1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Portions Copyright 2011 Martin Matuska
  25  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  26  * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  27  * Copyright (c) 2012 by Delphix. All rights reserved.
  28  */
  29 
  30 /*
  31  * ZFS ioctls.
  32  *
  33  * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
  34  * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
  35  *
  36  * There are two ways that we handle ioctls: the legacy way where almost
  37  * all of the logic is in the ioctl callback, and the new way where most
  38  * of the marshalling is handled in the common entry point, zfsdev_ioctl().
  39  *
  40  * Non-legacy ioctls should be registered by calling
  41  * zfs_ioctl_register() from zfs_ioctl_init().  The ioctl is invoked
  42  * from userland by lzc_ioctl().
  43  *
  44  * The registration arguments are as follows:
  45  *
  46  * const char *name
  47  *   The name of the ioctl.  This is used for history logging.  If the
  48  *   ioctl returns successfully (the callback returns 0), and allow_log
  49  *   is true, then a history log entry will be recorded with the input &
  50  *   output nvlists.  The log entry can be printed with "zpool history -i".
  51  *
  52  * zfs_ioc_t ioc
  53  *   The ioctl request number, which userland will pass to ioctl(2).
  54  *   The ioctl numbers can change from release to release, because
  55  *   the caller (libzfs) must be matched to the kernel.
  56  *
  57  * zfs_secpolicy_func_t *secpolicy
  58  *   This function will be called before the zfs_ioc_func_t, to
  59  *   determine if this operation is permitted.  It should return EPERM
  60  *   on failure, and 0 on success.  Checks include determining if the
  61  *   dataset is visible in this zone, and if the user has either all
  62  *   zfs privileges in the zone (SYS_MOUNT), or has been granted permission
  63  *   to do this operation on this dataset with "zfs allow".
  64  *
  65  * zfs_ioc_namecheck_t namecheck
  66  *   This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
  67  *   name, a dataset name, or nothing.  If the name is not well-formed,
  68  *   the ioctl will fail and the callback will not be called.
  69  *   Therefore, the callback can assume that the name is well-formed
  70  *   (e.g. is null-terminated, doesn't have more than one '@' character,
  71  *   doesn't have invalid characters).
  72  *
  73  * zfs_ioc_poolcheck_t pool_check
  74  *   This specifies requirements on the pool state.  If the pool does
  75  *   not meet them (is suspended or is readonly), the ioctl will fail
  76  *   and the callback will not be called.  If any checks are specified
  77  *   (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
  78  *   Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
  79  *   POOL_CHECK_READONLY).
  80  *
  81  * boolean_t smush_outnvlist
  82  *   If smush_outnvlist is true, then the output is presumed to be a
  83  *   list of errors, and it will be "smushed" down to fit into the
  84  *   caller's buffer, by removing some entries and replacing them with a
  85  *   single "N_MORE_ERRORS" entry indicating how many were removed.  See
  86  *   nvlist_smush() for details.  If smush_outnvlist is false, and the
  87  *   outnvlist does not fit into the userland-provided buffer, then the
  88  *   ioctl will fail with ENOMEM.
  89  *
  90  * zfs_ioc_func_t *func
  91  *   The callback function that will perform the operation.
  92  *
  93  *   The callback should return 0 on success, or an error number on
  94  *   failure.  If the function fails, the userland ioctl will return -1,
  95  *   and errno will be set to the callback's return value.  The callback
  96  *   will be called with the following arguments:
  97  *
  98  *   const char *name
  99  *     The name of the pool or dataset to operate on, from
 100  *     zfs_cmd_t:zc_name.  The 'namecheck' argument specifies the
 101  *     expected type (pool, dataset, or none).
 102  *
 103  *   nvlist_t *innvl
 104  *     The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src.  Or
 105  *     NULL if no input nvlist was provided.  Changes to this nvlist are
 106  *     ignored.  If the input nvlist could not be deserialized, the
 107  *     ioctl will fail and the callback will not be called.
 108  *
 109  *   nvlist_t *outnvl
 110  *     The output nvlist, initially empty.  The callback can fill it in,
 111  *     and it will be returned to userland by serializing it into
 112  *     zfs_cmd_t:zc_nvlist_dst.  If it is non-empty, and serialization
 113  *     fails (e.g. because the caller didn't supply a large enough
 114  *     buffer), then the overall ioctl will fail.  See the
 115  *     'smush_nvlist' argument above for additional behaviors.
 116  *
 117  *     There are two typical uses of the output nvlist:
 118  *       - To return state, e.g. property values.  In this case,
 119  *         smush_outnvlist should be false.  If the buffer was not large
 120  *         enough, the caller will reallocate a larger buffer and try
 121  *         the ioctl again.
 122  *
 123  *       - To return multiple errors from an ioctl which makes on-disk
 124  *         changes.  In this case, smush_outnvlist should be true.
 125  *         Ioctls which make on-disk modifications should generally not
 126  *         use the outnvl if they succeed, because the caller can not
 127  *         distinguish between the operation failing, and
 128  *         deserialization failing.
 129  */
 130 
 131 #include <sys/types.h>
 132 #include <sys/param.h>
 133 #include <sys/errno.h>
 134 #include <sys/uio.h>
 135 #include <sys/buf.h>
 136 #include <sys/modctl.h>
 137 #include <sys/open.h>
 138 #include <sys/file.h>
 139 #include <sys/kmem.h>
 140 #include <sys/conf.h>
 141 #include <sys/cmn_err.h>
 142 #include <sys/stat.h>
 143 #include <sys/zfs_ioctl.h>
 144 #include <sys/zfs_vfsops.h>
 145 #include <sys/zfs_znode.h>
 146 #include <sys/zap.h>
 147 #include <sys/spa.h>
 148 #include <sys/spa_impl.h>
 149 #include <sys/vdev.h>
 150 #include <sys/priv_impl.h>
 151 #include <sys/dmu.h>
 152 #include <sys/dsl_dir.h>
 153 #include <sys/dsl_dataset.h>
 154 #include <sys/dsl_prop.h>
 155 #include <sys/dsl_deleg.h>
 156 #include <sys/dmu_objset.h>
 157 #include <sys/dmu_impl.h>
 158 #include <sys/ddi.h>
 159 #include <sys/sunddi.h>
 160 #include <sys/sunldi.h>
 161 #include <sys/policy.h>
 162 #include <sys/zone.h>
 163 #include <sys/nvpair.h>
 164 #include <sys/pathname.h>
 165 #include <sys/mount.h>
 166 #include <sys/sdt.h>
 167 #include <sys/fs/zfs.h>
 168 #include <sys/zfs_ctldir.h>
 169 #include <sys/zfs_dir.h>
 170 #include <sys/zfs_onexit.h>
 171 #include <sys/zvol.h>
 172 #include <sys/dsl_scan.h>
 173 #include <sharefs/share.h>
 174 #include <sys/dmu_objset.h>
 175 #include <sys/far.h>
 176 
 177 #include "zfs_namecheck.h"
 178 #include "zfs_prop.h"
 179 #include "zfs_deleg.h"
 180 #include "zfs_comutil.h"
 181 
 182 extern struct modlfs zfs_modlfs;
 183 
 184 extern void zfs_init(void);
 185 extern void zfs_fini(void);
 186 
 187 ldi_ident_t zfs_li = NULL;
 188 dev_info_t *zfs_dip;
 189 
 190 uint_t zfs_fsyncer_key;
 191 extern uint_t rrw_tsd_key;
 192 static uint_t zfs_allow_log_key;
 193 
 194 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
 195 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
 196 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
 197 
 198 typedef enum {
 199         NO_NAME,
 200         POOL_NAME,
 201         DATASET_NAME
 202 } zfs_ioc_namecheck_t;
 203 
 204 typedef enum {
 205         POOL_CHECK_NONE         = 1 << 0,
 206         POOL_CHECK_SUSPENDED    = 1 << 1,
 207         POOL_CHECK_READONLY     = 1 << 2,
 208 } zfs_ioc_poolcheck_t;
 209 
 210 typedef struct zfs_ioc_vec {
 211         zfs_ioc_legacy_func_t   *zvec_legacy_func;
 212         zfs_ioc_func_t          *zvec_func;
 213         zfs_secpolicy_func_t    *zvec_secpolicy;
 214         zfs_ioc_namecheck_t     zvec_namecheck;
 215         boolean_t               zvec_allow_log;
 216         zfs_ioc_poolcheck_t     zvec_pool_check;
 217         boolean_t               zvec_smush_outnvlist;
 218         const char              *zvec_name;
 219 } zfs_ioc_vec_t;
 220 
 221 /* This array is indexed by zfs_userquota_prop_t */
 222 static const char *userquota_perms[] = {
 223         ZFS_DELEG_PERM_USERUSED,
 224         ZFS_DELEG_PERM_USERQUOTA,
 225         ZFS_DELEG_PERM_GROUPUSED,
 226         ZFS_DELEG_PERM_GROUPQUOTA,
 227 };
 228 
 229 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
 230 static int zfs_check_settable(const char *name, nvpair_t *property,
 231     cred_t *cr);
 232 static int zfs_check_clearable(char *dataset, nvlist_t *props,
 233     nvlist_t **errors);
 234 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
 235     boolean_t *);
 236 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
 237 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
 238 
 239 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
 240 void
 241 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
 242 {
 243         const char *newfile;
 244         char buf[512];
 245         va_list adx;
 246 
 247         /*
 248          * Get rid of annoying "../common/" prefix to filename.
 249          */
 250         newfile = strrchr(file, '/');
 251         if (newfile != NULL) {
 252                 newfile = newfile + 1; /* Get rid of leading / */
 253         } else {
 254                 newfile = file;
 255         }
 256 
 257         va_start(adx, fmt);
 258         (void) vsnprintf(buf, sizeof (buf), fmt, adx);
 259         va_end(adx);
 260 
 261         /*
 262          * To get this data, use the zfs-dprintf probe as so:
 263          * dtrace -q -n 'zfs-dprintf \
 264          *      /stringof(arg0) == "dbuf.c"/ \
 265          *      {printf("%s: %s", stringof(arg1), stringof(arg3))}'
 266          * arg0 = file name
 267          * arg1 = function name
 268          * arg2 = line number
 269          * arg3 = message
 270          */
 271         DTRACE_PROBE4(zfs__dprintf,
 272             char *, newfile, char *, func, int, line, char *, buf);
 273 }
 274 
 275 static void
 276 history_str_free(char *buf)
 277 {
 278         kmem_free(buf, HIS_MAX_RECORD_LEN);
 279 }
 280 
 281 static char *
 282 history_str_get(zfs_cmd_t *zc)
 283 {
 284         char *buf;
 285 
 286         if (zc->zc_history == NULL)
 287                 return (NULL);
 288 
 289         buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
 290         if (copyinstr((void *)(uintptr_t)zc->zc_history,
 291             buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
 292                 history_str_free(buf);
 293                 return (NULL);
 294         }
 295 
 296         buf[HIS_MAX_RECORD_LEN -1] = '\0';
 297 
 298         return (buf);
 299 }
 300 
 301 /*
 302  * Check to see if the named dataset is currently defined as bootable
 303  */
 304 static boolean_t
 305 zfs_is_bootfs(const char *name)
 306 {
 307         objset_t *os;
 308 
 309         if (dmu_objset_hold(name, FTAG, &os) == 0) {
 310                 boolean_t ret;
 311                 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
 312                 dmu_objset_rele(os, FTAG);
 313                 return (ret);
 314         }
 315         return (B_FALSE);
 316 }
 317 
 318 /*
 319  * zfs_earlier_version
 320  *
 321  *      Return non-zero if the spa version is less than requested version.
 322  */
 323 static int
 324 zfs_earlier_version(const char *name, int version)
 325 {
 326         spa_t *spa;
 327 
 328         if (spa_open(name, &spa, FTAG) == 0) {
 329                 if (spa_version(spa) < version) {
 330                         spa_close(spa, FTAG);
 331                         return (1);
 332                 }
 333                 spa_close(spa, FTAG);
 334         }
 335         return (0);
 336 }
 337 
 338 /*
 339  * zpl_earlier_version
 340  *
 341  * Return TRUE if the ZPL version is less than requested version.
 342  */
 343 static boolean_t
 344 zpl_earlier_version(const char *name, int version)
 345 {
 346         objset_t *os;
 347         boolean_t rc = B_TRUE;
 348 
 349         if (dmu_objset_hold(name, FTAG, &os) == 0) {
 350                 uint64_t zplversion;
 351 
 352                 if (dmu_objset_type(os) != DMU_OST_ZFS) {
 353                         dmu_objset_rele(os, FTAG);
 354                         return (B_TRUE);
 355                 }
 356                 /* XXX reading from non-owned objset */
 357                 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
 358                         rc = zplversion < version;
 359                 dmu_objset_rele(os, FTAG);
 360         }
 361         return (rc);
 362 }
 363 
 364 static void
 365 zfs_log_history(zfs_cmd_t *zc)
 366 {
 367         spa_t *spa;
 368         char *buf;
 369 
 370         if ((buf = history_str_get(zc)) == NULL)
 371                 return;
 372 
 373         if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
 374                 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
 375                         (void) spa_history_log(spa, buf);
 376                 spa_close(spa, FTAG);
 377         }
 378         history_str_free(buf);
 379 }
 380 
 381 /*
 382  * Policy for top-level read operations (list pools).  Requires no privileges,
 383  * and can be used in the local zone, as there is no associated dataset.
 384  */
 385 /* ARGSUSED */
 386 static int
 387 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 388 {
 389         return (0);
 390 }
 391 
 392 /*
 393  * Policy for dataset read operations (list children, get statistics).  Requires
 394  * no privileges, but must be visible in the local zone.
 395  */
 396 /* ARGSUSED */
 397 static int
 398 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 399 {
 400         if (INGLOBALZONE(curproc) ||
 401             zone_dataset_visible(zc->zc_name, NULL))
 402                 return (0);
 403 
 404         return (ENOENT);
 405 }
 406 
 407 static int
 408 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
 409 {
 410         int writable = 1;
 411 
 412         /*
 413          * The dataset must be visible by this zone -- check this first
 414          * so they don't see EPERM on something they shouldn't know about.
 415          */
 416         if (!INGLOBALZONE(curproc) &&
 417             !zone_dataset_visible(dataset, &writable))
 418                 return (ENOENT);
 419 
 420         if (INGLOBALZONE(curproc)) {
 421                 /*
 422                  * If the fs is zoned, only root can access it from the
 423                  * global zone.
 424                  */
 425                 if (secpolicy_zfs(cr) && zoned)
 426                         return (EPERM);
 427         } else {
 428                 /*
 429                  * If we are in a local zone, the 'zoned' property must be set.
 430                  */
 431                 if (!zoned)
 432                         return (EPERM);
 433 
 434                 /* must be writable by this zone */
 435                 if (!writable)
 436                         return (EPERM);
 437         }
 438         return (0);
 439 }
 440 
 441 static int
 442 zfs_dozonecheck(const char *dataset, cred_t *cr)
 443 {
 444         uint64_t zoned;
 445 
 446         if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
 447                 return (ENOENT);
 448 
 449         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 450 }
 451 
 452 static int
 453 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
 454 {
 455         uint64_t zoned;
 456 
 457         rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
 458         if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
 459                 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 460                 return (ENOENT);
 461         }
 462         rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
 463 
 464         return (zfs_dozonecheck_impl(dataset, zoned, cr));
 465 }
 466 
 467 static int
 468 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
 469 {
 470         int error;
 471         dsl_dataset_t *ds;
 472 
 473         error = dsl_dataset_hold(name, FTAG, &ds);
 474         if (error != 0)
 475                 return (error);
 476 
 477         error = zfs_dozonecheck_ds(name, ds, cr);
 478         if (error == 0) {
 479                 error = secpolicy_zfs(cr);
 480                 if (error)
 481                         error = dsl_deleg_access_impl(ds, perm, cr);
 482         }
 483 
 484         dsl_dataset_rele(ds, FTAG);
 485         return (error);
 486 }
 487 
 488 static int
 489 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
 490     const char *perm, cred_t *cr)
 491 {
 492         int error;
 493 
 494         error = zfs_dozonecheck_ds(name, ds, cr);
 495         if (error == 0) {
 496                 error = secpolicy_zfs(cr);
 497                 if (error)
 498                         error = dsl_deleg_access_impl(ds, perm, cr);
 499         }
 500         return (error);
 501 }
 502 
 503 /*
 504  * Policy for setting the security label property.
 505  *
 506  * Returns 0 for success, non-zero for access and other errors.
 507  */
 508 static int
 509 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
 510 {
 511         char            ds_hexsl[MAXNAMELEN];
 512         bslabel_t       ds_sl, new_sl;
 513         boolean_t       new_default = FALSE;
 514         uint64_t        zoned;
 515         int             needed_priv = -1;
 516         int             error;
 517 
 518         /* First get the existing dataset label. */
 519         error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
 520             1, sizeof (ds_hexsl), &ds_hexsl, NULL);
 521         if (error)
 522                 return (EPERM);
 523 
 524         if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
 525                 new_default = TRUE;
 526 
 527         /* The label must be translatable */
 528         if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
 529                 return (EINVAL);
 530 
 531         /*
 532          * In a non-global zone, disallow attempts to set a label that
 533          * doesn't match that of the zone; otherwise no other checks
 534          * are needed.
 535          */
 536         if (!INGLOBALZONE(curproc)) {
 537                 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
 538                         return (EPERM);
 539                 return (0);
 540         }
 541 
 542         /*
 543          * For global-zone datasets (i.e., those whose zoned property is
 544          * "off", verify that the specified new label is valid for the
 545          * global zone.
 546          */
 547         if (dsl_prop_get_integer(name,
 548             zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
 549                 return (EPERM);
 550         if (!zoned) {
 551                 if (zfs_check_global_label(name, strval) != 0)
 552                         return (EPERM);
 553         }
 554 
 555         /*
 556          * If the existing dataset label is nondefault, check if the
 557          * dataset is mounted (label cannot be changed while mounted).
 558          * Get the zfsvfs; if there isn't one, then the dataset isn't
 559          * mounted (or isn't a dataset, doesn't exist, ...).
 560          */
 561         if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
 562                 objset_t *os;
 563                 static char *setsl_tag = "setsl_tag";
 564 
 565                 /*
 566                  * Try to own the dataset; abort if there is any error,
 567                  * (e.g., already mounted, in use, or other error).
 568                  */
 569                 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
 570                     setsl_tag, &os);
 571                 if (error)
 572                         return (EPERM);
 573 
 574                 dmu_objset_disown(os, setsl_tag);
 575 
 576                 if (new_default) {
 577                         needed_priv = PRIV_FILE_DOWNGRADE_SL;
 578                         goto out_check;
 579                 }
 580 
 581                 if (hexstr_to_label(strval, &new_sl) != 0)
 582                         return (EPERM);
 583 
 584                 if (blstrictdom(&ds_sl, &new_sl))
 585                         needed_priv = PRIV_FILE_DOWNGRADE_SL;
 586                 else if (blstrictdom(&new_sl, &ds_sl))
 587                         needed_priv = PRIV_FILE_UPGRADE_SL;
 588         } else {
 589                 /* dataset currently has a default label */
 590                 if (!new_default)
 591                         needed_priv = PRIV_FILE_UPGRADE_SL;
 592         }
 593 
 594 out_check:
 595         if (needed_priv != -1)
 596                 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
 597         return (0);
 598 }
 599 
 600 static int
 601 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
 602     cred_t *cr)
 603 {
 604         char *strval;
 605 
 606         /*
 607          * Check permissions for special properties.
 608          */
 609         switch (prop) {
 610         case ZFS_PROP_ZONED:
 611                 /*
 612                  * Disallow setting of 'zoned' from within a local zone.
 613                  */
 614                 if (!INGLOBALZONE(curproc))
 615                         return (EPERM);
 616                 break;
 617 
 618         case ZFS_PROP_QUOTA:
 619                 if (!INGLOBALZONE(curproc)) {
 620                         uint64_t zoned;
 621                         char setpoint[MAXNAMELEN];
 622                         /*
 623                          * Unprivileged users are allowed to modify the
 624                          * quota on things *under* (ie. contained by)
 625                          * the thing they own.
 626                          */
 627                         if (dsl_prop_get_integer(dsname, "zoned", &zoned,
 628                             setpoint))
 629                                 return (EPERM);
 630                         if (!zoned || strlen(dsname) <= strlen(setpoint))
 631                                 return (EPERM);
 632                 }
 633                 break;
 634 
 635         case ZFS_PROP_MLSLABEL:
 636                 if (!is_system_labeled())
 637                         return (EPERM);
 638 
 639                 if (nvpair_value_string(propval, &strval) == 0) {
 640                         int err;
 641 
 642                         err = zfs_set_slabel_policy(dsname, strval, CRED());
 643                         if (err != 0)
 644                                 return (err);
 645                 }
 646                 break;
 647         }
 648 
 649         return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
 650 }
 651 
 652 /* ARGSUSED */
 653 static int
 654 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 655 {
 656         int error;
 657 
 658         error = zfs_dozonecheck(zc->zc_name, cr);
 659         if (error)
 660                 return (error);
 661 
 662         /*
 663          * permission to set permissions will be evaluated later in
 664          * dsl_deleg_can_allow()
 665          */
 666         return (0);
 667 }
 668 
 669 /* ARGSUSED */
 670 static int
 671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 672 {
 673         return (zfs_secpolicy_write_perms(zc->zc_name,
 674             ZFS_DELEG_PERM_ROLLBACK, cr));
 675 }
 676 
 677 /* ARGSUSED */
 678 static int
 679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 680 {
 681         spa_t *spa;
 682         dsl_pool_t *dp;
 683         dsl_dataset_t *ds;
 684         char *cp;
 685         int error;
 686 
 687         /*
 688          * Generate the current snapshot name from the given objsetid, then
 689          * use that name for the secpolicy/zone checks.
 690          */
 691         cp = strchr(zc->zc_name, '@');
 692         if (cp == NULL)
 693                 return (EINVAL);
 694         error = spa_open(zc->zc_name, &spa, FTAG);
 695         if (error)
 696                 return (error);
 697 
 698         dp = spa_get_dsl(spa);
 699         rw_enter(&dp->dp_config_rwlock, RW_READER);
 700         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
 701         rw_exit(&dp->dp_config_rwlock);
 702         spa_close(spa, FTAG);
 703         if (error)
 704                 return (error);
 705 
 706         dsl_dataset_name(ds, zc->zc_name);
 707 
 708         error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
 709             ZFS_DELEG_PERM_SEND, cr);
 710         dsl_dataset_rele(ds, FTAG);
 711 
 712         return (error);
 713 }
 714 
 715 /* ARGSUSED */
 716 static int
 717 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 718 {
 719         return (zfs_secpolicy_write_perms(zc->zc_name,
 720             ZFS_DELEG_PERM_SEND, cr));
 721 }
 722 
 723 /* ARGSUSED */
 724 static int
 725 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 726 {
 727         vnode_t *vp;
 728         int error;
 729 
 730         if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
 731             NO_FOLLOW, NULL, &vp)) != 0)
 732                 return (error);
 733 
 734         /* Now make sure mntpnt and dataset are ZFS */
 735 
 736         if (vp->v_vfsp->vfs_fstype != zfsfstype ||
 737             (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
 738             zc->zc_name) != 0)) {
 739                 VN_RELE(vp);
 740                 return (EPERM);
 741         }
 742 
 743         VN_RELE(vp);
 744         return (dsl_deleg_access(zc->zc_name,
 745             ZFS_DELEG_PERM_SHARE, cr));
 746 }
 747 
 748 int
 749 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 750 {
 751         if (!INGLOBALZONE(curproc))
 752                 return (EPERM);
 753 
 754         if (secpolicy_nfs(cr) == 0) {
 755                 return (0);
 756         } else {
 757                 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
 758         }
 759 }
 760 
 761 int
 762 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 763 {
 764         if (!INGLOBALZONE(curproc))
 765                 return (EPERM);
 766 
 767         if (secpolicy_smb(cr) == 0) {
 768                 return (0);
 769         } else {
 770                 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
 771         }
 772 }
 773 
 774 static int
 775 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
 776 {
 777         char *cp;
 778 
 779         /*
 780          * Remove the @bla or /bla from the end of the name to get the parent.
 781          */
 782         (void) strncpy(parent, datasetname, parentsize);
 783         cp = strrchr(parent, '@');
 784         if (cp != NULL) {
 785                 cp[0] = '\0';
 786         } else {
 787                 cp = strrchr(parent, '/');
 788                 if (cp == NULL)
 789                         return (ENOENT);
 790                 cp[0] = '\0';
 791         }
 792 
 793         return (0);
 794 }
 795 
 796 int
 797 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
 798 {
 799         int error;
 800 
 801         if ((error = zfs_secpolicy_write_perms(name,
 802             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 803                 return (error);
 804 
 805         return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
 806 }
 807 
 808 /* ARGSUSED */
 809 static int
 810 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 811 {
 812         return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
 813 }
 814 
 815 /*
 816  * Destroying snapshots with delegated permissions requires
 817  * descendant mount and destroy permissions.
 818  */
 819 /* ARGSUSED */
 820 static int
 821 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 822 {
 823         nvlist_t *snaps;
 824         nvpair_t *pair, *nextpair;
 825         int error = 0;
 826 
 827         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
 828                 return (EINVAL);
 829         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
 830             pair = nextpair) {
 831                 dsl_dataset_t *ds;
 832 
 833                 nextpair = nvlist_next_nvpair(snaps, pair);
 834                 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
 835                 if (error == 0) {
 836                         dsl_dataset_rele(ds, FTAG);
 837                 } else if (error == ENOENT) {
 838                         /*
 839                          * Ignore any snapshots that don't exist (we consider
 840                          * them "already destroyed").  Remove the name from the
 841                          * nvl here in case the snapshot is created between
 842                          * now and when we try to destroy it (in which case
 843                          * we don't want to destroy it since we haven't
 844                          * checked for permission).
 845                          */
 846                         fnvlist_remove_nvpair(snaps, pair);
 847                         error = 0;
 848                         continue;
 849                 } else {
 850                         break;
 851                 }
 852                 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
 853                 if (error != 0)
 854                         break;
 855         }
 856 
 857         return (error);
 858 }
 859 
 860 int
 861 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
 862 {
 863         char    parentname[MAXNAMELEN];
 864         int     error;
 865 
 866         if ((error = zfs_secpolicy_write_perms(from,
 867             ZFS_DELEG_PERM_RENAME, cr)) != 0)
 868                 return (error);
 869 
 870         if ((error = zfs_secpolicy_write_perms(from,
 871             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 872                 return (error);
 873 
 874         if ((error = zfs_get_parent(to, parentname,
 875             sizeof (parentname))) != 0)
 876                 return (error);
 877 
 878         if ((error = zfs_secpolicy_write_perms(parentname,
 879             ZFS_DELEG_PERM_CREATE, cr)) != 0)
 880                 return (error);
 881 
 882         if ((error = zfs_secpolicy_write_perms(parentname,
 883             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 884                 return (error);
 885 
 886         return (error);
 887 }
 888 
 889 /* ARGSUSED */
 890 static int
 891 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 892 {
 893         return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
 894 }
 895 
 896 /* ARGSUSED */
 897 static int
 898 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 899 {
 900         char    parentname[MAXNAMELEN];
 901         objset_t *clone;
 902         int error;
 903 
 904         error = zfs_secpolicy_write_perms(zc->zc_name,
 905             ZFS_DELEG_PERM_PROMOTE, cr);
 906         if (error)
 907                 return (error);
 908 
 909         error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
 910 
 911         if (error == 0) {
 912                 dsl_dataset_t *pclone = NULL;
 913                 dsl_dir_t *dd;
 914                 dd = clone->os_dsl_dataset->ds_dir;
 915 
 916                 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
 917                 error = dsl_dataset_hold_obj(dd->dd_pool,
 918                     dd->dd_phys->dd_origin_obj, FTAG, &pclone);
 919                 rw_exit(&dd->dd_pool->dp_config_rwlock);
 920                 if (error) {
 921                         dmu_objset_rele(clone, FTAG);
 922                         return (error);
 923                 }
 924 
 925                 error = zfs_secpolicy_write_perms(zc->zc_name,
 926                     ZFS_DELEG_PERM_MOUNT, cr);
 927 
 928                 dsl_dataset_name(pclone, parentname);
 929                 dmu_objset_rele(clone, FTAG);
 930                 dsl_dataset_rele(pclone, FTAG);
 931                 if (error == 0)
 932                         error = zfs_secpolicy_write_perms(parentname,
 933                             ZFS_DELEG_PERM_PROMOTE, cr);
 934         }
 935         return (error);
 936 }
 937 
 938 /* ARGSUSED */
 939 static int
 940 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 941 {
 942         int error;
 943 
 944         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
 945             ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
 946                 return (error);
 947 
 948         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
 949             ZFS_DELEG_PERM_MOUNT, cr)) != 0)
 950                 return (error);
 951 
 952         return (zfs_secpolicy_write_perms(zc->zc_name,
 953             ZFS_DELEG_PERM_CREATE, cr));
 954 }
 955 
 956 int
 957 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
 958 {
 959         return (zfs_secpolicy_write_perms(name,
 960             ZFS_DELEG_PERM_SNAPSHOT, cr));
 961 }
 962 
 963 /*
 964  * Check for permission to create each snapshot in the nvlist.
 965  */
 966 /* ARGSUSED */
 967 static int
 968 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 969 {
 970         nvlist_t *snaps;
 971         int error;
 972         nvpair_t *pair;
 973 
 974         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
 975                 return (EINVAL);
 976         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
 977             pair = nvlist_next_nvpair(snaps, pair)) {
 978                 char *name = nvpair_name(pair);
 979                 char *atp = strchr(name, '@');
 980 
 981                 if (atp == NULL) {
 982                         error = EINVAL;
 983                         break;
 984                 }
 985                 *atp = '\0';
 986                 error = zfs_secpolicy_snapshot_perms(name, cr);
 987                 *atp = '@';
 988                 if (error != 0)
 989                         break;
 990         }
 991         return (error);
 992 }
 993 
 994 /* ARGSUSED */
 995 static int
 996 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
 997 {
 998         /*
 999          * Even root must have a proper TSD so that we know what pool
1000          * to log to.
1001          */
1002         if (tsd_get(zfs_allow_log_key) == NULL)
1003                 return (EPERM);
1004         return (0);
1005 }
1006 
1007 static int
1008 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1009 {
1010         char    parentname[MAXNAMELEN];
1011         int     error;
1012         char    *origin;
1013 
1014         if ((error = zfs_get_parent(zc->zc_name, parentname,
1015             sizeof (parentname))) != 0)
1016                 return (error);
1017 
1018         if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1019             (error = zfs_secpolicy_write_perms(origin,
1020             ZFS_DELEG_PERM_CLONE, cr)) != 0)
1021                 return (error);
1022 
1023         if ((error = zfs_secpolicy_write_perms(parentname,
1024             ZFS_DELEG_PERM_CREATE, cr)) != 0)
1025                 return (error);
1026 
1027         return (zfs_secpolicy_write_perms(parentname,
1028             ZFS_DELEG_PERM_MOUNT, cr));
1029 }
1030 
1031 /*
1032  * Policy for pool operations - create/destroy pools, add vdevs, etc.  Requires
1033  * SYS_CONFIG privilege, which is not available in a local zone.
1034  */
1035 /* ARGSUSED */
1036 static int
1037 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1038 {
1039         if (secpolicy_sys_config(cr, B_FALSE) != 0)
1040                 return (EPERM);
1041 
1042         return (0);
1043 }
1044 
1045 /*
1046  * Policy for object to name lookups.
1047  */
1048 /* ARGSUSED */
1049 static int
1050 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1051 {
1052         int error;
1053 
1054         if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1055                 return (0);
1056 
1057         error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1058         return (error);
1059 }
1060 
1061 /*
1062  * Policy for fault injection.  Requires all privileges.
1063  */
1064 /* ARGSUSED */
1065 static int
1066 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1067 {
1068         return (secpolicy_zinject(cr));
1069 }
1070 
1071 /* ARGSUSED */
1072 static int
1073 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1074 {
1075         zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1076 
1077         if (prop == ZPROP_INVAL) {
1078                 if (!zfs_prop_user(zc->zc_value))
1079                         return (EINVAL);
1080                 return (zfs_secpolicy_write_perms(zc->zc_name,
1081                     ZFS_DELEG_PERM_USERPROP, cr));
1082         } else {
1083                 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1084                     NULL, cr));
1085         }
1086 }
1087 
1088 static int
1089 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1090 {
1091         int err = zfs_secpolicy_read(zc, innvl, cr);
1092         if (err)
1093                 return (err);
1094 
1095         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1096                 return (EINVAL);
1097 
1098         if (zc->zc_value[0] == 0) {
1099                 /*
1100                  * They are asking about a posix uid/gid.  If it's
1101                  * themself, allow it.
1102                  */
1103                 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1104                     zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1105                         if (zc->zc_guid == crgetuid(cr))
1106                                 return (0);
1107                 } else {
1108                         if (groupmember(zc->zc_guid, cr))
1109                                 return (0);
1110                 }
1111         }
1112 
1113         return (zfs_secpolicy_write_perms(zc->zc_name,
1114             userquota_perms[zc->zc_objset_type], cr));
1115 }
1116 
1117 static int
1118 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1119 {
1120         int err = zfs_secpolicy_read(zc, innvl, cr);
1121         if (err)
1122                 return (err);
1123 
1124         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1125                 return (EINVAL);
1126 
1127         return (zfs_secpolicy_write_perms(zc->zc_name,
1128             userquota_perms[zc->zc_objset_type], cr));
1129 }
1130 
1131 /* ARGSUSED */
1132 static int
1133 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1134 {
1135         return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1136             NULL, cr));
1137 }
1138 
1139 /* ARGSUSED */
1140 static int
1141 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1142 {
1143         return (zfs_secpolicy_write_perms(zc->zc_name,
1144             ZFS_DELEG_PERM_HOLD, cr));
1145 }
1146 
1147 /* ARGSUSED */
1148 static int
1149 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1150 {
1151         return (zfs_secpolicy_write_perms(zc->zc_name,
1152             ZFS_DELEG_PERM_RELEASE, cr));
1153 }
1154 
1155 /*
1156  * Policy for allowing temporary snapshots to be taken or released
1157  */
1158 static int
1159 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1160 {
1161         /*
1162          * A temporary snapshot is the same as a snapshot,
1163          * hold, destroy and release all rolled into one.
1164          * Delegated diff alone is sufficient that we allow this.
1165          */
1166         int error;
1167 
1168         if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1169             ZFS_DELEG_PERM_DIFF, cr)) == 0)
1170                 return (0);
1171 
1172         error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1173         if (!error)
1174                 error = zfs_secpolicy_hold(zc, innvl, cr);
1175         if (!error)
1176                 error = zfs_secpolicy_release(zc, innvl, cr);
1177         if (!error)
1178                 error = zfs_secpolicy_destroy(zc, innvl, cr);
1179         return (error);
1180 }
1181 
1182 /*
1183  * Returns the nvlist as specified by the user in the zfs_cmd_t.
1184  */
1185 static int
1186 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1187 {
1188         char *packed;
1189         int error;
1190         nvlist_t *list = NULL;
1191 
1192         /*
1193          * Read in and unpack the user-supplied nvlist.
1194          */
1195         if (size == 0)
1196                 return (EINVAL);
1197 
1198         packed = kmem_alloc(size, KM_SLEEP);
1199 
1200         if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1201             iflag)) != 0) {
1202                 kmem_free(packed, size);
1203                 return (error);
1204         }
1205 
1206         if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1207                 kmem_free(packed, size);
1208                 return (error);
1209         }
1210 
1211         kmem_free(packed, size);
1212 
1213         *nvp = list;
1214         return (0);
1215 }
1216 
1217 /*
1218  * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1219  * Entries will be removed from the end of the nvlist, and one int32 entry
1220  * named "N_MORE_ERRORS" will be added indicating how many entries were
1221  * removed.
1222  */
1223 static int
1224 nvlist_smush(nvlist_t *errors, size_t max)
1225 {
1226         size_t size;
1227 
1228         size = fnvlist_size(errors);
1229 
1230         if (size > max) {
1231                 nvpair_t *more_errors;
1232                 int n = 0;
1233 
1234                 if (max < 1024)
1235                         return (ENOMEM);
1236 
1237                 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1238                 more_errors = nvlist_prev_nvpair(errors, NULL);
1239 
1240                 do {
1241                         nvpair_t *pair = nvlist_prev_nvpair(errors,
1242                             more_errors);
1243                         fnvlist_remove_nvpair(errors, pair);
1244                         n++;
1245                         size = fnvlist_size(errors);
1246                 } while (size > max);
1247 
1248                 fnvlist_remove_nvpair(errors, more_errors);
1249                 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1250                 ASSERT3U(fnvlist_size(errors), <=, max);
1251         }
1252 
1253         return (0);
1254 }
1255 
1256 static int
1257 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1258 {
1259         char *packed = NULL;
1260         int error = 0;
1261         size_t size;
1262 
1263         size = fnvlist_size(nvl);
1264 
1265         if (size > zc->zc_nvlist_dst_size) {
1266                 error = ENOMEM;
1267         } else {
1268                 packed = fnvlist_pack(nvl, &size);
1269                 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1270                     size, zc->zc_iflags) != 0)
1271                         error = EFAULT;
1272                 fnvlist_pack_free(packed, size);
1273         }
1274 
1275         zc->zc_nvlist_dst_size = size;
1276         zc->zc_nvlist_dst_filled = B_TRUE;
1277         return (error);
1278 }
1279 
1280 static int
1281 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1282 {
1283         objset_t *os;
1284         int error;
1285 
1286         error = dmu_objset_hold(dsname, FTAG, &os);
1287         if (error)
1288                 return (error);
1289         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1290                 dmu_objset_rele(os, FTAG);
1291                 return (EINVAL);
1292         }
1293 
1294         mutex_enter(&os->os_user_ptr_lock);
1295         *zfvp = dmu_objset_get_user(os);
1296         if (*zfvp) {
1297                 VFS_HOLD((*zfvp)->z_vfs);
1298         } else {
1299                 error = ESRCH;
1300         }
1301         mutex_exit(&os->os_user_ptr_lock);
1302         dmu_objset_rele(os, FTAG);
1303         return (error);
1304 }
1305 
1306 /*
1307  * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1308  * case its z_vfs will be NULL, and it will be opened as the owner.
1309  * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1310  * which prevents all vnode ops from running.
1311  */
1312 static int
1313 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1314 {
1315         int error = 0;
1316 
1317         if (getzfsvfs(name, zfvp) != 0)
1318                 error = zfsvfs_create(name, zfvp);
1319         if (error == 0) {
1320                 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1321                     RW_READER, tag);
1322                 if ((*zfvp)->z_unmounted) {
1323                         /*
1324                          * XXX we could probably try again, since the unmounting
1325                          * thread should be just about to disassociate the
1326                          * objset from the zfsvfs.
1327                          */
1328                         rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1329                         return (EBUSY);
1330                 }
1331         }
1332         return (error);
1333 }
1334 
1335 static void
1336 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1337 {
1338         rrw_exit(&zfsvfs->z_teardown_lock, tag);
1339 
1340         if (zfsvfs->z_vfs) {
1341                 VFS_RELE(zfsvfs->z_vfs);
1342         } else {
1343                 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1344                 zfsvfs_free(zfsvfs);
1345         }
1346 }
1347 
1348 static int
1349 zfs_ioc_pool_create(zfs_cmd_t *zc)
1350 {
1351         int error;
1352         nvlist_t *config, *props = NULL;
1353         nvlist_t *rootprops = NULL;
1354         nvlist_t *zplprops = NULL;
1355 
1356         if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1357             zc->zc_iflags, &config))
1358                 return (error);
1359 
1360         if (zc->zc_nvlist_src_size != 0 && (error =
1361             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1362             zc->zc_iflags, &props))) {
1363                 nvlist_free(config);
1364                 return (error);
1365         }
1366 
1367         if (props) {
1368                 nvlist_t *nvl = NULL;
1369                 uint64_t version = SPA_VERSION;
1370 
1371                 (void) nvlist_lookup_uint64(props,
1372                     zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1373                 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1374                         error = EINVAL;
1375                         goto pool_props_bad;
1376                 }
1377                 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1378                 if (nvl) {
1379                         error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1380                         if (error != 0) {
1381                                 nvlist_free(config);
1382                                 nvlist_free(props);
1383                                 return (error);
1384                         }
1385                         (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1386                 }
1387                 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1388                 error = zfs_fill_zplprops_root(version, rootprops,
1389                     zplprops, NULL);
1390                 if (error)
1391                         goto pool_props_bad;
1392         }
1393 
1394         error = spa_create(zc->zc_name, config, props, zplprops);
1395 
1396         /*
1397          * Set the remaining root properties
1398          */
1399         if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1400             ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1401                 (void) spa_destroy(zc->zc_name);
1402 
1403 pool_props_bad:
1404         nvlist_free(rootprops);
1405         nvlist_free(zplprops);
1406         nvlist_free(config);
1407         nvlist_free(props);
1408 
1409         return (error);
1410 }
1411 
1412 static int
1413 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1414 {
1415         int error;
1416         zfs_log_history(zc);
1417         error = spa_destroy(zc->zc_name);
1418         if (error == 0)
1419                 zvol_remove_minors(zc->zc_name);
1420         return (error);
1421 }
1422 
1423 static int
1424 zfs_ioc_pool_import(zfs_cmd_t *zc)
1425 {
1426         nvlist_t *config, *props = NULL;
1427         uint64_t guid;
1428         int error;
1429 
1430         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1431             zc->zc_iflags, &config)) != 0)
1432                 return (error);
1433 
1434         if (zc->zc_nvlist_src_size != 0 && (error =
1435             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1436             zc->zc_iflags, &props))) {
1437                 nvlist_free(config);
1438                 return (error);
1439         }
1440 
1441         if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1442             guid != zc->zc_guid)
1443                 error = EINVAL;
1444         else
1445                 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1446 
1447         if (zc->zc_nvlist_dst != 0) {
1448                 int err;
1449 
1450                 if ((err = put_nvlist(zc, config)) != 0)
1451                         error = err;
1452         }
1453 
1454         nvlist_free(config);
1455 
1456         if (props)
1457                 nvlist_free(props);
1458 
1459         return (error);
1460 }
1461 
1462 static int
1463 zfs_ioc_pool_export(zfs_cmd_t *zc)
1464 {
1465         int error;
1466         boolean_t force = (boolean_t)zc->zc_cookie;
1467         boolean_t hardforce = (boolean_t)zc->zc_guid;
1468 
1469         zfs_log_history(zc);
1470         error = spa_export(zc->zc_name, NULL, force, hardforce);
1471         if (error == 0)
1472                 zvol_remove_minors(zc->zc_name);
1473         return (error);
1474 }
1475 
1476 static int
1477 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1478 {
1479         nvlist_t *configs;
1480         int error;
1481 
1482         if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1483                 return (EEXIST);
1484 
1485         error = put_nvlist(zc, configs);
1486 
1487         nvlist_free(configs);
1488 
1489         return (error);
1490 }
1491 
1492 /*
1493  * inputs:
1494  * zc_name              name of the pool
1495  *
1496  * outputs:
1497  * zc_cookie            real errno
1498  * zc_nvlist_dst        config nvlist
1499  * zc_nvlist_dst_size   size of config nvlist
1500  */
1501 static int
1502 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1503 {
1504         nvlist_t *config;
1505         int error;
1506         int ret = 0;
1507 
1508         error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1509             sizeof (zc->zc_value));
1510 
1511         if (config != NULL) {
1512                 ret = put_nvlist(zc, config);
1513                 nvlist_free(config);
1514 
1515                 /*
1516                  * The config may be present even if 'error' is non-zero.
1517                  * In this case we return success, and preserve the real errno
1518                  * in 'zc_cookie'.
1519                  */
1520                 zc->zc_cookie = error;
1521         } else {
1522                 ret = error;
1523         }
1524 
1525         return (ret);
1526 }
1527 
1528 /*
1529  * Try to import the given pool, returning pool stats as appropriate so that
1530  * user land knows which devices are available and overall pool health.
1531  */
1532 static int
1533 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1534 {
1535         nvlist_t *tryconfig, *config;
1536         int error;
1537 
1538         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1539             zc->zc_iflags, &tryconfig)) != 0)
1540                 return (error);
1541 
1542         config = spa_tryimport(tryconfig);
1543 
1544         nvlist_free(tryconfig);
1545 
1546         if (config == NULL)
1547                 return (EINVAL);
1548 
1549         error = put_nvlist(zc, config);
1550         nvlist_free(config);
1551 
1552         return (error);
1553 }
1554 
1555 /*
1556  * inputs:
1557  * zc_name              name of the pool
1558  * zc_cookie            scan func (pool_scan_func_t)
1559  */
1560 static int
1561 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1562 {
1563         spa_t *spa;
1564         int error;
1565 
1566         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1567                 return (error);
1568 
1569         if (zc->zc_cookie == POOL_SCAN_NONE)
1570                 error = spa_scan_stop(spa);
1571         else
1572                 error = spa_scan(spa, zc->zc_cookie);
1573 
1574         spa_close(spa, FTAG);
1575 
1576         return (error);
1577 }
1578 
1579 static int
1580 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1581 {
1582         spa_t *spa;
1583         int error;
1584 
1585         error = spa_open(zc->zc_name, &spa, FTAG);
1586         if (error == 0) {
1587                 spa_freeze(spa);
1588                 spa_close(spa, FTAG);
1589         }
1590         return (error);
1591 }
1592 
1593 static int
1594 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1595 {
1596         spa_t *spa;
1597         int error;
1598 
1599         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1600                 return (error);
1601 
1602         if (zc->zc_cookie < spa_version(spa) ||
1603             !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1604                 spa_close(spa, FTAG);
1605                 return (EINVAL);
1606         }
1607 
1608         spa_upgrade(spa, zc->zc_cookie);
1609         spa_close(spa, FTAG);
1610 
1611         return (error);
1612 }
1613 
1614 static int
1615 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1616 {
1617         spa_t *spa;
1618         char *hist_buf;
1619         uint64_t size;
1620         int error;
1621 
1622         if ((size = zc->zc_history_len) == 0)
1623                 return (EINVAL);
1624 
1625         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1626                 return (error);
1627 
1628         if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1629                 spa_close(spa, FTAG);
1630                 return (ENOTSUP);
1631         }
1632 
1633         hist_buf = kmem_alloc(size, KM_SLEEP);
1634         if ((error = spa_history_get(spa, &zc->zc_history_offset,
1635             &zc->zc_history_len, hist_buf)) == 0) {
1636                 error = ddi_copyout(hist_buf,
1637                     (void *)(uintptr_t)zc->zc_history,
1638                     zc->zc_history_len, zc->zc_iflags);
1639         }
1640 
1641         spa_close(spa, FTAG);
1642         kmem_free(hist_buf, size);
1643         return (error);
1644 }
1645 
1646 static int
1647 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1648 {
1649         spa_t *spa;
1650         int error;
1651 
1652         error = spa_open(zc->zc_name, &spa, FTAG);
1653         if (error == 0) {
1654                 error = spa_change_guid(spa);
1655                 spa_close(spa, FTAG);
1656         }
1657         return (error);
1658 }
1659 
1660 static int
1661 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1662 {
1663         int error;
1664 
1665         if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1666                 return (error);
1667 
1668         return (0);
1669 }
1670 
1671 /*
1672  * inputs:
1673  * zc_name              name of filesystem
1674  * zc_obj               object to find
1675  *
1676  * outputs:
1677  * zc_value             name of object
1678  */
1679 static int
1680 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1681 {
1682         objset_t *os;
1683         int error;
1684 
1685         /* XXX reading from objset not owned */
1686         if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1687                 return (error);
1688         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1689                 dmu_objset_rele(os, FTAG);
1690                 return (EINVAL);
1691         }
1692         error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1693             sizeof (zc->zc_value));
1694         dmu_objset_rele(os, FTAG);
1695 
1696         return (error);
1697 }
1698 
1699 /*
1700  * inputs:
1701  * zc_name              name of filesystem
1702  * zc_obj               object to find
1703  *
1704  * outputs:
1705  * zc_stat              stats on object
1706  * zc_value             path to object
1707  */
1708 static int
1709 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1710 {
1711         objset_t *os;
1712         int error;
1713 
1714         /* XXX reading from objset not owned */
1715         if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1716                 return (error);
1717         if (dmu_objset_type(os) != DMU_OST_ZFS) {
1718                 dmu_objset_rele(os, FTAG);
1719                 return (EINVAL);
1720         }
1721         error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1722             sizeof (zc->zc_value));
1723         dmu_objset_rele(os, FTAG);
1724 
1725         return (error);
1726 }
1727 
1728 static int
1729 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1730 {
1731         spa_t *spa;
1732         int error;
1733         nvlist_t *config, **l2cache, **spares;
1734         uint_t nl2cache = 0, nspares = 0;
1735 
1736         error = spa_open(zc->zc_name, &spa, FTAG);
1737         if (error != 0)
1738                 return (error);
1739 
1740         error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1741             zc->zc_iflags, &config);
1742         (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1743             &l2cache, &nl2cache);
1744 
1745         (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1746             &spares, &nspares);
1747 
1748         /*
1749          * A root pool with concatenated devices is not supported.
1750          * Thus, can not add a device to a root pool.
1751          *
1752          * Intent log device can not be added to a rootpool because
1753          * during mountroot, zil is replayed, a seperated log device
1754          * can not be accessed during the mountroot time.
1755          *
1756          * l2cache and spare devices are ok to be added to a rootpool.
1757          */
1758         if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1759                 nvlist_free(config);
1760                 spa_close(spa, FTAG);
1761                 return (EDOM);
1762         }
1763 
1764         if (error == 0) {
1765                 error = spa_vdev_add(spa, config);
1766                 nvlist_free(config);
1767         }
1768         spa_close(spa, FTAG);
1769         return (error);
1770 }
1771 
1772 /*
1773  * inputs:
1774  * zc_name              name of the pool
1775  * zc_nvlist_conf       nvlist of devices to remove
1776  * zc_cookie            to stop the remove?
1777  */
1778 static int
1779 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1780 {
1781         spa_t *spa;
1782         int error;
1783 
1784         error = spa_open(zc->zc_name, &spa, FTAG);
1785         if (error != 0)
1786                 return (error);
1787         error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1788         spa_close(spa, FTAG);
1789         return (error);
1790 }
1791 
1792 static int
1793 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1794 {
1795         spa_t *spa;
1796         int error;
1797         vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1798 
1799         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1800                 return (error);
1801         switch (zc->zc_cookie) {
1802         case VDEV_STATE_ONLINE:
1803                 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1804                 break;
1805 
1806         case VDEV_STATE_OFFLINE:
1807                 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1808                 break;
1809 
1810         case VDEV_STATE_FAULTED:
1811                 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1812                     zc->zc_obj != VDEV_AUX_EXTERNAL)
1813                         zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1814 
1815                 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1816                 break;
1817 
1818         case VDEV_STATE_DEGRADED:
1819                 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1820                     zc->zc_obj != VDEV_AUX_EXTERNAL)
1821                         zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1822 
1823                 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1824                 break;
1825 
1826         default:
1827                 error = EINVAL;
1828         }
1829         zc->zc_cookie = newstate;
1830         spa_close(spa, FTAG);
1831         return (error);
1832 }
1833 
1834 static int
1835 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1836 {
1837         spa_t *spa;
1838         int replacing = zc->zc_cookie;
1839         nvlist_t *config;
1840         int error;
1841 
1842         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1843                 return (error);
1844 
1845         if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1846             zc->zc_iflags, &config)) == 0) {
1847                 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1848                 nvlist_free(config);
1849         }
1850 
1851         spa_close(spa, FTAG);
1852         return (error);
1853 }
1854 
1855 static int
1856 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1857 {
1858         spa_t *spa;
1859         int error;
1860 
1861         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1862                 return (error);
1863 
1864         error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1865 
1866         spa_close(spa, FTAG);
1867         return (error);
1868 }
1869 
1870 static int
1871 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1872 {
1873         spa_t *spa;
1874         nvlist_t *config, *props = NULL;
1875         int error;
1876         boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1877 
1878         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1879                 return (error);
1880 
1881         if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1882             zc->zc_iflags, &config)) {
1883                 spa_close(spa, FTAG);
1884                 return (error);
1885         }
1886 
1887         if (zc->zc_nvlist_src_size != 0 && (error =
1888             get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1889             zc->zc_iflags, &props))) {
1890                 spa_close(spa, FTAG);
1891                 nvlist_free(config);
1892                 return (error);
1893         }
1894 
1895         error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1896 
1897         spa_close(spa, FTAG);
1898 
1899         nvlist_free(config);
1900         nvlist_free(props);
1901 
1902         return (error);
1903 }
1904 
1905 static int
1906 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1907 {
1908         spa_t *spa;
1909         char *path = zc->zc_value;
1910         uint64_t guid = zc->zc_guid;
1911         int error;
1912 
1913         error = spa_open(zc->zc_name, &spa, FTAG);
1914         if (error != 0)
1915                 return (error);
1916 
1917         error = spa_vdev_setpath(spa, guid, path);
1918         spa_close(spa, FTAG);
1919         return (error);
1920 }
1921 
1922 static int
1923 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1924 {
1925         spa_t *spa;
1926         char *fru = zc->zc_value;
1927         uint64_t guid = zc->zc_guid;
1928         int error;
1929 
1930         error = spa_open(zc->zc_name, &spa, FTAG);
1931         if (error != 0)
1932                 return (error);
1933 
1934         error = spa_vdev_setfru(spa, guid, fru);
1935         spa_close(spa, FTAG);
1936         return (error);
1937 }
1938 
1939 static int
1940 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1941 {
1942         int error = 0;
1943         nvlist_t *nv;
1944 
1945         dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1946 
1947         if (zc->zc_nvlist_dst != 0 &&
1948             (error = dsl_prop_get_all(os, &nv)) == 0) {
1949                 dmu_objset_stats(os, nv);
1950                 /*
1951                  * NB: zvol_get_stats() will read the objset contents,
1952                  * which we aren't supposed to do with a
1953                  * DS_MODE_USER hold, because it could be
1954                  * inconsistent.  So this is a bit of a workaround...
1955                  * XXX reading with out owning
1956                  */
1957                 if (!zc->zc_objset_stats.dds_inconsistent &&
1958                     dmu_objset_type(os) == DMU_OST_ZVOL) {
1959                         error = zvol_get_stats(os, nv);
1960                         if (error == EIO)
1961                                 return (error);
1962                         VERIFY0(error);
1963                 }
1964                 error = put_nvlist(zc, nv);
1965                 nvlist_free(nv);
1966         }
1967 
1968         return (error);
1969 }
1970 
1971 /*
1972  * inputs:
1973  * zc_name              name of filesystem
1974  * zc_nvlist_dst_size   size of buffer for property nvlist
1975  *
1976  * outputs:
1977  * zc_objset_stats      stats
1978  * zc_nvlist_dst        property nvlist
1979  * zc_nvlist_dst_size   size of property nvlist
1980  */
1981 static int
1982 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1983 {
1984         objset_t *os = NULL;
1985         int error;
1986 
1987         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1988                 return (error);
1989 
1990         error = zfs_ioc_objset_stats_impl(zc, os);
1991 
1992         dmu_objset_rele(os, FTAG);
1993 
1994         return (error);
1995 }
1996 
1997 /*
1998  * inputs:
1999  * zc_name              name of filesystem
2000  * zc_nvlist_dst_size   size of buffer for property nvlist
2001  *
2002  * outputs:
2003  * zc_nvlist_dst        received property nvlist
2004  * zc_nvlist_dst_size   size of received property nvlist
2005  *
2006  * Gets received properties (distinct from local properties on or after
2007  * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2008  * local property values.
2009  */
2010 static int
2011 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2012 {
2013         objset_t *os = NULL;
2014         int error;
2015         nvlist_t *nv;
2016 
2017         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2018                 return (error);
2019 
2020         /*
2021          * Without this check, we would return local property values if the
2022          * caller has not already received properties on or after
2023          * SPA_VERSION_RECVD_PROPS.
2024          */
2025         if (!dsl_prop_get_hasrecvd(os)) {
2026                 dmu_objset_rele(os, FTAG);
2027                 return (ENOTSUP);
2028         }
2029 
2030         if (zc->zc_nvlist_dst != 0 &&
2031             (error = dsl_prop_get_received(os, &nv)) == 0) {
2032                 error = put_nvlist(zc, nv);
2033                 nvlist_free(nv);
2034         }
2035 
2036         dmu_objset_rele(os, FTAG);
2037         return (error);
2038 }
2039 
2040 static int
2041 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2042 {
2043         uint64_t value;
2044         int error;
2045 
2046         /*
2047          * zfs_get_zplprop() will either find a value or give us
2048          * the default value (if there is one).
2049          */
2050         if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2051                 return (error);
2052         VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2053         return (0);
2054 }
2055 
2056 /*
2057  * inputs:
2058  * zc_name              name of filesystem
2059  * zc_nvlist_dst_size   size of buffer for zpl property nvlist
2060  *
2061  * outputs:
2062  * zc_nvlist_dst        zpl property nvlist
2063  * zc_nvlist_dst_size   size of zpl property nvlist
2064  */
2065 static int
2066 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2067 {
2068         objset_t *os;
2069         int err;
2070 
2071         /* XXX reading without owning */
2072         if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2073                 return (err);
2074 
2075         dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2076 
2077         /*
2078          * NB: nvl_add_zplprop() will read the objset contents,
2079          * which we aren't supposed to do with a DS_MODE_USER
2080          * hold, because it could be inconsistent.
2081          */
2082         if (zc->zc_nvlist_dst != NULL &&
2083             !zc->zc_objset_stats.dds_inconsistent &&
2084             dmu_objset_type(os) == DMU_OST_ZFS) {
2085                 nvlist_t *nv;
2086 
2087                 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2088                 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2089                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2090                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2091                     (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2092                         err = put_nvlist(zc, nv);
2093                 nvlist_free(nv);
2094         } else {
2095                 err = ENOENT;
2096         }
2097         dmu_objset_rele(os, FTAG);
2098         return (err);
2099 }
2100 
2101 static boolean_t
2102 dataset_name_hidden(const char *name)
2103 {
2104         /*
2105          * Skip over datasets that are not visible in this zone,
2106          * internal datasets (which have a $ in their name), and
2107          * temporary datasets (which have a % in their name).
2108          */
2109         if (strchr(name, '$') != NULL)
2110                 return (B_TRUE);
2111         if (strchr(name, '%') != NULL)
2112                 return (B_TRUE);
2113         if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2114                 return (B_TRUE);
2115         return (B_FALSE);
2116 }
2117 
2118 /*
2119  * inputs:
2120  * zc_name              name of filesystem
2121  * zc_cookie            zap cursor
2122  * zc_nvlist_dst_size   size of buffer for property nvlist
2123  *
2124  * outputs:
2125  * zc_name              name of next filesystem
2126  * zc_cookie            zap cursor
2127  * zc_objset_stats      stats
2128  * zc_nvlist_dst        property nvlist
2129  * zc_nvlist_dst_size   size of property nvlist
2130  */
2131 static int
2132 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2133 {
2134         objset_t *os;
2135         int error;
2136         char *p;
2137         size_t orig_len = strlen(zc->zc_name);
2138 
2139 top:
2140         if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2141                 if (error == ENOENT)
2142                         error = ESRCH;
2143                 return (error);
2144         }
2145 
2146         p = strrchr(zc->zc_name, '/');
2147         if (p == NULL || p[1] != '\0')
2148                 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2149         p = zc->zc_name + strlen(zc->zc_name);
2150 
2151         /*
2152          * Pre-fetch the datasets.  dmu_objset_prefetch() always returns 0
2153          * but is not declared void because its called by dmu_objset_find().
2154          */
2155         if (zc->zc_cookie == 0) {
2156                 uint64_t cookie = 0;
2157                 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2158 
2159                 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2160                         if (!dataset_name_hidden(zc->zc_name))
2161                                 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2162                 }
2163         }
2164 
2165         do {
2166                 error = dmu_dir_list_next(os,
2167                     sizeof (zc->zc_name) - (p - zc->zc_name), p,
2168                     NULL, &zc->zc_cookie);
2169                 if (error == ENOENT)
2170                         error = ESRCH;
2171         } while (error == 0 && dataset_name_hidden(zc->zc_name));
2172         dmu_objset_rele(os, FTAG);
2173 
2174         /*
2175          * If it's an internal dataset (ie. with a '$' in its name),
2176          * don't try to get stats for it, otherwise we'll return ENOENT.
2177          */
2178         if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2179                 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2180                 if (error == ENOENT) {
2181                         /* We lost a race with destroy, get the next one. */
2182                         zc->zc_name[orig_len] = '\0';
2183                         goto top;
2184                 }
2185         }
2186         return (error);
2187 }
2188 
2189 /*
2190  * inputs:
2191  * zc_name              name of filesystem
2192  * zc_cookie            zap cursor
2193  * zc_nvlist_dst_size   size of buffer for property nvlist
2194  *
2195  * outputs:
2196  * zc_name              name of next snapshot
2197  * zc_objset_stats      stats
2198  * zc_nvlist_dst        property nvlist
2199  * zc_nvlist_dst_size   size of property nvlist
2200  */
2201 static int
2202 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2203 {
2204         objset_t *os;
2205         int error;
2206 
2207 top:
2208         if (zc->zc_cookie == 0)
2209                 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2210                     NULL, DS_FIND_SNAPSHOTS);
2211 
2212         error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2213         if (error)
2214                 return (error == ENOENT ? ESRCH : error);
2215 
2216         /*
2217          * A dataset name of maximum length cannot have any snapshots,
2218          * so exit immediately.
2219          */
2220         if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2221                 dmu_objset_rele(os, FTAG);
2222                 return (ESRCH);
2223         }
2224 
2225         error = dmu_snapshot_list_next(os,
2226             sizeof (zc->zc_name) - strlen(zc->zc_name),
2227             zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2228             NULL);
2229 
2230         if (error == 0) {
2231                 dsl_dataset_t *ds;
2232                 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2233 
2234                 /*
2235                  * Since we probably don't have a hold on this snapshot,
2236                  * it's possible that the objsetid could have been destroyed
2237                  * and reused for a new objset. It's OK if this happens during
2238                  * a zfs send operation, since the new createtxg will be
2239                  * beyond the range we're interested in.
2240                  */
2241                 rw_enter(&dp->dp_config_rwlock, RW_READER);
2242                 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2243                 rw_exit(&dp->dp_config_rwlock);
2244                 if (error) {
2245                         if (error == ENOENT) {
2246                                 /* Racing with destroy, get the next one. */
2247                                 *strchr(zc->zc_name, '@') = '\0';
2248                                 dmu_objset_rele(os, FTAG);
2249                                 goto top;
2250                         }
2251                 } else {
2252                         objset_t *ossnap;
2253 
2254                         error = dmu_objset_from_ds(ds, &ossnap);
2255                         if (error == 0)
2256                                 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2257                         dsl_dataset_rele(ds, FTAG);
2258                 }
2259         } else if (error == ENOENT) {
2260                 error = ESRCH;
2261         }
2262 
2263         dmu_objset_rele(os, FTAG);
2264         /* if we failed, undo the @ that we tacked on to zc_name */
2265         if (error)
2266                 *strchr(zc->zc_name, '@') = '\0';
2267         return (error);
2268 }
2269 
2270 static int
2271 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2272 {
2273         const char *propname = nvpair_name(pair);
2274         uint64_t *valary;
2275         unsigned int vallen;
2276         const char *domain;
2277         char *dash;
2278         zfs_userquota_prop_t type;
2279         uint64_t rid;
2280         uint64_t quota;
2281         zfsvfs_t *zfsvfs;
2282         int err;
2283 
2284         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2285                 nvlist_t *attrs;
2286                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2287                 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2288                     &pair) != 0)
2289                         return (EINVAL);
2290         }
2291 
2292         /*
2293          * A correctly constructed propname is encoded as
2294          * userquota@<rid>-<domain>.
2295          */
2296         if ((dash = strchr(propname, '-')) == NULL ||
2297             nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2298             vallen != 3)
2299                 return (EINVAL);
2300 
2301         domain = dash + 1;
2302         type = valary[0];
2303         rid = valary[1];
2304         quota = valary[2];
2305 
2306         err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2307         if (err == 0) {
2308                 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2309                 zfsvfs_rele(zfsvfs, FTAG);
2310         }
2311 
2312         return (err);
2313 }
2314 
2315 /*
2316  * If the named property is one that has a special function to set its value,
2317  * return 0 on success and a positive error code on failure; otherwise if it is
2318  * not one of the special properties handled by this function, return -1.
2319  *
2320  * XXX: It would be better for callers of the property interface if we handled
2321  * these special cases in dsl_prop.c (in the dsl layer).
2322  */
2323 static int
2324 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2325     nvpair_t *pair)
2326 {
2327         const char *propname = nvpair_name(pair);
2328         zfs_prop_t prop = zfs_name_to_prop(propname);
2329         uint64_t intval;
2330         int err;
2331 
2332         if (prop == ZPROP_INVAL) {
2333                 if (zfs_prop_userquota(propname))
2334                         return (zfs_prop_set_userquota(dsname, pair));
2335                 return (-1);
2336         }
2337 
2338         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2339                 nvlist_t *attrs;
2340                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2341                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2342                     &pair) == 0);
2343         }
2344 
2345         if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2346                 return (-1);
2347 
2348         VERIFY(0 == nvpair_value_uint64(pair, &intval));
2349 
2350         switch (prop) {
2351         case ZFS_PROP_QUOTA:
2352                 err = dsl_dir_set_quota(dsname, source, intval);
2353                 break;
2354         case ZFS_PROP_REFQUOTA:
2355                 err = dsl_dataset_set_quota(dsname, source, intval);
2356                 break;
2357         case ZFS_PROP_RESERVATION:
2358                 err = dsl_dir_set_reservation(dsname, source, intval);
2359                 break;
2360         case ZFS_PROP_REFRESERVATION:
2361                 err = dsl_dataset_set_reservation(dsname, source, intval);
2362                 break;
2363         case ZFS_PROP_VOLSIZE:
2364                 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2365                     intval);
2366                 break;
2367         case ZFS_PROP_VERSION:
2368         {
2369                 zfsvfs_t *zfsvfs;
2370 
2371                 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2372                         break;
2373 
2374                 err = zfs_set_version(zfsvfs, intval);
2375                 zfsvfs_rele(zfsvfs, FTAG);
2376 
2377                 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2378                         zfs_cmd_t *zc;
2379 
2380                         zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2381                         (void) strcpy(zc->zc_name, dsname);
2382                         (void) zfs_ioc_userspace_upgrade(zc);
2383                         kmem_free(zc, sizeof (zfs_cmd_t));
2384                 }
2385                 break;
2386         }
2387 
2388         default:
2389                 err = -1;
2390         }
2391 
2392         return (err);
2393 }
2394 
2395 /*
2396  * This function is best effort. If it fails to set any of the given properties,
2397  * it continues to set as many as it can and returns the last error
2398  * encountered. If the caller provides a non-NULL errlist, it will be filled in
2399  * with the list of names of all the properties that failed along with the
2400  * corresponding error numbers.
2401  *
2402  * If every property is set successfully, zero is returned and errlist is not
2403  * modified.
2404  */
2405 int
2406 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2407     nvlist_t *errlist)
2408 {
2409         nvpair_t *pair;
2410         nvpair_t *propval;
2411         int rv = 0;
2412         uint64_t intval;
2413         char *strval;
2414         nvlist_t *genericnvl = fnvlist_alloc();
2415         nvlist_t *retrynvl = fnvlist_alloc();
2416 
2417 retry:
2418         pair = NULL;
2419         while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2420                 const char *propname = nvpair_name(pair);
2421                 zfs_prop_t prop = zfs_name_to_prop(propname);
2422                 int err = 0;
2423 
2424                 /* decode the property value */
2425                 propval = pair;
2426                 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2427                         nvlist_t *attrs;
2428                         attrs = fnvpair_value_nvlist(pair);
2429                         if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2430                             &propval) != 0)
2431                                 err = EINVAL;
2432                 }
2433 
2434                 /* Validate value type */
2435                 if (err == 0 && prop == ZPROP_INVAL) {
2436                         if (zfs_prop_user(propname)) {
2437                                 if (nvpair_type(propval) != DATA_TYPE_STRING)
2438                                         err = EINVAL;
2439                         } else if (zfs_prop_userquota(propname)) {
2440                                 if (nvpair_type(propval) !=
2441                                     DATA_TYPE_UINT64_ARRAY)
2442                                         err = EINVAL;
2443                         } else {
2444                                 err = EINVAL;
2445                         }
2446                 } else if (err == 0) {
2447                         if (nvpair_type(propval) == DATA_TYPE_STRING) {
2448                                 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2449                                         err = EINVAL;
2450                         } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2451                                 const char *unused;
2452 
2453                                 intval = fnvpair_value_uint64(propval);
2454 
2455                                 switch (zfs_prop_get_type(prop)) {
2456                                 case PROP_TYPE_NUMBER:
2457                                         break;
2458                                 case PROP_TYPE_STRING:
2459                                         err = EINVAL;
2460                                         break;
2461                                 case PROP_TYPE_INDEX:
2462                                         if (zfs_prop_index_to_string(prop,
2463                                             intval, &unused) != 0)
2464                                                 err = EINVAL;
2465                                         break;
2466                                 default:
2467                                         cmn_err(CE_PANIC,
2468                                             "unknown property type");
2469                                 }
2470                         } else {
2471                                 err = EINVAL;
2472                         }
2473                 }
2474 
2475                 /* Validate permissions */
2476                 if (err == 0)
2477                         err = zfs_check_settable(dsname, pair, CRED());
2478 
2479                 if (err == 0) {
2480                         err = zfs_prop_set_special(dsname, source, pair);
2481                         if (err == -1) {
2482                                 /*
2483                                  * For better performance we build up a list of
2484                                  * properties to set in a single transaction.
2485                                  */
2486                                 err = nvlist_add_nvpair(genericnvl, pair);
2487                         } else if (err != 0 && nvl != retrynvl) {
2488                                 /*
2489                                  * This may be a spurious error caused by
2490                                  * receiving quota and reservation out of order.
2491                                  * Try again in a second pass.
2492                                  */
2493                                 err = nvlist_add_nvpair(retrynvl, pair);
2494                         }
2495                 }
2496 
2497                 if (err != 0) {
2498                         if (errlist != NULL)
2499                                 fnvlist_add_int32(errlist, propname, err);
2500                         rv = err;
2501                 }
2502         }
2503 
2504         if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2505                 nvl = retrynvl;
2506                 goto retry;
2507         }
2508 
2509         if (!nvlist_empty(genericnvl) &&
2510             dsl_props_set(dsname, source, genericnvl) != 0) {
2511                 /*
2512                  * If this fails, we still want to set as many properties as we
2513                  * can, so try setting them individually.
2514                  */
2515                 pair = NULL;
2516                 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2517                         const char *propname = nvpair_name(pair);
2518                         int err = 0;
2519 
2520                         propval = pair;
2521                         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2522                                 nvlist_t *attrs;
2523                                 attrs = fnvpair_value_nvlist(pair);
2524                                 propval = fnvlist_lookup_nvpair(attrs,
2525                                     ZPROP_VALUE);
2526                         }
2527 
2528                         if (nvpair_type(propval) == DATA_TYPE_STRING) {
2529                                 strval = fnvpair_value_string(propval);
2530                                 err = dsl_prop_set(dsname, propname, source, 1,
2531                                     strlen(strval) + 1, strval);
2532                         } else {
2533                                 intval = fnvpair_value_uint64(propval);
2534                                 err = dsl_prop_set(dsname, propname, source, 8,
2535                                     1, &intval);
2536                         }
2537 
2538                         if (err != 0) {
2539                                 if (errlist != NULL) {
2540                                         fnvlist_add_int32(errlist, propname,
2541                                             err);
2542                                 }
2543                                 rv = err;
2544                         }
2545                 }
2546         }
2547         nvlist_free(genericnvl);
2548         nvlist_free(retrynvl);
2549 
2550         return (rv);
2551 }
2552 
2553 /*
2554  * Check that all the properties are valid user properties.
2555  */
2556 static int
2557 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2558 {
2559         nvpair_t *pair = NULL;
2560         int error = 0;
2561 
2562         while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2563                 const char *propname = nvpair_name(pair);
2564                 char *valstr;
2565 
2566                 if (!zfs_prop_user(propname) ||
2567                     nvpair_type(pair) != DATA_TYPE_STRING)
2568                         return (EINVAL);
2569 
2570                 if (error = zfs_secpolicy_write_perms(fsname,
2571                     ZFS_DELEG_PERM_USERPROP, CRED()))
2572                         return (error);
2573 
2574                 if (strlen(propname) >= ZAP_MAXNAMELEN)
2575                         return (ENAMETOOLONG);
2576 
2577                 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2578                 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2579                         return (E2BIG);
2580         }
2581         return (0);
2582 }
2583 
2584 static void
2585 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2586 {
2587         nvpair_t *pair;
2588 
2589         VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2590 
2591         pair = NULL;
2592         while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2593                 if (nvlist_exists(skipped, nvpair_name(pair)))
2594                         continue;
2595 
2596                 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2597         }
2598 }
2599 
2600 static int
2601 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2602     nvlist_t *skipped)
2603 {
2604         int err = 0;
2605         nvlist_t *cleared_props = NULL;
2606         props_skip(props, skipped, &cleared_props);
2607         if (!nvlist_empty(cleared_props)) {
2608                 /*
2609                  * Acts on local properties until the dataset has received
2610                  * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2611                  */
2612                 zprop_source_t flags = (ZPROP_SRC_NONE |
2613                     (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2614                 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2615         }
2616         nvlist_free(cleared_props);
2617         return (err);
2618 }
2619 
2620 /*
2621  * inputs:
2622  * zc_name              name of filesystem
2623  * zc_value             name of property to set
2624  * zc_nvlist_src{_size} nvlist of properties to apply
2625  * zc_cookie            received properties flag
2626  *
2627  * outputs:
2628  * zc_nvlist_dst{_size} error for each unapplied received property
2629  */
2630 static int
2631 zfs_ioc_set_prop(zfs_cmd_t *zc)
2632 {
2633         nvlist_t *nvl;
2634         boolean_t received = zc->zc_cookie;
2635         zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2636             ZPROP_SRC_LOCAL);
2637         nvlist_t *errors;
2638         int error;
2639 
2640         if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2641             zc->zc_iflags, &nvl)) != 0)
2642                 return (error);
2643 
2644         if (received) {
2645                 nvlist_t *origprops;
2646                 objset_t *os;
2647 
2648                 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2649                         if (dsl_prop_get_received(os, &origprops) == 0) {
2650                                 (void) clear_received_props(os,
2651                                     zc->zc_name, origprops, nvl);
2652                                 nvlist_free(origprops);
2653                         }
2654 
2655                         dsl_prop_set_hasrecvd(os);
2656                         dmu_objset_rele(os, FTAG);
2657                 }
2658         }
2659 
2660         errors = fnvlist_alloc();
2661         error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2662 
2663         if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2664                 (void) put_nvlist(zc, errors);
2665         }
2666 
2667         nvlist_free(errors);
2668         nvlist_free(nvl);
2669         return (error);
2670 }
2671 
2672 /*
2673  * inputs:
2674  * zc_name              name of filesystem
2675  * zc_value             name of property to inherit
2676  * zc_cookie            revert to received value if TRUE
2677  *
2678  * outputs:             none
2679  */
2680 static int
2681 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2682 {
2683         const char *propname = zc->zc_value;
2684         zfs_prop_t prop = zfs_name_to_prop(propname);
2685         boolean_t received = zc->zc_cookie;
2686         zprop_source_t source = (received
2687             ? ZPROP_SRC_NONE            /* revert to received value, if any */
2688             : ZPROP_SRC_INHERITED);     /* explicitly inherit */
2689 
2690         if (received) {
2691                 nvlist_t *dummy;
2692                 nvpair_t *pair;
2693                 zprop_type_t type;
2694                 int err;
2695 
2696                 /*
2697                  * zfs_prop_set_special() expects properties in the form of an
2698                  * nvpair with type info.
2699                  */
2700                 if (prop == ZPROP_INVAL) {
2701                         if (!zfs_prop_user(propname))
2702                                 return (EINVAL);
2703 
2704                         type = PROP_TYPE_STRING;
2705                 } else if (prop == ZFS_PROP_VOLSIZE ||
2706                     prop == ZFS_PROP_VERSION) {
2707                         return (EINVAL);
2708                 } else {
2709                         type = zfs_prop_get_type(prop);
2710                 }
2711 
2712                 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2713 
2714                 switch (type) {
2715                 case PROP_TYPE_STRING:
2716                         VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2717                         break;
2718                 case PROP_TYPE_NUMBER:
2719                 case PROP_TYPE_INDEX:
2720                         VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2721                         break;
2722                 default:
2723                         nvlist_free(dummy);
2724                         return (EINVAL);
2725                 }
2726 
2727                 pair = nvlist_next_nvpair(dummy, NULL);
2728                 err = zfs_prop_set_special(zc->zc_name, source, pair);
2729                 nvlist_free(dummy);
2730                 if (err != -1)
2731                         return (err); /* special property already handled */
2732         } else {
2733                 /*
2734                  * Only check this in the non-received case. We want to allow
2735                  * 'inherit -S' to revert non-inheritable properties like quota
2736                  * and reservation to the received or default values even though
2737                  * they are not considered inheritable.
2738                  */
2739                 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2740                         return (EINVAL);
2741         }
2742 
2743         /* property name has been validated by zfs_secpolicy_inherit_prop() */
2744         return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2745 }
2746 
2747 static int
2748 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2749 {
2750         nvlist_t *props;
2751         spa_t *spa;
2752         int error;
2753         nvpair_t *pair;
2754 
2755         if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2756             zc->zc_iflags, &props))
2757                 return (error);
2758 
2759         /*
2760          * If the only property is the configfile, then just do a spa_lookup()
2761          * to handle the faulted case.
2762          */
2763         pair = nvlist_next_nvpair(props, NULL);
2764         if (pair != NULL && strcmp(nvpair_name(pair),
2765             zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2766             nvlist_next_nvpair(props, pair) == NULL) {
2767                 mutex_enter(&spa_namespace_lock);
2768                 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2769                         spa_configfile_set(spa, props, B_FALSE);
2770                         spa_config_sync(spa, B_FALSE, B_TRUE);
2771                 }
2772                 mutex_exit(&spa_namespace_lock);
2773                 if (spa != NULL) {
2774                         nvlist_free(props);
2775                         return (0);
2776                 }
2777         }
2778 
2779         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2780                 nvlist_free(props);
2781                 return (error);
2782         }
2783 
2784         error = spa_prop_set(spa, props);
2785 
2786         nvlist_free(props);
2787         spa_close(spa, FTAG);
2788 
2789         return (error);
2790 }
2791 
2792 static int
2793 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2794 {
2795         spa_t *spa;
2796         int error;
2797         nvlist_t *nvp = NULL;
2798 
2799         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2800                 /*
2801                  * If the pool is faulted, there may be properties we can still
2802                  * get (such as altroot and cachefile), so attempt to get them
2803                  * anyway.
2804                  */
2805                 mutex_enter(&spa_namespace_lock);
2806                 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2807                         error = spa_prop_get(spa, &nvp);
2808                 mutex_exit(&spa_namespace_lock);
2809         } else {
2810                 error = spa_prop_get(spa, &nvp);
2811                 spa_close(spa, FTAG);
2812         }
2813 
2814         if (error == 0 && zc->zc_nvlist_dst != NULL)
2815                 error = put_nvlist(zc, nvp);
2816         else
2817                 error = EFAULT;
2818 
2819         nvlist_free(nvp);
2820         return (error);
2821 }
2822 
2823 /*
2824  * inputs:
2825  * zc_name              name of filesystem
2826  * zc_nvlist_src{_size} nvlist of delegated permissions
2827  * zc_perm_action       allow/unallow flag
2828  *
2829  * outputs:             none
2830  */
2831 static int
2832 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2833 {
2834         int error;
2835         nvlist_t *fsaclnv = NULL;
2836 
2837         if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2838             zc->zc_iflags, &fsaclnv)) != 0)
2839                 return (error);
2840 
2841         /*
2842          * Verify nvlist is constructed correctly
2843          */
2844         if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2845                 nvlist_free(fsaclnv);
2846                 return (EINVAL);
2847         }
2848 
2849         /*
2850          * If we don't have PRIV_SYS_MOUNT, then validate
2851          * that user is allowed to hand out each permission in
2852          * the nvlist(s)
2853          */
2854 
2855         error = secpolicy_zfs(CRED());
2856         if (error) {
2857                 if (zc->zc_perm_action == B_FALSE) {
2858                         error = dsl_deleg_can_allow(zc->zc_name,
2859                             fsaclnv, CRED());
2860                 } else {
2861                         error = dsl_deleg_can_unallow(zc->zc_name,
2862                             fsaclnv, CRED());
2863                 }
2864         }
2865 
2866         if (error == 0)
2867                 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2868 
2869         nvlist_free(fsaclnv);
2870         return (error);
2871 }
2872 
2873 /*
2874  * inputs:
2875  * zc_name              name of filesystem
2876  *
2877  * outputs:
2878  * zc_nvlist_src{_size} nvlist of delegated permissions
2879  */
2880 static int
2881 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2882 {
2883         nvlist_t *nvp;
2884         int error;
2885 
2886         if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2887                 error = put_nvlist(zc, nvp);
2888                 nvlist_free(nvp);
2889         }
2890 
2891         return (error);
2892 }
2893 
2894 /*
2895  * Search the vfs list for a specified resource.  Returns a pointer to it
2896  * or NULL if no suitable entry is found. The caller of this routine
2897  * is responsible for releasing the returned vfs pointer.
2898  */
2899 static vfs_t *
2900 zfs_get_vfs(const char *resource)
2901 {
2902         struct vfs *vfsp;
2903         struct vfs *vfs_found = NULL;
2904 
2905         vfs_list_read_lock();
2906         vfsp = rootvfs;
2907         do {
2908                 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2909                         VFS_HOLD(vfsp);
2910                         vfs_found = vfsp;
2911                         break;
2912                 }
2913                 vfsp = vfsp->vfs_next;
2914         } while (vfsp != rootvfs);
2915         vfs_list_unlock();
2916         return (vfs_found);
2917 }
2918 
2919 /* ARGSUSED */
2920 static void
2921 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2922 {
2923         zfs_creat_t *zct = arg;
2924 
2925         zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2926 }
2927 
2928 #define ZFS_PROP_UNDEFINED      ((uint64_t)-1)
2929 
2930 /*
2931  * inputs:
2932  * createprops          list of properties requested by creator
2933  * default_zplver       zpl version to use if unspecified in createprops
2934  * fuids_ok             fuids allowed in this version of the spa?
2935  * os                   parent objset pointer (NULL if root fs)
2936  *
2937  * outputs:
2938  * zplprops     values for the zplprops we attach to the master node object
2939  * is_ci        true if requested file system will be purely case-insensitive
2940  *
2941  * Determine the settings for utf8only, normalization and
2942  * casesensitivity.  Specific values may have been requested by the
2943  * creator and/or we can inherit values from the parent dataset.  If
2944  * the file system is of too early a vintage, a creator can not
2945  * request settings for these properties, even if the requested
2946  * setting is the default value.  We don't actually want to create dsl
2947  * properties for these, so remove them from the source nvlist after
2948  * processing.
2949  */
2950 static int
2951 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2952     boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2953     nvlist_t *zplprops, boolean_t *is_ci)
2954 {
2955         uint64_t sense = ZFS_PROP_UNDEFINED;
2956         uint64_t norm = ZFS_PROP_UNDEFINED;
2957         uint64_t u8 = ZFS_PROP_UNDEFINED;
2958 
2959         ASSERT(zplprops != NULL);
2960 
2961         /*
2962          * Pull out creator prop choices, if any.
2963          */
2964         if (createprops) {
2965                 (void) nvlist_lookup_uint64(createprops,
2966                     zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2967                 (void) nvlist_lookup_uint64(createprops,
2968                     zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2969                 (void) nvlist_remove_all(createprops,
2970                     zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2971                 (void) nvlist_lookup_uint64(createprops,
2972                     zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2973                 (void) nvlist_remove_all(createprops,
2974                     zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2975                 (void) nvlist_lookup_uint64(createprops,
2976                     zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2977                 (void) nvlist_remove_all(createprops,
2978                     zfs_prop_to_name(ZFS_PROP_CASE));
2979         }
2980 
2981         /*
2982          * If the zpl version requested is whacky or the file system
2983          * or pool is version is too "young" to support normalization
2984          * and the creator tried to set a value for one of the props,
2985          * error out.
2986          */
2987         if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2988             (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2989             (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2990             (zplver < ZPL_VERSION_NORMALIZATION &&
2991             (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2992             sense != ZFS_PROP_UNDEFINED)))
2993                 return (ENOTSUP);
2994 
2995         /*
2996          * Put the version in the zplprops
2997          */
2998         VERIFY(nvlist_add_uint64(zplprops,
2999             zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3000 
3001         if (norm == ZFS_PROP_UNDEFINED)
3002                 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
3003         VERIFY(nvlist_add_uint64(zplprops,
3004             zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3005 
3006         /*
3007          * If we're normalizing, names must always be valid UTF-8 strings.
3008          */
3009         if (norm)
3010                 u8 = 1;
3011         if (u8 == ZFS_PROP_UNDEFINED)
3012                 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
3013         VERIFY(nvlist_add_uint64(zplprops,
3014             zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3015 
3016         if (sense == ZFS_PROP_UNDEFINED)
3017                 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
3018         VERIFY(nvlist_add_uint64(zplprops,
3019             zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3020 
3021         if (is_ci)
3022                 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3023 
3024         return (0);
3025 }
3026 
3027 static int
3028 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3029     nvlist_t *zplprops, boolean_t *is_ci)
3030 {
3031         boolean_t fuids_ok, sa_ok;
3032         uint64_t zplver = ZPL_VERSION;
3033         objset_t *os = NULL;
3034         char parentname[MAXNAMELEN];
3035         char *cp;
3036         spa_t *spa;
3037         uint64_t spa_vers;
3038         int error;
3039 
3040         (void) strlcpy(parentname, dataset, sizeof (parentname));
3041         cp = strrchr(parentname, '/');
3042         ASSERT(cp != NULL);
3043         cp[0] = '\0';
3044 
3045         if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3046                 return (error);
3047 
3048         spa_vers = spa_version(spa);
3049         spa_close(spa, FTAG);
3050 
3051         zplver = zfs_zpl_version_map(spa_vers);
3052         fuids_ok = (zplver >= ZPL_VERSION_FUID);
3053         sa_ok = (zplver >= ZPL_VERSION_SA);
3054 
3055         /*
3056          * Open parent object set so we can inherit zplprop values.
3057          */
3058         if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3059                 return (error);
3060 
3061         error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3062             zplprops, is_ci);
3063         dmu_objset_rele(os, FTAG);
3064         return (error);
3065 }
3066 
3067 static int
3068 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3069     nvlist_t *zplprops, boolean_t *is_ci)
3070 {
3071         boolean_t fuids_ok;
3072         boolean_t sa_ok;
3073         uint64_t zplver = ZPL_VERSION;
3074         int error;
3075 
3076         zplver = zfs_zpl_version_map(spa_vers);
3077         fuids_ok = (zplver >= ZPL_VERSION_FUID);
3078         sa_ok = (zplver >= ZPL_VERSION_SA);
3079 
3080         error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3081             createprops, zplprops, is_ci);
3082         return (error);
3083 }
3084 
3085 /*
3086  * innvl: {
3087  *     "type" -> dmu_objset_type_t (int32)
3088  *     (optional) "props" -> { prop -> value }
3089  * }
3090  *
3091  * outnvl: propname -> error code (int32)
3092  */
3093 static int
3094 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3095 {
3096         int error = 0;
3097         zfs_creat_t zct = { 0 };
3098         nvlist_t *nvprops = NULL;
3099         void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3100         int32_t type32;
3101         dmu_objset_type_t type;
3102         boolean_t is_insensitive = B_FALSE;
3103 
3104         if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3105                 return (EINVAL);
3106         type = type32;
3107         (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3108 
3109         switch (type) {
3110         case DMU_OST_ZFS:
3111                 cbfunc = zfs_create_cb;
3112                 break;
3113 
3114         case DMU_OST_ZVOL:
3115                 cbfunc = zvol_create_cb;
3116                 break;
3117 
3118         default:
3119                 cbfunc = NULL;
3120                 break;
3121         }
3122         if (strchr(fsname, '@') ||
3123             strchr(fsname, '%'))
3124                 return (EINVAL);
3125 
3126         zct.zct_props = nvprops;
3127 
3128         if (cbfunc == NULL)
3129                 return (EINVAL);
3130 
3131         if (type == DMU_OST_ZVOL) {
3132                 uint64_t volsize, volblocksize;
3133 
3134                 if (nvprops == NULL)
3135                         return (EINVAL);
3136                 if (nvlist_lookup_uint64(nvprops,
3137                     zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3138                         return (EINVAL);
3139 
3140                 if ((error = nvlist_lookup_uint64(nvprops,
3141                     zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3142                     &volblocksize)) != 0 && error != ENOENT)
3143                         return (EINVAL);
3144 
3145                 if (error != 0)
3146                         volblocksize = zfs_prop_default_numeric(
3147                             ZFS_PROP_VOLBLOCKSIZE);
3148 
3149                 if ((error = zvol_check_volblocksize(
3150                     volblocksize)) != 0 ||
3151                     (error = zvol_check_volsize(volsize,
3152                     volblocksize)) != 0)
3153                         return (error);
3154         } else if (type == DMU_OST_ZFS) {
3155                 int error;
3156 
3157                 /*
3158                  * We have to have normalization and
3159                  * case-folding flags correct when we do the
3160                  * file system creation, so go figure them out
3161                  * now.
3162                  */
3163                 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3164                     NV_UNIQUE_NAME, KM_SLEEP) == 0);
3165                 error = zfs_fill_zplprops(fsname, nvprops,
3166                     zct.zct_zplprops, &is_insensitive);
3167                 if (error != 0) {
3168                         nvlist_free(zct.zct_zplprops);
3169                         return (error);
3170                 }
3171         }
3172 
3173         error = dmu_objset_create(fsname, type,
3174             is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3175         nvlist_free(zct.zct_zplprops);
3176 
3177         /*
3178          * It would be nice to do this atomically.
3179          */
3180         if (error == 0) {
3181                 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3182                     nvprops, outnvl);
3183                 if (error != 0)
3184                         (void) dmu_objset_destroy(fsname, B_FALSE);
3185         }
3186         return (error);
3187 }
3188 
3189 /*
3190  * innvl: {
3191  *     "origin" -> name of origin snapshot
3192  *     (optional) "props" -> { prop -> value }
3193  * }
3194  *
3195  * outnvl: propname -> error code (int32)
3196  */
3197 static int
3198 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3199 {
3200         int error = 0;
3201         nvlist_t *nvprops = NULL;
3202         char *origin_name;
3203         dsl_dataset_t *origin;
3204 
3205         if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3206                 return (EINVAL);
3207         (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3208 
3209         if (strchr(fsname, '@') ||
3210             strchr(fsname, '%'))
3211                 return (EINVAL);
3212 
3213         if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3214                 return (EINVAL);
3215 
3216         error = dsl_dataset_hold(origin_name, FTAG, &origin);
3217         if (error)
3218                 return (error);
3219 
3220         error = dmu_objset_clone(fsname, origin, 0);
3221         dsl_dataset_rele(origin, FTAG);
3222         if (error)
3223                 return (error);
3224 
3225         /*
3226          * It would be nice to do this atomically.
3227          */
3228         if (error == 0) {
3229                 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3230                     nvprops, outnvl);
3231                 if (error != 0)
3232                         (void) dmu_objset_destroy(fsname, B_FALSE);
3233         }
3234         return (error);
3235 }
3236 
3237 /*
3238  * innvl: {
3239  *     "snaps" -> { snapshot1, snapshot2 }
3240  *     (optional) "props" -> { prop -> value (string) }
3241  * }
3242  *
3243  * outnvl: snapshot -> error code (int32)
3244  *
3245  */
3246 static int
3247 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3248 {
3249         nvlist_t *snaps;
3250         nvlist_t *props = NULL;
3251         int error, poollen;
3252         nvpair_t *pair;
3253 
3254         (void) nvlist_lookup_nvlist(innvl, "props", &props);
3255         if ((error = zfs_check_userprops(poolname, props)) != 0)
3256                 return (error);
3257 
3258         if (!nvlist_empty(props) &&
3259             zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3260                 return (ENOTSUP);
3261 
3262         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3263                 return (EINVAL);
3264         poollen = strlen(poolname);
3265         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3266             pair = nvlist_next_nvpair(snaps, pair)) {
3267                 const char *name = nvpair_name(pair);
3268                 const char *cp = strchr(name, '@');
3269 
3270                 /*
3271                  * The snap name must contain an @, and the part after it must
3272                  * contain only valid characters.
3273                  */
3274                 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3275                         return (EINVAL);
3276 
3277                 /*
3278                  * The snap must be in the specified pool.
3279                  */
3280                 if (strncmp(name, poolname, poollen) != 0 ||
3281                     (name[poollen] != '/' && name[poollen] != '@'))
3282                         return (EXDEV);
3283 
3284                 /* This must be the only snap of this fs. */
3285                 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3286                     pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3287                         if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3288                             == 0) {
3289                                 return (EXDEV);
3290                         }
3291                 }
3292         }
3293 
3294         error = dmu_objset_snapshot(snaps, props, outnvl);
3295         return (error);
3296 }
3297 
3298 /*
3299  * innvl: "message" -> string
3300  */
3301 /* ARGSUSED */
3302 static int
3303 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3304 {
3305         char *message;
3306         spa_t *spa;
3307         int error;
3308         char *poolname;
3309 
3310         /*
3311          * The poolname in the ioctl is not set, we get it from the TSD,
3312          * which was set at the end of the last successful ioctl that allows
3313          * logging.  The secpolicy func already checked that it is set.
3314          * Only one log ioctl is allowed after each successful ioctl, so
3315          * we clear the TSD here.
3316          */
3317         poolname = tsd_get(zfs_allow_log_key);
3318         (void) tsd_set(zfs_allow_log_key, NULL);
3319         error = spa_open(poolname, &spa, FTAG);
3320         strfree(poolname);
3321         if (error != 0)
3322                 return (error);
3323 
3324         if (nvlist_lookup_string(innvl, "message", &message) != 0)  {
3325                 spa_close(spa, FTAG);
3326                 return (EINVAL);
3327         }
3328 
3329         if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3330                 spa_close(spa, FTAG);
3331                 return (ENOTSUP);
3332         }
3333 
3334         error = spa_history_log(spa, message);
3335         spa_close(spa, FTAG);
3336         return (error);
3337 }
3338 
3339 /* ARGSUSED */
3340 int
3341 zfs_unmount_snap(const char *name, void *arg)
3342 {
3343         vfs_t *vfsp;
3344         int err;
3345 
3346         if (strchr(name, '@') == NULL)
3347                 return (0);
3348 
3349         vfsp = zfs_get_vfs(name);
3350         if (vfsp == NULL)
3351                 return (0);
3352 
3353         if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3354                 VFS_RELE(vfsp);
3355                 return (err);
3356         }
3357         VFS_RELE(vfsp);
3358 
3359         /*
3360          * Always force the unmount for snapshots.
3361          */
3362         return (dounmount(vfsp, MS_FORCE, kcred));
3363 }
3364 
3365 /*
3366  * innvl: {
3367  *     "snaps" -> { snapshot1, snapshot2 }
3368  *     (optional boolean) "defer"
3369  * }
3370  *
3371  * outnvl: snapshot -> error code (int32)
3372  *
3373  */
3374 static int
3375 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3376 {
3377         int poollen;
3378         nvlist_t *snaps;
3379         nvpair_t *pair;
3380         boolean_t defer;
3381 
3382         if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3383                 return (EINVAL);
3384         defer = nvlist_exists(innvl, "defer");
3385 
3386         poollen = strlen(poolname);
3387         for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3388             pair = nvlist_next_nvpair(snaps, pair)) {
3389                 const char *name = nvpair_name(pair);
3390 
3391                 /*
3392                  * The snap must be in the specified pool.
3393                  */
3394                 if (strncmp(name, poolname, poollen) != 0 ||
3395                     (name[poollen] != '/' && name[poollen] != '@'))
3396                         return (EXDEV);
3397 
3398                 /*
3399                  * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3400                  * will deal with this gracefully (by filling in outnvl).
3401                  */
3402                 (void) zfs_unmount_snap(name, NULL);
3403         }
3404 
3405         return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3406 }
3407 
3408 /*
3409  * inputs:
3410  * zc_name              name of dataset to destroy
3411  * zc_objset_type       type of objset
3412  * zc_defer_destroy     mark for deferred destroy
3413  *
3414  * outputs:             none
3415  */
3416 static int
3417 zfs_ioc_destroy(zfs_cmd_t *zc)
3418 {
3419         int err;
3420         if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3421                 err = zfs_unmount_snap(zc->zc_name, NULL);
3422                 if (err)
3423                         return (err);
3424         }
3425 
3426         err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3427         if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3428                 (void) zvol_remove_minor(zc->zc_name);
3429         return (err);
3430 }
3431 
3432 /*
3433  * inputs:
3434  * zc_name      name of dataset to rollback (to most recent snapshot)
3435  *
3436  * outputs:     none
3437  */
3438 static int
3439 zfs_ioc_rollback(zfs_cmd_t *zc)
3440 {
3441         dsl_dataset_t *ds, *clone;
3442         int error;
3443         zfsvfs_t *zfsvfs;
3444         char *clone_name;
3445 
3446         error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3447         if (error)
3448                 return (error);
3449 
3450         /* must not be a snapshot */
3451         if (dsl_dataset_is_snapshot(ds)) {
3452                 dsl_dataset_rele(ds, FTAG);
3453                 return (EINVAL);
3454         }
3455 
3456         /* must have a most recent snapshot */
3457         if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3458                 dsl_dataset_rele(ds, FTAG);
3459                 return (EINVAL);
3460         }
3461 
3462         /*
3463          * Create clone of most recent snapshot.
3464          */
3465         clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3466         error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3467         if (error)
3468                 goto out;
3469 
3470         error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3471         if (error)
3472                 goto out;
3473 
3474         /*
3475          * Do clone swap.
3476          */
3477         if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3478                 error = zfs_suspend_fs(zfsvfs);
3479                 if (error == 0) {
3480                         int resume_err;
3481 
3482                         if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3483                                 error = dsl_dataset_clone_swap(clone, ds,
3484                                     B_TRUE);
3485                                 dsl_dataset_disown(ds, FTAG);
3486                                 ds = NULL;
3487                         } else {
3488                                 error = EBUSY;
3489                         }
3490                         resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3491                         error = error ? error : resume_err;
3492                 }
3493                 VFS_RELE(zfsvfs->z_vfs);
3494         } else {
3495                 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3496                         error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3497                         dsl_dataset_disown(ds, FTAG);
3498                         ds = NULL;
3499                 } else {
3500                         error = EBUSY;
3501                 }
3502         }
3503 
3504         /*
3505          * Destroy clone (which also closes it).
3506          */
3507         (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3508 
3509 out:
3510         strfree(clone_name);
3511         if (ds)
3512                 dsl_dataset_rele(ds, FTAG);
3513         return (error);
3514 }
3515 
3516 /*
3517  * inputs:
3518  * zc_name      old name of dataset
3519  * zc_value     new name of dataset
3520  * zc_cookie    recursive flag (only valid for snapshots)
3521  *
3522  * outputs:     none
3523  */
3524 static int
3525 zfs_ioc_rename(zfs_cmd_t *zc)
3526 {
3527         boolean_t recursive = zc->zc_cookie & 1;
3528 
3529         zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3530         if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3531             strchr(zc->zc_value, '%'))
3532                 return (EINVAL);
3533 
3534         /*
3535          * Unmount snapshot unless we're doing a recursive rename,
3536          * in which case the dataset code figures out which snapshots
3537          * to unmount.
3538          */
3539         if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3540             zc->zc_objset_type == DMU_OST_ZFS) {
3541                 int err = zfs_unmount_snap(zc->zc_name, NULL);
3542                 if (err)
3543                         return (err);
3544         }
3545         if (zc->zc_objset_type == DMU_OST_ZVOL)
3546                 (void) zvol_remove_minor(zc->zc_name);
3547         return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3548 }
3549 
3550 static int
3551 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3552 {
3553         const char *propname = nvpair_name(pair);
3554         boolean_t issnap = (strchr(dsname, '@') != NULL);
3555         zfs_prop_t prop = zfs_name_to_prop(propname);
3556         uint64_t intval;
3557         int err;
3558 
3559         if (prop == ZPROP_INVAL) {
3560                 if (zfs_prop_user(propname)) {
3561                         if (err = zfs_secpolicy_write_perms(dsname,
3562                             ZFS_DELEG_PERM_USERPROP, cr))
3563                                 return (err);
3564                         return (0);
3565                 }
3566 
3567                 if (!issnap && zfs_prop_userquota(propname)) {
3568                         const char *perm = NULL;
3569                         const char *uq_prefix =
3570                             zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3571                         const char *gq_prefix =
3572                             zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3573 
3574                         if (strncmp(propname, uq_prefix,
3575                             strlen(uq_prefix)) == 0) {
3576                                 perm = ZFS_DELEG_PERM_USERQUOTA;
3577                         } else if (strncmp(propname, gq_prefix,
3578                             strlen(gq_prefix)) == 0) {
3579                                 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3580                         } else {
3581                                 /* USERUSED and GROUPUSED are read-only */
3582                                 return (EINVAL);
3583                         }
3584 
3585                         if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3586                                 return (err);
3587                         return (0);
3588                 }
3589 
3590                 return (EINVAL);
3591         }
3592 
3593         if (issnap)
3594                 return (EINVAL);
3595 
3596         if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3597                 /*
3598                  * dsl_prop_get_all_impl() returns properties in this
3599                  * format.
3600                  */
3601                 nvlist_t *attrs;
3602                 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3603                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3604                     &pair) == 0);
3605         }
3606 
3607         /*
3608          * Check that this value is valid for this pool version
3609          */
3610         switch (prop) {
3611         case ZFS_PROP_COMPRESSION:
3612                 /*
3613                  * If the user specified gzip compression, make sure
3614                  * the SPA supports it. We ignore any errors here since
3615                  * we'll catch them later.
3616                  */
3617                 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3618                     nvpair_value_uint64(pair, &intval) == 0) {
3619                         if (intval >= ZIO_COMPRESS_GZIP_1 &&
3620                             intval <= ZIO_COMPRESS_GZIP_9 &&
3621                             zfs_earlier_version(dsname,
3622                             SPA_VERSION_GZIP_COMPRESSION)) {
3623                                 return (ENOTSUP);
3624                         }
3625 
3626                         if (intval == ZIO_COMPRESS_ZLE &&
3627                             zfs_earlier_version(dsname,
3628                             SPA_VERSION_ZLE_COMPRESSION))
3629                                 return (ENOTSUP);
3630 
3631                         /*
3632                          * If this is a bootable dataset then
3633                          * verify that the compression algorithm
3634                          * is supported for booting. We must return
3635                          * something other than ENOTSUP since it
3636                          * implies a downrev pool version.
3637                          */
3638                         if (zfs_is_bootfs(dsname) &&
3639                             !BOOTFS_COMPRESS_VALID(intval)) {
3640                                 return (ERANGE);
3641                         }
3642                 }
3643                 break;
3644 
3645         case ZFS_PROP_COPIES:
3646                 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3647                         return (ENOTSUP);
3648                 break;
3649 
3650         case ZFS_PROP_DEDUP:
3651                 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3652                         return (ENOTSUP);
3653                 break;
3654 
3655         case ZFS_PROP_SHARESMB:
3656                 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3657                         return (ENOTSUP);
3658                 break;
3659 
3660         case ZFS_PROP_ACLINHERIT:
3661                 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3662                     nvpair_value_uint64(pair, &intval) == 0) {
3663                         if (intval == ZFS_ACL_PASSTHROUGH_X &&
3664                             zfs_earlier_version(dsname,
3665                             SPA_VERSION_PASSTHROUGH_X))
3666                                 return (ENOTSUP);
3667                 }
3668                 break;
3669         }
3670 
3671         return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3672 }
3673 
3674 /*
3675  * Removes properties from the given props list that fail permission checks
3676  * needed to clear them and to restore them in case of a receive error. For each
3677  * property, make sure we have both set and inherit permissions.
3678  *
3679  * Returns the first error encountered if any permission checks fail. If the
3680  * caller provides a non-NULL errlist, it also gives the complete list of names
3681  * of all the properties that failed a permission check along with the
3682  * corresponding error numbers. The caller is responsible for freeing the
3683  * returned errlist.
3684  *
3685  * If every property checks out successfully, zero is returned and the list
3686  * pointed at by errlist is NULL.
3687  */
3688 static int
3689 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3690 {
3691         zfs_cmd_t *zc;
3692         nvpair_t *pair, *next_pair;
3693         nvlist_t *errors;
3694         int err, rv = 0;
3695 
3696         if (props == NULL)
3697                 return (0);
3698 
3699         VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3700 
3701         zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3702         (void) strcpy(zc->zc_name, dataset);
3703         pair = nvlist_next_nvpair(props, NULL);
3704         while (pair != NULL) {
3705                 next_pair = nvlist_next_nvpair(props, pair);
3706 
3707                 (void) strcpy(zc->zc_value, nvpair_name(pair));
3708                 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3709                     (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3710                         VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3711                         VERIFY(nvlist_add_int32(errors,
3712                             zc->zc_value, err) == 0);
3713                 }
3714                 pair = next_pair;
3715         }
3716         kmem_free(zc, sizeof (zfs_cmd_t));
3717 
3718         if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3719                 nvlist_free(errors);
3720                 errors = NULL;
3721         } else {
3722                 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3723         }
3724 
3725         if (errlist == NULL)
3726                 nvlist_free(errors);
3727         else
3728                 *errlist = errors;
3729 
3730         return (rv);
3731 }
3732 
3733 static boolean_t
3734 propval_equals(nvpair_t *p1, nvpair_t *p2)
3735 {
3736         if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3737                 /* dsl_prop_get_all_impl() format */
3738                 nvlist_t *attrs;
3739                 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3740                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3741                     &p1) == 0);
3742         }
3743 
3744         if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3745                 nvlist_t *attrs;
3746                 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3747                 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3748                     &p2) == 0);
3749         }
3750 
3751         if (nvpair_type(p1) != nvpair_type(p2))
3752                 return (B_FALSE);
3753 
3754         if (nvpair_type(p1) == DATA_TYPE_STRING) {
3755                 char *valstr1, *valstr2;
3756 
3757                 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3758                 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3759                 return (strcmp(valstr1, valstr2) == 0);
3760         } else {
3761                 uint64_t intval1, intval2;
3762 
3763                 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3764                 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3765                 return (intval1 == intval2);
3766         }
3767 }
3768 
3769 /*
3770  * Remove properties from props if they are not going to change (as determined
3771  * by comparison with origprops). Remove them from origprops as well, since we
3772  * do not need to clear or restore properties that won't change.
3773  */
3774 static void
3775 props_reduce(nvlist_t *props, nvlist_t *origprops)
3776 {
3777         nvpair_t *pair, *next_pair;
3778 
3779         if (origprops == NULL)
3780                 return; /* all props need to be received */
3781 
3782         pair = nvlist_next_nvpair(props, NULL);
3783         while (pair != NULL) {
3784                 const char *propname = nvpair_name(pair);
3785                 nvpair_t *match;
3786 
3787                 next_pair = nvlist_next_nvpair(props, pair);
3788 
3789                 if ((nvlist_lookup_nvpair(origprops, propname,
3790                     &match) != 0) || !propval_equals(pair, match))
3791                         goto next; /* need to set received value */
3792 
3793                 /* don't clear the existing received value */
3794                 (void) nvlist_remove_nvpair(origprops, match);
3795                 /* don't bother receiving the property */
3796                 (void) nvlist_remove_nvpair(props, pair);
3797 next:
3798                 pair = next_pair;
3799         }
3800 }
3801 
3802 #ifdef  DEBUG
3803 static boolean_t zfs_ioc_recv_inject_err;
3804 #endif
3805 
3806 /*
3807  * inputs:
3808  * zc_name              name of containing filesystem
3809  * zc_nvlist_src{_size} nvlist of properties to apply
3810  * zc_value             name of snapshot to create
3811  * zc_string            name of clone origin (if DRR_FLAG_CLONE)
3812  * zc_cookie            file descriptor to recv from
3813  * zc_begin_record      the BEGIN record of the stream (not byteswapped)
3814  * zc_guid              force flag
3815  * zc_cleanup_fd        cleanup-on-exit file descriptor
3816  * zc_action_handle     handle for this guid/ds mapping (or zero on first call)
3817  *
3818  * outputs:
3819  * zc_cookie            number of bytes read
3820  * zc_nvlist_dst{_size} error for each unapplied received property
3821  * zc_obj               zprop_errflags_t
3822  * zc_action_handle     handle for this guid/ds mapping
3823  */
3824 static int
3825 zfs_ioc_recv(zfs_cmd_t *zc)
3826 {
3827         file_t *fp;
3828         objset_t *os;
3829         dmu_recv_cookie_t drc;
3830         boolean_t force = (boolean_t)zc->zc_guid;
3831         int fd;
3832         int error = 0;
3833         int props_error = 0;
3834         nvlist_t *errors;
3835         offset_t off;
3836         nvlist_t *props = NULL; /* sent properties */
3837         nvlist_t *origprops = NULL; /* existing properties */
3838         objset_t *origin = NULL;
3839         char *tosnap;
3840         char tofs[ZFS_MAXNAMELEN];
3841         boolean_t first_recvd_props = B_FALSE;
3842 
3843         if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3844             strchr(zc->zc_value, '@') == NULL ||
3845             strchr(zc->zc_value, '%'))
3846                 return (EINVAL);
3847 
3848         (void) strcpy(tofs, zc->zc_value);
3849         tosnap = strchr(tofs, '@');
3850         *tosnap++ = '\0';
3851 
3852         if (zc->zc_nvlist_src != NULL &&
3853             (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3854             zc->zc_iflags, &props)) != 0)
3855                 return (error);
3856 
3857         fd = zc->zc_cookie;
3858         fp = getf(fd);
3859         if (fp == NULL) {
3860                 nvlist_free(props);
3861                 return (EBADF);
3862         }
3863 
3864         VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3865 
3866         if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3867                 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3868                     !dsl_prop_get_hasrecvd(os)) {
3869                         first_recvd_props = B_TRUE;
3870                 }
3871 
3872                 /*
3873                  * If new received properties are supplied, they are to
3874                  * completely replace the existing received properties, so stash
3875                  * away the existing ones.
3876                  */
3877                 if (dsl_prop_get_received(os, &origprops) == 0) {
3878                         nvlist_t *errlist = NULL;
3879                         /*
3880                          * Don't bother writing a property if its value won't
3881                          * change (and avoid the unnecessary security checks).
3882                          *
3883                          * The first receive after SPA_VERSION_RECVD_PROPS is a
3884                          * special case where we blow away all local properties
3885                          * regardless.
3886                          */
3887                         if (!first_recvd_props)
3888                                 props_reduce(props, origprops);
3889                         if (zfs_check_clearable(tofs, origprops,
3890                             &errlist) != 0)
3891                                 (void) nvlist_merge(errors, errlist, 0);
3892                         nvlist_free(errlist);
3893                 }
3894 
3895                 dmu_objset_rele(os, FTAG);
3896         }
3897 
3898         if (zc->zc_string[0]) {
3899                 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3900                 if (error)
3901                         goto out;
3902         }
3903 
3904         error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3905             &zc->zc_begin_record, force, origin, &drc);
3906         if (origin)
3907                 dmu_objset_rele(origin, FTAG);
3908         if (error)
3909                 goto out;
3910 
3911         /*
3912          * Set properties before we receive the stream so that they are applied
3913          * to the new data. Note that we must call dmu_recv_stream() if
3914          * dmu_recv_begin() succeeds.
3915          */
3916         if (props) {
3917                 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3918                         if (drc.drc_newfs) {
3919                                 if (spa_version(os->os_spa) >=
3920                                     SPA_VERSION_RECVD_PROPS)
3921                                         first_recvd_props = B_TRUE;
3922                         } else if (origprops != NULL) {
3923                                 if (clear_received_props(os, tofs, origprops,
3924                                     first_recvd_props ? NULL : props) != 0)
3925                                         zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3926                         } else {
3927                                 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3928                         }
3929                         dsl_prop_set_hasrecvd(os);
3930                 } else if (!drc.drc_newfs) {
3931                         zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3932                 }
3933 
3934                 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3935                     props, errors);
3936         }
3937 
3938         if (zc->zc_nvlist_dst_size != 0 &&
3939             (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3940             put_nvlist(zc, errors) != 0)) {
3941                 /*
3942                  * Caller made zc->zc_nvlist_dst less than the minimum expected
3943                  * size or supplied an invalid address.
3944                  */
3945                 props_error = EINVAL;
3946         }
3947 
3948         off = fp->f_offset;
3949         error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3950             &zc->zc_action_handle);
3951 
3952         if (error == 0) {
3953                 zfsvfs_t *zfsvfs = NULL;
3954 
3955                 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3956                         /* online recv */
3957                         int end_err;
3958 
3959                         error = zfs_suspend_fs(zfsvfs);
3960                         /*
3961                          * If the suspend fails, then the recv_end will
3962                          * likely also fail, and clean up after itself.
3963                          */
3964                         end_err = dmu_recv_end(&drc);
3965                         if (error == 0)
3966                                 error = zfs_resume_fs(zfsvfs, tofs);
3967                         error = error ? error : end_err;
3968                         VFS_RELE(zfsvfs->z_vfs);
3969                 } else {
3970                         error = dmu_recv_end(&drc);
3971                 }
3972         }
3973 
3974         zc->zc_cookie = off - fp->f_offset;
3975         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3976                 fp->f_offset = off;
3977 
3978 #ifdef  DEBUG
3979         if (zfs_ioc_recv_inject_err) {
3980                 zfs_ioc_recv_inject_err = B_FALSE;
3981                 error = 1;
3982         }
3983 #endif
3984         /*
3985          * On error, restore the original props.
3986          */
3987         if (error && props) {
3988                 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3989                         if (clear_received_props(os, tofs, props, NULL) != 0) {
3990                                 /*
3991                                  * We failed to clear the received properties.
3992                                  * Since we may have left a $recvd value on the
3993                                  * system, we can't clear the $hasrecvd flag.
3994                                  */
3995                                 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3996                         } else if (first_recvd_props) {
3997                                 dsl_prop_unset_hasrecvd(os);
3998                         }
3999                         dmu_objset_rele(os, FTAG);
4000                 } else if (!drc.drc_newfs) {
4001                         /* We failed to clear the received properties. */
4002                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4003                 }
4004 
4005                 if (origprops == NULL && !drc.drc_newfs) {
4006                         /* We failed to stash the original properties. */
4007                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4008                 }
4009 
4010                 /*
4011                  * dsl_props_set() will not convert RECEIVED to LOCAL on or
4012                  * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4013                  * explictly if we're restoring local properties cleared in the
4014                  * first new-style receive.
4015                  */
4016                 if (origprops != NULL &&
4017                     zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4018                     ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4019                     origprops, NULL) != 0) {
4020                         /*
4021                          * We stashed the original properties but failed to
4022                          * restore them.
4023                          */
4024                         zc->zc_obj |= ZPROP_ERR_NORESTORE;
4025                 }
4026         }
4027 out:
4028         nvlist_free(props);
4029         nvlist_free(origprops);
4030         nvlist_free(errors);
4031         releasef(fd);
4032 
4033         if (error == 0)
4034                 error = props_error;
4035 
4036         return (error);
4037 }
4038 
4039 /*
4040  * inputs:
4041  * zc_name      name of snapshot to send
4042  * zc_cookie    file descriptor to send stream to
4043  * zc_obj       fromorigin flag (mutually exclusive with zc_fromobj)
4044  * zc_sendobj   objsetid of snapshot to send
4045  * zc_fromobj   objsetid of incremental fromsnap (may be zero)
4046  * zc_guid      bit 0: if set, estimate size of stream only. zc_cookie is
4047  *              ignored. output size in zc_objset_type.
4048  * zc_guid      bit 1: if set, send output in FAR-format
4049  *
4050  * outputs: none
4051  */
4052 static int
4053 zfs_ioc_send(zfs_cmd_t *zc)
4054 {
4055         objset_t *fromsnap = NULL;
4056         objset_t *tosnap;
4057         int error;
4058         offset_t off;
4059         dsl_dataset_t *ds;
4060         dsl_dataset_t *dsfrom = NULL;
4061         spa_t *spa;
4062         dsl_pool_t *dp;
4063         boolean_t estimate = ((zc->zc_guid & 1) != 0);
4064         boolean_t far = ((zc->zc_guid & 2) != 0);
4065 
4066         error = spa_open(zc->zc_name, &spa, FTAG);
4067         if (error)
4068                 return (error);
4069 
4070         dp = spa_get_dsl(spa);
4071         rw_enter(&dp->dp_config_rwlock, RW_READER);
4072         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4073         rw_exit(&dp->dp_config_rwlock);
4074         spa_close(spa, FTAG);
4075         if (error)
4076                 return (error);
4077 
4078         error = dmu_objset_from_ds(ds, &tosnap);
4079         if (error) {
4080                 dsl_dataset_rele(ds, FTAG);
4081                 return (error);
4082         }
4083 
4084         if (zc->zc_fromobj != 0) {
4085                 rw_enter(&dp->dp_config_rwlock, RW_READER);
4086                 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4087                 rw_exit(&dp->dp_config_rwlock);
4088                 if (error) {
4089                         dsl_dataset_rele(ds, FTAG);
4090                         return (error);
4091                 }
4092                 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4093                 if (error) {
4094                         dsl_dataset_rele(dsfrom, FTAG);
4095                         dsl_dataset_rele(ds, FTAG);
4096                         return (error);
4097                 }
4098         }
4099 
4100         if (zc->zc_obj) {
4101                 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4102 
4103                 if (fromsnap != NULL) {
4104                         dsl_dataset_rele(dsfrom, FTAG);
4105                         dsl_dataset_rele(ds, FTAG);
4106                         return (EINVAL);
4107                 }
4108 
4109                 if (dsl_dir_is_clone(ds->ds_dir)) {
4110                         rw_enter(&dp->dp_config_rwlock, RW_READER);
4111                         error = dsl_dataset_hold_obj(dp,
4112                             ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4113                         rw_exit(&dp->dp_config_rwlock);
4114                         if (error) {
4115                                 dsl_dataset_rele(ds, FTAG);
4116                                 return (error);
4117                         }
4118                         error = dmu_objset_from_ds(dsfrom, &fromsnap);
4119                         if (error) {
4120                                 dsl_dataset_rele(dsfrom, FTAG);
4121                                 dsl_dataset_rele(ds, FTAG);
4122                                 return (error);
4123                         }
4124                 }
4125         }
4126 
4127         if (estimate) {
4128                 error = dmu_send_estimate(tosnap, fromsnap,
4129                     &zc->zc_objset_type);
4130         } else {
4131                 file_t *fp = getf(zc->zc_cookie);
4132                 if (fp == NULL) {
4133                         dsl_dataset_rele(ds, FTAG);
4134                         if (dsfrom)
4135                                 dsl_dataset_rele(dsfrom, FTAG);
4136                         return (EBADF);
4137                 }
4138 
4139                 off = fp->f_offset;
4140                 if (!far)
4141                         error = dmu_send(tosnap, fromsnap,
4142                             zc->zc_cookie, fp->f_vnode, &off);
4143                 else
4144                         error = far_send(tosnap, fromsnap,
4145                             zc->zc_cookie, fp->f_vnode, &off);
4146 
4147                 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4148                         fp->f_offset = off;
4149                 releasef(zc->zc_cookie);
4150         }
4151         if (dsfrom)
4152                 dsl_dataset_rele(dsfrom, FTAG);
4153         dsl_dataset_rele(ds, FTAG);
4154         return (error);
4155 }
4156 
4157 /*
4158  * inputs:
4159  * zc_name      name of snapshot on which to report progress
4160  * zc_cookie    file descriptor of send stream
4161  *
4162  * outputs:
4163  * zc_cookie    number of bytes written in send stream thus far
4164  */
4165 static int
4166 zfs_ioc_send_progress(zfs_cmd_t *zc)
4167 {
4168         dsl_dataset_t *ds;
4169         dmu_sendarg_t *dsp = NULL;
4170         int error;
4171 
4172         if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4173                 return (error);
4174 
4175         mutex_enter(&ds->ds_sendstream_lock);
4176 
4177         /*
4178          * Iterate over all the send streams currently active on this dataset.
4179          * If there's one which matches the specified file descriptor _and_ the
4180          * stream was started by the current process, return the progress of
4181          * that stream.
4182          */
4183         for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4184             dsp = list_next(&ds->ds_sendstreams, dsp)) {
4185                 if (dsp->dsa_outfd == zc->zc_cookie &&
4186                     dsp->dsa_proc == curproc)
4187                         break;
4188         }
4189 
4190         if (dsp != NULL)
4191                 zc->zc_cookie = *(dsp->dsa_off);
4192         else
4193                 error = ENOENT;
4194 
4195         mutex_exit(&ds->ds_sendstream_lock);
4196         dsl_dataset_rele(ds, FTAG);
4197         return (error);
4198 }
4199 
4200 static int
4201 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4202 {
4203         int id, error;
4204 
4205         error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4206             &zc->zc_inject_record);
4207 
4208         if (error == 0)
4209                 zc->zc_guid = (uint64_t)id;
4210 
4211         return (error);
4212 }
4213 
4214 static int
4215 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4216 {
4217         return (zio_clear_fault((int)zc->zc_guid));
4218 }
4219 
4220 static int
4221 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4222 {
4223         int id = (int)zc->zc_guid;
4224         int error;
4225 
4226         error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4227             &zc->zc_inject_record);
4228 
4229         zc->zc_guid = id;
4230 
4231         return (error);
4232 }
4233 
4234 static int
4235 zfs_ioc_error_log(zfs_cmd_t *zc)
4236 {
4237         spa_t *spa;
4238         int error;
4239         size_t count = (size_t)zc->zc_nvlist_dst_size;
4240 
4241         if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4242                 return (error);
4243 
4244         error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4245             &count);
4246         if (error == 0)
4247                 zc->zc_nvlist_dst_size = count;
4248         else
4249                 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4250 
4251         spa_close(spa, FTAG);
4252 
4253         return (error);
4254 }
4255 
4256 static int
4257 zfs_ioc_clear(zfs_cmd_t *zc)
4258 {
4259         spa_t *spa;
4260         vdev_t *vd;
4261         int error;
4262 
4263         /*
4264          * On zpool clear we also fix up missing slogs
4265          */
4266         mutex_enter(&spa_namespace_lock);
4267         spa = spa_lookup(zc->zc_name);
4268         if (spa == NULL) {
4269                 mutex_exit(&spa_namespace_lock);
4270                 return (EIO);
4271         }
4272         if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4273                 /* we need to let spa_open/spa_load clear the chains */
4274                 spa_set_log_state(spa, SPA_LOG_CLEAR);
4275         }
4276         spa->spa_last_open_failed = 0;
4277         mutex_exit(&spa_namespace_lock);
4278 
4279         if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4280                 error = spa_open(zc->zc_name, &spa, FTAG);
4281         } else {
4282                 nvlist_t *policy;
4283                 nvlist_t *config = NULL;
4284 
4285                 if (zc->zc_nvlist_src == NULL)
4286                         return (EINVAL);
4287 
4288                 if ((error = get_nvlist(zc->zc_nvlist_src,
4289                     zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4290                         error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4291                             policy, &config);
4292                         if (config != NULL) {
4293                                 int err;
4294 
4295                                 if ((err = put_nvlist(zc, config)) != 0)
4296                                         error = err;
4297                                 nvlist_free(config);
4298                         }
4299                         nvlist_free(policy);
4300                 }
4301         }
4302 
4303         if (error)
4304                 return (error);
4305 
4306         spa_vdev_state_enter(spa, SCL_NONE);
4307 
4308         if (zc->zc_guid == 0) {
4309                 vd = NULL;
4310         } else {
4311                 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4312                 if (vd == NULL) {
4313                         (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4314                         spa_close(spa, FTAG);
4315                         return (ENODEV);
4316                 }
4317         }
4318 
4319         vdev_clear(spa, vd);
4320 
4321         (void) spa_vdev_state_exit(spa, NULL, 0);
4322 
4323         /*
4324          * Resume any suspended I/Os.
4325          */
4326         if (zio_resume(spa) != 0)
4327                 error = EIO;
4328 
4329         spa_close(spa, FTAG);
4330 
4331         return (error);
4332 }
4333 
4334 static int
4335 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4336 {
4337         spa_t *spa;
4338         int error;
4339 
4340         error = spa_open(zc->zc_name, &spa, FTAG);
4341         if (error)
4342                 return (error);
4343 
4344         spa_vdev_state_enter(spa, SCL_NONE);
4345 
4346         /*
4347          * If a resilver is already in progress then set the
4348          * spa_scrub_reopen flag to B_TRUE so that we don't restart
4349          * the scan as a side effect of the reopen. Otherwise, let
4350          * vdev_open() decided if a resilver is required.
4351          */
4352         spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4353         vdev_reopen(spa->spa_root_vdev);
4354         spa->spa_scrub_reopen = B_FALSE;
4355 
4356         (void) spa_vdev_state_exit(spa, NULL, 0);
4357         spa_close(spa, FTAG);
4358         return (0);
4359 }
4360 /*
4361  * inputs:
4362  * zc_name      name of filesystem
4363  * zc_value     name of origin snapshot
4364  *
4365  * outputs:
4366  * zc_string    name of conflicting snapshot, if there is one
4367  */
4368 static int
4369 zfs_ioc_promote(zfs_cmd_t *zc)
4370 {
4371         char *cp;
4372 
4373         /*
4374          * We don't need to unmount *all* the origin fs's snapshots, but
4375          * it's easier.
4376          */
4377         cp = strchr(zc->zc_value, '@');
4378         if (cp)
4379                 *cp = '\0';
4380         (void) dmu_objset_find(zc->zc_value,
4381             zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4382         return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4383 }
4384 
4385 /*
4386  * Retrieve a single {user|group}{used|quota}@... property.
4387  *
4388  * inputs:
4389  * zc_name      name of filesystem
4390  * zc_objset_type zfs_userquota_prop_t
4391  * zc_value     domain name (eg. "S-1-234-567-89")
4392  * zc_guid      RID/UID/GID
4393  *
4394  * outputs:
4395  * zc_cookie    property value
4396  */
4397 static int
4398 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4399 {
4400         zfsvfs_t *zfsvfs;
4401         int error;
4402 
4403         if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4404                 return (EINVAL);
4405 
4406         error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4407         if (error)
4408                 return (error);
4409 
4410         error = zfs_userspace_one(zfsvfs,
4411             zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4412         zfsvfs_rele(zfsvfs, FTAG);
4413 
4414         return (error);
4415 }
4416 
4417 /*
4418  * inputs:
4419  * zc_name              name of filesystem
4420  * zc_cookie            zap cursor
4421  * zc_objset_type       zfs_userquota_prop_t
4422  * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4423  *
4424  * outputs:
4425  * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4426  * zc_cookie    zap cursor
4427  */
4428 static int
4429 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4430 {
4431         zfsvfs_t *zfsvfs;
4432         int bufsize = zc->zc_nvlist_dst_size;
4433 
4434         if (bufsize <= 0)
4435                 return (ENOMEM);
4436 
4437         int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4438         if (error)
4439                 return (error);
4440 
4441         void *buf = kmem_alloc(bufsize, KM_SLEEP);
4442 
4443         error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4444             buf, &zc->zc_nvlist_dst_size);
4445 
4446         if (error == 0) {
4447                 error = xcopyout(buf,
4448                     (void *)(uintptr_t)zc->zc_nvlist_dst,
4449                     zc->zc_nvlist_dst_size);
4450         }
4451         kmem_free(buf, bufsize);
4452         zfsvfs_rele(zfsvfs, FTAG);
4453 
4454         return (error);
4455 }
4456 
4457 /*
4458  * inputs:
4459  * zc_name              name of filesystem
4460  *
4461  * outputs:
4462  * none
4463  */
4464 static int
4465 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4466 {
4467         objset_t *os;
4468         int error = 0;
4469         zfsvfs_t *zfsvfs;
4470 
4471         if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4472                 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4473                         /*
4474                          * If userused is not enabled, it may be because the
4475                          * objset needs to be closed & reopened (to grow the
4476                          * objset_phys_t).  Suspend/resume the fs will do that.
4477                          */
4478                         error = zfs_suspend_fs(zfsvfs);
4479                         if (error == 0)
4480                                 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4481                 }
4482                 if (error == 0)
4483                         error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4484                 VFS_RELE(zfsvfs->z_vfs);
4485         } else {
4486                 /* XXX kind of reading contents without owning */
4487                 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4488                 if (error)
4489                         return (error);
4490 
4491                 error = dmu_objset_userspace_upgrade(os);
4492                 dmu_objset_rele(os, FTAG);
4493         }
4494 
4495         return (error);
4496 }
4497 
4498 /*
4499  * We don't want to have a hard dependency
4500  * against some special symbols in sharefs
4501  * nfs, and smbsrv.  Determine them if needed when
4502  * the first file system is shared.
4503  * Neither sharefs, nfs or smbsrv are unloadable modules.
4504  */
4505 int (*znfsexport_fs)(void *arg);
4506 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4507 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4508 
4509 int zfs_nfsshare_inited;
4510 int zfs_smbshare_inited;
4511 
4512 ddi_modhandle_t nfs_mod;
4513 ddi_modhandle_t sharefs_mod;
4514 ddi_modhandle_t smbsrv_mod;
4515 kmutex_t zfs_share_lock;
4516 
4517 static int
4518 zfs_init_sharefs()
4519 {
4520         int error;
4521 
4522         ASSERT(MUTEX_HELD(&zfs_share_lock));
4523         /* Both NFS and SMB shares also require sharetab support. */
4524         if (sharefs_mod == NULL && ((sharefs_mod =
4525             ddi_modopen("fs/sharefs",
4526             KRTLD_MODE_FIRST, &error)) == NULL)) {
4527                 return (ENOSYS);
4528         }
4529         if (zshare_fs == NULL && ((zshare_fs =
4530             (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4531             ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4532                 return (ENOSYS);
4533         }
4534         return (0);
4535 }
4536 
4537 static int
4538 zfs_ioc_share(zfs_cmd_t *zc)
4539 {
4540         int error;
4541         int opcode;
4542 
4543         switch (zc->zc_share.z_sharetype) {
4544         case ZFS_SHARE_NFS:
4545         case ZFS_UNSHARE_NFS:
4546                 if (zfs_nfsshare_inited == 0) {
4547                         mutex_enter(&zfs_share_lock);
4548                         if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4549                             KRTLD_MODE_FIRST, &error)) == NULL)) {
4550                                 mutex_exit(&zfs_share_lock);
4551                                 return (ENOSYS);
4552                         }
4553                         if (znfsexport_fs == NULL &&
4554                             ((znfsexport_fs = (int (*)(void *))
4555                             ddi_modsym(nfs_mod,
4556                             "nfs_export", &error)) == NULL)) {
4557                                 mutex_exit(&zfs_share_lock);
4558                                 return (ENOSYS);
4559                         }
4560                         error = zfs_init_sharefs();
4561                         if (error) {
4562                                 mutex_exit(&zfs_share_lock);
4563                                 return (ENOSYS);
4564                         }
4565                         zfs_nfsshare_inited = 1;
4566                         mutex_exit(&zfs_share_lock);
4567                 }
4568                 break;
4569         case ZFS_SHARE_SMB:
4570         case ZFS_UNSHARE_SMB:
4571                 if (zfs_smbshare_inited == 0) {
4572                         mutex_enter(&zfs_share_lock);
4573                         if (smbsrv_mod == NULL && ((smbsrv_mod =
4574                             ddi_modopen("drv/smbsrv",
4575                             KRTLD_MODE_FIRST, &error)) == NULL)) {
4576                                 mutex_exit(&zfs_share_lock);
4577                                 return (ENOSYS);
4578                         }
4579                         if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4580                             (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4581                             "smb_server_share", &error)) == NULL)) {
4582                                 mutex_exit(&zfs_share_lock);
4583                                 return (ENOSYS);
4584                         }
4585                         error = zfs_init_sharefs();
4586                         if (error) {
4587                                 mutex_exit(&zfs_share_lock);
4588                                 return (ENOSYS);
4589                         }
4590                         zfs_smbshare_inited = 1;
4591                         mutex_exit(&zfs_share_lock);
4592                 }
4593                 break;
4594         default:
4595                 return (EINVAL);
4596         }
4597 
4598         switch (zc->zc_share.z_sharetype) {
4599         case ZFS_SHARE_NFS:
4600         case ZFS_UNSHARE_NFS:
4601                 if (error =
4602                     znfsexport_fs((void *)
4603                     (uintptr_t)zc->zc_share.z_exportdata))
4604                         return (error);
4605                 break;
4606         case ZFS_SHARE_SMB:
4607         case ZFS_UNSHARE_SMB:
4608                 if (error = zsmbexport_fs((void *)
4609                     (uintptr_t)zc->zc_share.z_exportdata,
4610                     zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4611                     B_TRUE: B_FALSE)) {
4612                         return (error);
4613                 }
4614                 break;
4615         }
4616 
4617         opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4618             zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4619             SHAREFS_ADD : SHAREFS_REMOVE;
4620 
4621         /*
4622          * Add or remove share from sharetab
4623          */
4624         error = zshare_fs(opcode,
4625             (void *)(uintptr_t)zc->zc_share.z_sharedata,
4626             zc->zc_share.z_sharemax);
4627 
4628         return (error);
4629 
4630 }
4631 
4632 ace_t full_access[] = {
4633         {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4634 };
4635 
4636 /*
4637  * inputs:
4638  * zc_name              name of containing filesystem
4639  * zc_obj               object # beyond which we want next in-use object #
4640  *
4641  * outputs:
4642  * zc_obj               next in-use object #
4643  */
4644 static int
4645 zfs_ioc_next_obj(zfs_cmd_t *zc)
4646 {
4647         objset_t *os = NULL;
4648         int error;
4649 
4650         error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4651         if (error)
4652                 return (error);
4653 
4654         error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4655             os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4656 
4657         dmu_objset_rele(os, FTAG);
4658         return (error);
4659 }
4660 
4661 /*
4662  * inputs:
4663  * zc_name              name of filesystem
4664  * zc_value             prefix name for snapshot
4665  * zc_cleanup_fd        cleanup-on-exit file descriptor for calling process
4666  *
4667  * outputs:
4668  * zc_value             short name of new snapshot
4669  */
4670 static int
4671 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4672 {
4673         char *snap_name;
4674         int error;
4675 
4676         snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4677             (u_longlong_t)ddi_get_lbolt64());
4678 
4679         if (strlen(snap_name) >= MAXPATHLEN) {
4680                 strfree(snap_name);
4681                 return (E2BIG);
4682         }
4683 
4684         error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4685         if (error != 0) {
4686                 strfree(snap_name);
4687                 return (error);
4688         }
4689 
4690         (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4691         strfree(snap_name);
4692         return (0);
4693 }
4694 
4695 /*
4696  * inputs:
4697  * zc_name              name of "to" snapshot
4698  * zc_value             name of "from" snapshot
4699  * zc_cookie            file descriptor to write diff data on
4700  *
4701  * outputs:
4702  * dmu_diff_record_t's to the file descriptor
4703  */
4704 static int
4705 zfs_ioc_diff(zfs_cmd_t *zc)
4706 {
4707         objset_t *fromsnap;
4708         objset_t *tosnap;
4709         file_t *fp;
4710         offset_t off;
4711         int error;
4712 
4713         error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4714         if (error)
4715                 return (error);
4716 
4717         error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4718         if (error) {
4719                 dmu_objset_rele(tosnap, FTAG);
4720                 return (error);
4721         }
4722 
4723         fp = getf(zc->zc_cookie);
4724         if (fp == NULL) {
4725                 dmu_objset_rele(fromsnap, FTAG);
4726                 dmu_objset_rele(tosnap, FTAG);
4727                 return (EBADF);
4728         }
4729 
4730         off = fp->f_offset;
4731 
4732         error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4733 
4734         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4735                 fp->f_offset = off;
4736         releasef(zc->zc_cookie);
4737 
4738         dmu_objset_rele(fromsnap, FTAG);
4739         dmu_objset_rele(tosnap, FTAG);
4740         return (error);
4741 }
4742 
4743 /*
4744  * Remove all ACL files in shares dir
4745  */
4746 static int
4747 zfs_smb_acl_purge(znode_t *dzp)
4748 {
4749         zap_cursor_t    zc;
4750         zap_attribute_t zap;
4751         zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4752         int error;
4753 
4754         for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4755             (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4756             zap_cursor_advance(&zc)) {
4757                 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4758                     NULL, 0)) != 0)
4759                         break;
4760         }
4761         zap_cursor_fini(&zc);
4762         return (error);
4763 }
4764 
4765 static int
4766 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4767 {
4768         vnode_t *vp;
4769         znode_t *dzp;
4770         vnode_t *resourcevp = NULL;
4771         znode_t *sharedir;
4772         zfsvfs_t *zfsvfs;
4773         nvlist_t *nvlist;
4774         char *src, *target;
4775         vattr_t vattr;
4776         vsecattr_t vsec;
4777         int error = 0;
4778 
4779         if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4780             NO_FOLLOW, NULL, &vp)) != 0)
4781                 return (error);
4782 
4783         /* Now make sure mntpnt and dataset are ZFS */
4784 
4785         if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4786             (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4787             zc->zc_name) != 0)) {
4788                 VN_RELE(vp);
4789                 return (EINVAL);
4790         }
4791 
4792         dzp = VTOZ(vp);
4793         zfsvfs = dzp->z_zfsvfs;
4794         ZFS_ENTER(zfsvfs);
4795 
4796         /*
4797          * Create share dir if its missing.
4798          */
4799         mutex_enter(&zfsvfs->z_lock);
4800         if (zfsvfs->z_shares_dir == 0) {
4801                 dmu_tx_t *tx;
4802 
4803                 tx = dmu_tx_create(zfsvfs->z_os);
4804                 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4805                     ZFS_SHARES_DIR);
4806                 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4807                 error = dmu_tx_assign(tx, TXG_WAIT);
4808                 if (error) {
4809                         dmu_tx_abort(tx);
4810                 } else {
4811                         error = zfs_create_share_dir(zfsvfs, tx);
4812                         dmu_tx_commit(tx);
4813                 }
4814                 if (error) {
4815                         mutex_exit(&zfsvfs->z_lock);
4816                         VN_RELE(vp);
4817                         ZFS_EXIT(zfsvfs);
4818                         return (error);
4819                 }
4820         }
4821         mutex_exit(&zfsvfs->z_lock);
4822 
4823         ASSERT(zfsvfs->z_shares_dir);
4824         if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4825                 VN_RELE(vp);
4826                 ZFS_EXIT(zfsvfs);
4827                 return (error);
4828         }
4829 
4830         switch (zc->zc_cookie) {
4831         case ZFS_SMB_ACL_ADD:
4832                 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4833                 vattr.va_type = VREG;
4834                 vattr.va_mode = S_IFREG|0777;
4835                 vattr.va_uid = 0;
4836                 vattr.va_gid = 0;
4837 
4838                 vsec.vsa_mask = VSA_ACE;
4839                 vsec.vsa_aclentp = &full_access;
4840                 vsec.vsa_aclentsz = sizeof (full_access);
4841                 vsec.vsa_aclcnt = 1;
4842 
4843                 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4844                     &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4845                 if (resourcevp)
4846                         VN_RELE(resourcevp);
4847                 break;
4848 
4849         case ZFS_SMB_ACL_REMOVE:
4850                 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4851                     NULL, 0);
4852                 break;
4853 
4854         case ZFS_SMB_ACL_RENAME:
4855                 if ((error = get_nvlist(zc->zc_nvlist_src,
4856                     zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4857                         VN_RELE(vp);
4858                         ZFS_EXIT(zfsvfs);
4859                         return (error);
4860                 }
4861                 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4862                     nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4863                     &target)) {
4864                         VN_RELE(vp);
4865                         VN_RELE(ZTOV(sharedir));
4866                         ZFS_EXIT(zfsvfs);
4867                         nvlist_free(nvlist);
4868                         return (error);
4869                 }
4870                 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4871                     kcred, NULL, 0);
4872                 nvlist_free(nvlist);
4873                 break;
4874 
4875         case ZFS_SMB_ACL_PURGE:
4876                 error = zfs_smb_acl_purge(sharedir);
4877                 break;
4878 
4879         default:
4880                 error = EINVAL;
4881                 break;
4882         }
4883 
4884         VN_RELE(vp);
4885         VN_RELE(ZTOV(sharedir));
4886 
4887         ZFS_EXIT(zfsvfs);
4888 
4889         return (error);
4890 }
4891 
4892 /*
4893  * inputs:
4894  * zc_name              name of filesystem
4895  * zc_value             short name of snap
4896  * zc_string            user-supplied tag for this hold
4897  * zc_cookie            recursive flag
4898  * zc_temphold          set if hold is temporary
4899  * zc_cleanup_fd        cleanup-on-exit file descriptor for calling process
4900  * zc_sendobj           if non-zero, the objid for zc_name@zc_value
4901  * zc_createtxg         if zc_sendobj is non-zero, snap must have zc_createtxg
4902  *
4903  * outputs:             none
4904  */
4905 static int
4906 zfs_ioc_hold(zfs_cmd_t *zc)
4907 {
4908         boolean_t recursive = zc->zc_cookie;
4909         spa_t *spa;
4910         dsl_pool_t *dp;
4911         dsl_dataset_t *ds;
4912         int error;
4913         minor_t minor = 0;
4914 
4915         if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4916                 return (EINVAL);
4917 
4918         if (zc->zc_sendobj == 0) {
4919                 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4920                     zc->zc_string, recursive, zc->zc_temphold,
4921                     zc->zc_cleanup_fd));
4922         }
4923 
4924         if (recursive)
4925                 return (EINVAL);
4926 
4927         error = spa_open(zc->zc_name, &spa, FTAG);
4928         if (error)
4929                 return (error);
4930 
4931         dp = spa_get_dsl(spa);
4932         rw_enter(&dp->dp_config_rwlock, RW_READER);
4933         error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4934         rw_exit(&dp->dp_config_rwlock);
4935         spa_close(spa, FTAG);
4936         if (error)
4937                 return (error);
4938 
4939         /*
4940          * Until we have a hold on this snapshot, it's possible that
4941          * zc_sendobj could've been destroyed and reused as part
4942          * of a later txg.  Make sure we're looking at the right object.
4943          */
4944         if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4945                 dsl_dataset_rele(ds, FTAG);
4946                 return (ENOENT);
4947         }
4948 
4949         if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4950                 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4951                 if (error) {
4952                         dsl_dataset_rele(ds, FTAG);
4953                         return (error);
4954                 }
4955         }
4956 
4957         error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4958             zc->zc_temphold);
4959         if (minor != 0) {
4960                 if (error == 0) {
4961                         dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4962                             minor);
4963                 }
4964                 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4965         }
4966         dsl_dataset_rele(ds, FTAG);
4967 
4968         return (error);
4969 }
4970 
4971 /*
4972  * inputs:
4973  * zc_name      name of dataset from which we're releasing a user hold
4974  * zc_value     short name of snap
4975  * zc_string    user-supplied tag for this hold
4976  * zc_cookie    recursive flag
4977  *
4978  * outputs:     none
4979  */
4980 static int
4981 zfs_ioc_release(zfs_cmd_t *zc)
4982 {
4983         boolean_t recursive = zc->zc_cookie;
4984 
4985         if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4986                 return (EINVAL);
4987 
4988         return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4989             zc->zc_string, recursive));
4990 }
4991 
4992 /*
4993  * inputs:
4994  * zc_name              name of filesystem
4995  *
4996  * outputs:
4997  * zc_nvlist_src{_size} nvlist of snapshot holds
4998  */
4999 static int
5000 zfs_ioc_get_holds(zfs_cmd_t *zc)
5001 {
5002         nvlist_t *nvp;
5003         int error;
5004 
5005         if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
5006                 error = put_nvlist(zc, nvp);
5007                 nvlist_free(nvp);
5008         }
5009 
5010         return (error);
5011 }
5012 
5013 /*
5014  * inputs:
5015  * zc_name              name of new filesystem or snapshot
5016  * zc_value             full name of old snapshot
5017  *
5018  * outputs:
5019  * zc_cookie            space in bytes
5020  * zc_objset_type       compressed space in bytes
5021  * zc_perm_action       uncompressed space in bytes
5022  */
5023 static int
5024 zfs_ioc_space_written(zfs_cmd_t *zc)
5025 {
5026         int error;
5027         dsl_dataset_t *new, *old;
5028 
5029         error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5030         if (error != 0)
5031                 return (error);
5032         error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5033         if (error != 0) {
5034                 dsl_dataset_rele(new, FTAG);
5035                 return (error);
5036         }
5037 
5038         error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5039             &zc->zc_objset_type, &zc->zc_perm_action);
5040         dsl_dataset_rele(old, FTAG);
5041         dsl_dataset_rele(new, FTAG);
5042         return (error);
5043 }
5044 /*
5045  * innvl: {
5046  *     "firstsnap" -> snapshot name
5047  * }
5048  *
5049  * outnvl: {
5050  *     "used" -> space in bytes
5051  *     "compressed" -> compressed space in bytes
5052  *     "uncompressed" -> uncompressed space in bytes
5053  * }
5054  */
5055 static int
5056 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5057 {
5058         int error;
5059         dsl_dataset_t *new, *old;
5060         char *firstsnap;
5061         uint64_t used, comp, uncomp;
5062 
5063         if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5064                 return (EINVAL);
5065 
5066         error = dsl_dataset_hold(lastsnap, FTAG, &new);
5067         if (error != 0)
5068                 return (error);
5069         error = dsl_dataset_hold(firstsnap, FTAG, &old);
5070         if (error != 0) {
5071                 dsl_dataset_rele(new, FTAG);
5072                 return (error);
5073         }
5074 
5075         error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5076         dsl_dataset_rele(old, FTAG);
5077         dsl_dataset_rele(new, FTAG);
5078         fnvlist_add_uint64(outnvl, "used", used);
5079         fnvlist_add_uint64(outnvl, "compressed", comp);
5080         fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5081         return (error);
5082 }
5083 
5084 /*
5085  * innvl: {
5086  *     "fd" -> file descriptor to write stream to (int32)
5087  *     (optional) "fromsnap" -> full snap name to send an incremental from
5088  * }
5089  *
5090  * outnvl is unused
5091  */
5092 /* ARGSUSED */
5093 static int
5094 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5095 {
5096         objset_t *fromsnap = NULL;
5097         objset_t *tosnap;
5098         int error;
5099         offset_t off;
5100         char *fromname;
5101         int fd;
5102         int far;
5103 
5104         error = nvlist_lookup_int32(innvl, "fd", &fd);
5105         if (error != 0)
5106                 return (EINVAL);
5107 
5108         error = nvlist_lookup_int32(innvl, "far", &far);
5109         if (error != 0 && error != ENOENT)
5110                 return (EINVAL);
5111 
5112         error = dmu_objset_hold(snapname, FTAG, &tosnap);
5113         if (error)
5114                 return (error);
5115 
5116         error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5117         if (error == 0) {
5118                 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5119                 if (error) {
5120                         dmu_objset_rele(tosnap, FTAG);
5121                         return (error);
5122                 }
5123         }
5124 
5125         file_t *fp = getf(fd);
5126         if (fp == NULL) {
5127                 dmu_objset_rele(tosnap, FTAG);
5128                 if (fromsnap != NULL)
5129                         dmu_objset_rele(fromsnap, FTAG);
5130                 return (EBADF);
5131         }
5132 
5133         off = fp->f_offset;
5134         if (!far)
5135                 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5136         else
5137                 error = far_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5138 
5139         if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5140                 fp->f_offset = off;
5141         releasef(fd);
5142         if (fromsnap != NULL)
5143                 dmu_objset_rele(fromsnap, FTAG);
5144         dmu_objset_rele(tosnap, FTAG);
5145         return (error);
5146 }
5147 
5148 /*
5149  * Determine approximately how large a zfs send stream will be -- the number
5150  * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5151  *
5152  * innvl: {
5153  *     (optional) "fromsnap" -> full snap name to send an incremental from
5154  * }
5155  *
5156  * outnvl: {
5157  *     "space" -> bytes of space (uint64)
5158  * }
5159  */
5160 static int
5161 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5162 {
5163         objset_t *fromsnap = NULL;
5164         objset_t *tosnap;
5165         int error;
5166         char *fromname;
5167         uint64_t space;
5168 
5169         error = dmu_objset_hold(snapname, FTAG, &tosnap);
5170         if (error)
5171                 return (error);
5172 
5173         error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5174         if (error == 0) {
5175                 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5176                 if (error) {
5177                         dmu_objset_rele(tosnap, FTAG);
5178                         return (error);
5179                 }
5180         }
5181 
5182         error = dmu_send_estimate(tosnap, fromsnap, &space);
5183         fnvlist_add_uint64(outnvl, "space", space);
5184 
5185         if (fromsnap != NULL)
5186                 dmu_objset_rele(fromsnap, FTAG);
5187         dmu_objset_rele(tosnap, FTAG);
5188         return (error);
5189 }
5190 
5191 
5192 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5193 
5194 static void
5195 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5196     zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5197     boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5198 {
5199         zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5200 
5201         ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5202         ASSERT3U(ioc, <, ZFS_IOC_LAST);
5203         ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5204         ASSERT3P(vec->zvec_func, ==, NULL);
5205 
5206         vec->zvec_legacy_func = func;
5207         vec->zvec_secpolicy = secpolicy;
5208         vec->zvec_namecheck = namecheck;
5209         vec->zvec_allow_log = log_history;
5210         vec->zvec_pool_check = pool_check;
5211 }
5212 
5213 /*
5214  * See the block comment at the beginning of this file for details on
5215  * each argument to this function.
5216  */
5217 static void
5218 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5219     zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5220     zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5221     boolean_t allow_log)
5222 {
5223         zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5224 
5225         ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5226         ASSERT3U(ioc, <, ZFS_IOC_LAST);
5227         ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5228         ASSERT3P(vec->zvec_func, ==, NULL);
5229 
5230         /* if we are logging, the name must be valid */
5231         ASSERT(!allow_log || namecheck != NO_NAME);
5232 
5233         vec->zvec_name = name;
5234         vec->zvec_func = func;
5235         vec->zvec_secpolicy = secpolicy;
5236         vec->zvec_namecheck = namecheck;
5237         vec->zvec_pool_check = pool_check;
5238         vec->zvec_smush_outnvlist = smush_outnvlist;
5239         vec->zvec_allow_log = allow_log;
5240 }
5241 
5242 static void
5243 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5244     zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5245     zfs_ioc_poolcheck_t pool_check)
5246 {
5247         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5248             POOL_NAME, log_history, pool_check);
5249 }
5250 
5251 static void
5252 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5253     zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5254 {
5255         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5256             DATASET_NAME, B_FALSE, pool_check);
5257 }
5258 
5259 static void
5260 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5261 {
5262         zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5263             POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5264 }
5265 
5266 static void
5267 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5268     zfs_secpolicy_func_t *secpolicy)
5269 {
5270         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5271             NO_NAME, B_FALSE, POOL_CHECK_NONE);
5272 }
5273 
5274 static void
5275 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5276     zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5277 {
5278         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5279             DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5280 }
5281 
5282 static void
5283 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5284 {
5285         zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5286             zfs_secpolicy_read);
5287 }
5288 
5289 static void
5290 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5291         zfs_secpolicy_func_t *secpolicy)
5292 {
5293         zfs_ioctl_register_legacy(ioc, func, secpolicy,
5294             DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5295 }
5296 
5297 static void
5298 zfs_ioctl_init(void)
5299 {
5300         zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5301             zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5302             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5303 
5304         zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5305             zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5306             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5307 
5308         zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5309             zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5310             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5311 
5312         zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5313             zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5314             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5315 
5316         zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5317             zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5318             POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5319 
5320         zfs_ioctl_register("create", ZFS_IOC_CREATE,
5321             zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5322             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5323 
5324         zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5325             zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5326             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5327 
5328         zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5329             zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5330             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5331 
5332         /* IOCTLS that use the legacy function signature */
5333 
5334         zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5335             zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5336 
5337         zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5338             zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5339         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5340             zfs_ioc_pool_scan);
5341         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5342             zfs_ioc_pool_upgrade);
5343         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5344             zfs_ioc_vdev_add);
5345         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5346             zfs_ioc_vdev_remove);
5347         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5348             zfs_ioc_vdev_set_state);
5349         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5350             zfs_ioc_vdev_attach);
5351         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5352             zfs_ioc_vdev_detach);
5353         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5354             zfs_ioc_vdev_setpath);
5355         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5356             zfs_ioc_vdev_setfru);
5357         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5358             zfs_ioc_pool_set_props);
5359         zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5360             zfs_ioc_vdev_split);
5361         zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5362             zfs_ioc_pool_reguid);
5363 
5364         zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5365             zfs_ioc_pool_configs, zfs_secpolicy_none);
5366         zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5367             zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5368         zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5369             zfs_ioc_inject_fault, zfs_secpolicy_inject);
5370         zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5371             zfs_ioc_clear_fault, zfs_secpolicy_inject);
5372         zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5373             zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5374 
5375         /*
5376          * pool destroy, and export don't log the history as part of
5377          * zfsdev_ioctl, but rather zfs_ioc_pool_export
5378          * does the logging of those commands.
5379          */
5380         zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5381             zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5382         zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5383             zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5384 
5385         zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5386             zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5387         zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5388             zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5389 
5390         zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5391             zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5392         zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5393             zfs_ioc_dsobj_to_dsname,
5394             zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5395         zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5396             zfs_ioc_pool_get_history,
5397             zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5398 
5399         zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5400             zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5401 
5402         zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5403             zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5404         zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5405             zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5406 
5407         zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5408             zfs_ioc_space_written);
5409         zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5410             zfs_ioc_get_holds);
5411         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5412             zfs_ioc_objset_recvd_props);
5413         zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5414             zfs_ioc_next_obj);
5415         zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5416             zfs_ioc_get_fsacl);
5417         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5418             zfs_ioc_objset_stats);
5419         zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5420             zfs_ioc_objset_zplprops);
5421         zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5422             zfs_ioc_dataset_list_next);
5423         zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5424             zfs_ioc_snapshot_list_next);
5425         zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5426             zfs_ioc_send_progress);
5427 
5428         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5429             zfs_ioc_diff, zfs_secpolicy_diff);
5430         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5431             zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5432         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5433             zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5434         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5435             zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5436         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5437             zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5438         zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5439             zfs_ioc_send, zfs_secpolicy_send);
5440 
5441         zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5442             zfs_secpolicy_none);
5443         zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5444             zfs_secpolicy_destroy);
5445         zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5446             zfs_secpolicy_rollback);
5447         zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5448             zfs_secpolicy_rename);
5449         zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5450             zfs_secpolicy_recv);
5451         zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5452             zfs_secpolicy_promote);
5453         zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5454             zfs_secpolicy_hold);
5455         zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5456             zfs_secpolicy_release);
5457         zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5458             zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5459         zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5460             zfs_secpolicy_set_fsacl);
5461 
5462         zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5463             zfs_secpolicy_share, POOL_CHECK_NONE);
5464         zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5465             zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5466         zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5467             zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5468             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5469         zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5470             zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5471             POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5472 }
5473 
5474 int
5475 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5476     zfs_ioc_poolcheck_t check)
5477 {
5478         spa_t *spa;
5479         int error;
5480 
5481         ASSERT(type == POOL_NAME || type == DATASET_NAME);
5482 
5483         if (check & POOL_CHECK_NONE)
5484                 return (0);
5485 
5486         error = spa_open(name, &spa, FTAG);
5487         if (error == 0) {
5488                 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5489                         error = EAGAIN;
5490                 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5491                         error = EROFS;
5492                 spa_close(spa, FTAG);
5493         }
5494         return (error);
5495 }
5496 
5497 /*
5498  * Find a free minor number.
5499  */
5500 minor_t
5501 zfsdev_minor_alloc(void)
5502 {
5503         static minor_t last_minor;
5504         minor_t m;
5505 
5506         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5507 
5508         for (m = last_minor + 1; m != last_minor; m++) {
5509                 if (m > ZFSDEV_MAX_MINOR)
5510                         m = 1;
5511                 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5512                         last_minor = m;
5513                         return (m);
5514                 }
5515         }
5516 
5517         return (0);
5518 }
5519 
5520 static int
5521 zfs_ctldev_init(dev_t *devp)
5522 {
5523         minor_t minor;
5524         zfs_soft_state_t *zs;
5525 
5526         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5527         ASSERT(getminor(*devp) == 0);
5528 
5529         minor = zfsdev_minor_alloc();
5530         if (minor == 0)
5531                 return (ENXIO);
5532 
5533         if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5534                 return (EAGAIN);
5535 
5536         *devp = makedevice(getemajor(*devp), minor);
5537 
5538         zs = ddi_get_soft_state(zfsdev_state, minor);
5539         zs->zss_type = ZSST_CTLDEV;
5540         zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5541 
5542         return (0);
5543 }
5544 
5545 static void
5546 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5547 {
5548         ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5549 
5550         zfs_onexit_destroy(zo);
5551         ddi_soft_state_free(zfsdev_state, minor);
5552 }
5553 
5554 void *
5555 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5556 {
5557         zfs_soft_state_t *zp;
5558 
5559         zp = ddi_get_soft_state(zfsdev_state, minor);
5560         if (zp == NULL || zp->zss_type != which)
5561                 return (NULL);
5562 
5563         return (zp->zss_data);
5564 }
5565 
5566 static int
5567 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5568 {
5569         int error = 0;
5570 
5571         if (getminor(*devp) != 0)
5572                 return (zvol_open(devp, flag, otyp, cr));
5573 
5574         /* This is the control device. Allocate a new minor if requested. */
5575         if (flag & FEXCL) {
5576                 mutex_enter(&zfsdev_state_lock);
5577                 error = zfs_ctldev_init(devp);
5578                 mutex_exit(&zfsdev_state_lock);
5579         }
5580 
5581         return (error);
5582 }
5583 
5584 static int
5585 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5586 {
5587         zfs_onexit_t *zo;
5588         minor_t minor = getminor(dev);
5589 
5590         if (minor == 0)
5591                 return (0);
5592 
5593         mutex_enter(&zfsdev_state_lock);
5594         zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5595         if (zo == NULL) {
5596                 mutex_exit(&zfsdev_state_lock);
5597                 return (zvol_close(dev, flag, otyp, cr));
5598         }
5599         zfs_ctldev_destroy(zo, minor);
5600         mutex_exit(&zfsdev_state_lock);
5601 
5602         return (0);
5603 }
5604 
5605 static int
5606 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5607 {
5608         zfs_cmd_t *zc;
5609         uint_t vecnum;
5610         int error, rc, len;
5611         minor_t minor = getminor(dev);
5612         const zfs_ioc_vec_t *vec;
5613         char *saved_poolname = NULL;
5614         nvlist_t *innvl = NULL;
5615 
5616         if (minor != 0 &&
5617             zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5618                 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5619 
5620         vecnum = cmd - ZFS_IOC_FIRST;
5621         ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5622 
5623         if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5624                 return (EINVAL);
5625         vec = &zfs_ioc_vec[vecnum];
5626 
5627         zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5628 
5629         error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5630         if (error != 0) {
5631                 error = EFAULT;
5632                 goto out;
5633         }
5634 
5635         zc->zc_iflags = flag & FKIOCTL;
5636         if (zc->zc_nvlist_src_size != 0) {
5637                 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5638                     zc->zc_iflags, &innvl);
5639                 if (error != 0)
5640                         goto out;
5641         }
5642 
5643         /*
5644          * Ensure that all pool/dataset names are valid before we pass down to
5645          * the lower layers.
5646          */
5647         zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5648         switch (vec->zvec_namecheck) {
5649         case POOL_NAME:
5650                 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5651                         error = EINVAL;
5652                 else
5653                         error = pool_status_check(zc->zc_name,
5654                             vec->zvec_namecheck, vec->zvec_pool_check);
5655                 break;
5656 
5657         case DATASET_NAME:
5658                 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5659                         error = EINVAL;
5660                 else
5661                         error = pool_status_check(zc->zc_name,
5662                             vec->zvec_namecheck, vec->zvec_pool_check);
5663                 break;
5664 
5665         case NO_NAME:
5666                 break;
5667         }
5668 
5669 
5670         if (error == 0 && !(flag & FKIOCTL))
5671                 error = vec->zvec_secpolicy(zc, innvl, cr);
5672 
5673         if (error != 0)
5674                 goto out;
5675 
5676         /* legacy ioctls can modify zc_name */
5677         len = strcspn(zc->zc_name, "/@") + 1;
5678         saved_poolname = kmem_alloc(len, KM_SLEEP);
5679         (void) strlcpy(saved_poolname, zc->zc_name, len);
5680 
5681         if (vec->zvec_func != NULL) {
5682                 nvlist_t *outnvl;
5683                 int puterror = 0;
5684                 spa_t *spa;
5685                 nvlist_t *lognv = NULL;
5686 
5687                 ASSERT(vec->zvec_legacy_func == NULL);
5688 
5689                 /*
5690                  * Add the innvl to the lognv before calling the func,
5691                  * in case the func changes the innvl.
5692                  */
5693                 if (vec->zvec_allow_log) {
5694                         lognv = fnvlist_alloc();
5695                         fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5696                             vec->zvec_name);
5697                         if (!nvlist_empty(innvl)) {
5698                                 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5699                                     innvl);
5700                         }
5701                 }
5702 
5703                 outnvl = fnvlist_alloc();
5704                 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5705 
5706                 if (error == 0 && vec->zvec_allow_log &&
5707                     spa_open(zc->zc_name, &spa, FTAG) == 0) {
5708                         if (!nvlist_empty(outnvl)) {
5709                                 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5710                                     outnvl);
5711                         }
5712                         (void) spa_history_log_nvl(spa, lognv);
5713                         spa_close(spa, FTAG);
5714                 }
5715                 fnvlist_free(lognv);
5716 
5717                 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5718                         int smusherror = 0;
5719                         if (vec->zvec_smush_outnvlist) {
5720                                 smusherror = nvlist_smush(outnvl,
5721                                     zc->zc_nvlist_dst_size);
5722                         }
5723                         if (smusherror == 0)
5724                                 puterror = put_nvlist(zc, outnvl);
5725                 }
5726 
5727                 if (puterror != 0)
5728                         error = puterror;
5729 
5730                 nvlist_free(outnvl);
5731         } else {
5732                 error = vec->zvec_legacy_func(zc);
5733         }
5734 
5735 out:
5736         nvlist_free(innvl);
5737         rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5738         if (error == 0 && rc != 0)
5739                 error = EFAULT;
5740         if (error == 0 && vec->zvec_allow_log) {
5741                 char *s = tsd_get(zfs_allow_log_key);
5742                 if (s != NULL)
5743                         strfree(s);
5744                 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5745         } else {
5746                 if (saved_poolname != NULL)
5747                         strfree(saved_poolname);
5748         }
5749 
5750         kmem_free(zc, sizeof (zfs_cmd_t));
5751         return (error);
5752 }
5753 
5754 static int
5755 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5756 {
5757         if (cmd != DDI_ATTACH)
5758                 return (DDI_FAILURE);
5759 
5760         if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5761             DDI_PSEUDO, 0) == DDI_FAILURE)
5762                 return (DDI_FAILURE);
5763 
5764         zfs_dip = dip;
5765 
5766         ddi_report_dev(dip);
5767 
5768         return (DDI_SUCCESS);
5769 }
5770 
5771 static int
5772 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5773 {
5774         if (spa_busy() || zfs_busy() || zvol_busy())
5775                 return (DDI_FAILURE);
5776 
5777         if (cmd != DDI_DETACH)
5778                 return (DDI_FAILURE);
5779 
5780         zfs_dip = NULL;
5781 
5782         ddi_prop_remove_all(dip);
5783         ddi_remove_minor_node(dip, NULL);
5784 
5785         return (DDI_SUCCESS);
5786 }
5787 
5788 /*ARGSUSED*/
5789 static int
5790 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5791 {
5792         switch (infocmd) {
5793         case DDI_INFO_DEVT2DEVINFO:
5794                 *result = zfs_dip;
5795                 return (DDI_SUCCESS);
5796 
5797         case DDI_INFO_DEVT2INSTANCE:
5798                 *result = (void *)0;
5799                 return (DDI_SUCCESS);
5800         }
5801 
5802         return (DDI_FAILURE);
5803 }
5804 
5805 /*
5806  * OK, so this is a little weird.
5807  *
5808  * /dev/zfs is the control node, i.e. minor 0.
5809  * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5810  *
5811  * /dev/zfs has basically nothing to do except serve up ioctls,
5812  * so most of the standard driver entry points are in zvol.c.
5813  */
5814 static struct cb_ops zfs_cb_ops = {
5815         zfsdev_open,    /* open */
5816         zfsdev_close,   /* close */
5817         zvol_strategy,  /* strategy */
5818         nodev,          /* print */
5819         zvol_dump,      /* dump */
5820         zvol_read,      /* read */
5821         zvol_write,     /* write */
5822         zfsdev_ioctl,   /* ioctl */
5823         nodev,          /* devmap */
5824         nodev,          /* mmap */
5825         nodev,          /* segmap */
5826         nochpoll,       /* poll */
5827         ddi_prop_op,    /* prop_op */
5828         NULL,           /* streamtab */
5829         D_NEW | D_MP | D_64BIT,         /* Driver compatibility flag */
5830         CB_REV,         /* version */
5831         nodev,          /* async read */
5832         nodev,          /* async write */
5833 };
5834 
5835 static struct dev_ops zfs_dev_ops = {
5836         DEVO_REV,       /* version */
5837         0,              /* refcnt */
5838         zfs_info,       /* info */
5839         nulldev,        /* identify */
5840         nulldev,        /* probe */
5841         zfs_attach,     /* attach */
5842         zfs_detach,     /* detach */
5843         nodev,          /* reset */
5844         &zfs_cb_ops,        /* driver operations */
5845         NULL,           /* no bus operations */
5846         NULL,           /* power */
5847         ddi_quiesce_not_needed, /* quiesce */
5848 };
5849 
5850 static struct modldrv zfs_modldrv = {
5851         &mod_driverops,
5852         "ZFS storage pool",
5853         &zfs_dev_ops
5854 };
5855 
5856 static struct modlinkage modlinkage = {
5857         MODREV_1,
5858         (void *)&zfs_modlfs,
5859         (void *)&zfs_modldrv,
5860         NULL
5861 };
5862 
5863 static void
5864 zfs_allow_log_destroy(void *arg)
5865 {
5866         char *poolname = arg;
5867         strfree(poolname);
5868 }
5869 
5870 int
5871 _init(void)
5872 {
5873         int error;
5874 
5875         spa_init(FREAD | FWRITE);
5876         zfs_init();
5877         zvol_init();
5878         zfs_ioctl_init();
5879 
5880         if ((error = mod_install(&modlinkage)) != 0) {
5881                 zvol_fini();
5882                 zfs_fini();
5883                 spa_fini();
5884                 return (error);
5885         }
5886 
5887         tsd_create(&zfs_fsyncer_key, NULL);
5888         tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5889         tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5890 
5891         error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5892         ASSERT(error == 0);
5893         mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5894 
5895         return (0);
5896 }
5897 
5898 int
5899 _fini(void)
5900 {
5901         int error;
5902 
5903         if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5904                 return (EBUSY);
5905 
5906         if ((error = mod_remove(&modlinkage)) != 0)
5907                 return (error);
5908 
5909         zvol_fini();
5910         zfs_fini();
5911         spa_fini();
5912         if (zfs_nfsshare_inited)
5913                 (void) ddi_modclose(nfs_mod);
5914         if (zfs_smbshare_inited)
5915                 (void) ddi_modclose(smbsrv_mod);
5916         if (zfs_nfsshare_inited || zfs_smbshare_inited)
5917                 (void) ddi_modclose(sharefs_mod);
5918 
5919         tsd_destroy(&zfs_fsyncer_key);
5920         ldi_ident_release(zfs_li);
5921         zfs_li = NULL;
5922         mutex_destroy(&zfs_share_lock);
5923 
5924         return (error);
5925 }
5926 
5927 int
5928 _info(struct modinfo *modinfop)
5929 {
5930         return (mod_info(&modlinkage, modinfop));
5931 }