1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012 by Delphix. All rights reserved.
27 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
28 */
29
30 /*
31 * ZFS ioctls.
32 *
33 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
34 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
35 *
36 * There are two ways that we handle ioctls: the legacy way where almost
37 * all of the logic is in the ioctl callback, and the new way where most
38 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
39 *
40 * Non-legacy ioctls should be registered by calling
41 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
42 * from userland by lzc_ioctl().
43 *
44 * The registration arguments are as follows:
45 *
46 * const char *name
47 * The name of the ioctl. This is used for history logging. If the
48 * ioctl returns successfully (the callback returns 0), and allow_log
49 * is true, then a history log entry will be recorded with the input &
50 * output nvlists. The log entry can be printed with "zpool history -i".
51 *
52 * zfs_ioc_t ioc
53 * The ioctl request number, which userland will pass to ioctl(2).
54 * The ioctl numbers can change from release to release, because
55 * the caller (libzfs) must be matched to the kernel.
56 *
57 * zfs_secpolicy_func_t *secpolicy
58 * This function will be called before the zfs_ioc_func_t, to
59 * determine if this operation is permitted. It should return EPERM
60 * on failure, and 0 on success. Checks include determining if the
61 * dataset is visible in this zone, and if the user has either all
62 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
63 * to do this operation on this dataset with "zfs allow".
64 *
65 * zfs_ioc_namecheck_t namecheck
66 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
67 * name, a dataset name, or nothing. If the name is not well-formed,
68 * the ioctl will fail and the callback will not be called.
69 * Therefore, the callback can assume that the name is well-formed
70 * (e.g. is null-terminated, doesn't have more than one '@' character,
71 * doesn't have invalid characters).
72 *
73 * zfs_ioc_poolcheck_t pool_check
74 * This specifies requirements on the pool state. If the pool does
75 * not meet them (is suspended or is readonly), the ioctl will fail
76 * and the callback will not be called. If any checks are specified
77 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
78 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
79 * POOL_CHECK_READONLY).
80 *
81 * boolean_t smush_outnvlist
82 * If smush_outnvlist is true, then the output is presumed to be a
83 * list of errors, and it will be "smushed" down to fit into the
84 * caller's buffer, by removing some entries and replacing them with a
85 * single "N_MORE_ERRORS" entry indicating how many were removed. See
86 * nvlist_smush() for details. If smush_outnvlist is false, and the
87 * outnvlist does not fit into the userland-provided buffer, then the
88 * ioctl will fail with ENOMEM.
89 *
90 * zfs_ioc_func_t *func
91 * The callback function that will perform the operation.
92 *
93 * The callback should return 0 on success, or an error number on
94 * failure. If the function fails, the userland ioctl will return -1,
95 * and errno will be set to the callback's return value. The callback
96 * will be called with the following arguments:
97 *
98 * const char *name
99 * The name of the pool or dataset to operate on, from
100 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
101 * expected type (pool, dataset, or none).
102 *
103 * nvlist_t *innvl
104 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
105 * NULL if no input nvlist was provided. Changes to this nvlist are
106 * ignored. If the input nvlist could not be deserialized, the
107 * ioctl will fail and the callback will not be called.
108 *
109 * nvlist_t *outnvl
110 * The output nvlist, initially empty. The callback can fill it in,
111 * and it will be returned to userland by serializing it into
112 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
113 * fails (e.g. because the caller didn't supply a large enough
114 * buffer), then the overall ioctl will fail. See the
115 * 'smush_nvlist' argument above for additional behaviors.
116 *
117 * There are two typical uses of the output nvlist:
118 * - To return state, e.g. property values. In this case,
119 * smush_outnvlist should be false. If the buffer was not large
120 * enough, the caller will reallocate a larger buffer and try
121 * the ioctl again.
122 *
123 * - To return multiple errors from an ioctl which makes on-disk
124 * changes. In this case, smush_outnvlist should be true.
125 * Ioctls which make on-disk modifications should generally not
126 * use the outnvl if they succeed, because the caller can not
127 * distinguish between the operation failing, and
128 * deserialization failing.
129 */
130
131 #include <sys/types.h>
132 #include <sys/param.h>
133 #include <sys/errno.h>
134 #include <sys/uio.h>
135 #include <sys/buf.h>
136 #include <sys/modctl.h>
137 #include <sys/open.h>
138 #include <sys/file.h>
139 #include <sys/kmem.h>
140 #include <sys/conf.h>
141 #include <sys/cmn_err.h>
142 #include <sys/stat.h>
143 #include <sys/zfs_ioctl.h>
144 #include <sys/zfs_vfsops.h>
145 #include <sys/zfs_znode.h>
146 #include <sys/zap.h>
147 #include <sys/spa.h>
148 #include <sys/spa_impl.h>
149 #include <sys/vdev.h>
150 #include <sys/priv_impl.h>
151 #include <sys/dmu.h>
152 #include <sys/dsl_dir.h>
153 #include <sys/dsl_dataset.h>
154 #include <sys/dsl_prop.h>
155 #include <sys/dsl_deleg.h>
156 #include <sys/dmu_objset.h>
157 #include <sys/dmu_impl.h>
158 #include <sys/ddi.h>
159 #include <sys/sunddi.h>
160 #include <sys/sunldi.h>
161 #include <sys/policy.h>
162 #include <sys/zone.h>
163 #include <sys/nvpair.h>
164 #include <sys/pathname.h>
165 #include <sys/mount.h>
166 #include <sys/sdt.h>
167 #include <sys/fs/zfs.h>
168 #include <sys/zfs_ctldir.h>
169 #include <sys/zfs_dir.h>
170 #include <sys/zfs_onexit.h>
171 #include <sys/zvol.h>
172 #include <sys/dsl_scan.h>
173 #include <sharefs/share.h>
174 #include <sys/dmu_objset.h>
175
176 #include "zfs_namecheck.h"
177 #include "zfs_prop.h"
178 #include "zfs_deleg.h"
179 #include "zfs_comutil.h"
180
181 extern struct modlfs zfs_modlfs;
182
183 extern void zfs_init(void);
184 extern void zfs_fini(void);
185
186 ldi_ident_t zfs_li = NULL;
187 dev_info_t *zfs_dip;
188
189 uint_t zfs_fsyncer_key;
190 extern uint_t rrw_tsd_key;
191 static uint_t zfs_allow_log_key;
192
193 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
194 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
195 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
196
197 typedef enum {
198 NO_NAME,
199 POOL_NAME,
200 DATASET_NAME
201 } zfs_ioc_namecheck_t;
202
203 typedef enum {
204 POOL_CHECK_NONE = 1 << 0,
205 POOL_CHECK_SUSPENDED = 1 << 1,
206 POOL_CHECK_READONLY = 1 << 2,
207 } zfs_ioc_poolcheck_t;
208
209 typedef struct zfs_ioc_vec {
210 zfs_ioc_legacy_func_t *zvec_legacy_func;
211 zfs_ioc_func_t *zvec_func;
212 zfs_secpolicy_func_t *zvec_secpolicy;
213 zfs_ioc_namecheck_t zvec_namecheck;
214 boolean_t zvec_allow_log;
215 zfs_ioc_poolcheck_t zvec_pool_check;
216 boolean_t zvec_smush_outnvlist;
217 const char *zvec_name;
218 } zfs_ioc_vec_t;
219
220 /* This array is indexed by zfs_userquota_prop_t */
221 static const char *userquota_perms[] = {
222 ZFS_DELEG_PERM_USERUSED,
223 ZFS_DELEG_PERM_USERQUOTA,
224 ZFS_DELEG_PERM_GROUPUSED,
225 ZFS_DELEG_PERM_GROUPQUOTA,
226 };
227
228 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
229 static int zfs_check_settable(const char *name, nvpair_t *property,
230 cred_t *cr);
231 static int zfs_check_clearable(char *dataset, nvlist_t *props,
232 nvlist_t **errors);
233 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
234 boolean_t *);
235 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
236 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
237
238 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
239 void
240 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
241 {
242 const char *newfile;
243 char buf[512];
244 va_list adx;
245
246 /*
247 * Get rid of annoying "../common/" prefix to filename.
248 */
249 newfile = strrchr(file, '/');
250 if (newfile != NULL) {
251 newfile = newfile + 1; /* Get rid of leading / */
252 } else {
253 newfile = file;
254 }
255
256 va_start(adx, fmt);
257 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
258 va_end(adx);
259
260 /*
261 * To get this data, use the zfs-dprintf probe as so:
262 * dtrace -q -n 'zfs-dprintf \
263 * /stringof(arg0) == "dbuf.c"/ \
264 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
265 * arg0 = file name
266 * arg1 = function name
267 * arg2 = line number
268 * arg3 = message
269 */
270 DTRACE_PROBE4(zfs__dprintf,
271 char *, newfile, char *, func, int, line, char *, buf);
272 }
273
274 static void
275 history_str_free(char *buf)
276 {
277 kmem_free(buf, HIS_MAX_RECORD_LEN);
278 }
279
280 static char *
281 history_str_get(zfs_cmd_t *zc)
282 {
283 char *buf;
284
285 if (zc->zc_history == NULL)
286 return (NULL);
287
288 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
289 if (copyinstr((void *)(uintptr_t)zc->zc_history,
290 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
291 history_str_free(buf);
292 return (NULL);
293 }
294
295 buf[HIS_MAX_RECORD_LEN -1] = '\0';
296
297 return (buf);
298 }
299
300 /*
301 * Check to see if the named dataset is currently defined as bootable
302 */
303 static boolean_t
304 zfs_is_bootfs(const char *name)
305 {
306 objset_t *os;
307
308 if (dmu_objset_hold(name, FTAG, &os) == 0) {
309 boolean_t ret;
310 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
311 dmu_objset_rele(os, FTAG);
312 return (ret);
313 }
314 return (B_FALSE);
315 }
316
317 /*
318 * zfs_earlier_version
319 *
320 * Return non-zero if the spa version is less than requested version.
321 */
322 static int
323 zfs_earlier_version(const char *name, int version)
324 {
325 spa_t *spa;
326
327 if (spa_open(name, &spa, FTAG) == 0) {
328 if (spa_version(spa) < version) {
329 spa_close(spa, FTAG);
330 return (1);
331 }
332 spa_close(spa, FTAG);
333 }
334 return (0);
335 }
336
337 /*
338 * zpl_earlier_version
339 *
340 * Return TRUE if the ZPL version is less than requested version.
341 */
342 static boolean_t
343 zpl_earlier_version(const char *name, int version)
344 {
345 objset_t *os;
346 boolean_t rc = B_TRUE;
347
348 if (dmu_objset_hold(name, FTAG, &os) == 0) {
349 uint64_t zplversion;
350
351 if (dmu_objset_type(os) != DMU_OST_ZFS) {
352 dmu_objset_rele(os, FTAG);
353 return (B_TRUE);
354 }
355 /* XXX reading from non-owned objset */
356 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
357 rc = zplversion < version;
358 dmu_objset_rele(os, FTAG);
359 }
360 return (rc);
361 }
362
363 static void
364 zfs_log_history(zfs_cmd_t *zc)
365 {
366 spa_t *spa;
367 char *buf;
368
369 if ((buf = history_str_get(zc)) == NULL)
370 return;
371
372 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
373 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
374 (void) spa_history_log(spa, buf);
375 spa_close(spa, FTAG);
376 }
377 history_str_free(buf);
378 }
379
380 /*
381 * Policy for top-level read operations (list pools). Requires no privileges,
382 * and can be used in the local zone, as there is no associated dataset.
383 */
384 /* ARGSUSED */
385 static int
386 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
387 {
388 return (0);
389 }
390
391 /*
392 * Policy for dataset read operations (list children, get statistics). Requires
393 * no privileges, but must be visible in the local zone.
394 */
395 /* ARGSUSED */
396 static int
397 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
398 {
399 if (INGLOBALZONE(curproc) ||
400 zone_dataset_visible(zc->zc_name, NULL))
401 return (0);
402
403 return (ENOENT);
404 }
405
406 static int
407 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
408 {
409 int writable = 1;
410
411 /*
412 * The dataset must be visible by this zone -- check this first
413 * so they don't see EPERM on something they shouldn't know about.
414 */
415 if (!INGLOBALZONE(curproc) &&
416 !zone_dataset_visible(dataset, &writable))
417 return (ENOENT);
418
419 if (INGLOBALZONE(curproc)) {
420 /*
421 * If the fs is zoned, only root can access it from the
422 * global zone.
423 */
424 if (secpolicy_zfs(cr) && zoned)
425 return (EPERM);
426 } else {
427 /*
428 * If we are in a local zone, the 'zoned' property must be set.
429 */
430 if (!zoned)
431 return (EPERM);
432
433 /* must be writable by this zone */
434 if (!writable)
435 return (EPERM);
436 }
437 return (0);
438 }
439
440 static int
441 zfs_dozonecheck(const char *dataset, cred_t *cr)
442 {
443 uint64_t zoned;
444
445 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
446 return (ENOENT);
447
448 return (zfs_dozonecheck_impl(dataset, zoned, cr));
449 }
450
451 static int
452 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
453 {
454 uint64_t zoned;
455
456 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
457 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
458 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
459 return (ENOENT);
460 }
461 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
468 {
469 int error;
470 dsl_dataset_t *ds;
471
472 error = dsl_dataset_hold(name, FTAG, &ds);
473 if (error != 0)
474 return (error);
475
476 error = zfs_dozonecheck_ds(name, ds, cr);
477 if (error == 0) {
478 error = secpolicy_zfs(cr);
479 if (error)
480 error = dsl_deleg_access_impl(ds, perm, cr);
481 }
482
483 dsl_dataset_rele(ds, FTAG);
484 return (error);
485 }
486
487 static int
488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
489 const char *perm, cred_t *cr)
490 {
491 int error;
492
493 error = zfs_dozonecheck_ds(name, ds, cr);
494 if (error == 0) {
495 error = secpolicy_zfs(cr);
496 if (error)
497 error = dsl_deleg_access_impl(ds, perm, cr);
498 }
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
509 {
510 char ds_hexsl[MAXNAMELEN];
511 bslabel_t ds_sl, new_sl;
512 boolean_t new_default = FALSE;
513 uint64_t zoned;
514 int needed_priv = -1;
515 int error;
516
517 /* First get the existing dataset label. */
518 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
519 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
520 if (error)
521 return (EPERM);
522
523 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
524 new_default = TRUE;
525
526 /* The label must be translatable */
527 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
528 return (EINVAL);
529
530 /*
531 * In a non-global zone, disallow attempts to set a label that
532 * doesn't match that of the zone; otherwise no other checks
533 * are needed.
534 */
535 if (!INGLOBALZONE(curproc)) {
536 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
537 return (EPERM);
538 return (0);
539 }
540
541 /*
542 * For global-zone datasets (i.e., those whose zoned property is
543 * "off", verify that the specified new label is valid for the
544 * global zone.
545 */
546 if (dsl_prop_get_integer(name,
547 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
548 return (EPERM);
549 if (!zoned) {
550 if (zfs_check_global_label(name, strval) != 0)
551 return (EPERM);
552 }
553
554 /*
555 * If the existing dataset label is nondefault, check if the
556 * dataset is mounted (label cannot be changed while mounted).
557 * Get the zfsvfs; if there isn't one, then the dataset isn't
558 * mounted (or isn't a dataset, doesn't exist, ...).
559 */
560 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
561 objset_t *os;
562 static char *setsl_tag = "setsl_tag";
563
564 /*
565 * Try to own the dataset; abort if there is any error,
566 * (e.g., already mounted, in use, or other error).
567 */
568 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
569 setsl_tag, &os);
570 if (error)
571 return (EPERM);
572
573 dmu_objset_disown(os, setsl_tag);
574
575 if (new_default) {
576 needed_priv = PRIV_FILE_DOWNGRADE_SL;
577 goto out_check;
578 }
579
580 if (hexstr_to_label(strval, &new_sl) != 0)
581 return (EPERM);
582
583 if (blstrictdom(&ds_sl, &new_sl))
584 needed_priv = PRIV_FILE_DOWNGRADE_SL;
585 else if (blstrictdom(&new_sl, &ds_sl))
586 needed_priv = PRIV_FILE_UPGRADE_SL;
587 } else {
588 /* dataset currently has a default label */
589 if (!new_default)
590 needed_priv = PRIV_FILE_UPGRADE_SL;
591 }
592
593 out_check:
594 if (needed_priv != -1)
595 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
596 return (0);
597 }
598
599 static int
600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
601 cred_t *cr)
602 {
603 char *strval;
604
605 /*
606 * Check permissions for special properties.
607 */
608 switch (prop) {
609 case ZFS_PROP_DEDUP:
610 case ZFS_PROP_ZONED:
611 /*
612 * Disallow setting these properties from within a local zone.
613 */
614 if (!INGLOBALZONE(curproc))
615 return (EPERM);
616 break;
617
618 case ZFS_PROP_QUOTA:
619 if (!INGLOBALZONE(curproc)) {
620 uint64_t zoned;
621 char setpoint[MAXNAMELEN];
622 /*
623 * Unprivileged users are allowed to modify the
624 * quota on things *under* (ie. contained by)
625 * the thing they own.
626 */
627 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
628 setpoint))
629 return (EPERM);
630 if (!zoned || strlen(dsname) <= strlen(setpoint))
631 return (EPERM);
632 }
633 break;
634
635 case ZFS_PROP_MLSLABEL:
636 if (!is_system_labeled())
637 return (EPERM);
638
639 if (nvpair_value_string(propval, &strval) == 0) {
640 int err;
641
642 err = zfs_set_slabel_policy(dsname, strval, CRED());
643 if (err != 0)
644 return (err);
645 }
646 break;
647 }
648
649 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
650 }
651
652 /* ARGSUSED */
653 static int
654 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
655 {
656 int error;
657
658 error = zfs_dozonecheck(zc->zc_name, cr);
659 if (error)
660 return (error);
661
662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
666 return (0);
667 }
668
669 /* ARGSUSED */
670 static int
671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
672 {
673 return (zfs_secpolicy_write_perms(zc->zc_name,
674 ZFS_DELEG_PERM_ROLLBACK, cr));
675 }
676
677 /* ARGSUSED */
678 static int
679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 {
681 spa_t *spa;
682 dsl_pool_t *dp;
683 dsl_dataset_t *ds;
684 char *cp;
685 int error;
686
687 /*
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
690 */
691 cp = strchr(zc->zc_name, '@');
692 if (cp == NULL)
693 return (EINVAL);
694 error = spa_open(zc->zc_name, &spa, FTAG);
695 if (error)
696 return (error);
697
698 dp = spa_get_dsl(spa);
699 rw_enter(&dp->dp_config_rwlock, RW_READER);
700 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
701 rw_exit(&dp->dp_config_rwlock);
702 spa_close(spa, FTAG);
703 if (error)
704 return (error);
705
706 dsl_dataset_name(ds, zc->zc_name);
707
708 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
709 ZFS_DELEG_PERM_SEND, cr);
710 dsl_dataset_rele(ds, FTAG);
711
712 return (error);
713 }
714
715 /* ARGSUSED */
716 static int
717 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
718 {
719 return (zfs_secpolicy_write_perms(zc->zc_name,
720 ZFS_DELEG_PERM_SEND, cr));
721 }
722
723 /* ARGSUSED */
724 static int
725 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
726 {
727 vnode_t *vp;
728 int error;
729
730 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
731 NO_FOLLOW, NULL, &vp)) != 0)
732 return (error);
733
734 /* Now make sure mntpnt and dataset are ZFS */
735
736 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
737 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
738 zc->zc_name) != 0)) {
739 VN_RELE(vp);
740 return (EPERM);
741 }
742
743 VN_RELE(vp);
744 return (dsl_deleg_access(zc->zc_name,
745 ZFS_DELEG_PERM_SHARE, cr));
746 }
747
748 int
749 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
750 {
751 if (!INGLOBALZONE(curproc))
752 return (EPERM);
753
754 if (secpolicy_nfs(cr) == 0) {
755 return (0);
756 } else {
757 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
758 }
759 }
760
761 int
762 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
763 {
764 if (!INGLOBALZONE(curproc))
765 return (EPERM);
766
767 if (secpolicy_smb(cr) == 0) {
768 return (0);
769 } else {
770 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
771 }
772 }
773
774 static int
775 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
776 {
777 char *cp;
778
779 /*
780 * Remove the @bla or /bla from the end of the name to get the parent.
781 */
782 (void) strncpy(parent, datasetname, parentsize);
783 cp = strrchr(parent, '@');
784 if (cp != NULL) {
785 cp[0] = '\0';
786 } else {
787 cp = strrchr(parent, '/');
788 if (cp == NULL)
789 return (ENOENT);
790 cp[0] = '\0';
791 }
792
793 return (0);
794 }
795
796 int
797 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
798 {
799 int error;
800
801 if ((error = zfs_secpolicy_write_perms(name,
802 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
803 return (error);
804
805 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
806 }
807
808 /* ARGSUSED */
809 static int
810 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
811 {
812 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
813 }
814
815 /*
816 * Destroying snapshots with delegated permissions requires
817 * descendant mount and destroy permissions.
818 */
819 /* ARGSUSED */
820 static int
821 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
822 {
823 nvlist_t *snaps;
824 nvpair_t *pair, *nextpair;
825 int error = 0;
826
827 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
828 return (EINVAL);
829 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
830 pair = nextpair) {
831 dsl_dataset_t *ds;
832
833 nextpair = nvlist_next_nvpair(snaps, pair);
834 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
835 if (error == 0) {
836 dsl_dataset_rele(ds, FTAG);
837 } else if (error == ENOENT) {
838 /*
839 * Ignore any snapshots that don't exist (we consider
840 * them "already destroyed"). Remove the name from the
841 * nvl here in case the snapshot is created between
842 * now and when we try to destroy it (in which case
843 * we don't want to destroy it since we haven't
844 * checked for permission).
845 */
846 fnvlist_remove_nvpair(snaps, pair);
847 error = 0;
848 continue;
849 } else {
850 break;
851 }
852 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
853 if (error != 0)
854 break;
855 }
856
857 return (error);
858 }
859
860 int
861 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
862 {
863 char parentname[MAXNAMELEN];
864 int error;
865
866 if ((error = zfs_secpolicy_write_perms(from,
867 ZFS_DELEG_PERM_RENAME, cr)) != 0)
868 return (error);
869
870 if ((error = zfs_secpolicy_write_perms(from,
871 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
872 return (error);
873
874 if ((error = zfs_get_parent(to, parentname,
875 sizeof (parentname))) != 0)
876 return (error);
877
878 if ((error = zfs_secpolicy_write_perms(parentname,
879 ZFS_DELEG_PERM_CREATE, cr)) != 0)
880 return (error);
881
882 if ((error = zfs_secpolicy_write_perms(parentname,
883 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
884 return (error);
885
886 return (error);
887 }
888
889 /* ARGSUSED */
890 static int
891 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
892 {
893 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
894 }
895
896 /* ARGSUSED */
897 static int
898 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
899 {
900 char parentname[MAXNAMELEN];
901 objset_t *clone;
902 int error;
903
904 error = zfs_secpolicy_write_perms(zc->zc_name,
905 ZFS_DELEG_PERM_PROMOTE, cr);
906 if (error)
907 return (error);
908
909 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
910
911 if (error == 0) {
912 dsl_dataset_t *pclone = NULL;
913 dsl_dir_t *dd;
914 dd = clone->os_dsl_dataset->ds_dir;
915
916 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
917 error = dsl_dataset_hold_obj(dd->dd_pool,
918 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
919 rw_exit(&dd->dd_pool->dp_config_rwlock);
920 if (error) {
921 dmu_objset_rele(clone, FTAG);
922 return (error);
923 }
924
925 error = zfs_secpolicy_write_perms(zc->zc_name,
926 ZFS_DELEG_PERM_MOUNT, cr);
927
928 dsl_dataset_name(pclone, parentname);
929 dmu_objset_rele(clone, FTAG);
930 dsl_dataset_rele(pclone, FTAG);
931 if (error == 0)
932 error = zfs_secpolicy_write_perms(parentname,
933 ZFS_DELEG_PERM_PROMOTE, cr);
934 }
935 return (error);
936 }
937
938 /* ARGSUSED */
939 static int
940 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
941 {
942 int error;
943
944 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
945 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
946 return (error);
947
948 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
949 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
950 return (error);
951
952 return (zfs_secpolicy_write_perms(zc->zc_name,
953 ZFS_DELEG_PERM_CREATE, cr));
954 }
955
956 int
957 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
958 {
959 return (zfs_secpolicy_write_perms(name,
960 ZFS_DELEG_PERM_SNAPSHOT, cr));
961 }
962
963 /*
964 * Check for permission to create each snapshot in the nvlist.
965 */
966 /* ARGSUSED */
967 static int
968 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
969 {
970 nvlist_t *snaps;
971 int error;
972 nvpair_t *pair;
973
974 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
975 return (EINVAL);
976 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
977 pair = nvlist_next_nvpair(snaps, pair)) {
978 char *name = nvpair_name(pair);
979 char *atp = strchr(name, '@');
980
981 if (atp == NULL) {
982 error = EINVAL;
983 break;
984 }
985 *atp = '\0';
986 error = zfs_secpolicy_snapshot_perms(name, cr);
987 *atp = '@';
988 if (error != 0)
989 break;
990 }
991 return (error);
992 }
993
994 /* ARGSUSED */
995 static int
996 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
997 {
998 /*
999 * Even root must have a proper TSD so that we know what pool
1000 * to log to.
1001 */
1002 if (tsd_get(zfs_allow_log_key) == NULL)
1003 return (EPERM);
1004 return (0);
1005 }
1006
1007 static int
1008 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1009 {
1010 char parentname[MAXNAMELEN];
1011 int error;
1012 char *origin;
1013
1014 if ((error = zfs_get_parent(zc->zc_name, parentname,
1015 sizeof (parentname))) != 0)
1016 return (error);
1017
1018 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1019 (error = zfs_secpolicy_write_perms(origin,
1020 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1021 return (error);
1022
1023 if ((error = zfs_secpolicy_write_perms(parentname,
1024 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1025 return (error);
1026
1027 return (zfs_secpolicy_write_perms(parentname,
1028 ZFS_DELEG_PERM_MOUNT, cr));
1029 }
1030
1031 /*
1032 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1033 * SYS_CONFIG privilege, which is not available in a local zone.
1034 */
1035 /* ARGSUSED */
1036 static int
1037 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1038 {
1039 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1040 return (EPERM);
1041
1042 return (0);
1043 }
1044
1045 /*
1046 * Policy for object to name lookups.
1047 */
1048 /* ARGSUSED */
1049 static int
1050 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1051 {
1052 int error;
1053
1054 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1055 return (0);
1056
1057 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1058 return (error);
1059 }
1060
1061 /*
1062 * Policy for fault injection. Requires all privileges.
1063 */
1064 /* ARGSUSED */
1065 static int
1066 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1067 {
1068 return (secpolicy_zinject(cr));
1069 }
1070
1071 /* ARGSUSED */
1072 static int
1073 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1074 {
1075 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1076
1077 if (prop == ZPROP_INVAL) {
1078 if (!zfs_prop_user(zc->zc_value))
1079 return (EINVAL);
1080 return (zfs_secpolicy_write_perms(zc->zc_name,
1081 ZFS_DELEG_PERM_USERPROP, cr));
1082 } else {
1083 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1084 NULL, cr));
1085 }
1086 }
1087
1088 static int
1089 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1090 {
1091 int err = zfs_secpolicy_read(zc, innvl, cr);
1092 if (err)
1093 return (err);
1094
1095 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1096 return (EINVAL);
1097
1098 if (zc->zc_value[0] == 0) {
1099 /*
1100 * They are asking about a posix uid/gid. If it's
1101 * themself, allow it.
1102 */
1103 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1104 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1105 if (zc->zc_guid == crgetuid(cr))
1106 return (0);
1107 } else {
1108 if (groupmember(zc->zc_guid, cr))
1109 return (0);
1110 }
1111 }
1112
1113 return (zfs_secpolicy_write_perms(zc->zc_name,
1114 userquota_perms[zc->zc_objset_type], cr));
1115 }
1116
1117 static int
1118 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1119 {
1120 int err = zfs_secpolicy_read(zc, innvl, cr);
1121 if (err)
1122 return (err);
1123
1124 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1125 return (EINVAL);
1126
1127 return (zfs_secpolicy_write_perms(zc->zc_name,
1128 userquota_perms[zc->zc_objset_type], cr));
1129 }
1130
1131 /* ARGSUSED */
1132 static int
1133 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1134 {
1135 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1136 NULL, cr));
1137 }
1138
1139 /* ARGSUSED */
1140 static int
1141 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1142 {
1143 return (zfs_secpolicy_write_perms(zc->zc_name,
1144 ZFS_DELEG_PERM_HOLD, cr));
1145 }
1146
1147 /* ARGSUSED */
1148 static int
1149 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1150 {
1151 return (zfs_secpolicy_write_perms(zc->zc_name,
1152 ZFS_DELEG_PERM_RELEASE, cr));
1153 }
1154
1155 /*
1156 * Policy for allowing temporary snapshots to be taken or released
1157 */
1158 static int
1159 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1160 {
1161 /*
1162 * A temporary snapshot is the same as a snapshot,
1163 * hold, destroy and release all rolled into one.
1164 * Delegated diff alone is sufficient that we allow this.
1165 */
1166 int error;
1167
1168 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1169 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1170 return (0);
1171
1172 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1173 if (!error)
1174 error = zfs_secpolicy_hold(zc, innvl, cr);
1175 if (!error)
1176 error = zfs_secpolicy_release(zc, innvl, cr);
1177 if (!error)
1178 error = zfs_secpolicy_destroy(zc, innvl, cr);
1179 return (error);
1180 }
1181
1182 /*
1183 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1184 */
1185 static int
1186 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1187 {
1188 char *packed;
1189 int error;
1190 nvlist_t *list = NULL;
1191
1192 /*
1193 * Read in and unpack the user-supplied nvlist.
1194 */
1195 if (size == 0)
1196 return (EINVAL);
1197
1198 packed = kmem_alloc(size, KM_SLEEP);
1199
1200 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1201 iflag)) != 0) {
1202 kmem_free(packed, size);
1203 return (error);
1204 }
1205
1206 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1207 kmem_free(packed, size);
1208 return (error);
1209 }
1210
1211 kmem_free(packed, size);
1212
1213 *nvp = list;
1214 return (0);
1215 }
1216
1217 /*
1218 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1219 * Entries will be removed from the end of the nvlist, and one int32 entry
1220 * named "N_MORE_ERRORS" will be added indicating how many entries were
1221 * removed.
1222 */
1223 static int
1224 nvlist_smush(nvlist_t *errors, size_t max)
1225 {
1226 size_t size;
1227
1228 size = fnvlist_size(errors);
1229
1230 if (size > max) {
1231 nvpair_t *more_errors;
1232 int n = 0;
1233
1234 if (max < 1024)
1235 return (ENOMEM);
1236
1237 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1238 more_errors = nvlist_prev_nvpair(errors, NULL);
1239
1240 do {
1241 nvpair_t *pair = nvlist_prev_nvpair(errors,
1242 more_errors);
1243 fnvlist_remove_nvpair(errors, pair);
1244 n++;
1245 size = fnvlist_size(errors);
1246 } while (size > max);
1247
1248 fnvlist_remove_nvpair(errors, more_errors);
1249 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1250 ASSERT3U(fnvlist_size(errors), <=, max);
1251 }
1252
1253 return (0);
1254 }
1255
1256 static int
1257 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1258 {
1259 char *packed = NULL;
1260 int error = 0;
1261 size_t size;
1262
1263 size = fnvlist_size(nvl);
1264
1265 if (size > zc->zc_nvlist_dst_size) {
1266 error = ENOMEM;
1267 } else {
1268 packed = fnvlist_pack(nvl, &size);
1269 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1270 size, zc->zc_iflags) != 0)
1271 error = EFAULT;
1272 fnvlist_pack_free(packed, size);
1273 }
1274
1275 zc->zc_nvlist_dst_size = size;
1276 zc->zc_nvlist_dst_filled = B_TRUE;
1277 return (error);
1278 }
1279
1280 static int
1281 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1282 {
1283 objset_t *os;
1284 int error;
1285
1286 error = dmu_objset_hold(dsname, FTAG, &os);
1287 if (error)
1288 return (error);
1289 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1290 dmu_objset_rele(os, FTAG);
1291 return (EINVAL);
1292 }
1293
1294 mutex_enter(&os->os_user_ptr_lock);
1295 *zfvp = dmu_objset_get_user(os);
1296 if (*zfvp) {
1297 VFS_HOLD((*zfvp)->z_vfs);
1298 } else {
1299 error = ESRCH;
1300 }
1301 mutex_exit(&os->os_user_ptr_lock);
1302 dmu_objset_rele(os, FTAG);
1303 return (error);
1304 }
1305
1306 /*
1307 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1308 * case its z_vfs will be NULL, and it will be opened as the owner.
1309 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1310 * which prevents all vnode ops from running.
1311 */
1312 static int
1313 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1314 {
1315 int error = 0;
1316
1317 if (getzfsvfs(name, zfvp) != 0)
1318 error = zfsvfs_create(name, zfvp);
1319 if (error == 0) {
1320 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1321 RW_READER, tag);
1322 if ((*zfvp)->z_unmounted) {
1323 /*
1324 * XXX we could probably try again, since the unmounting
1325 * thread should be just about to disassociate the
1326 * objset from the zfsvfs.
1327 */
1328 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1329 return (EBUSY);
1330 }
1331 }
1332 return (error);
1333 }
1334
1335 static void
1336 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1337 {
1338 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1339
1340 if (zfsvfs->z_vfs) {
1341 VFS_RELE(zfsvfs->z_vfs);
1342 } else {
1343 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1344 zfsvfs_free(zfsvfs);
1345 }
1346 }
1347
1348 static int
1349 zfs_ioc_pool_create(zfs_cmd_t *zc)
1350 {
1351 int error;
1352 nvlist_t *config, *props = NULL;
1353 nvlist_t *rootprops = NULL;
1354 nvlist_t *zplprops = NULL;
1355
1356 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1357 zc->zc_iflags, &config))
1358 return (error);
1359
1360 if (zc->zc_nvlist_src_size != 0 && (error =
1361 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1362 zc->zc_iflags, &props))) {
1363 nvlist_free(config);
1364 return (error);
1365 }
1366
1367 if (props) {
1368 nvlist_t *nvl = NULL;
1369 uint64_t version = SPA_VERSION;
1370
1371 (void) nvlist_lookup_uint64(props,
1372 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1373 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1374 error = EINVAL;
1375 goto pool_props_bad;
1376 }
1377 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1378 if (nvl) {
1379 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1380 if (error != 0) {
1381 nvlist_free(config);
1382 nvlist_free(props);
1383 return (error);
1384 }
1385 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1386 }
1387 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1388 error = zfs_fill_zplprops_root(version, rootprops,
1389 zplprops, NULL);
1390 if (error)
1391 goto pool_props_bad;
1392 }
1393
1394 error = spa_create(zc->zc_name, config, props, zplprops);
1395
1396 /*
1397 * Set the remaining root properties
1398 */
1399 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1400 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1401 (void) spa_destroy(zc->zc_name);
1402
1403 pool_props_bad:
1404 nvlist_free(rootprops);
1405 nvlist_free(zplprops);
1406 nvlist_free(config);
1407 nvlist_free(props);
1408
1409 return (error);
1410 }
1411
1412 static int
1413 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1414 {
1415 int error;
1416 zfs_log_history(zc);
1417 error = spa_destroy(zc->zc_name);
1418 if (error == 0)
1419 zvol_remove_minors(zc->zc_name);
1420 return (error);
1421 }
1422
1423 static int
1424 zfs_ioc_pool_import(zfs_cmd_t *zc)
1425 {
1426 nvlist_t *config, *props = NULL;
1427 uint64_t guid;
1428 int error;
1429
1430 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1431 zc->zc_iflags, &config)) != 0)
1432 return (error);
1433
1434 if (zc->zc_nvlist_src_size != 0 && (error =
1435 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1436 zc->zc_iflags, &props))) {
1437 nvlist_free(config);
1438 return (error);
1439 }
1440
1441 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1442 guid != zc->zc_guid)
1443 error = EINVAL;
1444 else
1445 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1446
1447 if (zc->zc_nvlist_dst != 0) {
1448 int err;
1449
1450 if ((err = put_nvlist(zc, config)) != 0)
1451 error = err;
1452 }
1453
1454 nvlist_free(config);
1455
1456 if (props)
1457 nvlist_free(props);
1458
1459 return (error);
1460 }
1461
1462 static int
1463 zfs_ioc_pool_export(zfs_cmd_t *zc)
1464 {
1465 int error;
1466 boolean_t force = (boolean_t)zc->zc_cookie;
1467 boolean_t hardforce = (boolean_t)zc->zc_guid;
1468
1469 zfs_log_history(zc);
1470 error = spa_export(zc->zc_name, NULL, force, hardforce);
1471 if (error == 0)
1472 zvol_remove_minors(zc->zc_name);
1473 return (error);
1474 }
1475
1476 static int
1477 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1478 {
1479 nvlist_t *configs;
1480 int error;
1481
1482 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1483 return (EEXIST);
1484
1485 error = put_nvlist(zc, configs);
1486
1487 nvlist_free(configs);
1488
1489 return (error);
1490 }
1491
1492 /*
1493 * inputs:
1494 * zc_name name of the pool
1495 *
1496 * outputs:
1497 * zc_cookie real errno
1498 * zc_nvlist_dst config nvlist
1499 * zc_nvlist_dst_size size of config nvlist
1500 */
1501 static int
1502 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1503 {
1504 nvlist_t *config;
1505 int error;
1506 int ret = 0;
1507
1508 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1509 sizeof (zc->zc_value));
1510
1511 if (config != NULL) {
1512 ret = put_nvlist(zc, config);
1513 nvlist_free(config);
1514
1515 /*
1516 * The config may be present even if 'error' is non-zero.
1517 * In this case we return success, and preserve the real errno
1518 * in 'zc_cookie'.
1519 */
1520 zc->zc_cookie = error;
1521 } else {
1522 ret = error;
1523 }
1524
1525 return (ret);
1526 }
1527
1528 /*
1529 * Try to import the given pool, returning pool stats as appropriate so that
1530 * user land knows which devices are available and overall pool health.
1531 */
1532 static int
1533 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1534 {
1535 nvlist_t *tryconfig, *config;
1536 int error;
1537
1538 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1539 zc->zc_iflags, &tryconfig)) != 0)
1540 return (error);
1541
1542 config = spa_tryimport(tryconfig);
1543
1544 nvlist_free(tryconfig);
1545
1546 if (config == NULL)
1547 return (EINVAL);
1548
1549 error = put_nvlist(zc, config);
1550 nvlist_free(config);
1551
1552 return (error);
1553 }
1554
1555 /*
1556 * inputs:
1557 * zc_name name of the pool
1558 * zc_cookie scan func (pool_scan_func_t)
1559 */
1560 static int
1561 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1562 {
1563 spa_t *spa;
1564 int error;
1565
1566 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1567 return (error);
1568
1569 if (zc->zc_cookie == POOL_SCAN_NONE)
1570 error = spa_scan_stop(spa);
1571 else
1572 error = spa_scan(spa, zc->zc_cookie);
1573
1574 spa_close(spa, FTAG);
1575
1576 return (error);
1577 }
1578
1579 static int
1580 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1581 {
1582 spa_t *spa;
1583 int error;
1584
1585 error = spa_open(zc->zc_name, &spa, FTAG);
1586 if (error == 0) {
1587 spa_freeze(spa);
1588 spa_close(spa, FTAG);
1589 }
1590 return (error);
1591 }
1592
1593 static int
1594 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1595 {
1596 spa_t *spa;
1597 int error;
1598
1599 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1600 return (error);
1601
1602 if (zc->zc_cookie < spa_version(spa) ||
1603 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1604 spa_close(spa, FTAG);
1605 return (EINVAL);
1606 }
1607
1608 spa_upgrade(spa, zc->zc_cookie);
1609 spa_close(spa, FTAG);
1610
1611 return (error);
1612 }
1613
1614 static int
1615 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1616 {
1617 spa_t *spa;
1618 char *hist_buf;
1619 uint64_t size;
1620 int error;
1621
1622 if ((size = zc->zc_history_len) == 0)
1623 return (EINVAL);
1624
1625 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1626 return (error);
1627
1628 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1629 spa_close(spa, FTAG);
1630 return (ENOTSUP);
1631 }
1632
1633 hist_buf = kmem_alloc(size, KM_SLEEP);
1634 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1635 &zc->zc_history_len, hist_buf)) == 0) {
1636 error = ddi_copyout(hist_buf,
1637 (void *)(uintptr_t)zc->zc_history,
1638 zc->zc_history_len, zc->zc_iflags);
1639 }
1640
1641 spa_close(spa, FTAG);
1642 kmem_free(hist_buf, size);
1643 return (error);
1644 }
1645
1646 static int
1647 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1648 {
1649 spa_t *spa;
1650 int error;
1651
1652 error = spa_open(zc->zc_name, &spa, FTAG);
1653 if (error == 0) {
1654 error = spa_change_guid(spa);
1655 spa_close(spa, FTAG);
1656 }
1657 return (error);
1658 }
1659
1660 static int
1661 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1662 {
1663 int error;
1664
1665 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1666 return (error);
1667
1668 return (0);
1669 }
1670
1671 /*
1672 * inputs:
1673 * zc_name name of filesystem
1674 * zc_obj object to find
1675 *
1676 * outputs:
1677 * zc_value name of object
1678 */
1679 static int
1680 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1681 {
1682 objset_t *os;
1683 int error;
1684
1685 /* XXX reading from objset not owned */
1686 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1687 return (error);
1688 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1689 dmu_objset_rele(os, FTAG);
1690 return (EINVAL);
1691 }
1692 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1693 sizeof (zc->zc_value));
1694 dmu_objset_rele(os, FTAG);
1695
1696 return (error);
1697 }
1698
1699 /*
1700 * inputs:
1701 * zc_name name of filesystem
1702 * zc_obj object to find
1703 *
1704 * outputs:
1705 * zc_stat stats on object
1706 * zc_value path to object
1707 */
1708 static int
1709 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1710 {
1711 objset_t *os;
1712 int error;
1713
1714 /* XXX reading from objset not owned */
1715 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1716 return (error);
1717 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1718 dmu_objset_rele(os, FTAG);
1719 return (EINVAL);
1720 }
1721 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1722 sizeof (zc->zc_value));
1723 dmu_objset_rele(os, FTAG);
1724
1725 return (error);
1726 }
1727
1728 static int
1729 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1730 {
1731 spa_t *spa;
1732 int error;
1733 nvlist_t *config, **l2cache, **spares;
1734 uint_t nl2cache = 0, nspares = 0;
1735
1736 error = spa_open(zc->zc_name, &spa, FTAG);
1737 if (error != 0)
1738 return (error);
1739
1740 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1741 zc->zc_iflags, &config);
1742 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1743 &l2cache, &nl2cache);
1744
1745 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1746 &spares, &nspares);
1747
1748 /*
1749 * A root pool with concatenated devices is not supported.
1750 * Thus, can not add a device to a root pool.
1751 *
1752 * Intent log device can not be added to a rootpool because
1753 * during mountroot, zil is replayed, a seperated log device
1754 * can not be accessed during the mountroot time.
1755 *
1756 * l2cache and spare devices are ok to be added to a rootpool.
1757 */
1758 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1759 nvlist_free(config);
1760 spa_close(spa, FTAG);
1761 return (EDOM);
1762 }
1763
1764 if (error == 0) {
1765 error = spa_vdev_add(spa, config);
1766 nvlist_free(config);
1767 }
1768 spa_close(spa, FTAG);
1769 return (error);
1770 }
1771
1772 /*
1773 * inputs:
1774 * zc_name name of the pool
1775 * zc_nvlist_conf nvlist of devices to remove
1776 * zc_cookie to stop the remove?
1777 */
1778 static int
1779 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1780 {
1781 spa_t *spa;
1782 int error;
1783
1784 error = spa_open(zc->zc_name, &spa, FTAG);
1785 if (error != 0)
1786 return (error);
1787 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1788 spa_close(spa, FTAG);
1789 return (error);
1790 }
1791
1792 static int
1793 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1794 {
1795 spa_t *spa;
1796 int error;
1797 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1798
1799 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1800 return (error);
1801 switch (zc->zc_cookie) {
1802 case VDEV_STATE_ONLINE:
1803 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1804 break;
1805
1806 case VDEV_STATE_OFFLINE:
1807 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1808 break;
1809
1810 case VDEV_STATE_FAULTED:
1811 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1812 zc->zc_obj != VDEV_AUX_EXTERNAL)
1813 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1814
1815 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1816 break;
1817
1818 case VDEV_STATE_DEGRADED:
1819 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1820 zc->zc_obj != VDEV_AUX_EXTERNAL)
1821 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1822
1823 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1824 break;
1825
1826 default:
1827 error = EINVAL;
1828 }
1829 zc->zc_cookie = newstate;
1830 spa_close(spa, FTAG);
1831 return (error);
1832 }
1833
1834 static int
1835 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1836 {
1837 spa_t *spa;
1838 int replacing = zc->zc_cookie;
1839 nvlist_t *config;
1840 int error;
1841
1842 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1843 return (error);
1844
1845 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1846 zc->zc_iflags, &config)) == 0) {
1847 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1848 nvlist_free(config);
1849 }
1850
1851 spa_close(spa, FTAG);
1852 return (error);
1853 }
1854
1855 static int
1856 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1857 {
1858 spa_t *spa;
1859 int error;
1860
1861 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1862 return (error);
1863
1864 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1865
1866 spa_close(spa, FTAG);
1867 return (error);
1868 }
1869
1870 static int
1871 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1872 {
1873 spa_t *spa;
1874 nvlist_t *config, *props = NULL;
1875 int error;
1876 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1877
1878 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1879 return (error);
1880
1881 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1882 zc->zc_iflags, &config)) {
1883 spa_close(spa, FTAG);
1884 return (error);
1885 }
1886
1887 if (zc->zc_nvlist_src_size != 0 && (error =
1888 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1889 zc->zc_iflags, &props))) {
1890 spa_close(spa, FTAG);
1891 nvlist_free(config);
1892 return (error);
1893 }
1894
1895 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1896
1897 spa_close(spa, FTAG);
1898
1899 nvlist_free(config);
1900 nvlist_free(props);
1901
1902 return (error);
1903 }
1904
1905 static int
1906 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1907 {
1908 spa_t *spa;
1909 char *path = zc->zc_value;
1910 uint64_t guid = zc->zc_guid;
1911 int error;
1912
1913 error = spa_open(zc->zc_name, &spa, FTAG);
1914 if (error != 0)
1915 return (error);
1916
1917 error = spa_vdev_setpath(spa, guid, path);
1918 spa_close(spa, FTAG);
1919 return (error);
1920 }
1921
1922 static int
1923 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1924 {
1925 spa_t *spa;
1926 char *fru = zc->zc_value;
1927 uint64_t guid = zc->zc_guid;
1928 int error;
1929
1930 error = spa_open(zc->zc_name, &spa, FTAG);
1931 if (error != 0)
1932 return (error);
1933
1934 error = spa_vdev_setfru(spa, guid, fru);
1935 spa_close(spa, FTAG);
1936 return (error);
1937 }
1938
1939 static int
1940 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os,
1941 boolean_t cachedpropsonly)
1942 {
1943 int error = 0;
1944 nvlist_t *nv;
1945
1946 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1947
1948 if (zc->zc_nvlist_dst != 0 &&
1949 (error = dsl_prop_get_all(os, &nv)) == 0) {
1950 dmu_objset_stats(os, nv);
1951 /*
1952 * NB: zvol_get_stats() will read the objset contents,
1953 * which we aren't supposed to do with a
1954 * DS_MODE_USER hold, because it could be
1955 * inconsistent. So this is a bit of a workaround...
1956 * XXX reading with out owning
1957 */
1958 if (!zc->zc_objset_stats.dds_inconsistent &&
1959 dmu_objset_type(os) == DMU_OST_ZVOL &&
1960 !cachedpropsonly) {
1961 error = zvol_get_stats(os, nv);
1962 if (error == EIO)
1963 return (error);
1964 VERIFY0(error);
1965 }
1966 error = put_nvlist(zc, nv);
1967 nvlist_free(nv);
1968 }
1969
1970 return (error);
1971 }
1972
1973 /*
1974 * inputs:
1975 * zc_name name of filesystem
1976 * zc_nvlist_dst_size size of buffer for property nvlist
1977 *
1978 * outputs:
1979 * zc_objset_stats stats
1980 * zc_nvlist_dst property nvlist
1981 * zc_nvlist_dst_size size of property nvlist
1982 */
1983 static int
1984 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1985 {
1986 objset_t *os = NULL;
1987 nvlist_t *nvl = NULL;
1988 boolean_t cachedpropsonly = B_FALSE;
1989 int error;
1990
1991 if (zc->zc_nvlist_src != NULL &&
1992 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1993 zc->zc_iflags, &nvl) != 0))
1994 return (error);
1995
1996 if (nvl != NULL) {
1997 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
1998 &cachedpropsonly);
1999 nvlist_free(nvl);
2000 }
2001
2002 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2003 return (error);
2004
2005 error = zfs_ioc_objset_stats_impl(zc, os, cachedpropsonly);
2006 dmu_objset_rele(os, FTAG);
2007
2008 return (error);
2009 }
2010
2011 /*
2012 * inputs:
2013 * zc_name name of filesystem
2014 * zc_nvlist_dst_size size of buffer for property nvlist
2015 *
2016 * outputs:
2017 * zc_nvlist_dst received property nvlist
2018 * zc_nvlist_dst_size size of received property nvlist
2019 *
2020 * Gets received properties (distinct from local properties on or after
2021 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2022 * local property values.
2023 */
2024 static int
2025 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2026 {
2027 objset_t *os = NULL;
2028 int error;
2029 nvlist_t *nv;
2030
2031 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2032 return (error);
2033
2034 /*
2035 * Without this check, we would return local property values if the
2036 * caller has not already received properties on or after
2037 * SPA_VERSION_RECVD_PROPS.
2038 */
2039 if (!dsl_prop_get_hasrecvd(os)) {
2040 dmu_objset_rele(os, FTAG);
2041 return (ENOTSUP);
2042 }
2043
2044 if (zc->zc_nvlist_dst != 0 &&
2045 (error = dsl_prop_get_received(os, &nv)) == 0) {
2046 error = put_nvlist(zc, nv);
2047 nvlist_free(nv);
2048 }
2049
2050 dmu_objset_rele(os, FTAG);
2051 return (error);
2052 }
2053
2054 static int
2055 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2056 {
2057 uint64_t value;
2058 int error;
2059
2060 /*
2061 * zfs_get_zplprop() will either find a value or give us
2062 * the default value (if there is one).
2063 */
2064 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2065 return (error);
2066 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2067 return (0);
2068 }
2069
2070 /*
2071 * inputs:
2072 * zc_name name of filesystem
2073 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2074 *
2075 * outputs:
2076 * zc_nvlist_dst zpl property nvlist
2077 * zc_nvlist_dst_size size of zpl property nvlist
2078 */
2079 static int
2080 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2081 {
2082 objset_t *os;
2083 int err;
2084
2085 /* XXX reading without owning */
2086 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2087 return (err);
2088
2089 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2090
2091 /*
2092 * NB: nvl_add_zplprop() will read the objset contents,
2093 * which we aren't supposed to do with a DS_MODE_USER
2094 * hold, because it could be inconsistent.
2095 */
2096 if (zc->zc_nvlist_dst != NULL &&
2097 !zc->zc_objset_stats.dds_inconsistent &&
2098 dmu_objset_type(os) == DMU_OST_ZFS) {
2099 nvlist_t *nv;
2100
2101 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2102 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2103 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2104 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2105 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2106 err = put_nvlist(zc, nv);
2107 nvlist_free(nv);
2108 } else {
2109 err = ENOENT;
2110 }
2111 dmu_objset_rele(os, FTAG);
2112 return (err);
2113 }
2114
2115 static boolean_t
2116 dataset_name_hidden(const char *name)
2117 {
2118 /*
2119 * Skip over datasets that are not visible in this zone,
2120 * internal datasets (which have a $ in their name), and
2121 * temporary datasets (which have a % in their name).
2122 */
2123 if (strchr(name, '$') != NULL)
2124 return (B_TRUE);
2125 if (strchr(name, '%') != NULL)
2126 return (B_TRUE);
2127 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2128 return (B_TRUE);
2129 return (B_FALSE);
2130 }
2131
2132 /*
2133 * inputs:
2134 * zc_name name of filesystem
2135 * zc_cookie zap cursor
2136 * zc_nvlist_dst_size size of buffer for property nvlist
2137 *
2138 * outputs:
2139 * zc_name name of next filesystem
2140 * zc_cookie zap cursor
2141 * zc_objset_stats stats
2142 * zc_nvlist_dst property nvlist
2143 * zc_nvlist_dst_size size of property nvlist
2144 */
2145 static int
2146 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2147 {
2148 objset_t *os;
2149 int error;
2150 char *p;
2151 size_t orig_len = strlen(zc->zc_name);
2152
2153 top:
2154 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2155 if (error == ENOENT)
2156 error = ESRCH;
2157 return (error);
2158 }
2159
2160 p = strrchr(zc->zc_name, '/');
2161 if (p == NULL || p[1] != '\0')
2162 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2163 p = zc->zc_name + strlen(zc->zc_name);
2164
2165 /*
2166 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
2167 * but is not declared void because its called by dmu_objset_find().
2168 */
2169 if (zc->zc_cookie == 0) {
2170 uint64_t cookie = 0;
2171 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2172
2173 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2174 if (!dataset_name_hidden(zc->zc_name))
2175 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2176 }
2177 }
2178
2179 do {
2180 error = dmu_dir_list_next(os,
2181 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2182 NULL, &zc->zc_cookie);
2183 if (error == ENOENT)
2184 error = ESRCH;
2185 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2186 dmu_objset_rele(os, FTAG);
2187
2188 /*
2189 * If it's an internal dataset (ie. with a '$' in its name),
2190 * don't try to get stats for it, otherwise we'll return ENOENT.
2191 */
2192 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2193 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2194 if (error == ENOENT) {
2195 /* We lost a race with destroy, get the next one. */
2196 zc->zc_name[orig_len] = '\0';
2197 goto top;
2198 }
2199 }
2200 return (error);
2201 }
2202
2203 /*
2204 * inputs:
2205 * zc_name name of filesystem
2206 * zc_cookie zap cursor
2207 * zc_nvlist_dst_size size of buffer for property nvlist
2208 *
2209 * outputs:
2210 * zc_name name of next snapshot
2211 * zc_objset_stats stats
2212 * zc_nvlist_dst property nvlist
2213 * zc_nvlist_dst_size size of property nvlist
2214 */
2215 static int
2216 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2217 {
2218 objset_t *os;
2219 nvlist_t *nvl = NULL;
2220 boolean_t cachedpropsonly = B_FALSE;
2221 int error;
2222
2223 if (zc->zc_nvlist_src != NULL &&
2224 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2225 zc->zc_iflags, &nvl) != 0))
2226 return (error);
2227
2228 if (nvl != NULL) {
2229 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
2230 &cachedpropsonly);
2231 nvlist_free(nvl);
2232 }
2233
2234 top:
2235 if (zc->zc_cookie == 0)
2236 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2237 NULL, DS_FIND_SNAPSHOTS);
2238
2239 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2240 if (error)
2241 return (error == ENOENT ? ESRCH : error);
2242
2243 /*
2244 * A dataset name of maximum length cannot have any snapshots,
2245 * so exit immediately.
2246 */
2247 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2248 dmu_objset_rele(os, FTAG);
2249 return (ESRCH);
2250 }
2251
2252 error = dmu_snapshot_list_next(os,
2253 sizeof (zc->zc_name) - strlen(zc->zc_name),
2254 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2255 NULL);
2256
2257 if (error == 0) {
2258 dsl_dataset_t *ds;
2259 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2260
2261 /*
2262 * Since we probably don't have a hold on this snapshot,
2263 * it's possible that the objsetid could have been destroyed
2264 * and reused for a new objset. It's OK if this happens during
2265 * a zfs send operation, since the new createtxg will be
2266 * beyond the range we're interested in.
2267 */
2268 rw_enter(&dp->dp_config_rwlock, RW_READER);
2269 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2270 rw_exit(&dp->dp_config_rwlock);
2271 if (error) {
2272 if (error == ENOENT) {
2273 /* Racing with destroy, get the next one. */
2274 *strchr(zc->zc_name, '@') = '\0';
2275 dmu_objset_rele(os, FTAG);
2276 goto top;
2277 }
2278 } else {
2279 objset_t *ossnap;
2280
2281 error = dmu_objset_from_ds(ds, &ossnap);
2282 if (error == 0) {
2283 error = zfs_ioc_objset_stats_impl(zc,
2284 ossnap, cachedpropsonly);
2285 }
2286 dsl_dataset_rele(ds, FTAG);
2287 }
2288 } else if (error == ENOENT) {
2289 error = ESRCH;
2290 }
2291
2292 dmu_objset_rele(os, FTAG);
2293 /* if we failed, undo the @ that we tacked on to zc_name */
2294 if (error)
2295 *strchr(zc->zc_name, '@') = '\0';
2296 return (error);
2297 }
2298
2299 static int
2300 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2301 {
2302 const char *propname = nvpair_name(pair);
2303 uint64_t *valary;
2304 unsigned int vallen;
2305 const char *domain;
2306 char *dash;
2307 zfs_userquota_prop_t type;
2308 uint64_t rid;
2309 uint64_t quota;
2310 zfsvfs_t *zfsvfs;
2311 int err;
2312
2313 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2314 nvlist_t *attrs;
2315 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2316 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2317 &pair) != 0)
2318 return (EINVAL);
2319 }
2320
2321 /*
2322 * A correctly constructed propname is encoded as
2323 * userquota@<rid>-<domain>.
2324 */
2325 if ((dash = strchr(propname, '-')) == NULL ||
2326 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2327 vallen != 3)
2328 return (EINVAL);
2329
2330 domain = dash + 1;
2331 type = valary[0];
2332 rid = valary[1];
2333 quota = valary[2];
2334
2335 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2336 if (err == 0) {
2337 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2338 zfsvfs_rele(zfsvfs, FTAG);
2339 }
2340
2341 return (err);
2342 }
2343
2344 /*
2345 * If the named property is one that has a special function to set its value,
2346 * return 0 on success and a positive error code on failure; otherwise if it is
2347 * not one of the special properties handled by this function, return -1.
2348 *
2349 * XXX: It would be better for callers of the property interface if we handled
2350 * these special cases in dsl_prop.c (in the dsl layer).
2351 */
2352 static int
2353 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2354 nvpair_t *pair)
2355 {
2356 const char *propname = nvpair_name(pair);
2357 zfs_prop_t prop = zfs_name_to_prop(propname);
2358 uint64_t intval;
2359 int err;
2360
2361 if (prop == ZPROP_INVAL) {
2362 if (zfs_prop_userquota(propname))
2363 return (zfs_prop_set_userquota(dsname, pair));
2364 return (-1);
2365 }
2366
2367 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2368 nvlist_t *attrs;
2369 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2370 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2371 &pair) == 0);
2372 }
2373
2374 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2375 return (-1);
2376
2377 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2378
2379 switch (prop) {
2380 case ZFS_PROP_QUOTA:
2381 err = dsl_dir_set_quota(dsname, source, intval);
2382 break;
2383 case ZFS_PROP_REFQUOTA:
2384 err = dsl_dataset_set_quota(dsname, source, intval);
2385 break;
2386 case ZFS_PROP_RESERVATION:
2387 err = dsl_dir_set_reservation(dsname, source, intval);
2388 break;
2389 case ZFS_PROP_REFRESERVATION:
2390 err = dsl_dataset_set_reservation(dsname, source, intval);
2391 break;
2392 case ZFS_PROP_VOLSIZE:
2393 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2394 intval);
2395 break;
2396 case ZFS_PROP_VERSION:
2397 {
2398 zfsvfs_t *zfsvfs;
2399
2400 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2401 break;
2402
2403 err = zfs_set_version(zfsvfs, intval);
2404 zfsvfs_rele(zfsvfs, FTAG);
2405
2406 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2407 zfs_cmd_t *zc;
2408
2409 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2410 (void) strcpy(zc->zc_name, dsname);
2411 (void) zfs_ioc_userspace_upgrade(zc);
2412 kmem_free(zc, sizeof (zfs_cmd_t));
2413 }
2414 break;
2415 }
2416
2417 default:
2418 err = -1;
2419 }
2420
2421 return (err);
2422 }
2423
2424 /*
2425 * This function is best effort. If it fails to set any of the given properties,
2426 * it continues to set as many as it can and returns the last error
2427 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2428 * with the list of names of all the properties that failed along with the
2429 * corresponding error numbers.
2430 *
2431 * If every property is set successfully, zero is returned and errlist is not
2432 * modified.
2433 */
2434 int
2435 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2436 nvlist_t *errlist)
2437 {
2438 nvpair_t *pair;
2439 nvpair_t *propval;
2440 int rv = 0;
2441 uint64_t intval;
2442 char *strval;
2443 nvlist_t *genericnvl = fnvlist_alloc();
2444 nvlist_t *retrynvl = fnvlist_alloc();
2445
2446 retry:
2447 pair = NULL;
2448 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2449 const char *propname = nvpair_name(pair);
2450 zfs_prop_t prop = zfs_name_to_prop(propname);
2451 int err = 0;
2452
2453 /* decode the property value */
2454 propval = pair;
2455 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2456 nvlist_t *attrs;
2457 attrs = fnvpair_value_nvlist(pair);
2458 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2459 &propval) != 0)
2460 err = EINVAL;
2461 }
2462
2463 /* Validate value type */
2464 if (err == 0 && prop == ZPROP_INVAL) {
2465 if (zfs_prop_user(propname)) {
2466 if (nvpair_type(propval) != DATA_TYPE_STRING)
2467 err = EINVAL;
2468 } else if (zfs_prop_userquota(propname)) {
2469 if (nvpair_type(propval) !=
2470 DATA_TYPE_UINT64_ARRAY)
2471 err = EINVAL;
2472 } else {
2473 err = EINVAL;
2474 }
2475 } else if (err == 0) {
2476 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2477 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2478 err = EINVAL;
2479 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2480 const char *unused;
2481
2482 intval = fnvpair_value_uint64(propval);
2483
2484 switch (zfs_prop_get_type(prop)) {
2485 case PROP_TYPE_NUMBER:
2486 break;
2487 case PROP_TYPE_STRING:
2488 err = EINVAL;
2489 break;
2490 case PROP_TYPE_INDEX:
2491 if (zfs_prop_index_to_string(prop,
2492 intval, &unused) != 0)
2493 err = EINVAL;
2494 break;
2495 default:
2496 cmn_err(CE_PANIC,
2497 "unknown property type");
2498 }
2499 } else {
2500 err = EINVAL;
2501 }
2502 }
2503
2504 /* Validate permissions */
2505 if (err == 0)
2506 err = zfs_check_settable(dsname, pair, CRED());
2507
2508 if (err == 0) {
2509 err = zfs_prop_set_special(dsname, source, pair);
2510 if (err == -1) {
2511 /*
2512 * For better performance we build up a list of
2513 * properties to set in a single transaction.
2514 */
2515 err = nvlist_add_nvpair(genericnvl, pair);
2516 } else if (err != 0 && nvl != retrynvl) {
2517 /*
2518 * This may be a spurious error caused by
2519 * receiving quota and reservation out of order.
2520 * Try again in a second pass.
2521 */
2522 err = nvlist_add_nvpair(retrynvl, pair);
2523 }
2524 }
2525
2526 if (err != 0) {
2527 if (errlist != NULL)
2528 fnvlist_add_int32(errlist, propname, err);
2529 rv = err;
2530 }
2531 }
2532
2533 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2534 nvl = retrynvl;
2535 goto retry;
2536 }
2537
2538 if (!nvlist_empty(genericnvl) &&
2539 dsl_props_set(dsname, source, genericnvl) != 0) {
2540 /*
2541 * If this fails, we still want to set as many properties as we
2542 * can, so try setting them individually.
2543 */
2544 pair = NULL;
2545 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2546 const char *propname = nvpair_name(pair);
2547 int err = 0;
2548
2549 propval = pair;
2550 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2551 nvlist_t *attrs;
2552 attrs = fnvpair_value_nvlist(pair);
2553 propval = fnvlist_lookup_nvpair(attrs,
2554 ZPROP_VALUE);
2555 }
2556
2557 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2558 strval = fnvpair_value_string(propval);
2559 err = dsl_prop_set(dsname, propname, source, 1,
2560 strlen(strval) + 1, strval);
2561 } else {
2562 intval = fnvpair_value_uint64(propval);
2563 err = dsl_prop_set(dsname, propname, source, 8,
2564 1, &intval);
2565 }
2566
2567 if (err != 0) {
2568 if (errlist != NULL) {
2569 fnvlist_add_int32(errlist, propname,
2570 err);
2571 }
2572 rv = err;
2573 }
2574 }
2575 }
2576 nvlist_free(genericnvl);
2577 nvlist_free(retrynvl);
2578
2579 return (rv);
2580 }
2581
2582 /*
2583 * Check that all the properties are valid user properties.
2584 */
2585 static int
2586 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2587 {
2588 nvpair_t *pair = NULL;
2589 int error = 0;
2590
2591 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2592 const char *propname = nvpair_name(pair);
2593 char *valstr;
2594
2595 if (!zfs_prop_user(propname) ||
2596 nvpair_type(pair) != DATA_TYPE_STRING)
2597 return (EINVAL);
2598
2599 if (error = zfs_secpolicy_write_perms(fsname,
2600 ZFS_DELEG_PERM_USERPROP, CRED()))
2601 return (error);
2602
2603 if (strlen(propname) >= ZAP_MAXNAMELEN)
2604 return (ENAMETOOLONG);
2605
2606 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2607 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2608 return (E2BIG);
2609 }
2610 return (0);
2611 }
2612
2613 static void
2614 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2615 {
2616 nvpair_t *pair;
2617
2618 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2619
2620 pair = NULL;
2621 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2622 if (nvlist_exists(skipped, nvpair_name(pair)))
2623 continue;
2624
2625 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2626 }
2627 }
2628
2629 static int
2630 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2631 nvlist_t *skipped)
2632 {
2633 int err = 0;
2634 nvlist_t *cleared_props = NULL;
2635 props_skip(props, skipped, &cleared_props);
2636 if (!nvlist_empty(cleared_props)) {
2637 /*
2638 * Acts on local properties until the dataset has received
2639 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2640 */
2641 zprop_source_t flags = (ZPROP_SRC_NONE |
2642 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2643 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2644 }
2645 nvlist_free(cleared_props);
2646 return (err);
2647 }
2648
2649 /*
2650 * inputs:
2651 * zc_name name of filesystem
2652 * zc_value name of property to set
2653 * zc_nvlist_src{_size} nvlist of properties to apply
2654 * zc_cookie received properties flag
2655 *
2656 * outputs:
2657 * zc_nvlist_dst{_size} error for each unapplied received property
2658 */
2659 static int
2660 zfs_ioc_set_prop(zfs_cmd_t *zc)
2661 {
2662 nvlist_t *nvl;
2663 boolean_t received = zc->zc_cookie;
2664 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2665 ZPROP_SRC_LOCAL);
2666 nvlist_t *errors;
2667 int error;
2668
2669 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2670 zc->zc_iflags, &nvl)) != 0)
2671 return (error);
2672
2673 if (received) {
2674 nvlist_t *origprops;
2675 objset_t *os;
2676
2677 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2678 if (dsl_prop_get_received(os, &origprops) == 0) {
2679 (void) clear_received_props(os,
2680 zc->zc_name, origprops, nvl);
2681 nvlist_free(origprops);
2682 }
2683
2684 dsl_prop_set_hasrecvd(os);
2685 dmu_objset_rele(os, FTAG);
2686 }
2687 }
2688
2689 errors = fnvlist_alloc();
2690 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2691
2692 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2693 (void) put_nvlist(zc, errors);
2694 }
2695
2696 nvlist_free(errors);
2697 nvlist_free(nvl);
2698 return (error);
2699 }
2700
2701 /*
2702 * inputs:
2703 * zc_name name of filesystem
2704 * zc_value name of property to inherit
2705 * zc_cookie revert to received value if TRUE
2706 *
2707 * outputs: none
2708 */
2709 static int
2710 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2711 {
2712 const char *propname = zc->zc_value;
2713 zfs_prop_t prop = zfs_name_to_prop(propname);
2714 boolean_t received = zc->zc_cookie;
2715 zprop_source_t source = (received
2716 ? ZPROP_SRC_NONE /* revert to received value, if any */
2717 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2718
2719 if (received) {
2720 nvlist_t *dummy;
2721 nvpair_t *pair;
2722 zprop_type_t type;
2723 int err;
2724
2725 /*
2726 * zfs_prop_set_special() expects properties in the form of an
2727 * nvpair with type info.
2728 */
2729 if (prop == ZPROP_INVAL) {
2730 if (!zfs_prop_user(propname))
2731 return (EINVAL);
2732
2733 type = PROP_TYPE_STRING;
2734 } else if (prop == ZFS_PROP_VOLSIZE ||
2735 prop == ZFS_PROP_VERSION) {
2736 return (EINVAL);
2737 } else {
2738 type = zfs_prop_get_type(prop);
2739 }
2740
2741 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2742
2743 switch (type) {
2744 case PROP_TYPE_STRING:
2745 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2746 break;
2747 case PROP_TYPE_NUMBER:
2748 case PROP_TYPE_INDEX:
2749 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2750 break;
2751 default:
2752 nvlist_free(dummy);
2753 return (EINVAL);
2754 }
2755
2756 pair = nvlist_next_nvpair(dummy, NULL);
2757 err = zfs_prop_set_special(zc->zc_name, source, pair);
2758 nvlist_free(dummy);
2759 if (err != -1)
2760 return (err); /* special property already handled */
2761 } else {
2762 /*
2763 * Only check this in the non-received case. We want to allow
2764 * 'inherit -S' to revert non-inheritable properties like quota
2765 * and reservation to the received or default values even though
2766 * they are not considered inheritable.
2767 */
2768 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2769 return (EINVAL);
2770 }
2771
2772 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2773 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2774 }
2775
2776 static int
2777 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2778 {
2779 nvlist_t *props;
2780 spa_t *spa;
2781 int error;
2782 nvpair_t *pair;
2783
2784 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2785 zc->zc_iflags, &props))
2786 return (error);
2787
2788 /*
2789 * If the only property is the configfile, then just do a spa_lookup()
2790 * to handle the faulted case.
2791 */
2792 pair = nvlist_next_nvpair(props, NULL);
2793 if (pair != NULL && strcmp(nvpair_name(pair),
2794 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2795 nvlist_next_nvpair(props, pair) == NULL) {
2796 mutex_enter(&spa_namespace_lock);
2797 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2798 spa_configfile_set(spa, props, B_FALSE);
2799 spa_config_sync(spa, B_FALSE, B_TRUE);
2800 }
2801 mutex_exit(&spa_namespace_lock);
2802 if (spa != NULL) {
2803 nvlist_free(props);
2804 return (0);
2805 }
2806 }
2807
2808 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2809 nvlist_free(props);
2810 return (error);
2811 }
2812
2813 error = spa_prop_set(spa, props);
2814
2815 nvlist_free(props);
2816 spa_close(spa, FTAG);
2817
2818 return (error);
2819 }
2820
2821 static int
2822 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2823 {
2824 spa_t *spa;
2825 int error;
2826 nvlist_t *nvp = NULL;
2827
2828 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2829 /*
2830 * If the pool is faulted, there may be properties we can still
2831 * get (such as altroot and cachefile), so attempt to get them
2832 * anyway.
2833 */
2834 mutex_enter(&spa_namespace_lock);
2835 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2836 error = spa_prop_get(spa, &nvp);
2837 mutex_exit(&spa_namespace_lock);
2838 } else {
2839 error = spa_prop_get(spa, &nvp);
2840 spa_close(spa, FTAG);
2841 }
2842
2843 if (error == 0 && zc->zc_nvlist_dst != NULL)
2844 error = put_nvlist(zc, nvp);
2845 else
2846 error = EFAULT;
2847
2848 nvlist_free(nvp);
2849 return (error);
2850 }
2851
2852 /*
2853 * inputs:
2854 * zc_name name of filesystem
2855 * zc_nvlist_src{_size} nvlist of delegated permissions
2856 * zc_perm_action allow/unallow flag
2857 *
2858 * outputs: none
2859 */
2860 static int
2861 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2862 {
2863 int error;
2864 nvlist_t *fsaclnv = NULL;
2865
2866 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2867 zc->zc_iflags, &fsaclnv)) != 0)
2868 return (error);
2869
2870 /*
2871 * Verify nvlist is constructed correctly
2872 */
2873 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2874 nvlist_free(fsaclnv);
2875 return (EINVAL);
2876 }
2877
2878 /*
2879 * If we don't have PRIV_SYS_MOUNT, then validate
2880 * that user is allowed to hand out each permission in
2881 * the nvlist(s)
2882 */
2883
2884 error = secpolicy_zfs(CRED());
2885 if (error) {
2886 if (zc->zc_perm_action == B_FALSE) {
2887 error = dsl_deleg_can_allow(zc->zc_name,
2888 fsaclnv, CRED());
2889 } else {
2890 error = dsl_deleg_can_unallow(zc->zc_name,
2891 fsaclnv, CRED());
2892 }
2893 }
2894
2895 if (error == 0)
2896 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2897
2898 nvlist_free(fsaclnv);
2899 return (error);
2900 }
2901
2902 /*
2903 * inputs:
2904 * zc_name name of filesystem
2905 *
2906 * outputs:
2907 * zc_nvlist_src{_size} nvlist of delegated permissions
2908 */
2909 static int
2910 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2911 {
2912 nvlist_t *nvp;
2913 int error;
2914
2915 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2916 error = put_nvlist(zc, nvp);
2917 nvlist_free(nvp);
2918 }
2919
2920 return (error);
2921 }
2922
2923 /*
2924 * Search the vfs list for a specified resource. Returns a pointer to it
2925 * or NULL if no suitable entry is found. The caller of this routine
2926 * is responsible for releasing the returned vfs pointer.
2927 */
2928 static vfs_t *
2929 zfs_get_vfs(const char *resource)
2930 {
2931 struct vfs *vfsp;
2932 struct vfs *vfs_found = NULL;
2933
2934 vfs_list_read_lock();
2935 vfsp = rootvfs;
2936 do {
2937 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2938 VFS_HOLD(vfsp);
2939 vfs_found = vfsp;
2940 break;
2941 }
2942 vfsp = vfsp->vfs_next;
2943 } while (vfsp != rootvfs);
2944 vfs_list_unlock();
2945 return (vfs_found);
2946 }
2947
2948 /* ARGSUSED */
2949 static void
2950 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2951 {
2952 zfs_creat_t *zct = arg;
2953
2954 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2955 }
2956
2957 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2958
2959 /*
2960 * inputs:
2961 * createprops list of properties requested by creator
2962 * default_zplver zpl version to use if unspecified in createprops
2963 * fuids_ok fuids allowed in this version of the spa?
2964 * os parent objset pointer (NULL if root fs)
2965 *
2966 * outputs:
2967 * zplprops values for the zplprops we attach to the master node object
2968 * is_ci true if requested file system will be purely case-insensitive
2969 *
2970 * Determine the settings for utf8only, normalization and
2971 * casesensitivity. Specific values may have been requested by the
2972 * creator and/or we can inherit values from the parent dataset. If
2973 * the file system is of too early a vintage, a creator can not
2974 * request settings for these properties, even if the requested
2975 * setting is the default value. We don't actually want to create dsl
2976 * properties for these, so remove them from the source nvlist after
2977 * processing.
2978 */
2979 static int
2980 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2981 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2982 nvlist_t *zplprops, boolean_t *is_ci)
2983 {
2984 uint64_t sense = ZFS_PROP_UNDEFINED;
2985 uint64_t norm = ZFS_PROP_UNDEFINED;
2986 uint64_t u8 = ZFS_PROP_UNDEFINED;
2987 int error;
2988
2989 ASSERT(zplprops != NULL);
2990
2991 /*
2992 * Pull out creator prop choices, if any.
2993 */
2994 if (createprops) {
2995 (void) nvlist_lookup_uint64(createprops,
2996 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2997 (void) nvlist_lookup_uint64(createprops,
2998 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2999 (void) nvlist_remove_all(createprops,
3000 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3001 (void) nvlist_lookup_uint64(createprops,
3002 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3003 (void) nvlist_remove_all(createprops,
3004 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3005 (void) nvlist_lookup_uint64(createprops,
3006 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3007 (void) nvlist_remove_all(createprops,
3008 zfs_prop_to_name(ZFS_PROP_CASE));
3009 }
3010
3011 /*
3012 * If the zpl version requested is whacky or the file system
3013 * or pool is version is too "young" to support normalization
3014 * and the creator tried to set a value for one of the props,
3015 * error out.
3016 */
3017 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3018 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3019 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3020 (zplver < ZPL_VERSION_NORMALIZATION &&
3021 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3022 sense != ZFS_PROP_UNDEFINED)))
3023 return (ENOTSUP);
3024
3025 /*
3026 * Put the version in the zplprops
3027 */
3028 VERIFY(nvlist_add_uint64(zplprops,
3029 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3030
3031 if (norm == ZFS_PROP_UNDEFINED &&
3032 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3033 return (error);
3034 VERIFY(nvlist_add_uint64(zplprops,
3035 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3036
3037 /*
3038 * If we're normalizing, names must always be valid UTF-8 strings.
3039 */
3040 if (norm)
3041 u8 = 1;
3042 if (u8 == ZFS_PROP_UNDEFINED &&
3043 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3044 return (error);
3045 VERIFY(nvlist_add_uint64(zplprops,
3046 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3047
3048 if (sense == ZFS_PROP_UNDEFINED &&
3049 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3050 return (error);
3051 VERIFY(nvlist_add_uint64(zplprops,
3052 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3053
3054 if (is_ci)
3055 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3056
3057 return (0);
3058 }
3059
3060 static int
3061 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3062 nvlist_t *zplprops, boolean_t *is_ci)
3063 {
3064 boolean_t fuids_ok, sa_ok;
3065 uint64_t zplver = ZPL_VERSION;
3066 objset_t *os = NULL;
3067 char parentname[MAXNAMELEN];
3068 char *cp;
3069 spa_t *spa;
3070 uint64_t spa_vers;
3071 int error;
3072
3073 (void) strlcpy(parentname, dataset, sizeof (parentname));
3074 cp = strrchr(parentname, '/');
3075 ASSERT(cp != NULL);
3076 cp[0] = '\0';
3077
3078 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3079 return (error);
3080
3081 spa_vers = spa_version(spa);
3082 spa_close(spa, FTAG);
3083
3084 zplver = zfs_zpl_version_map(spa_vers);
3085 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3086 sa_ok = (zplver >= ZPL_VERSION_SA);
3087
3088 /*
3089 * Open parent object set so we can inherit zplprop values.
3090 */
3091 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3092 return (error);
3093
3094 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3095 zplprops, is_ci);
3096 dmu_objset_rele(os, FTAG);
3097 return (error);
3098 }
3099
3100 static int
3101 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3102 nvlist_t *zplprops, boolean_t *is_ci)
3103 {
3104 boolean_t fuids_ok;
3105 boolean_t sa_ok;
3106 uint64_t zplver = ZPL_VERSION;
3107 int error;
3108
3109 zplver = zfs_zpl_version_map(spa_vers);
3110 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3111 sa_ok = (zplver >= ZPL_VERSION_SA);
3112
3113 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3114 createprops, zplprops, is_ci);
3115 return (error);
3116 }
3117
3118 /*
3119 * innvl: {
3120 * "type" -> dmu_objset_type_t (int32)
3121 * (optional) "props" -> { prop -> value }
3122 * }
3123 *
3124 * outnvl: propname -> error code (int32)
3125 */
3126 static int
3127 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3128 {
3129 int error = 0;
3130 zfs_creat_t zct = { 0 };
3131 nvlist_t *nvprops = NULL;
3132 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3133 int32_t type32;
3134 dmu_objset_type_t type;
3135 boolean_t is_insensitive = B_FALSE;
3136
3137 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3138 return (EINVAL);
3139 type = type32;
3140 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3141
3142 switch (type) {
3143 case DMU_OST_ZFS:
3144 cbfunc = zfs_create_cb;
3145 break;
3146
3147 case DMU_OST_ZVOL:
3148 cbfunc = zvol_create_cb;
3149 break;
3150
3151 default:
3152 cbfunc = NULL;
3153 break;
3154 }
3155 if (strchr(fsname, '@') ||
3156 strchr(fsname, '%'))
3157 return (EINVAL);
3158
3159 zct.zct_props = nvprops;
3160
3161 if (cbfunc == NULL)
3162 return (EINVAL);
3163
3164 if (type == DMU_OST_ZVOL) {
3165 uint64_t volsize, volblocksize;
3166
3167 if (nvprops == NULL)
3168 return (EINVAL);
3169 if (nvlist_lookup_uint64(nvprops,
3170 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3171 return (EINVAL);
3172
3173 if ((error = nvlist_lookup_uint64(nvprops,
3174 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3175 &volblocksize)) != 0 && error != ENOENT)
3176 return (EINVAL);
3177
3178 if (error != 0)
3179 volblocksize = zfs_prop_default_numeric(
3180 ZFS_PROP_VOLBLOCKSIZE);
3181
3182 if ((error = zvol_check_volblocksize(
3183 volblocksize)) != 0 ||
3184 (error = zvol_check_volsize(volsize,
3185 volblocksize)) != 0)
3186 return (error);
3187 } else if (type == DMU_OST_ZFS) {
3188 int error;
3189
3190 /*
3191 * We have to have normalization and
3192 * case-folding flags correct when we do the
3193 * file system creation, so go figure them out
3194 * now.
3195 */
3196 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3197 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3198 error = zfs_fill_zplprops(fsname, nvprops,
3199 zct.zct_zplprops, &is_insensitive);
3200 if (error != 0) {
3201 nvlist_free(zct.zct_zplprops);
3202 return (error);
3203 }
3204 }
3205
3206 error = dmu_objset_create(fsname, type,
3207 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3208 nvlist_free(zct.zct_zplprops);
3209
3210 /*
3211 * It would be nice to do this atomically.
3212 */
3213 if (error == 0) {
3214 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3215 nvprops, outnvl);
3216 if (error != 0)
3217 (void) dmu_objset_destroy(fsname, B_FALSE);
3218 }
3219 return (error);
3220 }
3221
3222 /*
3223 * innvl: {
3224 * "origin" -> name of origin snapshot
3225 * (optional) "props" -> { prop -> value }
3226 * }
3227 *
3228 * outnvl: propname -> error code (int32)
3229 */
3230 static int
3231 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3232 {
3233 int error = 0;
3234 nvlist_t *nvprops = NULL;
3235 char *origin_name;
3236 dsl_dataset_t *origin;
3237
3238 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3239 return (EINVAL);
3240 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3241
3242 if (strchr(fsname, '@') ||
3243 strchr(fsname, '%'))
3244 return (EINVAL);
3245
3246 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3247 return (EINVAL);
3248
3249 error = dsl_dataset_hold(origin_name, FTAG, &origin);
3250 if (error)
3251 return (error);
3252
3253 error = dmu_objset_clone(fsname, origin, 0);
3254 dsl_dataset_rele(origin, FTAG);
3255 if (error)
3256 return (error);
3257
3258 /*
3259 * It would be nice to do this atomically.
3260 */
3261 if (error == 0) {
3262 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3263 nvprops, outnvl);
3264 if (error != 0)
3265 (void) dmu_objset_destroy(fsname, B_FALSE);
3266 }
3267 return (error);
3268 }
3269
3270 /*
3271 * innvl: {
3272 * "snaps" -> { snapshot1, snapshot2 }
3273 * (optional) "props" -> { prop -> value (string) }
3274 * }
3275 *
3276 * outnvl: snapshot -> error code (int32)
3277 *
3278 */
3279 static int
3280 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3281 {
3282 nvlist_t *snaps;
3283 nvlist_t *props = NULL;
3284 int error, poollen;
3285 nvpair_t *pair;
3286
3287 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3288 if ((error = zfs_check_userprops(poolname, props)) != 0)
3289 return (error);
3290
3291 if (!nvlist_empty(props) &&
3292 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3293 return (ENOTSUP);
3294
3295 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3296 return (EINVAL);
3297 poollen = strlen(poolname);
3298 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3299 pair = nvlist_next_nvpair(snaps, pair)) {
3300 const char *name = nvpair_name(pair);
3301 const char *cp = strchr(name, '@');
3302
3303 /*
3304 * The snap name must contain an @, and the part after it must
3305 * contain only valid characters.
3306 */
3307 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3308 return (EINVAL);
3309
3310 /*
3311 * The snap must be in the specified pool.
3312 */
3313 if (strncmp(name, poolname, poollen) != 0 ||
3314 (name[poollen] != '/' && name[poollen] != '@'))
3315 return (EXDEV);
3316
3317 /* This must be the only snap of this fs. */
3318 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3319 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3320 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3321 == 0) {
3322 return (EXDEV);
3323 }
3324 }
3325 }
3326
3327 error = dmu_objset_snapshot(snaps, props, outnvl);
3328 return (error);
3329 }
3330
3331 /*
3332 * innvl: "message" -> string
3333 */
3334 /* ARGSUSED */
3335 static int
3336 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3337 {
3338 char *message;
3339 spa_t *spa;
3340 int error;
3341 char *poolname;
3342
3343 /*
3344 * The poolname in the ioctl is not set, we get it from the TSD,
3345 * which was set at the end of the last successful ioctl that allows
3346 * logging. The secpolicy func already checked that it is set.
3347 * Only one log ioctl is allowed after each successful ioctl, so
3348 * we clear the TSD here.
3349 */
3350 poolname = tsd_get(zfs_allow_log_key);
3351 (void) tsd_set(zfs_allow_log_key, NULL);
3352 error = spa_open(poolname, &spa, FTAG);
3353 strfree(poolname);
3354 if (error != 0)
3355 return (error);
3356
3357 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3358 spa_close(spa, FTAG);
3359 return (EINVAL);
3360 }
3361
3362 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3363 spa_close(spa, FTAG);
3364 return (ENOTSUP);
3365 }
3366
3367 error = spa_history_log(spa, message);
3368 spa_close(spa, FTAG);
3369 return (error);
3370 }
3371
3372 /* ARGSUSED */
3373 int
3374 zfs_unmount_snap(const char *name, void *arg)
3375 {
3376 vfs_t *vfsp;
3377 int err;
3378
3379 if (strchr(name, '@') == NULL)
3380 return (0);
3381
3382 vfsp = zfs_get_vfs(name);
3383 if (vfsp == NULL)
3384 return (0);
3385
3386 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3387 VFS_RELE(vfsp);
3388 return (err);
3389 }
3390 VFS_RELE(vfsp);
3391
3392 /*
3393 * Always force the unmount for snapshots.
3394 */
3395 return (dounmount(vfsp, MS_FORCE, kcred));
3396 }
3397
3398 /*
3399 * innvl: {
3400 * "snaps" -> { snapshot1, snapshot2 }
3401 * (optional boolean) "defer"
3402 * }
3403 *
3404 * outnvl: snapshot -> error code (int32)
3405 *
3406 */
3407 static int
3408 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3409 {
3410 int poollen;
3411 nvlist_t *snaps;
3412 nvpair_t *pair;
3413 boolean_t defer;
3414
3415 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3416 return (EINVAL);
3417 defer = nvlist_exists(innvl, "defer");
3418
3419 poollen = strlen(poolname);
3420 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3421 pair = nvlist_next_nvpair(snaps, pair)) {
3422 const char *name = nvpair_name(pair);
3423
3424 /*
3425 * The snap must be in the specified pool.
3426 */
3427 if (strncmp(name, poolname, poollen) != 0 ||
3428 (name[poollen] != '/' && name[poollen] != '@'))
3429 return (EXDEV);
3430
3431 /*
3432 * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3433 * will deal with this gracefully (by filling in outnvl).
3434 */
3435 (void) zfs_unmount_snap(name, NULL);
3436 }
3437
3438 return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3439 }
3440
3441 /*
3442 * inputs:
3443 * zc_name name of dataset to destroy
3444 * zc_objset_type type of objset
3445 * zc_defer_destroy mark for deferred destroy
3446 *
3447 * outputs: none
3448 */
3449 static int
3450 zfs_ioc_destroy(zfs_cmd_t *zc)
3451 {
3452 int err;
3453 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3454 err = zfs_unmount_snap(zc->zc_name, NULL);
3455 if (err)
3456 return (err);
3457 }
3458
3459 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3460 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3461 (void) zvol_remove_minor(zc->zc_name);
3462 return (err);
3463 }
3464
3465 /*
3466 * inputs:
3467 * zc_name name of dataset to rollback (to most recent snapshot)
3468 *
3469 * outputs: none
3470 */
3471 static int
3472 zfs_ioc_rollback(zfs_cmd_t *zc)
3473 {
3474 dsl_dataset_t *ds, *clone;
3475 int error;
3476 zfsvfs_t *zfsvfs;
3477 char *clone_name;
3478
3479 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3480 if (error)
3481 return (error);
3482
3483 /* must not be a snapshot */
3484 if (dsl_dataset_is_snapshot(ds)) {
3485 dsl_dataset_rele(ds, FTAG);
3486 return (EINVAL);
3487 }
3488
3489 /* must have a most recent snapshot */
3490 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3491 dsl_dataset_rele(ds, FTAG);
3492 return (EINVAL);
3493 }
3494
3495 /*
3496 * Create clone of most recent snapshot.
3497 */
3498 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3499 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3500 if (error)
3501 goto out;
3502
3503 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3504 if (error)
3505 goto out;
3506
3507 /*
3508 * Do clone swap.
3509 */
3510 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3511 error = zfs_suspend_fs(zfsvfs);
3512 if (error == 0) {
3513 int resume_err;
3514
3515 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3516 error = dsl_dataset_clone_swap(clone, ds,
3517 B_TRUE);
3518 dsl_dataset_disown(ds, FTAG);
3519 ds = NULL;
3520 } else {
3521 error = EBUSY;
3522 }
3523 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3524 error = error ? error : resume_err;
3525 }
3526 VFS_RELE(zfsvfs->z_vfs);
3527 } else {
3528 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3529 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3530 dsl_dataset_disown(ds, FTAG);
3531 ds = NULL;
3532 } else {
3533 error = EBUSY;
3534 }
3535 }
3536
3537 /*
3538 * Destroy clone (which also closes it).
3539 */
3540 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3541
3542 out:
3543 strfree(clone_name);
3544 if (ds)
3545 dsl_dataset_rele(ds, FTAG);
3546 return (error);
3547 }
3548
3549 /*
3550 * inputs:
3551 * zc_name old name of dataset
3552 * zc_value new name of dataset
3553 * zc_cookie recursive flag (only valid for snapshots)
3554 *
3555 * outputs: none
3556 */
3557 static int
3558 zfs_ioc_rename(zfs_cmd_t *zc)
3559 {
3560 boolean_t recursive = zc->zc_cookie & 1;
3561
3562 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3563 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3564 strchr(zc->zc_value, '%'))
3565 return (EINVAL);
3566
3567 /*
3568 * Unmount snapshot unless we're doing a recursive rename,
3569 * in which case the dataset code figures out which snapshots
3570 * to unmount.
3571 */
3572 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3573 zc->zc_objset_type == DMU_OST_ZFS) {
3574 int err = zfs_unmount_snap(zc->zc_name, NULL);
3575 if (err)
3576 return (err);
3577 }
3578 if (zc->zc_objset_type == DMU_OST_ZVOL)
3579 (void) zvol_remove_minor(zc->zc_name);
3580 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3581 }
3582
3583 static int
3584 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3585 {
3586 const char *propname = nvpair_name(pair);
3587 boolean_t issnap = (strchr(dsname, '@') != NULL);
3588 zfs_prop_t prop = zfs_name_to_prop(propname);
3589 uint64_t intval;
3590 int err;
3591
3592 if (prop == ZPROP_INVAL) {
3593 if (zfs_prop_user(propname)) {
3594 if (err = zfs_secpolicy_write_perms(dsname,
3595 ZFS_DELEG_PERM_USERPROP, cr))
3596 return (err);
3597 return (0);
3598 }
3599
3600 if (!issnap && zfs_prop_userquota(propname)) {
3601 const char *perm = NULL;
3602 const char *uq_prefix =
3603 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3604 const char *gq_prefix =
3605 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3606
3607 if (strncmp(propname, uq_prefix,
3608 strlen(uq_prefix)) == 0) {
3609 perm = ZFS_DELEG_PERM_USERQUOTA;
3610 } else if (strncmp(propname, gq_prefix,
3611 strlen(gq_prefix)) == 0) {
3612 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3613 } else {
3614 /* USERUSED and GROUPUSED are read-only */
3615 return (EINVAL);
3616 }
3617
3618 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3619 return (err);
3620 return (0);
3621 }
3622
3623 return (EINVAL);
3624 }
3625
3626 if (issnap)
3627 return (EINVAL);
3628
3629 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3630 /*
3631 * dsl_prop_get_all_impl() returns properties in this
3632 * format.
3633 */
3634 nvlist_t *attrs;
3635 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3636 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3637 &pair) == 0);
3638 }
3639
3640 /*
3641 * Check that this value is valid for this pool version
3642 */
3643 switch (prop) {
3644 case ZFS_PROP_COMPRESSION:
3645 /*
3646 * If the user specified gzip compression, make sure
3647 * the SPA supports it. We ignore any errors here since
3648 * we'll catch them later.
3649 */
3650 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3651 nvpair_value_uint64(pair, &intval) == 0) {
3652 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3653 intval <= ZIO_COMPRESS_GZIP_9 &&
3654 zfs_earlier_version(dsname,
3655 SPA_VERSION_GZIP_COMPRESSION)) {
3656 return (ENOTSUP);
3657 }
3658
3659 if (intval == ZIO_COMPRESS_ZLE &&
3660 zfs_earlier_version(dsname,
3661 SPA_VERSION_ZLE_COMPRESSION))
3662 return (ENOTSUP);
3663
3664 /*
3665 * If this is a bootable dataset then
3666 * verify that the compression algorithm
3667 * is supported for booting. We must return
3668 * something other than ENOTSUP since it
3669 * implies a downrev pool version.
3670 */
3671 if (zfs_is_bootfs(dsname) &&
3672 !BOOTFS_COMPRESS_VALID(intval)) {
3673 return (ERANGE);
3674 }
3675 }
3676 break;
3677
3678 case ZFS_PROP_COPIES:
3679 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3680 return (ENOTSUP);
3681 break;
3682
3683 case ZFS_PROP_DEDUP:
3684 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3685 return (ENOTSUP);
3686 break;
3687
3688 case ZFS_PROP_SHARESMB:
3689 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3690 return (ENOTSUP);
3691 break;
3692
3693 case ZFS_PROP_ACLINHERIT:
3694 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3695 nvpair_value_uint64(pair, &intval) == 0) {
3696 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3697 zfs_earlier_version(dsname,
3698 SPA_VERSION_PASSTHROUGH_X))
3699 return (ENOTSUP);
3700 }
3701 break;
3702 }
3703
3704 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3705 }
3706
3707 /*
3708 * Removes properties from the given props list that fail permission checks
3709 * needed to clear them and to restore them in case of a receive error. For each
3710 * property, make sure we have both set and inherit permissions.
3711 *
3712 * Returns the first error encountered if any permission checks fail. If the
3713 * caller provides a non-NULL errlist, it also gives the complete list of names
3714 * of all the properties that failed a permission check along with the
3715 * corresponding error numbers. The caller is responsible for freeing the
3716 * returned errlist.
3717 *
3718 * If every property checks out successfully, zero is returned and the list
3719 * pointed at by errlist is NULL.
3720 */
3721 static int
3722 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3723 {
3724 zfs_cmd_t *zc;
3725 nvpair_t *pair, *next_pair;
3726 nvlist_t *errors;
3727 int err, rv = 0;
3728
3729 if (props == NULL)
3730 return (0);
3731
3732 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3733
3734 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3735 (void) strcpy(zc->zc_name, dataset);
3736 pair = nvlist_next_nvpair(props, NULL);
3737 while (pair != NULL) {
3738 next_pair = nvlist_next_nvpair(props, pair);
3739
3740 (void) strcpy(zc->zc_value, nvpair_name(pair));
3741 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3742 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3743 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3744 VERIFY(nvlist_add_int32(errors,
3745 zc->zc_value, err) == 0);
3746 }
3747 pair = next_pair;
3748 }
3749 kmem_free(zc, sizeof (zfs_cmd_t));
3750
3751 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3752 nvlist_free(errors);
3753 errors = NULL;
3754 } else {
3755 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3756 }
3757
3758 if (errlist == NULL)
3759 nvlist_free(errors);
3760 else
3761 *errlist = errors;
3762
3763 return (rv);
3764 }
3765
3766 static boolean_t
3767 propval_equals(nvpair_t *p1, nvpair_t *p2)
3768 {
3769 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3770 /* dsl_prop_get_all_impl() format */
3771 nvlist_t *attrs;
3772 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3773 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3774 &p1) == 0);
3775 }
3776
3777 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3778 nvlist_t *attrs;
3779 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3780 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3781 &p2) == 0);
3782 }
3783
3784 if (nvpair_type(p1) != nvpair_type(p2))
3785 return (B_FALSE);
3786
3787 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3788 char *valstr1, *valstr2;
3789
3790 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3791 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3792 return (strcmp(valstr1, valstr2) == 0);
3793 } else {
3794 uint64_t intval1, intval2;
3795
3796 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3797 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3798 return (intval1 == intval2);
3799 }
3800 }
3801
3802 /*
3803 * Remove properties from props if they are not going to change (as determined
3804 * by comparison with origprops). Remove them from origprops as well, since we
3805 * do not need to clear or restore properties that won't change.
3806 */
3807 static void
3808 props_reduce(nvlist_t *props, nvlist_t *origprops)
3809 {
3810 nvpair_t *pair, *next_pair;
3811
3812 if (origprops == NULL)
3813 return; /* all props need to be received */
3814
3815 pair = nvlist_next_nvpair(props, NULL);
3816 while (pair != NULL) {
3817 const char *propname = nvpair_name(pair);
3818 nvpair_t *match;
3819
3820 next_pair = nvlist_next_nvpair(props, pair);
3821
3822 if ((nvlist_lookup_nvpair(origprops, propname,
3823 &match) != 0) || !propval_equals(pair, match))
3824 goto next; /* need to set received value */
3825
3826 /* don't clear the existing received value */
3827 (void) nvlist_remove_nvpair(origprops, match);
3828 /* don't bother receiving the property */
3829 (void) nvlist_remove_nvpair(props, pair);
3830 next:
3831 pair = next_pair;
3832 }
3833 }
3834
3835 #ifdef DEBUG
3836 static boolean_t zfs_ioc_recv_inject_err;
3837 #endif
3838
3839 /*
3840 * inputs:
3841 * zc_name name of containing filesystem
3842 * zc_nvlist_src{_size} nvlist of properties to apply
3843 * zc_value name of snapshot to create
3844 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3845 * zc_cookie file descriptor to recv from
3846 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3847 * zc_guid force flag
3848 * zc_cleanup_fd cleanup-on-exit file descriptor
3849 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3850 *
3851 * outputs:
3852 * zc_cookie number of bytes read
3853 * zc_nvlist_dst{_size} error for each unapplied received property
3854 * zc_obj zprop_errflags_t
3855 * zc_action_handle handle for this guid/ds mapping
3856 */
3857 static int
3858 zfs_ioc_recv(zfs_cmd_t *zc)
3859 {
3860 file_t *fp;
3861 objset_t *os;
3862 dmu_recv_cookie_t drc;
3863 boolean_t force = (boolean_t)zc->zc_guid;
3864 int fd;
3865 int error = 0;
3866 int props_error = 0;
3867 nvlist_t *errors;
3868 offset_t off;
3869 nvlist_t *props = NULL; /* sent properties */
3870 nvlist_t *origprops = NULL; /* existing properties */
3871 objset_t *origin = NULL;
3872 char *tosnap;
3873 char tofs[ZFS_MAXNAMELEN];
3874 boolean_t first_recvd_props = B_FALSE;
3875
3876 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3877 strchr(zc->zc_value, '@') == NULL ||
3878 strchr(zc->zc_value, '%'))
3879 return (EINVAL);
3880
3881 (void) strcpy(tofs, zc->zc_value);
3882 tosnap = strchr(tofs, '@');
3883 *tosnap++ = '\0';
3884
3885 if (zc->zc_nvlist_src != NULL &&
3886 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3887 zc->zc_iflags, &props)) != 0)
3888 return (error);
3889
3890 fd = zc->zc_cookie;
3891 fp = getf(fd);
3892 if (fp == NULL) {
3893 nvlist_free(props);
3894 return (EBADF);
3895 }
3896
3897 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3898
3899 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3900 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3901 !dsl_prop_get_hasrecvd(os)) {
3902 first_recvd_props = B_TRUE;
3903 }
3904
3905 /*
3906 * If new received properties are supplied, they are to
3907 * completely replace the existing received properties, so stash
3908 * away the existing ones.
3909 */
3910 if (dsl_prop_get_received(os, &origprops) == 0) {
3911 nvlist_t *errlist = NULL;
3912 /*
3913 * Don't bother writing a property if its value won't
3914 * change (and avoid the unnecessary security checks).
3915 *
3916 * The first receive after SPA_VERSION_RECVD_PROPS is a
3917 * special case where we blow away all local properties
3918 * regardless.
3919 */
3920 if (!first_recvd_props)
3921 props_reduce(props, origprops);
3922 if (zfs_check_clearable(tofs, origprops,
3923 &errlist) != 0)
3924 (void) nvlist_merge(errors, errlist, 0);
3925 nvlist_free(errlist);
3926 }
3927
3928 dmu_objset_rele(os, FTAG);
3929 }
3930
3931 if (zc->zc_string[0]) {
3932 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3933 if (error)
3934 goto out;
3935 }
3936
3937 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3938 &zc->zc_begin_record, force, origin, &drc);
3939 if (origin)
3940 dmu_objset_rele(origin, FTAG);
3941 if (error)
3942 goto out;
3943
3944 /*
3945 * Set properties before we receive the stream so that they are applied
3946 * to the new data. Note that we must call dmu_recv_stream() if
3947 * dmu_recv_begin() succeeds.
3948 */
3949 if (props) {
3950 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3951 if (drc.drc_newfs) {
3952 if (spa_version(os->os_spa) >=
3953 SPA_VERSION_RECVD_PROPS)
3954 first_recvd_props = B_TRUE;
3955 } else if (origprops != NULL) {
3956 if (clear_received_props(os, tofs, origprops,
3957 first_recvd_props ? NULL : props) != 0)
3958 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3959 } else {
3960 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3961 }
3962 dsl_prop_set_hasrecvd(os);
3963 } else if (!drc.drc_newfs) {
3964 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3965 }
3966
3967 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3968 props, errors);
3969 }
3970
3971 if (zc->zc_nvlist_dst_size != 0 &&
3972 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3973 put_nvlist(zc, errors) != 0)) {
3974 /*
3975 * Caller made zc->zc_nvlist_dst less than the minimum expected
3976 * size or supplied an invalid address.
3977 */
3978 props_error = EINVAL;
3979 }
3980
3981 off = fp->f_offset;
3982 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3983 &zc->zc_action_handle);
3984
3985 if (error == 0) {
3986 zfsvfs_t *zfsvfs = NULL;
3987
3988 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3989 /* online recv */
3990 int end_err;
3991
3992 error = zfs_suspend_fs(zfsvfs);
3993 /*
3994 * If the suspend fails, then the recv_end will
3995 * likely also fail, and clean up after itself.
3996 */
3997 end_err = dmu_recv_end(&drc);
3998 if (error == 0)
3999 error = zfs_resume_fs(zfsvfs, tofs);
4000 error = error ? error : end_err;
4001 VFS_RELE(zfsvfs->z_vfs);
4002 } else {
4003 error = dmu_recv_end(&drc);
4004 }
4005 }
4006
4007 zc->zc_cookie = off - fp->f_offset;
4008 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4009 fp->f_offset = off;
4010
4011 #ifdef DEBUG
4012 if (zfs_ioc_recv_inject_err) {
4013 zfs_ioc_recv_inject_err = B_FALSE;
4014 error = 1;
4015 }
4016 #endif
4017 /*
4018 * On error, restore the original props.
4019 */
4020 if (error && props) {
4021 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4022 if (clear_received_props(os, tofs, props, NULL) != 0) {
4023 /*
4024 * We failed to clear the received properties.
4025 * Since we may have left a $recvd value on the
4026 * system, we can't clear the $hasrecvd flag.
4027 */
4028 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4029 } else if (first_recvd_props) {
4030 dsl_prop_unset_hasrecvd(os);
4031 }
4032 dmu_objset_rele(os, FTAG);
4033 } else if (!drc.drc_newfs) {
4034 /* We failed to clear the received properties. */
4035 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4036 }
4037
4038 if (origprops == NULL && !drc.drc_newfs) {
4039 /* We failed to stash the original properties. */
4040 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4041 }
4042
4043 /*
4044 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4045 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4046 * explictly if we're restoring local properties cleared in the
4047 * first new-style receive.
4048 */
4049 if (origprops != NULL &&
4050 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4051 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4052 origprops, NULL) != 0) {
4053 /*
4054 * We stashed the original properties but failed to
4055 * restore them.
4056 */
4057 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4058 }
4059 }
4060 out:
4061 nvlist_free(props);
4062 nvlist_free(origprops);
4063 nvlist_free(errors);
4064 releasef(fd);
4065
4066 if (error == 0)
4067 error = props_error;
4068
4069 return (error);
4070 }
4071
4072 /*
4073 * inputs:
4074 * zc_name name of snapshot to send
4075 * zc_cookie file descriptor to send stream to
4076 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4077 * zc_sendobj objsetid of snapshot to send
4078 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4079 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4080 * output size in zc_objset_type.
4081 *
4082 * outputs: none
4083 */
4084 static int
4085 zfs_ioc_send(zfs_cmd_t *zc)
4086 {
4087 objset_t *fromsnap = NULL;
4088 objset_t *tosnap;
4089 int error;
4090 offset_t off;
4091 dsl_dataset_t *ds;
4092 dsl_dataset_t *dsfrom = NULL;
4093 spa_t *spa;
4094 dsl_pool_t *dp;
4095 boolean_t estimate = (zc->zc_guid != 0);
4096
4097 error = spa_open(zc->zc_name, &spa, FTAG);
4098 if (error)
4099 return (error);
4100
4101 dp = spa_get_dsl(spa);
4102 rw_enter(&dp->dp_config_rwlock, RW_READER);
4103 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4104 rw_exit(&dp->dp_config_rwlock);
4105 spa_close(spa, FTAG);
4106 if (error)
4107 return (error);
4108
4109 error = dmu_objset_from_ds(ds, &tosnap);
4110 if (error) {
4111 dsl_dataset_rele(ds, FTAG);
4112 return (error);
4113 }
4114
4115 if (zc->zc_fromobj != 0) {
4116 rw_enter(&dp->dp_config_rwlock, RW_READER);
4117 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4118 rw_exit(&dp->dp_config_rwlock);
4119 if (error) {
4120 dsl_dataset_rele(ds, FTAG);
4121 return (error);
4122 }
4123 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4124 if (error) {
4125 dsl_dataset_rele(dsfrom, FTAG);
4126 dsl_dataset_rele(ds, FTAG);
4127 return (error);
4128 }
4129 }
4130
4131 if (zc->zc_obj) {
4132 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4133
4134 if (fromsnap != NULL) {
4135 dsl_dataset_rele(dsfrom, FTAG);
4136 dsl_dataset_rele(ds, FTAG);
4137 return (EINVAL);
4138 }
4139
4140 if (dsl_dir_is_clone(ds->ds_dir)) {
4141 rw_enter(&dp->dp_config_rwlock, RW_READER);
4142 error = dsl_dataset_hold_obj(dp,
4143 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4144 rw_exit(&dp->dp_config_rwlock);
4145 if (error) {
4146 dsl_dataset_rele(ds, FTAG);
4147 return (error);
4148 }
4149 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4150 if (error) {
4151 dsl_dataset_rele(dsfrom, FTAG);
4152 dsl_dataset_rele(ds, FTAG);
4153 return (error);
4154 }
4155 }
4156 }
4157
4158 if (estimate) {
4159 error = dmu_send_estimate(tosnap, fromsnap,
4160 &zc->zc_objset_type);
4161 } else {
4162 file_t *fp = getf(zc->zc_cookie);
4163 if (fp == NULL) {
4164 dsl_dataset_rele(ds, FTAG);
4165 if (dsfrom)
4166 dsl_dataset_rele(dsfrom, FTAG);
4167 return (EBADF);
4168 }
4169
4170 off = fp->f_offset;
4171 error = dmu_send(tosnap, fromsnap,
4172 zc->zc_cookie, fp->f_vnode, &off);
4173
4174 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4175 fp->f_offset = off;
4176 releasef(zc->zc_cookie);
4177 }
4178 if (dsfrom)
4179 dsl_dataset_rele(dsfrom, FTAG);
4180 dsl_dataset_rele(ds, FTAG);
4181 return (error);
4182 }
4183
4184 /*
4185 * inputs:
4186 * zc_name name of snapshot on which to report progress
4187 * zc_cookie file descriptor of send stream
4188 *
4189 * outputs:
4190 * zc_cookie number of bytes written in send stream thus far
4191 */
4192 static int
4193 zfs_ioc_send_progress(zfs_cmd_t *zc)
4194 {
4195 dsl_dataset_t *ds;
4196 dmu_sendarg_t *dsp = NULL;
4197 int error;
4198
4199 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4200 return (error);
4201
4202 mutex_enter(&ds->ds_sendstream_lock);
4203
4204 /*
4205 * Iterate over all the send streams currently active on this dataset.
4206 * If there's one which matches the specified file descriptor _and_ the
4207 * stream was started by the current process, return the progress of
4208 * that stream.
4209 */
4210 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4211 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4212 if (dsp->dsa_outfd == zc->zc_cookie &&
4213 dsp->dsa_proc == curproc)
4214 break;
4215 }
4216
4217 if (dsp != NULL)
4218 zc->zc_cookie = *(dsp->dsa_off);
4219 else
4220 error = ENOENT;
4221
4222 mutex_exit(&ds->ds_sendstream_lock);
4223 dsl_dataset_rele(ds, FTAG);
4224 return (error);
4225 }
4226
4227 static int
4228 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4229 {
4230 int id, error;
4231
4232 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4233 &zc->zc_inject_record);
4234
4235 if (error == 0)
4236 zc->zc_guid = (uint64_t)id;
4237
4238 return (error);
4239 }
4240
4241 static int
4242 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4243 {
4244 return (zio_clear_fault((int)zc->zc_guid));
4245 }
4246
4247 static int
4248 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4249 {
4250 int id = (int)zc->zc_guid;
4251 int error;
4252
4253 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4254 &zc->zc_inject_record);
4255
4256 zc->zc_guid = id;
4257
4258 return (error);
4259 }
4260
4261 static int
4262 zfs_ioc_error_log(zfs_cmd_t *zc)
4263 {
4264 spa_t *spa;
4265 int error;
4266 size_t count = (size_t)zc->zc_nvlist_dst_size;
4267
4268 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4269 return (error);
4270
4271 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4272 &count);
4273 if (error == 0)
4274 zc->zc_nvlist_dst_size = count;
4275 else
4276 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4277
4278 spa_close(spa, FTAG);
4279
4280 return (error);
4281 }
4282
4283 static int
4284 zfs_ioc_clear(zfs_cmd_t *zc)
4285 {
4286 spa_t *spa;
4287 vdev_t *vd;
4288 int error;
4289
4290 /*
4291 * On zpool clear we also fix up missing slogs
4292 */
4293 mutex_enter(&spa_namespace_lock);
4294 spa = spa_lookup(zc->zc_name);
4295 if (spa == NULL) {
4296 mutex_exit(&spa_namespace_lock);
4297 return (EIO);
4298 }
4299 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4300 /* we need to let spa_open/spa_load clear the chains */
4301 spa_set_log_state(spa, SPA_LOG_CLEAR);
4302 }
4303 spa->spa_last_open_failed = 0;
4304 mutex_exit(&spa_namespace_lock);
4305
4306 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4307 error = spa_open(zc->zc_name, &spa, FTAG);
4308 } else {
4309 nvlist_t *policy;
4310 nvlist_t *config = NULL;
4311
4312 if (zc->zc_nvlist_src == NULL)
4313 return (EINVAL);
4314
4315 if ((error = get_nvlist(zc->zc_nvlist_src,
4316 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4317 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4318 policy, &config);
4319 if (config != NULL) {
4320 int err;
4321
4322 if ((err = put_nvlist(zc, config)) != 0)
4323 error = err;
4324 nvlist_free(config);
4325 }
4326 nvlist_free(policy);
4327 }
4328 }
4329
4330 if (error)
4331 return (error);
4332
4333 spa_vdev_state_enter(spa, SCL_NONE);
4334
4335 if (zc->zc_guid == 0) {
4336 vd = NULL;
4337 } else {
4338 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4339 if (vd == NULL) {
4340 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4341 spa_close(spa, FTAG);
4342 return (ENODEV);
4343 }
4344 }
4345
4346 vdev_clear(spa, vd);
4347
4348 (void) spa_vdev_state_exit(spa, NULL, 0);
4349
4350 /*
4351 * Resume any suspended I/Os.
4352 */
4353 if (zio_resume(spa) != 0)
4354 error = EIO;
4355
4356 spa_close(spa, FTAG);
4357
4358 return (error);
4359 }
4360
4361 static int
4362 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4363 {
4364 spa_t *spa;
4365 int error;
4366
4367 error = spa_open(zc->zc_name, &spa, FTAG);
4368 if (error)
4369 return (error);
4370
4371 spa_vdev_state_enter(spa, SCL_NONE);
4372
4373 /*
4374 * If a resilver is already in progress then set the
4375 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4376 * the scan as a side effect of the reopen. Otherwise, let
4377 * vdev_open() decided if a resilver is required.
4378 */
4379 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4380 vdev_reopen(spa->spa_root_vdev);
4381 spa->spa_scrub_reopen = B_FALSE;
4382
4383 (void) spa_vdev_state_exit(spa, NULL, 0);
4384 spa_close(spa, FTAG);
4385 return (0);
4386 }
4387 /*
4388 * inputs:
4389 * zc_name name of filesystem
4390 * zc_value name of origin snapshot
4391 *
4392 * outputs:
4393 * zc_string name of conflicting snapshot, if there is one
4394 */
4395 static int
4396 zfs_ioc_promote(zfs_cmd_t *zc)
4397 {
4398 char *cp;
4399
4400 /*
4401 * We don't need to unmount *all* the origin fs's snapshots, but
4402 * it's easier.
4403 */
4404 cp = strchr(zc->zc_value, '@');
4405 if (cp)
4406 *cp = '\0';
4407 (void) dmu_objset_find(zc->zc_value,
4408 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4409 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4410 }
4411
4412 /*
4413 * Retrieve a single {user|group}{used|quota}@... property.
4414 *
4415 * inputs:
4416 * zc_name name of filesystem
4417 * zc_objset_type zfs_userquota_prop_t
4418 * zc_value domain name (eg. "S-1-234-567-89")
4419 * zc_guid RID/UID/GID
4420 *
4421 * outputs:
4422 * zc_cookie property value
4423 */
4424 static int
4425 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4426 {
4427 zfsvfs_t *zfsvfs;
4428 int error;
4429
4430 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4431 return (EINVAL);
4432
4433 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4434 if (error)
4435 return (error);
4436
4437 error = zfs_userspace_one(zfsvfs,
4438 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4439 zfsvfs_rele(zfsvfs, FTAG);
4440
4441 return (error);
4442 }
4443
4444 /*
4445 * inputs:
4446 * zc_name name of filesystem
4447 * zc_cookie zap cursor
4448 * zc_objset_type zfs_userquota_prop_t
4449 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4450 *
4451 * outputs:
4452 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4453 * zc_cookie zap cursor
4454 */
4455 static int
4456 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4457 {
4458 zfsvfs_t *zfsvfs;
4459 int bufsize = zc->zc_nvlist_dst_size;
4460
4461 if (bufsize <= 0)
4462 return (ENOMEM);
4463
4464 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4465 if (error)
4466 return (error);
4467
4468 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4469
4470 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4471 buf, &zc->zc_nvlist_dst_size);
4472
4473 if (error == 0) {
4474 error = xcopyout(buf,
4475 (void *)(uintptr_t)zc->zc_nvlist_dst,
4476 zc->zc_nvlist_dst_size);
4477 }
4478 kmem_free(buf, bufsize);
4479 zfsvfs_rele(zfsvfs, FTAG);
4480
4481 return (error);
4482 }
4483
4484 /*
4485 * inputs:
4486 * zc_name name of filesystem
4487 *
4488 * outputs:
4489 * none
4490 */
4491 static int
4492 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4493 {
4494 objset_t *os;
4495 int error = 0;
4496 zfsvfs_t *zfsvfs;
4497
4498 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4499 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4500 /*
4501 * If userused is not enabled, it may be because the
4502 * objset needs to be closed & reopened (to grow the
4503 * objset_phys_t). Suspend/resume the fs will do that.
4504 */
4505 error = zfs_suspend_fs(zfsvfs);
4506 if (error == 0)
4507 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4508 }
4509 if (error == 0)
4510 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4511 VFS_RELE(zfsvfs->z_vfs);
4512 } else {
4513 /* XXX kind of reading contents without owning */
4514 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4515 if (error)
4516 return (error);
4517
4518 error = dmu_objset_userspace_upgrade(os);
4519 dmu_objset_rele(os, FTAG);
4520 }
4521
4522 return (error);
4523 }
4524
4525 /*
4526 * We don't want to have a hard dependency
4527 * against some special symbols in sharefs
4528 * nfs, and smbsrv. Determine them if needed when
4529 * the first file system is shared.
4530 * Neither sharefs, nfs or smbsrv are unloadable modules.
4531 */
4532 int (*znfsexport_fs)(void *arg);
4533 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4534 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4535
4536 int zfs_nfsshare_inited;
4537 int zfs_smbshare_inited;
4538
4539 ddi_modhandle_t nfs_mod;
4540 ddi_modhandle_t sharefs_mod;
4541 ddi_modhandle_t smbsrv_mod;
4542 kmutex_t zfs_share_lock;
4543
4544 static int
4545 zfs_init_sharefs()
4546 {
4547 int error;
4548
4549 ASSERT(MUTEX_HELD(&zfs_share_lock));
4550 /* Both NFS and SMB shares also require sharetab support. */
4551 if (sharefs_mod == NULL && ((sharefs_mod =
4552 ddi_modopen("fs/sharefs",
4553 KRTLD_MODE_FIRST, &error)) == NULL)) {
4554 return (ENOSYS);
4555 }
4556 if (zshare_fs == NULL && ((zshare_fs =
4557 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4558 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4559 return (ENOSYS);
4560 }
4561 return (0);
4562 }
4563
4564 static int
4565 zfs_ioc_share(zfs_cmd_t *zc)
4566 {
4567 int error;
4568 int opcode;
4569
4570 switch (zc->zc_share.z_sharetype) {
4571 case ZFS_SHARE_NFS:
4572 case ZFS_UNSHARE_NFS:
4573 if (zfs_nfsshare_inited == 0) {
4574 mutex_enter(&zfs_share_lock);
4575 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4576 KRTLD_MODE_FIRST, &error)) == NULL)) {
4577 mutex_exit(&zfs_share_lock);
4578 return (ENOSYS);
4579 }
4580 if (znfsexport_fs == NULL &&
4581 ((znfsexport_fs = (int (*)(void *))
4582 ddi_modsym(nfs_mod,
4583 "nfs_export", &error)) == NULL)) {
4584 mutex_exit(&zfs_share_lock);
4585 return (ENOSYS);
4586 }
4587 error = zfs_init_sharefs();
4588 if (error) {
4589 mutex_exit(&zfs_share_lock);
4590 return (ENOSYS);
4591 }
4592 zfs_nfsshare_inited = 1;
4593 mutex_exit(&zfs_share_lock);
4594 }
4595 break;
4596 case ZFS_SHARE_SMB:
4597 case ZFS_UNSHARE_SMB:
4598 if (zfs_smbshare_inited == 0) {
4599 mutex_enter(&zfs_share_lock);
4600 if (smbsrv_mod == NULL && ((smbsrv_mod =
4601 ddi_modopen("drv/smbsrv",
4602 KRTLD_MODE_FIRST, &error)) == NULL)) {
4603 mutex_exit(&zfs_share_lock);
4604 return (ENOSYS);
4605 }
4606 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4607 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4608 "smb_server_share", &error)) == NULL)) {
4609 mutex_exit(&zfs_share_lock);
4610 return (ENOSYS);
4611 }
4612 error = zfs_init_sharefs();
4613 if (error) {
4614 mutex_exit(&zfs_share_lock);
4615 return (ENOSYS);
4616 }
4617 zfs_smbshare_inited = 1;
4618 mutex_exit(&zfs_share_lock);
4619 }
4620 break;
4621 default:
4622 return (EINVAL);
4623 }
4624
4625 switch (zc->zc_share.z_sharetype) {
4626 case ZFS_SHARE_NFS:
4627 case ZFS_UNSHARE_NFS:
4628 if (error =
4629 znfsexport_fs((void *)
4630 (uintptr_t)zc->zc_share.z_exportdata))
4631 return (error);
4632 break;
4633 case ZFS_SHARE_SMB:
4634 case ZFS_UNSHARE_SMB:
4635 if (error = zsmbexport_fs((void *)
4636 (uintptr_t)zc->zc_share.z_exportdata,
4637 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4638 B_TRUE: B_FALSE)) {
4639 return (error);
4640 }
4641 break;
4642 }
4643
4644 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4645 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4646 SHAREFS_ADD : SHAREFS_REMOVE;
4647
4648 /*
4649 * Add or remove share from sharetab
4650 */
4651 error = zshare_fs(opcode,
4652 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4653 zc->zc_share.z_sharemax);
4654
4655 return (error);
4656
4657 }
4658
4659 ace_t full_access[] = {
4660 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4661 };
4662
4663 /*
4664 * inputs:
4665 * zc_name name of containing filesystem
4666 * zc_obj object # beyond which we want next in-use object #
4667 *
4668 * outputs:
4669 * zc_obj next in-use object #
4670 */
4671 static int
4672 zfs_ioc_next_obj(zfs_cmd_t *zc)
4673 {
4674 objset_t *os = NULL;
4675 int error;
4676
4677 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4678 if (error)
4679 return (error);
4680
4681 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4682 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4683
4684 dmu_objset_rele(os, FTAG);
4685 return (error);
4686 }
4687
4688 /*
4689 * inputs:
4690 * zc_name name of filesystem
4691 * zc_value prefix name for snapshot
4692 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4693 *
4694 * outputs:
4695 * zc_value short name of new snapshot
4696 */
4697 static int
4698 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4699 {
4700 char *snap_name;
4701 int error;
4702
4703 snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4704 (u_longlong_t)ddi_get_lbolt64());
4705
4706 if (strlen(snap_name) >= MAXPATHLEN) {
4707 strfree(snap_name);
4708 return (E2BIG);
4709 }
4710
4711 error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4712 if (error != 0) {
4713 strfree(snap_name);
4714 return (error);
4715 }
4716
4717 (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4718 strfree(snap_name);
4719 return (0);
4720 }
4721
4722 /*
4723 * inputs:
4724 * zc_name name of "to" snapshot
4725 * zc_value name of "from" snapshot
4726 * zc_cookie file descriptor to write diff data on
4727 *
4728 * outputs:
4729 * dmu_diff_record_t's to the file descriptor
4730 */
4731 static int
4732 zfs_ioc_diff(zfs_cmd_t *zc)
4733 {
4734 objset_t *fromsnap;
4735 objset_t *tosnap;
4736 file_t *fp;
4737 offset_t off;
4738 int error;
4739
4740 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4741 if (error)
4742 return (error);
4743
4744 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4745 if (error) {
4746 dmu_objset_rele(tosnap, FTAG);
4747 return (error);
4748 }
4749
4750 fp = getf(zc->zc_cookie);
4751 if (fp == NULL) {
4752 dmu_objset_rele(fromsnap, FTAG);
4753 dmu_objset_rele(tosnap, FTAG);
4754 return (EBADF);
4755 }
4756
4757 off = fp->f_offset;
4758
4759 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4760
4761 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4762 fp->f_offset = off;
4763 releasef(zc->zc_cookie);
4764
4765 dmu_objset_rele(fromsnap, FTAG);
4766 dmu_objset_rele(tosnap, FTAG);
4767 return (error);
4768 }
4769
4770 /*
4771 * Remove all ACL files in shares dir
4772 */
4773 static int
4774 zfs_smb_acl_purge(znode_t *dzp)
4775 {
4776 zap_cursor_t zc;
4777 zap_attribute_t zap;
4778 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4779 int error;
4780
4781 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4782 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4783 zap_cursor_advance(&zc)) {
4784 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4785 NULL, 0)) != 0)
4786 break;
4787 }
4788 zap_cursor_fini(&zc);
4789 return (error);
4790 }
4791
4792 static int
4793 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4794 {
4795 vnode_t *vp;
4796 znode_t *dzp;
4797 vnode_t *resourcevp = NULL;
4798 znode_t *sharedir;
4799 zfsvfs_t *zfsvfs;
4800 nvlist_t *nvlist;
4801 char *src, *target;
4802 vattr_t vattr;
4803 vsecattr_t vsec;
4804 int error = 0;
4805
4806 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4807 NO_FOLLOW, NULL, &vp)) != 0)
4808 return (error);
4809
4810 /* Now make sure mntpnt and dataset are ZFS */
4811
4812 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4813 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4814 zc->zc_name) != 0)) {
4815 VN_RELE(vp);
4816 return (EINVAL);
4817 }
4818
4819 dzp = VTOZ(vp);
4820 zfsvfs = dzp->z_zfsvfs;
4821 ZFS_ENTER(zfsvfs);
4822
4823 /*
4824 * Create share dir if its missing.
4825 */
4826 mutex_enter(&zfsvfs->z_lock);
4827 if (zfsvfs->z_shares_dir == 0) {
4828 dmu_tx_t *tx;
4829
4830 tx = dmu_tx_create(zfsvfs->z_os);
4831 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4832 ZFS_SHARES_DIR);
4833 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4834 error = dmu_tx_assign(tx, TXG_WAIT);
4835 if (error) {
4836 dmu_tx_abort(tx);
4837 } else {
4838 error = zfs_create_share_dir(zfsvfs, tx);
4839 dmu_tx_commit(tx);
4840 }
4841 if (error) {
4842 mutex_exit(&zfsvfs->z_lock);
4843 VN_RELE(vp);
4844 ZFS_EXIT(zfsvfs);
4845 return (error);
4846 }
4847 }
4848 mutex_exit(&zfsvfs->z_lock);
4849
4850 ASSERT(zfsvfs->z_shares_dir);
4851 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4852 VN_RELE(vp);
4853 ZFS_EXIT(zfsvfs);
4854 return (error);
4855 }
4856
4857 switch (zc->zc_cookie) {
4858 case ZFS_SMB_ACL_ADD:
4859 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4860 vattr.va_type = VREG;
4861 vattr.va_mode = S_IFREG|0777;
4862 vattr.va_uid = 0;
4863 vattr.va_gid = 0;
4864
4865 vsec.vsa_mask = VSA_ACE;
4866 vsec.vsa_aclentp = &full_access;
4867 vsec.vsa_aclentsz = sizeof (full_access);
4868 vsec.vsa_aclcnt = 1;
4869
4870 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4871 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4872 if (resourcevp)
4873 VN_RELE(resourcevp);
4874 break;
4875
4876 case ZFS_SMB_ACL_REMOVE:
4877 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4878 NULL, 0);
4879 break;
4880
4881 case ZFS_SMB_ACL_RENAME:
4882 if ((error = get_nvlist(zc->zc_nvlist_src,
4883 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4884 VN_RELE(vp);
4885 ZFS_EXIT(zfsvfs);
4886 return (error);
4887 }
4888 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4889 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4890 &target)) {
4891 VN_RELE(vp);
4892 VN_RELE(ZTOV(sharedir));
4893 ZFS_EXIT(zfsvfs);
4894 nvlist_free(nvlist);
4895 return (error);
4896 }
4897 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4898 kcred, NULL, 0);
4899 nvlist_free(nvlist);
4900 break;
4901
4902 case ZFS_SMB_ACL_PURGE:
4903 error = zfs_smb_acl_purge(sharedir);
4904 break;
4905
4906 default:
4907 error = EINVAL;
4908 break;
4909 }
4910
4911 VN_RELE(vp);
4912 VN_RELE(ZTOV(sharedir));
4913
4914 ZFS_EXIT(zfsvfs);
4915
4916 return (error);
4917 }
4918
4919 /*
4920 * inputs:
4921 * zc_name name of filesystem
4922 * zc_value short name of snap
4923 * zc_string user-supplied tag for this hold
4924 * zc_cookie recursive flag
4925 * zc_temphold set if hold is temporary
4926 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4927 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4928 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4929 *
4930 * outputs: none
4931 */
4932 static int
4933 zfs_ioc_hold(zfs_cmd_t *zc)
4934 {
4935 boolean_t recursive = zc->zc_cookie;
4936 spa_t *spa;
4937 dsl_pool_t *dp;
4938 dsl_dataset_t *ds;
4939 int error;
4940 minor_t minor = 0;
4941
4942 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4943 return (EINVAL);
4944
4945 if (zc->zc_sendobj == 0) {
4946 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4947 zc->zc_string, recursive, zc->zc_temphold,
4948 zc->zc_cleanup_fd));
4949 }
4950
4951 if (recursive)
4952 return (EINVAL);
4953
4954 error = spa_open(zc->zc_name, &spa, FTAG);
4955 if (error)
4956 return (error);
4957
4958 dp = spa_get_dsl(spa);
4959 rw_enter(&dp->dp_config_rwlock, RW_READER);
4960 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4961 rw_exit(&dp->dp_config_rwlock);
4962 spa_close(spa, FTAG);
4963 if (error)
4964 return (error);
4965
4966 /*
4967 * Until we have a hold on this snapshot, it's possible that
4968 * zc_sendobj could've been destroyed and reused as part
4969 * of a later txg. Make sure we're looking at the right object.
4970 */
4971 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4972 dsl_dataset_rele(ds, FTAG);
4973 return (ENOENT);
4974 }
4975
4976 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4977 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4978 if (error) {
4979 dsl_dataset_rele(ds, FTAG);
4980 return (error);
4981 }
4982 }
4983
4984 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4985 zc->zc_temphold);
4986 if (minor != 0) {
4987 if (error == 0) {
4988 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4989 minor);
4990 }
4991 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4992 }
4993 dsl_dataset_rele(ds, FTAG);
4994
4995 return (error);
4996 }
4997
4998 /*
4999 * inputs:
5000 * zc_name name of dataset from which we're releasing a user hold
5001 * zc_value short name of snap
5002 * zc_string user-supplied tag for this hold
5003 * zc_cookie recursive flag
5004 *
5005 * outputs: none
5006 */
5007 static int
5008 zfs_ioc_release(zfs_cmd_t *zc)
5009 {
5010 boolean_t recursive = zc->zc_cookie;
5011
5012 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
5013 return (EINVAL);
5014
5015 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
5016 zc->zc_string, recursive));
5017 }
5018
5019 /*
5020 * inputs:
5021 * zc_name name of filesystem
5022 *
5023 * outputs:
5024 * zc_nvlist_src{_size} nvlist of snapshot holds
5025 */
5026 static int
5027 zfs_ioc_get_holds(zfs_cmd_t *zc)
5028 {
5029 nvlist_t *nvp;
5030 int error;
5031
5032 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
5033 error = put_nvlist(zc, nvp);
5034 nvlist_free(nvp);
5035 }
5036
5037 return (error);
5038 }
5039
5040 /*
5041 * inputs:
5042 * zc_name name of new filesystem or snapshot
5043 * zc_value full name of old snapshot
5044 *
5045 * outputs:
5046 * zc_cookie space in bytes
5047 * zc_objset_type compressed space in bytes
5048 * zc_perm_action uncompressed space in bytes
5049 */
5050 static int
5051 zfs_ioc_space_written(zfs_cmd_t *zc)
5052 {
5053 int error;
5054 dsl_dataset_t *new, *old;
5055
5056 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5057 if (error != 0)
5058 return (error);
5059 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5060 if (error != 0) {
5061 dsl_dataset_rele(new, FTAG);
5062 return (error);
5063 }
5064
5065 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5066 &zc->zc_objset_type, &zc->zc_perm_action);
5067 dsl_dataset_rele(old, FTAG);
5068 dsl_dataset_rele(new, FTAG);
5069 return (error);
5070 }
5071 /*
5072 * innvl: {
5073 * "firstsnap" -> snapshot name
5074 * }
5075 *
5076 * outnvl: {
5077 * "used" -> space in bytes
5078 * "compressed" -> compressed space in bytes
5079 * "uncompressed" -> uncompressed space in bytes
5080 * }
5081 */
5082 static int
5083 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5084 {
5085 int error;
5086 dsl_dataset_t *new, *old;
5087 char *firstsnap;
5088 uint64_t used, comp, uncomp;
5089
5090 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5091 return (EINVAL);
5092
5093 error = dsl_dataset_hold(lastsnap, FTAG, &new);
5094 if (error != 0)
5095 return (error);
5096 error = dsl_dataset_hold(firstsnap, FTAG, &old);
5097 if (error != 0) {
5098 dsl_dataset_rele(new, FTAG);
5099 return (error);
5100 }
5101
5102 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5103 dsl_dataset_rele(old, FTAG);
5104 dsl_dataset_rele(new, FTAG);
5105 fnvlist_add_uint64(outnvl, "used", used);
5106 fnvlist_add_uint64(outnvl, "compressed", comp);
5107 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5108 return (error);
5109 }
5110
5111 /*
5112 * innvl: {
5113 * "fd" -> file descriptor to write stream to (int32)
5114 * (optional) "fromsnap" -> full snap name to send an incremental from
5115 * }
5116 *
5117 * outnvl is unused
5118 */
5119 /* ARGSUSED */
5120 static int
5121 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5122 {
5123 objset_t *fromsnap = NULL;
5124 objset_t *tosnap;
5125 int error;
5126 offset_t off;
5127 char *fromname;
5128 int fd;
5129
5130 error = nvlist_lookup_int32(innvl, "fd", &fd);
5131 if (error != 0)
5132 return (EINVAL);
5133
5134 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5135 if (error)
5136 return (error);
5137
5138 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5139 if (error == 0) {
5140 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5141 if (error) {
5142 dmu_objset_rele(tosnap, FTAG);
5143 return (error);
5144 }
5145 }
5146
5147 file_t *fp = getf(fd);
5148 if (fp == NULL) {
5149 dmu_objset_rele(tosnap, FTAG);
5150 if (fromsnap != NULL)
5151 dmu_objset_rele(fromsnap, FTAG);
5152 return (EBADF);
5153 }
5154
5155 off = fp->f_offset;
5156 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5157
5158 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5159 fp->f_offset = off;
5160 releasef(fd);
5161 if (fromsnap != NULL)
5162 dmu_objset_rele(fromsnap, FTAG);
5163 dmu_objset_rele(tosnap, FTAG);
5164 return (error);
5165 }
5166
5167 /*
5168 * Determine approximately how large a zfs send stream will be -- the number
5169 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5170 *
5171 * innvl: {
5172 * (optional) "fromsnap" -> full snap name to send an incremental from
5173 * }
5174 *
5175 * outnvl: {
5176 * "space" -> bytes of space (uint64)
5177 * }
5178 */
5179 static int
5180 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5181 {
5182 objset_t *fromsnap = NULL;
5183 objset_t *tosnap;
5184 int error;
5185 char *fromname;
5186 uint64_t space;
5187
5188 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5189 if (error)
5190 return (error);
5191
5192 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5193 if (error == 0) {
5194 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5195 if (error) {
5196 dmu_objset_rele(tosnap, FTAG);
5197 return (error);
5198 }
5199 }
5200
5201 error = dmu_send_estimate(tosnap, fromsnap, &space);
5202 fnvlist_add_uint64(outnvl, "space", space);
5203
5204 if (fromsnap != NULL)
5205 dmu_objset_rele(fromsnap, FTAG);
5206 dmu_objset_rele(tosnap, FTAG);
5207 return (error);
5208 }
5209
5210
5211 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5212
5213 static void
5214 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5215 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5216 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5217 {
5218 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5219
5220 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5221 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5222 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5223 ASSERT3P(vec->zvec_func, ==, NULL);
5224
5225 vec->zvec_legacy_func = func;
5226 vec->zvec_secpolicy = secpolicy;
5227 vec->zvec_namecheck = namecheck;
5228 vec->zvec_allow_log = log_history;
5229 vec->zvec_pool_check = pool_check;
5230 }
5231
5232 /*
5233 * See the block comment at the beginning of this file for details on
5234 * each argument to this function.
5235 */
5236 static void
5237 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5238 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5239 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5240 boolean_t allow_log)
5241 {
5242 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5243
5244 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5245 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5246 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5247 ASSERT3P(vec->zvec_func, ==, NULL);
5248
5249 /* if we are logging, the name must be valid */
5250 ASSERT(!allow_log || namecheck != NO_NAME);
5251
5252 vec->zvec_name = name;
5253 vec->zvec_func = func;
5254 vec->zvec_secpolicy = secpolicy;
5255 vec->zvec_namecheck = namecheck;
5256 vec->zvec_pool_check = pool_check;
5257 vec->zvec_smush_outnvlist = smush_outnvlist;
5258 vec->zvec_allow_log = allow_log;
5259 }
5260
5261 static void
5262 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5263 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5264 zfs_ioc_poolcheck_t pool_check)
5265 {
5266 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5267 POOL_NAME, log_history, pool_check);
5268 }
5269
5270 static void
5271 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5272 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5273 {
5274 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5275 DATASET_NAME, B_FALSE, pool_check);
5276 }
5277
5278 static void
5279 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5280 {
5281 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5282 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5283 }
5284
5285 static void
5286 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5287 zfs_secpolicy_func_t *secpolicy)
5288 {
5289 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5290 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5291 }
5292
5293 static void
5294 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5295 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5296 {
5297 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5298 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5299 }
5300
5301 static void
5302 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5303 {
5304 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5305 zfs_secpolicy_read);
5306 }
5307
5308 static void
5309 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5310 zfs_secpolicy_func_t *secpolicy)
5311 {
5312 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5313 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5314 }
5315
5316 static void
5317 zfs_ioctl_init(void)
5318 {
5319 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5320 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5321 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5322
5323 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5324 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5325 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5326
5327 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5328 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5329 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5330
5331 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5332 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5333 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5334
5335 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5336 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5337 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5338
5339 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5340 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5341 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5342
5343 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5344 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5345 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5346
5347 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5348 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5349 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5350
5351 /* IOCTLS that use the legacy function signature */
5352
5353 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5354 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5355
5356 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5357 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5358 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5359 zfs_ioc_pool_scan);
5360 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5361 zfs_ioc_pool_upgrade);
5362 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5363 zfs_ioc_vdev_add);
5364 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5365 zfs_ioc_vdev_remove);
5366 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5367 zfs_ioc_vdev_set_state);
5368 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5369 zfs_ioc_vdev_attach);
5370 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5371 zfs_ioc_vdev_detach);
5372 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5373 zfs_ioc_vdev_setpath);
5374 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5375 zfs_ioc_vdev_setfru);
5376 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5377 zfs_ioc_pool_set_props);
5378 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5379 zfs_ioc_vdev_split);
5380 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5381 zfs_ioc_pool_reguid);
5382
5383 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5384 zfs_ioc_pool_configs, zfs_secpolicy_none);
5385 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5386 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5387 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5388 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5389 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5390 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5391 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5392 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5393
5394 /*
5395 * pool destroy, and export don't log the history as part of
5396 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5397 * does the logging of those commands.
5398 */
5399 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5400 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5401 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5402 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5403
5404 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5405 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5406 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5407 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5408
5409 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5410 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5411 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5412 zfs_ioc_dsobj_to_dsname,
5413 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5414 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5415 zfs_ioc_pool_get_history,
5416 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5417
5418 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5419 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5420
5421 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5422 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5423 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5424 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5425
5426 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5427 zfs_ioc_space_written);
5428 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5429 zfs_ioc_get_holds);
5430 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5431 zfs_ioc_objset_recvd_props);
5432 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5433 zfs_ioc_next_obj);
5434 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5435 zfs_ioc_get_fsacl);
5436 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5437 zfs_ioc_objset_stats);
5438 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5439 zfs_ioc_objset_zplprops);
5440 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5441 zfs_ioc_dataset_list_next);
5442 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5443 zfs_ioc_snapshot_list_next);
5444 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5445 zfs_ioc_send_progress);
5446
5447 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5448 zfs_ioc_diff, zfs_secpolicy_diff);
5449 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5450 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5451 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5452 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5453 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5454 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5455 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5456 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5457 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5458 zfs_ioc_send, zfs_secpolicy_send);
5459
5460 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5461 zfs_secpolicy_none);
5462 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5463 zfs_secpolicy_destroy);
5464 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5465 zfs_secpolicy_rollback);
5466 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5467 zfs_secpolicy_rename);
5468 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5469 zfs_secpolicy_recv);
5470 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5471 zfs_secpolicy_promote);
5472 zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5473 zfs_secpolicy_hold);
5474 zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5475 zfs_secpolicy_release);
5476 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5477 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5478 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5479 zfs_secpolicy_set_fsacl);
5480
5481 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5482 zfs_secpolicy_share, POOL_CHECK_NONE);
5483 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5484 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5485 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5486 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5487 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5488 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5489 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5490 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5491 }
5492
5493 int
5494 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5495 zfs_ioc_poolcheck_t check)
5496 {
5497 spa_t *spa;
5498 int error;
5499
5500 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5501
5502 if (check & POOL_CHECK_NONE)
5503 return (0);
5504
5505 error = spa_open(name, &spa, FTAG);
5506 if (error == 0) {
5507 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5508 error = EAGAIN;
5509 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5510 error = EROFS;
5511 spa_close(spa, FTAG);
5512 }
5513 return (error);
5514 }
5515
5516 /*
5517 * Find a free minor number.
5518 */
5519 minor_t
5520 zfsdev_minor_alloc(void)
5521 {
5522 static minor_t last_minor;
5523 minor_t m;
5524
5525 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5526
5527 for (m = last_minor + 1; m != last_minor; m++) {
5528 if (m > ZFSDEV_MAX_MINOR)
5529 m = 1;
5530 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5531 last_minor = m;
5532 return (m);
5533 }
5534 }
5535
5536 return (0);
5537 }
5538
5539 static int
5540 zfs_ctldev_init(dev_t *devp)
5541 {
5542 minor_t minor;
5543 zfs_soft_state_t *zs;
5544
5545 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5546 ASSERT(getminor(*devp) == 0);
5547
5548 minor = zfsdev_minor_alloc();
5549 if (minor == 0)
5550 return (ENXIO);
5551
5552 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5553 return (EAGAIN);
5554
5555 *devp = makedevice(getemajor(*devp), minor);
5556
5557 zs = ddi_get_soft_state(zfsdev_state, minor);
5558 zs->zss_type = ZSST_CTLDEV;
5559 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5560
5561 return (0);
5562 }
5563
5564 static void
5565 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5566 {
5567 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5568
5569 zfs_onexit_destroy(zo);
5570 ddi_soft_state_free(zfsdev_state, minor);
5571 }
5572
5573 void *
5574 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5575 {
5576 zfs_soft_state_t *zp;
5577
5578 zp = ddi_get_soft_state(zfsdev_state, minor);
5579 if (zp == NULL || zp->zss_type != which)
5580 return (NULL);
5581
5582 return (zp->zss_data);
5583 }
5584
5585 static int
5586 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5587 {
5588 int error = 0;
5589
5590 if (getminor(*devp) != 0)
5591 return (zvol_open(devp, flag, otyp, cr));
5592
5593 /* This is the control device. Allocate a new minor if requested. */
5594 if (flag & FEXCL) {
5595 mutex_enter(&zfsdev_state_lock);
5596 error = zfs_ctldev_init(devp);
5597 mutex_exit(&zfsdev_state_lock);
5598 }
5599
5600 return (error);
5601 }
5602
5603 static int
5604 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5605 {
5606 zfs_onexit_t *zo;
5607 minor_t minor = getminor(dev);
5608
5609 if (minor == 0)
5610 return (0);
5611
5612 mutex_enter(&zfsdev_state_lock);
5613 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5614 if (zo == NULL) {
5615 mutex_exit(&zfsdev_state_lock);
5616 return (zvol_close(dev, flag, otyp, cr));
5617 }
5618 zfs_ctldev_destroy(zo, minor);
5619 mutex_exit(&zfsdev_state_lock);
5620
5621 return (0);
5622 }
5623
5624 static int
5625 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5626 {
5627 zfs_cmd_t *zc;
5628 uint_t vecnum;
5629 int error, rc, len;
5630 minor_t minor = getminor(dev);
5631 const zfs_ioc_vec_t *vec;
5632 char *saved_poolname = NULL;
5633 nvlist_t *innvl = NULL;
5634
5635 if (minor != 0 &&
5636 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5637 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5638
5639 vecnum = cmd - ZFS_IOC_FIRST;
5640 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5641
5642 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5643 return (EINVAL);
5644 vec = &zfs_ioc_vec[vecnum];
5645
5646 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5647
5648 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5649 if (error != 0) {
5650 error = EFAULT;
5651 goto out;
5652 }
5653
5654 zc->zc_iflags = flag & FKIOCTL;
5655 if (zc->zc_nvlist_src_size != 0) {
5656 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5657 zc->zc_iflags, &innvl);
5658 if (error != 0)
5659 goto out;
5660 }
5661
5662 /*
5663 * Ensure that all pool/dataset names are valid before we pass down to
5664 * the lower layers.
5665 */
5666 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5667 switch (vec->zvec_namecheck) {
5668 case POOL_NAME:
5669 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5670 error = EINVAL;
5671 else
5672 error = pool_status_check(zc->zc_name,
5673 vec->zvec_namecheck, vec->zvec_pool_check);
5674 break;
5675
5676 case DATASET_NAME:
5677 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5678 error = EINVAL;
5679 else
5680 error = pool_status_check(zc->zc_name,
5681 vec->zvec_namecheck, vec->zvec_pool_check);
5682 break;
5683
5684 case NO_NAME:
5685 break;
5686 }
5687
5688
5689 if (error == 0 && !(flag & FKIOCTL))
5690 error = vec->zvec_secpolicy(zc, innvl, cr);
5691
5692 if (error != 0)
5693 goto out;
5694
5695 /* legacy ioctls can modify zc_name */
5696 len = strcspn(zc->zc_name, "/@") + 1;
5697 saved_poolname = kmem_alloc(len, KM_SLEEP);
5698 (void) strlcpy(saved_poolname, zc->zc_name, len);
5699
5700 if (vec->zvec_func != NULL) {
5701 nvlist_t *outnvl;
5702 int puterror = 0;
5703 spa_t *spa;
5704 nvlist_t *lognv = NULL;
5705
5706 ASSERT(vec->zvec_legacy_func == NULL);
5707
5708 /*
5709 * Add the innvl to the lognv before calling the func,
5710 * in case the func changes the innvl.
5711 */
5712 if (vec->zvec_allow_log) {
5713 lognv = fnvlist_alloc();
5714 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5715 vec->zvec_name);
5716 if (!nvlist_empty(innvl)) {
5717 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5718 innvl);
5719 }
5720 }
5721
5722 outnvl = fnvlist_alloc();
5723 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5724
5725 if (error == 0 && vec->zvec_allow_log &&
5726 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5727 if (!nvlist_empty(outnvl)) {
5728 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5729 outnvl);
5730 }
5731 (void) spa_history_log_nvl(spa, lognv);
5732 spa_close(spa, FTAG);
5733 }
5734 fnvlist_free(lognv);
5735
5736 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5737 int smusherror = 0;
5738 if (vec->zvec_smush_outnvlist) {
5739 smusherror = nvlist_smush(outnvl,
5740 zc->zc_nvlist_dst_size);
5741 }
5742 if (smusherror == 0)
5743 puterror = put_nvlist(zc, outnvl);
5744 }
5745
5746 if (puterror != 0)
5747 error = puterror;
5748
5749 nvlist_free(outnvl);
5750 } else {
5751 error = vec->zvec_legacy_func(zc);
5752 }
5753
5754 out:
5755 nvlist_free(innvl);
5756 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5757 if (error == 0 && rc != 0)
5758 error = EFAULT;
5759 if (error == 0 && vec->zvec_allow_log) {
5760 char *s = tsd_get(zfs_allow_log_key);
5761 if (s != NULL)
5762 strfree(s);
5763 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5764 } else {
5765 if (saved_poolname != NULL)
5766 strfree(saved_poolname);
5767 }
5768
5769 kmem_free(zc, sizeof (zfs_cmd_t));
5770 return (error);
5771 }
5772
5773 static int
5774 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5775 {
5776 if (cmd != DDI_ATTACH)
5777 return (DDI_FAILURE);
5778
5779 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5780 DDI_PSEUDO, 0) == DDI_FAILURE)
5781 return (DDI_FAILURE);
5782
5783 zfs_dip = dip;
5784
5785 ddi_report_dev(dip);
5786
5787 return (DDI_SUCCESS);
5788 }
5789
5790 static int
5791 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5792 {
5793 if (spa_busy() || zfs_busy() || zvol_busy())
5794 return (DDI_FAILURE);
5795
5796 if (cmd != DDI_DETACH)
5797 return (DDI_FAILURE);
5798
5799 zfs_dip = NULL;
5800
5801 ddi_prop_remove_all(dip);
5802 ddi_remove_minor_node(dip, NULL);
5803
5804 return (DDI_SUCCESS);
5805 }
5806
5807 /*ARGSUSED*/
5808 static int
5809 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5810 {
5811 switch (infocmd) {
5812 case DDI_INFO_DEVT2DEVINFO:
5813 *result = zfs_dip;
5814 return (DDI_SUCCESS);
5815
5816 case DDI_INFO_DEVT2INSTANCE:
5817 *result = (void *)0;
5818 return (DDI_SUCCESS);
5819 }
5820
5821 return (DDI_FAILURE);
5822 }
5823
5824 /*
5825 * OK, so this is a little weird.
5826 *
5827 * /dev/zfs is the control node, i.e. minor 0.
5828 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5829 *
5830 * /dev/zfs has basically nothing to do except serve up ioctls,
5831 * so most of the standard driver entry points are in zvol.c.
5832 */
5833 static struct cb_ops zfs_cb_ops = {
5834 zfsdev_open, /* open */
5835 zfsdev_close, /* close */
5836 zvol_strategy, /* strategy */
5837 nodev, /* print */
5838 zvol_dump, /* dump */
5839 zvol_read, /* read */
5840 zvol_write, /* write */
5841 zfsdev_ioctl, /* ioctl */
5842 nodev, /* devmap */
5843 nodev, /* mmap */
5844 nodev, /* segmap */
5845 nochpoll, /* poll */
5846 ddi_prop_op, /* prop_op */
5847 NULL, /* streamtab */
5848 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5849 CB_REV, /* version */
5850 nodev, /* async read */
5851 nodev, /* async write */
5852 };
5853
5854 static struct dev_ops zfs_dev_ops = {
5855 DEVO_REV, /* version */
5856 0, /* refcnt */
5857 zfs_info, /* info */
5858 nulldev, /* identify */
5859 nulldev, /* probe */
5860 zfs_attach, /* attach */
5861 zfs_detach, /* detach */
5862 nodev, /* reset */
5863 &zfs_cb_ops, /* driver operations */
5864 NULL, /* no bus operations */
5865 NULL, /* power */
5866 ddi_quiesce_not_needed, /* quiesce */
5867 };
5868
5869 static struct modldrv zfs_modldrv = {
5870 &mod_driverops,
5871 "ZFS storage pool",
5872 &zfs_dev_ops
5873 };
5874
5875 static struct modlinkage modlinkage = {
5876 MODREV_1,
5877 (void *)&zfs_modlfs,
5878 (void *)&zfs_modldrv,
5879 NULL
5880 };
5881
5882 static void
5883 zfs_allow_log_destroy(void *arg)
5884 {
5885 char *poolname = arg;
5886 strfree(poolname);
5887 }
5888
5889 int
5890 _init(void)
5891 {
5892 int error;
5893
5894 spa_init(FREAD | FWRITE);
5895 zfs_init();
5896 zvol_init();
5897 zfs_ioctl_init();
5898
5899 if ((error = mod_install(&modlinkage)) != 0) {
5900 zvol_fini();
5901 zfs_fini();
5902 spa_fini();
5903 return (error);
5904 }
5905
5906 tsd_create(&zfs_fsyncer_key, NULL);
5907 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5908 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5909
5910 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5911 ASSERT(error == 0);
5912 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5913
5914 return (0);
5915 }
5916
5917 int
5918 _fini(void)
5919 {
5920 int error;
5921
5922 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5923 return (EBUSY);
5924
5925 if ((error = mod_remove(&modlinkage)) != 0)
5926 return (error);
5927
5928 zvol_fini();
5929 zfs_fini();
5930 spa_fini();
5931 if (zfs_nfsshare_inited)
5932 (void) ddi_modclose(nfs_mod);
5933 if (zfs_smbshare_inited)
5934 (void) ddi_modclose(smbsrv_mod);
5935 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5936 (void) ddi_modclose(sharefs_mod);
5937
5938 tsd_destroy(&zfs_fsyncer_key);
5939 ldi_ident_release(zfs_li);
5940 zfs_li = NULL;
5941 mutex_destroy(&zfs_share_lock);
5942
5943 return (error);
5944 }
5945
5946 int
5947 _info(struct modinfo *modinfop)
5948 {
5949 return (mod_info(&modlinkage, modinfop));
5950 }