1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 2012 by Delphix. All rights reserved.
25 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 */
27
28 #include <sys/dmu.h>
29 #include <sys/dmu_impl.h>
30 #include <sys/dmu_tx.h>
31 #include <sys/dbuf.h>
32 #include <sys/dnode.h>
33 #include <sys/zfs_context.h>
34 #include <sys/dmu_objset.h>
35 #include <sys/dmu_traverse.h>
36 #include <sys/dsl_dataset.h>
37 #include <sys/dsl_dir.h>
38 #include <sys/dsl_prop.h>
39 #include <sys/dsl_pool.h>
40 #include <sys/dsl_synctask.h>
41 #include <sys/zfs_ioctl.h>
42 #include <sys/zap.h>
43 #include <sys/zio_checksum.h>
44 #include <sys/zfs_znode.h>
45 #include <zfs_fletcher.h>
46 #include <sys/avl.h>
47 #include <sys/ddt.h>
48 #include <sys/zfs_onexit.h>
49
50 /* Set this tunable to TRUE to replace corrupt data with 0x2f5baddb10c */
51 int zfs_send_corrupt_data = B_FALSE;
52
53 static char *dmu_recv_tag = "dmu_recv_tag";
54
55 static int
56 dump_bytes(dmu_sendarg_t *dsp, void *buf, int len)
57 {
58 dsl_dataset_t *ds = dsp->dsa_os->os_dsl_dataset;
59 ssize_t resid; /* have to get resid to get detailed errno */
60 ASSERT0(len % 8);
61
62 fletcher_4_incremental_native(buf, len, &dsp->dsa_zc);
63 dsp->dsa_err = vn_rdwr(UIO_WRITE, dsp->dsa_vp,
64 (caddr_t)buf, len,
65 0, UIO_SYSSPACE, FAPPEND, RLIM64_INFINITY, CRED(), &resid);
66
67 mutex_enter(&ds->ds_sendstream_lock);
68 *dsp->dsa_off += len;
69 mutex_exit(&ds->ds_sendstream_lock);
70
71 return (dsp->dsa_err);
72 }
73
74 static int
75 dump_free(dmu_sendarg_t *dsp, uint64_t object, uint64_t offset,
76 uint64_t length)
77 {
78 struct drr_free *drrf = &(dsp->dsa_drr->drr_u.drr_free);
79
80 if (length != -1ULL && offset + length < offset)
81 length = -1ULL;
82
83 /*
84 * If there is a pending op, but it's not PENDING_FREE, push it out,
85 * since free block aggregation can only be done for blocks of the
86 * same type (i.e., DRR_FREE records can only be aggregated with
87 * other DRR_FREE records. DRR_FREEOBJECTS records can only be
88 * aggregated with other DRR_FREEOBJECTS records.
89 */
90 if (dsp->dsa_pending_op != PENDING_NONE &&
91 dsp->dsa_pending_op != PENDING_FREE) {
92 if (dump_bytes(dsp, dsp->dsa_drr,
93 sizeof (dmu_replay_record_t)) != 0)
94 return (EINTR);
95 dsp->dsa_pending_op = PENDING_NONE;
96 }
97
98 if (dsp->dsa_pending_op == PENDING_FREE) {
99 /*
100 * There should never be a PENDING_FREE if length is -1
101 * (because dump_dnode is the only place where this
102 * function is called with a -1, and only after flushing
103 * any pending record).
104 */
105 ASSERT(length != -1ULL);
106 /*
107 * Check to see whether this free block can be aggregated
108 * with pending one.
109 */
110 if (drrf->drr_object == object && drrf->drr_offset +
111 drrf->drr_length == offset) {
112 drrf->drr_length += length;
113 return (0);
114 } else {
115 /* not a continuation. Push out pending record */
116 if (dump_bytes(dsp, dsp->dsa_drr,
117 sizeof (dmu_replay_record_t)) != 0)
118 return (EINTR);
119 dsp->dsa_pending_op = PENDING_NONE;
120 }
121 }
122 /* create a FREE record and make it pending */
123 bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t));
124 dsp->dsa_drr->drr_type = DRR_FREE;
125 drrf->drr_object = object;
126 drrf->drr_offset = offset;
127 drrf->drr_length = length;
128 drrf->drr_toguid = dsp->dsa_toguid;
129 if (length == -1ULL) {
130 if (dump_bytes(dsp, dsp->dsa_drr,
131 sizeof (dmu_replay_record_t)) != 0)
132 return (EINTR);
133 } else {
134 dsp->dsa_pending_op = PENDING_FREE;
135 }
136
137 return (0);
138 }
139
140 static int
141 dump_data(dmu_sendarg_t *dsp, dmu_object_type_t type,
142 uint64_t object, uint64_t offset, int blksz, const blkptr_t *bp, void *data)
143 {
144 struct drr_write *drrw = &(dsp->dsa_drr->drr_u.drr_write);
145
146
147 /*
148 * If there is any kind of pending aggregation (currently either
149 * a grouping of free objects or free blocks), push it out to
150 * the stream, since aggregation can't be done across operations
151 * of different types.
152 */
153 if (dsp->dsa_pending_op != PENDING_NONE) {
154 if (dump_bytes(dsp, dsp->dsa_drr,
155 sizeof (dmu_replay_record_t)) != 0)
156 return (EINTR);
157 dsp->dsa_pending_op = PENDING_NONE;
158 }
159 /* write a DATA record */
160 bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t));
161 dsp->dsa_drr->drr_type = DRR_WRITE;
162 drrw->drr_object = object;
163 drrw->drr_type = type;
164 drrw->drr_offset = offset;
165 drrw->drr_length = blksz;
166 drrw->drr_toguid = dsp->dsa_toguid;
167 drrw->drr_checksumtype = BP_GET_CHECKSUM(bp);
168 if (zio_checksum_table[drrw->drr_checksumtype].ci_dedup)
169 drrw->drr_checksumflags |= DRR_CHECKSUM_DEDUP;
170 DDK_SET_LSIZE(&drrw->drr_key, BP_GET_LSIZE(bp));
171 DDK_SET_PSIZE(&drrw->drr_key, BP_GET_PSIZE(bp));
172 DDK_SET_COMPRESS(&drrw->drr_key, BP_GET_COMPRESS(bp));
173 drrw->drr_key.ddk_cksum = bp->blk_cksum;
174
175 if (dump_bytes(dsp, dsp->dsa_drr, sizeof (dmu_replay_record_t)) != 0)
176 return (EINTR);
177 if (dump_bytes(dsp, data, blksz) != 0)
178 return (EINTR);
179 return (0);
180 }
181
182 static int
183 dump_spill(dmu_sendarg_t *dsp, uint64_t object, int blksz, void *data)
184 {
185 struct drr_spill *drrs = &(dsp->dsa_drr->drr_u.drr_spill);
186
187 if (dsp->dsa_pending_op != PENDING_NONE) {
188 if (dump_bytes(dsp, dsp->dsa_drr,
189 sizeof (dmu_replay_record_t)) != 0)
190 return (EINTR);
191 dsp->dsa_pending_op = PENDING_NONE;
192 }
193
194 /* write a SPILL record */
195 bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t));
196 dsp->dsa_drr->drr_type = DRR_SPILL;
197 drrs->drr_object = object;
198 drrs->drr_length = blksz;
199 drrs->drr_toguid = dsp->dsa_toguid;
200
201 if (dump_bytes(dsp, dsp->dsa_drr, sizeof (dmu_replay_record_t)))
202 return (EINTR);
203 if (dump_bytes(dsp, data, blksz))
204 return (EINTR);
205 return (0);
206 }
207
208 static int
209 dump_freeobjects(dmu_sendarg_t *dsp, uint64_t firstobj, uint64_t numobjs)
210 {
211 struct drr_freeobjects *drrfo = &(dsp->dsa_drr->drr_u.drr_freeobjects);
212
213 /*
214 * If there is a pending op, but it's not PENDING_FREEOBJECTS,
215 * push it out, since free block aggregation can only be done for
216 * blocks of the same type (i.e., DRR_FREE records can only be
217 * aggregated with other DRR_FREE records. DRR_FREEOBJECTS records
218 * can only be aggregated with other DRR_FREEOBJECTS records.
219 */
220 if (dsp->dsa_pending_op != PENDING_NONE &&
221 dsp->dsa_pending_op != PENDING_FREEOBJECTS) {
222 if (dump_bytes(dsp, dsp->dsa_drr,
223 sizeof (dmu_replay_record_t)) != 0)
224 return (EINTR);
225 dsp->dsa_pending_op = PENDING_NONE;
226 }
227 if (dsp->dsa_pending_op == PENDING_FREEOBJECTS) {
228 /*
229 * See whether this free object array can be aggregated
230 * with pending one
231 */
232 if (drrfo->drr_firstobj + drrfo->drr_numobjs == firstobj) {
233 drrfo->drr_numobjs += numobjs;
234 return (0);
235 } else {
236 /* can't be aggregated. Push out pending record */
237 if (dump_bytes(dsp, dsp->dsa_drr,
238 sizeof (dmu_replay_record_t)) != 0)
239 return (EINTR);
240 dsp->dsa_pending_op = PENDING_NONE;
241 }
242 }
243
244 /* write a FREEOBJECTS record */
245 bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t));
246 dsp->dsa_drr->drr_type = DRR_FREEOBJECTS;
247 drrfo->drr_firstobj = firstobj;
248 drrfo->drr_numobjs = numobjs;
249 drrfo->drr_toguid = dsp->dsa_toguid;
250
251 dsp->dsa_pending_op = PENDING_FREEOBJECTS;
252
253 return (0);
254 }
255
256 static int
257 dump_dnode(dmu_sendarg_t *dsp, uint64_t object, dnode_phys_t *dnp)
258 {
259 struct drr_object *drro = &(dsp->dsa_drr->drr_u.drr_object);
260
261 if (dnp == NULL || dnp->dn_type == DMU_OT_NONE)
262 return (dump_freeobjects(dsp, object, 1));
263
264 if (dsp->dsa_pending_op != PENDING_NONE) {
265 if (dump_bytes(dsp, dsp->dsa_drr,
266 sizeof (dmu_replay_record_t)) != 0)
267 return (EINTR);
268 dsp->dsa_pending_op = PENDING_NONE;
269 }
270
271 /* write an OBJECT record */
272 bzero(dsp->dsa_drr, sizeof (dmu_replay_record_t));
273 dsp->dsa_drr->drr_type = DRR_OBJECT;
274 drro->drr_object = object;
275 drro->drr_type = dnp->dn_type;
276 drro->drr_bonustype = dnp->dn_bonustype;
277 drro->drr_blksz = dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT;
278 drro->drr_bonuslen = dnp->dn_bonuslen;
279 drro->drr_checksumtype = dnp->dn_checksum;
280 drro->drr_compress = dnp->dn_compress;
281 drro->drr_toguid = dsp->dsa_toguid;
282
283 if (dump_bytes(dsp, dsp->dsa_drr, sizeof (dmu_replay_record_t)) != 0)
284 return (EINTR);
285
286 if (dump_bytes(dsp, DN_BONUS(dnp), P2ROUNDUP(dnp->dn_bonuslen, 8)) != 0)
287 return (EINTR);
288
289 /* free anything past the end of the file */
290 if (dump_free(dsp, object, (dnp->dn_maxblkid + 1) *
291 (dnp->dn_datablkszsec << SPA_MINBLOCKSHIFT), -1ULL))
292 return (EINTR);
293 if (dsp->dsa_err)
294 return (EINTR);
295 return (0);
296 }
297
298 #define BP_SPAN(dnp, level) \
299 (((uint64_t)dnp->dn_datablkszsec) << (SPA_MINBLOCKSHIFT + \
300 (level) * (dnp->dn_indblkshift - SPA_BLKPTRSHIFT)))
301
302 /* ARGSUSED */
303 static int
304 backup_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, arc_buf_t *pbuf,
305 const zbookmark_t *zb, const dnode_phys_t *dnp, void *arg)
306 {
307 dmu_sendarg_t *dsp = arg;
308 dmu_object_type_t type = bp ? BP_GET_TYPE(bp) : DMU_OT_NONE;
309 int err = 0;
310
311 if (issig(JUSTLOOKING) && issig(FORREAL))
312 return (EINTR);
313
314 if (zb->zb_object != DMU_META_DNODE_OBJECT &&
315 DMU_OBJECT_IS_SPECIAL(zb->zb_object)) {
316 return (0);
317 } else if (bp == NULL && zb->zb_object == DMU_META_DNODE_OBJECT) {
318 uint64_t span = BP_SPAN(dnp, zb->zb_level);
319 uint64_t dnobj = (zb->zb_blkid * span) >> DNODE_SHIFT;
320 err = dump_freeobjects(dsp, dnobj, span >> DNODE_SHIFT);
321 } else if (bp == NULL) {
322 uint64_t span = BP_SPAN(dnp, zb->zb_level);
323 err = dump_free(dsp, zb->zb_object, zb->zb_blkid * span, span);
324 } else if (zb->zb_level > 0 || type == DMU_OT_OBJSET) {
325 return (0);
326 } else if (type == DMU_OT_DNODE) {
327 dnode_phys_t *blk;
328 int i;
329 int blksz = BP_GET_LSIZE(bp);
330 uint32_t aflags = ARC_WAIT;
331 arc_buf_t *abuf;
332
333 if (dsl_read(NULL, spa, bp, pbuf,
334 arc_getbuf_func, &abuf, ZIO_PRIORITY_ASYNC_READ,
335 ZIO_FLAG_CANFAIL, &aflags, zb) != 0)
336 return (EIO);
337
338 blk = abuf->b_data;
339 for (i = 0; i < blksz >> DNODE_SHIFT; i++) {
340 uint64_t dnobj = (zb->zb_blkid <<
341 (DNODE_BLOCK_SHIFT - DNODE_SHIFT)) + i;
342 err = dump_dnode(dsp, dnobj, blk+i);
343 if (err)
344 break;
345 }
346 (void) arc_buf_remove_ref(abuf, &abuf);
347 } else if (type == DMU_OT_SA) {
348 uint32_t aflags = ARC_WAIT;
349 arc_buf_t *abuf;
350 int blksz = BP_GET_LSIZE(bp);
351
352 if (arc_read_nolock(NULL, spa, bp,
353 arc_getbuf_func, &abuf, ZIO_PRIORITY_ASYNC_READ,
354 ZIO_FLAG_CANFAIL, &aflags, zb) != 0)
355 return (EIO);
356
357 err = dump_spill(dsp, zb->zb_object, blksz, abuf->b_data);
358 (void) arc_buf_remove_ref(abuf, &abuf);
359 } else { /* it's a level-0 block of a regular object */
360 uint32_t aflags = ARC_WAIT;
361 arc_buf_t *abuf;
362 int blksz = BP_GET_LSIZE(bp);
363
364 if (dsl_read(NULL, spa, bp, pbuf,
365 arc_getbuf_func, &abuf, ZIO_PRIORITY_ASYNC_READ,
366 ZIO_FLAG_CANFAIL, &aflags, zb) != 0) {
367 if (zfs_send_corrupt_data) {
368 /* Send a block filled with 0x"zfs badd bloc" */
369 abuf = arc_buf_alloc(spa, blksz, &abuf,
370 ARC_BUFC_DATA);
371 uint64_t *ptr;
372 for (ptr = abuf->b_data;
373 (char *)ptr < (char *)abuf->b_data + blksz;
374 ptr++)
375 *ptr = 0x2f5baddb10c;
376 } else {
377 return (EIO);
378 }
379 }
380
381 err = dump_data(dsp, type, zb->zb_object, zb->zb_blkid * blksz,
382 blksz, bp, abuf->b_data);
383 (void) arc_buf_remove_ref(abuf, &abuf);
384 }
385
386 ASSERT(err == 0 || err == EINTR);
387 return (err);
388 }
389
390 /*
391 * Return TRUE if 'earlier' is an earlier snapshot in 'later's timeline.
392 * For example, they could both be snapshots of the same filesystem, and
393 * 'earlier' is before 'later'. Or 'earlier' could be the origin of
394 * 'later's filesystem. Or 'earlier' could be an older snapshot in the origin's
395 * filesystem. Or 'earlier' could be the origin's origin.
396 */
397 static boolean_t
398 is_before(dsl_dataset_t *later, dsl_dataset_t *earlier)
399 {
400 dsl_pool_t *dp = later->ds_dir->dd_pool;
401 int error;
402 boolean_t ret;
403 dsl_dataset_t *origin;
404
405 if (earlier->ds_phys->ds_creation_txg >=
406 later->ds_phys->ds_creation_txg)
407 return (B_FALSE);
408
409 if (later->ds_dir == earlier->ds_dir)
410 return (B_TRUE);
411 if (!dsl_dir_is_clone(later->ds_dir))
412 return (B_FALSE);
413
414 rw_enter(&dp->dp_config_rwlock, RW_READER);
415 if (later->ds_dir->dd_phys->dd_origin_obj == earlier->ds_object) {
416 rw_exit(&dp->dp_config_rwlock);
417 return (B_TRUE);
418 }
419 error = dsl_dataset_hold_obj(dp,
420 later->ds_dir->dd_phys->dd_origin_obj, FTAG, &origin);
421 rw_exit(&dp->dp_config_rwlock);
422 if (error != 0)
423 return (B_FALSE);
424 ret = is_before(origin, earlier);
425 dsl_dataset_rele(origin, FTAG);
426 return (ret);
427 }
428
429 int
430 dmu_send(objset_t *tosnap, objset_t *fromsnap, int outfd, vnode_t *vp,
431 offset_t *off)
432 {
433 dsl_dataset_t *ds = tosnap->os_dsl_dataset;
434 dsl_dataset_t *fromds = fromsnap ? fromsnap->os_dsl_dataset : NULL;
435 dmu_replay_record_t *drr;
436 dmu_sendarg_t *dsp;
437 int err;
438 uint64_t fromtxg = 0;
439
440 /* tosnap must be a snapshot */
441 if (ds->ds_phys->ds_next_snap_obj == 0)
442 return (EINVAL);
443
444 /*
445 * fromsnap must be an earlier snapshot from the same fs as tosnap,
446 * or the origin's fs.
447 */
448 if (fromds != NULL && !is_before(ds, fromds))
449 return (EXDEV);
450
451 drr = kmem_zalloc(sizeof (dmu_replay_record_t), KM_SLEEP);
452 drr->drr_type = DRR_BEGIN;
453 drr->drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC;
454 DMU_SET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo,
455 DMU_SUBSTREAM);
456
457 #ifdef _KERNEL
458 if (dmu_objset_type(tosnap) == DMU_OST_ZFS) {
459 uint64_t version;
460 if (zfs_get_zplprop(tosnap, ZFS_PROP_VERSION, &version) != 0) {
461 kmem_free(drr, sizeof (dmu_replay_record_t));
462 return (EINVAL);
463 }
464 if (version == ZPL_VERSION_SA) {
465 DMU_SET_FEATUREFLAGS(
466 drr->drr_u.drr_begin.drr_versioninfo,
467 DMU_BACKUP_FEATURE_SA_SPILL);
468 }
469 }
470 #endif
471
472 drr->drr_u.drr_begin.drr_creation_time =
473 ds->ds_phys->ds_creation_time;
474 drr->drr_u.drr_begin.drr_type = tosnap->os_phys->os_type;
475 if (fromds != NULL && ds->ds_dir != fromds->ds_dir)
476 drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_CLONE;
477 drr->drr_u.drr_begin.drr_toguid = ds->ds_phys->ds_guid;
478 if (ds->ds_phys->ds_flags & DS_FLAG_CI_DATASET)
479 drr->drr_u.drr_begin.drr_flags |= DRR_FLAG_CI_DATA;
480
481 if (fromds)
482 drr->drr_u.drr_begin.drr_fromguid = fromds->ds_phys->ds_guid;
483 dsl_dataset_name(ds, drr->drr_u.drr_begin.drr_toname);
484
485 if (fromds)
486 fromtxg = fromds->ds_phys->ds_creation_txg;
487
488 dsp = kmem_zalloc(sizeof (dmu_sendarg_t), KM_SLEEP);
489
490 dsp->dsa_drr = drr;
491 dsp->dsa_vp = vp;
492 dsp->dsa_outfd = outfd;
493 dsp->dsa_proc = curproc;
494 dsp->dsa_os = tosnap;
495 dsp->dsa_off = off;
496 dsp->dsa_toguid = ds->ds_phys->ds_guid;
497 ZIO_SET_CHECKSUM(&dsp->dsa_zc, 0, 0, 0, 0);
498 dsp->dsa_pending_op = PENDING_NONE;
499
500 mutex_enter(&ds->ds_sendstream_lock);
501 list_insert_head(&ds->ds_sendstreams, dsp);
502 mutex_exit(&ds->ds_sendstream_lock);
503
504 if (dump_bytes(dsp, drr, sizeof (dmu_replay_record_t)) != 0) {
505 err = dsp->dsa_err;
506 goto out;
507 }
508
509 err = traverse_dataset(ds, fromtxg, TRAVERSE_PRE | TRAVERSE_PREFETCH,
510 backup_cb, dsp);
511
512 if (dsp->dsa_pending_op != PENDING_NONE)
513 if (dump_bytes(dsp, drr, sizeof (dmu_replay_record_t)) != 0)
514 err = EINTR;
515
516 if (err) {
517 if (err == EINTR && dsp->dsa_err)
518 err = dsp->dsa_err;
519 goto out;
520 }
521
522 bzero(drr, sizeof (dmu_replay_record_t));
523 drr->drr_type = DRR_END;
524 drr->drr_u.drr_end.drr_checksum = dsp->dsa_zc;
525 drr->drr_u.drr_end.drr_toguid = dsp->dsa_toguid;
526
527 if (dump_bytes(dsp, drr, sizeof (dmu_replay_record_t)) != 0) {
528 err = dsp->dsa_err;
529 goto out;
530 }
531
532 out:
533 mutex_enter(&ds->ds_sendstream_lock);
534 list_remove(&ds->ds_sendstreams, dsp);
535 mutex_exit(&ds->ds_sendstream_lock);
536
537 kmem_free(drr, sizeof (dmu_replay_record_t));
538 kmem_free(dsp, sizeof (dmu_sendarg_t));
539
540 return (err);
541 }
542
543 int
544 dmu_send_estimate(objset_t *tosnap, objset_t *fromsnap, uint64_t *sizep)
545 {
546 dsl_dataset_t *ds = tosnap->os_dsl_dataset;
547 dsl_dataset_t *fromds = fromsnap ? fromsnap->os_dsl_dataset : NULL;
548 dsl_pool_t *dp = ds->ds_dir->dd_pool;
549 int err;
550 uint64_t size;
551
552 /* tosnap must be a snapshot */
553 if (ds->ds_phys->ds_next_snap_obj == 0)
554 return (EINVAL);
555
556 /*
557 * fromsnap must be an earlier snapshot from the same fs as tosnap,
558 * or the origin's fs.
559 */
560 if (fromds != NULL && !is_before(ds, fromds))
561 return (EXDEV);
562
563 /* Get uncompressed size estimate of changed data. */
564 if (fromds == NULL) {
565 size = ds->ds_phys->ds_uncompressed_bytes;
566 } else {
567 uint64_t used, comp;
568 err = dsl_dataset_space_written(fromds, ds,
569 &used, &comp, &size);
570 if (err)
571 return (err);
572 }
573
574 /*
575 * Assume that space (both on-disk and in-stream) is dominated by
576 * data. We will adjust for indirect blocks and the copies property,
577 * but ignore per-object space used (eg, dnodes and DRR_OBJECT records).
578 */
579
580 /*
581 * Subtract out approximate space used by indirect blocks.
582 * Assume most space is used by data blocks (non-indirect, non-dnode).
583 * Assume all blocks are recordsize. Assume ditto blocks and
584 * internal fragmentation counter out compression.
585 *
586 * Therefore, space used by indirect blocks is sizeof(blkptr_t) per
587 * block, which we observe in practice.
588 */
589 uint64_t recordsize;
590 rw_enter(&dp->dp_config_rwlock, RW_READER);
591 err = dsl_prop_get_ds(ds, "recordsize",
592 sizeof (recordsize), 1, &recordsize, NULL);
593 rw_exit(&dp->dp_config_rwlock);
594 if (err)
595 return (err);
596 size -= size / recordsize * sizeof (blkptr_t);
597
598 /* Add in the space for the record associated with each block. */
599 size += size / recordsize * sizeof (dmu_replay_record_t);
600
601 *sizep = size;
602
603 return (0);
604 }
605
606 struct recvbeginsyncarg {
607 const char *tofs;
608 const char *tosnap;
609 dsl_dataset_t *origin;
610 uint64_t fromguid;
611 dmu_objset_type_t type;
612 void *tag;
613 boolean_t force;
614 uint64_t dsflags;
615 char clonelastname[MAXNAMELEN];
616 dsl_dataset_t *ds; /* the ds to recv into; returned from the syncfunc */
617 cred_t *cr;
618 };
619
620 /* ARGSUSED */
621 static int
622 recv_new_check(void *arg1, void *arg2, dmu_tx_t *tx)
623 {
624 dsl_dir_t *dd = arg1;
625 struct recvbeginsyncarg *rbsa = arg2;
626 objset_t *mos = dd->dd_pool->dp_meta_objset;
627 uint64_t val;
628 int err;
629
630 err = zap_lookup(mos, dd->dd_phys->dd_child_dir_zapobj,
631 strrchr(rbsa->tofs, '/') + 1, sizeof (uint64_t), 1, &val);
632
633 if (err != ENOENT)
634 return (err ? err : EEXIST);
635
636 if (rbsa->origin) {
637 /* make sure it's a snap in the same pool */
638 if (rbsa->origin->ds_dir->dd_pool != dd->dd_pool)
639 return (EXDEV);
640 if (!dsl_dataset_is_snapshot(rbsa->origin))
641 return (EINVAL);
642 if (rbsa->origin->ds_phys->ds_guid != rbsa->fromguid)
643 return (ENODEV);
644 }
645
646 /*
647 * Check filesystem and snapshot limits before receiving. We'll recheck
648 * again at the end, but might as well abort before receiving if we're
649 * already over the limit.
650 */
651 if (dd->dd_parent != NULL) {
652 err = dsl_dir_fscount_check(dd->dd_parent, 1, NULL);
653 if (err != 0)
654 return (err);
655 }
656
657 err = dsl_snapcount_check(dd, 1, NULL);
658 if (err != 0)
659 return (err);
660
661 return (0);
662 }
663
664 static void
665 recv_new_sync(void *arg1, void *arg2, dmu_tx_t *tx)
666 {
667 dsl_dir_t *dd = arg1;
668 struct recvbeginsyncarg *rbsa = arg2;
669 uint64_t flags = DS_FLAG_INCONSISTENT | rbsa->dsflags;
670 uint64_t dsobj;
671
672 /* Create and open new dataset. */
673 dsobj = dsl_dataset_create_sync(dd, strrchr(rbsa->tofs, '/') + 1,
674 rbsa->origin, flags, rbsa->cr, tx);
675 VERIFY(0 == dsl_dataset_own_obj(dd->dd_pool, dsobj,
676 B_TRUE, dmu_recv_tag, &rbsa->ds));
677
678 if (rbsa->origin == NULL) {
679 (void) dmu_objset_create_impl(dd->dd_pool->dp_spa,
680 rbsa->ds, &rbsa->ds->ds_phys->ds_bp, rbsa->type, tx);
681 }
682
683 spa_history_log_internal_ds(rbsa->ds, "receive new", tx, "");
684 }
685
686 /* ARGSUSED */
687 static int
688 recv_existing_check(void *arg1, void *arg2, dmu_tx_t *tx)
689 {
690 dsl_dataset_t *ds = arg1;
691 struct recvbeginsyncarg *rbsa = arg2;
692 int err;
693 uint64_t val;
694
695 /* must not have any changes since most recent snapshot */
696 if (!rbsa->force && dsl_dataset_modified_since_lastsnap(ds))
697 return (ETXTBSY);
698
699 /* new snapshot name must not exist */
700 err = zap_lookup(ds->ds_dir->dd_pool->dp_meta_objset,
701 ds->ds_phys->ds_snapnames_zapobj, rbsa->tosnap, 8, 1, &val);
702 if (err == 0)
703 return (EEXIST);
704 if (err != ENOENT)
705 return (err);
706
707 if (rbsa->fromguid) {
708 /* if incremental, most recent snapshot must match fromguid */
709 if (ds->ds_prev == NULL)
710 return (ENODEV);
711
712 /*
713 * most recent snapshot must match fromguid, or there are no
714 * changes since the fromguid one
715 */
716 if (ds->ds_prev->ds_phys->ds_guid != rbsa->fromguid) {
717 uint64_t birth = ds->ds_prev->ds_phys->ds_bp.blk_birth;
718 uint64_t obj = ds->ds_prev->ds_phys->ds_prev_snap_obj;
719 while (obj != 0) {
720 dsl_dataset_t *snap;
721 err = dsl_dataset_hold_obj(ds->ds_dir->dd_pool,
722 obj, FTAG, &snap);
723 if (err)
724 return (ENODEV);
725 if (snap->ds_phys->ds_creation_txg < birth) {
726 dsl_dataset_rele(snap, FTAG);
727 return (ENODEV);
728 }
729 if (snap->ds_phys->ds_guid == rbsa->fromguid) {
730 dsl_dataset_rele(snap, FTAG);
731 break; /* it's ok */
732 }
733 obj = snap->ds_phys->ds_prev_snap_obj;
734 dsl_dataset_rele(snap, FTAG);
735 }
736 if (obj == 0)
737 return (ENODEV);
738 }
739 } else {
740 /* if full, most recent snapshot must be $ORIGIN */
741 if (ds->ds_phys->ds_prev_snap_txg >= TXG_INITIAL)
742 return (ENODEV);
743
744 /* Check snapshot limit before receiving */
745 err = dsl_snapcount_check(ds->ds_dir, 1, NULL);
746 if (err != 0)
747 return (err);
748 }
749
750 /* temporary clone name must not exist */
751 err = zap_lookup(ds->ds_dir->dd_pool->dp_meta_objset,
752 ds->ds_dir->dd_phys->dd_child_dir_zapobj,
753 rbsa->clonelastname, 8, 1, &val);
754 if (err == 0)
755 return (EEXIST);
756 if (err != ENOENT)
757 return (err);
758
759 return (0);
760 }
761
762 /* ARGSUSED */
763 static void
764 recv_existing_sync(void *arg1, void *arg2, dmu_tx_t *tx)
765 {
766 dsl_dataset_t *ohds = arg1;
767 struct recvbeginsyncarg *rbsa = arg2;
768 dsl_pool_t *dp = ohds->ds_dir->dd_pool;
769 dsl_dataset_t *cds;
770 uint64_t flags = DS_FLAG_INCONSISTENT | rbsa->dsflags;
771 uint64_t dsobj;
772
773 /* create and open the temporary clone */
774 dsobj = dsl_dataset_create_sync(ohds->ds_dir, rbsa->clonelastname,
775 ohds->ds_prev, flags, rbsa->cr, tx);
776 VERIFY(0 == dsl_dataset_own_obj(dp, dsobj, B_TRUE, dmu_recv_tag, &cds));
777
778 /*
779 * If we actually created a non-clone, we need to create the
780 * objset in our new dataset.
781 */
782 if (BP_IS_HOLE(dsl_dataset_get_blkptr(cds))) {
783 (void) dmu_objset_create_impl(dp->dp_spa,
784 cds, dsl_dataset_get_blkptr(cds), rbsa->type, tx);
785 }
786
787 rbsa->ds = cds;
788
789 spa_history_log_internal_ds(cds, "receive over existing", tx, "");
790 }
791
792 static boolean_t
793 dmu_recv_verify_features(dsl_dataset_t *ds, struct drr_begin *drrb)
794 {
795 int featureflags;
796
797 featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
798
799 /* Verify pool version supports SA if SA_SPILL feature set */
800 return ((featureflags & DMU_BACKUP_FEATURE_SA_SPILL) &&
801 (spa_version(dsl_dataset_get_spa(ds)) < SPA_VERSION_SA));
802 }
803
804 /*
805 * NB: callers *MUST* call dmu_recv_stream() if dmu_recv_begin()
806 * succeeds; otherwise we will leak the holds on the datasets.
807 */
808 int
809 dmu_recv_begin(char *tofs, char *tosnap, char *top_ds, struct drr_begin *drrb,
810 boolean_t force, objset_t *origin, dmu_recv_cookie_t *drc)
811 {
812 int err = 0;
813 boolean_t byteswap;
814 struct recvbeginsyncarg rbsa = { 0 };
815 uint64_t versioninfo;
816 int flags;
817 dsl_dataset_t *ds;
818
819 if (drrb->drr_magic == DMU_BACKUP_MAGIC)
820 byteswap = FALSE;
821 else if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC))
822 byteswap = TRUE;
823 else
824 return (EINVAL);
825
826 rbsa.tofs = tofs;
827 rbsa.tosnap = tosnap;
828 rbsa.origin = origin ? origin->os_dsl_dataset : NULL;
829 rbsa.fromguid = drrb->drr_fromguid;
830 rbsa.type = drrb->drr_type;
831 rbsa.tag = FTAG;
832 rbsa.dsflags = 0;
833 rbsa.cr = CRED();
834 versioninfo = drrb->drr_versioninfo;
835 flags = drrb->drr_flags;
836
837 if (byteswap) {
838 rbsa.type = BSWAP_32(rbsa.type);
839 rbsa.fromguid = BSWAP_64(rbsa.fromguid);
840 versioninfo = BSWAP_64(versioninfo);
841 flags = BSWAP_32(flags);
842 }
843
844 if (DMU_GET_STREAM_HDRTYPE(versioninfo) == DMU_COMPOUNDSTREAM ||
845 rbsa.type >= DMU_OST_NUMTYPES ||
846 ((flags & DRR_FLAG_CLONE) && origin == NULL))
847 return (EINVAL);
848
849 if (flags & DRR_FLAG_CI_DATA)
850 rbsa.dsflags = DS_FLAG_CI_DATASET;
851
852 bzero(drc, sizeof (dmu_recv_cookie_t));
853 drc->drc_drrb = drrb;
854 drc->drc_tosnap = tosnap;
855 drc->drc_top_ds = top_ds;
856 drc->drc_force = force;
857
858 /*
859 * Process the begin in syncing context.
860 */
861
862 /* open the dataset we are logically receiving into */
863 err = dsl_dataset_hold(tofs, dmu_recv_tag, &ds);
864 if (err == 0) {
865 if (dmu_recv_verify_features(ds, drrb)) {
866 dsl_dataset_rele(ds, dmu_recv_tag);
867 return (ENOTSUP);
868 }
869 /* target fs already exists; recv into temp clone */
870
871 /* Can't recv a clone into an existing fs */
872 if (flags & DRR_FLAG_CLONE) {
873 dsl_dataset_rele(ds, dmu_recv_tag);
874 return (EINVAL);
875 }
876
877 /* must not have an incremental recv already in progress */
878 if (!mutex_tryenter(&ds->ds_recvlock)) {
879 dsl_dataset_rele(ds, dmu_recv_tag);
880 return (EBUSY);
881 }
882
883 /* tmp clone name is: tofs/%tosnap" */
884 (void) snprintf(rbsa.clonelastname, sizeof (rbsa.clonelastname),
885 "%%%s", tosnap);
886 rbsa.force = force;
887 err = dsl_sync_task_do(ds->ds_dir->dd_pool,
888 recv_existing_check, recv_existing_sync, ds, &rbsa, 5);
889 if (err) {
890 mutex_exit(&ds->ds_recvlock);
891 dsl_dataset_rele(ds, dmu_recv_tag);
892 return (err);
893 }
894 drc->drc_logical_ds = ds;
895 drc->drc_real_ds = rbsa.ds;
896 } else if (err == ENOENT) {
897 /* target fs does not exist; must be a full backup or clone */
898 char *cp;
899
900 /*
901 * If it's a non-clone incremental, we are missing the
902 * target fs, so fail the recv.
903 */
904 if (rbsa.fromguid && !(flags & DRR_FLAG_CLONE))
905 return (ENOENT);
906
907 /* Open the parent of tofs */
908 cp = strrchr(tofs, '/');
909 *cp = '\0';
910 err = dsl_dataset_hold(tofs, FTAG, &ds);
911 *cp = '/';
912 if (err)
913 return (err);
914
915 if (dmu_recv_verify_features(ds, drrb)) {
916 dsl_dataset_rele(ds, FTAG);
917 return (ENOTSUP);
918 }
919
920 err = dsl_sync_task_do(ds->ds_dir->dd_pool,
921 recv_new_check, recv_new_sync, ds->ds_dir, &rbsa, 5);
922 dsl_dataset_rele(ds, FTAG);
923 if (err)
924 return (err);
925 drc->drc_logical_ds = drc->drc_real_ds = rbsa.ds;
926 drc->drc_newfs = B_TRUE;
927 }
928
929 return (err);
930 }
931
932 struct restorearg {
933 int err;
934 int byteswap;
935 vnode_t *vp;
936 char *buf;
937 uint64_t voff;
938 int bufsize; /* amount of memory allocated for buf */
939 zio_cksum_t cksum;
940 avl_tree_t *guid_to_ds_map;
941 };
942
943 typedef struct guid_map_entry {
944 uint64_t guid;
945 dsl_dataset_t *gme_ds;
946 avl_node_t avlnode;
947 } guid_map_entry_t;
948
949 static int
950 guid_compare(const void *arg1, const void *arg2)
951 {
952 const guid_map_entry_t *gmep1 = arg1;
953 const guid_map_entry_t *gmep2 = arg2;
954
955 if (gmep1->guid < gmep2->guid)
956 return (-1);
957 else if (gmep1->guid > gmep2->guid)
958 return (1);
959 return (0);
960 }
961
962 static void
963 free_guid_map_onexit(void *arg)
964 {
965 avl_tree_t *ca = arg;
966 void *cookie = NULL;
967 guid_map_entry_t *gmep;
968
969 while ((gmep = avl_destroy_nodes(ca, &cookie)) != NULL) {
970 dsl_dataset_rele(gmep->gme_ds, ca);
971 kmem_free(gmep, sizeof (guid_map_entry_t));
972 }
973 avl_destroy(ca);
974 kmem_free(ca, sizeof (avl_tree_t));
975 }
976
977 static void *
978 restore_read(struct restorearg *ra, int len)
979 {
980 void *rv;
981 int done = 0;
982
983 /* some things will require 8-byte alignment, so everything must */
984 ASSERT0(len % 8);
985
986 while (done < len) {
987 ssize_t resid;
988
989 ra->err = vn_rdwr(UIO_READ, ra->vp,
990 (caddr_t)ra->buf + done, len - done,
991 ra->voff, UIO_SYSSPACE, FAPPEND,
992 RLIM64_INFINITY, CRED(), &resid);
993
994 if (resid == len - done)
995 ra->err = EINVAL;
996 ra->voff += len - done - resid;
997 done = len - resid;
998 if (ra->err)
999 return (NULL);
1000 }
1001
1002 ASSERT3U(done, ==, len);
1003 rv = ra->buf;
1004 if (ra->byteswap)
1005 fletcher_4_incremental_byteswap(rv, len, &ra->cksum);
1006 else
1007 fletcher_4_incremental_native(rv, len, &ra->cksum);
1008 return (rv);
1009 }
1010
1011 static void
1012 backup_byteswap(dmu_replay_record_t *drr)
1013 {
1014 #define DO64(X) (drr->drr_u.X = BSWAP_64(drr->drr_u.X))
1015 #define DO32(X) (drr->drr_u.X = BSWAP_32(drr->drr_u.X))
1016 drr->drr_type = BSWAP_32(drr->drr_type);
1017 drr->drr_payloadlen = BSWAP_32(drr->drr_payloadlen);
1018 switch (drr->drr_type) {
1019 case DRR_BEGIN:
1020 DO64(drr_begin.drr_magic);
1021 DO64(drr_begin.drr_versioninfo);
1022 DO64(drr_begin.drr_creation_time);
1023 DO32(drr_begin.drr_type);
1024 DO32(drr_begin.drr_flags);
1025 DO64(drr_begin.drr_toguid);
1026 DO64(drr_begin.drr_fromguid);
1027 break;
1028 case DRR_OBJECT:
1029 DO64(drr_object.drr_object);
1030 /* DO64(drr_object.drr_allocation_txg); */
1031 DO32(drr_object.drr_type);
1032 DO32(drr_object.drr_bonustype);
1033 DO32(drr_object.drr_blksz);
1034 DO32(drr_object.drr_bonuslen);
1035 DO64(drr_object.drr_toguid);
1036 break;
1037 case DRR_FREEOBJECTS:
1038 DO64(drr_freeobjects.drr_firstobj);
1039 DO64(drr_freeobjects.drr_numobjs);
1040 DO64(drr_freeobjects.drr_toguid);
1041 break;
1042 case DRR_WRITE:
1043 DO64(drr_write.drr_object);
1044 DO32(drr_write.drr_type);
1045 DO64(drr_write.drr_offset);
1046 DO64(drr_write.drr_length);
1047 DO64(drr_write.drr_toguid);
1048 DO64(drr_write.drr_key.ddk_cksum.zc_word[0]);
1049 DO64(drr_write.drr_key.ddk_cksum.zc_word[1]);
1050 DO64(drr_write.drr_key.ddk_cksum.zc_word[2]);
1051 DO64(drr_write.drr_key.ddk_cksum.zc_word[3]);
1052 DO64(drr_write.drr_key.ddk_prop);
1053 break;
1054 case DRR_WRITE_BYREF:
1055 DO64(drr_write_byref.drr_object);
1056 DO64(drr_write_byref.drr_offset);
1057 DO64(drr_write_byref.drr_length);
1058 DO64(drr_write_byref.drr_toguid);
1059 DO64(drr_write_byref.drr_refguid);
1060 DO64(drr_write_byref.drr_refobject);
1061 DO64(drr_write_byref.drr_refoffset);
1062 DO64(drr_write_byref.drr_key.ddk_cksum.zc_word[0]);
1063 DO64(drr_write_byref.drr_key.ddk_cksum.zc_word[1]);
1064 DO64(drr_write_byref.drr_key.ddk_cksum.zc_word[2]);
1065 DO64(drr_write_byref.drr_key.ddk_cksum.zc_word[3]);
1066 DO64(drr_write_byref.drr_key.ddk_prop);
1067 break;
1068 case DRR_FREE:
1069 DO64(drr_free.drr_object);
1070 DO64(drr_free.drr_offset);
1071 DO64(drr_free.drr_length);
1072 DO64(drr_free.drr_toguid);
1073 break;
1074 case DRR_SPILL:
1075 DO64(drr_spill.drr_object);
1076 DO64(drr_spill.drr_length);
1077 DO64(drr_spill.drr_toguid);
1078 break;
1079 case DRR_END:
1080 DO64(drr_end.drr_checksum.zc_word[0]);
1081 DO64(drr_end.drr_checksum.zc_word[1]);
1082 DO64(drr_end.drr_checksum.zc_word[2]);
1083 DO64(drr_end.drr_checksum.zc_word[3]);
1084 DO64(drr_end.drr_toguid);
1085 break;
1086 }
1087 #undef DO64
1088 #undef DO32
1089 }
1090
1091 static int
1092 restore_object(struct restorearg *ra, objset_t *os, struct drr_object *drro)
1093 {
1094 int err;
1095 dmu_tx_t *tx;
1096 void *data = NULL;
1097
1098 if (drro->drr_type == DMU_OT_NONE ||
1099 !DMU_OT_IS_VALID(drro->drr_type) ||
1100 !DMU_OT_IS_VALID(drro->drr_bonustype) ||
1101 drro->drr_checksumtype >= ZIO_CHECKSUM_FUNCTIONS ||
1102 drro->drr_compress >= ZIO_COMPRESS_FUNCTIONS ||
1103 P2PHASE(drro->drr_blksz, SPA_MINBLOCKSIZE) ||
1104 drro->drr_blksz < SPA_MINBLOCKSIZE ||
1105 drro->drr_blksz > SPA_MAXBLOCKSIZE ||
1106 drro->drr_bonuslen > DN_MAX_BONUSLEN) {
1107 return (EINVAL);
1108 }
1109
1110 err = dmu_object_info(os, drro->drr_object, NULL);
1111
1112 if (err != 0 && err != ENOENT)
1113 return (EINVAL);
1114
1115 if (drro->drr_bonuslen) {
1116 data = restore_read(ra, P2ROUNDUP(drro->drr_bonuslen, 8));
1117 if (ra->err)
1118 return (ra->err);
1119 }
1120
1121 if (err == ENOENT) {
1122 /* currently free, want to be allocated */
1123 tx = dmu_tx_create(os);
1124 dmu_tx_hold_bonus(tx, DMU_NEW_OBJECT);
1125 err = dmu_tx_assign(tx, TXG_WAIT);
1126 if (err) {
1127 dmu_tx_abort(tx);
1128 return (err);
1129 }
1130 err = dmu_object_claim(os, drro->drr_object,
1131 drro->drr_type, drro->drr_blksz,
1132 drro->drr_bonustype, drro->drr_bonuslen, tx);
1133 dmu_tx_commit(tx);
1134 } else {
1135 /* currently allocated, want to be allocated */
1136 err = dmu_object_reclaim(os, drro->drr_object,
1137 drro->drr_type, drro->drr_blksz,
1138 drro->drr_bonustype, drro->drr_bonuslen);
1139 }
1140 if (err) {
1141 return (EINVAL);
1142 }
1143
1144 tx = dmu_tx_create(os);
1145 dmu_tx_hold_bonus(tx, drro->drr_object);
1146 err = dmu_tx_assign(tx, TXG_WAIT);
1147 if (err) {
1148 dmu_tx_abort(tx);
1149 return (err);
1150 }
1151
1152 dmu_object_set_checksum(os, drro->drr_object, drro->drr_checksumtype,
1153 tx);
1154 dmu_object_set_compress(os, drro->drr_object, drro->drr_compress, tx);
1155
1156 if (data != NULL) {
1157 dmu_buf_t *db;
1158
1159 VERIFY(0 == dmu_bonus_hold(os, drro->drr_object, FTAG, &db));
1160 dmu_buf_will_dirty(db, tx);
1161
1162 ASSERT3U(db->db_size, >=, drro->drr_bonuslen);
1163 bcopy(data, db->db_data, drro->drr_bonuslen);
1164 if (ra->byteswap) {
1165 dmu_object_byteswap_t byteswap =
1166 DMU_OT_BYTESWAP(drro->drr_bonustype);
1167 dmu_ot_byteswap[byteswap].ob_func(db->db_data,
1168 drro->drr_bonuslen);
1169 }
1170 dmu_buf_rele(db, FTAG);
1171 }
1172 dmu_tx_commit(tx);
1173 return (0);
1174 }
1175
1176 /* ARGSUSED */
1177 static int
1178 restore_freeobjects(struct restorearg *ra, objset_t *os,
1179 struct drr_freeobjects *drrfo)
1180 {
1181 uint64_t obj;
1182
1183 if (drrfo->drr_firstobj + drrfo->drr_numobjs < drrfo->drr_firstobj)
1184 return (EINVAL);
1185
1186 for (obj = drrfo->drr_firstobj;
1187 obj < drrfo->drr_firstobj + drrfo->drr_numobjs;
1188 (void) dmu_object_next(os, &obj, FALSE, 0)) {
1189 int err;
1190
1191 if (dmu_object_info(os, obj, NULL) != 0)
1192 continue;
1193
1194 err = dmu_free_object(os, obj);
1195 if (err)
1196 return (err);
1197 }
1198 return (0);
1199 }
1200
1201 static int
1202 restore_write(struct restorearg *ra, objset_t *os,
1203 struct drr_write *drrw)
1204 {
1205 dmu_tx_t *tx;
1206 void *data;
1207 int err;
1208
1209 if (drrw->drr_offset + drrw->drr_length < drrw->drr_offset ||
1210 !DMU_OT_IS_VALID(drrw->drr_type))
1211 return (EINVAL);
1212
1213 data = restore_read(ra, drrw->drr_length);
1214 if (data == NULL)
1215 return (ra->err);
1216
1217 if (dmu_object_info(os, drrw->drr_object, NULL) != 0)
1218 return (EINVAL);
1219
1220 tx = dmu_tx_create(os);
1221
1222 dmu_tx_hold_write(tx, drrw->drr_object,
1223 drrw->drr_offset, drrw->drr_length);
1224 err = dmu_tx_assign(tx, TXG_WAIT);
1225 if (err) {
1226 dmu_tx_abort(tx);
1227 return (err);
1228 }
1229 if (ra->byteswap) {
1230 dmu_object_byteswap_t byteswap =
1231 DMU_OT_BYTESWAP(drrw->drr_type);
1232 dmu_ot_byteswap[byteswap].ob_func(data, drrw->drr_length);
1233 }
1234 dmu_write(os, drrw->drr_object,
1235 drrw->drr_offset, drrw->drr_length, data, tx);
1236 dmu_tx_commit(tx);
1237 return (0);
1238 }
1239
1240 /*
1241 * Handle a DRR_WRITE_BYREF record. This record is used in dedup'ed
1242 * streams to refer to a copy of the data that is already on the
1243 * system because it came in earlier in the stream. This function
1244 * finds the earlier copy of the data, and uses that copy instead of
1245 * data from the stream to fulfill this write.
1246 */
1247 static int
1248 restore_write_byref(struct restorearg *ra, objset_t *os,
1249 struct drr_write_byref *drrwbr)
1250 {
1251 dmu_tx_t *tx;
1252 int err;
1253 guid_map_entry_t gmesrch;
1254 guid_map_entry_t *gmep;
1255 avl_index_t where;
1256 objset_t *ref_os = NULL;
1257 dmu_buf_t *dbp;
1258
1259 if (drrwbr->drr_offset + drrwbr->drr_length < drrwbr->drr_offset)
1260 return (EINVAL);
1261
1262 /*
1263 * If the GUID of the referenced dataset is different from the
1264 * GUID of the target dataset, find the referenced dataset.
1265 */
1266 if (drrwbr->drr_toguid != drrwbr->drr_refguid) {
1267 gmesrch.guid = drrwbr->drr_refguid;
1268 if ((gmep = avl_find(ra->guid_to_ds_map, &gmesrch,
1269 &where)) == NULL) {
1270 return (EINVAL);
1271 }
1272 if (dmu_objset_from_ds(gmep->gme_ds, &ref_os))
1273 return (EINVAL);
1274 } else {
1275 ref_os = os;
1276 }
1277
1278 if (err = dmu_buf_hold(ref_os, drrwbr->drr_refobject,
1279 drrwbr->drr_refoffset, FTAG, &dbp, DMU_READ_PREFETCH))
1280 return (err);
1281
1282 tx = dmu_tx_create(os);
1283
1284 dmu_tx_hold_write(tx, drrwbr->drr_object,
1285 drrwbr->drr_offset, drrwbr->drr_length);
1286 err = dmu_tx_assign(tx, TXG_WAIT);
1287 if (err) {
1288 dmu_tx_abort(tx);
1289 return (err);
1290 }
1291 dmu_write(os, drrwbr->drr_object,
1292 drrwbr->drr_offset, drrwbr->drr_length, dbp->db_data, tx);
1293 dmu_buf_rele(dbp, FTAG);
1294 dmu_tx_commit(tx);
1295 return (0);
1296 }
1297
1298 static int
1299 restore_spill(struct restorearg *ra, objset_t *os, struct drr_spill *drrs)
1300 {
1301 dmu_tx_t *tx;
1302 void *data;
1303 dmu_buf_t *db, *db_spill;
1304 int err;
1305
1306 if (drrs->drr_length < SPA_MINBLOCKSIZE ||
1307 drrs->drr_length > SPA_MAXBLOCKSIZE)
1308 return (EINVAL);
1309
1310 data = restore_read(ra, drrs->drr_length);
1311 if (data == NULL)
1312 return (ra->err);
1313
1314 if (dmu_object_info(os, drrs->drr_object, NULL) != 0)
1315 return (EINVAL);
1316
1317 VERIFY(0 == dmu_bonus_hold(os, drrs->drr_object, FTAG, &db));
1318 if ((err = dmu_spill_hold_by_bonus(db, FTAG, &db_spill)) != 0) {
1319 dmu_buf_rele(db, FTAG);
1320 return (err);
1321 }
1322
1323 tx = dmu_tx_create(os);
1324
1325 dmu_tx_hold_spill(tx, db->db_object);
1326
1327 err = dmu_tx_assign(tx, TXG_WAIT);
1328 if (err) {
1329 dmu_buf_rele(db, FTAG);
1330 dmu_buf_rele(db_spill, FTAG);
1331 dmu_tx_abort(tx);
1332 return (err);
1333 }
1334 dmu_buf_will_dirty(db_spill, tx);
1335
1336 if (db_spill->db_size < drrs->drr_length)
1337 VERIFY(0 == dbuf_spill_set_blksz(db_spill,
1338 drrs->drr_length, tx));
1339 bcopy(data, db_spill->db_data, drrs->drr_length);
1340
1341 dmu_buf_rele(db, FTAG);
1342 dmu_buf_rele(db_spill, FTAG);
1343
1344 dmu_tx_commit(tx);
1345 return (0);
1346 }
1347
1348 /* ARGSUSED */
1349 static int
1350 restore_free(struct restorearg *ra, objset_t *os,
1351 struct drr_free *drrf)
1352 {
1353 int err;
1354
1355 if (drrf->drr_length != -1ULL &&
1356 drrf->drr_offset + drrf->drr_length < drrf->drr_offset)
1357 return (EINVAL);
1358
1359 if (dmu_object_info(os, drrf->drr_object, NULL) != 0)
1360 return (EINVAL);
1361
1362 err = dmu_free_long_range(os, drrf->drr_object,
1363 drrf->drr_offset, drrf->drr_length);
1364 return (err);
1365 }
1366
1367 /*
1368 * NB: callers *must* call dmu_recv_end() if this succeeds.
1369 */
1370 int
1371 dmu_recv_stream(dmu_recv_cookie_t *drc, vnode_t *vp, offset_t *voffp,
1372 int cleanup_fd, uint64_t *action_handlep)
1373 {
1374 struct restorearg ra = { 0 };
1375 dmu_replay_record_t *drr;
1376 objset_t *os;
1377 zio_cksum_t pcksum;
1378 int featureflags;
1379
1380 if (drc->drc_drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC))
1381 ra.byteswap = TRUE;
1382
1383 {
1384 /* compute checksum of drr_begin record */
1385 dmu_replay_record_t *drr;
1386 drr = kmem_zalloc(sizeof (dmu_replay_record_t), KM_SLEEP);
1387
1388 drr->drr_type = DRR_BEGIN;
1389 drr->drr_u.drr_begin = *drc->drc_drrb;
1390 if (ra.byteswap) {
1391 fletcher_4_incremental_byteswap(drr,
1392 sizeof (dmu_replay_record_t), &ra.cksum);
1393 } else {
1394 fletcher_4_incremental_native(drr,
1395 sizeof (dmu_replay_record_t), &ra.cksum);
1396 }
1397 kmem_free(drr, sizeof (dmu_replay_record_t));
1398 }
1399
1400 if (ra.byteswap) {
1401 struct drr_begin *drrb = drc->drc_drrb;
1402 drrb->drr_magic = BSWAP_64(drrb->drr_magic);
1403 drrb->drr_versioninfo = BSWAP_64(drrb->drr_versioninfo);
1404 drrb->drr_creation_time = BSWAP_64(drrb->drr_creation_time);
1405 drrb->drr_type = BSWAP_32(drrb->drr_type);
1406 drrb->drr_toguid = BSWAP_64(drrb->drr_toguid);
1407 drrb->drr_fromguid = BSWAP_64(drrb->drr_fromguid);
1408 }
1409
1410 ra.vp = vp;
1411 ra.voff = *voffp;
1412 ra.bufsize = 1<<20;
1413 ra.buf = kmem_alloc(ra.bufsize, KM_SLEEP);
1414
1415 /* these were verified in dmu_recv_begin */
1416 ASSERT(DMU_GET_STREAM_HDRTYPE(drc->drc_drrb->drr_versioninfo) ==
1417 DMU_SUBSTREAM);
1418 ASSERT(drc->drc_drrb->drr_type < DMU_OST_NUMTYPES);
1419
1420 /*
1421 * Open the objset we are modifying.
1422 */
1423 VERIFY(dmu_objset_from_ds(drc->drc_real_ds, &os) == 0);
1424
1425 ASSERT(drc->drc_real_ds->ds_phys->ds_flags & DS_FLAG_INCONSISTENT);
1426
1427 featureflags = DMU_GET_FEATUREFLAGS(drc->drc_drrb->drr_versioninfo);
1428
1429 /* if this stream is dedup'ed, set up the avl tree for guid mapping */
1430 if (featureflags & DMU_BACKUP_FEATURE_DEDUP) {
1431 minor_t minor;
1432
1433 if (cleanup_fd == -1) {
1434 ra.err = EBADF;
1435 goto out;
1436 }
1437 ra.err = zfs_onexit_fd_hold(cleanup_fd, &minor);
1438 if (ra.err) {
1439 cleanup_fd = -1;
1440 goto out;
1441 }
1442
1443 if (*action_handlep == 0) {
1444 ra.guid_to_ds_map =
1445 kmem_alloc(sizeof (avl_tree_t), KM_SLEEP);
1446 avl_create(ra.guid_to_ds_map, guid_compare,
1447 sizeof (guid_map_entry_t),
1448 offsetof(guid_map_entry_t, avlnode));
1449 ra.err = zfs_onexit_add_cb(minor,
1450 free_guid_map_onexit, ra.guid_to_ds_map,
1451 action_handlep);
1452 if (ra.err)
1453 goto out;
1454 } else {
1455 ra.err = zfs_onexit_cb_data(minor, *action_handlep,
1456 (void **)&ra.guid_to_ds_map);
1457 if (ra.err)
1458 goto out;
1459 }
1460
1461 drc->drc_guid_to_ds_map = ra.guid_to_ds_map;
1462 }
1463
1464 /*
1465 * Read records and process them.
1466 */
1467 pcksum = ra.cksum;
1468 while (ra.err == 0 &&
1469 NULL != (drr = restore_read(&ra, sizeof (*drr)))) {
1470 if (issig(JUSTLOOKING) && issig(FORREAL)) {
1471 ra.err = EINTR;
1472 goto out;
1473 }
1474
1475 if (ra.byteswap)
1476 backup_byteswap(drr);
1477
1478 switch (drr->drr_type) {
1479 case DRR_OBJECT:
1480 {
1481 /*
1482 * We need to make a copy of the record header,
1483 * because restore_{object,write} may need to
1484 * restore_read(), which will invalidate drr.
1485 */
1486 struct drr_object drro = drr->drr_u.drr_object;
1487 ra.err = restore_object(&ra, os, &drro);
1488 break;
1489 }
1490 case DRR_FREEOBJECTS:
1491 {
1492 struct drr_freeobjects drrfo =
1493 drr->drr_u.drr_freeobjects;
1494 ra.err = restore_freeobjects(&ra, os, &drrfo);
1495 break;
1496 }
1497 case DRR_WRITE:
1498 {
1499 struct drr_write drrw = drr->drr_u.drr_write;
1500 ra.err = restore_write(&ra, os, &drrw);
1501 break;
1502 }
1503 case DRR_WRITE_BYREF:
1504 {
1505 struct drr_write_byref drrwbr =
1506 drr->drr_u.drr_write_byref;
1507 ra.err = restore_write_byref(&ra, os, &drrwbr);
1508 break;
1509 }
1510 case DRR_FREE:
1511 {
1512 struct drr_free drrf = drr->drr_u.drr_free;
1513 ra.err = restore_free(&ra, os, &drrf);
1514 break;
1515 }
1516 case DRR_END:
1517 {
1518 struct drr_end drre = drr->drr_u.drr_end;
1519 /*
1520 * We compare against the *previous* checksum
1521 * value, because the stored checksum is of
1522 * everything before the DRR_END record.
1523 */
1524 if (!ZIO_CHECKSUM_EQUAL(drre.drr_checksum, pcksum))
1525 ra.err = ECKSUM;
1526 goto out;
1527 }
1528 case DRR_SPILL:
1529 {
1530 struct drr_spill drrs = drr->drr_u.drr_spill;
1531 ra.err = restore_spill(&ra, os, &drrs);
1532 break;
1533 }
1534 default:
1535 ra.err = EINVAL;
1536 goto out;
1537 }
1538 pcksum = ra.cksum;
1539 }
1540 ASSERT(ra.err != 0);
1541
1542 out:
1543 if ((featureflags & DMU_BACKUP_FEATURE_DEDUP) && (cleanup_fd != -1))
1544 zfs_onexit_fd_rele(cleanup_fd);
1545
1546 if (ra.err != 0) {
1547 /*
1548 * destroy what we created, so we don't leave it in the
1549 * inconsistent restoring state.
1550 */
1551 txg_wait_synced(drc->drc_real_ds->ds_dir->dd_pool, 0);
1552
1553 (void) dsl_dataset_destroy(drc->drc_real_ds, dmu_recv_tag,
1554 B_FALSE);
1555 if (drc->drc_real_ds != drc->drc_logical_ds) {
1556 mutex_exit(&drc->drc_logical_ds->ds_recvlock);
1557 dsl_dataset_rele(drc->drc_logical_ds, dmu_recv_tag);
1558 }
1559 }
1560
1561 kmem_free(ra.buf, ra.bufsize);
1562 *voffp = ra.voff;
1563 return (ra.err);
1564 }
1565
1566 struct recvendsyncarg {
1567 char *tosnap;
1568 uint64_t creation_time;
1569 uint64_t toguid;
1570 boolean_t is_new;
1571 };
1572
1573 static int
1574 recv_end_check(void *arg1, void *arg2, dmu_tx_t *tx)
1575 {
1576 dsl_dataset_t *ds = arg1;
1577 struct recvendsyncarg *resa = arg2;
1578
1579 if (resa->is_new) {
1580 /* re-check the filesystem limit now that recv is complete */
1581 dsl_dir_t *dd;
1582 int err;
1583
1584 dd = ds->ds_dir;
1585 if (dd->dd_parent != NULL) {
1586 err = dsl_dir_fscount_check(dd->dd_parent, 1, NULL);
1587 if (err != 0)
1588 return (err);
1589 }
1590 }
1591
1592 return (dsl_dataset_snapshot_check(ds, resa->tosnap, 1, tx));
1593 }
1594
1595 static void
1596 recv_end_sync(void *arg1, void *arg2, dmu_tx_t *tx)
1597 {
1598 dsl_dataset_t *ds = arg1;
1599 struct recvendsyncarg *resa = arg2;
1600
1601 if (resa->is_new)
1602 /* update the filesystem counts */
1603 dsl_dir_fscount_adjust(ds->ds_dir->dd_parent, tx, 1, B_FALSE,
1604 B_TRUE);
1605
1606 dsl_dataset_snapshot_sync(ds, resa->tosnap, tx);
1607
1608 /* set snapshot's creation time and guid */
1609 dmu_buf_will_dirty(ds->ds_prev->ds_dbuf, tx);
1610 ds->ds_prev->ds_phys->ds_creation_time = resa->creation_time;
1611 ds->ds_prev->ds_phys->ds_guid = resa->toguid;
1612 ds->ds_prev->ds_phys->ds_flags &= ~DS_FLAG_INCONSISTENT;
1613
1614 dmu_buf_will_dirty(ds->ds_dbuf, tx);
1615 ds->ds_phys->ds_flags &= ~DS_FLAG_INCONSISTENT;
1616 spa_history_log_internal_ds(ds, "finished receiving", tx, "");
1617 }
1618
1619 static int
1620 add_ds_to_guidmap(avl_tree_t *guid_map, dsl_dataset_t *ds)
1621 {
1622 dsl_pool_t *dp = ds->ds_dir->dd_pool;
1623 uint64_t snapobj = ds->ds_phys->ds_prev_snap_obj;
1624 dsl_dataset_t *snapds;
1625 guid_map_entry_t *gmep;
1626 int err;
1627
1628 ASSERT(guid_map != NULL);
1629
1630 rw_enter(&dp->dp_config_rwlock, RW_READER);
1631 err = dsl_dataset_hold_obj(dp, snapobj, guid_map, &snapds);
1632 if (err == 0) {
1633 gmep = kmem_alloc(sizeof (guid_map_entry_t), KM_SLEEP);
1634 gmep->guid = snapds->ds_phys->ds_guid;
1635 gmep->gme_ds = snapds;
1636 avl_add(guid_map, gmep);
1637 }
1638
1639 rw_exit(&dp->dp_config_rwlock);
1640 return (err);
1641 }
1642
1643 static int
1644 dmu_recv_existing_end(dmu_recv_cookie_t *drc)
1645 {
1646 struct recvendsyncarg resa;
1647 dsl_dataset_t *ds = drc->drc_logical_ds;
1648 int err, myerr;
1649
1650 if (dsl_dataset_tryown(ds, FALSE, dmu_recv_tag)) {
1651 err = dsl_dataset_clone_swap(drc->drc_real_ds, ds,
1652 drc->drc_force);
1653 if (err)
1654 goto out;
1655 } else {
1656 mutex_exit(&ds->ds_recvlock);
1657 dsl_dataset_rele(ds, dmu_recv_tag);
1658 (void) dsl_dataset_destroy(drc->drc_real_ds, dmu_recv_tag,
1659 B_FALSE);
1660 return (EBUSY);
1661 }
1662
1663 resa.creation_time = drc->drc_drrb->drr_creation_time;
1664 resa.toguid = drc->drc_drrb->drr_toguid;
1665 resa.tosnap = drc->drc_tosnap;
1666 resa.is_new = B_FALSE;
1667
1668 err = dsl_sync_task_do(ds->ds_dir->dd_pool,
1669 recv_end_check, recv_end_sync, ds, &resa, 3);
1670 if (err) {
1671 /* swap back */
1672 (void) dsl_dataset_clone_swap(drc->drc_real_ds, ds, B_TRUE);
1673 }
1674
1675 out:
1676 mutex_exit(&ds->ds_recvlock);
1677 if (err == 0 && drc->drc_guid_to_ds_map != NULL)
1678 (void) add_ds_to_guidmap(drc->drc_guid_to_ds_map, ds);
1679 dsl_dataset_disown(ds, dmu_recv_tag);
1680 myerr = dsl_dataset_destroy(drc->drc_real_ds, dmu_recv_tag, B_FALSE);
1681 ASSERT0(myerr);
1682 return (err);
1683 }
1684
1685 static int
1686 dmu_recv_new_end(dmu_recv_cookie_t *drc)
1687 {
1688 struct recvendsyncarg resa;
1689 dsl_dataset_t *ds = drc->drc_logical_ds;
1690 int err;
1691
1692 /*
1693 * XXX hack; seems the ds is still dirty and dsl_pool_zil_clean()
1694 * expects it to have a ds_user_ptr (and zil), but clone_swap()
1695 * can close it.
1696 */
1697 txg_wait_synced(ds->ds_dir->dd_pool, 0);
1698
1699 resa.creation_time = drc->drc_drrb->drr_creation_time;
1700 resa.toguid = drc->drc_drrb->drr_toguid;
1701 resa.tosnap = drc->drc_tosnap;
1702 resa.is_new = B_TRUE;
1703
1704 err = dsl_sync_task_do(ds->ds_dir->dd_pool,
1705 recv_end_check, recv_end_sync, ds, &resa, 3);
1706 if (err) {
1707 /* clean up the fs we just recv'd into */
1708 (void) dsl_dataset_destroy(ds, dmu_recv_tag, B_FALSE);
1709 } else {
1710 if (drc->drc_guid_to_ds_map != NULL)
1711 (void) add_ds_to_guidmap(drc->drc_guid_to_ds_map, ds);
1712 /* release the hold from dmu_recv_begin */
1713 dsl_dataset_disown(ds, dmu_recv_tag);
1714 }
1715 return (err);
1716 }
1717
1718 int
1719 dmu_recv_end(dmu_recv_cookie_t *drc)
1720 {
1721 if (drc->drc_logical_ds != drc->drc_real_ds)
1722 return (dmu_recv_existing_end(drc));
1723 else
1724 return (dmu_recv_new_end(drc));
1725 }