6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012 by Delphix. All rights reserved.
27 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
28 */
29
30 #include <sys/types.h>
31 #include <sys/param.h>
32 #include <sys/errno.h>
33 #include <sys/uio.h>
34 #include <sys/buf.h>
35 #include <sys/modctl.h>
36 #include <sys/open.h>
37 #include <sys/file.h>
38 #include <sys/kmem.h>
39 #include <sys/conf.h>
40 #include <sys/cmn_err.h>
41 #include <sys/stat.h>
42 #include <sys/zfs_ioctl.h>
43 #include <sys/zfs_vfsops.h>
44 #include <sys/zfs_znode.h>
45 #include <sys/zap.h>
46 #include <sys/spa.h>
47 #include <sys/spa_impl.h>
68 #include <sys/zfs_dir.h>
69 #include <sys/zfs_onexit.h>
70 #include <sys/zvol.h>
71 #include <sys/dsl_scan.h>
72 #include <sharefs/share.h>
73 #include <sys/dmu_objset.h>
74
75 #include "zfs_namecheck.h"
76 #include "zfs_prop.h"
77 #include "zfs_deleg.h"
78 #include "zfs_comutil.h"
79
80 extern struct modlfs zfs_modlfs;
81
82 extern void zfs_init(void);
83 extern void zfs_fini(void);
84
85 ldi_ident_t zfs_li = NULL;
86 dev_info_t *zfs_dip;
87
88 typedef int zfs_ioc_func_t(zfs_cmd_t *);
89 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
90
91 typedef enum {
92 NO_NAME,
93 POOL_NAME,
94 DATASET_NAME
95 } zfs_ioc_namecheck_t;
96
97 typedef enum {
98 POOL_CHECK_NONE = 1 << 0,
99 POOL_CHECK_SUSPENDED = 1 << 1,
100 POOL_CHECK_READONLY = 1 << 2
101 } zfs_ioc_poolcheck_t;
102
103 typedef struct zfs_ioc_vec {
104 zfs_ioc_func_t *zvec_func;
105 zfs_secpolicy_func_t *zvec_secpolicy;
106 zfs_ioc_namecheck_t zvec_namecheck;
107 boolean_t zvec_his_log;
108 zfs_ioc_poolcheck_t zvec_pool_check;
109 } zfs_ioc_vec_t;
110
111 /* This array is indexed by zfs_userquota_prop_t */
112 static const char *userquota_perms[] = {
113 ZFS_DELEG_PERM_USERUSED,
114 ZFS_DELEG_PERM_USERQUOTA,
115 ZFS_DELEG_PERM_GROUPUSED,
116 ZFS_DELEG_PERM_GROUPQUOTA,
117 };
118
119 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
120 static int zfs_check_settable(const char *name, nvpair_t *property,
121 cred_t *cr);
122 static int zfs_check_clearable(char *dataset, nvlist_t *props,
123 nvlist_t **errors);
124 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
125 boolean_t *);
126 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
127
128 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
129 void
130 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
131 {
132 const char *newfile;
133 char buf[512];
134 va_list adx;
135
136 /*
137 * Get rid of annoying "../common/" prefix to filename.
138 */
139 newfile = strrchr(file, '/');
140 if (newfile != NULL) {
141 newfile = newfile + 1; /* Get rid of leading / */
142 } else {
143 newfile = file;
144 }
145
146 va_start(adx, fmt);
244 }
245 /* XXX reading from non-owned objset */
246 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
247 rc = zplversion < version;
248 dmu_objset_rele(os, FTAG);
249 }
250 return (rc);
251 }
252
253 static void
254 zfs_log_history(zfs_cmd_t *zc)
255 {
256 spa_t *spa;
257 char *buf;
258
259 if ((buf = history_str_get(zc)) == NULL)
260 return;
261
262 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
263 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
264 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
265 spa_close(spa, FTAG);
266 }
267 history_str_free(buf);
268 }
269
270 /*
271 * Policy for top-level read operations (list pools). Requires no privileges,
272 * and can be used in the local zone, as there is no associated dataset.
273 */
274 /* ARGSUSED */
275 static int
276 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
277 {
278 return (0);
279 }
280
281 /*
282 * Policy for dataset read operations (list children, get statistics). Requires
283 * no privileges, but must be visible in the local zone.
284 */
285 /* ARGSUSED */
286 static int
287 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
288 {
289 if (INGLOBALZONE(curproc) ||
290 zone_dataset_visible(zc->zc_name, NULL))
291 return (0);
292
293 return (ENOENT);
294 }
295
296 static int
297 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
298 {
299 int writable = 1;
300
301 /*
302 * The dataset must be visible by this zone -- check this first
303 * so they don't see EPERM on something they shouldn't know about.
304 */
305 if (!INGLOBALZONE(curproc) &&
306 !zone_dataset_visible(dataset, &writable))
307 return (ENOENT);
336 return (ENOENT);
337
338 return (zfs_dozonecheck_impl(dataset, zoned, cr));
339 }
340
341 static int
342 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
343 {
344 uint64_t zoned;
345
346 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
347 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
348 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
349 return (ENOENT);
350 }
351 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
352
353 return (zfs_dozonecheck_impl(dataset, zoned, cr));
354 }
355
356 /*
357 * If name ends in a '@', then require recursive permissions.
358 */
359 int
360 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
361 {
362 int error;
363 boolean_t descendent = B_FALSE;
364 dsl_dataset_t *ds;
365 char *at;
366
367 at = strchr(name, '@');
368 if (at != NULL && at[1] == '\0') {
369 *at = '\0';
370 descendent = B_TRUE;
371 }
372
373 error = dsl_dataset_hold(name, FTAG, &ds);
374 if (at != NULL)
375 *at = '@';
376 if (error != 0)
377 return (error);
378
379 error = zfs_dozonecheck_ds(name, ds, cr);
380 if (error == 0) {
381 error = secpolicy_zfs(cr);
382 if (error)
383 error = dsl_deleg_access_impl(ds, descendent, perm, cr);
384 }
385
386 dsl_dataset_rele(ds, FTAG);
387 return (error);
388 }
389
390 int
391 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
392 const char *perm, cred_t *cr)
393 {
394 int error;
395
396 error = zfs_dozonecheck_ds(name, ds, cr);
397 if (error == 0) {
398 error = secpolicy_zfs(cr);
399 if (error)
400 error = dsl_deleg_access_impl(ds, B_FALSE, perm, cr);
401 }
402 return (error);
403 }
404
405 /*
406 * Policy for setting the security label property.
407 *
408 * Returns 0 for success, non-zero for access and other errors.
409 */
410 static int
411 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
412 {
413 char ds_hexsl[MAXNAMELEN];
414 bslabel_t ds_sl, new_sl;
415 boolean_t new_default = FALSE;
416 uint64_t zoned;
417 int needed_priv = -1;
418 int error;
419
420 /* First get the existing dataset label. */
534 }
535 break;
536
537 case ZFS_PROP_MLSLABEL:
538 if (!is_system_labeled())
539 return (EPERM);
540
541 if (nvpair_value_string(propval, &strval) == 0) {
542 int err;
543
544 err = zfs_set_slabel_policy(dsname, strval, CRED());
545 if (err != 0)
546 return (err);
547 }
548 break;
549 }
550
551 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
552 }
553
554 int
555 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
556 {
557 int error;
558
559 error = zfs_dozonecheck(zc->zc_name, cr);
560 if (error)
561 return (error);
562
563 /*
564 * permission to set permissions will be evaluated later in
565 * dsl_deleg_can_allow()
566 */
567 return (0);
568 }
569
570 int
571 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
572 {
573 return (zfs_secpolicy_write_perms(zc->zc_name,
574 ZFS_DELEG_PERM_ROLLBACK, cr));
575 }
576
577 int
578 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
579 {
580 spa_t *spa;
581 dsl_pool_t *dp;
582 dsl_dataset_t *ds;
583 char *cp;
584 int error;
585
586 /*
587 * Generate the current snapshot name from the given objsetid, then
588 * use that name for the secpolicy/zone checks.
589 */
590 cp = strchr(zc->zc_name, '@');
591 if (cp == NULL)
592 return (EINVAL);
593 error = spa_open(zc->zc_name, &spa, FTAG);
594 if (error)
595 return (error);
596
597 dp = spa_get_dsl(spa);
598 rw_enter(&dp->dp_config_rwlock, RW_READER);
599 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
600 rw_exit(&dp->dp_config_rwlock);
601 spa_close(spa, FTAG);
602 if (error)
603 return (error);
604
605 dsl_dataset_name(ds, zc->zc_name);
606
607 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
608 ZFS_DELEG_PERM_SEND, cr);
609 dsl_dataset_rele(ds, FTAG);
610
611 return (error);
612 }
613
614 static int
615 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
616 {
617 vnode_t *vp;
618 int error;
619
620 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
621 NO_FOLLOW, NULL, &vp)) != 0)
622 return (error);
623
624 /* Now make sure mntpnt and dataset are ZFS */
625
626 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
627 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
628 zc->zc_name) != 0)) {
629 VN_RELE(vp);
630 return (EPERM);
631 }
632
633 VN_RELE(vp);
634 return (dsl_deleg_access(zc->zc_name,
635 ZFS_DELEG_PERM_SHARE, cr));
636 }
637
638 int
639 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
640 {
641 if (!INGLOBALZONE(curproc))
642 return (EPERM);
643
644 if (secpolicy_nfs(cr) == 0) {
645 return (0);
646 } else {
647 return (zfs_secpolicy_deleg_share(zc, cr));
648 }
649 }
650
651 int
652 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
653 {
654 if (!INGLOBALZONE(curproc))
655 return (EPERM);
656
657 if (secpolicy_smb(cr) == 0) {
658 return (0);
659 } else {
660 return (zfs_secpolicy_deleg_share(zc, cr));
661 }
662 }
663
664 static int
665 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
666 {
667 char *cp;
668
669 /*
670 * Remove the @bla or /bla from the end of the name to get the parent.
671 */
672 (void) strncpy(parent, datasetname, parentsize);
673 cp = strrchr(parent, '@');
674 if (cp != NULL) {
675 cp[0] = '\0';
676 } else {
677 cp = strrchr(parent, '/');
678 if (cp == NULL)
679 return (ENOENT);
680 cp[0] = '\0';
681 }
682
683 return (0);
684 }
685
686 int
687 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
688 {
689 int error;
690
691 if ((error = zfs_secpolicy_write_perms(name,
692 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
693 return (error);
694
695 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
696 }
697
698 static int
699 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
700 {
701 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
702 }
703
704 /*
705 * Destroying snapshots with delegated permissions requires
706 * descendent mount and destroy permissions.
707 */
708 static int
709 zfs_secpolicy_destroy_recursive(zfs_cmd_t *zc, cred_t *cr)
710 {
711 int error;
712 char *dsname;
713
714 dsname = kmem_asprintf("%s@", zc->zc_name);
715
716 error = zfs_secpolicy_destroy_perms(dsname, cr);
717
718 strfree(dsname);
719 return (error);
720 }
721
722 int
723 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
724 {
725 char parentname[MAXNAMELEN];
726 int error;
727
728 if ((error = zfs_secpolicy_write_perms(from,
729 ZFS_DELEG_PERM_RENAME, cr)) != 0)
730 return (error);
731
732 if ((error = zfs_secpolicy_write_perms(from,
733 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
734 return (error);
735
736 if ((error = zfs_get_parent(to, parentname,
737 sizeof (parentname))) != 0)
738 return (error);
739
740 if ((error = zfs_secpolicy_write_perms(parentname,
741 ZFS_DELEG_PERM_CREATE, cr)) != 0)
742 return (error);
743
744 if ((error = zfs_secpolicy_write_perms(parentname,
745 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
746 return (error);
747
748 return (error);
749 }
750
751 static int
752 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
753 {
754 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
755 }
756
757 static int
758 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
759 {
760 char parentname[MAXNAMELEN];
761 objset_t *clone;
762 int error;
763
764 error = zfs_secpolicy_write_perms(zc->zc_name,
765 ZFS_DELEG_PERM_PROMOTE, cr);
766 if (error)
767 return (error);
768
769 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
770
771 if (error == 0) {
772 dsl_dataset_t *pclone = NULL;
773 dsl_dir_t *dd;
774 dd = clone->os_dsl_dataset->ds_dir;
775
776 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
777 error = dsl_dataset_hold_obj(dd->dd_pool,
778 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
779 rw_exit(&dd->dd_pool->dp_config_rwlock);
780 if (error) {
781 dmu_objset_rele(clone, FTAG);
782 return (error);
783 }
784
785 error = zfs_secpolicy_write_perms(zc->zc_name,
786 ZFS_DELEG_PERM_MOUNT, cr);
787
788 dsl_dataset_name(pclone, parentname);
789 dmu_objset_rele(clone, FTAG);
790 dsl_dataset_rele(pclone, FTAG);
791 if (error == 0)
792 error = zfs_secpolicy_write_perms(parentname,
793 ZFS_DELEG_PERM_PROMOTE, cr);
794 }
795 return (error);
796 }
797
798 static int
799 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
800 {
801 int error;
802
803 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
804 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
805 return (error);
806
807 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
808 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
809 return (error);
810
811 return (zfs_secpolicy_write_perms(zc->zc_name,
812 ZFS_DELEG_PERM_CREATE, cr));
813 }
814
815 int
816 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
817 {
818 return (zfs_secpolicy_write_perms(name,
819 ZFS_DELEG_PERM_SNAPSHOT, cr));
820 }
821
822 static int
823 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
824 {
825
826 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
827 }
828
829 static int
830 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
831 {
832 char parentname[MAXNAMELEN];
833 int error;
834
835 if ((error = zfs_get_parent(zc->zc_name, parentname,
836 sizeof (parentname))) != 0)
837 return (error);
838
839 if (zc->zc_value[0] != '\0') {
840 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
841 ZFS_DELEG_PERM_CLONE, cr)) != 0)
842 return (error);
843 }
844
845 if ((error = zfs_secpolicy_write_perms(parentname,
846 ZFS_DELEG_PERM_CREATE, cr)) != 0)
847 return (error);
848
849 error = zfs_secpolicy_write_perms(parentname,
850 ZFS_DELEG_PERM_MOUNT, cr);
851
852 return (error);
853 }
854
855 static int
856 zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
857 {
858 int error;
859
860 error = secpolicy_fs_unmount(cr, NULL);
861 if (error) {
862 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
863 }
864 return (error);
865 }
866
867 /*
868 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
869 * SYS_CONFIG privilege, which is not available in a local zone.
870 */
871 /* ARGSUSED */
872 static int
873 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
874 {
875 if (secpolicy_sys_config(cr, B_FALSE) != 0)
876 return (EPERM);
877
878 return (0);
879 }
880
881 /*
882 * Policy for object to name lookups.
883 */
884 /* ARGSUSED */
885 static int
886 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
887 {
888 int error;
889
890 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
891 return (0);
892
893 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
894 return (error);
895 }
896
897 /*
898 * Policy for fault injection. Requires all privileges.
899 */
900 /* ARGSUSED */
901 static int
902 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
903 {
904 return (secpolicy_zinject(cr));
905 }
906
907 static int
908 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
909 {
910 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
911
912 if (prop == ZPROP_INVAL) {
913 if (!zfs_prop_user(zc->zc_value))
914 return (EINVAL);
915 return (zfs_secpolicy_write_perms(zc->zc_name,
916 ZFS_DELEG_PERM_USERPROP, cr));
917 } else {
918 return (zfs_secpolicy_setprop(zc->zc_name, prop,
919 NULL, cr));
920 }
921 }
922
923 static int
924 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
925 {
926 int err = zfs_secpolicy_read(zc, cr);
927 if (err)
928 return (err);
929
930 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
931 return (EINVAL);
932
933 if (zc->zc_value[0] == 0) {
934 /*
935 * They are asking about a posix uid/gid. If it's
936 * themself, allow it.
937 */
938 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
939 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
940 if (zc->zc_guid == crgetuid(cr))
941 return (0);
942 } else {
943 if (groupmember(zc->zc_guid, cr))
944 return (0);
945 }
946 }
947
948 return (zfs_secpolicy_write_perms(zc->zc_name,
949 userquota_perms[zc->zc_objset_type], cr));
950 }
951
952 static int
953 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
954 {
955 int err = zfs_secpolicy_read(zc, cr);
956 if (err)
957 return (err);
958
959 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
960 return (EINVAL);
961
962 return (zfs_secpolicy_write_perms(zc->zc_name,
963 userquota_perms[zc->zc_objset_type], cr));
964 }
965
966 static int
967 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
968 {
969 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
970 NULL, cr));
971 }
972
973 static int
974 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
975 {
976 return (zfs_secpolicy_write_perms(zc->zc_name,
977 ZFS_DELEG_PERM_HOLD, cr));
978 }
979
980 static int
981 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
982 {
983 return (zfs_secpolicy_write_perms(zc->zc_name,
984 ZFS_DELEG_PERM_RELEASE, cr));
985 }
986
987 /*
988 * Policy for allowing temporary snapshots to be taken or released
989 */
990 static int
991 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
992 {
993 /*
994 * A temporary snapshot is the same as a snapshot,
995 * hold, destroy and release all rolled into one.
996 * Delegated diff alone is sufficient that we allow this.
997 */
998 int error;
999
1000 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1001 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1002 return (0);
1003
1004 error = zfs_secpolicy_snapshot(zc, cr);
1005 if (!error)
1006 error = zfs_secpolicy_hold(zc, cr);
1007 if (!error)
1008 error = zfs_secpolicy_release(zc, cr);
1009 if (!error)
1010 error = zfs_secpolicy_destroy(zc, cr);
1011 return (error);
1012 }
1013
1014 /*
1015 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1016 */
1017 static int
1018 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1019 {
1020 char *packed;
1021 int error;
1022 nvlist_t *list = NULL;
1023
1024 /*
1025 * Read in and unpack the user-supplied nvlist.
1026 */
1027 if (size == 0)
1028 return (EINVAL);
1029
1030 packed = kmem_alloc(size, KM_SLEEP);
1031
1032 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1033 iflag)) != 0) {
1034 kmem_free(packed, size);
1035 return (error);
1036 }
1037
1038 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1039 kmem_free(packed, size);
1040 return (error);
1041 }
1042
1043 kmem_free(packed, size);
1044
1045 *nvp = list;
1046 return (0);
1047 }
1048
1049 static int
1050 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1051 {
1052 size_t size;
1053
1054 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1055
1056 if (size > zc->zc_nvlist_dst_size) {
1057 nvpair_t *more_errors;
1058 int n = 0;
1059
1060 if (zc->zc_nvlist_dst_size < 1024)
1061 return (ENOMEM);
1062
1063 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1064 more_errors = nvlist_prev_nvpair(*errors, NULL);
1065
1066 do {
1067 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1068 more_errors);
1069 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1070 n++;
1071 VERIFY(nvlist_size(*errors, &size,
1072 NV_ENCODE_NATIVE) == 0);
1073 } while (size > zc->zc_nvlist_dst_size);
1074
1075 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1076 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1077 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1078 ASSERT(size <= zc->zc_nvlist_dst_size);
1079 }
1080
1081 return (0);
1082 }
1083
1084 static int
1085 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1086 {
1087 char *packed = NULL;
1088 int error = 0;
1089 size_t size;
1090
1091 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1092
1093 if (size > zc->zc_nvlist_dst_size) {
1094 error = ENOMEM;
1095 } else {
1096 packed = kmem_alloc(size, KM_SLEEP);
1097 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1098 KM_SLEEP) == 0);
1099 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1100 size, zc->zc_iflags) != 0)
1101 error = EFAULT;
1102 kmem_free(packed, size);
1103 }
1104
1105 zc->zc_nvlist_dst_size = size;
1106 return (error);
1107 }
1108
1109 static int
1110 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1111 {
1112 objset_t *os;
1113 int error;
1114
1115 error = dmu_objset_hold(dsname, FTAG, &os);
1116 if (error)
1117 return (error);
1118 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1119 dmu_objset_rele(os, FTAG);
1120 return (EINVAL);
1121 }
1122
1123 mutex_enter(&os->os_user_ptr_lock);
1124 *zfvp = dmu_objset_get_user(os);
1125 if (*zfvp) {
1164 static void
1165 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1166 {
1167 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1168
1169 if (zfsvfs->z_vfs) {
1170 VFS_RELE(zfsvfs->z_vfs);
1171 } else {
1172 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1173 zfsvfs_free(zfsvfs);
1174 }
1175 }
1176
1177 static int
1178 zfs_ioc_pool_create(zfs_cmd_t *zc)
1179 {
1180 int error;
1181 nvlist_t *config, *props = NULL;
1182 nvlist_t *rootprops = NULL;
1183 nvlist_t *zplprops = NULL;
1184 char *buf;
1185
1186 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1187 zc->zc_iflags, &config))
1188 return (error);
1189
1190 if (zc->zc_nvlist_src_size != 0 && (error =
1191 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1192 zc->zc_iflags, &props))) {
1193 nvlist_free(config);
1194 return (error);
1195 }
1196
1197 if (props) {
1198 nvlist_t *nvl = NULL;
1199 uint64_t version = SPA_VERSION;
1200
1201 (void) nvlist_lookup_uint64(props,
1202 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1203 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1204 error = EINVAL;
1205 goto pool_props_bad;
1206 }
1207 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1208 if (nvl) {
1209 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1210 if (error != 0) {
1211 nvlist_free(config);
1212 nvlist_free(props);
1213 return (error);
1214 }
1215 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1216 }
1217 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1218 error = zfs_fill_zplprops_root(version, rootprops,
1219 zplprops, NULL);
1220 if (error)
1221 goto pool_props_bad;
1222 }
1223
1224 buf = history_str_get(zc);
1225
1226 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1227
1228 /*
1229 * Set the remaining root properties
1230 */
1231 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1232 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1233 (void) spa_destroy(zc->zc_name);
1234
1235 if (buf != NULL)
1236 history_str_free(buf);
1237
1238 pool_props_bad:
1239 nvlist_free(rootprops);
1240 nvlist_free(zplprops);
1241 nvlist_free(config);
1242 nvlist_free(props);
1243
1244 return (error);
1245 }
1246
1247 static int
1248 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1249 {
1250 int error;
1251 zfs_log_history(zc);
1252 error = spa_destroy(zc->zc_name);
1253 if (error == 0)
1254 zvol_remove_minors(zc->zc_name);
1255 return (error);
1256 }
1257
2212 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2213 zfs_cmd_t *zc;
2214
2215 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2216 (void) strcpy(zc->zc_name, dsname);
2217 (void) zfs_ioc_userspace_upgrade(zc);
2218 kmem_free(zc, sizeof (zfs_cmd_t));
2219 }
2220 break;
2221 }
2222
2223 default:
2224 err = -1;
2225 }
2226
2227 return (err);
2228 }
2229
2230 /*
2231 * This function is best effort. If it fails to set any of the given properties,
2232 * it continues to set as many as it can and returns the first error
2233 * encountered. If the caller provides a non-NULL errlist, it also gives the
2234 * complete list of names of all the properties it failed to set along with the
2235 * corresponding error numbers. The caller is responsible for freeing the
2236 * returned errlist.
2237 *
2238 * If every property is set successfully, zero is returned and the list pointed
2239 * at by errlist is NULL.
2240 */
2241 int
2242 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2243 nvlist_t **errlist)
2244 {
2245 nvpair_t *pair;
2246 nvpair_t *propval;
2247 int rv = 0;
2248 uint64_t intval;
2249 char *strval;
2250 nvlist_t *genericnvl;
2251 nvlist_t *errors;
2252 nvlist_t *retrynvl;
2253
2254 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2255 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2256 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2257
2258 retry:
2259 pair = NULL;
2260 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2261 const char *propname = nvpair_name(pair);
2262 zfs_prop_t prop = zfs_name_to_prop(propname);
2263 int err = 0;
2264
2265 /* decode the property value */
2266 propval = pair;
2267 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2268 nvlist_t *attrs;
2269 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2270 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2271 &propval) != 0)
2272 err = EINVAL;
2273 }
2274
2275 /* Validate value type */
2276 if (err == 0 && prop == ZPROP_INVAL) {
2277 if (zfs_prop_user(propname)) {
2278 if (nvpair_type(propval) != DATA_TYPE_STRING)
2279 err = EINVAL;
2280 } else if (zfs_prop_userquota(propname)) {
2281 if (nvpair_type(propval) !=
2282 DATA_TYPE_UINT64_ARRAY)
2283 err = EINVAL;
2284 } else {
2285 err = EINVAL;
2286 }
2287 } else if (err == 0) {
2288 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2289 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2290 err = EINVAL;
2291 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2292 const char *unused;
2293
2294 VERIFY(nvpair_value_uint64(propval,
2295 &intval) == 0);
2296
2297 switch (zfs_prop_get_type(prop)) {
2298 case PROP_TYPE_NUMBER:
2299 break;
2300 case PROP_TYPE_STRING:
2301 err = EINVAL;
2302 break;
2303 case PROP_TYPE_INDEX:
2304 if (zfs_prop_index_to_string(prop,
2305 intval, &unused) != 0)
2306 err = EINVAL;
2307 break;
2308 default:
2309 cmn_err(CE_PANIC,
2310 "unknown property type");
2311 }
2312 } else {
2313 err = EINVAL;
2314 }
2315 }
2319 err = zfs_check_settable(dsname, pair, CRED());
2320
2321 if (err == 0) {
2322 err = zfs_prop_set_special(dsname, source, pair);
2323 if (err == -1) {
2324 /*
2325 * For better performance we build up a list of
2326 * properties to set in a single transaction.
2327 */
2328 err = nvlist_add_nvpair(genericnvl, pair);
2329 } else if (err != 0 && nvl != retrynvl) {
2330 /*
2331 * This may be a spurious error caused by
2332 * receiving quota and reservation out of order.
2333 * Try again in a second pass.
2334 */
2335 err = nvlist_add_nvpair(retrynvl, pair);
2336 }
2337 }
2338
2339 if (err != 0)
2340 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2341 }
2342
2343 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2344 nvl = retrynvl;
2345 goto retry;
2346 }
2347
2348 if (!nvlist_empty(genericnvl) &&
2349 dsl_props_set(dsname, source, genericnvl) != 0) {
2350 /*
2351 * If this fails, we still want to set as many properties as we
2352 * can, so try setting them individually.
2353 */
2354 pair = NULL;
2355 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2356 const char *propname = nvpair_name(pair);
2357 int err = 0;
2358
2359 propval = pair;
2360 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2361 nvlist_t *attrs;
2362 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2363 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2364 &propval) == 0);
2365 }
2366
2367 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2368 VERIFY(nvpair_value_string(propval,
2369 &strval) == 0);
2370 err = dsl_prop_set(dsname, propname, source, 1,
2371 strlen(strval) + 1, strval);
2372 } else {
2373 VERIFY(nvpair_value_uint64(propval,
2374 &intval) == 0);
2375 err = dsl_prop_set(dsname, propname, source, 8,
2376 1, &intval);
2377 }
2378
2379 if (err != 0) {
2380 VERIFY(nvlist_add_int32(errors, propname,
2381 err) == 0);
2382 }
2383 }
2384 }
2385 nvlist_free(genericnvl);
2386 nvlist_free(retrynvl);
2387
2388 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2389 nvlist_free(errors);
2390 errors = NULL;
2391 } else {
2392 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2393 }
2394
2395 if (errlist == NULL)
2396 nvlist_free(errors);
2397 else
2398 *errlist = errors;
2399
2400 return (rv);
2401 }
2402
2403 /*
2404 * Check that all the properties are valid user properties.
2405 */
2406 static int
2407 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2408 {
2409 nvpair_t *pair = NULL;
2410 int error = 0;
2411
2412 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2413 const char *propname = nvpair_name(pair);
2414 char *valstr;
2415
2416 if (!zfs_prop_user(propname) ||
2417 nvpair_type(pair) != DATA_TYPE_STRING)
2418 return (EINVAL);
2419
2420 if (error = zfs_secpolicy_write_perms(fsname,
2421 ZFS_DELEG_PERM_USERPROP, CRED()))
2422 return (error);
2423
2424 if (strlen(propname) >= ZAP_MAXNAMELEN)
2425 return (ENAMETOOLONG);
2426
2427 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2467 return (err);
2468 }
2469
2470 /*
2471 * inputs:
2472 * zc_name name of filesystem
2473 * zc_value name of property to set
2474 * zc_nvlist_src{_size} nvlist of properties to apply
2475 * zc_cookie received properties flag
2476 *
2477 * outputs:
2478 * zc_nvlist_dst{_size} error for each unapplied received property
2479 */
2480 static int
2481 zfs_ioc_set_prop(zfs_cmd_t *zc)
2482 {
2483 nvlist_t *nvl;
2484 boolean_t received = zc->zc_cookie;
2485 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2486 ZPROP_SRC_LOCAL);
2487 nvlist_t *errors = NULL;
2488 int error;
2489
2490 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2491 zc->zc_iflags, &nvl)) != 0)
2492 return (error);
2493
2494 if (received) {
2495 nvlist_t *origprops;
2496 objset_t *os;
2497
2498 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2499 if (dsl_prop_get_received(os, &origprops) == 0) {
2500 (void) clear_received_props(os,
2501 zc->zc_name, origprops, nvl);
2502 nvlist_free(origprops);
2503 }
2504
2505 dsl_prop_set_hasrecvd(os);
2506 dmu_objset_rele(os, FTAG);
2507 }
2508 }
2509
2510 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2511
2512 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2513 (void) put_nvlist(zc, errors);
2514 }
2515
2516 nvlist_free(errors);
2517 nvlist_free(nvl);
2518 return (error);
2519 }
2520
2521 /*
2522 * inputs:
2523 * zc_name name of filesystem
2524 * zc_value name of property to inherit
2525 * zc_cookie revert to received value if TRUE
2526 *
2527 * outputs: none
2528 */
2529 static int
2530 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2572 nvlist_free(dummy);
2573 return (EINVAL);
2574 }
2575
2576 pair = nvlist_next_nvpair(dummy, NULL);
2577 err = zfs_prop_set_special(zc->zc_name, source, pair);
2578 nvlist_free(dummy);
2579 if (err != -1)
2580 return (err); /* special property already handled */
2581 } else {
2582 /*
2583 * Only check this in the non-received case. We want to allow
2584 * 'inherit -S' to revert non-inheritable properties like quota
2585 * and reservation to the received or default values even though
2586 * they are not considered inheritable.
2587 */
2588 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2589 return (EINVAL);
2590 }
2591
2592 /* the property name has been validated by zfs_secpolicy_inherit() */
2593 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2594 }
2595
2596 static int
2597 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2598 {
2599 nvlist_t *props;
2600 spa_t *spa;
2601 int error;
2602 nvpair_t *pair;
2603
2604 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2605 zc->zc_iflags, &props))
2606 return (error);
2607
2608 /*
2609 * If the only property is the configfile, then just do a spa_lookup()
2610 * to handle the faulted case.
2611 */
2612 pair = nvlist_next_nvpair(props, NULL);
2915
2916 static int
2917 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2918 nvlist_t *zplprops, boolean_t *is_ci)
2919 {
2920 boolean_t fuids_ok;
2921 boolean_t sa_ok;
2922 uint64_t zplver = ZPL_VERSION;
2923 int error;
2924
2925 zplver = zfs_zpl_version_map(spa_vers);
2926 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2927 sa_ok = (zplver >= ZPL_VERSION_SA);
2928
2929 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2930 createprops, zplprops, is_ci);
2931 return (error);
2932 }
2933
2934 /*
2935 * inputs:
2936 * zc_objset_type type of objset to create (fs vs zvol)
2937 * zc_name name of new objset
2938 * zc_value name of snapshot to clone from (may be empty)
2939 * zc_nvlist_src{_size} nvlist of properties to apply
2940 *
2941 * outputs: none
2942 */
2943 static int
2944 zfs_ioc_create(zfs_cmd_t *zc)
2945 {
2946 objset_t *clone;
2947 int error = 0;
2948 zfs_creat_t zct;
2949 nvlist_t *nvprops = NULL;
2950 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2951 dmu_objset_type_t type = zc->zc_objset_type;
2952
2953 switch (type) {
2954
2955 case DMU_OST_ZFS:
2956 cbfunc = zfs_create_cb;
2957 break;
2958
2959 case DMU_OST_ZVOL:
2960 cbfunc = zvol_create_cb;
2961 break;
2962
2963 default:
2964 cbfunc = NULL;
2965 break;
2966 }
2967 if (strchr(zc->zc_name, '@') ||
2968 strchr(zc->zc_name, '%'))
2969 return (EINVAL);
2970
2971 if (zc->zc_nvlist_src != NULL &&
2972 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2973 zc->zc_iflags, &nvprops)) != 0)
2974 return (error);
2975
2976 zct.zct_zplprops = NULL;
2977 zct.zct_props = nvprops;
2978
2979 if (zc->zc_value[0] != '\0') {
2980 /*
2981 * We're creating a clone of an existing snapshot.
2982 */
2983 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2984 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2985 nvlist_free(nvprops);
2986 return (EINVAL);
2987 }
2988
2989 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2990 if (error) {
2991 nvlist_free(nvprops);
2992 return (error);
2993 }
2994
2995 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
2996 dmu_objset_rele(clone, FTAG);
2997 if (error) {
2998 nvlist_free(nvprops);
2999 return (error);
3000 }
3001 } else {
3002 boolean_t is_insensitive = B_FALSE;
3003
3004 if (cbfunc == NULL) {
3005 nvlist_free(nvprops);
3006 return (EINVAL);
3007 }
3008
3009 if (type == DMU_OST_ZVOL) {
3010 uint64_t volsize, volblocksize;
3011
3012 if (nvprops == NULL ||
3013 nvlist_lookup_uint64(nvprops,
3014 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
3015 &volsize) != 0) {
3016 nvlist_free(nvprops);
3017 return (EINVAL);
3018 }
3019
3020 if ((error = nvlist_lookup_uint64(nvprops,
3021 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3022 &volblocksize)) != 0 && error != ENOENT) {
3023 nvlist_free(nvprops);
3024 return (EINVAL);
3025 }
3026
3027 if (error != 0)
3028 volblocksize = zfs_prop_default_numeric(
3029 ZFS_PROP_VOLBLOCKSIZE);
3030
3031 if ((error = zvol_check_volblocksize(
3032 volblocksize)) != 0 ||
3033 (error = zvol_check_volsize(volsize,
3034 volblocksize)) != 0) {
3035 nvlist_free(nvprops);
3036 return (error);
3037 }
3038 } else if (type == DMU_OST_ZFS) {
3039 int error;
3040
3041 /*
3042 * We have to have normalization and
3043 * case-folding flags correct when we do the
3044 * file system creation, so go figure them out
3045 * now.
3046 */
3047 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3048 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3049 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3050 zct.zct_zplprops, &is_insensitive);
3051 if (error != 0) {
3052 nvlist_free(nvprops);
3053 nvlist_free(zct.zct_zplprops);
3054 return (error);
3055 }
3056 }
3057 error = dmu_objset_create(zc->zc_name, type,
3058 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3059 nvlist_free(zct.zct_zplprops);
3060 }
3061
3062 /*
3063 * It would be nice to do this atomically.
3064 */
3065 if (error == 0) {
3066 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3067 nvprops, NULL);
3068 if (error != 0)
3069 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3070 }
3071 nvlist_free(nvprops);
3072 return (error);
3073 }
3074
3075 /*
3076 * inputs:
3077 * zc_name name of filesystem
3078 * zc_value short name of snapshot
3079 * zc_cookie recursive flag
3080 * zc_nvlist_src[_size] property list
3081 *
3082 * outputs:
3083 * zc_value short snapname (i.e. part after the '@')
3084 */
3085 static int
3086 zfs_ioc_snapshot(zfs_cmd_t *zc)
3087 {
3088 nvlist_t *nvprops = NULL;
3089 int error;
3090 boolean_t recursive = zc->zc_cookie;
3091
3092 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3093 return (EINVAL);
3094
3095 if (zc->zc_nvlist_src != NULL &&
3096 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3097 zc->zc_iflags, &nvprops)) != 0)
3098 return (error);
3099
3100 error = zfs_check_userprops(zc->zc_name, nvprops);
3101 if (error)
3102 goto out;
3103
3104 if (!nvlist_empty(nvprops) &&
3105 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3106 error = ENOTSUP;
3107 goto out;
3108 }
3109
3110 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3111 nvprops, recursive, B_FALSE, -1);
3112
3113 out:
3114 nvlist_free(nvprops);
3115 return (error);
3116 }
3117
3118 int
3119 zfs_unmount_snap(const char *name, void *arg)
3120 {
3121 vfs_t *vfsp = NULL;
3122
3123 if (arg) {
3124 char *snapname = arg;
3125 char *fullname = kmem_asprintf("%s@%s", name, snapname);
3126 vfsp = zfs_get_vfs(fullname);
3127 strfree(fullname);
3128 } else if (strchr(name, '@')) {
3129 vfsp = zfs_get_vfs(name);
3130 }
3131
3132 if (vfsp) {
3133 /*
3134 * Always force the unmount for snapshots.
3135 */
3136 int flag = MS_FORCE;
3137 int err;
3138
3139 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3140 VFS_RELE(vfsp);
3141 return (err);
3142 }
3143 VFS_RELE(vfsp);
3144 if ((err = dounmount(vfsp, flag, kcred)) != 0)
3145 return (err);
3146 }
3147 return (0);
3148 }
3149
3150 /*
3151 * inputs:
3152 * zc_name name of filesystem, snaps must be under it
3153 * zc_nvlist_src[_size] full names of snapshots to destroy
3154 * zc_defer_destroy mark for deferred destroy
3155 *
3156 * outputs:
3157 * zc_name on failure, name of failed snapshot
3158 */
3159 static int
3160 zfs_ioc_destroy_snaps_nvl(zfs_cmd_t *zc)
3161 {
3162 int err, len;
3163 nvlist_t *nvl;
3164 nvpair_t *pair;
3165
3166 if ((err = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3167 zc->zc_iflags, &nvl)) != 0)
3168 return (err);
3169
3170 len = strlen(zc->zc_name);
3171 for (pair = nvlist_next_nvpair(nvl, NULL); pair != NULL;
3172 pair = nvlist_next_nvpair(nvl, pair)) {
3173 const char *name = nvpair_name(pair);
3174 /*
3175 * The snap name must be underneath the zc_name. This ensures
3176 * that our permission checks were legitimate.
3177 */
3178 if (strncmp(zc->zc_name, name, len) != 0 ||
3179 (name[len] != '@' && name[len] != '/')) {
3180 nvlist_free(nvl);
3181 return (EINVAL);
3182 }
3183
3184 (void) zfs_unmount_snap(name, NULL);
3185 }
3186
3187 err = dmu_snapshots_destroy_nvl(nvl, zc->zc_defer_destroy,
3188 zc->zc_name);
3189 nvlist_free(nvl);
3190 return (err);
3191 }
3192
3193 /*
3194 * inputs:
3195 * zc_name name of dataset to destroy
3196 * zc_objset_type type of objset
3197 * zc_defer_destroy mark for deferred destroy
3198 *
3199 * outputs: none
3200 */
3201 static int
3202 zfs_ioc_destroy(zfs_cmd_t *zc)
3203 {
3204 int err;
3205 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3206 err = zfs_unmount_snap(zc->zc_name, NULL);
3207 if (err)
3208 return (err);
3209 }
3210
3474 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3475 {
3476 zfs_cmd_t *zc;
3477 nvpair_t *pair, *next_pair;
3478 nvlist_t *errors;
3479 int err, rv = 0;
3480
3481 if (props == NULL)
3482 return (0);
3483
3484 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3485
3486 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3487 (void) strcpy(zc->zc_name, dataset);
3488 pair = nvlist_next_nvpair(props, NULL);
3489 while (pair != NULL) {
3490 next_pair = nvlist_next_nvpair(props, pair);
3491
3492 (void) strcpy(zc->zc_value, nvpair_name(pair));
3493 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3494 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3495 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3496 VERIFY(nvlist_add_int32(errors,
3497 zc->zc_value, err) == 0);
3498 }
3499 pair = next_pair;
3500 }
3501 kmem_free(zc, sizeof (zfs_cmd_t));
3502
3503 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3504 nvlist_free(errors);
3505 errors = NULL;
3506 } else {
3507 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3508 }
3509
3510 if (errlist == NULL)
3511 nvlist_free(errors);
3512 else
3513 *errlist = errors;
3514
3682
3683 if (zc->zc_string[0]) {
3684 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3685 if (error)
3686 goto out;
3687 }
3688
3689 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3690 &zc->zc_begin_record, force, origin, &drc);
3691 if (origin)
3692 dmu_objset_rele(origin, FTAG);
3693 if (error)
3694 goto out;
3695
3696 /*
3697 * Set properties before we receive the stream so that they are applied
3698 * to the new data. Note that we must call dmu_recv_stream() if
3699 * dmu_recv_begin() succeeds.
3700 */
3701 if (props) {
3702 nvlist_t *errlist;
3703
3704 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3705 if (drc.drc_newfs) {
3706 if (spa_version(os->os_spa) >=
3707 SPA_VERSION_RECVD_PROPS)
3708 first_recvd_props = B_TRUE;
3709 } else if (origprops != NULL) {
3710 if (clear_received_props(os, tofs, origprops,
3711 first_recvd_props ? NULL : props) != 0)
3712 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3713 } else {
3714 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3715 }
3716 dsl_prop_set_hasrecvd(os);
3717 } else if (!drc.drc_newfs) {
3718 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3719 }
3720
3721 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3722 props, &errlist);
3723 (void) nvlist_merge(errors, errlist, 0);
3724 nvlist_free(errlist);
3725 }
3726
3727 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3728 /*
3729 * Caller made zc->zc_nvlist_dst less than the minimum expected
3730 * size or supplied an invalid address.
3731 */
3732 props_error = EINVAL;
3733 }
3734
3735 off = fp->f_offset;
3736 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3737 &zc->zc_action_handle);
3738
3739 if (error == 0) {
3740 zfsvfs_t *zfsvfs = NULL;
3741
3742 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3743 /* online recv */
3744 int end_err;
3745
3746 error = zfs_suspend_fs(zfsvfs);
3747 /*
3839 zfs_ioc_send(zfs_cmd_t *zc)
3840 {
3841 objset_t *fromsnap = NULL;
3842 objset_t *tosnap;
3843 int error;
3844 offset_t off;
3845 dsl_dataset_t *ds;
3846 dsl_dataset_t *dsfrom = NULL;
3847 spa_t *spa;
3848 dsl_pool_t *dp;
3849 boolean_t estimate = (zc->zc_guid != 0);
3850
3851 error = spa_open(zc->zc_name, &spa, FTAG);
3852 if (error)
3853 return (error);
3854
3855 dp = spa_get_dsl(spa);
3856 rw_enter(&dp->dp_config_rwlock, RW_READER);
3857 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3858 rw_exit(&dp->dp_config_rwlock);
3859 if (error) {
3860 spa_close(spa, FTAG);
3861 return (error);
3862 }
3863
3864 error = dmu_objset_from_ds(ds, &tosnap);
3865 if (error) {
3866 dsl_dataset_rele(ds, FTAG);
3867 spa_close(spa, FTAG);
3868 return (error);
3869 }
3870
3871 if (zc->zc_fromobj != 0) {
3872 rw_enter(&dp->dp_config_rwlock, RW_READER);
3873 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3874 rw_exit(&dp->dp_config_rwlock);
3875 spa_close(spa, FTAG);
3876 if (error) {
3877 dsl_dataset_rele(ds, FTAG);
3878 return (error);
3879 }
3880 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3881 if (error) {
3882 dsl_dataset_rele(dsfrom, FTAG);
3883 dsl_dataset_rele(ds, FTAG);
3884 return (error);
3885 }
3886 } else {
3887 spa_close(spa, FTAG);
3888 }
3889
3890 if (estimate) {
3891 error = dmu_send_estimate(tosnap, fromsnap, zc->zc_obj,
3892 &zc->zc_objset_type);
3893 } else {
3894 file_t *fp = getf(zc->zc_cookie);
3895 if (fp == NULL) {
3896 dsl_dataset_rele(ds, FTAG);
3897 if (dsfrom)
3898 dsl_dataset_rele(dsfrom, FTAG);
3899 return (EBADF);
3900 }
3901
3902 off = fp->f_offset;
3903 error = dmu_send(tosnap, fromsnap, zc->zc_obj,
3904 zc->zc_cookie, fp->f_vnode, &off);
3905
3906 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3907 fp->f_offset = off;
3908 releasef(zc->zc_cookie);
3909 }
3910 if (dsfrom)
3911 dsl_dataset_rele(dsfrom, FTAG);
3912 dsl_dataset_rele(ds, FTAG);
3913 return (error);
3914 }
3915
3916 /*
3917 * inputs:
3918 * zc_name name of snapshot on which to report progress
3919 * zc_cookie file descriptor of send stream
3920 *
3921 * outputs:
3922 * zc_cookie number of bytes written in send stream thus far
3923 */
4397 int error;
4398
4399 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4400 if (error)
4401 return (error);
4402
4403 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4404 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4405
4406 dmu_objset_rele(os, FTAG);
4407 return (error);
4408 }
4409
4410 /*
4411 * inputs:
4412 * zc_name name of filesystem
4413 * zc_value prefix name for snapshot
4414 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4415 *
4416 * outputs:
4417 */
4418 static int
4419 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4420 {
4421 char *snap_name;
4422 int error;
4423
4424 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4425 (u_longlong_t)ddi_get_lbolt64());
4426
4427 if (strlen(snap_name) >= MAXNAMELEN) {
4428 strfree(snap_name);
4429 return (E2BIG);
4430 }
4431
4432 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4433 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4434 if (error != 0) {
4435 strfree(snap_name);
4436 return (error);
4437 }
4438
4439 (void) strcpy(zc->zc_value, snap_name);
4440 strfree(snap_name);
4441 return (0);
4442 }
4443
4444 /*
4445 * inputs:
4446 * zc_name name of "to" snapshot
4447 * zc_value name of "from" snapshot
4448 * zc_cookie file descriptor to write diff data on
4449 *
4450 * outputs:
4451 * dmu_diff_record_t's to the file descriptor
4452 */
4453 static int
4454 zfs_ioc_diff(zfs_cmd_t *zc)
4455 {
4456 objset_t *fromsnap;
4457 objset_t *tosnap;
4458 file_t *fp;
4459 offset_t off;
4773 zfs_ioc_space_written(zfs_cmd_t *zc)
4774 {
4775 int error;
4776 dsl_dataset_t *new, *old;
4777
4778 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4779 if (error != 0)
4780 return (error);
4781 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4782 if (error != 0) {
4783 dsl_dataset_rele(new, FTAG);
4784 return (error);
4785 }
4786
4787 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
4788 &zc->zc_objset_type, &zc->zc_perm_action);
4789 dsl_dataset_rele(old, FTAG);
4790 dsl_dataset_rele(new, FTAG);
4791 return (error);
4792 }
4793
4794 /*
4795 * inputs:
4796 * zc_name full name of last snapshot
4797 * zc_value full name of first snapshot
4798 *
4799 * outputs:
4800 * zc_cookie space in bytes
4801 * zc_objset_type compressed space in bytes
4802 * zc_perm_action uncompressed space in bytes
4803 */
4804 static int
4805 zfs_ioc_space_snaps(zfs_cmd_t *zc)
4806 {
4807 int error;
4808 dsl_dataset_t *new, *old;
4809
4810 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4811 if (error != 0)
4812 return (error);
4813 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4814 if (error != 0) {
4815 dsl_dataset_rele(new, FTAG);
4816 return (error);
4817 }
4818
4819 error = dsl_dataset_space_wouldfree(old, new, &zc->zc_cookie,
4820 &zc->zc_objset_type, &zc->zc_perm_action);
4821 dsl_dataset_rele(old, FTAG);
4822 dsl_dataset_rele(new, FTAG);
4823 return (error);
4824 }
4825
4826 /*
4827 * pool create, destroy, and export don't log the history as part of
4828 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4829 * do the logging of those commands.
4830 */
4831 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4832 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4833 POOL_CHECK_NONE },
4834 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4835 POOL_CHECK_NONE },
4836 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4837 POOL_CHECK_NONE },
4838 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4839 POOL_CHECK_NONE },
4840 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4841 POOL_CHECK_NONE },
4842 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4843 POOL_CHECK_NONE },
4844 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4845 POOL_CHECK_NONE },
4846 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4847 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4848 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4849 POOL_CHECK_READONLY },
4850 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4851 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4852 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4853 POOL_CHECK_NONE },
4854 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4855 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4856 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4857 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4858 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4859 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4860 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4861 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4862 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4863 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4864 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4865 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4866 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4867 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4868 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4869 POOL_CHECK_SUSPENDED },
4870 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4871 POOL_CHECK_NONE },
4872 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4873 POOL_CHECK_SUSPENDED },
4874 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4875 POOL_CHECK_SUSPENDED },
4876 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
4877 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4878 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
4879 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4880 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4881 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4882 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4883 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4884 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE,
4885 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4886 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
4887 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4888 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_FALSE,
4889 POOL_CHECK_NONE },
4890 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4891 POOL_CHECK_NONE },
4892 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4893 POOL_CHECK_NONE },
4894 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4895 POOL_CHECK_NONE },
4896 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4897 POOL_CHECK_NONE },
4898 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4899 POOL_CHECK_NONE },
4900 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4901 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4902 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4903 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4904 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4905 POOL_CHECK_NONE },
4906 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4907 POOL_CHECK_SUSPENDED },
4908 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4909 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4910 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4911 POOL_CHECK_NONE },
4912 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4913 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4914 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4915 POOL_CHECK_NONE },
4916 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
4917 POOL_CHECK_NONE },
4918 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4919 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4920 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4921 POOL_CHECK_NONE },
4922 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
4923 B_FALSE, POOL_CHECK_NONE },
4924 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
4925 B_FALSE, POOL_CHECK_NONE },
4926 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4927 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4928 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
4929 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4930 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4931 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4932 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4933 POOL_CHECK_SUSPENDED },
4934 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4935 POOL_CHECK_NONE },
4936 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4937 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4938 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4939 POOL_CHECK_NONE },
4940 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4941 POOL_CHECK_NONE },
4942 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
4943 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4944 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4945 POOL_CHECK_SUSPENDED },
4946 { zfs_ioc_space_written, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4947 POOL_CHECK_SUSPENDED },
4948 { zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4949 POOL_CHECK_SUSPENDED },
4950 { zfs_ioc_destroy_snaps_nvl, zfs_secpolicy_destroy_recursive,
4951 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4952 { zfs_ioc_pool_reguid, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4953 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4954 { zfs_ioc_pool_reopen, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4955 POOL_CHECK_SUSPENDED },
4956 { zfs_ioc_send_progress, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4957 POOL_CHECK_NONE }
4958 };
4959
4960 int
4961 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
4962 zfs_ioc_poolcheck_t check)
4963 {
4964 spa_t *spa;
4965 int error;
4966
4967 ASSERT(type == POOL_NAME || type == DATASET_NAME);
4968
4969 if (check & POOL_CHECK_NONE)
4970 return (0);
4971
4972 error = spa_open(name, &spa, FTAG);
4973 if (error == 0) {
4974 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
4975 error = EAGAIN;
4976 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
4977 error = EROFS;
4978 spa_close(spa, FTAG);
5075
5076 if (minor == 0)
5077 return (0);
5078
5079 mutex_enter(&zfsdev_state_lock);
5080 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5081 if (zo == NULL) {
5082 mutex_exit(&zfsdev_state_lock);
5083 return (zvol_close(dev, flag, otyp, cr));
5084 }
5085 zfs_ctldev_destroy(zo, minor);
5086 mutex_exit(&zfsdev_state_lock);
5087
5088 return (0);
5089 }
5090
5091 static int
5092 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5093 {
5094 zfs_cmd_t *zc;
5095 uint_t vec;
5096 int error, rc;
5097 minor_t minor = getminor(dev);
5098
5099 if (minor != 0 &&
5100 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5101 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5102
5103 vec = cmd - ZFS_IOC;
5104 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5105
5106 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5107 return (EINVAL);
5108
5109 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5110
5111 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5112 if (error != 0)
5113 error = EFAULT;
5114
5115 if ((error == 0) && !(flag & FKIOCTL))
5116 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, cr);
5117
5118 /*
5119 * Ensure that all pool/dataset names are valid before we pass down to
5120 * the lower layers.
5121 */
5122 if (error == 0) {
5123 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5124 zc->zc_iflags = flag & FKIOCTL;
5125 switch (zfs_ioc_vec[vec].zvec_namecheck) {
5126 case POOL_NAME:
5127 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5128 error = EINVAL;
5129 error = pool_status_check(zc->zc_name,
5130 zfs_ioc_vec[vec].zvec_namecheck,
5131 zfs_ioc_vec[vec].zvec_pool_check);
5132 break;
5133
5134 case DATASET_NAME:
5135 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5136 error = EINVAL;
5137 error = pool_status_check(zc->zc_name,
5138 zfs_ioc_vec[vec].zvec_namecheck,
5139 zfs_ioc_vec[vec].zvec_pool_check);
5140 break;
5141
5142 case NO_NAME:
5143 break;
5144 }
5145 }
5146
5147 if (error == 0)
5148 error = zfs_ioc_vec[vec].zvec_func(zc);
5149
5150 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5151 if (error == 0) {
5152 if (rc != 0)
5153 error = EFAULT;
5154 if (zfs_ioc_vec[vec].zvec_his_log)
5155 zfs_log_history(zc);
5156 }
5157
5158 kmem_free(zc, sizeof (zfs_cmd_t));
5159 return (error);
5160 }
5161
5162 static int
5163 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5164 {
5165 if (cmd != DDI_ATTACH)
5166 return (DDI_FAILURE);
5167
5168 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5169 DDI_PSEUDO, 0) == DDI_FAILURE)
5170 return (DDI_FAILURE);
5171
5172 zfs_dip = dip;
5173
5174 ddi_report_dev(dip);
5175
5251 nodev, /* reset */
5252 &zfs_cb_ops, /* driver operations */
5253 NULL, /* no bus operations */
5254 NULL, /* power */
5255 ddi_quiesce_not_needed, /* quiesce */
5256 };
5257
5258 static struct modldrv zfs_modldrv = {
5259 &mod_driverops,
5260 "ZFS storage pool",
5261 &zfs_dev_ops
5262 };
5263
5264 static struct modlinkage modlinkage = {
5265 MODREV_1,
5266 (void *)&zfs_modlfs,
5267 (void *)&zfs_modldrv,
5268 NULL
5269 };
5270
5271
5272 uint_t zfs_fsyncer_key;
5273 extern uint_t rrw_tsd_key;
5274
5275 int
5276 _init(void)
5277 {
5278 int error;
5279
5280 spa_init(FREAD | FWRITE);
5281 zfs_init();
5282 zvol_init();
5283
5284 if ((error = mod_install(&modlinkage)) != 0) {
5285 zvol_fini();
5286 zfs_fini();
5287 spa_fini();
5288 return (error);
5289 }
5290
5291 tsd_create(&zfs_fsyncer_key, NULL);
5292 tsd_create(&rrw_tsd_key, NULL);
5293
5294 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5295 ASSERT(error == 0);
5296 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5297
5298 return (0);
5299 }
5300
5301 int
5302 _fini(void)
5303 {
5304 int error;
5305
5306 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5307 return (EBUSY);
5308
5309 if ((error = mod_remove(&modlinkage)) != 0)
5310 return (error);
5311
5312 zvol_fini();
|
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 * Copyright (c) 2012 by Delphix. All rights reserved.
28 */
29
30 /*
31 * ZFS ioctls.
32 *
33 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
34 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
35 *
36 * There are two ways that we handle ioctls: the legacy way where almost
37 * all of the logic is in the ioctl callback, and the new way where most
38 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
39 *
40 * Non-legacy ioctls should be registered by calling
41 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
42 * from userland by lzc_ioctl().
43 *
44 * The registration arguments are as follows:
45 *
46 * const char *name
47 * The name of the ioctl. This is used for history logging. If the
48 * ioctl returns successfully (the callback returns 0), and allow_log
49 * is true, then a history log entry will be recorded with the input &
50 * output nvlists. The log entry can be printed with "zpool history -i".
51 *
52 * zfs_ioc_t ioc
53 * The ioctl request number, which userland will pass to ioctl(2).
54 * The ioctl numbers can change from release to release, because
55 * the caller (libzfs) must be matched to the kernel.
56 *
57 * zfs_secpolicy_func_t *secpolicy
58 * This function will be called before the zfs_ioc_func_t, to
59 * determine if this operation is permitted. It should return EPERM
60 * on failure, and 0 on success. Checks include determining if the
61 * dataset is visible in this zone, and if the user has either all
62 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
63 * to do this operation on this dataset with "zfs allow".
64 *
65 * zfs_ioc_namecheck_t namecheck
66 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
67 * name, a dataset name, or nothing. If the name is not well-formed,
68 * the ioctl will fail and the callback will not be called.
69 * Therefore, the callback can assume that the name is well-formed
70 * (e.g. is null-terminated, doesn't have more than one '@' character,
71 * doesn't have invalid characters).
72 *
73 * zfs_ioc_poolcheck_t pool_check
74 * This specifies requirements on the pool state. If the pool does
75 * not meet them (is suspended or is readonly), the ioctl will fail
76 * and the callback will not be called. If any checks are specified
77 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
78 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
79 * POOL_CHECK_READONLY).
80 *
81 * boolean_t smush_outnvlist
82 * If smush_outnvlist is true, then the output is presumed to be a
83 * list of errors, and it will be "smushed" down to fit into the
84 * caller's buffer, by removing some entries and replacing them with a
85 * single "N_MORE_ERRORS" entry indicating how many were removed. See
86 * nvlist_smush() for details. If smush_outnvlist is false, and the
87 * outnvlist does not fit into the userland-provided buffer, then the
88 * ioctl will fail with ENOMEM.
89 *
90 * zfs_ioc_func_t *func
91 * The callback function that will perform the operation.
92 *
93 * The callback should return 0 on success, or an error number on
94 * failure. If the function fails, the userland ioctl will return -1,
95 * and errno will be set to the callback's return value. The callback
96 * will be called with the following arguments:
97 *
98 * const char *name
99 * The name of the pool or dataset to operate on, from
100 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
101 * expected type (pool, dataset, or none).
102 *
103 * nvlist_t *innvl
104 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
105 * NULL if no input nvlist was provided. Changes to this nvlist are
106 * ignored. If the input nvlist could not be deserialized, the
107 * ioctl will fail and the callback will not be called.
108 *
109 * nvlist_t *outnvl
110 * The output nvlist, initially empty. The callback can fill it in,
111 * and it will be returned to userland by serializing it into
112 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
113 * fails (e.g. because the caller didn't supply a large enough
114 * buffer), then the overall ioctl will fail. See the
115 * 'smush_nvlist' argument above for additional behaviors.
116 *
117 * There are two typical uses of the output nvlist:
118 * - To return state, e.g. property values. In this case,
119 * smush_outnvlist should be false. If the buffer was not large
120 * enough, the caller will reallocate a larger buffer and try
121 * the ioctl again.
122 *
123 * - To return multiple errors from an ioctl which makes on-disk
124 * changes. In this case, smush_outnvlist should be true.
125 * Ioctls which make on-disk modifications should generally not
126 * use the outnvl if they succeed, because the caller can not
127 * distinguish between the operation failing, and
128 * deserialization failing.
129 */
130
131 #include <sys/types.h>
132 #include <sys/param.h>
133 #include <sys/errno.h>
134 #include <sys/uio.h>
135 #include <sys/buf.h>
136 #include <sys/modctl.h>
137 #include <sys/open.h>
138 #include <sys/file.h>
139 #include <sys/kmem.h>
140 #include <sys/conf.h>
141 #include <sys/cmn_err.h>
142 #include <sys/stat.h>
143 #include <sys/zfs_ioctl.h>
144 #include <sys/zfs_vfsops.h>
145 #include <sys/zfs_znode.h>
146 #include <sys/zap.h>
147 #include <sys/spa.h>
148 #include <sys/spa_impl.h>
169 #include <sys/zfs_dir.h>
170 #include <sys/zfs_onexit.h>
171 #include <sys/zvol.h>
172 #include <sys/dsl_scan.h>
173 #include <sharefs/share.h>
174 #include <sys/dmu_objset.h>
175
176 #include "zfs_namecheck.h"
177 #include "zfs_prop.h"
178 #include "zfs_deleg.h"
179 #include "zfs_comutil.h"
180
181 extern struct modlfs zfs_modlfs;
182
183 extern void zfs_init(void);
184 extern void zfs_fini(void);
185
186 ldi_ident_t zfs_li = NULL;
187 dev_info_t *zfs_dip;
188
189 uint_t zfs_fsyncer_key;
190 extern uint_t rrw_tsd_key;
191 static uint_t zfs_allow_log_key;
192
193 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
194 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
195 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
196
197 typedef enum {
198 NO_NAME,
199 POOL_NAME,
200 DATASET_NAME
201 } zfs_ioc_namecheck_t;
202
203 typedef enum {
204 POOL_CHECK_NONE = 1 << 0,
205 POOL_CHECK_SUSPENDED = 1 << 1,
206 POOL_CHECK_READONLY = 1 << 2,
207 } zfs_ioc_poolcheck_t;
208
209 typedef struct zfs_ioc_vec {
210 zfs_ioc_legacy_func_t *zvec_legacy_func;
211 zfs_ioc_func_t *zvec_func;
212 zfs_secpolicy_func_t *zvec_secpolicy;
213 zfs_ioc_namecheck_t zvec_namecheck;
214 boolean_t zvec_allow_log;
215 zfs_ioc_poolcheck_t zvec_pool_check;
216 boolean_t zvec_smush_outnvlist;
217 const char *zvec_name;
218 } zfs_ioc_vec_t;
219
220 /* This array is indexed by zfs_userquota_prop_t */
221 static const char *userquota_perms[] = {
222 ZFS_DELEG_PERM_USERUSED,
223 ZFS_DELEG_PERM_USERQUOTA,
224 ZFS_DELEG_PERM_GROUPUSED,
225 ZFS_DELEG_PERM_GROUPQUOTA,
226 };
227
228 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
229 static int zfs_check_settable(const char *name, nvpair_t *property,
230 cred_t *cr);
231 static int zfs_check_clearable(char *dataset, nvlist_t *props,
232 nvlist_t **errors);
233 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
234 boolean_t *);
235 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
236 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
237
238 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
239 void
240 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
241 {
242 const char *newfile;
243 char buf[512];
244 va_list adx;
245
246 /*
247 * Get rid of annoying "../common/" prefix to filename.
248 */
249 newfile = strrchr(file, '/');
250 if (newfile != NULL) {
251 newfile = newfile + 1; /* Get rid of leading / */
252 } else {
253 newfile = file;
254 }
255
256 va_start(adx, fmt);
354 }
355 /* XXX reading from non-owned objset */
356 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
357 rc = zplversion < version;
358 dmu_objset_rele(os, FTAG);
359 }
360 return (rc);
361 }
362
363 static void
364 zfs_log_history(zfs_cmd_t *zc)
365 {
366 spa_t *spa;
367 char *buf;
368
369 if ((buf = history_str_get(zc)) == NULL)
370 return;
371
372 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
373 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
374 (void) spa_history_log(spa, buf);
375 spa_close(spa, FTAG);
376 }
377 history_str_free(buf);
378 }
379
380 /*
381 * Policy for top-level read operations (list pools). Requires no privileges,
382 * and can be used in the local zone, as there is no associated dataset.
383 */
384 /* ARGSUSED */
385 static int
386 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
387 {
388 return (0);
389 }
390
391 /*
392 * Policy for dataset read operations (list children, get statistics). Requires
393 * no privileges, but must be visible in the local zone.
394 */
395 /* ARGSUSED */
396 static int
397 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
398 {
399 if (INGLOBALZONE(curproc) ||
400 zone_dataset_visible(zc->zc_name, NULL))
401 return (0);
402
403 return (ENOENT);
404 }
405
406 static int
407 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
408 {
409 int writable = 1;
410
411 /*
412 * The dataset must be visible by this zone -- check this first
413 * so they don't see EPERM on something they shouldn't know about.
414 */
415 if (!INGLOBALZONE(curproc) &&
416 !zone_dataset_visible(dataset, &writable))
417 return (ENOENT);
446 return (ENOENT);
447
448 return (zfs_dozonecheck_impl(dataset, zoned, cr));
449 }
450
451 static int
452 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
453 {
454 uint64_t zoned;
455
456 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
457 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
458 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
459 return (ENOENT);
460 }
461 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
468 {
469 int error;
470 dsl_dataset_t *ds;
471
472 error = dsl_dataset_hold(name, FTAG, &ds);
473 if (error != 0)
474 return (error);
475
476 error = zfs_dozonecheck_ds(name, ds, cr);
477 if (error == 0) {
478 error = secpolicy_zfs(cr);
479 if (error)
480 error = dsl_deleg_access_impl(ds, perm, cr);
481 }
482
483 dsl_dataset_rele(ds, FTAG);
484 return (error);
485 }
486
487 static int
488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
489 const char *perm, cred_t *cr)
490 {
491 int error;
492
493 error = zfs_dozonecheck_ds(name, ds, cr);
494 if (error == 0) {
495 error = secpolicy_zfs(cr);
496 if (error)
497 error = dsl_deleg_access_impl(ds, perm, cr);
498 }
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
509 {
510 char ds_hexsl[MAXNAMELEN];
511 bslabel_t ds_sl, new_sl;
512 boolean_t new_default = FALSE;
513 uint64_t zoned;
514 int needed_priv = -1;
515 int error;
516
517 /* First get the existing dataset label. */
631 }
632 break;
633
634 case ZFS_PROP_MLSLABEL:
635 if (!is_system_labeled())
636 return (EPERM);
637
638 if (nvpair_value_string(propval, &strval) == 0) {
639 int err;
640
641 err = zfs_set_slabel_policy(dsname, strval, CRED());
642 if (err != 0)
643 return (err);
644 }
645 break;
646 }
647
648 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
649 }
650
651 /* ARGSUSED */
652 static int
653 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
654 {
655 int error;
656
657 error = zfs_dozonecheck(zc->zc_name, cr);
658 if (error)
659 return (error);
660
661 /*
662 * permission to set permissions will be evaluated later in
663 * dsl_deleg_can_allow()
664 */
665 return (0);
666 }
667
668 /* ARGSUSED */
669 static int
670 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
671 {
672 return (zfs_secpolicy_write_perms(zc->zc_name,
673 ZFS_DELEG_PERM_ROLLBACK, cr));
674 }
675
676 /* ARGSUSED */
677 static int
678 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
679 {
680 spa_t *spa;
681 dsl_pool_t *dp;
682 dsl_dataset_t *ds;
683 char *cp;
684 int error;
685
686 /*
687 * Generate the current snapshot name from the given objsetid, then
688 * use that name for the secpolicy/zone checks.
689 */
690 cp = strchr(zc->zc_name, '@');
691 if (cp == NULL)
692 return (EINVAL);
693 error = spa_open(zc->zc_name, &spa, FTAG);
694 if (error)
695 return (error);
696
697 dp = spa_get_dsl(spa);
698 rw_enter(&dp->dp_config_rwlock, RW_READER);
699 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
700 rw_exit(&dp->dp_config_rwlock);
701 spa_close(spa, FTAG);
702 if (error)
703 return (error);
704
705 dsl_dataset_name(ds, zc->zc_name);
706
707 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
708 ZFS_DELEG_PERM_SEND, cr);
709 dsl_dataset_rele(ds, FTAG);
710
711 return (error);
712 }
713
714 /* ARGSUSED */
715 static int
716 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
717 {
718 return (zfs_secpolicy_write_perms(zc->zc_name,
719 ZFS_DELEG_PERM_SEND, cr));
720 }
721
722 /* ARGSUSED */
723 static int
724 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
725 {
726 vnode_t *vp;
727 int error;
728
729 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
730 NO_FOLLOW, NULL, &vp)) != 0)
731 return (error);
732
733 /* Now make sure mntpnt and dataset are ZFS */
734
735 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
736 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
737 zc->zc_name) != 0)) {
738 VN_RELE(vp);
739 return (EPERM);
740 }
741
742 VN_RELE(vp);
743 return (dsl_deleg_access(zc->zc_name,
744 ZFS_DELEG_PERM_SHARE, cr));
745 }
746
747 int
748 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
749 {
750 if (!INGLOBALZONE(curproc))
751 return (EPERM);
752
753 if (secpolicy_nfs(cr) == 0) {
754 return (0);
755 } else {
756 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
757 }
758 }
759
760 int
761 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
762 {
763 if (!INGLOBALZONE(curproc))
764 return (EPERM);
765
766 if (secpolicy_smb(cr) == 0) {
767 return (0);
768 } else {
769 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
770 }
771 }
772
773 static int
774 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
775 {
776 char *cp;
777
778 /*
779 * Remove the @bla or /bla from the end of the name to get the parent.
780 */
781 (void) strncpy(parent, datasetname, parentsize);
782 cp = strrchr(parent, '@');
783 if (cp != NULL) {
784 cp[0] = '\0';
785 } else {
786 cp = strrchr(parent, '/');
787 if (cp == NULL)
788 return (ENOENT);
789 cp[0] = '\0';
790 }
791
792 return (0);
793 }
794
795 int
796 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
797 {
798 int error;
799
800 if ((error = zfs_secpolicy_write_perms(name,
801 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
802 return (error);
803
804 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
805 }
806
807 /* ARGSUSED */
808 static int
809 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
810 {
811 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
812 }
813
814 /*
815 * Destroying snapshots with delegated permissions requires
816 * descendant mount and destroy permissions.
817 */
818 /* ARGSUSED */
819 static int
820 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
821 {
822 nvlist_t *snaps;
823 nvpair_t *pair, *nextpair;
824 int error = 0;
825
826 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
827 return (EINVAL);
828 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
829 pair = nextpair) {
830 dsl_dataset_t *ds;
831
832 nextpair = nvlist_next_nvpair(snaps, pair);
833 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
834 if (error == 0) {
835 dsl_dataset_rele(ds, FTAG);
836 } else if (error == ENOENT) {
837 /*
838 * Ignore any snapshots that don't exist (we consider
839 * them "already destroyed"). Remove the name from the
840 * nvl here in case the snapshot is created between
841 * now and when we try to destroy it (in which case
842 * we don't want to destroy it since we haven't
843 * checked for permission).
844 */
845 fnvlist_remove_nvpair(snaps, pair);
846 error = 0;
847 continue;
848 } else {
849 break;
850 }
851 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
852 if (error != 0)
853 break;
854 }
855
856 return (error);
857 }
858
859 int
860 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
861 {
862 char parentname[MAXNAMELEN];
863 int error;
864
865 if ((error = zfs_secpolicy_write_perms(from,
866 ZFS_DELEG_PERM_RENAME, cr)) != 0)
867 return (error);
868
869 if ((error = zfs_secpolicy_write_perms(from,
870 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
871 return (error);
872
873 if ((error = zfs_get_parent(to, parentname,
874 sizeof (parentname))) != 0)
875 return (error);
876
877 if ((error = zfs_secpolicy_write_perms(parentname,
878 ZFS_DELEG_PERM_CREATE, cr)) != 0)
879 return (error);
880
881 if ((error = zfs_secpolicy_write_perms(parentname,
882 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
883 return (error);
884
885 return (error);
886 }
887
888 /* ARGSUSED */
889 static int
890 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
891 {
892 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
893 }
894
895 /* ARGSUSED */
896 static int
897 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
898 {
899 char parentname[MAXNAMELEN];
900 objset_t *clone;
901 int error;
902
903 error = zfs_secpolicy_write_perms(zc->zc_name,
904 ZFS_DELEG_PERM_PROMOTE, cr);
905 if (error)
906 return (error);
907
908 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
909
910 if (error == 0) {
911 dsl_dataset_t *pclone = NULL;
912 dsl_dir_t *dd;
913 dd = clone->os_dsl_dataset->ds_dir;
914
915 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
916 error = dsl_dataset_hold_obj(dd->dd_pool,
917 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
918 rw_exit(&dd->dd_pool->dp_config_rwlock);
919 if (error) {
920 dmu_objset_rele(clone, FTAG);
921 return (error);
922 }
923
924 error = zfs_secpolicy_write_perms(zc->zc_name,
925 ZFS_DELEG_PERM_MOUNT, cr);
926
927 dsl_dataset_name(pclone, parentname);
928 dmu_objset_rele(clone, FTAG);
929 dsl_dataset_rele(pclone, FTAG);
930 if (error == 0)
931 error = zfs_secpolicy_write_perms(parentname,
932 ZFS_DELEG_PERM_PROMOTE, cr);
933 }
934 return (error);
935 }
936
937 /* ARGSUSED */
938 static int
939 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
940 {
941 int error;
942
943 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
944 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
945 return (error);
946
947 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
948 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
949 return (error);
950
951 return (zfs_secpolicy_write_perms(zc->zc_name,
952 ZFS_DELEG_PERM_CREATE, cr));
953 }
954
955 int
956 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
957 {
958 return (zfs_secpolicy_write_perms(name,
959 ZFS_DELEG_PERM_SNAPSHOT, cr));
960 }
961
962 /*
963 * Check for permission to create each snapshot in the nvlist.
964 */
965 /* ARGSUSED */
966 static int
967 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
968 {
969 nvlist_t *snaps;
970 int error;
971 nvpair_t *pair;
972
973 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
974 return (EINVAL);
975 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
976 pair = nvlist_next_nvpair(snaps, pair)) {
977 char *name = nvpair_name(pair);
978 char *atp = strchr(name, '@');
979
980 if (atp == NULL) {
981 error = EINVAL;
982 break;
983 }
984 *atp = '\0';
985 error = zfs_secpolicy_snapshot_perms(name, cr);
986 *atp = '@';
987 if (error != 0)
988 break;
989 }
990 return (error);
991 }
992
993 /* ARGSUSED */
994 static int
995 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
996 {
997 /*
998 * Even root must have a proper TSD so that we know what pool
999 * to log to.
1000 */
1001 if (tsd_get(zfs_allow_log_key) == NULL)
1002 return (EPERM);
1003 return (0);
1004 }
1005
1006 static int
1007 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1008 {
1009 char parentname[MAXNAMELEN];
1010 int error;
1011 char *origin;
1012
1013 if ((error = zfs_get_parent(zc->zc_name, parentname,
1014 sizeof (parentname))) != 0)
1015 return (error);
1016
1017 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1018 (error = zfs_secpolicy_write_perms(origin,
1019 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1020 return (error);
1021
1022 if ((error = zfs_secpolicy_write_perms(parentname,
1023 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1024 return (error);
1025
1026 return (zfs_secpolicy_write_perms(parentname,
1027 ZFS_DELEG_PERM_MOUNT, cr));
1028 }
1029
1030 /*
1031 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1032 * SYS_CONFIG privilege, which is not available in a local zone.
1033 */
1034 /* ARGSUSED */
1035 static int
1036 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1037 {
1038 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1039 return (EPERM);
1040
1041 return (0);
1042 }
1043
1044 /*
1045 * Policy for object to name lookups.
1046 */
1047 /* ARGSUSED */
1048 static int
1049 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1050 {
1051 int error;
1052
1053 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1054 return (0);
1055
1056 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1057 return (error);
1058 }
1059
1060 /*
1061 * Policy for fault injection. Requires all privileges.
1062 */
1063 /* ARGSUSED */
1064 static int
1065 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1066 {
1067 return (secpolicy_zinject(cr));
1068 }
1069
1070 /* ARGSUSED */
1071 static int
1072 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1073 {
1074 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1075
1076 if (prop == ZPROP_INVAL) {
1077 if (!zfs_prop_user(zc->zc_value))
1078 return (EINVAL);
1079 return (zfs_secpolicy_write_perms(zc->zc_name,
1080 ZFS_DELEG_PERM_USERPROP, cr));
1081 } else {
1082 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1083 NULL, cr));
1084 }
1085 }
1086
1087 static int
1088 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1089 {
1090 int err = zfs_secpolicy_read(zc, innvl, cr);
1091 if (err)
1092 return (err);
1093
1094 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1095 return (EINVAL);
1096
1097 if (zc->zc_value[0] == 0) {
1098 /*
1099 * They are asking about a posix uid/gid. If it's
1100 * themself, allow it.
1101 */
1102 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1103 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1104 if (zc->zc_guid == crgetuid(cr))
1105 return (0);
1106 } else {
1107 if (groupmember(zc->zc_guid, cr))
1108 return (0);
1109 }
1110 }
1111
1112 return (zfs_secpolicy_write_perms(zc->zc_name,
1113 userquota_perms[zc->zc_objset_type], cr));
1114 }
1115
1116 static int
1117 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1118 {
1119 int err = zfs_secpolicy_read(zc, innvl, cr);
1120 if (err)
1121 return (err);
1122
1123 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1124 return (EINVAL);
1125
1126 return (zfs_secpolicy_write_perms(zc->zc_name,
1127 userquota_perms[zc->zc_objset_type], cr));
1128 }
1129
1130 /* ARGSUSED */
1131 static int
1132 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1133 {
1134 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1135 NULL, cr));
1136 }
1137
1138 /* ARGSUSED */
1139 static int
1140 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1141 {
1142 return (zfs_secpolicy_write_perms(zc->zc_name,
1143 ZFS_DELEG_PERM_HOLD, cr));
1144 }
1145
1146 /* ARGSUSED */
1147 static int
1148 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1149 {
1150 return (zfs_secpolicy_write_perms(zc->zc_name,
1151 ZFS_DELEG_PERM_RELEASE, cr));
1152 }
1153
1154 /*
1155 * Policy for allowing temporary snapshots to be taken or released
1156 */
1157 static int
1158 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1159 {
1160 /*
1161 * A temporary snapshot is the same as a snapshot,
1162 * hold, destroy and release all rolled into one.
1163 * Delegated diff alone is sufficient that we allow this.
1164 */
1165 int error;
1166
1167 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1168 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1169 return (0);
1170
1171 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1172 if (!error)
1173 error = zfs_secpolicy_hold(zc, innvl, cr);
1174 if (!error)
1175 error = zfs_secpolicy_release(zc, innvl, cr);
1176 if (!error)
1177 error = zfs_secpolicy_destroy(zc, innvl, cr);
1178 return (error);
1179 }
1180
1181 /*
1182 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1183 */
1184 static int
1185 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1186 {
1187 char *packed;
1188 int error;
1189 nvlist_t *list = NULL;
1190
1191 /*
1192 * Read in and unpack the user-supplied nvlist.
1193 */
1194 if (size == 0)
1195 return (EINVAL);
1196
1197 packed = kmem_alloc(size, KM_SLEEP);
1198
1199 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1200 iflag)) != 0) {
1201 kmem_free(packed, size);
1202 return (error);
1203 }
1204
1205 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1206 kmem_free(packed, size);
1207 return (error);
1208 }
1209
1210 kmem_free(packed, size);
1211
1212 *nvp = list;
1213 return (0);
1214 }
1215
1216 /*
1217 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1218 * Entries will be removed from the end of the nvlist, and one int32 entry
1219 * named "N_MORE_ERRORS" will be added indicating how many entries were
1220 * removed.
1221 */
1222 static int
1223 nvlist_smush(nvlist_t *errors, size_t max)
1224 {
1225 size_t size;
1226
1227 size = fnvlist_size(errors);
1228
1229 if (size > max) {
1230 nvpair_t *more_errors;
1231 int n = 0;
1232
1233 if (max < 1024)
1234 return (ENOMEM);
1235
1236 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1237 more_errors = nvlist_prev_nvpair(errors, NULL);
1238
1239 do {
1240 nvpair_t *pair = nvlist_prev_nvpair(errors,
1241 more_errors);
1242 fnvlist_remove_nvpair(errors, pair);
1243 n++;
1244 size = fnvlist_size(errors);
1245 } while (size > max);
1246
1247 fnvlist_remove_nvpair(errors, more_errors);
1248 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1249 ASSERT3U(fnvlist_size(errors), <=, max);
1250 }
1251
1252 return (0);
1253 }
1254
1255 static int
1256 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1257 {
1258 char *packed = NULL;
1259 int error = 0;
1260 size_t size;
1261
1262 size = fnvlist_size(nvl);
1263
1264 if (size > zc->zc_nvlist_dst_size) {
1265 error = ENOMEM;
1266 } else {
1267 packed = fnvlist_pack(nvl, &size);
1268 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1269 size, zc->zc_iflags) != 0)
1270 error = EFAULT;
1271 fnvlist_pack_free(packed, size);
1272 }
1273
1274 zc->zc_nvlist_dst_size = size;
1275 zc->zc_nvlist_dst_filled = B_TRUE;
1276 return (error);
1277 }
1278
1279 static int
1280 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1281 {
1282 objset_t *os;
1283 int error;
1284
1285 error = dmu_objset_hold(dsname, FTAG, &os);
1286 if (error)
1287 return (error);
1288 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1289 dmu_objset_rele(os, FTAG);
1290 return (EINVAL);
1291 }
1292
1293 mutex_enter(&os->os_user_ptr_lock);
1294 *zfvp = dmu_objset_get_user(os);
1295 if (*zfvp) {
1334 static void
1335 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1336 {
1337 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1338
1339 if (zfsvfs->z_vfs) {
1340 VFS_RELE(zfsvfs->z_vfs);
1341 } else {
1342 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1343 zfsvfs_free(zfsvfs);
1344 }
1345 }
1346
1347 static int
1348 zfs_ioc_pool_create(zfs_cmd_t *zc)
1349 {
1350 int error;
1351 nvlist_t *config, *props = NULL;
1352 nvlist_t *rootprops = NULL;
1353 nvlist_t *zplprops = NULL;
1354
1355 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1356 zc->zc_iflags, &config))
1357 return (error);
1358
1359 if (zc->zc_nvlist_src_size != 0 && (error =
1360 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1361 zc->zc_iflags, &props))) {
1362 nvlist_free(config);
1363 return (error);
1364 }
1365
1366 if (props) {
1367 nvlist_t *nvl = NULL;
1368 uint64_t version = SPA_VERSION;
1369
1370 (void) nvlist_lookup_uint64(props,
1371 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1372 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1373 error = EINVAL;
1374 goto pool_props_bad;
1375 }
1376 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1377 if (nvl) {
1378 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1379 if (error != 0) {
1380 nvlist_free(config);
1381 nvlist_free(props);
1382 return (error);
1383 }
1384 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1385 }
1386 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1387 error = zfs_fill_zplprops_root(version, rootprops,
1388 zplprops, NULL);
1389 if (error)
1390 goto pool_props_bad;
1391 }
1392
1393 error = spa_create(zc->zc_name, config, props, zplprops);
1394
1395 /*
1396 * Set the remaining root properties
1397 */
1398 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1399 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1400 (void) spa_destroy(zc->zc_name);
1401
1402 pool_props_bad:
1403 nvlist_free(rootprops);
1404 nvlist_free(zplprops);
1405 nvlist_free(config);
1406 nvlist_free(props);
1407
1408 return (error);
1409 }
1410
1411 static int
1412 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1413 {
1414 int error;
1415 zfs_log_history(zc);
1416 error = spa_destroy(zc->zc_name);
1417 if (error == 0)
1418 zvol_remove_minors(zc->zc_name);
1419 return (error);
1420 }
1421
2376 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2377 zfs_cmd_t *zc;
2378
2379 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2380 (void) strcpy(zc->zc_name, dsname);
2381 (void) zfs_ioc_userspace_upgrade(zc);
2382 kmem_free(zc, sizeof (zfs_cmd_t));
2383 }
2384 break;
2385 }
2386
2387 default:
2388 err = -1;
2389 }
2390
2391 return (err);
2392 }
2393
2394 /*
2395 * This function is best effort. If it fails to set any of the given properties,
2396 * it continues to set as many as it can and returns the last error
2397 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2398 * with the list of names of all the properties that failed along with the
2399 * corresponding error numbers.
2400 *
2401 * If every property is set successfully, zero is returned and errlist is not
2402 * modified.
2403 */
2404 int
2405 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2406 nvlist_t *errlist)
2407 {
2408 nvpair_t *pair;
2409 nvpair_t *propval;
2410 int rv = 0;
2411 uint64_t intval;
2412 char *strval;
2413 nvlist_t *genericnvl = fnvlist_alloc();
2414 nvlist_t *retrynvl = fnvlist_alloc();
2415
2416 retry:
2417 pair = NULL;
2418 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2419 const char *propname = nvpair_name(pair);
2420 zfs_prop_t prop = zfs_name_to_prop(propname);
2421 int err = 0;
2422
2423 /* decode the property value */
2424 propval = pair;
2425 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2426 nvlist_t *attrs;
2427 attrs = fnvpair_value_nvlist(pair);
2428 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2429 &propval) != 0)
2430 err = EINVAL;
2431 }
2432
2433 /* Validate value type */
2434 if (err == 0 && prop == ZPROP_INVAL) {
2435 if (zfs_prop_user(propname)) {
2436 if (nvpair_type(propval) != DATA_TYPE_STRING)
2437 err = EINVAL;
2438 } else if (zfs_prop_userquota(propname)) {
2439 if (nvpair_type(propval) !=
2440 DATA_TYPE_UINT64_ARRAY)
2441 err = EINVAL;
2442 } else {
2443 err = EINVAL;
2444 }
2445 } else if (err == 0) {
2446 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2447 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2448 err = EINVAL;
2449 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2450 const char *unused;
2451
2452 intval = fnvpair_value_uint64(propval);
2453
2454 switch (zfs_prop_get_type(prop)) {
2455 case PROP_TYPE_NUMBER:
2456 break;
2457 case PROP_TYPE_STRING:
2458 err = EINVAL;
2459 break;
2460 case PROP_TYPE_INDEX:
2461 if (zfs_prop_index_to_string(prop,
2462 intval, &unused) != 0)
2463 err = EINVAL;
2464 break;
2465 default:
2466 cmn_err(CE_PANIC,
2467 "unknown property type");
2468 }
2469 } else {
2470 err = EINVAL;
2471 }
2472 }
2476 err = zfs_check_settable(dsname, pair, CRED());
2477
2478 if (err == 0) {
2479 err = zfs_prop_set_special(dsname, source, pair);
2480 if (err == -1) {
2481 /*
2482 * For better performance we build up a list of
2483 * properties to set in a single transaction.
2484 */
2485 err = nvlist_add_nvpair(genericnvl, pair);
2486 } else if (err != 0 && nvl != retrynvl) {
2487 /*
2488 * This may be a spurious error caused by
2489 * receiving quota and reservation out of order.
2490 * Try again in a second pass.
2491 */
2492 err = nvlist_add_nvpair(retrynvl, pair);
2493 }
2494 }
2495
2496 if (err != 0) {
2497 if (errlist != NULL)
2498 fnvlist_add_int32(errlist, propname, err);
2499 rv = err;
2500 }
2501 }
2502
2503 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2504 nvl = retrynvl;
2505 goto retry;
2506 }
2507
2508 if (!nvlist_empty(genericnvl) &&
2509 dsl_props_set(dsname, source, genericnvl) != 0) {
2510 /*
2511 * If this fails, we still want to set as many properties as we
2512 * can, so try setting them individually.
2513 */
2514 pair = NULL;
2515 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2516 const char *propname = nvpair_name(pair);
2517 int err = 0;
2518
2519 propval = pair;
2520 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2521 nvlist_t *attrs;
2522 attrs = fnvpair_value_nvlist(pair);
2523 propval = fnvlist_lookup_nvpair(attrs,
2524 ZPROP_VALUE);
2525 }
2526
2527 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2528 strval = fnvpair_value_string(propval);
2529 err = dsl_prop_set(dsname, propname, source, 1,
2530 strlen(strval) + 1, strval);
2531 } else {
2532 intval = fnvpair_value_uint64(propval);
2533 err = dsl_prop_set(dsname, propname, source, 8,
2534 1, &intval);
2535 }
2536
2537 if (err != 0) {
2538 if (errlist != NULL) {
2539 fnvlist_add_int32(errlist, propname,
2540 err);
2541 }
2542 rv = err;
2543 }
2544 }
2545 }
2546 nvlist_free(genericnvl);
2547 nvlist_free(retrynvl);
2548
2549 return (rv);
2550 }
2551
2552 /*
2553 * Check that all the properties are valid user properties.
2554 */
2555 static int
2556 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2557 {
2558 nvpair_t *pair = NULL;
2559 int error = 0;
2560
2561 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2562 const char *propname = nvpair_name(pair);
2563 char *valstr;
2564
2565 if (!zfs_prop_user(propname) ||
2566 nvpair_type(pair) != DATA_TYPE_STRING)
2567 return (EINVAL);
2568
2569 if (error = zfs_secpolicy_write_perms(fsname,
2570 ZFS_DELEG_PERM_USERPROP, CRED()))
2571 return (error);
2572
2573 if (strlen(propname) >= ZAP_MAXNAMELEN)
2574 return (ENAMETOOLONG);
2575
2576 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2616 return (err);
2617 }
2618
2619 /*
2620 * inputs:
2621 * zc_name name of filesystem
2622 * zc_value name of property to set
2623 * zc_nvlist_src{_size} nvlist of properties to apply
2624 * zc_cookie received properties flag
2625 *
2626 * outputs:
2627 * zc_nvlist_dst{_size} error for each unapplied received property
2628 */
2629 static int
2630 zfs_ioc_set_prop(zfs_cmd_t *zc)
2631 {
2632 nvlist_t *nvl;
2633 boolean_t received = zc->zc_cookie;
2634 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2635 ZPROP_SRC_LOCAL);
2636 nvlist_t *errors;
2637 int error;
2638
2639 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2640 zc->zc_iflags, &nvl)) != 0)
2641 return (error);
2642
2643 if (received) {
2644 nvlist_t *origprops;
2645 objset_t *os;
2646
2647 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2648 if (dsl_prop_get_received(os, &origprops) == 0) {
2649 (void) clear_received_props(os,
2650 zc->zc_name, origprops, nvl);
2651 nvlist_free(origprops);
2652 }
2653
2654 dsl_prop_set_hasrecvd(os);
2655 dmu_objset_rele(os, FTAG);
2656 }
2657 }
2658
2659 errors = fnvlist_alloc();
2660 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2661
2662 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2663 (void) put_nvlist(zc, errors);
2664 }
2665
2666 nvlist_free(errors);
2667 nvlist_free(nvl);
2668 return (error);
2669 }
2670
2671 /*
2672 * inputs:
2673 * zc_name name of filesystem
2674 * zc_value name of property to inherit
2675 * zc_cookie revert to received value if TRUE
2676 *
2677 * outputs: none
2678 */
2679 static int
2680 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2722 nvlist_free(dummy);
2723 return (EINVAL);
2724 }
2725
2726 pair = nvlist_next_nvpair(dummy, NULL);
2727 err = zfs_prop_set_special(zc->zc_name, source, pair);
2728 nvlist_free(dummy);
2729 if (err != -1)
2730 return (err); /* special property already handled */
2731 } else {
2732 /*
2733 * Only check this in the non-received case. We want to allow
2734 * 'inherit -S' to revert non-inheritable properties like quota
2735 * and reservation to the received or default values even though
2736 * they are not considered inheritable.
2737 */
2738 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2739 return (EINVAL);
2740 }
2741
2742 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2743 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2744 }
2745
2746 static int
2747 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2748 {
2749 nvlist_t *props;
2750 spa_t *spa;
2751 int error;
2752 nvpair_t *pair;
2753
2754 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2755 zc->zc_iflags, &props))
2756 return (error);
2757
2758 /*
2759 * If the only property is the configfile, then just do a spa_lookup()
2760 * to handle the faulted case.
2761 */
2762 pair = nvlist_next_nvpair(props, NULL);
3065
3066 static int
3067 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3068 nvlist_t *zplprops, boolean_t *is_ci)
3069 {
3070 boolean_t fuids_ok;
3071 boolean_t sa_ok;
3072 uint64_t zplver = ZPL_VERSION;
3073 int error;
3074
3075 zplver = zfs_zpl_version_map(spa_vers);
3076 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3077 sa_ok = (zplver >= ZPL_VERSION_SA);
3078
3079 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3080 createprops, zplprops, is_ci);
3081 return (error);
3082 }
3083
3084 /*
3085 * innvl: {
3086 * "type" -> dmu_objset_type_t (int32)
3087 * (optional) "props" -> { prop -> value }
3088 * }
3089 *
3090 * outnvl: propname -> error code (int32)
3091 */
3092 static int
3093 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3094 {
3095 int error = 0;
3096 zfs_creat_t zct = { 0 };
3097 nvlist_t *nvprops = NULL;
3098 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3099 int32_t type32;
3100 dmu_objset_type_t type;
3101 boolean_t is_insensitive = B_FALSE;
3102
3103 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3104 return (EINVAL);
3105 type = type32;
3106 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3107
3108 switch (type) {
3109 case DMU_OST_ZFS:
3110 cbfunc = zfs_create_cb;
3111 break;
3112
3113 case DMU_OST_ZVOL:
3114 cbfunc = zvol_create_cb;
3115 break;
3116
3117 default:
3118 cbfunc = NULL;
3119 break;
3120 }
3121 if (strchr(fsname, '@') ||
3122 strchr(fsname, '%'))
3123 return (EINVAL);
3124
3125 zct.zct_props = nvprops;
3126
3127 if (cbfunc == NULL)
3128 return (EINVAL);
3129
3130 if (type == DMU_OST_ZVOL) {
3131 uint64_t volsize, volblocksize;
3132
3133 if (nvprops == NULL)
3134 return (EINVAL);
3135 if (nvlist_lookup_uint64(nvprops,
3136 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3137 return (EINVAL);
3138
3139 if ((error = nvlist_lookup_uint64(nvprops,
3140 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3141 &volblocksize)) != 0 && error != ENOENT)
3142 return (EINVAL);
3143
3144 if (error != 0)
3145 volblocksize = zfs_prop_default_numeric(
3146 ZFS_PROP_VOLBLOCKSIZE);
3147
3148 if ((error = zvol_check_volblocksize(
3149 volblocksize)) != 0 ||
3150 (error = zvol_check_volsize(volsize,
3151 volblocksize)) != 0)
3152 return (error);
3153 } else if (type == DMU_OST_ZFS) {
3154 int error;
3155
3156 /*
3157 * We have to have normalization and
3158 * case-folding flags correct when we do the
3159 * file system creation, so go figure them out
3160 * now.
3161 */
3162 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3163 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3164 error = zfs_fill_zplprops(fsname, nvprops,
3165 zct.zct_zplprops, &is_insensitive);
3166 if (error != 0) {
3167 nvlist_free(zct.zct_zplprops);
3168 return (error);
3169 }
3170 }
3171
3172 error = dmu_objset_create(fsname, type,
3173 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3174 nvlist_free(zct.zct_zplprops);
3175
3176 /*
3177 * It would be nice to do this atomically.
3178 */
3179 if (error == 0) {
3180 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3181 nvprops, outnvl);
3182 if (error != 0)
3183 (void) dmu_objset_destroy(fsname, B_FALSE);
3184 }
3185 return (error);
3186 }
3187
3188 /*
3189 * innvl: {
3190 * "origin" -> name of origin snapshot
3191 * (optional) "props" -> { prop -> value }
3192 * }
3193 *
3194 * outnvl: propname -> error code (int32)
3195 */
3196 static int
3197 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3198 {
3199 int error = 0;
3200 nvlist_t *nvprops = NULL;
3201 char *origin_name;
3202 dsl_dataset_t *origin;
3203
3204 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3205 return (EINVAL);
3206 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3207
3208 if (strchr(fsname, '@') ||
3209 strchr(fsname, '%'))
3210 return (EINVAL);
3211
3212 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3213 return (EINVAL);
3214
3215 error = dsl_dataset_hold(origin_name, FTAG, &origin);
3216 if (error)
3217 return (error);
3218
3219 error = dmu_objset_clone(fsname, origin, 0);
3220 dsl_dataset_rele(origin, FTAG);
3221 if (error)
3222 return (error);
3223
3224 /*
3225 * It would be nice to do this atomically.
3226 */
3227 if (error == 0) {
3228 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3229 nvprops, outnvl);
3230 if (error != 0)
3231 (void) dmu_objset_destroy(fsname, B_FALSE);
3232 }
3233 return (error);
3234 }
3235
3236 /*
3237 * innvl: {
3238 * "snaps" -> { snapshot1, snapshot2 }
3239 * (optional) "props" -> { prop -> value (string) }
3240 * }
3241 *
3242 * outnvl: snapshot -> error code (int32)
3243 *
3244 */
3245 static int
3246 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3247 {
3248 nvlist_t *snaps;
3249 nvlist_t *props = NULL;
3250 int error, poollen;
3251 nvpair_t *pair;
3252
3253 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3254 if ((error = zfs_check_userprops(poolname, props)) != 0)
3255 return (error);
3256
3257 if (!nvlist_empty(props) &&
3258 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3259 return (ENOTSUP);
3260
3261 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3262 return (EINVAL);
3263 poollen = strlen(poolname);
3264 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3265 pair = nvlist_next_nvpair(snaps, pair)) {
3266 const char *name = nvpair_name(pair);
3267 const char *cp = strchr(name, '@');
3268
3269 /*
3270 * The snap name must contain an @, and the part after it must
3271 * contain only valid characters.
3272 */
3273 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3274 return (EINVAL);
3275
3276 /*
3277 * The snap must be in the specified pool.
3278 */
3279 if (strncmp(name, poolname, poollen) != 0 ||
3280 (name[poollen] != '/' && name[poollen] != '@'))
3281 return (EXDEV);
3282
3283 /* This must be the only snap of this fs. */
3284 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3285 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3286 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3287 == 0) {
3288 return (EXDEV);
3289 }
3290 }
3291 }
3292
3293 error = dmu_objset_snapshot(snaps, props, outnvl);
3294 return (error);
3295 }
3296
3297 /*
3298 * innvl: "message" -> string
3299 */
3300 /* ARGSUSED */
3301 static int
3302 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3303 {
3304 char *message;
3305 spa_t *spa;
3306 int error;
3307 char *poolname;
3308
3309 /*
3310 * The poolname in the ioctl is not set, we get it from the TSD,
3311 * which was set at the end of the last successful ioctl that allows
3312 * logging. The secpolicy func already checked that it is set.
3313 * Only one log ioctl is allowed after each successful ioctl, so
3314 * we clear the TSD here.
3315 */
3316 poolname = tsd_get(zfs_allow_log_key);
3317 (void) tsd_set(zfs_allow_log_key, NULL);
3318 error = spa_open(poolname, &spa, FTAG);
3319 strfree(poolname);
3320 if (error != 0)
3321 return (error);
3322
3323 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3324 spa_close(spa, FTAG);
3325 return (EINVAL);
3326 }
3327
3328 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3329 spa_close(spa, FTAG);
3330 return (ENOTSUP);
3331 }
3332
3333 error = spa_history_log(spa, message);
3334 spa_close(spa, FTAG);
3335 return (error);
3336 }
3337
3338 /* ARGSUSED */
3339 int
3340 zfs_unmount_snap(const char *name, void *arg)
3341 {
3342 vfs_t *vfsp;
3343 int err;
3344
3345 if (strchr(name, '@') == NULL)
3346 return (0);
3347
3348 vfsp = zfs_get_vfs(name);
3349 if (vfsp == NULL)
3350 return (0);
3351
3352 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3353 VFS_RELE(vfsp);
3354 return (err);
3355 }
3356 VFS_RELE(vfsp);
3357
3358 /*
3359 * Always force the unmount for snapshots.
3360 */
3361 return (dounmount(vfsp, MS_FORCE, kcred));
3362 }
3363
3364 /*
3365 * innvl: {
3366 * "snaps" -> { snapshot1, snapshot2 }
3367 * (optional boolean) "defer"
3368 * }
3369 *
3370 * outnvl: snapshot -> error code (int32)
3371 *
3372 */
3373 static int
3374 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3375 {
3376 int poollen;
3377 nvlist_t *snaps;
3378 nvpair_t *pair;
3379 boolean_t defer;
3380
3381 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3382 return (EINVAL);
3383 defer = nvlist_exists(innvl, "defer");
3384
3385 poollen = strlen(poolname);
3386 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3387 pair = nvlist_next_nvpair(snaps, pair)) {
3388 const char *name = nvpair_name(pair);
3389
3390 /*
3391 * The snap must be in the specified pool.
3392 */
3393 if (strncmp(name, poolname, poollen) != 0 ||
3394 (name[poollen] != '/' && name[poollen] != '@'))
3395 return (EXDEV);
3396
3397 /*
3398 * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3399 * will deal with this gracefully (by filling in outnvl).
3400 */
3401 (void) zfs_unmount_snap(name, NULL);
3402 }
3403
3404 return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3405 }
3406
3407 /*
3408 * inputs:
3409 * zc_name name of dataset to destroy
3410 * zc_objset_type type of objset
3411 * zc_defer_destroy mark for deferred destroy
3412 *
3413 * outputs: none
3414 */
3415 static int
3416 zfs_ioc_destroy(zfs_cmd_t *zc)
3417 {
3418 int err;
3419 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3420 err = zfs_unmount_snap(zc->zc_name, NULL);
3421 if (err)
3422 return (err);
3423 }
3424
3688 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3689 {
3690 zfs_cmd_t *zc;
3691 nvpair_t *pair, *next_pair;
3692 nvlist_t *errors;
3693 int err, rv = 0;
3694
3695 if (props == NULL)
3696 return (0);
3697
3698 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3699
3700 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3701 (void) strcpy(zc->zc_name, dataset);
3702 pair = nvlist_next_nvpair(props, NULL);
3703 while (pair != NULL) {
3704 next_pair = nvlist_next_nvpair(props, pair);
3705
3706 (void) strcpy(zc->zc_value, nvpair_name(pair));
3707 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3708 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3709 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3710 VERIFY(nvlist_add_int32(errors,
3711 zc->zc_value, err) == 0);
3712 }
3713 pair = next_pair;
3714 }
3715 kmem_free(zc, sizeof (zfs_cmd_t));
3716
3717 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3718 nvlist_free(errors);
3719 errors = NULL;
3720 } else {
3721 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3722 }
3723
3724 if (errlist == NULL)
3725 nvlist_free(errors);
3726 else
3727 *errlist = errors;
3728
3896
3897 if (zc->zc_string[0]) {
3898 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3899 if (error)
3900 goto out;
3901 }
3902
3903 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3904 &zc->zc_begin_record, force, origin, &drc);
3905 if (origin)
3906 dmu_objset_rele(origin, FTAG);
3907 if (error)
3908 goto out;
3909
3910 /*
3911 * Set properties before we receive the stream so that they are applied
3912 * to the new data. Note that we must call dmu_recv_stream() if
3913 * dmu_recv_begin() succeeds.
3914 */
3915 if (props) {
3916 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3917 if (drc.drc_newfs) {
3918 if (spa_version(os->os_spa) >=
3919 SPA_VERSION_RECVD_PROPS)
3920 first_recvd_props = B_TRUE;
3921 } else if (origprops != NULL) {
3922 if (clear_received_props(os, tofs, origprops,
3923 first_recvd_props ? NULL : props) != 0)
3924 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3925 } else {
3926 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3927 }
3928 dsl_prop_set_hasrecvd(os);
3929 } else if (!drc.drc_newfs) {
3930 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3931 }
3932
3933 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3934 props, errors);
3935 }
3936
3937 if (zc->zc_nvlist_dst_size != 0 &&
3938 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3939 put_nvlist(zc, errors) != 0)) {
3940 /*
3941 * Caller made zc->zc_nvlist_dst less than the minimum expected
3942 * size or supplied an invalid address.
3943 */
3944 props_error = EINVAL;
3945 }
3946
3947 off = fp->f_offset;
3948 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3949 &zc->zc_action_handle);
3950
3951 if (error == 0) {
3952 zfsvfs_t *zfsvfs = NULL;
3953
3954 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3955 /* online recv */
3956 int end_err;
3957
3958 error = zfs_suspend_fs(zfsvfs);
3959 /*
4051 zfs_ioc_send(zfs_cmd_t *zc)
4052 {
4053 objset_t *fromsnap = NULL;
4054 objset_t *tosnap;
4055 int error;
4056 offset_t off;
4057 dsl_dataset_t *ds;
4058 dsl_dataset_t *dsfrom = NULL;
4059 spa_t *spa;
4060 dsl_pool_t *dp;
4061 boolean_t estimate = (zc->zc_guid != 0);
4062
4063 error = spa_open(zc->zc_name, &spa, FTAG);
4064 if (error)
4065 return (error);
4066
4067 dp = spa_get_dsl(spa);
4068 rw_enter(&dp->dp_config_rwlock, RW_READER);
4069 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4070 rw_exit(&dp->dp_config_rwlock);
4071 spa_close(spa, FTAG);
4072 if (error)
4073 return (error);
4074
4075 error = dmu_objset_from_ds(ds, &tosnap);
4076 if (error) {
4077 dsl_dataset_rele(ds, FTAG);
4078 return (error);
4079 }
4080
4081 if (zc->zc_fromobj != 0) {
4082 rw_enter(&dp->dp_config_rwlock, RW_READER);
4083 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4084 rw_exit(&dp->dp_config_rwlock);
4085 if (error) {
4086 dsl_dataset_rele(ds, FTAG);
4087 return (error);
4088 }
4089 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4090 if (error) {
4091 dsl_dataset_rele(dsfrom, FTAG);
4092 dsl_dataset_rele(ds, FTAG);
4093 return (error);
4094 }
4095 }
4096
4097 if (zc->zc_obj) {
4098 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4099
4100 if (fromsnap != NULL) {
4101 dsl_dataset_rele(dsfrom, FTAG);
4102 dsl_dataset_rele(ds, FTAG);
4103 return (EINVAL);
4104 }
4105
4106 if (dsl_dir_is_clone(ds->ds_dir)) {
4107 rw_enter(&dp->dp_config_rwlock, RW_READER);
4108 error = dsl_dataset_hold_obj(dp,
4109 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4110 rw_exit(&dp->dp_config_rwlock);
4111 if (error) {
4112 dsl_dataset_rele(ds, FTAG);
4113 return (error);
4114 }
4115 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4116 if (error) {
4117 dsl_dataset_rele(dsfrom, FTAG);
4118 dsl_dataset_rele(ds, FTAG);
4119 return (error);
4120 }
4121 }
4122 }
4123
4124 if (estimate) {
4125 error = dmu_send_estimate(tosnap, fromsnap,
4126 &zc->zc_objset_type);
4127 } else {
4128 file_t *fp = getf(zc->zc_cookie);
4129 if (fp == NULL) {
4130 dsl_dataset_rele(ds, FTAG);
4131 if (dsfrom)
4132 dsl_dataset_rele(dsfrom, FTAG);
4133 return (EBADF);
4134 }
4135
4136 off = fp->f_offset;
4137 error = dmu_send(tosnap, fromsnap,
4138 zc->zc_cookie, fp->f_vnode, &off);
4139
4140 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4141 fp->f_offset = off;
4142 releasef(zc->zc_cookie);
4143 }
4144 if (dsfrom)
4145 dsl_dataset_rele(dsfrom, FTAG);
4146 dsl_dataset_rele(ds, FTAG);
4147 return (error);
4148 }
4149
4150 /*
4151 * inputs:
4152 * zc_name name of snapshot on which to report progress
4153 * zc_cookie file descriptor of send stream
4154 *
4155 * outputs:
4156 * zc_cookie number of bytes written in send stream thus far
4157 */
4631 int error;
4632
4633 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4634 if (error)
4635 return (error);
4636
4637 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4638 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4639
4640 dmu_objset_rele(os, FTAG);
4641 return (error);
4642 }
4643
4644 /*
4645 * inputs:
4646 * zc_name name of filesystem
4647 * zc_value prefix name for snapshot
4648 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4649 *
4650 * outputs:
4651 * zc_value short name of new snapshot
4652 */
4653 static int
4654 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4655 {
4656 char *snap_name;
4657 int error;
4658
4659 snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4660 (u_longlong_t)ddi_get_lbolt64());
4661
4662 if (strlen(snap_name) >= MAXPATHLEN) {
4663 strfree(snap_name);
4664 return (E2BIG);
4665 }
4666
4667 error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4668 if (error != 0) {
4669 strfree(snap_name);
4670 return (error);
4671 }
4672
4673 (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4674 strfree(snap_name);
4675 return (0);
4676 }
4677
4678 /*
4679 * inputs:
4680 * zc_name name of "to" snapshot
4681 * zc_value name of "from" snapshot
4682 * zc_cookie file descriptor to write diff data on
4683 *
4684 * outputs:
4685 * dmu_diff_record_t's to the file descriptor
4686 */
4687 static int
4688 zfs_ioc_diff(zfs_cmd_t *zc)
4689 {
4690 objset_t *fromsnap;
4691 objset_t *tosnap;
4692 file_t *fp;
4693 offset_t off;
5007 zfs_ioc_space_written(zfs_cmd_t *zc)
5008 {
5009 int error;
5010 dsl_dataset_t *new, *old;
5011
5012 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5013 if (error != 0)
5014 return (error);
5015 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5016 if (error != 0) {
5017 dsl_dataset_rele(new, FTAG);
5018 return (error);
5019 }
5020
5021 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5022 &zc->zc_objset_type, &zc->zc_perm_action);
5023 dsl_dataset_rele(old, FTAG);
5024 dsl_dataset_rele(new, FTAG);
5025 return (error);
5026 }
5027 /*
5028 * innvl: {
5029 * "firstsnap" -> snapshot name
5030 * }
5031 *
5032 * outnvl: {
5033 * "used" -> space in bytes
5034 * "compressed" -> compressed space in bytes
5035 * "uncompressed" -> uncompressed space in bytes
5036 * }
5037 */
5038 static int
5039 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5040 {
5041 int error;
5042 dsl_dataset_t *new, *old;
5043 char *firstsnap;
5044 uint64_t used, comp, uncomp;
5045
5046 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5047 return (EINVAL);
5048
5049 error = dsl_dataset_hold(lastsnap, FTAG, &new);
5050 if (error != 0)
5051 return (error);
5052 error = dsl_dataset_hold(firstsnap, FTAG, &old);
5053 if (error != 0) {
5054 dsl_dataset_rele(new, FTAG);
5055 return (error);
5056 }
5057
5058 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5059 dsl_dataset_rele(old, FTAG);
5060 dsl_dataset_rele(new, FTAG);
5061 fnvlist_add_uint64(outnvl, "used", used);
5062 fnvlist_add_uint64(outnvl, "compressed", comp);
5063 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5064 return (error);
5065 }
5066
5067 /*
5068 * innvl: {
5069 * "fd" -> file descriptor to write stream to (int32)
5070 * (optional) "fromsnap" -> full snap name to send an incremental from
5071 * }
5072 *
5073 * outnvl is unused
5074 */
5075 /* ARGSUSED */
5076 static int
5077 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5078 {
5079 objset_t *fromsnap = NULL;
5080 objset_t *tosnap;
5081 int error;
5082 offset_t off;
5083 char *fromname;
5084 int fd;
5085
5086 error = nvlist_lookup_int32(innvl, "fd", &fd);
5087 if (error != 0)
5088 return (EINVAL);
5089
5090 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5091 if (error)
5092 return (error);
5093
5094 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5095 if (error == 0) {
5096 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5097 if (error) {
5098 dmu_objset_rele(tosnap, FTAG);
5099 return (error);
5100 }
5101 }
5102
5103 file_t *fp = getf(fd);
5104 if (fp == NULL) {
5105 dmu_objset_rele(tosnap, FTAG);
5106 if (fromsnap != NULL)
5107 dmu_objset_rele(fromsnap, FTAG);
5108 return (EBADF);
5109 }
5110
5111 off = fp->f_offset;
5112 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5113
5114 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5115 fp->f_offset = off;
5116 releasef(fd);
5117 if (fromsnap != NULL)
5118 dmu_objset_rele(fromsnap, FTAG);
5119 dmu_objset_rele(tosnap, FTAG);
5120 return (error);
5121 }
5122
5123 /*
5124 * Determine approximately how large a zfs send stream will be -- the number
5125 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5126 *
5127 * innvl: {
5128 * (optional) "fromsnap" -> full snap name to send an incremental from
5129 * }
5130 *
5131 * outnvl: {
5132 * "space" -> bytes of space (uint64)
5133 * }
5134 */
5135 static int
5136 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5137 {
5138 objset_t *fromsnap = NULL;
5139 objset_t *tosnap;
5140 int error;
5141 char *fromname;
5142 uint64_t space;
5143
5144 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5145 if (error)
5146 return (error);
5147
5148 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5149 if (error == 0) {
5150 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5151 if (error) {
5152 dmu_objset_rele(tosnap, FTAG);
5153 return (error);
5154 }
5155 }
5156
5157 error = dmu_send_estimate(tosnap, fromsnap, &space);
5158 fnvlist_add_uint64(outnvl, "space", space);
5159
5160 if (fromsnap != NULL)
5161 dmu_objset_rele(fromsnap, FTAG);
5162 dmu_objset_rele(tosnap, FTAG);
5163 return (error);
5164 }
5165
5166
5167 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5168
5169 static void
5170 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5171 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5172 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5173 {
5174 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5175
5176 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5177 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5178 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5179 ASSERT3P(vec->zvec_func, ==, NULL);
5180
5181 vec->zvec_legacy_func = func;
5182 vec->zvec_secpolicy = secpolicy;
5183 vec->zvec_namecheck = namecheck;
5184 vec->zvec_allow_log = log_history;
5185 vec->zvec_pool_check = pool_check;
5186 }
5187
5188 /*
5189 * See the block comment at the beginning of this file for details on
5190 * each argument to this function.
5191 */
5192 static void
5193 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5194 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5195 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5196 boolean_t allow_log)
5197 {
5198 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5199
5200 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5201 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5202 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5203 ASSERT3P(vec->zvec_func, ==, NULL);
5204
5205 /* if we are logging, the name must be valid */
5206 ASSERT(!allow_log || namecheck != NO_NAME);
5207
5208 vec->zvec_name = name;
5209 vec->zvec_func = func;
5210 vec->zvec_secpolicy = secpolicy;
5211 vec->zvec_namecheck = namecheck;
5212 vec->zvec_pool_check = pool_check;
5213 vec->zvec_smush_outnvlist = smush_outnvlist;
5214 vec->zvec_allow_log = allow_log;
5215 }
5216
5217 static void
5218 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5219 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5220 zfs_ioc_poolcheck_t pool_check)
5221 {
5222 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5223 POOL_NAME, log_history, pool_check);
5224 }
5225
5226 static void
5227 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5228 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5229 {
5230 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5231 DATASET_NAME, B_FALSE, pool_check);
5232 }
5233
5234 static void
5235 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5236 {
5237 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5238 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5239 }
5240
5241 static void
5242 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5243 zfs_secpolicy_func_t *secpolicy)
5244 {
5245 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5246 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5247 }
5248
5249 static void
5250 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5251 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5252 {
5253 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5254 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5255 }
5256
5257 static void
5258 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5259 {
5260 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5261 zfs_secpolicy_read);
5262 }
5263
5264 static void
5265 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5266 zfs_secpolicy_func_t *secpolicy)
5267 {
5268 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5269 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5270 }
5271
5272 static void
5273 zfs_ioctl_init(void)
5274 {
5275 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5276 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5277 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5278
5279 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5280 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5281 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5282
5283 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5284 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5285 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5286
5287 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5288 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5289 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5290
5291 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5292 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5293 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5294
5295 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5296 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5297 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5298
5299 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5300 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5301 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5302
5303 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5304 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5305 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5306
5307 /* IOCTLS that use the legacy function signature */
5308
5309 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5310 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5311
5312 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5313 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5314 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5315 zfs_ioc_pool_scan);
5316 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5317 zfs_ioc_pool_upgrade);
5318 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5319 zfs_ioc_vdev_add);
5320 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5321 zfs_ioc_vdev_remove);
5322 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5323 zfs_ioc_vdev_set_state);
5324 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5325 zfs_ioc_vdev_attach);
5326 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5327 zfs_ioc_vdev_detach);
5328 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5329 zfs_ioc_vdev_setpath);
5330 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5331 zfs_ioc_vdev_setfru);
5332 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5333 zfs_ioc_pool_set_props);
5334 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5335 zfs_ioc_vdev_split);
5336 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5337 zfs_ioc_pool_reguid);
5338
5339 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5340 zfs_ioc_pool_configs, zfs_secpolicy_none);
5341 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5342 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5343 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5344 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5345 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5346 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5347 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5348 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5349
5350 /*
5351 * pool destroy, and export don't log the history as part of
5352 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5353 * does the logging of those commands.
5354 */
5355 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5356 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5357 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5358 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5359
5360 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5361 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5362 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5363 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5364
5365 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5366 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5367 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5368 zfs_ioc_dsobj_to_dsname,
5369 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5370 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5371 zfs_ioc_pool_get_history,
5372 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5373
5374 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5375 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5376
5377 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5378 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5379 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5380 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5381
5382 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5383 zfs_ioc_space_written);
5384 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5385 zfs_ioc_get_holds);
5386 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5387 zfs_ioc_objset_recvd_props);
5388 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5389 zfs_ioc_next_obj);
5390 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5391 zfs_ioc_get_fsacl);
5392 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5393 zfs_ioc_objset_stats);
5394 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5395 zfs_ioc_objset_zplprops);
5396 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5397 zfs_ioc_dataset_list_next);
5398 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5399 zfs_ioc_snapshot_list_next);
5400 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5401 zfs_ioc_send_progress);
5402
5403 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5404 zfs_ioc_diff, zfs_secpolicy_diff);
5405 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5406 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5407 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5408 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5409 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5410 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5411 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5412 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5413 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5414 zfs_ioc_send, zfs_secpolicy_send);
5415
5416 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5417 zfs_secpolicy_none);
5418 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5419 zfs_secpolicy_destroy);
5420 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5421 zfs_secpolicy_rollback);
5422 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5423 zfs_secpolicy_rename);
5424 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5425 zfs_secpolicy_recv);
5426 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5427 zfs_secpolicy_promote);
5428 zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5429 zfs_secpolicy_hold);
5430 zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5431 zfs_secpolicy_release);
5432 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5433 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5434 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5435 zfs_secpolicy_set_fsacl);
5436
5437 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5438 zfs_secpolicy_share, POOL_CHECK_NONE);
5439 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5440 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5441 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5442 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5443 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5444 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5445 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5446 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5447 }
5448
5449 int
5450 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5451 zfs_ioc_poolcheck_t check)
5452 {
5453 spa_t *spa;
5454 int error;
5455
5456 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5457
5458 if (check & POOL_CHECK_NONE)
5459 return (0);
5460
5461 error = spa_open(name, &spa, FTAG);
5462 if (error == 0) {
5463 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5464 error = EAGAIN;
5465 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5466 error = EROFS;
5467 spa_close(spa, FTAG);
5564
5565 if (minor == 0)
5566 return (0);
5567
5568 mutex_enter(&zfsdev_state_lock);
5569 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5570 if (zo == NULL) {
5571 mutex_exit(&zfsdev_state_lock);
5572 return (zvol_close(dev, flag, otyp, cr));
5573 }
5574 zfs_ctldev_destroy(zo, minor);
5575 mutex_exit(&zfsdev_state_lock);
5576
5577 return (0);
5578 }
5579
5580 static int
5581 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5582 {
5583 zfs_cmd_t *zc;
5584 uint_t vecnum;
5585 int error, rc, len;
5586 minor_t minor = getminor(dev);
5587 const zfs_ioc_vec_t *vec;
5588 char *saved_poolname = NULL;
5589 nvlist_t *innvl = NULL;
5590
5591 if (minor != 0 &&
5592 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5593 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5594
5595 vecnum = cmd - ZFS_IOC_FIRST;
5596 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5597
5598 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5599 return (EINVAL);
5600 vec = &zfs_ioc_vec[vecnum];
5601
5602 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5603
5604 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5605 if (error != 0) {
5606 error = EFAULT;
5607 goto out;
5608 }
5609
5610 zc->zc_iflags = flag & FKIOCTL;
5611 if (zc->zc_nvlist_src_size != 0) {
5612 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5613 zc->zc_iflags, &innvl);
5614 if (error != 0)
5615 goto out;
5616 }
5617
5618 /*
5619 * Ensure that all pool/dataset names are valid before we pass down to
5620 * the lower layers.
5621 */
5622 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5623 switch (vec->zvec_namecheck) {
5624 case POOL_NAME:
5625 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5626 error = EINVAL;
5627 else
5628 error = pool_status_check(zc->zc_name,
5629 vec->zvec_namecheck, vec->zvec_pool_check);
5630 break;
5631
5632 case DATASET_NAME:
5633 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5634 error = EINVAL;
5635 else
5636 error = pool_status_check(zc->zc_name,
5637 vec->zvec_namecheck, vec->zvec_pool_check);
5638 break;
5639
5640 case NO_NAME:
5641 break;
5642 }
5643
5644
5645 if (error == 0 && !(flag & FKIOCTL))
5646 error = vec->zvec_secpolicy(zc, innvl, cr);
5647
5648 if (error != 0)
5649 goto out;
5650
5651 /* legacy ioctls can modify zc_name */
5652 len = strcspn(zc->zc_name, "/@") + 1;
5653 saved_poolname = kmem_alloc(len, KM_SLEEP);
5654 (void) strlcpy(saved_poolname, zc->zc_name, len);
5655
5656 if (vec->zvec_func != NULL) {
5657 nvlist_t *outnvl;
5658 int puterror = 0;
5659 spa_t *spa;
5660 nvlist_t *lognv = NULL;
5661
5662 ASSERT(vec->zvec_legacy_func == NULL);
5663
5664 /*
5665 * Add the innvl to the lognv before calling the func,
5666 * in case the func changes the innvl.
5667 */
5668 if (vec->zvec_allow_log) {
5669 lognv = fnvlist_alloc();
5670 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5671 vec->zvec_name);
5672 if (!nvlist_empty(innvl)) {
5673 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5674 innvl);
5675 }
5676 }
5677
5678 outnvl = fnvlist_alloc();
5679 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5680
5681 if (error == 0 && vec->zvec_allow_log &&
5682 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5683 if (!nvlist_empty(outnvl)) {
5684 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5685 outnvl);
5686 }
5687 (void) spa_history_log_nvl(spa, lognv);
5688 spa_close(spa, FTAG);
5689 }
5690 fnvlist_free(lognv);
5691
5692 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5693 int smusherror = 0;
5694 if (vec->zvec_smush_outnvlist) {
5695 smusherror = nvlist_smush(outnvl,
5696 zc->zc_nvlist_dst_size);
5697 }
5698 if (smusherror == 0)
5699 puterror = put_nvlist(zc, outnvl);
5700 }
5701
5702 if (puterror != 0)
5703 error = puterror;
5704
5705 nvlist_free(outnvl);
5706 } else {
5707 error = vec->zvec_legacy_func(zc);
5708 }
5709
5710 out:
5711 nvlist_free(innvl);
5712 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5713 if (error == 0 && rc != 0)
5714 error = EFAULT;
5715 if (error == 0 && vec->zvec_allow_log) {
5716 char *s = tsd_get(zfs_allow_log_key);
5717 if (s != NULL)
5718 strfree(s);
5719 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5720 } else {
5721 if (saved_poolname != NULL)
5722 strfree(saved_poolname);
5723 }
5724
5725 kmem_free(zc, sizeof (zfs_cmd_t));
5726 return (error);
5727 }
5728
5729 static int
5730 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5731 {
5732 if (cmd != DDI_ATTACH)
5733 return (DDI_FAILURE);
5734
5735 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5736 DDI_PSEUDO, 0) == DDI_FAILURE)
5737 return (DDI_FAILURE);
5738
5739 zfs_dip = dip;
5740
5741 ddi_report_dev(dip);
5742
5818 nodev, /* reset */
5819 &zfs_cb_ops, /* driver operations */
5820 NULL, /* no bus operations */
5821 NULL, /* power */
5822 ddi_quiesce_not_needed, /* quiesce */
5823 };
5824
5825 static struct modldrv zfs_modldrv = {
5826 &mod_driverops,
5827 "ZFS storage pool",
5828 &zfs_dev_ops
5829 };
5830
5831 static struct modlinkage modlinkage = {
5832 MODREV_1,
5833 (void *)&zfs_modlfs,
5834 (void *)&zfs_modldrv,
5835 NULL
5836 };
5837
5838 static void
5839 zfs_allow_log_destroy(void *arg)
5840 {
5841 char *poolname = arg;
5842 strfree(poolname);
5843 }
5844
5845 int
5846 _init(void)
5847 {
5848 int error;
5849
5850 spa_init(FREAD | FWRITE);
5851 zfs_init();
5852 zvol_init();
5853 zfs_ioctl_init();
5854
5855 if ((error = mod_install(&modlinkage)) != 0) {
5856 zvol_fini();
5857 zfs_fini();
5858 spa_fini();
5859 return (error);
5860 }
5861
5862 tsd_create(&zfs_fsyncer_key, NULL);
5863 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5864 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5865
5866 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5867 ASSERT(error == 0);
5868 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5869
5870 return (0);
5871 }
5872
5873 int
5874 _fini(void)
5875 {
5876 int error;
5877
5878 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5879 return (EBUSY);
5880
5881 if ((error = mod_remove(&modlinkage)) != 0)
5882 return (error);
5883
5884 zvol_fini();
|