fs/zfs/spa.c

168404Spjd/*
168404Spjd * CDDL HEADER START
168404Spjd *
168404Spjd * The contents of this file are subject to the terms of the
168404Spjd * Common Development and Distribution License (the "License").
168404Spjd * You may not use this file except in compliance with the License.
168404Spjd *
168404Spjd * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
168404Spjd * or http://www.opensolaris.org/os/licensing.
168404Spjd * See the License for the specific language governing permissions
168404Spjd * and limitations under the License.
168404Spjd *
168404Spjd * When distributing Covered Code, include this CDDL HEADER in each
168404Spjd * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
168404Spjd * If applicable, add the following below this CDDL HEADER, with the
168404Spjd * fields enclosed by brackets "[]" replaced with your own identifying
168404Spjd * information: Portions Copyright [yyyy] [name of copyright owner]
168404Spjd *
168404Spjd * CDDL HEADER END
168404Spjd */
168404Spjd
168404Spjd/*
219089Spjd * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
332525Smav * Copyright (c) 2011, 2018 by Delphix. All rights reserved.
287745Sdelphij * Copyright (c) 2015, Nexenta Systems, Inc.  All rights reserved.
247265Smm * Copyright (c) 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved.
286575Smav * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
289422Smav * Copyright 2013 Saso Kiselkov. All rights reserved.
296519Smav * Copyright (c) 2014 Integros [integros.com]
332524Smav * Copyright 2016 Toomas Soome <tsoome@me.com>
331397Smav * Copyright 2017 Joyent, Inc.
324010Savg * Copyright (c) 2017 Datto Inc.
331721Smav * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
168404Spjd */
168404Spjd
168404Spjd/*
251629Sdelphij * SPA: Storage Pool Allocator
251629Sdelphij *
168404Spjd * This file contains all the routines used when modifying on-disk SPA state.
168404Spjd * This includes opening, importing, destroying, exporting a pool, and syncing a
168404Spjd * pool.
168404Spjd */
168404Spjd
168404Spjd#include <sys/zfs_context.h>
168404Spjd#include <sys/fm/fs/zfs.h>
168404Spjd#include <sys/spa_impl.h>
168404Spjd#include <sys/zio.h>
168404Spjd#include <sys/zio_checksum.h>
168404Spjd#include <sys/dmu.h>
168404Spjd#include <sys/dmu_tx.h>
168404Spjd#include <sys/zap.h>
168404Spjd#include <sys/zil.h>
219089Spjd#include <sys/ddt.h>
168404Spjd#include <sys/vdev_impl.h>
332525Smav#include <sys/vdev_removal.h>
332525Smav#include <sys/vdev_indirect_mapping.h>
332525Smav#include <sys/vdev_indirect_births.h>
168404Spjd#include <sys/metaslab.h>
219089Spjd#include <sys/metaslab_impl.h>
168404Spjd#include <sys/uberblock_impl.h>
168404Spjd#include <sys/txg.h>
168404Spjd#include <sys/avl.h>
332525Smav#include <sys/bpobj.h>
168404Spjd#include <sys/dmu_traverse.h>
168404Spjd#include <sys/dmu_objset.h>
168404Spjd#include <sys/unique.h>
168404Spjd#include <sys/dsl_pool.h>
168404Spjd#include <sys/dsl_dataset.h>
168404Spjd#include <sys/dsl_dir.h>
168404Spjd#include <sys/dsl_prop.h>
168404Spjd#include <sys/dsl_synctask.h>
168404Spjd#include <sys/fs/zfs.h>
185029Spjd#include <sys/arc.h>
168404Spjd#include <sys/callb.h>
185029Spjd#include <sys/spa_boot.h>
219089Spjd#include <sys/zfs_ioctl.h>
219089Spjd#include <sys/dsl_scan.h>
248571Smm#include <sys/dmu_send.h>
248571Smm#include <sys/dsl_destroy.h>
248571Smm#include <sys/dsl_userhold.h>
236884Smm#include <sys/zfeature.h>
219089Spjd#include <sys/zvol.h>
240868Spjd#include <sys/trim_map.h>
321610Smav#include <sys/abd.h>
168404Spjd
219089Spjd#ifdef	_KERNEL
219089Spjd#include <sys/callb.h>
219089Spjd#include <sys/cpupart.h>
219089Spjd#include <sys/zone.h>
219089Spjd#endif	/* _KERNEL */
219089Spjd
185029Spjd#include "zfs_prop.h"
185029Spjd#include "zfs_comutil.h"
168404Spjd
204073Spjd/* Check hostid on import? */
204073Spjdstatic int check_hostid = 1;
204073Spjd
251636Sdelphij/*
251636Sdelphij * The interval, in seconds, at which failed configuration cache file writes
251636Sdelphij * should be retried.
251636Sdelphij */
332525Smavint zfs_ccw_retry_interval = 300;
251636Sdelphij
271785SwillSYSCTL_DECL(_vfs_zfs);
271785SwillSYSCTL_INT(_vfs_zfs, OID_AUTO, check_hostid, CTLFLAG_RWTUN, &check_hostid, 0,
271785Swill    "Check hostid on import?");
271785SwillTUNABLE_INT("vfs.zfs.ccw_retry_interval", &zfs_ccw_retry_interval);
271785SwillSYSCTL_INT(_vfs_zfs, OID_AUTO, ccw_retry_interval, CTLFLAG_RW,
271785Swill    &zfs_ccw_retry_interval, 0,
271785Swill    "Configuration cache file write, retry after failure, interval (seconds)");
271785Swill
219089Spjdtypedef enum zti_modes {
258631Savg	ZTI_MODE_FIXED,			/* value is # of threads (min 1) */
258631Savg	ZTI_MODE_BATCH,			/* cpu-intensive; value is ignored */
258631Savg	ZTI_MODE_NULL,			/* don't create a taskq */
258631Savg	ZTI_NMODES
219089Spjd} zti_modes_t;
168712Spjd
258631Savg#define	ZTI_P(n, q)	{ ZTI_MODE_FIXED, (n), (q) }
258631Savg#define	ZTI_BATCH	{ ZTI_MODE_BATCH, 0, 1 }
258631Savg#define	ZTI_NULL	{ ZTI_MODE_NULL, 0, 0 }
209962Smm
258631Savg#define	ZTI_N(n)	ZTI_P(n, 1)
258631Savg#define	ZTI_ONE		ZTI_N(1)
209962Smm
209962Smmtypedef struct zio_taskq_info {
258631Savg	zti_modes_t zti_mode;
211931Smm	uint_t zti_value;
258631Savg	uint_t zti_count;
209962Smm} zio_taskq_info_t;
209962Smm
209962Smmstatic const char *const zio_taskq_types[ZIO_TASKQ_TYPES] = {
219089Spjd	"issue", "issue_high", "intr", "intr_high"
209962Smm};
209962Smm
211931Smm/*
258631Savg * This table defines the taskq settings for each ZFS I/O type. When
258631Savg * initializing a pool, we use this table to create an appropriately sized
258631Savg * taskq. Some operations are low volume and therefore have a small, static
258631Savg * number of threads assigned to their taskqs using the ZTI_N(#) or ZTI_ONE
258631Savg * macros. Other operations process a large amount of data; the ZTI_BATCH
258631Savg * macro causes us to create a taskq oriented for throughput. Some operations
258631Savg * are so high frequency and short-lived that the taskq itself can become a a
258631Savg * point of lock contention. The ZTI_P(#, #) macro indicates that we need an
258631Savg * additional degree of parallelism specified by the number of threads per-
258631Savg * taskq and the number of taskqs; when dispatching an event in this case, the
258631Savg * particular taskq is chosen at random.
258631Savg *
258631Savg * The different taskq priorities are to handle the different contexts (issue
258631Savg * and interrupt) and then to reserve threads for ZIO_PRIORITY_NOW I/Os that
258631Savg * need to be handled with minimum delay.
211931Smm */
211931Smmconst zio_taskq_info_t zio_taskqs[ZIO_TYPES][ZIO_TASKQ_TYPES] = {
211931Smm	/* ISSUE	ISSUE_HIGH	INTR		INTR_HIGH */
258631Savg	{ ZTI_ONE,	ZTI_NULL,	ZTI_ONE,	ZTI_NULL }, /* NULL */
264670Sdelphij	{ ZTI_N(8),	ZTI_NULL,	ZTI_P(12, 8),	ZTI_NULL }, /* READ */
258631Savg	{ ZTI_BATCH,	ZTI_N(5),	ZTI_N(8),	ZTI_N(5) }, /* WRITE */
258631Savg	{ ZTI_P(12, 8),	ZTI_NULL,	ZTI_ONE,	ZTI_NULL }, /* FREE */
258631Savg	{ ZTI_ONE,	ZTI_NULL,	ZTI_ONE,	ZTI_NULL }, /* CLAIM */
258631Savg	{ ZTI_ONE,	ZTI_NULL,	ZTI_ONE,	ZTI_NULL }, /* IOCTL */
209962Smm};
209962Smm
248571Smmstatic void spa_sync_version(void *arg, dmu_tx_t *tx);
248571Smmstatic void spa_sync_props(void *arg, dmu_tx_t *tx);
185029Spjdstatic boolean_t spa_has_active_shared_spare(spa_t *spa);
332547Smavstatic int spa_load_impl(spa_t *spa, spa_import_type_t type, char **ereport);
219089Spjdstatic void spa_vdev_resilver_done(spa_t *spa);
185029Spjd
258632Savguint_t		zio_taskq_batch_pct = 75;	/* 1 thread per cpu in pset */
219089Spjd#ifdef PSRSET_BIND
219089Spjdid_t		zio_taskq_psrset_bind = PS_NONE;
219089Spjd#endif
219089Spjd#ifdef SYSDC
219089Spjdboolean_t	zio_taskq_sysdc = B_TRUE;	/* use SDC scheduling class */
314355Savguint_t		zio_taskq_basedc = 80;		/* base duty cycle */
219089Spjd#endif
219089Spjd
219089Spjdboolean_t	spa_create_process = B_TRUE;	/* no process ==> no sysdc */
243503Smmextern int	zfs_sync_pass_deferred_free;
219089Spjd
168404Spjd/*
332531Smav * Report any spa_load_verify errors found, but do not fail spa_load.
332531Smav * This is used by zdb to analyze non-idle pools.
332531Smav */
332531Smavboolean_t	spa_load_verify_dryrun = B_FALSE;
332531Smav
332531Smav/*
219089Spjd * This (illegal) pool name is used when temporarily importing a spa_t in order
219089Spjd * to get the vdev stats associated with the imported devices.
219089Spjd */
219089Spjd#define	TRYIMPORT_NAME	"$import"
219089Spjd
219089Spjd/*
332536Smav * For debugging purposes: print out vdev tree during pool import.
332536Smav */
332536Smavint	spa_load_print_vdev_tree = B_FALSE;
332536Smav
332536Smav/*
332536Smav * A non-zero value for zfs_max_missing_tvds means that we allow importing
332536Smav * pools with missing top-level vdevs. This is strictly intended for advanced
332536Smav * pool recovery cases since missing data is almost inevitable. Pools with
332536Smav * missing devices can only be imported read-only for safety reasons, and their
332536Smav * fail-mode will be automatically set to "continue".
332536Smav *
332536Smav * With 1 missing vdev we should be able to import the pool and mount all
332536Smav * datasets. User data that was not modified after the missing device has been
332536Smav * added should be recoverable. This means that snapshots created prior to the
332536Smav * addition of that device should be completely intact.
332536Smav *
332536Smav * With 2 missing vdevs, some datasets may fail to mount since there are
332536Smav * dataset statistics that are stored as regular metadata. Some data might be
332536Smav * recoverable if those vdevs were added recently.
332536Smav *
332536Smav * With 3 or more missing vdevs, the pool is severely damaged and MOS entries
332536Smav * may be missing entirely. Chances of data recovery are very low. Note that
332536Smav * there are also risks of performing an inadvertent rewind as we might be
332536Smav * missing all the vdevs with the latest uberblocks.
332536Smav */
332536Smavuint64_t	zfs_max_missing_tvds = 0;
332536Smav
332536Smav/*
332536Smav * The parameters below are similar to zfs_max_missing_tvds but are only
332536Smav * intended for a preliminary open of the pool with an untrusted config which
332536Smav * might be incomplete or out-dated.
332536Smav *
332536Smav * We are more tolerant for pools opened from a cachefile since we could have
332536Smav * an out-dated cachefile where a device removal was not registered.
332536Smav * We could have set the limit arbitrarily high but in the case where devices
332536Smav * are really missing we would want to return the proper error codes; we chose
332536Smav * SPA_DVAS_PER_BP - 1 so that some copies of the MOS would still be available
332536Smav * and we get a chance to retrieve the trusted config.
332536Smav */
332536Smavuint64_t	zfs_max_missing_tvds_cachefile = SPA_DVAS_PER_BP - 1;
332547Smav
332536Smav/*
332536Smav * In the case where config was assembled by scanning device paths (/dev/dsks
332536Smav * by default) we are less tolerant since all the existing devices should have
332536Smav * been detected and we want spa_load to return the right error codes.
332536Smav */
332536Smavuint64_t	zfs_max_missing_tvds_scan = 0;
332536Smav
332536Smav
332536SmavSYSCTL_INT(_vfs_zfs, OID_AUTO, spa_load_print_vdev_tree, CTLFLAG_RWTUN,
332536Smav    &spa_load_print_vdev_tree, 0,
332536Smav    "print out vdev tree during pool import");
332536SmavSYSCTL_UQUAD(_vfs_zfs, OID_AUTO, max_missing_tvds, CTLFLAG_RWTUN,
332536Smav    &zfs_max_missing_tvds, 0,
332536Smav    "allow importing pools with missing top-level vdevs");
332536SmavSYSCTL_UQUAD(_vfs_zfs, OID_AUTO, max_missing_tvds_cachefile, CTLFLAG_RWTUN,
332536Smav    &zfs_max_missing_tvds_cachefile, 0,
332536Smav    "allow importing pools with missing top-level vdevs in cache file");
332536SmavSYSCTL_UQUAD(_vfs_zfs, OID_AUTO, max_missing_tvds_scan, CTLFLAG_RWTUN,
332536Smav    &zfs_max_missing_tvds_scan, 0,
332536Smav    "allow importing pools with missing top-level vdevs during scan");
332536Smav
332536Smav/*
332547Smav * Debugging aid that pauses spa_sync() towards the end.
332547Smav */
332547Smavboolean_t	zfs_pause_spa_sync = B_FALSE;
332547Smav
332547Smav/*
168404Spjd * ==========================================================================
185029Spjd * SPA properties routines
185029Spjd * ==========================================================================
185029Spjd */
185029Spjd
185029Spjd/*
185029Spjd * Add a (source=src, propname=propval) list to an nvlist.
185029Spjd */
185029Spjdstatic void
185029Spjdspa_prop_add_list(nvlist_t *nvl, zpool_prop_t prop, char *strval,
185029Spjd    uint64_t intval, zprop_source_t src)
185029Spjd{
185029Spjd	const char *propname = zpool_prop_to_name(prop);
185029Spjd	nvlist_t *propval;
185029Spjd
185029Spjd	VERIFY(nvlist_alloc(&propval, NV_UNIQUE_NAME, KM_SLEEP) == 0);
185029Spjd	VERIFY(nvlist_add_uint64(propval, ZPROP_SOURCE, src) == 0);
185029Spjd
185029Spjd	if (strval != NULL)
185029Spjd		VERIFY(nvlist_add_string(propval, ZPROP_VALUE, strval) == 0);
185029Spjd	else
185029Spjd		VERIFY(nvlist_add_uint64(propval, ZPROP_VALUE, intval) == 0);
185029Spjd
185029Spjd	VERIFY(nvlist_add_nvlist(nvl, propname, propval) == 0);
185029Spjd	nvlist_free(propval);
185029Spjd}
185029Spjd
185029Spjd/*
185029Spjd * Get property values from the spa configuration.
185029Spjd */
185029Spjdstatic void
185029Spjdspa_prop_get_config(spa_t *spa, nvlist_t **nvp)
185029Spjd{
236155Smm	vdev_t *rvd = spa->spa_root_vdev;
236884Smm	dsl_pool_t *pool = spa->spa_dsl_pool;
269118Sdelphij	uint64_t size, alloc, cap, version;
185029Spjd	zprop_source_t src = ZPROP_SRC_NONE;
185029Spjd	spa_config_dirent_t *dp;
269118Sdelphij	metaslab_class_t *mc = spa_normal_class(spa);
185029Spjd
185029Spjd	ASSERT(MUTEX_HELD(&spa->spa_props_lock));
185029Spjd
236155Smm	if (rvd != NULL) {
219089Spjd		alloc = metaslab_class_get_alloc(spa_normal_class(spa));
219089Spjd		size = metaslab_class_get_space(spa_normal_class(spa));
209962Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_NAME, spa_name(spa), 0, src);
209962Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_SIZE, NULL, size, src);
219089Spjd		spa_prop_add_list(*nvp, ZPOOL_PROP_ALLOCATED, NULL, alloc, src);
219089Spjd		spa_prop_add_list(*nvp, ZPOOL_PROP_FREE, NULL,
219089Spjd		    size - alloc, src);
332547Smav		spa_prop_add_list(*nvp, ZPOOL_PROP_CHECKPOINT, NULL,
332547Smav		    spa->spa_checkpoint_info.sci_dspace, src);
236155Smm
269118Sdelphij		spa_prop_add_list(*nvp, ZPOOL_PROP_FRAGMENTATION, NULL,
269118Sdelphij		    metaslab_class_fragmentation(mc), src);
269118Sdelphij		spa_prop_add_list(*nvp, ZPOOL_PROP_EXPANDSZ, NULL,
269118Sdelphij		    metaslab_class_expandable_space(mc), src);
219089Spjd		spa_prop_add_list(*nvp, ZPOOL_PROP_READONLY, NULL,
219089Spjd		    (spa_mode(spa) == FREAD), src);
185029Spjd
219089Spjd		cap = (size == 0) ? 0 : (alloc * 100 / size);
209962Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_CAPACITY, NULL, cap, src);
185029Spjd
219089Spjd		spa_prop_add_list(*nvp, ZPOOL_PROP_DEDUPRATIO, NULL,
219089Spjd		    ddt_get_pool_dedup_ratio(spa), src);
219089Spjd
209962Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_HEALTH, NULL,
236155Smm		    rvd->vdev_state, src);
209962Smm
209962Smm		version = spa_version(spa);
209962Smm		if (version == zpool_prop_default_numeric(ZPOOL_PROP_VERSION))
209962Smm			src = ZPROP_SRC_DEFAULT;
209962Smm		else
209962Smm			src = ZPROP_SRC_LOCAL;
209962Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_VERSION, NULL, version, src);
209962Smm	}
209962Smm
236884Smm	if (pool != NULL) {
236884Smm		/*
236884Smm		 * The $FREE directory was introduced in SPA_VERSION_DEADLISTS,
236884Smm		 * when opening pools before this version freedir will be NULL.
236884Smm		 */
268079Sdelphij		if (pool->dp_free_dir != NULL) {
236884Smm			spa_prop_add_list(*nvp, ZPOOL_PROP_FREEING, NULL,
275782Sdelphij			    dsl_dir_phys(pool->dp_free_dir)->dd_used_bytes,
275782Sdelphij			    src);
236884Smm		} else {
236884Smm			spa_prop_add_list(*nvp, ZPOOL_PROP_FREEING,
236884Smm			    NULL, 0, src);
236884Smm		}
268079Sdelphij
268079Sdelphij		if (pool->dp_leak_dir != NULL) {
268079Sdelphij			spa_prop_add_list(*nvp, ZPOOL_PROP_LEAKED, NULL,
275782Sdelphij			    dsl_dir_phys(pool->dp_leak_dir)->dd_used_bytes,
275782Sdelphij			    src);
268079Sdelphij		} else {
268079Sdelphij			spa_prop_add_list(*nvp, ZPOOL_PROP_LEAKED,
268079Sdelphij			    NULL, 0, src);
268079Sdelphij		}
236884Smm	}
236884Smm
185029Spjd	spa_prop_add_list(*nvp, ZPOOL_PROP_GUID, NULL, spa_guid(spa), src);
185029Spjd
228103Smm	if (spa->spa_comment != NULL) {
228103Smm		spa_prop_add_list(*nvp, ZPOOL_PROP_COMMENT, spa->spa_comment,
228103Smm		    0, ZPROP_SRC_LOCAL);
228103Smm	}
228103Smm
185029Spjd	if (spa->spa_root != NULL)
185029Spjd		spa_prop_add_list(*nvp, ZPOOL_PROP_ALTROOT, spa->spa_root,
185029Spjd		    0, ZPROP_SRC_LOCAL);
185029Spjd
274337Sdelphij	if (spa_feature_is_enabled(spa, SPA_FEATURE_LARGE_BLOCKS)) {
274337Sdelphij		spa_prop_add_list(*nvp, ZPOOL_PROP_MAXBLOCKSIZE, NULL,
274337Sdelphij		    MIN(zfs_max_recordsize, SPA_MAXBLOCKSIZE), ZPROP_SRC_NONE);
274337Sdelphij	} else {
274337Sdelphij		spa_prop_add_list(*nvp, ZPOOL_PROP_MAXBLOCKSIZE, NULL,
274337Sdelphij		    SPA_OLD_MAXBLOCKSIZE, ZPROP_SRC_NONE);
274337Sdelphij	}
274337Sdelphij
185029Spjd	if ((dp = list_head(&spa->spa_config_list)) != NULL) {
185029Spjd		if (dp->scd_path == NULL) {
185029Spjd			spa_prop_add_list(*nvp, ZPOOL_PROP_CACHEFILE,
185029Spjd			    "none", 0, ZPROP_SRC_LOCAL);
185029Spjd		} else if (strcmp(dp->scd_path, spa_config_path) != 0) {
185029Spjd			spa_prop_add_list(*nvp, ZPOOL_PROP_CACHEFILE,
185029Spjd			    dp->scd_path, 0, ZPROP_SRC_LOCAL);
185029Spjd		}
185029Spjd	}
185029Spjd}
185029Spjd
185029Spjd/*
185029Spjd * Get zpool property values.
185029Spjd */
185029Spjdint
185029Spjdspa_prop_get(spa_t *spa, nvlist_t **nvp)
185029Spjd{
219089Spjd	objset_t *mos = spa->spa_meta_objset;
185029Spjd	zap_cursor_t zc;
185029Spjd	zap_attribute_t za;
185029Spjd	int err;
185029Spjd
185029Spjd	VERIFY(nvlist_alloc(nvp, NV_UNIQUE_NAME, KM_SLEEP) == 0);
185029Spjd
185029Spjd	mutex_enter(&spa->spa_props_lock);
185029Spjd
185029Spjd	/*
185029Spjd	 * Get properties from the spa config.
185029Spjd	 */
185029Spjd	spa_prop_get_config(spa, nvp);
185029Spjd
185029Spjd	/* If no pool property object, no more prop to get. */
219089Spjd	if (mos == NULL || spa->spa_pool_props_object == 0) {
185029Spjd		mutex_exit(&spa->spa_props_lock);
185029Spjd		return (0);
185029Spjd	}
185029Spjd
185029Spjd	/*
185029Spjd	 * Get properties from the MOS pool property object.
185029Spjd	 */
185029Spjd	for (zap_cursor_init(&zc, mos, spa->spa_pool_props_object);
185029Spjd	    (err = zap_cursor_retrieve(&zc, &za)) == 0;
185029Spjd	    zap_cursor_advance(&zc)) {
185029Spjd		uint64_t intval = 0;
185029Spjd		char *strval = NULL;
185029Spjd		zprop_source_t src = ZPROP_SRC_DEFAULT;
185029Spjd		zpool_prop_t prop;
185029Spjd
329493Smav		if ((prop = zpool_name_to_prop(za.za_name)) == ZPOOL_PROP_INVAL)
185029Spjd			continue;
185029Spjd
185029Spjd		switch (za.za_integer_length) {
185029Spjd		case 8:
185029Spjd			/* integer property */
185029Spjd			if (za.za_first_integer !=
185029Spjd			    zpool_prop_default_numeric(prop))
185029Spjd				src = ZPROP_SRC_LOCAL;
185029Spjd
185029Spjd			if (prop == ZPOOL_PROP_BOOTFS) {
185029Spjd				dsl_pool_t *dp;
185029Spjd				dsl_dataset_t *ds = NULL;
185029Spjd
185029Spjd				dp = spa_get_dsl(spa);
248571Smm				dsl_pool_config_enter(dp, FTAG);
185029Spjd				if (err = dsl_dataset_hold_obj(dp,
185029Spjd				    za.za_first_integer, FTAG, &ds)) {
248571Smm					dsl_pool_config_exit(dp, FTAG);
185029Spjd					break;
185029Spjd				}
185029Spjd
307108Smav				strval = kmem_alloc(ZFS_MAX_DATASET_NAME_LEN,
185029Spjd				    KM_SLEEP);
185029Spjd				dsl_dataset_name(ds, strval);
185029Spjd				dsl_dataset_rele(ds, FTAG);
248571Smm				dsl_pool_config_exit(dp, FTAG);
185029Spjd			} else {
185029Spjd				strval = NULL;
185029Spjd				intval = za.za_first_integer;
185029Spjd			}
185029Spjd
185029Spjd			spa_prop_add_list(*nvp, prop, strval, intval, src);
185029Spjd
185029Spjd			if (strval != NULL)
307108Smav				kmem_free(strval, ZFS_MAX_DATASET_NAME_LEN);
185029Spjd
185029Spjd			break;
185029Spjd
185029Spjd		case 1:
185029Spjd			/* string property */
185029Spjd			strval = kmem_alloc(za.za_num_integers, KM_SLEEP);
185029Spjd			err = zap_lookup(mos, spa->spa_pool_props_object,
185029Spjd			    za.za_name, 1, za.za_num_integers, strval);
185029Spjd			if (err) {
185029Spjd				kmem_free(strval, za.za_num_integers);
185029Spjd				break;
185029Spjd			}
185029Spjd			spa_prop_add_list(*nvp, prop, strval, 0, src);
185029Spjd			kmem_free(strval, za.za_num_integers);
185029Spjd			break;
185029Spjd
185029Spjd		default:
185029Spjd			break;
185029Spjd		}
185029Spjd	}
185029Spjd	zap_cursor_fini(&zc);
185029Spjd	mutex_exit(&spa->spa_props_lock);
185029Spjdout:
185029Spjd	if (err && err != ENOENT) {
185029Spjd		nvlist_free(*nvp);
185029Spjd		*nvp = NULL;
185029Spjd		return (err);
185029Spjd	}
185029Spjd
185029Spjd	return (0);
185029Spjd}
185029Spjd
185029Spjd/*
185029Spjd * Validate the given pool properties nvlist and modify the list
185029Spjd * for the property values to be set.
185029Spjd */
185029Spjdstatic int
185029Spjdspa_prop_validate(spa_t *spa, nvlist_t *props)
185029Spjd{
185029Spjd	nvpair_t *elem;
185029Spjd	int error = 0, reset_bootfs = 0;
247187Smm	uint64_t objnum = 0;
236884Smm	boolean_t has_feature = B_FALSE;
185029Spjd
185029Spjd	elem = NULL;
185029Spjd	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
185029Spjd		uint64_t intval;
236884Smm		char *strval, *slash, *check, *fname;
236884Smm		const char *propname = nvpair_name(elem);
236884Smm		zpool_prop_t prop = zpool_name_to_prop(propname);
185029Spjd
236884Smm		switch (prop) {
329493Smav		case ZPOOL_PROP_INVAL:
236884Smm			if (!zpool_prop_feature(propname)) {
249195Smm				error = SET_ERROR(EINVAL);
236884Smm				break;
236884Smm			}
185029Spjd
236884Smm			/*
236884Smm			 * Sanitize the input.
236884Smm			 */
236884Smm			if (nvpair_type(elem) != DATA_TYPE_UINT64) {
249195Smm				error = SET_ERROR(EINVAL);
236884Smm				break;
236884Smm			}
185029Spjd
236884Smm			if (nvpair_value_uint64(elem, &intval) != 0) {
249195Smm				error = SET_ERROR(EINVAL);
236884Smm				break;
236884Smm			}
236884Smm
236884Smm			if (intval != 0) {
249195Smm				error = SET_ERROR(EINVAL);
236884Smm				break;
236884Smm			}
236884Smm
236884Smm			fname = strchr(propname, '@') + 1;
236884Smm			if (zfeature_lookup_name(fname, NULL) != 0) {
249195Smm				error = SET_ERROR(EINVAL);
236884Smm				break;
236884Smm			}
236884Smm
236884Smm			has_feature = B_TRUE;
236884Smm			break;
236884Smm
185029Spjd		case ZPOOL_PROP_VERSION:
185029Spjd			error = nvpair_value_uint64(elem, &intval);
185029Spjd			if (!error &&
236884Smm			    (intval < spa_version(spa) ||
236884Smm			    intval > SPA_VERSION_BEFORE_FEATURES ||
236884Smm			    has_feature))
249195Smm				error = SET_ERROR(EINVAL);
185029Spjd			break;
185029Spjd
185029Spjd		case ZPOOL_PROP_DELEGATION:
185029Spjd		case ZPOOL_PROP_AUTOREPLACE:
185029Spjd		case ZPOOL_PROP_LISTSNAPS:
219089Spjd		case ZPOOL_PROP_AUTOEXPAND:
185029Spjd			error = nvpair_value_uint64(elem, &intval);
185029Spjd			if (!error && intval > 1)
249195Smm				error = SET_ERROR(EINVAL);
185029Spjd			break;
185029Spjd
185029Spjd		case ZPOOL_PROP_BOOTFS:
209962Smm			/*
209962Smm			 * If the pool version is less than SPA_VERSION_BOOTFS,
209962Smm			 * or the pool is still being created (version == 0),
209962Smm			 * the bootfs property cannot be set.
209962Smm			 */
185029Spjd			if (spa_version(spa) < SPA_VERSION_BOOTFS) {
249195Smm				error = SET_ERROR(ENOTSUP);
185029Spjd				break;
185029Spjd			}
185029Spjd
185029Spjd			/*
185029Spjd			 * Make sure the vdev config is bootable
185029Spjd			 */
185029Spjd			if (!vdev_is_bootable(spa->spa_root_vdev)) {
249195Smm				error = SET_ERROR(ENOTSUP);
185029Spjd				break;
185029Spjd			}
185029Spjd
185029Spjd			reset_bootfs = 1;
185029Spjd
185029Spjd			error = nvpair_value_string(elem, &strval);
185029Spjd
185029Spjd			if (!error) {
236884Smm				objset_t *os;
274337Sdelphij				uint64_t propval;
185029Spjd
185029Spjd				if (strval == NULL || strval[0] == '\0') {
185029Spjd					objnum = zpool_prop_default_numeric(
185029Spjd					    ZPOOL_PROP_BOOTFS);
185029Spjd					break;
185029Spjd				}
185029Spjd
219089Spjd				if (error = dmu_objset_hold(strval, FTAG, &os))
185029Spjd					break;
185029Spjd
274337Sdelphij				/*
274337Sdelphij				 * Must be ZPL, and its property settings
274337Sdelphij				 * must be supported by GRUB (compression
274337Sdelphij				 * is not gzip, and large blocks are not used).
274337Sdelphij				 */
219089Spjd
219089Spjd				if (dmu_objset_type(os) != DMU_OST_ZFS) {
249195Smm					error = SET_ERROR(ENOTSUP);
248571Smm				} else if ((error =
248571Smm				    dsl_prop_get_int_ds(dmu_objset_ds(os),
185029Spjd				    zfs_prop_to_name(ZFS_PROP_COMPRESSION),
274337Sdelphij				    &propval)) == 0 &&
274337Sdelphij				    !BOOTFS_COMPRESS_VALID(propval)) {
249195Smm					error = SET_ERROR(ENOTSUP);
185029Spjd				} else {
185029Spjd					objnum = dmu_objset_id(os);
185029Spjd				}
219089Spjd				dmu_objset_rele(os, FTAG);
185029Spjd			}
185029Spjd			break;
185029Spjd
185029Spjd		case ZPOOL_PROP_FAILUREMODE:
185029Spjd			error = nvpair_value_uint64(elem, &intval);
185029Spjd			if (!error && (intval < ZIO_FAILURE_MODE_WAIT ||
185029Spjd			    intval > ZIO_FAILURE_MODE_PANIC))
249195Smm				error = SET_ERROR(EINVAL);
185029Spjd
185029Spjd			/*
185029Spjd			 * This is a special case which only occurs when
185029Spjd			 * the pool has completely failed. This allows
185029Spjd			 * the user to change the in-core failmode property
185029Spjd			 * without syncing it out to disk (I/Os might
185029Spjd			 * currently be blocked). We do this by returning
185029Spjd			 * EIO to the caller (spa_prop_set) to trick it
185029Spjd			 * into thinking we encountered a property validation
185029Spjd			 * error.
185029Spjd			 */
185029Spjd			if (!error && spa_suspended(spa)) {
185029Spjd				spa->spa_failmode = intval;
249195Smm				error = SET_ERROR(EIO);
185029Spjd			}
185029Spjd			break;
185029Spjd
185029Spjd		case ZPOOL_PROP_CACHEFILE:
185029Spjd			if ((error = nvpair_value_string(elem, &strval)) != 0)
185029Spjd				break;
185029Spjd
185029Spjd			if (strval[0] == '\0')
185029Spjd				break;
185029Spjd
185029Spjd			if (strcmp(strval, "none") == 0)
185029Spjd				break;
185029Spjd
185029Spjd			if (strval[0] != '/') {
249195Smm				error = SET_ERROR(EINVAL);
185029Spjd				break;
185029Spjd			}
185029Spjd
185029Spjd			slash = strrchr(strval, '/');
185029Spjd			ASSERT(slash != NULL);
185029Spjd
185029Spjd			if (slash[1] == '\0' || strcmp(slash, "/.") == 0 ||
185029Spjd			    strcmp(slash, "/..") == 0)
249195Smm				error = SET_ERROR(EINVAL);
185029Spjd			break;
219089Spjd
228103Smm		case ZPOOL_PROP_COMMENT:
228103Smm			if ((error = nvpair_value_string(elem, &strval)) != 0)
228103Smm				break;
228103Smm			for (check = strval; *check != '\0'; check++) {
228103Smm				/*
228103Smm				 * The kernel doesn't have an easy isprint()
228103Smm				 * check.  For this kernel check, we merely
228103Smm				 * check ASCII apart from DEL.  Fix this if
228103Smm				 * there is an easy-to-use kernel isprint().
228103Smm				 */
228103Smm				if (*check >= 0x7f) {
249195Smm					error = SET_ERROR(EINVAL);
228103Smm					break;
228103Smm				}
228103Smm			}
228103Smm			if (strlen(strval) > ZPROP_MAX_COMMENT)
228103Smm				error = E2BIG;
228103Smm			break;
228103Smm
219089Spjd		case ZPOOL_PROP_DEDUPDITTO:
219089Spjd			if (spa_version(spa) < SPA_VERSION_DEDUP)
249195Smm				error = SET_ERROR(ENOTSUP);
219089Spjd			else
219089Spjd				error = nvpair_value_uint64(elem, &intval);
219089Spjd			if (error == 0 &&
219089Spjd			    intval != 0 && intval < ZIO_DEDUPDITTO_MIN)
249195Smm				error = SET_ERROR(EINVAL);
219089Spjd			break;
185029Spjd		}
185029Spjd
185029Spjd		if (error)
185029Spjd			break;
185029Spjd	}
185029Spjd
185029Spjd	if (!error && reset_bootfs) {
185029Spjd		error = nvlist_remove(props,
185029Spjd		    zpool_prop_to_name(ZPOOL_PROP_BOOTFS), DATA_TYPE_STRING);
185029Spjd
185029Spjd		if (!error) {
185029Spjd			error = nvlist_add_uint64(props,
185029Spjd			    zpool_prop_to_name(ZPOOL_PROP_BOOTFS), objnum);
185029Spjd		}
185029Spjd	}
185029Spjd
185029Spjd	return (error);
185029Spjd}
185029Spjd
209962Smmvoid
209962Smmspa_configfile_set(spa_t *spa, nvlist_t *nvp, boolean_t need_sync)
209962Smm{
209962Smm	char *cachefile;
209962Smm	spa_config_dirent_t *dp;
209962Smm
209962Smm	if (nvlist_lookup_string(nvp, zpool_prop_to_name(ZPOOL_PROP_CACHEFILE),
209962Smm	    &cachefile) != 0)
209962Smm		return;
209962Smm
209962Smm	dp = kmem_alloc(sizeof (spa_config_dirent_t),
209962Smm	    KM_SLEEP);
209962Smm
209962Smm	if (cachefile[0] == '\0')
209962Smm		dp->scd_path = spa_strdup(spa_config_path);
209962Smm	else if (strcmp(cachefile, "none") == 0)
209962Smm		dp->scd_path = NULL;
209962Smm	else
209962Smm		dp->scd_path = spa_strdup(cachefile);
209962Smm
209962Smm	list_insert_head(&spa->spa_config_list, dp);
209962Smm	if (need_sync)
209962Smm		spa_async_request(spa, SPA_ASYNC_CONFIG_UPDATE);
209962Smm}
209962Smm
185029Spjdint
185029Spjdspa_prop_set(spa_t *spa, nvlist_t *nvp)
185029Spjd{
185029Spjd	int error;
236884Smm	nvpair_t *elem = NULL;
209962Smm	boolean_t need_sync = B_FALSE;
185029Spjd
185029Spjd	if ((error = spa_prop_validate(spa, nvp)) != 0)
185029Spjd		return (error);
185029Spjd
209962Smm	while ((elem = nvlist_next_nvpair(nvp, elem)) != NULL) {
236884Smm		zpool_prop_t prop = zpool_name_to_prop(nvpair_name(elem));
209962Smm
219089Spjd		if (prop == ZPOOL_PROP_CACHEFILE ||
219089Spjd		    prop == ZPOOL_PROP_ALTROOT ||
219089Spjd		    prop == ZPOOL_PROP_READONLY)
209962Smm			continue;
209962Smm
329493Smav		if (prop == ZPOOL_PROP_VERSION || prop == ZPOOL_PROP_INVAL) {
236884Smm			uint64_t ver;
236884Smm
236884Smm			if (prop == ZPOOL_PROP_VERSION) {
236884Smm				VERIFY(nvpair_value_uint64(elem, &ver) == 0);
236884Smm			} else {
236884Smm				ASSERT(zpool_prop_feature(nvpair_name(elem)));
236884Smm				ver = SPA_VERSION_FEATURES;
236884Smm				need_sync = B_TRUE;
236884Smm			}
236884Smm
236884Smm			/* Save time if the version is already set. */
236884Smm			if (ver == spa_version(spa))
236884Smm				continue;
236884Smm
236884Smm			/*
236884Smm			 * In addition to the pool directory object, we might
236884Smm			 * create the pool properties object, the features for
236884Smm			 * read object, the features for write object, or the
236884Smm			 * feature descriptions object.
236884Smm			 */
248571Smm			error = dsl_sync_task(spa->spa_name, NULL,
268473Sdelphij			    spa_sync_version, &ver,
268473Sdelphij			    6, ZFS_SPACE_CHECK_RESERVED);
236884Smm			if (error)
236884Smm				return (error);
236884Smm			continue;
236884Smm		}
236884Smm
209962Smm		need_sync = B_TRUE;
209962Smm		break;
209962Smm	}
209962Smm
236884Smm	if (need_sync) {
248571Smm		return (dsl_sync_task(spa->spa_name, NULL, spa_sync_props,
268473Sdelphij		    nvp, 6, ZFS_SPACE_CHECK_RESERVED));
236884Smm	}
236884Smm
236884Smm	return (0);
185029Spjd}
185029Spjd
185029Spjd/*
185029Spjd * If the bootfs property value is dsobj, clear it.
185029Spjd */
185029Spjdvoid
185029Spjdspa_prop_clear_bootfs(spa_t *spa, uint64_t dsobj, dmu_tx_t *tx)
185029Spjd{
185029Spjd	if (spa->spa_bootfs == dsobj && spa->spa_pool_props_object != 0) {
185029Spjd		VERIFY(zap_remove(spa->spa_meta_objset,
185029Spjd		    spa->spa_pool_props_object,
185029Spjd		    zpool_prop_to_name(ZPOOL_PROP_BOOTFS), tx) == 0);
185029Spjd		spa->spa_bootfs = 0;
185029Spjd	}
185029Spjd}
185029Spjd
239620Smm/*ARGSUSED*/
239620Smmstatic int
248571Smmspa_change_guid_check(void *arg, dmu_tx_t *tx)
239620Smm{
248571Smm	uint64_t *newguid = arg;
248571Smm	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
239620Smm	vdev_t *rvd = spa->spa_root_vdev;
239620Smm	uint64_t vdev_state;
239620Smm
332547Smav	if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
332547Smav		int error = (spa_has_checkpoint(spa)) ?
332547Smav		    ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
332547Smav		return (SET_ERROR(error));
332547Smav	}
332547Smav
239620Smm	spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
239620Smm	vdev_state = rvd->vdev_state;
239620Smm	spa_config_exit(spa, SCL_STATE, FTAG);
239620Smm
239620Smm	if (vdev_state != VDEV_STATE_HEALTHY)
249195Smm		return (SET_ERROR(ENXIO));
239620Smm
239620Smm	ASSERT3U(spa_guid(spa), !=, *newguid);
239620Smm
239620Smm	return (0);
239620Smm}
239620Smm
239620Smmstatic void
248571Smmspa_change_guid_sync(void *arg, dmu_tx_t *tx)
239620Smm{
248571Smm	uint64_t *newguid = arg;
248571Smm	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
239620Smm	uint64_t oldguid;
239620Smm	vdev_t *rvd = spa->spa_root_vdev;
239620Smm
239620Smm	oldguid = spa_guid(spa);
239620Smm
239620Smm	spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
239620Smm	rvd->vdev_guid = *newguid;
239620Smm	rvd->vdev_guid_sum += (*newguid - oldguid);
239620Smm	vdev_config_dirty(rvd);
239620Smm	spa_config_exit(spa, SCL_STATE, FTAG);
239620Smm
248571Smm	spa_history_log_internal(spa, "guid change", tx, "old=%llu new=%llu",
239620Smm	    oldguid, *newguid);
239620Smm}
239620Smm
185029Spjd/*
228103Smm * Change the GUID for the pool.  This is done so that we can later
228103Smm * re-import a pool built from a clone of our own vdevs.  We will modify
228103Smm * the root vdev's guid, our own pool guid, and then mark all of our
228103Smm * vdevs dirty.  Note that we must make sure that all our vdevs are
228103Smm * online when we do this, or else any vdevs that weren't present
228103Smm * would be orphaned from our pool.  We are also going to issue a
228103Smm * sysevent to update any watchers.
228103Smm */
228103Smmint
228103Smmspa_change_guid(spa_t *spa)
228103Smm{
239620Smm	int error;
239620Smm	uint64_t guid;
228103Smm
254074Sdelphij	mutex_enter(&spa->spa_vdev_top_lock);
239620Smm	mutex_enter(&spa_namespace_lock);
239620Smm	guid = spa_generate_guid(NULL);
228103Smm
248571Smm	error = dsl_sync_task(spa->spa_name, spa_change_guid_check,
268473Sdelphij	    spa_change_guid_sync, &guid, 5, ZFS_SPACE_CHECK_RESERVED);
228103Smm
239620Smm	if (error == 0) {
332525Smav		spa_write_cachefile(spa, B_FALSE, B_TRUE);
331397Smav		spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_REGUID);
239620Smm	}
228103Smm
239620Smm	mutex_exit(&spa_namespace_lock);
254074Sdelphij	mutex_exit(&spa->spa_vdev_top_lock);
228103Smm
239620Smm	return (error);
228103Smm}
228103Smm
228103Smm/*
185029Spjd * ==========================================================================
168404Spjd * SPA state manipulation (open/create/destroy/import/export)
168404Spjd * ==========================================================================
168404Spjd */
168404Spjd
168404Spjdstatic int
168404Spjdspa_error_entry_compare(const void *a, const void *b)
168404Spjd{
168404Spjd	spa_error_entry_t *sa = (spa_error_entry_t *)a;
168404Spjd	spa_error_entry_t *sb = (spa_error_entry_t *)b;
168404Spjd	int ret;
168404Spjd
168404Spjd	ret = bcmp(&sa->se_bookmark, &sb->se_bookmark,
268123Sdelphij	    sizeof (zbookmark_phys_t));
168404Spjd
168404Spjd	if (ret < 0)
168404Spjd		return (-1);
168404Spjd	else if (ret > 0)
168404Spjd		return (1);
168404Spjd	else
168404Spjd		return (0);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Utility function which retrieves copies of the current logs and
168404Spjd * re-initializes them in the process.
168404Spjd */
168404Spjdvoid
168404Spjdspa_get_errlists(spa_t *spa, avl_tree_t *last, avl_tree_t *scrub)
168404Spjd{
168404Spjd	ASSERT(MUTEX_HELD(&spa->spa_errlist_lock));
168404Spjd
168404Spjd	bcopy(&spa->spa_errlist_last, last, sizeof (avl_tree_t));
168404Spjd	bcopy(&spa->spa_errlist_scrub, scrub, sizeof (avl_tree_t));
168404Spjd
168404Spjd	avl_create(&spa->spa_errlist_scrub,
168404Spjd	    spa_error_entry_compare, sizeof (spa_error_entry_t),
168404Spjd	    offsetof(spa_error_entry_t, se_avl));
168404Spjd	avl_create(&spa->spa_errlist_last,
168404Spjd	    spa_error_entry_compare, sizeof (spa_error_entry_t),
168404Spjd	    offsetof(spa_error_entry_t, se_avl));
168404Spjd}
168404Spjd
258631Savgstatic void
258631Savgspa_taskqs_init(spa_t *spa, zio_type_t t, zio_taskq_type_t q)
168404Spjd{
258631Savg	const zio_taskq_info_t *ztip = &zio_taskqs[t][q];
258631Savg	enum zti_modes mode = ztip->zti_mode;
258631Savg	uint_t value = ztip->zti_value;
258631Savg	uint_t count = ztip->zti_count;
258631Savg	spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
258631Savg	char name[32];
258630Savg	uint_t flags = 0;
219089Spjd	boolean_t batch = B_FALSE;
168404Spjd
258631Savg	if (mode == ZTI_MODE_NULL) {
258631Savg		tqs->stqs_count = 0;
258631Savg		tqs->stqs_taskq = NULL;
258631Savg		return;
258631Savg	}
168404Spjd
258631Savg	ASSERT3U(count, >, 0);
168404Spjd
258631Savg	tqs->stqs_count = count;
258631Savg	tqs->stqs_taskq = kmem_alloc(count * sizeof (taskq_t *), KM_SLEEP);
219089Spjd
258632Savg	switch (mode) {
258632Savg	case ZTI_MODE_FIXED:
258632Savg		ASSERT3U(value, >=, 1);
258632Savg		value = MAX(value, 1);
258632Savg		break;
219089Spjd
258632Savg	case ZTI_MODE_BATCH:
258632Savg		batch = B_TRUE;
258632Savg		flags |= TASKQ_THREADS_CPU_PCT;
258632Savg		value = zio_taskq_batch_pct;
258632Savg		break;
219089Spjd
258632Savg	default:
258632Savg		panic("unrecognized mode for %s_%s taskq (%u:%u) in "
258632Savg		    "spa_activate()",
258632Savg		    zio_type_name[t], zio_taskq_types[q], mode, value);
258632Savg		break;
258632Savg	}
258631Savg
258632Savg	for (uint_t i = 0; i < count; i++) {
258632Savg		taskq_t *tq;
258631Savg
258631Savg		if (count > 1) {
258631Savg			(void) snprintf(name, sizeof (name), "%s_%s_%u",
258631Savg			    zio_type_name[t], zio_taskq_types[q], i);
258631Savg		} else {
258631Savg			(void) snprintf(name, sizeof (name), "%s_%s",
258631Savg			    zio_type_name[t], zio_taskq_types[q]);
258631Savg		}
258631Savg
219089Spjd#ifdef SYSDC
258631Savg		if (zio_taskq_sysdc && spa->spa_proc != &p0) {
258631Savg			if (batch)
258631Savg				flags |= TASKQ_DC_BATCH;
219089Spjd
258631Savg			tq = taskq_create_sysdc(name, value, 50, INT_MAX,
258631Savg			    spa->spa_proc, zio_taskq_basedc, flags);
258631Savg		} else {
258631Savg#endif
258632Savg			pri_t pri = maxclsyspri;
258632Savg			/*
258632Savg			 * The write issue taskq can be extremely CPU
258632Savg			 * intensive.  Run it at slightly lower priority
258632Savg			 * than the other taskqs.
314858Savg			 * FreeBSD notes:
314858Savg			 * - numerically higher priorities are lower priorities;
314858Savg			 * - if priorities divided by four (RQ_PPQ) are equal
314858Savg			 *   then a difference between them is insignificant.
258632Savg			 */
258632Savg			if (t == ZIO_TYPE_WRITE && q == ZIO_TASKQ_ISSUE)
314858Savg#ifdef illumos
314858Savg				pri--;
314858Savg#else
314858Savg				pri += 4;
314858Savg#endif
258632Savg
258632Savg			tq = taskq_create_proc(name, value, pri, 50,
258631Savg			    INT_MAX, spa->spa_proc, flags);
258631Savg#ifdef SYSDC
258631Savg		}
258631Savg#endif
258631Savg
258631Savg		tqs->stqs_taskq[i] = tq;
219089Spjd	}
219089Spjd}
219089Spjd
219089Spjdstatic void
258631Savgspa_taskqs_fini(spa_t *spa, zio_type_t t, zio_taskq_type_t q)
258631Savg{
258631Savg	spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
258631Savg
258631Savg	if (tqs->stqs_taskq == NULL) {
258631Savg		ASSERT0(tqs->stqs_count);
258631Savg		return;
258631Savg	}
258631Savg
258631Savg	for (uint_t i = 0; i < tqs->stqs_count; i++) {
258631Savg		ASSERT3P(tqs->stqs_taskq[i], !=, NULL);
258631Savg		taskq_destroy(tqs->stqs_taskq[i]);
258631Savg	}
258631Savg
258631Savg	kmem_free(tqs->stqs_taskq, tqs->stqs_count * sizeof (taskq_t *));
258631Savg	tqs->stqs_taskq = NULL;
258631Savg}
258631Savg
258631Savg/*
258631Savg * Dispatch a task to the appropriate taskq for the ZFS I/O type and priority.
258631Savg * Note that a type may have multiple discrete taskqs to avoid lock contention
258631Savg * on the taskq itself. In that case we choose which taskq at random by using
258631Savg * the low bits of gethrtime().
258631Savg */
258631Savgvoid
258631Savgspa_taskq_dispatch_ent(spa_t *spa, zio_type_t t, zio_taskq_type_t q,
258631Savg    task_func_t *func, void *arg, uint_t flags, taskq_ent_t *ent)
258631Savg{
258631Savg	spa_taskqs_t *tqs = &spa->spa_zio_taskq[t][q];
258631Savg	taskq_t *tq;
258631Savg
258631Savg	ASSERT3P(tqs->stqs_taskq, !=, NULL);
258631Savg	ASSERT3U(tqs->stqs_count, !=, 0);
258631Savg
258631Savg	if (tqs->stqs_count == 1) {
258631Savg		tq = tqs->stqs_taskq[0];
258631Savg	} else {
267038Sbdrewery#ifdef _KERNEL
267029Smav		tq = tqs->stqs_taskq[cpu_ticks() % tqs->stqs_count];
267038Sbdrewery#else
267038Sbdrewery		tq = tqs->stqs_taskq[gethrtime() % tqs->stqs_count];
267038Sbdrewery#endif
258631Savg	}
258631Savg
258631Savg	taskq_dispatch_ent(tq, func, arg, flags, ent);
258631Savg}
258631Savg
258631Savgstatic void
219089Spjdspa_create_zio_taskqs(spa_t *spa)
219089Spjd{
185029Spjd	for (int t = 0; t < ZIO_TYPES; t++) {
185029Spjd		for (int q = 0; q < ZIO_TASKQ_TYPES; q++) {
258631Savg			spa_taskqs_init(spa, t, q);
219089Spjd		}
219089Spjd	}
219089Spjd}
209962Smm
219089Spjd#ifdef _KERNEL
219089Spjd#ifdef SPA_PROCESS
219089Spjdstatic void
219089Spjdspa_thread(void *arg)
219089Spjd{
219089Spjd	callb_cpr_t cprinfo;
209962Smm
219089Spjd	spa_t *spa = arg;
219089Spjd	user_t *pu = PTOU(curproc);
209962Smm
219089Spjd	CALLB_CPR_INIT(&cprinfo, &spa->spa_proc_lock, callb_generic_cpr,
219089Spjd	    spa->spa_name);
209962Smm
219089Spjd	ASSERT(curproc != &p0);
219089Spjd	(void) snprintf(pu->u_psargs, sizeof (pu->u_psargs),
219089Spjd	    "zpool-%s", spa->spa_name);
219089Spjd	(void) strlcpy(pu->u_comm, pu->u_psargs, sizeof (pu->u_comm));
211931Smm
219089Spjd#ifdef PSRSET_BIND
219089Spjd	/* bind this thread to the requested psrset */
219089Spjd	if (zio_taskq_psrset_bind != PS_NONE) {
219089Spjd		pool_lock();
219089Spjd		mutex_enter(&cpu_lock);
219089Spjd		mutex_enter(&pidlock);
219089Spjd		mutex_enter(&curproc->p_lock);
219089Spjd
219089Spjd		if (cpupart_bind_thread(curthread, zio_taskq_psrset_bind,
219089Spjd		    0, NULL, NULL) == 0)  {
219089Spjd			curthread->t_bind_pset = zio_taskq_psrset_bind;
219089Spjd		} else {
219089Spjd			cmn_err(CE_WARN,
219089Spjd			    "Couldn't bind process for zfs pool \"%s\" to "
219089Spjd			    "pset %d\n", spa->spa_name, zio_taskq_psrset_bind);
219089Spjd		}
219089Spjd
219089Spjd		mutex_exit(&curproc->p_lock);
219089Spjd		mutex_exit(&pidlock);
219089Spjd		mutex_exit(&cpu_lock);
219089Spjd		pool_unlock();
219089Spjd	}
219089Spjd#endif
219089Spjd
219089Spjd#ifdef SYSDC
219089Spjd	if (zio_taskq_sysdc) {
219089Spjd		sysdc_thread_enter(curthread, 100, 0);
219089Spjd	}
219089Spjd#endif
219089Spjd
219089Spjd	spa->spa_proc = curproc;
219089Spjd	spa->spa_did = curthread->t_did;
219089Spjd
219089Spjd	spa_create_zio_taskqs(spa);
219089Spjd
219089Spjd	mutex_enter(&spa->spa_proc_lock);
219089Spjd	ASSERT(spa->spa_proc_state == SPA_PROC_CREATED);
219089Spjd
219089Spjd	spa->spa_proc_state = SPA_PROC_ACTIVE;
219089Spjd	cv_broadcast(&spa->spa_proc_cv);
219089Spjd
219089Spjd	CALLB_CPR_SAFE_BEGIN(&cprinfo);
219089Spjd	while (spa->spa_proc_state == SPA_PROC_ACTIVE)
219089Spjd		cv_wait(&spa->spa_proc_cv, &spa->spa_proc_lock);
219089Spjd	CALLB_CPR_SAFE_END(&cprinfo, &spa->spa_proc_lock);
219089Spjd
219089Spjd	ASSERT(spa->spa_proc_state == SPA_PROC_DEACTIVATE);
219089Spjd	spa->spa_proc_state = SPA_PROC_GONE;
219089Spjd	spa->spa_proc = &p0;
219089Spjd	cv_broadcast(&spa->spa_proc_cv);
219089Spjd	CALLB_CPR_EXIT(&cprinfo);	/* drops spa_proc_lock */
219089Spjd
219089Spjd	mutex_enter(&curproc->p_lock);
219089Spjd	lwp_exit();
219089Spjd}
219089Spjd#endif	/* SPA_PROCESS */
219089Spjd#endif
219089Spjd
219089Spjd/*
219089Spjd * Activate an uninitialized pool.
219089Spjd */
219089Spjdstatic void
219089Spjdspa_activate(spa_t *spa, int mode)
219089Spjd{
219089Spjd	ASSERT(spa->spa_state == POOL_STATE_UNINITIALIZED);
219089Spjd
219089Spjd	spa->spa_state = POOL_STATE_ACTIVE;
219089Spjd	spa->spa_mode = mode;
219089Spjd
219089Spjd	spa->spa_normal_class = metaslab_class_create(spa, zfs_metaslab_ops);
219089Spjd	spa->spa_log_class = metaslab_class_create(spa, zfs_metaslab_ops);
219089Spjd
219089Spjd	/* Try to create a covering process */
219089Spjd	mutex_enter(&spa->spa_proc_lock);
219089Spjd	ASSERT(spa->spa_proc_state == SPA_PROC_NONE);
219089Spjd	ASSERT(spa->spa_proc == &p0);
219089Spjd	spa->spa_did = 0;
219089Spjd
219089Spjd#ifdef SPA_PROCESS
219089Spjd	/* Only create a process if we're going to be around a while. */
219089Spjd	if (spa_create_process && strcmp(spa->spa_name, TRYIMPORT_NAME) != 0) {
219089Spjd		if (newproc(spa_thread, (caddr_t)spa, syscid, maxclsyspri,
219089Spjd		    NULL, 0) == 0) {
219089Spjd			spa->spa_proc_state = SPA_PROC_CREATED;
219089Spjd			while (spa->spa_proc_state == SPA_PROC_CREATED) {
219089Spjd				cv_wait(&spa->spa_proc_cv,
219089Spjd				    &spa->spa_proc_lock);
209962Smm			}
219089Spjd			ASSERT(spa->spa_proc_state == SPA_PROC_ACTIVE);
219089Spjd			ASSERT(spa->spa_proc != &p0);
219089Spjd			ASSERT(spa->spa_did != 0);
219089Spjd		} else {
219089Spjd#ifdef _KERNEL
219089Spjd			cmn_err(CE_WARN,
219089Spjd			    "Couldn't create process for zfs pool \"%s\"\n",
219089Spjd			    spa->spa_name);
219089Spjd#endif
185029Spjd		}
168404Spjd	}
219089Spjd#endif	/* SPA_PROCESS */
219089Spjd	mutex_exit(&spa->spa_proc_lock);
168404Spjd
219089Spjd	/* If we didn't create a process, we need to create our taskqs. */
219089Spjd	ASSERT(spa->spa_proc == &p0);
219089Spjd	if (spa->spa_proc == &p0) {
219089Spjd		spa_create_zio_taskqs(spa);
219089Spjd	}
219089Spjd
240868Spjd	/*
240868Spjd	 * Start TRIM thread.
240868Spjd	 */
240868Spjd	trim_thread_create(spa);
240868Spjd
332525Smav	for (size_t i = 0; i < TXG_SIZE; i++)
332525Smav		spa->spa_txg_zio[i] = zio_root(spa, NULL, NULL, 0);
332525Smav
185029Spjd	list_create(&spa->spa_config_dirty_list, sizeof (vdev_t),
185029Spjd	    offsetof(vdev_t, vdev_config_dirty_node));
286575Smav	list_create(&spa->spa_evicting_os_list, sizeof (objset_t),
286575Smav	    offsetof(objset_t, os_evicting_node));
185029Spjd	list_create(&spa->spa_state_dirty_list, sizeof (vdev_t),
185029Spjd	    offsetof(vdev_t, vdev_state_dirty_node));
168404Spjd
321567Smav	txg_list_create(&spa->spa_vdev_txg_list, spa,
168404Spjd	    offsetof(struct vdev, vdev_txg_node));
168404Spjd
168404Spjd	avl_create(&spa->spa_errlist_scrub,
168404Spjd	    spa_error_entry_compare, sizeof (spa_error_entry_t),
168404Spjd	    offsetof(spa_error_entry_t, se_avl));
168404Spjd	avl_create(&spa->spa_errlist_last,
168404Spjd	    spa_error_entry_compare, sizeof (spa_error_entry_t),
168404Spjd	    offsetof(spa_error_entry_t, se_avl));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Opposite of spa_activate().
168404Spjd */
168404Spjdstatic void
168404Spjdspa_deactivate(spa_t *spa)
168404Spjd{
168404Spjd	ASSERT(spa->spa_sync_on == B_FALSE);
168404Spjd	ASSERT(spa->spa_dsl_pool == NULL);
168404Spjd	ASSERT(spa->spa_root_vdev == NULL);
209962Smm	ASSERT(spa->spa_async_zio_root == NULL);
168404Spjd	ASSERT(spa->spa_state != POOL_STATE_UNINITIALIZED);
168404Spjd
240868Spjd	/*
240868Spjd	 * Stop TRIM thread in case spa_unload() wasn't called directly
240868Spjd	 * before spa_deactivate().
240868Spjd	 */
240868Spjd	trim_thread_destroy(spa);
240868Spjd
286575Smav	spa_evicting_os_wait(spa);
286575Smav
168404Spjd	txg_list_destroy(&spa->spa_vdev_txg_list);
168404Spjd
185029Spjd	list_destroy(&spa->spa_config_dirty_list);
286575Smav	list_destroy(&spa->spa_evicting_os_list);
185029Spjd	list_destroy(&spa->spa_state_dirty_list);
168404Spjd
185029Spjd	for (int t = 0; t < ZIO_TYPES; t++) {
185029Spjd		for (int q = 0; q < ZIO_TASKQ_TYPES; q++) {
258631Savg			spa_taskqs_fini(spa, t, q);
185029Spjd		}
168404Spjd	}
168404Spjd
332525Smav	for (size_t i = 0; i < TXG_SIZE; i++) {
332525Smav		ASSERT3P(spa->spa_txg_zio[i], !=, NULL);
332525Smav		VERIFY0(zio_wait(spa->spa_txg_zio[i]));
332525Smav		spa->spa_txg_zio[i] = NULL;
332525Smav	}
332525Smav
168404Spjd	metaslab_class_destroy(spa->spa_normal_class);
168404Spjd	spa->spa_normal_class = NULL;
168404Spjd
185029Spjd	metaslab_class_destroy(spa->spa_log_class);
185029Spjd	spa->spa_log_class = NULL;
185029Spjd
168404Spjd	/*
168404Spjd	 * If this was part of an import or the open otherwise failed, we may
168404Spjd	 * still have errors left in the queues.  Empty them just in case.
168404Spjd	 */
168404Spjd	spa_errlog_drain(spa);
168404Spjd
168404Spjd	avl_destroy(&spa->spa_errlist_scrub);
168404Spjd	avl_destroy(&spa->spa_errlist_last);
168404Spjd
168404Spjd	spa->spa_state = POOL_STATE_UNINITIALIZED;
219089Spjd
219089Spjd	mutex_enter(&spa->spa_proc_lock);
219089Spjd	if (spa->spa_proc_state != SPA_PROC_NONE) {
219089Spjd		ASSERT(spa->spa_proc_state == SPA_PROC_ACTIVE);
219089Spjd		spa->spa_proc_state = SPA_PROC_DEACTIVATE;
219089Spjd		cv_broadcast(&spa->spa_proc_cv);
219089Spjd		while (spa->spa_proc_state == SPA_PROC_DEACTIVATE) {
219089Spjd			ASSERT(spa->spa_proc != &p0);
219089Spjd			cv_wait(&spa->spa_proc_cv, &spa->spa_proc_lock);
219089Spjd		}
219089Spjd		ASSERT(spa->spa_proc_state == SPA_PROC_GONE);
219089Spjd		spa->spa_proc_state = SPA_PROC_NONE;
219089Spjd	}
219089Spjd	ASSERT(spa->spa_proc == &p0);
219089Spjd	mutex_exit(&spa->spa_proc_lock);
219089Spjd
219089Spjd#ifdef SPA_PROCESS
219089Spjd	/*
219089Spjd	 * We want to make sure spa_thread() has actually exited the ZFS
219089Spjd	 * module, so that the module can't be unloaded out from underneath
219089Spjd	 * it.
219089Spjd	 */
219089Spjd	if (spa->spa_did != 0) {
219089Spjd		thread_join(spa->spa_did);
219089Spjd		spa->spa_did = 0;
219089Spjd	}
219089Spjd#endif	/* SPA_PROCESS */
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Verify a pool configuration, and construct the vdev tree appropriately.  This
168404Spjd * will create all the necessary vdevs in the appropriate layout, with each vdev
168404Spjd * in the CLOSED state.  This will prep the pool before open/creation/import.
168404Spjd * All vdev validation is done by the vdev_alloc() routine.
168404Spjd */
168404Spjdstatic int
168404Spjdspa_config_parse(spa_t *spa, vdev_t **vdp, nvlist_t *nv, vdev_t *parent,
168404Spjd    uint_t id, int atype)
168404Spjd{
168404Spjd	nvlist_t **child;
219089Spjd	uint_t children;
168404Spjd	int error;
168404Spjd
168404Spjd	if ((error = vdev_alloc(spa, vdp, nv, parent, id, atype)) != 0)
168404Spjd		return (error);
168404Spjd
168404Spjd	if ((*vdp)->vdev_ops->vdev_op_leaf)
168404Spjd		return (0);
168404Spjd
185029Spjd	error = nvlist_lookup_nvlist_array(nv, ZPOOL_CONFIG_CHILDREN,
185029Spjd	    &child, &children);
185029Spjd
185029Spjd	if (error == ENOENT)
185029Spjd		return (0);
185029Spjd
185029Spjd	if (error) {
168404Spjd		vdev_free(*vdp);
168404Spjd		*vdp = NULL;
249195Smm		return (SET_ERROR(EINVAL));
168404Spjd	}
168404Spjd
219089Spjd	for (int c = 0; c < children; c++) {
168404Spjd		vdev_t *vd;
168404Spjd		if ((error = spa_config_parse(spa, &vd, child[c], *vdp, c,
168404Spjd		    atype)) != 0) {
168404Spjd			vdev_free(*vdp);
168404Spjd			*vdp = NULL;
168404Spjd			return (error);
168404Spjd		}
168404Spjd	}
168404Spjd
168404Spjd	ASSERT(*vdp != NULL);
168404Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Opposite of spa_load().
168404Spjd */
168404Spjdstatic void
168404Spjdspa_unload(spa_t *spa)
168404Spjd{
168404Spjd	int i;
168404Spjd
185029Spjd	ASSERT(MUTEX_HELD(&spa_namespace_lock));
185029Spjd
332530Smav	spa_load_note(spa, "UNLOADING");
332530Smav
168404Spjd	/*
240868Spjd	 * Stop TRIM thread.
240868Spjd	 */
240868Spjd	trim_thread_destroy(spa);
240868Spjd
240868Spjd	/*
168404Spjd	 * Stop async tasks.
168404Spjd	 */
168404Spjd	spa_async_suspend(spa);
168404Spjd
168404Spjd	/*
168404Spjd	 * Stop syncing.
168404Spjd	 */
168404Spjd	if (spa->spa_sync_on) {
168404Spjd		txg_sync_stop(spa->spa_dsl_pool);
168404Spjd		spa->spa_sync_on = B_FALSE;
168404Spjd	}
168404Spjd
168404Spjd	/*
321529Smav	 * Even though vdev_free() also calls vdev_metaslab_fini, we need
321529Smav	 * to call it earlier, before we wait for async i/o to complete.
321529Smav	 * This ensures that there is no async metaslab prefetching, by
321529Smav	 * calling taskq_wait(mg_taskq).
321529Smav	 */
321529Smav	if (spa->spa_root_vdev != NULL) {
321529Smav		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
321529Smav		for (int c = 0; c < spa->spa_root_vdev->vdev_children; c++)
321529Smav			vdev_metaslab_fini(spa->spa_root_vdev->vdev_child[c]);
321529Smav		spa_config_exit(spa, SCL_ALL, FTAG);
321529Smav	}
321529Smav
321529Smav	/*
185029Spjd	 * Wait for any outstanding async I/O to complete.
168404Spjd	 */
209962Smm	if (spa->spa_async_zio_root != NULL) {
272598Sdelphij		for (int i = 0; i < max_ncpus; i++)
272598Sdelphij			(void) zio_wait(spa->spa_async_zio_root[i]);
272598Sdelphij		kmem_free(spa->spa_async_zio_root, max_ncpus * sizeof (void *));
209962Smm		spa->spa_async_zio_root = NULL;
209962Smm	}
168404Spjd
332525Smav	if (spa->spa_vdev_removal != NULL) {
332525Smav		spa_vdev_removal_destroy(spa->spa_vdev_removal);
332525Smav		spa->spa_vdev_removal = NULL;
332525Smav	}
332525Smav
332537Smav	if (spa->spa_condense_zthr != NULL) {
332537Smav		ASSERT(!zthr_isrunning(spa->spa_condense_zthr));
332537Smav		zthr_destroy(spa->spa_condense_zthr);
332537Smav		spa->spa_condense_zthr = NULL;
332537Smav	}
332537Smav
332547Smav	if (spa->spa_checkpoint_discard_zthr != NULL) {
332547Smav		ASSERT(!zthr_isrunning(spa->spa_checkpoint_discard_zthr));
332547Smav		zthr_destroy(spa->spa_checkpoint_discard_zthr);
332547Smav		spa->spa_checkpoint_discard_zthr = NULL;
332547Smav	}
332547Smav
332525Smav	spa_condense_fini(spa);
332525Smav
219089Spjd	bpobj_close(&spa->spa_deferred_bpobj);
219089Spjd
258717Savg	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
258717Savg
168404Spjd	/*
258717Savg	 * Close all vdevs.
258717Savg	 */
258717Savg	if (spa->spa_root_vdev)
258717Savg		vdev_free(spa->spa_root_vdev);
258717Savg	ASSERT(spa->spa_root_vdev == NULL);
258717Savg
258717Savg	/*
168404Spjd	 * Close the dsl pool.
168404Spjd	 */
168404Spjd	if (spa->spa_dsl_pool) {
168404Spjd		dsl_pool_close(spa->spa_dsl_pool);
168404Spjd		spa->spa_dsl_pool = NULL;
219089Spjd		spa->spa_meta_objset = NULL;
168404Spjd	}
168404Spjd
219089Spjd	ddt_unload(spa);
219089Spjd
168404Spjd	/*
209962Smm	 * Drop and purge level 2 cache
209962Smm	 */
209962Smm	spa_l2cache_drop(spa);
209962Smm
185029Spjd	for (i = 0; i < spa->spa_spares.sav_count; i++)
185029Spjd		vdev_free(spa->spa_spares.sav_vdevs[i]);
185029Spjd	if (spa->spa_spares.sav_vdevs) {
185029Spjd		kmem_free(spa->spa_spares.sav_vdevs,
185029Spjd		    spa->spa_spares.sav_count * sizeof (void *));
185029Spjd		spa->spa_spares.sav_vdevs = NULL;
168404Spjd	}
185029Spjd	if (spa->spa_spares.sav_config) {
185029Spjd		nvlist_free(spa->spa_spares.sav_config);
185029Spjd		spa->spa_spares.sav_config = NULL;
168404Spjd	}
185029Spjd	spa->spa_spares.sav_count = 0;
168404Spjd
230514Smm	for (i = 0; i < spa->spa_l2cache.sav_count; i++) {
230514Smm		vdev_clear_stats(spa->spa_l2cache.sav_vdevs[i]);
185029Spjd		vdev_free(spa->spa_l2cache.sav_vdevs[i]);
230514Smm	}
185029Spjd	if (spa->spa_l2cache.sav_vdevs) {
185029Spjd		kmem_free(spa->spa_l2cache.sav_vdevs,
185029Spjd		    spa->spa_l2cache.sav_count * sizeof (void *));
185029Spjd		spa->spa_l2cache.sav_vdevs = NULL;
185029Spjd	}
185029Spjd	if (spa->spa_l2cache.sav_config) {
185029Spjd		nvlist_free(spa->spa_l2cache.sav_config);
185029Spjd		spa->spa_l2cache.sav_config = NULL;
185029Spjd	}
185029Spjd	spa->spa_l2cache.sav_count = 0;
185029Spjd
168404Spjd	spa->spa_async_suspended = 0;
209962Smm
332525Smav	spa->spa_indirect_vdevs_loaded = B_FALSE;
332525Smav
228103Smm	if (spa->spa_comment != NULL) {
228103Smm		spa_strfree(spa->spa_comment);
228103Smm		spa->spa_comment = NULL;
228103Smm	}
228103Smm
209962Smm	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Load (or re-load) the current list of vdevs describing the active spares for
168404Spjd * this pool.  When this is called, we have some form of basic information in
185029Spjd * 'spa_spares.sav_config'.  We parse this into vdevs, try to open them, and
185029Spjd * then re-generate a more complete list including status information.
168404Spjd */
332525Smavvoid
168404Spjdspa_load_spares(spa_t *spa)
168404Spjd{
168404Spjd	nvlist_t **spares;
168404Spjd	uint_t nspares;
168404Spjd	int i;
168404Spjd	vdev_t *vd, *tvd;
168404Spjd
332547Smav#ifndef _KERNEL
332547Smav	/*
332547Smav	 * zdb opens both the current state of the pool and the
332547Smav	 * checkpointed state (if present), with a different spa_t.
332547Smav	 *
332547Smav	 * As spare vdevs are shared among open pools, we skip loading
332547Smav	 * them when we load the checkpointed state of the pool.
332547Smav	 */
332547Smav	if (!spa_writeable(spa))
332547Smav		return;
332547Smav#endif
332547Smav
185029Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
185029Spjd
168404Spjd	/*
168404Spjd	 * First, close and free any existing spare vdevs.
168404Spjd	 */
185029Spjd	for (i = 0; i < spa->spa_spares.sav_count; i++) {
185029Spjd		vd = spa->spa_spares.sav_vdevs[i];
168404Spjd
168404Spjd		/* Undo the call to spa_activate() below */
185029Spjd		if ((tvd = spa_lookup_by_guid(spa, vd->vdev_guid,
185029Spjd		    B_FALSE)) != NULL && tvd->vdev_isspare)
168404Spjd			spa_spare_remove(tvd);
168404Spjd		vdev_close(vd);
168404Spjd		vdev_free(vd);
168404Spjd	}
168404Spjd
185029Spjd	if (spa->spa_spares.sav_vdevs)
185029Spjd		kmem_free(spa->spa_spares.sav_vdevs,
185029Spjd		    spa->spa_spares.sav_count * sizeof (void *));
168404Spjd
185029Spjd	if (spa->spa_spares.sav_config == NULL)
168404Spjd		nspares = 0;
168404Spjd	else
185029Spjd		VERIFY(nvlist_lookup_nvlist_array(spa->spa_spares.sav_config,
168404Spjd		    ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
168404Spjd
185029Spjd	spa->spa_spares.sav_count = (int)nspares;
185029Spjd	spa->spa_spares.sav_vdevs = NULL;
168404Spjd
168404Spjd	if (nspares == 0)
168404Spjd		return;
168404Spjd
168404Spjd	/*
168404Spjd	 * Construct the array of vdevs, opening them to get status in the
168404Spjd	 * process.   For each spare, there is potentially two different vdev_t
168404Spjd	 * structures associated with it: one in the list of spares (used only
168404Spjd	 * for basic validation purposes) and one in the active vdev
168404Spjd	 * configuration (if it's spared in).  During this phase we open and
168404Spjd	 * validate each vdev on the spare list.  If the vdev also exists in the
168404Spjd	 * active configuration, then we also mark this vdev as an active spare.
168404Spjd	 */
185029Spjd	spa->spa_spares.sav_vdevs = kmem_alloc(nspares * sizeof (void *),
185029Spjd	    KM_SLEEP);
185029Spjd	for (i = 0; i < spa->spa_spares.sav_count; i++) {
168404Spjd		VERIFY(spa_config_parse(spa, &vd, spares[i], NULL, 0,
168404Spjd		    VDEV_ALLOC_SPARE) == 0);
168404Spjd		ASSERT(vd != NULL);
168404Spjd
185029Spjd		spa->spa_spares.sav_vdevs[i] = vd;
168404Spjd
185029Spjd		if ((tvd = spa_lookup_by_guid(spa, vd->vdev_guid,
185029Spjd		    B_FALSE)) != NULL) {
168404Spjd			if (!tvd->vdev_isspare)
168404Spjd				spa_spare_add(tvd);
168404Spjd
168404Spjd			/*
168404Spjd			 * We only mark the spare active if we were successfully
168404Spjd			 * able to load the vdev.  Otherwise, importing a pool
168404Spjd			 * with a bad active spare would result in strange
168404Spjd			 * behavior, because multiple pool would think the spare
168404Spjd			 * is actively in use.
168404Spjd			 *
168404Spjd			 * There is a vulnerability here to an equally bizarre
168404Spjd			 * circumstance, where a dead active spare is later
168404Spjd			 * brought back to life (onlined or otherwise).  Given
168404Spjd			 * the rarity of this scenario, and the extra complexity
168404Spjd			 * it adds, we ignore the possibility.
168404Spjd			 */
168404Spjd			if (!vdev_is_dead(tvd))
168404Spjd				spa_spare_activate(tvd);
168404Spjd		}
168404Spjd
185029Spjd		vd->vdev_top = vd;
209962Smm		vd->vdev_aux = &spa->spa_spares;
185029Spjd
168404Spjd		if (vdev_open(vd) != 0)
168404Spjd			continue;
168404Spjd
185029Spjd		if (vdev_validate_aux(vd) == 0)
185029Spjd			spa_spare_add(vd);
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Recompute the stashed list of spares, with status information
168404Spjd	 * this time.
168404Spjd	 */
185029Spjd	VERIFY(nvlist_remove(spa->spa_spares.sav_config, ZPOOL_CONFIG_SPARES,
168404Spjd	    DATA_TYPE_NVLIST_ARRAY) == 0);
168404Spjd
185029Spjd	spares = kmem_alloc(spa->spa_spares.sav_count * sizeof (void *),
185029Spjd	    KM_SLEEP);
185029Spjd	for (i = 0; i < spa->spa_spares.sav_count; i++)
185029Spjd		spares[i] = vdev_config_generate(spa,
219089Spjd		    spa->spa_spares.sav_vdevs[i], B_TRUE, VDEV_CONFIG_SPARE);
185029Spjd	VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
185029Spjd	    ZPOOL_CONFIG_SPARES, spares, spa->spa_spares.sav_count) == 0);
185029Spjd	for (i = 0; i < spa->spa_spares.sav_count; i++)
168404Spjd		nvlist_free(spares[i]);
185029Spjd	kmem_free(spares, spa->spa_spares.sav_count * sizeof (void *));
168404Spjd}
168404Spjd
185029Spjd/*
185029Spjd * Load (or re-load) the current list of vdevs describing the active l2cache for
185029Spjd * this pool.  When this is called, we have some form of basic information in
185029Spjd * 'spa_l2cache.sav_config'.  We parse this into vdevs, try to open them, and
185029Spjd * then re-generate a more complete list including status information.
185029Spjd * Devices which are already active have their details maintained, and are
185029Spjd * not re-opened.
185029Spjd */
332525Smavvoid
185029Spjdspa_load_l2cache(spa_t *spa)
185029Spjd{
185029Spjd	nvlist_t **l2cache;
185029Spjd	uint_t nl2cache;
185029Spjd	int i, j, oldnvdevs;
219089Spjd	uint64_t guid;
185029Spjd	vdev_t *vd, **oldvdevs, **newvdevs;
185029Spjd	spa_aux_vdev_t *sav = &spa->spa_l2cache;
185029Spjd
332547Smav#ifndef _KERNEL
332547Smav	/*
332547Smav	 * zdb opens both the current state of the pool and the
332547Smav	 * checkpointed state (if present), with a different spa_t.
332547Smav	 *
332547Smav	 * As L2 caches are part of the ARC which is shared among open
332547Smav	 * pools, we skip loading them when we load the checkpointed
332547Smav	 * state of the pool.
332547Smav	 */
332547Smav	if (!spa_writeable(spa))
332547Smav		return;
332547Smav#endif
332547Smav
185029Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
185029Spjd
185029Spjd	if (sav->sav_config != NULL) {
185029Spjd		VERIFY(nvlist_lookup_nvlist_array(sav->sav_config,
185029Spjd		    ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
185029Spjd		newvdevs = kmem_alloc(nl2cache * sizeof (void *), KM_SLEEP);
185029Spjd	} else {
185029Spjd		nl2cache = 0;
247187Smm		newvdevs = NULL;
185029Spjd	}
185029Spjd
185029Spjd	oldvdevs = sav->sav_vdevs;
185029Spjd	oldnvdevs = sav->sav_count;
185029Spjd	sav->sav_vdevs = NULL;
185029Spjd	sav->sav_count = 0;
185029Spjd
185029Spjd	/*
185029Spjd	 * Process new nvlist of vdevs.
185029Spjd	 */
185029Spjd	for (i = 0; i < nl2cache; i++) {
185029Spjd		VERIFY(nvlist_lookup_uint64(l2cache[i], ZPOOL_CONFIG_GUID,
185029Spjd		    &guid) == 0);
185029Spjd
185029Spjd		newvdevs[i] = NULL;
185029Spjd		for (j = 0; j < oldnvdevs; j++) {
185029Spjd			vd = oldvdevs[j];
185029Spjd			if (vd != NULL && guid == vd->vdev_guid) {
185029Spjd				/*
185029Spjd				 * Retain previous vdev for add/remove ops.
185029Spjd				 */
185029Spjd				newvdevs[i] = vd;
185029Spjd				oldvdevs[j] = NULL;
185029Spjd				break;
185029Spjd			}
185029Spjd		}
185029Spjd
185029Spjd		if (newvdevs[i] == NULL) {
185029Spjd			/*
185029Spjd			 * Create new vdev
185029Spjd			 */
185029Spjd			VERIFY(spa_config_parse(spa, &vd, l2cache[i], NULL, 0,
185029Spjd			    VDEV_ALLOC_L2CACHE) == 0);
185029Spjd			ASSERT(vd != NULL);
185029Spjd			newvdevs[i] = vd;
185029Spjd
185029Spjd			/*
185029Spjd			 * Commit this vdev as an l2cache device,
185029Spjd			 * even if it fails to open.
185029Spjd			 */
185029Spjd			spa_l2cache_add(vd);
185029Spjd
185029Spjd			vd->vdev_top = vd;
185029Spjd			vd->vdev_aux = sav;
185029Spjd
185029Spjd			spa_l2cache_activate(vd);
185029Spjd
185029Spjd			if (vdev_open(vd) != 0)
185029Spjd				continue;
185029Spjd
185029Spjd			(void) vdev_validate_aux(vd);
185029Spjd
219089Spjd			if (!vdev_is_dead(vd))
219089Spjd				l2arc_add_vdev(spa, vd);
185029Spjd		}
185029Spjd	}
185029Spjd
185029Spjd	/*
185029Spjd	 * Purge vdevs that were dropped
185029Spjd	 */
185029Spjd	for (i = 0; i < oldnvdevs; i++) {
185029Spjd		uint64_t pool;
185029Spjd
185029Spjd		vd = oldvdevs[i];
185029Spjd		if (vd != NULL) {
230514Smm			ASSERT(vd->vdev_isl2cache);
230514Smm
209962Smm			if (spa_l2cache_exists(vd->vdev_guid, &pool) &&
209962Smm			    pool != 0ULL && l2arc_vdev_present(vd))
185029Spjd				l2arc_remove_vdev(vd);
230514Smm			vdev_clear_stats(vd);
230514Smm			vdev_free(vd);
185029Spjd		}
185029Spjd	}
185029Spjd
185029Spjd	if (oldvdevs)
185029Spjd		kmem_free(oldvdevs, oldnvdevs * sizeof (void *));
185029Spjd
185029Spjd	if (sav->sav_config == NULL)
185029Spjd		goto out;
185029Spjd
185029Spjd	sav->sav_vdevs = newvdevs;
185029Spjd	sav->sav_count = (int)nl2cache;
185029Spjd
185029Spjd	/*
185029Spjd	 * Recompute the stashed list of l2cache devices, with status
185029Spjd	 * information this time.
185029Spjd	 */
185029Spjd	VERIFY(nvlist_remove(sav->sav_config, ZPOOL_CONFIG_L2CACHE,
185029Spjd	    DATA_TYPE_NVLIST_ARRAY) == 0);
185029Spjd
185029Spjd	l2cache = kmem_alloc(sav->sav_count * sizeof (void *), KM_SLEEP);
185029Spjd	for (i = 0; i < sav->sav_count; i++)
185029Spjd		l2cache[i] = vdev_config_generate(spa,
219089Spjd		    sav->sav_vdevs[i], B_TRUE, VDEV_CONFIG_L2CACHE);
185029Spjd	VERIFY(nvlist_add_nvlist_array(sav->sav_config,
185029Spjd	    ZPOOL_CONFIG_L2CACHE, l2cache, sav->sav_count) == 0);
185029Spjdout:
185029Spjd	for (i = 0; i < sav->sav_count; i++)
185029Spjd		nvlist_free(l2cache[i]);
185029Spjd	if (sav->sav_count)
185029Spjd		kmem_free(l2cache, sav->sav_count * sizeof (void *));
185029Spjd}
185029Spjd
168404Spjdstatic int
168404Spjdload_nvlist(spa_t *spa, uint64_t obj, nvlist_t **value)
168404Spjd{
168404Spjd	dmu_buf_t *db;
168404Spjd	char *packed = NULL;
168404Spjd	size_t nvsize = 0;
168404Spjd	int error;
168404Spjd	*value = NULL;
168404Spjd
262676Sdelphij	error = dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db);
262676Sdelphij	if (error != 0)
262676Sdelphij		return (error);
287744Sdelphij
168404Spjd	nvsize = *(uint64_t *)db->db_data;
168404Spjd	dmu_buf_rele(db, FTAG);
168404Spjd
168404Spjd	packed = kmem_alloc(nvsize, KM_SLEEP);
209962Smm	error = dmu_read(spa->spa_meta_objset, obj, 0, nvsize, packed,
209962Smm	    DMU_READ_PREFETCH);
168404Spjd	if (error == 0)
168404Spjd		error = nvlist_unpack(packed, nvsize, value, 0);
168404Spjd	kmem_free(packed, nvsize);
168404Spjd
168404Spjd	return (error);
168404Spjd}
168404Spjd
168404Spjd/*
332536Smav * Concrete top-level vdevs that are not missing and are not logs. At every
332536Smav * spa_sync we write new uberblocks to at least SPA_SYNC_MIN_VDEVS core tvds.
332536Smav */
332536Smavstatic uint64_t
332536Smavspa_healthy_core_tvds(spa_t *spa)
332536Smav{
332536Smav	vdev_t *rvd = spa->spa_root_vdev;
332536Smav	uint64_t tvds = 0;
332536Smav
332536Smav	for (uint64_t i = 0; i < rvd->vdev_children; i++) {
332536Smav		vdev_t *vd = rvd->vdev_child[i];
332536Smav		if (vd->vdev_islog)
332536Smav			continue;
332536Smav		if (vdev_is_concrete(vd) && !vdev_is_dead(vd))
332536Smav			tvds++;
332536Smav	}
332536Smav
332536Smav	return (tvds);
332536Smav}
332536Smav
332536Smav/*
185029Spjd * Checks to see if the given vdev could not be opened, in which case we post a
185029Spjd * sysevent to notify the autoreplace code that the device has been removed.
185029Spjd */
185029Spjdstatic void
185029Spjdspa_check_removed(vdev_t *vd)
185029Spjd{
332536Smav	for (uint64_t c = 0; c < vd->vdev_children; c++)
185029Spjd		spa_check_removed(vd->vdev_child[c]);
185029Spjd
249188Smm	if (vd->vdev_ops->vdev_op_leaf && vdev_is_dead(vd) &&
332525Smav	    vdev_is_concrete(vd)) {
185029Spjd		zfs_post_autoreplace(vd->vdev_spa, vd);
331397Smav		spa_event_notify(vd->vdev_spa, vd, NULL, ESC_ZFS_VDEV_CHECK);
185029Spjd	}
185029Spjd}
185029Spjd
332536Smavstatic int
332536Smavspa_check_for_missing_logs(spa_t *spa)
299441Smav{
332536Smav	vdev_t *rvd = spa->spa_root_vdev;
299441Smav
219089Spjd	/*
219089Spjd	 * If we're doing a normal import, then build up any additional
332536Smav	 * diagnostic information about missing log devices.
219089Spjd	 * We'll pass this up to the user for further processing.
219089Spjd	 */
219089Spjd	if (!(spa->spa_import_flags & ZFS_IMPORT_MISSING_LOG)) {
219089Spjd		nvlist_t **child, *nv;
219089Spjd		uint64_t idx = 0;
219089Spjd
219089Spjd		child = kmem_alloc(rvd->vdev_children * sizeof (nvlist_t **),
219089Spjd		    KM_SLEEP);
219089Spjd		VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
219089Spjd
332536Smav		for (uint64_t c = 0; c < rvd->vdev_children; c++) {
219089Spjd			vdev_t *tvd = rvd->vdev_child[c];
219089Spjd
332536Smav			/*
332536Smav			 * We consider a device as missing only if it failed
332536Smav			 * to open (i.e. offline or faulted is not considered
332536Smav			 * as missing).
332536Smav			 */
332536Smav			if (tvd->vdev_islog &&
332536Smav			    tvd->vdev_state == VDEV_STATE_CANT_OPEN) {
332536Smav				child[idx++] = vdev_config_generate(spa, tvd,
332536Smav				    B_FALSE, VDEV_CONFIG_MISSING);
332536Smav			}
219089Spjd		}
219089Spjd
332536Smav		if (idx > 0) {
332536Smav			fnvlist_add_nvlist_array(nv,
332536Smav			    ZPOOL_CONFIG_CHILDREN, child, idx);
332536Smav			fnvlist_add_nvlist(spa->spa_load_info,
332536Smav			    ZPOOL_CONFIG_MISSING_DEVICES, nv);
219089Spjd
332536Smav			for (uint64_t i = 0; i < idx; i++)
219089Spjd				nvlist_free(child[i]);
219089Spjd		}
219089Spjd		nvlist_free(nv);
219089Spjd		kmem_free(child, rvd->vdev_children * sizeof (char **));
219089Spjd
332536Smav		if (idx > 0) {
332536Smav			spa_load_failed(spa, "some log devices are missing");
332549Smav			vdev_dbgmsg_print_tree(rvd, 2);
332536Smav			return (SET_ERROR(ENXIO));
332536Smav		}
332536Smav	} else {
332536Smav		for (uint64_t c = 0; c < rvd->vdev_children; c++) {
332536Smav			vdev_t *tvd = rvd->vdev_child[c];
213197Smm
332536Smav			if (tvd->vdev_islog &&
332536Smav			    tvd->vdev_state == VDEV_STATE_CANT_OPEN) {
219089Spjd				spa_set_log_state(spa, SPA_LOG_CLEAR);
332536Smav				spa_load_note(spa, "some log devices are "
332536Smav				    "missing, ZIL is dropped.");
332549Smav				vdev_dbgmsg_print_tree(rvd, 2);
332536Smav				break;
219089Spjd			}
219089Spjd		}
213197Smm	}
299441Smav
332536Smav	return (0);
213197Smm}
213197Smm
213197Smm/*
185029Spjd * Check for missing log devices
185029Spjd */
248571Smmstatic boolean_t
185029Spjdspa_check_logs(spa_t *spa)
185029Spjd{
248571Smm	boolean_t rv = B_FALSE;
286686Smav	dsl_pool_t *dp = spa_get_dsl(spa);
248571Smm
185029Spjd	switch (spa->spa_log_state) {
185029Spjd	case SPA_LOG_MISSING:
185029Spjd		/* need to recheck in case slog has been restored */
185029Spjd	case SPA_LOG_UNKNOWN:
286686Smav		rv = (dmu_objset_find_dp(dp, dp->dp_root_dir_obj,
286686Smav		    zil_check_log_chain, NULL, DS_FIND_CHILDREN) != 0);
248571Smm		if (rv)
219089Spjd			spa_set_log_state(spa, SPA_LOG_MISSING);
185029Spjd		break;
185029Spjd	}
248571Smm	return (rv);
185029Spjd}
185029Spjd
219089Spjdstatic boolean_t
219089Spjdspa_passivate_log(spa_t *spa)
219089Spjd{
219089Spjd	vdev_t *rvd = spa->spa_root_vdev;
219089Spjd	boolean_t slog_found = B_FALSE;
219089Spjd
219089Spjd	ASSERT(spa_config_held(spa, SCL_ALLOC, RW_WRITER));
219089Spjd
219089Spjd	if (!spa_has_slogs(spa))
219089Spjd		return (B_FALSE);
219089Spjd
219089Spjd	for (int c = 0; c < rvd->vdev_children; c++) {
219089Spjd		vdev_t *tvd = rvd->vdev_child[c];
219089Spjd		metaslab_group_t *mg = tvd->vdev_mg;
219089Spjd
219089Spjd		if (tvd->vdev_islog) {
219089Spjd			metaslab_group_passivate(mg);
219089Spjd			slog_found = B_TRUE;
219089Spjd		}
219089Spjd	}
219089Spjd
219089Spjd	return (slog_found);
219089Spjd}
219089Spjd
219089Spjdstatic void
219089Spjdspa_activate_log(spa_t *spa)
219089Spjd{
219089Spjd	vdev_t *rvd = spa->spa_root_vdev;
219089Spjd
219089Spjd	ASSERT(spa_config_held(spa, SCL_ALLOC, RW_WRITER));
219089Spjd
219089Spjd	for (int c = 0; c < rvd->vdev_children; c++) {
219089Spjd		vdev_t *tvd = rvd->vdev_child[c];
219089Spjd		metaslab_group_t *mg = tvd->vdev_mg;
219089Spjd
219089Spjd		if (tvd->vdev_islog)
219089Spjd			metaslab_group_activate(mg);
219089Spjd	}
219089Spjd}
219089Spjd
219089Spjdint
332525Smavspa_reset_logs(spa_t *spa)
219089Spjd{
248571Smm	int error;
219089Spjd
332525Smav	error = dmu_objset_find(spa_name(spa), zil_reset,
248571Smm	    NULL, DS_FIND_CHILDREN);
248571Smm	if (error == 0) {
219089Spjd		/*
219089Spjd		 * We successfully offlined the log device, sync out the
219089Spjd		 * current txg so that the "stubby" block can be removed
219089Spjd		 * by zil_sync().
219089Spjd		 */
219089Spjd		txg_wait_synced(spa->spa_dsl_pool, 0);
219089Spjd	}
219089Spjd	return (error);
219089Spjd}
219089Spjd
219089Spjdstatic void
219089Spjdspa_aux_check_removed(spa_aux_vdev_t *sav)
219089Spjd{
219089Spjd	int i;
219089Spjd
219089Spjd	for (i = 0; i < sav->sav_count; i++)
219089Spjd		spa_check_removed(sav->sav_vdevs[i]);
219089Spjd}
219089Spjd
219089Spjdvoid
219089Spjdspa_claim_notify(zio_t *zio)
219089Spjd{
219089Spjd	spa_t *spa = zio->io_spa;
219089Spjd
219089Spjd	if (zio->io_error)
219089Spjd		return;
219089Spjd
219089Spjd	mutex_enter(&spa->spa_props_lock);	/* any mutex will do */
219089Spjd	if (spa->spa_claim_max_txg < zio->io_bp->blk_birth)
219089Spjd		spa->spa_claim_max_txg = zio->io_bp->blk_birth;
219089Spjd	mutex_exit(&spa->spa_props_lock);
219089Spjd}
219089Spjd
219089Spjdtypedef struct spa_load_error {
219089Spjd	uint64_t	sle_meta_count;
219089Spjd	uint64_t	sle_data_count;
219089Spjd} spa_load_error_t;
219089Spjd
219089Spjdstatic void
219089Spjdspa_load_verify_done(zio_t *zio)
219089Spjd{
219089Spjd	blkptr_t *bp = zio->io_bp;
219089Spjd	spa_load_error_t *sle = zio->io_private;
219089Spjd	dmu_object_type_t type = BP_GET_TYPE(bp);
219089Spjd	int error = zio->io_error;
268720Sdelphij	spa_t *spa = zio->io_spa;
219089Spjd
321610Smav	abd_free(zio->io_abd);
219089Spjd	if (error) {
236884Smm		if ((BP_GET_LEVEL(bp) != 0 || DMU_OT_IS_METADATA(type)) &&
219089Spjd		    type != DMU_OT_INTENT_LOG)
270247Sdelphij			atomic_inc_64(&sle->sle_meta_count);
219089Spjd		else
270247Sdelphij			atomic_inc_64(&sle->sle_data_count);
219089Spjd	}
268720Sdelphij
268720Sdelphij	mutex_enter(&spa->spa_scrub_lock);
339034Ssef	spa->spa_load_verify_ios--;
268720Sdelphij	cv_broadcast(&spa->spa_scrub_io_cv);
268720Sdelphij	mutex_exit(&spa->spa_scrub_lock);
219089Spjd}
219089Spjd
268720Sdelphij/*
268720Sdelphij * Maximum number of concurrent scrub i/os to create while verifying
268720Sdelphij * a pool while importing it.
268720Sdelphij */
268720Sdelphijint spa_load_verify_maxinflight = 10000;
268720Sdelphijboolean_t spa_load_verify_metadata = B_TRUE;
268720Sdelphijboolean_t spa_load_verify_data = B_TRUE;
268720Sdelphij
268720SdelphijSYSCTL_INT(_vfs_zfs, OID_AUTO, spa_load_verify_maxinflight, CTLFLAG_RWTUN,
268720Sdelphij    &spa_load_verify_maxinflight, 0,
268720Sdelphij    "Maximum number of concurrent scrub I/Os to create while verifying a "
268720Sdelphij    "pool while importing it");
268720Sdelphij
268720SdelphijSYSCTL_INT(_vfs_zfs, OID_AUTO, spa_load_verify_metadata, CTLFLAG_RWTUN,
268720Sdelphij    &spa_load_verify_metadata, 0,
268720Sdelphij    "Check metadata on import?");
268720Sdelphij
268720SdelphijSYSCTL_INT(_vfs_zfs, OID_AUTO, spa_load_verify_data, CTLFLAG_RWTUN,
268720Sdelphij    &spa_load_verify_data, 0,
268720Sdelphij    "Check user data on import?");
268720Sdelphij
219089Spjd/*ARGSUSED*/
219089Spjdstatic int
219089Spjdspa_load_verify_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp,
268123Sdelphij    const zbookmark_phys_t *zb, const dnode_phys_t *dnp, void *arg)
219089Spjd{
286705Smav	if (bp == NULL || BP_IS_HOLE(bp) || BP_IS_EMBEDDED(bp))
268720Sdelphij		return (0);
268720Sdelphij	/*
268720Sdelphij	 * Note: normally this routine will not be called if
268720Sdelphij	 * spa_load_verify_metadata is not set.  However, it may be useful
268720Sdelphij	 * to manually set the flag after the traversal has begun.
268720Sdelphij	 */
268720Sdelphij	if (!spa_load_verify_metadata)
268720Sdelphij		return (0);
321610Smav	if (!BP_IS_METADATA(bp) && !spa_load_verify_data)
268720Sdelphij		return (0);
219089Spjd
268720Sdelphij	zio_t *rio = arg;
268720Sdelphij	size_t size = BP_GET_PSIZE(bp);
268720Sdelphij
268720Sdelphij	mutex_enter(&spa->spa_scrub_lock);
339034Ssef	while (spa->spa_load_verify_ios >= spa_load_verify_maxinflight)
268720Sdelphij		cv_wait(&spa->spa_scrub_io_cv, &spa->spa_scrub_lock);
339034Ssef	spa->spa_load_verify_ios++;
268720Sdelphij	mutex_exit(&spa->spa_scrub_lock);
268720Sdelphij
321610Smav	zio_nowait(zio_read(rio, spa, bp, abd_alloc_for_io(size, B_FALSE), size,
268720Sdelphij	    spa_load_verify_done, rio->io_private, ZIO_PRIORITY_SCRUB,
268720Sdelphij	    ZIO_FLAG_SPECULATIVE | ZIO_FLAG_CANFAIL |
268720Sdelphij	    ZIO_FLAG_SCRUB | ZIO_FLAG_RAW, zb));
219089Spjd	return (0);
219089Spjd}
219089Spjd
307045Smav/* ARGSUSED */
307045Smavint
307045Smavverify_dataset_name_len(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg)
307045Smav{
307108Smav	if (dsl_dataset_namelen(ds) >= ZFS_MAX_DATASET_NAME_LEN)
307045Smav		return (SET_ERROR(ENAMETOOLONG));
307045Smav
307045Smav	return (0);
307045Smav}
307045Smav
219089Spjdstatic int
219089Spjdspa_load_verify(spa_t *spa)
219089Spjd{
219089Spjd	zio_t *rio;
219089Spjd	spa_load_error_t sle = { 0 };
332550Smav	zpool_load_policy_t policy;
219089Spjd	boolean_t verify_ok = B_FALSE;
268720Sdelphij	int error = 0;
219089Spjd
332550Smav	zpool_get_load_policy(spa->spa_config, &policy);
219089Spjd
332550Smav	if (policy.zlp_rewind & ZPOOL_NEVER_REWIND)
219089Spjd		return (0);
219089Spjd
307045Smav	dsl_pool_config_enter(spa->spa_dsl_pool, FTAG);
307045Smav	error = dmu_objset_find_dp(spa->spa_dsl_pool,
307045Smav	    spa->spa_dsl_pool->dp_root_dir_obj, verify_dataset_name_len, NULL,
307045Smav	    DS_FIND_CHILDREN);
307045Smav	dsl_pool_config_exit(spa->spa_dsl_pool, FTAG);
307045Smav	if (error != 0)
307045Smav		return (error);
307045Smav
219089Spjd	rio = zio_root(spa, NULL, &sle,
219089Spjd	    ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE);
219089Spjd
268720Sdelphij	if (spa_load_verify_metadata) {
332530Smav		if (spa->spa_extreme_rewind) {
332530Smav			spa_load_note(spa, "performing a complete scan of the "
332530Smav			    "pool since extreme rewind is on. This may take "
332530Smav			    "a very long time.\n  (spa_load_verify_data=%u, "
332530Smav			    "spa_load_verify_metadata=%u)",
332530Smav			    spa_load_verify_data, spa_load_verify_metadata);
332530Smav		}
268720Sdelphij		error = traverse_pool(spa, spa->spa_verify_min_txg,
268720Sdelphij		    TRAVERSE_PRE | TRAVERSE_PREFETCH_METADATA,
268720Sdelphij		    spa_load_verify_cb, rio);
268720Sdelphij	}
219089Spjd
219089Spjd	(void) zio_wait(rio);
219089Spjd
219089Spjd	spa->spa_load_meta_errors = sle.sle_meta_count;
219089Spjd	spa->spa_load_data_errors = sle.sle_data_count;
219089Spjd
332531Smav	if (sle.sle_meta_count != 0 || sle.sle_data_count != 0) {
332531Smav		spa_load_note(spa, "spa_load_verify found %llu metadata errors "
332531Smav		    "and %llu data errors", (u_longlong_t)sle.sle_meta_count,
332531Smav		    (u_longlong_t)sle.sle_data_count);
332531Smav	}
332531Smav
332531Smav	if (spa_load_verify_dryrun ||
332550Smav	    (!error && sle.sle_meta_count <= policy.zlp_maxmeta &&
332550Smav	    sle.sle_data_count <= policy.zlp_maxdata)) {
219089Spjd		int64_t loss = 0;
219089Spjd
219089Spjd		verify_ok = B_TRUE;
219089Spjd		spa->spa_load_txg = spa->spa_uberblock.ub_txg;
219089Spjd		spa->spa_load_txg_ts = spa->spa_uberblock.ub_timestamp;
219089Spjd
219089Spjd		loss = spa->spa_last_ubsync_txg_ts - spa->spa_load_txg_ts;
219089Spjd		VERIFY(nvlist_add_uint64(spa->spa_load_info,
219089Spjd		    ZPOOL_CONFIG_LOAD_TIME, spa->spa_load_txg_ts) == 0);
219089Spjd		VERIFY(nvlist_add_int64(spa->spa_load_info,
219089Spjd		    ZPOOL_CONFIG_REWIND_TIME, loss) == 0);
219089Spjd		VERIFY(nvlist_add_uint64(spa->spa_load_info,
219089Spjd		    ZPOOL_CONFIG_LOAD_DATA_ERRORS, sle.sle_data_count) == 0);
219089Spjd	} else {
219089Spjd		spa->spa_load_max_txg = spa->spa_uberblock.ub_txg;
219089Spjd	}
219089Spjd
332531Smav	if (spa_load_verify_dryrun)
332531Smav		return (0);
332531Smav
219089Spjd	if (error) {
219089Spjd		if (error != ENXIO && error != EIO)
249195Smm			error = SET_ERROR(EIO);
219089Spjd		return (error);
219089Spjd	}
219089Spjd
219089Spjd	return (verify_ok ? 0 : EIO);
219089Spjd}
219089Spjd
185029Spjd/*
219089Spjd * Find a value in the pool props object.
168404Spjd */
219089Spjdstatic void
219089Spjdspa_prop_find(spa_t *spa, zpool_prop_t prop, uint64_t *val)
219089Spjd{
219089Spjd	(void) zap_lookup(spa->spa_meta_objset, spa->spa_pool_props_object,
219089Spjd	    zpool_prop_to_name(prop), sizeof (uint64_t), 1, val);
219089Spjd}
219089Spjd
219089Spjd/*
219089Spjd * Find a value in the pool directory object.
219089Spjd */
168404Spjdstatic int
332530Smavspa_dir_prop(spa_t *spa, const char *name, uint64_t *val, boolean_t log_enoent)
168404Spjd{
332530Smav	int error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
332530Smav	    name, sizeof (uint64_t), 1, val);
332530Smav
332530Smav	if (error != 0 && (error != ENOENT || log_enoent)) {
332530Smav		spa_load_failed(spa, "couldn't get '%s' value in MOS directory "
332530Smav		    "[error=%d]", name, error);
332530Smav	}
332530Smav
332530Smav	return (error);
219089Spjd}
168404Spjd
219089Spjdstatic int
219089Spjdspa_vdev_err(vdev_t *vdev, vdev_aux_t aux, int err)
219089Spjd{
219089Spjd	vdev_set_state(vdev, B_TRUE, VDEV_STATE_CANT_OPEN, aux);
332525Smav	return (SET_ERROR(err));
219089Spjd}
219089Spjd
332537Smavstatic void
332537Smavspa_spawn_aux_threads(spa_t *spa)
332537Smav{
332537Smav	ASSERT(spa_writeable(spa));
332537Smav
332537Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332537Smav
332537Smav	spa_start_indirect_condensing_thread(spa);
332547Smav
332547Smav	ASSERT3P(spa->spa_checkpoint_discard_zthr, ==, NULL);
332547Smav	spa->spa_checkpoint_discard_zthr =
332547Smav	    zthr_create(spa_checkpoint_discard_thread_check,
332547Smav	    spa_checkpoint_discard_thread, spa);
332537Smav}
332537Smav
219089Spjd/*
219089Spjd * Fix up config after a partly-completed split.  This is done with the
219089Spjd * ZPOOL_CONFIG_SPLIT nvlist.  Both the splitting pool and the split-off
219089Spjd * pool have that entry in their config, but only the splitting one contains
219089Spjd * a list of all the guids of the vdevs that are being split off.
219089Spjd *
219089Spjd * This function determines what to do with that list: either rejoin
219089Spjd * all the disks to the pool, or complete the splitting process.  To attempt
219089Spjd * the rejoin, each disk that is offlined is marked online again, and
219089Spjd * we do a reopen() call.  If the vdev label for every disk that was
219089Spjd * marked online indicates it was successfully split off (VDEV_AUX_SPLIT_POOL)
219089Spjd * then we call vdev_split() on each disk, and complete the split.
219089Spjd *
219089Spjd * Otherwise we leave the config alone, with all the vdevs in place in
219089Spjd * the original pool.
219089Spjd */
219089Spjdstatic void
219089Spjdspa_try_repair(spa_t *spa, nvlist_t *config)
219089Spjd{
219089Spjd	uint_t extracted;
219089Spjd	uint64_t *glist;
219089Spjd	uint_t i, gcount;
219089Spjd	nvlist_t *nvl;
219089Spjd	vdev_t **vd;
219089Spjd	boolean_t attempt_reopen;
219089Spjd
219089Spjd	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_SPLIT, &nvl) != 0)
219089Spjd		return;
219089Spjd
219089Spjd	/* check that the config is complete */
219089Spjd	if (nvlist_lookup_uint64_array(nvl, ZPOOL_CONFIG_SPLIT_LIST,
219089Spjd	    &glist, &gcount) != 0)
219089Spjd		return;
219089Spjd
219089Spjd	vd = kmem_zalloc(gcount * sizeof (vdev_t *), KM_SLEEP);
219089Spjd
219089Spjd	/* attempt to online all the vdevs & validate */
219089Spjd	attempt_reopen = B_TRUE;
219089Spjd	for (i = 0; i < gcount; i++) {
219089Spjd		if (glist[i] == 0)	/* vdev is hole */
219089Spjd			continue;
219089Spjd
219089Spjd		vd[i] = spa_lookup_by_guid(spa, glist[i], B_FALSE);
219089Spjd		if (vd[i] == NULL) {
219089Spjd			/*
219089Spjd			 * Don't bother attempting to reopen the disks;
219089Spjd			 * just do the split.
219089Spjd			 */
219089Spjd			attempt_reopen = B_FALSE;
219089Spjd		} else {
219089Spjd			/* attempt to re-online it */
219089Spjd			vd[i]->vdev_offline = B_FALSE;
219089Spjd		}
219089Spjd	}
219089Spjd
219089Spjd	if (attempt_reopen) {
219089Spjd		vdev_reopen(spa->spa_root_vdev);
219089Spjd
219089Spjd		/* check each device to see what state it's in */
219089Spjd		for (extracted = 0, i = 0; i < gcount; i++) {
219089Spjd			if (vd[i] != NULL &&
219089Spjd			    vd[i]->vdev_stat.vs_aux != VDEV_AUX_SPLIT_POOL)
219089Spjd				break;
219089Spjd			++extracted;
219089Spjd		}
219089Spjd	}
219089Spjd
209962Smm	/*
219089Spjd	 * If every disk has been moved to the new pool, or if we never
219089Spjd	 * even attempted to look at them, then we split them off for
219089Spjd	 * good.
209962Smm	 */
219089Spjd	if (!attempt_reopen || gcount == extracted) {
219089Spjd		for (i = 0; i < gcount; i++)
219089Spjd			if (vd[i] != NULL)
219089Spjd				vdev_split(vd[i]);
219089Spjd		vdev_reopen(spa->spa_root_vdev);
219089Spjd	}
209962Smm
219089Spjd	kmem_free(vd, gcount * sizeof (vdev_t *));
219089Spjd}
185029Spjd
219089Spjdstatic int
332536Smavspa_load(spa_t *spa, spa_load_state_t state, spa_import_type_t type)
219089Spjd{
219089Spjd	char *ereport = FM_EREPORT_ZFS_POOL;
219089Spjd	int error;
168404Spjd
332536Smav	spa->spa_load_state = state;
168404Spjd
332536Smav	gethrestime(&spa->spa_loaded_ts);
332547Smav	error = spa_load_impl(spa, type, &ereport);
228103Smm
168404Spjd	/*
286575Smav	 * Don't count references from objsets that are already closed
286575Smav	 * and are making their way through the eviction process.
286575Smav	 */
286575Smav	spa_evicting_os_wait(spa);
219089Spjd	spa->spa_minref = refcount_count(&spa->spa_refcount);
219089Spjd	if (error) {
219089Spjd		if (error != EEXIST) {
219089Spjd			spa->spa_loaded_ts.tv_sec = 0;
219089Spjd			spa->spa_loaded_ts.tv_nsec = 0;
219089Spjd		}
219089Spjd		if (error != EBADF) {
219089Spjd			zfs_ereport_post(ereport, spa, NULL, NULL, 0, 0);
219089Spjd		}
219089Spjd	}
219089Spjd	spa->spa_load_state = error ? SPA_LOAD_ERROR : SPA_LOAD_NONE;
219089Spjd	spa->spa_ena = 0;
168404Spjd
219089Spjd	return (error);
219089Spjd}
219089Spjd
219089Spjd/*
299441Smav * Count the number of per-vdev ZAPs associated with all of the vdevs in the
299441Smav * vdev tree rooted in the given vd, and ensure that each ZAP is present in the
299441Smav * spa's per-vdev ZAP list.
299441Smav */
299441Smavstatic uint64_t
299441Smavvdev_count_verify_zaps(vdev_t *vd)
299441Smav{
299441Smav	spa_t *spa = vd->vdev_spa;
299441Smav	uint64_t total = 0;
299441Smav	if (vd->vdev_top_zap != 0) {
299441Smav		total++;
299441Smav		ASSERT0(zap_lookup_int(spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps, vd->vdev_top_zap));
299441Smav	}
299441Smav	if (vd->vdev_leaf_zap != 0) {
299441Smav		total++;
299441Smav		ASSERT0(zap_lookup_int(spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps, vd->vdev_leaf_zap));
299441Smav	}
299441Smav
299441Smav	for (uint64_t i = 0; i < vd->vdev_children; i++) {
299441Smav		total += vdev_count_verify_zaps(vd->vdev_child[i]);
299441Smav	}
299441Smav
299441Smav	return (total);
299441Smav}
299441Smav
219089Spjdstatic int
332536Smavspa_verify_host(spa_t *spa, nvlist_t *mos_config)
219089Spjd{
332536Smav	uint64_t hostid;
332536Smav	char *hostname;
332536Smav	uint64_t myhostid = 0;
332536Smav
332536Smav	if (!spa_is_root(spa) && nvlist_lookup_uint64(mos_config,
332536Smav	    ZPOOL_CONFIG_HOSTID, &hostid) == 0) {
332536Smav		hostname = fnvlist_lookup_string(mos_config,
332536Smav		    ZPOOL_CONFIG_HOSTNAME);
332536Smav
332536Smav		myhostid = zone_get_hostid(NULL);
332536Smav
332536Smav		if (hostid != 0 && myhostid != 0 && hostid != myhostid) {
332536Smav			cmn_err(CE_WARN, "pool '%s' could not be "
332536Smav			    "loaded as it was last accessed by "
332536Smav			    "another system (host: %s hostid: 0x%llx). "
332536Smav			    "See: http://illumos.org/msg/ZFS-8000-EY",
332536Smav			    spa_name(spa), hostname, (u_longlong_t)hostid);
332536Smav			spa_load_failed(spa, "hostid verification failed: pool "
332536Smav			    "last accessed by host: %s (hostid: 0x%llx)",
332536Smav			    hostname, (u_longlong_t)hostid);
332536Smav			return (SET_ERROR(EBADF));
332536Smav		}
332536Smav	}
332536Smav
332536Smav	return (0);
332536Smav}
332536Smav
332536Smavstatic int
332536Smavspa_ld_parse_config(spa_t *spa, spa_import_type_t type)
332536Smav{
219089Spjd	int error = 0;
332536Smav	nvlist_t *nvtree, *nvl, *config = spa->spa_config;
332529Smav	int parse;
219089Spjd	vdev_t *rvd;
332536Smav	uint64_t pool_guid;
332536Smav	char *comment;
219089Spjd
332536Smav	/*
332536Smav	 * Versioning wasn't explicitly added to the label until later, so if
332536Smav	 * it's not present treat it as the initial version.
332536Smav	 */
332536Smav	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_VERSION,
332536Smav	    &spa->spa_ubsync.ub_version) != 0)
332536Smav		spa->spa_ubsync.ub_version = SPA_VERSION_INITIAL;
332536Smav
332536Smav	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &pool_guid)) {
332536Smav		spa_load_failed(spa, "invalid config provided: '%s' missing",
332536Smav		    ZPOOL_CONFIG_POOL_GUID);
332536Smav		return (SET_ERROR(EINVAL));
332536Smav	}
332536Smav
332547Smav	/*
332547Smav	 * If we are doing an import, ensure that the pool is not already
332547Smav	 * imported by checking if its pool guid already exists in the
332547Smav	 * spa namespace.
332547Smav	 *
332547Smav	 * The only case that we allow an already imported pool to be
332547Smav	 * imported again, is when the pool is checkpointed and we want to
332547Smav	 * look at its checkpointed state from userland tools like zdb.
332547Smav	 */
332547Smav#ifdef _KERNEL
332547Smav	if ((spa->spa_load_state == SPA_LOAD_IMPORT ||
332547Smav	    spa->spa_load_state == SPA_LOAD_TRYIMPORT) &&
332547Smav	    spa_guid_exists(pool_guid, 0)) {
332547Smav#else
332547Smav	if ((spa->spa_load_state == SPA_LOAD_IMPORT ||
332547Smav	    spa->spa_load_state == SPA_LOAD_TRYIMPORT) &&
332547Smav	    spa_guid_exists(pool_guid, 0) &&
332547Smav	    !spa_importing_readonly_checkpoint(spa)) {
332547Smav#endif
332536Smav		spa_load_failed(spa, "a pool with guid %llu is already open",
332536Smav		    (u_longlong_t)pool_guid);
332536Smav		return (SET_ERROR(EEXIST));
332536Smav	}
332536Smav
332536Smav	spa->spa_config_guid = pool_guid;
332536Smav
332536Smav	nvlist_free(spa->spa_load_info);
332536Smav	spa->spa_load_info = fnvlist_alloc();
332536Smav
332536Smav	ASSERT(spa->spa_comment == NULL);
332536Smav	if (nvlist_lookup_string(config, ZPOOL_CONFIG_COMMENT, &comment) == 0)
332536Smav		spa->spa_comment = spa_strdup(comment);
332536Smav
332536Smav	(void) nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_TXG,
332536Smav	    &spa->spa_config_txg);
332536Smav
332536Smav	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_SPLIT, &nvl) == 0)
332536Smav		spa->spa_config_splitting = fnvlist_dup(nvl);
332536Smav
332530Smav	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &nvtree)) {
332530Smav		spa_load_failed(spa, "invalid config provided: '%s' missing",
332530Smav		    ZPOOL_CONFIG_VDEV_TREE);
249195Smm		return (SET_ERROR(EINVAL));
332530Smav	}
219089Spjd
219089Spjd	/*
209962Smm	 * Create "The Godfather" zio to hold all async IOs
209962Smm	 */
272598Sdelphij	spa->spa_async_zio_root = kmem_alloc(max_ncpus * sizeof (void *),
272598Sdelphij	    KM_SLEEP);
272598Sdelphij	for (int i = 0; i < max_ncpus; i++) {
272598Sdelphij		spa->spa_async_zio_root[i] = zio_root(spa, NULL, NULL,
272598Sdelphij		    ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE |
272598Sdelphij		    ZIO_FLAG_GODFATHER);
272598Sdelphij	}
209962Smm
209962Smm	/*
168404Spjd	 * Parse the configuration into a vdev tree.  We explicitly set the
168404Spjd	 * value that will be returned by spa_version() since parsing the
168404Spjd	 * configuration requires knowing the version number.
168404Spjd	 */
185029Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332536Smav	parse = (type == SPA_IMPORT_EXISTING ?
332536Smav	    VDEV_ALLOC_LOAD : VDEV_ALLOC_SPLIT);
332529Smav	error = spa_config_parse(spa, &rvd, nvtree, NULL, 0, parse);
185029Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "unable to parse config [error=%d]",
332530Smav		    error);
219089Spjd		return (error);
332530Smav	}
168404Spjd
168404Spjd	ASSERT(spa->spa_root_vdev == rvd);
284304Savg	ASSERT3U(spa->spa_min_ashift, >=, SPA_MINBLOCKSHIFT);
284304Savg	ASSERT3U(spa->spa_max_ashift, <=, SPA_MAXBLOCKSHIFT);
168404Spjd
219089Spjd	if (type != SPA_IMPORT_ASSEMBLE) {
219089Spjd		ASSERT(spa_guid(spa) == pool_guid);
219089Spjd	}
219089Spjd
332529Smav	return (0);
332529Smav}
332529Smav
332536Smav/*
332536Smav * Recursively open all vdevs in the vdev tree. This function is called twice:
332536Smav * first with the untrusted config, then with the trusted config.
332536Smav */
332529Smavstatic int
332529Smavspa_ld_open_vdevs(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav
332536Smav	/*
332536Smav	 * spa_missing_tvds_allowed defines how many top-level vdevs can be
332536Smav	 * missing/unopenable for the root vdev to be still considered openable.
332536Smav	 */
332536Smav	if (spa->spa_trust_config) {
332536Smav		spa->spa_missing_tvds_allowed = zfs_max_missing_tvds;
332536Smav	} else if (spa->spa_config_source == SPA_CONFIG_SRC_CACHEFILE) {
332536Smav		spa->spa_missing_tvds_allowed = zfs_max_missing_tvds_cachefile;
332536Smav	} else if (spa->spa_config_source == SPA_CONFIG_SRC_SCAN) {
332536Smav		spa->spa_missing_tvds_allowed = zfs_max_missing_tvds_scan;
332536Smav	} else {
332536Smav		spa->spa_missing_tvds_allowed = 0;
332536Smav	}
332536Smav
332536Smav	spa->spa_missing_tvds_allowed =
332536Smav	    MAX(zfs_max_missing_tvds, spa->spa_missing_tvds_allowed);
332536Smav
185029Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332529Smav	error = vdev_open(spa->spa_root_vdev);
185029Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
332536Smav
332536Smav	if (spa->spa_missing_tvds != 0) {
332536Smav		spa_load_note(spa, "vdev tree has %lld missing top-level "
332536Smav		    "vdevs.", (u_longlong_t)spa->spa_missing_tvds);
332536Smav		if (spa->spa_trust_config && (spa->spa_mode & FWRITE)) {
332536Smav			/*
332536Smav			 * Although theoretically we could allow users to open
332536Smav			 * incomplete pools in RW mode, we'd need to add a lot
332536Smav			 * of extra logic (e.g. adjust pool space to account
332536Smav			 * for missing vdevs).
332536Smav			 * This limitation also prevents users from accidentally
332536Smav			 * opening the pool in RW mode during data recovery and
332536Smav			 * damaging it further.
332536Smav			 */
332536Smav			spa_load_note(spa, "pools with missing top-level "
332536Smav			    "vdevs can only be opened in read-only mode.");
332536Smav			error = SET_ERROR(ENXIO);
332536Smav		} else {
332536Smav			spa_load_note(spa, "current settings allow for maximum "
332536Smav			    "%lld missing top-level vdevs at this stage.",
332536Smav			    (u_longlong_t)spa->spa_missing_tvds_allowed);
332536Smav		}
332536Smav	}
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "unable to open vdev tree [error=%d]",
332530Smav		    error);
332530Smav	}
332536Smav	if (spa->spa_missing_tvds != 0 || error != 0)
332536Smav		vdev_dbgmsg_print_tree(spa->spa_root_vdev, 2);
168404Spjd
332529Smav	return (error);
332529Smav}
332529Smav
332536Smav/*
332536Smav * We need to validate the vdev labels against the configuration that
332536Smav * we have in hand. This function is called twice: first with an untrusted
332536Smav * config, then with a trusted config. The validation is more strict when the
332536Smav * config is trusted.
332536Smav */
332529Smavstatic int
332536Smavspa_ld_validate_vdevs(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
332536Smav	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332536Smav	error = vdev_validate(rvd);
332536Smav	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd
332536Smav	if (error != 0) {
332536Smav		spa_load_failed(spa, "vdev_validate failed [error=%d]", error);
332536Smav		return (error);
332536Smav	}
219089Spjd
332536Smav	if (rvd->vdev_state <= VDEV_STATE_CANT_OPEN) {
332536Smav		spa_load_failed(spa, "cannot open vdev tree after invalidating "
332536Smav		    "some vdevs");
332536Smav		vdev_dbgmsg_print_tree(rvd, 2);
332536Smav		return (SET_ERROR(ENXIO));
168404Spjd	}
168404Spjd
332529Smav	return (0);
332529Smav}
332529Smav
332547Smavstatic void
332547Smavspa_ld_select_uberblock_done(spa_t *spa, uberblock_t *ub)
332547Smav{
332547Smav	spa->spa_state = POOL_STATE_ACTIVE;
332547Smav	spa->spa_ubsync = spa->spa_uberblock;
332547Smav	spa->spa_verify_min_txg = spa->spa_extreme_rewind ?
332547Smav	    TXG_INITIAL - 1 : spa_last_synced_txg(spa) - TXG_DEFER_SIZE - 1;
332547Smav	spa->spa_first_txg = spa->spa_last_ubsync_txg ?
332547Smav	    spa->spa_last_ubsync_txg : spa_last_synced_txg(spa) + 1;
332547Smav	spa->spa_claim_max_txg = spa->spa_first_txg;
332547Smav	spa->spa_prev_software_version = ub->ub_software_version;
332547Smav}
332547Smav
332529Smavstatic int
332536Smavspa_ld_select_uberblock(spa_t *spa, spa_import_type_t type)
332529Smav{
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav	nvlist_t *label;
332529Smav	uberblock_t *ub = &spa->spa_uberblock;
332529Smav
168404Spjd	/*
332547Smav	 * If we are opening the checkpointed state of the pool by
332547Smav	 * rewinding to it, at this point we will have written the
332547Smav	 * checkpointed uberblock to the vdev labels, so searching
332547Smav	 * the labels will find the right uberblock.  However, if
332547Smav	 * we are opening the checkpointed state read-only, we have
332547Smav	 * not modified the labels. Therefore, we must ignore the
332547Smav	 * labels and continue using the spa_uberblock that was set
332547Smav	 * by spa_ld_checkpoint_rewind.
332547Smav	 *
332547Smav	 * Note that it would be fine to ignore the labels when
332547Smav	 * rewinding (opening writeable) as well. However, if we
332547Smav	 * crash just after writing the labels, we will end up
332547Smav	 * searching the labels. Doing so in the common case means
332547Smav	 * that this code path gets exercised normally, rather than
332547Smav	 * just in the edge case.
332547Smav	 */
332547Smav	if (ub->ub_checkpoint_txg != 0 &&
332547Smav	    spa_importing_readonly_checkpoint(spa)) {
332547Smav		spa_ld_select_uberblock_done(spa, ub);
332547Smav		return (0);
332547Smav	}
332547Smav
332547Smav	/*
168404Spjd	 * Find the best uberblock.
168404Spjd	 */
236884Smm	vdev_uberblock_load(rvd, ub, &label);
168404Spjd
168404Spjd	/*
168404Spjd	 * If we weren't able to find a single valid uberblock, return failure.
168404Spjd	 */
236884Smm	if (ub->ub_txg == 0) {
236884Smm		nvlist_free(label);
332530Smav		spa_load_failed(spa, "no valid uberblock found");
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, ENXIO));
236884Smm	}
168404Spjd
332530Smav	spa_load_note(spa, "using uberblock with txg=%llu",
332530Smav	    (u_longlong_t)ub->ub_txg);
332530Smav
168404Spjd	/*
236884Smm	 * If the pool has an unsupported version we can't open it.
168404Spjd	 */
236884Smm	if (!SPA_VERSION_IS_SUPPORTED(ub->ub_version)) {
236884Smm		nvlist_free(label);
332530Smav		spa_load_failed(spa, "version %llu is not supported",
332530Smav		    (u_longlong_t)ub->ub_version);
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_VERSION_NEWER, ENOTSUP));
236884Smm	}
168404Spjd
236884Smm	if (ub->ub_version >= SPA_VERSION_FEATURES) {
236884Smm		nvlist_t *features;
236884Smm
236884Smm		/*
236884Smm		 * If we weren't able to find what's necessary for reading the
236884Smm		 * MOS in the label, return failure.
236884Smm		 */
332530Smav		if (label == NULL) {
332530Smav			spa_load_failed(spa, "label config unavailable");
332530Smav			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
332530Smav			    ENXIO));
332530Smav		}
332530Smav
332530Smav		if (nvlist_lookup_nvlist(label, ZPOOL_CONFIG_FEATURES_FOR_READ,
332530Smav		    &features) != 0) {
236884Smm			nvlist_free(label);
332530Smav			spa_load_failed(spa, "invalid label: '%s' missing",
332530Smav			    ZPOOL_CONFIG_FEATURES_FOR_READ);
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
236884Smm			    ENXIO));
236884Smm		}
236884Smm
236884Smm		/*
236884Smm		 * Update our in-core representation with the definitive values
236884Smm		 * from the label.
236884Smm		 */
236884Smm		nvlist_free(spa->spa_label_features);
236884Smm		VERIFY(nvlist_dup(features, &spa->spa_label_features, 0) == 0);
236884Smm	}
236884Smm
236884Smm	nvlist_free(label);
236884Smm
168404Spjd	/*
236884Smm	 * Look through entries in the label nvlist's features_for_read. If
236884Smm	 * there is a feature listed there which we don't understand then we
236884Smm	 * cannot open a pool.
236884Smm	 */
236884Smm	if (ub->ub_version >= SPA_VERSION_FEATURES) {
236884Smm		nvlist_t *unsup_feat;
236884Smm
236884Smm		VERIFY(nvlist_alloc(&unsup_feat, NV_UNIQUE_NAME, KM_SLEEP) ==
236884Smm		    0);
236884Smm
236884Smm		for (nvpair_t *nvp = nvlist_next_nvpair(spa->spa_label_features,
236884Smm		    NULL); nvp != NULL;
236884Smm		    nvp = nvlist_next_nvpair(spa->spa_label_features, nvp)) {
236884Smm			if (!zfeature_is_supported(nvpair_name(nvp))) {
236884Smm				VERIFY(nvlist_add_string(unsup_feat,
236884Smm				    nvpair_name(nvp), "") == 0);
236884Smm			}
236884Smm		}
236884Smm
236884Smm		if (!nvlist_empty(unsup_feat)) {
236884Smm			VERIFY(nvlist_add_nvlist(spa->spa_load_info,
236884Smm			    ZPOOL_CONFIG_UNSUP_FEAT, unsup_feat) == 0);
236884Smm			nvlist_free(unsup_feat);
332530Smav			spa_load_failed(spa, "some features are unsupported");
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_UNSUP_FEAT,
236884Smm			    ENOTSUP));
236884Smm		}
236884Smm
236884Smm		nvlist_free(unsup_feat);
236884Smm	}
236884Smm
219089Spjd	if (type != SPA_IMPORT_ASSEMBLE && spa->spa_config_splitting) {
219089Spjd		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332536Smav		spa_try_repair(spa, spa->spa_config);
219089Spjd		spa_config_exit(spa, SCL_ALL, FTAG);
219089Spjd		nvlist_free(spa->spa_config_splitting);
219089Spjd		spa->spa_config_splitting = NULL;
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Initialize internal SPA structures.
168404Spjd	 */
332547Smav	spa_ld_select_uberblock_done(spa, ub);
219089Spjd
332529Smav	return (0);
332529Smav}
332525Smav
332529Smavstatic int
332529Smavspa_ld_open_rootbp(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
236884Smm	error = dsl_pool_init(spa, spa->spa_first_txg, &spa->spa_dsl_pool);
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "unable to open rootbp in dsl_pool_init "
332530Smav		    "[error=%d]", error);
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
168404Spjd	spa->spa_meta_objset = spa->spa_dsl_pool->dp_meta_objset;
168404Spjd
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332547Smavspa_ld_trusted_config(spa_t *spa, spa_import_type_t type,
332536Smav    boolean_t reloading)
332529Smav{
332536Smav	vdev_t *mrvd, *rvd = spa->spa_root_vdev;
332536Smav	nvlist_t *nv, *mos_config, *policy;
332536Smav	int error = 0, copy_error;
332536Smav	uint64_t healthy_tvds, healthy_tvds_mos;
332536Smav	uint64_t mos_config_txg;
332529Smav
332530Smav	if (spa_dir_prop(spa, DMU_POOL_CONFIG, &spa->spa_config_object, B_TRUE)
332530Smav	    != 0)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
168404Spjd
332525Smav	/*
332536Smav	 * If we're assembling a pool from a split, the config provided is
332536Smav	 * already trusted so there is nothing to do.
332525Smav	 */
332536Smav	if (type == SPA_IMPORT_ASSEMBLE)
332536Smav		return (0);
332525Smav
332536Smav	healthy_tvds = spa_healthy_core_tvds(spa);
332536Smav
332536Smav	if (load_nvlist(spa, spa->spa_config_object, &mos_config)
332536Smav	    != 0) {
332536Smav		spa_load_failed(spa, "unable to retrieve MOS config");
332536Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332536Smav	}
332536Smav
332536Smav	/*
332536Smav	 * If we are doing an open, pool owner wasn't verified yet, thus do
332536Smav	 * the verification here.
332536Smav	 */
332536Smav	if (spa->spa_load_state == SPA_LOAD_OPEN) {
332536Smav		error = spa_verify_host(spa, mos_config);
332536Smav		if (error != 0) {
332525Smav			nvlist_free(mos_config);
332536Smav			return (error);
332525Smav		}
332536Smav	}
332525Smav
332536Smav	nv = fnvlist_lookup_nvlist(mos_config, ZPOOL_CONFIG_VDEV_TREE);
332536Smav
332536Smav	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332536Smav
332536Smav	/*
332536Smav	 * Build a new vdev tree from the trusted config
332536Smav	 */
332536Smav	VERIFY(spa_config_parse(spa, &mrvd, nv, NULL, 0, VDEV_ALLOC_LOAD) == 0);
332536Smav
332536Smav	/*
332536Smav	 * Vdev paths in the MOS may be obsolete. If the untrusted config was
332536Smav	 * obtained by scanning /dev/dsk, then it will have the right vdev
332536Smav	 * paths. We update the trusted MOS config with this information.
332536Smav	 * We first try to copy the paths with vdev_copy_path_strict, which
332536Smav	 * succeeds only when both configs have exactly the same vdev tree.
332536Smav	 * If that fails, we fall back to a more flexible method that has a
332536Smav	 * best effort policy.
332536Smav	 */
332536Smav	copy_error = vdev_copy_path_strict(rvd, mrvd);
332536Smav	if (copy_error != 0 || spa_load_print_vdev_tree) {
332536Smav		spa_load_note(spa, "provided vdev tree:");
332536Smav		vdev_dbgmsg_print_tree(rvd, 2);
332536Smav		spa_load_note(spa, "MOS vdev tree:");
332536Smav		vdev_dbgmsg_print_tree(mrvd, 2);
332536Smav	}
332536Smav	if (copy_error != 0) {
332536Smav		spa_load_note(spa, "vdev_copy_path_strict failed, falling "
332536Smav		    "back to vdev_copy_path_relaxed");
332536Smav		vdev_copy_path_relaxed(rvd, mrvd);
332536Smav	}
332536Smav
332536Smav	vdev_close(rvd);
332536Smav	vdev_free(rvd);
332536Smav	spa->spa_root_vdev = mrvd;
332536Smav	rvd = mrvd;
332536Smav	spa_config_exit(spa, SCL_ALL, FTAG);
332536Smav
332536Smav	/*
332536Smav	 * We will use spa_config if we decide to reload the spa or if spa_load
332536Smav	 * fails and we rewind. We must thus regenerate the config using the
332550Smav	 * MOS information with the updated paths. ZPOOL_LOAD_POLICY is used to
332550Smav	 * pass settings on how to load the pool and is not stored in the MOS.
332550Smav	 * We copy it over to our new, trusted config.
332536Smav	 */
332536Smav	mos_config_txg = fnvlist_lookup_uint64(mos_config,
332536Smav	    ZPOOL_CONFIG_POOL_TXG);
332536Smav	nvlist_free(mos_config);
332536Smav	mos_config = spa_config_generate(spa, NULL, mos_config_txg, B_FALSE);
332550Smav	if (nvlist_lookup_nvlist(spa->spa_config, ZPOOL_LOAD_POLICY,
332536Smav	    &policy) == 0)
332550Smav		fnvlist_add_nvlist(mos_config, ZPOOL_LOAD_POLICY, policy);
332536Smav	spa_config_set(spa, mos_config);
332536Smav	spa->spa_config_source = SPA_CONFIG_SRC_MOS;
332536Smav
332536Smav	/*
332536Smav	 * Now that we got the config from the MOS, we should be more strict
332536Smav	 * in checking blkptrs and can make assumptions about the consistency
332536Smav	 * of the vdev tree. spa_trust_config must be set to true before opening
332536Smav	 * vdevs in order for them to be writeable.
332536Smav	 */
332536Smav	spa->spa_trust_config = B_TRUE;
332536Smav
332536Smav	/*
332536Smav	 * Open and validate the new vdev tree
332536Smav	 */
332536Smav	error = spa_ld_open_vdevs(spa);
332536Smav	if (error != 0)
332536Smav		return (error);
332536Smav
332536Smav	error = spa_ld_validate_vdevs(spa);
332536Smav	if (error != 0)
332536Smav		return (error);
332536Smav
332536Smav	if (copy_error != 0 || spa_load_print_vdev_tree) {
332536Smav		spa_load_note(spa, "final vdev tree:");
332536Smav		vdev_dbgmsg_print_tree(rvd, 2);
332536Smav	}
332536Smav
332536Smav	if (spa->spa_load_state != SPA_LOAD_TRYIMPORT &&
332536Smav	    !spa->spa_extreme_rewind && zfs_max_missing_tvds == 0) {
332525Smav		/*
332536Smav		 * Sanity check to make sure that we are indeed loading the
332536Smav		 * latest uberblock. If we missed SPA_SYNC_MIN_VDEVS tvds
332536Smav		 * in the config provided and they happened to be the only ones
332536Smav		 * to have the latest uberblock, we could involuntarily perform
332536Smav		 * an extreme rewind.
332525Smav		 */
332536Smav		healthy_tvds_mos = spa_healthy_core_tvds(spa);
332536Smav		if (healthy_tvds_mos - healthy_tvds >=
332536Smav		    SPA_SYNC_MIN_VDEVS) {
332536Smav			spa_load_note(spa, "config provided misses too many "
332536Smav			    "top-level vdevs compared to MOS (%lld vs %lld). ",
332536Smav			    (u_longlong_t)healthy_tvds,
332536Smav			    (u_longlong_t)healthy_tvds_mos);
332536Smav			spa_load_note(spa, "vdev tree:");
332536Smav			vdev_dbgmsg_print_tree(rvd, 2);
332536Smav			if (reloading) {
332536Smav				spa_load_failed(spa, "config was already "
332536Smav				    "provided from MOS. Aborting.");
332536Smav				return (spa_vdev_err(rvd,
332536Smav				    VDEV_AUX_CORRUPT_DATA, EIO));
332536Smav			}
332536Smav			spa_load_note(spa, "spa must be reloaded using MOS "
332536Smav			    "config");
332536Smav			return (SET_ERROR(EAGAIN));
332530Smav		}
332525Smav	}
332525Smav
332536Smav	error = spa_check_for_missing_logs(spa);
332536Smav	if (error != 0)
332536Smav		return (spa_vdev_err(rvd, VDEV_AUX_BAD_GUID_SUM, ENXIO));
332536Smav
332536Smav	if (rvd->vdev_guid_sum != spa->spa_uberblock.ub_guid_sum) {
332536Smav		spa_load_failed(spa, "uberblock guid sum doesn't match MOS "
332536Smav		    "guid sum (%llu != %llu)",
332536Smav		    (u_longlong_t)spa->spa_uberblock.ub_guid_sum,
332536Smav		    (u_longlong_t)rvd->vdev_guid_sum);
332536Smav		return (spa_vdev_err(rvd, VDEV_AUX_BAD_GUID_SUM,
332536Smav		    ENXIO));
332536Smav	}
332536Smav
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332529Smavspa_ld_open_indirect_vdev_metadata(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
332525Smav	/*
332525Smav	 * Everything that we read before spa_remove_init() must be stored
332525Smav	 * on concreted vdevs.  Therefore we do this as early as possible.
332525Smav	 */
332530Smav	error = spa_remove_init(spa);
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "spa_remove_init failed [error=%d]",
332530Smav		    error);
332525Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
332525Smav
332529Smav	/*
332529Smav	 * Retrieve information needed to condense indirect vdev mappings.
332529Smav	 */
332529Smav	error = spa_condense_init(spa);
332529Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "spa_condense_init failed [error=%d]",
332530Smav		    error);
332529Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, error));
332529Smav	}
332529Smav
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332530Smavspa_ld_check_features(spa_t *spa, boolean_t *missing_feat_writep)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
236884Smm	if (spa_version(spa) >= SPA_VERSION_FEATURES) {
236884Smm		boolean_t missing_feat_read = B_FALSE;
238926Smm		nvlist_t *unsup_feat, *enabled_feat;
236884Smm
236884Smm		if (spa_dir_prop(spa, DMU_POOL_FEATURES_FOR_READ,
332530Smav		    &spa->spa_feat_for_read_obj, B_TRUE) != 0) {
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
236884Smm		}
236884Smm
236884Smm		if (spa_dir_prop(spa, DMU_POOL_FEATURES_FOR_WRITE,
332530Smav		    &spa->spa_feat_for_write_obj, B_TRUE) != 0) {
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
236884Smm		}
236884Smm
236884Smm		if (spa_dir_prop(spa, DMU_POOL_FEATURE_DESCRIPTIONS,
332530Smav		    &spa->spa_feat_desc_obj, B_TRUE) != 0) {
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
236884Smm		}
236884Smm
238926Smm		enabled_feat = fnvlist_alloc();
238926Smm		unsup_feat = fnvlist_alloc();
236884Smm
259813Sdelphij		if (!spa_features_check(spa, B_FALSE,
238926Smm		    unsup_feat, enabled_feat))
236884Smm			missing_feat_read = B_TRUE;
236884Smm
332530Smav		if (spa_writeable(spa) ||
332530Smav		    spa->spa_load_state == SPA_LOAD_TRYIMPORT) {
259813Sdelphij			if (!spa_features_check(spa, B_TRUE,
238926Smm			    unsup_feat, enabled_feat)) {
332529Smav				*missing_feat_writep = B_TRUE;
238926Smm			}
236884Smm		}
236884Smm
238926Smm		fnvlist_add_nvlist(spa->spa_load_info,
238926Smm		    ZPOOL_CONFIG_ENABLED_FEAT, enabled_feat);
238926Smm
236884Smm		if (!nvlist_empty(unsup_feat)) {
238926Smm			fnvlist_add_nvlist(spa->spa_load_info,
238926Smm			    ZPOOL_CONFIG_UNSUP_FEAT, unsup_feat);
236884Smm		}
236884Smm
238926Smm		fnvlist_free(enabled_feat);
238926Smm		fnvlist_free(unsup_feat);
236884Smm
236884Smm		if (!missing_feat_read) {
236884Smm			fnvlist_add_boolean(spa->spa_load_info,
236884Smm			    ZPOOL_CONFIG_CAN_RDONLY);
236884Smm		}
236884Smm
236884Smm		/*
236884Smm		 * If the state is SPA_LOAD_TRYIMPORT, our objective is
236884Smm		 * twofold: to determine whether the pool is available for
236884Smm		 * import in read-write mode and (if it is not) whether the
236884Smm		 * pool is available for import in read-only mode. If the pool
236884Smm		 * is available for import in read-write mode, it is displayed
236884Smm		 * as available in userland; if it is not available for import
236884Smm		 * in read-only mode, it is displayed as unavailable in
236884Smm		 * userland. If the pool is available for import in read-only
236884Smm		 * mode but not read-write mode, it is displayed as unavailable
236884Smm		 * in userland with a special note that the pool is actually
236884Smm		 * available for open in read-only mode.
236884Smm		 *
236884Smm		 * As a result, if the state is SPA_LOAD_TRYIMPORT and we are
236884Smm		 * missing a feature for write, we must first determine whether
236884Smm		 * the pool can be opened read-only before returning to
236884Smm		 * userland in order to know whether to display the
236884Smm		 * abovementioned note.
236884Smm		 */
332529Smav		if (missing_feat_read || (*missing_feat_writep &&
236884Smm		    spa_writeable(spa))) {
332530Smav			spa_load_failed(spa, "pool uses unsupported features");
236884Smm			return (spa_vdev_err(rvd, VDEV_AUX_UNSUP_FEAT,
236884Smm			    ENOTSUP));
236884Smm		}
260150Sdelphij
260150Sdelphij		/*
260150Sdelphij		 * Load refcounts for ZFS features from disk into an in-memory
260150Sdelphij		 * cache during SPA initialization.
260150Sdelphij		 */
260150Sdelphij		for (spa_feature_t i = 0; i < SPA_FEATURES; i++) {
260150Sdelphij			uint64_t refcount;
260150Sdelphij
260150Sdelphij			error = feature_get_refcount_from_disk(spa,
260150Sdelphij			    &spa_feature_table[i], &refcount);
260150Sdelphij			if (error == 0) {
260150Sdelphij				spa->spa_feat_refcount_cache[i] = refcount;
260150Sdelphij			} else if (error == ENOTSUP) {
260150Sdelphij				spa->spa_feat_refcount_cache[i] =
260150Sdelphij				    SPA_FEATURE_DISABLED;
260150Sdelphij			} else {
332530Smav				spa_load_failed(spa, "error getting refcount "
332530Smav				    "for feature %s [error=%d]",
332530Smav				    spa_feature_table[i].fi_guid, error);
260150Sdelphij				return (spa_vdev_err(rvd,
260150Sdelphij				    VDEV_AUX_CORRUPT_DATA, EIO));
260150Sdelphij			}
260150Sdelphij		}
236884Smm	}
236884Smm
260150Sdelphij	if (spa_feature_is_active(spa, SPA_FEATURE_ENABLED_TXG)) {
260150Sdelphij		if (spa_dir_prop(spa, DMU_POOL_FEATURE_ENABLED_TXG,
332530Smav		    &spa->spa_feat_enabled_txg_obj, B_TRUE) != 0)
260150Sdelphij			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
260150Sdelphij	}
260150Sdelphij
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332529Smavspa_ld_load_special_directories(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
236884Smm	spa->spa_is_initializing = B_TRUE;
236884Smm	error = dsl_pool_open(spa->spa_dsl_pool);
236884Smm	spa->spa_is_initializing = B_FALSE;
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "dsl_pool_open failed [error=%d]", error);
236884Smm		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
236884Smm
332529Smav	return (0);
332529Smav}
168404Spjd
332529Smavstatic int
332529Smavspa_ld_get_props(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	uint64_t obj;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
289422Smav	/* Grab the secret checksum salt from the MOS. */
289422Smav	error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
289422Smav	    DMU_POOL_CHECKSUM_SALT, 1,
289422Smav	    sizeof (spa->spa_cksum_salt.zcs_bytes),
289422Smav	    spa->spa_cksum_salt.zcs_bytes);
289422Smav	if (error == ENOENT) {
289422Smav		/* Generate a new salt for subsequent use */
289422Smav		(void) random_get_pseudo_bytes(spa->spa_cksum_salt.zcs_bytes,
289422Smav		    sizeof (spa->spa_cksum_salt.zcs_bytes));
289422Smav	} else if (error != 0) {
332530Smav		spa_load_failed(spa, "unable to retrieve checksum salt from "
332530Smav		    "MOS [error=%d]", error);
289422Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
289422Smav	}
289422Smav
332530Smav	if (spa_dir_prop(spa, DMU_POOL_SYNC_BPOBJ, &obj, B_TRUE) != 0)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
219089Spjd	error = bpobj_open(&spa->spa_deferred_bpobj, spa->spa_meta_objset, obj);
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "error opening deferred-frees bpobj "
332530Smav		    "[error=%d]", error);
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Load the bit that tells us to use the new accounting function
168404Spjd	 * (raid-z deflation).  If we have an older pool, this will not
168404Spjd	 * be present.
168404Spjd	 */
332530Smav	error = spa_dir_prop(spa, DMU_POOL_DEFLATE, &spa->spa_deflate, B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
168404Spjd
219089Spjd	error = spa_dir_prop(spa, DMU_POOL_CREATION_VERSION,
332530Smav	    &spa->spa_creation_version, B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
219089Spjd
168404Spjd	/*
168404Spjd	 * Load the persistent error log.  If we have an older pool, this will
168404Spjd	 * not be present.
168404Spjd	 */
332530Smav	error = spa_dir_prop(spa, DMU_POOL_ERRLOG_LAST, &spa->spa_errlog_last,
332530Smav	    B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
168404Spjd
219089Spjd	error = spa_dir_prop(spa, DMU_POOL_ERRLOG_SCRUB,
332530Smav	    &spa->spa_errlog_scrub, B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
168404Spjd
168404Spjd	/*
168404Spjd	 * Load the history object.  If we have an older pool, this
168404Spjd	 * will not be present.
168404Spjd	 */
332530Smav	error = spa_dir_prop(spa, DMU_POOL_HISTORY, &spa->spa_history, B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
168404Spjd
168404Spjd	/*
299441Smav	 * Load the per-vdev ZAP map. If we have an older pool, this will not
299441Smav	 * be present; in this case, defer its creation to a later time to
299441Smav	 * avoid dirtying the MOS this early / out of sync context. See
299441Smav	 * spa_sync_config_object.
299441Smav	 */
299441Smav
299441Smav	/* The sentinel is only available in the MOS config. */
299441Smav	nvlist_t *mos_config;
332530Smav	if (load_nvlist(spa, spa->spa_config_object, &mos_config) != 0) {
332530Smav		spa_load_failed(spa, "unable to retrieve MOS config");
299441Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
299441Smav
299441Smav	error = spa_dir_prop(spa, DMU_POOL_VDEV_ZAP_MAP,
332530Smav	    &spa->spa_all_vdev_zaps, B_FALSE);
299441Smav
321540Smav	if (error == ENOENT) {
321540Smav		VERIFY(!nvlist_exists(mos_config,
321540Smav		    ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS));
321540Smav		spa->spa_avz_action = AVZ_ACTION_INITIALIZE;
321540Smav		ASSERT0(vdev_count_verify_zaps(spa->spa_root_vdev));
321540Smav	} else if (error != 0) {
299441Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
321540Smav	} else if (!nvlist_exists(mos_config, ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS)) {
299441Smav		/*
299441Smav		 * An older version of ZFS overwrote the sentinel value, so
299441Smav		 * we have orphaned per-vdev ZAPs in the MOS. Defer their
299441Smav		 * destruction to later; see spa_sync_config_object.
299441Smav		 */
299441Smav		spa->spa_avz_action = AVZ_ACTION_DESTROY;
299441Smav		/*
299441Smav		 * We're assuming that no vdevs have had their ZAPs created
299441Smav		 * before this. Better be sure of it.
299441Smav		 */
299441Smav		ASSERT0(vdev_count_verify_zaps(spa->spa_root_vdev));
299441Smav	}
299441Smav	nvlist_free(mos_config);
299441Smav
332529Smav	spa->spa_delegation = zpool_prop_default_numeric(ZPOOL_PROP_DELEGATION);
332529Smav
332530Smav	error = spa_dir_prop(spa, DMU_POOL_PROPS, &spa->spa_pool_props_object,
332530Smav	    B_FALSE);
332529Smav	if (error && error != ENOENT)
332529Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332529Smav
332529Smav	if (error == 0) {
332529Smav		uint64_t autoreplace;
332529Smav
332529Smav		spa_prop_find(spa, ZPOOL_PROP_BOOTFS, &spa->spa_bootfs);
332529Smav		spa_prop_find(spa, ZPOOL_PROP_AUTOREPLACE, &autoreplace);
332529Smav		spa_prop_find(spa, ZPOOL_PROP_DELEGATION, &spa->spa_delegation);
332529Smav		spa_prop_find(spa, ZPOOL_PROP_FAILUREMODE, &spa->spa_failmode);
332529Smav		spa_prop_find(spa, ZPOOL_PROP_AUTOEXPAND, &spa->spa_autoexpand);
332529Smav		spa_prop_find(spa, ZPOOL_PROP_DEDUPDITTO,
332529Smav		    &spa->spa_dedup_ditto);
332529Smav
332529Smav		spa->spa_autoreplace = (autoreplace != 0);
332529Smav	}
332529Smav
332536Smav	/*
332536Smav	 * If we are importing a pool with missing top-level vdevs,
332536Smav	 * we enforce that the pool doesn't panic or get suspended on
332536Smav	 * error since the likelihood of missing data is extremely high.
332536Smav	 */
332536Smav	if (spa->spa_missing_tvds > 0 &&
332536Smav	    spa->spa_failmode != ZIO_FAILURE_MODE_CONTINUE &&
332536Smav	    spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
332536Smav		spa_load_note(spa, "forcing failmode to 'continue' "
332536Smav		    "as some top level vdevs are missing");
332536Smav		spa->spa_failmode = ZIO_FAILURE_MODE_CONTINUE;
332536Smav	}
332536Smav
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332529Smavspa_ld_open_aux_vdevs(spa_t *spa, spa_import_type_t type)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
299441Smav	/*
219089Spjd	 * If we're assembling the pool from the split-off vdevs of
219089Spjd	 * an existing pool, we don't want to attach the spares & cache
219089Spjd	 * devices.
219089Spjd	 */
219089Spjd
219089Spjd	/*
168404Spjd	 * Load any hot spares for this pool.
168404Spjd	 */
332530Smav	error = spa_dir_prop(spa, DMU_POOL_SPARES, &spa->spa_spares.sav_object,
332530Smav	    B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
219089Spjd	if (error == 0 && type != SPA_IMPORT_ASSEMBLE) {
185029Spjd		ASSERT(spa_version(spa) >= SPA_VERSION_SPARES);
185029Spjd		if (load_nvlist(spa, spa->spa_spares.sav_object,
332530Smav		    &spa->spa_spares.sav_config) != 0) {
332530Smav			spa_load_failed(spa, "error loading spares nvlist");
219089Spjd			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav		}
168404Spjd
185029Spjd		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd		spa_load_spares(spa);
185029Spjd		spa_config_exit(spa, SCL_ALL, FTAG);
219089Spjd	} else if (error == 0) {
219089Spjd		spa->spa_spares.sav_sync = B_TRUE;
168404Spjd	}
168404Spjd
185029Spjd	/*
185029Spjd	 * Load any level 2 ARC devices for this pool.
185029Spjd	 */
219089Spjd	error = spa_dir_prop(spa, DMU_POOL_L2CACHE,
332530Smav	    &spa->spa_l2cache.sav_object, B_FALSE);
219089Spjd	if (error != 0 && error != ENOENT)
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
219089Spjd	if (error == 0 && type != SPA_IMPORT_ASSEMBLE) {
185029Spjd		ASSERT(spa_version(spa) >= SPA_VERSION_L2CACHE);
185029Spjd		if (load_nvlist(spa, spa->spa_l2cache.sav_object,
332530Smav		    &spa->spa_l2cache.sav_config) != 0) {
332530Smav			spa_load_failed(spa, "error loading l2cache nvlist");
219089Spjd			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav		}
185029Spjd
185029Spjd		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
185029Spjd		spa_load_l2cache(spa);
185029Spjd		spa_config_exit(spa, SCL_ALL, FTAG);
219089Spjd	} else if (error == 0) {
219089Spjd		spa->spa_l2cache.sav_sync = B_TRUE;
185029Spjd	}
185029Spjd
332529Smav	return (0);
332529Smav}
213197Smm
332529Smavstatic int
332530Smavspa_ld_load_vdev_metadata(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
185029Spjd
168404Spjd	/*
185029Spjd	 * If the 'autoreplace' property is set, then post a resource notifying
185029Spjd	 * the ZFS DE that it should not issue any faults for unopenable
185029Spjd	 * devices.  We also iterate over the vdevs, and post a sysevent for any
185029Spjd	 * unopenable vdevs so that the normal autoreplace handler can take
185029Spjd	 * over.
185029Spjd	 */
332530Smav	if (spa->spa_autoreplace && spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
185029Spjd		spa_check_removed(spa->spa_root_vdev);
219089Spjd		/*
219089Spjd		 * For the import case, this is done in spa_import(), because
219089Spjd		 * at this point we're using the spare definitions from
219089Spjd		 * the MOS config, not necessarily from the userland config.
219089Spjd		 */
332530Smav		if (spa->spa_load_state != SPA_LOAD_IMPORT) {
219089Spjd			spa_aux_check_removed(&spa->spa_spares);
219089Spjd			spa_aux_check_removed(&spa->spa_l2cache);
219089Spjd		}
219089Spjd	}
185029Spjd
185029Spjd	/*
332529Smav	 * Load the vdev metadata such as metaslabs, DTLs, spacemap object, etc.
168404Spjd	 */
332525Smav	error = vdev_load(rvd);
332525Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "vdev_load failed [error=%d]", error);
332525Smav		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, error));
332525Smav	}
168404Spjd
168404Spjd	/*
332529Smav	 * Propagate the leaf DTLs we just loaded all the way up the vdev tree.
168404Spjd	 */
185029Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd	vdev_dtl_reassess(rvd, 0, 0, B_FALSE);
185029Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332529Smavspa_ld_load_dedup_tables(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
219089Spjd	error = ddt_load(spa);
332530Smav	if (error != 0) {
332530Smav		spa_load_failed(spa, "ddt_load failed [error=%d]", error);
219089Spjd		return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA, EIO));
332530Smav	}
219089Spjd
332529Smav	return (0);
332529Smav}
219089Spjd
332529Smavstatic int
332529Smavspa_ld_verify_logs(spa_t *spa, spa_import_type_t type, char **ereport)
332529Smav{
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
332530Smav	if (type != SPA_IMPORT_ASSEMBLE && spa_writeable(spa)) {
332530Smav		boolean_t missing = spa_check_logs(spa);
332530Smav		if (missing) {
332536Smav			if (spa->spa_missing_tvds != 0) {
332536Smav				spa_load_note(spa, "spa_check_logs failed "
332536Smav				    "so dropping the logs");
332536Smav			} else {
332536Smav				*ereport = FM_EREPORT_ZFS_LOG_REPLAY;
332536Smav				spa_load_failed(spa, "spa_check_logs failed");
332536Smav				return (spa_vdev_err(rvd, VDEV_AUX_BAD_LOG,
332536Smav				    ENXIO));
332536Smav			}
332530Smav		}
168404Spjd	}
168404Spjd
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic int
332530Smavspa_ld_verify_pool_data(spa_t *spa)
332529Smav{
332529Smav	int error = 0;
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav
332529Smav	/*
332529Smav	 * We've successfully opened the pool, verify that we're ready
332529Smav	 * to start pushing transactions.
332529Smav	 */
332530Smav	if (spa->spa_load_state != SPA_LOAD_TRYIMPORT) {
332529Smav		error = spa_load_verify(spa);
332529Smav		if (error != 0) {
332530Smav			spa_load_failed(spa, "spa_load_verify failed "
332530Smav			    "[error=%d]", error);
332529Smav			return (spa_vdev_err(rvd, VDEV_AUX_CORRUPT_DATA,
332529Smav			    error));
332529Smav		}
332529Smav	}
332529Smav
332529Smav	return (0);
332529Smav}
332529Smav
332529Smavstatic void
332529Smavspa_ld_claim_log_blocks(spa_t *spa)
332529Smav{
332529Smav	dmu_tx_t *tx;
332529Smav	dsl_pool_t *dp = spa_get_dsl(spa);
332529Smav
332529Smav	/*
332529Smav	 * Claim log blocks that haven't been committed yet.
332529Smav	 * This must all happen in a single txg.
332529Smav	 * Note: spa_claim_max_txg is updated by spa_claim_notify(),
332529Smav	 * invoked from zil_claim_log_block()'s i/o done callback.
332529Smav	 * Price of rollback is that we abandon the log.
332529Smav	 */
332529Smav	spa->spa_claiming = B_TRUE;
332529Smav
332529Smav	tx = dmu_tx_create_assigned(dp, spa_first_txg(spa));
332529Smav	(void) dmu_objset_find_dp(dp, dp->dp_root_dir_obj,
332529Smav	    zil_claim, tx, DS_FIND_CHILDREN);
332529Smav	dmu_tx_commit(tx);
332529Smav
332529Smav	spa->spa_claiming = B_FALSE;
332529Smav
332529Smav	spa_set_log_state(spa, SPA_LOG_GOOD);
332529Smav}
332529Smav
332529Smavstatic void
332536Smavspa_ld_check_for_config_update(spa_t *spa, uint64_t config_cache_txg,
332547Smav    boolean_t update_config_cache)
332529Smav{
332529Smav	vdev_t *rvd = spa->spa_root_vdev;
332529Smav	int need_update = B_FALSE;
332529Smav
332529Smav	/*
332529Smav	 * If the config cache is stale, or we have uninitialized
332529Smav	 * metaslabs (see spa_vdev_add()), then update the config.
332529Smav	 *
332529Smav	 * If this is a verbatim import, trust the current
332529Smav	 * in-core spa_config and update the disk labels.
332529Smav	 */
332547Smav	if (update_config_cache || config_cache_txg != spa->spa_config_txg ||
332530Smav	    spa->spa_load_state == SPA_LOAD_IMPORT ||
332530Smav	    spa->spa_load_state == SPA_LOAD_RECOVER ||
332529Smav	    (spa->spa_import_flags & ZFS_IMPORT_VERBATIM))
332529Smav		need_update = B_TRUE;
332529Smav
332529Smav	for (int c = 0; c < rvd->vdev_children; c++)
332529Smav		if (rvd->vdev_child[c]->vdev_ms_array == 0)
332529Smav			need_update = B_TRUE;
332529Smav
332529Smav	/*
332529Smav	 * Update the config cache asychronously in case we're the
332529Smav	 * root pool, in which case the config cache isn't writable yet.
332529Smav	 */
332529Smav	if (need_update)
332529Smav		spa_async_request(spa, SPA_ASYNC_CONFIG_UPDATE);
332529Smav}
332529Smav
332536Smavstatic void
332536Smavspa_ld_prepare_for_reload(spa_t *spa)
332536Smav{
332536Smav	int mode = spa->spa_mode;
332536Smav	int async_suspended = spa->spa_async_suspended;
332536Smav
332536Smav	spa_unload(spa);
332536Smav	spa_deactivate(spa);
332536Smav	spa_activate(spa, mode);
332536Smav
332536Smav	/*
332536Smav	 * We save the value of spa_async_suspended as it gets reset to 0 by
332536Smav	 * spa_unload(). We want to restore it back to the original value before
332536Smav	 * returning as we might be calling spa_async_resume() later.
332536Smav	 */
332536Smav	spa->spa_async_suspended = async_suspended;
332536Smav}
332536Smav
332529Smavstatic int
332547Smavspa_ld_read_checkpoint_txg(spa_t *spa)
332529Smav{
332547Smav	uberblock_t checkpoint;
332529Smav	int error = 0;
332529Smav
332547Smav	ASSERT0(spa->spa_checkpoint_txg);
332530Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav
332547Smav	error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
332547Smav	    DMU_POOL_ZPOOL_CHECKPOINT, sizeof (uint64_t),
332547Smav	    sizeof (uberblock_t) / sizeof (uint64_t), &checkpoint);
332547Smav
332547Smav	if (error == ENOENT)
332547Smav		return (0);
332547Smav
332547Smav	if (error != 0)
332547Smav		return (error);
332547Smav
332547Smav	ASSERT3U(checkpoint.ub_txg, !=, 0);
332547Smav	ASSERT3U(checkpoint.ub_checkpoint_txg, !=, 0);
332547Smav	ASSERT3U(checkpoint.ub_timestamp, !=, 0);
332547Smav	spa->spa_checkpoint_txg = checkpoint.ub_txg;
332547Smav	spa->spa_checkpoint_info.sci_timestamp = checkpoint.ub_timestamp;
332547Smav
332547Smav	return (0);
332547Smav}
332547Smav
332547Smavstatic int
332547Smavspa_ld_mos_init(spa_t *spa, spa_import_type_t type)
332547Smav{
332547Smav	int error = 0;
332547Smav
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332536Smav	ASSERT(spa->spa_config_source != SPA_CONFIG_SRC_NONE);
332530Smav
332529Smav	/*
332536Smav	 * Never trust the config that is provided unless we are assembling
332536Smav	 * a pool following a split.
332536Smav	 * This means don't trust blkptrs and the vdev tree in general. This
332536Smav	 * also effectively puts the spa in read-only mode since
332536Smav	 * spa_writeable() checks for spa_trust_config to be true.
332536Smav	 * We will later load a trusted config from the MOS.
332529Smav	 */
332536Smav	if (type != SPA_IMPORT_ASSEMBLE)
332536Smav		spa->spa_trust_config = B_FALSE;
332529Smav
332529Smav	/*
332529Smav	 * Parse the config provided to create a vdev tree.
332529Smav	 */
332536Smav	error = spa_ld_parse_config(spa, type);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Now that we have the vdev tree, try to open each vdev. This involves
332529Smav	 * opening the underlying physical device, retrieving its geometry and
332529Smav	 * probing the vdev with a dummy I/O. The state of each vdev will be set
332529Smav	 * based on the success of those operations. After this we'll be ready
332529Smav	 * to read from the vdevs.
332529Smav	 */
332529Smav	error = spa_ld_open_vdevs(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Read the label of each vdev and make sure that the GUIDs stored
332529Smav	 * there match the GUIDs in the config provided.
332536Smav	 * If we're assembling a new pool that's been split off from an
332536Smav	 * existing pool, the labels haven't yet been updated so we skip
332536Smav	 * validation for now.
332529Smav	 */
332536Smav	if (type != SPA_IMPORT_ASSEMBLE) {
332536Smav		error = spa_ld_validate_vdevs(spa);
332536Smav		if (error != 0)
332536Smav			return (error);
332536Smav	}
332529Smav
332529Smav	/*
332547Smav	 * Read all vdev labels to find the best uberblock (i.e. latest,
332547Smav	 * unless spa_load_max_txg is set) and store it in spa_uberblock. We
332547Smav	 * get the list of features required to read blkptrs in the MOS from
332547Smav	 * the vdev label with the best uberblock and verify that our version
332547Smav	 * of zfs supports them all.
332529Smav	 */
332536Smav	error = spa_ld_select_uberblock(spa, type);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Pass that uberblock to the dsl_pool layer which will open the root
332529Smav	 * blkptr. This blkptr points to the latest version of the MOS and will
332529Smav	 * allow us to read its contents.
332529Smav	 */
332529Smav	error = spa_ld_open_rootbp(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332547Smav	return (0);
332547Smav}
332547Smav
332547Smavstatic int
332547Smavspa_ld_checkpoint_rewind(spa_t *spa)
332547Smav{
332547Smav	uberblock_t checkpoint;
332547Smav	int error = 0;
332547Smav
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav	ASSERT(spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
332547Smav
332547Smav	error = zap_lookup(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
332547Smav	    DMU_POOL_ZPOOL_CHECKPOINT, sizeof (uint64_t),
332547Smav	    sizeof (uberblock_t) / sizeof (uint64_t), &checkpoint);
332547Smav
332547Smav	if (error != 0) {
332547Smav		spa_load_failed(spa, "unable to retrieve checkpointed "
332547Smav		    "uberblock from the MOS config [error=%d]", error);
332547Smav
332547Smav		if (error == ENOENT)
332547Smav			error = ZFS_ERR_NO_CHECKPOINT;
332547Smav
332547Smav		return (error);
332547Smav	}
332547Smav
332547Smav	ASSERT3U(checkpoint.ub_txg, <, spa->spa_uberblock.ub_txg);
332547Smav	ASSERT3U(checkpoint.ub_txg, ==, checkpoint.ub_checkpoint_txg);
332547Smav
332529Smav	/*
332547Smav	 * We need to update the txg and timestamp of the checkpointed
332547Smav	 * uberblock to be higher than the latest one. This ensures that
332547Smav	 * the checkpointed uberblock is selected if we were to close and
332547Smav	 * reopen the pool right after we've written it in the vdev labels.
332547Smav	 * (also see block comment in vdev_uberblock_compare)
332547Smav	 */
332547Smav	checkpoint.ub_txg = spa->spa_uberblock.ub_txg + 1;
332547Smav	checkpoint.ub_timestamp = gethrestime_sec();
332547Smav
332547Smav	/*
332547Smav	 * Set current uberblock to be the checkpointed uberblock.
332547Smav	 */
332547Smav	spa->spa_uberblock = checkpoint;
332547Smav
332547Smav	/*
332547Smav	 * If we are doing a normal rewind, then the pool is open for
332547Smav	 * writing and we sync the "updated" checkpointed uberblock to
332547Smav	 * disk. Once this is done, we've basically rewound the whole
332547Smav	 * pool and there is no way back.
332547Smav	 *
332547Smav	 * There are cases when we don't want to attempt and sync the
332547Smav	 * checkpointed uberblock to disk because we are opening a
332547Smav	 * pool as read-only. Specifically, verifying the checkpointed
332547Smav	 * state with zdb, and importing the checkpointed state to get
332547Smav	 * a "preview" of its content.
332547Smav	 */
332547Smav	if (spa_writeable(spa)) {
332547Smav		vdev_t *rvd = spa->spa_root_vdev;
332547Smav
332547Smav		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
332547Smav		vdev_t *svd[SPA_SYNC_MIN_VDEVS] = { NULL };
332547Smav		int svdcount = 0;
332547Smav		int children = rvd->vdev_children;
332547Smav		int c0 = spa_get_random(children);
332547Smav
332547Smav		for (int c = 0; c < children; c++) {
332547Smav			vdev_t *vd = rvd->vdev_child[(c0 + c) % children];
332547Smav
332547Smav			/* Stop when revisiting the first vdev */
332547Smav			if (c > 0 && svd[0] == vd)
332547Smav				break;
332547Smav
332547Smav			if (vd->vdev_ms_array == 0 || vd->vdev_islog ||
332547Smav			    !vdev_is_concrete(vd))
332547Smav				continue;
332547Smav
332547Smav			svd[svdcount++] = vd;
332547Smav			if (svdcount == SPA_SYNC_MIN_VDEVS)
332547Smav				break;
332547Smav		}
332547Smav		error = vdev_config_sync(svd, svdcount, spa->spa_first_txg);
332547Smav		if (error == 0)
332547Smav			spa->spa_last_synced_guid = rvd->vdev_guid;
332547Smav		spa_config_exit(spa, SCL_ALL, FTAG);
332547Smav
332547Smav		if (error != 0) {
332547Smav			spa_load_failed(spa, "failed to write checkpointed "
332547Smav			    "uberblock to the vdev labels [error=%d]", error);
332547Smav			return (error);
332547Smav		}
332547Smav	}
332547Smav
332547Smav	return (0);
332547Smav}
332547Smav
332547Smavstatic int
332547Smavspa_ld_mos_with_trusted_config(spa_t *spa, spa_import_type_t type,
332547Smav    boolean_t *update_config_cache)
332547Smav{
332547Smav	int error;
332547Smav
332547Smav	/*
332547Smav	 * Parse the config for pool, open and validate vdevs,
332547Smav	 * select an uberblock, and use that uberblock to open
332547Smav	 * the MOS.
332547Smav	 */
332547Smav	error = spa_ld_mos_init(spa, type);
332547Smav	if (error != 0)
332547Smav		return (error);
332547Smav
332547Smav	/*
332536Smav	 * Retrieve the trusted config stored in the MOS and use it to create
332536Smav	 * a new, exact version of the vdev tree, then reopen all vdevs.
332529Smav	 */
332547Smav	error = spa_ld_trusted_config(spa, type, B_FALSE);
332536Smav	if (error == EAGAIN) {
332547Smav		if (update_config_cache != NULL)
332547Smav			*update_config_cache = B_TRUE;
332547Smav
332536Smav		/*
332536Smav		 * Redo the loading process with the trusted config if it is
332536Smav		 * too different from the untrusted config.
332536Smav		 */
332536Smav		spa_ld_prepare_for_reload(spa);
332547Smav		spa_load_note(spa, "RELOADING");
332547Smav		error = spa_ld_mos_init(spa, type);
332547Smav		if (error != 0)
332547Smav			return (error);
332547Smav
332547Smav		error = spa_ld_trusted_config(spa, type, B_TRUE);
332547Smav		if (error != 0)
332547Smav			return (error);
332547Smav
332536Smav	} else if (error != 0) {
332529Smav		return (error);
332536Smav	}
332529Smav
332547Smav	return (0);
332547Smav}
332547Smav
332547Smav/*
332547Smav * Load an existing storage pool, using the config provided. This config
332547Smav * describes which vdevs are part of the pool and is later validated against
332547Smav * partial configs present in each vdev's label and an entire copy of the
332547Smav * config stored in the MOS.
332547Smav */
332547Smavstatic int
332547Smavspa_load_impl(spa_t *spa, spa_import_type_t type, char **ereport)
332547Smav{
332547Smav	int error = 0;
332547Smav	boolean_t missing_feat_write = B_FALSE;
332547Smav	boolean_t checkpoint_rewind =
332547Smav	    (spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
332547Smav	boolean_t update_config_cache = B_FALSE;
332547Smav
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav	ASSERT(spa->spa_config_source != SPA_CONFIG_SRC_NONE);
332547Smav
332547Smav	spa_load_note(spa, "LOADING");
332547Smav
332547Smav	error = spa_ld_mos_with_trusted_config(spa, type, &update_config_cache);
332547Smav	if (error != 0)
332547Smav		return (error);
332547Smav
332529Smav	/*
332547Smav	 * If we are rewinding to the checkpoint then we need to repeat
332547Smav	 * everything we've done so far in this function but this time
332547Smav	 * selecting the checkpointed uberblock and using that to open
332547Smav	 * the MOS.
332547Smav	 */
332547Smav	if (checkpoint_rewind) {
332547Smav		/*
332547Smav		 * If we are rewinding to the checkpoint update config cache
332547Smav		 * anyway.
332547Smav		 */
332547Smav		update_config_cache = B_TRUE;
332547Smav
332547Smav		/*
332547Smav		 * Extract the checkpointed uberblock from the current MOS
332547Smav		 * and use this as the pool's uberblock from now on. If the
332547Smav		 * pool is imported as writeable we also write the checkpoint
332547Smav		 * uberblock to the labels, making the rewind permanent.
332547Smav		 */
332547Smav		error = spa_ld_checkpoint_rewind(spa);
332547Smav		if (error != 0)
332547Smav			return (error);
332547Smav
332547Smav		/*
332547Smav		 * Redo the loading process process again with the
332547Smav		 * checkpointed uberblock.
332547Smav		 */
332547Smav		spa_ld_prepare_for_reload(spa);
332547Smav		spa_load_note(spa, "LOADING checkpointed uberblock");
332547Smav		error = spa_ld_mos_with_trusted_config(spa, type, NULL);
332547Smav		if (error != 0)
332547Smav			return (error);
332547Smav	}
332547Smav
332547Smav	/*
332547Smav	 * Retrieve the checkpoint txg if the pool has a checkpoint.
332547Smav	 */
332547Smav	error = spa_ld_read_checkpoint_txg(spa);
332547Smav	if (error != 0)
332547Smav		return (error);
332547Smav
332547Smav	/*
332529Smav	 * Retrieve the mapping of indirect vdevs. Those vdevs were removed
332529Smav	 * from the pool and their contents were re-mapped to other vdevs. Note
332529Smav	 * that everything that we read before this step must have been
332529Smav	 * rewritten on concrete vdevs after the last device removal was
332529Smav	 * initiated. Otherwise we could be reading from indirect vdevs before
332529Smav	 * we have loaded their mappings.
332529Smav	 */
332529Smav	error = spa_ld_open_indirect_vdev_metadata(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Retrieve the full list of active features from the MOS and check if
332529Smav	 * they are all supported.
332529Smav	 */
332530Smav	error = spa_ld_check_features(spa, &missing_feat_write);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Load several special directories from the MOS needed by the dsl_pool
332529Smav	 * layer.
332529Smav	 */
332529Smav	error = spa_ld_load_special_directories(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Retrieve pool properties from the MOS.
332529Smav	 */
332529Smav	error = spa_ld_get_props(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Retrieve the list of auxiliary devices - cache devices and spares -
332529Smav	 * and open them.
332529Smav	 */
332529Smav	error = spa_ld_open_aux_vdevs(spa, type);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Load the metadata for all vdevs. Also check if unopenable devices
332529Smav	 * should be autoreplaced.
332529Smav	 */
332530Smav	error = spa_ld_load_vdev_metadata(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	error = spa_ld_load_dedup_tables(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
332529Smav	/*
332529Smav	 * Verify the logs now to make sure we don't have any unexpected errors
332529Smav	 * when we claim log blocks later.
332529Smav	 */
332529Smav	error = spa_ld_verify_logs(spa, type, ereport);
332529Smav	if (error != 0)
332529Smav		return (error);
332529Smav
236884Smm	if (missing_feat_write) {
332536Smav		ASSERT(spa->spa_load_state == SPA_LOAD_TRYIMPORT);
236884Smm
236884Smm		/*
236884Smm		 * At this point, we know that we can open the pool in
236884Smm		 * read-only mode but not read-write mode. We now have enough
236884Smm		 * information and can return to userland.
236884Smm		 */
332529Smav		return (spa_vdev_err(spa->spa_root_vdev, VDEV_AUX_UNSUP_FEAT,
332529Smav		    ENOTSUP));
236884Smm	}
236884Smm
219089Spjd	/*
332529Smav	 * Traverse the last txgs to make sure the pool was left off in a safe
332529Smav	 * state. When performing an extreme rewind, we verify the whole pool,
332529Smav	 * which can take a very long time.
219089Spjd	 */
332530Smav	error = spa_ld_verify_pool_data(spa);
332529Smav	if (error != 0)
332529Smav		return (error);
219089Spjd
332529Smav	/*
332529Smav	 * Calculate the deflated space for the pool. This must be done before
332529Smav	 * we write anything to the pool because we'd need to update the space
332529Smav	 * accounting using the deflated sizes.
332529Smav	 */
332529Smav	spa_update_dspace(spa);
332529Smav
332529Smav	/*
332529Smav	 * We have now retrieved all the information we needed to open the
332529Smav	 * pool. If we are importing the pool in read-write mode, a few
332529Smav	 * additional steps must be performed to finish the import.
332529Smav	 */
332536Smav	if (spa_writeable(spa) && (spa->spa_load_state == SPA_LOAD_RECOVER ||
219089Spjd	    spa->spa_load_max_txg == UINT64_MAX)) {
332536Smav		uint64_t config_cache_txg = spa->spa_config_txg;
168404Spjd
332536Smav		ASSERT(spa->spa_load_state != SPA_LOAD_TRYIMPORT);
332536Smav
332525Smav		/*
332547Smav		 * In case of a checkpoint rewind, log the original txg
332547Smav		 * of the checkpointed uberblock.
332547Smav		 */
332547Smav		if (checkpoint_rewind) {
332547Smav			spa_history_log_internal(spa, "checkpoint rewind",
332547Smav			    NULL, "rewound state to txg=%llu",
332547Smav			    (u_longlong_t)spa->spa_uberblock.ub_checkpoint_txg);
332547Smav		}
332547Smav
332547Smav		/*
332529Smav		 * Traverse the ZIL and claim all blocks.
332529Smav		 */
332529Smav		spa_ld_claim_log_blocks(spa);
209962Smm
168404Spjd		/*
332529Smav		 * Kick-off the syncing thread.
168404Spjd		 */
168404Spjd		spa->spa_sync_on = B_TRUE;
168404Spjd		txg_sync_start(spa->spa_dsl_pool);
168404Spjd
168404Spjd		/*
219089Spjd		 * Wait for all claims to sync.  We sync up to the highest
219089Spjd		 * claimed log block birth time so that claimed log blocks
219089Spjd		 * don't appear to be from the future.  spa_claim_max_txg
332529Smav		 * will have been set for us by ZIL traversal operations
332529Smav		 * performed above.
168404Spjd		 */
219089Spjd		txg_wait_synced(spa->spa_dsl_pool, spa->spa_claim_max_txg);
168404Spjd
168404Spjd		/*
332529Smav		 * Check if we need to request an update of the config. On the
332529Smav		 * next sync, we would update the config stored in vdev labels
332529Smav		 * and the cachefile (by default /etc/zfs/zpool.cache).
168404Spjd		 */
332536Smav		spa_ld_check_for_config_update(spa, config_cache_txg,
332547Smav		    update_config_cache);
168404Spjd
168404Spjd		/*
208683Spjd		 * Check all DTLs to see if anything needs resilvering.
208683Spjd		 */
219089Spjd		if (!dsl_scan_resilvering(spa->spa_dsl_pool) &&
332529Smav		    vdev_resilver_needed(spa->spa_root_vdev, NULL, NULL))
208683Spjd			spa_async_request(spa, SPA_ASYNC_RESILVER);
219089Spjd
219089Spjd		/*
248571Smm		 * Log the fact that we booted up (so that we can detect if
248571Smm		 * we rebooted in the middle of an operation).
248571Smm		 */
248571Smm		spa_history_log_version(spa, "open");
248571Smm
248571Smm		/*
219089Spjd		 * Delete any inconsistent datasets.
219089Spjd		 */
219089Spjd		(void) dmu_objset_find(spa_name(spa),
219089Spjd		    dsl_destroy_inconsistent, NULL, DS_FIND_CHILDREN);
219089Spjd
219089Spjd		/*
219089Spjd		 * Clean up any stale temporary dataset userrefs.
219089Spjd		 */
219089Spjd		dsl_pool_clean_tmp_userrefs(spa->spa_dsl_pool);
332525Smav
332525Smav		spa_restart_removal(spa);
332525Smav
332537Smav		spa_spawn_aux_threads(spa);
168404Spjd	}
168404Spjd
332530Smav	spa_load_note(spa, "LOADED");
332530Smav
219089Spjd	return (0);
219089Spjd}
168404Spjd
219089Spjdstatic int
332536Smavspa_load_retry(spa_t *spa, spa_load_state_t state)
219089Spjd{
219089Spjd	int mode = spa->spa_mode;
219089Spjd
219089Spjd	spa_unload(spa);
219089Spjd	spa_deactivate(spa);
219089Spjd
268720Sdelphij	spa->spa_load_max_txg = spa->spa_uberblock.ub_txg - 1;
219089Spjd
219089Spjd	spa_activate(spa, mode);
219089Spjd	spa_async_suspend(spa);
219089Spjd
332530Smav	spa_load_note(spa, "spa_load_retry: rewind, max txg: %llu",
332530Smav	    (u_longlong_t)spa->spa_load_max_txg);
332530Smav
332536Smav	return (spa_load(spa, state, SPA_IMPORT_EXISTING));
168404Spjd}
168404Spjd
236884Smm/*
236884Smm * If spa_load() fails this function will try loading prior txg's. If
236884Smm * 'state' is SPA_LOAD_RECOVER and one of these loads succeeds the pool
236884Smm * will be rewound to that txg. If 'state' is not SPA_LOAD_RECOVER this
236884Smm * function will not rewind the pool and will return the same error as
236884Smm * spa_load().
236884Smm */
219089Spjdstatic int
332536Smavspa_load_best(spa_t *spa, spa_load_state_t state, uint64_t max_request,
332536Smav    int rewind_flags)
219089Spjd{
236884Smm	nvlist_t *loadinfo = NULL;
219089Spjd	nvlist_t *config = NULL;
219089Spjd	int load_error, rewind_error;
219089Spjd	uint64_t safe_rewind_txg;
219089Spjd	uint64_t min_txg;
219089Spjd
219089Spjd	if (spa->spa_load_txg && state == SPA_LOAD_RECOVER) {
219089Spjd		spa->spa_load_max_txg = spa->spa_load_txg;
219089Spjd		spa_set_log_state(spa, SPA_LOG_CLEAR);
219089Spjd	} else {
219089Spjd		spa->spa_load_max_txg = max_request;
268720Sdelphij		if (max_request != UINT64_MAX)
268720Sdelphij			spa->spa_extreme_rewind = B_TRUE;
219089Spjd	}
219089Spjd
332536Smav	load_error = rewind_error = spa_load(spa, state, SPA_IMPORT_EXISTING);
219089Spjd	if (load_error == 0)
219089Spjd		return (0);
332547Smav	if (load_error == ZFS_ERR_NO_CHECKPOINT) {
332547Smav		/*
332547Smav		 * When attempting checkpoint-rewind on a pool with no
332547Smav		 * checkpoint, we should not attempt to load uberblocks
332547Smav		 * from previous txgs when spa_load fails.
332547Smav		 */
332547Smav		ASSERT(spa->spa_import_flags & ZFS_IMPORT_CHECKPOINT);
332547Smav		return (load_error);
332547Smav	}
219089Spjd
219089Spjd	if (spa->spa_root_vdev != NULL)
219089Spjd		config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
219089Spjd
219089Spjd	spa->spa_last_ubsync_txg = spa->spa_uberblock.ub_txg;
219089Spjd	spa->spa_last_ubsync_txg_ts = spa->spa_uberblock.ub_timestamp;
219089Spjd
219089Spjd	if (rewind_flags & ZPOOL_NEVER_REWIND) {
219089Spjd		nvlist_free(config);
219089Spjd		return (load_error);
219089Spjd	}
219089Spjd
236884Smm	if (state == SPA_LOAD_RECOVER) {
236884Smm		/* Price of rolling back is discarding txgs, including log */
219089Spjd		spa_set_log_state(spa, SPA_LOG_CLEAR);
236884Smm	} else {
236884Smm		/*
236884Smm		 * If we aren't rolling back save the load info from our first
236884Smm		 * import attempt so that we can restore it after attempting
236884Smm		 * to rewind.
236884Smm		 */
236884Smm		loadinfo = spa->spa_load_info;
236884Smm		spa->spa_load_info = fnvlist_alloc();
236884Smm	}
219089Spjd
219089Spjd	spa->spa_load_max_txg = spa->spa_last_ubsync_txg;
219089Spjd	safe_rewind_txg = spa->spa_last_ubsync_txg - TXG_DEFER_SIZE;
219089Spjd	min_txg = (rewind_flags & ZPOOL_EXTREME_REWIND) ?
219089Spjd	    TXG_INITIAL : safe_rewind_txg;
219089Spjd
219089Spjd	/*
219089Spjd	 * Continue as long as we're finding errors, we're still within
219089Spjd	 * the acceptable rewind range, and we're still finding uberblocks
219089Spjd	 */
219089Spjd	while (rewind_error && spa->spa_uberblock.ub_txg >= min_txg &&
219089Spjd	    spa->spa_uberblock.ub_txg <= spa->spa_load_max_txg) {
219089Spjd		if (spa->spa_load_max_txg < safe_rewind_txg)
219089Spjd			spa->spa_extreme_rewind = B_TRUE;
332536Smav		rewind_error = spa_load_retry(spa, state);
219089Spjd	}
219089Spjd
219089Spjd	spa->spa_extreme_rewind = B_FALSE;
219089Spjd	spa->spa_load_max_txg = UINT64_MAX;
219089Spjd
219089Spjd	if (config && (rewind_error || state != SPA_LOAD_RECOVER))
219089Spjd		spa_config_set(spa, config);
325535Savg	else
325535Savg		nvlist_free(config);
219089Spjd
236884Smm	if (state == SPA_LOAD_RECOVER) {
236884Smm		ASSERT3P(loadinfo, ==, NULL);
236884Smm		return (rewind_error);
236884Smm	} else {
236884Smm		/* Store the rewind info as part of the initial load info */
236884Smm		fnvlist_add_nvlist(loadinfo, ZPOOL_CONFIG_REWIND_INFO,
236884Smm		    spa->spa_load_info);
236884Smm
236884Smm		/* Restore the initial load info */
236884Smm		fnvlist_free(spa->spa_load_info);
236884Smm		spa->spa_load_info = loadinfo;
236884Smm
236884Smm		return (load_error);
236884Smm	}
219089Spjd}
219089Spjd
168404Spjd/*
168404Spjd * Pool Open/Import
168404Spjd *
168404Spjd * The import case is identical to an open except that the configuration is sent
168404Spjd * down from userland, instead of grabbed from the configuration cache.  For the
168404Spjd * case of an open, the pool configuration will exist in the
185029Spjd * POOL_STATE_UNINITIALIZED state.
168404Spjd *
168404Spjd * The stats information (gen/count/ustats) is used to gather vdev statistics at
168404Spjd * the same time open the pool, without having to keep around the spa_t in some
168404Spjd * ambiguous state.
168404Spjd */
168404Spjdstatic int
219089Spjdspa_open_common(const char *pool, spa_t **spapp, void *tag, nvlist_t *nvpolicy,
219089Spjd    nvlist_t **config)
168404Spjd{
168404Spjd	spa_t *spa;
219089Spjd	spa_load_state_t state = SPA_LOAD_OPEN;
168404Spjd	int error;
168404Spjd	int locked = B_FALSE;
219089Spjd	int firstopen = B_FALSE;
168404Spjd
168404Spjd	*spapp = NULL;
168404Spjd
168404Spjd	/*
168404Spjd	 * As disgusting as this is, we need to support recursive calls to this
168404Spjd	 * function because dsl_dir_open() is called during spa_load(), and ends
168404Spjd	 * up calling spa_open() again.  The real fix is to figure out how to
168404Spjd	 * avoid dsl_dir_open() calling this in the first place.
168404Spjd	 */
168404Spjd	if (mutex_owner(&spa_namespace_lock) != curthread) {
168404Spjd		mutex_enter(&spa_namespace_lock);
168404Spjd		locked = B_TRUE;
168404Spjd	}
168404Spjd
168404Spjd	if ((spa = spa_lookup(pool)) == NULL) {
168404Spjd		if (locked)
168404Spjd			mutex_exit(&spa_namespace_lock);
249195Smm		return (SET_ERROR(ENOENT));
168404Spjd	}
219089Spjd
168404Spjd	if (spa->spa_state == POOL_STATE_UNINITIALIZED) {
332550Smav		zpool_load_policy_t policy;
168404Spjd
219089Spjd		firstopen = B_TRUE;
219089Spjd
332550Smav		zpool_get_load_policy(nvpolicy ? nvpolicy : spa->spa_config,
219089Spjd		    &policy);
332550Smav		if (policy.zlp_rewind & ZPOOL_DO_REWIND)
219089Spjd			state = SPA_LOAD_RECOVER;
219089Spjd
209962Smm		spa_activate(spa, spa_mode_global);
168404Spjd
219089Spjd		if (state != SPA_LOAD_RECOVER)
219089Spjd			spa->spa_last_ubsync_txg = spa->spa_load_txg = 0;
332536Smav		spa->spa_config_source = SPA_CONFIG_SRC_CACHEFILE;
168404Spjd
332530Smav		zfs_dbgmsg("spa_open_common: opening %s", pool);
332550Smav		error = spa_load_best(spa, state, policy.zlp_txg,
332550Smav		    policy.zlp_rewind);
219089Spjd
168404Spjd		if (error == EBADF) {
168404Spjd			/*
168404Spjd			 * If vdev_validate() returns failure (indicated by
168404Spjd			 * EBADF), it indicates that one of the vdevs indicates
168404Spjd			 * that the pool has been exported or destroyed.  If
168404Spjd			 * this is the case, the config cache is out of sync and
168404Spjd			 * we should remove the pool from the namespace.
168404Spjd			 */
168404Spjd			spa_unload(spa);
168404Spjd			spa_deactivate(spa);
332525Smav			spa_write_cachefile(spa, B_TRUE, B_TRUE);
168404Spjd			spa_remove(spa);
168404Spjd			if (locked)
168404Spjd				mutex_exit(&spa_namespace_lock);
249195Smm			return (SET_ERROR(ENOENT));
168404Spjd		}
168404Spjd
168404Spjd		if (error) {
168404Spjd			/*
168404Spjd			 * We can't open the pool, but we still have useful
168404Spjd			 * information: the state of each vdev after the
168404Spjd			 * attempted vdev_open().  Return this to the user.
168404Spjd			 */
219089Spjd			if (config != NULL && spa->spa_config) {
219089Spjd				VERIFY(nvlist_dup(spa->spa_config, config,
219089Spjd				    KM_SLEEP) == 0);
219089Spjd				VERIFY(nvlist_add_nvlist(*config,
219089Spjd				    ZPOOL_CONFIG_LOAD_INFO,
219089Spjd				    spa->spa_load_info) == 0);
219089Spjd			}
168404Spjd			spa_unload(spa);
168404Spjd			spa_deactivate(spa);
219089Spjd			spa->spa_last_open_failed = error;
168404Spjd			if (locked)
168404Spjd				mutex_exit(&spa_namespace_lock);
168404Spjd			*spapp = NULL;
168404Spjd			return (error);
168404Spjd		}
168404Spjd	}
168404Spjd
168404Spjd	spa_open_ref(spa, tag);
185029Spjd
219089Spjd	if (config != NULL)
219089Spjd		*config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
219089Spjd
219089Spjd	/*
219089Spjd	 * If we've recovered the pool, pass back any information we
219089Spjd	 * gathered while doing the load.
219089Spjd	 */
219089Spjd	if (state == SPA_LOAD_RECOVER) {
219089Spjd		VERIFY(nvlist_add_nvlist(*config, ZPOOL_CONFIG_LOAD_INFO,
219089Spjd		    spa->spa_load_info) == 0);
219089Spjd	}
219089Spjd
219089Spjd	if (locked) {
219089Spjd		spa->spa_last_open_failed = 0;
219089Spjd		spa->spa_last_ubsync_txg = 0;
219089Spjd		spa->spa_load_txg = 0;
168404Spjd		mutex_exit(&spa_namespace_lock);
219089Spjd#ifdef __FreeBSD__
219089Spjd#ifdef _KERNEL
219089Spjd		if (firstopen)
249047Savg			zvol_create_minors(spa->spa_name);
219089Spjd#endif
219089Spjd#endif
219089Spjd	}
168404Spjd
168404Spjd	*spapp = spa;
168404Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
168404Spjdint
219089Spjdspa_open_rewind(const char *name, spa_t **spapp, void *tag, nvlist_t *policy,
219089Spjd    nvlist_t **config)
219089Spjd{
219089Spjd	return (spa_open_common(name, spapp, tag, policy, config));
219089Spjd}
219089Spjd
219089Spjdint
168404Spjdspa_open(const char *name, spa_t **spapp, void *tag)
168404Spjd{
219089Spjd	return (spa_open_common(name, spapp, tag, NULL, NULL));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Lookup the given spa_t, incrementing the inject count in the process,
168404Spjd * preventing it from being exported or destroyed.
168404Spjd */
168404Spjdspa_t *
168404Spjdspa_inject_addref(char *name)
168404Spjd{
168404Spjd	spa_t *spa;
168404Spjd
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	if ((spa = spa_lookup(name)) == NULL) {
168404Spjd		mutex_exit(&spa_namespace_lock);
168404Spjd		return (NULL);
168404Spjd	}
168404Spjd	spa->spa_inject_ref++;
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd
168404Spjd	return (spa);
168404Spjd}
168404Spjd
168404Spjdvoid
168404Spjdspa_inject_delref(spa_t *spa)
168404Spjd{
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	spa->spa_inject_ref--;
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd}
168404Spjd
185029Spjd/*
185029Spjd * Add spares device information to the nvlist.
185029Spjd */
168404Spjdstatic void
168404Spjdspa_add_spares(spa_t *spa, nvlist_t *config)
168404Spjd{
168404Spjd	nvlist_t **spares;
168404Spjd	uint_t i, nspares;
168404Spjd	nvlist_t *nvroot;
168404Spjd	uint64_t guid;
168404Spjd	vdev_stat_t *vs;
168404Spjd	uint_t vsc;
168404Spjd	uint64_t pool;
168404Spjd
209962Smm	ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
209962Smm
185029Spjd	if (spa->spa_spares.sav_count == 0)
168404Spjd		return;
168404Spjd
168404Spjd	VERIFY(nvlist_lookup_nvlist(config,
168404Spjd	    ZPOOL_CONFIG_VDEV_TREE, &nvroot) == 0);
185029Spjd	VERIFY(nvlist_lookup_nvlist_array(spa->spa_spares.sav_config,
168404Spjd	    ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
168404Spjd	if (nspares != 0) {
168404Spjd		VERIFY(nvlist_add_nvlist_array(nvroot,
168404Spjd		    ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
168404Spjd		VERIFY(nvlist_lookup_nvlist_array(nvroot,
168404Spjd		    ZPOOL_CONFIG_SPARES, &spares, &nspares) == 0);
168404Spjd
168404Spjd		/*
168404Spjd		 * Go through and find any spares which have since been
168404Spjd		 * repurposed as an active spare.  If this is the case, update
168404Spjd		 * their status appropriately.
168404Spjd		 */
168404Spjd		for (i = 0; i < nspares; i++) {
168404Spjd			VERIFY(nvlist_lookup_uint64(spares[i],
168404Spjd			    ZPOOL_CONFIG_GUID, &guid) == 0);
185029Spjd			if (spa_spare_exists(guid, &pool, NULL) &&
185029Spjd			    pool != 0ULL) {
168404Spjd				VERIFY(nvlist_lookup_uint64_array(
219089Spjd				    spares[i], ZPOOL_CONFIG_VDEV_STATS,
168404Spjd				    (uint64_t **)&vs, &vsc) == 0);
168404Spjd				vs->vs_state = VDEV_STATE_CANT_OPEN;
168404Spjd				vs->vs_aux = VDEV_AUX_SPARED;
168404Spjd			}
168404Spjd		}
168404Spjd	}
168404Spjd}
168404Spjd
185029Spjd/*
185029Spjd * Add l2cache device information to the nvlist, including vdev stats.
185029Spjd */
185029Spjdstatic void
185029Spjdspa_add_l2cache(spa_t *spa, nvlist_t *config)
185029Spjd{
185029Spjd	nvlist_t **l2cache;
185029Spjd	uint_t i, j, nl2cache;
185029Spjd	nvlist_t *nvroot;
185029Spjd	uint64_t guid;
185029Spjd	vdev_t *vd;
185029Spjd	vdev_stat_t *vs;
185029Spjd	uint_t vsc;
185029Spjd
209962Smm	ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
209962Smm
185029Spjd	if (spa->spa_l2cache.sav_count == 0)
185029Spjd		return;
185029Spjd
185029Spjd	VERIFY(nvlist_lookup_nvlist(config,
185029Spjd	    ZPOOL_CONFIG_VDEV_TREE, &nvroot) == 0);
185029Spjd	VERIFY(nvlist_lookup_nvlist_array(spa->spa_l2cache.sav_config,
185029Spjd	    ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
185029Spjd	if (nl2cache != 0) {
185029Spjd		VERIFY(nvlist_add_nvlist_array(nvroot,
185029Spjd		    ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
185029Spjd		VERIFY(nvlist_lookup_nvlist_array(nvroot,
185029Spjd		    ZPOOL_CONFIG_L2CACHE, &l2cache, &nl2cache) == 0);
185029Spjd
185029Spjd		/*
185029Spjd		 * Update level 2 cache device stats.
185029Spjd		 */
185029Spjd
185029Spjd		for (i = 0; i < nl2cache; i++) {
185029Spjd			VERIFY(nvlist_lookup_uint64(l2cache[i],
185029Spjd			    ZPOOL_CONFIG_GUID, &guid) == 0);
185029Spjd
185029Spjd			vd = NULL;
185029Spjd			for (j = 0; j < spa->spa_l2cache.sav_count; j++) {
185029Spjd				if (guid ==
185029Spjd				    spa->spa_l2cache.sav_vdevs[j]->vdev_guid) {
185029Spjd					vd = spa->spa_l2cache.sav_vdevs[j];
185029Spjd					break;
185029Spjd				}
185029Spjd			}
185029Spjd			ASSERT(vd != NULL);
185029Spjd
185029Spjd			VERIFY(nvlist_lookup_uint64_array(l2cache[i],
219089Spjd			    ZPOOL_CONFIG_VDEV_STATS, (uint64_t **)&vs, &vsc)
219089Spjd			    == 0);
185029Spjd			vdev_get_stats(vd, vs);
185029Spjd		}
185029Spjd	}
185029Spjd}
185029Spjd
236884Smmstatic void
236884Smmspa_add_feature_stats(spa_t *spa, nvlist_t *config)
236884Smm{
236884Smm	nvlist_t *features;
236884Smm	zap_cursor_t zc;
236884Smm	zap_attribute_t za;
236884Smm
236884Smm	ASSERT(spa_config_held(spa, SCL_CONFIG, RW_READER));
236884Smm	VERIFY(nvlist_alloc(&features, NV_UNIQUE_NAME, KM_SLEEP) == 0);
236884Smm
253993Smav	/* We may be unable to read features if pool is suspended. */
253993Smav	if (spa_suspended(spa))
253993Smav		goto out;
253993Smav
236884Smm	if (spa->spa_feat_for_read_obj != 0) {
236884Smm		for (zap_cursor_init(&zc, spa->spa_meta_objset,
236884Smm		    spa->spa_feat_for_read_obj);
236884Smm		    zap_cursor_retrieve(&zc, &za) == 0;
236884Smm		    zap_cursor_advance(&zc)) {
236884Smm			ASSERT(za.za_integer_length == sizeof (uint64_t) &&
236884Smm			    za.za_num_integers == 1);
236884Smm			VERIFY3U(0, ==, nvlist_add_uint64(features, za.za_name,
236884Smm			    za.za_first_integer));
236884Smm		}
236884Smm		zap_cursor_fini(&zc);
236884Smm	}
236884Smm
236884Smm	if (spa->spa_feat_for_write_obj != 0) {
236884Smm		for (zap_cursor_init(&zc, spa->spa_meta_objset,
236884Smm		    spa->spa_feat_for_write_obj);
236884Smm		    zap_cursor_retrieve(&zc, &za) == 0;
236884Smm		    zap_cursor_advance(&zc)) {
236884Smm			ASSERT(za.za_integer_length == sizeof (uint64_t) &&
236884Smm			    za.za_num_integers == 1);
236884Smm			VERIFY3U(0, ==, nvlist_add_uint64(features, za.za_name,
236884Smm			    za.za_first_integer));
236884Smm		}
236884Smm		zap_cursor_fini(&zc);
236884Smm	}
236884Smm
253993Smavout:
236884Smm	VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_FEATURE_STATS,
236884Smm	    features) == 0);
236884Smm	nvlist_free(features);
236884Smm}
236884Smm
168404Spjdint
236884Smmspa_get_stats(const char *name, nvlist_t **config,
236884Smm    char *altroot, size_t buflen)
168404Spjd{
168404Spjd	int error;
168404Spjd	spa_t *spa;
168404Spjd
168404Spjd	*config = NULL;
219089Spjd	error = spa_open_common(name, &spa, FTAG, NULL, config);
168404Spjd
209962Smm	if (spa != NULL) {
209962Smm		/*
209962Smm		 * This still leaves a window of inconsistency where the spares
209962Smm		 * or l2cache devices could change and the config would be
209962Smm		 * self-inconsistent.
209962Smm		 */
209962Smm		spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
168404Spjd
209962Smm		if (*config != NULL) {
219089Spjd			uint64_t loadtimes[2];
219089Spjd
219089Spjd			loadtimes[0] = spa->spa_loaded_ts.tv_sec;
219089Spjd			loadtimes[1] = spa->spa_loaded_ts.tv_nsec;
219089Spjd			VERIFY(nvlist_add_uint64_array(*config,
219089Spjd			    ZPOOL_CONFIG_LOADED_TIME, loadtimes, 2) == 0);
219089Spjd
185029Spjd			VERIFY(nvlist_add_uint64(*config,
209962Smm			    ZPOOL_CONFIG_ERRCOUNT,
209962Smm			    spa_get_errlog_size(spa)) == 0);
185029Spjd
209962Smm			if (spa_suspended(spa))
209962Smm				VERIFY(nvlist_add_uint64(*config,
209962Smm				    ZPOOL_CONFIG_SUSPENDED,
209962Smm				    spa->spa_failmode) == 0);
209962Smm
209962Smm			spa_add_spares(spa, *config);
209962Smm			spa_add_l2cache(spa, *config);
236884Smm			spa_add_feature_stats(spa, *config);
209962Smm		}
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * We want to get the alternate root even for faulted pools, so we cheat
168404Spjd	 * and call spa_lookup() directly.
168404Spjd	 */
168404Spjd	if (altroot) {
168404Spjd		if (spa == NULL) {
168404Spjd			mutex_enter(&spa_namespace_lock);
168404Spjd			spa = spa_lookup(name);
168404Spjd			if (spa)
168404Spjd				spa_altroot(spa, altroot, buflen);
168404Spjd			else
168404Spjd				altroot[0] = '\0';
168404Spjd			spa = NULL;
168404Spjd			mutex_exit(&spa_namespace_lock);
168404Spjd		} else {
168404Spjd			spa_altroot(spa, altroot, buflen);
168404Spjd		}
168404Spjd	}
168404Spjd
209962Smm	if (spa != NULL) {
209962Smm		spa_config_exit(spa, SCL_CONFIG, FTAG);
168404Spjd		spa_close(spa, FTAG);
209962Smm	}
168404Spjd
168404Spjd	return (error);
168404Spjd}
168404Spjd
168404Spjd/*
185029Spjd * Validate that the auxiliary device array is well formed.  We must have an
185029Spjd * array of nvlists, each which describes a valid leaf vdev.  If this is an
185029Spjd * import (mode is VDEV_ALLOC_SPARE), then we allow corrupted spares to be
185029Spjd * specified, as long as they are well-formed.
168404Spjd */
168404Spjdstatic int
185029Spjdspa_validate_aux_devs(spa_t *spa, nvlist_t *nvroot, uint64_t crtxg, int mode,
185029Spjd    spa_aux_vdev_t *sav, const char *config, uint64_t version,
185029Spjd    vdev_labeltype_t label)
168404Spjd{
185029Spjd	nvlist_t **dev;
185029Spjd	uint_t i, ndev;
168404Spjd	vdev_t *vd;
168404Spjd	int error;
168404Spjd
185029Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
185029Spjd
168404Spjd	/*
185029Spjd	 * It's acceptable to have no devs specified.
168404Spjd	 */
185029Spjd	if (nvlist_lookup_nvlist_array(nvroot, config, &dev, &ndev) != 0)
168404Spjd		return (0);
168404Spjd
185029Spjd	if (ndev == 0)
249195Smm		return (SET_ERROR(EINVAL));
168404Spjd
168404Spjd	/*
185029Spjd	 * Make sure the pool is formatted with a version that supports this
185029Spjd	 * device type.
168404Spjd	 */
185029Spjd	if (spa_version(spa) < version)
249195Smm		return (SET_ERROR(ENOTSUP));
168404Spjd
168404Spjd	/*
185029Spjd	 * Set the pending device list so we correctly handle device in-use
168404Spjd	 * checking.
168404Spjd	 */
185029Spjd	sav->sav_pending = dev;
185029Spjd	sav->sav_npending = ndev;
168404Spjd
185029Spjd	for (i = 0; i < ndev; i++) {
185029Spjd		if ((error = spa_config_parse(spa, &vd, dev[i], NULL, 0,
168404Spjd		    mode)) != 0)
168404Spjd			goto out;
168404Spjd
168404Spjd		if (!vd->vdev_ops->vdev_op_leaf) {
168404Spjd			vdev_free(vd);
249195Smm			error = SET_ERROR(EINVAL);
168404Spjd			goto out;
168404Spjd		}
168404Spjd
185029Spjd		/*
185029Spjd		 * The L2ARC currently only supports disk devices in
185029Spjd		 * kernel context.  For user-level testing, we allow it.
185029Spjd		 */
185029Spjd#ifdef _KERNEL
185029Spjd		if ((strcmp(config, ZPOOL_CONFIG_L2CACHE) == 0) &&
185029Spjd		    strcmp(vd->vdev_ops->vdev_op_type, VDEV_TYPE_DISK) != 0) {
249195Smm			error = SET_ERROR(ENOTBLK);
230514Smm			vdev_free(vd);
185029Spjd			goto out;
185029Spjd		}
185029Spjd#endif
168404Spjd		vd->vdev_top = vd;
168404Spjd
168404Spjd		if ((error = vdev_open(vd)) == 0 &&
185029Spjd		    (error = vdev_label_init(vd, crtxg, label)) == 0) {
185029Spjd			VERIFY(nvlist_add_uint64(dev[i], ZPOOL_CONFIG_GUID,
168404Spjd			    vd->vdev_guid) == 0);
168404Spjd		}
168404Spjd
168404Spjd		vdev_free(vd);
168404Spjd
185029Spjd		if (error &&
185029Spjd		    (mode != VDEV_ALLOC_SPARE && mode != VDEV_ALLOC_L2CACHE))
168404Spjd			goto out;
168404Spjd		else
168404Spjd			error = 0;
168404Spjd	}
168404Spjd
168404Spjdout:
185029Spjd	sav->sav_pending = NULL;
185029Spjd	sav->sav_npending = 0;
168404Spjd	return (error);
168404Spjd}
168404Spjd
185029Spjdstatic int
185029Spjdspa_validate_aux(spa_t *spa, nvlist_t *nvroot, uint64_t crtxg, int mode)
185029Spjd{
185029Spjd	int error;
185029Spjd
185029Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == SCL_ALL);
185029Spjd
185029Spjd	if ((error = spa_validate_aux_devs(spa, nvroot, crtxg, mode,
185029Spjd	    &spa->spa_spares, ZPOOL_CONFIG_SPARES, SPA_VERSION_SPARES,
185029Spjd	    VDEV_LABEL_SPARE)) != 0) {
185029Spjd		return (error);
185029Spjd	}
185029Spjd
185029Spjd	return (spa_validate_aux_devs(spa, nvroot, crtxg, mode,
185029Spjd	    &spa->spa_l2cache, ZPOOL_CONFIG_L2CACHE, SPA_VERSION_L2CACHE,
185029Spjd	    VDEV_LABEL_L2CACHE));
185029Spjd}
185029Spjd
185029Spjdstatic void
185029Spjdspa_set_aux_vdevs(spa_aux_vdev_t *sav, nvlist_t **devs, int ndevs,
185029Spjd    const char *config)
185029Spjd{
185029Spjd	int i;
185029Spjd
185029Spjd	if (sav->sav_config != NULL) {
185029Spjd		nvlist_t **olddevs;
185029Spjd		uint_t oldndevs;
185029Spjd		nvlist_t **newdevs;
185029Spjd
185029Spjd		/*
185029Spjd		 * Generate new dev list by concatentating with the
185029Spjd		 * current dev list.
185029Spjd		 */
185029Spjd		VERIFY(nvlist_lookup_nvlist_array(sav->sav_config, config,
185029Spjd		    &olddevs, &oldndevs) == 0);
185029Spjd
185029Spjd		newdevs = kmem_alloc(sizeof (void *) *
185029Spjd		    (ndevs + oldndevs), KM_SLEEP);
185029Spjd		for (i = 0; i < oldndevs; i++)
185029Spjd			VERIFY(nvlist_dup(olddevs[i], &newdevs[i],
185029Spjd			    KM_SLEEP) == 0);
185029Spjd		for (i = 0; i < ndevs; i++)
185029Spjd			VERIFY(nvlist_dup(devs[i], &newdevs[i + oldndevs],
185029Spjd			    KM_SLEEP) == 0);
185029Spjd
185029Spjd		VERIFY(nvlist_remove(sav->sav_config, config,
185029Spjd		    DATA_TYPE_NVLIST_ARRAY) == 0);
185029Spjd
185029Spjd		VERIFY(nvlist_add_nvlist_array(sav->sav_config,
185029Spjd		    config, newdevs, ndevs + oldndevs) == 0);
185029Spjd		for (i = 0; i < oldndevs + ndevs; i++)
185029Spjd			nvlist_free(newdevs[i]);
185029Spjd		kmem_free(newdevs, (oldndevs + ndevs) * sizeof (void *));
185029Spjd	} else {
185029Spjd		/*
185029Spjd		 * Generate a new dev list.
185029Spjd		 */
185029Spjd		VERIFY(nvlist_alloc(&sav->sav_config, NV_UNIQUE_NAME,
185029Spjd		    KM_SLEEP) == 0);
185029Spjd		VERIFY(nvlist_add_nvlist_array(sav->sav_config, config,
185029Spjd		    devs, ndevs) == 0);
185029Spjd	}
185029Spjd}
185029Spjd
168404Spjd/*
185029Spjd * Stop and drop level 2 ARC devices
185029Spjd */
185029Spjdvoid
185029Spjdspa_l2cache_drop(spa_t *spa)
185029Spjd{
185029Spjd	vdev_t *vd;
185029Spjd	int i;
185029Spjd	spa_aux_vdev_t *sav = &spa->spa_l2cache;
185029Spjd
185029Spjd	for (i = 0; i < sav->sav_count; i++) {
185029Spjd		uint64_t pool;
185029Spjd
185029Spjd		vd = sav->sav_vdevs[i];
185029Spjd		ASSERT(vd != NULL);
185029Spjd
209962Smm		if (spa_l2cache_exists(vd->vdev_guid, &pool) &&
209962Smm		    pool != 0ULL && l2arc_vdev_present(vd))
185029Spjd			l2arc_remove_vdev(vd);
185029Spjd	}
185029Spjd}
185029Spjd
185029Spjd/*
168404Spjd * Pool Creation
168404Spjd */
168404Spjdint
185029Spjdspa_create(const char *pool, nvlist_t *nvroot, nvlist_t *props,
248571Smm    nvlist_t *zplprops)
168404Spjd{
168404Spjd	spa_t *spa;
185029Spjd	char *altroot = NULL;
168404Spjd	vdev_t *rvd;
168404Spjd	dsl_pool_t *dp;
168404Spjd	dmu_tx_t *tx;
219089Spjd	int error = 0;
168404Spjd	uint64_t txg = TXG_INITIAL;
185029Spjd	nvlist_t **spares, **l2cache;
185029Spjd	uint_t nspares, nl2cache;
219089Spjd	uint64_t version, obj;
236884Smm	boolean_t has_features;
333194Savg	char *poolname;
333194Savg	nvlist_t *nvl;
168404Spjd
333194Savg	if (nvlist_lookup_string(props,
333194Savg	    zpool_prop_to_name(ZPOOL_PROP_TNAME), &poolname) != 0)
333194Savg		poolname = (char *)pool;
333194Savg
168404Spjd	/*
168404Spjd	 * If this pool already exists, return failure.
168404Spjd	 */
168404Spjd	mutex_enter(&spa_namespace_lock);
333194Savg	if (spa_lookup(poolname) != NULL) {
168404Spjd		mutex_exit(&spa_namespace_lock);
249195Smm		return (SET_ERROR(EEXIST));
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Allocate a new spa_t structure.
168404Spjd	 */
333194Savg	nvl = fnvlist_alloc();
333194Savg	fnvlist_add_string(nvl, ZPOOL_CONFIG_POOL_NAME, pool);
185029Spjd	(void) nvlist_lookup_string(props,
185029Spjd	    zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
333194Savg	spa = spa_add(poolname, nvl, altroot);
333194Savg	fnvlist_free(nvl);
209962Smm	spa_activate(spa, spa_mode_global);
168404Spjd
185029Spjd	if (props && (error = spa_prop_validate(spa, props))) {
185029Spjd		spa_deactivate(spa);
185029Spjd		spa_remove(spa);
185029Spjd		mutex_exit(&spa_namespace_lock);
185029Spjd		return (error);
185029Spjd	}
185029Spjd
333194Savg	/*
333194Savg	 * Temporary pool names should never be written to disk.
333194Savg	 */
333194Savg	if (poolname != pool)
333194Savg		spa->spa_import_flags |= ZFS_IMPORT_TEMP_NAME;
333194Savg
236884Smm	has_features = B_FALSE;
236884Smm	for (nvpair_t *elem = nvlist_next_nvpair(props, NULL);
236884Smm	    elem != NULL; elem = nvlist_next_nvpair(props, elem)) {
236884Smm		if (zpool_prop_feature(nvpair_name(elem)))
236884Smm			has_features = B_TRUE;
236884Smm	}
236884Smm
236884Smm	if (has_features || nvlist_lookup_uint64(props,
236884Smm	    zpool_prop_to_name(ZPOOL_PROP_VERSION), &version) != 0) {
185029Spjd		version = SPA_VERSION;
236884Smm	}
236884Smm	ASSERT(SPA_VERSION_IS_SUPPORTED(version));
219089Spjd
219089Spjd	spa->spa_first_txg = txg;
219089Spjd	spa->spa_uberblock.ub_txg = txg - 1;
185029Spjd	spa->spa_uberblock.ub_version = version;
168404Spjd	spa->spa_ubsync = spa->spa_uberblock;
307277Smav	spa->spa_load_state = SPA_LOAD_CREATE;
332525Smav	spa->spa_removing_phys.sr_state = DSS_NONE;
332525Smav	spa->spa_removing_phys.sr_removing_vdev = -1;
332525Smav	spa->spa_removing_phys.sr_prev_indirect_vdev = -1;
338403Smav	spa->spa_indirect_vdevs_loaded = B_TRUE;
168404Spjd
168404Spjd	/*
209962Smm	 * Create "The Godfather" zio to hold all async IOs
209962Smm	 */
272598Sdelphij	spa->spa_async_zio_root = kmem_alloc(max_ncpus * sizeof (void *),
272598Sdelphij	    KM_SLEEP);
272598Sdelphij	for (int i = 0; i < max_ncpus; i++) {
272598Sdelphij		spa->spa_async_zio_root[i] = zio_root(spa, NULL, NULL,
272598Sdelphij		    ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE |
272598Sdelphij		    ZIO_FLAG_GODFATHER);
272598Sdelphij	}
209962Smm
209962Smm	/*
168404Spjd	 * Create the root vdev.
168404Spjd	 */
185029Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd
168404Spjd	error = spa_config_parse(spa, &rvd, nvroot, NULL, 0, VDEV_ALLOC_ADD);
168404Spjd
168404Spjd	ASSERT(error != 0 || rvd != NULL);
168404Spjd	ASSERT(error != 0 || spa->spa_root_vdev == rvd);
168404Spjd
185029Spjd	if (error == 0 && !zfs_allocatable_devs(nvroot))
249195Smm		error = SET_ERROR(EINVAL);
168404Spjd
168404Spjd	if (error == 0 &&
168404Spjd	    (error = vdev_create(rvd, txg, B_FALSE)) == 0 &&
185029Spjd	    (error = spa_validate_aux(spa, nvroot, txg,
168404Spjd	    VDEV_ALLOC_ADD)) == 0) {
219089Spjd		for (int c = 0; c < rvd->vdev_children; c++) {
254591Sgibbs			vdev_ashift_optimize(rvd->vdev_child[c]);
219089Spjd			vdev_metaslab_set_size(rvd->vdev_child[c]);
219089Spjd			vdev_expand(rvd->vdev_child[c], txg);
219089Spjd		}
168404Spjd	}
168404Spjd
185029Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd
168404Spjd	if (error != 0) {
168404Spjd		spa_unload(spa);
168404Spjd		spa_deactivate(spa);
168404Spjd		spa_remove(spa);
168404Spjd		mutex_exit(&spa_namespace_lock);
168404Spjd		return (error);
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Get the list of spares, if specified.
168404Spjd	 */
168404Spjd	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES,
168404Spjd	    &spares, &nspares) == 0) {
185029Spjd		VERIFY(nvlist_alloc(&spa->spa_spares.sav_config, NV_UNIQUE_NAME,
168404Spjd		    KM_SLEEP) == 0);
185029Spjd		VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
168404Spjd		    ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
185029Spjd		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd		spa_load_spares(spa);
185029Spjd		spa_config_exit(spa, SCL_ALL, FTAG);
185029Spjd		spa->spa_spares.sav_sync = B_TRUE;
168404Spjd	}
168404Spjd
185029Spjd	/*
185029Spjd	 * Get the list of level 2 cache devices, if specified.
185029Spjd	 */
185029Spjd	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE,
185029Spjd	    &l2cache, &nl2cache) == 0) {
185029Spjd		VERIFY(nvlist_alloc(&spa->spa_l2cache.sav_config,
185029Spjd		    NV_UNIQUE_NAME, KM_SLEEP) == 0);
185029Spjd		VERIFY(nvlist_add_nvlist_array(spa->spa_l2cache.sav_config,
185029Spjd		    ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
185029Spjd		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
185029Spjd		spa_load_l2cache(spa);
185029Spjd		spa_config_exit(spa, SCL_ALL, FTAG);
185029Spjd		spa->spa_l2cache.sav_sync = B_TRUE;
185029Spjd	}
185029Spjd
236884Smm	spa->spa_is_initializing = B_TRUE;
185029Spjd	spa->spa_dsl_pool = dp = dsl_pool_create(spa, zplprops, txg);
168404Spjd	spa->spa_meta_objset = dp->dp_meta_objset;
236884Smm	spa->spa_is_initializing = B_FALSE;
168404Spjd
219089Spjd	/*
219089Spjd	 * Create DDTs (dedup tables).
219089Spjd	 */
219089Spjd	ddt_create(spa);
219089Spjd
219089Spjd	spa_update_dspace(spa);
219089Spjd
168404Spjd	tx = dmu_tx_create_assigned(dp, txg);
168404Spjd
168404Spjd	/*
168404Spjd	 * Create the pool config object.
168404Spjd	 */
168404Spjd	spa->spa_config_object = dmu_object_alloc(spa->spa_meta_objset,
185029Spjd	    DMU_OT_PACKED_NVLIST, SPA_CONFIG_BLOCKSIZE,
168404Spjd	    DMU_OT_PACKED_NVLIST_SIZE, sizeof (uint64_t), tx);
168404Spjd
168404Spjd	if (zap_add(spa->spa_meta_objset,
168404Spjd	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CONFIG,
168404Spjd	    sizeof (uint64_t), 1, &spa->spa_config_object, tx) != 0) {
168404Spjd		cmn_err(CE_PANIC, "failed to add pool config");
168404Spjd	}
168404Spjd
236884Smm	if (spa_version(spa) >= SPA_VERSION_FEATURES)
236884Smm		spa_feature_create_zap_objects(spa, tx);
236884Smm
219089Spjd	if (zap_add(spa->spa_meta_objset,
219089Spjd	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CREATION_VERSION,
219089Spjd	    sizeof (uint64_t), 1, &version, tx) != 0) {
219089Spjd		cmn_err(CE_PANIC, "failed to add pool version");
219089Spjd	}
219089Spjd
185029Spjd	/* Newly created pools with the right version are always deflated. */
185029Spjd	if (version >= SPA_VERSION_RAIDZ_DEFLATE) {
185029Spjd		spa->spa_deflate = TRUE;
185029Spjd		if (zap_add(spa->spa_meta_objset,
185029Spjd		    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_DEFLATE,
185029Spjd		    sizeof (uint64_t), 1, &spa->spa_deflate, tx) != 0) {
185029Spjd			cmn_err(CE_PANIC, "failed to add deflate");
185029Spjd		}
168404Spjd	}
168404Spjd
168404Spjd	/*
219089Spjd	 * Create the deferred-free bpobj.  Turn off compression
168404Spjd	 * because sync-to-convergence takes longer if the blocksize
168404Spjd	 * keeps changing.
168404Spjd	 */
219089Spjd	obj = bpobj_alloc(spa->spa_meta_objset, 1 << 14, tx);
219089Spjd	dmu_object_set_compress(spa->spa_meta_objset, obj,
168404Spjd	    ZIO_COMPRESS_OFF, tx);
168404Spjd	if (zap_add(spa->spa_meta_objset,
219089Spjd	    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_SYNC_BPOBJ,
219089Spjd	    sizeof (uint64_t), 1, &obj, tx) != 0) {
219089Spjd		cmn_err(CE_PANIC, "failed to add bpobj");
168404Spjd	}
219089Spjd	VERIFY3U(0, ==, bpobj_open(&spa->spa_deferred_bpobj,
219089Spjd	    spa->spa_meta_objset, obj));
168404Spjd
168404Spjd	/*
168404Spjd	 * Create the pool's history object.
168404Spjd	 */
185029Spjd	if (version >= SPA_VERSION_ZPOOL_HISTORY)
185029Spjd		spa_history_create_obj(spa, tx);
168404Spjd
185029Spjd	/*
289422Smav	 * Generate some random noise for salted checksums to operate on.
289422Smav	 */
289422Smav	(void) random_get_pseudo_bytes(spa->spa_cksum_salt.zcs_bytes,
289422Smav	    sizeof (spa->spa_cksum_salt.zcs_bytes));
289422Smav
289422Smav	/*
185029Spjd	 * Set pool properties.
185029Spjd	 */
185029Spjd	spa->spa_bootfs = zpool_prop_default_numeric(ZPOOL_PROP_BOOTFS);
185029Spjd	spa->spa_delegation = zpool_prop_default_numeric(ZPOOL_PROP_DELEGATION);
185029Spjd	spa->spa_failmode = zpool_prop_default_numeric(ZPOOL_PROP_FAILUREMODE);
219089Spjd	spa->spa_autoexpand = zpool_prop_default_numeric(ZPOOL_PROP_AUTOEXPAND);
219089Spjd
209962Smm	if (props != NULL) {
209962Smm		spa_configfile_set(spa, props, B_FALSE);
248571Smm		spa_sync_props(props, tx);
209962Smm	}
185029Spjd
168404Spjd	dmu_tx_commit(tx);
168404Spjd
168404Spjd	spa->spa_sync_on = B_TRUE;
168404Spjd	txg_sync_start(spa->spa_dsl_pool);
168404Spjd
168404Spjd	/*
168404Spjd	 * We explicitly wait for the first transaction to complete so that our
168404Spjd	 * bean counters are appropriately updated.
168404Spjd	 */
168404Spjd	txg_wait_synced(spa->spa_dsl_pool, txg);
168404Spjd
332537Smav	spa_spawn_aux_threads(spa);
332537Smav
332525Smav	spa_write_cachefile(spa, B_FALSE, B_TRUE);
331397Smav	spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_CREATE);
168404Spjd
248571Smm	spa_history_log_version(spa, "create");
185029Spjd
286575Smav	/*
286575Smav	 * Don't count references from objsets that are already closed
286575Smav	 * and are making their way through the eviction process.
286575Smav	 */
286575Smav	spa_evicting_os_wait(spa);
208442Smm	spa->spa_minref = refcount_count(&spa->spa_refcount);
307277Smav	spa->spa_load_state = SPA_LOAD_NONE;
208442Smm
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
241286Savg#ifdef _KERNEL
277300Ssmh#ifdef illumos
185029Spjd/*
219089Spjd * Get the root pool information from the root disk, then import the root pool
219089Spjd * during the system boot up time.
185029Spjd */
219089Spjdextern int vdev_disk_read_rootlabel(char *, char *, nvlist_t **);
219089Spjd
219089Spjdstatic nvlist_t *
219089Spjdspa_generate_rootconf(char *devpath, char *devid, uint64_t *guid)
185029Spjd{
219089Spjd	nvlist_t *config;
185029Spjd	nvlist_t *nvtop, *nvroot;
185029Spjd	uint64_t pgid;
185029Spjd
219089Spjd	if (vdev_disk_read_rootlabel(devpath, devid, &config) != 0)
219089Spjd		return (NULL);
219089Spjd
168404Spjd	/*
185029Spjd	 * Add this top-level vdev to the child array.
168404Spjd	 */
219089Spjd	VERIFY(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
219089Spjd	    &nvtop) == 0);
219089Spjd	VERIFY(nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID,
219089Spjd	    &pgid) == 0);
219089Spjd	VERIFY(nvlist_lookup_uint64(config, ZPOOL_CONFIG_GUID, guid) == 0);
168404Spjd
185029Spjd	/*
185029Spjd	 * Put this pool's top-level vdevs into a root vdev.
185029Spjd	 */
185029Spjd	VERIFY(nvlist_alloc(&nvroot, NV_UNIQUE_NAME, KM_SLEEP) == 0);
219089Spjd	VERIFY(nvlist_add_string(nvroot, ZPOOL_CONFIG_TYPE,
219089Spjd	    VDEV_TYPE_ROOT) == 0);
185029Spjd	VERIFY(nvlist_add_uint64(nvroot, ZPOOL_CONFIG_ID, 0ULL) == 0);
185029Spjd	VERIFY(nvlist_add_uint64(nvroot, ZPOOL_CONFIG_GUID, pgid) == 0);
185029Spjd	VERIFY(nvlist_add_nvlist_array(nvroot, ZPOOL_CONFIG_CHILDREN,
185029Spjd	    &nvtop, 1) == 0);
168404Spjd
168404Spjd	/*
185029Spjd	 * Replace the existing vdev_tree with the new root vdev in
185029Spjd	 * this pool's configuration (remove the old, add the new).
168404Spjd	 */
185029Spjd	VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, nvroot) == 0);
185029Spjd	nvlist_free(nvroot);
219089Spjd	return (config);
185029Spjd}
168404Spjd
185029Spjd/*
219089Spjd * Walk the vdev tree and see if we can find a device with "better"
219089Spjd * configuration. A configuration is "better" if the label on that
219089Spjd * device has a more recent txg.
185029Spjd */
219089Spjdstatic void
219089Spjdspa_alt_rootvdev(vdev_t *vd, vdev_t **avd, uint64_t *txg)
185029Spjd{
219089Spjd	for (int c = 0; c < vd->vdev_children; c++)
219089Spjd		spa_alt_rootvdev(vd->vdev_child[c], avd, txg);
185029Spjd
219089Spjd	if (vd->vdev_ops->vdev_op_leaf) {
219089Spjd		nvlist_t *label;
219089Spjd		uint64_t label_txg;
185029Spjd
219089Spjd		if (vdev_disk_read_rootlabel(vd->vdev_physpath, vd->vdev_devid,
219089Spjd		    &label) != 0)
219089Spjd			return;
185029Spjd
219089Spjd		VERIFY(nvlist_lookup_uint64(label, ZPOOL_CONFIG_POOL_TXG,
219089Spjd		    &label_txg) == 0);
168404Spjd
219089Spjd		/*
219089Spjd		 * Do we have a better boot device?
219089Spjd		 */
219089Spjd		if (label_txg > *txg) {
219089Spjd			*txg = label_txg;
219089Spjd			*avd = vd;
185029Spjd		}
219089Spjd		nvlist_free(label);
185029Spjd	}
185029Spjd}
185029Spjd
185029Spjd/*
185029Spjd * Import a root pool.
185029Spjd *
185029Spjd * For x86. devpath_list will consist of devid and/or physpath name of
185029Spjd * the vdev (e.g. "id1,sd@SSEAGATE..." or "/pci@1f,0/ide@d/disk@0,0:a").
185029Spjd * The GRUB "findroot" command will return the vdev we should boot.
185029Spjd *
185029Spjd * For Sparc, devpath_list consists the physpath name of the booting device
185029Spjd * no matter the rootpool is a single device pool or a mirrored pool.
185029Spjd * e.g.
185029Spjd *	"/pci@1f,0/ide@d/disk@0,0:a"
185029Spjd */
185029Spjdint
185029Spjdspa_import_rootpool(char *devpath, char *devid)
185029Spjd{
219089Spjd	spa_t *spa;
219089Spjd	vdev_t *rvd, *bvd, *avd = NULL;
219089Spjd	nvlist_t *config, *nvtop;
219089Spjd	uint64_t guid, txg;
185029Spjd	char *pname;
185029Spjd	int error;
185029Spjd
185029Spjd	/*
219089Spjd	 * Read the label from the boot device and generate a configuration.
185029Spjd	 */
219089Spjd	config = spa_generate_rootconf(devpath, devid, &guid);
219089Spjd#if defined(_OBP) && defined(_KERNEL)
219089Spjd	if (config == NULL) {
219089Spjd		if (strstr(devpath, "/iscsi/ssd") != NULL) {
219089Spjd			/* iscsi boot */
219089Spjd			get_iscsi_bootpath_phy(devpath);
219089Spjd			config = spa_generate_rootconf(devpath, devid, &guid);
219089Spjd		}
219089Spjd	}
219089Spjd#endif
219089Spjd	if (config == NULL) {
236884Smm		cmn_err(CE_NOTE, "Cannot read the pool label from '%s'",
219089Spjd		    devpath);
249195Smm		return (SET_ERROR(EIO));
219089Spjd	}
185029Spjd
219089Spjd	VERIFY(nvlist_lookup_string(config, ZPOOL_CONFIG_POOL_NAME,
219089Spjd	    &pname) == 0);
219089Spjd	VERIFY(nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_TXG, &txg) == 0);
185029Spjd
209962Smm	mutex_enter(&spa_namespace_lock);
209962Smm	if ((spa = spa_lookup(pname)) != NULL) {
209962Smm		/*
209962Smm		 * Remove the existing root pool from the namespace so that we
209962Smm		 * can replace it with the correct config we just read in.
209962Smm		 */
209962Smm		spa_remove(spa);
209962Smm	}
185029Spjd
219089Spjd	spa = spa_add(pname, config, NULL);
209962Smm	spa->spa_is_root = B_TRUE;
219089Spjd	spa->spa_import_flags = ZFS_IMPORT_VERBATIM;
331721Smav	if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_VERSION,
331721Smav	    &spa->spa_ubsync.ub_version) != 0)
331721Smav		spa->spa_ubsync.ub_version = SPA_VERSION_INITIAL;
209962Smm
219089Spjd	/*
219089Spjd	 * Build up a vdev tree based on the boot device's label config.
219089Spjd	 */
219089Spjd	VERIFY(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
219089Spjd	    &nvtop) == 0);
219089Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
219089Spjd	error = spa_config_parse(spa, &rvd, nvtop, NULL, 0,
219089Spjd	    VDEV_ALLOC_ROOTPOOL);
219089Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
219089Spjd	if (error) {
209962Smm		mutex_exit(&spa_namespace_lock);
219089Spjd		nvlist_free(config);
219089Spjd		cmn_err(CE_NOTE, "Can not parse the config for pool '%s'",
219089Spjd		    pname);
219089Spjd		return (error);
209962Smm	}
209962Smm
219089Spjd	/*
219089Spjd	 * Get the boot vdev.
219089Spjd	 */
219089Spjd	if ((bvd = vdev_lookup_by_guid(rvd, guid)) == NULL) {
219089Spjd		cmn_err(CE_NOTE, "Can not find the boot vdev for guid %llu",
219089Spjd		    (u_longlong_t)guid);
249195Smm		error = SET_ERROR(ENOENT);
219089Spjd		goto out;
219089Spjd	}
209962Smm
219089Spjd	/*
219089Spjd	 * Determine if there is a better boot device.
219089Spjd	 */
219089Spjd	avd = bvd;
219089Spjd	spa_alt_rootvdev(rvd, &avd, &txg);
219089Spjd	if (avd != bvd) {
219089Spjd		cmn_err(CE_NOTE, "The boot device is 'degraded'. Please "
219089Spjd		    "try booting from '%s'", avd->vdev_path);
249195Smm		error = SET_ERROR(EINVAL);
219089Spjd		goto out;
219089Spjd	}
209962Smm
219089Spjd	/*
219089Spjd	 * If the boot device is part of a spare vdev then ensure that
219089Spjd	 * we're booting off the active spare.
219089Spjd	 */
219089Spjd	if (bvd->vdev_parent->vdev_ops == &vdev_spare_ops &&
219089Spjd	    !bvd->vdev_isspare) {
219089Spjd		cmn_err(CE_NOTE, "The boot device is currently spared. Please "
219089Spjd		    "try booting from '%s'",
219089Spjd		    bvd->vdev_parent->
219089Spjd		    vdev_child[bvd->vdev_parent->vdev_children - 1]->vdev_path);
249195Smm		error = SET_ERROR(EINVAL);
219089Spjd		goto out;
219089Spjd	}
209962Smm
219089Spjd	error = 0;
219089Spjdout:
219089Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
219089Spjd	vdev_free(rvd);
219089Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
209962Smm	mutex_exit(&spa_namespace_lock);
209962Smm
219089Spjd	nvlist_free(config);
219089Spjd	return (error);
185029Spjd}
185029Spjd
277300Ssmh#else	/* !illumos */
241286Savg
243502Savgextern int vdev_geom_read_pool_label(const char *name, nvlist_t ***configs,
243502Savg    uint64_t *count);
241286Savg
241286Savgstatic nvlist_t *
241286Savgspa_generate_rootconf(const char *name)
241286Savg{
243502Savg	nvlist_t **configs, **tops;
241286Savg	nvlist_t *config;
243502Savg	nvlist_t *best_cfg, *nvtop, *nvroot;
243502Savg	uint64_t *holes;
243502Savg	uint64_t best_txg;
243213Savg	uint64_t nchildren;
241286Savg	uint64_t pgid;
243502Savg	uint64_t count;
243502Savg	uint64_t i;
243502Savg	uint_t   nholes;
241286Savg
243502Savg	if (vdev_geom_read_pool_label(name, &configs, &count) != 0)
241286Savg		return (NULL);
241286Savg
243502Savg	ASSERT3U(count, !=, 0);
243502Savg	best_txg = 0;
243502Savg	for (i = 0; i < count; i++) {
243502Savg		uint64_t txg;
243502Savg
243502Savg		VERIFY(nvlist_lookup_uint64(configs[i], ZPOOL_CONFIG_POOL_TXG,
243502Savg		    &txg) == 0);
243502Savg		if (txg > best_txg) {
243502Savg			best_txg = txg;
243502Savg			best_cfg = configs[i];
243502Savg		}
243502Savg	}
243502Savg
245945Savg	nchildren = 1;
245945Savg	nvlist_lookup_uint64(best_cfg, ZPOOL_CONFIG_VDEV_CHILDREN, &nchildren);
243502Savg	holes = NULL;
243502Savg	nvlist_lookup_uint64_array(best_cfg, ZPOOL_CONFIG_HOLE_ARRAY,
243502Savg	    &holes, &nholes);
243502Savg
244635Savg	tops = kmem_zalloc(nchildren * sizeof(void *), KM_SLEEP);
243502Savg	for (i = 0; i < nchildren; i++) {
243502Savg		if (i >= count)
243502Savg			break;
243502Savg		if (configs[i] == NULL)
243502Savg			continue;
243502Savg		VERIFY(nvlist_lookup_nvlist(configs[i], ZPOOL_CONFIG_VDEV_TREE,
243502Savg		    &nvtop) == 0);
243502Savg		nvlist_dup(nvtop, &tops[i], KM_SLEEP);
243213Savg	}
243502Savg	for (i = 0; holes != NULL && i < nholes; i++) {
243502Savg		if (i >= nchildren)
243502Savg			continue;
243502Savg		if (tops[holes[i]] != NULL)
243502Savg			continue;
243502Savg		nvlist_alloc(&tops[holes[i]], NV_UNIQUE_NAME, KM_SLEEP);
243502Savg		VERIFY(nvlist_add_string(tops[holes[i]], ZPOOL_CONFIG_TYPE,
243502Savg		    VDEV_TYPE_HOLE) == 0);
243502Savg		VERIFY(nvlist_add_uint64(tops[holes[i]], ZPOOL_CONFIG_ID,
243502Savg		    holes[i]) == 0);
243502Savg		VERIFY(nvlist_add_uint64(tops[holes[i]], ZPOOL_CONFIG_GUID,
243502Savg		    0) == 0);
243502Savg	}
243502Savg	for (i = 0; i < nchildren; i++) {
243502Savg		if (tops[i] != NULL)
243502Savg			continue;
243502Savg		nvlist_alloc(&tops[i], NV_UNIQUE_NAME, KM_SLEEP);
243502Savg		VERIFY(nvlist_add_string(tops[i], ZPOOL_CONFIG_TYPE,
243502Savg		    VDEV_TYPE_MISSING) == 0);
243502Savg		VERIFY(nvlist_add_uint64(tops[i], ZPOOL_CONFIG_ID,
243502Savg		    i) == 0);
243502Savg		VERIFY(nvlist_add_uint64(tops[i], ZPOOL_CONFIG_GUID,
243502Savg		    0) == 0);
243502Savg	}
243213Savg
243213Savg	/*
243502Savg	 * Create pool config based on the best vdev config.
241286Savg	 */
243502Savg	nvlist_dup(best_cfg, &config, KM_SLEEP);
241286Savg
241286Savg	/*
241286Savg	 * Put this pool's top-level vdevs into a root vdev.
241286Savg	 */
243502Savg	VERIFY(nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID,
243502Savg	    &pgid) == 0);
241286Savg	VERIFY(nvlist_alloc(&nvroot, NV_UNIQUE_NAME, KM_SLEEP) == 0);
241286Savg	VERIFY(nvlist_add_string(nvroot, ZPOOL_CONFIG_TYPE,
241286Savg	    VDEV_TYPE_ROOT) == 0);
241286Savg	VERIFY(nvlist_add_uint64(nvroot, ZPOOL_CONFIG_ID, 0ULL) == 0);
241286Savg	VERIFY(nvlist_add_uint64(nvroot, ZPOOL_CONFIG_GUID, pgid) == 0);
241286Savg	VERIFY(nvlist_add_nvlist_array(nvroot, ZPOOL_CONFIG_CHILDREN,
243502Savg	    tops, nchildren) == 0);
241286Savg
241286Savg	/*
241286Savg	 * Replace the existing vdev_tree with the new root vdev in
241286Savg	 * this pool's configuration (remove the old, add the new).
241286Savg	 */
241286Savg	VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, nvroot) == 0);
243502Savg
243502Savg	/*
243502Savg	 * Drop vdev config elements that should not be present at pool level.
243502Savg	 */
243502Savg	nvlist_remove(config, ZPOOL_CONFIG_GUID, DATA_TYPE_UINT64);
243502Savg	nvlist_remove(config, ZPOOL_CONFIG_TOP_GUID, DATA_TYPE_UINT64);
243502Savg
243502Savg	for (i = 0; i < count; i++)
243502Savg		nvlist_free(configs[i]);
243502Savg	kmem_free(configs, count * sizeof(void *));
243502Savg	for (i = 0; i < nchildren; i++)
243502Savg		nvlist_free(tops[i]);
243502Savg	kmem_free(tops, nchildren * sizeof(void *));
241286Savg	nvlist_free(nvroot);
241286Savg	return (config);
241286Savg}
241286Savg
241286Savgint
241286Savgspa_import_rootpool(const char *name)
241286Savg{
241286Savg	spa_t *spa;
241286Savg	vdev_t *rvd, *bvd, *avd = NULL;
241286Savg	nvlist_t *config, *nvtop;
241286Savg	uint64_t txg;
241286Savg	char *pname;
241286Savg	int error;
241286Savg
241286Savg	/*
241286Savg	 * Read the label from the boot device and generate a configuration.
241286Savg	 */
241286Savg	config = spa_generate_rootconf(name);
243213Savg
243213Savg	mutex_enter(&spa_namespace_lock);
243213Savg	if (config != NULL) {
243213Savg		VERIFY(nvlist_lookup_string(config, ZPOOL_CONFIG_POOL_NAME,
243213Savg		    &pname) == 0 && strcmp(name, pname) == 0);
243213Savg		VERIFY(nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_TXG, &txg)
243213Savg		    == 0);
243213Savg
243213Savg		if ((spa = spa_lookup(pname)) != NULL) {
243213Savg			/*
323746Savg			 * The pool could already be imported,
323746Savg			 * e.g., after reboot -r.
323746Savg			 */
323746Savg			if (spa->spa_state == POOL_STATE_ACTIVE) {
323746Savg				mutex_exit(&spa_namespace_lock);
323746Savg				nvlist_free(config);
323746Savg				return (0);
323746Savg			}
323746Savg
323746Savg			/*
243213Savg			 * Remove the existing root pool from the namespace so
243213Savg			 * that we can replace it with the correct config
243213Savg			 * we just read in.
243213Savg			 */
243213Savg			spa_remove(spa);
243213Savg		}
243213Savg		spa = spa_add(pname, config, NULL);
243501Savg
243501Savg		/*
243501Savg		 * Set spa_ubsync.ub_version as it can be used in vdev_alloc()
243501Savg		 * via spa_version().
243501Savg		 */
243501Savg		if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_VERSION,
243501Savg		    &spa->spa_ubsync.ub_version) != 0)
243501Savg			spa->spa_ubsync.ub_version = SPA_VERSION_INITIAL;
243213Savg	} else if ((spa = spa_lookup(name)) == NULL) {
287100Savg		mutex_exit(&spa_namespace_lock);
287100Savg		nvlist_free(config);
241286Savg		cmn_err(CE_NOTE, "Cannot find the pool label for '%s'",
241286Savg		    name);
241286Savg		return (EIO);
243213Savg	} else {
243213Savg		VERIFY(nvlist_dup(spa->spa_config, &config, KM_SLEEP) == 0);
241286Savg	}
241286Savg	spa->spa_is_root = B_TRUE;
241286Savg	spa->spa_import_flags = ZFS_IMPORT_VERBATIM;
241286Savg
241286Savg	/*
241286Savg	 * Build up a vdev tree based on the boot device's label config.
241286Savg	 */
241286Savg	VERIFY(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
241286Savg	    &nvtop) == 0);
241286Savg	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
241286Savg	error = spa_config_parse(spa, &rvd, nvtop, NULL, 0,
241286Savg	    VDEV_ALLOC_ROOTPOOL);
241286Savg	spa_config_exit(spa, SCL_ALL, FTAG);
241286Savg	if (error) {
241286Savg		mutex_exit(&spa_namespace_lock);
241286Savg		nvlist_free(config);
241286Savg		cmn_err(CE_NOTE, "Can not parse the config for pool '%s'",
241286Savg		    pname);
241286Savg		return (error);
241286Savg	}
241286Savg
241286Savg	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
241286Savg	vdev_free(rvd);
241286Savg	spa_config_exit(spa, SCL_ALL, FTAG);
241286Savg	mutex_exit(&spa_namespace_lock);
241286Savg
243213Savg	nvlist_free(config);
243213Savg	return (0);
241286Savg}
241286Savg
277300Ssmh#endif	/* illumos */
277300Ssmh#endif	/* _KERNEL */
219089Spjd
209962Smm/*
209962Smm * Import a non-root pool into the system.
209962Smm */
185029Spjdint
219089Spjdspa_import(const char *pool, nvlist_t *config, nvlist_t *props, uint64_t flags)
185029Spjd{
209962Smm	spa_t *spa;
209962Smm	char *altroot = NULL;
219089Spjd	spa_load_state_t state = SPA_LOAD_IMPORT;
332550Smav	zpool_load_policy_t policy;
219089Spjd	uint64_t mode = spa_mode_global;
219089Spjd	uint64_t readonly = B_FALSE;
209962Smm	int error;
209962Smm	nvlist_t *nvroot;
209962Smm	nvlist_t **spares, **l2cache;
209962Smm	uint_t nspares, nl2cache;
209962Smm
209962Smm	/*
209962Smm	 * If a pool with this name exists, return failure.
209962Smm	 */
209962Smm	mutex_enter(&spa_namespace_lock);
219089Spjd	if (spa_lookup(pool) != NULL) {
209962Smm		mutex_exit(&spa_namespace_lock);
249195Smm		return (SET_ERROR(EEXIST));
209962Smm	}
209962Smm
209962Smm	/*
209962Smm	 * Create and initialize the spa structure.
209962Smm	 */
209962Smm	(void) nvlist_lookup_string(props,
209962Smm	    zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
219089Spjd	(void) nvlist_lookup_uint64(props,
219089Spjd	    zpool_prop_to_name(ZPOOL_PROP_READONLY), &readonly);
219089Spjd	if (readonly)
219089Spjd		mode = FREAD;
219089Spjd	spa = spa_add(pool, config, altroot);
219089Spjd	spa->spa_import_flags = flags;
209962Smm
209962Smm	/*
219089Spjd	 * Verbatim import - Take a pool and insert it into the namespace
219089Spjd	 * as if it had been loaded at boot.
219089Spjd	 */
219089Spjd	if (spa->spa_import_flags & ZFS_IMPORT_VERBATIM) {
219089Spjd		if (props != NULL)
219089Spjd			spa_configfile_set(spa, props, B_FALSE);
219089Spjd
332525Smav		spa_write_cachefile(spa, B_FALSE, B_TRUE);
331397Smav		spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_IMPORT);
332530Smav		zfs_dbgmsg("spa_import: verbatim import of %s", pool);
219089Spjd		mutex_exit(&spa_namespace_lock);
219089Spjd		return (0);
219089Spjd	}
219089Spjd
219089Spjd	spa_activate(spa, mode);
219089Spjd
219089Spjd	/*
209962Smm	 * Don't start async tasks until we know everything is healthy.
209962Smm	 */
209962Smm	spa_async_suspend(spa);
209962Smm
332550Smav	zpool_get_load_policy(config, &policy);
332550Smav	if (policy.zlp_rewind & ZPOOL_DO_REWIND)
219089Spjd		state = SPA_LOAD_RECOVER;
219089Spjd
332536Smav	spa->spa_config_source = SPA_CONFIG_SRC_TRYIMPORT;
332536Smav
332536Smav	if (state != SPA_LOAD_RECOVER) {
219089Spjd		spa->spa_last_ubsync_txg = spa->spa_load_txg = 0;
332536Smav		zfs_dbgmsg("spa_import: importing %s", pool);
332536Smav	} else {
332536Smav		zfs_dbgmsg("spa_import: importing %s, max_txg=%lld "
332550Smav		    "(RECOVERY MODE)", pool, (longlong_t)policy.zlp_txg);
332536Smav	}
332550Smav	error = spa_load_best(spa, state, policy.zlp_txg, policy.zlp_rewind);
209962Smm
219089Spjd	/*
219089Spjd	 * Propagate anything learned while loading the pool and pass it
219089Spjd	 * back to caller (i.e. rewind info, missing devices, etc).
219089Spjd	 */
219089Spjd	VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_LOAD_INFO,
219089Spjd	    spa->spa_load_info) == 0);
219089Spjd
209962Smm	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
209962Smm	/*
209962Smm	 * Toss any existing sparelist, as it doesn't have any validity
209962Smm	 * anymore, and conflicts with spa_has_spare().
209962Smm	 */
209962Smm	if (spa->spa_spares.sav_config) {
209962Smm		nvlist_free(spa->spa_spares.sav_config);
209962Smm		spa->spa_spares.sav_config = NULL;
209962Smm		spa_load_spares(spa);
209962Smm	}
209962Smm	if (spa->spa_l2cache.sav_config) {
209962Smm		nvlist_free(spa->spa_l2cache.sav_config);
209962Smm		spa->spa_l2cache.sav_config = NULL;
209962Smm		spa_load_l2cache(spa);
209962Smm	}
209962Smm
209962Smm	VERIFY(nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,
209962Smm	    &nvroot) == 0);
209962Smm	if (error == 0)
209962Smm		error = spa_validate_aux(spa, nvroot, -1ULL,
209962Smm		    VDEV_ALLOC_SPARE);
209962Smm	if (error == 0)
209962Smm		error = spa_validate_aux(spa, nvroot, -1ULL,
209962Smm		    VDEV_ALLOC_L2CACHE);
209962Smm	spa_config_exit(spa, SCL_ALL, FTAG);
209962Smm
209962Smm	if (props != NULL)
209962Smm		spa_configfile_set(spa, props, B_FALSE);
209962Smm
209962Smm	if (error != 0 || (props && spa_writeable(spa) &&
209962Smm	    (error = spa_prop_set(spa, props)))) {
209962Smm		spa_unload(spa);
209962Smm		spa_deactivate(spa);
209962Smm		spa_remove(spa);
209962Smm		mutex_exit(&spa_namespace_lock);
209962Smm		return (error);
209962Smm	}
209962Smm
209962Smm	spa_async_resume(spa);
209962Smm
209962Smm	/*
209962Smm	 * Override any spares and level 2 cache devices as specified by
209962Smm	 * the user, as these may have correct device names/devids, etc.
209962Smm	 */
209962Smm	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES,
209962Smm	    &spares, &nspares) == 0) {
209962Smm		if (spa->spa_spares.sav_config)
209962Smm			VERIFY(nvlist_remove(spa->spa_spares.sav_config,
209962Smm			    ZPOOL_CONFIG_SPARES, DATA_TYPE_NVLIST_ARRAY) == 0);
209962Smm		else
209962Smm			VERIFY(nvlist_alloc(&spa->spa_spares.sav_config,
209962Smm			    NV_UNIQUE_NAME, KM_SLEEP) == 0);
209962Smm		VERIFY(nvlist_add_nvlist_array(spa->spa_spares.sav_config,
209962Smm		    ZPOOL_CONFIG_SPARES, spares, nspares) == 0);
209962Smm		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
209962Smm		spa_load_spares(spa);
209962Smm		spa_config_exit(spa, SCL_ALL, FTAG);
209962Smm		spa->spa_spares.sav_sync = B_TRUE;
209962Smm	}
209962Smm	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE,
209962Smm	    &l2cache, &nl2cache) == 0) {
209962Smm		if (spa->spa_l2cache.sav_config)
209962Smm			VERIFY(nvlist_remove(spa->spa_l2cache.sav_config,
209962Smm			    ZPOOL_CONFIG_L2CACHE, DATA_TYPE_NVLIST_ARRAY) == 0);
209962Smm		else
209962Smm			VERIFY(nvlist_alloc(&spa->spa_l2cache.sav_config,
209962Smm			    NV_UNIQUE_NAME, KM_SLEEP) == 0);
209962Smm		VERIFY(nvlist_add_nvlist_array(spa->spa_l2cache.sav_config,
209962Smm		    ZPOOL_CONFIG_L2CACHE, l2cache, nl2cache) == 0);
209962Smm		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
209962Smm		spa_load_l2cache(spa);
209962Smm		spa_config_exit(spa, SCL_ALL, FTAG);
209962Smm		spa->spa_l2cache.sav_sync = B_TRUE;
209962Smm	}
209962Smm
219089Spjd	/*
219089Spjd	 * Check for any removed devices.
219089Spjd	 */
219089Spjd	if (spa->spa_autoreplace) {
219089Spjd		spa_aux_check_removed(&spa->spa_spares);
219089Spjd		spa_aux_check_removed(&spa->spa_l2cache);
219089Spjd	}
219089Spjd
209962Smm	if (spa_writeable(spa)) {
209962Smm		/*
209962Smm		 * Update the config cache to include the newly-imported pool.
209962Smm		 */
209962Smm		spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
209962Smm	}
209962Smm
219089Spjd	/*
219089Spjd	 * It's possible that the pool was expanded while it was exported.
219089Spjd	 * We kick off an async task to handle this for us.
219089Spjd	 */
219089Spjd	spa_async_request(spa, SPA_ASYNC_AUTOEXPAND);
219089Spjd
248571Smm	spa_history_log_version(spa, "import");
209962Smm
331397Smav	spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_IMPORT);
287745Sdelphij
287745Sdelphij	mutex_exit(&spa_namespace_lock);
287745Sdelphij
219089Spjd#ifdef __FreeBSD__
219089Spjd#ifdef _KERNEL
219089Spjd	zvol_create_minors(pool);
219089Spjd#endif
219089Spjd#endif
209962Smm	return (0);
185029Spjd}
185029Spjd
168404Spjdnvlist_t *
168404Spjdspa_tryimport(nvlist_t *tryconfig)
168404Spjd{
168404Spjd	nvlist_t *config = NULL;
332536Smav	char *poolname, *cachefile;
168404Spjd	spa_t *spa;
168404Spjd	uint64_t state;
208443Smm	int error;
332550Smav	zpool_load_policy_t policy;
168404Spjd
168404Spjd	if (nvlist_lookup_string(tryconfig, ZPOOL_CONFIG_POOL_NAME, &poolname))
168404Spjd		return (NULL);
168404Spjd
168404Spjd	if (nvlist_lookup_uint64(tryconfig, ZPOOL_CONFIG_POOL_STATE, &state))
168404Spjd		return (NULL);
168404Spjd
168404Spjd	/*
168404Spjd	 * Create and initialize the spa structure.
168404Spjd	 */
168404Spjd	mutex_enter(&spa_namespace_lock);
219089Spjd	spa = spa_add(TRYIMPORT_NAME, tryconfig, NULL);
209962Smm	spa_activate(spa, FREAD);
168404Spjd
168404Spjd	/*
332550Smav	 * Rewind pool if a max txg was provided.
168404Spjd	 */
332550Smav	zpool_get_load_policy(spa->spa_config, &policy);
332550Smav	if (policy.zlp_txg != UINT64_MAX) {
332550Smav		spa->spa_load_max_txg = policy.zlp_txg;
332536Smav		spa->spa_extreme_rewind = B_TRUE;
332536Smav		zfs_dbgmsg("spa_tryimport: importing %s, max_txg=%lld",
332550Smav		    poolname, (longlong_t)policy.zlp_txg);
332536Smav	} else {
332536Smav		zfs_dbgmsg("spa_tryimport: importing %s", poolname);
332536Smav	}
168404Spjd
332536Smav	if (nvlist_lookup_string(tryconfig, ZPOOL_CONFIG_CACHEFILE, &cachefile)
332536Smav	    == 0) {
332536Smav		zfs_dbgmsg("spa_tryimport: using cachefile '%s'", cachefile);
332536Smav		spa->spa_config_source = SPA_CONFIG_SRC_CACHEFILE;
332536Smav	} else {
332536Smav		spa->spa_config_source = SPA_CONFIG_SRC_SCAN;
332536Smav	}
332536Smav
332536Smav	error = spa_load(spa, SPA_LOAD_TRYIMPORT, SPA_IMPORT_EXISTING);
332536Smav
168404Spjd	/*
168404Spjd	 * If 'tryconfig' was at least parsable, return the current config.
168404Spjd	 */
168404Spjd	if (spa->spa_root_vdev != NULL) {
168404Spjd		config = spa_config_generate(spa, NULL, -1ULL, B_TRUE);
168404Spjd		VERIFY(nvlist_add_string(config, ZPOOL_CONFIG_POOL_NAME,
168404Spjd		    poolname) == 0);
168404Spjd		VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_STATE,
168404Spjd		    state) == 0);
168498Spjd		VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_TIMESTAMP,
168498Spjd		    spa->spa_uberblock.ub_timestamp) == 0);
236884Smm		VERIFY(nvlist_add_nvlist(config, ZPOOL_CONFIG_LOAD_INFO,
236884Smm		    spa->spa_load_info) == 0);
168404Spjd
168404Spjd		/*
185029Spjd		 * If the bootfs property exists on this pool then we
185029Spjd		 * copy it out so that external consumers can tell which
185029Spjd		 * pools are bootable.
168404Spjd		 */
208443Smm		if ((!error || error == EEXIST) && spa->spa_bootfs) {
185029Spjd			char *tmpname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
185029Spjd
185029Spjd			/*
185029Spjd			 * We have to play games with the name since the
185029Spjd			 * pool was opened as TRYIMPORT_NAME.
185029Spjd			 */
185029Spjd			if (dsl_dsobj_to_dsname(spa_name(spa),
185029Spjd			    spa->spa_bootfs, tmpname) == 0) {
185029Spjd				char *cp;
185029Spjd				char *dsname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
185029Spjd
185029Spjd				cp = strchr(tmpname, '/');
185029Spjd				if (cp == NULL) {
185029Spjd					(void) strlcpy(dsname, tmpname,
185029Spjd					    MAXPATHLEN);
185029Spjd				} else {
185029Spjd					(void) snprintf(dsname, MAXPATHLEN,
185029Spjd					    "%s/%s", poolname, ++cp);
185029Spjd				}
185029Spjd				VERIFY(nvlist_add_string(config,
185029Spjd				    ZPOOL_CONFIG_BOOTFS, dsname) == 0);
185029Spjd				kmem_free(dsname, MAXPATHLEN);
185029Spjd			}
185029Spjd			kmem_free(tmpname, MAXPATHLEN);
185029Spjd		}
185029Spjd
185029Spjd		/*
185029Spjd		 * Add the list of hot spares and level 2 cache devices.
185029Spjd		 */
209962Smm		spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
168404Spjd		spa_add_spares(spa, config);
185029Spjd		spa_add_l2cache(spa, config);
209962Smm		spa_config_exit(spa, SCL_CONFIG, FTAG);
168404Spjd	}
168404Spjd
168404Spjd	spa_unload(spa);
168404Spjd	spa_deactivate(spa);
168404Spjd	spa_remove(spa);
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd
168404Spjd	return (config);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Pool export/destroy
168404Spjd *
168404Spjd * The act of destroying or exporting a pool is very simple.  We make sure there
168404Spjd * is no more pending I/O and any references to the pool are gone.  Then, we
168404Spjd * update the pool state and sync all the labels to disk, removing the
207670Smm * configuration from the cache afterwards. If the 'hardforce' flag is set, then
207670Smm * we don't sync the labels or remove the configuration cache.
168404Spjd */
168404Spjdstatic int
185029Spjdspa_export_common(char *pool, int new_state, nvlist_t **oldconfig,
207670Smm    boolean_t force, boolean_t hardforce)
168404Spjd{
168404Spjd	spa_t *spa;
168404Spjd
168404Spjd	if (oldconfig)
168404Spjd		*oldconfig = NULL;
168404Spjd
209962Smm	if (!(spa_mode_global & FWRITE))
249195Smm		return (SET_ERROR(EROFS));
168404Spjd
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	if ((spa = spa_lookup(pool)) == NULL) {
168404Spjd		mutex_exit(&spa_namespace_lock);
249195Smm		return (SET_ERROR(ENOENT));
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * Put a hold on the pool, drop the namespace lock, stop async tasks,
168404Spjd	 * reacquire the namespace lock, and see if we can export.
168404Spjd	 */
168404Spjd	spa_open_ref(spa, FTAG);
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd	spa_async_suspend(spa);
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	spa_close(spa, FTAG);
168404Spjd
168404Spjd	/*
168404Spjd	 * The pool will be in core if it's openable,
168404Spjd	 * in which case we can modify its state.
168404Spjd	 */
168404Spjd	if (spa->spa_state != POOL_STATE_UNINITIALIZED && spa->spa_sync_on) {
168404Spjd		/*
168404Spjd		 * Objsets may be open only because they're dirty, so we
168404Spjd		 * have to force it to sync before checking spa_refcnt.
168404Spjd		 */
168404Spjd		txg_wait_synced(spa->spa_dsl_pool, 0);
286575Smav		spa_evicting_os_wait(spa);
168404Spjd
168404Spjd		/*
168404Spjd		 * A pool cannot be exported or destroyed if there are active
168404Spjd		 * references.  If we are resetting a pool, allow references by
168404Spjd		 * fault injection handlers.
168404Spjd		 */
168404Spjd		if (!spa_refcount_zero(spa) ||
168404Spjd		    (spa->spa_inject_ref != 0 &&
168404Spjd		    new_state != POOL_STATE_UNINITIALIZED)) {
168404Spjd			spa_async_resume(spa);
168404Spjd			mutex_exit(&spa_namespace_lock);
249195Smm			return (SET_ERROR(EBUSY));
168404Spjd		}
168404Spjd
185029Spjd		/*
185029Spjd		 * A pool cannot be exported if it has an active shared spare.
185029Spjd		 * This is to prevent other pools stealing the active spare
185029Spjd		 * from an exported pool. At user's own will, such pool can
185029Spjd		 * be forcedly exported.
185029Spjd		 */
185029Spjd		if (!force && new_state == POOL_STATE_EXPORTED &&
185029Spjd		    spa_has_active_shared_spare(spa)) {
185029Spjd			spa_async_resume(spa);
185029Spjd			mutex_exit(&spa_namespace_lock);
249195Smm			return (SET_ERROR(EXDEV));
185029Spjd		}
168404Spjd
168404Spjd		/*
168404Spjd		 * We want this to be reflected on every label,
168404Spjd		 * so mark them all dirty.  spa_unload() will do the
168404Spjd		 * final sync that pushes these changes out.
168404Spjd		 */
207670Smm		if (new_state != POOL_STATE_UNINITIALIZED && !hardforce) {
185029Spjd			spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd			spa->spa_state = new_state;
219089Spjd			spa->spa_final_txg = spa_last_synced_txg(spa) +
219089Spjd			    TXG_DEFER_SIZE + 1;
168404Spjd			vdev_config_dirty(spa->spa_root_vdev);
185029Spjd			spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd		}
168404Spjd	}
168404Spjd
331397Smav	spa_event_notify(spa, NULL, NULL, ESC_ZFS_POOL_DESTROY);
185029Spjd
168404Spjd	if (spa->spa_state != POOL_STATE_UNINITIALIZED) {
168404Spjd		spa_unload(spa);
168404Spjd		spa_deactivate(spa);
168404Spjd	}
168404Spjd
168404Spjd	if (oldconfig && spa->spa_config)
168404Spjd		VERIFY(nvlist_dup(spa->spa_config, oldconfig, 0) == 0);
168404Spjd
168404Spjd	if (new_state != POOL_STATE_UNINITIALIZED) {
207670Smm		if (!hardforce)
332525Smav			spa_write_cachefile(spa, B_TRUE, B_TRUE);
168404Spjd		spa_remove(spa);
168404Spjd	}
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Destroy a storage pool.
168404Spjd */
168404Spjdint
168404Spjdspa_destroy(char *pool)
168404Spjd{
207670Smm	return (spa_export_common(pool, POOL_STATE_DESTROYED, NULL,
207670Smm	    B_FALSE, B_FALSE));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Export a storage pool.
168404Spjd */
168404Spjdint
207670Smmspa_export(char *pool, nvlist_t **oldconfig, boolean_t force,
207670Smm    boolean_t hardforce)
168404Spjd{
207670Smm	return (spa_export_common(pool, POOL_STATE_EXPORTED, oldconfig,
207670Smm	    force, hardforce));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Similar to spa_export(), this unloads the spa_t without actually removing it
168404Spjd * from the namespace in any way.
168404Spjd */
168404Spjdint
168404Spjdspa_reset(char *pool)
168404Spjd{
185029Spjd	return (spa_export_common(pool, POOL_STATE_UNINITIALIZED, NULL,
207670Smm	    B_FALSE, B_FALSE));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * ==========================================================================
168404Spjd * Device manipulation
168404Spjd * ==========================================================================
168404Spjd */
168404Spjd
168404Spjd/*
185029Spjd * Add a device to a storage pool.
168404Spjd */
168404Spjdint
168404Spjdspa_vdev_add(spa_t *spa, nvlist_t *nvroot)
168404Spjd{
219089Spjd	uint64_t txg, id;
209962Smm	int error;
168404Spjd	vdev_t *rvd = spa->spa_root_vdev;
168404Spjd	vdev_t *vd, *tvd;
185029Spjd	nvlist_t **spares, **l2cache;
185029Spjd	uint_t nspares, nl2cache;
168404Spjd
219089Spjd	ASSERT(spa_writeable(spa));
219089Spjd
168404Spjd	txg = spa_vdev_enter(spa);
168404Spjd
168404Spjd	if ((error = spa_config_parse(spa, &vd, nvroot, NULL, 0,
168404Spjd	    VDEV_ALLOC_ADD)) != 0)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, error));
168404Spjd
185029Spjd	spa->spa_pending_vdev = vd;	/* spa_vdev_exit() will clear this */
168404Spjd
185029Spjd	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_SPARES, &spares,
185029Spjd	    &nspares) != 0)
168404Spjd		nspares = 0;
168404Spjd
185029Spjd	if (nvlist_lookup_nvlist_array(nvroot, ZPOOL_CONFIG_L2CACHE, &l2cache,
185029Spjd	    &nl2cache) != 0)
185029Spjd		nl2cache = 0;
185029Spjd
185029Spjd	if (vd->vdev_children == 0 && nspares == 0 && nl2cache == 0)
168404Spjd		return (spa_vdev_exit(spa, vd, txg, EINVAL));
168404Spjd
185029Spjd	if (vd->vdev_children != 0 &&
185029Spjd	    (error = vdev_create(vd, txg, B_FALSE)) != 0)
185029Spjd		return (spa_vdev_exit(spa, vd, txg, error));
168404Spjd
168404Spjd	/*
185029Spjd	 * We must validate the spares and l2cache devices after checking the
185029Spjd	 * children.  Otherwise, vdev_inuse() will blindly overwrite the spare.
168404Spjd	 */
185029Spjd	if ((error = spa_validate_aux(spa, nvroot, txg, VDEV_ALLOC_ADD)) != 0)
168404Spjd		return (spa_vdev_exit(spa, vd, txg, error));
168404Spjd
168404Spjd	/*
332525Smav	 * If we are in the middle of a device removal, we can only add
332525Smav	 * devices which match the existing devices in the pool.
332525Smav	 * If we are in the middle of a removal, or have some indirect
332525Smav	 * vdevs, we can not add raidz toplevels.
168404Spjd	 */
332525Smav	if (spa->spa_vdev_removal != NULL ||
332525Smav	    spa->spa_removing_phys.sr_prev_indirect_vdev != -1) {
332525Smav		for (int c = 0; c < vd->vdev_children; c++) {
332525Smav			tvd = vd->vdev_child[c];
332525Smav			if (spa->spa_vdev_removal != NULL &&
332525Smav			    tvd->vdev_ashift !=
332525Smav			    spa->spa_vdev_removal->svr_vdev->vdev_ashift) {
332525Smav				return (spa_vdev_exit(spa, vd, txg, EINVAL));
332525Smav			}
332525Smav			/* Fail if top level vdev is raidz */
332525Smav			if (tvd->vdev_ops == &vdev_raidz_ops) {
332525Smav				return (spa_vdev_exit(spa, vd, txg, EINVAL));
332525Smav			}
332525Smav			/*
332525Smav			 * Need the top level mirror to be
332525Smav			 * a mirror of leaf vdevs only
332525Smav			 */
332525Smav			if (tvd->vdev_ops == &vdev_mirror_ops) {
332525Smav				for (uint64_t cid = 0;
332525Smav				    cid < tvd->vdev_children; cid++) {
332525Smav					vdev_t *cvd = tvd->vdev_child[cid];
332525Smav					if (!cvd->vdev_ops->vdev_op_leaf) {
332525Smav						return (spa_vdev_exit(spa, vd,
332525Smav						    txg, EINVAL));
332525Smav					}
332525Smav				}
332525Smav			}
332525Smav		}
332525Smav	}
332525Smav
209962Smm	for (int c = 0; c < vd->vdev_children; c++) {
219089Spjd
219089Spjd		/*
219089Spjd		 * Set the vdev id to the first hole, if one exists.
219089Spjd		 */
219089Spjd		for (id = 0; id < rvd->vdev_children; id++) {
219089Spjd			if (rvd->vdev_child[id]->vdev_ishole) {
219089Spjd				vdev_free(rvd->vdev_child[id]);
219089Spjd				break;
219089Spjd			}
219089Spjd		}
168404Spjd		tvd = vd->vdev_child[c];
168404Spjd		vdev_remove_child(vd, tvd);
219089Spjd		tvd->vdev_id = id;
168404Spjd		vdev_add_child(rvd, tvd);
168404Spjd		vdev_config_dirty(tvd);
168404Spjd	}
168404Spjd
168404Spjd	if (nspares != 0) {
185029Spjd		spa_set_aux_vdevs(&spa->spa_spares, spares, nspares,
185029Spjd		    ZPOOL_CONFIG_SPARES);
168404Spjd		spa_load_spares(spa);
185029Spjd		spa->spa_spares.sav_sync = B_TRUE;
168404Spjd	}
168404Spjd
185029Spjd	if (nl2cache != 0) {
185029Spjd		spa_set_aux_vdevs(&spa->spa_l2cache, l2cache, nl2cache,
185029Spjd		    ZPOOL_CONFIG_L2CACHE);
185029Spjd		spa_load_l2cache(spa);
185029Spjd		spa->spa_l2cache.sav_sync = B_TRUE;
185029Spjd	}
185029Spjd
168404Spjd	/*
168404Spjd	 * We have to be careful when adding new vdevs to an existing pool.
168404Spjd	 * If other threads start allocating from these vdevs before we
168404Spjd	 * sync the config cache, and we lose power, then upon reboot we may
168404Spjd	 * fail to open the pool because there are DVAs that the config cache
168404Spjd	 * can't translate.  Therefore, we first add the vdevs without
168404Spjd	 * initializing metaslabs; sync the config cache (via spa_vdev_exit());
168404Spjd	 * and then let spa_config_update() initialize the new metaslabs.
168404Spjd	 *
168404Spjd	 * spa_load() checks for added-but-not-initialized vdevs, so that
168404Spjd	 * if we lose power at any point in this sequence, the remaining
168404Spjd	 * steps will be completed the next time we load the pool.
168404Spjd	 */
168404Spjd	(void) spa_vdev_exit(spa, vd, txg, 0);
168404Spjd
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
331397Smav	spa_event_notify(spa, NULL, NULL, ESC_ZFS_VDEV_ADD);
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Attach a device to a mirror.  The arguments are the path to any device
168404Spjd * in the mirror, and the nvroot for the new device.  If the path specifies
168404Spjd * a device that is not mirrored, we automatically insert the mirror vdev.
168404Spjd *
168404Spjd * If 'replacing' is specified, the new device is intended to replace the
168404Spjd * existing device; in this case the two devices are made into their own
185029Spjd * mirror using the 'replacing' vdev, which is functionally identical to
168404Spjd * the mirror vdev (it actually reuses all the same ops) but has a few
168404Spjd * extra rules: you can't attach to it after it's been created, and upon
168404Spjd * completion of resilvering, the first disk (the one being replaced)
168404Spjd * is automatically detached.
168404Spjd */
168404Spjdint
168404Spjdspa_vdev_attach(spa_t *spa, uint64_t guid, nvlist_t *nvroot, int replacing)
168404Spjd{
219089Spjd	uint64_t txg, dtl_max_txg;
168404Spjd	vdev_t *rvd = spa->spa_root_vdev;
168404Spjd	vdev_t *oldvd, *newvd, *newrootvd, *pvd, *tvd;
168404Spjd	vdev_ops_t *pvops;
185029Spjd	char *oldvdpath, *newvdpath;
185029Spjd	int newvd_isspare;
185029Spjd	int error;
168404Spjd
219089Spjd	ASSERT(spa_writeable(spa));
219089Spjd
168404Spjd	txg = spa_vdev_enter(spa);
168404Spjd
185029Spjd	oldvd = spa_lookup_by_guid(spa, guid, B_FALSE);
168404Spjd
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav	if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
332547Smav		error = (spa_has_checkpoint(spa)) ?
332547Smav		    ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
332547Smav		return (spa_vdev_exit(spa, NULL, txg, error));
332547Smav	}
332547Smav
332525Smav	if (spa->spa_vdev_removal != NULL ||
332525Smav	    spa->spa_removing_phys.sr_prev_indirect_vdev != -1) {
332525Smav		return (spa_vdev_exit(spa, NULL, txg, EBUSY));
332525Smav	}
332525Smav
168404Spjd	if (oldvd == NULL)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, ENODEV));
168404Spjd
168404Spjd	if (!oldvd->vdev_ops->vdev_op_leaf)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
168404Spjd
168404Spjd	pvd = oldvd->vdev_parent;
168404Spjd
168404Spjd	if ((error = spa_config_parse(spa, &newrootvd, nvroot, NULL, 0,
230514Smm	    VDEV_ALLOC_ATTACH)) != 0)
185029Spjd		return (spa_vdev_exit(spa, NULL, txg, EINVAL));
185029Spjd
185029Spjd	if (newrootvd->vdev_children != 1)
168404Spjd		return (spa_vdev_exit(spa, newrootvd, txg, EINVAL));
168404Spjd
168404Spjd	newvd = newrootvd->vdev_child[0];
168404Spjd
168404Spjd	if (!newvd->vdev_ops->vdev_op_leaf)
168404Spjd		return (spa_vdev_exit(spa, newrootvd, txg, EINVAL));
168404Spjd
168404Spjd	if ((error = vdev_create(newrootvd, txg, replacing)) != 0)
168404Spjd		return (spa_vdev_exit(spa, newrootvd, txg, error));
168404Spjd
185029Spjd	/*
185029Spjd	 * Spares can't replace logs
185029Spjd	 */
185029Spjd	if (oldvd->vdev_top->vdev_islog && newvd->vdev_isspare)
185029Spjd		return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
185029Spjd
168404Spjd	if (!replacing) {
168404Spjd		/*
168404Spjd		 * For attach, the only allowable parent is a mirror or the root
168404Spjd		 * vdev.
168404Spjd		 */
168404Spjd		if (pvd->vdev_ops != &vdev_mirror_ops &&
168404Spjd		    pvd->vdev_ops != &vdev_root_ops)
168404Spjd			return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
168404Spjd
168404Spjd		pvops = &vdev_mirror_ops;
168404Spjd	} else {
168404Spjd		/*
168404Spjd		 * Active hot spares can only be replaced by inactive hot
168404Spjd		 * spares.
168404Spjd		 */
168404Spjd		if (pvd->vdev_ops == &vdev_spare_ops &&
219089Spjd		    oldvd->vdev_isspare &&
168404Spjd		    !spa_has_spare(spa, newvd->vdev_guid))
168404Spjd			return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
168404Spjd
168404Spjd		/*
168404Spjd		 * If the source is a hot spare, and the parent isn't already a
168404Spjd		 * spare, then we want to create a new hot spare.  Otherwise, we
168404Spjd		 * want to create a replacing vdev.  The user is not allowed to
168404Spjd		 * attach to a spared vdev child unless the 'isspare' state is
168404Spjd		 * the same (spare replaces spare, non-spare replaces
168404Spjd		 * non-spare).
168404Spjd		 */
219089Spjd		if (pvd->vdev_ops == &vdev_replacing_ops &&
219089Spjd		    spa_version(spa) < SPA_VERSION_MULTI_REPLACE) {
168404Spjd			return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
219089Spjd		} else if (pvd->vdev_ops == &vdev_spare_ops &&
219089Spjd		    newvd->vdev_isspare != oldvd->vdev_isspare) {
168404Spjd			return (spa_vdev_exit(spa, newrootvd, txg, ENOTSUP));
219089Spjd		}
219089Spjd
219089Spjd		if (newvd->vdev_isspare)
168404Spjd			pvops = &vdev_spare_ops;
168404Spjd		else
168404Spjd			pvops = &vdev_replacing_ops;
168404Spjd	}
168404Spjd
168404Spjd	/*
219089Spjd	 * Make sure the new device is big enough.
168404Spjd	 */
219089Spjd	if (newvd->vdev_asize < vdev_get_min_asize(oldvd))
168404Spjd		return (spa_vdev_exit(spa, newrootvd, txg, EOVERFLOW));
168404Spjd
168404Spjd	/*
168404Spjd	 * The new device cannot have a higher alignment requirement
168404Spjd	 * than the top-level vdev.
168404Spjd	 */
168404Spjd	if (newvd->vdev_ashift > oldvd->vdev_top->vdev_ashift)
168404Spjd		return (spa_vdev_exit(spa, newrootvd, txg, EDOM));
168404Spjd
168404Spjd	/*
168404Spjd	 * If this is an in-place replacement, update oldvd's path and devid
168404Spjd	 * to make it distinguishable from newvd, and unopenable from now on.
168404Spjd	 */
168404Spjd	if (strcmp(oldvd->vdev_path, newvd->vdev_path) == 0) {
168404Spjd		spa_strfree(oldvd->vdev_path);
168404Spjd		oldvd->vdev_path = kmem_alloc(strlen(newvd->vdev_path) + 5,
168404Spjd		    KM_SLEEP);
168404Spjd		(void) sprintf(oldvd->vdev_path, "%s/%s",
168404Spjd		    newvd->vdev_path, "old");
168404Spjd		if (oldvd->vdev_devid != NULL) {
168404Spjd			spa_strfree(oldvd->vdev_devid);
168404Spjd			oldvd->vdev_devid = NULL;
168404Spjd		}
168404Spjd	}
168404Spjd
219089Spjd	/* mark the device being resilvered */
254112Sdelphij	newvd->vdev_resilver_txg = txg;
219089Spjd
168404Spjd	/*
168404Spjd	 * If the parent is not a mirror, or if we're replacing, insert the new
168404Spjd	 * mirror/replacing/spare vdev above oldvd.
168404Spjd	 */
168404Spjd	if (pvd->vdev_ops != pvops)
168404Spjd		pvd = vdev_add_parent(oldvd, pvops);
168404Spjd
168404Spjd	ASSERT(pvd->vdev_top->vdev_parent == rvd);
168404Spjd	ASSERT(pvd->vdev_ops == pvops);
168404Spjd	ASSERT(oldvd->vdev_parent == pvd);
168404Spjd
168404Spjd	/*
168404Spjd	 * Extract the new device from its root and add it to pvd.
168404Spjd	 */
168404Spjd	vdev_remove_child(newrootvd, newvd);
168404Spjd	newvd->vdev_id = pvd->vdev_children;
219089Spjd	newvd->vdev_crtxg = oldvd->vdev_crtxg;
168404Spjd	vdev_add_child(pvd, newvd);
168404Spjd
168404Spjd	tvd = newvd->vdev_top;
168404Spjd	ASSERT(pvd->vdev_top == tvd);
168404Spjd	ASSERT(tvd->vdev_parent == rvd);
168404Spjd
168404Spjd	vdev_config_dirty(tvd);
168404Spjd
168404Spjd	/*
219089Spjd	 * Set newvd's DTL to [TXG_INITIAL, dtl_max_txg) so that we account
219089Spjd	 * for any dmu_sync-ed blocks.  It will propagate upward when
219089Spjd	 * spa_vdev_exit() calls vdev_dtl_reassess().
168404Spjd	 */
219089Spjd	dtl_max_txg = txg + TXG_CONCURRENT_STATES;
168404Spjd
219089Spjd	vdev_dtl_dirty(newvd, DTL_MISSING, TXG_INITIAL,
219089Spjd	    dtl_max_txg - TXG_INITIAL);
168404Spjd
209962Smm	if (newvd->vdev_isspare) {
168404Spjd		spa_spare_activate(newvd);
331397Smav		spa_event_notify(spa, newvd, NULL, ESC_ZFS_VDEV_SPARE);
209962Smm	}
209962Smm
185029Spjd	oldvdpath = spa_strdup(oldvd->vdev_path);
185029Spjd	newvdpath = spa_strdup(newvd->vdev_path);
185029Spjd	newvd_isspare = newvd->vdev_isspare;
168404Spjd
168404Spjd	/*
168404Spjd	 * Mark newvd's DTL dirty in this txg.
168404Spjd	 */
168404Spjd	vdev_dirty(tvd, VDD_DTL, newvd, txg);
168404Spjd
219089Spjd	/*
258717Savg	 * Schedule the resilver to restart in the future. We do this to
258717Savg	 * ensure that dmu_sync-ed blocks have been stitched into the
258717Savg	 * respective datasets.
219089Spjd	 */
219089Spjd	dsl_resilver_restart(spa->spa_dsl_pool, dtl_max_txg);
168404Spjd
287745Sdelphij	if (spa->spa_bootfs)
331397Smav		spa_event_notify(spa, newvd, NULL, ESC_ZFS_BOOTFS_VDEV_ATTACH);
287745Sdelphij
331397Smav	spa_event_notify(spa, newvd, NULL, ESC_ZFS_VDEV_ATTACH);
287745Sdelphij
219089Spjd	/*
219089Spjd	 * Commit the config
219089Spjd	 */
219089Spjd	(void) spa_vdev_exit(spa, newrootvd, dtl_max_txg, 0);
185029Spjd
248571Smm	spa_history_log_internal(spa, "vdev attach", NULL,
219089Spjd	    "%s vdev=%s %s vdev=%s",
219089Spjd	    replacing && newvd_isspare ? "spare in" :
219089Spjd	    replacing ? "replace" : "attach", newvdpath,
219089Spjd	    replacing ? "for" : "to", oldvdpath);
219089Spjd
185029Spjd	spa_strfree(oldvdpath);
185029Spjd	spa_strfree(newvdpath);
185029Spjd
168404Spjd	return (0);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Detach a device from a mirror or replacing vdev.
251631Sdelphij *
168404Spjd * If 'replace_done' is specified, only detach if the parent
168404Spjd * is a replacing vdev.
168404Spjd */
168404Spjdint
209962Smmspa_vdev_detach(spa_t *spa, uint64_t guid, uint64_t pguid, int replace_done)
168404Spjd{
168404Spjd	uint64_t txg;
209962Smm	int error;
168404Spjd	vdev_t *rvd = spa->spa_root_vdev;
168404Spjd	vdev_t *vd, *pvd, *cvd, *tvd;
168404Spjd	boolean_t unspare = B_FALSE;
247187Smm	uint64_t unspare_guid = 0;
219089Spjd	char *vdpath;
168404Spjd
219089Spjd	ASSERT(spa_writeable(spa));
219089Spjd
168404Spjd	txg = spa_vdev_enter(spa);
168404Spjd
185029Spjd	vd = spa_lookup_by_guid(spa, guid, B_FALSE);
168404Spjd
332547Smav	/*
332547Smav	 * Besides being called directly from the userland through the
332547Smav	 * ioctl interface, spa_vdev_detach() can be potentially called
332547Smav	 * at the end of spa_vdev_resilver_done().
332547Smav	 *
332547Smav	 * In the regular case, when we have a checkpoint this shouldn't
332547Smav	 * happen as we never empty the DTLs of a vdev during the scrub
332547Smav	 * [see comment in dsl_scan_done()]. Thus spa_vdev_resilvering_done()
332547Smav	 * should never get here when we have a checkpoint.
332547Smav	 *
332547Smav	 * That said, even in a case when we checkpoint the pool exactly
332547Smav	 * as spa_vdev_resilver_done() calls this function everything
332547Smav	 * should be fine as the resilver will return right away.
332547Smav	 */
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav	if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
332547Smav		error = (spa_has_checkpoint(spa)) ?
332547Smav		    ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
332547Smav		return (spa_vdev_exit(spa, NULL, txg, error));
332547Smav	}
332547Smav
168404Spjd	if (vd == NULL)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, ENODEV));
168404Spjd
168404Spjd	if (!vd->vdev_ops->vdev_op_leaf)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
168404Spjd
168404Spjd	pvd = vd->vdev_parent;
168404Spjd
168404Spjd	/*
209962Smm	 * If the parent/child relationship is not as expected, don't do it.
209962Smm	 * Consider M(A,R(B,C)) -- that is, a mirror of A with a replacing
209962Smm	 * vdev that's replacing B with C.  The user's intent in replacing
209962Smm	 * is to go from M(A,B) to M(A,C).  If the user decides to cancel
209962Smm	 * the replace by detaching C, the expected behavior is to end up
209962Smm	 * M(A,B).  But suppose that right after deciding to detach C,
209962Smm	 * the replacement of B completes.  We would have M(A,C), and then
209962Smm	 * ask to detach C, which would leave us with just A -- not what
209962Smm	 * the user wanted.  To prevent this, we make sure that the
209962Smm	 * parent/child relationship hasn't changed -- in this example,
209962Smm	 * that C's parent is still the replacing vdev R.
209962Smm	 */
209962Smm	if (pvd->vdev_guid != pguid && pguid != 0)
209962Smm		return (spa_vdev_exit(spa, NULL, txg, EBUSY));
209962Smm
209962Smm	/*
219089Spjd	 * Only 'replacing' or 'spare' vdevs can be replaced.
168404Spjd	 */
219089Spjd	if (replace_done && pvd->vdev_ops != &vdev_replacing_ops &&
219089Spjd	    pvd->vdev_ops != &vdev_spare_ops)
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
168404Spjd
168404Spjd	ASSERT(pvd->vdev_ops != &vdev_spare_ops ||
185029Spjd	    spa_version(spa) >= SPA_VERSION_SPARES);
168404Spjd
168404Spjd	/*
168404Spjd	 * Only mirror, replacing, and spare vdevs support detach.
168404Spjd	 */
168404Spjd	if (pvd->vdev_ops != &vdev_replacing_ops &&
168404Spjd	    pvd->vdev_ops != &vdev_mirror_ops &&
168404Spjd	    pvd->vdev_ops != &vdev_spare_ops)
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, ENOTSUP));
168404Spjd
168404Spjd	/*
209962Smm	 * If this device has the only valid copy of some data,
209962Smm	 * we cannot safely detach it.
168404Spjd	 */
209962Smm	if (vdev_dtl_required(vd))
168404Spjd		return (spa_vdev_exit(spa, NULL, txg, EBUSY));
168404Spjd
209962Smm	ASSERT(pvd->vdev_children >= 2);
168404Spjd
168404Spjd	/*
185029Spjd	 * If we are detaching the second disk from a replacing vdev, then
185029Spjd	 * check to see if we changed the original vdev's path to have "/old"
185029Spjd	 * at the end in spa_vdev_attach().  If so, undo that change now.
168404Spjd	 */
219089Spjd	if (pvd->vdev_ops == &vdev_replacing_ops && vd->vdev_id > 0 &&
219089Spjd	    vd->vdev_path != NULL) {
219089Spjd		size_t len = strlen(vd->vdev_path);
219089Spjd
219089Spjd		for (int c = 0; c < pvd->vdev_children; c++) {
219089Spjd			cvd = pvd->vdev_child[c];
219089Spjd
219089Spjd			if (cvd == vd || cvd->vdev_path == NULL)
219089Spjd				continue;
219089Spjd
219089Spjd			if (strncmp(cvd->vdev_path, vd->vdev_path, len) == 0 &&
219089Spjd			    strcmp(cvd->vdev_path + len, "/old") == 0) {
219089Spjd				spa_strfree(cvd->vdev_path);
219089Spjd				cvd->vdev_path = spa_strdup(vd->vdev_path);
219089Spjd				break;
219089Spjd			}
185029Spjd		}
185029Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * If we are detaching the original disk from a spare, then it implies
168404Spjd	 * that the spare should become a real disk, and be removed from the
168404Spjd	 * active spare list for the pool.
168404Spjd	 */
168404Spjd	if (pvd->vdev_ops == &vdev_spare_ops &&
219089Spjd	    vd->vdev_id == 0 &&
219089Spjd	    pvd->vdev_child[pvd->vdev_children - 1]->vdev_isspare)
168404Spjd		unspare = B_TRUE;
168404Spjd
168404Spjd	/*
168404Spjd	 * Erase the disk labels so the disk can be used for other things.
168404Spjd	 * This must be done after all other error cases are handled,
168404Spjd	 * but before we disembowel vd (so we can still do I/O to it).
168404Spjd	 * But if we can't do it, don't treat the error as fatal --
168404Spjd	 * it may be that the unwritability of the disk is the reason
168404Spjd	 * it's being detached!
168404Spjd	 */
168404Spjd	error = vdev_label_init(vd, 0, VDEV_LABEL_REMOVE);
168404Spjd
168404Spjd	/*
168404Spjd	 * Remove vd from its parent and compact the parent's children.
168404Spjd	 */
168404Spjd	vdev_remove_child(pvd, vd);
168404Spjd	vdev_compact_children(pvd);
168404Spjd
168404Spjd	/*
168404Spjd	 * Remember one of the remaining children so we can get tvd below.
168404Spjd	 */
219089Spjd	cvd = pvd->vdev_child[pvd->vdev_children - 1];
168404Spjd
168404Spjd	/*
168404Spjd	 * If we need to remove the remaining child from the list of hot spares,
209962Smm	 * do it now, marking the vdev as no longer a spare in the process.
209962Smm	 * We must do this before vdev_remove_parent(), because that can
209962Smm	 * change the GUID if it creates a new toplevel GUID.  For a similar
209962Smm	 * reason, we must remove the spare now, in the same txg as the detach;
209962Smm	 * otherwise someone could attach a new sibling, change the GUID, and
209962Smm	 * the subsequent attempt to spa_vdev_remove(unspare_guid) would fail.
168404Spjd	 */
168404Spjd	if (unspare) {
168404Spjd		ASSERT(cvd->vdev_isspare);
168404Spjd		spa_spare_remove(cvd);
168404Spjd		unspare_guid = cvd->vdev_guid;
209962Smm		(void) spa_vdev_remove(spa, unspare_guid, B_TRUE);
219089Spjd		cvd->vdev_unspare = B_TRUE;
168404Spjd	}
168404Spjd
168404Spjd	/*
168404Spjd	 * If the parent mirror/replacing vdev only has one child,
168404Spjd	 * the parent is no longer needed.  Remove it from the tree.
168404Spjd	 */
219089Spjd	if (pvd->vdev_children == 1) {
219089Spjd		if (pvd->vdev_ops == &vdev_spare_ops)
219089Spjd			cvd->vdev_unspare = B_FALSE;
168404Spjd		vdev_remove_parent(cvd);
219089Spjd	}
168404Spjd
219089Spjd
168404Spjd	/*
168404Spjd	 * We don't set tvd until now because the parent we just removed
168404Spjd	 * may have been the previous top-level vdev.
168404Spjd	 */
168404Spjd	tvd = cvd->vdev_top;
168404Spjd	ASSERT(tvd->vdev_parent == rvd);
168404Spjd
168404Spjd	/*
168404Spjd	 * Reevaluate the parent vdev state.
168404Spjd	 */
185029Spjd	vdev_propagate_state(cvd);
168404Spjd
168404Spjd	/*
219089Spjd	 * If the 'autoexpand' property is set on the pool then automatically
219089Spjd	 * try to expand the size of the pool. For example if the device we
219089Spjd	 * just detached was smaller than the others, it may be possible to
219089Spjd	 * add metaslabs (i.e. grow the pool). We need to reopen the vdev
219089Spjd	 * first so that we can obtain the updated sizes of the leaf vdevs.
168404Spjd	 */
219089Spjd	if (spa->spa_autoexpand) {
219089Spjd		vdev_reopen(tvd);
219089Spjd		vdev_expand(tvd, txg);
219089Spjd	}
168404Spjd
168404Spjd	vdev_config_dirty(tvd);
168404Spjd
168404Spjd	/*
168404Spjd	 * Mark vd's DTL as dirty in this txg.  vdev_dtl_sync() will see that
168404Spjd	 * vd->vdev_detached is set and free vd's DTL object in syncing context.
168404Spjd	 * But first make sure we're not on any *other* txg's DTL list, to
168404Spjd	 * prevent vd from being accessed after it's freed.
168404Spjd	 */
219089Spjd	vdpath = spa_strdup(vd->vdev_path);
209962Smm	for (int t = 0; t < TXG_SIZE; t++)
168404Spjd		(void) txg_list_remove_this(&tvd->vdev_dtl_list, vd, t);
168404Spjd	vd->vdev_detached = B_TRUE;
168404Spjd	vdev_dirty(tvd, VDD_DTL, vd, txg);
168404Spjd
331397Smav	spa_event_notify(spa, vd, NULL, ESC_ZFS_VDEV_REMOVE);
185029Spjd
219089Spjd	/* hang on to the spa before we release the lock */
219089Spjd	spa_open_ref(spa, FTAG);
219089Spjd
168404Spjd	error = spa_vdev_exit(spa, vd, txg, 0);
168404Spjd
248571Smm	spa_history_log_internal(spa, "detach", NULL,
219089Spjd	    "vdev=%s", vdpath);
219089Spjd	spa_strfree(vdpath);
219089Spjd
168404Spjd	/*
168404Spjd	 * If this was the removal of the original device in a hot spare vdev,
168404Spjd	 * then we want to go through and remove the device from the hot spare
168404Spjd	 * list of every other pool.
168404Spjd	 */
168404Spjd	if (unspare) {
219089Spjd		spa_t *altspa = NULL;
219089Spjd
168404Spjd		mutex_enter(&spa_namespace_lock);
219089Spjd		while ((altspa = spa_next(altspa)) != NULL) {
219089Spjd			if (altspa->spa_state != POOL_STATE_ACTIVE ||
219089Spjd			    altspa == spa)
168404Spjd				continue;
219089Spjd
219089Spjd			spa_open_ref(altspa, FTAG);
185029Spjd			mutex_exit(&spa_namespace_lock);
219089Spjd			(void) spa_vdev_remove(altspa, unspare_guid, B_TRUE);
185029Spjd			mutex_enter(&spa_namespace_lock);
219089Spjd			spa_close(altspa, FTAG);
168404Spjd		}
168404Spjd		mutex_exit(&spa_namespace_lock);
219089Spjd
219089Spjd		/* search the rest of the vdevs for spares to remove */
219089Spjd		spa_vdev_resilver_done(spa);
168404Spjd	}
168404Spjd
219089Spjd	/* all done with the spa; OK to release */
219089Spjd	mutex_enter(&spa_namespace_lock);
219089Spjd	spa_close(spa, FTAG);
219089Spjd	mutex_exit(&spa_namespace_lock);
219089Spjd
168404Spjd	return (error);
168404Spjd}
168404Spjd
219089Spjd/*
219089Spjd * Split a set of devices from their mirrors, and create a new pool from them.
219089Spjd */
219089Spjdint
219089Spjdspa_vdev_split_mirror(spa_t *spa, char *newname, nvlist_t *config,
219089Spjd    nvlist_t *props, boolean_t exp)
219089Spjd{
219089Spjd	int error = 0;
219089Spjd	uint64_t txg, *glist;
219089Spjd	spa_t *newspa;
219089Spjd	uint_t c, children, lastlog;
219089Spjd	nvlist_t **child, *nvl, *tmp;
219089Spjd	dmu_tx_t *tx;
219089Spjd	char *altroot = NULL;
219089Spjd	vdev_t *rvd, **vml = NULL;			/* vdev modify list */
219089Spjd	boolean_t activate_slog;
219089Spjd
219089Spjd	ASSERT(spa_writeable(spa));
219089Spjd
219089Spjd	txg = spa_vdev_enter(spa);
219089Spjd
332547Smav	ASSERT(MUTEX_HELD(&spa_namespace_lock));
332547Smav	if (spa_feature_is_active(spa, SPA_FEATURE_POOL_CHECKPOINT)) {
332547Smav		error = (spa_has_checkpoint(spa)) ?
332547Smav		    ZFS_ERR_CHECKPOINT_EXISTS : ZFS_ERR_DISCARDING_CHECKPOINT;
332547Smav		return (spa_vdev_exit(spa, NULL, txg, error));
332547Smav	}
332547Smav
219089Spjd	/* clear the log and flush everything up to now */
219089Spjd	activate_slog = spa_passivate_log(spa);
219089Spjd	(void) spa_vdev_config_exit(spa, NULL, txg, 0, FTAG);
332525Smav	error = spa_reset_logs(spa);
219089Spjd	txg = spa_vdev_config_enter(spa);
219089Spjd
219089Spjd	if (activate_slog)
219089Spjd		spa_activate_log(spa);
219089Spjd
219089Spjd	if (error != 0)
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, error));
219089Spjd
219089Spjd	/* check new spa name before going any further */
219089Spjd	if (spa_lookup(newname) != NULL)
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, EEXIST));
219089Spjd
219089Spjd	/*
219089Spjd	 * scan through all the children to ensure they're all mirrors
219089Spjd	 */
219089Spjd	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &nvl) != 0 ||
219089Spjd	    nvlist_lookup_nvlist_array(nvl, ZPOOL_CONFIG_CHILDREN, &child,
219089Spjd	    &children) != 0)
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, EINVAL));
219089Spjd
219089Spjd	/* first, check to ensure we've got the right child count */
219089Spjd	rvd = spa->spa_root_vdev;
219089Spjd	lastlog = 0;
219089Spjd	for (c = 0; c < rvd->vdev_children; c++) {
219089Spjd		vdev_t *vd = rvd->vdev_child[c];
219089Spjd
219089Spjd		/* don't count the holes & logs as children */
332525Smav		if (vd->vdev_islog || !vdev_is_concrete(vd)) {
219089Spjd			if (lastlog == 0)
219089Spjd				lastlog = c;
219089Spjd			continue;
219089Spjd		}
219089Spjd
219089Spjd		lastlog = 0;
219089Spjd	}
219089Spjd	if (children != (lastlog != 0 ? lastlog : rvd->vdev_children))
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, EINVAL));
219089Spjd
219089Spjd	/* next, ensure no spare or cache devices are part of the split */
219089Spjd	if (nvlist_lookup_nvlist(nvl, ZPOOL_CONFIG_SPARES, &tmp) == 0 ||
219089Spjd	    nvlist_lookup_nvlist(nvl, ZPOOL_CONFIG_L2CACHE, &tmp) == 0)
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, EINVAL));
219089Spjd
219089Spjd	vml = kmem_zalloc(children * sizeof (vdev_t *), KM_SLEEP);
219089Spjd	glist = kmem_zalloc(children * sizeof (uint64_t), KM_SLEEP);
219089Spjd
219089Spjd	/* then, loop over each vdev and validate it */
219089Spjd	for (c = 0; c < children; c++) {
219089Spjd		uint64_t is_hole = 0;
219089Spjd
219089Spjd		(void) nvlist_lookup_uint64(child[c], ZPOOL_CONFIG_IS_HOLE,
219089Spjd		    &is_hole);
219089Spjd
219089Spjd		if (is_hole != 0) {
219089Spjd			if (spa->spa_root_vdev->vdev_child[c]->vdev_ishole ||
219089Spjd			    spa->spa_root_vdev->vdev_child[c]->vdev_islog) {
219089Spjd				continue;
219089Spjd			} else {
249195Smm				error = SET_ERROR(EINVAL);
219089Spjd				break;
219089Spjd			}
219089Spjd		}
219089Spjd
219089Spjd		/* which disk is going to be split? */
219089Spjd		if (nvlist_lookup_uint64(child[c], ZPOOL_CONFIG_GUID,
219089Spjd		    &glist[c]) != 0) {
249195Smm			error = SET_ERROR(EINVAL);
219089Spjd			break;
219089Spjd		}
219089Spjd
219089Spjd		/* look it up in the spa */
219089Spjd		vml[c] = spa_lookup_by_guid(spa, glist[c], B_FALSE);
219089Spjd		if (vml[c] == NULL) {
249195Smm			error = SET_ERROR(ENODEV);
219089Spjd			break;
219089Spjd		}
219089Spjd
219089Spjd		/* make sure there's nothing stopping the split */
219089Spjd		if (vml[c]->vdev_parent->vdev_ops != &vdev_mirror_ops ||
219089Spjd		    vml[c]->vdev_islog ||
332525Smav		    !vdev_is_concrete(vml[c]) ||
219089Spjd		    vml[c]->vdev_isspare ||
219089Spjd		    vml[c]->vdev_isl2cache ||
219089Spjd		    !vdev_writeable(vml[c]) ||
219089Spjd		    vml[c]->vdev_children != 0 ||
219089Spjd		    vml[c]->vdev_state != VDEV_STATE_HEALTHY ||
219089Spjd		    c != spa->spa_root_vdev->vdev_child[c]->vdev_id) {
249195Smm			error = SET_ERROR(EINVAL);
219089Spjd			break;
219089Spjd		}
219089Spjd
219089Spjd		if (vdev_dtl_required(vml[c])) {
249195Smm			error = SET_ERROR(EBUSY);
219089Spjd			break;
219089Spjd		}
219089Spjd
219089Spjd		/* we need certain info from the top level */
219089Spjd		VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_METASLAB_ARRAY,
219089Spjd		    vml[c]->vdev_top->vdev_ms_array) == 0);
219089Spjd		VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_METASLAB_SHIFT,
219089Spjd		    vml[c]->vdev_top->vdev_ms_shift) == 0);
219089Spjd		VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_ASIZE,
219089Spjd		    vml[c]->vdev_top->vdev_asize) == 0);
219089Spjd		VERIFY(nvlist_add_uint64(child[c], ZPOOL_CONFIG_ASHIFT,
219089Spjd		    vml[c]->vdev_top->vdev_ashift) == 0);
299441Smav
299441Smav		/* transfer per-vdev ZAPs */
299441Smav		ASSERT3U(vml[c]->vdev_leaf_zap, !=, 0);
299441Smav		VERIFY0(nvlist_add_uint64(child[c],
299441Smav		    ZPOOL_CONFIG_VDEV_LEAF_ZAP, vml[c]->vdev_leaf_zap));
299441Smav
299441Smav		ASSERT3U(vml[c]->vdev_top->vdev_top_zap, !=, 0);
299441Smav		VERIFY0(nvlist_add_uint64(child[c],
299441Smav		    ZPOOL_CONFIG_VDEV_TOP_ZAP,
299441Smav		    vml[c]->vdev_parent->vdev_top_zap));
219089Spjd	}
219089Spjd
219089Spjd	if (error != 0) {
219089Spjd		kmem_free(vml, children * sizeof (vdev_t *));
219089Spjd		kmem_free(glist, children * sizeof (uint64_t));
219089Spjd		return (spa_vdev_exit(spa, NULL, txg, error));
219089Spjd	}
219089Spjd
219089Spjd	/* stop writers from using the disks */
219089Spjd	for (c = 0; c < children; c++) {
219089Spjd		if (vml[c] != NULL)
219089Spjd			vml[c]->vdev_offline = B_TRUE;
219089Spjd	}
219089Spjd	vdev_reopen(spa->spa_root_vdev);
219089Spjd
219089Spjd	/*
219089Spjd	 * Temporarily record the splitting vdevs in the spa config.  This
219089Spjd	 * will disappear once the config is regenerated.
219089Spjd	 */
219089Spjd	VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
219089Spjd	VERIFY(nvlist_add_uint64_array(nvl, ZPOOL_CONFIG_SPLIT_LIST,
219089Spjd	    glist, children) == 0);
219089Spjd	kmem_free(glist, children * sizeof (uint64_t));
219089Spjd
219089Spjd	mutex_enter(&spa->spa_props_lock);
219089Spjd	VERIFY(nvlist_add_nvlist(spa->spa_config, ZPOOL_CONFIG_SPLIT,
219089Spjd	    nvl) == 0);
219089Spjd	mutex_exit(&spa->spa_props_lock);
219089Spjd	spa->spa_config_splitting = nvl;
219089Spjd	vdev_config_dirty(spa->spa_root_vdev);
219089Spjd
219089Spjd	/* configure and create the new pool */
219089Spjd	VERIFY(nvlist_add_string(config, ZPOOL_CONFIG_POOL_NAME, newname) == 0);
219089Spjd	VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_STATE,
219089Spjd	    exp ? POOL_STATE_EXPORTED : POOL_STATE_ACTIVE) == 0);
219089Spjd	VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_VERSION,
219089Spjd	    spa_version(spa)) == 0);
219089Spjd	VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_TXG,
219089Spjd	    spa->spa_config_txg) == 0);
219089Spjd	VERIFY(nvlist_add_uint64(config, ZPOOL_CONFIG_POOL_GUID,
219089Spjd	    spa_generate_guid(NULL)) == 0);
299441Smav	VERIFY0(nvlist_add_boolean(config, ZPOOL_CONFIG_HAS_PER_VDEV_ZAPS));
219089Spjd	(void) nvlist_lookup_string(props,
219089Spjd	    zpool_prop_to_name(ZPOOL_PROP_ALTROOT), &altroot);
219089Spjd
219089Spjd	/* add the new pool to the namespace */
219089Spjd	newspa = spa_add(newname, config, altroot);
299441Smav	newspa->spa_avz_action = AVZ_ACTION_REBUILD;
219089Spjd	newspa->spa_config_txg = spa->spa_config_txg;
219089Spjd	spa_set_log_state(newspa, SPA_LOG_CLEAR);
219089Spjd
219089Spjd	/* release the spa config lock, retaining the namespace lock */
219089Spjd	spa_vdev_config_exit(spa, NULL, txg, 0, FTAG);
219089Spjd
219089Spjd	if (zio_injection_enabled)
219089Spjd		zio_handle_panic_injection(spa, FTAG, 1);
219089Spjd
219089Spjd	spa_activate(newspa, spa_mode_global);
219089Spjd	spa_async_suspend(newspa);
219089Spjd
277300Ssmh#ifndef illumos
219089Spjd	/* mark that we are creating new spa by splitting */
219089Spjd	newspa->spa_splitting_newspa = B_TRUE;
219089Spjd#endif
332536Smav	newspa->spa_config_source = SPA_CONFIG_SRC_SPLIT;
332536Smav
219089Spjd	/* create the new pool from the disks of the original pool */
332536Smav	error = spa_load(newspa, SPA_LOAD_IMPORT, SPA_IMPORT_ASSEMBLE);
277300Ssmh#ifndef illumos
219089Spjd	newspa->spa_splitting_newspa = B_FALSE;
219089Spjd#endif
219089Spjd	if (error)
219089Spjd		goto out;
219089Spjd
219089Spjd	/* if that worked, generate a real config for the new pool */
219089Spjd	if (newspa->spa_root_vdev != NULL) {
219089Spjd		VERIFY(nvlist_alloc(&newspa->spa_config_splitting,
219089Spjd		    NV_UNIQUE_NAME, KM_SLEEP) == 0);
219089Spjd		VERIFY(nvlist_add_uint64(newspa->spa_config_splitting,
219089Spjd		    ZPOOL_CONFIG_SPLIT_GUID, spa_guid(spa)) == 0);
219089Spjd		spa_config_set(newspa, spa_config_generate(newspa, NULL, -1ULL,
219089Spjd		    B_TRUE));
219089Spjd	}
219089Spjd
219089Spjd	/* set the props */
219089Spjd	if (props != NULL) {
219089Spjd		spa_configfile_set(newspa, props, B_FALSE);
219089Spjd		error = spa_prop_set(newspa, props);
219089Spjd		if (error)
219089Spjd			goto out;
219089Spjd	}
219089Spjd
219089Spjd	/* flush everything */
219089Spjd	txg = spa_vdev_config_enter(newspa);
219089Spjd	vdev_config_dirty(newspa->spa_root_vdev);
219089Spjd	(void) spa_vdev_config_exit(newspa, NULL, txg, 0, FTAG);
219089Spjd
219089Spjd	if (zio_injection_enabled)
219089Spjd		zio_handle_panic_injection(spa, FTAG, 2);
219089Spjd
219089Spjd	spa_async_resume(newspa);
219089Spjd
219089Spjd	/* finally, update the original pool's config */
219089Spjd	txg = spa_vdev_config_enter(spa);
219089Spjd	tx = dmu_tx_create_dd(spa_get_dsl(spa)->dp_mos_dir);
219089Spjd	error = dmu_tx_assign(tx, TXG_WAIT);
219089Spjd	if (error != 0)
219089Spjd		dmu_tx_abort(tx);
219089Spjd	for (c = 0; c < children; c++) {
219089Spjd		if (vml[c] != NULL) {
219089Spjd			vdev_split(vml[c]);
219089Spjd			if (error == 0)
248571Smm				spa_history_log_internal(spa, "detach", tx,
248571Smm				    "vdev=%s", vml[c]->vdev_path);
299441Smav
219089Spjd			vdev_free(vml[c]);
219089Spjd		}
219089Spjd	}
299441Smav	spa->spa_avz_action = AVZ_ACTION_REBUILD;
219089Spjd	vdev_config_dirty(spa->spa_root_vdev);
219089Spjd	spa->spa_config_splitting = NULL;
219089Spjd	nvlist_free(nvl);
219089Spjd	if (error == 0)
219089Spjd		dmu_tx_commit(tx);
219089Spjd	(void) spa_vdev_exit(spa, NULL, txg, 0);
219089Spjd
219089Spjd	if (zio_injection_enabled)
219089Spjd		zio_handle_panic_injection(spa, FTAG, 3);
219089Spjd
219089Spjd	/* split is complete; log a history record */
248571Smm	spa_history_log_internal(newspa, "split", NULL,
248571Smm	    "from pool %s", spa_name(spa));
219089Spjd
219089Spjd	kmem_free(vml, children * sizeof (vdev_t *));
219089Spjd
219089Spjd	/* if we're not going to mount the filesystems in userland, export */
219089Spjd	if (exp)
219089Spjd		error = spa_export_common(newname, POOL_STATE_EXPORTED, NULL,
219089Spjd		    B_FALSE, B_FALSE);
219089Spjd
219089Spjd	return (error);
219089Spjd
219089Spjdout:
219089Spjd	spa_unload(newspa);
219089Spjd	spa_deactivate(newspa);
219089Spjd	spa_remove(newspa);
219089Spjd
219089Spjd	txg = spa_vdev_config_enter(spa);
219089Spjd
219089Spjd	/* re-online all offlined disks */
219089Spjd	for (c = 0; c < children; c++) {
219089Spjd		if (vml[c] != NULL)
219089Spjd			vml[c]->vdev_offline = B_FALSE;
219089Spjd	}
219089Spjd	vdev_reopen(spa->spa_root_vdev);
219089Spjd
219089Spjd	nvlist_free(spa->spa_config_splitting);
219089Spjd	spa->spa_config_splitting = NULL;
219089Spjd	(void) spa_vdev_exit(spa, NULL, txg, error);
219089Spjd
219089Spjd	kmem_free(vml, children * sizeof (vdev_t *));
219089Spjd	return (error);
219089Spjd}
219089Spjd
168404Spjd/*
185029Spjd * Find any device that's done replacing, or a vdev marked 'unspare' that's
251631Sdelphij * currently spared, so we can detach it.
168404Spjd */
168404Spjdstatic vdev_t *
185029Spjdspa_vdev_resilver_done_hunt(vdev_t *vd)
168404Spjd{
168404Spjd	vdev_t *newvd, *oldvd;
168404Spjd
219089Spjd	for (int c = 0; c < vd->vdev_children; c++) {
185029Spjd		oldvd = spa_vdev_resilver_done_hunt(vd->vdev_child[c]);
168404Spjd		if (oldvd != NULL)
168404Spjd			return (oldvd);
168404Spjd	}
168404Spjd
185029Spjd	/*
219089Spjd	 * Check for a completed replacement.  We always consider the first
219089Spjd	 * vdev in the list to be the oldest vdev, and the last one to be
219089Spjd	 * the newest (see spa_vdev_attach() for how that works).  In
219089Spjd	 * the case where the newest vdev is faulted, we will not automatically
219089Spjd	 * remove it after a resilver completes.  This is OK as it will require
219089Spjd	 * user intervention to determine which disk the admin wishes to keep.
185029Spjd	 */
219089Spjd	if (vd->vdev_ops == &vdev_replacing_ops) {
219089Spjd		ASSERT(vd->vdev_children > 1);
219089Spjd
219089Spjd		newvd = vd->vdev_child[vd->vdev_children - 1];
168404Spjd		oldvd = vd->vdev_child[0];
168404Spjd
209962Smm		if (vdev_dtl_empty(newvd, DTL_MISSING) &&
219089Spjd		    vdev_dtl_empty(newvd, DTL_OUTAGE) &&
209962Smm		    !vdev_dtl_required(oldvd))
168404Spjd			return (oldvd);
168404Spjd	}
168404Spjd
185029Spjd	/*
185029Spjd	 * Check for a completed resilver with the 'unspare' flag set.
185029Spjd	 */
219089Spjd	if (vd->vdev_ops == &vdev_spare_ops) {
219089Spjd		vdev_t *first = vd->vdev_child[0];
219089Spjd		vdev_t *last = vd->vdev_child[vd->vdev_children - 1];
185029Spjd
219089Spjd		if (last->vdev_unspare) {
219089Spjd			oldvd = first;
219089Spjd			newvd = last;
219089Spjd		} else if (first->vdev_unspare) {
219089Spjd			oldvd = last;
219089Spjd			newvd = first;
219089Spjd		} else {
219089Spjd			oldvd = NULL;
219089Spjd		}
219089Spjd
219089Spjd		if (oldvd != NULL &&
209962Smm		    vdev_dtl_empty(newvd, DTL_MISSING) &&
219089Spjd		    vdev_dtl_empty(newvd, DTL_OUTAGE) &&
219089Spjd		    !vdev_dtl_required(oldvd))
185029Spjd			return (oldvd);
219089Spjd
219089Spjd		/*
219089Spjd		 * If there are more than two spares attached to a disk,
219089Spjd		 * and those spares are not required, then we want to
219089Spjd		 * attempt to free them up now so that they can be used
219089Spjd		 * by other pools.  Once we're back down to a single
219089Spjd		 * disk+spare, we stop removing them.
219089Spjd		 */
219089Spjd		if (vd->vdev_children > 2) {
219089Spjd			newvd = vd->vdev_child[1];
219089Spjd
219089Spjd			if (newvd->vdev_isspare && last->vdev_isspare &&
219089Spjd			    vdev_dtl_empty(last, DTL_MISSING) &&
219089Spjd			    vdev_dtl_empty(last, DTL_OUTAGE) &&
219089Spjd			    !vdev_dtl_required(newvd))
219089Spjd				return (newvd);
185029Spjd		}
185029Spjd	}
185029Spjd
168404Spjd	return (NULL);
168404Spjd}
168404Spjd
168404Spjdstatic void
185029Spjdspa_vdev_resilver_done(spa_t *spa)
168404Spjd{
209962Smm	vdev_t *vd, *pvd, *ppvd;
209962Smm	uint64_t guid, sguid, pguid, ppguid;
168404Spjd
209962Smm	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd
185029Spjd	while ((vd = spa_vdev_resilver_done_hunt(spa->spa_root_vdev)) != NULL) {
209962Smm		pvd = vd->vdev_parent;
209962Smm		ppvd = pvd->vdev_parent;
168404Spjd		guid = vd->vdev_guid;
209962Smm		pguid = pvd->vdev_guid;
209962Smm		ppguid = ppvd->vdev_guid;
209962Smm		sguid = 0;
168404Spjd		/*
168404Spjd		 * If we have just finished replacing a hot spared device, then
168404Spjd		 * we need to detach the parent's first child (the original hot
168404Spjd		 * spare) as well.
168404Spjd		 */
219089Spjd		if (ppvd->vdev_ops == &vdev_spare_ops && pvd->vdev_id == 0 &&
219089Spjd		    ppvd->vdev_children == 2) {
168404Spjd			ASSERT(pvd->vdev_ops == &vdev_replacing_ops);
209962Smm			sguid = ppvd->vdev_child[1]->vdev_guid;
168404Spjd		}
254112Sdelphij		ASSERT(vd->vdev_resilver_txg == 0 || !vdev_dtl_required(vd));
254112Sdelphij
209962Smm		spa_config_exit(spa, SCL_ALL, FTAG);
209962Smm		if (spa_vdev_detach(spa, guid, pguid, B_TRUE) != 0)
168404Spjd			return;
209962Smm		if (sguid && spa_vdev_detach(spa, sguid, ppguid, B_TRUE) != 0)
168404Spjd			return;
209962Smm		spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd	}
168404Spjd
209962Smm	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd}
168404Spjd
168404Spjd/*
219089Spjd * Update the stored path or FRU for this vdev.
168404Spjd */
168404Spjdint
209962Smmspa_vdev_set_common(spa_t *spa, uint64_t guid, const char *value,
209962Smm    boolean_t ispath)
168404Spjd{
185029Spjd	vdev_t *vd;
219089Spjd	boolean_t sync = B_FALSE;
168404Spjd
219089Spjd	ASSERT(spa_writeable(spa));
168404Spjd
219089Spjd	spa_vdev_state_enter(spa, SCL_ALL);
219089Spjd
209962Smm	if ((vd = spa_lookup_by_guid(spa, guid, B_TRUE)) == NULL)
219089Spjd		return (spa_vdev_state_exit(spa, NULL, ENOENT));
168404Spjd
168404Spjd	if (!vd->vdev_ops->vdev_op_leaf)
219089Spjd		return (spa_vdev_state_exit(spa, NULL, ENOTSUP));
168404Spjd
209962Smm	if (ispath) {
219089Spjd		if (strcmp(value, vd->vdev_path) != 0) {
219089Spjd			spa_strfree(vd->vdev_path);
219089Spjd			vd->vdev_path = spa_strdup(value);
219089Spjd			sync = B_TRUE;
219089Spjd		}
209962Smm	} else {
219089Spjd		if (vd->vdev_fru == NULL) {
219089Spjd			vd->vdev_fru = spa_strdup(value);
219089Spjd			sync = B_TRUE;
219089Spjd		} else if (strcmp(value, vd->vdev_fru) != 0) {
209962Smm			spa_strfree(vd->vdev_fru);
219089Spjd			vd->vdev_fru = spa_strdup(value);
219089Spjd			sync = B_TRUE;
219089Spjd		}
209962Smm	}
168404Spjd
219089Spjd	return (spa_vdev_state_exit(spa, sync ? vd : NULL, 0));
168404Spjd}
168404Spjd
209962Smmint
209962Smmspa_vdev_setpath(spa_t *spa, uint64_t guid, const char *newpath)
209962Smm{
209962Smm	return (spa_vdev_set_common(spa, guid, newpath, B_TRUE));
209962Smm}
209962Smm
209962Smmint
209962Smmspa_vdev_setfru(spa_t *spa, uint64_t guid, const char *newfru)
209962Smm{
209962Smm	return (spa_vdev_set_common(spa, guid, newfru, B_FALSE));
209962Smm}
209962Smm
168404Spjd/*
168404Spjd * ==========================================================================
219089Spjd * SPA Scanning
168404Spjd * ==========================================================================
168404Spjd */
324010Savgint
324010Savgspa_scrub_pause_resume(spa_t *spa, pool_scrub_cmd_t cmd)
324010Savg{
324010Savg	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
168404Spjd
324010Savg	if (dsl_scan_resilvering(spa->spa_dsl_pool))
324010Savg		return (SET_ERROR(EBUSY));
324010Savg
324010Savg	return (dsl_scrub_set_pause_resume(spa->spa_dsl_pool, cmd));
324010Savg}
324010Savg
168404Spjdint
219089Spjdspa_scan_stop(spa_t *spa)
168404Spjd{
185029Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
219089Spjd	if (dsl_scan_resilvering(spa->spa_dsl_pool))
249195Smm		return (SET_ERROR(EBUSY));
219089Spjd	return (dsl_scan_cancel(spa->spa_dsl_pool));
219089Spjd}
168404Spjd
219089Spjdint
219089Spjdspa_scan(spa_t *spa, pool_scan_func_t func)
219089Spjd{
219089Spjd	ASSERT(spa_config_held(spa, SCL_ALL, RW_WRITER) == 0);
219089Spjd
219089Spjd	if (func >= POOL_SCAN_FUNCS || func == POOL_SCAN_NONE)
249195Smm		return (SET_ERROR(ENOTSUP));
168404Spjd
168404Spjd	/*
185029Spjd	 * If a resilver was requested, but there is no DTL on a
185029Spjd	 * writeable leaf device, we have nothing to do.
168404Spjd	 */
219089Spjd	if (func == POOL_SCAN_RESILVER &&
185029Spjd	    !vdev_resilver_needed(spa->spa_root_vdev, NULL, NULL)) {
185029Spjd		spa_async_request(spa, SPA_ASYNC_RESILVER_DONE);
168404Spjd		return (0);
168404Spjd	}
168404Spjd
219089Spjd	return (dsl_scan(spa->spa_dsl_pool, func));
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * ==========================================================================
168404Spjd * SPA async task processing
168404Spjd * ==========================================================================
168404Spjd */
168404Spjd
168404Spjdstatic void
185029Spjdspa_async_remove(spa_t *spa, vdev_t *vd)
168404Spjd{
185029Spjd	if (vd->vdev_remove_wanted) {
219089Spjd		vd->vdev_remove_wanted = B_FALSE;
219089Spjd		vd->vdev_delayed_close = B_FALSE;
185029Spjd		vdev_set_state(vd, B_FALSE, VDEV_STATE_REMOVED, VDEV_AUX_NONE);
209962Smm
209962Smm		/*
209962Smm		 * We want to clear the stats, but we don't want to do a full
209962Smm		 * vdev_clear() as that will cause us to throw away
209962Smm		 * degraded/faulted state as well as attempt to reopen the
209962Smm		 * device, all of which is a waste.
209962Smm		 */
209962Smm		vd->vdev_stat.vs_read_errors = 0;
209962Smm		vd->vdev_stat.vs_write_errors = 0;
209962Smm		vd->vdev_stat.vs_checksum_errors = 0;
209962Smm
185029Spjd		vdev_state_dirty(vd->vdev_top);
294027Sasomers		/* Tell userspace that the vdev is gone. */
294027Sasomers		zfs_post_remove(spa, vd);
185029Spjd	}
168404Spjd
185029Spjd	for (int c = 0; c < vd->vdev_children; c++)
185029Spjd		spa_async_remove(spa, vd->vdev_child[c]);
185029Spjd}
168404Spjd
185029Spjdstatic void
185029Spjdspa_async_probe(spa_t *spa, vdev_t *vd)
185029Spjd{
185029Spjd	if (vd->vdev_probe_wanted) {
219089Spjd		vd->vdev_probe_wanted = B_FALSE;
185029Spjd		vdev_reopen(vd);	/* vdev_open() does the actual probe */
168404Spjd	}
168404Spjd
185029Spjd	for (int c = 0; c < vd->vdev_children; c++)
185029Spjd		spa_async_probe(spa, vd->vdev_child[c]);
168404Spjd}
168404Spjd
168404Spjdstatic void
219089Spjdspa_async_autoexpand(spa_t *spa, vdev_t *vd)
219089Spjd{
219089Spjd	sysevent_id_t eid;
219089Spjd	nvlist_t *attr;
219089Spjd	char *physpath;
219089Spjd
219089Spjd	if (!spa->spa_autoexpand)
219089Spjd		return;
219089Spjd
219089Spjd	for (int c = 0; c < vd->vdev_children; c++) {
219089Spjd		vdev_t *cvd = vd->vdev_child[c];
219089Spjd		spa_async_autoexpand(spa, cvd);
219089Spjd	}
219089Spjd
219089Spjd	if (!vd->vdev_ops->vdev_op_leaf || vd->vdev_physpath == NULL)
219089Spjd		return;
219089Spjd
219089Spjd	physpath = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
219089Spjd	(void) snprintf(physpath, MAXPATHLEN, "/devices%s", vd->vdev_physpath);
219089Spjd
219089Spjd	VERIFY(nvlist_alloc(&attr, NV_UNIQUE_NAME, KM_SLEEP) == 0);
219089Spjd	VERIFY(nvlist_add_string(attr, DEV_PHYS_PATH, physpath) == 0);
219089Spjd
219089Spjd	(void) ddi_log_sysevent(zfs_dip, SUNW_VENDOR, EC_DEV_STATUS,
219089Spjd	    ESC_ZFS_VDEV_AUTOEXPAND, attr, &eid, DDI_SLEEP);
219089Spjd
219089Spjd	nvlist_free(attr);
219089Spjd	kmem_free(physpath, MAXPATHLEN);
219089Spjd}
219089Spjd
219089Spjdstatic void
168404Spjdspa_async_thread(void *arg)
168404Spjd{
331399Smav	spa_t *spa = (spa_t *)arg;
168404Spjd	int tasks;
168404Spjd
168404Spjd	ASSERT(spa->spa_sync_on);
168404Spjd
168404Spjd	mutex_enter(&spa->spa_async_lock);
168404Spjd	tasks = spa->spa_async_tasks;
253990Smav	spa->spa_async_tasks &= SPA_ASYNC_REMOVE;
168404Spjd	mutex_exit(&spa->spa_async_lock);
168404Spjd
168404Spjd	/*
168404Spjd	 * See if the config needs to be updated.
168404Spjd	 */
168404Spjd	if (tasks & SPA_ASYNC_CONFIG_UPDATE) {
219089Spjd		uint64_t old_space, new_space;
219089Spjd
168404Spjd		mutex_enter(&spa_namespace_lock);
219089Spjd		old_space = metaslab_class_get_space(spa_normal_class(spa));
168404Spjd		spa_config_update(spa, SPA_CONFIG_UPDATE_POOL);
219089Spjd		new_space = metaslab_class_get_space(spa_normal_class(spa));
168404Spjd		mutex_exit(&spa_namespace_lock);
219089Spjd
219089Spjd		/*
219089Spjd		 * If the pool grew as a result of the config update,
219089Spjd		 * then log an internal history event.
219089Spjd		 */
219089Spjd		if (new_space != old_space) {
248571Smm			spa_history_log_internal(spa, "vdev online", NULL,
219089Spjd			    "pool '%s' size: %llu(+%llu)",
219089Spjd			    spa_name(spa), new_space, new_space - old_space);
219089Spjd		}
168404Spjd	}
168404Spjd
219089Spjd	if ((tasks & SPA_ASYNC_AUTOEXPAND) && !spa_suspended(spa)) {
219089Spjd		spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
219089Spjd		spa_async_autoexpand(spa, spa->spa_root_vdev);
219089Spjd		spa_config_exit(spa, SCL_CONFIG, FTAG);
219089Spjd	}
219089Spjd
168404Spjd	/*
185029Spjd	 * See if any devices need to be probed.
168404Spjd	 */
185029Spjd	if (tasks & SPA_ASYNC_PROBE) {
219089Spjd		spa_vdev_state_enter(spa, SCL_NONE);
185029Spjd		spa_async_probe(spa, spa->spa_root_vdev);
185029Spjd		(void) spa_vdev_state_exit(spa, NULL, 0);
185029Spjd	}
168404Spjd
168404Spjd	/*
185029Spjd	 * If any devices are done replacing, detach them.
168404Spjd	 */
185029Spjd	if (tasks & SPA_ASYNC_RESILVER_DONE)
185029Spjd		spa_vdev_resilver_done(spa);
168404Spjd
168404Spjd	/*
168404Spjd	 * Kick off a resilver.
168404Spjd	 */
168404Spjd	if (tasks & SPA_ASYNC_RESILVER)
219089Spjd		dsl_resilver_restart(spa->spa_dsl_pool, 0);
168404Spjd
168404Spjd	/*
168404Spjd	 * Let the world know that we're done.
168404Spjd	 */
168404Spjd	mutex_enter(&spa->spa_async_lock);
168404Spjd	spa->spa_async_thread = NULL;
168404Spjd	cv_broadcast(&spa->spa_async_cv);
168404Spjd	mutex_exit(&spa->spa_async_lock);
168404Spjd	thread_exit();
168404Spjd}
168404Spjd
253990Smavstatic void
253990Smavspa_async_thread_vd(void *arg)
253990Smav{
253990Smav	spa_t *spa = arg;
253990Smav	int tasks;
253990Smav
253990Smav	mutex_enter(&spa->spa_async_lock);
253990Smav	tasks = spa->spa_async_tasks;
253990Smavretry:
253990Smav	spa->spa_async_tasks &= ~SPA_ASYNC_REMOVE;
253990Smav	mutex_exit(&spa->spa_async_lock);
253990Smav
253990Smav	/*
253990Smav	 * See if any devices need to be marked REMOVED.
253990Smav	 */
253990Smav	if (tasks & SPA_ASYNC_REMOVE) {
253990Smav		spa_vdev_state_enter(spa, SCL_NONE);
253990Smav		spa_async_remove(spa, spa->spa_root_vdev);
253990Smav		for (int i = 0; i < spa->spa_l2cache.sav_count; i++)
253990Smav			spa_async_remove(spa, spa->spa_l2cache.sav_vdevs[i]);
253990Smav		for (int i = 0; i < spa->spa_spares.sav_count; i++)
253990Smav			spa_async_remove(spa, spa->spa_spares.sav_vdevs[i]);
253990Smav		(void) spa_vdev_state_exit(spa, NULL, 0);
253990Smav	}
253990Smav
253990Smav	/*
253990Smav	 * Let the world know that we're done.
253990Smav	 */
253990Smav	mutex_enter(&spa->spa_async_lock);
253990Smav	tasks = spa->spa_async_tasks;
253990Smav	if ((tasks & SPA_ASYNC_REMOVE) != 0)
253990Smav		goto retry;
253990Smav	spa->spa_async_thread_vd = NULL;
253990Smav	cv_broadcast(&spa->spa_async_cv);
253990Smav	mutex_exit(&spa->spa_async_lock);
253990Smav	thread_exit();
253990Smav}
253990Smav
168404Spjdvoid
168404Spjdspa_async_suspend(spa_t *spa)
168404Spjd{
168404Spjd	mutex_enter(&spa->spa_async_lock);
168404Spjd	spa->spa_async_suspended++;
332525Smav	while (spa->spa_async_thread != NULL ||
332537Smav	    spa->spa_async_thread_vd != NULL)
168404Spjd		cv_wait(&spa->spa_async_cv, &spa->spa_async_lock);
168404Spjd	mutex_exit(&spa->spa_async_lock);
332525Smav
332525Smav	spa_vdev_remove_suspend(spa);
332537Smav
332537Smav	zthr_t *condense_thread = spa->spa_condense_zthr;
332537Smav	if (condense_thread != NULL && zthr_isrunning(condense_thread))
332537Smav		VERIFY0(zthr_cancel(condense_thread));
332547Smav
332547Smav	zthr_t *discard_thread = spa->spa_checkpoint_discard_zthr;
332547Smav	if (discard_thread != NULL && zthr_isrunning(discard_thread))
332547Smav		VERIFY0(zthr_cancel(discard_thread));
168404Spjd}
168404Spjd
168404Spjdvoid
168404Spjdspa_async_resume(spa_t *spa)
168404Spjd{
168404Spjd	mutex_enter(&spa->spa_async_lock);
168404Spjd	ASSERT(spa->spa_async_suspended != 0);
168404Spjd	spa->spa_async_suspended--;
168404Spjd	mutex_exit(&spa->spa_async_lock);
332525Smav	spa_restart_removal(spa);
332537Smav
332537Smav	zthr_t *condense_thread = spa->spa_condense_zthr;
332537Smav	if (condense_thread != NULL && !zthr_isrunning(condense_thread))
332537Smav		zthr_resume(condense_thread);
332547Smav
332547Smav	zthr_t *discard_thread = spa->spa_checkpoint_discard_zthr;
332547Smav	if (discard_thread != NULL && !zthr_isrunning(discard_thread))
332547Smav		zthr_resume(discard_thread);
168404Spjd}
168404Spjd
251636Sdelphijstatic boolean_t
251636Sdelphijspa_async_tasks_pending(spa_t *spa)
251636Sdelphij{
251636Sdelphij	uint_t non_config_tasks;
251636Sdelphij	uint_t config_task;
251636Sdelphij	boolean_t config_task_suspended;
251636Sdelphij
253990Smav	non_config_tasks = spa->spa_async_tasks & ~(SPA_ASYNC_CONFIG_UPDATE |
253990Smav	    SPA_ASYNC_REMOVE);
251636Sdelphij	config_task = spa->spa_async_tasks & SPA_ASYNC_CONFIG_UPDATE;
251636Sdelphij	if (spa->spa_ccw_fail_time == 0) {
251636Sdelphij		config_task_suspended = B_FALSE;
251636Sdelphij	} else {
251636Sdelphij		config_task_suspended =
251636Sdelphij		    (gethrtime() - spa->spa_ccw_fail_time) <
251636Sdelphij		    (zfs_ccw_retry_interval * NANOSEC);
251636Sdelphij	}
251636Sdelphij
251636Sdelphij	return (non_config_tasks || (config_task && !config_task_suspended));
251636Sdelphij}
251636Sdelphij
168404Spjdstatic void
168404Spjdspa_async_dispatch(spa_t *spa)
168404Spjd{
168404Spjd	mutex_enter(&spa->spa_async_lock);
251636Sdelphij	if (spa_async_tasks_pending(spa) &&
251636Sdelphij	    !spa->spa_async_suspended &&
168404Spjd	    spa->spa_async_thread == NULL &&
251636Sdelphij	    rootdir != NULL)
168404Spjd		spa->spa_async_thread = thread_create(NULL, 0,
168404Spjd		    spa_async_thread, spa, 0, &p0, TS_RUN, maxclsyspri);
168404Spjd	mutex_exit(&spa->spa_async_lock);
168404Spjd}
168404Spjd
253990Smavstatic void
253990Smavspa_async_dispatch_vd(spa_t *spa)
253990Smav{
253990Smav	mutex_enter(&spa->spa_async_lock);
253990Smav	if ((spa->spa_async_tasks & SPA_ASYNC_REMOVE) != 0 &&
253990Smav	    !spa->spa_async_suspended &&
253990Smav	    spa->spa_async_thread_vd == NULL &&
253990Smav	    rootdir != NULL)
253990Smav		spa->spa_async_thread_vd = thread_create(NULL, 0,
253990Smav		    spa_async_thread_vd, spa, 0, &p0, TS_RUN, maxclsyspri);
253990Smav	mutex_exit(&spa->spa_async_lock);
253990Smav}
253990Smav
168404Spjdvoid
168404Spjdspa_async_request(spa_t *spa, int task)
168404Spjd{
219089Spjd	zfs_dbgmsg("spa=%s async request task=%u", spa->spa_name, task);
168404Spjd	mutex_enter(&spa->spa_async_lock);
168404Spjd	spa->spa_async_tasks |= task;
168404Spjd	mutex_exit(&spa->spa_async_lock);
253990Smav	spa_async_dispatch_vd(spa);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * ==========================================================================
168404Spjd * SPA syncing routines
168404Spjd * ==========================================================================
168404Spjd */
168404Spjd
219089Spjdstatic int
219089Spjdbpobj_enqueue_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
168404Spjd{
219089Spjd	bpobj_t *bpo = arg;
219089Spjd	bpobj_enqueue(bpo, bp, tx);
219089Spjd	return (0);
219089Spjd}
168404Spjd
219089Spjdstatic int
219089Spjdspa_free_sync_cb(void *arg, const blkptr_t *bp, dmu_tx_t *tx)
219089Spjd{
219089Spjd	zio_t *zio = arg;
168404Spjd
219089Spjd	zio_nowait(zio_free_sync(zio, zio->io_spa, dmu_tx_get_txg(tx), bp,
240868Spjd	    BP_GET_PSIZE(bp), zio->io_flags));
219089Spjd	return (0);
168404Spjd}
168404Spjd
258632Savg/*
258632Savg * Note: this simple function is not inlined to make it easier to dtrace the
258632Savg * amount of time spent syncing frees.
258632Savg */
168404Spjdstatic void
258632Savgspa_sync_frees(spa_t *spa, bplist_t *bpl, dmu_tx_t *tx)
258632Savg{
258632Savg	zio_t *zio = zio_root(spa, NULL, NULL, 0);
258632Savg	bplist_iterate(bpl, spa_free_sync_cb, zio, tx);
258632Savg	VERIFY(zio_wait(zio) == 0);
258632Savg}
258632Savg
258632Savg/*
258632Savg * Note: this simple function is not inlined to make it easier to dtrace the
258632Savg * amount of time spent syncing deferred frees.
258632Savg */
258632Savgstatic void
258632Savgspa_sync_deferred_frees(spa_t *spa, dmu_tx_t *tx)
258632Savg{
258632Savg	zio_t *zio = zio_root(spa, NULL, NULL, 0);
258632Savg	VERIFY3U(bpobj_iterate(&spa->spa_deferred_bpobj,
258632Savg	    spa_free_sync_cb, zio, tx), ==, 0);
258632Savg	VERIFY0(zio_wait(zio));
258632Savg}
258632Savg
258632Savg
258632Savgstatic void
168404Spjdspa_sync_nvlist(spa_t *spa, uint64_t obj, nvlist_t *nv, dmu_tx_t *tx)
168404Spjd{
168404Spjd	char *packed = NULL;
185029Spjd	size_t bufsize;
168404Spjd	size_t nvsize = 0;
168404Spjd	dmu_buf_t *db;
168404Spjd
168404Spjd	VERIFY(nvlist_size(nv, &nvsize, NV_ENCODE_XDR) == 0);
168404Spjd
185029Spjd	/*
185029Spjd	 * Write full (SPA_CONFIG_BLOCKSIZE) blocks of configuration
260150Sdelphij	 * information.  This avoids the dmu_buf_will_dirty() path and
185029Spjd	 * saves us a pre-read to get data we don't actually care about.
185029Spjd	 */
236884Smm	bufsize = P2ROUNDUP((uint64_t)nvsize, SPA_CONFIG_BLOCKSIZE);
185029Spjd	packed = kmem_alloc(bufsize, KM_SLEEP);
168404Spjd
168404Spjd	VERIFY(nvlist_pack(nv, &packed, &nvsize, NV_ENCODE_XDR,
168404Spjd	    KM_SLEEP) == 0);
185029Spjd	bzero(packed + nvsize, bufsize - nvsize);
168404Spjd
185029Spjd	dmu_write(spa->spa_meta_objset, obj, 0, bufsize, packed, tx);
168404Spjd
185029Spjd	kmem_free(packed, bufsize);
168404Spjd
168404Spjd	VERIFY(0 == dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db));
168404Spjd	dmu_buf_will_dirty(db, tx);
168404Spjd	*(uint64_t *)db->db_data = nvsize;
168404Spjd	dmu_buf_rele(db, FTAG);
168404Spjd}
168404Spjd
168404Spjdstatic void
185029Spjdspa_sync_aux_dev(spa_t *spa, spa_aux_vdev_t *sav, dmu_tx_t *tx,
185029Spjd    const char *config, const char *entry)
168404Spjd{
168404Spjd	nvlist_t *nvroot;
185029Spjd	nvlist_t **list;
168404Spjd	int i;
168404Spjd
185029Spjd	if (!sav->sav_sync)
168404Spjd		return;
168404Spjd
168404Spjd	/*
185029Spjd	 * Update the MOS nvlist describing the list of available devices.
185029Spjd	 * spa_validate_aux() will have already made sure this nvlist is
185029Spjd	 * valid and the vdevs are labeled appropriately.
168404Spjd	 */
185029Spjd	if (sav->sav_object == 0) {
185029Spjd		sav->sav_object = dmu_object_alloc(spa->spa_meta_objset,
185029Spjd		    DMU_OT_PACKED_NVLIST, 1 << 14, DMU_OT_PACKED_NVLIST_SIZE,
185029Spjd		    sizeof (uint64_t), tx);
168404Spjd		VERIFY(zap_update(spa->spa_meta_objset,
185029Spjd		    DMU_POOL_DIRECTORY_OBJECT, entry, sizeof (uint64_t), 1,
185029Spjd		    &sav->sav_object, tx) == 0);
168404Spjd	}
168404Spjd
168404Spjd	VERIFY(nvlist_alloc(&nvroot, NV_UNIQUE_NAME, KM_SLEEP) == 0);
185029Spjd	if (sav->sav_count == 0) {
185029Spjd		VERIFY(nvlist_add_nvlist_array(nvroot, config, NULL, 0) == 0);
168404Spjd	} else {
185029Spjd		list = kmem_alloc(sav->sav_count * sizeof (void *), KM_SLEEP);
185029Spjd		for (i = 0; i < sav->sav_count; i++)
185029Spjd			list[i] = vdev_config_generate(spa, sav->sav_vdevs[i],
219089Spjd			    B_FALSE, VDEV_CONFIG_L2CACHE);
185029Spjd		VERIFY(nvlist_add_nvlist_array(nvroot, config, list,
185029Spjd		    sav->sav_count) == 0);
185029Spjd		for (i = 0; i < sav->sav_count; i++)
185029Spjd			nvlist_free(list[i]);
185029Spjd		kmem_free(list, sav->sav_count * sizeof (void *));
168404Spjd	}
168404Spjd
185029Spjd	spa_sync_nvlist(spa, sav->sav_object, nvroot, tx);
168404Spjd	nvlist_free(nvroot);
168404Spjd
185029Spjd	sav->sav_sync = B_FALSE;
168404Spjd}
168404Spjd
299441Smav/*
299441Smav * Rebuild spa's all-vdev ZAP from the vdev ZAPs indicated in each vdev_t.
299441Smav * The all-vdev ZAP must be empty.
299441Smav */
168404Spjdstatic void
299441Smavspa_avz_build(vdev_t *vd, uint64_t avz, dmu_tx_t *tx)
299441Smav{
299441Smav	spa_t *spa = vd->vdev_spa;
299441Smav	if (vd->vdev_top_zap != 0) {
299441Smav		VERIFY0(zap_add_int(spa->spa_meta_objset, avz,
299441Smav		    vd->vdev_top_zap, tx));
299441Smav	}
299441Smav	if (vd->vdev_leaf_zap != 0) {
299441Smav		VERIFY0(zap_add_int(spa->spa_meta_objset, avz,
299441Smav		    vd->vdev_leaf_zap, tx));
299441Smav	}
299441Smav	for (uint64_t i = 0; i < vd->vdev_children; i++) {
299441Smav		spa_avz_build(vd->vdev_child[i], avz, tx);
299441Smav	}
299441Smav}
299441Smav
299441Smavstatic void
168404Spjdspa_sync_config_object(spa_t *spa, dmu_tx_t *tx)
168404Spjd{
168404Spjd	nvlist_t *config;
168404Spjd
299441Smav	/*
299441Smav	 * If the pool is being imported from a pre-per-vdev-ZAP version of ZFS,
299441Smav	 * its config may not be dirty but we still need to build per-vdev ZAPs.
299441Smav	 * Similarly, if the pool is being assembled (e.g. after a split), we
299441Smav	 * need to rebuild the AVZ although the config may not be dirty.
299441Smav	 */
299441Smav	if (list_is_empty(&spa->spa_config_dirty_list) &&
299441Smav	    spa->spa_avz_action == AVZ_ACTION_NONE)
168404Spjd		return;
168404Spjd
185029Spjd	spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
168404Spjd
299441Smav	ASSERT(spa->spa_avz_action == AVZ_ACTION_NONE ||
321540Smav	    spa->spa_avz_action == AVZ_ACTION_INITIALIZE ||
299441Smav	    spa->spa_all_vdev_zaps != 0);
299441Smav
299441Smav	if (spa->spa_avz_action == AVZ_ACTION_REBUILD) {
299441Smav		/* Make and build the new AVZ */
299441Smav		uint64_t new_avz = zap_create(spa->spa_meta_objset,
299441Smav		    DMU_OTN_ZAP_METADATA, DMU_OT_NONE, 0, tx);
299441Smav		spa_avz_build(spa->spa_root_vdev, new_avz, tx);
299441Smav
299441Smav		/* Diff old AVZ with new one */
299441Smav		zap_cursor_t zc;
299441Smav		zap_attribute_t za;
299441Smav
299441Smav		for (zap_cursor_init(&zc, spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps);
299441Smav		    zap_cursor_retrieve(&zc, &za) == 0;
299441Smav		    zap_cursor_advance(&zc)) {
299441Smav			uint64_t vdzap = za.za_first_integer;
299441Smav			if (zap_lookup_int(spa->spa_meta_objset, new_avz,
299441Smav			    vdzap) == ENOENT) {
299441Smav				/*
299441Smav				 * ZAP is listed in old AVZ but not in new one;
299441Smav				 * destroy it
299441Smav				 */
299441Smav				VERIFY0(zap_destroy(spa->spa_meta_objset, vdzap,
299441Smav				    tx));
299441Smav			}
299441Smav		}
299441Smav
299441Smav		zap_cursor_fini(&zc);
299441Smav
299441Smav		/* Destroy the old AVZ */
299441Smav		VERIFY0(zap_destroy(spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps, tx));
299441Smav
299441Smav		/* Replace the old AVZ in the dir obj with the new one */
299441Smav		VERIFY0(zap_update(spa->spa_meta_objset,
299441Smav		    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_VDEV_ZAP_MAP,
299441Smav		    sizeof (new_avz), 1, &new_avz, tx));
299441Smav
299441Smav		spa->spa_all_vdev_zaps = new_avz;
299441Smav	} else if (spa->spa_avz_action == AVZ_ACTION_DESTROY) {
299441Smav		zap_cursor_t zc;
299441Smav		zap_attribute_t za;
299441Smav
299441Smav		/* Walk through the AVZ and destroy all listed ZAPs */
299441Smav		for (zap_cursor_init(&zc, spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps);
299441Smav		    zap_cursor_retrieve(&zc, &za) == 0;
299441Smav		    zap_cursor_advance(&zc)) {
299441Smav			uint64_t zap = za.za_first_integer;
299441Smav			VERIFY0(zap_destroy(spa->spa_meta_objset, zap, tx));
299441Smav		}
299441Smav
299441Smav		zap_cursor_fini(&zc);
299441Smav
299441Smav		/* Destroy and unlink the AVZ itself */
299441Smav		VERIFY0(zap_destroy(spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps, tx));
299441Smav		VERIFY0(zap_remove(spa->spa_meta_objset,
299441Smav		    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_VDEV_ZAP_MAP, tx));
299441Smav		spa->spa_all_vdev_zaps = 0;
299441Smav	}
299441Smav
299441Smav	if (spa->spa_all_vdev_zaps == 0) {
299441Smav		spa->spa_all_vdev_zaps = zap_create_link(spa->spa_meta_objset,
299441Smav		    DMU_OTN_ZAP_METADATA, DMU_POOL_DIRECTORY_OBJECT,
299441Smav		    DMU_POOL_VDEV_ZAP_MAP, tx);
299441Smav	}
299441Smav	spa->spa_avz_action = AVZ_ACTION_NONE;
299441Smav
299441Smav	/* Create ZAPs for vdevs that don't have them. */
299441Smav	vdev_construct_zaps(spa->spa_root_vdev, tx);
299441Smav
185029Spjd	config = spa_config_generate(spa, spa->spa_root_vdev,
185029Spjd	    dmu_tx_get_txg(tx), B_FALSE);
185029Spjd
243505Smm	/*
243505Smm	 * If we're upgrading the spa version then make sure that
243505Smm	 * the config object gets updated with the correct version.
243505Smm	 */
243505Smm	if (spa->spa_ubsync.ub_version < spa->spa_uberblock.ub_version)
243505Smm		fnvlist_add_uint64(config, ZPOOL_CONFIG_VERSION,
243505Smm		    spa->spa_uberblock.ub_version);
243505Smm
185029Spjd	spa_config_exit(spa, SCL_STATE, FTAG);
185029Spjd
296528Smav	nvlist_free(spa->spa_config_syncing);
168404Spjd	spa->spa_config_syncing = config;
168404Spjd
168404Spjd	spa_sync_nvlist(spa, spa->spa_config_object, config, tx);
168404Spjd}
168404Spjd
236884Smmstatic void
248571Smmspa_sync_version(void *arg, dmu_tx_t *tx)
236884Smm{
248571Smm	uint64_t *versionp = arg;
248571Smm	uint64_t version = *versionp;
248571Smm	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
236884Smm
236884Smm	/*
236884Smm	 * Setting the version is special cased when first creating the pool.
236884Smm	 */
236884Smm	ASSERT(tx->tx_txg != TXG_INITIAL);
236884Smm
247592Sdelphij	ASSERT(SPA_VERSION_IS_SUPPORTED(version));
236884Smm	ASSERT(version >= spa_version(spa));
236884Smm
236884Smm	spa->spa_uberblock.ub_version = version;
236884Smm	vdev_config_dirty(spa->spa_root_vdev);
248571Smm	spa_history_log_internal(spa, "set", tx, "version=%lld", version);
236884Smm}
236884Smm
185029Spjd/*
185029Spjd * Set zpool properties.
185029Spjd */
168404Spjdstatic void
248571Smmspa_sync_props(void *arg, dmu_tx_t *tx)
168404Spjd{
248571Smm	nvlist_t *nvp = arg;
248571Smm	spa_t *spa = dmu_tx_pool(tx)->dp_spa;
185029Spjd	objset_t *mos = spa->spa_meta_objset;
236884Smm	nvpair_t *elem = NULL;
168404Spjd
168404Spjd	mutex_enter(&spa->spa_props_lock);
168404Spjd
185029Spjd	while ((elem = nvlist_next_nvpair(nvp, elem))) {
236884Smm		uint64_t intval;
236884Smm		char *strval, *fname;
236884Smm		zpool_prop_t prop;
236884Smm		const char *propname;
236884Smm		zprop_type_t proptype;
259813Sdelphij		spa_feature_t fid;
236884Smm
185029Spjd		switch (prop = zpool_name_to_prop(nvpair_name(elem))) {
329493Smav		case ZPOOL_PROP_INVAL:
236884Smm			/*
236884Smm			 * We checked this earlier in spa_prop_validate().
236884Smm			 */
236884Smm			ASSERT(zpool_prop_feature(nvpair_name(elem)));
236884Smm
236884Smm			fname = strchr(nvpair_name(elem), '@') + 1;
259813Sdelphij			VERIFY0(zfeature_lookup_name(fname, &fid));
236884Smm
259813Sdelphij			spa_feature_enable(spa, fid, tx);
248571Smm			spa_history_log_internal(spa, "set", tx,
248571Smm			    "%s=enabled", nvpair_name(elem));
236884Smm			break;
236884Smm
185029Spjd		case ZPOOL_PROP_VERSION:
258717Savg			intval = fnvpair_value_uint64(elem);
185029Spjd			/*
236884Smm			 * The version is synced seperatly before other
236884Smm			 * properties and should be correct by now.
185029Spjd			 */
236884Smm			ASSERT3U(spa_version(spa), >=, intval);
185029Spjd			break;
168404Spjd
185029Spjd		case ZPOOL_PROP_ALTROOT:
185029Spjd			/*
185029Spjd			 * 'altroot' is a non-persistent property. It should
185029Spjd			 * have been set temporarily at creation or import time.
185029Spjd			 */
185029Spjd			ASSERT(spa->spa_root != NULL);
185029Spjd			break;
168404Spjd
219089Spjd		case ZPOOL_PROP_READONLY:
185029Spjd		case ZPOOL_PROP_CACHEFILE:
185029Spjd			/*
219089Spjd			 * 'readonly' and 'cachefile' are also non-persisitent
219089Spjd			 * properties.
185029Spjd			 */
168404Spjd			break;
228103Smm		case ZPOOL_PROP_COMMENT:
258717Savg			strval = fnvpair_value_string(elem);
228103Smm			if (spa->spa_comment != NULL)
228103Smm				spa_strfree(spa->spa_comment);
228103Smm			spa->spa_comment = spa_strdup(strval);
228103Smm			/*
228103Smm			 * We need to dirty the configuration on all the vdevs
228103Smm			 * so that their labels get updated.  It's unnecessary
228103Smm			 * to do this for pool creation since the vdev's
228103Smm			 * configuratoin has already been dirtied.
228103Smm			 */
228103Smm			if (tx->tx_txg != TXG_INITIAL)
228103Smm				vdev_config_dirty(spa->spa_root_vdev);
248571Smm			spa_history_log_internal(spa, "set", tx,
248571Smm			    "%s=%s", nvpair_name(elem), strval);
228103Smm			break;
185029Spjd		default:
185029Spjd			/*
185029Spjd			 * Set pool property values in the poolprops mos object.
185029Spjd			 */
185029Spjd			if (spa->spa_pool_props_object == 0) {
236884Smm				spa->spa_pool_props_object =
236884Smm				    zap_create_link(mos, DMU_OT_POOL_PROPS,
185029Spjd				    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_PROPS,
236884Smm				    tx);
185029Spjd			}
185029Spjd
185029Spjd			/* normalize the property name */
185029Spjd			propname = zpool_prop_to_name(prop);
185029Spjd			proptype = zpool_prop_get_type(prop);
185029Spjd
185029Spjd			if (nvpair_type(elem) == DATA_TYPE_STRING) {
185029Spjd				ASSERT(proptype == PROP_TYPE_STRING);
258717Savg				strval = fnvpair_value_string(elem);
258717Savg				VERIFY0(zap_update(mos,
185029Spjd				    spa->spa_pool_props_object, propname,
258717Savg				    1, strlen(strval) + 1, strval, tx));
248571Smm				spa_history_log_internal(spa, "set", tx,
248571Smm				    "%s=%s", nvpair_name(elem), strval);
185029Spjd			} else if (nvpair_type(elem) == DATA_TYPE_UINT64) {
258717Savg				intval = fnvpair_value_uint64(elem);
185029Spjd
185029Spjd				if (proptype == PROP_TYPE_INDEX) {
185029Spjd					const char *unused;
258717Savg					VERIFY0(zpool_prop_index_to_string(
258717Savg					    prop, intval, &unused));
185029Spjd				}
258717Savg				VERIFY0(zap_update(mos,
185029Spjd				    spa->spa_pool_props_object, propname,
258717Savg				    8, 1, &intval, tx));
248571Smm				spa_history_log_internal(spa, "set", tx,
248571Smm				    "%s=%lld", nvpair_name(elem), intval);
185029Spjd			} else {
185029Spjd				ASSERT(0); /* not allowed */
185029Spjd			}
185029Spjd
185029Spjd			switch (prop) {
185029Spjd			case ZPOOL_PROP_DELEGATION:
185029Spjd				spa->spa_delegation = intval;
185029Spjd				break;
185029Spjd			case ZPOOL_PROP_BOOTFS:
185029Spjd				spa->spa_bootfs = intval;
185029Spjd				break;
185029Spjd			case ZPOOL_PROP_FAILUREMODE:
185029Spjd				spa->spa_failmode = intval;
185029Spjd				break;
219089Spjd			case ZPOOL_PROP_AUTOEXPAND:
219089Spjd				spa->spa_autoexpand = intval;
219089Spjd				if (tx->tx_txg != TXG_INITIAL)
219089Spjd					spa_async_request(spa,
219089Spjd					    SPA_ASYNC_AUTOEXPAND);
219089Spjd				break;
219089Spjd			case ZPOOL_PROP_DEDUPDITTO:
219089Spjd				spa->spa_dedup_ditto = intval;
219089Spjd				break;
185029Spjd			default:
185029Spjd				break;
185029Spjd			}
168404Spjd		}
185029Spjd
168404Spjd	}
185029Spjd
185029Spjd	mutex_exit(&spa->spa_props_lock);
168404Spjd}
168404Spjd
168404Spjd/*
219089Spjd * Perform one-time upgrade on-disk changes.  spa_version() does not
219089Spjd * reflect the new version this txg, so there must be no changes this
219089Spjd * txg to anything that the upgrade code depends on after it executes.
219089Spjd * Therefore this must be called after dsl_pool_sync() does the sync
219089Spjd * tasks.
219089Spjd */
219089Spjdstatic void
219089Spjdspa_sync_upgrades(spa_t *spa, dmu_tx_t *tx)
219089Spjd{
219089Spjd	dsl_pool_t *dp = spa->spa_dsl_pool;
219089Spjd
219089Spjd	ASSERT(spa->spa_sync_pass == 1);
219089Spjd
248571Smm	rrw_enter(&dp->dp_config_rwlock, RW_WRITER, FTAG);
248571Smm
219089Spjd	if (spa->spa_ubsync.ub_version < SPA_VERSION_ORIGIN &&
219089Spjd	    spa->spa_uberblock.ub_version >= SPA_VERSION_ORIGIN) {
219089Spjd		dsl_pool_create_origin(dp, tx);
219089Spjd
219089Spjd		/* Keeping the origin open increases spa_minref */
219089Spjd		spa->spa_minref += 3;
219089Spjd	}
219089Spjd
219089Spjd	if (spa->spa_ubsync.ub_version < SPA_VERSION_NEXT_CLONES &&
219089Spjd	    spa->spa_uberblock.ub_version >= SPA_VERSION_NEXT_CLONES) {
219089Spjd		dsl_pool_upgrade_clones(dp, tx);
219089Spjd	}
219089Spjd
219089Spjd	if (spa->spa_ubsync.ub_version < SPA_VERSION_DIR_CLONES &&
219089Spjd	    spa->spa_uberblock.ub_version >= SPA_VERSION_DIR_CLONES) {
219089Spjd		dsl_pool_upgrade_dir_clones(dp, tx);
219089Spjd
219089Spjd		/* Keeping the freedir open increases spa_minref */
219089Spjd		spa->spa_minref += 3;
219089Spjd	}
236884Smm
236884Smm	if (spa->spa_ubsync.ub_version < SPA_VERSION_FEATURES &&
236884Smm	    spa->spa_uberblock.ub_version >= SPA_VERSION_FEATURES) {
236884Smm		spa_feature_create_zap_objects(spa, tx);
236884Smm	}
268126Sdelphij
268126Sdelphij	/*
268126Sdelphij	 * LZ4_COMPRESS feature's behaviour was changed to activate_on_enable
268126Sdelphij	 * when possibility to use lz4 compression for metadata was added
268126Sdelphij	 * Old pools that have this feature enabled must be upgraded to have
268126Sdelphij	 * this feature active
268126Sdelphij	 */
268126Sdelphij	if (spa->spa_uberblock.ub_version >= SPA_VERSION_FEATURES) {
268126Sdelphij		boolean_t lz4_en = spa_feature_is_enabled(spa,
268126Sdelphij		    SPA_FEATURE_LZ4_COMPRESS);
268126Sdelphij		boolean_t lz4_ac = spa_feature_is_active(spa,
268126Sdelphij		    SPA_FEATURE_LZ4_COMPRESS);
268126Sdelphij
268126Sdelphij		if (lz4_en && !lz4_ac)
268126Sdelphij			spa_feature_incr(spa, SPA_FEATURE_LZ4_COMPRESS, tx);
268126Sdelphij	}
289422Smav
289422Smav	/*
289422Smav	 * If we haven't written the salt, do so now.  Note that the
289422Smav	 * feature may not be activated yet, but that's fine since
289422Smav	 * the presence of this ZAP entry is backwards compatible.
289422Smav	 */
289422Smav	if (zap_contains(spa->spa_meta_objset, DMU_POOL_DIRECTORY_OBJECT,
289422Smav	    DMU_POOL_CHECKSUM_SALT) == ENOENT) {
289422Smav		VERIFY0(zap_add(spa->spa_meta_objset,
289422Smav		    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_CHECKSUM_SALT, 1,
289422Smav		    sizeof (spa->spa_cksum_salt.zcs_bytes),
289422Smav		    spa->spa_cksum_salt.zcs_bytes, tx));
289422Smav	}
289422Smav
248571Smm	rrw_exit(&dp->dp_config_rwlock, FTAG);
219089Spjd}
219089Spjd
332525Smavstatic void
332525Smavvdev_indirect_state_sync_verify(vdev_t *vd)
332525Smav{
332525Smav	vdev_indirect_mapping_t *vim = vd->vdev_indirect_mapping;
332525Smav	vdev_indirect_births_t *vib = vd->vdev_indirect_births;
332525Smav
332525Smav	if (vd->vdev_ops == &vdev_indirect_ops) {
332525Smav		ASSERT(vim != NULL);
332525Smav		ASSERT(vib != NULL);
332525Smav	}
332525Smav
332525Smav	if (vdev_obsolete_sm_object(vd) != 0) {
332525Smav		ASSERT(vd->vdev_obsolete_sm != NULL);
332525Smav		ASSERT(vd->vdev_removing ||
332525Smav		    vd->vdev_ops == &vdev_indirect_ops);
332525Smav		ASSERT(vdev_indirect_mapping_num_entries(vim) > 0);
332525Smav		ASSERT(vdev_indirect_mapping_bytes_mapped(vim) > 0);
332525Smav
332525Smav		ASSERT3U(vdev_obsolete_sm_object(vd), ==,
332525Smav		    space_map_object(vd->vdev_obsolete_sm));
332525Smav		ASSERT3U(vdev_indirect_mapping_bytes_mapped(vim), >=,
332525Smav		    space_map_allocated(vd->vdev_obsolete_sm));
332525Smav	}
332525Smav	ASSERT(vd->vdev_obsolete_segments != NULL);
332525Smav
332525Smav	/*
332525Smav	 * Since frees / remaps to an indirect vdev can only
332525Smav	 * happen in syncing context, the obsolete segments
332525Smav	 * tree must be empty when we start syncing.
332525Smav	 */
332525Smav	ASSERT0(range_tree_space(vd->vdev_obsolete_segments));
332525Smav}
332525Smav
219089Spjd/*
168404Spjd * Sync the specified transaction group.  New blocks may be dirtied as
168404Spjd * part of the process, so we iterate until it converges.
168404Spjd */
168404Spjdvoid
168404Spjdspa_sync(spa_t *spa, uint64_t txg)
168404Spjd{
168404Spjd	dsl_pool_t *dp = spa->spa_dsl_pool;
168404Spjd	objset_t *mos = spa->spa_meta_objset;
219089Spjd	bplist_t *free_bpl = &spa->spa_free_bplist[txg & TXG_MASK];
168404Spjd	vdev_t *rvd = spa->spa_root_vdev;
168404Spjd	vdev_t *vd;
168404Spjd	dmu_tx_t *tx;
185029Spjd	int error;
307277Smav	uint32_t max_queue_depth = zfs_vdev_async_write_max_active *
307277Smav	    zfs_vdev_queue_depth_pct / 100;
168404Spjd
219089Spjd	VERIFY(spa_writeable(spa));
219089Spjd
168404Spjd	/*
332525Smav	 * Wait for i/os issued in open context that need to complete
332525Smav	 * before this txg syncs.
332525Smav	 */
332525Smav	VERIFY0(zio_wait(spa->spa_txg_zio[txg & TXG_MASK]));
332525Smav	spa->spa_txg_zio[txg & TXG_MASK] = zio_root(spa, NULL, NULL, 0);
332525Smav
332525Smav	/*
168404Spjd	 * Lock out configuration changes.
168404Spjd	 */
185029Spjd	spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
168404Spjd
168404Spjd	spa->spa_syncing_txg = txg;
168404Spjd	spa->spa_sync_pass = 0;
168404Spjd
307277Smav	mutex_enter(&spa->spa_alloc_lock);
307277Smav	VERIFY0(avl_numnodes(&spa->spa_alloc_tree));
307277Smav	mutex_exit(&spa->spa_alloc_lock);
307277Smav
185029Spjd	/*
185029Spjd	 * If there are any pending vdev state changes, convert them
185029Spjd	 * into config changes that go out with this transaction group.
185029Spjd	 */
185029Spjd	spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
209962Smm	while (list_head(&spa->spa_state_dirty_list) != NULL) {
209962Smm		/*
209962Smm		 * We need the write lock here because, for aux vdevs,
209962Smm		 * calling vdev_config_dirty() modifies sav_config.
209962Smm		 * This is ugly and will become unnecessary when we
209962Smm		 * eliminate the aux vdev wart by integrating all vdevs
209962Smm		 * into the root vdev tree.
209962Smm		 */
209962Smm		spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
209962Smm		spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_WRITER);
209962Smm		while ((vd = list_head(&spa->spa_state_dirty_list)) != NULL) {
209962Smm			vdev_state_clean(vd);
209962Smm			vdev_config_dirty(vd);
209962Smm		}
209962Smm		spa_config_exit(spa, SCL_CONFIG | SCL_STATE, FTAG);
209962Smm		spa_config_enter(spa, SCL_CONFIG | SCL_STATE, FTAG, RW_READER);
185029Spjd	}
185029Spjd	spa_config_exit(spa, SCL_STATE, FTAG);
185029Spjd
168404Spjd	tx = dmu_tx_create_assigned(dp, txg);
168404Spjd
247265Smm	spa->spa_sync_starttime = gethrtime();
247265Smm#ifdef illumos
247265Smm	VERIFY(cyclic_reprogram(spa->spa_deadman_cycid,
247265Smm	    spa->spa_sync_starttime + spa->spa_deadman_synctime));
277300Ssmh#else	/* !illumos */
247265Smm#ifdef _KERNEL
314665Savg	callout_schedule(&spa->spa_deadman_cycid,
314665Savg	    hz * spa->spa_deadman_synctime / NANOSEC);
247265Smm#endif
277300Ssmh#endif	/* illumos */
247265Smm
168404Spjd	/*
185029Spjd	 * If we are upgrading to SPA_VERSION_RAIDZ_DEFLATE this txg,
168404Spjd	 * set spa_deflate if we have no raid-z vdevs.
168404Spjd	 */
185029Spjd	if (spa->spa_ubsync.ub_version < SPA_VERSION_RAIDZ_DEFLATE &&
185029Spjd	    spa->spa_uberblock.ub_version >= SPA_VERSION_RAIDZ_DEFLATE) {
168404Spjd		int i;
168404Spjd
168404Spjd		for (i = 0; i < rvd->vdev_children; i++) {
168404Spjd			vd = rvd->vdev_child[i];
168404Spjd			if (vd->vdev_deflate_ratio != SPA_MINBLOCKSIZE)
168404Spjd				break;
168404Spjd		}
168404Spjd		if (i == rvd->vdev_children) {
168404Spjd			spa->spa_deflate = TRUE;
168404Spjd			VERIFY(0 == zap_add(spa->spa_meta_objset,
168404Spjd			    DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_DEFLATE,
168404Spjd			    sizeof (uint64_t), 1, &spa->spa_deflate, tx));
168404Spjd		}
168404Spjd	}
168404Spjd
168404Spjd	/*
307277Smav	 * Set the top-level vdev's max queue depth. Evaluate each
307277Smav	 * top-level's async write queue depth in case it changed.
307277Smav	 * The max queue depth will not change in the middle of syncing
307277Smav	 * out this txg.
307277Smav	 */
307277Smav	uint64_t queue_depth_total = 0;
307277Smav	for (int c = 0; c < rvd->vdev_children; c++) {
307277Smav		vdev_t *tvd = rvd->vdev_child[c];
307277Smav		metaslab_group_t *mg = tvd->vdev_mg;
307277Smav
307277Smav		if (mg == NULL || mg->mg_class != spa_normal_class(spa) ||
307277Smav		    !metaslab_group_initialized(mg))
307277Smav			continue;
307277Smav
307277Smav		/*
307277Smav		 * It is safe to do a lock-free check here because only async
307277Smav		 * allocations look at mg_max_alloc_queue_depth, and async
307277Smav		 * allocations all happen from spa_sync().
307277Smav		 */
307277Smav		ASSERT0(refcount_count(&mg->mg_alloc_queue_depth));
307277Smav		mg->mg_max_alloc_queue_depth = max_queue_depth;
307277Smav		queue_depth_total += mg->mg_max_alloc_queue_depth;
307277Smav	}
307277Smav	metaslab_class_t *mc = spa_normal_class(spa);
307277Smav	ASSERT0(refcount_count(&mc->mc_alloc_slots));
307277Smav	mc->mc_alloc_max_slots = queue_depth_total;
307277Smav	mc->mc_alloc_throttle_enabled = zio_dva_throttle_enabled;
307277Smav
307277Smav	ASSERT3U(mc->mc_alloc_max_slots, <=,
307277Smav	    max_queue_depth * rvd->vdev_children);
307277Smav
332525Smav	for (int c = 0; c < rvd->vdev_children; c++) {
332525Smav		vdev_t *vd = rvd->vdev_child[c];
332525Smav		vdev_indirect_state_sync_verify(vd);
332525Smav
332525Smav		if (vdev_indirect_should_condense(vd)) {
332525Smav			spa_condense_indirect_start_sync(vd, tx);
332525Smav			break;
332525Smav		}
332525Smav	}
332525Smav
307277Smav	/*
168404Spjd	 * Iterate to convergence.
168404Spjd	 */
168404Spjd	do {
219089Spjd		int pass = ++spa->spa_sync_pass;
168404Spjd
168404Spjd		spa_sync_config_object(spa, tx);
185029Spjd		spa_sync_aux_dev(spa, &spa->spa_spares, tx,
185029Spjd		    ZPOOL_CONFIG_SPARES, DMU_POOL_SPARES);
185029Spjd		spa_sync_aux_dev(spa, &spa->spa_l2cache, tx,
185029Spjd		    ZPOOL_CONFIG_L2CACHE, DMU_POOL_L2CACHE);
168404Spjd		spa_errlog_sync(spa, txg);
168404Spjd		dsl_pool_sync(dp, txg);
168404Spjd
243503Smm		if (pass < zfs_sync_pass_deferred_free) {
258632Savg			spa_sync_frees(spa, free_bpl, tx);
219089Spjd		} else {
275781Sdelphij			/*
275781Sdelphij			 * We can not defer frees in pass 1, because
275781Sdelphij			 * we sync the deferred frees later in pass 1.
275781Sdelphij			 */
275781Sdelphij			ASSERT3U(pass, >, 1);
219089Spjd			bplist_iterate(free_bpl, bpobj_enqueue_cb,
258632Savg			    &spa->spa_deferred_bpobj, tx);
168404Spjd		}
168404Spjd
219089Spjd		ddt_sync(spa, txg);
219089Spjd		dsl_scan_sync(dp, tx);
168404Spjd
332525Smav		if (spa->spa_vdev_removal != NULL)
332525Smav			svr_sync(spa, tx);
332525Smav
332525Smav		while ((vd = txg_list_remove(&spa->spa_vdev_txg_list, txg))
332525Smav		    != NULL)
219089Spjd			vdev_sync(vd, txg);
168404Spjd
275781Sdelphij		if (pass == 1) {
219089Spjd			spa_sync_upgrades(spa, tx);
275781Sdelphij			ASSERT3U(txg, >=,
275781Sdelphij			    spa->spa_uberblock.ub_rootbp.blk_birth);
275781Sdelphij			/*
275781Sdelphij			 * Note: We need to check if the MOS is dirty
275781Sdelphij			 * because we could have marked the MOS dirty
275781Sdelphij			 * without updating the uberblock (e.g. if we
275781Sdelphij			 * have sync tasks but no dirty user data).  We
275781Sdelphij			 * need to check the uberblock's rootbp because
275781Sdelphij			 * it is updated if we have synced out dirty
275781Sdelphij			 * data (though in this case the MOS will most
275781Sdelphij			 * likely also be dirty due to second order
275781Sdelphij			 * effects, we don't want to rely on that here).
275781Sdelphij			 */
275781Sdelphij			if (spa->spa_uberblock.ub_rootbp.blk_birth < txg &&
275781Sdelphij			    !dmu_objset_is_dirty(mos, txg)) {
275781Sdelphij				/*
275781Sdelphij				 * Nothing changed on the first pass,
275781Sdelphij				 * therefore this TXG is a no-op.  Avoid
275781Sdelphij				 * syncing deferred frees, so that we
275781Sdelphij				 * can keep this TXG as a no-op.
275781Sdelphij				 */
275781Sdelphij				ASSERT(txg_list_empty(&dp->dp_dirty_datasets,
275781Sdelphij				    txg));
275781Sdelphij				ASSERT(txg_list_empty(&dp->dp_dirty_dirs, txg));
275781Sdelphij				ASSERT(txg_list_empty(&dp->dp_sync_tasks, txg));
332547Smav				ASSERT(txg_list_empty(&dp->dp_early_sync_tasks,
332547Smav				    txg));
275781Sdelphij				break;
275781Sdelphij			}
275781Sdelphij			spa_sync_deferred_frees(spa, tx);
275781Sdelphij		}
168404Spjd
219089Spjd	} while (dmu_objset_is_dirty(mos, txg));
219089Spjd
299441Smav	if (!list_is_empty(&spa->spa_config_dirty_list)) {
299441Smav		/*
299441Smav		 * Make sure that the number of ZAPs for all the vdevs matches
299441Smav		 * the number of ZAPs in the per-vdev ZAP list. This only gets
299441Smav		 * called if the config is dirty; otherwise there may be
299441Smav		 * outstanding AVZ operations that weren't completed in
299441Smav		 * spa_sync_config_object.
299441Smav		 */
299441Smav		uint64_t all_vdev_zap_entry_count;
299441Smav		ASSERT0(zap_count(spa->spa_meta_objset,
299441Smav		    spa->spa_all_vdev_zaps, &all_vdev_zap_entry_count));
299441Smav		ASSERT3U(vdev_count_verify_zaps(spa->spa_root_vdev), ==,
299441Smav		    all_vdev_zap_entry_count);
299441Smav	}
299441Smav
332525Smav	if (spa->spa_vdev_removal != NULL) {
332525Smav		ASSERT0(spa->spa_vdev_removal->svr_bytes_done[txg & TXG_MASK]);
332525Smav	}
332525Smav
168404Spjd	/*
168404Spjd	 * Rewrite the vdev configuration (which includes the uberblock)
168404Spjd	 * to commit the transaction group.
168404Spjd	 *
185029Spjd	 * If there are no dirty vdevs, we sync the uberblock to a few
185029Spjd	 * random top-level vdevs that are known to be visible in the
185029Spjd	 * config cache (see spa_vdev_add() for a complete description).
185029Spjd	 * If there *are* dirty vdevs, sync the uberblock to all vdevs.
168404Spjd	 */
185029Spjd	for (;;) {
185029Spjd		/*
185029Spjd		 * We hold SCL_STATE to prevent vdev open/close/etc.
185029Spjd		 * while we're attempting to write the vdev labels.
185029Spjd		 */
185029Spjd		spa_config_enter(spa, SCL_STATE, FTAG, RW_READER);
168404Spjd
185029Spjd		if (list_is_empty(&spa->spa_config_dirty_list)) {
332547Smav			vdev_t *svd[SPA_SYNC_MIN_VDEVS] = { NULL };
185029Spjd			int svdcount = 0;
185029Spjd			int children = rvd->vdev_children;
185029Spjd			int c0 = spa_get_random(children);
185029Spjd
219089Spjd			for (int c = 0; c < children; c++) {
185029Spjd				vd = rvd->vdev_child[(c0 + c) % children];
332547Smav
332547Smav				/* Stop when revisiting the first vdev */
332547Smav				if (c > 0 && svd[0] == vd)
332547Smav					break;
332547Smav
332525Smav				if (vd->vdev_ms_array == 0 || vd->vdev_islog ||
332525Smav				    !vdev_is_concrete(vd))
185029Spjd					continue;
332547Smav
185029Spjd				svd[svdcount++] = vd;
332536Smav				if (svdcount == SPA_SYNC_MIN_VDEVS)
185029Spjd					break;
185029Spjd			}
294811Smav			error = vdev_config_sync(svd, svdcount, txg);
185029Spjd		} else {
185029Spjd			error = vdev_config_sync(rvd->vdev_child,
294811Smav			    rvd->vdev_children, txg);
168404Spjd		}
185029Spjd
239620Smm		if (error == 0)
239620Smm			spa->spa_last_synced_guid = rvd->vdev_guid;
239620Smm
185029Spjd		spa_config_exit(spa, SCL_STATE, FTAG);
185029Spjd
185029Spjd		if (error == 0)
185029Spjd			break;
185029Spjd		zio_suspend(spa, NULL);
185029Spjd		zio_resume_wait(spa);
168404Spjd	}
168404Spjd	dmu_tx_commit(tx);
168404Spjd
247265Smm#ifdef illumos
247265Smm	VERIFY(cyclic_reprogram(spa->spa_deadman_cycid, CY_INFINITY));
277300Ssmh#else	/* !illumos */
247265Smm#ifdef _KERNEL
247265Smm	callout_drain(&spa->spa_deadman_cycid);
247265Smm#endif
277300Ssmh#endif	/* illumos */
247265Smm
168404Spjd	/*
168404Spjd	 * Clear the dirty config list.
168404Spjd	 */
185029Spjd	while ((vd = list_head(&spa->spa_config_dirty_list)) != NULL)
168404Spjd		vdev_config_clean(vd);
168404Spjd
168404Spjd	/*
168404Spjd	 * Now that the new config has synced transactionally,
168404Spjd	 * let it become visible to the config cache.
168404Spjd	 */
168404Spjd	if (spa->spa_config_syncing != NULL) {
168404Spjd		spa_config_set(spa, spa->spa_config_syncing);
168404Spjd		spa->spa_config_txg = txg;
168404Spjd		spa->spa_config_syncing = NULL;
168404Spjd	}
168404Spjd
219089Spjd	dsl_pool_sync_done(dp, txg);
168404Spjd
307277Smav	mutex_enter(&spa->spa_alloc_lock);
307277Smav	VERIFY0(avl_numnodes(&spa->spa_alloc_tree));
307277Smav	mutex_exit(&spa->spa_alloc_lock);
307277Smav
168404Spjd	/*
168404Spjd	 * Update usable space statistics.
168404Spjd	 */
168404Spjd	while (vd = txg_list_remove(&spa->spa_vdev_txg_list, TXG_CLEAN(txg)))
168404Spjd		vdev_sync_done(vd, txg);
168404Spjd
219089Spjd	spa_update_dspace(spa);
219089Spjd
168404Spjd	/*
168404Spjd	 * It had better be the case that we didn't dirty anything
168404Spjd	 * since vdev_config_sync().
168404Spjd	 */
168404Spjd	ASSERT(txg_list_empty(&dp->dp_dirty_datasets, txg));
168404Spjd	ASSERT(txg_list_empty(&dp->dp_dirty_dirs, txg));
168404Spjd	ASSERT(txg_list_empty(&spa->spa_vdev_txg_list, txg));
168404Spjd
332547Smav	while (zfs_pause_spa_sync)
332547Smav		delay(1);
332547Smav
219089Spjd	spa->spa_sync_pass = 0;
219089Spjd
310515Savg	/*
310515Savg	 * Update the last synced uberblock here. We want to do this at
310515Savg	 * the end of spa_sync() so that consumers of spa_last_synced_txg()
310515Savg	 * will be guaranteed that all the processing associated with
310515Savg	 * that txg has been completed.
310515Savg	 */
310515Savg	spa->spa_ubsync = spa->spa_uberblock;
185029Spjd	spa_config_exit(spa, SCL_CONFIG, FTAG);
168404Spjd
219089Spjd	spa_handle_ignored_writes(spa);
219089Spjd
168404Spjd	/*
168404Spjd	 * If any async tasks have been requested, kick them off.
168404Spjd	 */
168404Spjd	spa_async_dispatch(spa);
253990Smav	spa_async_dispatch_vd(spa);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * Sync all pools.  We don't want to hold the namespace lock across these
168404Spjd * operations, so we take a reference on the spa_t and drop the lock during the
168404Spjd * sync.
168404Spjd */
168404Spjdvoid
168404Spjdspa_sync_allpools(void)
168404Spjd{
168404Spjd	spa_t *spa = NULL;
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	while ((spa = spa_next(spa)) != NULL) {
219089Spjd		if (spa_state(spa) != POOL_STATE_ACTIVE ||
219089Spjd		    !spa_writeable(spa) || spa_suspended(spa))
168404Spjd			continue;
168404Spjd		spa_open_ref(spa, FTAG);
168404Spjd		mutex_exit(&spa_namespace_lock);
168404Spjd		txg_wait_synced(spa_get_dsl(spa), 0);
168404Spjd		mutex_enter(&spa_namespace_lock);
168404Spjd		spa_close(spa, FTAG);
168404Spjd	}
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd}
168404Spjd
168404Spjd/*
168404Spjd * ==========================================================================
168404Spjd * Miscellaneous routines
168404Spjd * ==========================================================================
168404Spjd */
168404Spjd
168404Spjd/*
168404Spjd * Remove all pools in the system.
168404Spjd */
168404Spjdvoid
168404Spjdspa_evict_all(void)
168404Spjd{
168404Spjd	spa_t *spa;
168404Spjd
168404Spjd	/*
168404Spjd	 * Remove all cached state.  All pools should be closed now,
168404Spjd	 * so every spa in the AVL tree should be unreferenced.
168404Spjd	 */
168404Spjd	mutex_enter(&spa_namespace_lock);
168404Spjd	while ((spa = spa_next(NULL)) != NULL) {
168404Spjd		/*
168404Spjd		 * Stop async tasks.  The async thread may need to detach
168404Spjd		 * a device that's been replaced, which requires grabbing
168404Spjd		 * spa_namespace_lock, so we must drop it here.
168404Spjd		 */
168404Spjd		spa_open_ref(spa, FTAG);
168404Spjd		mutex_exit(&spa_namespace_lock);
168404Spjd		spa_async_suspend(spa);
168404Spjd		mutex_enter(&spa_namespace_lock);
168404Spjd		spa_close(spa, FTAG);
168404Spjd
168404Spjd		if (spa->spa_state != POOL_STATE_UNINITIALIZED) {
168404Spjd			spa_unload(spa);
168404Spjd			spa_deactivate(spa);
168404Spjd		}
168404Spjd		spa_remove(spa);
168404Spjd	}
168404Spjd	mutex_exit(&spa_namespace_lock);
168404Spjd}
168404Spjd
168404Spjdvdev_t *
209962Smmspa_lookup_by_guid(spa_t *spa, uint64_t guid, boolean_t aux)
168404Spjd{
185029Spjd	vdev_t *vd;
185029Spjd	int i;
185029Spjd
185029Spjd	if ((vd = vdev_lookup_by_guid(spa->spa_root_vdev, guid)) != NULL)
185029Spjd		return (vd);
185029Spjd
209962Smm	if (aux) {
185029Spjd		for (i = 0; i < spa->spa_l2cache.sav_count; i++) {
185029Spjd			vd = spa->spa_l2cache.sav_vdevs[i];
185029Spjd			if (vd->vdev_guid == guid)
185029Spjd				return (vd);
185029Spjd		}
209962Smm
209962Smm		for (i = 0; i < spa->spa_spares.sav_count; i++) {
209962Smm			vd = spa->spa_spares.sav_vdevs[i];
209962Smm			if (vd->vdev_guid == guid)
209962Smm				return (vd);
209962Smm		}
185029Spjd	}
185029Spjd
185029Spjd	return (NULL);
168404Spjd}
168404Spjd
168404Spjdvoid
185029Spjdspa_upgrade(spa_t *spa, uint64_t version)
168404Spjd{
219089Spjd	ASSERT(spa_writeable(spa));
219089Spjd
185029Spjd	spa_config_enter(spa, SCL_ALL, FTAG, RW_WRITER);
168404Spjd
168404Spjd	/*
168404Spjd	 * This should only be called for a non-faulted pool, and since a
168404Spjd	 * future version would result in an unopenable pool, this shouldn't be
168404Spjd	 * possible.
168404Spjd	 */
247592Sdelphij	ASSERT(SPA_VERSION_IS_SUPPORTED(spa->spa_uberblock.ub_version));
268075Sdelphij	ASSERT3U(version, >=, spa->spa_uberblock.ub_version);
168404Spjd
185029Spjd	spa->spa_uberblock.ub_version = version;
168404Spjd	vdev_config_dirty(spa->spa_root_vdev);
168404Spjd
185029Spjd	spa_config_exit(spa, SCL_ALL, FTAG);
168404Spjd
168404Spjd	txg_wait_synced(spa_get_dsl(spa), 0);
168404Spjd}
168404Spjd
168404Spjdboolean_t
168404Spjdspa_has_spare(spa_t *spa, uint64_t guid)
168404Spjd{
168404Spjd	int i;
168404Spjd	uint64_t spareguid;
185029Spjd	spa_aux_vdev_t *sav = &spa->spa_spares;
168404Spjd
185029Spjd	for (i = 0; i < sav->sav_count; i++)
185029Spjd		if (sav->sav_vdevs[i]->vdev_guid == guid)
168404Spjd			return (B_TRUE);
168404Spjd
185029Spjd	for (i = 0; i < sav->sav_npending; i++) {
185029Spjd		if (nvlist_lookup_uint64(sav->sav_pending[i], ZPOOL_CONFIG_GUID,
185029Spjd		    &spareguid) == 0 && spareguid == guid)
168404Spjd			return (B_TRUE);
168404Spjd	}
168404Spjd
168404Spjd	return (B_FALSE);
168404Spjd}
168404Spjd
185029Spjd/*
185029Spjd * Check if a pool has an active shared spare device.
185029Spjd * Note: reference count of an active spare is 2, as a spare and as a replace
185029Spjd */
185029Spjdstatic boolean_t
185029Spjdspa_has_active_shared_spare(spa_t *spa)
168404Spjd{
185029Spjd	int i, refcnt;
185029Spjd	uint64_t pool;
185029Spjd	spa_aux_vdev_t *sav = &spa->spa_spares;
185029Spjd
185029Spjd	for (i = 0; i < sav->sav_count; i++) {
185029Spjd		if (spa_spare_exists(sav->sav_vdevs[i]->vdev_guid, &pool,
185029Spjd		    &refcnt) && pool != 0ULL && pool == spa_guid(spa) &&
185029Spjd		    refcnt > 2)
185029Spjd			return (B_TRUE);
185029Spjd	}
185029Spjd
185029Spjd	return (B_FALSE);
168404Spjd}
168404Spjd
332525Smavsysevent_t *
331397Smavspa_event_create(spa_t *spa, vdev_t *vd, nvlist_t *hist_nvl, const char *name)
168404Spjd{
307113Smav	sysevent_t		*ev = NULL;
185029Spjd#ifdef _KERNEL
185029Spjd	sysevent_attr_list_t	*attr = NULL;
185029Spjd	sysevent_value_t	value;
168404Spjd
185029Spjd	ev = sysevent_alloc(EC_ZFS, (char *)name, SUNW_KERN_PUB "zfs",
185029Spjd	    SE_SLEEP);
307113Smav	ASSERT(ev != NULL);
168404Spjd
185029Spjd	value.value_type = SE_DATA_TYPE_STRING;
185029Spjd	value.value.sv_string = spa_name(spa);
185029Spjd	if (sysevent_add_attr(&attr, ZFS_EV_POOL_NAME, &value, SE_SLEEP) != 0)
185029Spjd		goto done;
168404Spjd
185029Spjd	value.value_type = SE_DATA_TYPE_UINT64;
185029Spjd	value.value.sv_uint64 = spa_guid(spa);
185029Spjd	if (sysevent_add_attr(&attr, ZFS_EV_POOL_GUID, &value, SE_SLEEP) != 0)
185029Spjd		goto done;
168404Spjd
185029Spjd	if (vd) {
185029Spjd		value.value_type = SE_DATA_TYPE_UINT64;
185029Spjd		value.value.sv_uint64 = vd->vdev_guid;
185029Spjd		if (sysevent_add_attr(&attr, ZFS_EV_VDEV_GUID, &value,
185029Spjd		    SE_SLEEP) != 0)
185029Spjd			goto done;
168404Spjd
185029Spjd		if (vd->vdev_path) {
185029Spjd			value.value_type = SE_DATA_TYPE_STRING;
185029Spjd			value.value.sv_string = vd->vdev_path;
185029Spjd			if (sysevent_add_attr(&attr, ZFS_EV_VDEV_PATH,
185029Spjd			    &value, SE_SLEEP) != 0)
185029Spjd				goto done;
168404Spjd		}
168404Spjd	}
168404Spjd
331397Smav	if (hist_nvl != NULL) {
331397Smav		fnvlist_merge((nvlist_t *)attr, hist_nvl);
331397Smav	}
331397Smav
185029Spjd	if (sysevent_attach_attributes(ev, attr) != 0)
185029Spjd		goto done;
185029Spjd	attr = NULL;
168404Spjd
185029Spjddone:
185029Spjd	if (attr)
185029Spjd		sysevent_free_attr(attr);
307113Smav
307113Smav#endif
307113Smav	return (ev);
307113Smav}
307113Smav
332525Smavvoid
307113Smavspa_event_post(sysevent_t *ev)
307113Smav{
307113Smav#ifdef _KERNEL
307113Smav	sysevent_id_t		eid;
307113Smav
307113Smav	(void) log_sysevent(ev, SE_SLEEP, &eid);
185029Spjd	sysevent_free(ev);
185029Spjd#endif
168404Spjd}
307113Smav
332525Smavvoid
332525Smavspa_event_discard(sysevent_t *ev)
332525Smav{
332525Smav#ifdef _KERNEL
332525Smav	sysevent_free(ev);
332525Smav#endif
332525Smav}
332525Smav
307113Smav/*
307113Smav * Post a sysevent corresponding to the given event.  The 'name' must be one of
307113Smav * the event definitions in sys/sysevent/eventdefs.h.  The payload will be
331397Smav * filled in from the spa and (optionally) the vdev and history nvl.  This
331397Smav * doesn't do anything in the userland libzpool, as we don't want consumers to
331397Smav * misinterpret ztest or zdb as real changes.
307113Smav */
307113Smavvoid
331397Smavspa_event_notify(spa_t *spa, vdev_t *vd, nvlist_t *hist_nvl, const char *name)
307113Smav{
331397Smav	spa_event_post(spa_event_create(spa, vd, hist_nvl, name));
307113Smav}