OpenZFS 7793 - ztest fails assertion in dmu_tx_willuse_space

Reviewed by: Steve Gonczi <steve.gonczi@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Pavel Zakharov <pavel.zakharov@delphix.com>
Ported-by: Brian Behlendorf <behlendorf1@llnl.gov>

Background information: This assertion about tx_space_* verifies that we
are not dirtying more stuff than we thought we would. We “need” to know
how much we will dirty so that we can check if we should fail this
transaction with ENOSPC/EDQUOT, in dmu_tx_assign(). While the
transaction is open (i.e. between dmu_tx_assign() and dmu_tx_commit() —
typically less than a millisecond), we call dbuf_dirty() on the exact
blocks that will be modified. Once this happens, the temporary
accounting in tx_space_* is unnecessary, because we know exactly what
blocks are newly dirtied; we call dnode_willuse_space() to track this
more exact accounting.

The fundamental problem causing this bug is that dmu_tx_hold_*() relies
on the current state in the DMU (e.g. dn_nlevels) to predict how much
will be dirtied by this transaction, but this state can change before we
actually perform the transaction (i.e. call dbuf_dirty()).

This bug will be fixed by removing the assertion that the tx_space_*
accounting is perfectly accurate (i.e. we never dirty more than was
predicted by dmu_tx_hold_*()). By removing the requirement that this
accounting be perfectly accurate, we can also vastly simplify it, e.g.
removing most of the logic in dmu_tx_count_*().

The new tx space accounting will be very approximate, and may be more or
less than what is actually dirtied. It will still be used to determine
if this transaction will put us over quota. Transactions that are marked
by dmu_tx_mark_netfree() will be excepted from this check. We won’t make
an attempt to determine how much space will be freed by the transaction
— this was rarely accurate enough to determine if a transaction should
be permitted when we are over quota, which is why dmu_tx_mark_netfree()
was introduced in 2014.

We also won’t attempt to give “credit” when overwriting existing blocks,
if those blocks may be freed. This allows us to remove the
do_free_accounting logic in dbuf_dirty(), and associated routines. This
logic attempted to predict what will be on disk when this txg syncs, to
know if the overwritten block will be freed (i.e. exists, and has no
snapshots).

OpenZFS-issue: https://www.illumos.org/issues/7793
OpenZFS-commit: openzfs/openzfs@3704e0a
Upstream bugs: DLPX-32883a
Closes #5804 

Porting notes:
- DNODE_SIZE replaced with DNODE_MIN_SIZE in dmu_tx_count_dnode(),
  Using the default dnode size would be slightly better.
- DEBUG_DMU_TX wrappers and configure option removed.
- Resolved _by_dnode() conflicts these changes have not yet been
  applied to OpenZFS.

config/zfs-build.m4

@@ -37,29 +37,6 @@ AC_DEFUN([ZFS_AC_DEBUG], [
 	AC_MSG_RESULT([$enable_debug])
 ])
 
-AC_DEFUN([ZFS_AC_DEBUG_DMU_TX], [
-	AC_ARG_ENABLE([debug-dmu-tx],
-		[AS_HELP_STRING([--enable-debug-dmu-tx],
-		[Enable dmu tx validation @<:@default=no@:>@])],
-		[],
-		[enable_debug_dmu_tx=no])
-
-	AS_IF([test "x$enable_debug_dmu_tx" = xyes],
-	[
-		KERNELCPPFLAGS="${KERNELCPPFLAGS} -DDEBUG_DMU_TX"
-		DEBUG_DMU_TX="_with_debug_dmu_tx"
-		AC_DEFINE([DEBUG_DMU_TX], [1],
-		[Define to 1 to enabled dmu tx validation])
-	],
-	[
-		DEBUG_DMU_TX="_without_debug_dmu_tx"
-	])
-
-	AC_SUBST(DEBUG_DMU_TX)
-	AC_MSG_CHECKING([whether dmu tx validation is enabled])
-	AC_MSG_RESULT([$enable_debug_dmu_tx])
-])
-
 AC_DEFUN([ZFS_AC_CONFIG_ALWAYS], [
 	ZFS_AC_CONFIG_ALWAYS_NO_UNUSED_BUT_SET_VARIABLE
 	ZFS_AC_CONFIG_ALWAYS_NO_BOOL_COMPARE
@@ -140,7 +117,7 @@ AC_DEFUN([ZFS_AC_RPM], [
 		AC_MSG_RESULT([$HAVE_RPMBUILD])
 	])
 
-	RPM_DEFINE_COMMON='--define "$(DEBUG_ZFS) 1" --define "$(DEBUG_DMU_TX) 1"'
+	RPM_DEFINE_COMMON='--define "$(DEBUG_ZFS) 1"'
 	RPM_DEFINE_UTIL='--define "_dracutdir $(dracutdir)" --define "_udevdir $(udevdir)" --define "_udevruledir $(udevruledir)" --define "_initconfdir $(DEFAULT_INITCONF_DIR)" $(DEFINE_INITRAMFS)'
 	RPM_DEFINE_KMOD='--define "kernels $(LINUX_VERSION)" --define "require_spldir $(SPL)" --define "require_splobj $(SPL_OBJ)" --define "ksrc $(LINUX)" --define "kobj $(LINUX_OBJ)"'
 	RPM_DEFINE_DKMS=

configure.ac

@@ -55,7 +55,6 @@ ZFS_AC_LICENSE
 ZFS_AC_PACKAGE
 ZFS_AC_CONFIG
 ZFS_AC_DEBUG
-ZFS_AC_DEBUG_DMU_TX
 
 AC_CONFIG_FILES([
 	Makefile

etc/init.d/zfs.in

@@ -91,10 +91,6 @@ MOUNT_EXTRA_OPTIONS=""
 # Only applicable for Debian GNU/Linux {dkms,initramfs}.
 ZFS_DKMS_ENABLE_DEBUG='no'
 
-# Build kernel modules with the --enable-debug-dmu-tx switch?
-# Only applicable for Debian GNU/Linux {dkms,initramfs}.
-ZFS_DKMS_ENABLE_DEBUG_DMU_TX='no'
-
 # Keep debugging symbols in kernel modules?
 # Only applicable for Debian GNU/Linux {dkms,initramfs}.
 ZFS_DKMS_DISABLE_STRIP='no'

include/sys/dmu.h

@@ -656,11 +656,6 @@ struct blkptr *dmu_buf_get_blkptr(dmu_buf_t *db);
  */
 void dmu_buf_will_dirty(dmu_buf_t *db, dmu_tx_t *tx);
 
-/*
- * Tells if the given dbuf is freeable.
- */
-boolean_t dmu_buf_freeable(dmu_buf_t *);
-
 /*
  * You must create a transaction, then hold the objects which you will
  * (or might) modify as part of this transaction.  Then you must assign

include/sys/dmu_impl.h

@@ -86,7 +86,6 @@ extern "C" {
  *   held from:
  *   	callers of dbuf_read_impl, dbuf_hold[_impl], dbuf_prefetch
  *   	dmu_object_info_from_dnode: dn_dirty_mtx (dn_datablksz)
- *   	dmu_tx_count_free:
  *   	dbuf_read_impl: db_mtx, dmu_zfetch()
  *   	dmu_zfetch: zf_rwlock/r, zst_lock, dbuf_prefetch()
  *   	dbuf_new_size: db_mtx
@@ -197,7 +196,6 @@ extern "C" {
  *    	dsl_prop_changed_notify: none (dd_prop_cbs)
  *    	dsl_prop_register: none (dd_prop_cbs)
  *    	dsl_prop_unregister: none (dd_prop_cbs)
- *    	dsl_dataset_block_freeable: none (dd_sync_*)
  *
  * os_lock (leaf)
  *   protects:

include/sys/dmu_objset.h

@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2012, 2015 by Delphix. All rights reserved.
+ * Copyright (c) 2012, 2016 by Delphix. All rights reserved.
  * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
  * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
  */
@@ -196,6 +196,7 @@ boolean_t dmu_objset_userobjspace_present(objset_t *os);
 int dmu_fsname(const char *snapname, char *buf);
 
 void dmu_objset_evict_done(objset_t *os);
+void dmu_objset_willuse_space(objset_t *os, int64_t space, dmu_tx_t *tx);
 
 void dmu_objset_init(void);
 void dmu_objset_fini(void);

include/sys/dmu_tx.h

@@ -23,7 +23,7 @@
  * Use is subject to license terms.
  */
 /*
- * Copyright (c) 2012, 2015 by Delphix. All rights reserved.
+ * Copyright (c) 2012, 2016 by Delphix. All rights reserved.
  */
 
 #ifndef	_SYS_DMU_TX_H
@@ -70,21 +70,16 @@ struct dmu_tx {
 	/* has this transaction already been delayed? */
 	boolean_t tx_waited;
 
+	/* transaction is marked as being a "net free" of space */
+	boolean_t tx_netfree;
+
 	/* time this transaction was created */
 	hrtime_t tx_start;
 
 	/* need to wait for sufficient dirty space */
 	boolean_t tx_wait_dirty;
 
 	int tx_err;
-#ifdef DEBUG_DMU_TX
-	uint64_t tx_space_towrite;
-	uint64_t tx_space_tofree;
-	uint64_t tx_space_tooverwrite;
-	uint64_t tx_space_tounref;
-	refcount_t tx_space_written;
-	refcount_t tx_space_freed;
-#endif
 };
 
 enum dmu_tx_hold_type {
@@ -103,16 +98,10 @@ typedef struct dmu_tx_hold {
 	list_node_t txh_node;
 	struct dnode *txh_dnode;
 	refcount_t txh_space_towrite;
-	refcount_t txh_space_tofree;
-	refcount_t txh_space_tooverwrite;
-	refcount_t txh_space_tounref;
 	refcount_t txh_memory_tohold;
-	refcount_t txh_fudge;
-#ifdef DEBUG_DMU_TX
 	enum dmu_tx_hold_type txh_type;
 	uint64_t txh_arg1;
 	uint64_t txh_arg2;
-#endif
 } dmu_tx_hold_t;
 
 typedef struct dmu_tx_callback {
@@ -172,12 +161,10 @@ dmu_tx_t *dmu_tx_create_dd(dsl_dir_t *dd);
 int dmu_tx_is_syncing(dmu_tx_t *tx);
 int dmu_tx_private_ok(dmu_tx_t *tx);
 void dmu_tx_add_new_object(dmu_tx_t *tx, dnode_t *dn);
-void dmu_tx_willuse_space(dmu_tx_t *tx, int64_t delta);
 void dmu_tx_dirty_buf(dmu_tx_t *tx, struct dmu_buf_impl *db);
-int dmu_tx_holds(dmu_tx_t *tx, uint64_t object);
 void dmu_tx_hold_space(dmu_tx_t *tx, uint64_t space);
 
-#ifdef DEBUG_DMU_TX
+#ifdef ZFS_DEBUG
 #define	DMU_TX_DIRTY_BUF(tx, db)	dmu_tx_dirty_buf(tx, db)
 #else
 #define	DMU_TX_DIRTY_BUF(tx, db)

include/sys/dnode.h

@@ -344,7 +344,6 @@ void dnode_verify(dnode_t *dn);
 int dnode_set_blksz(dnode_t *dn, uint64_t size, int ibs, dmu_tx_t *tx);
 void dnode_free_range(dnode_t *dn, uint64_t off, uint64_t len, dmu_tx_t *tx);
 void dnode_diduse_space(dnode_t *dn, int64_t space);
-void dnode_willuse_space(dnode_t *dn, int64_t space, dmu_tx_t *tx);
 void dnode_new_blkid(dnode_t *dn, uint64_t blkid, dmu_tx_t *tx, boolean_t);
 uint64_t dnode_block_freed(dnode_t *dn, uint64_t blkid);
 void dnode_init(void);

include/sys/dsl_dataset.h

@@ -286,9 +286,6 @@ void dsl_dataset_block_born(dsl_dataset_t *ds, const blkptr_t *bp,
     dmu_tx_t *tx);
 int dsl_dataset_block_kill(dsl_dataset_t *ds, const blkptr_t *bp,
     dmu_tx_t *tx, boolean_t async);
-boolean_t dsl_dataset_block_freeable(dsl_dataset_t *ds, const blkptr_t *bp,
-    uint64_t blk_birth);
-uint64_t dsl_dataset_prev_snap_txg(dsl_dataset_t *ds);
 int dsl_dataset_snap_lookup(dsl_dataset_t *ds, const char *name,
     uint64_t *value);
 

include/sys/dsl_dir.h

@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2013 by Delphix. All rights reserved.
+ * Copyright (c) 2012, 2016 by Delphix. All rights reserved.
  * Copyright (c) 2014, Joyent, Inc. All rights reserved.
  * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved.
  */
@@ -137,8 +137,7 @@ uint64_t dsl_dir_space_available(dsl_dir_t *dd,
 void dsl_dir_dirty(dsl_dir_t *dd, dmu_tx_t *tx);
 void dsl_dir_sync(dsl_dir_t *dd, dmu_tx_t *tx);
 int dsl_dir_tempreserve_space(dsl_dir_t *dd, uint64_t mem,
-    uint64_t asize, uint64_t fsize, uint64_t usize, void **tr_cookiep,
-    dmu_tx_t *tx);
+    uint64_t asize, boolean_t netfree, void **tr_cookiep, dmu_tx_t *tx);
 void dsl_dir_tempreserve_clear(void *tr_cookie, dmu_tx_t *tx);
 void dsl_dir_willuse_space(dsl_dir_t *dd, int64_t space, dmu_tx_t *tx);
 void dsl_dir_diduse_space(dsl_dir_t *dd, dd_used_t type,

include/sys/spa.h

@@ -795,7 +795,7 @@ extern uint64_t spa_version(spa_t *spa);
 extern pool_state_t spa_state(spa_t *spa);
 extern spa_load_state_t spa_load_state(spa_t *spa);
 extern uint64_t spa_freeze_txg(spa_t *spa);
-extern uint64_t spa_get_asize(spa_t *spa, uint64_t lsize);
+extern uint64_t spa_get_worst_case_asize(spa_t *spa, uint64_t lsize);
 extern uint64_t spa_get_dspace(spa_t *spa);
 extern uint64_t spa_get_slop_space(spa_t *spa);
 extern void spa_update_dspace(spa_t *spa);

include/sys/trace_dmu.h

@@ -54,14 +54,6 @@ DECLARE_EVENT_CLASS(zfs_delay_mintime_class,
 	    __field(hrtime_t,			tx_start)
 	    __field(boolean_t,			tx_wait_dirty)
 	    __field(int,			tx_err)
-#ifdef DEBUG_DMU_TX
-	    __field(uint64_t,			tx_space_towrite)
-	    __field(uint64_t,			tx_space_tofree)
-	    __field(uint64_t,			tx_space_tooverwrite)
-	    __field(uint64_t,			tx_space_tounref)
-	    __field(int64_t,			tx_space_written)
-	    __field(int64_t,			tx_space_freed)
-#endif
 	    __field(uint64_t,			min_tx_time)
 	    __field(uint64_t,			dirty)
 	),
@@ -74,32 +66,15 @@ DECLARE_EVENT_CLASS(zfs_delay_mintime_class,
 	    __entry->tx_start			= tx->tx_start;
 	    __entry->tx_wait_dirty		= tx->tx_wait_dirty;
 	    __entry->tx_err			= tx->tx_err;
-#ifdef DEBUG_DMU_TX
-	    __entry->tx_space_towrite		= tx->tx_space_towrite;
-	    __entry->tx_space_tofree		= tx->tx_space_tofree;
-	    __entry->tx_space_tooverwrite	= tx->tx_space_tooverwrite;
-	    __entry->tx_space_tounref		= tx->tx_space_tounref;
-	    __entry->tx_space_written		= tx->tx_space_written.rc_count;
-	    __entry->tx_space_freed		= tx->tx_space_freed.rc_count;
-#endif
 	    __entry->dirty			= dirty;
 	    __entry->min_tx_time		= min_tx_time;
 	),
 	TP_printk("tx { txg %llu lastsnap_txg %llu tx_lasttried_txg %llu "
 	    "anyobj %d waited %d start %llu wait_dirty %d err %i "
-#ifdef DEBUG_DMU_TX
-	    "space_towrite %llu space_tofree %llu space_tooverwrite %llu "
-	    "space_tounref %llu space_written %lli space_freed %lli "
-#endif
 	    "} dirty %llu min_tx_time %llu",
 	    __entry->tx_txg, __entry->tx_lastsnap_txg,
 	    __entry->tx_lasttried_txg, __entry->tx_anyobj, __entry->tx_waited,
 	    __entry->tx_start, __entry->tx_wait_dirty, __entry->tx_err,
-#ifdef DEBUG_DMU_TX
-	    __entry->tx_space_towrite, __entry->tx_space_tofree,
-	    __entry->tx_space_tooverwrite, __entry->tx_space_tounref,
-	    __entry->tx_space_written, __entry->tx_space_freed,
-#endif
 	    __entry->dirty, __entry->min_tx_time)
 );
 /* END CSTYLED */

include/sys/zap_impl.h

@@ -216,8 +216,6 @@ int fzap_lookup(zap_name_t *zn,
     uint64_t integer_size, uint64_t num_integers, void *buf,
     char *realname, int rn_len, boolean_t *normalization_conflictp);
 void fzap_prefetch(zap_name_t *zn);
-int fzap_count_write(zap_name_t *zn, int add, refcount_t *towrite,
-    refcount_t *tooverwrite);
 int fzap_add(zap_name_t *zn, uint64_t integer_size, uint64_t num_integers,
     const void *val, void *tag, dmu_tx_t *tx);
 int fzap_update(zap_name_t *zn,