1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012 by Delphix. All rights reserved.
27 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
28 */
29
30 /*
31 * ZFS ioctls.
32 *
33 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
34 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
35 *
36 * There are two ways that we handle ioctls: the legacy way where almost
37 * all of the logic is in the ioctl callback, and the new way where most
38 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
39 *
40 * Non-legacy ioctls should be registered by calling
41 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
42 * from userland by lzc_ioctl().
43 *
44 * The registration arguments are as follows:
45 *
46 * const char *name
47 * The name of the ioctl. This is used for history logging. If the
48 * ioctl returns successfully (the callback returns 0), and allow_log
49 * is true, then a history log entry will be recorded with the input &
50 * output nvlists. The log entry can be printed with "zpool history -i".
51 *
52 * zfs_ioc_t ioc
53 * The ioctl request number, which userland will pass to ioctl(2).
54 * The ioctl numbers can change from release to release, because
55 * the caller (libzfs) must be matched to the kernel.
56 *
57 * zfs_secpolicy_func_t *secpolicy
58 * This function will be called before the zfs_ioc_func_t, to
59 * determine if this operation is permitted. It should return EPERM
60 * on failure, and 0 on success. Checks include determining if the
61 * dataset is visible in this zone, and if the user has either all
62 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
63 * to do this operation on this dataset with "zfs allow".
64 *
65 * zfs_ioc_namecheck_t namecheck
66 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
67 * name, a dataset name, or nothing. If the name is not well-formed,
68 * the ioctl will fail and the callback will not be called.
69 * Therefore, the callback can assume that the name is well-formed
70 * (e.g. is null-terminated, doesn't have more than one '@' character,
71 * doesn't have invalid characters).
72 *
73 * zfs_ioc_poolcheck_t pool_check
74 * This specifies requirements on the pool state. If the pool does
75 * not meet them (is suspended or is readonly), the ioctl will fail
76 * and the callback will not be called. If any checks are specified
77 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
78 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
79 * POOL_CHECK_READONLY).
80 *
81 * boolean_t smush_outnvlist
82 * If smush_outnvlist is true, then the output is presumed to be a
83 * list of errors, and it will be "smushed" down to fit into the
84 * caller's buffer, by removing some entries and replacing them with a
85 * single "N_MORE_ERRORS" entry indicating how many were removed. See
86 * nvlist_smush() for details. If smush_outnvlist is false, and the
87 * outnvlist does not fit into the userland-provided buffer, then the
88 * ioctl will fail with ENOMEM.
89 *
90 * zfs_ioc_func_t *func
91 * The callback function that will perform the operation.
92 *
93 * The callback should return 0 on success, or an error number on
94 * failure. If the function fails, the userland ioctl will return -1,
95 * and errno will be set to the callback's return value. The callback
96 * will be called with the following arguments:
97 *
98 * const char *name
99 * The name of the pool or dataset to operate on, from
100 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
101 * expected type (pool, dataset, or none).
102 *
103 * nvlist_t *innvl
104 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
105 * NULL if no input nvlist was provided. Changes to this nvlist are
106 * ignored. If the input nvlist could not be deserialized, the
107 * ioctl will fail and the callback will not be called.
108 *
109 * nvlist_t *outnvl
110 * The output nvlist, initially empty. The callback can fill it in,
111 * and it will be returned to userland by serializing it into
112 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
113 * fails (e.g. because the caller didn't supply a large enough
114 * buffer), then the overall ioctl will fail. See the
115 * 'smush_nvlist' argument above for additional behaviors.
116 *
117 * There are two typical uses of the output nvlist:
118 * - To return state, e.g. property values. In this case,
119 * smush_outnvlist should be false. If the buffer was not large
120 * enough, the caller will reallocate a larger buffer and try
121 * the ioctl again.
122 *
123 * - To return multiple errors from an ioctl which makes on-disk
124 * changes. In this case, smush_outnvlist should be true.
125 * Ioctls which make on-disk modifications should generally not
126 * use the outnvl if they succeed, because the caller can not
127 * distinguish between the operation failing, and
128 * deserialization failing.
129 */
130
131 #include <sys/types.h>
132 #include <sys/param.h>
133 #include <sys/errno.h>
134 #include <sys/uio.h>
135 #include <sys/buf.h>
136 #include <sys/modctl.h>
137 #include <sys/open.h>
138 #include <sys/file.h>
139 #include <sys/kmem.h>
140 #include <sys/conf.h>
141 #include <sys/cmn_err.h>
142 #include <sys/stat.h>
143 #include <sys/zfs_ioctl.h>
144 #include <sys/zfs_vfsops.h>
145 #include <sys/zfs_znode.h>
146 #include <sys/zap.h>
147 #include <sys/spa.h>
148 #include <sys/spa_impl.h>
149 #include <sys/vdev.h>
150 #include <sys/priv_impl.h>
151 #include <sys/dmu.h>
152 #include <sys/dsl_dir.h>
153 #include <sys/dsl_dataset.h>
154 #include <sys/dsl_prop.h>
155 #include <sys/dsl_deleg.h>
156 #include <sys/dmu_objset.h>
157 #include <sys/dmu_impl.h>
158 #include <sys/ddi.h>
159 #include <sys/sunddi.h>
160 #include <sys/sunldi.h>
161 #include <sys/policy.h>
162 #include <sys/zone.h>
163 #include <sys/nvpair.h>
164 #include <sys/pathname.h>
165 #include <sys/mount.h>
166 #include <sys/sdt.h>
167 #include <sys/fs/zfs.h>
168 #include <sys/zfs_ctldir.h>
169 #include <sys/zfs_dir.h>
170 #include <sys/zfs_onexit.h>
171 #include <sys/zvol.h>
172 #include <sys/dsl_scan.h>
173 #include <sharefs/share.h>
174 #include <sys/dmu_objset.h>
175
176 #include "zfs_namecheck.h"
177 #include "zfs_prop.h"
178 #include "zfs_deleg.h"
179 #include "zfs_comutil.h"
180
181 extern struct modlfs zfs_modlfs;
182
183 extern void zfs_init(void);
184 extern void zfs_fini(void);
185
186 ldi_ident_t zfs_li = NULL;
187 dev_info_t *zfs_dip;
188
189 uint_t zfs_fsyncer_key;
190 extern uint_t rrw_tsd_key;
191 static uint_t zfs_allow_log_key;
192
193 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
194 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
195 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
196
197 typedef enum {
198 NO_NAME,
199 POOL_NAME,
200 DATASET_NAME
201 } zfs_ioc_namecheck_t;
202
203 typedef enum {
204 POOL_CHECK_NONE = 1 << 0,
205 POOL_CHECK_SUSPENDED = 1 << 1,
206 POOL_CHECK_READONLY = 1 << 2,
207 } zfs_ioc_poolcheck_t;
208
209 typedef struct zfs_ioc_vec {
210 zfs_ioc_legacy_func_t *zvec_legacy_func;
211 zfs_ioc_func_t *zvec_func;
212 zfs_secpolicy_func_t *zvec_secpolicy;
213 zfs_ioc_namecheck_t zvec_namecheck;
214 boolean_t zvec_allow_log;
215 zfs_ioc_poolcheck_t zvec_pool_check;
216 boolean_t zvec_smush_outnvlist;
217 const char *zvec_name;
218 } zfs_ioc_vec_t;
219
220 /* This array is indexed by zfs_userquota_prop_t */
221 static const char *userquota_perms[] = {
222 ZFS_DELEG_PERM_USERUSED,
223 ZFS_DELEG_PERM_USERQUOTA,
224 ZFS_DELEG_PERM_GROUPUSED,
225 ZFS_DELEG_PERM_GROUPQUOTA,
226 };
227
228 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
229 static int zfs_check_settable(const char *name, nvpair_t *property,
230 cred_t *cr);
231 static int zfs_check_clearable(char *dataset, nvlist_t *props,
232 nvlist_t **errors);
233 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
234 boolean_t *);
235 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
236 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
237
238 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
239 void
240 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
241 {
242 const char *newfile;
243 char buf[512];
244 va_list adx;
245
246 /*
247 * Get rid of annoying "../common/" prefix to filename.
248 */
249 newfile = strrchr(file, '/');
250 if (newfile != NULL) {
251 newfile = newfile + 1; /* Get rid of leading / */
252 } else {
253 newfile = file;
254 }
255
256 va_start(adx, fmt);
257 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
258 va_end(adx);
259
260 /*
261 * To get this data, use the zfs-dprintf probe as so:
262 * dtrace -q -n 'zfs-dprintf \
263 * /stringof(arg0) == "dbuf.c"/ \
264 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
265 * arg0 = file name
266 * arg1 = function name
267 * arg2 = line number
268 * arg3 = message
269 */
270 DTRACE_PROBE4(zfs__dprintf,
271 char *, newfile, char *, func, int, line, char *, buf);
272 }
273
274 static void
275 history_str_free(char *buf)
276 {
277 kmem_free(buf, HIS_MAX_RECORD_LEN);
278 }
279
280 static char *
281 history_str_get(zfs_cmd_t *zc)
282 {
283 char *buf;
284
285 if (zc->zc_history == NULL)
286 return (NULL);
287
288 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
289 if (copyinstr((void *)(uintptr_t)zc->zc_history,
290 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
291 history_str_free(buf);
292 return (NULL);
293 }
294
295 buf[HIS_MAX_RECORD_LEN -1] = '\0';
296
297 return (buf);
298 }
299
300 /*
301 * Check to see if the named dataset is currently defined as bootable
302 */
303 static boolean_t
304 zfs_is_bootfs(const char *name)
305 {
306 objset_t *os;
307
308 if (dmu_objset_hold(name, FTAG, &os) == 0) {
309 boolean_t ret;
310 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
311 dmu_objset_rele(os, FTAG);
312 return (ret);
313 }
314 return (B_FALSE);
315 }
316
317 /*
318 * zfs_earlier_version
319 *
320 * Return non-zero if the spa version is less than requested version.
321 */
322 static int
323 zfs_earlier_version(const char *name, int version)
324 {
325 spa_t *spa;
326
327 if (spa_open(name, &spa, FTAG) == 0) {
328 if (spa_version(spa) < version) {
329 spa_close(spa, FTAG);
330 return (1);
331 }
332 spa_close(spa, FTAG);
333 }
334 return (0);
335 }
336
337 /*
338 * zpl_earlier_version
339 *
340 * Return TRUE if the ZPL version is less than requested version.
341 */
342 static boolean_t
343 zpl_earlier_version(const char *name, int version)
344 {
345 objset_t *os;
346 boolean_t rc = B_TRUE;
347
348 if (dmu_objset_hold(name, FTAG, &os) == 0) {
349 uint64_t zplversion;
350
351 if (dmu_objset_type(os) != DMU_OST_ZFS) {
352 dmu_objset_rele(os, FTAG);
353 return (B_TRUE);
354 }
355 /* XXX reading from non-owned objset */
356 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
357 rc = zplversion < version;
358 dmu_objset_rele(os, FTAG);
359 }
360 return (rc);
361 }
362
363 static void
364 zfs_log_history(zfs_cmd_t *zc)
365 {
366 spa_t *spa;
367 char *buf;
368
369 if ((buf = history_str_get(zc)) == NULL)
370 return;
371
372 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
373 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
374 (void) spa_history_log(spa, buf);
375 spa_close(spa, FTAG);
376 }
377 history_str_free(buf);
378 }
379
380 /*
381 * Policy for top-level read operations (list pools). Requires no privileges,
382 * and can be used in the local zone, as there is no associated dataset.
383 */
384 /* ARGSUSED */
385 static int
386 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
387 {
388 return (0);
389 }
390
391 /*
392 * Policy for dataset read operations (list children, get statistics). Requires
393 * no privileges, but must be visible in the local zone.
394 */
395 /* ARGSUSED */
396 static int
397 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
398 {
399 if (INGLOBALZONE(curproc) ||
400 zone_dataset_visible(zc->zc_name, NULL))
401 return (0);
402
403 return (ENOENT);
404 }
405
406 static int
407 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
408 {
409 int writable = 1;
410
411 /*
412 * The dataset must be visible by this zone -- check this first
413 * so they don't see EPERM on something they shouldn't know about.
414 */
415 if (!INGLOBALZONE(curproc) &&
416 !zone_dataset_visible(dataset, &writable))
417 return (ENOENT);
418
419 if (INGLOBALZONE(curproc)) {
420 /*
421 * If the fs is zoned, only root can access it from the
422 * global zone.
423 */
424 if (secpolicy_zfs(cr) && zoned)
425 return (EPERM);
426 } else {
427 /*
428 * If we are in a local zone, the 'zoned' property must be set.
429 */
430 if (!zoned)
431 return (EPERM);
432
433 /* must be writable by this zone */
434 if (!writable)
435 return (EPERM);
436 }
437 return (0);
438 }
439
440 static int
441 zfs_dozonecheck(const char *dataset, cred_t *cr)
442 {
443 uint64_t zoned;
444
445 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
446 return (ENOENT);
447
448 return (zfs_dozonecheck_impl(dataset, zoned, cr));
449 }
450
451 static int
452 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
453 {
454 uint64_t zoned;
455
456 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
457 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
458 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
459 return (ENOENT);
460 }
461 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
468 {
469 int error;
470 dsl_dataset_t *ds;
471
472 error = dsl_dataset_hold(name, FTAG, &ds);
473 if (error != 0)
474 return (error);
475
476 error = zfs_dozonecheck_ds(name, ds, cr);
477 if (error == 0) {
478 error = secpolicy_zfs(cr);
479 if (error)
480 error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
481 }
482
483 dsl_dataset_rele(ds, FTAG);
484 return (error);
485 }
486
487 static int
488 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
489 const char *perm, cred_t *cr)
490 {
491 int error;
492
493 error = zfs_dozonecheck_ds(name, ds, cr);
494 if (error == 0) {
495 error = secpolicy_zfs(cr);
496 if (error)
497 error = dsl_deleg_access_impl(ds, perm, cr, B_TRUE);
498 }
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
508 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
509 {
510 char ds_hexsl[MAXNAMELEN];
511 bslabel_t ds_sl, new_sl;
512 boolean_t new_default = FALSE;
513 uint64_t zoned;
514 int needed_priv = -1;
515 int error;
516
517 /* First get the existing dataset label. */
518 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
519 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
520 if (error)
521 return (EPERM);
522
523 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
524 new_default = TRUE;
525
526 /* The label must be translatable */
527 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
528 return (EINVAL);
529
530 /*
531 * In a non-global zone, disallow attempts to set a label that
532 * doesn't match that of the zone; otherwise no other checks
533 * are needed.
534 */
535 if (!INGLOBALZONE(curproc)) {
536 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
537 return (EPERM);
538 return (0);
539 }
540
541 /*
542 * For global-zone datasets (i.e., those whose zoned property is
543 * "off", verify that the specified new label is valid for the
544 * global zone.
545 */
546 if (dsl_prop_get_integer(name,
547 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
548 return (EPERM);
549 if (!zoned) {
550 if (zfs_check_global_label(name, strval) != 0)
551 return (EPERM);
552 }
553
554 /*
555 * If the existing dataset label is nondefault, check if the
556 * dataset is mounted (label cannot be changed while mounted).
557 * Get the zfsvfs; if there isn't one, then the dataset isn't
558 * mounted (or isn't a dataset, doesn't exist, ...).
559 */
560 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
561 objset_t *os;
562 static char *setsl_tag = "setsl_tag";
563
564 /*
565 * Try to own the dataset; abort if there is any error,
566 * (e.g., already mounted, in use, or other error).
567 */
568 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
569 setsl_tag, &os);
570 if (error)
571 return (EPERM);
572
573 dmu_objset_disown(os, setsl_tag);
574
575 if (new_default) {
576 needed_priv = PRIV_FILE_DOWNGRADE_SL;
577 goto out_check;
578 }
579
580 if (hexstr_to_label(strval, &new_sl) != 0)
581 return (EPERM);
582
583 if (blstrictdom(&ds_sl, &new_sl))
584 needed_priv = PRIV_FILE_DOWNGRADE_SL;
585 else if (blstrictdom(&new_sl, &ds_sl))
586 needed_priv = PRIV_FILE_UPGRADE_SL;
587 } else {
588 /* dataset currently has a default label */
589 if (!new_default)
590 needed_priv = PRIV_FILE_UPGRADE_SL;
591 }
592
593 out_check:
594 if (needed_priv != -1)
595 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
596 return (0);
597 }
598
599 static int
600 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
601 cred_t *cr)
602 {
603 char *strval;
604
605 /*
606 * Check permissions for special properties.
607 */
608 switch (prop) {
609 case ZFS_PROP_DEDUP:
610 case ZFS_PROP_ZONED:
611 /*
612 * Disallow setting these properties from within a local zone.
613 */
614 if (!INGLOBALZONE(curproc))
615 return (EPERM);
616 break;
617
618 case ZFS_PROP_QUOTA:
619 case ZFS_PROP_FILESYSTEM_LIMIT:
620 case ZFS_PROP_SNAPSHOT_LIMIT:
621 if (!INGLOBALZONE(curproc)) {
622 uint64_t zoned;
623 char setpoint[MAXNAMELEN];
624 /*
625 * Unprivileged users are allowed to modify the
626 * limit on things *under* (ie. contained by)
627 * the thing they own.
628 */
629 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
630 setpoint))
631 return (EPERM);
632 if (!zoned || strlen(dsname) <= strlen(setpoint))
633 return (EPERM);
634 }
635 break;
636
637 case ZFS_PROP_MLSLABEL:
638 if (!is_system_labeled())
639 return (EPERM);
640
641 if (nvpair_value_string(propval, &strval) == 0) {
642 int err;
643
644 err = zfs_set_slabel_policy(dsname, strval, CRED());
645 if (err != 0)
646 return (err);
647 }
648 break;
649 }
650
651 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
652 }
653
654 /* ARGSUSED */
655 static int
656 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
657 {
658 int error;
659
660 error = zfs_dozonecheck(zc->zc_name, cr);
661 if (error)
662 return (error);
663
664 /*
665 * permission to set permissions will be evaluated later in
666 * dsl_deleg_can_allow()
667 */
668 return (0);
669 }
670
671 /* ARGSUSED */
672 static int
673 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
674 {
675 return (zfs_secpolicy_write_perms(zc->zc_name,
676 ZFS_DELEG_PERM_ROLLBACK, cr));
677 }
678
679 /* ARGSUSED */
680 static int
681 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
682 {
683 spa_t *spa;
684 dsl_pool_t *dp;
685 dsl_dataset_t *ds;
686 char *cp;
687 int error;
688
689 /*
690 * Generate the current snapshot name from the given objsetid, then
691 * use that name for the secpolicy/zone checks.
692 */
693 cp = strchr(zc->zc_name, '@');
694 if (cp == NULL)
695 return (EINVAL);
696 error = spa_open(zc->zc_name, &spa, FTAG);
697 if (error)
698 return (error);
699
700 dp = spa_get_dsl(spa);
701 rw_enter(&dp->dp_config_rwlock, RW_READER);
702 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
703 rw_exit(&dp->dp_config_rwlock);
704 spa_close(spa, FTAG);
705 if (error)
706 return (error);
707
708 dsl_dataset_name(ds, zc->zc_name);
709
710 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
711 ZFS_DELEG_PERM_SEND, cr);
712 dsl_dataset_rele(ds, FTAG);
713
714 return (error);
715 }
716
717 /* ARGSUSED */
718 static int
719 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
720 {
721 return (zfs_secpolicy_write_perms(zc->zc_name,
722 ZFS_DELEG_PERM_SEND, cr));
723 }
724
725 /* ARGSUSED */
726 static int
727 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
728 {
729 vnode_t *vp;
730 int error;
731
732 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
733 NO_FOLLOW, NULL, &vp)) != 0)
734 return (error);
735
736 /* Now make sure mntpnt and dataset are ZFS */
737
738 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
739 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
740 zc->zc_name) != 0)) {
741 VN_RELE(vp);
742 return (EPERM);
743 }
744
745 VN_RELE(vp);
746 return (dsl_deleg_access(zc->zc_name,
747 ZFS_DELEG_PERM_SHARE, cr));
748 }
749
750 int
751 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
752 {
753 if (!INGLOBALZONE(curproc))
754 return (EPERM);
755
756 if (secpolicy_nfs(cr) == 0) {
757 return (0);
758 } else {
759 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
760 }
761 }
762
763 int
764 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
765 {
766 if (!INGLOBALZONE(curproc))
767 return (EPERM);
768
769 if (secpolicy_smb(cr) == 0) {
770 return (0);
771 } else {
772 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
773 }
774 }
775
776 static int
777 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
778 {
779 char *cp;
780
781 /*
782 * Remove the @bla or /bla from the end of the name to get the parent.
783 */
784 (void) strncpy(parent, datasetname, parentsize);
785 cp = strrchr(parent, '@');
786 if (cp != NULL) {
787 cp[0] = '\0';
788 } else {
789 cp = strrchr(parent, '/');
790 if (cp == NULL)
791 return (ENOENT);
792 cp[0] = '\0';
793 }
794
795 return (0);
796 }
797
798 int
799 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
800 {
801 int error;
802
803 if ((error = zfs_secpolicy_write_perms(name,
804 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
805 return (error);
806
807 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
808 }
809
810 /* ARGSUSED */
811 static int
812 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
813 {
814 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
815 }
816
817 /*
818 * Destroying snapshots with delegated permissions requires
819 * descendant mount and destroy permissions.
820 */
821 /* ARGSUSED */
822 static int
823 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
824 {
825 nvlist_t *snaps;
826 nvpair_t *pair, *nextpair;
827 int error = 0;
828
829 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
830 return (EINVAL);
831 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
832 pair = nextpair) {
833 dsl_dataset_t *ds;
834
835 nextpair = nvlist_next_nvpair(snaps, pair);
836 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
837 if (error == 0) {
838 dsl_dataset_rele(ds, FTAG);
839 } else if (error == ENOENT) {
840 /*
841 * Ignore any snapshots that don't exist (we consider
842 * them "already destroyed"). Remove the name from the
843 * nvl here in case the snapshot is created between
844 * now and when we try to destroy it (in which case
845 * we don't want to destroy it since we haven't
846 * checked for permission).
847 */
848 fnvlist_remove_nvpair(snaps, pair);
849 error = 0;
850 continue;
851 } else {
852 break;
853 }
854 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
855 if (error != 0)
856 break;
857 }
858
859 return (error);
860 }
861
862 int
863 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
864 {
865 char parentname[MAXNAMELEN];
866 int error;
867
868 if ((error = zfs_secpolicy_write_perms(from,
869 ZFS_DELEG_PERM_RENAME, cr)) != 0)
870 return (error);
871
872 if ((error = zfs_secpolicy_write_perms(from,
873 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
874 return (error);
875
876 if ((error = zfs_get_parent(to, parentname,
877 sizeof (parentname))) != 0)
878 return (error);
879
880 if ((error = zfs_secpolicy_write_perms(parentname,
881 ZFS_DELEG_PERM_CREATE, cr)) != 0)
882 return (error);
883
884 if ((error = zfs_secpolicy_write_perms(parentname,
885 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
886 return (error);
887
888 return (error);
889 }
890
891 /* ARGSUSED */
892 static int
893 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
894 {
895 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
896 }
897
898 /* ARGSUSED */
899 static int
900 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
901 {
902 char parentname[MAXNAMELEN];
903 objset_t *clone;
904 int error;
905
906 error = zfs_secpolicy_write_perms(zc->zc_name,
907 ZFS_DELEG_PERM_PROMOTE, cr);
908 if (error)
909 return (error);
910
911 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
912
913 if (error == 0) {
914 dsl_dataset_t *pclone = NULL;
915 dsl_dir_t *dd;
916 dd = clone->os_dsl_dataset->ds_dir;
917
918 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
919 error = dsl_dataset_hold_obj(dd->dd_pool,
920 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
921 rw_exit(&dd->dd_pool->dp_config_rwlock);
922 if (error) {
923 dmu_objset_rele(clone, FTAG);
924 return (error);
925 }
926
927 error = zfs_secpolicy_write_perms(zc->zc_name,
928 ZFS_DELEG_PERM_MOUNT, cr);
929
930 dsl_dataset_name(pclone, parentname);
931 dmu_objset_rele(clone, FTAG);
932 dsl_dataset_rele(pclone, FTAG);
933 if (error == 0)
934 error = zfs_secpolicy_write_perms(parentname,
935 ZFS_DELEG_PERM_PROMOTE, cr);
936 }
937 return (error);
938 }
939
940 /* ARGSUSED */
941 static int
942 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
943 {
944 int error;
945
946 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
947 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
948 return (error);
949
950 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
951 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
952 return (error);
953
954 return (zfs_secpolicy_write_perms(zc->zc_name,
955 ZFS_DELEG_PERM_CREATE, cr));
956 }
957
958 int
959 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
960 {
961 return (zfs_secpolicy_write_perms(name,
962 ZFS_DELEG_PERM_SNAPSHOT, cr));
963 }
964
965 /*
966 * Check for permission to create each snapshot in the nvlist.
967 */
968 /* ARGSUSED */
969 static int
970 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
971 {
972 nvlist_t *snaps;
973 int error;
974 nvpair_t *pair;
975
976 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
977 return (EINVAL);
978 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
979 pair = nvlist_next_nvpair(snaps, pair)) {
980 char *name = nvpair_name(pair);
981 char *atp = strchr(name, '@');
982
983 if (atp == NULL) {
984 error = EINVAL;
985 break;
986 }
987 *atp = '\0';
988 error = zfs_secpolicy_snapshot_perms(name, cr);
989 *atp = '@';
990 if (error != 0)
991 break;
992 }
993 return (error);
994 }
995
996 /* ARGSUSED */
997 static int
998 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
999 {
1000 /*
1001 * Even root must have a proper TSD so that we know what pool
1002 * to log to.
1003 */
1004 if (tsd_get(zfs_allow_log_key) == NULL)
1005 return (EPERM);
1006 return (0);
1007 }
1008
1009 static int
1010 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1011 {
1012 char parentname[MAXNAMELEN];
1013 int error;
1014 char *origin;
1015
1016 if ((error = zfs_get_parent(zc->zc_name, parentname,
1017 sizeof (parentname))) != 0)
1018 return (error);
1019
1020 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1021 (error = zfs_secpolicy_write_perms(origin,
1022 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1023 return (error);
1024
1025 if ((error = zfs_secpolicy_write_perms(parentname,
1026 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1027 return (error);
1028
1029 return (zfs_secpolicy_write_perms(parentname,
1030 ZFS_DELEG_PERM_MOUNT, cr));
1031 }
1032
1033 /*
1034 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1035 * SYS_CONFIG privilege, which is not available in a local zone.
1036 */
1037 /* ARGSUSED */
1038 static int
1039 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1040 {
1041 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1042 return (EPERM);
1043
1044 return (0);
1045 }
1046
1047 /*
1048 * Policy for object to name lookups.
1049 */
1050 /* ARGSUSED */
1051 static int
1052 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1053 {
1054 int error;
1055
1056 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1057 return (0);
1058
1059 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1060 return (error);
1061 }
1062
1063 /*
1064 * Policy for fault injection. Requires all privileges.
1065 */
1066 /* ARGSUSED */
1067 static int
1068 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1069 {
1070 return (secpolicy_zinject(cr));
1071 }
1072
1073 /* ARGSUSED */
1074 static int
1075 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1076 {
1077 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1078
1079 if (prop == ZPROP_INVAL) {
1080 if (!zfs_prop_user(zc->zc_value))
1081 return (EINVAL);
1082 return (zfs_secpolicy_write_perms(zc->zc_name,
1083 ZFS_DELEG_PERM_USERPROP, cr));
1084 } else {
1085 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1086 NULL, cr));
1087 }
1088 }
1089
1090 static int
1091 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1092 {
1093 int err = zfs_secpolicy_read(zc, innvl, cr);
1094 if (err)
1095 return (err);
1096
1097 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1098 return (EINVAL);
1099
1100 if (zc->zc_value[0] == 0) {
1101 /*
1102 * They are asking about a posix uid/gid. If it's
1103 * themself, allow it.
1104 */
1105 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1106 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1107 if (zc->zc_guid == crgetuid(cr))
1108 return (0);
1109 } else {
1110 if (groupmember(zc->zc_guid, cr))
1111 return (0);
1112 }
1113 }
1114
1115 return (zfs_secpolicy_write_perms(zc->zc_name,
1116 userquota_perms[zc->zc_objset_type], cr));
1117 }
1118
1119 static int
1120 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1121 {
1122 int err = zfs_secpolicy_read(zc, innvl, cr);
1123 if (err)
1124 return (err);
1125
1126 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1127 return (EINVAL);
1128
1129 return (zfs_secpolicy_write_perms(zc->zc_name,
1130 userquota_perms[zc->zc_objset_type], cr));
1131 }
1132
1133 /* ARGSUSED */
1134 static int
1135 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1136 {
1137 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1138 NULL, cr));
1139 }
1140
1141 /* ARGSUSED */
1142 static int
1143 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1144 {
1145 return (zfs_secpolicy_write_perms(zc->zc_name,
1146 ZFS_DELEG_PERM_HOLD, cr));
1147 }
1148
1149 /* ARGSUSED */
1150 static int
1151 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1152 {
1153 return (zfs_secpolicy_write_perms(zc->zc_name,
1154 ZFS_DELEG_PERM_RELEASE, cr));
1155 }
1156
1157 /*
1158 * Policy for allowing temporary snapshots to be taken or released
1159 */
1160 static int
1161 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1162 {
1163 /*
1164 * A temporary snapshot is the same as a snapshot,
1165 * hold, destroy and release all rolled into one.
1166 * Delegated diff alone is sufficient that we allow this.
1167 */
1168 int error;
1169
1170 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1171 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1172 return (0);
1173
1174 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1175 if (!error)
1176 error = zfs_secpolicy_hold(zc, innvl, cr);
1177 if (!error)
1178 error = zfs_secpolicy_release(zc, innvl, cr);
1179 if (!error)
1180 error = zfs_secpolicy_destroy(zc, innvl, cr);
1181 return (error);
1182 }
1183
1184 /*
1185 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1186 */
1187 static int
1188 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1189 {
1190 char *packed;
1191 int error;
1192 nvlist_t *list = NULL;
1193
1194 /*
1195 * Read in and unpack the user-supplied nvlist.
1196 */
1197 if (size == 0)
1198 return (EINVAL);
1199
1200 packed = kmem_alloc(size, KM_SLEEP);
1201
1202 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1203 iflag)) != 0) {
1204 kmem_free(packed, size);
1205 return (error);
1206 }
1207
1208 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1209 kmem_free(packed, size);
1210 return (error);
1211 }
1212
1213 kmem_free(packed, size);
1214
1215 *nvp = list;
1216 return (0);
1217 }
1218
1219 /*
1220 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1221 * Entries will be removed from the end of the nvlist, and one int32 entry
1222 * named "N_MORE_ERRORS" will be added indicating how many entries were
1223 * removed.
1224 */
1225 static int
1226 nvlist_smush(nvlist_t *errors, size_t max)
1227 {
1228 size_t size;
1229
1230 size = fnvlist_size(errors);
1231
1232 if (size > max) {
1233 nvpair_t *more_errors;
1234 int n = 0;
1235
1236 if (max < 1024)
1237 return (ENOMEM);
1238
1239 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1240 more_errors = nvlist_prev_nvpair(errors, NULL);
1241
1242 do {
1243 nvpair_t *pair = nvlist_prev_nvpair(errors,
1244 more_errors);
1245 fnvlist_remove_nvpair(errors, pair);
1246 n++;
1247 size = fnvlist_size(errors);
1248 } while (size > max);
1249
1250 fnvlist_remove_nvpair(errors, more_errors);
1251 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1252 ASSERT3U(fnvlist_size(errors), <=, max);
1253 }
1254
1255 return (0);
1256 }
1257
1258 static int
1259 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1260 {
1261 char *packed = NULL;
1262 int error = 0;
1263 size_t size;
1264
1265 size = fnvlist_size(nvl);
1266
1267 if (size > zc->zc_nvlist_dst_size) {
1268 error = ENOMEM;
1269 } else {
1270 packed = fnvlist_pack(nvl, &size);
1271 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1272 size, zc->zc_iflags) != 0)
1273 error = EFAULT;
1274 fnvlist_pack_free(packed, size);
1275 }
1276
1277 zc->zc_nvlist_dst_size = size;
1278 zc->zc_nvlist_dst_filled = B_TRUE;
1279 return (error);
1280 }
1281
1282 static int
1283 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1284 {
1285 objset_t *os;
1286 int error;
1287
1288 error = dmu_objset_hold(dsname, FTAG, &os);
1289 if (error)
1290 return (error);
1291 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1292 dmu_objset_rele(os, FTAG);
1293 return (EINVAL);
1294 }
1295
1296 mutex_enter(&os->os_user_ptr_lock);
1297 *zfvp = dmu_objset_get_user(os);
1298 if (*zfvp) {
1299 VFS_HOLD((*zfvp)->z_vfs);
1300 } else {
1301 error = ESRCH;
1302 }
1303 mutex_exit(&os->os_user_ptr_lock);
1304 dmu_objset_rele(os, FTAG);
1305 return (error);
1306 }
1307
1308 /*
1309 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1310 * case its z_vfs will be NULL, and it will be opened as the owner.
1311 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1312 * which prevents all vnode ops from running.
1313 */
1314 static int
1315 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1316 {
1317 int error = 0;
1318
1319 if (getzfsvfs(name, zfvp) != 0)
1320 error = zfsvfs_create(name, zfvp);
1321 if (error == 0) {
1322 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1323 RW_READER, tag);
1324 if ((*zfvp)->z_unmounted) {
1325 /*
1326 * XXX we could probably try again, since the unmounting
1327 * thread should be just about to disassociate the
1328 * objset from the zfsvfs.
1329 */
1330 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1331 return (EBUSY);
1332 }
1333 }
1334 return (error);
1335 }
1336
1337 static void
1338 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1339 {
1340 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1341
1342 if (zfsvfs->z_vfs) {
1343 VFS_RELE(zfsvfs->z_vfs);
1344 } else {
1345 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1346 zfsvfs_free(zfsvfs);
1347 }
1348 }
1349
1350 static int
1351 zfs_ioc_pool_create(zfs_cmd_t *zc)
1352 {
1353 int error;
1354 nvlist_t *config, *props = NULL;
1355 nvlist_t *rootprops = NULL;
1356 nvlist_t *zplprops = NULL;
1357
1358 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1359 zc->zc_iflags, &config))
1360 return (error);
1361
1362 if (zc->zc_nvlist_src_size != 0 && (error =
1363 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1364 zc->zc_iflags, &props))) {
1365 nvlist_free(config);
1366 return (error);
1367 }
1368
1369 if (props) {
1370 nvlist_t *nvl = NULL;
1371 uint64_t version = SPA_VERSION;
1372
1373 (void) nvlist_lookup_uint64(props,
1374 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1375 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1376 error = EINVAL;
1377 goto pool_props_bad;
1378 }
1379 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1380 if (nvl) {
1381 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1382 if (error != 0) {
1383 nvlist_free(config);
1384 nvlist_free(props);
1385 return (error);
1386 }
1387 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1388 }
1389 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1390 error = zfs_fill_zplprops_root(version, rootprops,
1391 zplprops, NULL);
1392 if (error)
1393 goto pool_props_bad;
1394 }
1395
1396 error = spa_create(zc->zc_name, config, props, zplprops);
1397
1398 /*
1399 * Set the remaining root properties
1400 */
1401 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1402 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1403 (void) spa_destroy(zc->zc_name);
1404
1405 pool_props_bad:
1406 nvlist_free(rootprops);
1407 nvlist_free(zplprops);
1408 nvlist_free(config);
1409 nvlist_free(props);
1410
1411 return (error);
1412 }
1413
1414 static int
1415 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1416 {
1417 int error;
1418 zfs_log_history(zc);
1419 error = spa_destroy(zc->zc_name);
1420 if (error == 0)
1421 zvol_remove_minors(zc->zc_name);
1422 return (error);
1423 }
1424
1425 static int
1426 zfs_ioc_pool_import(zfs_cmd_t *zc)
1427 {
1428 nvlist_t *config, *props = NULL;
1429 uint64_t guid;
1430 int error;
1431
1432 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1433 zc->zc_iflags, &config)) != 0)
1434 return (error);
1435
1436 if (zc->zc_nvlist_src_size != 0 && (error =
1437 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1438 zc->zc_iflags, &props))) {
1439 nvlist_free(config);
1440 return (error);
1441 }
1442
1443 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1444 guid != zc->zc_guid)
1445 error = EINVAL;
1446 else
1447 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1448
1449 if (zc->zc_nvlist_dst != 0) {
1450 int err;
1451
1452 if ((err = put_nvlist(zc, config)) != 0)
1453 error = err;
1454 }
1455
1456 nvlist_free(config);
1457
1458 if (props)
1459 nvlist_free(props);
1460
1461 return (error);
1462 }
1463
1464 static int
1465 zfs_ioc_pool_export(zfs_cmd_t *zc)
1466 {
1467 int error;
1468 boolean_t force = (boolean_t)zc->zc_cookie;
1469 boolean_t hardforce = (boolean_t)zc->zc_guid;
1470
1471 zfs_log_history(zc);
1472 error = spa_export(zc->zc_name, NULL, force, hardforce);
1473 if (error == 0)
1474 zvol_remove_minors(zc->zc_name);
1475 return (error);
1476 }
1477
1478 static int
1479 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1480 {
1481 nvlist_t *configs;
1482 int error;
1483
1484 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1485 return (EEXIST);
1486
1487 error = put_nvlist(zc, configs);
1488
1489 nvlist_free(configs);
1490
1491 return (error);
1492 }
1493
1494 /*
1495 * inputs:
1496 * zc_name name of the pool
1497 *
1498 * outputs:
1499 * zc_cookie real errno
1500 * zc_nvlist_dst config nvlist
1501 * zc_nvlist_dst_size size of config nvlist
1502 */
1503 static int
1504 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1505 {
1506 nvlist_t *config;
1507 int error;
1508 int ret = 0;
1509
1510 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1511 sizeof (zc->zc_value));
1512
1513 if (config != NULL) {
1514 ret = put_nvlist(zc, config);
1515 nvlist_free(config);
1516
1517 /*
1518 * The config may be present even if 'error' is non-zero.
1519 * In this case we return success, and preserve the real errno
1520 * in 'zc_cookie'.
1521 */
1522 zc->zc_cookie = error;
1523 } else {
1524 ret = error;
1525 }
1526
1527 return (ret);
1528 }
1529
1530 /*
1531 * Try to import the given pool, returning pool stats as appropriate so that
1532 * user land knows which devices are available and overall pool health.
1533 */
1534 static int
1535 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1536 {
1537 nvlist_t *tryconfig, *config;
1538 int error;
1539
1540 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1541 zc->zc_iflags, &tryconfig)) != 0)
1542 return (error);
1543
1544 config = spa_tryimport(tryconfig);
1545
1546 nvlist_free(tryconfig);
1547
1548 if (config == NULL)
1549 return (EINVAL);
1550
1551 error = put_nvlist(zc, config);
1552 nvlist_free(config);
1553
1554 return (error);
1555 }
1556
1557 /*
1558 * inputs:
1559 * zc_name name of the pool
1560 * zc_cookie scan func (pool_scan_func_t)
1561 */
1562 static int
1563 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1564 {
1565 spa_t *spa;
1566 int error;
1567
1568 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1569 return (error);
1570
1571 if (zc->zc_cookie == POOL_SCAN_NONE)
1572 error = spa_scan_stop(spa);
1573 else
1574 error = spa_scan(spa, zc->zc_cookie);
1575
1576 spa_close(spa, FTAG);
1577
1578 return (error);
1579 }
1580
1581 static int
1582 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1583 {
1584 spa_t *spa;
1585 int error;
1586
1587 error = spa_open(zc->zc_name, &spa, FTAG);
1588 if (error == 0) {
1589 spa_freeze(spa);
1590 spa_close(spa, FTAG);
1591 }
1592 return (error);
1593 }
1594
1595 static int
1596 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1597 {
1598 spa_t *spa;
1599 int error;
1600
1601 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1602 return (error);
1603
1604 if (zc->zc_cookie < spa_version(spa) ||
1605 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1606 spa_close(spa, FTAG);
1607 return (EINVAL);
1608 }
1609
1610 spa_upgrade(spa, zc->zc_cookie);
1611 spa_close(spa, FTAG);
1612
1613 return (error);
1614 }
1615
1616 static int
1617 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1618 {
1619 spa_t *spa;
1620 char *hist_buf;
1621 uint64_t size;
1622 int error;
1623
1624 if ((size = zc->zc_history_len) == 0)
1625 return (EINVAL);
1626
1627 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1628 return (error);
1629
1630 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1631 spa_close(spa, FTAG);
1632 return (ENOTSUP);
1633 }
1634
1635 hist_buf = kmem_alloc(size, KM_SLEEP);
1636 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1637 &zc->zc_history_len, hist_buf)) == 0) {
1638 error = ddi_copyout(hist_buf,
1639 (void *)(uintptr_t)zc->zc_history,
1640 zc->zc_history_len, zc->zc_iflags);
1641 }
1642
1643 spa_close(spa, FTAG);
1644 kmem_free(hist_buf, size);
1645 return (error);
1646 }
1647
1648 static int
1649 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1650 {
1651 spa_t *spa;
1652 int error;
1653
1654 error = spa_open(zc->zc_name, &spa, FTAG);
1655 if (error == 0) {
1656 error = spa_change_guid(spa);
1657 spa_close(spa, FTAG);
1658 }
1659 return (error);
1660 }
1661
1662 static int
1663 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1664 {
1665 int error;
1666
1667 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1668 return (error);
1669
1670 return (0);
1671 }
1672
1673 /*
1674 * inputs:
1675 * zc_name name of filesystem
1676 * zc_obj object to find
1677 *
1678 * outputs:
1679 * zc_value name of object
1680 */
1681 static int
1682 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1683 {
1684 objset_t *os;
1685 int error;
1686
1687 /* XXX reading from objset not owned */
1688 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1689 return (error);
1690 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1691 dmu_objset_rele(os, FTAG);
1692 return (EINVAL);
1693 }
1694 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1695 sizeof (zc->zc_value));
1696 dmu_objset_rele(os, FTAG);
1697
1698 return (error);
1699 }
1700
1701 /*
1702 * inputs:
1703 * zc_name name of filesystem
1704 * zc_obj object to find
1705 *
1706 * outputs:
1707 * zc_stat stats on object
1708 * zc_value path to object
1709 */
1710 static int
1711 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1712 {
1713 objset_t *os;
1714 int error;
1715
1716 /* XXX reading from objset not owned */
1717 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1718 return (error);
1719 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1720 dmu_objset_rele(os, FTAG);
1721 return (EINVAL);
1722 }
1723 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1724 sizeof (zc->zc_value));
1725 dmu_objset_rele(os, FTAG);
1726
1727 return (error);
1728 }
1729
1730 static int
1731 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1732 {
1733 spa_t *spa;
1734 int error;
1735 nvlist_t *config, **l2cache, **spares;
1736 uint_t nl2cache = 0, nspares = 0;
1737
1738 error = spa_open(zc->zc_name, &spa, FTAG);
1739 if (error != 0)
1740 return (error);
1741
1742 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1743 zc->zc_iflags, &config);
1744 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1745 &l2cache, &nl2cache);
1746
1747 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1748 &spares, &nspares);
1749
1750 /*
1751 * A root pool with concatenated devices is not supported.
1752 * Thus, can not add a device to a root pool.
1753 *
1754 * Intent log device can not be added to a rootpool because
1755 * during mountroot, zil is replayed, a seperated log device
1756 * can not be accessed during the mountroot time.
1757 *
1758 * l2cache and spare devices are ok to be added to a rootpool.
1759 */
1760 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1761 nvlist_free(config);
1762 spa_close(spa, FTAG);
1763 return (EDOM);
1764 }
1765
1766 if (error == 0) {
1767 error = spa_vdev_add(spa, config);
1768 nvlist_free(config);
1769 }
1770 spa_close(spa, FTAG);
1771 return (error);
1772 }
1773
1774 /*
1775 * inputs:
1776 * zc_name name of the pool
1777 * zc_nvlist_conf nvlist of devices to remove
1778 * zc_cookie to stop the remove?
1779 */
1780 static int
1781 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1782 {
1783 spa_t *spa;
1784 int error;
1785
1786 error = spa_open(zc->zc_name, &spa, FTAG);
1787 if (error != 0)
1788 return (error);
1789 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1790 spa_close(spa, FTAG);
1791 return (error);
1792 }
1793
1794 static int
1795 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1796 {
1797 spa_t *spa;
1798 int error;
1799 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1800
1801 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1802 return (error);
1803 switch (zc->zc_cookie) {
1804 case VDEV_STATE_ONLINE:
1805 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1806 break;
1807
1808 case VDEV_STATE_OFFLINE:
1809 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1810 break;
1811
1812 case VDEV_STATE_FAULTED:
1813 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1814 zc->zc_obj != VDEV_AUX_EXTERNAL)
1815 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1816
1817 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1818 break;
1819
1820 case VDEV_STATE_DEGRADED:
1821 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1822 zc->zc_obj != VDEV_AUX_EXTERNAL)
1823 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1824
1825 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1826 break;
1827
1828 default:
1829 error = EINVAL;
1830 }
1831 zc->zc_cookie = newstate;
1832 spa_close(spa, FTAG);
1833 return (error);
1834 }
1835
1836 static int
1837 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1838 {
1839 spa_t *spa;
1840 int replacing = zc->zc_cookie;
1841 nvlist_t *config;
1842 int error;
1843
1844 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1845 return (error);
1846
1847 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1848 zc->zc_iflags, &config)) == 0) {
1849 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1850 nvlist_free(config);
1851 }
1852
1853 spa_close(spa, FTAG);
1854 return (error);
1855 }
1856
1857 static int
1858 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1859 {
1860 spa_t *spa;
1861 int error;
1862
1863 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1864 return (error);
1865
1866 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1867
1868 spa_close(spa, FTAG);
1869 return (error);
1870 }
1871
1872 static int
1873 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1874 {
1875 spa_t *spa;
1876 nvlist_t *config, *props = NULL;
1877 int error;
1878 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1879
1880 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1881 return (error);
1882
1883 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1884 zc->zc_iflags, &config)) {
1885 spa_close(spa, FTAG);
1886 return (error);
1887 }
1888
1889 if (zc->zc_nvlist_src_size != 0 && (error =
1890 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1891 zc->zc_iflags, &props))) {
1892 spa_close(spa, FTAG);
1893 nvlist_free(config);
1894 return (error);
1895 }
1896
1897 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1898
1899 spa_close(spa, FTAG);
1900
1901 nvlist_free(config);
1902 nvlist_free(props);
1903
1904 return (error);
1905 }
1906
1907 static int
1908 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1909 {
1910 spa_t *spa;
1911 char *path = zc->zc_value;
1912 uint64_t guid = zc->zc_guid;
1913 int error;
1914
1915 error = spa_open(zc->zc_name, &spa, FTAG);
1916 if (error != 0)
1917 return (error);
1918
1919 error = spa_vdev_setpath(spa, guid, path);
1920 spa_close(spa, FTAG);
1921 return (error);
1922 }
1923
1924 static int
1925 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1926 {
1927 spa_t *spa;
1928 char *fru = zc->zc_value;
1929 uint64_t guid = zc->zc_guid;
1930 int error;
1931
1932 error = spa_open(zc->zc_name, &spa, FTAG);
1933 if (error != 0)
1934 return (error);
1935
1936 error = spa_vdev_setfru(spa, guid, fru);
1937 spa_close(spa, FTAG);
1938 return (error);
1939 }
1940
1941 static int
1942 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os,
1943 boolean_t cachedpropsonly)
1944 {
1945 int error = 0;
1946 nvlist_t *nv;
1947
1948 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1949
1950 if (zc->zc_nvlist_dst != 0 &&
1951 (error = dsl_prop_get_all(os, &nv)) == 0) {
1952 dmu_objset_stats(os, nv);
1953 /*
1954 * NB: zvol_get_stats() will read the objset contents,
1955 * which we aren't supposed to do with a
1956 * DS_MODE_USER hold, because it could be
1957 * inconsistent. So this is a bit of a workaround...
1958 * XXX reading with out owning
1959 */
1960 if (!zc->zc_objset_stats.dds_inconsistent &&
1961 dmu_objset_type(os) == DMU_OST_ZVOL &&
1962 !cachedpropsonly) {
1963 error = zvol_get_stats(os, nv);
1964 if (error == EIO)
1965 return (error);
1966 VERIFY0(error);
1967 }
1968 error = put_nvlist(zc, nv);
1969 nvlist_free(nv);
1970 }
1971
1972 return (error);
1973 }
1974
1975 /*
1976 * inputs:
1977 * zc_name name of filesystem
1978 * zc_nvlist_dst_size size of buffer for property nvlist
1979 *
1980 * outputs:
1981 * zc_objset_stats stats
1982 * zc_nvlist_dst property nvlist
1983 * zc_nvlist_dst_size size of property nvlist
1984 */
1985 static int
1986 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1987 {
1988 objset_t *os = NULL;
1989 nvlist_t *nvl = NULL;
1990 boolean_t cachedpropsonly = B_FALSE;
1991 int error;
1992
1993 if (zc->zc_nvlist_src != NULL &&
1994 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1995 zc->zc_iflags, &nvl) != 0))
1996 return (error);
1997
1998 if (nvl != NULL) {
1999 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
2000 &cachedpropsonly);
2001 nvlist_free(nvl);
2002 }
2003
2004 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2005 return (error);
2006
2007 error = zfs_ioc_objset_stats_impl(zc, os, cachedpropsonly);
2008 dmu_objset_rele(os, FTAG);
2009
2010 return (error);
2011 }
2012
2013 /*
2014 * inputs:
2015 * zc_name name of filesystem
2016 * zc_nvlist_dst_size size of buffer for property nvlist
2017 *
2018 * outputs:
2019 * zc_nvlist_dst received property nvlist
2020 * zc_nvlist_dst_size size of received property nvlist
2021 *
2022 * Gets received properties (distinct from local properties on or after
2023 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2024 * local property values.
2025 */
2026 static int
2027 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2028 {
2029 objset_t *os = NULL;
2030 int error;
2031 nvlist_t *nv;
2032
2033 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2034 return (error);
2035
2036 /*
2037 * Without this check, we would return local property values if the
2038 * caller has not already received properties on or after
2039 * SPA_VERSION_RECVD_PROPS.
2040 */
2041 if (!dsl_prop_get_hasrecvd(os)) {
2042 dmu_objset_rele(os, FTAG);
2043 return (ENOTSUP);
2044 }
2045
2046 if (zc->zc_nvlist_dst != 0 &&
2047 (error = dsl_prop_get_received(os, &nv)) == 0) {
2048 error = put_nvlist(zc, nv);
2049 nvlist_free(nv);
2050 }
2051
2052 dmu_objset_rele(os, FTAG);
2053 return (error);
2054 }
2055
2056 static int
2057 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2058 {
2059 uint64_t value;
2060 int error;
2061
2062 /*
2063 * zfs_get_zplprop() will either find a value or give us
2064 * the default value (if there is one).
2065 */
2066 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2067 return (error);
2068 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2069 return (0);
2070 }
2071
2072 /*
2073 * inputs:
2074 * zc_name name of filesystem
2075 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2076 *
2077 * outputs:
2078 * zc_nvlist_dst zpl property nvlist
2079 * zc_nvlist_dst_size size of zpl property nvlist
2080 */
2081 static int
2082 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2083 {
2084 objset_t *os;
2085 int err;
2086
2087 /* XXX reading without owning */
2088 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2089 return (err);
2090
2091 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2092
2093 /*
2094 * NB: nvl_add_zplprop() will read the objset contents,
2095 * which we aren't supposed to do with a DS_MODE_USER
2096 * hold, because it could be inconsistent.
2097 */
2098 if (zc->zc_nvlist_dst != NULL &&
2099 !zc->zc_objset_stats.dds_inconsistent &&
2100 dmu_objset_type(os) == DMU_OST_ZFS) {
2101 nvlist_t *nv;
2102
2103 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2104 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2105 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2106 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2107 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2108 err = put_nvlist(zc, nv);
2109 nvlist_free(nv);
2110 } else {
2111 err = ENOENT;
2112 }
2113 dmu_objset_rele(os, FTAG);
2114 return (err);
2115 }
2116
2117 static boolean_t
2118 dataset_name_hidden(const char *name)
2119 {
2120 /*
2121 * Skip over datasets that are not visible in this zone,
2122 * internal datasets (which have a $ in their name), and
2123 * temporary datasets (which have a % in their name).
2124 */
2125 if (strchr(name, '$') != NULL)
2126 return (B_TRUE);
2127 if (strchr(name, '%') != NULL)
2128 return (B_TRUE);
2129 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2130 return (B_TRUE);
2131 return (B_FALSE);
2132 }
2133
2134 /*
2135 * inputs:
2136 * zc_name name of filesystem
2137 * zc_cookie zap cursor
2138 * zc_nvlist_dst_size size of buffer for property nvlist
2139 *
2140 * outputs:
2141 * zc_name name of next filesystem
2142 * zc_cookie zap cursor
2143 * zc_objset_stats stats
2144 * zc_nvlist_dst property nvlist
2145 * zc_nvlist_dst_size size of property nvlist
2146 */
2147 static int
2148 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2149 {
2150 objset_t *os;
2151 int error;
2152 char *p;
2153 size_t orig_len = strlen(zc->zc_name);
2154
2155 top:
2156 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2157 if (error == ENOENT)
2158 error = ESRCH;
2159 return (error);
2160 }
2161
2162 p = strrchr(zc->zc_name, '/');
2163 if (p == NULL || p[1] != '\0')
2164 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2165 p = zc->zc_name + strlen(zc->zc_name);
2166
2167 /*
2168 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
2169 * but is not declared void because its called by dmu_objset_find().
2170 */
2171 if (zc->zc_cookie == 0) {
2172 uint64_t cookie = 0;
2173 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2174
2175 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2176 if (!dataset_name_hidden(zc->zc_name))
2177 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2178 }
2179 }
2180
2181 do {
2182 error = dmu_dir_list_next(os,
2183 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2184 NULL, &zc->zc_cookie);
2185 if (error == ENOENT)
2186 error = ESRCH;
2187 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2188 dmu_objset_rele(os, FTAG);
2189
2190 /*
2191 * If it's an internal dataset (ie. with a '$' in its name),
2192 * don't try to get stats for it, otherwise we'll return ENOENT.
2193 */
2194 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2195 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2196 if (error == ENOENT) {
2197 /* We lost a race with destroy, get the next one. */
2198 zc->zc_name[orig_len] = '\0';
2199 goto top;
2200 }
2201 }
2202 return (error);
2203 }
2204
2205 /*
2206 * inputs:
2207 * zc_name name of filesystem
2208 * zc_cookie zap cursor
2209 * zc_nvlist_dst_size size of buffer for property nvlist
2210 *
2211 * outputs:
2212 * zc_name name of next snapshot
2213 * zc_objset_stats stats
2214 * zc_nvlist_dst property nvlist
2215 * zc_nvlist_dst_size size of property nvlist
2216 */
2217 static int
2218 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2219 {
2220 objset_t *os;
2221 nvlist_t *nvl = NULL;
2222 boolean_t cachedpropsonly = B_FALSE;
2223 int error;
2224
2225 if (zc->zc_nvlist_src != NULL &&
2226 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2227 zc->zc_iflags, &nvl) != 0))
2228 return (error);
2229
2230 if (nvl != NULL) {
2231 (void) nvlist_lookup_boolean_value(nvl, "cachedpropsonly",
2232 &cachedpropsonly);
2233 nvlist_free(nvl);
2234 }
2235
2236 top:
2237 if (zc->zc_cookie == 0)
2238 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2239 NULL, DS_FIND_SNAPSHOTS);
2240
2241 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2242 if (error)
2243 return (error == ENOENT ? ESRCH : error);
2244
2245 /*
2246 * A dataset name of maximum length cannot have any snapshots,
2247 * so exit immediately.
2248 */
2249 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2250 dmu_objset_rele(os, FTAG);
2251 return (ESRCH);
2252 }
2253
2254 error = dmu_snapshot_list_next(os,
2255 sizeof (zc->zc_name) - strlen(zc->zc_name),
2256 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2257 NULL);
2258
2259 if (error == 0) {
2260 dsl_dataset_t *ds;
2261 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2262
2263 /*
2264 * Since we probably don't have a hold on this snapshot,
2265 * it's possible that the objsetid could have been destroyed
2266 * and reused for a new objset. It's OK if this happens during
2267 * a zfs send operation, since the new createtxg will be
2268 * beyond the range we're interested in.
2269 */
2270 rw_enter(&dp->dp_config_rwlock, RW_READER);
2271 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2272 rw_exit(&dp->dp_config_rwlock);
2273 if (error) {
2274 if (error == ENOENT) {
2275 /* Racing with destroy, get the next one. */
2276 *strchr(zc->zc_name, '@') = '\0';
2277 dmu_objset_rele(os, FTAG);
2278 goto top;
2279 }
2280 } else {
2281 objset_t *ossnap;
2282
2283 error = dmu_objset_from_ds(ds, &ossnap);
2284 if (error == 0) {
2285 error = zfs_ioc_objset_stats_impl(zc,
2286 ossnap, cachedpropsonly);
2287 }
2288 dsl_dataset_rele(ds, FTAG);
2289 }
2290 } else if (error == ENOENT) {
2291 error = ESRCH;
2292 }
2293
2294 dmu_objset_rele(os, FTAG);
2295 /* if we failed, undo the @ that we tacked on to zc_name */
2296 if (error)
2297 *strchr(zc->zc_name, '@') = '\0';
2298 return (error);
2299 }
2300
2301 static int
2302 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2303 {
2304 const char *propname = nvpair_name(pair);
2305 uint64_t *valary;
2306 unsigned int vallen;
2307 const char *domain;
2308 char *dash;
2309 zfs_userquota_prop_t type;
2310 uint64_t rid;
2311 uint64_t quota;
2312 zfsvfs_t *zfsvfs;
2313 int err;
2314
2315 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2316 nvlist_t *attrs;
2317 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2318 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2319 &pair) != 0)
2320 return (EINVAL);
2321 }
2322
2323 /*
2324 * A correctly constructed propname is encoded as
2325 * userquota@<rid>-<domain>.
2326 */
2327 if ((dash = strchr(propname, '-')) == NULL ||
2328 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2329 vallen != 3)
2330 return (EINVAL);
2331
2332 domain = dash + 1;
2333 type = valary[0];
2334 rid = valary[1];
2335 quota = valary[2];
2336
2337 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2338 if (err == 0) {
2339 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2340 zfsvfs_rele(zfsvfs, FTAG);
2341 }
2342
2343 return (err);
2344 }
2345
2346 /*
2347 * If the named property is one that has a special function to set its value,
2348 * return 0 on success and a positive error code on failure; otherwise if it is
2349 * not one of the special properties handled by this function, return -1.
2350 *
2351 * XXX: It would be better for callers of the property interface if we handled
2352 * these special cases in dsl_prop.c (in the dsl layer).
2353 */
2354 static int
2355 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2356 nvpair_t *pair)
2357 {
2358 const char *propname = nvpair_name(pair);
2359 zfs_prop_t prop = zfs_name_to_prop(propname);
2360 uint64_t intval;
2361 int err;
2362
2363 if (prop == ZPROP_INVAL) {
2364 if (zfs_prop_userquota(propname))
2365 return (zfs_prop_set_userquota(dsname, pair));
2366 return (-1);
2367 }
2368
2369 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2370 nvlist_t *attrs;
2371 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2372 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2373 &pair) == 0);
2374 }
2375
2376 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2377 return (-1);
2378
2379 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2380
2381 switch (prop) {
2382 case ZFS_PROP_QUOTA:
2383 err = dsl_dir_set_quota(dsname, source, intval);
2384 break;
2385 case ZFS_PROP_REFQUOTA:
2386 err = dsl_dataset_set_quota(dsname, source, intval);
2387 break;
2388 case ZFS_PROP_FILESYSTEM_LIMIT:
2389 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2390 ZFS_PROP_FILESYSTEM_LIMIT);
2391 break;
2392 case ZFS_PROP_SNAPSHOT_LIMIT:
2393 err = dsl_dir_validate_fs_ss_limit(dsname, intval,
2394 ZFS_PROP_SNAPSHOT_LIMIT);
2395 break;
2396 case ZFS_PROP_RESERVATION:
2397 err = dsl_dir_set_reservation(dsname, source, intval);
2398 break;
2399 case ZFS_PROP_REFRESERVATION:
2400 err = dsl_dataset_set_reservation(dsname, source, intval);
2401 break;
2402 case ZFS_PROP_VOLSIZE:
2403 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2404 intval);
2405 break;
2406 case ZFS_PROP_VERSION:
2407 {
2408 zfsvfs_t *zfsvfs;
2409
2410 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2411 break;
2412
2413 err = zfs_set_version(zfsvfs, intval);
2414 zfsvfs_rele(zfsvfs, FTAG);
2415
2416 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2417 zfs_cmd_t *zc;
2418
2419 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2420 (void) strcpy(zc->zc_name, dsname);
2421 (void) zfs_ioc_userspace_upgrade(zc);
2422 kmem_free(zc, sizeof (zfs_cmd_t));
2423 }
2424 break;
2425 }
2426
2427 default:
2428 err = -1;
2429 }
2430
2431 return (err);
2432 }
2433
2434 /*
2435 * This function is best effort. If it fails to set any of the given properties,
2436 * it continues to set as many as it can and returns the last error
2437 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2438 * with the list of names of all the properties that failed along with the
2439 * corresponding error numbers.
2440 *
2441 * If every property is set successfully, zero is returned and errlist is not
2442 * modified.
2443 */
2444 int
2445 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2446 nvlist_t *errlist)
2447 {
2448 nvpair_t *pair;
2449 nvpair_t *propval;
2450 int rv = 0;
2451 uint64_t intval;
2452 char *strval;
2453 nvlist_t *genericnvl = fnvlist_alloc();
2454 nvlist_t *retrynvl = fnvlist_alloc();
2455
2456 retry:
2457 pair = NULL;
2458 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2459 const char *propname = nvpair_name(pair);
2460 zfs_prop_t prop = zfs_name_to_prop(propname);
2461 int err = 0;
2462
2463 /* decode the property value */
2464 propval = pair;
2465 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2466 nvlist_t *attrs;
2467 attrs = fnvpair_value_nvlist(pair);
2468 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2469 &propval) != 0)
2470 err = EINVAL;
2471 }
2472
2473 /* Validate value type */
2474 if (err == 0 && prop == ZPROP_INVAL) {
2475 if (zfs_prop_user(propname)) {
2476 if (nvpair_type(propval) != DATA_TYPE_STRING)
2477 err = EINVAL;
2478 } else if (zfs_prop_userquota(propname)) {
2479 if (nvpair_type(propval) !=
2480 DATA_TYPE_UINT64_ARRAY)
2481 err = EINVAL;
2482 } else {
2483 err = EINVAL;
2484 }
2485 } else if (err == 0) {
2486 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2487 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2488 err = EINVAL;
2489 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2490 const char *unused;
2491
2492 intval = fnvpair_value_uint64(propval);
2493
2494 switch (zfs_prop_get_type(prop)) {
2495 case PROP_TYPE_NUMBER:
2496 break;
2497 case PROP_TYPE_STRING:
2498 err = EINVAL;
2499 break;
2500 case PROP_TYPE_INDEX:
2501 if (zfs_prop_index_to_string(prop,
2502 intval, &unused) != 0)
2503 err = EINVAL;
2504 break;
2505 default:
2506 cmn_err(CE_PANIC,
2507 "unknown property type");
2508 }
2509 } else {
2510 err = EINVAL;
2511 }
2512 }
2513
2514 /* Validate permissions */
2515 if (err == 0)
2516 err = zfs_check_settable(dsname, pair, CRED());
2517
2518 if (err == 0) {
2519 err = zfs_prop_set_special(dsname, source, pair);
2520 if (err == -1) {
2521 /*
2522 * For better performance we build up a list of
2523 * properties to set in a single transaction.
2524 */
2525 err = nvlist_add_nvpair(genericnvl, pair);
2526 } else if (err != 0 && nvl != retrynvl) {
2527 /*
2528 * This may be a spurious error caused by
2529 * receiving quota and reservation out of order.
2530 * Try again in a second pass.
2531 */
2532 err = nvlist_add_nvpair(retrynvl, pair);
2533 }
2534 }
2535
2536 if (err != 0) {
2537 if (errlist != NULL)
2538 fnvlist_add_int32(errlist, propname, err);
2539 rv = err;
2540 }
2541 }
2542
2543 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2544 nvl = retrynvl;
2545 goto retry;
2546 }
2547
2548 if (!nvlist_empty(genericnvl) &&
2549 dsl_props_set(dsname, source, genericnvl) != 0) {
2550 /*
2551 * If this fails, we still want to set as many properties as we
2552 * can, so try setting them individually.
2553 */
2554 pair = NULL;
2555 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2556 const char *propname = nvpair_name(pair);
2557 int err = 0;
2558
2559 propval = pair;
2560 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2561 nvlist_t *attrs;
2562 attrs = fnvpair_value_nvlist(pair);
2563 propval = fnvlist_lookup_nvpair(attrs,
2564 ZPROP_VALUE);
2565 }
2566
2567 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2568 strval = fnvpair_value_string(propval);
2569 err = dsl_prop_set(dsname, propname, source, 1,
2570 strlen(strval) + 1, strval);
2571 } else {
2572 intval = fnvpair_value_uint64(propval);
2573 err = dsl_prop_set(dsname, propname, source, 8,
2574 1, &intval);
2575 }
2576
2577 if (err != 0) {
2578 if (errlist != NULL) {
2579 fnvlist_add_int32(errlist, propname,
2580 err);
2581 }
2582 rv = err;
2583 }
2584 }
2585 }
2586 nvlist_free(genericnvl);
2587 nvlist_free(retrynvl);
2588
2589 return (rv);
2590 }
2591
2592 /*
2593 * Check that all the properties are valid user properties.
2594 */
2595 static int
2596 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2597 {
2598 nvpair_t *pair = NULL;
2599 int error = 0;
2600
2601 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2602 const char *propname = nvpair_name(pair);
2603 char *valstr;
2604
2605 if (!zfs_prop_user(propname) ||
2606 nvpair_type(pair) != DATA_TYPE_STRING)
2607 return (EINVAL);
2608
2609 if (error = zfs_secpolicy_write_perms(fsname,
2610 ZFS_DELEG_PERM_USERPROP, CRED()))
2611 return (error);
2612
2613 if (strlen(propname) >= ZAP_MAXNAMELEN)
2614 return (ENAMETOOLONG);
2615
2616 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2617 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2618 return (E2BIG);
2619 }
2620 return (0);
2621 }
2622
2623 static void
2624 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2625 {
2626 nvpair_t *pair;
2627
2628 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2629
2630 pair = NULL;
2631 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2632 if (nvlist_exists(skipped, nvpair_name(pair)))
2633 continue;
2634
2635 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2636 }
2637 }
2638
2639 static int
2640 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2641 nvlist_t *skipped)
2642 {
2643 int err = 0;
2644 nvlist_t *cleared_props = NULL;
2645 props_skip(props, skipped, &cleared_props);
2646 if (!nvlist_empty(cleared_props)) {
2647 /*
2648 * Acts on local properties until the dataset has received
2649 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2650 */
2651 zprop_source_t flags = (ZPROP_SRC_NONE |
2652 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2653 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2654 }
2655 nvlist_free(cleared_props);
2656 return (err);
2657 }
2658
2659 /*
2660 * inputs:
2661 * zc_name name of filesystem
2662 * zc_value name of property to set
2663 * zc_nvlist_src{_size} nvlist of properties to apply
2664 * zc_cookie received properties flag
2665 *
2666 * outputs:
2667 * zc_nvlist_dst{_size} error for each unapplied received property
2668 */
2669 static int
2670 zfs_ioc_set_prop(zfs_cmd_t *zc)
2671 {
2672 nvlist_t *nvl;
2673 boolean_t received = zc->zc_cookie;
2674 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2675 ZPROP_SRC_LOCAL);
2676 nvlist_t *errors;
2677 int error;
2678
2679 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2680 zc->zc_iflags, &nvl)) != 0)
2681 return (error);
2682
2683 if (received) {
2684 nvlist_t *origprops;
2685 objset_t *os;
2686
2687 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2688 if (dsl_prop_get_received(os, &origprops) == 0) {
2689 (void) clear_received_props(os,
2690 zc->zc_name, origprops, nvl);
2691 nvlist_free(origprops);
2692 }
2693
2694 dsl_prop_set_hasrecvd(os);
2695 dmu_objset_rele(os, FTAG);
2696 }
2697 }
2698
2699 errors = fnvlist_alloc();
2700 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2701
2702 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2703 (void) put_nvlist(zc, errors);
2704 }
2705
2706 nvlist_free(errors);
2707 nvlist_free(nvl);
2708 return (error);
2709 }
2710
2711 /*
2712 * inputs:
2713 * zc_name name of filesystem
2714 * zc_value name of property to inherit
2715 * zc_cookie revert to received value if TRUE
2716 *
2717 * outputs: none
2718 */
2719 static int
2720 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2721 {
2722 const char *propname = zc->zc_value;
2723 zfs_prop_t prop = zfs_name_to_prop(propname);
2724 boolean_t received = zc->zc_cookie;
2725 zprop_source_t source = (received
2726 ? ZPROP_SRC_NONE /* revert to received value, if any */
2727 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2728
2729 if (received) {
2730 nvlist_t *dummy;
2731 nvpair_t *pair;
2732 zprop_type_t type;
2733 int err;
2734
2735 /*
2736 * zfs_prop_set_special() expects properties in the form of an
2737 * nvpair with type info.
2738 */
2739 if (prop == ZPROP_INVAL) {
2740 if (!zfs_prop_user(propname))
2741 return (EINVAL);
2742
2743 type = PROP_TYPE_STRING;
2744 } else if (prop == ZFS_PROP_VOLSIZE ||
2745 prop == ZFS_PROP_VERSION) {
2746 return (EINVAL);
2747 } else {
2748 type = zfs_prop_get_type(prop);
2749 }
2750
2751 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2752
2753 switch (type) {
2754 case PROP_TYPE_STRING:
2755 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2756 break;
2757 case PROP_TYPE_NUMBER:
2758 case PROP_TYPE_INDEX:
2759 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2760 break;
2761 default:
2762 nvlist_free(dummy);
2763 return (EINVAL);
2764 }
2765
2766 pair = nvlist_next_nvpair(dummy, NULL);
2767 err = zfs_prop_set_special(zc->zc_name, source, pair);
2768 nvlist_free(dummy);
2769 if (err != -1)
2770 return (err); /* special property already handled */
2771 } else {
2772 /*
2773 * Only check this in the non-received case. We want to allow
2774 * 'inherit -S' to revert non-inheritable properties like quota
2775 * and reservation to the received or default values even though
2776 * they are not considered inheritable.
2777 */
2778 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2779 return (EINVAL);
2780 }
2781
2782 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2783 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2784 }
2785
2786 static int
2787 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2788 {
2789 nvlist_t *props;
2790 spa_t *spa;
2791 int error;
2792 nvpair_t *pair;
2793
2794 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2795 zc->zc_iflags, &props))
2796 return (error);
2797
2798 /*
2799 * If the only property is the configfile, then just do a spa_lookup()
2800 * to handle the faulted case.
2801 */
2802 pair = nvlist_next_nvpair(props, NULL);
2803 if (pair != NULL && strcmp(nvpair_name(pair),
2804 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2805 nvlist_next_nvpair(props, pair) == NULL) {
2806 mutex_enter(&spa_namespace_lock);
2807 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2808 spa_configfile_set(spa, props, B_FALSE);
2809 spa_config_sync(spa, B_FALSE, B_TRUE);
2810 }
2811 mutex_exit(&spa_namespace_lock);
2812 if (spa != NULL) {
2813 nvlist_free(props);
2814 return (0);
2815 }
2816 }
2817
2818 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2819 nvlist_free(props);
2820 return (error);
2821 }
2822
2823 error = spa_prop_set(spa, props);
2824
2825 nvlist_free(props);
2826 spa_close(spa, FTAG);
2827
2828 return (error);
2829 }
2830
2831 static int
2832 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2833 {
2834 spa_t *spa;
2835 int error;
2836 nvlist_t *nvp = NULL;
2837
2838 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2839 /*
2840 * If the pool is faulted, there may be properties we can still
2841 * get (such as altroot and cachefile), so attempt to get them
2842 * anyway.
2843 */
2844 mutex_enter(&spa_namespace_lock);
2845 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2846 error = spa_prop_get(spa, &nvp);
2847 mutex_exit(&spa_namespace_lock);
2848 } else {
2849 error = spa_prop_get(spa, &nvp);
2850 spa_close(spa, FTAG);
2851 }
2852
2853 if (error == 0 && zc->zc_nvlist_dst != NULL)
2854 error = put_nvlist(zc, nvp);
2855 else
2856 error = EFAULT;
2857
2858 nvlist_free(nvp);
2859 return (error);
2860 }
2861
2862 /*
2863 * inputs:
2864 * zc_name name of filesystem
2865 * zc_nvlist_src{_size} nvlist of delegated permissions
2866 * zc_perm_action allow/unallow flag
2867 *
2868 * outputs: none
2869 */
2870 static int
2871 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2872 {
2873 int error;
2874 nvlist_t *fsaclnv = NULL;
2875
2876 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2877 zc->zc_iflags, &fsaclnv)) != 0)
2878 return (error);
2879
2880 /*
2881 * Verify nvlist is constructed correctly
2882 */
2883 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2884 nvlist_free(fsaclnv);
2885 return (EINVAL);
2886 }
2887
2888 /*
2889 * If we don't have PRIV_SYS_MOUNT, then validate
2890 * that user is allowed to hand out each permission in
2891 * the nvlist(s)
2892 */
2893
2894 error = secpolicy_zfs(CRED());
2895 if (error) {
2896 if (zc->zc_perm_action == B_FALSE) {
2897 error = dsl_deleg_can_allow(zc->zc_name,
2898 fsaclnv, CRED());
2899 } else {
2900 error = dsl_deleg_can_unallow(zc->zc_name,
2901 fsaclnv, CRED());
2902 }
2903 }
2904
2905 if (error == 0)
2906 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2907
2908 nvlist_free(fsaclnv);
2909 return (error);
2910 }
2911
2912 /*
2913 * inputs:
2914 * zc_name name of filesystem
2915 *
2916 * outputs:
2917 * zc_nvlist_src{_size} nvlist of delegated permissions
2918 */
2919 static int
2920 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2921 {
2922 nvlist_t *nvp;
2923 int error;
2924
2925 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2926 error = put_nvlist(zc, nvp);
2927 nvlist_free(nvp);
2928 }
2929
2930 return (error);
2931 }
2932
2933 /*
2934 * Search the vfs list for a specified resource. Returns a pointer to it
2935 * or NULL if no suitable entry is found. The caller of this routine
2936 * is responsible for releasing the returned vfs pointer.
2937 */
2938 static vfs_t *
2939 zfs_get_vfs(const char *resource)
2940 {
2941 struct vfs *vfsp;
2942 struct vfs *vfs_found = NULL;
2943
2944 vfs_list_read_lock();
2945 vfsp = rootvfs;
2946 do {
2947 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2948 VFS_HOLD(vfsp);
2949 vfs_found = vfsp;
2950 break;
2951 }
2952 vfsp = vfsp->vfs_next;
2953 } while (vfsp != rootvfs);
2954 vfs_list_unlock();
2955 return (vfs_found);
2956 }
2957
2958 /* ARGSUSED */
2959 static void
2960 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2961 {
2962 zfs_creat_t *zct = arg;
2963
2964 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2965 }
2966
2967 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2968
2969 /*
2970 * inputs:
2971 * createprops list of properties requested by creator
2972 * default_zplver zpl version to use if unspecified in createprops
2973 * fuids_ok fuids allowed in this version of the spa?
2974 * os parent objset pointer (NULL if root fs)
2975 *
2976 * outputs:
2977 * zplprops values for the zplprops we attach to the master node object
2978 * is_ci true if requested file system will be purely case-insensitive
2979 *
2980 * Determine the settings for utf8only, normalization and
2981 * casesensitivity. Specific values may have been requested by the
2982 * creator and/or we can inherit values from the parent dataset. If
2983 * the file system is of too early a vintage, a creator can not
2984 * request settings for these properties, even if the requested
2985 * setting is the default value. We don't actually want to create dsl
2986 * properties for these, so remove them from the source nvlist after
2987 * processing.
2988 */
2989 static int
2990 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2991 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2992 nvlist_t *zplprops, boolean_t *is_ci)
2993 {
2994 uint64_t sense = ZFS_PROP_UNDEFINED;
2995 uint64_t norm = ZFS_PROP_UNDEFINED;
2996 uint64_t u8 = ZFS_PROP_UNDEFINED;
2997 int error;
2998
2999 ASSERT(zplprops != NULL);
3000
3001 /*
3002 * Pull out creator prop choices, if any.
3003 */
3004 if (createprops) {
3005 (void) nvlist_lookup_uint64(createprops,
3006 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3007 (void) nvlist_lookup_uint64(createprops,
3008 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3009 (void) nvlist_remove_all(createprops,
3010 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3011 (void) nvlist_lookup_uint64(createprops,
3012 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3013 (void) nvlist_remove_all(createprops,
3014 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3015 (void) nvlist_lookup_uint64(createprops,
3016 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3017 (void) nvlist_remove_all(createprops,
3018 zfs_prop_to_name(ZFS_PROP_CASE));
3019 }
3020
3021 /*
3022 * If the zpl version requested is whacky or the file system
3023 * or pool is version is too "young" to support normalization
3024 * and the creator tried to set a value for one of the props,
3025 * error out.
3026 */
3027 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3028 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3029 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3030 (zplver < ZPL_VERSION_NORMALIZATION &&
3031 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3032 sense != ZFS_PROP_UNDEFINED)))
3033 return (ENOTSUP);
3034
3035 /*
3036 * Put the version in the zplprops
3037 */
3038 VERIFY(nvlist_add_uint64(zplprops,
3039 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3040
3041 if (norm == ZFS_PROP_UNDEFINED &&
3042 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3043 return (error);
3044 VERIFY(nvlist_add_uint64(zplprops,
3045 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3046
3047 /*
3048 * If we're normalizing, names must always be valid UTF-8 strings.
3049 */
3050 if (norm)
3051 u8 = 1;
3052 if (u8 == ZFS_PROP_UNDEFINED &&
3053 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3054 return (error);
3055 VERIFY(nvlist_add_uint64(zplprops,
3056 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3057
3058 if (sense == ZFS_PROP_UNDEFINED &&
3059 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3060 return (error);
3061 VERIFY(nvlist_add_uint64(zplprops,
3062 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3063
3064 if (is_ci)
3065 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3066
3067 return (0);
3068 }
3069
3070 static int
3071 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3072 nvlist_t *zplprops, boolean_t *is_ci)
3073 {
3074 boolean_t fuids_ok, sa_ok;
3075 uint64_t zplver = ZPL_VERSION;
3076 objset_t *os = NULL;
3077 char parentname[MAXNAMELEN];
3078 char *cp;
3079 spa_t *spa;
3080 uint64_t spa_vers;
3081 int error;
3082
3083 (void) strlcpy(parentname, dataset, sizeof (parentname));
3084 cp = strrchr(parentname, '/');
3085 ASSERT(cp != NULL);
3086 cp[0] = '\0';
3087
3088 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3089 return (error);
3090
3091 spa_vers = spa_version(spa);
3092 spa_close(spa, FTAG);
3093
3094 zplver = zfs_zpl_version_map(spa_vers);
3095 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3096 sa_ok = (zplver >= ZPL_VERSION_SA);
3097
3098 /*
3099 * Open parent object set so we can inherit zplprop values.
3100 */
3101 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3102 return (error);
3103
3104 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3105 zplprops, is_ci);
3106 dmu_objset_rele(os, FTAG);
3107 return (error);
3108 }
3109
3110 static int
3111 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3112 nvlist_t *zplprops, boolean_t *is_ci)
3113 {
3114 boolean_t fuids_ok;
3115 boolean_t sa_ok;
3116 uint64_t zplver = ZPL_VERSION;
3117 int error;
3118
3119 zplver = zfs_zpl_version_map(spa_vers);
3120 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3121 sa_ok = (zplver >= ZPL_VERSION_SA);
3122
3123 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3124 createprops, zplprops, is_ci);
3125 return (error);
3126 }
3127
3128 /*
3129 * innvl: {
3130 * "type" -> dmu_objset_type_t (int32)
3131 * (optional) "props" -> { prop -> value }
3132 * }
3133 *
3134 * outnvl: propname -> error code (int32)
3135 */
3136 static int
3137 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3138 {
3139 int error = 0;
3140 zfs_creat_t zct = { 0 };
3141 nvlist_t *nvprops = NULL;
3142 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3143 int32_t type32;
3144 dmu_objset_type_t type;
3145 boolean_t is_insensitive = B_FALSE;
3146
3147 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3148 return (EINVAL);
3149 type = type32;
3150 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3151
3152 switch (type) {
3153 case DMU_OST_ZFS:
3154 cbfunc = zfs_create_cb;
3155 break;
3156
3157 case DMU_OST_ZVOL:
3158 cbfunc = zvol_create_cb;
3159 break;
3160
3161 default:
3162 cbfunc = NULL;
3163 break;
3164 }
3165 if (strchr(fsname, '@') ||
3166 strchr(fsname, '%'))
3167 return (EINVAL);
3168
3169 zct.zct_props = nvprops;
3170
3171 if (cbfunc == NULL)
3172 return (EINVAL);
3173
3174 if (type == DMU_OST_ZVOL) {
3175 uint64_t volsize, volblocksize;
3176
3177 if (nvprops == NULL)
3178 return (EINVAL);
3179 if (nvlist_lookup_uint64(nvprops,
3180 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3181 return (EINVAL);
3182
3183 if ((error = nvlist_lookup_uint64(nvprops,
3184 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3185 &volblocksize)) != 0 && error != ENOENT)
3186 return (EINVAL);
3187
3188 if (error != 0)
3189 volblocksize = zfs_prop_default_numeric(
3190 ZFS_PROP_VOLBLOCKSIZE);
3191
3192 if ((error = zvol_check_volblocksize(
3193 volblocksize)) != 0 ||
3194 (error = zvol_check_volsize(volsize,
3195 volblocksize)) != 0)
3196 return (error);
3197 } else if (type == DMU_OST_ZFS) {
3198 int error;
3199
3200 /*
3201 * We have to have normalization and
3202 * case-folding flags correct when we do the
3203 * file system creation, so go figure them out
3204 * now.
3205 */
3206 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3207 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3208 error = zfs_fill_zplprops(fsname, nvprops,
3209 zct.zct_zplprops, &is_insensitive);
3210 if (error != 0) {
3211 nvlist_free(zct.zct_zplprops);
3212 return (error);
3213 }
3214 }
3215
3216 error = dmu_objset_create(fsname, type,
3217 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3218 nvlist_free(zct.zct_zplprops);
3219
3220 /*
3221 * It would be nice to do this atomically.
3222 */
3223 if (error == 0) {
3224 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3225 nvprops, outnvl);
3226 if (error != 0)
3227 (void) dmu_objset_destroy(fsname, B_FALSE);
3228 }
3229 return (error);
3230 }
3231
3232 /*
3233 * innvl: {
3234 * "origin" -> name of origin snapshot
3235 * (optional) "props" -> { prop -> value }
3236 * }
3237 *
3238 * outnvl: propname -> error code (int32)
3239 */
3240 static int
3241 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3242 {
3243 int error = 0;
3244 nvlist_t *nvprops = NULL;
3245 char *origin_name;
3246 dsl_dataset_t *origin;
3247
3248 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3249 return (EINVAL);
3250 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3251
3252 if (strchr(fsname, '@') ||
3253 strchr(fsname, '%'))
3254 return (EINVAL);
3255
3256 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3257 return (EINVAL);
3258
3259 error = dsl_dataset_hold(origin_name, FTAG, &origin);
3260 if (error)
3261 return (error);
3262
3263 error = dmu_objset_clone(fsname, origin, 0);
3264 dsl_dataset_rele(origin, FTAG);
3265 if (error)
3266 return (error);
3267
3268 /*
3269 * It would be nice to do this atomically.
3270 */
3271 if (error == 0) {
3272 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3273 nvprops, outnvl);
3274 if (error != 0)
3275 (void) dmu_objset_destroy(fsname, B_FALSE);
3276 }
3277 return (error);
3278 }
3279
3280 /*
3281 * innvl: {
3282 * "snaps" -> { snapshot1, snapshot2 }
3283 * (optional) "props" -> { prop -> value (string) }
3284 * }
3285 *
3286 * outnvl: snapshot -> error code (int32)
3287 *
3288 */
3289 static int
3290 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3291 {
3292 nvlist_t *snaps;
3293 nvlist_t *props = NULL;
3294 int error, poollen;
3295 nvpair_t *pair;
3296
3297 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3298 if ((error = zfs_check_userprops(poolname, props)) != 0)
3299 return (error);
3300
3301 if (!nvlist_empty(props) &&
3302 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3303 return (ENOTSUP);
3304
3305 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3306 return (EINVAL);
3307 poollen = strlen(poolname);
3308 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3309 pair = nvlist_next_nvpair(snaps, pair)) {
3310 const char *name = nvpair_name(pair);
3311 const char *cp = strchr(name, '@');
3312
3313 /*
3314 * The snap name must contain an @, and the part after it must
3315 * contain only valid characters.
3316 */
3317 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3318 return (EINVAL);
3319
3320 /*
3321 * The snap must be in the specified pool.
3322 */
3323 if (strncmp(name, poolname, poollen) != 0 ||
3324 (name[poollen] != '/' && name[poollen] != '@'))
3325 return (EXDEV);
3326
3327 /* This must be the only snap of this fs. */
3328 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3329 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3330 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3331 == 0) {
3332 return (EXDEV);
3333 }
3334 }
3335 }
3336
3337 error = dmu_objset_snapshot(snaps, props, outnvl);
3338 return (error);
3339 }
3340
3341 /*
3342 * innvl: "message" -> string
3343 */
3344 /* ARGSUSED */
3345 static int
3346 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3347 {
3348 char *message;
3349 spa_t *spa;
3350 int error;
3351 char *poolname;
3352
3353 /*
3354 * The poolname in the ioctl is not set, we get it from the TSD,
3355 * which was set at the end of the last successful ioctl that allows
3356 * logging. The secpolicy func already checked that it is set.
3357 * Only one log ioctl is allowed after each successful ioctl, so
3358 * we clear the TSD here.
3359 */
3360 poolname = tsd_get(zfs_allow_log_key);
3361 (void) tsd_set(zfs_allow_log_key, NULL);
3362 error = spa_open(poolname, &spa, FTAG);
3363 strfree(poolname);
3364 if (error != 0)
3365 return (error);
3366
3367 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3368 spa_close(spa, FTAG);
3369 return (EINVAL);
3370 }
3371
3372 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3373 spa_close(spa, FTAG);
3374 return (ENOTSUP);
3375 }
3376
3377 error = spa_history_log(spa, message);
3378 spa_close(spa, FTAG);
3379 return (error);
3380 }
3381
3382 /* ARGSUSED */
3383 int
3384 zfs_unmount_snap(const char *name, void *arg)
3385 {
3386 vfs_t *vfsp;
3387 int err;
3388
3389 if (strchr(name, '@') == NULL)
3390 return (0);
3391
3392 vfsp = zfs_get_vfs(name);
3393 if (vfsp == NULL)
3394 return (0);
3395
3396 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3397 VFS_RELE(vfsp);
3398 return (err);
3399 }
3400 VFS_RELE(vfsp);
3401
3402 /*
3403 * Always force the unmount for snapshots.
3404 */
3405 return (dounmount(vfsp, MS_FORCE, kcred));
3406 }
3407
3408 /*
3409 * innvl: {
3410 * "snaps" -> { snapshot1, snapshot2 }
3411 * (optional boolean) "defer"
3412 * }
3413 *
3414 * outnvl: snapshot -> error code (int32)
3415 *
3416 */
3417 static int
3418 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3419 {
3420 int poollen;
3421 nvlist_t *snaps;
3422 nvpair_t *pair;
3423 boolean_t defer;
3424
3425 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3426 return (EINVAL);
3427 defer = nvlist_exists(innvl, "defer");
3428
3429 poollen = strlen(poolname);
3430 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3431 pair = nvlist_next_nvpair(snaps, pair)) {
3432 const char *name = nvpair_name(pair);
3433
3434 /*
3435 * The snap must be in the specified pool.
3436 */
3437 if (strncmp(name, poolname, poollen) != 0 ||
3438 (name[poollen] != '/' && name[poollen] != '@'))
3439 return (EXDEV);
3440
3441 /*
3442 * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3443 * will deal with this gracefully (by filling in outnvl).
3444 */
3445 (void) zfs_unmount_snap(name, NULL);
3446 }
3447
3448 return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3449 }
3450
3451 /*
3452 * inputs:
3453 * zc_name name of dataset to destroy
3454 * zc_objset_type type of objset
3455 * zc_defer_destroy mark for deferred destroy
3456 *
3457 * outputs: none
3458 */
3459 static int
3460 zfs_ioc_destroy(zfs_cmd_t *zc)
3461 {
3462 int err;
3463 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3464 err = zfs_unmount_snap(zc->zc_name, NULL);
3465 if (err)
3466 return (err);
3467 }
3468
3469 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3470 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3471 (void) zvol_remove_minor(zc->zc_name);
3472 return (err);
3473 }
3474
3475 /*
3476 * inputs:
3477 * zc_name name of dataset to rollback (to most recent snapshot)
3478 *
3479 * outputs: none
3480 */
3481 static int
3482 zfs_ioc_rollback(zfs_cmd_t *zc)
3483 {
3484 dsl_dataset_t *ds, *clone;
3485 int error;
3486 zfsvfs_t *zfsvfs;
3487 char *clone_name;
3488
3489 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3490 if (error)
3491 return (error);
3492
3493 /* must not be a snapshot */
3494 if (dsl_dataset_is_snapshot(ds)) {
3495 dsl_dataset_rele(ds, FTAG);
3496 return (EINVAL);
3497 }
3498
3499 /* must have a most recent snapshot */
3500 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3501 dsl_dataset_rele(ds, FTAG);
3502 return (EINVAL);
3503 }
3504
3505 /*
3506 * Create clone of most recent snapshot.
3507 */
3508 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3509 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3510 if (error)
3511 goto out;
3512
3513 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3514 if (error)
3515 goto out;
3516
3517 /*
3518 * Do clone swap.
3519 */
3520 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3521 error = zfs_suspend_fs(zfsvfs);
3522 if (error == 0) {
3523 int resume_err;
3524
3525 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3526 error = dsl_dataset_clone_swap(clone, ds,
3527 B_TRUE);
3528 dsl_dataset_disown(ds, FTAG);
3529 ds = NULL;
3530 } else {
3531 error = EBUSY;
3532 }
3533 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3534 error = error ? error : resume_err;
3535 }
3536 VFS_RELE(zfsvfs->z_vfs);
3537 } else {
3538 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3539 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3540 dsl_dataset_disown(ds, FTAG);
3541 ds = NULL;
3542 } else {
3543 error = EBUSY;
3544 }
3545 }
3546
3547 /*
3548 * Destroy clone (which also closes it).
3549 */
3550 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3551
3552 out:
3553 strfree(clone_name);
3554 if (ds)
3555 dsl_dataset_rele(ds, FTAG);
3556 return (error);
3557 }
3558
3559 /*
3560 * inputs:
3561 * zc_name old name of dataset
3562 * zc_value new name of dataset
3563 * zc_cookie recursive flag (only valid for snapshots)
3564 *
3565 * outputs: none
3566 */
3567 static int
3568 zfs_ioc_rename(zfs_cmd_t *zc)
3569 {
3570 boolean_t recursive = zc->zc_cookie & 1;
3571
3572 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3573 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3574 strchr(zc->zc_value, '%'))
3575 return (EINVAL);
3576
3577 /*
3578 * Unmount snapshot unless we're doing a recursive rename,
3579 * in which case the dataset code figures out which snapshots
3580 * to unmount.
3581 */
3582 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3583 zc->zc_objset_type == DMU_OST_ZFS) {
3584 int err = zfs_unmount_snap(zc->zc_name, NULL);
3585 if (err)
3586 return (err);
3587 }
3588 if (zc->zc_objset_type == DMU_OST_ZVOL)
3589 (void) zvol_remove_minor(zc->zc_name);
3590 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3591 }
3592
3593 static int
3594 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3595 {
3596 const char *propname = nvpair_name(pair);
3597 boolean_t issnap = (strchr(dsname, '@') != NULL);
3598 zfs_prop_t prop = zfs_name_to_prop(propname);
3599 uint64_t intval;
3600 int err;
3601
3602 if (prop == ZPROP_INVAL) {
3603 if (zfs_prop_user(propname)) {
3604 if (err = zfs_secpolicy_write_perms(dsname,
3605 ZFS_DELEG_PERM_USERPROP, cr))
3606 return (err);
3607 return (0);
3608 }
3609
3610 if (!issnap && zfs_prop_userquota(propname)) {
3611 const char *perm = NULL;
3612 const char *uq_prefix =
3613 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3614 const char *gq_prefix =
3615 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3616
3617 if (strncmp(propname, uq_prefix,
3618 strlen(uq_prefix)) == 0) {
3619 perm = ZFS_DELEG_PERM_USERQUOTA;
3620 } else if (strncmp(propname, gq_prefix,
3621 strlen(gq_prefix)) == 0) {
3622 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3623 } else {
3624 /* USERUSED and GROUPUSED are read-only */
3625 return (EINVAL);
3626 }
3627
3628 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3629 return (err);
3630 return (0);
3631 }
3632
3633 return (EINVAL);
3634 }
3635
3636 if (issnap)
3637 return (EINVAL);
3638
3639 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3640 /*
3641 * dsl_prop_get_all_impl() returns properties in this
3642 * format.
3643 */
3644 nvlist_t *attrs;
3645 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3646 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3647 &pair) == 0);
3648 }
3649
3650 /*
3651 * Check that this value is valid for this pool version
3652 */
3653 switch (prop) {
3654 case ZFS_PROP_COMPRESSION:
3655 /*
3656 * If the user specified gzip compression, make sure
3657 * the SPA supports it. We ignore any errors here since
3658 * we'll catch them later.
3659 */
3660 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3661 nvpair_value_uint64(pair, &intval) == 0) {
3662 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3663 intval <= ZIO_COMPRESS_GZIP_9 &&
3664 zfs_earlier_version(dsname,
3665 SPA_VERSION_GZIP_COMPRESSION)) {
3666 return (ENOTSUP);
3667 }
3668
3669 if (intval == ZIO_COMPRESS_ZLE &&
3670 zfs_earlier_version(dsname,
3671 SPA_VERSION_ZLE_COMPRESSION))
3672 return (ENOTSUP);
3673
3674 /*
3675 * If this is a bootable dataset then
3676 * verify that the compression algorithm
3677 * is supported for booting. We must return
3678 * something other than ENOTSUP since it
3679 * implies a downrev pool version.
3680 */
3681 if (zfs_is_bootfs(dsname) &&
3682 !BOOTFS_COMPRESS_VALID(intval)) {
3683 return (ERANGE);
3684 }
3685 }
3686 break;
3687
3688 case ZFS_PROP_COPIES:
3689 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3690 return (ENOTSUP);
3691 break;
3692
3693 case ZFS_PROP_DEDUP:
3694 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3695 return (ENOTSUP);
3696 break;
3697
3698 case ZFS_PROP_SHARESMB:
3699 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3700 return (ENOTSUP);
3701 break;
3702
3703 case ZFS_PROP_ACLINHERIT:
3704 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3705 nvpair_value_uint64(pair, &intval) == 0) {
3706 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3707 zfs_earlier_version(dsname,
3708 SPA_VERSION_PASSTHROUGH_X))
3709 return (ENOTSUP);
3710 }
3711 break;
3712 }
3713
3714 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3715 }
3716
3717 /*
3718 * Removes properties from the given props list that fail permission checks
3719 * needed to clear them and to restore them in case of a receive error. For each
3720 * property, make sure we have both set and inherit permissions.
3721 *
3722 * Returns the first error encountered if any permission checks fail. If the
3723 * caller provides a non-NULL errlist, it also gives the complete list of names
3724 * of all the properties that failed a permission check along with the
3725 * corresponding error numbers. The caller is responsible for freeing the
3726 * returned errlist.
3727 *
3728 * If every property checks out successfully, zero is returned and the list
3729 * pointed at by errlist is NULL.
3730 */
3731 static int
3732 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3733 {
3734 zfs_cmd_t *zc;
3735 nvpair_t *pair, *next_pair;
3736 nvlist_t *errors;
3737 int err, rv = 0;
3738
3739 if (props == NULL)
3740 return (0);
3741
3742 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3743
3744 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3745 (void) strcpy(zc->zc_name, dataset);
3746 pair = nvlist_next_nvpair(props, NULL);
3747 while (pair != NULL) {
3748 next_pair = nvlist_next_nvpair(props, pair);
3749
3750 (void) strcpy(zc->zc_value, nvpair_name(pair));
3751 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3752 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3753 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3754 VERIFY(nvlist_add_int32(errors,
3755 zc->zc_value, err) == 0);
3756 }
3757 pair = next_pair;
3758 }
3759 kmem_free(zc, sizeof (zfs_cmd_t));
3760
3761 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3762 nvlist_free(errors);
3763 errors = NULL;
3764 } else {
3765 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3766 }
3767
3768 if (errlist == NULL)
3769 nvlist_free(errors);
3770 else
3771 *errlist = errors;
3772
3773 return (rv);
3774 }
3775
3776 static boolean_t
3777 propval_equals(nvpair_t *p1, nvpair_t *p2)
3778 {
3779 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3780 /* dsl_prop_get_all_impl() format */
3781 nvlist_t *attrs;
3782 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3783 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3784 &p1) == 0);
3785 }
3786
3787 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3788 nvlist_t *attrs;
3789 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3790 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3791 &p2) == 0);
3792 }
3793
3794 if (nvpair_type(p1) != nvpair_type(p2))
3795 return (B_FALSE);
3796
3797 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3798 char *valstr1, *valstr2;
3799
3800 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3801 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3802 return (strcmp(valstr1, valstr2) == 0);
3803 } else {
3804 uint64_t intval1, intval2;
3805
3806 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3807 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3808 return (intval1 == intval2);
3809 }
3810 }
3811
3812 /*
3813 * Remove properties from props if they are not going to change (as determined
3814 * by comparison with origprops). Remove them from origprops as well, since we
3815 * do not need to clear or restore properties that won't change.
3816 */
3817 static void
3818 props_reduce(nvlist_t *props, nvlist_t *origprops)
3819 {
3820 nvpair_t *pair, *next_pair;
3821
3822 if (origprops == NULL)
3823 return; /* all props need to be received */
3824
3825 pair = nvlist_next_nvpair(props, NULL);
3826 while (pair != NULL) {
3827 const char *propname = nvpair_name(pair);
3828 nvpair_t *match;
3829
3830 next_pair = nvlist_next_nvpair(props, pair);
3831
3832 if ((nvlist_lookup_nvpair(origprops, propname,
3833 &match) != 0) || !propval_equals(pair, match))
3834 goto next; /* need to set received value */
3835
3836 /* don't clear the existing received value */
3837 (void) nvlist_remove_nvpair(origprops, match);
3838 /* don't bother receiving the property */
3839 (void) nvlist_remove_nvpair(props, pair);
3840 next:
3841 pair = next_pair;
3842 }
3843 }
3844
3845 #ifdef DEBUG
3846 static boolean_t zfs_ioc_recv_inject_err;
3847 #endif
3848
3849 /*
3850 * inputs:
3851 * zc_name name of containing filesystem
3852 * zc_nvlist_src{_size} nvlist of properties to apply
3853 * zc_value name of snapshot to create
3854 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3855 * zc_cookie file descriptor to recv from
3856 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3857 * zc_guid force flag
3858 * zc_cleanup_fd cleanup-on-exit file descriptor
3859 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3860 *
3861 * outputs:
3862 * zc_cookie number of bytes read
3863 * zc_nvlist_dst{_size} error for each unapplied received property
3864 * zc_obj zprop_errflags_t
3865 * zc_action_handle handle for this guid/ds mapping
3866 */
3867 static int
3868 zfs_ioc_recv(zfs_cmd_t *zc)
3869 {
3870 file_t *fp;
3871 objset_t *os;
3872 dmu_recv_cookie_t drc;
3873 boolean_t force = (boolean_t)zc->zc_guid;
3874 int fd;
3875 int error = 0;
3876 int props_error = 0;
3877 nvlist_t *errors;
3878 offset_t off;
3879 nvlist_t *props = NULL; /* sent properties */
3880 nvlist_t *origprops = NULL; /* existing properties */
3881 objset_t *origin = NULL;
3882 char *tosnap;
3883 char tofs[ZFS_MAXNAMELEN];
3884 boolean_t first_recvd_props = B_FALSE;
3885
3886 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3887 strchr(zc->zc_value, '@') == NULL ||
3888 strchr(zc->zc_value, '%'))
3889 return (EINVAL);
3890
3891 (void) strcpy(tofs, zc->zc_value);
3892 tosnap = strchr(tofs, '@');
3893 *tosnap++ = '\0';
3894
3895 if (zc->zc_nvlist_src != NULL &&
3896 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3897 zc->zc_iflags, &props)) != 0)
3898 return (error);
3899
3900 fd = zc->zc_cookie;
3901 fp = getf(fd);
3902 if (fp == NULL) {
3903 nvlist_free(props);
3904 return (EBADF);
3905 }
3906
3907 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3908
3909 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3910 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3911 !dsl_prop_get_hasrecvd(os)) {
3912 first_recvd_props = B_TRUE;
3913 }
3914
3915 /*
3916 * If new received properties are supplied, they are to
3917 * completely replace the existing received properties, so stash
3918 * away the existing ones.
3919 */
3920 if (dsl_prop_get_received(os, &origprops) == 0) {
3921 nvlist_t *errlist = NULL;
3922 /*
3923 * Don't bother writing a property if its value won't
3924 * change (and avoid the unnecessary security checks).
3925 *
3926 * The first receive after SPA_VERSION_RECVD_PROPS is a
3927 * special case where we blow away all local properties
3928 * regardless.
3929 */
3930 if (!first_recvd_props)
3931 props_reduce(props, origprops);
3932 if (zfs_check_clearable(tofs, origprops,
3933 &errlist) != 0)
3934 (void) nvlist_merge(errors, errlist, 0);
3935 nvlist_free(errlist);
3936 }
3937
3938 dmu_objset_rele(os, FTAG);
3939 }
3940
3941 if (zc->zc_string[0]) {
3942 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3943 if (error)
3944 goto out;
3945 }
3946
3947 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3948 &zc->zc_begin_record, force, origin, &drc);
3949 if (origin)
3950 dmu_objset_rele(origin, FTAG);
3951 if (error)
3952 goto out;
3953
3954 /*
3955 * Set properties before we receive the stream so that they are applied
3956 * to the new data. Note that we must call dmu_recv_stream() if
3957 * dmu_recv_begin() succeeds.
3958 */
3959 if (props) {
3960 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3961 if (drc.drc_newfs) {
3962 if (spa_version(os->os_spa) >=
3963 SPA_VERSION_RECVD_PROPS)
3964 first_recvd_props = B_TRUE;
3965 } else if (origprops != NULL) {
3966 if (clear_received_props(os, tofs, origprops,
3967 first_recvd_props ? NULL : props) != 0)
3968 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3969 } else {
3970 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3971 }
3972 dsl_prop_set_hasrecvd(os);
3973 } else if (!drc.drc_newfs) {
3974 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3975 }
3976
3977 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3978 props, errors);
3979 }
3980
3981 if (zc->zc_nvlist_dst_size != 0 &&
3982 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3983 put_nvlist(zc, errors) != 0)) {
3984 /*
3985 * Caller made zc->zc_nvlist_dst less than the minimum expected
3986 * size or supplied an invalid address.
3987 */
3988 props_error = EINVAL;
3989 }
3990
3991 off = fp->f_offset;
3992 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3993 &zc->zc_action_handle);
3994
3995 if (error == 0) {
3996 zfsvfs_t *zfsvfs = NULL;
3997
3998 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3999 /* online recv */
4000 int end_err;
4001
4002 error = zfs_suspend_fs(zfsvfs);
4003 /*
4004 * If the suspend fails, then the recv_end will
4005 * likely also fail, and clean up after itself.
4006 */
4007 end_err = dmu_recv_end(&drc);
4008 if (error == 0)
4009 error = zfs_resume_fs(zfsvfs, tofs);
4010 error = error ? error : end_err;
4011 VFS_RELE(zfsvfs->z_vfs);
4012 } else {
4013 error = dmu_recv_end(&drc);
4014 }
4015 }
4016
4017 zc->zc_cookie = off - fp->f_offset;
4018 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4019 fp->f_offset = off;
4020
4021 #ifdef DEBUG
4022 if (zfs_ioc_recv_inject_err) {
4023 zfs_ioc_recv_inject_err = B_FALSE;
4024 error = 1;
4025 }
4026 #endif
4027 /*
4028 * On error, restore the original props.
4029 */
4030 if (error && props) {
4031 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
4032 if (clear_received_props(os, tofs, props, NULL) != 0) {
4033 /*
4034 * We failed to clear the received properties.
4035 * Since we may have left a $recvd value on the
4036 * system, we can't clear the $hasrecvd flag.
4037 */
4038 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4039 } else if (first_recvd_props) {
4040 dsl_prop_unset_hasrecvd(os);
4041 }
4042 dmu_objset_rele(os, FTAG);
4043 } else if (!drc.drc_newfs) {
4044 /* We failed to clear the received properties. */
4045 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4046 }
4047
4048 if (origprops == NULL && !drc.drc_newfs) {
4049 /* We failed to stash the original properties. */
4050 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4051 }
4052
4053 /*
4054 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4055 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4056 * explictly if we're restoring local properties cleared in the
4057 * first new-style receive.
4058 */
4059 if (origprops != NULL &&
4060 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4061 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4062 origprops, NULL) != 0) {
4063 /*
4064 * We stashed the original properties but failed to
4065 * restore them.
4066 */
4067 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4068 }
4069 }
4070 out:
4071 nvlist_free(props);
4072 nvlist_free(origprops);
4073 nvlist_free(errors);
4074 releasef(fd);
4075
4076 if (error == 0)
4077 error = props_error;
4078
4079 return (error);
4080 }
4081
4082 /*
4083 * inputs:
4084 * zc_name name of snapshot to send
4085 * zc_cookie file descriptor to send stream to
4086 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4087 * zc_sendobj objsetid of snapshot to send
4088 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4089 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4090 * output size in zc_objset_type.
4091 *
4092 * outputs: none
4093 */
4094 static int
4095 zfs_ioc_send(zfs_cmd_t *zc)
4096 {
4097 objset_t *fromsnap = NULL;
4098 objset_t *tosnap;
4099 int error;
4100 offset_t off;
4101 dsl_dataset_t *ds;
4102 dsl_dataset_t *dsfrom = NULL;
4103 spa_t *spa;
4104 dsl_pool_t *dp;
4105 boolean_t estimate = (zc->zc_guid != 0);
4106
4107 error = spa_open(zc->zc_name, &spa, FTAG);
4108 if (error)
4109 return (error);
4110
4111 dp = spa_get_dsl(spa);
4112 rw_enter(&dp->dp_config_rwlock, RW_READER);
4113 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4114 rw_exit(&dp->dp_config_rwlock);
4115 spa_close(spa, FTAG);
4116 if (error)
4117 return (error);
4118
4119 error = dmu_objset_from_ds(ds, &tosnap);
4120 if (error) {
4121 dsl_dataset_rele(ds, FTAG);
4122 return (error);
4123 }
4124
4125 if (zc->zc_fromobj != 0) {
4126 rw_enter(&dp->dp_config_rwlock, RW_READER);
4127 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4128 rw_exit(&dp->dp_config_rwlock);
4129 if (error) {
4130 dsl_dataset_rele(ds, FTAG);
4131 return (error);
4132 }
4133 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4134 if (error) {
4135 dsl_dataset_rele(dsfrom, FTAG);
4136 dsl_dataset_rele(ds, FTAG);
4137 return (error);
4138 }
4139 }
4140
4141 if (zc->zc_obj) {
4142 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4143
4144 if (fromsnap != NULL) {
4145 dsl_dataset_rele(dsfrom, FTAG);
4146 dsl_dataset_rele(ds, FTAG);
4147 return (EINVAL);
4148 }
4149
4150 if (dsl_dir_is_clone(ds->ds_dir)) {
4151 rw_enter(&dp->dp_config_rwlock, RW_READER);
4152 error = dsl_dataset_hold_obj(dp,
4153 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4154 rw_exit(&dp->dp_config_rwlock);
4155 if (error) {
4156 dsl_dataset_rele(ds, FTAG);
4157 return (error);
4158 }
4159 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4160 if (error) {
4161 dsl_dataset_rele(dsfrom, FTAG);
4162 dsl_dataset_rele(ds, FTAG);
4163 return (error);
4164 }
4165 }
4166 }
4167
4168 if (estimate) {
4169 error = dmu_send_estimate(tosnap, fromsnap,
4170 &zc->zc_objset_type);
4171 } else {
4172 file_t *fp = getf(zc->zc_cookie);
4173 if (fp == NULL) {
4174 dsl_dataset_rele(ds, FTAG);
4175 if (dsfrom)
4176 dsl_dataset_rele(dsfrom, FTAG);
4177 return (EBADF);
4178 }
4179
4180 off = fp->f_offset;
4181 error = dmu_send(tosnap, fromsnap,
4182 zc->zc_cookie, fp->f_vnode, &off);
4183
4184 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4185 fp->f_offset = off;
4186 releasef(zc->zc_cookie);
4187 }
4188 if (dsfrom)
4189 dsl_dataset_rele(dsfrom, FTAG);
4190 dsl_dataset_rele(ds, FTAG);
4191 return (error);
4192 }
4193
4194 /*
4195 * inputs:
4196 * zc_name name of snapshot on which to report progress
4197 * zc_cookie file descriptor of send stream
4198 *
4199 * outputs:
4200 * zc_cookie number of bytes written in send stream thus far
4201 */
4202 static int
4203 zfs_ioc_send_progress(zfs_cmd_t *zc)
4204 {
4205 dsl_dataset_t *ds;
4206 dmu_sendarg_t *dsp = NULL;
4207 int error;
4208
4209 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4210 return (error);
4211
4212 mutex_enter(&ds->ds_sendstream_lock);
4213
4214 /*
4215 * Iterate over all the send streams currently active on this dataset.
4216 * If there's one which matches the specified file descriptor _and_ the
4217 * stream was started by the current process, return the progress of
4218 * that stream.
4219 */
4220 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4221 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4222 if (dsp->dsa_outfd == zc->zc_cookie &&
4223 dsp->dsa_proc == curproc)
4224 break;
4225 }
4226
4227 if (dsp != NULL)
4228 zc->zc_cookie = *(dsp->dsa_off);
4229 else
4230 error = ENOENT;
4231
4232 mutex_exit(&ds->ds_sendstream_lock);
4233 dsl_dataset_rele(ds, FTAG);
4234 return (error);
4235 }
4236
4237 static int
4238 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4239 {
4240 int id, error;
4241
4242 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4243 &zc->zc_inject_record);
4244
4245 if (error == 0)
4246 zc->zc_guid = (uint64_t)id;
4247
4248 return (error);
4249 }
4250
4251 static int
4252 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4253 {
4254 return (zio_clear_fault((int)zc->zc_guid));
4255 }
4256
4257 static int
4258 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4259 {
4260 int id = (int)zc->zc_guid;
4261 int error;
4262
4263 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4264 &zc->zc_inject_record);
4265
4266 zc->zc_guid = id;
4267
4268 return (error);
4269 }
4270
4271 static int
4272 zfs_ioc_error_log(zfs_cmd_t *zc)
4273 {
4274 spa_t *spa;
4275 int error;
4276 size_t count = (size_t)zc->zc_nvlist_dst_size;
4277
4278 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4279 return (error);
4280
4281 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4282 &count);
4283 if (error == 0)
4284 zc->zc_nvlist_dst_size = count;
4285 else
4286 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4287
4288 spa_close(spa, FTAG);
4289
4290 return (error);
4291 }
4292
4293 static int
4294 zfs_ioc_clear(zfs_cmd_t *zc)
4295 {
4296 spa_t *spa;
4297 vdev_t *vd;
4298 int error;
4299
4300 /*
4301 * On zpool clear we also fix up missing slogs
4302 */
4303 mutex_enter(&spa_namespace_lock);
4304 spa = spa_lookup(zc->zc_name);
4305 if (spa == NULL) {
4306 mutex_exit(&spa_namespace_lock);
4307 return (EIO);
4308 }
4309 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4310 /* we need to let spa_open/spa_load clear the chains */
4311 spa_set_log_state(spa, SPA_LOG_CLEAR);
4312 }
4313 spa->spa_last_open_failed = 0;
4314 mutex_exit(&spa_namespace_lock);
4315
4316 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4317 error = spa_open(zc->zc_name, &spa, FTAG);
4318 } else {
4319 nvlist_t *policy;
4320 nvlist_t *config = NULL;
4321
4322 if (zc->zc_nvlist_src == NULL)
4323 return (EINVAL);
4324
4325 if ((error = get_nvlist(zc->zc_nvlist_src,
4326 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4327 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4328 policy, &config);
4329 if (config != NULL) {
4330 int err;
4331
4332 if ((err = put_nvlist(zc, config)) != 0)
4333 error = err;
4334 nvlist_free(config);
4335 }
4336 nvlist_free(policy);
4337 }
4338 }
4339
4340 if (error)
4341 return (error);
4342
4343 spa_vdev_state_enter(spa, SCL_NONE);
4344
4345 if (zc->zc_guid == 0) {
4346 vd = NULL;
4347 } else {
4348 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4349 if (vd == NULL) {
4350 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4351 spa_close(spa, FTAG);
4352 return (ENODEV);
4353 }
4354 }
4355
4356 vdev_clear(spa, vd);
4357
4358 (void) spa_vdev_state_exit(spa, NULL, 0);
4359
4360 /*
4361 * Resume any suspended I/Os.
4362 */
4363 if (zio_resume(spa) != 0)
4364 error = EIO;
4365
4366 spa_close(spa, FTAG);
4367
4368 return (error);
4369 }
4370
4371 static int
4372 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4373 {
4374 spa_t *spa;
4375 int error;
4376
4377 error = spa_open(zc->zc_name, &spa, FTAG);
4378 if (error)
4379 return (error);
4380
4381 spa_vdev_state_enter(spa, SCL_NONE);
4382
4383 /*
4384 * If a resilver is already in progress then set the
4385 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4386 * the scan as a side effect of the reopen. Otherwise, let
4387 * vdev_open() decided if a resilver is required.
4388 */
4389 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4390 vdev_reopen(spa->spa_root_vdev);
4391 spa->spa_scrub_reopen = B_FALSE;
4392
4393 (void) spa_vdev_state_exit(spa, NULL, 0);
4394 spa_close(spa, FTAG);
4395 return (0);
4396 }
4397 /*
4398 * inputs:
4399 * zc_name name of filesystem
4400 * zc_value name of origin snapshot
4401 *
4402 * outputs:
4403 * zc_string name of conflicting snapshot, if there is one
4404 */
4405 static int
4406 zfs_ioc_promote(zfs_cmd_t *zc)
4407 {
4408 char *cp;
4409
4410 /*
4411 * We don't need to unmount *all* the origin fs's snapshots, but
4412 * it's easier.
4413 */
4414 cp = strchr(zc->zc_value, '@');
4415 if (cp)
4416 *cp = '\0';
4417 (void) dmu_objset_find(zc->zc_value,
4418 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4419 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4420 }
4421
4422 /*
4423 * Retrieve a single {user|group}{used|quota}@... property.
4424 *
4425 * inputs:
4426 * zc_name name of filesystem
4427 * zc_objset_type zfs_userquota_prop_t
4428 * zc_value domain name (eg. "S-1-234-567-89")
4429 * zc_guid RID/UID/GID
4430 *
4431 * outputs:
4432 * zc_cookie property value
4433 */
4434 static int
4435 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4436 {
4437 zfsvfs_t *zfsvfs;
4438 int error;
4439
4440 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4441 return (EINVAL);
4442
4443 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4444 if (error)
4445 return (error);
4446
4447 error = zfs_userspace_one(zfsvfs,
4448 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4449 zfsvfs_rele(zfsvfs, FTAG);
4450
4451 return (error);
4452 }
4453
4454 /*
4455 * inputs:
4456 * zc_name name of filesystem
4457 * zc_cookie zap cursor
4458 * zc_objset_type zfs_userquota_prop_t
4459 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4460 *
4461 * outputs:
4462 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4463 * zc_cookie zap cursor
4464 */
4465 static int
4466 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4467 {
4468 zfsvfs_t *zfsvfs;
4469 int bufsize = zc->zc_nvlist_dst_size;
4470
4471 if (bufsize <= 0)
4472 return (ENOMEM);
4473
4474 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4475 if (error)
4476 return (error);
4477
4478 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4479
4480 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4481 buf, &zc->zc_nvlist_dst_size);
4482
4483 if (error == 0) {
4484 error = xcopyout(buf,
4485 (void *)(uintptr_t)zc->zc_nvlist_dst,
4486 zc->zc_nvlist_dst_size);
4487 }
4488 kmem_free(buf, bufsize);
4489 zfsvfs_rele(zfsvfs, FTAG);
4490
4491 return (error);
4492 }
4493
4494 /*
4495 * inputs:
4496 * zc_name name of filesystem
4497 *
4498 * outputs:
4499 * none
4500 */
4501 static int
4502 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4503 {
4504 objset_t *os;
4505 int error = 0;
4506 zfsvfs_t *zfsvfs;
4507
4508 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4509 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4510 /*
4511 * If userused is not enabled, it may be because the
4512 * objset needs to be closed & reopened (to grow the
4513 * objset_phys_t). Suspend/resume the fs will do that.
4514 */
4515 error = zfs_suspend_fs(zfsvfs);
4516 if (error == 0)
4517 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4518 }
4519 if (error == 0)
4520 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4521 VFS_RELE(zfsvfs->z_vfs);
4522 } else {
4523 /* XXX kind of reading contents without owning */
4524 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4525 if (error)
4526 return (error);
4527
4528 error = dmu_objset_userspace_upgrade(os);
4529 dmu_objset_rele(os, FTAG);
4530 }
4531
4532 return (error);
4533 }
4534
4535 /*
4536 * We don't want to have a hard dependency
4537 * against some special symbols in sharefs
4538 * nfs, and smbsrv. Determine them if needed when
4539 * the first file system is shared.
4540 * Neither sharefs, nfs or smbsrv are unloadable modules.
4541 */
4542 int (*znfsexport_fs)(void *arg);
4543 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4544 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4545
4546 int zfs_nfsshare_inited;
4547 int zfs_smbshare_inited;
4548
4549 ddi_modhandle_t nfs_mod;
4550 ddi_modhandle_t sharefs_mod;
4551 ddi_modhandle_t smbsrv_mod;
4552 kmutex_t zfs_share_lock;
4553
4554 static int
4555 zfs_init_sharefs()
4556 {
4557 int error;
4558
4559 ASSERT(MUTEX_HELD(&zfs_share_lock));
4560 /* Both NFS and SMB shares also require sharetab support. */
4561 if (sharefs_mod == NULL && ((sharefs_mod =
4562 ddi_modopen("fs/sharefs",
4563 KRTLD_MODE_FIRST, &error)) == NULL)) {
4564 return (ENOSYS);
4565 }
4566 if (zshare_fs == NULL && ((zshare_fs =
4567 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4568 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4569 return (ENOSYS);
4570 }
4571 return (0);
4572 }
4573
4574 static int
4575 zfs_ioc_share(zfs_cmd_t *zc)
4576 {
4577 int error;
4578 int opcode;
4579
4580 switch (zc->zc_share.z_sharetype) {
4581 case ZFS_SHARE_NFS:
4582 case ZFS_UNSHARE_NFS:
4583 if (zfs_nfsshare_inited == 0) {
4584 mutex_enter(&zfs_share_lock);
4585 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4586 KRTLD_MODE_FIRST, &error)) == NULL)) {
4587 mutex_exit(&zfs_share_lock);
4588 return (ENOSYS);
4589 }
4590 if (znfsexport_fs == NULL &&
4591 ((znfsexport_fs = (int (*)(void *))
4592 ddi_modsym(nfs_mod,
4593 "nfs_export", &error)) == NULL)) {
4594 mutex_exit(&zfs_share_lock);
4595 return (ENOSYS);
4596 }
4597 error = zfs_init_sharefs();
4598 if (error) {
4599 mutex_exit(&zfs_share_lock);
4600 return (ENOSYS);
4601 }
4602 zfs_nfsshare_inited = 1;
4603 mutex_exit(&zfs_share_lock);
4604 }
4605 break;
4606 case ZFS_SHARE_SMB:
4607 case ZFS_UNSHARE_SMB:
4608 if (zfs_smbshare_inited == 0) {
4609 mutex_enter(&zfs_share_lock);
4610 if (smbsrv_mod == NULL && ((smbsrv_mod =
4611 ddi_modopen("drv/smbsrv",
4612 KRTLD_MODE_FIRST, &error)) == NULL)) {
4613 mutex_exit(&zfs_share_lock);
4614 return (ENOSYS);
4615 }
4616 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4617 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4618 "smb_server_share", &error)) == NULL)) {
4619 mutex_exit(&zfs_share_lock);
4620 return (ENOSYS);
4621 }
4622 error = zfs_init_sharefs();
4623 if (error) {
4624 mutex_exit(&zfs_share_lock);
4625 return (ENOSYS);
4626 }
4627 zfs_smbshare_inited = 1;
4628 mutex_exit(&zfs_share_lock);
4629 }
4630 break;
4631 default:
4632 return (EINVAL);
4633 }
4634
4635 switch (zc->zc_share.z_sharetype) {
4636 case ZFS_SHARE_NFS:
4637 case ZFS_UNSHARE_NFS:
4638 if (error =
4639 znfsexport_fs((void *)
4640 (uintptr_t)zc->zc_share.z_exportdata))
4641 return (error);
4642 break;
4643 case ZFS_SHARE_SMB:
4644 case ZFS_UNSHARE_SMB:
4645 if (error = zsmbexport_fs((void *)
4646 (uintptr_t)zc->zc_share.z_exportdata,
4647 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4648 B_TRUE: B_FALSE)) {
4649 return (error);
4650 }
4651 break;
4652 }
4653
4654 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4655 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4656 SHAREFS_ADD : SHAREFS_REMOVE;
4657
4658 /*
4659 * Add or remove share from sharetab
4660 */
4661 error = zshare_fs(opcode,
4662 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4663 zc->zc_share.z_sharemax);
4664
4665 return (error);
4666
4667 }
4668
4669 ace_t full_access[] = {
4670 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4671 };
4672
4673 /*
4674 * inputs:
4675 * zc_name name of containing filesystem
4676 * zc_obj object # beyond which we want next in-use object #
4677 *
4678 * outputs:
4679 * zc_obj next in-use object #
4680 */
4681 static int
4682 zfs_ioc_next_obj(zfs_cmd_t *zc)
4683 {
4684 objset_t *os = NULL;
4685 int error;
4686
4687 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4688 if (error)
4689 return (error);
4690
4691 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4692 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4693
4694 dmu_objset_rele(os, FTAG);
4695 return (error);
4696 }
4697
4698 /*
4699 * inputs:
4700 * zc_name name of filesystem
4701 * zc_value prefix name for snapshot
4702 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4703 *
4704 * outputs:
4705 * zc_value short name of new snapshot
4706 */
4707 static int
4708 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4709 {
4710 char *snap_name;
4711 int error;
4712
4713 snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4714 (u_longlong_t)ddi_get_lbolt64());
4715
4716 if (strlen(snap_name) >= MAXPATHLEN) {
4717 strfree(snap_name);
4718 return (E2BIG);
4719 }
4720
4721 error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4722 if (error != 0) {
4723 strfree(snap_name);
4724 return (error);
4725 }
4726
4727 (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4728 strfree(snap_name);
4729 return (0);
4730 }
4731
4732 /*
4733 * inputs:
4734 * zc_name name of "to" snapshot
4735 * zc_value name of "from" snapshot
4736 * zc_cookie file descriptor to write diff data on
4737 *
4738 * outputs:
4739 * dmu_diff_record_t's to the file descriptor
4740 */
4741 static int
4742 zfs_ioc_diff(zfs_cmd_t *zc)
4743 {
4744 objset_t *fromsnap;
4745 objset_t *tosnap;
4746 file_t *fp;
4747 offset_t off;
4748 int error;
4749
4750 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4751 if (error)
4752 return (error);
4753
4754 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4755 if (error) {
4756 dmu_objset_rele(tosnap, FTAG);
4757 return (error);
4758 }
4759
4760 fp = getf(zc->zc_cookie);
4761 if (fp == NULL) {
4762 dmu_objset_rele(fromsnap, FTAG);
4763 dmu_objset_rele(tosnap, FTAG);
4764 return (EBADF);
4765 }
4766
4767 off = fp->f_offset;
4768
4769 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4770
4771 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4772 fp->f_offset = off;
4773 releasef(zc->zc_cookie);
4774
4775 dmu_objset_rele(fromsnap, FTAG);
4776 dmu_objset_rele(tosnap, FTAG);
4777 return (error);
4778 }
4779
4780 /*
4781 * Remove all ACL files in shares dir
4782 */
4783 static int
4784 zfs_smb_acl_purge(znode_t *dzp)
4785 {
4786 zap_cursor_t zc;
4787 zap_attribute_t zap;
4788 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4789 int error;
4790
4791 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4792 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4793 zap_cursor_advance(&zc)) {
4794 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4795 NULL, 0)) != 0)
4796 break;
4797 }
4798 zap_cursor_fini(&zc);
4799 return (error);
4800 }
4801
4802 static int
4803 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4804 {
4805 vnode_t *vp;
4806 znode_t *dzp;
4807 vnode_t *resourcevp = NULL;
4808 znode_t *sharedir;
4809 zfsvfs_t *zfsvfs;
4810 nvlist_t *nvlist;
4811 char *src, *target;
4812 vattr_t vattr;
4813 vsecattr_t vsec;
4814 int error = 0;
4815
4816 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4817 NO_FOLLOW, NULL, &vp)) != 0)
4818 return (error);
4819
4820 /* Now make sure mntpnt and dataset are ZFS */
4821
4822 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4823 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4824 zc->zc_name) != 0)) {
4825 VN_RELE(vp);
4826 return (EINVAL);
4827 }
4828
4829 dzp = VTOZ(vp);
4830 zfsvfs = dzp->z_zfsvfs;
4831 ZFS_ENTER(zfsvfs);
4832
4833 /*
4834 * Create share dir if its missing.
4835 */
4836 mutex_enter(&zfsvfs->z_lock);
4837 if (zfsvfs->z_shares_dir == 0) {
4838 dmu_tx_t *tx;
4839
4840 tx = dmu_tx_create(zfsvfs->z_os);
4841 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4842 ZFS_SHARES_DIR);
4843 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4844 error = dmu_tx_assign(tx, TXG_WAIT);
4845 if (error) {
4846 dmu_tx_abort(tx);
4847 } else {
4848 error = zfs_create_share_dir(zfsvfs, tx);
4849 dmu_tx_commit(tx);
4850 }
4851 if (error) {
4852 mutex_exit(&zfsvfs->z_lock);
4853 VN_RELE(vp);
4854 ZFS_EXIT(zfsvfs);
4855 return (error);
4856 }
4857 }
4858 mutex_exit(&zfsvfs->z_lock);
4859
4860 ASSERT(zfsvfs->z_shares_dir);
4861 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4862 VN_RELE(vp);
4863 ZFS_EXIT(zfsvfs);
4864 return (error);
4865 }
4866
4867 switch (zc->zc_cookie) {
4868 case ZFS_SMB_ACL_ADD:
4869 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4870 vattr.va_type = VREG;
4871 vattr.va_mode = S_IFREG|0777;
4872 vattr.va_uid = 0;
4873 vattr.va_gid = 0;
4874
4875 vsec.vsa_mask = VSA_ACE;
4876 vsec.vsa_aclentp = &full_access;
4877 vsec.vsa_aclentsz = sizeof (full_access);
4878 vsec.vsa_aclcnt = 1;
4879
4880 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4881 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4882 if (resourcevp)
4883 VN_RELE(resourcevp);
4884 break;
4885
4886 case ZFS_SMB_ACL_REMOVE:
4887 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4888 NULL, 0);
4889 break;
4890
4891 case ZFS_SMB_ACL_RENAME:
4892 if ((error = get_nvlist(zc->zc_nvlist_src,
4893 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4894 VN_RELE(vp);
4895 ZFS_EXIT(zfsvfs);
4896 return (error);
4897 }
4898 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4899 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4900 &target)) {
4901 VN_RELE(vp);
4902 VN_RELE(ZTOV(sharedir));
4903 ZFS_EXIT(zfsvfs);
4904 nvlist_free(nvlist);
4905 return (error);
4906 }
4907 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4908 kcred, NULL, 0);
4909 nvlist_free(nvlist);
4910 break;
4911
4912 case ZFS_SMB_ACL_PURGE:
4913 error = zfs_smb_acl_purge(sharedir);
4914 break;
4915
4916 default:
4917 error = EINVAL;
4918 break;
4919 }
4920
4921 VN_RELE(vp);
4922 VN_RELE(ZTOV(sharedir));
4923
4924 ZFS_EXIT(zfsvfs);
4925
4926 return (error);
4927 }
4928
4929 /*
4930 * inputs:
4931 * zc_name name of filesystem
4932 * zc_value short name of snap
4933 * zc_string user-supplied tag for this hold
4934 * zc_cookie recursive flag
4935 * zc_temphold set if hold is temporary
4936 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4937 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4938 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4939 *
4940 * outputs: none
4941 */
4942 static int
4943 zfs_ioc_hold(zfs_cmd_t *zc)
4944 {
4945 boolean_t recursive = zc->zc_cookie;
4946 spa_t *spa;
4947 dsl_pool_t *dp;
4948 dsl_dataset_t *ds;
4949 int error;
4950 minor_t minor = 0;
4951
4952 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4953 return (EINVAL);
4954
4955 if (zc->zc_sendobj == 0) {
4956 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4957 zc->zc_string, recursive, zc->zc_temphold,
4958 zc->zc_cleanup_fd));
4959 }
4960
4961 if (recursive)
4962 return (EINVAL);
4963
4964 error = spa_open(zc->zc_name, &spa, FTAG);
4965 if (error)
4966 return (error);
4967
4968 dp = spa_get_dsl(spa);
4969 rw_enter(&dp->dp_config_rwlock, RW_READER);
4970 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4971 rw_exit(&dp->dp_config_rwlock);
4972 spa_close(spa, FTAG);
4973 if (error)
4974 return (error);
4975
4976 /*
4977 * Until we have a hold on this snapshot, it's possible that
4978 * zc_sendobj could've been destroyed and reused as part
4979 * of a later txg. Make sure we're looking at the right object.
4980 */
4981 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4982 dsl_dataset_rele(ds, FTAG);
4983 return (ENOENT);
4984 }
4985
4986 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4987 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4988 if (error) {
4989 dsl_dataset_rele(ds, FTAG);
4990 return (error);
4991 }
4992 }
4993
4994 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4995 zc->zc_temphold);
4996 if (minor != 0) {
4997 if (error == 0) {
4998 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4999 minor);
5000 }
5001 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
5002 }
5003 dsl_dataset_rele(ds, FTAG);
5004
5005 return (error);
5006 }
5007
5008 /*
5009 * inputs:
5010 * zc_name name of dataset from which we're releasing a user hold
5011 * zc_value short name of snap
5012 * zc_string user-supplied tag for this hold
5013 * zc_cookie recursive flag
5014 *
5015 * outputs: none
5016 */
5017 static int
5018 zfs_ioc_release(zfs_cmd_t *zc)
5019 {
5020 boolean_t recursive = zc->zc_cookie;
5021
5022 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
5023 return (EINVAL);
5024
5025 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
5026 zc->zc_string, recursive));
5027 }
5028
5029 /*
5030 * inputs:
5031 * zc_name name of filesystem
5032 *
5033 * outputs:
5034 * zc_nvlist_src{_size} nvlist of snapshot holds
5035 */
5036 static int
5037 zfs_ioc_get_holds(zfs_cmd_t *zc)
5038 {
5039 nvlist_t *nvp;
5040 int error;
5041
5042 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
5043 error = put_nvlist(zc, nvp);
5044 nvlist_free(nvp);
5045 }
5046
5047 return (error);
5048 }
5049
5050 /*
5051 * inputs:
5052 * zc_name name of new filesystem or snapshot
5053 * zc_value full name of old snapshot
5054 *
5055 * outputs:
5056 * zc_cookie space in bytes
5057 * zc_objset_type compressed space in bytes
5058 * zc_perm_action uncompressed space in bytes
5059 */
5060 static int
5061 zfs_ioc_space_written(zfs_cmd_t *zc)
5062 {
5063 int error;
5064 dsl_dataset_t *new, *old;
5065
5066 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5067 if (error != 0)
5068 return (error);
5069 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5070 if (error != 0) {
5071 dsl_dataset_rele(new, FTAG);
5072 return (error);
5073 }
5074
5075 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5076 &zc->zc_objset_type, &zc->zc_perm_action);
5077 dsl_dataset_rele(old, FTAG);
5078 dsl_dataset_rele(new, FTAG);
5079 return (error);
5080 }
5081 /*
5082 * innvl: {
5083 * "firstsnap" -> snapshot name
5084 * }
5085 *
5086 * outnvl: {
5087 * "used" -> space in bytes
5088 * "compressed" -> compressed space in bytes
5089 * "uncompressed" -> uncompressed space in bytes
5090 * }
5091 */
5092 static int
5093 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5094 {
5095 int error;
5096 dsl_dataset_t *new, *old;
5097 char *firstsnap;
5098 uint64_t used, comp, uncomp;
5099
5100 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5101 return (EINVAL);
5102
5103 error = dsl_dataset_hold(lastsnap, FTAG, &new);
5104 if (error != 0)
5105 return (error);
5106 error = dsl_dataset_hold(firstsnap, FTAG, &old);
5107 if (error != 0) {
5108 dsl_dataset_rele(new, FTAG);
5109 return (error);
5110 }
5111
5112 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5113 dsl_dataset_rele(old, FTAG);
5114 dsl_dataset_rele(new, FTAG);
5115 fnvlist_add_uint64(outnvl, "used", used);
5116 fnvlist_add_uint64(outnvl, "compressed", comp);
5117 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5118 return (error);
5119 }
5120
5121 /*
5122 * innvl: {
5123 * "fd" -> file descriptor to write stream to (int32)
5124 * (optional) "fromsnap" -> full snap name to send an incremental from
5125 * }
5126 *
5127 * outnvl is unused
5128 */
5129 /* ARGSUSED */
5130 static int
5131 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5132 {
5133 objset_t *fromsnap = NULL;
5134 objset_t *tosnap;
5135 int error;
5136 offset_t off;
5137 char *fromname;
5138 int fd;
5139
5140 error = nvlist_lookup_int32(innvl, "fd", &fd);
5141 if (error != 0)
5142 return (EINVAL);
5143
5144 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5145 if (error)
5146 return (error);
5147
5148 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5149 if (error == 0) {
5150 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5151 if (error) {
5152 dmu_objset_rele(tosnap, FTAG);
5153 return (error);
5154 }
5155 }
5156
5157 file_t *fp = getf(fd);
5158 if (fp == NULL) {
5159 dmu_objset_rele(tosnap, FTAG);
5160 if (fromsnap != NULL)
5161 dmu_objset_rele(fromsnap, FTAG);
5162 return (EBADF);
5163 }
5164
5165 off = fp->f_offset;
5166 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5167
5168 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5169 fp->f_offset = off;
5170 releasef(fd);
5171 if (fromsnap != NULL)
5172 dmu_objset_rele(fromsnap, FTAG);
5173 dmu_objset_rele(tosnap, FTAG);
5174 return (error);
5175 }
5176
5177 /*
5178 * Determine approximately how large a zfs send stream will be -- the number
5179 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5180 *
5181 * innvl: {
5182 * (optional) "fromsnap" -> full snap name to send an incremental from
5183 * }
5184 *
5185 * outnvl: {
5186 * "space" -> bytes of space (uint64)
5187 * }
5188 */
5189 static int
5190 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5191 {
5192 objset_t *fromsnap = NULL;
5193 objset_t *tosnap;
5194 int error;
5195 char *fromname;
5196 uint64_t space;
5197
5198 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5199 if (error)
5200 return (error);
5201
5202 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5203 if (error == 0) {
5204 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5205 if (error) {
5206 dmu_objset_rele(tosnap, FTAG);
5207 return (error);
5208 }
5209 }
5210
5211 error = dmu_send_estimate(tosnap, fromsnap, &space);
5212 fnvlist_add_uint64(outnvl, "space", space);
5213
5214 if (fromsnap != NULL)
5215 dmu_objset_rele(fromsnap, FTAG);
5216 dmu_objset_rele(tosnap, FTAG);
5217 return (error);
5218 }
5219
5220
5221 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5222
5223 static void
5224 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5225 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5226 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5227 {
5228 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5229
5230 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5231 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5232 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5233 ASSERT3P(vec->zvec_func, ==, NULL);
5234
5235 vec->zvec_legacy_func = func;
5236 vec->zvec_secpolicy = secpolicy;
5237 vec->zvec_namecheck = namecheck;
5238 vec->zvec_allow_log = log_history;
5239 vec->zvec_pool_check = pool_check;
5240 }
5241
5242 /*
5243 * See the block comment at the beginning of this file for details on
5244 * each argument to this function.
5245 */
5246 static void
5247 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5248 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5249 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5250 boolean_t allow_log)
5251 {
5252 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5253
5254 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5255 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5256 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5257 ASSERT3P(vec->zvec_func, ==, NULL);
5258
5259 /* if we are logging, the name must be valid */
5260 ASSERT(!allow_log || namecheck != NO_NAME);
5261
5262 vec->zvec_name = name;
5263 vec->zvec_func = func;
5264 vec->zvec_secpolicy = secpolicy;
5265 vec->zvec_namecheck = namecheck;
5266 vec->zvec_pool_check = pool_check;
5267 vec->zvec_smush_outnvlist = smush_outnvlist;
5268 vec->zvec_allow_log = allow_log;
5269 }
5270
5271 static void
5272 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5273 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5274 zfs_ioc_poolcheck_t pool_check)
5275 {
5276 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5277 POOL_NAME, log_history, pool_check);
5278 }
5279
5280 static void
5281 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5282 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5283 {
5284 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5285 DATASET_NAME, B_FALSE, pool_check);
5286 }
5287
5288 static void
5289 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5290 {
5291 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5292 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5293 }
5294
5295 static void
5296 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5297 zfs_secpolicy_func_t *secpolicy)
5298 {
5299 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5300 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5301 }
5302
5303 static void
5304 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5305 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5306 {
5307 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5308 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5309 }
5310
5311 static void
5312 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5313 {
5314 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5315 zfs_secpolicy_read);
5316 }
5317
5318 static void
5319 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5320 zfs_secpolicy_func_t *secpolicy)
5321 {
5322 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5323 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5324 }
5325
5326 static void
5327 zfs_ioctl_init(void)
5328 {
5329 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5330 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5331 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5332
5333 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5334 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5335 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5336
5337 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5338 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5339 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5340
5341 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5342 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5343 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5344
5345 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5346 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5347 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5348
5349 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5350 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5351 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5352
5353 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5354 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5355 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5356
5357 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5358 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5359 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5360
5361 /* IOCTLS that use the legacy function signature */
5362
5363 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5364 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5365
5366 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5367 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5368 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5369 zfs_ioc_pool_scan);
5370 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5371 zfs_ioc_pool_upgrade);
5372 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5373 zfs_ioc_vdev_add);
5374 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5375 zfs_ioc_vdev_remove);
5376 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5377 zfs_ioc_vdev_set_state);
5378 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5379 zfs_ioc_vdev_attach);
5380 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5381 zfs_ioc_vdev_detach);
5382 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5383 zfs_ioc_vdev_setpath);
5384 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5385 zfs_ioc_vdev_setfru);
5386 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5387 zfs_ioc_pool_set_props);
5388 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5389 zfs_ioc_vdev_split);
5390 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5391 zfs_ioc_pool_reguid);
5392
5393 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5394 zfs_ioc_pool_configs, zfs_secpolicy_none);
5395 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5396 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5397 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5398 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5399 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5400 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5401 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5402 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5403
5404 /*
5405 * pool destroy, and export don't log the history as part of
5406 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5407 * does the logging of those commands.
5408 */
5409 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5410 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5411 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5412 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5413
5414 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5415 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5416 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5417 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5418
5419 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5420 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5421 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5422 zfs_ioc_dsobj_to_dsname,
5423 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5424 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5425 zfs_ioc_pool_get_history,
5426 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5427
5428 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5429 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5430
5431 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5432 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5433 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5434 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5435
5436 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5437 zfs_ioc_space_written);
5438 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5439 zfs_ioc_get_holds);
5440 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5441 zfs_ioc_objset_recvd_props);
5442 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5443 zfs_ioc_next_obj);
5444 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5445 zfs_ioc_get_fsacl);
5446 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5447 zfs_ioc_objset_stats);
5448 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5449 zfs_ioc_objset_zplprops);
5450 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5451 zfs_ioc_dataset_list_next);
5452 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5453 zfs_ioc_snapshot_list_next);
5454 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5455 zfs_ioc_send_progress);
5456
5457 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5458 zfs_ioc_diff, zfs_secpolicy_diff);
5459 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5460 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5461 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5462 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5463 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5464 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5465 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5466 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5467 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5468 zfs_ioc_send, zfs_secpolicy_send);
5469
5470 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5471 zfs_secpolicy_none);
5472 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5473 zfs_secpolicy_destroy);
5474 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5475 zfs_secpolicy_rollback);
5476 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5477 zfs_secpolicy_rename);
5478 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5479 zfs_secpolicy_recv);
5480 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5481 zfs_secpolicy_promote);
5482 zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5483 zfs_secpolicy_hold);
5484 zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5485 zfs_secpolicy_release);
5486 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5487 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5488 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5489 zfs_secpolicy_set_fsacl);
5490
5491 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5492 zfs_secpolicy_share, POOL_CHECK_NONE);
5493 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5494 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5495 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5496 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5497 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5498 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5499 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5500 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5501 }
5502
5503 int
5504 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5505 zfs_ioc_poolcheck_t check)
5506 {
5507 spa_t *spa;
5508 int error;
5509
5510 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5511
5512 if (check & POOL_CHECK_NONE)
5513 return (0);
5514
5515 error = spa_open(name, &spa, FTAG);
5516 if (error == 0) {
5517 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5518 error = EAGAIN;
5519 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5520 error = EROFS;
5521 spa_close(spa, FTAG);
5522 }
5523 return (error);
5524 }
5525
5526 /*
5527 * Find a free minor number.
5528 */
5529 minor_t
5530 zfsdev_minor_alloc(void)
5531 {
5532 static minor_t last_minor;
5533 minor_t m;
5534
5535 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5536
5537 for (m = last_minor + 1; m != last_minor; m++) {
5538 if (m > ZFSDEV_MAX_MINOR)
5539 m = 1;
5540 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5541 last_minor = m;
5542 return (m);
5543 }
5544 }
5545
5546 return (0);
5547 }
5548
5549 static int
5550 zfs_ctldev_init(dev_t *devp)
5551 {
5552 minor_t minor;
5553 zfs_soft_state_t *zs;
5554
5555 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5556 ASSERT(getminor(*devp) == 0);
5557
5558 minor = zfsdev_minor_alloc();
5559 if (minor == 0)
5560 return (ENXIO);
5561
5562 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5563 return (EAGAIN);
5564
5565 *devp = makedevice(getemajor(*devp), minor);
5566
5567 zs = ddi_get_soft_state(zfsdev_state, minor);
5568 zs->zss_type = ZSST_CTLDEV;
5569 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5570
5571 return (0);
5572 }
5573
5574 static void
5575 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5576 {
5577 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5578
5579 zfs_onexit_destroy(zo);
5580 ddi_soft_state_free(zfsdev_state, minor);
5581 }
5582
5583 void *
5584 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5585 {
5586 zfs_soft_state_t *zp;
5587
5588 zp = ddi_get_soft_state(zfsdev_state, minor);
5589 if (zp == NULL || zp->zss_type != which)
5590 return (NULL);
5591
5592 return (zp->zss_data);
5593 }
5594
5595 static int
5596 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5597 {
5598 int error = 0;
5599
5600 if (getminor(*devp) != 0)
5601 return (zvol_open(devp, flag, otyp, cr));
5602
5603 /* This is the control device. Allocate a new minor if requested. */
5604 if (flag & FEXCL) {
5605 mutex_enter(&zfsdev_state_lock);
5606 error = zfs_ctldev_init(devp);
5607 mutex_exit(&zfsdev_state_lock);
5608 }
5609
5610 return (error);
5611 }
5612
5613 static int
5614 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5615 {
5616 zfs_onexit_t *zo;
5617 minor_t minor = getminor(dev);
5618
5619 if (minor == 0)
5620 return (0);
5621
5622 mutex_enter(&zfsdev_state_lock);
5623 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5624 if (zo == NULL) {
5625 mutex_exit(&zfsdev_state_lock);
5626 return (zvol_close(dev, flag, otyp, cr));
5627 }
5628 zfs_ctldev_destroy(zo, minor);
5629 mutex_exit(&zfsdev_state_lock);
5630
5631 return (0);
5632 }
5633
5634 static int
5635 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5636 {
5637 zfs_cmd_t *zc;
5638 uint_t vecnum;
5639 int error, rc, len;
5640 minor_t minor = getminor(dev);
5641 const zfs_ioc_vec_t *vec;
5642 char *saved_poolname = NULL;
5643 nvlist_t *innvl = NULL;
5644
5645 if (minor != 0 &&
5646 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5647 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5648
5649 vecnum = cmd - ZFS_IOC_FIRST;
5650 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5651
5652 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5653 return (EINVAL);
5654 vec = &zfs_ioc_vec[vecnum];
5655
5656 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5657
5658 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5659 if (error != 0) {
5660 error = EFAULT;
5661 goto out;
5662 }
5663
5664 zc->zc_iflags = flag & FKIOCTL;
5665 if (zc->zc_nvlist_src_size != 0) {
5666 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5667 zc->zc_iflags, &innvl);
5668 if (error != 0)
5669 goto out;
5670 }
5671
5672 /*
5673 * Ensure that all pool/dataset names are valid before we pass down to
5674 * the lower layers.
5675 */
5676 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5677 switch (vec->zvec_namecheck) {
5678 case POOL_NAME:
5679 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5680 error = EINVAL;
5681 else
5682 error = pool_status_check(zc->zc_name,
5683 vec->zvec_namecheck, vec->zvec_pool_check);
5684 break;
5685
5686 case DATASET_NAME:
5687 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5688 error = EINVAL;
5689 else
5690 error = pool_status_check(zc->zc_name,
5691 vec->zvec_namecheck, vec->zvec_pool_check);
5692 break;
5693
5694 case NO_NAME:
5695 break;
5696 }
5697
5698
5699 if (error == 0 && !(flag & FKIOCTL))
5700 error = vec->zvec_secpolicy(zc, innvl, cr);
5701
5702 if (error != 0)
5703 goto out;
5704
5705 /* legacy ioctls can modify zc_name */
5706 len = strcspn(zc->zc_name, "/@") + 1;
5707 saved_poolname = kmem_alloc(len, KM_SLEEP);
5708 (void) strlcpy(saved_poolname, zc->zc_name, len);
5709
5710 if (vec->zvec_func != NULL) {
5711 nvlist_t *outnvl;
5712 int puterror = 0;
5713 spa_t *spa;
5714 nvlist_t *lognv = NULL;
5715
5716 ASSERT(vec->zvec_legacy_func == NULL);
5717
5718 /*
5719 * Add the innvl to the lognv before calling the func,
5720 * in case the func changes the innvl.
5721 */
5722 if (vec->zvec_allow_log) {
5723 lognv = fnvlist_alloc();
5724 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5725 vec->zvec_name);
5726 if (!nvlist_empty(innvl)) {
5727 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5728 innvl);
5729 }
5730 }
5731
5732 outnvl = fnvlist_alloc();
5733 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5734
5735 if (error == 0 && vec->zvec_allow_log &&
5736 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5737 if (!nvlist_empty(outnvl)) {
5738 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5739 outnvl);
5740 }
5741 (void) spa_history_log_nvl(spa, lognv);
5742 spa_close(spa, FTAG);
5743 }
5744 fnvlist_free(lognv);
5745
5746 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5747 int smusherror = 0;
5748 if (vec->zvec_smush_outnvlist) {
5749 smusherror = nvlist_smush(outnvl,
5750 zc->zc_nvlist_dst_size);
5751 }
5752 if (smusherror == 0)
5753 puterror = put_nvlist(zc, outnvl);
5754 }
5755
5756 if (puterror != 0)
5757 error = puterror;
5758
5759 nvlist_free(outnvl);
5760 } else {
5761 error = vec->zvec_legacy_func(zc);
5762 }
5763
5764 out:
5765 nvlist_free(innvl);
5766 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5767 if (error == 0 && rc != 0)
5768 error = EFAULT;
5769 if (error == 0 && vec->zvec_allow_log) {
5770 char *s = tsd_get(zfs_allow_log_key);
5771 if (s != NULL)
5772 strfree(s);
5773 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5774 } else {
5775 if (saved_poolname != NULL)
5776 strfree(saved_poolname);
5777 }
5778
5779 kmem_free(zc, sizeof (zfs_cmd_t));
5780 return (error);
5781 }
5782
5783 static int
5784 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5785 {
5786 if (cmd != DDI_ATTACH)
5787 return (DDI_FAILURE);
5788
5789 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5790 DDI_PSEUDO, 0) == DDI_FAILURE)
5791 return (DDI_FAILURE);
5792
5793 zfs_dip = dip;
5794
5795 ddi_report_dev(dip);
5796
5797 return (DDI_SUCCESS);
5798 }
5799
5800 static int
5801 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5802 {
5803 if (spa_busy() || zfs_busy() || zvol_busy())
5804 return (DDI_FAILURE);
5805
5806 if (cmd != DDI_DETACH)
5807 return (DDI_FAILURE);
5808
5809 zfs_dip = NULL;
5810
5811 ddi_prop_remove_all(dip);
5812 ddi_remove_minor_node(dip, NULL);
5813
5814 return (DDI_SUCCESS);
5815 }
5816
5817 /*ARGSUSED*/
5818 static int
5819 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5820 {
5821 switch (infocmd) {
5822 case DDI_INFO_DEVT2DEVINFO:
5823 *result = zfs_dip;
5824 return (DDI_SUCCESS);
5825
5826 case DDI_INFO_DEVT2INSTANCE:
5827 *result = (void *)0;
5828 return (DDI_SUCCESS);
5829 }
5830
5831 return (DDI_FAILURE);
5832 }
5833
5834 /*
5835 * OK, so this is a little weird.
5836 *
5837 * /dev/zfs is the control node, i.e. minor 0.
5838 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5839 *
5840 * /dev/zfs has basically nothing to do except serve up ioctls,
5841 * so most of the standard driver entry points are in zvol.c.
5842 */
5843 static struct cb_ops zfs_cb_ops = {
5844 zfsdev_open, /* open */
5845 zfsdev_close, /* close */
5846 zvol_strategy, /* strategy */
5847 nodev, /* print */
5848 zvol_dump, /* dump */
5849 zvol_read, /* read */
5850 zvol_write, /* write */
5851 zfsdev_ioctl, /* ioctl */
5852 nodev, /* devmap */
5853 nodev, /* mmap */
5854 nodev, /* segmap */
5855 nochpoll, /* poll */
5856 ddi_prop_op, /* prop_op */
5857 NULL, /* streamtab */
5858 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5859 CB_REV, /* version */
5860 nodev, /* async read */
5861 nodev, /* async write */
5862 };
5863
5864 static struct dev_ops zfs_dev_ops = {
5865 DEVO_REV, /* version */
5866 0, /* refcnt */
5867 zfs_info, /* info */
5868 nulldev, /* identify */
5869 nulldev, /* probe */
5870 zfs_attach, /* attach */
5871 zfs_detach, /* detach */
5872 nodev, /* reset */
5873 &zfs_cb_ops, /* driver operations */
5874 NULL, /* no bus operations */
5875 NULL, /* power */
5876 ddi_quiesce_not_needed, /* quiesce */
5877 };
5878
5879 static struct modldrv zfs_modldrv = {
5880 &mod_driverops,
5881 "ZFS storage pool",
5882 &zfs_dev_ops
5883 };
5884
5885 static struct modlinkage modlinkage = {
5886 MODREV_1,
5887 (void *)&zfs_modlfs,
5888 (void *)&zfs_modldrv,
5889 NULL
5890 };
5891
5892 static void
5893 zfs_allow_log_destroy(void *arg)
5894 {
5895 char *poolname = arg;
5896 strfree(poolname);
5897 }
5898
5899 int
5900 _init(void)
5901 {
5902 int error;
5903
5904 spa_init(FREAD | FWRITE);
5905 zfs_init();
5906 zvol_init();
5907 zfs_ioctl_init();
5908
5909 if ((error = mod_install(&modlinkage)) != 0) {
5910 zvol_fini();
5911 zfs_fini();
5912 spa_fini();
5913 return (error);
5914 }
5915
5916 tsd_create(&zfs_fsyncer_key, NULL);
5917 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5918 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5919
5920 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5921 ASSERT(error == 0);
5922 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5923
5924 return (0);
5925 }
5926
5927 int
5928 _fini(void)
5929 {
5930 int error;
5931
5932 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5933 return (EBUSY);
5934
5935 if ((error = mod_remove(&modlinkage)) != 0)
5936 return (error);
5937
5938 zvol_fini();
5939 zfs_fini();
5940 spa_fini();
5941 if (zfs_nfsshare_inited)
5942 (void) ddi_modclose(nfs_mod);
5943 if (zfs_smbshare_inited)
5944 (void) ddi_modclose(smbsrv_mod);
5945 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5946 (void) ddi_modclose(sharefs_mod);
5947
5948 tsd_destroy(&zfs_fsyncer_key);
5949 ldi_ident_release(zfs_li);
5950 zfs_li = NULL;
5951 mutex_destroy(&zfs_share_lock);
5952
5953 return (error);
5954 }
5955
5956 int
5957 _info(struct modinfo *modinfop)
5958 {
5959 return (mod_info(&modlinkage, modinfop));
5960 }