1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Portions Copyright 2011 Martin Matuska
  25  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  26  * Copyright (c) 2012 by Delphix. All rights reserved.
  27  * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  28  */
  29 
  30 /*
  31  * ZFS ioctls.
  32  *
  33  * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
  34  * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
  35  *
  36  * There are two ways that we handle ioctls: the legacy way where almost
  37  * all of the logic is in the ioctl callback, and the new way where most
  38  * of the marshalling is handled in the common entry point, zfsdev_ioctl().
  39  *
  40  * Non-legacy ioctls should be registered by calling
  41  * zfs_ioctl_register() from zfs_ioctl_init().  The ioctl is invoked
  42  * from userland by lzc_ioctl().
  43  *
  44  * The registration arguments are as follows:
  45  *
  46  * const char *name
  47  *   The name of the ioctl.  This is used for history logging.  If the
  48  *   ioctl returns successfully (the callback returns 0), and allow_log
  49  *   is true, then a history log entry will be recorded with the input &
  50  *   output nvlists.  The log entry can be printed with "zpool history -i".
  51  *
  52  * zfs_ioc_t ioc
  53  *   The ioctl request number, which userland will pass to ioctl(2).
  54  *   The ioctl numbers can change from release to release, because
  55  *   the caller (libzfs) must be matched to the kernel.
  56  *
  57  * zfs_secpolicy_func_t *secpolicy
  58  *   This function will be called before the zfs_ioc_func_t, to
  59  *   determine if this operation is permitted.  It should return EPERM
  60  *   on failure, and 0 on success.  Checks include determining if the
  61  *   dataset is visible in this zone, and if the user has either all
  62  *   zfs privileges in the zone (SYS_MOUNT), or has been granted permission
  63  *   to do this operation on this dataset with "zfs allow".
  64  *
  65  * zfs_ioc_namecheck_t namecheck
  66  *   This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
  67  *   name, a dataset name, or nothing.  If the name is not well-formed,
  68  *   the ioctl will fail and the callback will not be called.
  69  *   Therefore, the callback can assume that the name is well-formed
  70  *   (e.g. is null-terminated, doesn't have more than one '@' character,
  71  *   doesn't have invalid characters).
  72  *
  73  * zfs_ioc_poolcheck_t pool_check
  74  *   This specifies requirements on the pool state.  If the pool does
  75  *   not meet them (is suspended or is readonly), the ioctl will fail
  76  *   and the callback will not be called.  If any checks are specified
  77  *   (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
  78  *   Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
  79  *   POOL_CHECK_READONLY).
  80  *
  81  * boolean_t smush_outnvlist
  82  *   If smush_outnvlist is true, then the output is presumed to be a
  83  *   list of errors, and it will be "smushed" down to fit into the
  84  *   caller's buffer, by removing some entries and replacing them with a
  85  *   single "N_MORE_ERRORS" entry indicating how many were removed.  See
  86  *   nvlist_smush() for details.  If smush_outnvlist is false, and the
  87  *   outnvlist does not fit into the userland-provided buffer, then the
  88  *   ioctl will fail with ENOMEM.
  89  *
  90  * zfs_ioc_func_t *func
  91  *   The callback function that will perform the operation.
  92  *
  93  *   The callback should return 0 on success, or an error number on
  94  *   failure.  If the function fails, the userland ioctl will return -1,
  95  *   and errno will be set to the callback's return value.  The callback
  96  *   will be called with the following arguments:
  97  *
  98  *   const char *name
  99  *     The name of the pool or dataset to operate on, from
 100  *     zfs_cmd_t:zc_name.  The 'namecheck' argument specifies the
 101  *     expected type (pool, dataset, or none).
 102  *
 103  *   nvlist_t *innvl
 104  *     The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src.  Or
 105  *     NULL if no input nvlist was provided.  Changes to this nvlist are
 106  *     ignored.  If the input nvlist could not be deserialized, the
 107  *     ioctl will fail and the callback will not be called.
 108  *
 109  *   nvlist_t *outnvl
 110  *     The output nvlist, initially empty.  The callback can fill it in,
 111  *     and it will be returned to userland by serializing it into
 112  *     zfs_cmd_t:zc_nvlist_dst.  If it is non-empty, and serialization
 113  *     fails (e.g. because the caller didn't supply a large enough
 114  *     buffer), then the overall ioctl will fail.  See the
 115  *     'smush_nvlist' argument above for additional behaviors.
 116  *
 117  *     There are two typical uses of the output nvlist:
 118  *       - To return state, e.g. property values.  In this case,
 119  *         smush_outnvlist should be false.  If the buffer was not large
 120  *         enough, the caller will reallocate a larger buffer and try
 121  *         the ioctl again.
 122  *
 123  *       - To return multiple errors from an ioctl which makes on-disk
 124  *         changes.  In this case, smush_outnvlist should be true.
 125  *         Ioctls which make on-disk modifications should generally not
 126  *         use the outnvl if they succeed, because the caller can not
 127  *         distinguish between the operation failing, and
 128  *         deserialization failing.
 129  */
 130 
 131 #include <sys/types.h>
 132 #include <sys/param.h>
 133 #include <sys/errno.h>
 134 #include <sys/uio.h>
 135 #include <sys/buf.h>
 136 #include <sys/modctl.h>
 137 #include <sys/open.h>
 138 #include <sys/file.h>
 139 #include <sys/kmem.h>
 140 #include <sys/conf.h>
 141 #include <sys/cmn_err.h>
 142 #include <sys/stat.h>
 143 #include <sys/zfs_ioctl.h>
 144 #include <sys/zfs_vfsops.h>
 145 #include <sys/zfs_znode.h>
 146 #include <sys/zap.h>
 147 #include <sys/spa.h>
 148 #include <sys/spa_impl.h>
 149 #include <sys/vdev.h>
 150 #include <sys/priv_impl.h>
 151 #include <sys/dmu.h>
 152 #include <sys/dsl_dir.h>
 153 #include <sys/dsl_dataset.h>
 154 #include <sys/dsl_prop.h>
 155 #include <sys/dsl_deleg.h>
 156 #include <sys/dmu_objset.h>
 157 #include <sys/dmu_impl.h>
 158 #include <sys/ddi.h>
 159 #include <sys/sunddi.h>
 160 #include <sys/sunldi.h>
 161 #include <sys/policy.h>
 162 #include <sys/zone.h>
 163 #include <sys/nvpair.h>
 164 #include <sys/pathname.h>
 165 #include <sys/mount.h>
 166 #include <sys/sdt.h>
 167 #include <sys/fs/zfs.h>
 168 #include <sys/zfs_ctldir.h>
 169 #include <sys/zfs_dir.h>
 170 #include <sys/zfs_onexit.h>
 171 #include <sys/zvol.h>
 172 #include <sys/dsl_scan.h>
 173 #include <sharefs/share.h>
 174 #include <sys/dmu_objset.h>
 175 
 176 #include "zfs_namecheck.h"
 177 #include "zfs_prop.h"
 178 #include "zfs_deleg.h"
 179 #include "zfs_comutil.h"
 180 
 181 extern struct modlfs zfs_modlfs;
 182 
 183 extern void zfs_init(void);
 184 extern void zfs_fini(void);
 185 
 186 ldi_ident_t zfs_li = NULL;
 187 dev_info_t *zfs_dip;
 188 
 189 uint_t zfs_fsyncer_key;
 190 extern uint_t rrw_tsd_key;
 191 static uint_t zfs_allow_log_key;
 192 
 193 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
 194 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
 195 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
 196 
 197 typedef enum {
 198         NO_NAME,
 199         POOL_NAME,
 200         DATASET_NAME
 201 } zfs_ioc_namecheck_t;
 202 
 203 typedef enum {
 204         POOL_CHECK_NONE         = 1 << 0,
 205         POOL_CHECK_SUSPENDED    = 1 << 1,
 206         POOL_CHECK_READONLY     = 1 << 2,
 207 } zfs_ioc_poolcheck_t;
 208 
 209 typedef struct zfs_ioc_vec {
 210         zfs_ioc_legacy_func_t   *zvec_legacy_func;
 211         zfs_ioc_func_t          *zvec_func;
 212         zfs_secpolicy_func_t    *zvec_secpolicy;
 213         zfs_ioc_namecheck_t     zvec_namecheck;
 214         boolean_t               zvec_allow_log;
 215         zfs_ioc_poolcheck_t     zvec_pool_check;
 216         boolean_t               zvec_smush_outnvlist;
 217         const char              *zvec_name;
 218 } zfs_ioc_vec_t;
 219 
 220 /* This array is indexed by zfs_userquota_prop_t */
 221 static const char *userquota_perms[] = {
 222         ZFS_DELEG_PERM_USERUSED,
 223         ZFS_DELEG_PERM_USERQUOTA,
 224         ZFS_DELEG_PERM_GROUPUSED,
 225         ZFS_DELEG_PERM_GROUPQUOTA,
 226 };
 227 
 228 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
 229 static int zfs_check_settable(const char *name, nvpair_t *property,
 230     cred_t *cr);
 231 static int zfs_check_clearable(char *dataset, nvlist_t *props,
 232     nvlist_t **errors);
 233 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
 234     boolean_t *);
 235 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
 236 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
 237 
 238 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
 239 void
 240 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
 241 {
 242         const char *newfile;
 243         char buf[512];
 244         va_list adx;
 245 
 246         /*
 247          * Get rid of annoying "../common/" prefix to filename.
 248          */
 249         newfile = strrchr(file, '/');
 250         if (newfile != NULL) {
 251                 newfile = newfile + 1; /* Get rid of leading / */
 252         } else {
 253                 newfile = file;
 254         }
 255 
 256         va_start(adx, fmt);
 257         (void) vsnprintf(buf, sizeof (buf), fmt, adx);
 258         va_end(adx);
 259 
 260         /*
 261          * To get this data, use the zfs-dprintf probe as so:
 262          * dtrace -q -n 'zfs-dprintf \
 263          *      /stringof(arg0) == "dbuf.c"/ \
 264          *      {printf("%s: %s", stringof(arg1), stringof(arg3))}'
 265          * arg0 = file name
 266          * arg1 = function name
 267          * arg2 = line number
 268          * arg3 = message
 269          */
 270         DTRACE_PROBE4(zfs__dprintf,
 271             char *, newfile, char *, func, int, line, char *, buf);
 272 }
 273 
 274 static void
 275 history_str_free(char *buf)
 276 {
 277         kmem_free(buf, HIS_MAX_RECORD_LEN);
 278 }
 279 
 280 static char *
 281 history_str_get(zfs_cmd_t *zc)
 282 {
 283         char *buf;
 284 
 285         if (zc->zc_history == NULL)
 286                 return (NULL);
 287 
 288         buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
 289         if (copyinstr((void *)(uintptr_t)zc->zc_history,
 290             buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
 291                 history_str_free(buf);
 292                 return (NULL);
 293         }
 294 
 295         buf[HIS_MAX_RECORD_LEN -1] = '\0';
 296 
 297         return (buf);
 298 }
 299 
 300 /*
 301  * Check to see if the named dataset is currently defined as bootable
 302  */
 303 static boolean_t
 304 zfs_is_bootfs(const char *name)
 305 {
 306         objset_t *os;
 307 
 308         if (dmu_objset_hold(name, FTAG, &os) == 0) {
 309                 boolean_t ret;
 310                 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
 311                 dmu_objset_rele(os, FTAG);
 312                 return (ret);
 313         }
 314         return (B_FALSE);
 315 }
 316 
 317 /*
 318  * zfs_earlier_version
 319  *
 320  *      Return non-zero if the spa version is less than requested version.
 321  */
 322 static int
 323 zfs_earlier_version(const char *name, int version)
 324 {
 325         spa_t *spa;
 326 
 327         if (spa_open(name, &spa, FTAG) == 0) {
 328                 if (spa_version(spa) < version) {
 329                         spa_close(spa, FTAG);
 330                         return (1);
 331                 }
 332                 spa_close(spa, FTAG);
 333         }
 334         return (0);
 335 }
 336 
 337 /*
 338  * zpl_earlier_version
 339  *
 340  * Return TRUE if the ZPL version is less than requested version.
 341  */
 342 static boolean_t
 343 zpl_earlier_version(const char *name, int version)
 344 {
 345         objset_t *os;
 346         boolean_t rc = B_TRUE;
 347 
 348         if (dmu_objset_hold(name, FTAG, &os) == 0) {
 349                 uint64_t zplversion;
 350 
 351                 if (dmu_objset_type(os) != DMU_OST_ZFS) {
 352                         dmu_objset_rele(os, FTAG);
 353                         return (B_TRUE);
 354                 }
 355                 /* XXX reading from non-owned objset */
 356                 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
 357                         rc = zplversion < version;
 358                 dmu_objset_rele(os, FTAG);
 359         }
 360         return (rc);
 361 }
 362 
 363 static void
 364 zfs_log_history(zfs_cmd_t *zc)
 365 {
 366         spa_t *spa;
 367         char *buf;
 368 
 369         if ((buf = history_str_get(zc)) == NULL)
 370                 return;
 371 
 372         if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
 373                 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
 374                         (void) spa_history_log(spa, buf);
 375                 spa_close(spa, FTAG);
 376         }
 377         history_str_free(buf);
 378 }
 379 
 380 /*
 381  * Policy for top-level read operations (list pools).  Requires no privileges,
 382  * and can be used in the local zone, as there is no associated dataset.
 383  */
 384 /* ARGSUSED */
 385 static int
 386 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 387 {
 388         return (0);
 389 }
 390 
 391 /*
 392  * Policy for dataset read operations (list children, get statistics).  Requires
 393  * no privileges, but must be visible in the local zone.
 394  */
 395 /* ARGSUSED */
 396 static int
 397 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 398 {
 399         if (INGLOBALZONE(curproc) ||
 400             zone_dataset_visible(zc->zc_name, NULL))
 401                 return (0);
 402 
 403         return (ENOENT);
 404 }
 405 
 406 static int
 407 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
 408 {
 409         int writable = 1;
 410 
 411         /*
 412          * The dataset must be visible by this zone -- check this first
 413          * so they don't see EPERM on something they shouldn't know about.
 414          */
 415         if (!INGLOBALZONE(curproc) &&
 416             !zone_dataset_visible(dataset, &writable))
 417                 return (ENOENT);
 418 
 419         if (INGLOBALZONE(curproc)) {
 420                 /*
 421                  * If the fs is zoned, only root can access it from the
 422                  * global zone.
 423                  */
 424                 if (secpolicy_zfs(cr) && zoned)
 425                         return (EPERM);
 426         } else {
 427                 /*
 428                  * If we are in a local zone, the 'zoned' property must be set.
 429                  */
 430                 if (!zoned)
 431                         return (EPERM);
 432 
 433                 /* must be writable by this zone */
 434                 if (!writable)
 435                         return (EPERM);
 436         }
 437         return (0);
 438 }
 439 
 440 static int
 441 zfs_dozonecheck(const char *dataset, cred_t *cr)
 442 {
 443         uint64_t zoned;
 444 
 445         if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
 446                 return (ENOENT);
 447 
 448         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 449 }
 450 
 451 static int
 452 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
 453 {
 454         uint64_t zoned;
 455 
 456         rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
 457         if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
 458                 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 459                 return (ENOENT);
 460         }
 461         rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 462 
 463         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 464 }
 465 
 466 static int
 467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
 468 {
 469         int error;
 470         dsl_dataset_t *ds;
 471 
 472         error = dsl_dataset_hold(name, FTAG, &ds);
 473         if (error != 0)
 474                 return (error);
 475 
 476         error = zfs_dozonecheck_ds(name, ds, cr);
 477         if (error == 0) {
 478                 error = secpolicy_zfs(cr);
 479                 if (error)
 480                         error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 481         }
 482 
 483         dsl_dataset_rele(ds, FTAG);
 484         return (error);
 485 }
 486 
 487 static int
 488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
 489     const char *perm, cred_t *cr)
 490 {
 491         int error;
 492 
 493         error = zfs_dozonecheck_ds(name, ds, cr);
 494         if (error == 0) {
 495                 error = secpolicy_zfs(cr);
 496                 if (error)
 497                         error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
 498         }
 499         return (error);
 500 }
 501 
 502 /*
 503  * Policy for setting the security label property.
 504  *
 505  * Returns 0 for success, non-zero for access and other errors.
 506  */
 507 static int
 508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
 509 {
 510         char            ds_hexsl[MAXNAMELEN];
 511         bslabel_t       ds_sl, new_sl;
 512         boolean_t       new_default = FALSE;
 513         uint64_t        zoned;
 514         int             needed_priv = -1;
 515         int             error;
 516 
 517         /* First get the existing dataset label. */
 518         error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
 519             1, sizeof (ds_hexsl), &ds_hexsl, NULL);
 520         if (error)
 521                 return (EPERM);
 522 
 523         if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
 524                 new_default = TRUE;
 525 
 526         /* The label must be translatable */
 527         if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
 528                 return (EINVAL);
 529 
 530         /*
 531          * In a non-global zone, disallow attempts to set a label that
 532          * doesn't match that of the zone; otherwise no other checks
 533          * are needed.
 534          */
 535         if (!INGLOBALZONE(curproc)) {
 536                 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
 537                         return (EPERM);
 538                 return (0);
 539         }
 540 
 541         /*
 542          * For global-zone datasets (i.e., those whose zoned property is
 543          * "off", verify that the specified new label is valid for the
 544          * global zone.
 545          */
 546         if (dsl_prop_get_integer(name,
 547             zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
 548                 return (EPERM);
 549         if (!zoned) {
 550                 if (zfs_check_global_label(name, strval) != 0)
 551                         return (EPERM);
 552         }
 553 
 554         /*
 555          * If the existing dataset label is nondefault, check if the
 556          * dataset is mounted (label cannot be changed while mounted).
 557          * Get the zfsvfs; if there isn't one, then the dataset isn't
 558          * mounted (or isn't a dataset, doesn't exist, ...).
 559          */
 560         if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
 561                 objset_t *os;
 562                 static char *setsl_tag = "setsl_tag";
 563 
 564                 /*
 565                  * Try to own the dataset; abort if there is any error,
 566                  * (e.g., already mounted, in use, or other error).
 567                  */
 568                 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
 569                     setsl_tag, &os);
 570                 if (error)
 571                         return (EPERM);
 572 
 573                 dmu_objset_disown(os, setsl_tag);
 574 
 575                 if (new_default) {
 576                         needed_priv = PRIV_FILE_DOWNGRADE_SL;
 577                         goto out_check;
 578                 }
 579 
 580                 if (hexstr_to_label(strval, &new_sl) != 0)
 581                         return (EPERM);
 582 
 583                 if (blstrictdom(&ds_sl, &new_sl))
 584                         needed_priv = PRIV_FILE_DOWNGRADE_SL;
 585                 else if (blstrictdom(&new_sl, &ds_sl))
 586                         needed_priv = PRIV_FILE_UPGRADE_SL;
 587         } else {
 588                 /* dataset currently has a default label */
 589                 if (!new_default)
 590                         needed_priv = PRIV_FILE_UPGRADE_SL;
 591         }
 592 
 593 out_check:
 594         if (needed_priv != -1)
 595                 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
 596         return (0);
 597 }
 598 
 599 static int
 600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
 601     cred_t *cr)
 602 {
 603         char *strval;
 604 
 605         /*
 606          * Check permissions for special properties.
 607          */
 608         switch (prop) {
 609         case ZFS_PROP_DEDUP:
 610         case ZFS_PROP_ZONED:
 611                 /*
 612                  * Disallow setting these properties from within a local zone.
 613                  */
 614                 if (!INGLOBALZONE(curproc))
 615                         return (EPERM);
 616                 break;
 617 
 618         case ZFS_PROP_QUOTA:
 619         case ZFS_PROP_FILESYSTEM_LIMIT:
 620         case ZFS_PROP_SNAPSHOT_LIMIT:
 621                 if (!INGLOBALZONE(curproc)) {
 622                         uint64_t zoned;
 623                         char setpoint[MAXNAMELEN];
 624                         /*
 625                          * Unprivileged users are allowed to modify the
 626                          * limit on things *under* (ie. contained by)
 627                          * the thing they own.
 628                          */
 629                         if (dsl_prop_get_integer(dsname, "zoned", &zoned,
 630                             setpoint))
 631                                 return (EPERM);
 632                         if (!zoned || strlen(dsname) <= strlen(setpoint))
 633                                 return (EPERM);
 634                 }
 635                 break;
 636 
 637         case ZFS_PROP_MLSLABEL:
 638                 if (!is_system_labeled())
 639                         return (EPERM);
 640 
 641                 if (nvpair_value_string(propval, &strval) == 0) {
 642                         int err;
 643 
 644                         err = zfs_set_slabel_policy(dsname, strval, CRED());
 645                         if (err != 0)
 646                                 return (err);
 647                 }
 648                 break;
 649         }
 650 
 651         return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
 652 }
 653 
 654 /* ARGSUSED */
 655 static int
 656 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 657 {
 658         int error;
 659 
 660         error = zfs_dozonecheck(zc->zc_name, cr);
 661         if (error)
 662                 return (error);
 663 
 664         /*
 665          * permission to set permissions will be evaluated later in
 666          * dsl_deleg_can_allow()
 667          */
 668         return (0);
 669 }
 670 
 671 /* ARGSUSED */
 672 static int
 673 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 674 {
 675         return (zfs_secpolicy_write_perms(zc->zc_name,
 676             ZFS_DELEG_PERM_ROLLBACK, cr));
 677 }
 678 
 679 /* ARGSUSED */
 680 static int
 681 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 682 {
 683         spa_t *spa;
 684         dsl_pool_t *dp;
 685         dsl_dataset_t *ds;
 686         char *cp;
 687         int error;
 688 
 689         /*
 690          * Generate the current snapshot name from the given objsetid, then
 691          * use that name for the secpolicy/zone checks.
 692          */
 693         cp = strchr(zc->zc_name, '@');
 694         if (cp == NULL)
 695                 return (EINVAL);
 696         error = spa_open(zc->zc_name, &spa, FTAG);
 697         if (error)
 698                 return (error);
 699 
 700         dp = spa_get_dsl(spa);
 701         rw_enter(&dp->dp_config_rwlock, RW_READER);
 702         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
 703         rw_exit(&dp->dp_config_rwlock);
 704         spa_close(spa, FTAG);
 705         if (error)
 706                 return (error);
 707 
 708         dsl_dataset_name(ds, zc->zc_name);
 709 
 710         error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
 711             ZFS_DELEG_PERM_SEND, cr);
 712         dsl_dataset_rele(ds, FTAG);
 713 
 714         return (error);
 715 }
 716 
 717 /* ARGSUSED */
 718 static int
 719 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 720 {
 721         return (zfs_secpolicy_write_perms(zc->zc_name,
 722             ZFS_DELEG_PERM_SEND, cr));
 723 }
 724 
 725 /* ARGSUSED */
 726 static int
 727 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 728 {
 729         vnode_t *vp;
 730         int error;
 731 
 732         if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
 733             NO_FOLLOW, NULL, &vp)) != 0)
 734                 return (error);
 735 
 736         /* Now make sure mntpnt and dataset are ZFS */
 737 
 738         if (vp->v_vfsp->vfs_fstype != zfsfstype ||
 739             (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
 740             zc->zc_name) != 0)) {
 741                 VN_RELE(vp);
 742                 return (EPERM);
 743         }
 744 
 745         VN_RELE(vp);
 746         return (dsl_deleg_access(zc->zc_name,
 747             ZFS_DELEG_PERM_SHARE, cr));
 748 }
 749 
 750 int
 751 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 752 {
 753         if (!INGLOBALZONE(curproc))
 754                 return (EPERM);
 755 
 756         if (secpolicy_nfs(cr) == 0) {
 757                 return (0);
 758         } else {
 759                 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
 760         }
 761 }
 762 
 763 int
 764 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 765 {
 766         if (!INGLOBALZONE(curproc))
 767                 return (EPERM);
 768 
 769         if (secpolicy_smb(cr) == 0) {
 770                 return (0);
 771         } else {
 772                 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
 773         }
 774 }
 775 
 776 static int
 777 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
 778 {
 779         char *cp;
 780 
 781         /*
 782          * Remove the @bla or /bla from the end of the name to get the parent.
 783          */
 784         (void) strncpy(parent, datasetname, parentsize);
 785         cp = strrchr(parent, '@');
 786         if (cp != NULL) {
 787                 cp[0] = '\0';
 788         } else {
 789                 cp = strrchr(parent, '/');
 790                 if (cp == NULL)
 791                         return (ENOENT);
 792                 cp[0] = '\0';
 793         }
 794 
 795         return (0);
 796 }
 797 
 798 int
 799 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
 800 {
 801         int error;
 802 
 803         if ((error = zfs_secpolicy_write_perms(name,
 804             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 805                 return (error);
 806 
 807         return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
 808 }
 809 
 810 /* ARGSUSED */
 811 static int
 812 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 813 {
 814         return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
 815 }
 816 
 817 /*
 818  * Destroying snapshots with delegated permissions requires
 819  * descendant mount and destroy permissions.
 820  */
 821 /* ARGSUSED */
 822 static int
 823 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 824 {
 825         nvlist_t *snaps;
 826         nvpair_t *pair, *nextpair;
 827         int error = 0;
 828 
 829         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
 830                 return (EINVAL);
 831         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
 832             pair = nextpair) {
 833                 dsl_dataset_t *ds;
 834 
 835                 nextpair = nvlist_next_nvpair(snaps, pair);
 836                 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
 837                 if (error == 0) {
 838                         dsl_dataset_rele(ds, FTAG);
 839                 } else if (error == ENOENT) {
 840                         /*
 841                          * Ignore any snapshots that don't exist (we consider
 842                          * them "already destroyed").  Remove the name from the
 843                          * nvl here in case the snapshot is created between
 844                          * now and when we try to destroy it (in which case
 845                          * we don't want to destroy it since we haven't
 846                          * checked for permission).
 847                          */
 848                         fnvlist_remove_nvpair(snaps, pair);
 849                         error = 0;
 850                         continue;
 851                 } else {
 852                         break;
 853                 }
 854                 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
 855                 if (error != 0)
 856                         break;
 857         }
 858 
 859         return (error);
 860 }
 861 
 862 int
 863 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
 864 {
 865         char    parentname[MAXNAMELEN];
 866         int     error;
 867 
 868         if ((error = zfs_secpolicy_write_perms(from,
 869             ZFS_DELEG_PERM_RENAME, cr)) != 0)
 870                 return (error);
 871 
 872         if ((error = zfs_secpolicy_write_perms(from,
 873             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 874                 return (error);
 875 
 876         if ((error = zfs_get_parent(to, parentname,
 877             sizeof (parentname))) != 0)
 878                 return (error);
 879 
 880         if ((error = zfs_secpolicy_write_perms(parentname,
 881             ZFS_DELEG_PERM_CREATE, cr)) != 0)
 882                 return (error);
 883 
 884         if ((error = zfs_secpolicy_write_perms(parentname,
 885             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 886                 return (error);
 887 
 888         return (error);
 889 }
 890 
 891 /* ARGSUSED */
 892 static int
 893 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 894 {
 895         return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
 896 }
 897 
 898 /* ARGSUSED */
 899 static int
 900 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 901 {
 902         char    parentname[MAXNAMELEN];
 903         objset_t *clone;
 904         int error;
 905 
 906         error = zfs_secpolicy_write_perms(zc->zc_name,
 907             ZFS_DELEG_PERM_PROMOTE, cr);
 908         if (error)
 909                 return (error);
 910 
 911         error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
 912 
 913         if (error == 0) {
 914                 dsl_dataset_t *pclone = NULL;
 915                 dsl_dir_t *dd;
 916                 dd = clone->os_dsl_dataset->ds_dir;
 917 
 918                 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
 919                 error = dsl_dataset_hold_obj(dd->dd_pool,
 920                     dd->dd_phys->dd_origin_obj, FTAG, &pclone);
 921                 rw_exit(&dd->dd_pool->dp_config_rwlock);
 922                 if (error) {
 923                         dmu_objset_rele(clone, FTAG);
 924                         return (error);
 925                 }
 926 
 927                 error = zfs_secpolicy_write_perms(zc->zc_name,
 928                     ZFS_DELEG_PERM_MOUNT, cr);
 929 
 930                 dsl_dataset_name(pclone, parentname);
 931                 dmu_objset_rele(clone, FTAG);
 932                 dsl_dataset_rele(pclone, FTAG);
 933                 if (error == 0)
 934                         error = zfs_secpolicy_write_perms(parentname,
 935                             ZFS_DELEG_PERM_PROMOTE, cr);
 936         }
 937         return (error);
 938 }
 939 
 940 /* ARGSUSED */
 941 static int
 942 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 943 {
 944         int error;
 945 
 946         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
 947             ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
 948                 return (error);
 949 
 950         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
 951             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 952                 return (error);
 953 
 954         return (zfs_secpolicy_write_perms(zc->zc_name,
 955             ZFS_DELEG_PERM_CREATE, cr));
 956 }
 957 
 958 int
 959 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
 960 {
 961         return (zfs_secpolicy_write_perms(name,
 962             ZFS_DELEG_PERM_SNAPSHOT, cr));
 963 }
 964 
 965 /*
 966  * Check for permission to create each snapshot in the nvlist.
 967  */
 968 /* ARGSUSED */
 969 static int
 970 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 971 {
 972         nvlist_t *snaps;
 973         int error;
 974         nvpair_t *pair;
 975 
 976         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
 977                 return (EINVAL);
 978         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
 979             pair = nvlist_next_nvpair(snaps, pair)) {
 980                 char *name = nvpair_name(pair);
 981                 char *atp = strchr(name, '@');
 982 
 983                 if (atp == NULL) {
 984                         error = EINVAL;
 985                         break;
 986                 }
 987                 *atp = '\0';
 988                 error = zfs_secpolicy_snapshot_perms(name, cr);
 989                 *atp = '@';
 990                 if (error != 0)
 991                         break;
 992         }
 993         return (error);
 994 }
 995 
 996 /* ARGSUSED */
 997 static int
 998 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 999 {
1000         /*
1001          * Even root must have a proper TSD so that we know what pool
1002          * to log to.
1003          */
1004         if (tsd_get(zfs_allow_log_key) == NULL)
1005                 return (EPERM);
1006         return (0);
1007 }
1008 
1009 static int
1010 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1011 {
1012         char    parentname[MAXNAMELEN];
1013         int     error;
1014         char    *origin;
1015 
1016         if ((error = zfs_get_parent(zc->zc_name, parentname,
1017             sizeof (parentname))) != 0)
1018                 return (error);
1019 
1020         if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1021             (error = zfs_secpolicy_write_perms(origin,
1022             ZFS_DELEG_PERM_CLONE, cr)) != 0)
1023                 return (error);
1024 
1025         if ((error = zfs_secpolicy_write_perms(parentname,
1026             ZFS_DELEG_PERM_CREATE, cr)) != 0)
1027                 return (error);
1028 
1029         return (zfs_secpolicy_write_perms(parentname,
1030             ZFS_DELEG_PERM_MOUNT, cr));
1031 }
1032 
1033 /*
1034  * Policy for pool operations - create/destroy pools, add vdevs, etc.  Requires
1035  * SYS_CONFIG privilege, which is not available in a local zone.
1036  */
1037 /* ARGSUSED */
1038 static int
1039 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1040 {
1041         if (secpolicy_sys_config(cr, B_FALSE) != 0)
1042                 return (EPERM);
1043 
1044         return (0);
1045 }
1046 
1047 /*
1048  * Policy for object to name lookups.
1049  */
1050 /* ARGSUSED */
1051 static int
1052 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1053 {
1054         int error;
1055 
1056         if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1057                 return (0);
1058 
1059         error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1060         return (error);
1061 }
1062 
1063 /*
1064  * Policy for fault injection.  Requires all privileges.
1065  */
1066 /* ARGSUSED */
1067 static int
1068 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1069 {
1070         return (secpolicy_zinject(cr));
1071 }
1072 
1073 /* ARGSUSED */
1074 static int
1075 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1076 {
1077         zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1078 
1079         if (prop == ZPROP_INVAL) {
1080                 if (!zfs_prop_user(zc->zc_value))
1081                         return (EINVAL);
1082                 return (zfs_secpolicy_write_perms(zc->zc_name,
1083                     ZFS_DELEG_PERM_USERPROP, cr));
1084         } else {
1085                 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1086                     NULL, cr));
1087         }
1088 }
1089 
1090 static int
1091 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1092 {
1093         int err = zfs_secpolicy_read(zc, innvl, cr);
1094         if (err)
1095                 return (err);
1096 
1097         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1098                 return (EINVAL);
1099 
1100         if (zc->zc_value[0] == 0) {
1101                 /*
1102                  * They are asking about a posix uid/gid.  If it's
1103                  * themself, allow it.
1104                  */
1105                 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1106                     zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1107                         if (zc->zc_guid == crgetuid(cr))
1108                                 return (0);
1109                 } else {
1110                         if (groupmember(zc->zc_guid, cr))
1111                                 return (0);
1112                 }
1113         }
1114 
1115         return (zfs_secpolicy_write_perms(zc->zc_name,
1116             userquota_perms[zc->zc_objset_type], cr));
1117 }
1118 
1119 static int
1120 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1121 {
1122         int err = zfs_secpolicy_read(zc, innvl, cr);
1123         if (err)
1124                 return (err);
1125 
1126         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1127                 return (EINVAL);
1128 
1129         return (zfs_secpolicy_write_perms(zc->zc_name,
1130             userquota_perms[zc->zc_objset_type], cr));
1131 }
1132 
1133 /* ARGSUSED */
1134 static int
1135 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1136 {
1137         return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1138             NULL, cr));
1139 }
1140 
1141 /* ARGSUSED */
1142 static int
1143 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1144 {
1145         return (zfs_secpolicy_write_perms(zc->zc_name,
1146             ZFS_DELEG_PERM_HOLD, cr));
1147 }
1148 
1149 /* ARGSUSED */
1150 static int
1151 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1152 {
1153         return (zfs_secpolicy_write_perms(zc->zc_name,
1154             ZFS_DELEG_PERM_RELEASE, cr));
1155 }
1156 
1157 /*
1158  * Policy for allowing temporary snapshots to be taken or released
1159  */
1160 static int
1161 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1162 {
1163         /*
1164          * A temporary snapshot is the same as a snapshot,
1165          * hold, destroy and release all rolled into one.
1166          * Delegated diff alone is sufficient that we allow this.
1167          */
1168         int error;
1169 
1170         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1171             ZFS_DELEG_PERM_DIFF, cr)) == 0)
1172                 return (0);
1173 
1174         error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1175         if (!error)
1176                 error = zfs_secpolicy_hold(zc, innvl, cr);
1177         if (!error)
1178                 error = zfs_secpolicy_release(zc, innvl, cr);
1179         if (!error)
1180                 error = zfs_secpolicy_destroy(zc, innvl, cr);
1181         return (error);
1182 }
1183 
1184 /*
1185  * Returns the nvlist as specified by the user in the zfs_cmd_t.
1186  */
1187 static int
1188 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1189 {
1190         char *packed;
1191         int error;
1192         nvlist_t *list = NULL;
1193 
1194         /*
1195          * Read in and unpack the user-supplied nvlist.
1196          */
1197         if (size == 0)
1198                 return (EINVAL);
1199 
1200         packed = kmem_alloc(size, KM_SLEEP);
1201 
1202         if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1203             iflag)) != 0) {
1204                 kmem_free(packed, size);
1205                 return (error);
1206         }
1207 
1208         if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1209                 kmem_free(packed, size);
1210                 return (error);
1211         }
1212 
1213         kmem_free(packed, size);
1214 
1215         *nvp = list;
1216         return (0);
1217 }
1218 
1219 /*
1220  * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1221  * Entries will be removed from the end of the nvlist, and one int32 entry
1222  * named "N_MORE_ERRORS" will be added indicating how many entries were
1223  * removed.
1224  */
1225 static int
1226 nvlist_smush(nvlist_t *errors, size_t max)
1227 {
1228         size_t size;
1229 
1230         size = fnvlist_size(errors);
1231 
1232         if (size > max) {
1233                 nvpair_t *more_errors;
1234                 int n = 0;
1235 
1236                 if (max < 1024)
1237                         return (ENOMEM);
1238 
1239                 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1240                 more_errors = nvlist_prev_nvpair(errors, NULL);
1241 
1242                 do {
1243                         nvpair_t *pair = nvlist_prev_nvpair(errors,
1244                             more_errors);
1245                         fnvlist_remove_nvpair(errors, pair);
1246                         n++;
1247                         size = fnvlist_size(errors);
1248                 } while (size > max);
1249 
1250                 fnvlist_remove_nvpair(errors, more_errors);
1251                 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1252                 ASSERT3U(fnvlist_size(errors), <=, max);
1253         }
1254 
1255         return (0);
1256 }
1257 
1258 static int
1259 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1260 {
1261         char *packed = NULL;
1262         int error = 0;
1263         size_t size;
1264 
1265         size = fnvlist_size(nvl);
1266 
1267         if (size > zc->zc_nvlist_dst_size) {
1268                 error = ENOMEM;
1269         } else {
1270                 packed = fnvlist_pack(nvl, &size);
1271                 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1272                     size, zc->zc_iflags) != 0)
1273                         error = EFAULT;
1274                 fnvlist_pack_free(packed, size);
1275         }
1276 
1277         zc->zc_nvlist_dst_size = size;
1278         zc->zc_nvlist_dst_filled = B_TRUE;
1279         return (error);
1280 }
1281 
1282 static int
1283 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1284 {
1285         objset_t *os;
1286         int error;
1287 
1288         error = dmu_objset_hold(dsname, FTAG, &os);
1289         if (error)
1290                 return (error);
1291         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1292                 dmu_objset_rele(os, FTAG);
1293                 return (EINVAL);
1294         }
1295 
1296         mutex_enter(&os->os_user_ptr_lock);
1297         *zfvp = dmu_objset_get_user(os);
1298         if (*zfvp) {
1299                 VFS_HOLD((*zfvp)->z_vfs);
1300         } else {
1301                 error = ESRCH;
1302         }
1303         mutex_exit(&os->os_user_ptr_lock);
1304         dmu_objset_rele(os, FTAG);
1305         return (error);
1306 }
1307 
1308 /*
1309  * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1310  * case its z_vfs will be NULL, and it will be opened as the owner.
1311  * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1312  * which prevents all vnode ops from running.
1313  */
1314 static int
1315 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1316 {
1317         int error = 0;
1318 
1319         if (getzfsvfs(name, zfvp) != 0)
1320                 error = zfsvfs_create(name, zfvp);
1321         if (error == 0) {
1322                 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1323                     RW_READER, tag);
1324                 if ((*zfvp)->z_unmounted) {
1325                         /*
1326                          * XXX we could probably try again, since the unmounting
1327                          * thread should be just about to disassociate the
1328                          * objset from the zfsvfs.
1329                          */
1330                         rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1331                         return (EBUSY);
1332                 }
1333         }
1334         return (error);
1335 }
1336 
1337 static void
1338 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1339 {
1340         rrw_exit(&zfsvfs->z_teardown_lock, tag);
1341 
1342         if (zfsvfs->z_vfs) {
1343                 VFS_RELE(zfsvfs->z_vfs);
1344         } else {
1345                 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1346                 zfsvfs_free(zfsvfs);
1347         }
1348 }
1349 
1350 static int
1351 zfs_ioc_pool_create(zfs_cmd_t *zc)
1352 {
1353         int error;
1354         nvlist_t *config, *props = NULL;
1355         nvlist_t *rootprops = NULL;
1356         nvlist_t *zplprops = NULL;
1357 
1358         if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1359             zc->zc_iflags, &config))
1360                 return (error);
1361 
1362         if (zc->zc_nvlist_src_size != 0 && (error =
1363             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1364             zc->zc_iflags, &props))) {
1365                 nvlist_free(config);
1366                 return (error);
1367         }
1368 
1369         if (props) {
1370                 nvlist_t *nvl = NULL;
1371                 uint64_t version = SPA_VERSION;
1372 
1373                 (void) nvlist_lookup_uint64(props,
1374                     zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1375                 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1376                         error = EINVAL;
1377                         goto pool_props_bad;
1378                 }
1379                 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1380                 if (nvl) {
1381                         error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1382                         if (error != 0) {
1383                                 nvlist_free(config);
1384                                 nvlist_free(props);
1385                                 return (error);
1386                         }
1387                         (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1388                 }
1389                 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1390                 error = zfs_fill_zplprops_root(version, rootprops,
1391                     zplprops, NULL);
1392                 if (error)
1393                         goto pool_props_bad;
1394         }
1395 
1396         error = spa_create(zc->zc_name, config, props, zplprops);
1397 
1398         /*
1399          * Set the remaining root properties
1400          */
1401         if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1402             ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1403                 (void) spa_destroy(zc->zc_name);
1404 
1405 pool_props_bad:
1406         nvlist_free(rootprops);
1407         nvlist_free(zplprops);
1408         nvlist_free(config);
1409         nvlist_free(props);
1410 
1411         return (error);
1412 }
1413 
1414 static int
1415 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1416 {
1417         int error;
1418         zfs_log_history(zc);
1419         error = spa_destroy(zc->zc_name);
1420         if (error == 0)
1421                 zvol_remove_minors(zc->zc_name);
1422         return (error);
1423 }
1424 
1425 static int
1426 zfs_ioc_pool_import(zfs_cmd_t *zc)
1427 {
1428         nvlist_t *config, *props = NULL;
1429         uint64_t guid;
1430         int error;
1431 
1432         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1433             zc->zc_iflags, &config)) != 0)
1434                 return (error);
1435 
1436         if (zc->zc_nvlist_src_size != 0 && (error =
1437             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1438             zc->zc_iflags, &props))) {
1439                 nvlist_free(config);
1440                 return (error);
1441         }
1442 
1443         if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1444             guid != zc->zc_guid)
1445                 error = EINVAL;
1446         else
1447                 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1448 
1449         if (zc->zc_nvlist_dst != 0) {
1450                 int err;
1451 
1452                 if ((err = put_nvlist(zc, config)) != 0)
1453                         error = err;
1454         }
1455 
1456         nvlist_free(config);
1457 
1458         if (props)
1459                 nvlist_free(props);
1460 
1461         return (error);
1462 }
1463 
1464 static int
1465 zfs_ioc_pool_export(zfs_cmd_t *zc)
1466 {
1467         int error;
1468         boolean_t force = (boolean_t)zc->zc_cookie;
1469         boolean_t hardforce = (boolean_t)zc->zc_guid;
1470 
1471         zfs_log_history(zc);
1472         error = spa_export(zc->zc_name, NULL, force, hardforce);
1473         if (error == 0)
1474                 zvol_remove_minors(zc->zc_name);
1475         return (error);
1476 }
1477 
1478 static int
1479 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1480 {
1481         nvlist_t *configs;
1482         int error;
1483 
1484         if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1485                 return (EEXIST);
1486 
1487         error = put_nvlist(zc, configs);
1488 
1489         nvlist_free(configs);
1490 
1491         return (error);
1492 }
1493 
1494 /*
1495  * inputs:
1496  * zc_name              name of the pool
1497  *
1498  * outputs:
1499  * zc_cookie            real errno
1500  * zc_nvlist_dst        config nvlist
1501  * zc_nvlist_dst_size   size of config nvlist
1502  */
1503 static int
1504 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1505 {
1506         nvlist_t *config;
1507         int error;
1508         int ret = 0;
1509 
1510         error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1511             sizeof (zc->zc_value));
1512 
1513         if (config != NULL) {
1514                 ret = put_nvlist(zc, config);
1515                 nvlist_free(config);
1516 
1517                 /*
1518                  * The config may be present even if 'error' is non-zero.
1519                  * In this case we return success, and preserve the real errno
1520                  * in 'zc_cookie'.
1521                  */
1522                 zc->zc_cookie = error;
1523         } else {
1524                 ret = error;
1525         }
1526 
1527         return (ret);
1528 }
1529 
1530 /*
1531  * Try to import the given pool, returning pool stats as appropriate so that
1532  * user land knows which devices are available and overall pool health.
1533  */
1534 static int
1535 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1536 {
1537         nvlist_t *tryconfig, *config;
1538         int error;
1539 
1540         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1541             zc->zc_iflags, &tryconfig)) != 0)
1542                 return (error);
1543 
1544         config = spa_tryimport(tryconfig);
1545 
1546         nvlist_free(tryconfig);
1547 
1548         if (config == NULL)
1549                 return (EINVAL);
1550 
1551         error = put_nvlist(zc, config);
1552         nvlist_free(config);
1553 
1554         return (error);
1555 }
1556 
1557 /*
1558  * inputs:
1559  * zc_name              name of the pool
1560  * zc_cookie            scan func (pool_scan_func_t)
1561  */
1562 static int
1563 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1564 {
1565         spa_t *spa;
1566         int error;
1567 
1568         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1569                 return (error);
1570 
1571         if (zc->zc_cookie == POOL_SCAN_NONE)
1572                 error = spa_scan_stop(spa);
1573         else
1574                 error = spa_scan(spa, zc->zc_cookie);
1575 
1576         spa_close(spa, FTAG);
1577 
1578         return (error);
1579 }
1580 
1581 static int
1582 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1583 {
1584         spa_t *spa;
1585         int error;
1586 
1587         error = spa_open(zc->zc_name, &spa, FTAG);
1588         if (error == 0) {
1589                 spa_freeze(spa);
1590                 spa_close(spa, FTAG);
1591         }
1592         return (error);
1593 }
1594 
1595 static int
1596 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1597 {
1598         spa_t *spa;
1599         int error;
1600 
1601         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1602                 return (error);
1603 
1604         if (zc->zc_cookie < spa_version(spa) ||
1605             !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1606                 spa_close(spa, FTAG);
1607                 return (EINVAL);
1608         }
1609 
1610         spa_upgrade(spa, zc->zc_cookie);
1611         spa_close(spa, FTAG);
1612 
1613         return (error);
1614 }
1615 
1616 static int
1617 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1618 {
1619         spa_t *spa;
1620         char *hist_buf;
1621         uint64_t size;
1622         int error;
1623 
1624         if ((size = zc->zc_history_len) == 0)
1625                 return (EINVAL);
1626 
1627         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1628                 return (error);
1629 
1630         if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1631                 spa_close(spa, FTAG);
1632                 return (ENOTSUP);
1633         }
1634 
1635         hist_buf = kmem_alloc(size, KM_SLEEP);
1636         if ((error = spa_history_get(spa, &zc->zc_history_offset,
1637             &zc->zc_history_len, hist_buf)) == 0) {
1638                 error = ddi_copyout(hist_buf,
1639                     (void *)(uintptr_t)zc->zc_history,
1640                     zc->zc_history_len, zc->zc_iflags);
1641         }
1642 
1643         spa_close(spa, FTAG);
1644         kmem_free(hist_buf, size);
1645         return (error);
1646 }
1647 
1648 static int
1649 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1650 {
1651         spa_t *spa;
1652         int error;
1653 
1654         error = spa_open(zc->zc_name, &spa, FTAG);
1655         if (error == 0) {
1656                 error = spa_change_guid(spa);
1657                 spa_close(spa, FTAG);
1658         }
1659         return (error);
1660 }
1661 
1662 static int
1663 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1664 {
1665         int error;
1666 
1667         if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1668                 return (error);
1669 
1670         return (0);
1671 }
1672 
1673 /*
1674  * inputs:
1675  * zc_name              name of filesystem
1676  * zc_obj               object to find
1677  *
1678  * outputs:
1679  * zc_value             name of object
1680  */
1681 static int
1682 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1683 {
1684         objset_t *os;
1685         int error;
1686 
1687         /* XXX reading from objset not owned */
1688         if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1689                 return (error);
1690         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1691                 dmu_objset_rele(os, FTAG);
1692                 return (EINVAL);
1693         }
1694         error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1695             sizeof (zc->zc_value));
1696         dmu_objset_rele(os, FTAG);
1697 
1698         return (error);
1699 }
1700 
1701 /*
1702  * inputs:
1703  * zc_name              name of filesystem
1704  * zc_obj               object to find
1705  *
1706  * outputs:
1707  * zc_stat              stats on object
1708  * zc_value             path to object
1709  */
1710 static int
1711 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1712 {
1713         objset_t *os;
1714         int error;
1715 
1716         /* XXX reading from objset not owned */
1717         if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1718                 return (error);
1719         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1720                 dmu_objset_rele(os, FTAG);
1721                 return (EINVAL);
1722         }
1723         error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1724             sizeof (zc->zc_value));
1725         dmu_objset_rele(os, FTAG);
1726 
1727         return (error);
1728 }
1729 
1730 static int
1731 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1732 {
1733         spa_t *spa;
1734         int error;
1735         nvlist_t *config, **l2cache, **spares;
1736         uint_t nl2cache = 0, nspares = 0;
1737 
1738         error = spa_open(zc->zc_name, &spa, FTAG);
1739         if (error != 0)
1740                 return (error);
1741 
1742         error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1743             zc->zc_iflags, &config);
1744         (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1745             &l2cache, &nl2cache);
1746 
1747         (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1748             &spares, &nspares);
1749 
1750         /*
1751          * A root pool with concatenated devices is not supported.
1752          * Thus, can not add a device to a root pool.
1753          *
1754          * Intent log device can not be added to a rootpool because
1755          * during mountroot, zil is replayed, a seperated log device
1756          * can not be accessed during the mountroot time.
1757          *
1758          * l2cache and spare devices are ok to be added to a rootpool.
1759          */
1760         if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1761                 nvlist_free(config);
1762                 spa_close(spa, FTAG);
1763                 return (EDOM);
1764         }
1765 
1766         if (error == 0) {
1767                 error = spa_vdev_add(spa, config);
1768                 nvlist_free(config);
1769         }
1770         spa_close(spa, FTAG);
1771         return (error);
1772 }
1773 
1774 /*
1775  * inputs:
1776  * zc_name              name of the pool
1777  * zc_nvlist_conf       nvlist of devices to remove
1778  * zc_cookie            to stop the remove?
1779  */
1780 static int
1781 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1782 {
1783         spa_t *spa;
1784         int error;
1785 
1786         error = spa_open(zc->zc_name, &spa, FTAG);
1787         if (error != 0)
1788                 return (error);
1789         error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1790         spa_close(spa, FTAG);
1791         return (error);
1792 }
1793 
1794 static int
1795 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1796 {
1797         spa_t *spa;
1798         int error;
1799         vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1800 
1801         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1802                 return (error);
1803         switch (zc->zc_cookie) {
1804         case VDEV_STATE_ONLINE:
1805                 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1806                 break;
1807 
1808         case VDEV_STATE_OFFLINE:
1809                 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1810                 break;
1811 
1812         case VDEV_STATE_FAULTED:
1813                 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1814                     zc->zc_obj != VDEV_AUX_EXTERNAL)
1815                         zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1816 
1817                 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1818                 break;
1819 
1820         case VDEV_STATE_DEGRADED:
1821                 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1822                     zc->zc_obj != VDEV_AUX_EXTERNAL)
1823                         zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1824 
1825                 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1826                 break;
1827 
1828         default:
1829                 error = EINVAL;
1830         }
1831         zc->zc_cookie = newstate;
1832         spa_close(spa, FTAG);
1833         return (error);
1834 }
1835 
1836 static int
1837 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1838 {
1839         spa_t *spa;
1840         int replacing = zc->zc_cookie;
1841         nvlist_t *config;
1842         int error;
1843 
1844         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1845                 return (error);
1846 
1847         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1848             zc->zc_iflags, &config)) == 0) {
1849                 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1850                 nvlist_free(config);
1851         }
1852 
1853         spa_close(spa, FTAG);
1854         return (error);
1855 }
1856 
1857 static int
1858 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1859 {
1860         spa_t *spa;
1861         int error;
1862 
1863         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1864                 return (error);
1865 
1866         error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1867 
1868         spa_close(spa, FTAG);
1869         return (error);
1870 }
1871 
1872 static int
1873 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1874 {
1875         spa_t *spa;
1876         nvlist_t *config, *props = NULL;
1877         int error;
1878         boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1879 
1880         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1881                 return (error);
1882 
1883         if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1884             zc->zc_iflags, &config)) {
1885                 spa_close(spa, FTAG);
1886                 return (error);
1887         }
1888 
1889         if (zc->zc_nvlist_src_size != 0 && (error =
1890             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1891             zc->zc_iflags, &props))) {
1892                 spa_close(spa, FTAG);
1893                 nvlist_free(config);
1894                 return (error);
1895         }
1896 
1897         error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1898 
1899         spa_close(spa, FTAG);
1900 
1901         nvlist_free(config);
1902         nvlist_free(props);
1903 
1904         return (error);
1905 }
1906 
1907 static int
1908 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1909 {
1910         spa_t *spa;
1911         char *path = zc->zc_value;
1912         uint64_t guid = zc->zc_guid;
1913         int error;
1914 
1915         error = spa_open(zc->zc_name, &spa, FTAG);
1916         if (error != 0)
1917                 return (error);
1918 
1919         error = spa_vdev_setpath(spa, guid, path);
1920         spa_close(spa, FTAG);
1921         return (error);
1922 }
1923 
1924 static int
1925 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1926 {
1927         spa_t *spa;
1928         char *fru = zc->zc_value;
1929         uint64_t guid = zc->zc_guid;
1930         int error;
1931 
1932         error = spa_open(zc->zc_name, &spa, FTAG);
1933         if (error != 0)
1934                 return (error);
1935 
1936         error = spa_vdev_setfru(spa, guid, fru);
1937         spa_close(spa, FTAG);
1938         return (error);
1939 }
1940 
1941 static int
1942 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os,
1943     boolean_t cachedpropsonly)
1944 {
1945         int error = 0;
1946         nvlist_t *nv;
1947 
1948         dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1949 
1950         if (zc->zc_nvlist_dst != 0 &&
1951             (error = dsl_prop_get_all(os, &nv)) == 0) {
1952                 dmu_objset_stats(os, nv);
1953                 /*
1954                  * NB: zvol_get_stats() will read the objset contents,
1955                  * which we aren't supposed to do with a
1956                  * DS_MODE_USER hold, because it could be
1957                  * inconsistent.  So this is a bit of a workaround...
1958                  * XXX reading with out owning
1959                  */
1960                 if (!zc->zc_objset_stats.dds_inconsistent &&
1961                     dmu_objset_type(os) == DMU_OST_ZVOL &&
1962                     !cachedpropsonly) {
1963                         error = zvol_get_stats(os, nv);
1964                         if (error == EIO)
1965                                 return (error);
1966                         VERIFY0(error);
1967                 }
1968                 error = put_nvlist(zc, nv);
1969                 nvlist_free(nv);
1970         }
1971 
1972         return (error);
1973 }
1974 
1975 /*
1976  * inputs:
1977  * zc_name              name of filesystem
1978  * zc_nvlist_dst_size   size of buffer for property nvlist
1979  *
1980  * outputs:
1981  * zc_objset_stats      stats
1982  * zc_nvlist_dst        property nvlist
1983  * zc_nvlist_dst_size   size of property nvlist
1984  */
1985 static int
1986 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1987 {
1988         objset_t *os = NULL;
1989         nvlist_t *nvl = NULL;
1990         boolean_t cachedpropsonly = B_FALSE;
1991         int error;
1992 
1993         if (zc->zc_nvlist_src != NULL &&
1994             (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1995             zc->zc_iflags, &nvl) != 0))
1996                 return (error);
1997 
1998         if (nvl != NULL) {
1999                 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
2000                     &cachedpropsonly);
2001                 nvlist_free(nvl);
2002         }
2003 
2004         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2005                 return (error);
2006 
2007         error = zfs_ioc_objset_stats_impl(zc, os, cachedpropsonly);
2008         dmu_objset_rele(os, FTAG);
2009 
2010         return (error);
2011 }
2012 
2013 /*
2014  * inputs:
2015  * zc_name              name of filesystem
2016  * zc_nvlist_dst_size   size of buffer for property nvlist
2017  *
2018  * outputs:
2019  * zc_nvlist_dst        received property nvlist
2020  * zc_nvlist_dst_size   size of received property nvlist
2021  *
2022  * Gets received properties (distinct from local properties on or after
2023  * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2024  * local property values.
2025  */
2026 static int
2027 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2028 {
2029         objset_t *os = NULL;
2030         int error;
2031         nvlist_t *nv;
2032 
2033         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2034                 return (error);
2035 
2036         /*
2037          * Without this check, we would return local property values if the
2038          * caller has not already received properties on or after
2039          * SPA_VERSION_RECVD_PROPS.
2040          */
2041         if (!dsl_prop_get_hasrecvd(os)) {
2042                 dmu_objset_rele(os, FTAG);
2043                 return (ENOTSUP);
2044         }
2045 
2046         if (zc->zc_nvlist_dst != 0 &&
2047             (error = dsl_prop_get_received(os, &nv)) == 0) {
2048                 error = put_nvlist(zc, nv);
2049                 nvlist_free(nv);
2050         }
2051 
2052         dmu_objset_rele(os, FTAG);
2053         return (error);
2054 }
2055 
2056 static int
2057 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2058 {
2059         uint64_t value;
2060         int error;
2061 
2062         /*
2063          * zfs_get_zplprop() will either find a value or give us
2064          * the default value (if there is one).
2065          */
2066         if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2067                 return (error);
2068         VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2069         return (0);
2070 }
2071 
2072 /*
2073  * inputs:
2074  * zc_name              name of filesystem
2075  * zc_nvlist_dst_size   size of buffer for zpl property nvlist
2076  *
2077  * outputs:
2078  * zc_nvlist_dst        zpl property nvlist
2079  * zc_nvlist_dst_size   size of zpl property nvlist
2080  */
2081 static int
2082 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2083 {
2084         objset_t *os;
2085         int err;
2086 
2087         /* XXX reading without owning */
2088         if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2089                 return (err);
2090 
2091         dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2092 
2093         /*
2094          * NB: nvl_add_zplprop() will read the objset contents,
2095          * which we aren't supposed to do with a DS_MODE_USER
2096          * hold, because it could be inconsistent.
2097          */
2098         if (zc->zc_nvlist_dst != NULL &&
2099             !zc->zc_objset_stats.dds_inconsistent &&
2100             dmu_objset_type(os) == DMU_OST_ZFS) {
2101                 nvlist_t *nv;
2102 
2103                 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2104                 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2105                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2106                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2107                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2108                         err = put_nvlist(zc, nv);
2109                 nvlist_free(nv);
2110         } else {
2111                 err = ENOENT;
2112         }
2113         dmu_objset_rele(os, FTAG);
2114         return (err);
2115 }
2116 
2117 static boolean_t
2118 dataset_name_hidden(const char *name)
2119 {
2120         /*
2121          * Skip over datasets that are not visible in this zone,
2122          * internal datasets (which have a $ in their name), and
2123          * temporary datasets (which have a % in their name).
2124          */
2125         if (strchr(name, '$') != NULL)
2126                 return (B_TRUE);
2127         if (strchr(name, '%') != NULL)
2128                 return (B_TRUE);
2129         if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2130                 return (B_TRUE);
2131         return (B_FALSE);
2132 }
2133 
2134 /*
2135  * inputs:
2136  * zc_name              name of filesystem
2137  * zc_cookie            zap cursor
2138  * zc_nvlist_dst_size   size of buffer for property nvlist
2139  *
2140  * outputs:
2141  * zc_name              name of next filesystem
2142  * zc_cookie            zap cursor
2143  * zc_objset_stats      stats
2144  * zc_nvlist_dst        property nvlist
2145  * zc_nvlist_dst_size   size of property nvlist
2146  */
2147 static int
2148 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2149 {
2150         objset_t *os;
2151         int error;
2152         char *p;
2153         size_t orig_len = strlen(zc->zc_name);
2154 
2155 top:
2156         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2157                 if (error == ENOENT)
2158                         error = ESRCH;
2159                 return (error);
2160         }
2161 
2162         p = strrchr(zc->zc_name, '/');
2163         if (p == NULL || p[1] != '\0')
2164                 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2165         p = zc->zc_name + strlen(zc->zc_name);
2166 
2167         /*
2168          * Pre-fetch the datasets.  dmu_objset_prefetch() always returns 0
2169          * but is not declared void because its called by dmu_objset_find().
2170          */
2171         if (zc->zc_cookie == 0) {
2172                 uint64_t cookie = 0;
2173                 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2174 
2175                 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2176                         if (!dataset_name_hidden(zc->zc_name))
2177                                 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2178                 }
2179         }
2180 
2181         do {
2182                 error = dmu_dir_list_next(os,
2183                     sizeof (zc->zc_name) - (p - zc->zc_name), p,
2184                     NULL, &zc->zc_cookie);
2185                 if (error == ENOENT)
2186                         error = ESRCH;
2187         } while (error == 0 && dataset_name_hidden(zc->zc_name));
2188         dmu_objset_rele(os, FTAG);
2189 
2190         /*
2191          * If it's an internal dataset (ie. with a '$' in its name),
2192          * don't try to get stats for it, otherwise we'll return ENOENT.
2193          */
2194         if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2195                 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2196                 if (error == ENOENT) {
2197                         /* We lost a race with destroy, get the next one. */
2198                         zc->zc_name[orig_len] = '\0';
2199                         goto top;
2200                 }
2201         }
2202         return (error);
2203 }
2204 
2205 /*
2206  * inputs:
2207  * zc_name              name of filesystem
2208  * zc_cookie            zap cursor
2209  * zc_nvlist_dst_size   size of buffer for property nvlist
2210  *
2211  * outputs:
2212  * zc_name              name of next snapshot
2213  * zc_objset_stats      stats
2214  * zc_nvlist_dst        property nvlist
2215  * zc_nvlist_dst_size   size of property nvlist
2216  */
2217 static int
2218 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2219 {
2220         objset_t *os;
2221         nvlist_t *nvl = NULL;
2222         boolean_t cachedpropsonly = B_FALSE;
2223         int error;
2224 
2225         if (zc->zc_nvlist_src != NULL &&
2226             (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2227             zc->zc_iflags, &nvl) != 0))
2228                 return (error);
2229 
2230         if (nvl != NULL) {
2231                 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
2232                     &cachedpropsonly);
2233                 nvlist_free(nvl);
2234         }
2235 
2236 top:
2237         if (zc->zc_cookie == 0)
2238                 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2239                     NULL, DS_FIND_SNAPSHOTS);
2240 
2241         error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2242         if (error)
2243                 return (error == ENOENT ? ESRCH : error);
2244 
2245         /*
2246          * A dataset name of maximum length cannot have any snapshots,
2247          * so exit immediately.
2248          */
2249         if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2250                 dmu_objset_rele(os, FTAG);
2251                 return (ESRCH);
2252         }
2253 
2254         error = dmu_snapshot_list_next(os,
2255             sizeof (zc->zc_name) - strlen(zc->zc_name),
2256             zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2257             NULL);
2258 
2259         if (error == 0) {
2260                 dsl_dataset_t *ds;
2261                 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2262 
2263                 /*
2264                  * Since we probably don't have a hold on this snapshot,
2265                  * it's possible that the objsetid could have been destroyed
2266                  * and reused for a new objset. It's OK if this happens during
2267                  * a zfs send operation, since the new createtxg will be
2268                  * beyond the range we're interested in.
2269                  */
2270                 rw_enter(&dp->dp_config_rwlock, RW_READER);
2271                 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2272                 rw_exit(&dp->dp_config_rwlock);
2273                 if (error) {
2274                         if (error == ENOENT) {
2275                                 /* Racing with destroy, get the next one. */
2276                                 *strchr(zc->zc_name, '@') = '\0';
2277                                 dmu_objset_rele(os, FTAG);
2278                                 goto top;
2279                         }
2280                 } else {
2281                         objset_t *ossnap;
2282 
2283                         error = dmu_objset_from_ds(ds, &ossnap);
2284                         if (error == 0) {
2285                                 error = zfs_ioc_objset_stats_impl(zc,
2286                                     ossnap, cachedpropsonly);
2287                         }
2288                         dsl_dataset_rele(ds, FTAG);
2289                 }
2290         } else if (error == ENOENT) {
2291                 error = ESRCH;
2292         }
2293 
2294         dmu_objset_rele(os, FTAG);
2295         /* if we failed, undo the @ that we tacked on to zc_name */
2296         if (error)
2297                 *strchr(zc->zc_name, '@') = '\0';
2298         return (error);
2299 }
2300 
2301 static int
2302 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2303 {
2304         const char *propname = nvpair_name(pair);
2305         uint64_t *valary;
2306         unsigned int vallen;
2307         const char *domain;
2308         char *dash;
2309         zfs_userquota_prop_t type;
2310         uint64_t rid;
2311         uint64_t quota;
2312         zfsvfs_t *zfsvfs;
2313         int err;
2314 
2315         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2316                 nvlist_t *attrs;
2317                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2318                 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2319                     &pair) != 0)
2320                         return (EINVAL);
2321         }
2322 
2323         /*
2324          * A correctly constructed propname is encoded as
2325          * userquota@<rid>-<domain>.
2326          */
2327         if ((dash = strchr(propname, '-')) == NULL ||
2328             nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2329             vallen != 3)
2330                 return (EINVAL);
2331 
2332         domain = dash + 1;
2333         type = valary[0];
2334         rid = valary[1];
2335         quota = valary[2];
2336 
2337         err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2338         if (err == 0) {
2339                 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2340                 zfsvfs_rele(zfsvfs, FTAG);
2341         }
2342 
2343         return (err);
2344 }
2345 
2346 /*
2347  * If the named property is one that has a special function to set its value,
2348  * return 0 on success and a positive error code on failure; otherwise if it is
2349  * not one of the special properties handled by this function, return -1.
2350  *
2351  * XXX: It would be better for callers of the property interface if we handled
2352  * these special cases in dsl_prop.c (in the dsl layer).
2353  */
2354 static int
2355 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2356     nvpair_t *pair)
2357 {
2358         const char *propname = nvpair_name(pair);
2359         zfs_prop_t prop = zfs_name_to_prop(propname);
2360         uint64_t intval;
2361         int err;
2362 
2363         if (prop == ZPROP_INVAL) {
2364                 if (zfs_prop_userquota(propname))
2365                         return (zfs_prop_set_userquota(dsname, pair));
2366                 return (-1);
2367         }
2368 
2369         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2370                 nvlist_t *attrs;
2371                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2372                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2373                     &pair) == 0);
2374         }
2375 
2376         if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2377                 return (-1);
2378 
2379         VERIFY(0 == nvpair_value_uint64(pair, &intval));
2380 
2381         switch (prop) {
2382         case ZFS_PROP_QUOTA:
2383                 err = dsl_dir_set_quota(dsname, source, intval);
2384                 break;
2385         case ZFS_PROP_REFQUOTA:
2386                 err = dsl_dataset_set_quota(dsname, source, intval);
2387                 break;
2388         case ZFS_PROP_FILESYSTEM_LIMIT:
2389                 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2390                     ZFS_PROP_FILESYSTEM_LIMIT);
2391                 break;
2392         case ZFS_PROP_SNAPSHOT_LIMIT:
2393                 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2394                     ZFS_PROP_SNAPSHOT_LIMIT);
2395                 break;
2396         case ZFS_PROP_RESERVATION:
2397                 err = dsl_dir_set_reservation(dsname, source, intval);
2398                 break;
2399         case ZFS_PROP_REFRESERVATION:
2400                 err = dsl_dataset_set_reservation(dsname, source, intval);
2401                 break;
2402         case ZFS_PROP_VOLSIZE:
2403                 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2404                     intval);
2405                 break;
2406         case ZFS_PROP_VERSION:
2407         {
2408                 zfsvfs_t *zfsvfs;
2409 
2410                 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2411                         break;
2412 
2413                 err = zfs_set_version(zfsvfs, intval);
2414                 zfsvfs_rele(zfsvfs, FTAG);
2415 
2416                 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2417                         zfs_cmd_t *zc;
2418 
2419                         zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2420                         (void) strcpy(zc->zc_name, dsname);
2421                         (void) zfs_ioc_userspace_upgrade(zc);
2422                         kmem_free(zc, sizeof (zfs_cmd_t));
2423                 }
2424                 break;
2425         }
2426 
2427         default:
2428                 err = -1;
2429         }
2430 
2431         return (err);
2432 }
2433 
2434 /*
2435  * This function is best effort. If it fails to set any of the given properties,
2436  * it continues to set as many as it can and returns the last error
2437  * encountered. If the caller provides a non-NULL errlist, it will be filled in
2438  * with the list of names of all the properties that failed along with the
2439  * corresponding error numbers.
2440  *
2441  * If every property is set successfully, zero is returned and errlist is not
2442  * modified.
2443  */
2444 int
2445 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2446     nvlist_t *errlist)
2447 {
2448         nvpair_t *pair;
2449         nvpair_t *propval;
2450         int rv = 0;
2451         uint64_t intval;
2452         char *strval;
2453         nvlist_t *genericnvl = fnvlist_alloc();
2454         nvlist_t *retrynvl = fnvlist_alloc();
2455 
2456 retry:
2457         pair = NULL;
2458         while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2459                 const char *propname = nvpair_name(pair);
2460                 zfs_prop_t prop = zfs_name_to_prop(propname);
2461                 int err = 0;
2462 
2463                 /* decode the property value */
2464                 propval = pair;
2465                 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2466                         nvlist_t *attrs;
2467                         attrs = fnvpair_value_nvlist(pair);
2468                         if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2469                             &propval) != 0)
2470                                 err = EINVAL;
2471                 }
2472 
2473                 /* Validate value type */
2474                 if (err == 0 && prop == ZPROP_INVAL) {
2475                         if (zfs_prop_user(propname)) {
2476                                 if (nvpair_type(propval) != DATA_TYPE_STRING)
2477                                         err = EINVAL;
2478                         } else if (zfs_prop_userquota(propname)) {
2479                                 if (nvpair_type(propval) !=
2480                                     DATA_TYPE_UINT64_ARRAY)
2481                                         err = EINVAL;
2482                         } else {
2483                                 err = EINVAL;
2484                         }
2485                 } else if (err == 0) {
2486                         if (nvpair_type(propval) == DATA_TYPE_STRING) {
2487                                 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2488                                         err = EINVAL;
2489                         } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2490                                 const char *unused;
2491 
2492                                 intval = fnvpair_value_uint64(propval);
2493 
2494                                 switch (zfs_prop_get_type(prop)) {
2495                                 case PROP_TYPE_NUMBER:
2496                                         break;
2497                                 case PROP_TYPE_STRING:
2498                                         err = EINVAL;
2499                                         break;
2500                                 case PROP_TYPE_INDEX:
2501                                         if (zfs_prop_index_to_string(prop,
2502                                             intval, &unused) != 0)
2503                                                 err = EINVAL;
2504                                         break;
2505                                 default:
2506                                         cmn_err(CE_PANIC,
2507                                             "unknown property type");
2508                                 }
2509                         } else {
2510                                 err = EINVAL;
2511                         }
2512                 }
2513 
2514                 /* Validate permissions */
2515                 if (err == 0)
2516                         err = zfs_check_settable(dsname, pair, CRED());
2517 
2518                 if (err == 0) {
2519                         err = zfs_prop_set_special(dsname, source, pair);
2520                         if (err == -1) {
2521                                 /*
2522                                  * For better performance we build up a list of
2523                                  * properties to set in a single transaction.
2524                                  */
2525                                 err = nvlist_add_nvpair(genericnvl, pair);
2526                         } else if (err != 0 && nvl != retrynvl) {
2527                                 /*
2528                                  * This may be a spurious error caused by
2529                                  * receiving quota and reservation out of order.
2530                                  * Try again in a second pass.
2531                                  */
2532                                 err = nvlist_add_nvpair(retrynvl, pair);
2533                         }
2534                 }
2535 
2536                 if (err != 0) {
2537                         if (errlist != NULL)
2538                                 fnvlist_add_int32(errlist, propname, err);
2539                         rv = err;
2540                 }
2541         }
2542 
2543         if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2544                 nvl = retrynvl;
2545                 goto retry;
2546         }
2547 
2548         if (!nvlist_empty(genericnvl) &&
2549             dsl_props_set(dsname, source, genericnvl) != 0) {
2550                 /*
2551                  * If this fails, we still want to set as many properties as we
2552                  * can, so try setting them individually.
2553                  */
2554                 pair = NULL;
2555                 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2556                         const char *propname = nvpair_name(pair);
2557                         int err = 0;
2558 
2559                         propval = pair;
2560                         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2561                                 nvlist_t *attrs;
2562                                 attrs = fnvpair_value_nvlist(pair);
2563                                 propval = fnvlist_lookup_nvpair(attrs,
2564                                     ZPROP_VALUE);
2565                         }
2566 
2567                         if (nvpair_type(propval) == DATA_TYPE_STRING) {
2568                                 strval = fnvpair_value_string(propval);
2569                                 err = dsl_prop_set(dsname, propname, source, 1,
2570                                     strlen(strval) + 1, strval);
2571                         } else {
2572                                 intval = fnvpair_value_uint64(propval);
2573                                 err = dsl_prop_set(dsname, propname, source, 8,
2574                                     1, &intval);
2575                         }
2576 
2577                         if (err != 0) {
2578                                 if (errlist != NULL) {
2579                                         fnvlist_add_int32(errlist, propname,
2580                                             err);
2581                                 }
2582                                 rv = err;
2583                         }
2584                 }
2585         }
2586         nvlist_free(genericnvl);
2587         nvlist_free(retrynvl);
2588 
2589         return (rv);
2590 }
2591 
2592 /*
2593  * Check that all the properties are valid user properties.
2594  */
2595 static int
2596 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2597 {
2598         nvpair_t *pair = NULL;
2599         int error = 0;
2600 
2601         while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2602                 const char *propname = nvpair_name(pair);
2603                 char *valstr;
2604 
2605                 if (!zfs_prop_user(propname) ||
2606                     nvpair_type(pair) != DATA_TYPE_STRING)
2607                         return (EINVAL);
2608 
2609                 if (error = zfs_secpolicy_write_perms(fsname,
2610                     ZFS_DELEG_PERM_USERPROP, CRED()))
2611                         return (error);
2612 
2613                 if (strlen(propname) >= ZAP_MAXNAMELEN)
2614                         return (ENAMETOOLONG);
2615 
2616                 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2617                 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2618                         return (E2BIG);
2619         }
2620         return (0);
2621 }
2622 
2623 static void
2624 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2625 {
2626         nvpair_t *pair;
2627 
2628         VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2629 
2630         pair = NULL;
2631         while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2632                 if (nvlist_exists(skipped, nvpair_name(pair)))
2633                         continue;
2634 
2635                 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2636         }
2637 }
2638 
2639 static int
2640 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2641     nvlist_t *skipped)
2642 {
2643         int err = 0;
2644         nvlist_t *cleared_props = NULL;
2645         props_skip(props, skipped, &cleared_props);
2646         if (!nvlist_empty(cleared_props)) {
2647                 /*
2648                  * Acts on local properties until the dataset has received
2649                  * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2650                  */
2651                 zprop_source_t flags = (ZPROP_SRC_NONE |
2652                     (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2653                 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2654         }
2655         nvlist_free(cleared_props);
2656         return (err);
2657 }
2658 
2659 /*
2660  * inputs:
2661  * zc_name              name of filesystem
2662  * zc_value             name of property to set
2663  * zc_nvlist_src{_size} nvlist of properties to apply
2664  * zc_cookie            received properties flag
2665  *
2666  * outputs:
2667  * zc_nvlist_dst{_size} error for each unapplied received property
2668  */
2669 static int
2670 zfs_ioc_set_prop(zfs_cmd_t *zc)
2671 {
2672         nvlist_t *nvl;
2673         boolean_t received = zc->zc_cookie;
2674         zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2675             ZPROP_SRC_LOCAL);
2676         nvlist_t *errors;
2677         int error;
2678 
2679         if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2680             zc->zc_iflags, &nvl)) != 0)
2681                 return (error);
2682 
2683         if (received) {
2684                 nvlist_t *origprops;
2685                 objset_t *os;
2686 
2687                 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2688                         if (dsl_prop_get_received(os, &origprops) == 0) {
2689                                 (void) clear_received_props(os,
2690                                     zc->zc_name, origprops, nvl);
2691                                 nvlist_free(origprops);
2692                         }
2693 
2694                         dsl_prop_set_hasrecvd(os);
2695                         dmu_objset_rele(os, FTAG);
2696                 }
2697         }
2698 
2699         errors = fnvlist_alloc();
2700         error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2701 
2702         if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2703                 (void) put_nvlist(zc, errors);
2704         }
2705 
2706         nvlist_free(errors);
2707         nvlist_free(nvl);
2708         return (error);
2709 }
2710 
2711 /*
2712  * inputs:
2713  * zc_name              name of filesystem
2714  * zc_value             name of property to inherit
2715  * zc_cookie            revert to received value if TRUE
2716  *
2717  * outputs:             none
2718  */
2719 static int
2720 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2721 {
2722         const char *propname = zc->zc_value;
2723         zfs_prop_t prop = zfs_name_to_prop(propname);
2724         boolean_t received = zc->zc_cookie;
2725         zprop_source_t source = (received
2726             ? ZPROP_SRC_NONE            /* revert to received value, if any */
2727             : ZPROP_SRC_INHERITED);     /* explicitly inherit */
2728 
2729         if (received) {
2730                 nvlist_t *dummy;
2731                 nvpair_t *pair;
2732                 zprop_type_t type;
2733                 int err;
2734 
2735                 /*
2736                  * zfs_prop_set_special() expects properties in the form of an
2737                  * nvpair with type info.
2738                  */
2739                 if (prop == ZPROP_INVAL) {
2740                         if (!zfs_prop_user(propname))
2741                                 return (EINVAL);
2742 
2743                         type = PROP_TYPE_STRING;
2744                 } else if (prop == ZFS_PROP_VOLSIZE ||
2745                     prop == ZFS_PROP_VERSION) {
2746                         return (EINVAL);
2747                 } else {
2748                         type = zfs_prop_get_type(prop);
2749                 }
2750 
2751                 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2752 
2753                 switch (type) {
2754                 case PROP_TYPE_STRING:
2755                         VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2756                         break;
2757                 case PROP_TYPE_NUMBER:
2758                 case PROP_TYPE_INDEX:
2759                         VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2760                         break;
2761                 default:
2762                         nvlist_free(dummy);
2763                         return (EINVAL);
2764                 }
2765 
2766                 pair = nvlist_next_nvpair(dummy, NULL);
2767                 err = zfs_prop_set_special(zc->zc_name, source, pair);
2768                 nvlist_free(dummy);
2769                 if (err != -1)
2770                         return (err); /* special property already handled */
2771         } else {
2772                 /*
2773                  * Only check this in the non-received case. We want to allow
2774                  * 'inherit -S' to revert non-inheritable properties like quota
2775                  * and reservation to the received or default values even though
2776                  * they are not considered inheritable.
2777                  */
2778                 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2779                         return (EINVAL);
2780         }
2781 
2782         /* property name has been validated by zfs_secpolicy_inherit_prop() */
2783         return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2784 }
2785 
2786 static int
2787 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2788 {
2789         nvlist_t *props;
2790         spa_t *spa;
2791         int error;
2792         nvpair_t *pair;
2793 
2794         if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2795             zc->zc_iflags, &props))
2796                 return (error);
2797 
2798         /*
2799          * If the only property is the configfile, then just do a spa_lookup()
2800          * to handle the faulted case.
2801          */
2802         pair = nvlist_next_nvpair(props, NULL);
2803         if (pair != NULL && strcmp(nvpair_name(pair),
2804             zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2805             nvlist_next_nvpair(props, pair) == NULL) {
2806                 mutex_enter(&spa_namespace_lock);
2807                 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2808                         spa_configfile_set(spa, props, B_FALSE);
2809                         spa_config_sync(spa, B_FALSE, B_TRUE);
2810                 }
2811                 mutex_exit(&spa_namespace_lock);
2812                 if (spa != NULL) {
2813                         nvlist_free(props);
2814                         return (0);
2815                 }
2816         }
2817 
2818         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2819                 nvlist_free(props);
2820                 return (error);
2821         }
2822 
2823         error = spa_prop_set(spa, props);
2824 
2825         nvlist_free(props);
2826         spa_close(spa, FTAG);
2827 
2828         return (error);
2829 }
2830 
2831 static int
2832 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2833 {
2834         spa_t *spa;
2835         int error;
2836         nvlist_t *nvp = NULL;
2837 
2838         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2839                 /*
2840                  * If the pool is faulted, there may be properties we can still
2841                  * get (such as altroot and cachefile), so attempt to get them
2842                  * anyway.
2843                  */
2844                 mutex_enter(&spa_namespace_lock);
2845                 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2846                         error = spa_prop_get(spa, &nvp);
2847                 mutex_exit(&spa_namespace_lock);
2848         } else {
2849                 error = spa_prop_get(spa, &nvp);
2850                 spa_close(spa, FTAG);
2851         }
2852 
2853         if (error == 0 && zc->zc_nvlist_dst != NULL)
2854                 error = put_nvlist(zc, nvp);
2855         else
2856                 error = EFAULT;
2857 
2858         nvlist_free(nvp);
2859         return (error);
2860 }
2861 
2862 /*
2863  * inputs:
2864  * zc_name              name of filesystem
2865  * zc_nvlist_src{_size} nvlist of delegated permissions
2866  * zc_perm_action       allow/unallow flag
2867  *
2868  * outputs:             none
2869  */
2870 static int
2871 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2872 {
2873         int error;
2874         nvlist_t *fsaclnv = NULL;
2875 
2876         if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2877             zc->zc_iflags, &fsaclnv)) != 0)
2878                 return (error);
2879 
2880         /*
2881          * Verify nvlist is constructed correctly
2882          */
2883         if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2884                 nvlist_free(fsaclnv);
2885                 return (EINVAL);
2886         }
2887 
2888         /*
2889          * If we don't have PRIV_SYS_MOUNT, then validate
2890          * that user is allowed to hand out each permission in
2891          * the nvlist(s)
2892          */
2893 
2894         error = secpolicy_zfs(CRED());
2895         if (error) {
2896                 if (zc->zc_perm_action == B_FALSE) {
2897                         error = dsl_deleg_can_allow(zc->zc_name,
2898                             fsaclnv, CRED());
2899                 } else {
2900                         error = dsl_deleg_can_unallow(zc->zc_name,
2901                             fsaclnv, CRED());
2902                 }
2903         }
2904 
2905         if (error == 0)
2906                 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2907 
2908         nvlist_free(fsaclnv);
2909         return (error);
2910 }
2911 
2912 /*
2913  * inputs:
2914  * zc_name              name of filesystem
2915  *
2916  * outputs:
2917  * zc_nvlist_src{_size} nvlist of delegated permissions
2918  */
2919 static int
2920 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2921 {
2922         nvlist_t *nvp;
2923         int error;
2924 
2925         if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2926                 error = put_nvlist(zc, nvp);
2927                 nvlist_free(nvp);
2928         }
2929 
2930         return (error);
2931 }
2932 
2933 /*
2934  * Search the vfs list for a specified resource.  Returns a pointer to it
2935  * or NULL if no suitable entry is found. The caller of this routine
2936  * is responsible for releasing the returned vfs pointer.
2937  */
2938 static vfs_t *
2939 zfs_get_vfs(const char *resource)
2940 {
2941         struct vfs *vfsp;
2942         struct vfs *vfs_found = NULL;
2943 
2944         vfs_list_read_lock();
2945         vfsp = rootvfs;
2946         do {
2947                 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2948                         VFS_HOLD(vfsp);
2949                         vfs_found = vfsp;
2950                         break;
2951                 }
2952                 vfsp = vfsp->vfs_next;
2953         } while (vfsp != rootvfs);
2954         vfs_list_unlock();
2955         return (vfs_found);
2956 }
2957 
2958 /* ARGSUSED */
2959 static void
2960 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2961 {
2962         zfs_creat_t *zct = arg;
2963 
2964         zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2965 }
2966 
2967 #define ZFS_PROP_UNDEFINED      ((uint64_t)-1)
2968 
2969 /*
2970  * inputs:
2971  * createprops          list of properties requested by creator
2972  * default_zplver       zpl version to use if unspecified in createprops
2973  * fuids_ok             fuids allowed in this version of the spa?
2974  * os                   parent objset pointer (NULL if root fs)
2975  *
2976  * outputs:
2977  * zplprops     values for the zplprops we attach to the master node object
2978  * is_ci        true if requested file system will be purely case-insensitive
2979  *
2980  * Determine the settings for utf8only, normalization and
2981  * casesensitivity.  Specific values may have been requested by the
2982  * creator and/or we can inherit values from the parent dataset.  If
2983  * the file system is of too early a vintage, a creator can not
2984  * request settings for these properties, even if the requested
2985  * setting is the default value.  We don't actually want to create dsl
2986  * properties for these, so remove them from the source nvlist after
2987  * processing.
2988  */
2989 static int
2990 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2991     boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2992     nvlist_t *zplprops, boolean_t *is_ci)
2993 {
2994         uint64_t sense = ZFS_PROP_UNDEFINED;
2995         uint64_t norm = ZFS_PROP_UNDEFINED;
2996         uint64_t u8 = ZFS_PROP_UNDEFINED;
2997         int error;
2998 
2999         ASSERT(zplprops != NULL);
3000 
3001         /*
3002          * Pull out creator prop choices, if any.
3003          */
3004         if (createprops) {
3005                 (void) nvlist_lookup_uint64(createprops,
3006                     zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3007                 (void) nvlist_lookup_uint64(createprops,
3008                     zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3009                 (void) nvlist_remove_all(createprops,
3010                     zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3011                 (void) nvlist_lookup_uint64(createprops,
3012                     zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3013                 (void) nvlist_remove_all(createprops,
3014                     zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3015                 (void) nvlist_lookup_uint64(createprops,
3016                     zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3017                 (void) nvlist_remove_all(createprops,
3018                     zfs_prop_to_name(ZFS_PROP_CASE));
3019         }
3020 
3021         /*
3022          * If the zpl version requested is whacky or the file system
3023          * or pool is version is too "young" to support normalization
3024          * and the creator tried to set a value for one of the props,
3025          * error out.
3026          */
3027         if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3028             (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3029             (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3030             (zplver < ZPL_VERSION_NORMALIZATION &&
3031             (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3032             sense != ZFS_PROP_UNDEFINED)))
3033                 return (ENOTSUP);
3034 
3035         /*
3036          * Put the version in the zplprops
3037          */
3038         VERIFY(nvlist_add_uint64(zplprops,
3039             zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3040 
3041         if (norm == ZFS_PROP_UNDEFINED &&
3042             (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3043                 return (error);
3044         VERIFY(nvlist_add_uint64(zplprops,
3045             zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3046 
3047         /*
3048          * If we're normalizing, names must always be valid UTF-8 strings.
3049          */
3050         if (norm)
3051                 u8 = 1;
3052         if (u8 == ZFS_PROP_UNDEFINED &&
3053             (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3054                 return (error);
3055         VERIFY(nvlist_add_uint64(zplprops,
3056             zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3057 
3058         if (sense == ZFS_PROP_UNDEFINED &&
3059             (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3060                 return (error);
3061         VERIFY(nvlist_add_uint64(zplprops,
3062             zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3063 
3064         if (is_ci)
3065                 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3066 
3067         return (0);
3068 }
3069 
3070 static int
3071 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3072     nvlist_t *zplprops, boolean_t *is_ci)
3073 {
3074         boolean_t fuids_ok, sa_ok;
3075         uint64_t zplver = ZPL_VERSION;
3076         objset_t *os = NULL;
3077         char parentname[MAXNAMELEN];
3078         char *cp;
3079         spa_t *spa;
3080         uint64_t spa_vers;
3081         int error;
3082 
3083         (void) strlcpy(parentname, dataset, sizeof (parentname));
3084         cp = strrchr(parentname, '/');
3085         ASSERT(cp != NULL);
3086         cp[0] = '\0';
3087 
3088         if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3089                 return (error);
3090 
3091         spa_vers = spa_version(spa);
3092         spa_close(spa, FTAG);
3093 
3094         zplver = zfs_zpl_version_map(spa_vers);
3095         fuids_ok = (zplver >= ZPL_VERSION_FUID);
3096         sa_ok = (zplver >= ZPL_VERSION_SA);
3097 
3098         /*
3099          * Open parent object set so we can inherit zplprop values.
3100          */
3101         if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3102                 return (error);
3103 
3104         error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3105             zplprops, is_ci);
3106         dmu_objset_rele(os, FTAG);
3107         return (error);
3108 }
3109 
3110 static int
3111 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3112     nvlist_t *zplprops, boolean_t *is_ci)
3113 {
3114         boolean_t fuids_ok;
3115         boolean_t sa_ok;
3116         uint64_t zplver = ZPL_VERSION;
3117         int error;
3118 
3119         zplver = zfs_zpl_version_map(spa_vers);
3120         fuids_ok = (zplver >= ZPL_VERSION_FUID);
3121         sa_ok = (zplver >= ZPL_VERSION_SA);
3122 
3123         error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3124             createprops, zplprops, is_ci);
3125         return (error);
3126 }
3127 
3128 /*
3129  * innvl: {
3130  *     "type" -> dmu_objset_type_t (int32)
3131  *     (optional) "props" -> { prop -> value }
3132  * }
3133  *
3134  * outnvl: propname -> error code (int32)
3135  */
3136 static int
3137 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3138 {
3139         int error = 0;
3140         zfs_creat_t zct = { 0 };
3141         nvlist_t *nvprops = NULL;
3142         void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3143         int32_t type32;
3144         dmu_objset_type_t type;
3145         boolean_t is_insensitive = B_FALSE;
3146 
3147         if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3148                 return (EINVAL);
3149         type = type32;
3150         (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3151 
3152         switch (type) {
3153         case DMU_OST_ZFS:
3154                 cbfunc = zfs_create_cb;
3155                 break;
3156 
3157         case DMU_OST_ZVOL:
3158                 cbfunc = zvol_create_cb;
3159                 break;
3160 
3161         default:
3162                 cbfunc = NULL;
3163                 break;
3164         }
3165         if (strchr(fsname, '@') ||
3166             strchr(fsname, '%'))
3167                 return (EINVAL);
3168 
3169         zct.zct_props = nvprops;
3170 
3171         if (cbfunc == NULL)
3172                 return (EINVAL);
3173 
3174         if (type == DMU_OST_ZVOL) {
3175                 uint64_t volsize, volblocksize;
3176 
3177                 if (nvprops == NULL)
3178                         return (EINVAL);
3179                 if (nvlist_lookup_uint64(nvprops,
3180                     zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3181                         return (EINVAL);
3182 
3183                 if ((error = nvlist_lookup_uint64(nvprops,
3184                     zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3185                     &volblocksize)) != 0 && error != ENOENT)
3186                         return (EINVAL);
3187 
3188                 if (error != 0)
3189                         volblocksize = zfs_prop_default_numeric(
3190                             ZFS_PROP_VOLBLOCKSIZE);
3191 
3192                 if ((error = zvol_check_volblocksize(
3193                     volblocksize)) != 0 ||
3194                     (error = zvol_check_volsize(volsize,
3195                     volblocksize)) != 0)
3196                         return (error);
3197         } else if (type == DMU_OST_ZFS) {
3198                 int error;
3199 
3200                 /*
3201                  * We have to have normalization and
3202                  * case-folding flags correct when we do the
3203                  * file system creation, so go figure them out
3204                  * now.
3205                  */
3206                 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3207                     NV_UNIQUE_NAME, KM_SLEEP) == 0);
3208                 error = zfs_fill_zplprops(fsname, nvprops,
3209                     zct.zct_zplprops, &is_insensitive);
3210                 if (error != 0) {
3211                         nvlist_free(zct.zct_zplprops);
3212                         return (error);
3213                 }
3214         }
3215 
3216         error = dmu_objset_create(fsname, type,
3217             is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3218         nvlist_free(zct.zct_zplprops);
3219 
3220         /*
3221          * It would be nice to do this atomically.
3222          */
3223         if (error == 0) {
3224                 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3225                     nvprops, outnvl);
3226                 if (error != 0)
3227                         (void) dmu_objset_destroy(fsname, B_FALSE);
3228         }
3229         return (error);
3230 }
3231 
3232 /*
3233  * innvl: {
3234  *     "origin" -> name of origin snapshot
3235  *     (optional) "props" -> { prop -> value }
3236  * }
3237  *
3238  * outnvl: propname -> error code (int32)
3239  */
3240 static int
3241 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3242 {
3243         int error = 0;
3244         nvlist_t *nvprops = NULL;
3245         char *origin_name;
3246         dsl_dataset_t *origin;
3247 
3248         if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3249                 return (EINVAL);
3250         (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3251 
3252         if (strchr(fsname, '@') ||
3253             strchr(fsname, '%'))
3254                 return (EINVAL);
3255 
3256         if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3257                 return (EINVAL);
3258 
3259         error = dsl_dataset_hold(origin_name, FTAG, &origin);
3260         if (error)
3261                 return (error);
3262 
3263         error = dmu_objset_clone(fsname, origin, 0);
3264         dsl_dataset_rele(origin, FTAG);
3265         if (error)
3266                 return (error);
3267 
3268         /*
3269          * It would be nice to do this atomically.
3270          */
3271         if (error == 0) {
3272                 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3273                     nvprops, outnvl);
3274                 if (error != 0)
3275                         (void) dmu_objset_destroy(fsname, B_FALSE);
3276         }
3277         return (error);
3278 }
3279 
3280 /*
3281  * innvl: {
3282  *     "snaps" -> { snapshot1, snapshot2 }
3283  *     (optional) "props" -> { prop -> value (string) }
3284  * }
3285  *
3286  * outnvl: snapshot -> error code (int32)
3287  *
3288  */
3289 static int
3290 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3291 {
3292         nvlist_t *snaps;
3293         nvlist_t *props = NULL;
3294         int error, poollen;
3295         nvpair_t *pair;
3296 
3297         (void) nvlist_lookup_nvlist(innvl, "props", &props);
3298         if ((error = zfs_check_userprops(poolname, props)) != 0)
3299                 return (error);
3300 
3301         if (!nvlist_empty(props) &&
3302             zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3303                 return (ENOTSUP);
3304 
3305         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3306                 return (EINVAL);
3307         poollen = strlen(poolname);
3308         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3309             pair = nvlist_next_nvpair(snaps, pair)) {
3310                 const char *name = nvpair_name(pair);
3311                 const char *cp = strchr(name, '@');
3312 
3313                 /*
3314                  * The snap name must contain an @, and the part after it must
3315                  * contain only valid characters.
3316                  */
3317                 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3318                         return (EINVAL);
3319 
3320                 /*
3321                  * The snap must be in the specified pool.
3322                  */
3323                 if (strncmp(name, poolname, poollen) != 0 ||
3324                     (name[poollen] != '/' && name[poollen] != '@'))
3325                         return (EXDEV);
3326 
3327                 /* This must be the only snap of this fs. */
3328                 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3329                     pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3330                         if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3331                             == 0) {
3332                                 return (EXDEV);
3333                         }
3334                 }
3335         }
3336 
3337         error = dmu_objset_snapshot(snaps, props, outnvl);
3338         return (error);
3339 }
3340 
3341 /*
3342  * innvl: "message" -> string
3343  */
3344 /* ARGSUSED */
3345 static int
3346 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3347 {
3348         char *message;
3349         spa_t *spa;
3350         int error;
3351         char *poolname;
3352 
3353         /*
3354          * The poolname in the ioctl is not set, we get it from the TSD,
3355          * which was set at the end of the last successful ioctl that allows
3356          * logging.  The secpolicy func already checked that it is set.
3357          * Only one log ioctl is allowed after each successful ioctl, so
3358          * we clear the TSD here.
3359          */
3360         poolname = tsd_get(zfs_allow_log_key);
3361         (void) tsd_set(zfs_allow_log_key, NULL);
3362         error = spa_open(poolname, &spa, FTAG);
3363         strfree(poolname);
3364         if (error != 0)
3365                 return (error);
3366 
3367         if (nvlist_lookup_string(innvl, "message", &message) != 0)  {
3368                 spa_close(spa, FTAG);
3369                 return (EINVAL);
3370         }
3371 
3372         if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3373                 spa_close(spa, FTAG);
3374                 return (ENOTSUP);
3375         }
3376 
3377         error = spa_history_log(spa, message);
3378         spa_close(spa, FTAG);
3379         return (error);
3380 }
3381 
3382 /* ARGSUSED */
3383 int
3384 zfs_unmount_snap(const char *name, void *arg)
3385 {
3386         vfs_t *vfsp;
3387         int err;
3388 
3389         if (strchr(name, '@') == NULL)
3390                 return (0);
3391 
3392         vfsp = zfs_get_vfs(name);
3393         if (vfsp == NULL)
3394                 return (0);
3395 
3396         if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3397                 VFS_RELE(vfsp);
3398                 return (err);
3399         }
3400         VFS_RELE(vfsp);
3401 
3402         /*
3403          * Always force the unmount for snapshots.
3404          */
3405         return (dounmount(vfsp, MS_FORCE, kcred));
3406 }
3407 
3408 /*
3409  * innvl: {
3410  *     "snaps" -> { snapshot1, snapshot2 }
3411  *     (optional boolean) "defer"
3412  * }
3413  *
3414  * outnvl: snapshot -> error code (int32)
3415  *
3416  */
3417 static int
3418 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3419 {
3420         int poollen;
3421         nvlist_t *snaps;
3422         nvpair_t *pair;
3423         boolean_t defer;
3424 
3425         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3426                 return (EINVAL);
3427         defer = nvlist_exists(innvl, "defer");
3428 
3429         poollen = strlen(poolname);
3430         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3431             pair = nvlist_next_nvpair(snaps, pair)) {
3432                 const char *name = nvpair_name(pair);
3433 
3434                 /*
3435                  * The snap must be in the specified pool.
3436                  */
3437                 if (strncmp(name, poolname, poollen) != 0 ||
3438                     (name[poollen] != '/' && name[poollen] != '@'))
3439                         return (EXDEV);
3440 
3441                 /*
3442                  * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3443                  * will deal with this gracefully (by filling in outnvl).
3444                  */
3445                 (void) zfs_unmount_snap(name, NULL);
3446         }
3447 
3448         return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3449 }
3450 
3451 /*
3452  * inputs:
3453  * zc_name              name of dataset to destroy
3454  * zc_objset_type       type of objset
3455  * zc_defer_destroy     mark for deferred destroy
3456  *
3457  * outputs:             none
3458  */
3459 static int
3460 zfs_ioc_destroy(zfs_cmd_t *zc)
3461 {
3462         int err;
3463         if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3464                 err = zfs_unmount_snap(zc->zc_name, NULL);
3465                 if (err)
3466                         return (err);
3467         }
3468 
3469         err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3470         if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3471                 (void) zvol_remove_minor(zc->zc_name);
3472         return (err);
3473 }
3474 
3475 /*
3476  * inputs:
3477  * zc_name      name of dataset to rollback (to most recent snapshot)
3478  *
3479  * outputs:     none
3480  */
3481 static int
3482 zfs_ioc_rollback(zfs_cmd_t *zc)
3483 {
3484         dsl_dataset_t *ds, *clone;
3485         int error;
3486         zfsvfs_t *zfsvfs;
3487         char *clone_name;
3488 
3489         error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3490         if (error)
3491                 return (error);
3492 
3493         /* must not be a snapshot */
3494         if (dsl_dataset_is_snapshot(ds)) {
3495                 dsl_dataset_rele(ds, FTAG);
3496                 return (EINVAL);
3497         }
3498 
3499         /* must have a most recent snapshot */
3500         if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3501                 dsl_dataset_rele(ds, FTAG);
3502                 return (EINVAL);
3503         }
3504 
3505         /*
3506          * Create clone of most recent snapshot.
3507          */
3508         clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3509         error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3510         if (error)
3511                 goto out;
3512 
3513         error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3514         if (error)
3515                 goto out;
3516 
3517         /*
3518          * Do clone swap.
3519          */
3520         if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3521                 error = zfs_suspend_fs(zfsvfs);
3522                 if (error == 0) {
3523                         int resume_err;
3524 
3525                         if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3526                                 error = dsl_dataset_clone_swap(clone, ds,
3527                                     B_TRUE);
3528                                 dsl_dataset_disown(ds, FTAG);
3529                                 ds = NULL;
3530                         } else {
3531                                 error = EBUSY;
3532                         }
3533                         resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3534                         error = error ? error : resume_err;
3535                 }
3536                 VFS_RELE(zfsvfs->z_vfs);
3537         } else {
3538                 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3539                         error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3540                         dsl_dataset_disown(ds, FTAG);
3541                         ds = NULL;
3542                 } else {
3543                         error = EBUSY;
3544                 }
3545         }
3546 
3547         /*
3548          * Destroy clone (which also closes it).
3549          */
3550         (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3551 
3552 out:
3553         strfree(clone_name);
3554         if (ds)
3555                 dsl_dataset_rele(ds, FTAG);
3556         return (error);
3557 }
3558 
3559 /*
3560  * inputs:
3561  * zc_name      old name of dataset
3562  * zc_value     new name of dataset
3563  * zc_cookie    recursive flag (only valid for snapshots)
3564  *
3565  * outputs:     none
3566  */
3567 static int
3568 zfs_ioc_rename(zfs_cmd_t *zc)
3569 {
3570         boolean_t recursive = zc->zc_cookie & 1;
3571 
3572         zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3573         if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3574             strchr(zc->zc_value, '%'))
3575                 return (EINVAL);
3576 
3577         /*
3578          * Unmount snapshot unless we're doing a recursive rename,
3579          * in which case the dataset code figures out which snapshots
3580          * to unmount.
3581          */
3582         if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3583             zc->zc_objset_type == DMU_OST_ZFS) {
3584                 int err = zfs_unmount_snap(zc->zc_name, NULL);
3585                 if (err)
3586                         return (err);
3587         }
3588         if (zc->zc_objset_type == DMU_OST_ZVOL)
3589                 (void) zvol_remove_minor(zc->zc_name);
3590         return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3591 }
3592 
3593 static int
3594 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3595 {
3596         const char *propname = nvpair_name(pair);
3597         boolean_t issnap = (strchr(dsname, '@') != NULL);
3598         zfs_prop_t prop = zfs_name_to_prop(propname);
3599         uint64_t intval;
3600         int err;
3601 
3602         if (prop == ZPROP_INVAL) {
3603                 if (zfs_prop_user(propname)) {
3604                         if (err = zfs_secpolicy_write_perms(dsname,
3605                             ZFS_DELEG_PERM_USERPROP, cr))
3606                                 return (err);
3607                         return (0);
3608                 }
3609 
3610                 if (!issnap && zfs_prop_userquota(propname)) {
3611                         const char *perm = NULL;
3612                         const char *uq_prefix =
3613                             zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3614                         const char *gq_prefix =
3615                             zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3616 
3617                         if (strncmp(propname, uq_prefix,
3618                             strlen(uq_prefix)) == 0) {
3619                                 perm = ZFS_DELEG_PERM_USERQUOTA;
3620                         } else if (strncmp(propname, gq_prefix,
3621                             strlen(gq_prefix)) == 0) {
3622                                 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3623                         } else {
3624                                 /* USERUSED and GROUPUSED are read-only */
3625                                 return (EINVAL);
3626                         }
3627 
3628                         if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3629                                 return (err);
3630                         return (0);
3631                 }
3632 
3633                 return (EINVAL);
3634         }
3635 
3636         if (issnap)
3637                 return (EINVAL);
3638 
3639         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3640                 /*
3641                  * dsl_prop_get_all_impl() returns properties in this
3642                  * format.
3643                  */
3644                 nvlist_t *attrs;
3645                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3646                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3647                     &pair) == 0);
3648         }
3649 
3650         /*
3651          * Check that this value is valid for this pool version
3652          */
3653         switch (prop) {
3654         case ZFS_PROP_COMPRESSION:
3655                 /*
3656                  * If the user specified gzip compression, make sure
3657                  * the SPA supports it. We ignore any errors here since
3658                  * we'll catch them later.
3659                  */
3660                 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3661                     nvpair_value_uint64(pair, &intval) == 0) {
3662                         if (intval >= ZIO_COMPRESS_GZIP_1 &&
3663                             intval <= ZIO_COMPRESS_GZIP_9 &&
3664                             zfs_earlier_version(dsname,
3665                             SPA_VERSION_GZIP_COMPRESSION)) {
3666                                 return (ENOTSUP);
3667                         }
3668 
3669                         if (intval == ZIO_COMPRESS_ZLE &&
3670                             zfs_earlier_version(dsname,
3671                             SPA_VERSION_ZLE_COMPRESSION))
3672                                 return (ENOTSUP);
3673 
3674                         /*
3675                          * If this is a bootable dataset then
3676                          * verify that the compression algorithm
3677                          * is supported for booting. We must return
3678                          * something other than ENOTSUP since it
3679                          * implies a downrev pool version.
3680                          */
3681                         if (zfs_is_bootfs(dsname) &&
3682                             !BOOTFS_COMPRESS_VALID(intval)) {
3683                                 return (ERANGE);
3684                         }
3685                 }
3686                 break;
3687 
3688         case ZFS_PROP_COPIES:
3689                 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3690                         return (ENOTSUP);
3691                 break;
3692 
3693         case ZFS_PROP_DEDUP:
3694                 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3695                         return (ENOTSUP);
3696                 break;
3697 
3698         case ZFS_PROP_SHARESMB:
3699                 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3700                         return (ENOTSUP);
3701                 break;
3702 
3703         case ZFS_PROP_ACLINHERIT:
3704                 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3705                     nvpair_value_uint64(pair, &intval) == 0) {
3706                         if (intval == ZFS_ACL_PASSTHROUGH_X &&
3707                             zfs_earlier_version(dsname,
3708                             SPA_VERSION_PASSTHROUGH_X))
3709                                 return (ENOTSUP);
3710                 }
3711                 break;
3712         }
3713 
3714         return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3715 }
3716 
3717 /*
3718  * Removes properties from the given props list that fail permission checks
3719  * needed to clear them and to restore them in case of a receive error. For each
3720  * property, make sure we have both set and inherit permissions.
3721  *
3722  * Returns the first error encountered if any permission checks fail. If the
3723  * caller provides a non-NULL errlist, it also gives the complete list of names
3724  * of all the properties that failed a permission check along with the
3725  * corresponding error numbers. The caller is responsible for freeing the
3726  * returned errlist.
3727  *
3728  * If every property checks out successfully, zero is returned and the list
3729  * pointed at by errlist is NULL.
3730  */
3731 static int
3732 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3733 {
3734         zfs_cmd_t *zc;
3735         nvpair_t *pair, *next_pair;
3736         nvlist_t *errors;
3737         int err, rv = 0;
3738 
3739         if (props == NULL)
3740                 return (0);
3741 
3742         VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3743 
3744         zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3745         (void) strcpy(zc->zc_name, dataset);
3746         pair = nvlist_next_nvpair(props, NULL);
3747         while (pair != NULL) {
3748                 next_pair = nvlist_next_nvpair(props, pair);
3749 
3750                 (void) strcpy(zc->zc_value, nvpair_name(pair));
3751                 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3752                     (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3753                         VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3754                         VERIFY(nvlist_add_int32(errors,
3755                             zc->zc_value, err) == 0);
3756                 }
3757                 pair = next_pair;
3758         }
3759         kmem_free(zc, sizeof (zfs_cmd_t));
3760 
3761         if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3762                 nvlist_free(errors);
3763                 errors = NULL;
3764         } else {
3765                 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3766         }
3767 
3768         if (errlist == NULL)
3769                 nvlist_free(errors);
3770         else
3771                 *errlist = errors;
3772 
3773         return (rv);
3774 }
3775 
3776 static boolean_t
3777 propval_equals(nvpair_t *p1, nvpair_t *p2)
3778 {
3779         if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3780                 /* dsl_prop_get_all_impl() format */
3781                 nvlist_t *attrs;
3782                 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3783                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3784                     &p1) == 0);
3785         }
3786 
3787         if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3788                 nvlist_t *attrs;
3789                 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3790                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3791                     &p2) == 0);
3792         }
3793 
3794         if (nvpair_type(p1) != nvpair_type(p2))
3795                 return (B_FALSE);
3796 
3797         if (nvpair_type(p1) == DATA_TYPE_STRING) {
3798                 char *valstr1, *valstr2;
3799 
3800                 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3801                 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3802                 return (strcmp(valstr1, valstr2) == 0);
3803         } else {
3804                 uint64_t intval1, intval2;
3805 
3806                 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3807                 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3808                 return (intval1 == intval2);
3809         }
3810 }
3811 
3812 /*
3813  * Remove properties from props if they are not going to change (as determined
3814  * by comparison with origprops). Remove them from origprops as well, since we
3815  * do not need to clear or restore properties that won't change.
3816  */
3817 static void
3818 props_reduce(nvlist_t *props, nvlist_t *origprops)
3819 {
3820         nvpair_t *pair, *next_pair;
3821 
3822         if (origprops == NULL)
3823                 return; /* all props need to be received */
3824 
3825         pair = nvlist_next_nvpair(props, NULL);
3826         while (pair != NULL) {
3827                 const char *propname = nvpair_name(pair);
3828                 nvpair_t *match;
3829 
3830                 next_pair = nvlist_next_nvpair(props, pair);
3831 
3832                 if ((nvlist_lookup_nvpair(origprops, propname,
3833                     &match) != 0) || !propval_equals(pair, match))
3834                         goto next; /* need to set received value */
3835 
3836                 /* don't clear the existing received value */
3837                 (void) nvlist_remove_nvpair(origprops, match);
3838                 /* don't bother receiving the property */
3839                 (void) nvlist_remove_nvpair(props, pair);
3840 next:
3841                 pair = next_pair;
3842         }
3843 }
3844 
3845 #ifdef  DEBUG
3846 static boolean_t zfs_ioc_recv_inject_err;
3847 #endif
3848 
3849 /*
3850  * inputs:
3851  * zc_name              name of containing filesystem
3852  * zc_nvlist_src{_size} nvlist of properties to apply
3853  * zc_value             name of snapshot to create
3854  * zc_string            name of clone origin (if DRR_FLAG_CLONE)
3855  * zc_cookie            file descriptor to recv from
3856  * zc_begin_record      the BEGIN record of the stream (not byteswapped)
3857  * zc_guid              force flag
3858  * zc_cleanup_fd        cleanup-on-exit file descriptor
3859  * zc_action_handle     handle for this guid/ds mapping (or zero on first call)
3860  *
3861  * outputs:
3862  * zc_cookie            number of bytes read
3863  * zc_nvlist_dst{_size} error for each unapplied received property
3864  * zc_obj               zprop_errflags_t
3865  * zc_action_handle     handle for this guid/ds mapping
3866  */
3867 static int
3868 zfs_ioc_recv(zfs_cmd_t *zc)
3869 {
3870         file_t *fp;
3871         objset_t *os;
3872         dmu_recv_cookie_t drc;
3873         boolean_t force = (boolean_t)zc->zc_guid;
3874         int fd;
3875         int error = 0;
3876         int props_error = 0;
3877         nvlist_t *errors;
3878         offset_t off;
3879         nvlist_t *props = NULL; /* sent properties */
3880         nvlist_t *origprops = NULL; /* existing properties */
3881         objset_t *origin = NULL;
3882         char *tosnap;
3883         char tofs[ZFS_MAXNAMELEN];
3884         boolean_t first_recvd_props = B_FALSE;
3885 
3886         if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3887             strchr(zc->zc_value, '@') == NULL ||
3888             strchr(zc->zc_value, '%'))
3889                 return (EINVAL);
3890 
3891         (void) strcpy(tofs, zc->zc_value);
3892         tosnap = strchr(tofs, '@');
3893         *tosnap++ = '\0';
3894 
3895         if (zc->zc_nvlist_src != NULL &&
3896             (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3897             zc->zc_iflags, &props)) != 0)
3898                 return (error);
3899 
3900         fd = zc->zc_cookie;
3901         fp = getf(fd);
3902         if (fp == NULL) {
3903                 nvlist_free(props);
3904                 return (EBADF);
3905         }
3906 
3907         VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3908 
3909         if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3910                 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3911                     !dsl_prop_get_hasrecvd(os)) {
3912                         first_recvd_props = B_TRUE;
3913                 }
3914 
3915                 /*
3916                  * If new received properties are supplied, they are to
3917                  * completely replace the existing received properties, so stash
3918                  * away the existing ones.
3919                  */
3920                 if (dsl_prop_get_received(os, &origprops) == 0) {
3921                         nvlist_t *errlist = NULL;
3922                         /*
3923                          * Don't bother writing a property if its value won't
3924                          * change (and avoid the unnecessary security checks).
3925                          *
3926                          * The first receive after SPA_VERSION_RECVD_PROPS is a
3927                          * special case where we blow away all local properties
3928                          * regardless.
3929                          */
3930                         if (!first_recvd_props)
3931                                 props_reduce(props, origprops);
3932                         if (zfs_check_clearable(tofs, origprops,
3933                             &errlist) != 0)
3934                                 (void) nvlist_merge(errors, errlist, 0);
3935                         nvlist_free(errlist);
3936                 }
3937 
3938                 dmu_objset_rele(os, FTAG);
3939         }
3940 
3941         if (zc->zc_string[0]) {
3942                 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3943                 if (error)
3944                         goto out;
3945         }
3946 
3947         error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3948             &zc->zc_begin_record, force, origin, &drc);
3949         if (origin)
3950                 dmu_objset_rele(origin, FTAG);
3951         if (error)
3952                 goto out;
3953 
3954         /*
3955          * Set properties before we receive the stream so that they are applied
3956          * to the new data. Note that we must call dmu_recv_stream() if
3957          * dmu_recv_begin() succeeds.
3958          */
3959         if (props) {
3960                 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3961                         if (drc.drc_newfs) {
3962                                 if (spa_version(os->os_spa) >=
3963                                     SPA_VERSION_RECVD_PROPS)
3964                                         first_recvd_props = B_TRUE;
3965                         } else if (origprops != NULL) {
3966                                 if (clear_received_props(os, tofs, origprops,
3967                                     first_recvd_props ? NULL : props) != 0)
3968                                         zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3969                         } else {
3970                                 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3971                         }
3972                         dsl_prop_set_hasrecvd(os);
3973                 } else if (!drc.drc_newfs) {
3974                         zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3975                 }
3976 
3977                 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3978                     props, errors);
3979         }
3980 
3981         if (zc->zc_nvlist_dst_size != 0 &&
3982             (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3983             put_nvlist(zc, errors) != 0)) {
3984                 /*
3985                  * Caller made zc->zc_nvlist_dst less than the minimum expected
3986                  * size or supplied an invalid address.
3987                  */
3988                 props_error = EINVAL;
3989         }
3990 
3991         off = fp->f_offset;
3992         error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3993             &zc->zc_action_handle);
3994 
3995         if (error == 0) {
3996                 zfsvfs_t *zfsvfs = NULL;
3997 
3998                 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3999                         /* online recv */
4000                         int end_err;
4001 
4002                         error = zfs_suspend_fs(zfsvfs);
4003                         /*
4004                          * If the suspend fails, then the recv_end will
4005                          * likely also fail, and clean up after itself.
4006                          */
4007                         end_err = dmu_recv_end(&drc);
4008                         if (error == 0)
4009                                 error = zfs_resume_fs(zfsvfs, tofs);
4010                         error = error ? error : end_err;
4011                         VFS_RELE(zfsvfs->z_vfs);
4012                 } else {
4013                         error = dmu_recv_end(&drc);
4014                 }
4015         }
4016 
4017         zc->zc_cookie = off - fp->f_offset;
4018         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4019                 fp->f_offset = off;
4020 
4021 #ifdef  DEBUG
4022         if (zfs_ioc_recv_inject_err) {
4023                 zfs_ioc_recv_inject_err = B_FALSE;
4024                 error = 1;
4025         }
4026 #endif
4027         /*
4028          * On error, restore the original props.
4029          */
4030         if (error && props) {
4031                 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4032                         if (clear_received_props(os, tofs, props, NULL) != 0) {
4033                                 /*
4034                                  * We failed to clear the received properties.
4035                                  * Since we may have left a $recvd value on the
4036                                  * system, we can't clear the $hasrecvd flag.
4037                                  */
4038                                 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4039                         } else if (first_recvd_props) {
4040                                 dsl_prop_unset_hasrecvd(os);
4041                         }
4042                         dmu_objset_rele(os, FTAG);
4043                 } else if (!drc.drc_newfs) {
4044                         /* We failed to clear the received properties. */
4045                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4046                 }
4047 
4048                 if (origprops == NULL && !drc.drc_newfs) {
4049                         /* We failed to stash the original properties. */
4050                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4051                 }
4052 
4053                 /*
4054                  * dsl_props_set() will not convert RECEIVED to LOCAL on or
4055                  * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4056                  * explictly if we're restoring local properties cleared in the
4057                  * first new-style receive.
4058                  */
4059                 if (origprops != NULL &&
4060                     zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4061                     ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4062                     origprops, NULL) != 0) {
4063                         /*
4064                          * We stashed the original properties but failed to
4065                          * restore them.
4066                          */
4067                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4068                 }
4069         }
4070 out:
4071         nvlist_free(props);
4072         nvlist_free(origprops);
4073         nvlist_free(errors);
4074         releasef(fd);
4075 
4076         if (error == 0)
4077                 error = props_error;
4078 
4079         return (error);
4080 }
4081 
4082 /*
4083  * inputs:
4084  * zc_name      name of snapshot to send
4085  * zc_cookie    file descriptor to send stream to
4086  * zc_obj       fromorigin flag (mutually exclusive with zc_fromobj)
4087  * zc_sendobj   objsetid of snapshot to send
4088  * zc_fromobj   objsetid of incremental fromsnap (may be zero)
4089  * zc_guid      if set, estimate size of stream only.  zc_cookie is ignored.
4090  *              output size in zc_objset_type.
4091  *
4092  * outputs: none
4093  */
4094 static int
4095 zfs_ioc_send(zfs_cmd_t *zc)
4096 {
4097         objset_t *fromsnap = NULL;
4098         objset_t *tosnap;
4099         int error;
4100         offset_t off;
4101         dsl_dataset_t *ds;
4102         dsl_dataset_t *dsfrom = NULL;
4103         spa_t *spa;
4104         dsl_pool_t *dp;
4105         boolean_t estimate = (zc->zc_guid != 0);
4106 
4107         error = spa_open(zc->zc_name, &spa, FTAG);
4108         if (error)
4109                 return (error);
4110 
4111         dp = spa_get_dsl(spa);
4112         rw_enter(&dp->dp_config_rwlock, RW_READER);
4113         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4114         rw_exit(&dp->dp_config_rwlock);
4115         spa_close(spa, FTAG);
4116         if (error)
4117                 return (error);
4118 
4119         error = dmu_objset_from_ds(ds, &tosnap);
4120         if (error) {
4121                 dsl_dataset_rele(ds, FTAG);
4122                 return (error);
4123         }
4124 
4125         if (zc->zc_fromobj != 0) {
4126                 rw_enter(&dp->dp_config_rwlock, RW_READER);
4127                 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4128                 rw_exit(&dp->dp_config_rwlock);
4129                 if (error) {
4130                         dsl_dataset_rele(ds, FTAG);
4131                         return (error);
4132                 }
4133                 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4134                 if (error) {
4135                         dsl_dataset_rele(dsfrom, FTAG);
4136                         dsl_dataset_rele(ds, FTAG);
4137                         return (error);
4138                 }
4139         }
4140 
4141         if (zc->zc_obj) {
4142                 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4143 
4144                 if (fromsnap != NULL) {
4145                         dsl_dataset_rele(dsfrom, FTAG);
4146                         dsl_dataset_rele(ds, FTAG);
4147                         return (EINVAL);
4148                 }
4149 
4150                 if (dsl_dir_is_clone(ds->ds_dir)) {
4151                         rw_enter(&dp->dp_config_rwlock, RW_READER);
4152                         error = dsl_dataset_hold_obj(dp,
4153                             ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4154                         rw_exit(&dp->dp_config_rwlock);
4155                         if (error) {
4156                                 dsl_dataset_rele(ds, FTAG);
4157                                 return (error);
4158                         }
4159                         error = dmu_objset_from_ds(dsfrom, &fromsnap);
4160                         if (error) {
4161                                 dsl_dataset_rele(dsfrom, FTAG);
4162                                 dsl_dataset_rele(ds, FTAG);
4163                                 return (error);
4164                         }
4165                 }
4166         }
4167 
4168         if (estimate) {
4169                 error = dmu_send_estimate(tosnap, fromsnap,
4170                     &zc->zc_objset_type);
4171         } else {
4172                 file_t *fp = getf(zc->zc_cookie);
4173                 if (fp == NULL) {
4174                         dsl_dataset_rele(ds, FTAG);
4175                         if (dsfrom)
4176                                 dsl_dataset_rele(dsfrom, FTAG);
4177                         return (EBADF);
4178                 }
4179 
4180                 off = fp->f_offset;
4181                 error = dmu_send(tosnap, fromsnap,
4182                     zc->zc_cookie, fp->f_vnode, &off);
4183 
4184                 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4185                         fp->f_offset = off;
4186                 releasef(zc->zc_cookie);
4187         }
4188         if (dsfrom)
4189                 dsl_dataset_rele(dsfrom, FTAG);
4190         dsl_dataset_rele(ds, FTAG);
4191         return (error);
4192 }
4193 
4194 /*
4195  * inputs:
4196  * zc_name      name of snapshot on which to report progress
4197  * zc_cookie    file descriptor of send stream
4198  *
4199  * outputs:
4200  * zc_cookie    number of bytes written in send stream thus far
4201  */
4202 static int
4203 zfs_ioc_send_progress(zfs_cmd_t *zc)
4204 {
4205         dsl_dataset_t *ds;
4206         dmu_sendarg_t *dsp = NULL;
4207         int error;
4208 
4209         if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4210                 return (error);
4211 
4212         mutex_enter(&ds->ds_sendstream_lock);
4213 
4214         /*
4215          * Iterate over all the send streams currently active on this dataset.
4216          * If there's one which matches the specified file descriptor _and_ the
4217          * stream was started by the current process, return the progress of
4218          * that stream.
4219          */
4220         for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4221             dsp = list_next(&ds->ds_sendstreams, dsp)) {
4222                 if (dsp->dsa_outfd == zc->zc_cookie &&
4223                     dsp->dsa_proc == curproc)
4224                         break;
4225         }
4226 
4227         if (dsp != NULL)
4228                 zc->zc_cookie = *(dsp->dsa_off);
4229         else
4230                 error = ENOENT;
4231 
4232         mutex_exit(&ds->ds_sendstream_lock);
4233         dsl_dataset_rele(ds, FTAG);
4234         return (error);
4235 }
4236 
4237 static int
4238 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4239 {
4240         int id, error;
4241 
4242         error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4243             &zc->zc_inject_record);
4244 
4245         if (error == 0)
4246                 zc->zc_guid = (uint64_t)id;
4247 
4248         return (error);
4249 }
4250 
4251 static int
4252 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4253 {
4254         return (zio_clear_fault((int)zc->zc_guid));
4255 }
4256 
4257 static int
4258 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4259 {
4260         int id = (int)zc->zc_guid;
4261         int error;
4262 
4263         error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4264             &zc->zc_inject_record);
4265 
4266         zc->zc_guid = id;
4267 
4268         return (error);
4269 }
4270 
4271 static int
4272 zfs_ioc_error_log(zfs_cmd_t *zc)
4273 {
4274         spa_t *spa;
4275         int error;
4276         size_t count = (size_t)zc->zc_nvlist_dst_size;
4277 
4278         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4279                 return (error);
4280 
4281         error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4282             &count);
4283         if (error == 0)
4284                 zc->zc_nvlist_dst_size = count;
4285         else
4286                 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4287 
4288         spa_close(spa, FTAG);
4289 
4290         return (error);
4291 }
4292 
4293 static int
4294 zfs_ioc_clear(zfs_cmd_t *zc)
4295 {
4296         spa_t *spa;
4297         vdev_t *vd;
4298         int error;
4299 
4300         /*
4301          * On zpool clear we also fix up missing slogs
4302          */
4303         mutex_enter(&spa_namespace_lock);
4304         spa = spa_lookup(zc->zc_name);
4305         if (spa == NULL) {
4306                 mutex_exit(&spa_namespace_lock);
4307                 return (EIO);
4308         }
4309         if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4310                 /* we need to let spa_open/spa_load clear the chains */
4311                 spa_set_log_state(spa, SPA_LOG_CLEAR);
4312         }
4313         spa->spa_last_open_failed = 0;
4314         mutex_exit(&spa_namespace_lock);
4315 
4316         if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4317                 error = spa_open(zc->zc_name, &spa, FTAG);
4318         } else {
4319                 nvlist_t *policy;
4320                 nvlist_t *config = NULL;
4321 
4322                 if (zc->zc_nvlist_src == NULL)
4323                         return (EINVAL);
4324 
4325                 if ((error = get_nvlist(zc->zc_nvlist_src,
4326                     zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4327                         error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4328                             policy, &config);
4329                         if (config != NULL) {
4330                                 int err;
4331 
4332                                 if ((err = put_nvlist(zc, config)) != 0)
4333                                         error = err;
4334                                 nvlist_free(config);
4335                         }
4336                         nvlist_free(policy);
4337                 }
4338         }
4339 
4340         if (error)
4341                 return (error);
4342 
4343         spa_vdev_state_enter(spa, SCL_NONE);
4344 
4345         if (zc->zc_guid == 0) {
4346                 vd = NULL;
4347         } else {
4348                 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4349                 if (vd == NULL) {
4350                         (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4351                         spa_close(spa, FTAG);
4352                         return (ENODEV);
4353                 }
4354         }
4355 
4356         vdev_clear(spa, vd);
4357 
4358         (void) spa_vdev_state_exit(spa, NULL, 0);
4359 
4360         /*
4361          * Resume any suspended I/Os.
4362          */
4363         if (zio_resume(spa) != 0)
4364                 error = EIO;
4365 
4366         spa_close(spa, FTAG);
4367 
4368         return (error);
4369 }
4370 
4371 static int
4372 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4373 {
4374         spa_t *spa;
4375         int error;
4376 
4377         error = spa_open(zc->zc_name, &spa, FTAG);
4378         if (error)
4379                 return (error);
4380 
4381         spa_vdev_state_enter(spa, SCL_NONE);
4382 
4383         /*
4384          * If a resilver is already in progress then set the
4385          * spa_scrub_reopen flag to B_TRUE so that we don't restart
4386          * the scan as a side effect of the reopen. Otherwise, let
4387          * vdev_open() decided if a resilver is required.
4388          */
4389         spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4390         vdev_reopen(spa->spa_root_vdev);
4391         spa->spa_scrub_reopen = B_FALSE;
4392 
4393         (void) spa_vdev_state_exit(spa, NULL, 0);
4394         spa_close(spa, FTAG);
4395         return (0);
4396 }
4397 /*
4398  * inputs:
4399  * zc_name      name of filesystem
4400  * zc_value     name of origin snapshot
4401  *
4402  * outputs:
4403  * zc_string    name of conflicting snapshot, if there is one
4404  */
4405 static int
4406 zfs_ioc_promote(zfs_cmd_t *zc)
4407 {
4408         char *cp;
4409 
4410         /*
4411          * We don't need to unmount *all* the origin fs's snapshots, but
4412          * it's easier.
4413          */
4414         cp = strchr(zc->zc_value, '@');
4415         if (cp)
4416                 *cp = '\0';
4417         (void) dmu_objset_find(zc->zc_value,
4418             zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4419         return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4420 }
4421 
4422 /*
4423  * Retrieve a single {user|group}{used|quota}@... property.
4424  *
4425  * inputs:
4426  * zc_name      name of filesystem
4427  * zc_objset_type zfs_userquota_prop_t
4428  * zc_value     domain name (eg. "S-1-234-567-89")
4429  * zc_guid      RID/UID/GID
4430  *
4431  * outputs:
4432  * zc_cookie    property value
4433  */
4434 static int
4435 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4436 {
4437         zfsvfs_t *zfsvfs;
4438         int error;
4439 
4440         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4441                 return (EINVAL);
4442 
4443         error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4444         if (error)
4445                 return (error);
4446 
4447         error = zfs_userspace_one(zfsvfs,
4448             zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4449         zfsvfs_rele(zfsvfs, FTAG);
4450 
4451         return (error);
4452 }
4453 
4454 /*
4455  * inputs:
4456  * zc_name              name of filesystem
4457  * zc_cookie            zap cursor
4458  * zc_objset_type       zfs_userquota_prop_t
4459  * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4460  *
4461  * outputs:
4462  * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4463  * zc_cookie    zap cursor
4464  */
4465 static int
4466 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4467 {
4468         zfsvfs_t *zfsvfs;
4469         int bufsize = zc->zc_nvlist_dst_size;
4470 
4471         if (bufsize <= 0)
4472                 return (ENOMEM);
4473 
4474         int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4475         if (error)
4476                 return (error);
4477 
4478         void *buf = kmem_alloc(bufsize, KM_SLEEP);
4479 
4480         error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4481             buf, &zc->zc_nvlist_dst_size);
4482 
4483         if (error == 0) {
4484                 error = xcopyout(buf,
4485                     (void *)(uintptr_t)zc->zc_nvlist_dst,
4486                     zc->zc_nvlist_dst_size);
4487         }
4488         kmem_free(buf, bufsize);
4489         zfsvfs_rele(zfsvfs, FTAG);
4490 
4491         return (error);
4492 }
4493 
4494 /*
4495  * inputs:
4496  * zc_name              name of filesystem
4497  *
4498  * outputs:
4499  * none
4500  */
4501 static int
4502 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4503 {
4504         objset_t *os;
4505         int error = 0;
4506         zfsvfs_t *zfsvfs;
4507 
4508         if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4509                 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4510                         /*
4511                          * If userused is not enabled, it may be because the
4512                          * objset needs to be closed & reopened (to grow the
4513                          * objset_phys_t).  Suspend/resume the fs will do that.
4514                          */
4515                         error = zfs_suspend_fs(zfsvfs);
4516                         if (error == 0)
4517                                 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4518                 }
4519                 if (error == 0)
4520                         error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4521                 VFS_RELE(zfsvfs->z_vfs);
4522         } else {
4523                 /* XXX kind of reading contents without owning */
4524                 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4525                 if (error)
4526                         return (error);
4527 
4528                 error = dmu_objset_userspace_upgrade(os);
4529                 dmu_objset_rele(os, FTAG);
4530         }
4531 
4532         return (error);
4533 }
4534 
4535 /*
4536  * We don't want to have a hard dependency
4537  * against some special symbols in sharefs
4538  * nfs, and smbsrv.  Determine them if needed when
4539  * the first file system is shared.
4540  * Neither sharefs, nfs or smbsrv are unloadable modules.
4541  */
4542 int (*znfsexport_fs)(void *arg);
4543 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4544 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4545 
4546 int zfs_nfsshare_inited;
4547 int zfs_smbshare_inited;
4548 
4549 ddi_modhandle_t nfs_mod;
4550 ddi_modhandle_t sharefs_mod;
4551 ddi_modhandle_t smbsrv_mod;
4552 kmutex_t zfs_share_lock;
4553 
4554 static int
4555 zfs_init_sharefs()
4556 {
4557         int error;
4558 
4559         ASSERT(MUTEX_HELD(&zfs_share_lock));
4560         /* Both NFS and SMB shares also require sharetab support. */
4561         if (sharefs_mod == NULL && ((sharefs_mod =
4562             ddi_modopen("fs/sharefs",
4563             KRTLD_MODE_FIRST, &error)) == NULL)) {
4564                 return (ENOSYS);
4565         }
4566         if (zshare_fs == NULL && ((zshare_fs =
4567             (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4568             ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4569                 return (ENOSYS);
4570         }
4571         return (0);
4572 }
4573 
4574 static int
4575 zfs_ioc_share(zfs_cmd_t *zc)
4576 {
4577         int error;
4578         int opcode;
4579 
4580         switch (zc->zc_share.z_sharetype) {
4581         case ZFS_SHARE_NFS:
4582         case ZFS_UNSHARE_NFS:
4583                 if (zfs_nfsshare_inited == 0) {
4584                         mutex_enter(&zfs_share_lock);
4585                         if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4586                             KRTLD_MODE_FIRST, &error)) == NULL)) {
4587                                 mutex_exit(&zfs_share_lock);
4588                                 return (ENOSYS);
4589                         }
4590                         if (znfsexport_fs == NULL &&
4591                             ((znfsexport_fs = (int (*)(void *))
4592                             ddi_modsym(nfs_mod,
4593                             "nfs_export", &error)) == NULL)) {
4594                                 mutex_exit(&zfs_share_lock);
4595                                 return (ENOSYS);
4596                         }
4597                         error = zfs_init_sharefs();
4598                         if (error) {
4599                                 mutex_exit(&zfs_share_lock);
4600                                 return (ENOSYS);
4601                         }
4602                         zfs_nfsshare_inited = 1;
4603                         mutex_exit(&zfs_share_lock);
4604                 }
4605                 break;
4606         case ZFS_SHARE_SMB:
4607         case ZFS_UNSHARE_SMB:
4608                 if (zfs_smbshare_inited == 0) {
4609                         mutex_enter(&zfs_share_lock);
4610                         if (smbsrv_mod == NULL && ((smbsrv_mod =
4611                             ddi_modopen("drv/smbsrv",
4612                             KRTLD_MODE_FIRST, &error)) == NULL)) {
4613                                 mutex_exit(&zfs_share_lock);
4614                                 return (ENOSYS);
4615                         }
4616                         if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4617                             (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4618                             "smb_server_share", &error)) == NULL)) {
4619                                 mutex_exit(&zfs_share_lock);
4620                                 return (ENOSYS);
4621                         }
4622                         error = zfs_init_sharefs();
4623                         if (error) {
4624                                 mutex_exit(&zfs_share_lock);
4625                                 return (ENOSYS);
4626                         }
4627                         zfs_smbshare_inited = 1;
4628                         mutex_exit(&zfs_share_lock);
4629                 }
4630                 break;
4631         default:
4632                 return (EINVAL);
4633         }
4634 
4635         switch (zc->zc_share.z_sharetype) {
4636         case ZFS_SHARE_NFS:
4637         case ZFS_UNSHARE_NFS:
4638                 if (error =
4639                     znfsexport_fs((void *)
4640                     (uintptr_t)zc->zc_share.z_exportdata))
4641                         return (error);
4642                 break;
4643         case ZFS_SHARE_SMB:
4644         case ZFS_UNSHARE_SMB:
4645                 if (error = zsmbexport_fs((void *)
4646                     (uintptr_t)zc->zc_share.z_exportdata,
4647                     zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4648                     B_TRUE: B_FALSE)) {
4649                         return (error);
4650                 }
4651                 break;
4652         }
4653 
4654         opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4655             zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4656             SHAREFS_ADD : SHAREFS_REMOVE;
4657 
4658         /*
4659          * Add or remove share from sharetab
4660          */
4661         error = zshare_fs(opcode,
4662             (void *)(uintptr_t)zc->zc_share.z_sharedata,
4663             zc->zc_share.z_sharemax);
4664 
4665         return (error);
4666 
4667 }
4668 
4669 ace_t full_access[] = {
4670         {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4671 };
4672 
4673 /*
4674  * inputs:
4675  * zc_name              name of containing filesystem
4676  * zc_obj               object # beyond which we want next in-use object #
4677  *
4678  * outputs:
4679  * zc_obj               next in-use object #
4680  */
4681 static int
4682 zfs_ioc_next_obj(zfs_cmd_t *zc)
4683 {
4684         objset_t *os = NULL;
4685         int error;
4686 
4687         error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4688         if (error)
4689                 return (error);
4690 
4691         error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4692             os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4693 
4694         dmu_objset_rele(os, FTAG);
4695         return (error);
4696 }
4697 
4698 /*
4699  * inputs:
4700  * zc_name              name of filesystem
4701  * zc_value             prefix name for snapshot
4702  * zc_cleanup_fd        cleanup-on-exit file descriptor for calling process
4703  *
4704  * outputs:
4705  * zc_value             short name of new snapshot
4706  */
4707 static int
4708 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4709 {
4710         char *snap_name;
4711         int error;
4712 
4713         snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4714             (u_longlong_t)ddi_get_lbolt64());
4715 
4716         if (strlen(snap_name) >= MAXPATHLEN) {
4717                 strfree(snap_name);
4718                 return (E2BIG);
4719         }
4720 
4721         error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4722         if (error != 0) {
4723                 strfree(snap_name);
4724                 return (error);
4725         }
4726 
4727         (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4728         strfree(snap_name);
4729         return (0);
4730 }
4731 
4732 /*
4733  * inputs:
4734  * zc_name              name of "to" snapshot
4735  * zc_value             name of "from" snapshot
4736  * zc_cookie            file descriptor to write diff data on
4737  *
4738  * outputs:
4739  * dmu_diff_record_t's to the file descriptor
4740  */
4741 static int
4742 zfs_ioc_diff(zfs_cmd_t *zc)
4743 {
4744         objset_t *fromsnap;
4745         objset_t *tosnap;
4746         file_t *fp;
4747         offset_t off;
4748         int error;
4749 
4750         error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4751         if (error)
4752                 return (error);
4753 
4754         error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4755         if (error) {
4756                 dmu_objset_rele(tosnap, FTAG);
4757                 return (error);
4758         }
4759 
4760         fp = getf(zc->zc_cookie);
4761         if (fp == NULL) {
4762                 dmu_objset_rele(fromsnap, FTAG);
4763                 dmu_objset_rele(tosnap, FTAG);
4764                 return (EBADF);
4765         }
4766 
4767         off = fp->f_offset;
4768 
4769         error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4770 
4771         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4772                 fp->f_offset = off;
4773         releasef(zc->zc_cookie);
4774 
4775         dmu_objset_rele(fromsnap, FTAG);
4776         dmu_objset_rele(tosnap, FTAG);
4777         return (error);
4778 }
4779 
4780 /*
4781  * Remove all ACL files in shares dir
4782  */
4783 static int
4784 zfs_smb_acl_purge(znode_t *dzp)
4785 {
4786         zap_cursor_t    zc;
4787         zap_attribute_t zap;
4788         zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4789         int error;
4790 
4791         for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4792             (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4793             zap_cursor_advance(&zc)) {
4794                 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4795                     NULL, 0)) != 0)
4796                         break;
4797         }
4798         zap_cursor_fini(&zc);
4799         return (error);
4800 }
4801 
4802 static int
4803 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4804 {
4805         vnode_t *vp;
4806         znode_t *dzp;
4807         vnode_t *resourcevp = NULL;
4808         znode_t *sharedir;
4809         zfsvfs_t *zfsvfs;
4810         nvlist_t *nvlist;
4811         char *src, *target;
4812         vattr_t vattr;
4813         vsecattr_t vsec;
4814         int error = 0;
4815 
4816         if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4817             NO_FOLLOW, NULL, &vp)) != 0)
4818                 return (error);
4819 
4820         /* Now make sure mntpnt and dataset are ZFS */
4821 
4822         if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4823             (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4824             zc->zc_name) != 0)) {
4825                 VN_RELE(vp);
4826                 return (EINVAL);
4827         }
4828 
4829         dzp = VTOZ(vp);
4830         zfsvfs = dzp->z_zfsvfs;
4831         ZFS_ENTER(zfsvfs);
4832 
4833         /*
4834          * Create share dir if its missing.
4835          */
4836         mutex_enter(&zfsvfs->z_lock);
4837         if (zfsvfs->z_shares_dir == 0) {
4838                 dmu_tx_t *tx;
4839 
4840                 tx = dmu_tx_create(zfsvfs->z_os);
4841                 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4842                     ZFS_SHARES_DIR);
4843                 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4844                 error = dmu_tx_assign(tx, TXG_WAIT);
4845                 if (error) {
4846                         dmu_tx_abort(tx);
4847                 } else {
4848                         error = zfs_create_share_dir(zfsvfs, tx);
4849                         dmu_tx_commit(tx);
4850                 }
4851                 if (error) {
4852                         mutex_exit(&zfsvfs->z_lock);
4853                         VN_RELE(vp);
4854                         ZFS_EXIT(zfsvfs);
4855                         return (error);
4856                 }
4857         }
4858         mutex_exit(&zfsvfs->z_lock);
4859 
4860         ASSERT(zfsvfs->z_shares_dir);
4861         if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4862                 VN_RELE(vp);
4863                 ZFS_EXIT(zfsvfs);
4864                 return (error);
4865         }
4866 
4867         switch (zc->zc_cookie) {
4868         case ZFS_SMB_ACL_ADD:
4869                 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4870                 vattr.va_type = VREG;
4871                 vattr.va_mode = S_IFREG|0777;
4872                 vattr.va_uid = 0;
4873                 vattr.va_gid = 0;
4874 
4875                 vsec.vsa_mask = VSA_ACE;
4876                 vsec.vsa_aclentp = &full_access;
4877                 vsec.vsa_aclentsz = sizeof (full_access);
4878                 vsec.vsa_aclcnt = 1;
4879 
4880                 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4881                     &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4882                 if (resourcevp)
4883                         VN_RELE(resourcevp);
4884                 break;
4885 
4886         case ZFS_SMB_ACL_REMOVE:
4887                 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4888                     NULL, 0);
4889                 break;
4890 
4891         case ZFS_SMB_ACL_RENAME:
4892                 if ((error = get_nvlist(zc->zc_nvlist_src,
4893                     zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4894                         VN_RELE(vp);
4895                         ZFS_EXIT(zfsvfs);
4896                         return (error);
4897                 }
4898                 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4899                     nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4900                     &target)) {
4901                         VN_RELE(vp);
4902                         VN_RELE(ZTOV(sharedir));
4903                         ZFS_EXIT(zfsvfs);
4904                         nvlist_free(nvlist);
4905                         return (error);
4906                 }
4907                 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4908                     kcred, NULL, 0);
4909                 nvlist_free(nvlist);
4910                 break;
4911 
4912         case ZFS_SMB_ACL_PURGE:
4913                 error = zfs_smb_acl_purge(sharedir);
4914                 break;
4915 
4916         default:
4917                 error = EINVAL;
4918                 break;
4919         }
4920 
4921         VN_RELE(vp);
4922         VN_RELE(ZTOV(sharedir));
4923 
4924         ZFS_EXIT(zfsvfs);
4925 
4926         return (error);
4927 }
4928 
4929 /*
4930  * inputs:
4931  * zc_name              name of filesystem
4932  * zc_value             short name of snap
4933  * zc_string            user-supplied tag for this hold
4934  * zc_cookie            recursive flag
4935  * zc_temphold          set if hold is temporary
4936  * zc_cleanup_fd        cleanup-on-exit file descriptor for calling process
4937  * zc_sendobj           if non-zero, the objid for zc_name@zc_value
4938  * zc_createtxg         if zc_sendobj is non-zero, snap must have zc_createtxg
4939  *
4940  * outputs:             none
4941  */
4942 static int
4943 zfs_ioc_hold(zfs_cmd_t *zc)
4944 {
4945         boolean_t recursive = zc->zc_cookie;
4946         spa_t *spa;
4947         dsl_pool_t *dp;
4948         dsl_dataset_t *ds;
4949         int error;
4950         minor_t minor = 0;
4951 
4952         if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4953                 return (EINVAL);
4954 
4955         if (zc->zc_sendobj == 0) {
4956                 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4957                     zc->zc_string, recursive, zc->zc_temphold,
4958                     zc->zc_cleanup_fd));
4959         }
4960 
4961         if (recursive)
4962                 return (EINVAL);
4963 
4964         error = spa_open(zc->zc_name, &spa, FTAG);
4965         if (error)
4966                 return (error);
4967 
4968         dp = spa_get_dsl(spa);
4969         rw_enter(&dp->dp_config_rwlock, RW_READER);
4970         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4971         rw_exit(&dp->dp_config_rwlock);
4972         spa_close(spa, FTAG);
4973         if (error)
4974                 return (error);
4975 
4976         /*
4977          * Until we have a hold on this snapshot, it's possible that
4978          * zc_sendobj could've been destroyed and reused as part
4979          * of a later txg.  Make sure we're looking at the right object.
4980          */
4981         if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4982                 dsl_dataset_rele(ds, FTAG);
4983                 return (ENOENT);
4984         }
4985 
4986         if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4987                 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4988                 if (error) {
4989                         dsl_dataset_rele(ds, FTAG);
4990                         return (error);
4991                 }
4992         }
4993 
4994         error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4995             zc->zc_temphold);
4996         if (minor != 0) {
4997                 if (error == 0) {
4998                         dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4999                             minor);
5000                 }
5001                 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
5002         }
5003         dsl_dataset_rele(ds, FTAG);
5004 
5005         return (error);
5006 }
5007 
5008 /*
5009  * inputs:
5010  * zc_name      name of dataset from which we're releasing a user hold
5011  * zc_value     short name of snap
5012  * zc_string    user-supplied tag for this hold
5013  * zc_cookie    recursive flag
5014  *
5015  * outputs:     none
5016  */
5017 static int
5018 zfs_ioc_release(zfs_cmd_t *zc)
5019 {
5020         boolean_t recursive = zc->zc_cookie;
5021 
5022         if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
5023                 return (EINVAL);
5024 
5025         return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
5026             zc->zc_string, recursive));
5027 }
5028 
5029 /*
5030  * inputs:
5031  * zc_name              name of filesystem
5032  *
5033  * outputs:
5034  * zc_nvlist_src{_size} nvlist of snapshot holds
5035  */
5036 static int
5037 zfs_ioc_get_holds(zfs_cmd_t *zc)
5038 {
5039         nvlist_t *nvp;
5040         int error;
5041 
5042         if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
5043                 error = put_nvlist(zc, nvp);
5044                 nvlist_free(nvp);
5045         }
5046 
5047         return (error);
5048 }
5049 
5050 /*
5051  * inputs:
5052  * zc_name              name of new filesystem or snapshot
5053  * zc_value             full name of old snapshot
5054  *
5055  * outputs:
5056  * zc_cookie            space in bytes
5057  * zc_objset_type       compressed space in bytes
5058  * zc_perm_action       uncompressed space in bytes
5059  */
5060 static int
5061 zfs_ioc_space_written(zfs_cmd_t *zc)
5062 {
5063         int error;
5064         dsl_dataset_t *new, *old;
5065 
5066         error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5067         if (error != 0)
5068                 return (error);
5069         error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5070         if (error != 0) {
5071                 dsl_dataset_rele(new, FTAG);
5072                 return (error);
5073         }
5074 
5075         error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5076             &zc->zc_objset_type, &zc->zc_perm_action);
5077         dsl_dataset_rele(old, FTAG);
5078         dsl_dataset_rele(new, FTAG);
5079         return (error);
5080 }
5081 /*
5082  * innvl: {
5083  *     "firstsnap" -> snapshot name
5084  * }
5085  *
5086  * outnvl: {
5087  *     "used" -> space in bytes
5088  *     "compressed" -> compressed space in bytes
5089  *     "uncompressed" -> uncompressed space in bytes
5090  * }
5091  */
5092 static int
5093 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5094 {
5095         int error;
5096         dsl_dataset_t *new, *old;
5097         char *firstsnap;
5098         uint64_t used, comp, uncomp;
5099 
5100         if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5101                 return (EINVAL);
5102 
5103         error = dsl_dataset_hold(lastsnap, FTAG, &new);
5104         if (error != 0)
5105                 return (error);
5106         error = dsl_dataset_hold(firstsnap, FTAG, &old);
5107         if (error != 0) {
5108                 dsl_dataset_rele(new, FTAG);
5109                 return (error);
5110         }
5111 
5112         error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5113         dsl_dataset_rele(old, FTAG);
5114         dsl_dataset_rele(new, FTAG);
5115         fnvlist_add_uint64(outnvl, "used", used);
5116         fnvlist_add_uint64(outnvl, "compressed", comp);
5117         fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5118         return (error);
5119 }
5120 
5121 /*
5122  * innvl: {
5123  *     "fd" -> file descriptor to write stream to (int32)
5124  *     (optional) "fromsnap" -> full snap name to send an incremental from
5125  * }
5126  *
5127  * outnvl is unused
5128  */
5129 /* ARGSUSED */
5130 static int
5131 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5132 {
5133         objset_t *fromsnap = NULL;
5134         objset_t *tosnap;
5135         int error;
5136         offset_t off;
5137         char *fromname;
5138         int fd;
5139 
5140         error = nvlist_lookup_int32(innvl, "fd", &fd);
5141         if (error != 0)
5142                 return (EINVAL);
5143 
5144         error = dmu_objset_hold(snapname, FTAG, &tosnap);
5145         if (error)
5146                 return (error);
5147 
5148         error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5149         if (error == 0) {
5150                 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5151                 if (error) {
5152                         dmu_objset_rele(tosnap, FTAG);
5153                         return (error);
5154                 }
5155         }
5156 
5157         file_t *fp = getf(fd);
5158         if (fp == NULL) {
5159                 dmu_objset_rele(tosnap, FTAG);
5160                 if (fromsnap != NULL)
5161                         dmu_objset_rele(fromsnap, FTAG);
5162                 return (EBADF);
5163         }
5164 
5165         off = fp->f_offset;
5166         error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5167 
5168         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5169                 fp->f_offset = off;
5170         releasef(fd);
5171         if (fromsnap != NULL)
5172                 dmu_objset_rele(fromsnap, FTAG);
5173         dmu_objset_rele(tosnap, FTAG);
5174         return (error);
5175 }
5176 
5177 /*
5178  * Determine approximately how large a zfs send stream will be -- the number
5179  * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5180  *
5181  * innvl: {
5182  *     (optional) "fromsnap" -> full snap name to send an incremental from
5183  * }
5184  *
5185  * outnvl: {
5186  *     "space" -> bytes of space (uint64)
5187  * }
5188  */
5189 static int
5190 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5191 {
5192         objset_t *fromsnap = NULL;
5193         objset_t *tosnap;
5194         int error;
5195         char *fromname;
5196         uint64_t space;
5197 
5198         error = dmu_objset_hold(snapname, FTAG, &tosnap);
5199         if (error)
5200                 return (error);
5201 
5202         error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5203         if (error == 0) {
5204                 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5205                 if (error) {
5206                         dmu_objset_rele(tosnap, FTAG);
5207                         return (error);
5208                 }
5209         }
5210 
5211         error = dmu_send_estimate(tosnap, fromsnap, &space);
5212         fnvlist_add_uint64(outnvl, "space", space);
5213 
5214         if (fromsnap != NULL)
5215                 dmu_objset_rele(fromsnap, FTAG);
5216         dmu_objset_rele(tosnap, FTAG);
5217         return (error);
5218 }
5219 
5220 
5221 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5222 
5223 static void
5224 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5225     zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5226     boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5227 {
5228         zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5229 
5230         ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5231         ASSERT3U(ioc, <, ZFS_IOC_LAST);
5232         ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5233         ASSERT3P(vec->zvec_func, ==, NULL);
5234 
5235         vec->zvec_legacy_func = func;
5236         vec->zvec_secpolicy = secpolicy;
5237         vec->zvec_namecheck = namecheck;
5238         vec->zvec_allow_log = log_history;
5239         vec->zvec_pool_check = pool_check;
5240 }
5241 
5242 /*
5243  * See the block comment at the beginning of this file for details on
5244  * each argument to this function.
5245  */
5246 static void
5247 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5248     zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5249     zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5250     boolean_t allow_log)
5251 {
5252         zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5253 
5254         ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5255         ASSERT3U(ioc, <, ZFS_IOC_LAST);
5256         ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5257         ASSERT3P(vec->zvec_func, ==, NULL);
5258 
5259         /* if we are logging, the name must be valid */
5260         ASSERT(!allow_log || namecheck != NO_NAME);
5261 
5262         vec->zvec_name = name;
5263         vec->zvec_func = func;
5264         vec->zvec_secpolicy = secpolicy;
5265         vec->zvec_namecheck = namecheck;
5266         vec->zvec_pool_check = pool_check;
5267         vec->zvec_smush_outnvlist = smush_outnvlist;
5268         vec->zvec_allow_log = allow_log;
5269 }
5270 
5271 static void
5272 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5273     zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5274     zfs_ioc_poolcheck_t pool_check)
5275 {
5276         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5277             POOL_NAME, log_history, pool_check);
5278 }
5279 
5280 static void
5281 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5282     zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5283 {
5284         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5285             DATASET_NAME, B_FALSE, pool_check);
5286 }
5287 
5288 static void
5289 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5290 {
5291         zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5292             POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5293 }
5294 
5295 static void
5296 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5297     zfs_secpolicy_func_t *secpolicy)
5298 {
5299         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5300             NO_NAME, B_FALSE, POOL_CHECK_NONE);
5301 }
5302 
5303 static void
5304 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5305     zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5306 {
5307         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5308             DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5309 }
5310 
5311 static void
5312 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5313 {
5314         zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5315             zfs_secpolicy_read);
5316 }
5317 
5318 static void
5319 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5320         zfs_secpolicy_func_t *secpolicy)
5321 {
5322         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5323             DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5324 }
5325 
5326 static void
5327 zfs_ioctl_init(void)
5328 {
5329         zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5330             zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5331             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5332 
5333         zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5334             zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5335             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5336 
5337         zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5338             zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5339             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5340 
5341         zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5342             zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5343             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5344 
5345         zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5346             zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5347             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5348 
5349         zfs_ioctl_register("create", ZFS_IOC_CREATE,
5350             zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5351             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5352 
5353         zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5354             zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5355             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5356 
5357         zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5358             zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5359             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5360 
5361         /* IOCTLS that use the legacy function signature */
5362 
5363         zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5364             zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5365 
5366         zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5367             zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5368         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5369             zfs_ioc_pool_scan);
5370         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5371             zfs_ioc_pool_upgrade);
5372         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5373             zfs_ioc_vdev_add);
5374         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5375             zfs_ioc_vdev_remove);
5376         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5377             zfs_ioc_vdev_set_state);
5378         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5379             zfs_ioc_vdev_attach);
5380         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5381             zfs_ioc_vdev_detach);
5382         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5383             zfs_ioc_vdev_setpath);
5384         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5385             zfs_ioc_vdev_setfru);
5386         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5387             zfs_ioc_pool_set_props);
5388         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5389             zfs_ioc_vdev_split);
5390         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5391             zfs_ioc_pool_reguid);
5392 
5393         zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5394             zfs_ioc_pool_configs, zfs_secpolicy_none);
5395         zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5396             zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5397         zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5398             zfs_ioc_inject_fault, zfs_secpolicy_inject);
5399         zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5400             zfs_ioc_clear_fault, zfs_secpolicy_inject);
5401         zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5402             zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5403 
5404         /*
5405          * pool destroy, and export don't log the history as part of
5406          * zfsdev_ioctl, but rather zfs_ioc_pool_export
5407          * does the logging of those commands.
5408          */
5409         zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5410             zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5411         zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5412             zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5413 
5414         zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5415             zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5416         zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5417             zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5418 
5419         zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5420             zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5421         zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5422             zfs_ioc_dsobj_to_dsname,
5423             zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5424         zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5425             zfs_ioc_pool_get_history,
5426             zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5427 
5428         zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5429             zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5430 
5431         zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5432             zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5433         zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5434             zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5435 
5436         zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5437             zfs_ioc_space_written);
5438         zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5439             zfs_ioc_get_holds);
5440         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5441             zfs_ioc_objset_recvd_props);
5442         zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5443             zfs_ioc_next_obj);
5444         zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5445             zfs_ioc_get_fsacl);
5446         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5447             zfs_ioc_objset_stats);
5448         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5449             zfs_ioc_objset_zplprops);
5450         zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5451             zfs_ioc_dataset_list_next);
5452         zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5453             zfs_ioc_snapshot_list_next);
5454         zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5455             zfs_ioc_send_progress);
5456 
5457         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5458             zfs_ioc_diff, zfs_secpolicy_diff);
5459         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5460             zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5461         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5462             zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5463         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5464             zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5465         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5466             zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5467         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5468             zfs_ioc_send, zfs_secpolicy_send);
5469 
5470         zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5471             zfs_secpolicy_none);
5472         zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5473             zfs_secpolicy_destroy);
5474         zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5475             zfs_secpolicy_rollback);
5476         zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5477             zfs_secpolicy_rename);
5478         zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5479             zfs_secpolicy_recv);
5480         zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5481             zfs_secpolicy_promote);
5482         zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5483             zfs_secpolicy_hold);
5484         zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5485             zfs_secpolicy_release);
5486         zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5487             zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5488         zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5489             zfs_secpolicy_set_fsacl);
5490 
5491         zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5492             zfs_secpolicy_share, POOL_CHECK_NONE);
5493         zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5494             zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5495         zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5496             zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5497             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5498         zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5499             zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5500             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5501 }
5502 
5503 int
5504 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5505     zfs_ioc_poolcheck_t check)
5506 {
5507         spa_t *spa;
5508         int error;
5509 
5510         ASSERT(type == POOL_NAME || type == DATASET_NAME);
5511 
5512         if (check & POOL_CHECK_NONE)
5513                 return (0);
5514 
5515         error = spa_open(name, &spa, FTAG);
5516         if (error == 0) {
5517                 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5518                         error = EAGAIN;
5519                 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5520                         error = EROFS;
5521                 spa_close(spa, FTAG);
5522         }
5523         return (error);
5524 }
5525 
5526 /*
5527  * Find a free minor number.
5528  */
5529 minor_t
5530 zfsdev_minor_alloc(void)
5531 {
5532         static minor_t last_minor;
5533         minor_t m;
5534 
5535         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5536 
5537         for (m = last_minor + 1; m != last_minor; m++) {
5538                 if (m > ZFSDEV_MAX_MINOR)
5539                         m = 1;
5540                 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5541                         last_minor = m;
5542                         return (m);
5543                 }
5544         }
5545 
5546         return (0);
5547 }
5548 
5549 static int
5550 zfs_ctldev_init(dev_t *devp)
5551 {
5552         minor_t minor;
5553         zfs_soft_state_t *zs;
5554 
5555         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5556         ASSERT(getminor(*devp) == 0);
5557 
5558         minor = zfsdev_minor_alloc();
5559         if (minor == 0)
5560                 return (ENXIO);
5561 
5562         if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5563                 return (EAGAIN);
5564 
5565         *devp = makedevice(getemajor(*devp), minor);
5566 
5567         zs = ddi_get_soft_state(zfsdev_state, minor);
5568         zs->zss_type = ZSST_CTLDEV;
5569         zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5570 
5571         return (0);
5572 }
5573 
5574 static void
5575 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5576 {
5577         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5578 
5579         zfs_onexit_destroy(zo);
5580         ddi_soft_state_free(zfsdev_state, minor);
5581 }
5582 
5583 void *
5584 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5585 {
5586         zfs_soft_state_t *zp;
5587 
5588         zp = ddi_get_soft_state(zfsdev_state, minor);
5589         if (zp == NULL || zp->zss_type != which)
5590                 return (NULL);
5591 
5592         return (zp->zss_data);
5593 }
5594 
5595 static int
5596 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5597 {
5598         int error = 0;
5599 
5600         if (getminor(*devp) != 0)
5601                 return (zvol_open(devp, flag, otyp, cr));
5602 
5603         /* This is the control device. Allocate a new minor if requested. */
5604         if (flag & FEXCL) {
5605                 mutex_enter(&zfsdev_state_lock);
5606                 error = zfs_ctldev_init(devp);
5607                 mutex_exit(&zfsdev_state_lock);
5608         }
5609 
5610         return (error);
5611 }
5612 
5613 static int
5614 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5615 {
5616         zfs_onexit_t *zo;
5617         minor_t minor = getminor(dev);
5618 
5619         if (minor == 0)
5620                 return (0);
5621 
5622         mutex_enter(&zfsdev_state_lock);
5623         zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5624         if (zo == NULL) {
5625                 mutex_exit(&zfsdev_state_lock);
5626                 return (zvol_close(dev, flag, otyp, cr));
5627         }
5628         zfs_ctldev_destroy(zo, minor);
5629         mutex_exit(&zfsdev_state_lock);
5630 
5631         return (0);
5632 }
5633 
5634 static int
5635 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5636 {
5637         zfs_cmd_t *zc;
5638         uint_t vecnum;
5639         int error, rc, len;
5640         minor_t minor = getminor(dev);
5641         const zfs_ioc_vec_t *vec;
5642         char *saved_poolname = NULL;
5643         nvlist_t *innvl = NULL;
5644 
5645         if (minor != 0 &&
5646             zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5647                 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5648 
5649         vecnum = cmd - ZFS_IOC_FIRST;
5650         ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5651 
5652         if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5653                 return (EINVAL);
5654         vec = &zfs_ioc_vec[vecnum];
5655 
5656         zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5657 
5658         error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5659         if (error != 0) {
5660                 error = EFAULT;
5661                 goto out;
5662         }
5663 
5664         zc->zc_iflags = flag & FKIOCTL;
5665         if (zc->zc_nvlist_src_size != 0) {
5666                 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5667                     zc->zc_iflags, &innvl);
5668                 if (error != 0)
5669                         goto out;
5670         }
5671 
5672         /*
5673          * Ensure that all pool/dataset names are valid before we pass down to
5674          * the lower layers.
5675          */
5676         zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5677         switch (vec->zvec_namecheck) {
5678         case POOL_NAME:
5679                 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5680                         error = EINVAL;
5681                 else
5682                         error = pool_status_check(zc->zc_name,
5683                             vec->zvec_namecheck, vec->zvec_pool_check);
5684                 break;
5685 
5686         case DATASET_NAME:
5687                 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5688                         error = EINVAL;
5689                 else
5690                         error = pool_status_check(zc->zc_name,
5691                             vec->zvec_namecheck, vec->zvec_pool_check);
5692                 break;
5693 
5694         case NO_NAME:
5695                 break;
5696         }
5697 
5698 
5699         if (error == 0 && !(flag & FKIOCTL))
5700                 error = vec->zvec_secpolicy(zc, innvl, cr);
5701 
5702         if (error != 0)
5703                 goto out;
5704 
5705         /* legacy ioctls can modify zc_name */
5706         len = strcspn(zc->zc_name, "/@") + 1;
5707         saved_poolname = kmem_alloc(len, KM_SLEEP);
5708         (void) strlcpy(saved_poolname, zc->zc_name, len);
5709 
5710         if (vec->zvec_func != NULL) {
5711                 nvlist_t *outnvl;
5712                 int puterror = 0;
5713                 spa_t *spa;
5714                 nvlist_t *lognv = NULL;
5715 
5716                 ASSERT(vec->zvec_legacy_func == NULL);
5717 
5718                 /*
5719                  * Add the innvl to the lognv before calling the func,
5720                  * in case the func changes the innvl.
5721                  */
5722                 if (vec->zvec_allow_log) {
5723                         lognv = fnvlist_alloc();
5724                         fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5725                             vec->zvec_name);
5726                         if (!nvlist_empty(innvl)) {
5727                                 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5728                                     innvl);
5729                         }
5730                 }
5731 
5732                 outnvl = fnvlist_alloc();
5733                 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5734 
5735                 if (error == 0 && vec->zvec_allow_log &&
5736                     spa_open(zc->zc_name, &spa, FTAG) == 0) {
5737                         if (!nvlist_empty(outnvl)) {
5738                                 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5739                                     outnvl);
5740                         }
5741                         (void) spa_history_log_nvl(spa, lognv);
5742                         spa_close(spa, FTAG);
5743                 }
5744                 fnvlist_free(lognv);
5745 
5746                 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5747                         int smusherror = 0;
5748                         if (vec->zvec_smush_outnvlist) {
5749                                 smusherror = nvlist_smush(outnvl,
5750                                     zc->zc_nvlist_dst_size);
5751                         }
5752                         if (smusherror == 0)
5753                                 puterror = put_nvlist(zc, outnvl);
5754                 }
5755 
5756                 if (puterror != 0)
5757                         error = puterror;
5758 
5759                 nvlist_free(outnvl);
5760         } else {
5761                 error = vec->zvec_legacy_func(zc);
5762         }
5763 
5764 out:
5765         nvlist_free(innvl);
5766         rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5767         if (error == 0 && rc != 0)
5768                 error = EFAULT;
5769         if (error == 0 && vec->zvec_allow_log) {
5770                 char *s = tsd_get(zfs_allow_log_key);
5771                 if (s != NULL)
5772                         strfree(s);
5773                 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5774         } else {
5775                 if (saved_poolname != NULL)
5776                         strfree(saved_poolname);
5777         }
5778 
5779         kmem_free(zc, sizeof (zfs_cmd_t));
5780         return (error);
5781 }
5782 
5783 static int
5784 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5785 {
5786         if (cmd != DDI_ATTACH)
5787                 return (DDI_FAILURE);
5788 
5789         if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5790             DDI_PSEUDO, 0) == DDI_FAILURE)
5791                 return (DDI_FAILURE);
5792 
5793         zfs_dip = dip;
5794 
5795         ddi_report_dev(dip);
5796 
5797         return (DDI_SUCCESS);
5798 }
5799 
5800 static int
5801 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5802 {
5803         if (spa_busy() || zfs_busy() || zvol_busy())
5804                 return (DDI_FAILURE);
5805 
5806         if (cmd != DDI_DETACH)
5807                 return (DDI_FAILURE);
5808 
5809         zfs_dip = NULL;
5810 
5811         ddi_prop_remove_all(dip);
5812         ddi_remove_minor_node(dip, NULL);
5813 
5814         return (DDI_SUCCESS);
5815 }
5816 
5817 /*ARGSUSED*/
5818 static int
5819 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5820 {
5821         switch (infocmd) {
5822         case DDI_INFO_DEVT2DEVINFO:
5823                 *result = zfs_dip;
5824                 return (DDI_SUCCESS);
5825 
5826         case DDI_INFO_DEVT2INSTANCE:
5827                 *result = (void *)0;
5828                 return (DDI_SUCCESS);
5829         }
5830 
5831         return (DDI_FAILURE);
5832 }
5833 
5834 /*
5835  * OK, so this is a little weird.
5836  *
5837  * /dev/zfs is the control node, i.e. minor 0.
5838  * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5839  *
5840  * /dev/zfs has basically nothing to do except serve up ioctls,
5841  * so most of the standard driver entry points are in zvol.c.
5842  */
5843 static struct cb_ops zfs_cb_ops = {
5844         zfsdev_open,    /* open */
5845         zfsdev_close,   /* close */
5846         zvol_strategy,  /* strategy */
5847         nodev,          /* print */
5848         zvol_dump,      /* dump */
5849         zvol_read,      /* read */
5850         zvol_write,     /* write */
5851         zfsdev_ioctl,   /* ioctl */
5852         nodev,          /* devmap */
5853         nodev,          /* mmap */
5854         nodev,          /* segmap */
5855         nochpoll,       /* poll */
5856         ddi_prop_op,    /* prop_op */
5857         NULL,           /* streamtab */
5858         D_NEW | D_MP | D_64BIT,         /* Driver compatibility flag */
5859         CB_REV,         /* version */
5860         nodev,          /* async read */
5861         nodev,          /* async write */
5862 };
5863 
5864 static struct dev_ops zfs_dev_ops = {
5865         DEVO_REV,       /* version */
5866         0,              /* refcnt */
5867         zfs_info,       /* info */
5868         nulldev,        /* identify */
5869         nulldev,        /* probe */
5870         zfs_attach,     /* attach */
5871         zfs_detach,     /* detach */
5872         nodev,          /* reset */
5873         &zfs_cb_ops,        /* driver operations */
5874         NULL,           /* no bus operations */
5875         NULL,           /* power */
5876         ddi_quiesce_not_needed, /* quiesce */
5877 };
5878 
5879 static struct modldrv zfs_modldrv = {
5880         &mod_driverops,
5881         "ZFS storage pool",
5882         &zfs_dev_ops
5883 };
5884 
5885 static struct modlinkage modlinkage = {
5886         MODREV_1,
5887         (void *)&zfs_modlfs,
5888         (void *)&zfs_modldrv,
5889         NULL
5890 };
5891 
5892 static void
5893 zfs_allow_log_destroy(void *arg)
5894 {
5895         char *poolname = arg;
5896         strfree(poolname);
5897 }
5898 
5899 int
5900 _init(void)
5901 {
5902         int error;
5903 
5904         spa_init(FREAD | FWRITE);
5905         zfs_init();
5906         zvol_init();
5907         zfs_ioctl_init();
5908 
5909         if ((error = mod_install(&modlinkage)) != 0) {
5910                 zvol_fini();
5911                 zfs_fini();
5912                 spa_fini();
5913                 return (error);
5914         }
5915 
5916         tsd_create(&zfs_fsyncer_key, NULL);
5917         tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5918         tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5919 
5920         error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5921         ASSERT(error == 0);
5922         mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5923 
5924         return (0);
5925 }
5926 
5927 int
5928 _fini(void)
5929 {
5930         int error;
5931 
5932         if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5933                 return (EBUSY);
5934 
5935         if ((error = mod_remove(&modlinkage)) != 0)
5936                 return (error);
5937 
5938         zvol_fini();
5939         zfs_fini();
5940         spa_fini();
5941         if (zfs_nfsshare_inited)
5942                 (void) ddi_modclose(nfs_mod);
5943         if (zfs_smbshare_inited)
5944                 (void) ddi_modclose(smbsrv_mod);
5945         if (zfs_nfsshare_inited || zfs_smbshare_inited)
5946                 (void) ddi_modclose(sharefs_mod);
5947 
5948         tsd_destroy(&zfs_fsyncer_key);
5949         ldi_ident_release(zfs_li);
5950         zfs_li = NULL;
5951         mutex_destroy(&zfs_share_lock);
5952 
5953         return (error);
5954 }
5955 
5956 int
5957 _info(struct modinfo *modinfop)
5958 {
5959         return (mod_info(&modlinkage, modinfop));
5960 }