2cache_lock);
1030}
1031
1032void
1033spa_l2cache_remove(vdev_t *vd)
1034{
1035	mutex_enter(&spa_l2cache_lock);
1036	ASSERT(vd->vdev_isl2cache);
1037	spa_aux_remove(vd, &spa_l2cache_avl);
1038	vd->vdev_isl2cache = B_FALSE;
1039	mutex_exit(&spa_l2cache_lock);
1040}
1041
1042boolean_t
1043spa_l2cache_exists(uint64_t guid, uint64_t *pool)
1044{
1045	boolean_t found;
1046
1047	mutex_enter(&spa_l2cache_lock);
1048	found = spa_aux_exists(guid, pool, NULL, &spa_l2cache_avl);
1049	mutex_exit(&spa_l2cache_lock);
1050
1051	return (found);
1052}
1053
1054void
1055spa_l2cache_activate(vdev_t *vd)
1056{
1057	mutex_enter(&spa_l2cache_lock);
1058	ASSERT(vd->vdev_isl2cache);
1059	spa_aux_activate(vd, &spa_l2cache_avl);
1060	mutex_exit(&spa_l2cache_lock);
1061}
1062
1063/*
1064 * ==========================================================================
1065 * SPA vdev locking
1066 * ==========================================================================
1067 */
1068
1069/*
1070 * Lock the given spa_t for the purpose of adding or removing a vdev.
1071 * Grabs the global spa_namespace_lock plus the spa config lock for writing.
1072 * It returns the next transaction group for the spa_t.
1073 */
1074uint64_t
1075spa_vdev_enter(spa_t *spa)
1076{
1077	mutex_enter(&spa->spa_vdev_top_lock);
1078	mutex_enter(&spa_namespace_lock);
1079	return (spa_vdev_config_enter(spa));
1080}
1081
1082/*
1083 * Internal implementation for spa_vdev_enter().  Used when a vdev
1084 * operation requires multiple syncs (i.e. removing a device) while
1085 * keeping the spa_namespace_lock held.
1086 */
1087uint64_t
1088spa_vdev_config_enter(spa_t *spa)
1089{
1090	ASSERT(MUTEX_HELD(&spa_namespace_lock));
1091
1092	spa_config_enter(spa, SCL_ALL, spa, RW_WRITER);
1093
1094	return (spa_last_synced_txg(spa) + 1);
1095}
1096
1097/*
1098 * Used in combination with spa_vdev_config_enter() to allow the syncing
1099 * of multiple transactions without releasing the spa_namespace_lock.
1100 */
1101void
1102spa_vdev_config_exit(spa_t *spa, vdev_t *vd, uint64_t txg, int error, char *tag)
1103{
1104	ASSERT(MUTEX_HELD(&spa_namespace_lock));
1105
1106	int config_changed = B_FALSE;
1107
1108	ASSERT(txg > spa_last_synced_txg(spa));
1109
1110	spa->spa_pending_vdev = NULL;
1111
1112	/*
1113	 * Reassess the DTLs.
1114	 */
1115	vdev_dtl_reassess(spa->spa_root_vdev, 0, 0, B_FALSE);
1116
1117	if (error == 0 && !list_is_empty(&spa->spa_config_dirty_list)) {
1118		config_changed = B_TRUE;
1119		spa->spa_config_generation++;
1120	}
1121
1122	/*
1123	 * Verify the metaslab classes.
1124	 */
1125	ASSERT(metaslab_class_validate(spa_normal_class(spa)) == 0);
1126	ASSERT(metaslab_class_validate(spa_log_class(spa)) == 0);
1127
1128	spa_config_exit(spa, SCL_ALL, spa);
1129
1130	/*
1131	 * Panic the system if the specified tag requires it.  This
1132	 * is useful for ensuring that configurations are updated
1133	 * transactionally.
1134	 */
1135	if (zio_injection_enabled)
1136		zio_handle_panic_injection(spa, tag, 0);
1137
1138	/*
1139	 * Note: this txg_wait_synced() is important because it ensures
1140	 * that there won't be more than one config change per txg.
1141	 * This allows us to use the txg as the generation number.
1142	 */
1143	if (error == 0)
1144		txg_wait_synced(spa->spa_dsl_pool, txg);
1145
1146	if (vd != NULL) {
1147		ASSERT(!vd->vdev_detached || vd->vdev_dtl_sm == NULL);
1148		spa_config_enter(spa, SCL_ALL, spa, RW_WRITER);
1149		vdev_free(vd);
1150		spa_config_exit(spa, SCL_ALL, spa);
1151	}
1152
1153	/*
1154	 * If the config changed, update the config cache.
1155	 */
1156	if (config_changed)
1157		spa_config_sync(spa, B_FALSE, B_TRUE);
1158}
1159
1160/*
1161 * Unlock the spa_t after adding or removing a vdev.  Besides undoing the
1162 * locking of spa_vdev_enter(), we also want make sure the transactions have
1163 * synced to disk, and then update the global configuration cache with the new
1164 * information.
1165 */
1166int
1167spa_vdev_exit(spa_t *spa, vdev_t *vd, uint64_t txg, int error)
1168{
1169	spa_vdev_config_exit(spa, vd, txg, error, FTAG);
1170	mutex_exit(&spa_namespace_lock);
1171	mutex_exit(&spa->spa_vdev_top_lock);
1172
1173	return (error);
1174}
1175
1176/*
1177 * Lock the given spa_t for the purpose of changing vdev state.
1178 */
1179void
1180spa_vdev_state_enter(spa_t *spa, int oplocks)
1181{
1182	int locks = SCL_STATE_ALL | oplocks;
1183
1184	/*
1185	 * Root pools may need to read of the underlying devfs filesystem
1186	 * when opening up a vdev.  Unfortunately if we're holding the
1187	 * SCL_ZIO lock it will result in a deadlock when we try to issue
1188	 * the read from the root filesystem.  Instead we "prefetch"
1189	 * the associated vnodes that we need prior to opening the
1190	 * underlying devices and cache them so that we can prevent
1191	 * any I/O when we are doing the actual open.
1192	 */
1193	if (spa_is_root(spa)) {
1194		int low = locks & ~(SCL_ZIO - 1);
1195		int high = locks & ~low;
1196
1197		spa_config_enter(spa, high, spa, RW_WRITER);
1198		vdev_hold(spa->spa_root_vdev);
1199		spa_config_enter(spa, low, spa, RW_WRITER);
1200	} else {
1201		spa_config_enter(spa, locks, spa, RW_WRITER);
1202	}
1203	spa->spa_vdev_locks = locks;
1204}
1205
1206int
1207spa_vdev_state_exit(spa_t *spa, vdev_t *vd, int error)
1208{
1209	boolean_t config_changed = B_FALSE;
1210
1211	if (vd != NULL || error == 0)
1212		vdev_dtl_reassess(vd ? vd->vdev_top : spa->spa_root_vdev,
1213		    0, 0, B_FALSE);
1214
1215	if (vd != NULL) {
1216		vdev_state_dirty(vd->vdev_top);
1217		config_changed = B_TRUE;
1218		spa->spa_config_generation++;
1219	}
1220
1221	if (spa_is_root(spa))
1222		vdev_rele(spa->spa_root_vdev);
1223
1224	ASSERT3U(spa->spa_vdev_locks, >=, SCL_STATE_ALL);
1225	spa_config_exit(spa, spa->spa_vdev_locks, spa);
1226
1227	/*
1228	 * If anything changed, wait for it to sync.  This ensures that,
1229	 * from the system administrator's perspective, zpool(1M) commands
1230	 * are synchronous.  This is important for things like zpool offline:
1231	 * when the command completes, you expect no further I/O from ZFS.
1232	 */
1233	if (vd != NULL)
1234		txg_wait_synced(spa->spa_dsl_pool, 0);
1235
1236	/*
1237	 * If the config changed, update the config cache.
1238	 */
1239	if (config_changed) {
1240		mutex_enter(&spa_namespace_lock);
1241		spa_config_sync(spa, B_FALSE, B_TRUE);
1242		mutex_exit(&spa_namespace_lock);
1243	}
1244
1245	return (error);
1246}
1247
1248/*
1249 * ==========================================================================
1250 * Miscellaneous functions
1251 * ==========================================================================
1252 */
1253
1254void
1255spa_activate_mos_feature(spa_t *spa, const char *feature, dmu_tx_t *tx)
1256{
1257	if (!nvlist_exists(spa->spa_label_features, feature)) {
1258		fnvlist_add_boolean(spa->spa_label_features, feature);
1259		/*
1260		 * When we are creating the pool (tx_txg==TXG_INITIAL), we can't
1261		 * dirty the vdev config because lock SCL_CONFIG is not held.
1262		 * Thankfully, in this case we don't need to dirty the config
1263		 * because it will be written out anyway when we finish
1264		 * creating the pool.
1265		 */
1266		if (tx->tx_txg != TXG_INITIAL)
1267			vdev_config_dirty(spa->spa_root_vdev);
1268	}
1269}
1270
1271void
1272spa_deactivate_mos_feature(spa_t *spa, const char *feature)
1273{
1274	if (nvlist_remove_all(spa->spa_label_features, feature) == 0)
1275		vdev_config_dirty(spa->spa_root_vdev);
1276}
1277
1278/*
1279 * Rename a spa_t.
1280 */
1281int
1282spa_rename(const char *name, const char *newname)
1283{
1284	spa_t *spa;
1285	int err;
1286
1287	/*
1288	 * Lookup the spa_t and grab the config lock for writing.  We need to
1289	 * actually open the pool so that we can sync out the necessary labels.
1290	 * It's OK to call spa_open() with the namespace lock held because we
1291	 * allow recursive calls for other reasons.
1292	 */
1293	mutex_enter(&spa_namespace_lock);
1294	if ((err = spa_open(name, &spa, FTAG)) != 0) {
1295		mutex_exit(&spa_namespace_lock);
1296		return (err);
1297	}
1298
1299	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
1300
1301	avl_remove(&spa_namespace_avl, spa);
1302	(void) strlcpy(spa->spa_name, newname, sizeof (spa->spa_name));
1303	avl_add(&spa_namespace_avl, spa);
1304
1305	/*
1306	 * Sync all labels to disk with the new names by marking the root vdev
1307	 * dirty and waiting for it to sync.  It will pick up the new pool name
1308	 * during the sync.
1309	 */
1310	vdev_config_dirty(spa->spa_root_vdev);
1311
1312	spa_config_exit(spa, SCL_ALL, FTAG);
1313
1314	txg_wait_synced(spa->spa_dsl_pool, 0);
1315
1316	/*
1317	 * Sync the updated config cache.
1318	 */
1319	spa_config_sync(spa, B_FALSE, B_TRUE);
1320
1321	spa_close(spa, FTAG);
1322
1323	mutex_exit(&spa_namespace_lock);
1324
1325	return (0);
1326}
1327
1328/*
1329 * Return the spa_t associated with given pool_guid, if it exists.  If
1330 * device_guid is non-zero, determine whether the pool exists *and* contains
1331 * a device with the specified device_guid.
1332 */
1333spa_t *
1334spa_by_guid(uint64_t pool_guid, uint64_t device_guid)
1335{
1336	spa_t *spa;
1337	avl_tree_t *t = &spa_namespace_avl;
1338
1339	ASSERT(MUTEX_HELD(&spa_namespace_lock));
1340
1341	for (spa = avl_first(t); spa != NULL; spa = AVL_NEXT(t, spa)) {
1342		if (spa->spa_state == POOL_STATE_UNINITIALIZED)
1343			continue;
1344		if (spa->spa_root_vdev == NULL)
1345			continue;
1346		if (spa_guid(spa) == pool_guid) {
1347			if (device_guid == 0)
1348				break;
1349
1350			if (vdev_lookup_by_guid(spa->spa_root_vdev,
1351			    device_guid) != NULL)
1352				break;
1353
1354			/*
1355			 * Check any devices we may be in the process of adding.
1356			 */
1357			if (spa->spa_pending_vdev) {
1358				if (vdev_lookup_by_guid(spa->spa_pending_vdev,
1359				    device_guid) != NULL)
1360					break;
1361			}
1362		}
1363	}
1364
1365	return (spa);
1366}
1367
1368/*
1369 * Determine whether a pool with the given pool_guid exists.
1370 */
1371boolean_t
1372spa_guid_exists(uint64_t pool_guid, uint64_t device_guid)
1373{
1374	return (spa_by_guid(pool_guid, device_guid) != NULL);
1375}
1376
1377char *
1378spa_strdup(const char *s)
1379{
1380	size_t len;
1381	char *new;
1382
1383	len = strlen(s);
1384	new = kmem_alloc(len + 1, KM_SLEEP);
1385	bcopy(s, new, len);
1386	new[len] = '\0';
1387
1388	return (new);
1389}
1390
1391void
1392spa_strfree(char *s)
1393{
1394	kmem_free(s, strlen(s) + 1);
1395}
1396
1397uint64_t
1398spa_get_random(uint64_t range)
1399{
1400	uint64_t r;
1401
1402	ASSERT(range != 0);
1403
1404	(void) random_get_pseudo_bytes((void *)&r, sizeof (uint64_t));
1405
1406	return (r % range);
1407}
1408
1409uint64_t
1410spa_generate_guid(spa_t *spa)
1411{
1412	uint64_t guid = spa_get_random(-1ULL);
1413
1414	if (spa != NULL) {
1415		while (guid == 0 || spa_guid_exists(spa_guid(spa), guid))
1416			guid = spa_get_random(-1ULL);
1417	} else {
1418		while (guid == 0 || spa_guid_exists(guid, 0))
1419			guid = spa_get_random(-1ULL);
1420	}
1421
1422	return (guid);
1423}
1424
1425void
1426snprintf_blkptr(char *buf, size_t buflen, const blkptr_t *bp)
1427{
1428	char type[256];
1429	char *checksum = NULL;
1430	char *compress = NULL;
1431
1432	if (bp != NULL) {
1433		if (BP_GET_TYPE(bp) & DMU_OT_NEWTYPE) {
1434			dmu_object_byteswap_t bswap =
1435			    DMU_OT_BYTESWAP(BP_GET_TYPE(bp));
1436			(void) snprintf(type, sizeof (type), "bswap %s %s",
1437			    DMU_OT_IS_METADATA(BP_GET_TYPE(bp)) ?
1438			    "metadata" : "data",
1439			    dmu_ot_byteswap[bswap].ob_name);
1440		} else {
1441			(void) strlcpy(type, dmu_ot[BP_GET_TYPE(bp)].ot_name,
1442			    sizeof (type));
1443		}
1444		if (!BP_IS_EMBEDDED(bp)) {
1445			checksum =
1446			    zio_checksum_table[BP_GET_CHECKSUM(bp)].ci_name;
1447		}
1448		compress = zio_compress_table[BP_GET_COMPRESS(bp)].ci_name;
1449	}
1450
1451	SNPRINTF_BLKPTR(snprintf, ' ', buf, buflen, bp, type, checksum,
1452	    compress);
1453}
1454
1455void
1456spa_freeze(spa_t *spa)
1457{
1458	uint64_t freeze_txg = 0;
1459
1460	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
1461	if (spa->spa_freeze_txg == UINT64_MAX) {
1462		freeze_txg = spa_last_synced_txg(spa) + TXG_SIZE;
1463		spa->spa_freeze_txg = freeze_txg;
1464	}
1465	spa_config_exit(spa, SCL_ALL, FTAG);
1466	if (freeze_txg != 0)
1467		txg_wait_synced(spa_get_dsl(spa), freeze_txg);
1468}
1469
1470void
1471zfs_panic_recover(const char *fmt, ...)
1472{
1473	va_list adx;
1474
1475	va_start(adx, fmt);
1476	vcmn_err(zfs_recover ? CE_WARN : CE_PANIC, fmt, adx);
1477	va_end(adx);
1478}
1479
1480/*
1481 * This is a stripped-down version of strtoull, suitable only for converting
1482 * lowercase hexadecimal numbers that don't overflow.
1483 */
1484uint64_t
1485zfs_strtonum(const char *str, char **nptr)
1486{
1487	uint64_t val = 0;
1488	char c;
1489	int digit;
1490
1491	while ((c = *str) != '\0') {
1492		if (c >= '0' && c <= '9')
1493			digit = c - '0';
1494		else if (c >= 'a' && c <= 'f')
1495			digit = 10 + c - 'a';
1496		else
1497			break;
1498
1499		val *= 16;
1500		val += digit;
1501
1502		str++;
1503	}
1504
1505	if (nptr)
1506		*nptr = (char *)str;
1507
1508	return (val);
1509}
1510
1511/*
1512 * ==========================================================================
1513 * Accessor functions
1514 * ==========================================================================
1515 */
1516
1517boolean_t
1518spa_shutting_down(spa_t *spa)
1519{
1520	return (spa->spa_async_suspended);
1521}
1522
1523dsl_pool_t *
1524spa_get_dsl(spa_t *spa)
1525{
1526	return (spa->spa_dsl_pool);
1527}
1528
1529boolean_t
1530spa_is_initializing(spa_t *spa)
1531{
1532	return (spa->spa_is_initializing);
1533}
1534
1535blkptr_t *
1536spa_get_rootblkptr(spa_t *spa)
1537{
1538	return (&spa->spa_ubsync.ub_rootbp);
1539}
1540
1541void
1542spa_set_rootblkptr(spa_t *spa, const blkptr_t *bp)
1543{
1544	spa->spa_uberblock.ub_rootbp = *bp;
1545}
1546
1547void
1548spa_altroot(spa_t *spa, char *buf, size_t buflen)
1549{
1550	if (spa->spa_root == NULL)
1551		buf[0] = '\0';
1552	else
1553		(void) strncpy(buf, spa->spa_root, buflen);
1554}
1555
1556int
1557spa_sync_pass(spa_t *spa)
1558{
1559	return (spa->spa_sync_pass);
1560}
1561
1562char *
1563spa_name(spa_t *spa)
1564{
1565	return (spa->spa_name);
1566}
1567
1568uint64_t
1569spa_guid(spa_t *spa)
1570{
1571	dsl_pool_t *dp = spa_get_dsl(spa);
1572	uint64_t guid;
1573
1574	/*
1575	 * If we fail to parse the config during spa_load(), we can go through
1576	 * the error path (which posts an ereport) and end up here with no root
1577	 * vdev.  We stash the original pool guid in 'spa_config_guid' to handle
1578	 * this case.
1579	 */
1580	if (spa->spa_root_vdev == NULL)
1581		return (spa->spa_config_guid);
1582
1583	guid = spa->spa_last_synced_guid != 0 ?
1584	    spa->spa_last_synced_guid : spa->spa_root_vdev->vdev_guid;
1585
1586	/*
1587	 * Return the most recently synced out guid unless we're
1588	 * in syncing context.
1589	 */
1590	if (dp && dsl_pool_sync_context(dp))
1591		return (spa->spa_root_vdev->vdev_guid);
1592	else
1593		return (guid);
1594}
1595
1596uint64_t
1597spa_load_guid(spa_t *spa)
1598{
1599	/*
1600	 * This is a GUID that exists solely as a reference for the
1601	 * purposes of the arc.  It is generated at load time, and
1602	 * is never written to persistent storage.
1603	 */
1604	return (spa->spa_load_guid);
1605}
1606
1607uint64_t
1608spa_last_synced_txg(spa_t *spa)
1609{
1610	return (spa->spa_ubsync.ub_txg);
1611}
1612
1613uint64_t
1614spa_first_txg(spa_t *spa)
1615{
1616	return (spa->spa_first_txg);
1617}
1618
1619uint64_t
1620spa_syncing_txg(spa_t *spa)
1621{
1622	return (spa->spa_syncing_txg);
1623}
1624
1625/*
1626 * Return the last txg where data can be dirtied. The final txgs
1627 * will be used to just clear out any deferred frees that remain.
1628 */
1629uint64_t
1630spa_final_dirty_txg(spa_t *spa)
1631{
1632	return (spa->spa_final_txg - TXG_DEFER_SIZE);
1633}
1634
1635pool_state_t
1636spa_state(spa_t *spa)
1637{
1638	return (spa->spa_state);
1639}
1640
1641spa_load_state_t
1642spa_load_state(spa_t *spa)
1643{
1644	return (spa->spa_load_state);
1645}
1646
1647uint64_t
1648spa_freeze_txg(spa_t *spa)
1649{
1650	return (spa->spa_freeze_txg);
1651}
1652
1653/* ARGSUSED */
1654uint64_t
1655spa_get_worst_case_asize(spa_t *spa, uint64_t lsize)
1656{
1657	return (lsize * spa_asize_inflation);
1658}
1659
1660/*
1661 * Return the amount of slop space in bytes.  It is 1/32 of the pool (3.2%),
1662 * or at least 128MB, unless that would cause it to be more than half the
1663 * pool size.
1664 *
1665 * See the comment above spa_slop_shift for details.
1666 */
1667uint64_t
1668spa_get_slop_space(spa_t *spa)
1669{
1670	uint64_t space = spa_get_dspace(spa);
1671	return (MAX(space >> spa_slop_shift, MIN(space >> 1, spa_min_slop)));
1672}
1673
1674uint64_t
1675spa_get_dspace(spa_t *spa)
1676{
1677	return (spa->spa_dspace);
1678}
1679
1680void
1681spa_update_dspace(spa_t *spa)
1682{
1683	spa->spa_dspace = metaslab_class_get_dspace(spa_normal_class(spa)) +
1684	    ddt_get_dedup_dspace(spa);
1685}
1686
1687/*
1688 * Return the failure mode that has been set to this pool. The default
1689 * behavior will be to block all I/Os when a complete failure occurs.
1690 */
1691uint8_t
1692spa_get_failmode(spa_t *spa)
1693{
1694	return (spa->spa_failmode);
1695}
1696
1697boolean_t
1698spa_suspended(spa_t *spa)
1699{
1700	return (spa->spa_suspended);
1701}
1702
1703uint64_t
1704spa_version(spa_t *spa)
1705{
1706	return (spa->spa_ubsync.ub_version);
1707}
1708
1709boolean_t
1710spa_deflate(spa_t *spa)
1711{
1712	return (spa->spa_deflate);
1713}
1714
1715metaslab_class_t *
1716spa_normal_class(spa_t *spa)
1717{
1718	return (spa->spa_normal_class);
1719}
1720
1721metaslab_class_t *
1722spa_log_class(spa_t *spa)
1723{
1724	return (spa->spa_log_class);
1725}
1726
1727void
1728spa_evicting_os_register(spa_t *spa, objset_t *os)
1729{
1730	mutex_enter(&spa->spa_evicting_os_lock);
1731	list_insert_head(&spa->spa_evicting_os_list, os);
1732	mutex_exit(&spa->spa_evicting_os_lock);
1733}
1734
1735void
1736spa_evicting_os_deregister(spa_t *spa, objset_t *os)
1737{
1738	mutex_enter(&spa->spa_evicting_os_lock);
1739	list_remove(&spa->spa_evicting_os_list, os);
1740	cv_broadcast(&spa->spa_evicting_os_cv);
1741	mutex_exit(&spa->spa_evicting_os_lock);
1742}
1743
1744void
1745spa_evicting_os_wait(spa_t *spa)
1746{
1747	mutex_enter(&spa->spa_evicting_os_lock);
1748	while (!list_is_empty(&spa->spa_evicting_os_list))
1749		cv_wait(&spa->spa_evicting_os_cv, &spa->spa_evicting_os_lock);
1750	mutex_exit(&spa->spa_evicting_os_lock);
1751
1752	dmu_buf_user_evict_wait();
1753}
1754
1755int
1756spa_max_replication(spa_t *spa)
1757{
1758	/*
1759	 * As of SPA_VERSION == SPA_VERSION_DITTO_BLOCKS, we are able to
1760	 * handle BPs with more than one DVA allocated.  Set our max
1761	 * replication level accordingly.
1762	 */
1763	if (spa_version(spa) < SPA_VERSION_DITTO_BLOCKS)
1764		return (1);
1765	return (MIN(SPA_DVAS_PER_BP, spa_max_replication_override));
1766}
1767
1768int
1769spa_prev_software_version(spa_t *spa)
1770{
1771	return (spa->spa_prev_software_version);
1772}
1773
1774uint64_t
1775spa_deadman_synctime(spa_t *spa)
1776{
1777	return (spa->spa_deadman_synctime);
1778}
1779
1780uint64_t
1781dva_get_dsize_sync(spa_t *spa, const dva_t *dva)
1782{
1783	uint64_t asize = DVA_GET_ASIZE(dva);
1784	uint64_t dsize = asize;
1785
1786	ASSERT(spa_config_held(spa, SCL_ALL, RW_READER) != 0);
1787
1788	if (asize != 0 && spa->spa_deflate) {
1789		vdev_t *vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva));
1790		dsize = (asize >> SPA_MINBLOCKSHIFT) * vd->vdev_deflate_ratio;
1791	}
1792
1793	return (dsize);
1794}
1795
1796uint64_t
1797bp_get_dsize_sync(spa_t *spa, const blkptr_t *bp)
1798{
1799	uint64_t dsize = 0;
1800
1801	for (int d = 0; d < BP_GET_NDVAS(bp); d++)
1802		dsize += dva_get_dsize_sync(spa, &bp->blk_dva[d]);
1803
1804	return (dsize);
1805}
1806
1807uint64_t
1808bp_get_dsize(spa_t *spa, const blkptr_t *bp)
1809{
1810	uint64_t dsize = 0;
1811
1812	spa_config_enter(spa, SCL_VDEV, FTAG, RW_READER);
1813
1814	for (int d = 0; d < BP_GET_NDVAS(bp); d++)
1815		dsize += dva_get_dsize_sync(spa, &bp->blk_dva[d]);
1816
1817	spa_config_exit(spa, SCL_VDEV, FTAG);
1818
1819	return (dsize);
1820}
1821
1822/*
1823 * ==========================================================================
1824 * Initialization and Termination
1825 * ==========================================================================
1826 */
1827
1828static int
1829spa_name_compare(const void *a1, const void *a2)
1830{
1831	const spa_t *s1 = a1;
1832	const spa_t *s2 = a2;
1833	int s;
1834
1835	s = strcmp(s1->spa_name, s2->spa_name);
1836	if (s > 0)
1837		return (1);
1838	if (s < 0)
1839		return (-1);
1840	return (0);
1841}
1842
1843int
1844spa_busy(void)
1845{
1846	return (spa_active_count);
1847}
1848
1849void
1850spa_boot_init()
1851{
1852	spa_config_load();
1853}
1854
1855void
1856spa_init(int mode)
1857{
1858	mutex_init(&spa_namespace_lock, NULL, MUTEX_DEFAULT, NULL);
1859	mutex_init(&spa_spare_lock, NULL, MUTEX_DEFAULT, NULL);
1860	mutex_init(&spa_l2cache_lock, NULL, MUTEX_DEFAULT, NULL);
1861	cv_init(&spa_namespace_cv, NULL, CV_DEFAULT, NULL);
1862
1863	avl_create(&spa_namespace_avl, spa_name_compare, sizeof (spa_t),
1864	    offsetof(spa_t, spa_avl));
1865
1866	avl_create(&spa_spare_avl, spa_spare_compare, sizeof (spa_aux_t),
1867	    offsetof(spa_aux_t, aux_avl));
1868
1869	avl_create(&spa_l2cache_avl, spa_l2cache_compare, sizeof (spa_aux_t),
1870	    offsetof(spa_aux_t, aux_avl));
1871
1872	spa_mode_global = mode;
1873
1874#ifdef _KERNEL
1875	spa_arch_init();
1876#else
1877	if (spa_mode_global != FREAD && dprintf_find_string("watch")) {
1878		arc_procfd = open("/proc/self/ctl", O_WRONLY);
1879		if (arc_procfd == -1) {
1880			perror("could not enable watchpoints: "
1881			    "opening /proc/self/ctl failed: ");
1882		} else {
1883			arc_watch = B_TRUE;
1884		}
1885	}
1886#endif
1887
1888	refcount_init();
1889	unique_init();
1890	range_tree_init();
1891	metaslab_alloc_trace_init();
1892	zio_init();
1893	dmu_init();
1894	zil_init();
1895	vdev_cache_stat_init();
1896	zfs_prop_init();
1897	zpool_prop_init();
1898	zpool_feature_init();
1899	spa_config_load();
1900	l2arc_start();
1901}
1902
1903void
1904spa_fini(void)
1905{
1906	l2arc_stop();
1907
1908	spa_evict_all();
1909
1910	vdev_cache_stat_fini();
1911	zil_fini();
1912	dmu_fini();
1913	zio_fini();
1914	metaslab_alloc_trace_fini();
1915	range_tree_fini();
1916	unique_fini();
1917	refcount_fini();
1918
1919	avl_destroy(&spa_namespace_avl);
1920	avl_destroy(&spa_spare_avl);
1921	avl_destroy(&spa_l2cache_avl);
1922
1923	cv_destroy(&spa_namespace_cv);
1924	mutex_destroy(&spa_namespace_lock);
1925	mutex_destroy(&spa_spare_lock);
1926	mutex_destroy(&spa_l2cache_lock);
1927}
1928
1929/*
1930 * Return whether this pool has slogs. No locking needed.
1931 * It's not a problem if the wrong answer is returned as it's only for
1932 * performance and not correctness
1933 */
1934boolean_t
1935spa_has_slogs(spa_t *spa)
1936{
1937	return (spa->spa_log_class->mc_rotor != NULL);
1938}
1939
1940spa_log_state_t
1941spa_get_log_state(spa_t *spa)
1942{
1943	return (spa->spa_log_state);
1944}
1945
1946void
1947spa_set_log_state(spa_t *spa, spa_log_state_t state)
1948{
1949	spa->spa_log_state = state;
1950}
1951
1952boolean_t
1953spa_is_root(spa_t *spa)
1954{
1955	return (spa->spa_is_root);
1956}
1957
1958boolean_t
1959spa_writeable(spa_t *spa)
1960{
1961	return (!!(spa->spa_mode & FWRITE));
1962}
1963
1964/*
1965 * Returns true if there is a pending sync task in any of the current
1966 * syncing txg, the current quiescing txg, or the current open txg.
1967 */
1968boolean_t
1969spa_has_pending_synctask(spa_t *spa)
1970{
1971	return (!txg_all_lists_empty(&spa->spa_dsl_pool->dp_sync_tasks));
1972}
1973
1974int
1975spa_mode(spa_t *spa)
1976{
1977	return (spa->spa_mode);
1978}
1979
1980uint64_t
1981spa_bootfs(spa_t *spa)
1982{
1983	return (spa->spa_bootfs);
1984}
1985
1986uint64_t
1987spa_delegation(spa_t *spa)
1988{
1989	return (spa->spa_delegation);
1990}
1991
1992objset_t *
1993spa_meta_objset(spa_t *spa)
1994{
1995	return (spa->spa_meta_objset);
1996}
1997
1998enum zio_checksum
1999spa_dedup_checksum(spa_t *spa)
2000{
2001	return (spa->spa_dedup_checksum);
2002}
2003
2004/*
2005 * Reset pool scan stat per scan pass (or reboot).
2006 */
2007void
2008spa_scan_stat_init(spa_t *spa)
2009{
2010	/* data not stored on disk */
2011	spa->spa_scan_pass_start = gethrestime_sec();
2012	if (dsl_scan_is_paused_scrub(spa->spa_dsl_pool->dp_scan))
2013		spa->spa_scan_pass_scrub_pause = spa->spa_scan_pass_start;
2014	else
2015		spa->spa_scan_pass_scrub_pause = 0;
2016	spa->spa_scan_pass_scrub_spent_paused = 0;
2017	spa->spa_scan_pass_exam = 0;
2018	vdev_scan_stat_init(spa->spa_root_vdev);
2019}
2020
2021/*
2022 * Get scan stats for zpool status reports
2023 */
2024int
2025spa_scan_get_stats(spa_t *spa, pool_scan_stat_t *ps)
2026{
2027	dsl_scan_t *scn = spa->spa_dsl_pool ? spa->spa_dsl_pool->dp_scan : NULL;
2028
2029	if (scn == NULL || scn->scn_phys.scn_func == POOL_SCAN_NONE)
2030		return (SET_ERROR(ENOENT));
2031	bzero(ps, sizeof (pool_scan_stat_t));
2032
2033	/* data stored on disk */
2034	ps->pss_func = scn->scn_phys.scn_func;
2035	ps->pss_start_time = scn->scn_phys.scn_start_time;
2036	ps->pss_end_time = scn->scn_phys.scn_end_time;
2037	ps->pss_to_examine = scn->scn_phys.scn_to_examine;
2038	ps->pss_examined = scn->scn_phys.scn_examined;
2039	ps->pss_to_process = scn->scn_phys.scn_to_process;
2040	ps->pss_processed = scn->scn_phys.scn_processed;
2041	ps->pss_errors = scn->scn_phys.scn_errors;
2042	ps->pss_state = scn->scn_phys.scn_state;
2043
2044	/* data not stored on disk */
2045	ps->pss_pass_start = spa->spa_scan_pass_start;
2046	ps->pss_pass_exam = spa->spa_scan_pass_exam;
2047	ps->pss_pass_scrub_pause = spa->spa_scan_pass_scrub_pause;
2048	ps->pss_pass_scrub_spent_paused = spa->spa_scan_pass_scrub_spent_paused;
2049
2050	return (0);
2051}
2052
2053boolean_t
2054spa_debug_enabled(spa_t *spa)
2055{
2056	return (spa->spa_debug);
2057}
2058
2059int
2060spa_maxblocksize(spa_t *spa)
2061{
2062	if (spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_BLOCKS))
2063		return (SPA_MAXBLOCKSIZE);
2064	else
2065		return (SPA_OLD_MAXBLOCKSIZE);
2066}
2067