| dsl_dir.c (263391) | dsl_dir.c (265754) |
|---|---|
| 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright (c) 2011 Pawel Jakub Dawidek <pawel@dawidek.net>. 24 * All rights reserved. 25 * Copyright (c) 2013 by Delphix. All rights reserved. | 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 9 unchanged lines hidden (view full) --- 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright (c) 2011 Pawel Jakub Dawidek <pawel@dawidek.net>. 24 * All rights reserved. 25 * Copyright (c) 2013 by Delphix. All rights reserved. |
| 26 * Copyright (c) 2014 Joyent, Inc. All rights reserved. |
|
| 26 */ 27 28#include <sys/dmu.h> 29#include <sys/dmu_objset.h> 30#include <sys/dmu_tx.h> 31#include <sys/dsl_dataset.h> 32#include <sys/dsl_dir.h> 33#include <sys/dsl_prop.h> --- 5 unchanged lines hidden (view full) --- 39#include <sys/zap.h> 40#include <sys/zio.h> 41#include <sys/arc.h> 42#include <sys/sunddi.h> 43#include <sys/zvol.h> 44#ifdef _KERNEL 45#include <sys/zfs_vfsops.h> 46#endif | 27 */ 28 29#include <sys/dmu.h> 30#include <sys/dmu_objset.h> 31#include <sys/dmu_tx.h> 32#include <sys/dsl_dataset.h> 33#include <sys/dsl_dir.h> 34#include <sys/dsl_prop.h> --- 5 unchanged lines hidden (view full) --- 40#include <sys/zap.h> 41#include <sys/zio.h> 42#include <sys/arc.h> 43#include <sys/sunddi.h> 44#include <sys/zvol.h> 45#ifdef _KERNEL 46#include <sys/zfs_vfsops.h> 47#endif |
| 48#include <sys/zfeature.h> 49#include <sys/policy.h> 50#include <sys/zfs_znode.h> |
|
| 47#include "zfs_namecheck.h" | 51#include "zfs_namecheck.h" |
| 52#include "zfs_prop.h" |
|
| 48 | 53 |
| 54/* 55 * Filesystem and Snapshot Limits 56 * ------------------------------ 57 * 58 * These limits are used to restrict the number of filesystems and/or snapshots 59 * that can be created at a given level in the tree or below. A typical 60 * use-case is with a delegated dataset where the administrator wants to ensure 61 * that a user within the zone is not creating too many additional filesystems 62 * or snapshots, even though they're not exceeding their space quota. 63 * 64 * The filesystem and snapshot counts are stored as extensible properties. This 65 * capability is controlled by a feature flag and must be enabled to be used. 66 * Once enabled, the feature is not active until the first limit is set. At 67 * that point, future operations to create/destroy filesystems or snapshots 68 * will validate and update the counts. 69 * 70 * Because the count properties will not exist before the feature is active, 71 * the counts are updated when a limit is first set on an uninitialized 72 * dsl_dir node in the tree (The filesystem/snapshot count on a node includes 73 * all of the nested filesystems/snapshots. Thus, a new leaf node has a 74 * filesystem count of 0 and a snapshot count of 0. Non-existent filesystem and 75 * snapshot count properties on a node indicate uninitialized counts on that 76 * node.) When first setting a limit on an uninitialized node, the code starts 77 * at the filesystem with the new limit and descends into all sub-filesystems 78 * to add the count properties. 79 * 80 * In practice this is lightweight since a limit is typically set when the 81 * filesystem is created and thus has no children. Once valid, changing the 82 * limit value won't require a re-traversal since the counts are already valid. 83 * When recursively fixing the counts, if a node with a limit is encountered 84 * during the descent, the counts are known to be valid and there is no need to 85 * descend into that filesystem's children. The counts on filesystems above the 86 * one with the new limit will still be uninitialized, unless a limit is 87 * eventually set on one of those filesystems. The counts are always recursively 88 * updated when a limit is set on a dataset, unless there is already a limit. 89 * When a new limit value is set on a filesystem with an existing limit, it is 90 * possible for the new limit to be less than the current count at that level 91 * since a user who can change the limit is also allowed to exceed the limit. 92 * 93 * Once the feature is active, then whenever a filesystem or snapshot is 94 * created, the code recurses up the tree, validating the new count against the 95 * limit at each initialized level. In practice, most levels will not have a 96 * limit set. If there is a limit at any initialized level up the tree, the 97 * check must pass or the creation will fail. Likewise, when a filesystem or 98 * snapshot is destroyed, the counts are recursively adjusted all the way up 99 * the initizized nodes in the tree. Renaming a filesystem into different point 100 * in the tree will first validate, then update the counts on each branch up to 101 * the common ancestor. A receive will also validate the counts and then update 102 * them. 103 * 104 * An exception to the above behavior is that the limit is not enforced if the 105 * user has permission to modify the limit. This is primarily so that 106 * recursive snapshots in the global zone always work. We want to prevent a 107 * denial-of-service in which a lower level delegated dataset could max out its 108 * limit and thus block recursive snapshots from being taken in the global zone. 109 * Because of this, it is possible for the snapshot count to be over the limit 110 * and snapshots taken in the global zone could cause a lower level dataset to 111 * hit or exceed its limit. The administrator taking the global zone recursive 112 * snapshot should be aware of this side-effect and behave accordingly. 113 * For consistency, the filesystem limit is also not enforced if the user can 114 * modify the limit. 115 * 116 * The filesystem and snapshot limits are validated by dsl_fs_ss_limit_check() 117 * and updated by dsl_fs_ss_count_adjust(). A new limit value is setup in 118 * dsl_dir_activate_fs_ss_limit() and the counts are adjusted, if necessary, by 119 * dsl_dir_init_fs_ss_count(). 120 * 121 * There is a special case when we receive a filesystem that already exists. In 122 * this case a temporary clone name of %X is created (see dmu_recv_begin). We 123 * never update the filesystem counts for temporary clones. 124 * 125 * Likewise, we do not update the snapshot counts for temporary snapshots, 126 * such as those created by zfs diff. 127 */ 128 |
|
| 49static uint64_t dsl_dir_space_towrite(dsl_dir_t *dd); 50 51/* ARGSUSED */ 52static void 53dsl_dir_evict(dmu_buf_t *db, void *arg) 54{ 55 dsl_dir_t *dd = arg; 56 dsl_pool_t *dp = dd->dd_pool; --- 321 unchanged lines hidden (view full) --- 378 err = SET_ERROR(ENOENT); 379 } 380 if (tailp != NULL) 381 *tailp = next; 382 *ddp = dd; 383 return (err); 384} 385 | 129static uint64_t dsl_dir_space_towrite(dsl_dir_t *dd); 130 131/* ARGSUSED */ 132static void 133dsl_dir_evict(dmu_buf_t *db, void *arg) 134{ 135 dsl_dir_t *dd = arg; 136 dsl_pool_t *dp = dd->dd_pool; --- 321 unchanged lines hidden (view full) --- 458 err = SET_ERROR(ENOENT); 459 } 460 if (tailp != NULL) 461 *tailp = next; 462 *ddp = dd; 463 return (err); 464} 465 |
| 466/* 467 * If the counts are already initialized for this filesystem and its 468 * descendants then do nothing, otherwise initialize the counts. 469 * 470 * The counts on this filesystem, and those below, may be uninitialized due to 471 * either the use of a pre-existing pool which did not support the 472 * filesystem/snapshot limit feature, or one in which the feature had not yet 473 * been enabled. 474 * 475 * Recursively descend the filesystem tree and update the filesystem/snapshot 476 * counts on each filesystem below, then update the cumulative count on the 477 * current filesystem. If the filesystem already has a count set on it, 478 * then we know that its counts, and the counts on the filesystems below it, 479 * are already correct, so we don't have to update this filesystem. 480 */ 481static void 482dsl_dir_init_fs_ss_count(dsl_dir_t *dd, dmu_tx_t *tx) 483{ 484 uint64_t my_fs_cnt = 0; 485 uint64_t my_ss_cnt = 0; 486 dsl_pool_t *dp = dd->dd_pool; 487 objset_t *os = dp->dp_meta_objset; 488 zap_cursor_t *zc; 489 zap_attribute_t *za; 490 dsl_dataset_t *ds; 491 492 ASSERT(spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT)); 493 ASSERT(dsl_pool_config_held(dp)); 494 ASSERT(dmu_tx_is_syncing(tx)); 495 496 dsl_dir_zapify(dd, tx); 497 498 /* 499 * If the filesystem count has already been initialized then we 500 * don't need to recurse down any further. 501 */ 502 if (zap_contains(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT) == 0) 503 return; 504 505 zc = kmem_alloc(sizeof (zap_cursor_t), KM_SLEEP); 506 za = kmem_alloc(sizeof (zap_attribute_t), KM_SLEEP); 507 508 /* Iterate my child dirs */ 509 for (zap_cursor_init(zc, os, dd->dd_phys->dd_child_dir_zapobj); 510 zap_cursor_retrieve(zc, za) == 0; zap_cursor_advance(zc)) { 511 dsl_dir_t *chld_dd; 512 uint64_t count; 513 514 VERIFY0(dsl_dir_hold_obj(dp, za->za_first_integer, NULL, FTAG, 515 &chld_dd)); 516 517 /* 518 * Ignore hidden ($FREE, $MOS & $ORIGIN) objsets and 519 * temporary datasets. 520 */ 521 if (chld_dd->dd_myname[0] == '$' || 522 chld_dd->dd_myname[0] == '%') { 523 dsl_dir_rele(chld_dd, FTAG); 524 continue; 525 } 526 527 my_fs_cnt++; /* count this child */ 528 529 dsl_dir_init_fs_ss_count(chld_dd, tx); 530 531 VERIFY0(zap_lookup(os, chld_dd->dd_object, 532 DD_FIELD_FILESYSTEM_COUNT, sizeof (count), 1, &count)); 533 my_fs_cnt += count; 534 VERIFY0(zap_lookup(os, chld_dd->dd_object, 535 DD_FIELD_SNAPSHOT_COUNT, sizeof (count), 1, &count)); 536 my_ss_cnt += count; 537 538 dsl_dir_rele(chld_dd, FTAG); 539 } 540 zap_cursor_fini(zc); 541 /* Count my snapshots (we counted children's snapshots above) */ 542 VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, 543 dd->dd_phys->dd_head_dataset_obj, FTAG, &ds)); 544 545 for (zap_cursor_init(zc, os, ds->ds_phys->ds_snapnames_zapobj); 546 zap_cursor_retrieve(zc, za) == 0; 547 zap_cursor_advance(zc)) { 548 /* Don't count temporary snapshots */ 549 if (za->za_name[0] != '%') 550 my_ss_cnt++; 551 } 552 553 dsl_dataset_rele(ds, FTAG); 554 555 kmem_free(zc, sizeof (zap_cursor_t)); 556 kmem_free(za, sizeof (zap_attribute_t)); 557 558 /* we're in a sync task, update counts */ 559 dmu_buf_will_dirty(dd->dd_dbuf, tx); 560 VERIFY0(zap_add(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT, 561 sizeof (my_fs_cnt), 1, &my_fs_cnt, tx)); 562 VERIFY0(zap_add(os, dd->dd_object, DD_FIELD_SNAPSHOT_COUNT, 563 sizeof (my_ss_cnt), 1, &my_ss_cnt, tx)); 564} 565 566static int 567dsl_dir_actv_fs_ss_limit_check(void *arg, dmu_tx_t *tx) 568{ 569 char *ddname = (char *)arg; 570 dsl_pool_t *dp = dmu_tx_pool(tx); 571 dsl_dataset_t *ds; 572 dsl_dir_t *dd; 573 int error; 574 575 error = dsl_dataset_hold(dp, ddname, FTAG, &ds); 576 if (error != 0) 577 return (error); 578 579 if (!spa_feature_is_enabled(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT)) { 580 dsl_dataset_rele(ds, FTAG); 581 return (SET_ERROR(ENOTSUP)); 582 } 583 584 dd = ds->ds_dir; 585 if (spa_feature_is_active(dp->dp_spa, SPA_FEATURE_FS_SS_LIMIT) && 586 dsl_dir_is_zapified(dd) && 587 zap_contains(dp->dp_meta_objset, dd->dd_object, 588 DD_FIELD_FILESYSTEM_COUNT) == 0) { 589 dsl_dataset_rele(ds, FTAG); 590 return (SET_ERROR(EALREADY)); 591 } 592 593 dsl_dataset_rele(ds, FTAG); 594 return (0); 595} 596 597static void 598dsl_dir_actv_fs_ss_limit_sync(void *arg, dmu_tx_t *tx) 599{ 600 char *ddname = (char *)arg; 601 dsl_pool_t *dp = dmu_tx_pool(tx); 602 dsl_dataset_t *ds; 603 spa_t *spa; 604 605 VERIFY0(dsl_dataset_hold(dp, ddname, FTAG, &ds)); 606 607 spa = dsl_dataset_get_spa(ds); 608 609 if (!spa_feature_is_active(spa, SPA_FEATURE_FS_SS_LIMIT)) { 610 /* 611 * Since the feature was not active and we're now setting a 612 * limit, increment the feature-active counter so that the 613 * feature becomes active for the first time. 614 * 615 * We are already in a sync task so we can update the MOS. 616 */ 617 spa_feature_incr(spa, SPA_FEATURE_FS_SS_LIMIT, tx); 618 } 619 620 /* 621 * Since we are now setting a non-UINT64_MAX limit on the filesystem, 622 * we need to ensure the counts are correct. Descend down the tree from 623 * this point and update all of the counts to be accurate. 624 */ 625 dsl_dir_init_fs_ss_count(ds->ds_dir, tx); 626 627 dsl_dataset_rele(ds, FTAG); 628} 629 630/* 631 * Make sure the feature is enabled and activate it if necessary. 632 * Since we're setting a limit, ensure the on-disk counts are valid. 633 * This is only called by the ioctl path when setting a limit value. 634 * 635 * We do not need to validate the new limit, since users who can change the 636 * limit are also allowed to exceed the limit. 637 */ 638int 639dsl_dir_activate_fs_ss_limit(const char *ddname) 640{ 641 int error; 642 643 error = dsl_sync_task(ddname, dsl_dir_actv_fs_ss_limit_check, 644 dsl_dir_actv_fs_ss_limit_sync, (void *)ddname, 0); 645 646 if (error == EALREADY) 647 error = 0; 648 649 return (error); 650} 651 652/* 653 * Used to determine if the filesystem_limit or snapshot_limit should be 654 * enforced. We allow the limit to be exceeded if the user has permission to 655 * write the property value. We pass in the creds that we got in the open 656 * context since we will always be the GZ root in syncing context. We also have 657 * to handle the case where we are allowed to change the limit on the current 658 * dataset, but there may be another limit in the tree above. 659 * 660 * We can never modify these two properties within a non-global zone. In 661 * addition, the other checks are modeled on zfs_secpolicy_write_perms. We 662 * can't use that function since we are already holding the dp_config_rwlock. 663 * In addition, we already have the dd and dealing with snapshots is simplified 664 * in this code. 665 */ 666 667typedef enum { 668 ENFORCE_ALWAYS, 669 ENFORCE_NEVER, 670 ENFORCE_ABOVE 671} enforce_res_t; 672 673static enforce_res_t 674dsl_enforce_ds_ss_limits(dsl_dir_t *dd, zfs_prop_t prop, cred_t *cr) 675{ 676 enforce_res_t enforce = ENFORCE_ALWAYS; 677 uint64_t obj; 678 dsl_dataset_t *ds; 679 uint64_t zoned; 680 681 ASSERT(prop == ZFS_PROP_FILESYSTEM_LIMIT || 682 prop == ZFS_PROP_SNAPSHOT_LIMIT); 683 684#ifdef _KERNEL 685#ifdef __FreeBSD__ 686 if (jailed(cr)) 687#else 688 if (crgetzoneid(cr) != GLOBAL_ZONEID) 689#endif 690 return (ENFORCE_ALWAYS); 691 692 if (secpolicy_zfs(cr) == 0) 693 return (ENFORCE_NEVER); 694#endif 695 696 if ((obj = dd->dd_phys->dd_head_dataset_obj) == 0) 697 return (ENFORCE_ALWAYS); 698 699 ASSERT(dsl_pool_config_held(dd->dd_pool)); 700 701 if (dsl_dataset_hold_obj(dd->dd_pool, obj, FTAG, &ds) != 0) 702 return (ENFORCE_ALWAYS); 703 704 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL) || zoned) { 705 /* Only root can access zoned fs's from the GZ */ 706 enforce = ENFORCE_ALWAYS; 707 } else { 708 if (dsl_deleg_access_impl(ds, zfs_prop_to_name(prop), cr) == 0) 709 enforce = ENFORCE_ABOVE; 710 } 711 712 dsl_dataset_rele(ds, FTAG); 713 return (enforce); 714} 715 716/* 717 * Check if adding additional child filesystem(s) would exceed any filesystem 718 * limits or adding additional snapshot(s) would exceed any snapshot limits. 719 * The prop argument indicates which limit to check. 720 * 721 * Note that all filesystem limits up to the root (or the highest 722 * initialized) filesystem or the given ancestor must be satisfied. 723 */ 724int 725dsl_fs_ss_limit_check(dsl_dir_t *dd, uint64_t delta, zfs_prop_t prop, 726 dsl_dir_t *ancestor, cred_t *cr) 727{ 728 objset_t *os = dd->dd_pool->dp_meta_objset; 729 uint64_t limit, count; 730 char *count_prop; 731 enforce_res_t enforce; 732 int err = 0; 733 734 ASSERT(dsl_pool_config_held(dd->dd_pool)); 735 ASSERT(prop == ZFS_PROP_FILESYSTEM_LIMIT || 736 prop == ZFS_PROP_SNAPSHOT_LIMIT); 737 738 /* 739 * If we're allowed to change the limit, don't enforce the limit 740 * e.g. this can happen if a snapshot is taken by an administrative 741 * user in the global zone (i.e. a recursive snapshot by root). 742 * However, we must handle the case of delegated permissions where we 743 * are allowed to change the limit on the current dataset, but there 744 * is another limit in the tree above. 745 */ 746 enforce = dsl_enforce_ds_ss_limits(dd, prop, cr); 747 if (enforce == ENFORCE_NEVER) 748 return (0); 749 750 /* 751 * e.g. if renaming a dataset with no snapshots, count adjustment 752 * is 0. 753 */ 754 if (delta == 0) 755 return (0); 756 757 if (prop == ZFS_PROP_SNAPSHOT_LIMIT) { 758 /* 759 * We don't enforce the limit for temporary snapshots. This is 760 * indicated by a NULL cred_t argument. 761 */ 762 if (cr == NULL) 763 return (0); 764 765 count_prop = DD_FIELD_SNAPSHOT_COUNT; 766 } else { 767 count_prop = DD_FIELD_FILESYSTEM_COUNT; 768 } 769 770 /* 771 * If an ancestor has been provided, stop checking the limit once we 772 * hit that dir. We need this during rename so that we don't overcount 773 * the check once we recurse up to the common ancestor. 774 */ 775 if (ancestor == dd) 776 return (0); 777 778 /* 779 * If we hit an uninitialized node while recursing up the tree, we can 780 * stop since we know there is no limit here (or above). The counts are 781 * not valid on this node and we know we won't touch this node's counts. 782 */ 783 if (!dsl_dir_is_zapified(dd) || zap_lookup(os, dd->dd_object, 784 count_prop, sizeof (count), 1, &count) == ENOENT) 785 return (0); 786 787 err = dsl_prop_get_dd(dd, zfs_prop_to_name(prop), 8, 1, &limit, NULL, 788 B_FALSE); 789 if (err != 0) 790 return (err); 791 792 /* Is there a limit which we've hit? */ 793 if (enforce == ENFORCE_ALWAYS && (count + delta) > limit) 794 return (SET_ERROR(EDQUOT)); 795 796 if (dd->dd_parent != NULL) 797 err = dsl_fs_ss_limit_check(dd->dd_parent, delta, prop, 798 ancestor, cr); 799 800 return (err); 801} 802 803/* 804 * Adjust the filesystem or snapshot count for the specified dsl_dir_t and all 805 * parents. When a new filesystem/snapshot is created, increment the count on 806 * all parents, and when a filesystem/snapshot is destroyed, decrement the 807 * count. 808 */ 809void 810dsl_fs_ss_count_adjust(dsl_dir_t *dd, int64_t delta, const char *prop, 811 dmu_tx_t *tx) 812{ 813 int err; 814 objset_t *os = dd->dd_pool->dp_meta_objset; 815 uint64_t count; 816 817 ASSERT(dsl_pool_config_held(dd->dd_pool)); 818 ASSERT(dmu_tx_is_syncing(tx)); 819 ASSERT(strcmp(prop, DD_FIELD_FILESYSTEM_COUNT) == 0 || 820 strcmp(prop, DD_FIELD_SNAPSHOT_COUNT) == 0); 821 822 /* 823 * When we receive an incremental stream into a filesystem that already 824 * exists, a temporary clone is created. We don't count this temporary 825 * clone, whose name begins with a '%'. We also ignore hidden ($FREE, 826 * $MOS & $ORIGIN) objsets. 827 */ 828 if ((dd->dd_myname[0] == '%' || dd->dd_myname[0] == '$') && 829 strcmp(prop, DD_FIELD_FILESYSTEM_COUNT) == 0) 830 return; 831 832 /* 833 * e.g. if renaming a dataset with no snapshots, count adjustment is 0 834 */ 835 if (delta == 0) 836 return; 837 838 /* 839 * If we hit an uninitialized node while recursing up the tree, we can 840 * stop since we know the counts are not valid on this node and we 841 * know we shouldn't touch this node's counts. An uninitialized count 842 * on the node indicates that either the feature has not yet been 843 * activated or there are no limits on this part of the tree. 844 */ 845 if (!dsl_dir_is_zapified(dd) || (err = zap_lookup(os, dd->dd_object, 846 prop, sizeof (count), 1, &count)) == ENOENT) 847 return; 848 VERIFY0(err); 849 850 count += delta; 851 /* Use a signed verify to make sure we're not neg. */ 852 VERIFY3S(count, >=, 0); 853 854 VERIFY0(zap_update(os, dd->dd_object, prop, sizeof (count), 1, &count, 855 tx)); 856 857 /* Roll up this additional count into our ancestors */ 858 if (dd->dd_parent != NULL) 859 dsl_fs_ss_count_adjust(dd->dd_parent, delta, prop, tx); 860} 861 |
|
| 386uint64_t 387dsl_dir_create_sync(dsl_pool_t *dp, dsl_dir_t *pds, const char *name, 388 dmu_tx_t *tx) 389{ 390 objset_t *mos = dp->dp_meta_objset; 391 uint64_t ddobj; 392 dsl_dir_phys_t *ddphys; 393 dmu_buf_t *dbuf; --- 8 unchanged lines hidden (view full) --- 402 VERIFY(0 == zap_add(mos, DMU_POOL_DIRECTORY_OBJECT, 403 DMU_POOL_ROOT_DATASET, sizeof (uint64_t), 1, &ddobj, tx)); 404 } 405 VERIFY(0 == dmu_bonus_hold(mos, ddobj, FTAG, &dbuf)); 406 dmu_buf_will_dirty(dbuf, tx); 407 ddphys = dbuf->db_data; 408 409 ddphys->dd_creation_time = gethrestime_sec(); | 862uint64_t 863dsl_dir_create_sync(dsl_pool_t *dp, dsl_dir_t *pds, const char *name, 864 dmu_tx_t *tx) 865{ 866 objset_t *mos = dp->dp_meta_objset; 867 uint64_t ddobj; 868 dsl_dir_phys_t *ddphys; 869 dmu_buf_t *dbuf; --- 8 unchanged lines hidden (view full) --- 878 VERIFY(0 == zap_add(mos, DMU_POOL_DIRECTORY_OBJECT, 879 DMU_POOL_ROOT_DATASET, sizeof (uint64_t), 1, &ddobj, tx)); 880 } 881 VERIFY(0 == dmu_bonus_hold(mos, ddobj, FTAG, &dbuf)); 882 dmu_buf_will_dirty(dbuf, tx); 883 ddphys = dbuf->db_data; 884 885 ddphys->dd_creation_time = gethrestime_sec(); |
| 410 if (pds) | 886 if (pds) { |
| 411 ddphys->dd_parent_obj = pds->dd_object; | 887 ddphys->dd_parent_obj = pds->dd_object; |
| 888 889 /* update the filesystem counts */ 890 dsl_fs_ss_count_adjust(pds, 1, DD_FIELD_FILESYSTEM_COUNT, tx); 891 } |
|
| 412 ddphys->dd_props_zapobj = zap_create(mos, 413 DMU_OT_DSL_PROPS, DMU_OT_NONE, 0, tx); 414 ddphys->dd_child_dir_zapobj = zap_create(mos, 415 DMU_OT_DSL_DIR_CHILD_MAP, DMU_OT_NONE, 0, tx); 416 if (spa_version(dp->dp_spa) >= SPA_VERSION_USED_BREAKDOWN) 417 ddphys->dd_flags |= DD_FLAG_USED_BREAKDOWN; 418 dmu_buf_rele(dbuf, FTAG); 419 --- 32 unchanged lines hidden (view full) --- 452 dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDREFRESERV, 453 dd->dd_phys->dd_used_breakdown[DD_USED_REFRSRV]); 454 dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDCHILD, 455 dd->dd_phys->dd_used_breakdown[DD_USED_CHILD] + 456 dd->dd_phys->dd_used_breakdown[DD_USED_CHILD_RSRV]); 457 } 458 mutex_exit(&dd->dd_lock); 459 | 892 ddphys->dd_props_zapobj = zap_create(mos, 893 DMU_OT_DSL_PROPS, DMU_OT_NONE, 0, tx); 894 ddphys->dd_child_dir_zapobj = zap_create(mos, 895 DMU_OT_DSL_DIR_CHILD_MAP, DMU_OT_NONE, 0, tx); 896 if (spa_version(dp->dp_spa) >= SPA_VERSION_USED_BREAKDOWN) 897 ddphys->dd_flags |= DD_FLAG_USED_BREAKDOWN; 898 dmu_buf_rele(dbuf, FTAG); 899 --- 32 unchanged lines hidden (view full) --- 932 dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDREFRESERV, 933 dd->dd_phys->dd_used_breakdown[DD_USED_REFRSRV]); 934 dsl_prop_nvlist_add_uint64(nv, ZFS_PROP_USEDCHILD, 935 dd->dd_phys->dd_used_breakdown[DD_USED_CHILD] + 936 dd->dd_phys->dd_used_breakdown[DD_USED_CHILD_RSRV]); 937 } 938 mutex_exit(&dd->dd_lock); 939 |
| 940 if (dsl_dir_is_zapified(dd)) { 941 uint64_t count; 942 objset_t *os = dd->dd_pool->dp_meta_objset; 943 944 if (zap_lookup(os, dd->dd_object, DD_FIELD_FILESYSTEM_COUNT, 945 sizeof (count), 1, &count) == 0) { 946 dsl_prop_nvlist_add_uint64(nv, 947 ZFS_PROP_FILESYSTEM_COUNT, count); 948 } 949 if (zap_lookup(os, dd->dd_object, DD_FIELD_SNAPSHOT_COUNT, 950 sizeof (count), 1, &count) == 0) { 951 dsl_prop_nvlist_add_uint64(nv, 952 ZFS_PROP_SNAPSHOT_COUNT, count); 953 } 954 } 955 |
|
| 460 if (dsl_dir_is_clone(dd)) { 461 dsl_dataset_t *ds; 462 char buf[MAXNAMELEN]; 463 464 VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, 465 dd->dd_phys->dd_origin_obj, FTAG, &ds)); 466 dsl_dataset_name(ds, buf); 467 dsl_dataset_rele(ds, FTAG); --- 682 unchanged lines hidden (view full) --- 1150 delta = parent_delta(dd, dd->dd_phys->dd_used_bytes, delta); 1151 mutex_exit(&dd->dd_lock); 1152 return (would_change(dd->dd_parent, delta, ancestor)); 1153} 1154 1155typedef struct dsl_dir_rename_arg { 1156 const char *ddra_oldname; 1157 const char *ddra_newname; | 956 if (dsl_dir_is_clone(dd)) { 957 dsl_dataset_t *ds; 958 char buf[MAXNAMELEN]; 959 960 VERIFY0(dsl_dataset_hold_obj(dd->dd_pool, 961 dd->dd_phys->dd_origin_obj, FTAG, &ds)); 962 dsl_dataset_name(ds, buf); 963 dsl_dataset_rele(ds, FTAG); --- 682 unchanged lines hidden (view full) --- 1646 delta = parent_delta(dd, dd->dd_phys->dd_used_bytes, delta); 1647 mutex_exit(&dd->dd_lock); 1648 return (would_change(dd->dd_parent, delta, ancestor)); 1649} 1650 1651typedef struct dsl_dir_rename_arg { 1652 const char *ddra_oldname; 1653 const char *ddra_newname; |
| 1654 cred_t *ddra_cred; |
|
| 1158} dsl_dir_rename_arg_t; 1159 1160/* ARGSUSED */ 1161static int 1162dsl_valid_rename(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) 1163{ 1164 int *deltap = arg; 1165 char namebuf[MAXNAMELEN]; --- 48 unchanged lines hidden (view full) --- 1214 &delta, DS_FIND_CHILDREN | DS_FIND_SNAPSHOTS); 1215 if (error != 0) { 1216 dsl_dir_rele(newparent, FTAG); 1217 dsl_dir_rele(dd, FTAG); 1218 return (error); 1219 } 1220 } 1221 | 1655} dsl_dir_rename_arg_t; 1656 1657/* ARGSUSED */ 1658static int 1659dsl_valid_rename(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) 1660{ 1661 int *deltap = arg; 1662 char namebuf[MAXNAMELEN]; --- 48 unchanged lines hidden (view full) --- 1711 &delta, DS_FIND_CHILDREN | DS_FIND_SNAPSHOTS); 1712 if (error != 0) { 1713 dsl_dir_rele(newparent, FTAG); 1714 dsl_dir_rele(dd, FTAG); 1715 return (error); 1716 } 1717 } 1718 |
| 1719 if (dmu_tx_is_syncing(tx)) { 1720 if (spa_feature_is_enabled(dp->dp_spa, 1721 SPA_FEATURE_FS_SS_LIMIT)) { 1722 /* 1723 * Although this is the check function and we don't 1724 * normally make on-disk changes in check functions, 1725 * we need to do that here. 1726 * 1727 * Ensure this portion of the tree's counts have been 1728 * initialized in case the new parent has limits set. 1729 */ 1730 dsl_dir_init_fs_ss_count(dd, tx); 1731 } 1732 } 1733 |
|
| 1222 if (newparent != dd->dd_parent) { 1223 /* is there enough space? */ 1224 uint64_t myspace = 1225 MAX(dd->dd_phys->dd_used_bytes, dd->dd_phys->dd_reserved); | 1734 if (newparent != dd->dd_parent) { 1735 /* is there enough space? */ 1736 uint64_t myspace = 1737 MAX(dd->dd_phys->dd_used_bytes, dd->dd_phys->dd_reserved); |
| 1738 objset_t *os = dd->dd_pool->dp_meta_objset; 1739 uint64_t fs_cnt = 0; 1740 uint64_t ss_cnt = 0; |
|
| 1226 | 1741 |
| 1742 if (dsl_dir_is_zapified(dd)) { 1743 int err; 1744 1745 err = zap_lookup(os, dd->dd_object, 1746 DD_FIELD_FILESYSTEM_COUNT, sizeof (fs_cnt), 1, 1747 &fs_cnt); 1748 if (err != ENOENT && err != 0) 1749 return (err); 1750 1751 /* 1752 * have to add 1 for the filesystem itself that we're 1753 * moving 1754 */ 1755 fs_cnt++; 1756 1757 err = zap_lookup(os, dd->dd_object, 1758 DD_FIELD_SNAPSHOT_COUNT, sizeof (ss_cnt), 1, 1759 &ss_cnt); 1760 if (err != ENOENT && err != 0) 1761 return (err); 1762 } 1763 |
|
| 1227 /* no rename into our descendant */ 1228 if (closest_common_ancestor(dd, newparent) == dd) { 1229 dsl_dir_rele(newparent, FTAG); 1230 dsl_dir_rele(dd, FTAG); 1231 return (SET_ERROR(EINVAL)); 1232 } 1233 1234 error = dsl_dir_transfer_possible(dd->dd_parent, | 1764 /* no rename into our descendant */ 1765 if (closest_common_ancestor(dd, newparent) == dd) { 1766 dsl_dir_rele(newparent, FTAG); 1767 dsl_dir_rele(dd, FTAG); 1768 return (SET_ERROR(EINVAL)); 1769 } 1770 1771 error = dsl_dir_transfer_possible(dd->dd_parent, |
| 1235 newparent, myspace); | 1772 newparent, fs_cnt, ss_cnt, myspace, ddra->ddra_cred); |
| 1236 if (error != 0) { 1237 dsl_dir_rele(newparent, FTAG); 1238 dsl_dir_rele(dd, FTAG); 1239 return (error); 1240 } 1241 } 1242 1243 dsl_dir_rele(newparent, FTAG); --- 15 unchanged lines hidden (view full) --- 1259 VERIFY0(dsl_dir_hold(dp, ddra->ddra_newname, FTAG, &newparent, 1260 &mynewname)); 1261 1262 /* Log this before we change the name. */ 1263 spa_history_log_internal_dd(dd, "rename", tx, 1264 "-> %s", ddra->ddra_newname); 1265 1266 if (newparent != dd->dd_parent) { | 1773 if (error != 0) { 1774 dsl_dir_rele(newparent, FTAG); 1775 dsl_dir_rele(dd, FTAG); 1776 return (error); 1777 } 1778 } 1779 1780 dsl_dir_rele(newparent, FTAG); --- 15 unchanged lines hidden (view full) --- 1796 VERIFY0(dsl_dir_hold(dp, ddra->ddra_newname, FTAG, &newparent, 1797 &mynewname)); 1798 1799 /* Log this before we change the name. */ 1800 spa_history_log_internal_dd(dd, "rename", tx, 1801 "-> %s", ddra->ddra_newname); 1802 1803 if (newparent != dd->dd_parent) { |
| 1804 objset_t *os = dd->dd_pool->dp_meta_objset; 1805 uint64_t fs_cnt = 0; 1806 uint64_t ss_cnt = 0; 1807 1808 /* 1809 * We already made sure the dd counts were initialized in the 1810 * check function. 1811 */ 1812 if (spa_feature_is_enabled(dp->dp_spa, 1813 SPA_FEATURE_FS_SS_LIMIT)) { 1814 VERIFY0(zap_lookup(os, dd->dd_object, 1815 DD_FIELD_FILESYSTEM_COUNT, sizeof (fs_cnt), 1, 1816 &fs_cnt)); 1817 /* add 1 for the filesystem itself that we're moving */ 1818 fs_cnt++; 1819 1820 VERIFY0(zap_lookup(os, dd->dd_object, 1821 DD_FIELD_SNAPSHOT_COUNT, sizeof (ss_cnt), 1, 1822 &ss_cnt)); 1823 } 1824 1825 dsl_fs_ss_count_adjust(dd->dd_parent, -fs_cnt, 1826 DD_FIELD_FILESYSTEM_COUNT, tx); 1827 dsl_fs_ss_count_adjust(newparent, fs_cnt, 1828 DD_FIELD_FILESYSTEM_COUNT, tx); 1829 1830 dsl_fs_ss_count_adjust(dd->dd_parent, -ss_cnt, 1831 DD_FIELD_SNAPSHOT_COUNT, tx); 1832 dsl_fs_ss_count_adjust(newparent, ss_cnt, 1833 DD_FIELD_SNAPSHOT_COUNT, tx); 1834 |
|
| 1267 dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD, 1268 -dd->dd_phys->dd_used_bytes, 1269 -dd->dd_phys->dd_compressed_bytes, 1270 -dd->dd_phys->dd_uncompressed_bytes, tx); 1271 dsl_dir_diduse_space(newparent, DD_USED_CHILD, 1272 dd->dd_phys->dd_used_bytes, 1273 dd->dd_phys->dd_compressed_bytes, 1274 dd->dd_phys->dd_uncompressed_bytes, tx); --- 41 unchanged lines hidden (view full) --- 1316 1317int 1318dsl_dir_rename(const char *oldname, const char *newname) 1319{ 1320 dsl_dir_rename_arg_t ddra; 1321 1322 ddra.ddra_oldname = oldname; 1323 ddra.ddra_newname = newname; | 1835 dsl_dir_diduse_space(dd->dd_parent, DD_USED_CHILD, 1836 -dd->dd_phys->dd_used_bytes, 1837 -dd->dd_phys->dd_compressed_bytes, 1838 -dd->dd_phys->dd_uncompressed_bytes, tx); 1839 dsl_dir_diduse_space(newparent, DD_USED_CHILD, 1840 dd->dd_phys->dd_used_bytes, 1841 dd->dd_phys->dd_compressed_bytes, 1842 dd->dd_phys->dd_uncompressed_bytes, tx); --- 41 unchanged lines hidden (view full) --- 1884 1885int 1886dsl_dir_rename(const char *oldname, const char *newname) 1887{ 1888 dsl_dir_rename_arg_t ddra; 1889 1890 ddra.ddra_oldname = oldname; 1891 ddra.ddra_newname = newname; |
| 1892 ddra.ddra_cred = CRED(); |
|
| 1324 1325 return (dsl_sync_task(oldname, 1326 dsl_dir_rename_check, dsl_dir_rename_sync, &ddra, 3)); 1327} 1328 1329int | 1893 1894 return (dsl_sync_task(oldname, 1895 dsl_dir_rename_check, dsl_dir_rename_sync, &ddra, 3)); 1896} 1897 1898int |
| 1330dsl_dir_transfer_possible(dsl_dir_t *sdd, dsl_dir_t *tdd, uint64_t space) | 1899dsl_dir_transfer_possible(dsl_dir_t *sdd, dsl_dir_t *tdd, 1900 uint64_t fs_cnt, uint64_t ss_cnt, uint64_t space, cred_t *cr) |
| 1331{ 1332 dsl_dir_t *ancestor; 1333 int64_t adelta; 1334 uint64_t avail; | 1901{ 1902 dsl_dir_t *ancestor; 1903 int64_t adelta; 1904 uint64_t avail; |
| 1905 int err; |
|
| 1335 1336 ancestor = closest_common_ancestor(sdd, tdd); 1337 adelta = would_change(sdd, -space, ancestor); 1338 avail = dsl_dir_space_available(tdd, ancestor, adelta, FALSE); 1339 if (avail < space) 1340 return (SET_ERROR(ENOSPC)); 1341 | 1906 1907 ancestor = closest_common_ancestor(sdd, tdd); 1908 adelta = would_change(sdd, -space, ancestor); 1909 avail = dsl_dir_space_available(tdd, ancestor, adelta, FALSE); 1910 if (avail < space) 1911 return (SET_ERROR(ENOSPC)); 1912 |
| 1913 err = dsl_fs_ss_limit_check(tdd, fs_cnt, ZFS_PROP_FILESYSTEM_LIMIT, 1914 ancestor, cr); 1915 if (err != 0) 1916 return (err); 1917 err = dsl_fs_ss_limit_check(tdd, ss_cnt, ZFS_PROP_SNAPSHOT_LIMIT, 1918 ancestor, cr); 1919 if (err != 0) 1920 return (err); 1921 |
|
| 1342 return (0); 1343} 1344 1345timestruc_t 1346dsl_dir_snap_cmtime(dsl_dir_t *dd) 1347{ 1348 timestruc_t t; 1349 --- 16 unchanged lines hidden (view full) --- 1366} 1367 1368void 1369dsl_dir_zapify(dsl_dir_t *dd, dmu_tx_t *tx) 1370{ 1371 objset_t *mos = dd->dd_pool->dp_meta_objset; 1372 dmu_object_zapify(mos, dd->dd_object, DMU_OT_DSL_DIR, tx); 1373} | 1922 return (0); 1923} 1924 1925timestruc_t 1926dsl_dir_snap_cmtime(dsl_dir_t *dd) 1927{ 1928 timestruc_t t; 1929 --- 16 unchanged lines hidden (view full) --- 1946} 1947 1948void 1949dsl_dir_zapify(dsl_dir_t *dd, dmu_tx_t *tx) 1950{ 1951 objset_t *mos = dd->dd_pool->dp_meta_objset; 1952 dmu_object_zapify(mos, dd->dd_object, DMU_OT_DSL_DIR, tx); 1953} |
| 1954 1955boolean_t 1956dsl_dir_is_zapified(dsl_dir_t *dd) 1957{ 1958 dmu_object_info_t doi; 1959 1960 dmu_object_info_from_db(dd->dd_dbuf, &doi); 1961 return (doi.doi_type == DMU_OTN_ZAP_METADATA); 1962} |
|