Print this page
OS-1566 dataset quota for ZFS datasets


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright (c) 2012 by Delphix. All rights reserved.

  24  */
  25 
  26 /* Portions Copyright 2010 Robert Milkowski */
  27 
  28 #include <sys/cred.h>
  29 #include <sys/zfs_context.h>
  30 #include <sys/dmu_objset.h>
  31 #include <sys/dsl_dir.h>
  32 #include <sys/dsl_dataset.h>
  33 #include <sys/dsl_prop.h>
  34 #include <sys/dsl_pool.h>
  35 #include <sys/dsl_synctask.h>
  36 #include <sys/dsl_deleg.h>
  37 #include <sys/dnode.h>
  38 #include <sys/dbuf.h>
  39 #include <sys/zvol.h>
  40 #include <sys/dmu_tx.h>
  41 #include <sys/zap.h>
  42 #include <sys/zil.h>
  43 #include <sys/dmu_impl.h>


 673         struct oscarg *oa = arg2;
 674         objset_t *mos = dd->dd_pool->dp_meta_objset;
 675         int err;
 676         uint64_t ddobj;
 677 
 678         err = zap_lookup(mos, dd->dd_phys->dd_child_dir_zapobj,
 679             oa->lastname, sizeof (uint64_t), 1, &ddobj);
 680         if (err != ENOENT)
 681                 return (err ? err : EEXIST);
 682 
 683         if (oa->clone_origin != NULL) {
 684                 /* You can't clone across pools. */
 685                 if (oa->clone_origin->ds_dir->dd_pool != dd->dd_pool)
 686                         return (EXDEV);
 687 
 688                 /* You can only clone snapshots, not the head datasets. */
 689                 if (!dsl_dataset_is_snapshot(oa->clone_origin))
 690                         return (EINVAL);
 691         }
 692 
 693         return (0);
 694 }
 695 
 696 static void
 697 dmu_objset_create_sync(void *arg1, void *arg2, dmu_tx_t *tx)
 698 {
 699         dsl_dir_t *dd = arg1;
 700         spa_t *spa = dd->dd_pool->dp_spa;
 701         struct oscarg *oa = arg2;
 702         uint64_t obj;
 703         dsl_dataset_t *ds;
 704         blkptr_t *bp;
 705 
 706         ASSERT(dmu_tx_is_syncing(tx));
 707 


 708         obj = dsl_dataset_create_sync(dd, oa->lastname,
 709             oa->clone_origin, oa->flags, oa->cr, tx);
 710 
 711         VERIFY3U(0, ==, dsl_dataset_hold_obj(dd->dd_pool, obj, FTAG, &ds));
 712         bp = dsl_dataset_get_blkptr(ds);
 713         if (BP_IS_HOLE(bp)) {
 714                 objset_t *os =
 715                     dmu_objset_create_impl(spa, ds, bp, oa->type, tx);
 716 
 717                 if (oa->userfunc)
 718                         oa->userfunc(os, oa->userarg, oa->cr, tx);
 719         }
 720 
 721         if (oa->clone_origin == NULL) {
 722                 spa_history_log_internal_ds(ds, "create", tx, "");
 723         } else {
 724                 char namebuf[MAXNAMELEN];
 725                 dsl_dataset_name(oa->clone_origin, namebuf);
 726                 spa_history_log_internal_ds(ds, "clone", tx,
 727                     "origin=%s (%llu)", namebuf, oa->clone_origin->ds_object);


 790 
 791 int
 792 dmu_objset_destroy(const char *name, boolean_t defer)
 793 {
 794         dsl_dataset_t *ds;
 795         int error;
 796 
 797         error = dsl_dataset_own(name, B_TRUE, FTAG, &ds);
 798         if (error == 0) {
 799                 error = dsl_dataset_destroy(ds, FTAG, defer);
 800                 /* dsl_dataset_destroy() closes the ds. */
 801         }
 802 
 803         return (error);
 804 }
 805 
 806 typedef struct snapallarg {
 807         dsl_sync_task_group_t *saa_dstg;
 808         boolean_t saa_needsuspend;
 809         nvlist_t *saa_props;

 810 
 811         /* the following are used only if 'temporary' is set: */
 812         boolean_t saa_temporary;
 813         const char *saa_htag;
 814         struct dsl_ds_holdarg *saa_ha;
 815         dsl_dataset_t *saa_newds;
 816 } snapallarg_t;
 817 
 818 typedef struct snaponearg {
 819         const char *soa_longname; /* long snap name */
 820         const char *soa_snapname; /* short snap name */
 821         snapallarg_t *soa_saa;
 822 } snaponearg_t;
 823 
 824 static int
 825 snapshot_check(void *arg1, void *arg2, dmu_tx_t *tx)
 826 {
 827         objset_t *os = arg1;
 828         snaponearg_t *soa = arg2;
 829         snapallarg_t *saa = soa->soa_saa;
 830         int error;
 831 
 832         /* The props have already been checked by zfs_check_userprops(). */
 833 


































 834         error = dsl_dataset_snapshot_check(os->os_dsl_dataset,
 835             soa->soa_snapname, tx);


 836         if (error)
 837                 return (error);
 838 
 839         if (saa->saa_temporary) {
 840                 /*
 841                  * Ideally we would just call
 842                  * dsl_dataset_user_hold_check() and
 843                  * dsl_dataset_destroy_check() here.  However the
 844                  * dataset we want to hold and destroy is the snapshot
 845                  * that we just confirmed we can create, but it won't
 846                  * exist until after these checks are run.  Do any
 847                  * checks we can here and if more checks are added to
 848                  * those routines in the future, similar checks may be
 849                  * necessary here.
 850                  */
 851                 if (spa_version(os->os_spa) < SPA_VERSION_USERREFS)
 852                         return (ENOTSUP);
 853                 /*
 854                  * Not checking number of tags because the tag will be
 855                  * unique, as it will be the only tag.




   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright (c) 2012 by Delphix. All rights reserved.
  24  * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  25  */
  26 
  27 /* Portions Copyright 2010 Robert Milkowski */
  28 
  29 #include <sys/cred.h>
  30 #include <sys/zfs_context.h>
  31 #include <sys/dmu_objset.h>
  32 #include <sys/dsl_dir.h>
  33 #include <sys/dsl_dataset.h>
  34 #include <sys/dsl_prop.h>
  35 #include <sys/dsl_pool.h>
  36 #include <sys/dsl_synctask.h>
  37 #include <sys/dsl_deleg.h>
  38 #include <sys/dnode.h>
  39 #include <sys/dbuf.h>
  40 #include <sys/zvol.h>
  41 #include <sys/dmu_tx.h>
  42 #include <sys/zap.h>
  43 #include <sys/zil.h>
  44 #include <sys/dmu_impl.h>


 674         struct oscarg *oa = arg2;
 675         objset_t *mos = dd->dd_pool->dp_meta_objset;
 676         int err;
 677         uint64_t ddobj;
 678 
 679         err = zap_lookup(mos, dd->dd_phys->dd_child_dir_zapobj,
 680             oa->lastname, sizeof (uint64_t), 1, &ddobj);
 681         if (err != ENOENT)
 682                 return (err ? err : EEXIST);
 683 
 684         if (oa->clone_origin != NULL) {
 685                 /* You can't clone across pools. */
 686                 if (oa->clone_origin->ds_dir->dd_pool != dd->dd_pool)
 687                         return (EXDEV);
 688 
 689                 /* You can only clone snapshots, not the head datasets. */
 690                 if (!dsl_dataset_is_snapshot(oa->clone_origin))
 691                         return (EINVAL);
 692         }
 693 
 694         return (dsl_dir_dscount_check(dd, tx, 1, NULL));
 695 }
 696 
 697 static void
 698 dmu_objset_create_sync(void *arg1, void *arg2, dmu_tx_t *tx)
 699 {
 700         dsl_dir_t *dd = arg1;
 701         spa_t *spa = dd->dd_pool->dp_spa;
 702         struct oscarg *oa = arg2;
 703         uint64_t obj;
 704         dsl_dataset_t *ds;
 705         blkptr_t *bp;
 706 
 707         ASSERT(dmu_tx_is_syncing(tx));
 708 
 709         dsl_dir_dscount_adjust(dd, tx, 1, B_TRUE, B_TRUE);
 710 
 711         obj = dsl_dataset_create_sync(dd, oa->lastname,
 712             oa->clone_origin, oa->flags, oa->cr, tx);
 713 
 714         VERIFY3U(0, ==, dsl_dataset_hold_obj(dd->dd_pool, obj, FTAG, &ds));
 715         bp = dsl_dataset_get_blkptr(ds);
 716         if (BP_IS_HOLE(bp)) {
 717                 objset_t *os =
 718                     dmu_objset_create_impl(spa, ds, bp, oa->type, tx);
 719 
 720                 if (oa->userfunc)
 721                         oa->userfunc(os, oa->userarg, oa->cr, tx);
 722         }
 723 
 724         if (oa->clone_origin == NULL) {
 725                 spa_history_log_internal_ds(ds, "create", tx, "");
 726         } else {
 727                 char namebuf[MAXNAMELEN];
 728                 dsl_dataset_name(oa->clone_origin, namebuf);
 729                 spa_history_log_internal_ds(ds, "clone", tx,
 730                     "origin=%s (%llu)", namebuf, oa->clone_origin->ds_object);


 793 
 794 int
 795 dmu_objset_destroy(const char *name, boolean_t defer)
 796 {
 797         dsl_dataset_t *ds;
 798         int error;
 799 
 800         error = dsl_dataset_own(name, B_TRUE, FTAG, &ds);
 801         if (error == 0) {
 802                 error = dsl_dataset_destroy(ds, FTAG, defer);
 803                 /* dsl_dataset_destroy() closes the ds. */
 804         }
 805 
 806         return (error);
 807 }
 808 
 809 typedef struct snapallarg {
 810         dsl_sync_task_group_t *saa_dstg;
 811         boolean_t saa_needsuspend;
 812         nvlist_t *saa_props;
 813         uint64_t saa_tot_cnt;
 814 
 815         /* the following are used only if 'temporary' is set: */
 816         boolean_t saa_temporary;
 817         const char *saa_htag;
 818         struct dsl_ds_holdarg *saa_ha;
 819         dsl_dataset_t *saa_newds;
 820 } snapallarg_t;
 821 
 822 typedef struct snaponearg {
 823         const char *soa_longname; /* long snap name */
 824         const char *soa_snapname; /* short snap name */
 825         snapallarg_t *soa_saa;
 826 } snaponearg_t;
 827 
 828 static int
 829 snapshot_check(void *arg1, void *arg2, dmu_tx_t *tx)
 830 {
 831         objset_t *os = arg1;
 832         snaponearg_t *soa = arg2;
 833         snapallarg_t *saa = soa->soa_saa;
 834         int error;
 835 
 836         /* The props have already been checked by zfs_check_userprops(). */
 837 
 838         /*
 839          * The saa_tot_cnt is used to track how many snapshots there are going
 840          * to be at the highest level of the snapshot tree. This is necessary
 841          * because the counts are not actually adjusted when we are checking,
 842          * only when we finally sync. For a single snapshot, this is easy, the
 843          * count is 1, but it gets more complicated for recursive snapshots.
 844          *
 845          * We only enforce the snapshot quota at the level where the snapshot
 846          * is being taken. This is to prevent datasets with a full snapshot
 847          * count at a lower level from blocking recursive snapshots being taken
 848          * at a higher level. For example, the quota is only enforced on 'a'
 849          * and 'b' when taking a recursive snapshot of a/b@x with the following
 850          * existing state:
 851          *      a/b     (0 snaps, snap quota is 5)
 852          *      a/b/c   (0 snaps, snap quota is none)
 853          *      a/b/d   (1 snaps, snap quota is 1)
 854          * A recursive snapshot of a/b will be allowed since it results in
 855          * 3 new snapshots (a/b@x, a/b/c@x, a/b/d@x), even though a/b/d already
 856          * has 1 snapshot and has hit its quota (note that the existing
 857          * snapshot on a/b/d is being counted against the quota on a/b). When
 858          * the snapshot completes, a/b will have a snapshot count of 4 and
 859          * a/b/d will have a count of 2. As can be seen, this means that
 860          * datasets can have a snapshot count > their quota.
 861          *
 862          * In order to properly handle recursive snapshots, we increment the
 863          * total count in open context, but this count is not validated in open
 864          * context. This gives us the maximum count to validate at the
 865          * top-level dataset when we're in syncing context. We then use a count
 866          * of 0 in syncing conext as we descend the tree past the top-level
 867          * snapshot so that lower levels are not being validated against their
 868          * quota.
 869          */
 870         if (!dmu_tx_is_syncing(tx))
 871                 saa->saa_tot_cnt++;
 872         error = dsl_dataset_snapshot_check(os->os_dsl_dataset,
 873             soa->soa_snapname, saa->saa_tot_cnt, tx);
 874         if (dmu_tx_is_syncing(tx))
 875                 saa->saa_tot_cnt = 0;
 876         if (error)
 877                 return (error);
 878 
 879         if (saa->saa_temporary) {
 880                 /*
 881                  * Ideally we would just call
 882                  * dsl_dataset_user_hold_check() and
 883                  * dsl_dataset_destroy_check() here.  However the
 884                  * dataset we want to hold and destroy is the snapshot
 885                  * that we just confirmed we can create, but it won't
 886                  * exist until after these checks are run.  Do any
 887                  * checks we can here and if more checks are added to
 888                  * those routines in the future, similar checks may be
 889                  * necessary here.
 890                  */
 891                 if (spa_version(os->os_spa) < SPA_VERSION_USERREFS)
 892                         return (ENOTSUP);
 893                 /*
 894                  * Not checking number of tags because the tag will be
 895                  * unique, as it will be the only tag.