1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Portions Copyright 2011 Martin Matuska 25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 26 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 27 * Copyright (c) 2012 by Delphix. All rights reserved. 28 */ 29 30 /* 31 * ZFS ioctls. 32 * 33 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 34 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 35 * 36 * There are two ways that we handle ioctls: the legacy way where almost 37 * all of the logic is in the ioctl callback, and the new way where most 38 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 39 * 40 * Non-legacy ioctls should be registered by calling 41 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 42 * from userland by lzc_ioctl(). 43 * 44 * The registration arguments are as follows: 45 * 46 * const char *name 47 * The name of the ioctl. This is used for history logging. If the 48 * ioctl returns successfully (the callback returns 0), and allow_log 49 * is true, then a history log entry will be recorded with the input & 50 * output nvlists. The log entry can be printed with "zpool history -i". 51 * 52 * zfs_ioc_t ioc 53 * The ioctl request number, which userland will pass to ioctl(2). 54 * The ioctl numbers can change from release to release, because 55 * the caller (libzfs) must be matched to the kernel. 56 * 57 * zfs_secpolicy_func_t *secpolicy 58 * This function will be called before the zfs_ioc_func_t, to 59 * determine if this operation is permitted. It should return EPERM 60 * on failure, and 0 on success. Checks include determining if the 61 * dataset is visible in this zone, and if the user has either all 62 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 63 * to do this operation on this dataset with "zfs allow". 64 * 65 * zfs_ioc_namecheck_t namecheck 66 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 67 * name, a dataset name, or nothing. If the name is not well-formed, 68 * the ioctl will fail and the callback will not be called. 69 * Therefore, the callback can assume that the name is well-formed 70 * (e.g. is null-terminated, doesn't have more than one '@' character, 71 * doesn't have invalid characters). 72 * 73 * zfs_ioc_poolcheck_t pool_check 74 * This specifies requirements on the pool state. If the pool does 75 * not meet them (is suspended or is readonly), the ioctl will fail 76 * and the callback will not be called. If any checks are specified 77 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 78 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 79 * POOL_CHECK_READONLY). 80 * 81 * boolean_t smush_outnvlist 82 * If smush_outnvlist is true, then the output is presumed to be a 83 * list of errors, and it will be "smushed" down to fit into the 84 * caller's buffer, by removing some entries and replacing them with a 85 * single "N_MORE_ERRORS" entry indicating how many were removed. See 86 * nvlist_smush() for details. If smush_outnvlist is false, and the 87 * outnvlist does not fit into the userland-provided buffer, then the 88 * ioctl will fail with ENOMEM. 89 * 90 * zfs_ioc_func_t *func 91 * The callback function that will perform the operation. 92 * 93 * The callback should return 0 on success, or an error number on 94 * failure. If the function fails, the userland ioctl will return -1, 95 * and errno will be set to the callback's return value. The callback 96 * will be called with the following arguments: 97 * 98 * const char *name 99 * The name of the pool or dataset to operate on, from 100 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 101 * expected type (pool, dataset, or none). 102 * 103 * nvlist_t *innvl 104 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 105 * NULL if no input nvlist was provided. Changes to this nvlist are 106 * ignored. If the input nvlist could not be deserialized, the 107 * ioctl will fail and the callback will not be called. 108 * 109 * nvlist_t *outnvl 110 * The output nvlist, initially empty. The callback can fill it in, 111 * and it will be returned to userland by serializing it into 112 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 113 * fails (e.g. because the caller didn't supply a large enough 114 * buffer), then the overall ioctl will fail. See the 115 * 'smush_nvlist' argument above for additional behaviors. 116 * 117 * There are two typical uses of the output nvlist: 118 * - To return state, e.g. property values. In this case, 119 * smush_outnvlist should be false. If the buffer was not large 120 * enough, the caller will reallocate a larger buffer and try 121 * the ioctl again. 122 * 123 * - To return multiple errors from an ioctl which makes on-disk 124 * changes. In this case, smush_outnvlist should be true. 125 * Ioctls which make on-disk modifications should generally not 126 * use the outnvl if they succeed, because the caller can not 127 * distinguish between the operation failing, and 128 * deserialization failing. 129 */ 130 131 #include <sys/types.h> 132 #include <sys/param.h> 133 #include <sys/errno.h> 134 #include <sys/uio.h> 135 #include <sys/buf.h> 136 #include <sys/modctl.h> 137 #include <sys/open.h> 138 #include <sys/file.h> 139 #include <sys/kmem.h> 140 #include <sys/conf.h> 141 #include <sys/cmn_err.h> 142 #include <sys/stat.h> 143 #include <sys/zfs_ioctl.h> 144 #include <sys/zfs_vfsops.h> 145 #include <sys/zfs_znode.h> 146 #include <sys/zap.h> 147 #include <sys/spa.h> 148 #include <sys/spa_impl.h> 149 #include <sys/vdev.h> 150 #include <sys/priv_impl.h> 151 #include <sys/dmu.h> 152 #include <sys/dsl_dir.h> 153 #include <sys/dsl_dataset.h> 154 #include <sys/dsl_prop.h> 155 #include <sys/dsl_deleg.h> 156 #include <sys/dmu_objset.h> 157 #include <sys/dmu_impl.h> 158 #include <sys/ddi.h> 159 #include <sys/sunddi.h> 160 #include <sys/sunldi.h> 161 #include <sys/policy.h> 162 #include <sys/zone.h> 163 #include <sys/nvpair.h> 164 #include <sys/pathname.h> 165 #include <sys/mount.h> 166 #include <sys/sdt.h> 167 #include <sys/fs/zfs.h> 168 #include <sys/zfs_ctldir.h> 169 #include <sys/zfs_dir.h> 170 #include <sys/zfs_onexit.h> 171 #include <sys/zvol.h> 172 #include <sys/dsl_scan.h> 173 #include <sharefs/share.h> 174 #include <sys/dmu_objset.h> 175 #include <sys/far.h> 176 177 #include "zfs_namecheck.h" 178 #include "zfs_prop.h" 179 #include "zfs_deleg.h" 180 #include "zfs_comutil.h" 181 182 extern struct modlfs zfs_modlfs; 183 184 extern void zfs_init(void); 185 extern void zfs_fini(void); 186 187 ldi_ident_t zfs_li = NULL; 188 dev_info_t *zfs_dip; 189 190 uint_t zfs_fsyncer_key; 191 extern uint_t rrw_tsd_key; 192 static uint_t zfs_allow_log_key; 193 194 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 195 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 196 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 197 198 typedef enum { 199 NO_NAME, 200 POOL_NAME, 201 DATASET_NAME 202 } zfs_ioc_namecheck_t; 203 204 typedef enum { 205 POOL_CHECK_NONE = 1 << 0, 206 POOL_CHECK_SUSPENDED = 1 << 1, 207 POOL_CHECK_READONLY = 1 << 2, 208 } zfs_ioc_poolcheck_t; 209 210 typedef struct zfs_ioc_vec { 211 zfs_ioc_legacy_func_t *zvec_legacy_func; 212 zfs_ioc_func_t *zvec_func; 213 zfs_secpolicy_func_t *zvec_secpolicy; 214 zfs_ioc_namecheck_t zvec_namecheck; 215 boolean_t zvec_allow_log; 216 zfs_ioc_poolcheck_t zvec_pool_check; 217 boolean_t zvec_smush_outnvlist; 218 const char *zvec_name; 219 } zfs_ioc_vec_t; 220 221 /* This array is indexed by zfs_userquota_prop_t */ 222 static const char *userquota_perms[] = { 223 ZFS_DELEG_PERM_USERUSED, 224 ZFS_DELEG_PERM_USERQUOTA, 225 ZFS_DELEG_PERM_GROUPUSED, 226 ZFS_DELEG_PERM_GROUPQUOTA, 227 }; 228 229 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 230 static int zfs_check_settable(const char *name, nvpair_t *property, 231 cred_t *cr); 232 static int zfs_check_clearable(char *dataset, nvlist_t *props, 233 nvlist_t **errors); 234 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 235 boolean_t *); 236 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 237 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 238 239 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 240 void 241 __dprintf(const char *file, const char *func, int line, const char *fmt, ...) 242 { 243 const char *newfile; 244 char buf[512]; 245 va_list adx; 246 247 /* 248 * Get rid of annoying "../common/" prefix to filename. 249 */ 250 newfile = strrchr(file, '/'); 251 if (newfile != NULL) { 252 newfile = newfile + 1; /* Get rid of leading / */ 253 } else { 254 newfile = file; 255 } 256 257 va_start(adx, fmt); 258 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 259 va_end(adx); 260 261 /* 262 * To get this data, use the zfs-dprintf probe as so: 263 * dtrace -q -n 'zfs-dprintf \ 264 * /stringof(arg0) == "dbuf.c"/ \ 265 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 266 * arg0 = file name 267 * arg1 = function name 268 * arg2 = line number 269 * arg3 = message 270 */ 271 DTRACE_PROBE4(zfs__dprintf, 272 char *, newfile, char *, func, int, line, char *, buf); 273 } 274 275 static void 276 history_str_free(char *buf) 277 { 278 kmem_free(buf, HIS_MAX_RECORD_LEN); 279 } 280 281 static char * 282 history_str_get(zfs_cmd_t *zc) 283 { 284 char *buf; 285 286 if (zc->zc_history == NULL) 287 return (NULL); 288 289 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 290 if (copyinstr((void *)(uintptr_t)zc->zc_history, 291 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 292 history_str_free(buf); 293 return (NULL); 294 } 295 296 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 297 298 return (buf); 299 } 300 301 /* 302 * Check to see if the named dataset is currently defined as bootable 303 */ 304 static boolean_t 305 zfs_is_bootfs(const char *name) 306 { 307 objset_t *os; 308 309 if (dmu_objset_hold(name, FTAG, &os) == 0) { 310 boolean_t ret; 311 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 312 dmu_objset_rele(os, FTAG); 313 return (ret); 314 } 315 return (B_FALSE); 316 } 317 318 /* 319 * zfs_earlier_version 320 * 321 * Return non-zero if the spa version is less than requested version. 322 */ 323 static int 324 zfs_earlier_version(const char *name, int version) 325 { 326 spa_t *spa; 327 328 if (spa_open(name, &spa, FTAG) == 0) { 329 if (spa_version(spa) < version) { 330 spa_close(spa, FTAG); 331 return (1); 332 } 333 spa_close(spa, FTAG); 334 } 335 return (0); 336 } 337 338 /* 339 * zpl_earlier_version 340 * 341 * Return TRUE if the ZPL version is less than requested version. 342 */ 343 static boolean_t 344 zpl_earlier_version(const char *name, int version) 345 { 346 objset_t *os; 347 boolean_t rc = B_TRUE; 348 349 if (dmu_objset_hold(name, FTAG, &os) == 0) { 350 uint64_t zplversion; 351 352 if (dmu_objset_type(os) != DMU_OST_ZFS) { 353 dmu_objset_rele(os, FTAG); 354 return (B_TRUE); 355 } 356 /* XXX reading from non-owned objset */ 357 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 358 rc = zplversion < version; 359 dmu_objset_rele(os, FTAG); 360 } 361 return (rc); 362 } 363 364 static void 365 zfs_log_history(zfs_cmd_t *zc) 366 { 367 spa_t *spa; 368 char *buf; 369 370 if ((buf = history_str_get(zc)) == NULL) 371 return; 372 373 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 374 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 375 (void) spa_history_log(spa, buf); 376 spa_close(spa, FTAG); 377 } 378 history_str_free(buf); 379 } 380 381 /* 382 * Policy for top-level read operations (list pools). Requires no privileges, 383 * and can be used in the local zone, as there is no associated dataset. 384 */ 385 /* ARGSUSED */ 386 static int 387 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 388 { 389 return (0); 390 } 391 392 /* 393 * Policy for dataset read operations (list children, get statistics). Requires 394 * no privileges, but must be visible in the local zone. 395 */ 396 /* ARGSUSED */ 397 static int 398 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 399 { 400 if (INGLOBALZONE(curproc) || 401 zone_dataset_visible(zc->zc_name, NULL)) 402 return (0); 403 404 return (ENOENT); 405 } 406 407 static int 408 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 409 { 410 int writable = 1; 411 412 /* 413 * The dataset must be visible by this zone -- check this first 414 * so they don't see EPERM on something they shouldn't know about. 415 */ 416 if (!INGLOBALZONE(curproc) && 417 !zone_dataset_visible(dataset, &writable)) 418 return (ENOENT); 419 420 if (INGLOBALZONE(curproc)) { 421 /* 422 * If the fs is zoned, only root can access it from the 423 * global zone. 424 */ 425 if (secpolicy_zfs(cr) && zoned) 426 return (EPERM); 427 } else { 428 /* 429 * If we are in a local zone, the 'zoned' property must be set. 430 */ 431 if (!zoned) 432 return (EPERM); 433 434 /* must be writable by this zone */ 435 if (!writable) 436 return (EPERM); 437 } 438 return (0); 439 } 440 441 static int 442 zfs_dozonecheck(const char *dataset, cred_t *cr) 443 { 444 uint64_t zoned; 445 446 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL)) 447 return (ENOENT); 448 449 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 450 } 451 452 static int 453 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 454 { 455 uint64_t zoned; 456 457 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER); 458 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) { 459 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock); 460 return (ENOENT); 461 } 462 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock); 463 464 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 465 } 466 467 static int 468 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 469 { 470 int error; 471 dsl_dataset_t *ds; 472 473 error = dsl_dataset_hold(name, FTAG, &ds); 474 if (error != 0) 475 return (error); 476 477 error = zfs_dozonecheck_ds(name, ds, cr); 478 if (error == 0) { 479 error = secpolicy_zfs(cr); 480 if (error) 481 error = dsl_deleg_access_impl(ds, perm, cr); 482 } 483 484 dsl_dataset_rele(ds, FTAG); 485 return (error); 486 } 487 488 static int 489 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 490 const char *perm, cred_t *cr) 491 { 492 int error; 493 494 error = zfs_dozonecheck_ds(name, ds, cr); 495 if (error == 0) { 496 error = secpolicy_zfs(cr); 497 if (error) 498 error = dsl_deleg_access_impl(ds, perm, cr); 499 } 500 return (error); 501 } 502 503 /* 504 * Policy for setting the security label property. 505 * 506 * Returns 0 for success, non-zero for access and other errors. 507 */ 508 static int 509 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 510 { 511 char ds_hexsl[MAXNAMELEN]; 512 bslabel_t ds_sl, new_sl; 513 boolean_t new_default = FALSE; 514 uint64_t zoned; 515 int needed_priv = -1; 516 int error; 517 518 /* First get the existing dataset label. */ 519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 520 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 521 if (error) 522 return (EPERM); 523 524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 525 new_default = TRUE; 526 527 /* The label must be translatable */ 528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 529 return (EINVAL); 530 531 /* 532 * In a non-global zone, disallow attempts to set a label that 533 * doesn't match that of the zone; otherwise no other checks 534 * are needed. 535 */ 536 if (!INGLOBALZONE(curproc)) { 537 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 538 return (EPERM); 539 return (0); 540 } 541 542 /* 543 * For global-zone datasets (i.e., those whose zoned property is 544 * "off", verify that the specified new label is valid for the 545 * global zone. 546 */ 547 if (dsl_prop_get_integer(name, 548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 549 return (EPERM); 550 if (!zoned) { 551 if (zfs_check_global_label(name, strval) != 0) 552 return (EPERM); 553 } 554 555 /* 556 * If the existing dataset label is nondefault, check if the 557 * dataset is mounted (label cannot be changed while mounted). 558 * Get the zfsvfs; if there isn't one, then the dataset isn't 559 * mounted (or isn't a dataset, doesn't exist, ...). 560 */ 561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 562 objset_t *os; 563 static char *setsl_tag = "setsl_tag"; 564 565 /* 566 * Try to own the dataset; abort if there is any error, 567 * (e.g., already mounted, in use, or other error). 568 */ 569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 570 setsl_tag, &os); 571 if (error) 572 return (EPERM); 573 574 dmu_objset_disown(os, setsl_tag); 575 576 if (new_default) { 577 needed_priv = PRIV_FILE_DOWNGRADE_SL; 578 goto out_check; 579 } 580 581 if (hexstr_to_label(strval, &new_sl) != 0) 582 return (EPERM); 583 584 if (blstrictdom(&ds_sl, &new_sl)) 585 needed_priv = PRIV_FILE_DOWNGRADE_SL; 586 else if (blstrictdom(&new_sl, &ds_sl)) 587 needed_priv = PRIV_FILE_UPGRADE_SL; 588 } else { 589 /* dataset currently has a default label */ 590 if (!new_default) 591 needed_priv = PRIV_FILE_UPGRADE_SL; 592 } 593 594 out_check: 595 if (needed_priv != -1) 596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 597 return (0); 598 } 599 600 static int 601 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 602 cred_t *cr) 603 { 604 char *strval; 605 606 /* 607 * Check permissions for special properties. 608 */ 609 switch (prop) { 610 case ZFS_PROP_ZONED: 611 /* 612 * Disallow setting of 'zoned' from within a local zone. 613 */ 614 if (!INGLOBALZONE(curproc)) 615 return (EPERM); 616 break; 617 618 case ZFS_PROP_QUOTA: 619 if (!INGLOBALZONE(curproc)) { 620 uint64_t zoned; 621 char setpoint[MAXNAMELEN]; 622 /* 623 * Unprivileged users are allowed to modify the 624 * quota on things *under* (ie. contained by) 625 * the thing they own. 626 */ 627 if (dsl_prop_get_integer(dsname, "zoned", &zoned, 628 setpoint)) 629 return (EPERM); 630 if (!zoned || strlen(dsname) <= strlen(setpoint)) 631 return (EPERM); 632 } 633 break; 634 635 case ZFS_PROP_MLSLABEL: 636 if (!is_system_labeled()) 637 return (EPERM); 638 639 if (nvpair_value_string(propval, &strval) == 0) { 640 int err; 641 642 err = zfs_set_slabel_policy(dsname, strval, CRED()); 643 if (err != 0) 644 return (err); 645 } 646 break; 647 } 648 649 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 650 } 651 652 /* ARGSUSED */ 653 static int 654 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 655 { 656 int error; 657 658 error = zfs_dozonecheck(zc->zc_name, cr); 659 if (error) 660 return (error); 661 662 /* 663 * permission to set permissions will be evaluated later in 664 * dsl_deleg_can_allow() 665 */ 666 return (0); 667 } 668 669 /* ARGSUSED */ 670 static int 671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 672 { 673 return (zfs_secpolicy_write_perms(zc->zc_name, 674 ZFS_DELEG_PERM_ROLLBACK, cr)); 675 } 676 677 /* ARGSUSED */ 678 static int 679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 680 { 681 spa_t *spa; 682 dsl_pool_t *dp; 683 dsl_dataset_t *ds; 684 char *cp; 685 int error; 686 687 /* 688 * Generate the current snapshot name from the given objsetid, then 689 * use that name for the secpolicy/zone checks. 690 */ 691 cp = strchr(zc->zc_name, '@'); 692 if (cp == NULL) 693 return (EINVAL); 694 error = spa_open(zc->zc_name, &spa, FTAG); 695 if (error) 696 return (error); 697 698 dp = spa_get_dsl(spa); 699 rw_enter(&dp->dp_config_rwlock, RW_READER); 700 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 701 rw_exit(&dp->dp_config_rwlock); 702 spa_close(spa, FTAG); 703 if (error) 704 return (error); 705 706 dsl_dataset_name(ds, zc->zc_name); 707 708 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 709 ZFS_DELEG_PERM_SEND, cr); 710 dsl_dataset_rele(ds, FTAG); 711 712 return (error); 713 } 714 715 /* ARGSUSED */ 716 static int 717 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 718 { 719 return (zfs_secpolicy_write_perms(zc->zc_name, 720 ZFS_DELEG_PERM_SEND, cr)); 721 } 722 723 /* ARGSUSED */ 724 static int 725 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 726 { 727 vnode_t *vp; 728 int error; 729 730 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 731 NO_FOLLOW, NULL, &vp)) != 0) 732 return (error); 733 734 /* Now make sure mntpnt and dataset are ZFS */ 735 736 if (vp->v_vfsp->vfs_fstype != zfsfstype || 737 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 738 zc->zc_name) != 0)) { 739 VN_RELE(vp); 740 return (EPERM); 741 } 742 743 VN_RELE(vp); 744 return (dsl_deleg_access(zc->zc_name, 745 ZFS_DELEG_PERM_SHARE, cr)); 746 } 747 748 int 749 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 750 { 751 if (!INGLOBALZONE(curproc)) 752 return (EPERM); 753 754 if (secpolicy_nfs(cr) == 0) { 755 return (0); 756 } else { 757 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 758 } 759 } 760 761 int 762 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 763 { 764 if (!INGLOBALZONE(curproc)) 765 return (EPERM); 766 767 if (secpolicy_smb(cr) == 0) { 768 return (0); 769 } else { 770 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 771 } 772 } 773 774 static int 775 zfs_get_parent(const char *datasetname, char *parent, int parentsize) 776 { 777 char *cp; 778 779 /* 780 * Remove the @bla or /bla from the end of the name to get the parent. 781 */ 782 (void) strncpy(parent, datasetname, parentsize); 783 cp = strrchr(parent, '@'); 784 if (cp != NULL) { 785 cp[0] = '\0'; 786 } else { 787 cp = strrchr(parent, '/'); 788 if (cp == NULL) 789 return (ENOENT); 790 cp[0] = '\0'; 791 } 792 793 return (0); 794 } 795 796 int 797 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 798 { 799 int error; 800 801 if ((error = zfs_secpolicy_write_perms(name, 802 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 803 return (error); 804 805 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 806 } 807 808 /* ARGSUSED */ 809 static int 810 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 811 { 812 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 813 } 814 815 /* 816 * Destroying snapshots with delegated permissions requires 817 * descendant mount and destroy permissions. 818 */ 819 /* ARGSUSED */ 820 static int 821 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 822 { 823 nvlist_t *snaps; 824 nvpair_t *pair, *nextpair; 825 int error = 0; 826 827 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 828 return (EINVAL); 829 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 830 pair = nextpair) { 831 dsl_dataset_t *ds; 832 833 nextpair = nvlist_next_nvpair(snaps, pair); 834 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds); 835 if (error == 0) { 836 dsl_dataset_rele(ds, FTAG); 837 } else if (error == ENOENT) { 838 /* 839 * Ignore any snapshots that don't exist (we consider 840 * them "already destroyed"). Remove the name from the 841 * nvl here in case the snapshot is created between 842 * now and when we try to destroy it (in which case 843 * we don't want to destroy it since we haven't 844 * checked for permission). 845 */ 846 fnvlist_remove_nvpair(snaps, pair); 847 error = 0; 848 continue; 849 } else { 850 break; 851 } 852 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 853 if (error != 0) 854 break; 855 } 856 857 return (error); 858 } 859 860 int 861 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 862 { 863 char parentname[MAXNAMELEN]; 864 int error; 865 866 if ((error = zfs_secpolicy_write_perms(from, 867 ZFS_DELEG_PERM_RENAME, cr)) != 0) 868 return (error); 869 870 if ((error = zfs_secpolicy_write_perms(from, 871 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 872 return (error); 873 874 if ((error = zfs_get_parent(to, parentname, 875 sizeof (parentname))) != 0) 876 return (error); 877 878 if ((error = zfs_secpolicy_write_perms(parentname, 879 ZFS_DELEG_PERM_CREATE, cr)) != 0) 880 return (error); 881 882 if ((error = zfs_secpolicy_write_perms(parentname, 883 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 884 return (error); 885 886 return (error); 887 } 888 889 /* ARGSUSED */ 890 static int 891 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 892 { 893 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr)); 894 } 895 896 /* ARGSUSED */ 897 static int 898 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 899 { 900 char parentname[MAXNAMELEN]; 901 objset_t *clone; 902 int error; 903 904 error = zfs_secpolicy_write_perms(zc->zc_name, 905 ZFS_DELEG_PERM_PROMOTE, cr); 906 if (error) 907 return (error); 908 909 error = dmu_objset_hold(zc->zc_name, FTAG, &clone); 910 911 if (error == 0) { 912 dsl_dataset_t *pclone = NULL; 913 dsl_dir_t *dd; 914 dd = clone->os_dsl_dataset->ds_dir; 915 916 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER); 917 error = dsl_dataset_hold_obj(dd->dd_pool, 918 dd->dd_phys->dd_origin_obj, FTAG, &pclone); 919 rw_exit(&dd->dd_pool->dp_config_rwlock); 920 if (error) { 921 dmu_objset_rele(clone, FTAG); 922 return (error); 923 } 924 925 error = zfs_secpolicy_write_perms(zc->zc_name, 926 ZFS_DELEG_PERM_MOUNT, cr); 927 928 dsl_dataset_name(pclone, parentname); 929 dmu_objset_rele(clone, FTAG); 930 dsl_dataset_rele(pclone, FTAG); 931 if (error == 0) 932 error = zfs_secpolicy_write_perms(parentname, 933 ZFS_DELEG_PERM_PROMOTE, cr); 934 } 935 return (error); 936 } 937 938 /* ARGSUSED */ 939 static int 940 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 941 { 942 int error; 943 944 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 945 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 946 return (error); 947 948 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 949 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 950 return (error); 951 952 return (zfs_secpolicy_write_perms(zc->zc_name, 953 ZFS_DELEG_PERM_CREATE, cr)); 954 } 955 956 int 957 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 958 { 959 return (zfs_secpolicy_write_perms(name, 960 ZFS_DELEG_PERM_SNAPSHOT, cr)); 961 } 962 963 /* 964 * Check for permission to create each snapshot in the nvlist. 965 */ 966 /* ARGSUSED */ 967 static int 968 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 969 { 970 nvlist_t *snaps; 971 int error; 972 nvpair_t *pair; 973 974 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 975 return (EINVAL); 976 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 977 pair = nvlist_next_nvpair(snaps, pair)) { 978 char *name = nvpair_name(pair); 979 char *atp = strchr(name, '@'); 980 981 if (atp == NULL) { 982 error = EINVAL; 983 break; 984 } 985 *atp = '\0'; 986 error = zfs_secpolicy_snapshot_perms(name, cr); 987 *atp = '@'; 988 if (error != 0) 989 break; 990 } 991 return (error); 992 } 993 994 /* ARGSUSED */ 995 static int 996 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 997 { 998 /* 999 * Even root must have a proper TSD so that we know what pool 1000 * to log to. 1001 */ 1002 if (tsd_get(zfs_allow_log_key) == NULL) 1003 return (EPERM); 1004 return (0); 1005 } 1006 1007 static int 1008 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1009 { 1010 char parentname[MAXNAMELEN]; 1011 int error; 1012 char *origin; 1013 1014 if ((error = zfs_get_parent(zc->zc_name, parentname, 1015 sizeof (parentname))) != 0) 1016 return (error); 1017 1018 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1019 (error = zfs_secpolicy_write_perms(origin, 1020 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1021 return (error); 1022 1023 if ((error = zfs_secpolicy_write_perms(parentname, 1024 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1025 return (error); 1026 1027 return (zfs_secpolicy_write_perms(parentname, 1028 ZFS_DELEG_PERM_MOUNT, cr)); 1029 } 1030 1031 /* 1032 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1033 * SYS_CONFIG privilege, which is not available in a local zone. 1034 */ 1035 /* ARGSUSED */ 1036 static int 1037 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1038 { 1039 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1040 return (EPERM); 1041 1042 return (0); 1043 } 1044 1045 /* 1046 * Policy for object to name lookups. 1047 */ 1048 /* ARGSUSED */ 1049 static int 1050 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1051 { 1052 int error; 1053 1054 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1055 return (0); 1056 1057 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1058 return (error); 1059 } 1060 1061 /* 1062 * Policy for fault injection. Requires all privileges. 1063 */ 1064 /* ARGSUSED */ 1065 static int 1066 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1067 { 1068 return (secpolicy_zinject(cr)); 1069 } 1070 1071 /* ARGSUSED */ 1072 static int 1073 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1074 { 1075 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1076 1077 if (prop == ZPROP_INVAL) { 1078 if (!zfs_prop_user(zc->zc_value)) 1079 return (EINVAL); 1080 return (zfs_secpolicy_write_perms(zc->zc_name, 1081 ZFS_DELEG_PERM_USERPROP, cr)); 1082 } else { 1083 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1084 NULL, cr)); 1085 } 1086 } 1087 1088 static int 1089 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1090 { 1091 int err = zfs_secpolicy_read(zc, innvl, cr); 1092 if (err) 1093 return (err); 1094 1095 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1096 return (EINVAL); 1097 1098 if (zc->zc_value[0] == 0) { 1099 /* 1100 * They are asking about a posix uid/gid. If it's 1101 * themself, allow it. 1102 */ 1103 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1104 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1105 if (zc->zc_guid == crgetuid(cr)) 1106 return (0); 1107 } else { 1108 if (groupmember(zc->zc_guid, cr)) 1109 return (0); 1110 } 1111 } 1112 1113 return (zfs_secpolicy_write_perms(zc->zc_name, 1114 userquota_perms[zc->zc_objset_type], cr)); 1115 } 1116 1117 static int 1118 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1119 { 1120 int err = zfs_secpolicy_read(zc, innvl, cr); 1121 if (err) 1122 return (err); 1123 1124 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1125 return (EINVAL); 1126 1127 return (zfs_secpolicy_write_perms(zc->zc_name, 1128 userquota_perms[zc->zc_objset_type], cr)); 1129 } 1130 1131 /* ARGSUSED */ 1132 static int 1133 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1134 { 1135 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1136 NULL, cr)); 1137 } 1138 1139 /* ARGSUSED */ 1140 static int 1141 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1142 { 1143 return (zfs_secpolicy_write_perms(zc->zc_name, 1144 ZFS_DELEG_PERM_HOLD, cr)); 1145 } 1146 1147 /* ARGSUSED */ 1148 static int 1149 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1150 { 1151 return (zfs_secpolicy_write_perms(zc->zc_name, 1152 ZFS_DELEG_PERM_RELEASE, cr)); 1153 } 1154 1155 /* 1156 * Policy for allowing temporary snapshots to be taken or released 1157 */ 1158 static int 1159 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1160 { 1161 /* 1162 * A temporary snapshot is the same as a snapshot, 1163 * hold, destroy and release all rolled into one. 1164 * Delegated diff alone is sufficient that we allow this. 1165 */ 1166 int error; 1167 1168 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1169 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1170 return (0); 1171 1172 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1173 if (!error) 1174 error = zfs_secpolicy_hold(zc, innvl, cr); 1175 if (!error) 1176 error = zfs_secpolicy_release(zc, innvl, cr); 1177 if (!error) 1178 error = zfs_secpolicy_destroy(zc, innvl, cr); 1179 return (error); 1180 } 1181 1182 /* 1183 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1184 */ 1185 static int 1186 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1187 { 1188 char *packed; 1189 int error; 1190 nvlist_t *list = NULL; 1191 1192 /* 1193 * Read in and unpack the user-supplied nvlist. 1194 */ 1195 if (size == 0) 1196 return (EINVAL); 1197 1198 packed = kmem_alloc(size, KM_SLEEP); 1199 1200 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1201 iflag)) != 0) { 1202 kmem_free(packed, size); 1203 return (error); 1204 } 1205 1206 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1207 kmem_free(packed, size); 1208 return (error); 1209 } 1210 1211 kmem_free(packed, size); 1212 1213 *nvp = list; 1214 return (0); 1215 } 1216 1217 /* 1218 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1219 * Entries will be removed from the end of the nvlist, and one int32 entry 1220 * named "N_MORE_ERRORS" will be added indicating how many entries were 1221 * removed. 1222 */ 1223 static int 1224 nvlist_smush(nvlist_t *errors, size_t max) 1225 { 1226 size_t size; 1227 1228 size = fnvlist_size(errors); 1229 1230 if (size > max) { 1231 nvpair_t *more_errors; 1232 int n = 0; 1233 1234 if (max < 1024) 1235 return (ENOMEM); 1236 1237 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1238 more_errors = nvlist_prev_nvpair(errors, NULL); 1239 1240 do { 1241 nvpair_t *pair = nvlist_prev_nvpair(errors, 1242 more_errors); 1243 fnvlist_remove_nvpair(errors, pair); 1244 n++; 1245 size = fnvlist_size(errors); 1246 } while (size > max); 1247 1248 fnvlist_remove_nvpair(errors, more_errors); 1249 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1250 ASSERT3U(fnvlist_size(errors), <=, max); 1251 } 1252 1253 return (0); 1254 } 1255 1256 static int 1257 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1258 { 1259 char *packed = NULL; 1260 int error = 0; 1261 size_t size; 1262 1263 size = fnvlist_size(nvl); 1264 1265 if (size > zc->zc_nvlist_dst_size) { 1266 error = ENOMEM; 1267 } else { 1268 packed = fnvlist_pack(nvl, &size); 1269 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1270 size, zc->zc_iflags) != 0) 1271 error = EFAULT; 1272 fnvlist_pack_free(packed, size); 1273 } 1274 1275 zc->zc_nvlist_dst_size = size; 1276 zc->zc_nvlist_dst_filled = B_TRUE; 1277 return (error); 1278 } 1279 1280 static int 1281 getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1282 { 1283 objset_t *os; 1284 int error; 1285 1286 error = dmu_objset_hold(dsname, FTAG, &os); 1287 if (error) 1288 return (error); 1289 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1290 dmu_objset_rele(os, FTAG); 1291 return (EINVAL); 1292 } 1293 1294 mutex_enter(&os->os_user_ptr_lock); 1295 *zfvp = dmu_objset_get_user(os); 1296 if (*zfvp) { 1297 VFS_HOLD((*zfvp)->z_vfs); 1298 } else { 1299 error = ESRCH; 1300 } 1301 mutex_exit(&os->os_user_ptr_lock); 1302 dmu_objset_rele(os, FTAG); 1303 return (error); 1304 } 1305 1306 /* 1307 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1308 * case its z_vfs will be NULL, and it will be opened as the owner. 1309 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1310 * which prevents all vnode ops from running. 1311 */ 1312 static int 1313 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1314 { 1315 int error = 0; 1316 1317 if (getzfsvfs(name, zfvp) != 0) 1318 error = zfsvfs_create(name, zfvp); 1319 if (error == 0) { 1320 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1321 RW_READER, tag); 1322 if ((*zfvp)->z_unmounted) { 1323 /* 1324 * XXX we could probably try again, since the unmounting 1325 * thread should be just about to disassociate the 1326 * objset from the zfsvfs. 1327 */ 1328 rrw_exit(&(*zfvp)->z_teardown_lock, tag); 1329 return (EBUSY); 1330 } 1331 } 1332 return (error); 1333 } 1334 1335 static void 1336 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1337 { 1338 rrw_exit(&zfsvfs->z_teardown_lock, tag); 1339 1340 if (zfsvfs->z_vfs) { 1341 VFS_RELE(zfsvfs->z_vfs); 1342 } else { 1343 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1344 zfsvfs_free(zfsvfs); 1345 } 1346 } 1347 1348 static int 1349 zfs_ioc_pool_create(zfs_cmd_t *zc) 1350 { 1351 int error; 1352 nvlist_t *config, *props = NULL; 1353 nvlist_t *rootprops = NULL; 1354 nvlist_t *zplprops = NULL; 1355 1356 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1357 zc->zc_iflags, &config)) 1358 return (error); 1359 1360 if (zc->zc_nvlist_src_size != 0 && (error = 1361 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1362 zc->zc_iflags, &props))) { 1363 nvlist_free(config); 1364 return (error); 1365 } 1366 1367 if (props) { 1368 nvlist_t *nvl = NULL; 1369 uint64_t version = SPA_VERSION; 1370 1371 (void) nvlist_lookup_uint64(props, 1372 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1373 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1374 error = EINVAL; 1375 goto pool_props_bad; 1376 } 1377 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1378 if (nvl) { 1379 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1380 if (error != 0) { 1381 nvlist_free(config); 1382 nvlist_free(props); 1383 return (error); 1384 } 1385 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1386 } 1387 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1388 error = zfs_fill_zplprops_root(version, rootprops, 1389 zplprops, NULL); 1390 if (error) 1391 goto pool_props_bad; 1392 } 1393 1394 error = spa_create(zc->zc_name, config, props, zplprops); 1395 1396 /* 1397 * Set the remaining root properties 1398 */ 1399 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1400 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1401 (void) spa_destroy(zc->zc_name); 1402 1403 pool_props_bad: 1404 nvlist_free(rootprops); 1405 nvlist_free(zplprops); 1406 nvlist_free(config); 1407 nvlist_free(props); 1408 1409 return (error); 1410 } 1411 1412 static int 1413 zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1414 { 1415 int error; 1416 zfs_log_history(zc); 1417 error = spa_destroy(zc->zc_name); 1418 if (error == 0) 1419 zvol_remove_minors(zc->zc_name); 1420 return (error); 1421 } 1422 1423 static int 1424 zfs_ioc_pool_import(zfs_cmd_t *zc) 1425 { 1426 nvlist_t *config, *props = NULL; 1427 uint64_t guid; 1428 int error; 1429 1430 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1431 zc->zc_iflags, &config)) != 0) 1432 return (error); 1433 1434 if (zc->zc_nvlist_src_size != 0 && (error = 1435 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1436 zc->zc_iflags, &props))) { 1437 nvlist_free(config); 1438 return (error); 1439 } 1440 1441 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1442 guid != zc->zc_guid) 1443 error = EINVAL; 1444 else 1445 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1446 1447 if (zc->zc_nvlist_dst != 0) { 1448 int err; 1449 1450 if ((err = put_nvlist(zc, config)) != 0) 1451 error = err; 1452 } 1453 1454 nvlist_free(config); 1455 1456 if (props) 1457 nvlist_free(props); 1458 1459 return (error); 1460 } 1461 1462 static int 1463 zfs_ioc_pool_export(zfs_cmd_t *zc) 1464 { 1465 int error; 1466 boolean_t force = (boolean_t)zc->zc_cookie; 1467 boolean_t hardforce = (boolean_t)zc->zc_guid; 1468 1469 zfs_log_history(zc); 1470 error = spa_export(zc->zc_name, NULL, force, hardforce); 1471 if (error == 0) 1472 zvol_remove_minors(zc->zc_name); 1473 return (error); 1474 } 1475 1476 static int 1477 zfs_ioc_pool_configs(zfs_cmd_t *zc) 1478 { 1479 nvlist_t *configs; 1480 int error; 1481 1482 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1483 return (EEXIST); 1484 1485 error = put_nvlist(zc, configs); 1486 1487 nvlist_free(configs); 1488 1489 return (error); 1490 } 1491 1492 /* 1493 * inputs: 1494 * zc_name name of the pool 1495 * 1496 * outputs: 1497 * zc_cookie real errno 1498 * zc_nvlist_dst config nvlist 1499 * zc_nvlist_dst_size size of config nvlist 1500 */ 1501 static int 1502 zfs_ioc_pool_stats(zfs_cmd_t *zc) 1503 { 1504 nvlist_t *config; 1505 int error; 1506 int ret = 0; 1507 1508 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1509 sizeof (zc->zc_value)); 1510 1511 if (config != NULL) { 1512 ret = put_nvlist(zc, config); 1513 nvlist_free(config); 1514 1515 /* 1516 * The config may be present even if 'error' is non-zero. 1517 * In this case we return success, and preserve the real errno 1518 * in 'zc_cookie'. 1519 */ 1520 zc->zc_cookie = error; 1521 } else { 1522 ret = error; 1523 } 1524 1525 return (ret); 1526 } 1527 1528 /* 1529 * Try to import the given pool, returning pool stats as appropriate so that 1530 * user land knows which devices are available and overall pool health. 1531 */ 1532 static int 1533 zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1534 { 1535 nvlist_t *tryconfig, *config; 1536 int error; 1537 1538 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1539 zc->zc_iflags, &tryconfig)) != 0) 1540 return (error); 1541 1542 config = spa_tryimport(tryconfig); 1543 1544 nvlist_free(tryconfig); 1545 1546 if (config == NULL) 1547 return (EINVAL); 1548 1549 error = put_nvlist(zc, config); 1550 nvlist_free(config); 1551 1552 return (error); 1553 } 1554 1555 /* 1556 * inputs: 1557 * zc_name name of the pool 1558 * zc_cookie scan func (pool_scan_func_t) 1559 */ 1560 static int 1561 zfs_ioc_pool_scan(zfs_cmd_t *zc) 1562 { 1563 spa_t *spa; 1564 int error; 1565 1566 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1567 return (error); 1568 1569 if (zc->zc_cookie == POOL_SCAN_NONE) 1570 error = spa_scan_stop(spa); 1571 else 1572 error = spa_scan(spa, zc->zc_cookie); 1573 1574 spa_close(spa, FTAG); 1575 1576 return (error); 1577 } 1578 1579 static int 1580 zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1581 { 1582 spa_t *spa; 1583 int error; 1584 1585 error = spa_open(zc->zc_name, &spa, FTAG); 1586 if (error == 0) { 1587 spa_freeze(spa); 1588 spa_close(spa, FTAG); 1589 } 1590 return (error); 1591 } 1592 1593 static int 1594 zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1595 { 1596 spa_t *spa; 1597 int error; 1598 1599 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1600 return (error); 1601 1602 if (zc->zc_cookie < spa_version(spa) || 1603 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1604 spa_close(spa, FTAG); 1605 return (EINVAL); 1606 } 1607 1608 spa_upgrade(spa, zc->zc_cookie); 1609 spa_close(spa, FTAG); 1610 1611 return (error); 1612 } 1613 1614 static int 1615 zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1616 { 1617 spa_t *spa; 1618 char *hist_buf; 1619 uint64_t size; 1620 int error; 1621 1622 if ((size = zc->zc_history_len) == 0) 1623 return (EINVAL); 1624 1625 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1626 return (error); 1627 1628 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1629 spa_close(spa, FTAG); 1630 return (ENOTSUP); 1631 } 1632 1633 hist_buf = kmem_alloc(size, KM_SLEEP); 1634 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1635 &zc->zc_history_len, hist_buf)) == 0) { 1636 error = ddi_copyout(hist_buf, 1637 (void *)(uintptr_t)zc->zc_history, 1638 zc->zc_history_len, zc->zc_iflags); 1639 } 1640 1641 spa_close(spa, FTAG); 1642 kmem_free(hist_buf, size); 1643 return (error); 1644 } 1645 1646 static int 1647 zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1648 { 1649 spa_t *spa; 1650 int error; 1651 1652 error = spa_open(zc->zc_name, &spa, FTAG); 1653 if (error == 0) { 1654 error = spa_change_guid(spa); 1655 spa_close(spa, FTAG); 1656 } 1657 return (error); 1658 } 1659 1660 static int 1661 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1662 { 1663 int error; 1664 1665 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)) 1666 return (error); 1667 1668 return (0); 1669 } 1670 1671 /* 1672 * inputs: 1673 * zc_name name of filesystem 1674 * zc_obj object to find 1675 * 1676 * outputs: 1677 * zc_value name of object 1678 */ 1679 static int 1680 zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1681 { 1682 objset_t *os; 1683 int error; 1684 1685 /* XXX reading from objset not owned */ 1686 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1687 return (error); 1688 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1689 dmu_objset_rele(os, FTAG); 1690 return (EINVAL); 1691 } 1692 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1693 sizeof (zc->zc_value)); 1694 dmu_objset_rele(os, FTAG); 1695 1696 return (error); 1697 } 1698 1699 /* 1700 * inputs: 1701 * zc_name name of filesystem 1702 * zc_obj object to find 1703 * 1704 * outputs: 1705 * zc_stat stats on object 1706 * zc_value path to object 1707 */ 1708 static int 1709 zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1710 { 1711 objset_t *os; 1712 int error; 1713 1714 /* XXX reading from objset not owned */ 1715 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1716 return (error); 1717 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1718 dmu_objset_rele(os, FTAG); 1719 return (EINVAL); 1720 } 1721 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1722 sizeof (zc->zc_value)); 1723 dmu_objset_rele(os, FTAG); 1724 1725 return (error); 1726 } 1727 1728 static int 1729 zfs_ioc_vdev_add(zfs_cmd_t *zc) 1730 { 1731 spa_t *spa; 1732 int error; 1733 nvlist_t *config, **l2cache, **spares; 1734 uint_t nl2cache = 0, nspares = 0; 1735 1736 error = spa_open(zc->zc_name, &spa, FTAG); 1737 if (error != 0) 1738 return (error); 1739 1740 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1741 zc->zc_iflags, &config); 1742 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1743 &l2cache, &nl2cache); 1744 1745 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1746 &spares, &nspares); 1747 1748 /* 1749 * A root pool with concatenated devices is not supported. 1750 * Thus, can not add a device to a root pool. 1751 * 1752 * Intent log device can not be added to a rootpool because 1753 * during mountroot, zil is replayed, a seperated log device 1754 * can not be accessed during the mountroot time. 1755 * 1756 * l2cache and spare devices are ok to be added to a rootpool. 1757 */ 1758 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1759 nvlist_free(config); 1760 spa_close(spa, FTAG); 1761 return (EDOM); 1762 } 1763 1764 if (error == 0) { 1765 error = spa_vdev_add(spa, config); 1766 nvlist_free(config); 1767 } 1768 spa_close(spa, FTAG); 1769 return (error); 1770 } 1771 1772 /* 1773 * inputs: 1774 * zc_name name of the pool 1775 * zc_nvlist_conf nvlist of devices to remove 1776 * zc_cookie to stop the remove? 1777 */ 1778 static int 1779 zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1780 { 1781 spa_t *spa; 1782 int error; 1783 1784 error = spa_open(zc->zc_name, &spa, FTAG); 1785 if (error != 0) 1786 return (error); 1787 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1788 spa_close(spa, FTAG); 1789 return (error); 1790 } 1791 1792 static int 1793 zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1794 { 1795 spa_t *spa; 1796 int error; 1797 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1798 1799 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1800 return (error); 1801 switch (zc->zc_cookie) { 1802 case VDEV_STATE_ONLINE: 1803 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1804 break; 1805 1806 case VDEV_STATE_OFFLINE: 1807 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1808 break; 1809 1810 case VDEV_STATE_FAULTED: 1811 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1812 zc->zc_obj != VDEV_AUX_EXTERNAL) 1813 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1814 1815 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1816 break; 1817 1818 case VDEV_STATE_DEGRADED: 1819 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1820 zc->zc_obj != VDEV_AUX_EXTERNAL) 1821 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1822 1823 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1824 break; 1825 1826 default: 1827 error = EINVAL; 1828 } 1829 zc->zc_cookie = newstate; 1830 spa_close(spa, FTAG); 1831 return (error); 1832 } 1833 1834 static int 1835 zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1836 { 1837 spa_t *spa; 1838 int replacing = zc->zc_cookie; 1839 nvlist_t *config; 1840 int error; 1841 1842 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1843 return (error); 1844 1845 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1846 zc->zc_iflags, &config)) == 0) { 1847 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 1848 nvlist_free(config); 1849 } 1850 1851 spa_close(spa, FTAG); 1852 return (error); 1853 } 1854 1855 static int 1856 zfs_ioc_vdev_detach(zfs_cmd_t *zc) 1857 { 1858 spa_t *spa; 1859 int error; 1860 1861 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1862 return (error); 1863 1864 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 1865 1866 spa_close(spa, FTAG); 1867 return (error); 1868 } 1869 1870 static int 1871 zfs_ioc_vdev_split(zfs_cmd_t *zc) 1872 { 1873 spa_t *spa; 1874 nvlist_t *config, *props = NULL; 1875 int error; 1876 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 1877 1878 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1879 return (error); 1880 1881 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1882 zc->zc_iflags, &config)) { 1883 spa_close(spa, FTAG); 1884 return (error); 1885 } 1886 1887 if (zc->zc_nvlist_src_size != 0 && (error = 1888 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1889 zc->zc_iflags, &props))) { 1890 spa_close(spa, FTAG); 1891 nvlist_free(config); 1892 return (error); 1893 } 1894 1895 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 1896 1897 spa_close(spa, FTAG); 1898 1899 nvlist_free(config); 1900 nvlist_free(props); 1901 1902 return (error); 1903 } 1904 1905 static int 1906 zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 1907 { 1908 spa_t *spa; 1909 char *path = zc->zc_value; 1910 uint64_t guid = zc->zc_guid; 1911 int error; 1912 1913 error = spa_open(zc->zc_name, &spa, FTAG); 1914 if (error != 0) 1915 return (error); 1916 1917 error = spa_vdev_setpath(spa, guid, path); 1918 spa_close(spa, FTAG); 1919 return (error); 1920 } 1921 1922 static int 1923 zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 1924 { 1925 spa_t *spa; 1926 char *fru = zc->zc_value; 1927 uint64_t guid = zc->zc_guid; 1928 int error; 1929 1930 error = spa_open(zc->zc_name, &spa, FTAG); 1931 if (error != 0) 1932 return (error); 1933 1934 error = spa_vdev_setfru(spa, guid, fru); 1935 spa_close(spa, FTAG); 1936 return (error); 1937 } 1938 1939 static int 1940 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 1941 { 1942 int error = 0; 1943 nvlist_t *nv; 1944 1945 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 1946 1947 if (zc->zc_nvlist_dst != 0 && 1948 (error = dsl_prop_get_all(os, &nv)) == 0) { 1949 dmu_objset_stats(os, nv); 1950 /* 1951 * NB: zvol_get_stats() will read the objset contents, 1952 * which we aren't supposed to do with a 1953 * DS_MODE_USER hold, because it could be 1954 * inconsistent. So this is a bit of a workaround... 1955 * XXX reading with out owning 1956 */ 1957 if (!zc->zc_objset_stats.dds_inconsistent && 1958 dmu_objset_type(os) == DMU_OST_ZVOL) { 1959 error = zvol_get_stats(os, nv); 1960 if (error == EIO) 1961 return (error); 1962 VERIFY0(error); 1963 } 1964 error = put_nvlist(zc, nv); 1965 nvlist_free(nv); 1966 } 1967 1968 return (error); 1969 } 1970 1971 /* 1972 * inputs: 1973 * zc_name name of filesystem 1974 * zc_nvlist_dst_size size of buffer for property nvlist 1975 * 1976 * outputs: 1977 * zc_objset_stats stats 1978 * zc_nvlist_dst property nvlist 1979 * zc_nvlist_dst_size size of property nvlist 1980 */ 1981 static int 1982 zfs_ioc_objset_stats(zfs_cmd_t *zc) 1983 { 1984 objset_t *os = NULL; 1985 int error; 1986 1987 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 1988 return (error); 1989 1990 error = zfs_ioc_objset_stats_impl(zc, os); 1991 1992 dmu_objset_rele(os, FTAG); 1993 1994 return (error); 1995 } 1996 1997 /* 1998 * inputs: 1999 * zc_name name of filesystem 2000 * zc_nvlist_dst_size size of buffer for property nvlist 2001 * 2002 * outputs: 2003 * zc_nvlist_dst received property nvlist 2004 * zc_nvlist_dst_size size of received property nvlist 2005 * 2006 * Gets received properties (distinct from local properties on or after 2007 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2008 * local property values. 2009 */ 2010 static int 2011 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2012 { 2013 objset_t *os = NULL; 2014 int error; 2015 nvlist_t *nv; 2016 2017 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2018 return (error); 2019 2020 /* 2021 * Without this check, we would return local property values if the 2022 * caller has not already received properties on or after 2023 * SPA_VERSION_RECVD_PROPS. 2024 */ 2025 if (!dsl_prop_get_hasrecvd(os)) { 2026 dmu_objset_rele(os, FTAG); 2027 return (ENOTSUP); 2028 } 2029 2030 if (zc->zc_nvlist_dst != 0 && 2031 (error = dsl_prop_get_received(os, &nv)) == 0) { 2032 error = put_nvlist(zc, nv); 2033 nvlist_free(nv); 2034 } 2035 2036 dmu_objset_rele(os, FTAG); 2037 return (error); 2038 } 2039 2040 static int 2041 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2042 { 2043 uint64_t value; 2044 int error; 2045 2046 /* 2047 * zfs_get_zplprop() will either find a value or give us 2048 * the default value (if there is one). 2049 */ 2050 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2051 return (error); 2052 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2053 return (0); 2054 } 2055 2056 /* 2057 * inputs: 2058 * zc_name name of filesystem 2059 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2060 * 2061 * outputs: 2062 * zc_nvlist_dst zpl property nvlist 2063 * zc_nvlist_dst_size size of zpl property nvlist 2064 */ 2065 static int 2066 zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2067 { 2068 objset_t *os; 2069 int err; 2070 2071 /* XXX reading without owning */ 2072 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2073 return (err); 2074 2075 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2076 2077 /* 2078 * NB: nvl_add_zplprop() will read the objset contents, 2079 * which we aren't supposed to do with a DS_MODE_USER 2080 * hold, because it could be inconsistent. 2081 */ 2082 if (zc->zc_nvlist_dst != NULL && 2083 !zc->zc_objset_stats.dds_inconsistent && 2084 dmu_objset_type(os) == DMU_OST_ZFS) { 2085 nvlist_t *nv; 2086 2087 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2088 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2089 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2090 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2091 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2092 err = put_nvlist(zc, nv); 2093 nvlist_free(nv); 2094 } else { 2095 err = ENOENT; 2096 } 2097 dmu_objset_rele(os, FTAG); 2098 return (err); 2099 } 2100 2101 static boolean_t 2102 dataset_name_hidden(const char *name) 2103 { 2104 /* 2105 * Skip over datasets that are not visible in this zone, 2106 * internal datasets (which have a $ in their name), and 2107 * temporary datasets (which have a % in their name). 2108 */ 2109 if (strchr(name, '$') != NULL) 2110 return (B_TRUE); 2111 if (strchr(name, '%') != NULL) 2112 return (B_TRUE); 2113 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL)) 2114 return (B_TRUE); 2115 return (B_FALSE); 2116 } 2117 2118 /* 2119 * inputs: 2120 * zc_name name of filesystem 2121 * zc_cookie zap cursor 2122 * zc_nvlist_dst_size size of buffer for property nvlist 2123 * 2124 * outputs: 2125 * zc_name name of next filesystem 2126 * zc_cookie zap cursor 2127 * zc_objset_stats stats 2128 * zc_nvlist_dst property nvlist 2129 * zc_nvlist_dst_size size of property nvlist 2130 */ 2131 static int 2132 zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2133 { 2134 objset_t *os; 2135 int error; 2136 char *p; 2137 size_t orig_len = strlen(zc->zc_name); 2138 2139 top: 2140 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2141 if (error == ENOENT) 2142 error = ESRCH; 2143 return (error); 2144 } 2145 2146 p = strrchr(zc->zc_name, '/'); 2147 if (p == NULL || p[1] != '\0') 2148 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2149 p = zc->zc_name + strlen(zc->zc_name); 2150 2151 /* 2152 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0 2153 * but is not declared void because its called by dmu_objset_find(). 2154 */ 2155 if (zc->zc_cookie == 0) { 2156 uint64_t cookie = 0; 2157 int len = sizeof (zc->zc_name) - (p - zc->zc_name); 2158 2159 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) { 2160 if (!dataset_name_hidden(zc->zc_name)) 2161 (void) dmu_objset_prefetch(zc->zc_name, NULL); 2162 } 2163 } 2164 2165 do { 2166 error = dmu_dir_list_next(os, 2167 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2168 NULL, &zc->zc_cookie); 2169 if (error == ENOENT) 2170 error = ESRCH; 2171 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2172 dmu_objset_rele(os, FTAG); 2173 2174 /* 2175 * If it's an internal dataset (ie. with a '$' in its name), 2176 * don't try to get stats for it, otherwise we'll return ENOENT. 2177 */ 2178 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2179 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2180 if (error == ENOENT) { 2181 /* We lost a race with destroy, get the next one. */ 2182 zc->zc_name[orig_len] = '\0'; 2183 goto top; 2184 } 2185 } 2186 return (error); 2187 } 2188 2189 /* 2190 * inputs: 2191 * zc_name name of filesystem 2192 * zc_cookie zap cursor 2193 * zc_nvlist_dst_size size of buffer for property nvlist 2194 * 2195 * outputs: 2196 * zc_name name of next snapshot 2197 * zc_objset_stats stats 2198 * zc_nvlist_dst property nvlist 2199 * zc_nvlist_dst_size size of property nvlist 2200 */ 2201 static int 2202 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2203 { 2204 objset_t *os; 2205 int error; 2206 2207 top: 2208 if (zc->zc_cookie == 0) 2209 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch, 2210 NULL, DS_FIND_SNAPSHOTS); 2211 2212 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2213 if (error) 2214 return (error == ENOENT ? ESRCH : error); 2215 2216 /* 2217 * A dataset name of maximum length cannot have any snapshots, 2218 * so exit immediately. 2219 */ 2220 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 2221 dmu_objset_rele(os, FTAG); 2222 return (ESRCH); 2223 } 2224 2225 error = dmu_snapshot_list_next(os, 2226 sizeof (zc->zc_name) - strlen(zc->zc_name), 2227 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2228 NULL); 2229 2230 if (error == 0) { 2231 dsl_dataset_t *ds; 2232 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2233 2234 /* 2235 * Since we probably don't have a hold on this snapshot, 2236 * it's possible that the objsetid could have been destroyed 2237 * and reused for a new objset. It's OK if this happens during 2238 * a zfs send operation, since the new createtxg will be 2239 * beyond the range we're interested in. 2240 */ 2241 rw_enter(&dp->dp_config_rwlock, RW_READER); 2242 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2243 rw_exit(&dp->dp_config_rwlock); 2244 if (error) { 2245 if (error == ENOENT) { 2246 /* Racing with destroy, get the next one. */ 2247 *strchr(zc->zc_name, '@') = '\0'; 2248 dmu_objset_rele(os, FTAG); 2249 goto top; 2250 } 2251 } else { 2252 objset_t *ossnap; 2253 2254 error = dmu_objset_from_ds(ds, &ossnap); 2255 if (error == 0) 2256 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2257 dsl_dataset_rele(ds, FTAG); 2258 } 2259 } else if (error == ENOENT) { 2260 error = ESRCH; 2261 } 2262 2263 dmu_objset_rele(os, FTAG); 2264 /* if we failed, undo the @ that we tacked on to zc_name */ 2265 if (error) 2266 *strchr(zc->zc_name, '@') = '\0'; 2267 return (error); 2268 } 2269 2270 static int 2271 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2272 { 2273 const char *propname = nvpair_name(pair); 2274 uint64_t *valary; 2275 unsigned int vallen; 2276 const char *domain; 2277 char *dash; 2278 zfs_userquota_prop_t type; 2279 uint64_t rid; 2280 uint64_t quota; 2281 zfsvfs_t *zfsvfs; 2282 int err; 2283 2284 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2285 nvlist_t *attrs; 2286 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2287 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2288 &pair) != 0) 2289 return (EINVAL); 2290 } 2291 2292 /* 2293 * A correctly constructed propname is encoded as 2294 * userquota@<rid>-<domain>. 2295 */ 2296 if ((dash = strchr(propname, '-')) == NULL || 2297 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2298 vallen != 3) 2299 return (EINVAL); 2300 2301 domain = dash + 1; 2302 type = valary[0]; 2303 rid = valary[1]; 2304 quota = valary[2]; 2305 2306 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2307 if (err == 0) { 2308 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2309 zfsvfs_rele(zfsvfs, FTAG); 2310 } 2311 2312 return (err); 2313 } 2314 2315 /* 2316 * If the named property is one that has a special function to set its value, 2317 * return 0 on success and a positive error code on failure; otherwise if it is 2318 * not one of the special properties handled by this function, return -1. 2319 * 2320 * XXX: It would be better for callers of the property interface if we handled 2321 * these special cases in dsl_prop.c (in the dsl layer). 2322 */ 2323 static int 2324 zfs_prop_set_special(const char *dsname, zprop_source_t source, 2325 nvpair_t *pair) 2326 { 2327 const char *propname = nvpair_name(pair); 2328 zfs_prop_t prop = zfs_name_to_prop(propname); 2329 uint64_t intval; 2330 int err; 2331 2332 if (prop == ZPROP_INVAL) { 2333 if (zfs_prop_userquota(propname)) 2334 return (zfs_prop_set_userquota(dsname, pair)); 2335 return (-1); 2336 } 2337 2338 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2339 nvlist_t *attrs; 2340 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2341 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2342 &pair) == 0); 2343 } 2344 2345 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2346 return (-1); 2347 2348 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2349 2350 switch (prop) { 2351 case ZFS_PROP_QUOTA: 2352 err = dsl_dir_set_quota(dsname, source, intval); 2353 break; 2354 case ZFS_PROP_REFQUOTA: 2355 err = dsl_dataset_set_quota(dsname, source, intval); 2356 break; 2357 case ZFS_PROP_RESERVATION: 2358 err = dsl_dir_set_reservation(dsname, source, intval); 2359 break; 2360 case ZFS_PROP_REFRESERVATION: 2361 err = dsl_dataset_set_reservation(dsname, source, intval); 2362 break; 2363 case ZFS_PROP_VOLSIZE: 2364 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip), 2365 intval); 2366 break; 2367 case ZFS_PROP_VERSION: 2368 { 2369 zfsvfs_t *zfsvfs; 2370 2371 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2372 break; 2373 2374 err = zfs_set_version(zfsvfs, intval); 2375 zfsvfs_rele(zfsvfs, FTAG); 2376 2377 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2378 zfs_cmd_t *zc; 2379 2380 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2381 (void) strcpy(zc->zc_name, dsname); 2382 (void) zfs_ioc_userspace_upgrade(zc); 2383 kmem_free(zc, sizeof (zfs_cmd_t)); 2384 } 2385 break; 2386 } 2387 2388 default: 2389 err = -1; 2390 } 2391 2392 return (err); 2393 } 2394 2395 /* 2396 * This function is best effort. If it fails to set any of the given properties, 2397 * it continues to set as many as it can and returns the last error 2398 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2399 * with the list of names of all the properties that failed along with the 2400 * corresponding error numbers. 2401 * 2402 * If every property is set successfully, zero is returned and errlist is not 2403 * modified. 2404 */ 2405 int 2406 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2407 nvlist_t *errlist) 2408 { 2409 nvpair_t *pair; 2410 nvpair_t *propval; 2411 int rv = 0; 2412 uint64_t intval; 2413 char *strval; 2414 nvlist_t *genericnvl = fnvlist_alloc(); 2415 nvlist_t *retrynvl = fnvlist_alloc(); 2416 2417 retry: 2418 pair = NULL; 2419 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2420 const char *propname = nvpair_name(pair); 2421 zfs_prop_t prop = zfs_name_to_prop(propname); 2422 int err = 0; 2423 2424 /* decode the property value */ 2425 propval = pair; 2426 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2427 nvlist_t *attrs; 2428 attrs = fnvpair_value_nvlist(pair); 2429 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2430 &propval) != 0) 2431 err = EINVAL; 2432 } 2433 2434 /* Validate value type */ 2435 if (err == 0 && prop == ZPROP_INVAL) { 2436 if (zfs_prop_user(propname)) { 2437 if (nvpair_type(propval) != DATA_TYPE_STRING) 2438 err = EINVAL; 2439 } else if (zfs_prop_userquota(propname)) { 2440 if (nvpair_type(propval) != 2441 DATA_TYPE_UINT64_ARRAY) 2442 err = EINVAL; 2443 } else { 2444 err = EINVAL; 2445 } 2446 } else if (err == 0) { 2447 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2448 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2449 err = EINVAL; 2450 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2451 const char *unused; 2452 2453 intval = fnvpair_value_uint64(propval); 2454 2455 switch (zfs_prop_get_type(prop)) { 2456 case PROP_TYPE_NUMBER: 2457 break; 2458 case PROP_TYPE_STRING: 2459 err = EINVAL; 2460 break; 2461 case PROP_TYPE_INDEX: 2462 if (zfs_prop_index_to_string(prop, 2463 intval, &unused) != 0) 2464 err = EINVAL; 2465 break; 2466 default: 2467 cmn_err(CE_PANIC, 2468 "unknown property type"); 2469 } 2470 } else { 2471 err = EINVAL; 2472 } 2473 } 2474 2475 /* Validate permissions */ 2476 if (err == 0) 2477 err = zfs_check_settable(dsname, pair, CRED()); 2478 2479 if (err == 0) { 2480 err = zfs_prop_set_special(dsname, source, pair); 2481 if (err == -1) { 2482 /* 2483 * For better performance we build up a list of 2484 * properties to set in a single transaction. 2485 */ 2486 err = nvlist_add_nvpair(genericnvl, pair); 2487 } else if (err != 0 && nvl != retrynvl) { 2488 /* 2489 * This may be a spurious error caused by 2490 * receiving quota and reservation out of order. 2491 * Try again in a second pass. 2492 */ 2493 err = nvlist_add_nvpair(retrynvl, pair); 2494 } 2495 } 2496 2497 if (err != 0) { 2498 if (errlist != NULL) 2499 fnvlist_add_int32(errlist, propname, err); 2500 rv = err; 2501 } 2502 } 2503 2504 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2505 nvl = retrynvl; 2506 goto retry; 2507 } 2508 2509 if (!nvlist_empty(genericnvl) && 2510 dsl_props_set(dsname, source, genericnvl) != 0) { 2511 /* 2512 * If this fails, we still want to set as many properties as we 2513 * can, so try setting them individually. 2514 */ 2515 pair = NULL; 2516 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2517 const char *propname = nvpair_name(pair); 2518 int err = 0; 2519 2520 propval = pair; 2521 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2522 nvlist_t *attrs; 2523 attrs = fnvpair_value_nvlist(pair); 2524 propval = fnvlist_lookup_nvpair(attrs, 2525 ZPROP_VALUE); 2526 } 2527 2528 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2529 strval = fnvpair_value_string(propval); 2530 err = dsl_prop_set(dsname, propname, source, 1, 2531 strlen(strval) + 1, strval); 2532 } else { 2533 intval = fnvpair_value_uint64(propval); 2534 err = dsl_prop_set(dsname, propname, source, 8, 2535 1, &intval); 2536 } 2537 2538 if (err != 0) { 2539 if (errlist != NULL) { 2540 fnvlist_add_int32(errlist, propname, 2541 err); 2542 } 2543 rv = err; 2544 } 2545 } 2546 } 2547 nvlist_free(genericnvl); 2548 nvlist_free(retrynvl); 2549 2550 return (rv); 2551 } 2552 2553 /* 2554 * Check that all the properties are valid user properties. 2555 */ 2556 static int 2557 zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2558 { 2559 nvpair_t *pair = NULL; 2560 int error = 0; 2561 2562 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2563 const char *propname = nvpair_name(pair); 2564 char *valstr; 2565 2566 if (!zfs_prop_user(propname) || 2567 nvpair_type(pair) != DATA_TYPE_STRING) 2568 return (EINVAL); 2569 2570 if (error = zfs_secpolicy_write_perms(fsname, 2571 ZFS_DELEG_PERM_USERPROP, CRED())) 2572 return (error); 2573 2574 if (strlen(propname) >= ZAP_MAXNAMELEN) 2575 return (ENAMETOOLONG); 2576 2577 VERIFY(nvpair_value_string(pair, &valstr) == 0); 2578 if (strlen(valstr) >= ZAP_MAXVALUELEN) 2579 return (E2BIG); 2580 } 2581 return (0); 2582 } 2583 2584 static void 2585 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2586 { 2587 nvpair_t *pair; 2588 2589 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2590 2591 pair = NULL; 2592 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2593 if (nvlist_exists(skipped, nvpair_name(pair))) 2594 continue; 2595 2596 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2597 } 2598 } 2599 2600 static int 2601 clear_received_props(objset_t *os, const char *fs, nvlist_t *props, 2602 nvlist_t *skipped) 2603 { 2604 int err = 0; 2605 nvlist_t *cleared_props = NULL; 2606 props_skip(props, skipped, &cleared_props); 2607 if (!nvlist_empty(cleared_props)) { 2608 /* 2609 * Acts on local properties until the dataset has received 2610 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2611 */ 2612 zprop_source_t flags = (ZPROP_SRC_NONE | 2613 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0)); 2614 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL); 2615 } 2616 nvlist_free(cleared_props); 2617 return (err); 2618 } 2619 2620 /* 2621 * inputs: 2622 * zc_name name of filesystem 2623 * zc_value name of property to set 2624 * zc_nvlist_src{_size} nvlist of properties to apply 2625 * zc_cookie received properties flag 2626 * 2627 * outputs: 2628 * zc_nvlist_dst{_size} error for each unapplied received property 2629 */ 2630 static int 2631 zfs_ioc_set_prop(zfs_cmd_t *zc) 2632 { 2633 nvlist_t *nvl; 2634 boolean_t received = zc->zc_cookie; 2635 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2636 ZPROP_SRC_LOCAL); 2637 nvlist_t *errors; 2638 int error; 2639 2640 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2641 zc->zc_iflags, &nvl)) != 0) 2642 return (error); 2643 2644 if (received) { 2645 nvlist_t *origprops; 2646 objset_t *os; 2647 2648 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) { 2649 if (dsl_prop_get_received(os, &origprops) == 0) { 2650 (void) clear_received_props(os, 2651 zc->zc_name, origprops, nvl); 2652 nvlist_free(origprops); 2653 } 2654 2655 dsl_prop_set_hasrecvd(os); 2656 dmu_objset_rele(os, FTAG); 2657 } 2658 } 2659 2660 errors = fnvlist_alloc(); 2661 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2662 2663 if (zc->zc_nvlist_dst != NULL && errors != NULL) { 2664 (void) put_nvlist(zc, errors); 2665 } 2666 2667 nvlist_free(errors); 2668 nvlist_free(nvl); 2669 return (error); 2670 } 2671 2672 /* 2673 * inputs: 2674 * zc_name name of filesystem 2675 * zc_value name of property to inherit 2676 * zc_cookie revert to received value if TRUE 2677 * 2678 * outputs: none 2679 */ 2680 static int 2681 zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2682 { 2683 const char *propname = zc->zc_value; 2684 zfs_prop_t prop = zfs_name_to_prop(propname); 2685 boolean_t received = zc->zc_cookie; 2686 zprop_source_t source = (received 2687 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2688 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2689 2690 if (received) { 2691 nvlist_t *dummy; 2692 nvpair_t *pair; 2693 zprop_type_t type; 2694 int err; 2695 2696 /* 2697 * zfs_prop_set_special() expects properties in the form of an 2698 * nvpair with type info. 2699 */ 2700 if (prop == ZPROP_INVAL) { 2701 if (!zfs_prop_user(propname)) 2702 return (EINVAL); 2703 2704 type = PROP_TYPE_STRING; 2705 } else if (prop == ZFS_PROP_VOLSIZE || 2706 prop == ZFS_PROP_VERSION) { 2707 return (EINVAL); 2708 } else { 2709 type = zfs_prop_get_type(prop); 2710 } 2711 2712 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2713 2714 switch (type) { 2715 case PROP_TYPE_STRING: 2716 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2717 break; 2718 case PROP_TYPE_NUMBER: 2719 case PROP_TYPE_INDEX: 2720 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2721 break; 2722 default: 2723 nvlist_free(dummy); 2724 return (EINVAL); 2725 } 2726 2727 pair = nvlist_next_nvpair(dummy, NULL); 2728 err = zfs_prop_set_special(zc->zc_name, source, pair); 2729 nvlist_free(dummy); 2730 if (err != -1) 2731 return (err); /* special property already handled */ 2732 } else { 2733 /* 2734 * Only check this in the non-received case. We want to allow 2735 * 'inherit -S' to revert non-inheritable properties like quota 2736 * and reservation to the received or default values even though 2737 * they are not considered inheritable. 2738 */ 2739 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2740 return (EINVAL); 2741 } 2742 2743 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2744 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL)); 2745 } 2746 2747 static int 2748 zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2749 { 2750 nvlist_t *props; 2751 spa_t *spa; 2752 int error; 2753 nvpair_t *pair; 2754 2755 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2756 zc->zc_iflags, &props)) 2757 return (error); 2758 2759 /* 2760 * If the only property is the configfile, then just do a spa_lookup() 2761 * to handle the faulted case. 2762 */ 2763 pair = nvlist_next_nvpair(props, NULL); 2764 if (pair != NULL && strcmp(nvpair_name(pair), 2765 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2766 nvlist_next_nvpair(props, pair) == NULL) { 2767 mutex_enter(&spa_namespace_lock); 2768 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2769 spa_configfile_set(spa, props, B_FALSE); 2770 spa_config_sync(spa, B_FALSE, B_TRUE); 2771 } 2772 mutex_exit(&spa_namespace_lock); 2773 if (spa != NULL) { 2774 nvlist_free(props); 2775 return (0); 2776 } 2777 } 2778 2779 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2780 nvlist_free(props); 2781 return (error); 2782 } 2783 2784 error = spa_prop_set(spa, props); 2785 2786 nvlist_free(props); 2787 spa_close(spa, FTAG); 2788 2789 return (error); 2790 } 2791 2792 static int 2793 zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2794 { 2795 spa_t *spa; 2796 int error; 2797 nvlist_t *nvp = NULL; 2798 2799 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2800 /* 2801 * If the pool is faulted, there may be properties we can still 2802 * get (such as altroot and cachefile), so attempt to get them 2803 * anyway. 2804 */ 2805 mutex_enter(&spa_namespace_lock); 2806 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2807 error = spa_prop_get(spa, &nvp); 2808 mutex_exit(&spa_namespace_lock); 2809 } else { 2810 error = spa_prop_get(spa, &nvp); 2811 spa_close(spa, FTAG); 2812 } 2813 2814 if (error == 0 && zc->zc_nvlist_dst != NULL) 2815 error = put_nvlist(zc, nvp); 2816 else 2817 error = EFAULT; 2818 2819 nvlist_free(nvp); 2820 return (error); 2821 } 2822 2823 /* 2824 * inputs: 2825 * zc_name name of filesystem 2826 * zc_nvlist_src{_size} nvlist of delegated permissions 2827 * zc_perm_action allow/unallow flag 2828 * 2829 * outputs: none 2830 */ 2831 static int 2832 zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2833 { 2834 int error; 2835 nvlist_t *fsaclnv = NULL; 2836 2837 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2838 zc->zc_iflags, &fsaclnv)) != 0) 2839 return (error); 2840 2841 /* 2842 * Verify nvlist is constructed correctly 2843 */ 2844 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2845 nvlist_free(fsaclnv); 2846 return (EINVAL); 2847 } 2848 2849 /* 2850 * If we don't have PRIV_SYS_MOUNT, then validate 2851 * that user is allowed to hand out each permission in 2852 * the nvlist(s) 2853 */ 2854 2855 error = secpolicy_zfs(CRED()); 2856 if (error) { 2857 if (zc->zc_perm_action == B_FALSE) { 2858 error = dsl_deleg_can_allow(zc->zc_name, 2859 fsaclnv, CRED()); 2860 } else { 2861 error = dsl_deleg_can_unallow(zc->zc_name, 2862 fsaclnv, CRED()); 2863 } 2864 } 2865 2866 if (error == 0) 2867 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2868 2869 nvlist_free(fsaclnv); 2870 return (error); 2871 } 2872 2873 /* 2874 * inputs: 2875 * zc_name name of filesystem 2876 * 2877 * outputs: 2878 * zc_nvlist_src{_size} nvlist of delegated permissions 2879 */ 2880 static int 2881 zfs_ioc_get_fsacl(zfs_cmd_t *zc) 2882 { 2883 nvlist_t *nvp; 2884 int error; 2885 2886 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 2887 error = put_nvlist(zc, nvp); 2888 nvlist_free(nvp); 2889 } 2890 2891 return (error); 2892 } 2893 2894 /* 2895 * Search the vfs list for a specified resource. Returns a pointer to it 2896 * or NULL if no suitable entry is found. The caller of this routine 2897 * is responsible for releasing the returned vfs pointer. 2898 */ 2899 static vfs_t * 2900 zfs_get_vfs(const char *resource) 2901 { 2902 struct vfs *vfsp; 2903 struct vfs *vfs_found = NULL; 2904 2905 vfs_list_read_lock(); 2906 vfsp = rootvfs; 2907 do { 2908 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 2909 VFS_HOLD(vfsp); 2910 vfs_found = vfsp; 2911 break; 2912 } 2913 vfsp = vfsp->vfs_next; 2914 } while (vfsp != rootvfs); 2915 vfs_list_unlock(); 2916 return (vfs_found); 2917 } 2918 2919 /* ARGSUSED */ 2920 static void 2921 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 2922 { 2923 zfs_creat_t *zct = arg; 2924 2925 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 2926 } 2927 2928 #define ZFS_PROP_UNDEFINED ((uint64_t)-1) 2929 2930 /* 2931 * inputs: 2932 * createprops list of properties requested by creator 2933 * default_zplver zpl version to use if unspecified in createprops 2934 * fuids_ok fuids allowed in this version of the spa? 2935 * os parent objset pointer (NULL if root fs) 2936 * 2937 * outputs: 2938 * zplprops values for the zplprops we attach to the master node object 2939 * is_ci true if requested file system will be purely case-insensitive 2940 * 2941 * Determine the settings for utf8only, normalization and 2942 * casesensitivity. Specific values may have been requested by the 2943 * creator and/or we can inherit values from the parent dataset. If 2944 * the file system is of too early a vintage, a creator can not 2945 * request settings for these properties, even if the requested 2946 * setting is the default value. We don't actually want to create dsl 2947 * properties for these, so remove them from the source nvlist after 2948 * processing. 2949 */ 2950 static int 2951 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 2952 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 2953 nvlist_t *zplprops, boolean_t *is_ci) 2954 { 2955 uint64_t sense = ZFS_PROP_UNDEFINED; 2956 uint64_t norm = ZFS_PROP_UNDEFINED; 2957 uint64_t u8 = ZFS_PROP_UNDEFINED; 2958 2959 ASSERT(zplprops != NULL); 2960 2961 /* 2962 * Pull out creator prop choices, if any. 2963 */ 2964 if (createprops) { 2965 (void) nvlist_lookup_uint64(createprops, 2966 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 2967 (void) nvlist_lookup_uint64(createprops, 2968 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 2969 (void) nvlist_remove_all(createprops, 2970 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 2971 (void) nvlist_lookup_uint64(createprops, 2972 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 2973 (void) nvlist_remove_all(createprops, 2974 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 2975 (void) nvlist_lookup_uint64(createprops, 2976 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 2977 (void) nvlist_remove_all(createprops, 2978 zfs_prop_to_name(ZFS_PROP_CASE)); 2979 } 2980 2981 /* 2982 * If the zpl version requested is whacky or the file system 2983 * or pool is version is too "young" to support normalization 2984 * and the creator tried to set a value for one of the props, 2985 * error out. 2986 */ 2987 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 2988 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 2989 (zplver >= ZPL_VERSION_SA && !sa_ok) || 2990 (zplver < ZPL_VERSION_NORMALIZATION && 2991 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 2992 sense != ZFS_PROP_UNDEFINED))) 2993 return (ENOTSUP); 2994 2995 /* 2996 * Put the version in the zplprops 2997 */ 2998 VERIFY(nvlist_add_uint64(zplprops, 2999 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3000 3001 if (norm == ZFS_PROP_UNDEFINED) 3002 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3003 VERIFY(nvlist_add_uint64(zplprops, 3004 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3005 3006 /* 3007 * If we're normalizing, names must always be valid UTF-8 strings. 3008 */ 3009 if (norm) 3010 u8 = 1; 3011 if (u8 == ZFS_PROP_UNDEFINED) 3012 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3013 VERIFY(nvlist_add_uint64(zplprops, 3014 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3015 3016 if (sense == ZFS_PROP_UNDEFINED) 3017 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3018 VERIFY(nvlist_add_uint64(zplprops, 3019 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3020 3021 if (is_ci) 3022 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3023 3024 return (0); 3025 } 3026 3027 static int 3028 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3029 nvlist_t *zplprops, boolean_t *is_ci) 3030 { 3031 boolean_t fuids_ok, sa_ok; 3032 uint64_t zplver = ZPL_VERSION; 3033 objset_t *os = NULL; 3034 char parentname[MAXNAMELEN]; 3035 char *cp; 3036 spa_t *spa; 3037 uint64_t spa_vers; 3038 int error; 3039 3040 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3041 cp = strrchr(parentname, '/'); 3042 ASSERT(cp != NULL); 3043 cp[0] = '\0'; 3044 3045 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3046 return (error); 3047 3048 spa_vers = spa_version(spa); 3049 spa_close(spa, FTAG); 3050 3051 zplver = zfs_zpl_version_map(spa_vers); 3052 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3053 sa_ok = (zplver >= ZPL_VERSION_SA); 3054 3055 /* 3056 * Open parent object set so we can inherit zplprop values. 3057 */ 3058 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3059 return (error); 3060 3061 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3062 zplprops, is_ci); 3063 dmu_objset_rele(os, FTAG); 3064 return (error); 3065 } 3066 3067 static int 3068 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3069 nvlist_t *zplprops, boolean_t *is_ci) 3070 { 3071 boolean_t fuids_ok; 3072 boolean_t sa_ok; 3073 uint64_t zplver = ZPL_VERSION; 3074 int error; 3075 3076 zplver = zfs_zpl_version_map(spa_vers); 3077 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3078 sa_ok = (zplver >= ZPL_VERSION_SA); 3079 3080 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3081 createprops, zplprops, is_ci); 3082 return (error); 3083 } 3084 3085 /* 3086 * innvl: { 3087 * "type" -> dmu_objset_type_t (int32) 3088 * (optional) "props" -> { prop -> value } 3089 * } 3090 * 3091 * outnvl: propname -> error code (int32) 3092 */ 3093 static int 3094 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3095 { 3096 int error = 0; 3097 zfs_creat_t zct = { 0 }; 3098 nvlist_t *nvprops = NULL; 3099 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3100 int32_t type32; 3101 dmu_objset_type_t type; 3102 boolean_t is_insensitive = B_FALSE; 3103 3104 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3105 return (EINVAL); 3106 type = type32; 3107 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3108 3109 switch (type) { 3110 case DMU_OST_ZFS: 3111 cbfunc = zfs_create_cb; 3112 break; 3113 3114 case DMU_OST_ZVOL: 3115 cbfunc = zvol_create_cb; 3116 break; 3117 3118 default: 3119 cbfunc = NULL; 3120 break; 3121 } 3122 if (strchr(fsname, '@') || 3123 strchr(fsname, '%')) 3124 return (EINVAL); 3125 3126 zct.zct_props = nvprops; 3127 3128 if (cbfunc == NULL) 3129 return (EINVAL); 3130 3131 if (type == DMU_OST_ZVOL) { 3132 uint64_t volsize, volblocksize; 3133 3134 if (nvprops == NULL) 3135 return (EINVAL); 3136 if (nvlist_lookup_uint64(nvprops, 3137 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3138 return (EINVAL); 3139 3140 if ((error = nvlist_lookup_uint64(nvprops, 3141 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3142 &volblocksize)) != 0 && error != ENOENT) 3143 return (EINVAL); 3144 3145 if (error != 0) 3146 volblocksize = zfs_prop_default_numeric( 3147 ZFS_PROP_VOLBLOCKSIZE); 3148 3149 if ((error = zvol_check_volblocksize( 3150 volblocksize)) != 0 || 3151 (error = zvol_check_volsize(volsize, 3152 volblocksize)) != 0) 3153 return (error); 3154 } else if (type == DMU_OST_ZFS) { 3155 int error; 3156 3157 /* 3158 * We have to have normalization and 3159 * case-folding flags correct when we do the 3160 * file system creation, so go figure them out 3161 * now. 3162 */ 3163 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3164 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3165 error = zfs_fill_zplprops(fsname, nvprops, 3166 zct.zct_zplprops, &is_insensitive); 3167 if (error != 0) { 3168 nvlist_free(zct.zct_zplprops); 3169 return (error); 3170 } 3171 } 3172 3173 error = dmu_objset_create(fsname, type, 3174 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3175 nvlist_free(zct.zct_zplprops); 3176 3177 /* 3178 * It would be nice to do this atomically. 3179 */ 3180 if (error == 0) { 3181 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3182 nvprops, outnvl); 3183 if (error != 0) 3184 (void) dmu_objset_destroy(fsname, B_FALSE); 3185 } 3186 return (error); 3187 } 3188 3189 /* 3190 * innvl: { 3191 * "origin" -> name of origin snapshot 3192 * (optional) "props" -> { prop -> value } 3193 * } 3194 * 3195 * outnvl: propname -> error code (int32) 3196 */ 3197 static int 3198 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3199 { 3200 int error = 0; 3201 nvlist_t *nvprops = NULL; 3202 char *origin_name; 3203 dsl_dataset_t *origin; 3204 3205 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3206 return (EINVAL); 3207 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3208 3209 if (strchr(fsname, '@') || 3210 strchr(fsname, '%')) 3211 return (EINVAL); 3212 3213 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3214 return (EINVAL); 3215 3216 error = dsl_dataset_hold(origin_name, FTAG, &origin); 3217 if (error) 3218 return (error); 3219 3220 error = dmu_objset_clone(fsname, origin, 0); 3221 dsl_dataset_rele(origin, FTAG); 3222 if (error) 3223 return (error); 3224 3225 /* 3226 * It would be nice to do this atomically. 3227 */ 3228 if (error == 0) { 3229 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3230 nvprops, outnvl); 3231 if (error != 0) 3232 (void) dmu_objset_destroy(fsname, B_FALSE); 3233 } 3234 return (error); 3235 } 3236 3237 /* 3238 * innvl: { 3239 * "snaps" -> { snapshot1, snapshot2 } 3240 * (optional) "props" -> { prop -> value (string) } 3241 * } 3242 * 3243 * outnvl: snapshot -> error code (int32) 3244 * 3245 */ 3246 static int 3247 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3248 { 3249 nvlist_t *snaps; 3250 nvlist_t *props = NULL; 3251 int error, poollen; 3252 nvpair_t *pair; 3253 3254 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3255 if ((error = zfs_check_userprops(poolname, props)) != 0) 3256 return (error); 3257 3258 if (!nvlist_empty(props) && 3259 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3260 return (ENOTSUP); 3261 3262 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3263 return (EINVAL); 3264 poollen = strlen(poolname); 3265 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3266 pair = nvlist_next_nvpair(snaps, pair)) { 3267 const char *name = nvpair_name(pair); 3268 const char *cp = strchr(name, '@'); 3269 3270 /* 3271 * The snap name must contain an @, and the part after it must 3272 * contain only valid characters. 3273 */ 3274 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0) 3275 return (EINVAL); 3276 3277 /* 3278 * The snap must be in the specified pool. 3279 */ 3280 if (strncmp(name, poolname, poollen) != 0 || 3281 (name[poollen] != '/' && name[poollen] != '@')) 3282 return (EXDEV); 3283 3284 /* This must be the only snap of this fs. */ 3285 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3286 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3287 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3288 == 0) { 3289 return (EXDEV); 3290 } 3291 } 3292 } 3293 3294 error = dmu_objset_snapshot(snaps, props, outnvl); 3295 return (error); 3296 } 3297 3298 /* 3299 * innvl: "message" -> string 3300 */ 3301 /* ARGSUSED */ 3302 static int 3303 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3304 { 3305 char *message; 3306 spa_t *spa; 3307 int error; 3308 char *poolname; 3309 3310 /* 3311 * The poolname in the ioctl is not set, we get it from the TSD, 3312 * which was set at the end of the last successful ioctl that allows 3313 * logging. The secpolicy func already checked that it is set. 3314 * Only one log ioctl is allowed after each successful ioctl, so 3315 * we clear the TSD here. 3316 */ 3317 poolname = tsd_get(zfs_allow_log_key); 3318 (void) tsd_set(zfs_allow_log_key, NULL); 3319 error = spa_open(poolname, &spa, FTAG); 3320 strfree(poolname); 3321 if (error != 0) 3322 return (error); 3323 3324 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3325 spa_close(spa, FTAG); 3326 return (EINVAL); 3327 } 3328 3329 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3330 spa_close(spa, FTAG); 3331 return (ENOTSUP); 3332 } 3333 3334 error = spa_history_log(spa, message); 3335 spa_close(spa, FTAG); 3336 return (error); 3337 } 3338 3339 /* ARGSUSED */ 3340 int 3341 zfs_unmount_snap(const char *name, void *arg) 3342 { 3343 vfs_t *vfsp; 3344 int err; 3345 3346 if (strchr(name, '@') == NULL) 3347 return (0); 3348 3349 vfsp = zfs_get_vfs(name); 3350 if (vfsp == NULL) 3351 return (0); 3352 3353 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) { 3354 VFS_RELE(vfsp); 3355 return (err); 3356 } 3357 VFS_RELE(vfsp); 3358 3359 /* 3360 * Always force the unmount for snapshots. 3361 */ 3362 return (dounmount(vfsp, MS_FORCE, kcred)); 3363 } 3364 3365 /* 3366 * innvl: { 3367 * "snaps" -> { snapshot1, snapshot2 } 3368 * (optional boolean) "defer" 3369 * } 3370 * 3371 * outnvl: snapshot -> error code (int32) 3372 * 3373 */ 3374 static int 3375 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3376 { 3377 int poollen; 3378 nvlist_t *snaps; 3379 nvpair_t *pair; 3380 boolean_t defer; 3381 3382 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3383 return (EINVAL); 3384 defer = nvlist_exists(innvl, "defer"); 3385 3386 poollen = strlen(poolname); 3387 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3388 pair = nvlist_next_nvpair(snaps, pair)) { 3389 const char *name = nvpair_name(pair); 3390 3391 /* 3392 * The snap must be in the specified pool. 3393 */ 3394 if (strncmp(name, poolname, poollen) != 0 || 3395 (name[poollen] != '/' && name[poollen] != '@')) 3396 return (EXDEV); 3397 3398 /* 3399 * Ignore failures to unmount; dmu_snapshots_destroy_nvl() 3400 * will deal with this gracefully (by filling in outnvl). 3401 */ 3402 (void) zfs_unmount_snap(name, NULL); 3403 } 3404 3405 return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl)); 3406 } 3407 3408 /* 3409 * inputs: 3410 * zc_name name of dataset to destroy 3411 * zc_objset_type type of objset 3412 * zc_defer_destroy mark for deferred destroy 3413 * 3414 * outputs: none 3415 */ 3416 static int 3417 zfs_ioc_destroy(zfs_cmd_t *zc) 3418 { 3419 int err; 3420 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) { 3421 err = zfs_unmount_snap(zc->zc_name, NULL); 3422 if (err) 3423 return (err); 3424 } 3425 3426 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy); 3427 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3428 (void) zvol_remove_minor(zc->zc_name); 3429 return (err); 3430 } 3431 3432 /* 3433 * inputs: 3434 * zc_name name of dataset to rollback (to most recent snapshot) 3435 * 3436 * outputs: none 3437 */ 3438 static int 3439 zfs_ioc_rollback(zfs_cmd_t *zc) 3440 { 3441 dsl_dataset_t *ds, *clone; 3442 int error; 3443 zfsvfs_t *zfsvfs; 3444 char *clone_name; 3445 3446 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds); 3447 if (error) 3448 return (error); 3449 3450 /* must not be a snapshot */ 3451 if (dsl_dataset_is_snapshot(ds)) { 3452 dsl_dataset_rele(ds, FTAG); 3453 return (EINVAL); 3454 } 3455 3456 /* must have a most recent snapshot */ 3457 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) { 3458 dsl_dataset_rele(ds, FTAG); 3459 return (EINVAL); 3460 } 3461 3462 /* 3463 * Create clone of most recent snapshot. 3464 */ 3465 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name); 3466 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT); 3467 if (error) 3468 goto out; 3469 3470 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone); 3471 if (error) 3472 goto out; 3473 3474 /* 3475 * Do clone swap. 3476 */ 3477 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 3478 error = zfs_suspend_fs(zfsvfs); 3479 if (error == 0) { 3480 int resume_err; 3481 3482 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3483 error = dsl_dataset_clone_swap(clone, ds, 3484 B_TRUE); 3485 dsl_dataset_disown(ds, FTAG); 3486 ds = NULL; 3487 } else { 3488 error = EBUSY; 3489 } 3490 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name); 3491 error = error ? error : resume_err; 3492 } 3493 VFS_RELE(zfsvfs->z_vfs); 3494 } else { 3495 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) { 3496 error = dsl_dataset_clone_swap(clone, ds, B_TRUE); 3497 dsl_dataset_disown(ds, FTAG); 3498 ds = NULL; 3499 } else { 3500 error = EBUSY; 3501 } 3502 } 3503 3504 /* 3505 * Destroy clone (which also closes it). 3506 */ 3507 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE); 3508 3509 out: 3510 strfree(clone_name); 3511 if (ds) 3512 dsl_dataset_rele(ds, FTAG); 3513 return (error); 3514 } 3515 3516 /* 3517 * inputs: 3518 * zc_name old name of dataset 3519 * zc_value new name of dataset 3520 * zc_cookie recursive flag (only valid for snapshots) 3521 * 3522 * outputs: none 3523 */ 3524 static int 3525 zfs_ioc_rename(zfs_cmd_t *zc) 3526 { 3527 boolean_t recursive = zc->zc_cookie & 1; 3528 3529 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3530 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3531 strchr(zc->zc_value, '%')) 3532 return (EINVAL); 3533 3534 /* 3535 * Unmount snapshot unless we're doing a recursive rename, 3536 * in which case the dataset code figures out which snapshots 3537 * to unmount. 3538 */ 3539 if (!recursive && strchr(zc->zc_name, '@') != NULL && 3540 zc->zc_objset_type == DMU_OST_ZFS) { 3541 int err = zfs_unmount_snap(zc->zc_name, NULL); 3542 if (err) 3543 return (err); 3544 } 3545 if (zc->zc_objset_type == DMU_OST_ZVOL) 3546 (void) zvol_remove_minor(zc->zc_name); 3547 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive)); 3548 } 3549 3550 static int 3551 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3552 { 3553 const char *propname = nvpair_name(pair); 3554 boolean_t issnap = (strchr(dsname, '@') != NULL); 3555 zfs_prop_t prop = zfs_name_to_prop(propname); 3556 uint64_t intval; 3557 int err; 3558 3559 if (prop == ZPROP_INVAL) { 3560 if (zfs_prop_user(propname)) { 3561 if (err = zfs_secpolicy_write_perms(dsname, 3562 ZFS_DELEG_PERM_USERPROP, cr)) 3563 return (err); 3564 return (0); 3565 } 3566 3567 if (!issnap && zfs_prop_userquota(propname)) { 3568 const char *perm = NULL; 3569 const char *uq_prefix = 3570 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3571 const char *gq_prefix = 3572 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3573 3574 if (strncmp(propname, uq_prefix, 3575 strlen(uq_prefix)) == 0) { 3576 perm = ZFS_DELEG_PERM_USERQUOTA; 3577 } else if (strncmp(propname, gq_prefix, 3578 strlen(gq_prefix)) == 0) { 3579 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3580 } else { 3581 /* USERUSED and GROUPUSED are read-only */ 3582 return (EINVAL); 3583 } 3584 3585 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3586 return (err); 3587 return (0); 3588 } 3589 3590 return (EINVAL); 3591 } 3592 3593 if (issnap) 3594 return (EINVAL); 3595 3596 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3597 /* 3598 * dsl_prop_get_all_impl() returns properties in this 3599 * format. 3600 */ 3601 nvlist_t *attrs; 3602 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3603 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3604 &pair) == 0); 3605 } 3606 3607 /* 3608 * Check that this value is valid for this pool version 3609 */ 3610 switch (prop) { 3611 case ZFS_PROP_COMPRESSION: 3612 /* 3613 * If the user specified gzip compression, make sure 3614 * the SPA supports it. We ignore any errors here since 3615 * we'll catch them later. 3616 */ 3617 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3618 nvpair_value_uint64(pair, &intval) == 0) { 3619 if (intval >= ZIO_COMPRESS_GZIP_1 && 3620 intval <= ZIO_COMPRESS_GZIP_9 && 3621 zfs_earlier_version(dsname, 3622 SPA_VERSION_GZIP_COMPRESSION)) { 3623 return (ENOTSUP); 3624 } 3625 3626 if (intval == ZIO_COMPRESS_ZLE && 3627 zfs_earlier_version(dsname, 3628 SPA_VERSION_ZLE_COMPRESSION)) 3629 return (ENOTSUP); 3630 3631 /* 3632 * If this is a bootable dataset then 3633 * verify that the compression algorithm 3634 * is supported for booting. We must return 3635 * something other than ENOTSUP since it 3636 * implies a downrev pool version. 3637 */ 3638 if (zfs_is_bootfs(dsname) && 3639 !BOOTFS_COMPRESS_VALID(intval)) { 3640 return (ERANGE); 3641 } 3642 } 3643 break; 3644 3645 case ZFS_PROP_COPIES: 3646 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3647 return (ENOTSUP); 3648 break; 3649 3650 case ZFS_PROP_DEDUP: 3651 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3652 return (ENOTSUP); 3653 break; 3654 3655 case ZFS_PROP_SHARESMB: 3656 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3657 return (ENOTSUP); 3658 break; 3659 3660 case ZFS_PROP_ACLINHERIT: 3661 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3662 nvpair_value_uint64(pair, &intval) == 0) { 3663 if (intval == ZFS_ACL_PASSTHROUGH_X && 3664 zfs_earlier_version(dsname, 3665 SPA_VERSION_PASSTHROUGH_X)) 3666 return (ENOTSUP); 3667 } 3668 break; 3669 } 3670 3671 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 3672 } 3673 3674 /* 3675 * Removes properties from the given props list that fail permission checks 3676 * needed to clear them and to restore them in case of a receive error. For each 3677 * property, make sure we have both set and inherit permissions. 3678 * 3679 * Returns the first error encountered if any permission checks fail. If the 3680 * caller provides a non-NULL errlist, it also gives the complete list of names 3681 * of all the properties that failed a permission check along with the 3682 * corresponding error numbers. The caller is responsible for freeing the 3683 * returned errlist. 3684 * 3685 * If every property checks out successfully, zero is returned and the list 3686 * pointed at by errlist is NULL. 3687 */ 3688 static int 3689 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 3690 { 3691 zfs_cmd_t *zc; 3692 nvpair_t *pair, *next_pair; 3693 nvlist_t *errors; 3694 int err, rv = 0; 3695 3696 if (props == NULL) 3697 return (0); 3698 3699 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3700 3701 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 3702 (void) strcpy(zc->zc_name, dataset); 3703 pair = nvlist_next_nvpair(props, NULL); 3704 while (pair != NULL) { 3705 next_pair = nvlist_next_nvpair(props, pair); 3706 3707 (void) strcpy(zc->zc_value, nvpair_name(pair)); 3708 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 3709 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 3710 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 3711 VERIFY(nvlist_add_int32(errors, 3712 zc->zc_value, err) == 0); 3713 } 3714 pair = next_pair; 3715 } 3716 kmem_free(zc, sizeof (zfs_cmd_t)); 3717 3718 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 3719 nvlist_free(errors); 3720 errors = NULL; 3721 } else { 3722 VERIFY(nvpair_value_int32(pair, &rv) == 0); 3723 } 3724 3725 if (errlist == NULL) 3726 nvlist_free(errors); 3727 else 3728 *errlist = errors; 3729 3730 return (rv); 3731 } 3732 3733 static boolean_t 3734 propval_equals(nvpair_t *p1, nvpair_t *p2) 3735 { 3736 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 3737 /* dsl_prop_get_all_impl() format */ 3738 nvlist_t *attrs; 3739 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 3740 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3741 &p1) == 0); 3742 } 3743 3744 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 3745 nvlist_t *attrs; 3746 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 3747 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3748 &p2) == 0); 3749 } 3750 3751 if (nvpair_type(p1) != nvpair_type(p2)) 3752 return (B_FALSE); 3753 3754 if (nvpair_type(p1) == DATA_TYPE_STRING) { 3755 char *valstr1, *valstr2; 3756 3757 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 3758 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 3759 return (strcmp(valstr1, valstr2) == 0); 3760 } else { 3761 uint64_t intval1, intval2; 3762 3763 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 3764 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 3765 return (intval1 == intval2); 3766 } 3767 } 3768 3769 /* 3770 * Remove properties from props if they are not going to change (as determined 3771 * by comparison with origprops). Remove them from origprops as well, since we 3772 * do not need to clear or restore properties that won't change. 3773 */ 3774 static void 3775 props_reduce(nvlist_t *props, nvlist_t *origprops) 3776 { 3777 nvpair_t *pair, *next_pair; 3778 3779 if (origprops == NULL) 3780 return; /* all props need to be received */ 3781 3782 pair = nvlist_next_nvpair(props, NULL); 3783 while (pair != NULL) { 3784 const char *propname = nvpair_name(pair); 3785 nvpair_t *match; 3786 3787 next_pair = nvlist_next_nvpair(props, pair); 3788 3789 if ((nvlist_lookup_nvpair(origprops, propname, 3790 &match) != 0) || !propval_equals(pair, match)) 3791 goto next; /* need to set received value */ 3792 3793 /* don't clear the existing received value */ 3794 (void) nvlist_remove_nvpair(origprops, match); 3795 /* don't bother receiving the property */ 3796 (void) nvlist_remove_nvpair(props, pair); 3797 next: 3798 pair = next_pair; 3799 } 3800 } 3801 3802 #ifdef DEBUG 3803 static boolean_t zfs_ioc_recv_inject_err; 3804 #endif 3805 3806 /* 3807 * inputs: 3808 * zc_name name of containing filesystem 3809 * zc_nvlist_src{_size} nvlist of properties to apply 3810 * zc_value name of snapshot to create 3811 * zc_string name of clone origin (if DRR_FLAG_CLONE) 3812 * zc_cookie file descriptor to recv from 3813 * zc_begin_record the BEGIN record of the stream (not byteswapped) 3814 * zc_guid force flag 3815 * zc_cleanup_fd cleanup-on-exit file descriptor 3816 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 3817 * 3818 * outputs: 3819 * zc_cookie number of bytes read 3820 * zc_nvlist_dst{_size} error for each unapplied received property 3821 * zc_obj zprop_errflags_t 3822 * zc_action_handle handle for this guid/ds mapping 3823 */ 3824 static int 3825 zfs_ioc_recv(zfs_cmd_t *zc) 3826 { 3827 file_t *fp; 3828 objset_t *os; 3829 dmu_recv_cookie_t drc; 3830 boolean_t force = (boolean_t)zc->zc_guid; 3831 int fd; 3832 int error = 0; 3833 int props_error = 0; 3834 nvlist_t *errors; 3835 offset_t off; 3836 nvlist_t *props = NULL; /* sent properties */ 3837 nvlist_t *origprops = NULL; /* existing properties */ 3838 objset_t *origin = NULL; 3839 char *tosnap; 3840 char tofs[ZFS_MAXNAMELEN]; 3841 boolean_t first_recvd_props = B_FALSE; 3842 3843 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3844 strchr(zc->zc_value, '@') == NULL || 3845 strchr(zc->zc_value, '%')) 3846 return (EINVAL); 3847 3848 (void) strcpy(tofs, zc->zc_value); 3849 tosnap = strchr(tofs, '@'); 3850 *tosnap++ = '\0'; 3851 3852 if (zc->zc_nvlist_src != NULL && 3853 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 3854 zc->zc_iflags, &props)) != 0) 3855 return (error); 3856 3857 fd = zc->zc_cookie; 3858 fp = getf(fd); 3859 if (fp == NULL) { 3860 nvlist_free(props); 3861 return (EBADF); 3862 } 3863 3864 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 3865 3866 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) { 3867 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) && 3868 !dsl_prop_get_hasrecvd(os)) { 3869 first_recvd_props = B_TRUE; 3870 } 3871 3872 /* 3873 * If new received properties are supplied, they are to 3874 * completely replace the existing received properties, so stash 3875 * away the existing ones. 3876 */ 3877 if (dsl_prop_get_received(os, &origprops) == 0) { 3878 nvlist_t *errlist = NULL; 3879 /* 3880 * Don't bother writing a property if its value won't 3881 * change (and avoid the unnecessary security checks). 3882 * 3883 * The first receive after SPA_VERSION_RECVD_PROPS is a 3884 * special case where we blow away all local properties 3885 * regardless. 3886 */ 3887 if (!first_recvd_props) 3888 props_reduce(props, origprops); 3889 if (zfs_check_clearable(tofs, origprops, 3890 &errlist) != 0) 3891 (void) nvlist_merge(errors, errlist, 0); 3892 nvlist_free(errlist); 3893 } 3894 3895 dmu_objset_rele(os, FTAG); 3896 } 3897 3898 if (zc->zc_string[0]) { 3899 error = dmu_objset_hold(zc->zc_string, FTAG, &origin); 3900 if (error) 3901 goto out; 3902 } 3903 3904 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds, 3905 &zc->zc_begin_record, force, origin, &drc); 3906 if (origin) 3907 dmu_objset_rele(origin, FTAG); 3908 if (error) 3909 goto out; 3910 3911 /* 3912 * Set properties before we receive the stream so that they are applied 3913 * to the new data. Note that we must call dmu_recv_stream() if 3914 * dmu_recv_begin() succeeds. 3915 */ 3916 if (props) { 3917 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) { 3918 if (drc.drc_newfs) { 3919 if (spa_version(os->os_spa) >= 3920 SPA_VERSION_RECVD_PROPS) 3921 first_recvd_props = B_TRUE; 3922 } else if (origprops != NULL) { 3923 if (clear_received_props(os, tofs, origprops, 3924 first_recvd_props ? NULL : props) != 0) 3925 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3926 } else { 3927 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3928 } 3929 dsl_prop_set_hasrecvd(os); 3930 } else if (!drc.drc_newfs) { 3931 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 3932 } 3933 3934 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 3935 props, errors); 3936 } 3937 3938 if (zc->zc_nvlist_dst_size != 0 && 3939 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 3940 put_nvlist(zc, errors) != 0)) { 3941 /* 3942 * Caller made zc->zc_nvlist_dst less than the minimum expected 3943 * size or supplied an invalid address. 3944 */ 3945 props_error = EINVAL; 3946 } 3947 3948 off = fp->f_offset; 3949 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd, 3950 &zc->zc_action_handle); 3951 3952 if (error == 0) { 3953 zfsvfs_t *zfsvfs = NULL; 3954 3955 if (getzfsvfs(tofs, &zfsvfs) == 0) { 3956 /* online recv */ 3957 int end_err; 3958 3959 error = zfs_suspend_fs(zfsvfs); 3960 /* 3961 * If the suspend fails, then the recv_end will 3962 * likely also fail, and clean up after itself. 3963 */ 3964 end_err = dmu_recv_end(&drc); 3965 if (error == 0) 3966 error = zfs_resume_fs(zfsvfs, tofs); 3967 error = error ? error : end_err; 3968 VFS_RELE(zfsvfs->z_vfs); 3969 } else { 3970 error = dmu_recv_end(&drc); 3971 } 3972 } 3973 3974 zc->zc_cookie = off - fp->f_offset; 3975 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 3976 fp->f_offset = off; 3977 3978 #ifdef DEBUG 3979 if (zfs_ioc_recv_inject_err) { 3980 zfs_ioc_recv_inject_err = B_FALSE; 3981 error = 1; 3982 } 3983 #endif 3984 /* 3985 * On error, restore the original props. 3986 */ 3987 if (error && props) { 3988 if (dmu_objset_hold(tofs, FTAG, &os) == 0) { 3989 if (clear_received_props(os, tofs, props, NULL) != 0) { 3990 /* 3991 * We failed to clear the received properties. 3992 * Since we may have left a $recvd value on the 3993 * system, we can't clear the $hasrecvd flag. 3994 */ 3995 zc->zc_obj |= ZPROP_ERR_NORESTORE; 3996 } else if (first_recvd_props) { 3997 dsl_prop_unset_hasrecvd(os); 3998 } 3999 dmu_objset_rele(os, FTAG); 4000 } else if (!drc.drc_newfs) { 4001 /* We failed to clear the received properties. */ 4002 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4003 } 4004 4005 if (origprops == NULL && !drc.drc_newfs) { 4006 /* We failed to stash the original properties. */ 4007 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4008 } 4009 4010 /* 4011 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4012 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4013 * explictly if we're restoring local properties cleared in the 4014 * first new-style receive. 4015 */ 4016 if (origprops != NULL && 4017 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4018 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4019 origprops, NULL) != 0) { 4020 /* 4021 * We stashed the original properties but failed to 4022 * restore them. 4023 */ 4024 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4025 } 4026 } 4027 out: 4028 nvlist_free(props); 4029 nvlist_free(origprops); 4030 nvlist_free(errors); 4031 releasef(fd); 4032 4033 if (error == 0) 4034 error = props_error; 4035 4036 return (error); 4037 } 4038 4039 /* 4040 * inputs: 4041 * zc_name name of snapshot to send 4042 * zc_cookie file descriptor to send stream to 4043 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4044 * zc_sendobj objsetid of snapshot to send 4045 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4046 * zc_guid bit 0: if set, estimate size of stream only. zc_cookie is 4047 * ignored. output size in zc_objset_type. 4048 * zc_guid bit 1: if set, send output in FAR-format 4049 * 4050 * outputs: none 4051 */ 4052 static int 4053 zfs_ioc_send(zfs_cmd_t *zc) 4054 { 4055 objset_t *fromsnap = NULL; 4056 objset_t *tosnap; 4057 int error; 4058 offset_t off; 4059 dsl_dataset_t *ds; 4060 dsl_dataset_t *dsfrom = NULL; 4061 spa_t *spa; 4062 dsl_pool_t *dp; 4063 boolean_t estimate = ((zc->zc_guid & 1) != 0); 4064 boolean_t far = ((zc->zc_guid & 2) != 0); 4065 4066 error = spa_open(zc->zc_name, &spa, FTAG); 4067 if (error) 4068 return (error); 4069 4070 dp = spa_get_dsl(spa); 4071 rw_enter(&dp->dp_config_rwlock, RW_READER); 4072 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 4073 rw_exit(&dp->dp_config_rwlock); 4074 spa_close(spa, FTAG); 4075 if (error) 4076 return (error); 4077 4078 error = dmu_objset_from_ds(ds, &tosnap); 4079 if (error) { 4080 dsl_dataset_rele(ds, FTAG); 4081 return (error); 4082 } 4083 4084 if (zc->zc_fromobj != 0) { 4085 rw_enter(&dp->dp_config_rwlock, RW_READER); 4086 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom); 4087 rw_exit(&dp->dp_config_rwlock); 4088 if (error) { 4089 dsl_dataset_rele(ds, FTAG); 4090 return (error); 4091 } 4092 error = dmu_objset_from_ds(dsfrom, &fromsnap); 4093 if (error) { 4094 dsl_dataset_rele(dsfrom, FTAG); 4095 dsl_dataset_rele(ds, FTAG); 4096 return (error); 4097 } 4098 } 4099 4100 if (zc->zc_obj) { 4101 dsl_pool_t *dp = ds->ds_dir->dd_pool; 4102 4103 if (fromsnap != NULL) { 4104 dsl_dataset_rele(dsfrom, FTAG); 4105 dsl_dataset_rele(ds, FTAG); 4106 return (EINVAL); 4107 } 4108 4109 if (dsl_dir_is_clone(ds->ds_dir)) { 4110 rw_enter(&dp->dp_config_rwlock, RW_READER); 4111 error = dsl_dataset_hold_obj(dp, 4112 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom); 4113 rw_exit(&dp->dp_config_rwlock); 4114 if (error) { 4115 dsl_dataset_rele(ds, FTAG); 4116 return (error); 4117 } 4118 error = dmu_objset_from_ds(dsfrom, &fromsnap); 4119 if (error) { 4120 dsl_dataset_rele(dsfrom, FTAG); 4121 dsl_dataset_rele(ds, FTAG); 4122 return (error); 4123 } 4124 } 4125 } 4126 4127 if (estimate) { 4128 error = dmu_send_estimate(tosnap, fromsnap, 4129 &zc->zc_objset_type); 4130 } else { 4131 file_t *fp = getf(zc->zc_cookie); 4132 if (fp == NULL) { 4133 dsl_dataset_rele(ds, FTAG); 4134 if (dsfrom) 4135 dsl_dataset_rele(dsfrom, FTAG); 4136 return (EBADF); 4137 } 4138 4139 off = fp->f_offset; 4140 if (!far) 4141 error = dmu_send(tosnap, fromsnap, 4142 zc->zc_cookie, fp->f_vnode, &off); 4143 else 4144 error = far_send(tosnap, fromsnap, 4145 zc->zc_cookie, fp->f_vnode, &off); 4146 4147 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 4148 fp->f_offset = off; 4149 releasef(zc->zc_cookie); 4150 } 4151 if (dsfrom) 4152 dsl_dataset_rele(dsfrom, FTAG); 4153 dsl_dataset_rele(ds, FTAG); 4154 return (error); 4155 } 4156 4157 /* 4158 * inputs: 4159 * zc_name name of snapshot on which to report progress 4160 * zc_cookie file descriptor of send stream 4161 * 4162 * outputs: 4163 * zc_cookie number of bytes written in send stream thus far 4164 */ 4165 static int 4166 zfs_ioc_send_progress(zfs_cmd_t *zc) 4167 { 4168 dsl_dataset_t *ds; 4169 dmu_sendarg_t *dsp = NULL; 4170 int error; 4171 4172 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0) 4173 return (error); 4174 4175 mutex_enter(&ds->ds_sendstream_lock); 4176 4177 /* 4178 * Iterate over all the send streams currently active on this dataset. 4179 * If there's one which matches the specified file descriptor _and_ the 4180 * stream was started by the current process, return the progress of 4181 * that stream. 4182 */ 4183 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4184 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4185 if (dsp->dsa_outfd == zc->zc_cookie && 4186 dsp->dsa_proc == curproc) 4187 break; 4188 } 4189 4190 if (dsp != NULL) 4191 zc->zc_cookie = *(dsp->dsa_off); 4192 else 4193 error = ENOENT; 4194 4195 mutex_exit(&ds->ds_sendstream_lock); 4196 dsl_dataset_rele(ds, FTAG); 4197 return (error); 4198 } 4199 4200 static int 4201 zfs_ioc_inject_fault(zfs_cmd_t *zc) 4202 { 4203 int id, error; 4204 4205 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4206 &zc->zc_inject_record); 4207 4208 if (error == 0) 4209 zc->zc_guid = (uint64_t)id; 4210 4211 return (error); 4212 } 4213 4214 static int 4215 zfs_ioc_clear_fault(zfs_cmd_t *zc) 4216 { 4217 return (zio_clear_fault((int)zc->zc_guid)); 4218 } 4219 4220 static int 4221 zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4222 { 4223 int id = (int)zc->zc_guid; 4224 int error; 4225 4226 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4227 &zc->zc_inject_record); 4228 4229 zc->zc_guid = id; 4230 4231 return (error); 4232 } 4233 4234 static int 4235 zfs_ioc_error_log(zfs_cmd_t *zc) 4236 { 4237 spa_t *spa; 4238 int error; 4239 size_t count = (size_t)zc->zc_nvlist_dst_size; 4240 4241 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4242 return (error); 4243 4244 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4245 &count); 4246 if (error == 0) 4247 zc->zc_nvlist_dst_size = count; 4248 else 4249 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4250 4251 spa_close(spa, FTAG); 4252 4253 return (error); 4254 } 4255 4256 static int 4257 zfs_ioc_clear(zfs_cmd_t *zc) 4258 { 4259 spa_t *spa; 4260 vdev_t *vd; 4261 int error; 4262 4263 /* 4264 * On zpool clear we also fix up missing slogs 4265 */ 4266 mutex_enter(&spa_namespace_lock); 4267 spa = spa_lookup(zc->zc_name); 4268 if (spa == NULL) { 4269 mutex_exit(&spa_namespace_lock); 4270 return (EIO); 4271 } 4272 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4273 /* we need to let spa_open/spa_load clear the chains */ 4274 spa_set_log_state(spa, SPA_LOG_CLEAR); 4275 } 4276 spa->spa_last_open_failed = 0; 4277 mutex_exit(&spa_namespace_lock); 4278 4279 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4280 error = spa_open(zc->zc_name, &spa, FTAG); 4281 } else { 4282 nvlist_t *policy; 4283 nvlist_t *config = NULL; 4284 4285 if (zc->zc_nvlist_src == NULL) 4286 return (EINVAL); 4287 4288 if ((error = get_nvlist(zc->zc_nvlist_src, 4289 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4290 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4291 policy, &config); 4292 if (config != NULL) { 4293 int err; 4294 4295 if ((err = put_nvlist(zc, config)) != 0) 4296 error = err; 4297 nvlist_free(config); 4298 } 4299 nvlist_free(policy); 4300 } 4301 } 4302 4303 if (error) 4304 return (error); 4305 4306 spa_vdev_state_enter(spa, SCL_NONE); 4307 4308 if (zc->zc_guid == 0) { 4309 vd = NULL; 4310 } else { 4311 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4312 if (vd == NULL) { 4313 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4314 spa_close(spa, FTAG); 4315 return (ENODEV); 4316 } 4317 } 4318 4319 vdev_clear(spa, vd); 4320 4321 (void) spa_vdev_state_exit(spa, NULL, 0); 4322 4323 /* 4324 * Resume any suspended I/Os. 4325 */ 4326 if (zio_resume(spa) != 0) 4327 error = EIO; 4328 4329 spa_close(spa, FTAG); 4330 4331 return (error); 4332 } 4333 4334 static int 4335 zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4336 { 4337 spa_t *spa; 4338 int error; 4339 4340 error = spa_open(zc->zc_name, &spa, FTAG); 4341 if (error) 4342 return (error); 4343 4344 spa_vdev_state_enter(spa, SCL_NONE); 4345 4346 /* 4347 * If a resilver is already in progress then set the 4348 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4349 * the scan as a side effect of the reopen. Otherwise, let 4350 * vdev_open() decided if a resilver is required. 4351 */ 4352 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4353 vdev_reopen(spa->spa_root_vdev); 4354 spa->spa_scrub_reopen = B_FALSE; 4355 4356 (void) spa_vdev_state_exit(spa, NULL, 0); 4357 spa_close(spa, FTAG); 4358 return (0); 4359 } 4360 /* 4361 * inputs: 4362 * zc_name name of filesystem 4363 * zc_value name of origin snapshot 4364 * 4365 * outputs: 4366 * zc_string name of conflicting snapshot, if there is one 4367 */ 4368 static int 4369 zfs_ioc_promote(zfs_cmd_t *zc) 4370 { 4371 char *cp; 4372 4373 /* 4374 * We don't need to unmount *all* the origin fs's snapshots, but 4375 * it's easier. 4376 */ 4377 cp = strchr(zc->zc_value, '@'); 4378 if (cp) 4379 *cp = '\0'; 4380 (void) dmu_objset_find(zc->zc_value, 4381 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS); 4382 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4383 } 4384 4385 /* 4386 * Retrieve a single {user|group}{used|quota}@... property. 4387 * 4388 * inputs: 4389 * zc_name name of filesystem 4390 * zc_objset_type zfs_userquota_prop_t 4391 * zc_value domain name (eg. "S-1-234-567-89") 4392 * zc_guid RID/UID/GID 4393 * 4394 * outputs: 4395 * zc_cookie property value 4396 */ 4397 static int 4398 zfs_ioc_userspace_one(zfs_cmd_t *zc) 4399 { 4400 zfsvfs_t *zfsvfs; 4401 int error; 4402 4403 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4404 return (EINVAL); 4405 4406 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4407 if (error) 4408 return (error); 4409 4410 error = zfs_userspace_one(zfsvfs, 4411 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4412 zfsvfs_rele(zfsvfs, FTAG); 4413 4414 return (error); 4415 } 4416 4417 /* 4418 * inputs: 4419 * zc_name name of filesystem 4420 * zc_cookie zap cursor 4421 * zc_objset_type zfs_userquota_prop_t 4422 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4423 * 4424 * outputs: 4425 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4426 * zc_cookie zap cursor 4427 */ 4428 static int 4429 zfs_ioc_userspace_many(zfs_cmd_t *zc) 4430 { 4431 zfsvfs_t *zfsvfs; 4432 int bufsize = zc->zc_nvlist_dst_size; 4433 4434 if (bufsize <= 0) 4435 return (ENOMEM); 4436 4437 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4438 if (error) 4439 return (error); 4440 4441 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4442 4443 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4444 buf, &zc->zc_nvlist_dst_size); 4445 4446 if (error == 0) { 4447 error = xcopyout(buf, 4448 (void *)(uintptr_t)zc->zc_nvlist_dst, 4449 zc->zc_nvlist_dst_size); 4450 } 4451 kmem_free(buf, bufsize); 4452 zfsvfs_rele(zfsvfs, FTAG); 4453 4454 return (error); 4455 } 4456 4457 /* 4458 * inputs: 4459 * zc_name name of filesystem 4460 * 4461 * outputs: 4462 * none 4463 */ 4464 static int 4465 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 4466 { 4467 objset_t *os; 4468 int error = 0; 4469 zfsvfs_t *zfsvfs; 4470 4471 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 4472 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 4473 /* 4474 * If userused is not enabled, it may be because the 4475 * objset needs to be closed & reopened (to grow the 4476 * objset_phys_t). Suspend/resume the fs will do that. 4477 */ 4478 error = zfs_suspend_fs(zfsvfs); 4479 if (error == 0) 4480 error = zfs_resume_fs(zfsvfs, zc->zc_name); 4481 } 4482 if (error == 0) 4483 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 4484 VFS_RELE(zfsvfs->z_vfs); 4485 } else { 4486 /* XXX kind of reading contents without owning */ 4487 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 4488 if (error) 4489 return (error); 4490 4491 error = dmu_objset_userspace_upgrade(os); 4492 dmu_objset_rele(os, FTAG); 4493 } 4494 4495 return (error); 4496 } 4497 4498 /* 4499 * We don't want to have a hard dependency 4500 * against some special symbols in sharefs 4501 * nfs, and smbsrv. Determine them if needed when 4502 * the first file system is shared. 4503 * Neither sharefs, nfs or smbsrv are unloadable modules. 4504 */ 4505 int (*znfsexport_fs)(void *arg); 4506 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 4507 int (*zsmbexport_fs)(void *arg, boolean_t add_share); 4508 4509 int zfs_nfsshare_inited; 4510 int zfs_smbshare_inited; 4511 4512 ddi_modhandle_t nfs_mod; 4513 ddi_modhandle_t sharefs_mod; 4514 ddi_modhandle_t smbsrv_mod; 4515 kmutex_t zfs_share_lock; 4516 4517 static int 4518 zfs_init_sharefs() 4519 { 4520 int error; 4521 4522 ASSERT(MUTEX_HELD(&zfs_share_lock)); 4523 /* Both NFS and SMB shares also require sharetab support. */ 4524 if (sharefs_mod == NULL && ((sharefs_mod = 4525 ddi_modopen("fs/sharefs", 4526 KRTLD_MODE_FIRST, &error)) == NULL)) { 4527 return (ENOSYS); 4528 } 4529 if (zshare_fs == NULL && ((zshare_fs = 4530 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 4531 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 4532 return (ENOSYS); 4533 } 4534 return (0); 4535 } 4536 4537 static int 4538 zfs_ioc_share(zfs_cmd_t *zc) 4539 { 4540 int error; 4541 int opcode; 4542 4543 switch (zc->zc_share.z_sharetype) { 4544 case ZFS_SHARE_NFS: 4545 case ZFS_UNSHARE_NFS: 4546 if (zfs_nfsshare_inited == 0) { 4547 mutex_enter(&zfs_share_lock); 4548 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 4549 KRTLD_MODE_FIRST, &error)) == NULL)) { 4550 mutex_exit(&zfs_share_lock); 4551 return (ENOSYS); 4552 } 4553 if (znfsexport_fs == NULL && 4554 ((znfsexport_fs = (int (*)(void *)) 4555 ddi_modsym(nfs_mod, 4556 "nfs_export", &error)) == NULL)) { 4557 mutex_exit(&zfs_share_lock); 4558 return (ENOSYS); 4559 } 4560 error = zfs_init_sharefs(); 4561 if (error) { 4562 mutex_exit(&zfs_share_lock); 4563 return (ENOSYS); 4564 } 4565 zfs_nfsshare_inited = 1; 4566 mutex_exit(&zfs_share_lock); 4567 } 4568 break; 4569 case ZFS_SHARE_SMB: 4570 case ZFS_UNSHARE_SMB: 4571 if (zfs_smbshare_inited == 0) { 4572 mutex_enter(&zfs_share_lock); 4573 if (smbsrv_mod == NULL && ((smbsrv_mod = 4574 ddi_modopen("drv/smbsrv", 4575 KRTLD_MODE_FIRST, &error)) == NULL)) { 4576 mutex_exit(&zfs_share_lock); 4577 return (ENOSYS); 4578 } 4579 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 4580 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 4581 "smb_server_share", &error)) == NULL)) { 4582 mutex_exit(&zfs_share_lock); 4583 return (ENOSYS); 4584 } 4585 error = zfs_init_sharefs(); 4586 if (error) { 4587 mutex_exit(&zfs_share_lock); 4588 return (ENOSYS); 4589 } 4590 zfs_smbshare_inited = 1; 4591 mutex_exit(&zfs_share_lock); 4592 } 4593 break; 4594 default: 4595 return (EINVAL); 4596 } 4597 4598 switch (zc->zc_share.z_sharetype) { 4599 case ZFS_SHARE_NFS: 4600 case ZFS_UNSHARE_NFS: 4601 if (error = 4602 znfsexport_fs((void *) 4603 (uintptr_t)zc->zc_share.z_exportdata)) 4604 return (error); 4605 break; 4606 case ZFS_SHARE_SMB: 4607 case ZFS_UNSHARE_SMB: 4608 if (error = zsmbexport_fs((void *) 4609 (uintptr_t)zc->zc_share.z_exportdata, 4610 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 4611 B_TRUE: B_FALSE)) { 4612 return (error); 4613 } 4614 break; 4615 } 4616 4617 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 4618 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 4619 SHAREFS_ADD : SHAREFS_REMOVE; 4620 4621 /* 4622 * Add or remove share from sharetab 4623 */ 4624 error = zshare_fs(opcode, 4625 (void *)(uintptr_t)zc->zc_share.z_sharedata, 4626 zc->zc_share.z_sharemax); 4627 4628 return (error); 4629 4630 } 4631 4632 ace_t full_access[] = { 4633 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 4634 }; 4635 4636 /* 4637 * inputs: 4638 * zc_name name of containing filesystem 4639 * zc_obj object # beyond which we want next in-use object # 4640 * 4641 * outputs: 4642 * zc_obj next in-use object # 4643 */ 4644 static int 4645 zfs_ioc_next_obj(zfs_cmd_t *zc) 4646 { 4647 objset_t *os = NULL; 4648 int error; 4649 4650 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 4651 if (error) 4652 return (error); 4653 4654 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 4655 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg); 4656 4657 dmu_objset_rele(os, FTAG); 4658 return (error); 4659 } 4660 4661 /* 4662 * inputs: 4663 * zc_name name of filesystem 4664 * zc_value prefix name for snapshot 4665 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 4666 * 4667 * outputs: 4668 * zc_value short name of new snapshot 4669 */ 4670 static int 4671 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 4672 { 4673 char *snap_name; 4674 int error; 4675 4676 snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value, 4677 (u_longlong_t)ddi_get_lbolt64()); 4678 4679 if (strlen(snap_name) >= MAXPATHLEN) { 4680 strfree(snap_name); 4681 return (E2BIG); 4682 } 4683 4684 error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd); 4685 if (error != 0) { 4686 strfree(snap_name); 4687 return (error); 4688 } 4689 4690 (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1); 4691 strfree(snap_name); 4692 return (0); 4693 } 4694 4695 /* 4696 * inputs: 4697 * zc_name name of "to" snapshot 4698 * zc_value name of "from" snapshot 4699 * zc_cookie file descriptor to write diff data on 4700 * 4701 * outputs: 4702 * dmu_diff_record_t's to the file descriptor 4703 */ 4704 static int 4705 zfs_ioc_diff(zfs_cmd_t *zc) 4706 { 4707 objset_t *fromsnap; 4708 objset_t *tosnap; 4709 file_t *fp; 4710 offset_t off; 4711 int error; 4712 4713 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap); 4714 if (error) 4715 return (error); 4716 4717 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap); 4718 if (error) { 4719 dmu_objset_rele(tosnap, FTAG); 4720 return (error); 4721 } 4722 4723 fp = getf(zc->zc_cookie); 4724 if (fp == NULL) { 4725 dmu_objset_rele(fromsnap, FTAG); 4726 dmu_objset_rele(tosnap, FTAG); 4727 return (EBADF); 4728 } 4729 4730 off = fp->f_offset; 4731 4732 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off); 4733 4734 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 4735 fp->f_offset = off; 4736 releasef(zc->zc_cookie); 4737 4738 dmu_objset_rele(fromsnap, FTAG); 4739 dmu_objset_rele(tosnap, FTAG); 4740 return (error); 4741 } 4742 4743 /* 4744 * Remove all ACL files in shares dir 4745 */ 4746 static int 4747 zfs_smb_acl_purge(znode_t *dzp) 4748 { 4749 zap_cursor_t zc; 4750 zap_attribute_t zap; 4751 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 4752 int error; 4753 4754 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 4755 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 4756 zap_cursor_advance(&zc)) { 4757 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 4758 NULL, 0)) != 0) 4759 break; 4760 } 4761 zap_cursor_fini(&zc); 4762 return (error); 4763 } 4764 4765 static int 4766 zfs_ioc_smb_acl(zfs_cmd_t *zc) 4767 { 4768 vnode_t *vp; 4769 znode_t *dzp; 4770 vnode_t *resourcevp = NULL; 4771 znode_t *sharedir; 4772 zfsvfs_t *zfsvfs; 4773 nvlist_t *nvlist; 4774 char *src, *target; 4775 vattr_t vattr; 4776 vsecattr_t vsec; 4777 int error = 0; 4778 4779 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 4780 NO_FOLLOW, NULL, &vp)) != 0) 4781 return (error); 4782 4783 /* Now make sure mntpnt and dataset are ZFS */ 4784 4785 if (vp->v_vfsp->vfs_fstype != zfsfstype || 4786 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 4787 zc->zc_name) != 0)) { 4788 VN_RELE(vp); 4789 return (EINVAL); 4790 } 4791 4792 dzp = VTOZ(vp); 4793 zfsvfs = dzp->z_zfsvfs; 4794 ZFS_ENTER(zfsvfs); 4795 4796 /* 4797 * Create share dir if its missing. 4798 */ 4799 mutex_enter(&zfsvfs->z_lock); 4800 if (zfsvfs->z_shares_dir == 0) { 4801 dmu_tx_t *tx; 4802 4803 tx = dmu_tx_create(zfsvfs->z_os); 4804 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 4805 ZFS_SHARES_DIR); 4806 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 4807 error = dmu_tx_assign(tx, TXG_WAIT); 4808 if (error) { 4809 dmu_tx_abort(tx); 4810 } else { 4811 error = zfs_create_share_dir(zfsvfs, tx); 4812 dmu_tx_commit(tx); 4813 } 4814 if (error) { 4815 mutex_exit(&zfsvfs->z_lock); 4816 VN_RELE(vp); 4817 ZFS_EXIT(zfsvfs); 4818 return (error); 4819 } 4820 } 4821 mutex_exit(&zfsvfs->z_lock); 4822 4823 ASSERT(zfsvfs->z_shares_dir); 4824 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 4825 VN_RELE(vp); 4826 ZFS_EXIT(zfsvfs); 4827 return (error); 4828 } 4829 4830 switch (zc->zc_cookie) { 4831 case ZFS_SMB_ACL_ADD: 4832 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 4833 vattr.va_type = VREG; 4834 vattr.va_mode = S_IFREG|0777; 4835 vattr.va_uid = 0; 4836 vattr.va_gid = 0; 4837 4838 vsec.vsa_mask = VSA_ACE; 4839 vsec.vsa_aclentp = &full_access; 4840 vsec.vsa_aclentsz = sizeof (full_access); 4841 vsec.vsa_aclcnt = 1; 4842 4843 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 4844 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 4845 if (resourcevp) 4846 VN_RELE(resourcevp); 4847 break; 4848 4849 case ZFS_SMB_ACL_REMOVE: 4850 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 4851 NULL, 0); 4852 break; 4853 4854 case ZFS_SMB_ACL_RENAME: 4855 if ((error = get_nvlist(zc->zc_nvlist_src, 4856 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 4857 VN_RELE(vp); 4858 ZFS_EXIT(zfsvfs); 4859 return (error); 4860 } 4861 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 4862 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 4863 &target)) { 4864 VN_RELE(vp); 4865 VN_RELE(ZTOV(sharedir)); 4866 ZFS_EXIT(zfsvfs); 4867 nvlist_free(nvlist); 4868 return (error); 4869 } 4870 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 4871 kcred, NULL, 0); 4872 nvlist_free(nvlist); 4873 break; 4874 4875 case ZFS_SMB_ACL_PURGE: 4876 error = zfs_smb_acl_purge(sharedir); 4877 break; 4878 4879 default: 4880 error = EINVAL; 4881 break; 4882 } 4883 4884 VN_RELE(vp); 4885 VN_RELE(ZTOV(sharedir)); 4886 4887 ZFS_EXIT(zfsvfs); 4888 4889 return (error); 4890 } 4891 4892 /* 4893 * inputs: 4894 * zc_name name of filesystem 4895 * zc_value short name of snap 4896 * zc_string user-supplied tag for this hold 4897 * zc_cookie recursive flag 4898 * zc_temphold set if hold is temporary 4899 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 4900 * zc_sendobj if non-zero, the objid for zc_name@zc_value 4901 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg 4902 * 4903 * outputs: none 4904 */ 4905 static int 4906 zfs_ioc_hold(zfs_cmd_t *zc) 4907 { 4908 boolean_t recursive = zc->zc_cookie; 4909 spa_t *spa; 4910 dsl_pool_t *dp; 4911 dsl_dataset_t *ds; 4912 int error; 4913 minor_t minor = 0; 4914 4915 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4916 return (EINVAL); 4917 4918 if (zc->zc_sendobj == 0) { 4919 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value, 4920 zc->zc_string, recursive, zc->zc_temphold, 4921 zc->zc_cleanup_fd)); 4922 } 4923 4924 if (recursive) 4925 return (EINVAL); 4926 4927 error = spa_open(zc->zc_name, &spa, FTAG); 4928 if (error) 4929 return (error); 4930 4931 dp = spa_get_dsl(spa); 4932 rw_enter(&dp->dp_config_rwlock, RW_READER); 4933 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 4934 rw_exit(&dp->dp_config_rwlock); 4935 spa_close(spa, FTAG); 4936 if (error) 4937 return (error); 4938 4939 /* 4940 * Until we have a hold on this snapshot, it's possible that 4941 * zc_sendobj could've been destroyed and reused as part 4942 * of a later txg. Make sure we're looking at the right object. 4943 */ 4944 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) { 4945 dsl_dataset_rele(ds, FTAG); 4946 return (ENOENT); 4947 } 4948 4949 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) { 4950 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 4951 if (error) { 4952 dsl_dataset_rele(ds, FTAG); 4953 return (error); 4954 } 4955 } 4956 4957 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string, 4958 zc->zc_temphold); 4959 if (minor != 0) { 4960 if (error == 0) { 4961 dsl_register_onexit_hold_cleanup(ds, zc->zc_string, 4962 minor); 4963 } 4964 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 4965 } 4966 dsl_dataset_rele(ds, FTAG); 4967 4968 return (error); 4969 } 4970 4971 /* 4972 * inputs: 4973 * zc_name name of dataset from which we're releasing a user hold 4974 * zc_value short name of snap 4975 * zc_string user-supplied tag for this hold 4976 * zc_cookie recursive flag 4977 * 4978 * outputs: none 4979 */ 4980 static int 4981 zfs_ioc_release(zfs_cmd_t *zc) 4982 { 4983 boolean_t recursive = zc->zc_cookie; 4984 4985 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0) 4986 return (EINVAL); 4987 4988 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value, 4989 zc->zc_string, recursive)); 4990 } 4991 4992 /* 4993 * inputs: 4994 * zc_name name of filesystem 4995 * 4996 * outputs: 4997 * zc_nvlist_src{_size} nvlist of snapshot holds 4998 */ 4999 static int 5000 zfs_ioc_get_holds(zfs_cmd_t *zc) 5001 { 5002 nvlist_t *nvp; 5003 int error; 5004 5005 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) { 5006 error = put_nvlist(zc, nvp); 5007 nvlist_free(nvp); 5008 } 5009 5010 return (error); 5011 } 5012 5013 /* 5014 * inputs: 5015 * zc_name name of new filesystem or snapshot 5016 * zc_value full name of old snapshot 5017 * 5018 * outputs: 5019 * zc_cookie space in bytes 5020 * zc_objset_type compressed space in bytes 5021 * zc_perm_action uncompressed space in bytes 5022 */ 5023 static int 5024 zfs_ioc_space_written(zfs_cmd_t *zc) 5025 { 5026 int error; 5027 dsl_dataset_t *new, *old; 5028 5029 error = dsl_dataset_hold(zc->zc_name, FTAG, &new); 5030 if (error != 0) 5031 return (error); 5032 error = dsl_dataset_hold(zc->zc_value, FTAG, &old); 5033 if (error != 0) { 5034 dsl_dataset_rele(new, FTAG); 5035 return (error); 5036 } 5037 5038 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5039 &zc->zc_objset_type, &zc->zc_perm_action); 5040 dsl_dataset_rele(old, FTAG); 5041 dsl_dataset_rele(new, FTAG); 5042 return (error); 5043 } 5044 /* 5045 * innvl: { 5046 * "firstsnap" -> snapshot name 5047 * } 5048 * 5049 * outnvl: { 5050 * "used" -> space in bytes 5051 * "compressed" -> compressed space in bytes 5052 * "uncompressed" -> uncompressed space in bytes 5053 * } 5054 */ 5055 static int 5056 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5057 { 5058 int error; 5059 dsl_dataset_t *new, *old; 5060 char *firstsnap; 5061 uint64_t used, comp, uncomp; 5062 5063 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5064 return (EINVAL); 5065 5066 error = dsl_dataset_hold(lastsnap, FTAG, &new); 5067 if (error != 0) 5068 return (error); 5069 error = dsl_dataset_hold(firstsnap, FTAG, &old); 5070 if (error != 0) { 5071 dsl_dataset_rele(new, FTAG); 5072 return (error); 5073 } 5074 5075 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5076 dsl_dataset_rele(old, FTAG); 5077 dsl_dataset_rele(new, FTAG); 5078 fnvlist_add_uint64(outnvl, "used", used); 5079 fnvlist_add_uint64(outnvl, "compressed", comp); 5080 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5081 return (error); 5082 } 5083 5084 /* 5085 * innvl: { 5086 * "fd" -> file descriptor to write stream to (int32) 5087 * (optional) "fromsnap" -> full snap name to send an incremental from 5088 * } 5089 * 5090 * outnvl is unused 5091 */ 5092 /* ARGSUSED */ 5093 static int 5094 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5095 { 5096 objset_t *fromsnap = NULL; 5097 objset_t *tosnap; 5098 int error; 5099 offset_t off; 5100 char *fromname; 5101 int fd; 5102 int far; 5103 5104 error = nvlist_lookup_int32(innvl, "fd", &fd); 5105 if (error != 0) 5106 return (EINVAL); 5107 5108 error = nvlist_lookup_int32(innvl, "far", &far); 5109 if (error != 0 && error != ENOENT) 5110 return (EINVAL); 5111 5112 error = dmu_objset_hold(snapname, FTAG, &tosnap); 5113 if (error) 5114 return (error); 5115 5116 error = nvlist_lookup_string(innvl, "fromsnap", &fromname); 5117 if (error == 0) { 5118 error = dmu_objset_hold(fromname, FTAG, &fromsnap); 5119 if (error) { 5120 dmu_objset_rele(tosnap, FTAG); 5121 return (error); 5122 } 5123 } 5124 5125 file_t *fp = getf(fd); 5126 if (fp == NULL) { 5127 dmu_objset_rele(tosnap, FTAG); 5128 if (fromsnap != NULL) 5129 dmu_objset_rele(fromsnap, FTAG); 5130 return (EBADF); 5131 } 5132 5133 off = fp->f_offset; 5134 if (!far) 5135 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off); 5136 else 5137 error = far_send(tosnap, fromsnap, fd, fp->f_vnode, &off); 5138 5139 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5140 fp->f_offset = off; 5141 releasef(fd); 5142 if (fromsnap != NULL) 5143 dmu_objset_rele(fromsnap, FTAG); 5144 dmu_objset_rele(tosnap, FTAG); 5145 return (error); 5146 } 5147 5148 /* 5149 * Determine approximately how large a zfs send stream will be -- the number 5150 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5151 * 5152 * innvl: { 5153 * (optional) "fromsnap" -> full snap name to send an incremental from 5154 * } 5155 * 5156 * outnvl: { 5157 * "space" -> bytes of space (uint64) 5158 * } 5159 */ 5160 static int 5161 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5162 { 5163 objset_t *fromsnap = NULL; 5164 objset_t *tosnap; 5165 int error; 5166 char *fromname; 5167 uint64_t space; 5168 5169 error = dmu_objset_hold(snapname, FTAG, &tosnap); 5170 if (error) 5171 return (error); 5172 5173 error = nvlist_lookup_string(innvl, "fromsnap", &fromname); 5174 if (error == 0) { 5175 error = dmu_objset_hold(fromname, FTAG, &fromsnap); 5176 if (error) { 5177 dmu_objset_rele(tosnap, FTAG); 5178 return (error); 5179 } 5180 } 5181 5182 error = dmu_send_estimate(tosnap, fromsnap, &space); 5183 fnvlist_add_uint64(outnvl, "space", space); 5184 5185 if (fromsnap != NULL) 5186 dmu_objset_rele(fromsnap, FTAG); 5187 dmu_objset_rele(tosnap, FTAG); 5188 return (error); 5189 } 5190 5191 5192 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5193 5194 static void 5195 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5196 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5197 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5198 { 5199 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5200 5201 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5202 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5203 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5204 ASSERT3P(vec->zvec_func, ==, NULL); 5205 5206 vec->zvec_legacy_func = func; 5207 vec->zvec_secpolicy = secpolicy; 5208 vec->zvec_namecheck = namecheck; 5209 vec->zvec_allow_log = log_history; 5210 vec->zvec_pool_check = pool_check; 5211 } 5212 5213 /* 5214 * See the block comment at the beginning of this file for details on 5215 * each argument to this function. 5216 */ 5217 static void 5218 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5219 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5220 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5221 boolean_t allow_log) 5222 { 5223 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5224 5225 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5226 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5227 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5228 ASSERT3P(vec->zvec_func, ==, NULL); 5229 5230 /* if we are logging, the name must be valid */ 5231 ASSERT(!allow_log || namecheck != NO_NAME); 5232 5233 vec->zvec_name = name; 5234 vec->zvec_func = func; 5235 vec->zvec_secpolicy = secpolicy; 5236 vec->zvec_namecheck = namecheck; 5237 vec->zvec_pool_check = pool_check; 5238 vec->zvec_smush_outnvlist = smush_outnvlist; 5239 vec->zvec_allow_log = allow_log; 5240 } 5241 5242 static void 5243 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5244 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5245 zfs_ioc_poolcheck_t pool_check) 5246 { 5247 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5248 POOL_NAME, log_history, pool_check); 5249 } 5250 5251 static void 5252 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5253 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5254 { 5255 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5256 DATASET_NAME, B_FALSE, pool_check); 5257 } 5258 5259 static void 5260 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5261 { 5262 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5263 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5264 } 5265 5266 static void 5267 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5268 zfs_secpolicy_func_t *secpolicy) 5269 { 5270 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5271 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5272 } 5273 5274 static void 5275 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5276 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5277 { 5278 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5279 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5280 } 5281 5282 static void 5283 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5284 { 5285 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5286 zfs_secpolicy_read); 5287 } 5288 5289 static void 5290 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5291 zfs_secpolicy_func_t *secpolicy) 5292 { 5293 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5294 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5295 } 5296 5297 static void 5298 zfs_ioctl_init(void) 5299 { 5300 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5301 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5302 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5303 5304 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5305 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5306 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5307 5308 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5309 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5310 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5311 5312 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5313 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5314 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5315 5316 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5317 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5318 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5319 5320 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5321 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5322 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5323 5324 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5325 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5326 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5327 5328 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5329 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5330 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5331 5332 /* IOCTLS that use the legacy function signature */ 5333 5334 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5335 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 5336 5337 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 5338 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5339 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 5340 zfs_ioc_pool_scan); 5341 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 5342 zfs_ioc_pool_upgrade); 5343 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 5344 zfs_ioc_vdev_add); 5345 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 5346 zfs_ioc_vdev_remove); 5347 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 5348 zfs_ioc_vdev_set_state); 5349 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 5350 zfs_ioc_vdev_attach); 5351 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 5352 zfs_ioc_vdev_detach); 5353 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 5354 zfs_ioc_vdev_setpath); 5355 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 5356 zfs_ioc_vdev_setfru); 5357 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 5358 zfs_ioc_pool_set_props); 5359 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 5360 zfs_ioc_vdev_split); 5361 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 5362 zfs_ioc_pool_reguid); 5363 5364 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 5365 zfs_ioc_pool_configs, zfs_secpolicy_none); 5366 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 5367 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 5368 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 5369 zfs_ioc_inject_fault, zfs_secpolicy_inject); 5370 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 5371 zfs_ioc_clear_fault, zfs_secpolicy_inject); 5372 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 5373 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 5374 5375 /* 5376 * pool destroy, and export don't log the history as part of 5377 * zfsdev_ioctl, but rather zfs_ioc_pool_export 5378 * does the logging of those commands. 5379 */ 5380 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 5381 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 5382 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 5383 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 5384 5385 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 5386 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 5387 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 5388 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 5389 5390 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 5391 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED); 5392 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 5393 zfs_ioc_dsobj_to_dsname, 5394 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED); 5395 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 5396 zfs_ioc_pool_get_history, 5397 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 5398 5399 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 5400 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5401 5402 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 5403 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 5404 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 5405 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 5406 5407 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 5408 zfs_ioc_space_written); 5409 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS, 5410 zfs_ioc_get_holds); 5411 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 5412 zfs_ioc_objset_recvd_props); 5413 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 5414 zfs_ioc_next_obj); 5415 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 5416 zfs_ioc_get_fsacl); 5417 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 5418 zfs_ioc_objset_stats); 5419 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 5420 zfs_ioc_objset_zplprops); 5421 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 5422 zfs_ioc_dataset_list_next); 5423 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 5424 zfs_ioc_snapshot_list_next); 5425 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 5426 zfs_ioc_send_progress); 5427 5428 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 5429 zfs_ioc_diff, zfs_secpolicy_diff); 5430 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 5431 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 5432 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 5433 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 5434 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 5435 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 5436 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 5437 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 5438 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 5439 zfs_ioc_send, zfs_secpolicy_send); 5440 5441 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 5442 zfs_secpolicy_none); 5443 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 5444 zfs_secpolicy_destroy); 5445 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback, 5446 zfs_secpolicy_rollback); 5447 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 5448 zfs_secpolicy_rename); 5449 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 5450 zfs_secpolicy_recv); 5451 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 5452 zfs_secpolicy_promote); 5453 zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold, 5454 zfs_secpolicy_hold); 5455 zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release, 5456 zfs_secpolicy_release); 5457 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 5458 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 5459 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 5460 zfs_secpolicy_set_fsacl); 5461 5462 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 5463 zfs_secpolicy_share, POOL_CHECK_NONE); 5464 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 5465 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 5466 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 5467 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 5468 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5469 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 5470 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 5471 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5472 } 5473 5474 int 5475 pool_status_check(const char *name, zfs_ioc_namecheck_t type, 5476 zfs_ioc_poolcheck_t check) 5477 { 5478 spa_t *spa; 5479 int error; 5480 5481 ASSERT(type == POOL_NAME || type == DATASET_NAME); 5482 5483 if (check & POOL_CHECK_NONE) 5484 return (0); 5485 5486 error = spa_open(name, &spa, FTAG); 5487 if (error == 0) { 5488 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 5489 error = EAGAIN; 5490 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 5491 error = EROFS; 5492 spa_close(spa, FTAG); 5493 } 5494 return (error); 5495 } 5496 5497 /* 5498 * Find a free minor number. 5499 */ 5500 minor_t 5501 zfsdev_minor_alloc(void) 5502 { 5503 static minor_t last_minor; 5504 minor_t m; 5505 5506 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 5507 5508 for (m = last_minor + 1; m != last_minor; m++) { 5509 if (m > ZFSDEV_MAX_MINOR) 5510 m = 1; 5511 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 5512 last_minor = m; 5513 return (m); 5514 } 5515 } 5516 5517 return (0); 5518 } 5519 5520 static int 5521 zfs_ctldev_init(dev_t *devp) 5522 { 5523 minor_t minor; 5524 zfs_soft_state_t *zs; 5525 5526 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 5527 ASSERT(getminor(*devp) == 0); 5528 5529 minor = zfsdev_minor_alloc(); 5530 if (minor == 0) 5531 return (ENXIO); 5532 5533 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 5534 return (EAGAIN); 5535 5536 *devp = makedevice(getemajor(*devp), minor); 5537 5538 zs = ddi_get_soft_state(zfsdev_state, minor); 5539 zs->zss_type = ZSST_CTLDEV; 5540 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 5541 5542 return (0); 5543 } 5544 5545 static void 5546 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 5547 { 5548 ASSERT(MUTEX_HELD(&zfsdev_state_lock)); 5549 5550 zfs_onexit_destroy(zo); 5551 ddi_soft_state_free(zfsdev_state, minor); 5552 } 5553 5554 void * 5555 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 5556 { 5557 zfs_soft_state_t *zp; 5558 5559 zp = ddi_get_soft_state(zfsdev_state, minor); 5560 if (zp == NULL || zp->zss_type != which) 5561 return (NULL); 5562 5563 return (zp->zss_data); 5564 } 5565 5566 static int 5567 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr) 5568 { 5569 int error = 0; 5570 5571 if (getminor(*devp) != 0) 5572 return (zvol_open(devp, flag, otyp, cr)); 5573 5574 /* This is the control device. Allocate a new minor if requested. */ 5575 if (flag & FEXCL) { 5576 mutex_enter(&zfsdev_state_lock); 5577 error = zfs_ctldev_init(devp); 5578 mutex_exit(&zfsdev_state_lock); 5579 } 5580 5581 return (error); 5582 } 5583 5584 static int 5585 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr) 5586 { 5587 zfs_onexit_t *zo; 5588 minor_t minor = getminor(dev); 5589 5590 if (minor == 0) 5591 return (0); 5592 5593 mutex_enter(&zfsdev_state_lock); 5594 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 5595 if (zo == NULL) { 5596 mutex_exit(&zfsdev_state_lock); 5597 return (zvol_close(dev, flag, otyp, cr)); 5598 } 5599 zfs_ctldev_destroy(zo, minor); 5600 mutex_exit(&zfsdev_state_lock); 5601 5602 return (0); 5603 } 5604 5605 static int 5606 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp) 5607 { 5608 zfs_cmd_t *zc; 5609 uint_t vecnum; 5610 int error, rc, len; 5611 minor_t minor = getminor(dev); 5612 const zfs_ioc_vec_t *vec; 5613 char *saved_poolname = NULL; 5614 nvlist_t *innvl = NULL; 5615 5616 if (minor != 0 && 5617 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL) 5618 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp)); 5619 5620 vecnum = cmd - ZFS_IOC_FIRST; 5621 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 5622 5623 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 5624 return (EINVAL); 5625 vec = &zfs_ioc_vec[vecnum]; 5626 5627 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 5628 5629 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 5630 if (error != 0) { 5631 error = EFAULT; 5632 goto out; 5633 } 5634 5635 zc->zc_iflags = flag & FKIOCTL; 5636 if (zc->zc_nvlist_src_size != 0) { 5637 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 5638 zc->zc_iflags, &innvl); 5639 if (error != 0) 5640 goto out; 5641 } 5642 5643 /* 5644 * Ensure that all pool/dataset names are valid before we pass down to 5645 * the lower layers. 5646 */ 5647 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 5648 switch (vec->zvec_namecheck) { 5649 case POOL_NAME: 5650 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 5651 error = EINVAL; 5652 else 5653 error = pool_status_check(zc->zc_name, 5654 vec->zvec_namecheck, vec->zvec_pool_check); 5655 break; 5656 5657 case DATASET_NAME: 5658 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 5659 error = EINVAL; 5660 else 5661 error = pool_status_check(zc->zc_name, 5662 vec->zvec_namecheck, vec->zvec_pool_check); 5663 break; 5664 5665 case NO_NAME: 5666 break; 5667 } 5668 5669 5670 if (error == 0 && !(flag & FKIOCTL)) 5671 error = vec->zvec_secpolicy(zc, innvl, cr); 5672 5673 if (error != 0) 5674 goto out; 5675 5676 /* legacy ioctls can modify zc_name */ 5677 len = strcspn(zc->zc_name, "/@") + 1; 5678 saved_poolname = kmem_alloc(len, KM_SLEEP); 5679 (void) strlcpy(saved_poolname, zc->zc_name, len); 5680 5681 if (vec->zvec_func != NULL) { 5682 nvlist_t *outnvl; 5683 int puterror = 0; 5684 spa_t *spa; 5685 nvlist_t *lognv = NULL; 5686 5687 ASSERT(vec->zvec_legacy_func == NULL); 5688 5689 /* 5690 * Add the innvl to the lognv before calling the func, 5691 * in case the func changes the innvl. 5692 */ 5693 if (vec->zvec_allow_log) { 5694 lognv = fnvlist_alloc(); 5695 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 5696 vec->zvec_name); 5697 if (!nvlist_empty(innvl)) { 5698 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 5699 innvl); 5700 } 5701 } 5702 5703 outnvl = fnvlist_alloc(); 5704 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 5705 5706 if (error == 0 && vec->zvec_allow_log && 5707 spa_open(zc->zc_name, &spa, FTAG) == 0) { 5708 if (!nvlist_empty(outnvl)) { 5709 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 5710 outnvl); 5711 } 5712 (void) spa_history_log_nvl(spa, lognv); 5713 spa_close(spa, FTAG); 5714 } 5715 fnvlist_free(lognv); 5716 5717 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 5718 int smusherror = 0; 5719 if (vec->zvec_smush_outnvlist) { 5720 smusherror = nvlist_smush(outnvl, 5721 zc->zc_nvlist_dst_size); 5722 } 5723 if (smusherror == 0) 5724 puterror = put_nvlist(zc, outnvl); 5725 } 5726 5727 if (puterror != 0) 5728 error = puterror; 5729 5730 nvlist_free(outnvl); 5731 } else { 5732 error = vec->zvec_legacy_func(zc); 5733 } 5734 5735 out: 5736 nvlist_free(innvl); 5737 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 5738 if (error == 0 && rc != 0) 5739 error = EFAULT; 5740 if (error == 0 && vec->zvec_allow_log) { 5741 char *s = tsd_get(zfs_allow_log_key); 5742 if (s != NULL) 5743 strfree(s); 5744 (void) tsd_set(zfs_allow_log_key, saved_poolname); 5745 } else { 5746 if (saved_poolname != NULL) 5747 strfree(saved_poolname); 5748 } 5749 5750 kmem_free(zc, sizeof (zfs_cmd_t)); 5751 return (error); 5752 } 5753 5754 static int 5755 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 5756 { 5757 if (cmd != DDI_ATTACH) 5758 return (DDI_FAILURE); 5759 5760 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 5761 DDI_PSEUDO, 0) == DDI_FAILURE) 5762 return (DDI_FAILURE); 5763 5764 zfs_dip = dip; 5765 5766 ddi_report_dev(dip); 5767 5768 return (DDI_SUCCESS); 5769 } 5770 5771 static int 5772 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 5773 { 5774 if (spa_busy() || zfs_busy() || zvol_busy()) 5775 return (DDI_FAILURE); 5776 5777 if (cmd != DDI_DETACH) 5778 return (DDI_FAILURE); 5779 5780 zfs_dip = NULL; 5781 5782 ddi_prop_remove_all(dip); 5783 ddi_remove_minor_node(dip, NULL); 5784 5785 return (DDI_SUCCESS); 5786 } 5787 5788 /*ARGSUSED*/ 5789 static int 5790 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 5791 { 5792 switch (infocmd) { 5793 case DDI_INFO_DEVT2DEVINFO: 5794 *result = zfs_dip; 5795 return (DDI_SUCCESS); 5796 5797 case DDI_INFO_DEVT2INSTANCE: 5798 *result = (void *)0; 5799 return (DDI_SUCCESS); 5800 } 5801 5802 return (DDI_FAILURE); 5803 } 5804 5805 /* 5806 * OK, so this is a little weird. 5807 * 5808 * /dev/zfs is the control node, i.e. minor 0. 5809 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 5810 * 5811 * /dev/zfs has basically nothing to do except serve up ioctls, 5812 * so most of the standard driver entry points are in zvol.c. 5813 */ 5814 static struct cb_ops zfs_cb_ops = { 5815 zfsdev_open, /* open */ 5816 zfsdev_close, /* close */ 5817 zvol_strategy, /* strategy */ 5818 nodev, /* print */ 5819 zvol_dump, /* dump */ 5820 zvol_read, /* read */ 5821 zvol_write, /* write */ 5822 zfsdev_ioctl, /* ioctl */ 5823 nodev, /* devmap */ 5824 nodev, /* mmap */ 5825 nodev, /* segmap */ 5826 nochpoll, /* poll */ 5827 ddi_prop_op, /* prop_op */ 5828 NULL, /* streamtab */ 5829 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 5830 CB_REV, /* version */ 5831 nodev, /* async read */ 5832 nodev, /* async write */ 5833 }; 5834 5835 static struct dev_ops zfs_dev_ops = { 5836 DEVO_REV, /* version */ 5837 0, /* refcnt */ 5838 zfs_info, /* info */ 5839 nulldev, /* identify */ 5840 nulldev, /* probe */ 5841 zfs_attach, /* attach */ 5842 zfs_detach, /* detach */ 5843 nodev, /* reset */ 5844 &zfs_cb_ops, /* driver operations */ 5845 NULL, /* no bus operations */ 5846 NULL, /* power */ 5847 ddi_quiesce_not_needed, /* quiesce */ 5848 }; 5849 5850 static struct modldrv zfs_modldrv = { 5851 &mod_driverops, 5852 "ZFS storage pool", 5853 &zfs_dev_ops 5854 }; 5855 5856 static struct modlinkage modlinkage = { 5857 MODREV_1, 5858 (void *)&zfs_modlfs, 5859 (void *)&zfs_modldrv, 5860 NULL 5861 }; 5862 5863 static void 5864 zfs_allow_log_destroy(void *arg) 5865 { 5866 char *poolname = arg; 5867 strfree(poolname); 5868 } 5869 5870 int 5871 _init(void) 5872 { 5873 int error; 5874 5875 spa_init(FREAD | FWRITE); 5876 zfs_init(); 5877 zvol_init(); 5878 zfs_ioctl_init(); 5879 5880 if ((error = mod_install(&modlinkage)) != 0) { 5881 zvol_fini(); 5882 zfs_fini(); 5883 spa_fini(); 5884 return (error); 5885 } 5886 5887 tsd_create(&zfs_fsyncer_key, NULL); 5888 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 5889 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 5890 5891 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 5892 ASSERT(error == 0); 5893 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 5894 5895 return (0); 5896 } 5897 5898 int 5899 _fini(void) 5900 { 5901 int error; 5902 5903 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 5904 return (EBUSY); 5905 5906 if ((error = mod_remove(&modlinkage)) != 0) 5907 return (error); 5908 5909 zvol_fini(); 5910 zfs_fini(); 5911 spa_fini(); 5912 if (zfs_nfsshare_inited) 5913 (void) ddi_modclose(nfs_mod); 5914 if (zfs_smbshare_inited) 5915 (void) ddi_modclose(smbsrv_mod); 5916 if (zfs_nfsshare_inited || zfs_smbshare_inited) 5917 (void) ddi_modclose(sharefs_mod); 5918 5919 tsd_destroy(&zfs_fsyncer_key); 5920 ldi_ident_release(zfs_li); 5921 zfs_li = NULL; 5922 mutex_destroy(&zfs_share_lock); 5923 5924 return (error); 5925 } 5926 5927 int 5928 _info(struct modinfo *modinfop) 5929 { 5930 return (mod_info(&modlinkage, modinfop)); 5931 }