1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 * Copyright (c) 2012 by Delphix. All rights reserved.
28 */
29
30 /*
31 * ZFS ioctls.
32 *
33 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
34 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
35 *
36 * There are two ways that we handle ioctls: the legacy way where almost
37 * all of the logic is in the ioctl callback, and the new way where most
38 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
39 *
40 * Non-legacy ioctls should be registered by calling
41 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
42 * from userland by lzc_ioctl().
43 *
44 * The registration arguments are as follows:
45 *
46 * const char *name
47 * The name of the ioctl. This is used for history logging. If the
48 * ioctl returns successfully (the callback returns 0), and allow_log
49 * is true, then a history log entry will be recorded with the input &
50 * output nvlists. The log entry can be printed with "zpool history -i".
51 *
52 * zfs_ioc_t ioc
53 * The ioctl request number, which userland will pass to ioctl(2).
54 * The ioctl numbers can change from release to release, because
55 * the caller (libzfs) must be matched to the kernel.
56 *
57 * zfs_secpolicy_func_t *secpolicy
58 * This function will be called before the zfs_ioc_func_t, to
59 * determine if this operation is permitted. It should return EPERM
60 * on failure, and 0 on success. Checks include determining if the
61 * dataset is visible in this zone, and if the user has either all
62 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
63 * to do this operation on this dataset with "zfs allow".
64 *
65 * zfs_ioc_namecheck_t namecheck
66 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
67 * name, a dataset name, or nothing. If the name is not well-formed,
68 * the ioctl will fail and the callback will not be called.
69 * Therefore, the callback can assume that the name is well-formed
70 * (e.g. is null-terminated, doesn't have more than one '@' character,
71 * doesn't have invalid characters).
72 *
73 * zfs_ioc_poolcheck_t pool_check
74 * This specifies requirements on the pool state. If the pool does
75 * not meet them (is suspended or is readonly), the ioctl will fail
76 * and the callback will not be called. If any checks are specified
77 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
78 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
79 * POOL_CHECK_READONLY).
80 *
81 * boolean_t smush_outnvlist
82 * If smush_outnvlist is true, then the output is presumed to be a
83 * list of errors, and it will be "smushed" down to fit into the
84 * caller's buffer, by removing some entries and replacing them with a
85 * single "N_MORE_ERRORS" entry indicating how many were removed. See
86 * nvlist_smush() for details. If smush_outnvlist is false, and the
87 * outnvlist does not fit into the userland-provided buffer, then the
88 * ioctl will fail with ENOMEM.
89 *
90 * zfs_ioc_func_t *func
91 * The callback function that will perform the operation.
92 *
93 * The callback should return 0 on success, or an error number on
94 * failure. If the function fails, the userland ioctl will return -1,
95 * and errno will be set to the callback's return value. The callback
96 * will be called with the following arguments:
97 *
98 * const char *name
99 * The name of the pool or dataset to operate on, from
100 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
101 * expected type (pool, dataset, or none).
102 *
103 * nvlist_t *innvl
104 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
105 * NULL if no input nvlist was provided. Changes to this nvlist are
106 * ignored. If the input nvlist could not be deserialized, the
107 * ioctl will fail and the callback will not be called.
108 *
109 * nvlist_t *outnvl
110 * The output nvlist, initially empty. The callback can fill it in,
111 * and it will be returned to userland by serializing it into
112 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
113 * fails (e.g. because the caller didn't supply a large enough
114 * buffer), then the overall ioctl will fail. See the
115 * 'smush_nvlist' argument above for additional behaviors.
116 *
117 * There are two typical uses of the output nvlist:
118 * - To return state, e.g. property values. In this case,
119 * smush_outnvlist should be false. If the buffer was not large
120 * enough, the caller will reallocate a larger buffer and try
121 * the ioctl again.
122 *
123 * - To return multiple errors from an ioctl which makes on-disk
124 * changes. In this case, smush_outnvlist should be true.
125 * Ioctls which make on-disk modifications should generally not
126 * use the outnvl if they succeed, because the caller can not
127 * distinguish between the operation failing, and
128 * deserialization failing.
129 */
130
131 #include <sys/types.h>
132 #include <sys/param.h>
133 #include <sys/errno.h>
134 #include <sys/uio.h>
135 #include <sys/buf.h>
136 #include <sys/modctl.h>
137 #include <sys/open.h>
138 #include <sys/file.h>
139 #include <sys/kmem.h>
140 #include <sys/conf.h>
141 #include <sys/cmn_err.h>
142 #include <sys/stat.h>
143 #include <sys/zfs_ioctl.h>
144 #include <sys/zfs_vfsops.h>
145 #include <sys/zfs_znode.h>
146 #include <sys/zap.h>
147 #include <sys/spa.h>
148 #include <sys/spa_impl.h>
149 #include <sys/vdev.h>
150 #include <sys/priv_impl.h>
151 #include <sys/dmu.h>
152 #include <sys/dsl_dir.h>
153 #include <sys/dsl_dataset.h>
154 #include <sys/dsl_prop.h>
155 #include <sys/dsl_deleg.h>
156 #include <sys/dmu_objset.h>
157 #include <sys/dmu_impl.h>
158 #include <sys/ddi.h>
159 #include <sys/sunddi.h>
160 #include <sys/sunldi.h>
161 #include <sys/policy.h>
162 #include <sys/zone.h>
163 #include <sys/nvpair.h>
164 #include <sys/pathname.h>
165 #include <sys/mount.h>
166 #include <sys/sdt.h>
167 #include <sys/fs/zfs.h>
168 #include <sys/zfs_ctldir.h>
169 #include <sys/zfs_dir.h>
170 #include <sys/zfs_onexit.h>
171 #include <sys/zvol.h>
172 #include <sys/dsl_scan.h>
173 #include <sharefs/share.h>
174 #include <sys/dmu_objset.h>
175 #include <sys/fits.h>
176
177 #include "zfs_namecheck.h"
178 #include "zfs_prop.h"
179 #include "zfs_deleg.h"
180 #include "zfs_comutil.h"
181
182 extern struct modlfs zfs_modlfs;
183
184 extern void zfs_init(void);
185 extern void zfs_fini(void);
186
187 ldi_ident_t zfs_li = NULL;
188 dev_info_t *zfs_dip;
189
190 uint_t zfs_fsyncer_key;
191 extern uint_t rrw_tsd_key;
192 static uint_t zfs_allow_log_key;
193
194 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
195 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
196 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
197
198 typedef enum {
199 NO_NAME,
200 POOL_NAME,
201 DATASET_NAME
202 } zfs_ioc_namecheck_t;
203
204 typedef enum {
205 POOL_CHECK_NONE = 1 << 0,
206 POOL_CHECK_SUSPENDED = 1 << 1,
207 POOL_CHECK_READONLY = 1 << 2,
208 } zfs_ioc_poolcheck_t;
209
210 typedef struct zfs_ioc_vec {
211 zfs_ioc_legacy_func_t *zvec_legacy_func;
212 zfs_ioc_func_t *zvec_func;
213 zfs_secpolicy_func_t *zvec_secpolicy;
214 zfs_ioc_namecheck_t zvec_namecheck;
215 boolean_t zvec_allow_log;
216 zfs_ioc_poolcheck_t zvec_pool_check;
217 boolean_t zvec_smush_outnvlist;
218 const char *zvec_name;
219 } zfs_ioc_vec_t;
220
221 /* This array is indexed by zfs_userquota_prop_t */
222 static const char *userquota_perms[] = {
223 ZFS_DELEG_PERM_USERUSED,
224 ZFS_DELEG_PERM_USERQUOTA,
225 ZFS_DELEG_PERM_GROUPUSED,
226 ZFS_DELEG_PERM_GROUPQUOTA,
227 };
228
229 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
230 static int zfs_check_settable(const char *name, nvpair_t *property,
231 cred_t *cr);
232 static int zfs_check_clearable(char *dataset, nvlist_t *props,
233 nvlist_t **errors);
234 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
235 boolean_t *);
236 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
237 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
238
239 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
240 void
241 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
242 {
243 const char *newfile;
244 char buf[512];
245 va_list adx;
246
247 /*
248 * Get rid of annoying "../common/" prefix to filename.
249 */
250 newfile = strrchr(file, '/');
251 if (newfile != NULL) {
252 newfile = newfile + 1; /* Get rid of leading / */
253 } else {
254 newfile = file;
255 }
256
257 va_start(adx, fmt);
258 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
259 va_end(adx);
260
261 /*
262 * To get this data, use the zfs-dprintf probe as so:
263 * dtrace -q -n 'zfs-dprintf \
264 * /stringof(arg0) == "dbuf.c"/ \
265 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
266 * arg0 = file name
267 * arg1 = function name
268 * arg2 = line number
269 * arg3 = message
270 */
271 DTRACE_PROBE4(zfs__dprintf,
272 char *, newfile, char *, func, int, line, char *, buf);
273 }
274
275 static void
276 history_str_free(char *buf)
277 {
278 kmem_free(buf, HIS_MAX_RECORD_LEN);
279 }
280
281 static char *
282 history_str_get(zfs_cmd_t *zc)
283 {
284 char *buf;
285
286 if (zc->zc_history == NULL)
287 return (NULL);
288
289 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
290 if (copyinstr((void *)(uintptr_t)zc->zc_history,
291 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
292 history_str_free(buf);
293 return (NULL);
294 }
295
296 buf[HIS_MAX_RECORD_LEN -1] = '\0';
297
298 return (buf);
299 }
300
301 /*
302 * Check to see if the named dataset is currently defined as bootable
303 */
304 static boolean_t
305 zfs_is_bootfs(const char *name)
306 {
307 objset_t *os;
308
309 if (dmu_objset_hold(name, FTAG, &os) == 0) {
310 boolean_t ret;
311 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
312 dmu_objset_rele(os, FTAG);
313 return (ret);
314 }
315 return (B_FALSE);
316 }
317
318 /*
319 * zfs_earlier_version
320 *
321 * Return non-zero if the spa version is less than requested version.
322 */
323 static int
324 zfs_earlier_version(const char *name, int version)
325 {
326 spa_t *spa;
327
328 if (spa_open(name, &spa, FTAG) == 0) {
329 if (spa_version(spa) < version) {
330 spa_close(spa, FTAG);
331 return (1);
332 }
333 spa_close(spa, FTAG);
334 }
335 return (0);
336 }
337
338 /*
339 * zpl_earlier_version
340 *
341 * Return TRUE if the ZPL version is less than requested version.
342 */
343 static boolean_t
344 zpl_earlier_version(const char *name, int version)
345 {
346 objset_t *os;
347 boolean_t rc = B_TRUE;
348
349 if (dmu_objset_hold(name, FTAG, &os) == 0) {
350 uint64_t zplversion;
351
352 if (dmu_objset_type(os) != DMU_OST_ZFS) {
353 dmu_objset_rele(os, FTAG);
354 return (B_TRUE);
355 }
356 /* XXX reading from non-owned objset */
357 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
358 rc = zplversion < version;
359 dmu_objset_rele(os, FTAG);
360 }
361 return (rc);
362 }
363
364 static void
365 zfs_log_history(zfs_cmd_t *zc)
366 {
367 spa_t *spa;
368 char *buf;
369
370 if ((buf = history_str_get(zc)) == NULL)
371 return;
372
373 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
374 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
375 (void) spa_history_log(spa, buf);
376 spa_close(spa, FTAG);
377 }
378 history_str_free(buf);
379 }
380
381 /*
382 * Policy for top-level read operations (list pools). Requires no privileges,
383 * and can be used in the local zone, as there is no associated dataset.
384 */
385 /* ARGSUSED */
386 static int
387 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
388 {
389 return (0);
390 }
391
392 /*
393 * Policy for dataset read operations (list children, get statistics). Requires
394 * no privileges, but must be visible in the local zone.
395 */
396 /* ARGSUSED */
397 static int
398 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
399 {
400 if (INGLOBALZONE(curproc) ||
401 zone_dataset_visible(zc->zc_name, NULL))
402 return (0);
403
404 return (ENOENT);
405 }
406
407 static int
408 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
409 {
410 int writable = 1;
411
412 /*
413 * The dataset must be visible by this zone -- check this first
414 * so they don't see EPERM on something they shouldn't know about.
415 */
416 if (!INGLOBALZONE(curproc) &&
417 !zone_dataset_visible(dataset, &writable))
418 return (ENOENT);
419
420 if (INGLOBALZONE(curproc)) {
421 /*
422 * If the fs is zoned, only root can access it from the
423 * global zone.
424 */
425 if (secpolicy_zfs(cr) && zoned)
426 return (EPERM);
427 } else {
428 /*
429 * If we are in a local zone, the 'zoned' property must be set.
430 */
431 if (!zoned)
432 return (EPERM);
433
434 /* must be writable by this zone */
435 if (!writable)
436 return (EPERM);
437 }
438 return (0);
439 }
440
441 static int
442 zfs_dozonecheck(const char *dataset, cred_t *cr)
443 {
444 uint64_t zoned;
445
446 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
447 return (ENOENT);
448
449 return (zfs_dozonecheck_impl(dataset, zoned, cr));
450 }
451
452 static int
453 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
454 {
455 uint64_t zoned;
456
457 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
458 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
459 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
460 return (ENOENT);
461 }
462 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
463
464 return (zfs_dozonecheck_impl(dataset, zoned, cr));
465 }
466
467 static int
468 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
469 {
470 int error;
471 dsl_dataset_t *ds;
472
473 error = dsl_dataset_hold(name, FTAG, &ds);
474 if (error != 0)
475 return (error);
476
477 error = zfs_dozonecheck_ds(name, ds, cr);
478 if (error == 0) {
479 error = secpolicy_zfs(cr);
480 if (error)
481 error = dsl_deleg_access_impl(ds, perm, cr);
482 }
483
484 dsl_dataset_rele(ds, FTAG);
485 return (error);
486 }
487
488 static int
489 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
490 const char *perm, cred_t *cr)
491 {
492 int error;
493
494 error = zfs_dozonecheck_ds(name, ds, cr);
495 if (error == 0) {
496 error = secpolicy_zfs(cr);
497 if (error)
498 error = dsl_deleg_access_impl(ds, perm, cr);
499 }
500 return (error);
501 }
502
503 /*
504 * Policy for setting the security label property.
505 *
506 * Returns 0 for success, non-zero for access and other errors.
507 */
508 static int
509 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
510 {
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
514 uint64_t zoned;
515 int needed_priv = -1;
516 int error;
517
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
521 if (error)
522 return (EPERM);
523
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
525 new_default = TRUE;
526
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (EINVAL);
530
531 /*
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
534 * are needed.
535 */
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (EPERM);
539 return (0);
540 }
541
542 /*
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
545 * global zone.
546 */
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (EPERM);
550 if (!zoned) {
551 if (zfs_check_global_label(name, strval) != 0)
552 return (EPERM);
553 }
554
555 /*
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
560 */
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
562 objset_t *os;
563 static char *setsl_tag = "setsl_tag";
564
565 /*
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
568 */
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
570 setsl_tag, &os);
571 if (error)
572 return (EPERM);
573
574 dmu_objset_disown(os, setsl_tag);
575
576 if (new_default) {
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
578 goto out_check;
579 }
580
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (EPERM);
583
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
588 } else {
589 /* dataset currently has a default label */
590 if (!new_default)
591 needed_priv = PRIV_FILE_UPGRADE_SL;
592 }
593
594 out_check:
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
597 return (0);
598 }
599
600 static int
601 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
602 cred_t *cr)
603 {
604 char *strval;
605
606 /*
607 * Check permissions for special properties.
608 */
609 switch (prop) {
610 case ZFS_PROP_ZONED:
611 /*
612 * Disallow setting of 'zoned' from within a local zone.
613 */
614 if (!INGLOBALZONE(curproc))
615 return (EPERM);
616 break;
617
618 case ZFS_PROP_QUOTA:
619 if (!INGLOBALZONE(curproc)) {
620 uint64_t zoned;
621 char setpoint[MAXNAMELEN];
622 /*
623 * Unprivileged users are allowed to modify the
624 * quota on things *under* (ie. contained by)
625 * the thing they own.
626 */
627 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
628 setpoint))
629 return (EPERM);
630 if (!zoned || strlen(dsname) <= strlen(setpoint))
631 return (EPERM);
632 }
633 break;
634
635 case ZFS_PROP_MLSLABEL:
636 if (!is_system_labeled())
637 return (EPERM);
638
639 if (nvpair_value_string(propval, &strval) == 0) {
640 int err;
641
642 err = zfs_set_slabel_policy(dsname, strval, CRED());
643 if (err != 0)
644 return (err);
645 }
646 break;
647 }
648
649 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
650 }
651
652 /* ARGSUSED */
653 static int
654 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
655 {
656 int error;
657
658 error = zfs_dozonecheck(zc->zc_name, cr);
659 if (error)
660 return (error);
661
662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
666 return (0);
667 }
668
669 /* ARGSUSED */
670 static int
671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
672 {
673 return (zfs_secpolicy_write_perms(zc->zc_name,
674 ZFS_DELEG_PERM_ROLLBACK, cr));
675 }
676
677 /* ARGSUSED */
678 static int
679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 {
681 spa_t *spa;
682 dsl_pool_t *dp;
683 dsl_dataset_t *ds;
684 char *cp;
685 int error;
686
687 /*
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
690 */
691 cp = strchr(zc->zc_name, '@');
692 if (cp == NULL)
693 return (EINVAL);
694 error = spa_open(zc->zc_name, &spa, FTAG);
695 if (error)
696 return (error);
697
698 dp = spa_get_dsl(spa);
699 rw_enter(&dp->dp_config_rwlock, RW_READER);
700 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
701 rw_exit(&dp->dp_config_rwlock);
702 spa_close(spa, FTAG);
703 if (error)
704 return (error);
705
706 dsl_dataset_name(ds, zc->zc_name);
707
708 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
709 ZFS_DELEG_PERM_SEND, cr);
710 dsl_dataset_rele(ds, FTAG);
711
712 return (error);
713 }
714
715 /* ARGSUSED */
716 static int
717 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
718 {
719 return (zfs_secpolicy_write_perms(zc->zc_name,
720 ZFS_DELEG_PERM_SEND, cr));
721 }
722
723 /* ARGSUSED */
724 static int
725 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
726 {
727 vnode_t *vp;
728 int error;
729
730 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
731 NO_FOLLOW, NULL, &vp)) != 0)
732 return (error);
733
734 /* Now make sure mntpnt and dataset are ZFS */
735
736 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
737 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
738 zc->zc_name) != 0)) {
739 VN_RELE(vp);
740 return (EPERM);
741 }
742
743 VN_RELE(vp);
744 return (dsl_deleg_access(zc->zc_name,
745 ZFS_DELEG_PERM_SHARE, cr));
746 }
747
748 int
749 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
750 {
751 if (!INGLOBALZONE(curproc))
752 return (EPERM);
753
754 if (secpolicy_nfs(cr) == 0) {
755 return (0);
756 } else {
757 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
758 }
759 }
760
761 int
762 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
763 {
764 if (!INGLOBALZONE(curproc))
765 return (EPERM);
766
767 if (secpolicy_smb(cr) == 0) {
768 return (0);
769 } else {
770 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
771 }
772 }
773
774 static int
775 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
776 {
777 char *cp;
778
779 /*
780 * Remove the @bla or /bla from the end of the name to get the parent.
781 */
782 (void) strncpy(parent, datasetname, parentsize);
783 cp = strrchr(parent, '@');
784 if (cp != NULL) {
785 cp[0] = '\0';
786 } else {
787 cp = strrchr(parent, '/');
788 if (cp == NULL)
789 return (ENOENT);
790 cp[0] = '\0';
791 }
792
793 return (0);
794 }
795
796 int
797 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
798 {
799 int error;
800
801 if ((error = zfs_secpolicy_write_perms(name,
802 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
803 return (error);
804
805 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
806 }
807
808 /* ARGSUSED */
809 static int
810 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
811 {
812 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
813 }
814
815 /*
816 * Destroying snapshots with delegated permissions requires
817 * descendant mount and destroy permissions.
818 */
819 /* ARGSUSED */
820 static int
821 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
822 {
823 nvlist_t *snaps;
824 nvpair_t *pair, *nextpair;
825 int error = 0;
826
827 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
828 return (EINVAL);
829 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
830 pair = nextpair) {
831 dsl_dataset_t *ds;
832
833 nextpair = nvlist_next_nvpair(snaps, pair);
834 error = dsl_dataset_hold(nvpair_name(pair), FTAG, &ds);
835 if (error == 0) {
836 dsl_dataset_rele(ds, FTAG);
837 } else if (error == ENOENT) {
838 /*
839 * Ignore any snapshots that don't exist (we consider
840 * them "already destroyed"). Remove the name from the
841 * nvl here in case the snapshot is created between
842 * now and when we try to destroy it (in which case
843 * we don't want to destroy it since we haven't
844 * checked for permission).
845 */
846 fnvlist_remove_nvpair(snaps, pair);
847 error = 0;
848 continue;
849 } else {
850 break;
851 }
852 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
853 if (error != 0)
854 break;
855 }
856
857 return (error);
858 }
859
860 int
861 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
862 {
863 char parentname[MAXNAMELEN];
864 int error;
865
866 if ((error = zfs_secpolicy_write_perms(from,
867 ZFS_DELEG_PERM_RENAME, cr)) != 0)
868 return (error);
869
870 if ((error = zfs_secpolicy_write_perms(from,
871 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
872 return (error);
873
874 if ((error = zfs_get_parent(to, parentname,
875 sizeof (parentname))) != 0)
876 return (error);
877
878 if ((error = zfs_secpolicy_write_perms(parentname,
879 ZFS_DELEG_PERM_CREATE, cr)) != 0)
880 return (error);
881
882 if ((error = zfs_secpolicy_write_perms(parentname,
883 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
884 return (error);
885
886 return (error);
887 }
888
889 /* ARGSUSED */
890 static int
891 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
892 {
893 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
894 }
895
896 /* ARGSUSED */
897 static int
898 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
899 {
900 char parentname[MAXNAMELEN];
901 objset_t *clone;
902 int error;
903
904 error = zfs_secpolicy_write_perms(zc->zc_name,
905 ZFS_DELEG_PERM_PROMOTE, cr);
906 if (error)
907 return (error);
908
909 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
910
911 if (error == 0) {
912 dsl_dataset_t *pclone = NULL;
913 dsl_dir_t *dd;
914 dd = clone->os_dsl_dataset->ds_dir;
915
916 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
917 error = dsl_dataset_hold_obj(dd->dd_pool,
918 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
919 rw_exit(&dd->dd_pool->dp_config_rwlock);
920 if (error) {
921 dmu_objset_rele(clone, FTAG);
922 return (error);
923 }
924
925 error = zfs_secpolicy_write_perms(zc->zc_name,
926 ZFS_DELEG_PERM_MOUNT, cr);
927
928 dsl_dataset_name(pclone, parentname);
929 dmu_objset_rele(clone, FTAG);
930 dsl_dataset_rele(pclone, FTAG);
931 if (error == 0)
932 error = zfs_secpolicy_write_perms(parentname,
933 ZFS_DELEG_PERM_PROMOTE, cr);
934 }
935 return (error);
936 }
937
938 /* ARGSUSED */
939 static int
940 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
941 {
942 int error;
943
944 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
945 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
946 return (error);
947
948 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
949 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
950 return (error);
951
952 return (zfs_secpolicy_write_perms(zc->zc_name,
953 ZFS_DELEG_PERM_CREATE, cr));
954 }
955
956 int
957 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
958 {
959 return (zfs_secpolicy_write_perms(name,
960 ZFS_DELEG_PERM_SNAPSHOT, cr));
961 }
962
963 /*
964 * Check for permission to create each snapshot in the nvlist.
965 */
966 /* ARGSUSED */
967 static int
968 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
969 {
970 nvlist_t *snaps;
971 int error;
972 nvpair_t *pair;
973
974 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
975 return (EINVAL);
976 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
977 pair = nvlist_next_nvpair(snaps, pair)) {
978 char *name = nvpair_name(pair);
979 char *atp = strchr(name, '@');
980
981 if (atp == NULL) {
982 error = EINVAL;
983 break;
984 }
985 *atp = '\0';
986 error = zfs_secpolicy_snapshot_perms(name, cr);
987 *atp = '@';
988 if (error != 0)
989 break;
990 }
991 return (error);
992 }
993
994 /* ARGSUSED */
995 static int
996 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
997 {
998 /*
999 * Even root must have a proper TSD so that we know what pool
1000 * to log to.
1001 */
1002 if (tsd_get(zfs_allow_log_key) == NULL)
1003 return (EPERM);
1004 return (0);
1005 }
1006
1007 static int
1008 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1009 {
1010 char parentname[MAXNAMELEN];
1011 int error;
1012 char *origin;
1013
1014 if ((error = zfs_get_parent(zc->zc_name, parentname,
1015 sizeof (parentname))) != 0)
1016 return (error);
1017
1018 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1019 (error = zfs_secpolicy_write_perms(origin,
1020 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1021 return (error);
1022
1023 if ((error = zfs_secpolicy_write_perms(parentname,
1024 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1025 return (error);
1026
1027 return (zfs_secpolicy_write_perms(parentname,
1028 ZFS_DELEG_PERM_MOUNT, cr));
1029 }
1030
1031 /*
1032 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1033 * SYS_CONFIG privilege, which is not available in a local zone.
1034 */
1035 /* ARGSUSED */
1036 static int
1037 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1038 {
1039 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1040 return (EPERM);
1041
1042 return (0);
1043 }
1044
1045 /*
1046 * Policy for object to name lookups.
1047 */
1048 /* ARGSUSED */
1049 static int
1050 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1051 {
1052 int error;
1053
1054 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1055 return (0);
1056
1057 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1058 return (error);
1059 }
1060
1061 /*
1062 * Policy for fault injection. Requires all privileges.
1063 */
1064 /* ARGSUSED */
1065 static int
1066 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1067 {
1068 return (secpolicy_zinject(cr));
1069 }
1070
1071 /* ARGSUSED */
1072 static int
1073 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1074 {
1075 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1076
1077 if (prop == ZPROP_INVAL) {
1078 if (!zfs_prop_user(zc->zc_value))
1079 return (EINVAL);
1080 return (zfs_secpolicy_write_perms(zc->zc_name,
1081 ZFS_DELEG_PERM_USERPROP, cr));
1082 } else {
1083 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1084 NULL, cr));
1085 }
1086 }
1087
1088 static int
1089 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1090 {
1091 int err = zfs_secpolicy_read(zc, innvl, cr);
1092 if (err)
1093 return (err);
1094
1095 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1096 return (EINVAL);
1097
1098 if (zc->zc_value[0] == 0) {
1099 /*
1100 * They are asking about a posix uid/gid. If it's
1101 * themself, allow it.
1102 */
1103 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1104 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1105 if (zc->zc_guid == crgetuid(cr))
1106 return (0);
1107 } else {
1108 if (groupmember(zc->zc_guid, cr))
1109 return (0);
1110 }
1111 }
1112
1113 return (zfs_secpolicy_write_perms(zc->zc_name,
1114 userquota_perms[zc->zc_objset_type], cr));
1115 }
1116
1117 static int
1118 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1119 {
1120 int err = zfs_secpolicy_read(zc, innvl, cr);
1121 if (err)
1122 return (err);
1123
1124 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1125 return (EINVAL);
1126
1127 return (zfs_secpolicy_write_perms(zc->zc_name,
1128 userquota_perms[zc->zc_objset_type], cr));
1129 }
1130
1131 /* ARGSUSED */
1132 static int
1133 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1134 {
1135 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1136 NULL, cr));
1137 }
1138
1139 /* ARGSUSED */
1140 static int
1141 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1142 {
1143 return (zfs_secpolicy_write_perms(zc->zc_name,
1144 ZFS_DELEG_PERM_HOLD, cr));
1145 }
1146
1147 /* ARGSUSED */
1148 static int
1149 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1150 {
1151 return (zfs_secpolicy_write_perms(zc->zc_name,
1152 ZFS_DELEG_PERM_RELEASE, cr));
1153 }
1154
1155 /*
1156 * Policy for allowing temporary snapshots to be taken or released
1157 */
1158 static int
1159 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1160 {
1161 /*
1162 * A temporary snapshot is the same as a snapshot,
1163 * hold, destroy and release all rolled into one.
1164 * Delegated diff alone is sufficient that we allow this.
1165 */
1166 int error;
1167
1168 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1169 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1170 return (0);
1171
1172 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1173 if (!error)
1174 error = zfs_secpolicy_hold(zc, innvl, cr);
1175 if (!error)
1176 error = zfs_secpolicy_release(zc, innvl, cr);
1177 if (!error)
1178 error = zfs_secpolicy_destroy(zc, innvl, cr);
1179 return (error);
1180 }
1181
1182 /*
1183 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1184 */
1185 static int
1186 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1187 {
1188 char *packed;
1189 int error;
1190 nvlist_t *list = NULL;
1191
1192 /*
1193 * Read in and unpack the user-supplied nvlist.
1194 */
1195 if (size == 0)
1196 return (EINVAL);
1197
1198 packed = kmem_alloc(size, KM_SLEEP);
1199
1200 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1201 iflag)) != 0) {
1202 kmem_free(packed, size);
1203 return (error);
1204 }
1205
1206 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1207 kmem_free(packed, size);
1208 return (error);
1209 }
1210
1211 kmem_free(packed, size);
1212
1213 *nvp = list;
1214 return (0);
1215 }
1216
1217 /*
1218 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1219 * Entries will be removed from the end of the nvlist, and one int32 entry
1220 * named "N_MORE_ERRORS" will be added indicating how many entries were
1221 * removed.
1222 */
1223 static int
1224 nvlist_smush(nvlist_t *errors, size_t max)
1225 {
1226 size_t size;
1227
1228 size = fnvlist_size(errors);
1229
1230 if (size > max) {
1231 nvpair_t *more_errors;
1232 int n = 0;
1233
1234 if (max < 1024)
1235 return (ENOMEM);
1236
1237 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1238 more_errors = nvlist_prev_nvpair(errors, NULL);
1239
1240 do {
1241 nvpair_t *pair = nvlist_prev_nvpair(errors,
1242 more_errors);
1243 fnvlist_remove_nvpair(errors, pair);
1244 n++;
1245 size = fnvlist_size(errors);
1246 } while (size > max);
1247
1248 fnvlist_remove_nvpair(errors, more_errors);
1249 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1250 ASSERT3U(fnvlist_size(errors), <=, max);
1251 }
1252
1253 return (0);
1254 }
1255
1256 static int
1257 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1258 {
1259 char *packed = NULL;
1260 int error = 0;
1261 size_t size;
1262
1263 size = fnvlist_size(nvl);
1264
1265 if (size > zc->zc_nvlist_dst_size) {
1266 error = ENOMEM;
1267 } else {
1268 packed = fnvlist_pack(nvl, &size);
1269 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1270 size, zc->zc_iflags) != 0)
1271 error = EFAULT;
1272 fnvlist_pack_free(packed, size);
1273 }
1274
1275 zc->zc_nvlist_dst_size = size;
1276 zc->zc_nvlist_dst_filled = B_TRUE;
1277 return (error);
1278 }
1279
1280 static int
1281 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1282 {
1283 objset_t *os;
1284 int error;
1285
1286 error = dmu_objset_hold(dsname, FTAG, &os);
1287 if (error)
1288 return (error);
1289 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1290 dmu_objset_rele(os, FTAG);
1291 return (EINVAL);
1292 }
1293
1294 mutex_enter(&os->os_user_ptr_lock);
1295 *zfvp = dmu_objset_get_user(os);
1296 if (*zfvp) {
1297 VFS_HOLD((*zfvp)->z_vfs);
1298 } else {
1299 error = ESRCH;
1300 }
1301 mutex_exit(&os->os_user_ptr_lock);
1302 dmu_objset_rele(os, FTAG);
1303 return (error);
1304 }
1305
1306 /*
1307 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1308 * case its z_vfs will be NULL, and it will be opened as the owner.
1309 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1310 * which prevents all vnode ops from running.
1311 */
1312 static int
1313 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1314 {
1315 int error = 0;
1316
1317 if (getzfsvfs(name, zfvp) != 0)
1318 error = zfsvfs_create(name, zfvp);
1319 if (error == 0) {
1320 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1321 RW_READER, tag);
1322 if ((*zfvp)->z_unmounted) {
1323 /*
1324 * XXX we could probably try again, since the unmounting
1325 * thread should be just about to disassociate the
1326 * objset from the zfsvfs.
1327 */
1328 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1329 return (EBUSY);
1330 }
1331 }
1332 return (error);
1333 }
1334
1335 static void
1336 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1337 {
1338 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1339
1340 if (zfsvfs->z_vfs) {
1341 VFS_RELE(zfsvfs->z_vfs);
1342 } else {
1343 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1344 zfsvfs_free(zfsvfs);
1345 }
1346 }
1347
1348 static int
1349 zfs_ioc_pool_create(zfs_cmd_t *zc)
1350 {
1351 int error;
1352 nvlist_t *config, *props = NULL;
1353 nvlist_t *rootprops = NULL;
1354 nvlist_t *zplprops = NULL;
1355
1356 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1357 zc->zc_iflags, &config))
1358 return (error);
1359
1360 if (zc->zc_nvlist_src_size != 0 && (error =
1361 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1362 zc->zc_iflags, &props))) {
1363 nvlist_free(config);
1364 return (error);
1365 }
1366
1367 if (props) {
1368 nvlist_t *nvl = NULL;
1369 uint64_t version = SPA_VERSION;
1370
1371 (void) nvlist_lookup_uint64(props,
1372 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1373 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1374 error = EINVAL;
1375 goto pool_props_bad;
1376 }
1377 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1378 if (nvl) {
1379 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1380 if (error != 0) {
1381 nvlist_free(config);
1382 nvlist_free(props);
1383 return (error);
1384 }
1385 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1386 }
1387 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1388 error = zfs_fill_zplprops_root(version, rootprops,
1389 zplprops, NULL);
1390 if (error)
1391 goto pool_props_bad;
1392 }
1393
1394 error = spa_create(zc->zc_name, config, props, zplprops);
1395
1396 /*
1397 * Set the remaining root properties
1398 */
1399 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1400 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1401 (void) spa_destroy(zc->zc_name);
1402
1403 pool_props_bad:
1404 nvlist_free(rootprops);
1405 nvlist_free(zplprops);
1406 nvlist_free(config);
1407 nvlist_free(props);
1408
1409 return (error);
1410 }
1411
1412 static int
1413 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1414 {
1415 int error;
1416 zfs_log_history(zc);
1417 error = spa_destroy(zc->zc_name);
1418 if (error == 0)
1419 zvol_remove_minors(zc->zc_name);
1420 return (error);
1421 }
1422
1423 static int
1424 zfs_ioc_pool_import(zfs_cmd_t *zc)
1425 {
1426 nvlist_t *config, *props = NULL;
1427 uint64_t guid;
1428 int error;
1429
1430 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1431 zc->zc_iflags, &config)) != 0)
1432 return (error);
1433
1434 if (zc->zc_nvlist_src_size != 0 && (error =
1435 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1436 zc->zc_iflags, &props))) {
1437 nvlist_free(config);
1438 return (error);
1439 }
1440
1441 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1442 guid != zc->zc_guid)
1443 error = EINVAL;
1444 else
1445 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1446
1447 if (zc->zc_nvlist_dst != 0) {
1448 int err;
1449
1450 if ((err = put_nvlist(zc, config)) != 0)
1451 error = err;
1452 }
1453
1454 nvlist_free(config);
1455
1456 if (props)
1457 nvlist_free(props);
1458
1459 return (error);
1460 }
1461
1462 static int
1463 zfs_ioc_pool_export(zfs_cmd_t *zc)
1464 {
1465 int error;
1466 boolean_t force = (boolean_t)zc->zc_cookie;
1467 boolean_t hardforce = (boolean_t)zc->zc_guid;
1468
1469 zfs_log_history(zc);
1470 error = spa_export(zc->zc_name, NULL, force, hardforce);
1471 if (error == 0)
1472 zvol_remove_minors(zc->zc_name);
1473 return (error);
1474 }
1475
1476 static int
1477 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1478 {
1479 nvlist_t *configs;
1480 int error;
1481
1482 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1483 return (EEXIST);
1484
1485 error = put_nvlist(zc, configs);
1486
1487 nvlist_free(configs);
1488
1489 return (error);
1490 }
1491
1492 /*
1493 * inputs:
1494 * zc_name name of the pool
1495 *
1496 * outputs:
1497 * zc_cookie real errno
1498 * zc_nvlist_dst config nvlist
1499 * zc_nvlist_dst_size size of config nvlist
1500 */
1501 static int
1502 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1503 {
1504 nvlist_t *config;
1505 int error;
1506 int ret = 0;
1507
1508 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1509 sizeof (zc->zc_value));
1510
1511 if (config != NULL) {
1512 ret = put_nvlist(zc, config);
1513 nvlist_free(config);
1514
1515 /*
1516 * The config may be present even if 'error' is non-zero.
1517 * In this case we return success, and preserve the real errno
1518 * in 'zc_cookie'.
1519 */
1520 zc->zc_cookie = error;
1521 } else {
1522 ret = error;
1523 }
1524
1525 return (ret);
1526 }
1527
1528 /*
1529 * Try to import the given pool, returning pool stats as appropriate so that
1530 * user land knows which devices are available and overall pool health.
1531 */
1532 static int
1533 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1534 {
1535 nvlist_t *tryconfig, *config;
1536 int error;
1537
1538 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1539 zc->zc_iflags, &tryconfig)) != 0)
1540 return (error);
1541
1542 config = spa_tryimport(tryconfig);
1543
1544 nvlist_free(tryconfig);
1545
1546 if (config == NULL)
1547 return (EINVAL);
1548
1549 error = put_nvlist(zc, config);
1550 nvlist_free(config);
1551
1552 return (error);
1553 }
1554
1555 /*
1556 * inputs:
1557 * zc_name name of the pool
1558 * zc_cookie scan func (pool_scan_func_t)
1559 */
1560 static int
1561 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1562 {
1563 spa_t *spa;
1564 int error;
1565
1566 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1567 return (error);
1568
1569 if (zc->zc_cookie == POOL_SCAN_NONE)
1570 error = spa_scan_stop(spa);
1571 else
1572 error = spa_scan(spa, zc->zc_cookie);
1573
1574 spa_close(spa, FTAG);
1575
1576 return (error);
1577 }
1578
1579 static int
1580 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1581 {
1582 spa_t *spa;
1583 int error;
1584
1585 error = spa_open(zc->zc_name, &spa, FTAG);
1586 if (error == 0) {
1587 spa_freeze(spa);
1588 spa_close(spa, FTAG);
1589 }
1590 return (error);
1591 }
1592
1593 static int
1594 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1595 {
1596 spa_t *spa;
1597 int error;
1598
1599 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1600 return (error);
1601
1602 if (zc->zc_cookie < spa_version(spa) ||
1603 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1604 spa_close(spa, FTAG);
1605 return (EINVAL);
1606 }
1607
1608 spa_upgrade(spa, zc->zc_cookie);
1609 spa_close(spa, FTAG);
1610
1611 return (error);
1612 }
1613
1614 static int
1615 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1616 {
1617 spa_t *spa;
1618 char *hist_buf;
1619 uint64_t size;
1620 int error;
1621
1622 if ((size = zc->zc_history_len) == 0)
1623 return (EINVAL);
1624
1625 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1626 return (error);
1627
1628 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1629 spa_close(spa, FTAG);
1630 return (ENOTSUP);
1631 }
1632
1633 hist_buf = kmem_alloc(size, KM_SLEEP);
1634 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1635 &zc->zc_history_len, hist_buf)) == 0) {
1636 error = ddi_copyout(hist_buf,
1637 (void *)(uintptr_t)zc->zc_history,
1638 zc->zc_history_len, zc->zc_iflags);
1639 }
1640
1641 spa_close(spa, FTAG);
1642 kmem_free(hist_buf, size);
1643 return (error);
1644 }
1645
1646 static int
1647 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1648 {
1649 spa_t *spa;
1650 int error;
1651
1652 error = spa_open(zc->zc_name, &spa, FTAG);
1653 if (error == 0) {
1654 error = spa_change_guid(spa);
1655 spa_close(spa, FTAG);
1656 }
1657 return (error);
1658 }
1659
1660 static int
1661 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1662 {
1663 int error;
1664
1665 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1666 return (error);
1667
1668 return (0);
1669 }
1670
1671 /*
1672 * inputs:
1673 * zc_name name of filesystem
1674 * zc_obj object to find
1675 *
1676 * outputs:
1677 * zc_value name of object
1678 */
1679 static int
1680 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1681 {
1682 objset_t *os;
1683 int error;
1684
1685 /* XXX reading from objset not owned */
1686 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1687 return (error);
1688 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1689 dmu_objset_rele(os, FTAG);
1690 return (EINVAL);
1691 }
1692 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1693 sizeof (zc->zc_value));
1694 dmu_objset_rele(os, FTAG);
1695
1696 return (error);
1697 }
1698
1699 /*
1700 * inputs:
1701 * zc_name name of filesystem
1702 * zc_obj object to find
1703 *
1704 * outputs:
1705 * zc_stat stats on object
1706 * zc_value path to object
1707 */
1708 static int
1709 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1710 {
1711 objset_t *os;
1712 int error;
1713
1714 /* XXX reading from objset not owned */
1715 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1716 return (error);
1717 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1718 dmu_objset_rele(os, FTAG);
1719 return (EINVAL);
1720 }
1721 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1722 sizeof (zc->zc_value));
1723 dmu_objset_rele(os, FTAG);
1724
1725 return (error);
1726 }
1727
1728 static int
1729 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1730 {
1731 spa_t *spa;
1732 int error;
1733 nvlist_t *config, **l2cache, **spares;
1734 uint_t nl2cache = 0, nspares = 0;
1735
1736 error = spa_open(zc->zc_name, &spa, FTAG);
1737 if (error != 0)
1738 return (error);
1739
1740 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1741 zc->zc_iflags, &config);
1742 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1743 &l2cache, &nl2cache);
1744
1745 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1746 &spares, &nspares);
1747
1748 /*
1749 * A root pool with concatenated devices is not supported.
1750 * Thus, can not add a device to a root pool.
1751 *
1752 * Intent log device can not be added to a rootpool because
1753 * during mountroot, zil is replayed, a seperated log device
1754 * can not be accessed during the mountroot time.
1755 *
1756 * l2cache and spare devices are ok to be added to a rootpool.
1757 */
1758 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1759 nvlist_free(config);
1760 spa_close(spa, FTAG);
1761 return (EDOM);
1762 }
1763
1764 if (error == 0) {
1765 error = spa_vdev_add(spa, config);
1766 nvlist_free(config);
1767 }
1768 spa_close(spa, FTAG);
1769 return (error);
1770 }
1771
1772 /*
1773 * inputs:
1774 * zc_name name of the pool
1775 * zc_nvlist_conf nvlist of devices to remove
1776 * zc_cookie to stop the remove?
1777 */
1778 static int
1779 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1780 {
1781 spa_t *spa;
1782 int error;
1783
1784 error = spa_open(zc->zc_name, &spa, FTAG);
1785 if (error != 0)
1786 return (error);
1787 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1788 spa_close(spa, FTAG);
1789 return (error);
1790 }
1791
1792 static int
1793 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1794 {
1795 spa_t *spa;
1796 int error;
1797 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1798
1799 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1800 return (error);
1801 switch (zc->zc_cookie) {
1802 case VDEV_STATE_ONLINE:
1803 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1804 break;
1805
1806 case VDEV_STATE_OFFLINE:
1807 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1808 break;
1809
1810 case VDEV_STATE_FAULTED:
1811 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1812 zc->zc_obj != VDEV_AUX_EXTERNAL)
1813 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1814
1815 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1816 break;
1817
1818 case VDEV_STATE_DEGRADED:
1819 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1820 zc->zc_obj != VDEV_AUX_EXTERNAL)
1821 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1822
1823 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1824 break;
1825
1826 default:
1827 error = EINVAL;
1828 }
1829 zc->zc_cookie = newstate;
1830 spa_close(spa, FTAG);
1831 return (error);
1832 }
1833
1834 static int
1835 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1836 {
1837 spa_t *spa;
1838 int replacing = zc->zc_cookie;
1839 nvlist_t *config;
1840 int error;
1841
1842 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1843 return (error);
1844
1845 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1846 zc->zc_iflags, &config)) == 0) {
1847 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1848 nvlist_free(config);
1849 }
1850
1851 spa_close(spa, FTAG);
1852 return (error);
1853 }
1854
1855 static int
1856 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1857 {
1858 spa_t *spa;
1859 int error;
1860
1861 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1862 return (error);
1863
1864 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1865
1866 spa_close(spa, FTAG);
1867 return (error);
1868 }
1869
1870 static int
1871 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1872 {
1873 spa_t *spa;
1874 nvlist_t *config, *props = NULL;
1875 int error;
1876 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1877
1878 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1879 return (error);
1880
1881 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1882 zc->zc_iflags, &config)) {
1883 spa_close(spa, FTAG);
1884 return (error);
1885 }
1886
1887 if (zc->zc_nvlist_src_size != 0 && (error =
1888 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1889 zc->zc_iflags, &props))) {
1890 spa_close(spa, FTAG);
1891 nvlist_free(config);
1892 return (error);
1893 }
1894
1895 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1896
1897 spa_close(spa, FTAG);
1898
1899 nvlist_free(config);
1900 nvlist_free(props);
1901
1902 return (error);
1903 }
1904
1905 static int
1906 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1907 {
1908 spa_t *spa;
1909 char *path = zc->zc_value;
1910 uint64_t guid = zc->zc_guid;
1911 int error;
1912
1913 error = spa_open(zc->zc_name, &spa, FTAG);
1914 if (error != 0)
1915 return (error);
1916
1917 error = spa_vdev_setpath(spa, guid, path);
1918 spa_close(spa, FTAG);
1919 return (error);
1920 }
1921
1922 static int
1923 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1924 {
1925 spa_t *spa;
1926 char *fru = zc->zc_value;
1927 uint64_t guid = zc->zc_guid;
1928 int error;
1929
1930 error = spa_open(zc->zc_name, &spa, FTAG);
1931 if (error != 0)
1932 return (error);
1933
1934 error = spa_vdev_setfru(spa, guid, fru);
1935 spa_close(spa, FTAG);
1936 return (error);
1937 }
1938
1939 static int
1940 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1941 {
1942 int error = 0;
1943 nvlist_t *nv;
1944
1945 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1946
1947 if (zc->zc_nvlist_dst != 0 &&
1948 (error = dsl_prop_get_all(os, &nv)) == 0) {
1949 dmu_objset_stats(os, nv);
1950 /*
1951 * NB: zvol_get_stats() will read the objset contents,
1952 * which we aren't supposed to do with a
1953 * DS_MODE_USER hold, because it could be
1954 * inconsistent. So this is a bit of a workaround...
1955 * XXX reading with out owning
1956 */
1957 if (!zc->zc_objset_stats.dds_inconsistent &&
1958 dmu_objset_type(os) == DMU_OST_ZVOL) {
1959 error = zvol_get_stats(os, nv);
1960 if (error == EIO)
1961 return (error);
1962 VERIFY0(error);
1963 }
1964 error = put_nvlist(zc, nv);
1965 nvlist_free(nv);
1966 }
1967
1968 return (error);
1969 }
1970
1971 /*
1972 * inputs:
1973 * zc_name name of filesystem
1974 * zc_nvlist_dst_size size of buffer for property nvlist
1975 *
1976 * outputs:
1977 * zc_objset_stats stats
1978 * zc_nvlist_dst property nvlist
1979 * zc_nvlist_dst_size size of property nvlist
1980 */
1981 static int
1982 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1983 {
1984 objset_t *os = NULL;
1985 int error;
1986
1987 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1988 return (error);
1989
1990 error = zfs_ioc_objset_stats_impl(zc, os);
1991
1992 dmu_objset_rele(os, FTAG);
1993
1994 return (error);
1995 }
1996
1997 /*
1998 * inputs:
1999 * zc_name name of filesystem
2000 * zc_nvlist_dst_size size of buffer for property nvlist
2001 *
2002 * outputs:
2003 * zc_nvlist_dst received property nvlist
2004 * zc_nvlist_dst_size size of received property nvlist
2005 *
2006 * Gets received properties (distinct from local properties on or after
2007 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2008 * local property values.
2009 */
2010 static int
2011 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2012 {
2013 objset_t *os = NULL;
2014 int error;
2015 nvlist_t *nv;
2016
2017 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
2018 return (error);
2019
2020 /*
2021 * Without this check, we would return local property values if the
2022 * caller has not already received properties on or after
2023 * SPA_VERSION_RECVD_PROPS.
2024 */
2025 if (!dsl_prop_get_hasrecvd(os)) {
2026 dmu_objset_rele(os, FTAG);
2027 return (ENOTSUP);
2028 }
2029
2030 if (zc->zc_nvlist_dst != 0 &&
2031 (error = dsl_prop_get_received(os, &nv)) == 0) {
2032 error = put_nvlist(zc, nv);
2033 nvlist_free(nv);
2034 }
2035
2036 dmu_objset_rele(os, FTAG);
2037 return (error);
2038 }
2039
2040 static int
2041 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2042 {
2043 uint64_t value;
2044 int error;
2045
2046 /*
2047 * zfs_get_zplprop() will either find a value or give us
2048 * the default value (if there is one).
2049 */
2050 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2051 return (error);
2052 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2053 return (0);
2054 }
2055
2056 /*
2057 * inputs:
2058 * zc_name name of filesystem
2059 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2060 *
2061 * outputs:
2062 * zc_nvlist_dst zpl property nvlist
2063 * zc_nvlist_dst_size size of zpl property nvlist
2064 */
2065 static int
2066 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2067 {
2068 objset_t *os;
2069 int err;
2070
2071 /* XXX reading without owning */
2072 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2073 return (err);
2074
2075 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2076
2077 /*
2078 * NB: nvl_add_zplprop() will read the objset contents,
2079 * which we aren't supposed to do with a DS_MODE_USER
2080 * hold, because it could be inconsistent.
2081 */
2082 if (zc->zc_nvlist_dst != NULL &&
2083 !zc->zc_objset_stats.dds_inconsistent &&
2084 dmu_objset_type(os) == DMU_OST_ZFS) {
2085 nvlist_t *nv;
2086
2087 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2088 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2089 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2090 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2091 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2092 err = put_nvlist(zc, nv);
2093 nvlist_free(nv);
2094 } else {
2095 err = ENOENT;
2096 }
2097 dmu_objset_rele(os, FTAG);
2098 return (err);
2099 }
2100
2101 static boolean_t
2102 dataset_name_hidden(const char *name)
2103 {
2104 /*
2105 * Skip over datasets that are not visible in this zone,
2106 * internal datasets (which have a $ in their name), and
2107 * temporary datasets (which have a % in their name).
2108 */
2109 if (strchr(name, '$') != NULL)
2110 return (B_TRUE);
2111 if (strchr(name, '%') != NULL)
2112 return (B_TRUE);
2113 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2114 return (B_TRUE);
2115 return (B_FALSE);
2116 }
2117
2118 /*
2119 * inputs:
2120 * zc_name name of filesystem
2121 * zc_cookie zap cursor
2122 * zc_nvlist_dst_size size of buffer for property nvlist
2123 *
2124 * outputs:
2125 * zc_name name of next filesystem
2126 * zc_cookie zap cursor
2127 * zc_objset_stats stats
2128 * zc_nvlist_dst property nvlist
2129 * zc_nvlist_dst_size size of property nvlist
2130 */
2131 static int
2132 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2133 {
2134 objset_t *os;
2135 int error;
2136 char *p;
2137 size_t orig_len = strlen(zc->zc_name);
2138
2139 top:
2140 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2141 if (error == ENOENT)
2142 error = ESRCH;
2143 return (error);
2144 }
2145
2146 p = strrchr(zc->zc_name, '/');
2147 if (p == NULL || p[1] != '\0')
2148 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2149 p = zc->zc_name + strlen(zc->zc_name);
2150
2151 /*
2152 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
2153 * but is not declared void because its called by dmu_objset_find().
2154 */
2155 if (zc->zc_cookie == 0) {
2156 uint64_t cookie = 0;
2157 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2158
2159 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2160 if (!dataset_name_hidden(zc->zc_name))
2161 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2162 }
2163 }
2164
2165 do {
2166 error = dmu_dir_list_next(os,
2167 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2168 NULL, &zc->zc_cookie);
2169 if (error == ENOENT)
2170 error = ESRCH;
2171 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2172 dmu_objset_rele(os, FTAG);
2173
2174 /*
2175 * If it's an internal dataset (ie. with a '$' in its name),
2176 * don't try to get stats for it, otherwise we'll return ENOENT.
2177 */
2178 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2179 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2180 if (error == ENOENT) {
2181 /* We lost a race with destroy, get the next one. */
2182 zc->zc_name[orig_len] = '\0';
2183 goto top;
2184 }
2185 }
2186 return (error);
2187 }
2188
2189 /*
2190 * inputs:
2191 * zc_name name of filesystem
2192 * zc_cookie zap cursor
2193 * zc_nvlist_dst_size size of buffer for property nvlist
2194 *
2195 * outputs:
2196 * zc_name name of next snapshot
2197 * zc_objset_stats stats
2198 * zc_nvlist_dst property nvlist
2199 * zc_nvlist_dst_size size of property nvlist
2200 */
2201 static int
2202 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2203 {
2204 objset_t *os;
2205 int error;
2206
2207 top:
2208 if (zc->zc_cookie == 0)
2209 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2210 NULL, DS_FIND_SNAPSHOTS);
2211
2212 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2213 if (error)
2214 return (error == ENOENT ? ESRCH : error);
2215
2216 /*
2217 * A dataset name of maximum length cannot have any snapshots,
2218 * so exit immediately.
2219 */
2220 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2221 dmu_objset_rele(os, FTAG);
2222 return (ESRCH);
2223 }
2224
2225 error = dmu_snapshot_list_next(os,
2226 sizeof (zc->zc_name) - strlen(zc->zc_name),
2227 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2228 NULL);
2229
2230 if (error == 0) {
2231 dsl_dataset_t *ds;
2232 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2233
2234 /*
2235 * Since we probably don't have a hold on this snapshot,
2236 * it's possible that the objsetid could have been destroyed
2237 * and reused for a new objset. It's OK if this happens during
2238 * a zfs send operation, since the new createtxg will be
2239 * beyond the range we're interested in.
2240 */
2241 rw_enter(&dp->dp_config_rwlock, RW_READER);
2242 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2243 rw_exit(&dp->dp_config_rwlock);
2244 if (error) {
2245 if (error == ENOENT) {
2246 /* Racing with destroy, get the next one. */
2247 *strchr(zc->zc_name, '@') = '\0';
2248 dmu_objset_rele(os, FTAG);
2249 goto top;
2250 }
2251 } else {
2252 objset_t *ossnap;
2253
2254 error = dmu_objset_from_ds(ds, &ossnap);
2255 if (error == 0)
2256 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2257 dsl_dataset_rele(ds, FTAG);
2258 }
2259 } else if (error == ENOENT) {
2260 error = ESRCH;
2261 }
2262
2263 dmu_objset_rele(os, FTAG);
2264 /* if we failed, undo the @ that we tacked on to zc_name */
2265 if (error)
2266 *strchr(zc->zc_name, '@') = '\0';
2267 return (error);
2268 }
2269
2270 static int
2271 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2272 {
2273 const char *propname = nvpair_name(pair);
2274 uint64_t *valary;
2275 unsigned int vallen;
2276 const char *domain;
2277 char *dash;
2278 zfs_userquota_prop_t type;
2279 uint64_t rid;
2280 uint64_t quota;
2281 zfsvfs_t *zfsvfs;
2282 int err;
2283
2284 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2285 nvlist_t *attrs;
2286 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2287 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2288 &pair) != 0)
2289 return (EINVAL);
2290 }
2291
2292 /*
2293 * A correctly constructed propname is encoded as
2294 * userquota@<rid>-<domain>.
2295 */
2296 if ((dash = strchr(propname, '-')) == NULL ||
2297 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2298 vallen != 3)
2299 return (EINVAL);
2300
2301 domain = dash + 1;
2302 type = valary[0];
2303 rid = valary[1];
2304 quota = valary[2];
2305
2306 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2307 if (err == 0) {
2308 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2309 zfsvfs_rele(zfsvfs, FTAG);
2310 }
2311
2312 return (err);
2313 }
2314
2315 /*
2316 * If the named property is one that has a special function to set its value,
2317 * return 0 on success and a positive error code on failure; otherwise if it is
2318 * not one of the special properties handled by this function, return -1.
2319 *
2320 * XXX: It would be better for callers of the property interface if we handled
2321 * these special cases in dsl_prop.c (in the dsl layer).
2322 */
2323 static int
2324 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2325 nvpair_t *pair)
2326 {
2327 const char *propname = nvpair_name(pair);
2328 zfs_prop_t prop = zfs_name_to_prop(propname);
2329 uint64_t intval;
2330 int err;
2331
2332 if (prop == ZPROP_INVAL) {
2333 if (zfs_prop_userquota(propname))
2334 return (zfs_prop_set_userquota(dsname, pair));
2335 return (-1);
2336 }
2337
2338 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2339 nvlist_t *attrs;
2340 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2341 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2342 &pair) == 0);
2343 }
2344
2345 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2346 return (-1);
2347
2348 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2349
2350 switch (prop) {
2351 case ZFS_PROP_QUOTA:
2352 err = dsl_dir_set_quota(dsname, source, intval);
2353 break;
2354 case ZFS_PROP_REFQUOTA:
2355 err = dsl_dataset_set_quota(dsname, source, intval);
2356 break;
2357 case ZFS_PROP_RESERVATION:
2358 err = dsl_dir_set_reservation(dsname, source, intval);
2359 break;
2360 case ZFS_PROP_REFRESERVATION:
2361 err = dsl_dataset_set_reservation(dsname, source, intval);
2362 break;
2363 case ZFS_PROP_VOLSIZE:
2364 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2365 intval);
2366 break;
2367 case ZFS_PROP_VERSION:
2368 {
2369 zfsvfs_t *zfsvfs;
2370
2371 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2372 break;
2373
2374 err = zfs_set_version(zfsvfs, intval);
2375 zfsvfs_rele(zfsvfs, FTAG);
2376
2377 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2378 zfs_cmd_t *zc;
2379
2380 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2381 (void) strcpy(zc->zc_name, dsname);
2382 (void) zfs_ioc_userspace_upgrade(zc);
2383 kmem_free(zc, sizeof (zfs_cmd_t));
2384 }
2385 break;
2386 }
2387
2388 default:
2389 err = -1;
2390 }
2391
2392 return (err);
2393 }
2394
2395 /*
2396 * This function is best effort. If it fails to set any of the given properties,
2397 * it continues to set as many as it can and returns the last error
2398 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2399 * with the list of names of all the properties that failed along with the
2400 * corresponding error numbers.
2401 *
2402 * If every property is set successfully, zero is returned and errlist is not
2403 * modified.
2404 */
2405 int
2406 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2407 nvlist_t *errlist)
2408 {
2409 nvpair_t *pair;
2410 nvpair_t *propval;
2411 int rv = 0;
2412 uint64_t intval;
2413 char *strval;
2414 nvlist_t *genericnvl = fnvlist_alloc();
2415 nvlist_t *retrynvl = fnvlist_alloc();
2416
2417 retry:
2418 pair = NULL;
2419 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2420 const char *propname = nvpair_name(pair);
2421 zfs_prop_t prop = zfs_name_to_prop(propname);
2422 int err = 0;
2423
2424 /* decode the property value */
2425 propval = pair;
2426 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2427 nvlist_t *attrs;
2428 attrs = fnvpair_value_nvlist(pair);
2429 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2430 &propval) != 0)
2431 err = EINVAL;
2432 }
2433
2434 /* Validate value type */
2435 if (err == 0 && prop == ZPROP_INVAL) {
2436 if (zfs_prop_user(propname)) {
2437 if (nvpair_type(propval) != DATA_TYPE_STRING)
2438 err = EINVAL;
2439 } else if (zfs_prop_userquota(propname)) {
2440 if (nvpair_type(propval) !=
2441 DATA_TYPE_UINT64_ARRAY)
2442 err = EINVAL;
2443 } else {
2444 err = EINVAL;
2445 }
2446 } else if (err == 0) {
2447 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2448 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2449 err = EINVAL;
2450 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2451 const char *unused;
2452
2453 intval = fnvpair_value_uint64(propval);
2454
2455 switch (zfs_prop_get_type(prop)) {
2456 case PROP_TYPE_NUMBER:
2457 break;
2458 case PROP_TYPE_STRING:
2459 err = EINVAL;
2460 break;
2461 case PROP_TYPE_INDEX:
2462 if (zfs_prop_index_to_string(prop,
2463 intval, &unused) != 0)
2464 err = EINVAL;
2465 break;
2466 default:
2467 cmn_err(CE_PANIC,
2468 "unknown property type");
2469 }
2470 } else {
2471 err = EINVAL;
2472 }
2473 }
2474
2475 /* Validate permissions */
2476 if (err == 0)
2477 err = zfs_check_settable(dsname, pair, CRED());
2478
2479 if (err == 0) {
2480 err = zfs_prop_set_special(dsname, source, pair);
2481 if (err == -1) {
2482 /*
2483 * For better performance we build up a list of
2484 * properties to set in a single transaction.
2485 */
2486 err = nvlist_add_nvpair(genericnvl, pair);
2487 } else if (err != 0 && nvl != retrynvl) {
2488 /*
2489 * This may be a spurious error caused by
2490 * receiving quota and reservation out of order.
2491 * Try again in a second pass.
2492 */
2493 err = nvlist_add_nvpair(retrynvl, pair);
2494 }
2495 }
2496
2497 if (err != 0) {
2498 if (errlist != NULL)
2499 fnvlist_add_int32(errlist, propname, err);
2500 rv = err;
2501 }
2502 }
2503
2504 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2505 nvl = retrynvl;
2506 goto retry;
2507 }
2508
2509 if (!nvlist_empty(genericnvl) &&
2510 dsl_props_set(dsname, source, genericnvl) != 0) {
2511 /*
2512 * If this fails, we still want to set as many properties as we
2513 * can, so try setting them individually.
2514 */
2515 pair = NULL;
2516 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2517 const char *propname = nvpair_name(pair);
2518 int err = 0;
2519
2520 propval = pair;
2521 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2522 nvlist_t *attrs;
2523 attrs = fnvpair_value_nvlist(pair);
2524 propval = fnvlist_lookup_nvpair(attrs,
2525 ZPROP_VALUE);
2526 }
2527
2528 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2529 strval = fnvpair_value_string(propval);
2530 err = dsl_prop_set(dsname, propname, source, 1,
2531 strlen(strval) + 1, strval);
2532 } else {
2533 intval = fnvpair_value_uint64(propval);
2534 err = dsl_prop_set(dsname, propname, source, 8,
2535 1, &intval);
2536 }
2537
2538 if (err != 0) {
2539 if (errlist != NULL) {
2540 fnvlist_add_int32(errlist, propname,
2541 err);
2542 }
2543 rv = err;
2544 }
2545 }
2546 }
2547 nvlist_free(genericnvl);
2548 nvlist_free(retrynvl);
2549
2550 return (rv);
2551 }
2552
2553 /*
2554 * Check that all the properties are valid user properties.
2555 */
2556 static int
2557 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2558 {
2559 nvpair_t *pair = NULL;
2560 int error = 0;
2561
2562 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2563 const char *propname = nvpair_name(pair);
2564 char *valstr;
2565
2566 if (!zfs_prop_user(propname) ||
2567 nvpair_type(pair) != DATA_TYPE_STRING)
2568 return (EINVAL);
2569
2570 if (error = zfs_secpolicy_write_perms(fsname,
2571 ZFS_DELEG_PERM_USERPROP, CRED()))
2572 return (error);
2573
2574 if (strlen(propname) >= ZAP_MAXNAMELEN)
2575 return (ENAMETOOLONG);
2576
2577 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2578 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2579 return (E2BIG);
2580 }
2581 return (0);
2582 }
2583
2584 static void
2585 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2586 {
2587 nvpair_t *pair;
2588
2589 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2590
2591 pair = NULL;
2592 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2593 if (nvlist_exists(skipped, nvpair_name(pair)))
2594 continue;
2595
2596 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2597 }
2598 }
2599
2600 static int
2601 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2602 nvlist_t *skipped)
2603 {
2604 int err = 0;
2605 nvlist_t *cleared_props = NULL;
2606 props_skip(props, skipped, &cleared_props);
2607 if (!nvlist_empty(cleared_props)) {
2608 /*
2609 * Acts on local properties until the dataset has received
2610 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2611 */
2612 zprop_source_t flags = (ZPROP_SRC_NONE |
2613 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2614 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2615 }
2616 nvlist_free(cleared_props);
2617 return (err);
2618 }
2619
2620 /*
2621 * inputs:
2622 * zc_name name of filesystem
2623 * zc_value name of property to set
2624 * zc_nvlist_src{_size} nvlist of properties to apply
2625 * zc_cookie received properties flag
2626 *
2627 * outputs:
2628 * zc_nvlist_dst{_size} error for each unapplied received property
2629 */
2630 static int
2631 zfs_ioc_set_prop(zfs_cmd_t *zc)
2632 {
2633 nvlist_t *nvl;
2634 boolean_t received = zc->zc_cookie;
2635 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2636 ZPROP_SRC_LOCAL);
2637 nvlist_t *errors;
2638 int error;
2639
2640 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2641 zc->zc_iflags, &nvl)) != 0)
2642 return (error);
2643
2644 if (received) {
2645 nvlist_t *origprops;
2646 objset_t *os;
2647
2648 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2649 if (dsl_prop_get_received(os, &origprops) == 0) {
2650 (void) clear_received_props(os,
2651 zc->zc_name, origprops, nvl);
2652 nvlist_free(origprops);
2653 }
2654
2655 dsl_prop_set_hasrecvd(os);
2656 dmu_objset_rele(os, FTAG);
2657 }
2658 }
2659
2660 errors = fnvlist_alloc();
2661 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2662
2663 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2664 (void) put_nvlist(zc, errors);
2665 }
2666
2667 nvlist_free(errors);
2668 nvlist_free(nvl);
2669 return (error);
2670 }
2671
2672 /*
2673 * inputs:
2674 * zc_name name of filesystem
2675 * zc_value name of property to inherit
2676 * zc_cookie revert to received value if TRUE
2677 *
2678 * outputs: none
2679 */
2680 static int
2681 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2682 {
2683 const char *propname = zc->zc_value;
2684 zfs_prop_t prop = zfs_name_to_prop(propname);
2685 boolean_t received = zc->zc_cookie;
2686 zprop_source_t source = (received
2687 ? ZPROP_SRC_NONE /* revert to received value, if any */
2688 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2689
2690 if (received) {
2691 nvlist_t *dummy;
2692 nvpair_t *pair;
2693 zprop_type_t type;
2694 int err;
2695
2696 /*
2697 * zfs_prop_set_special() expects properties in the form of an
2698 * nvpair with type info.
2699 */
2700 if (prop == ZPROP_INVAL) {
2701 if (!zfs_prop_user(propname))
2702 return (EINVAL);
2703
2704 type = PROP_TYPE_STRING;
2705 } else if (prop == ZFS_PROP_VOLSIZE ||
2706 prop == ZFS_PROP_VERSION) {
2707 return (EINVAL);
2708 } else {
2709 type = zfs_prop_get_type(prop);
2710 }
2711
2712 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2713
2714 switch (type) {
2715 case PROP_TYPE_STRING:
2716 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2717 break;
2718 case PROP_TYPE_NUMBER:
2719 case PROP_TYPE_INDEX:
2720 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2721 break;
2722 default:
2723 nvlist_free(dummy);
2724 return (EINVAL);
2725 }
2726
2727 pair = nvlist_next_nvpair(dummy, NULL);
2728 err = zfs_prop_set_special(zc->zc_name, source, pair);
2729 nvlist_free(dummy);
2730 if (err != -1)
2731 return (err); /* special property already handled */
2732 } else {
2733 /*
2734 * Only check this in the non-received case. We want to allow
2735 * 'inherit -S' to revert non-inheritable properties like quota
2736 * and reservation to the received or default values even though
2737 * they are not considered inheritable.
2738 */
2739 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2740 return (EINVAL);
2741 }
2742
2743 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2744 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2745 }
2746
2747 static int
2748 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2749 {
2750 nvlist_t *props;
2751 spa_t *spa;
2752 int error;
2753 nvpair_t *pair;
2754
2755 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2756 zc->zc_iflags, &props))
2757 return (error);
2758
2759 /*
2760 * If the only property is the configfile, then just do a spa_lookup()
2761 * to handle the faulted case.
2762 */
2763 pair = nvlist_next_nvpair(props, NULL);
2764 if (pair != NULL && strcmp(nvpair_name(pair),
2765 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2766 nvlist_next_nvpair(props, pair) == NULL) {
2767 mutex_enter(&spa_namespace_lock);
2768 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2769 spa_configfile_set(spa, props, B_FALSE);
2770 spa_config_sync(spa, B_FALSE, B_TRUE);
2771 }
2772 mutex_exit(&spa_namespace_lock);
2773 if (spa != NULL) {
2774 nvlist_free(props);
2775 return (0);
2776 }
2777 }
2778
2779 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2780 nvlist_free(props);
2781 return (error);
2782 }
2783
2784 error = spa_prop_set(spa, props);
2785
2786 nvlist_free(props);
2787 spa_close(spa, FTAG);
2788
2789 return (error);
2790 }
2791
2792 static int
2793 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2794 {
2795 spa_t *spa;
2796 int error;
2797 nvlist_t *nvp = NULL;
2798
2799 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2800 /*
2801 * If the pool is faulted, there may be properties we can still
2802 * get (such as altroot and cachefile), so attempt to get them
2803 * anyway.
2804 */
2805 mutex_enter(&spa_namespace_lock);
2806 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2807 error = spa_prop_get(spa, &nvp);
2808 mutex_exit(&spa_namespace_lock);
2809 } else {
2810 error = spa_prop_get(spa, &nvp);
2811 spa_close(spa, FTAG);
2812 }
2813
2814 if (error == 0 && zc->zc_nvlist_dst != NULL)
2815 error = put_nvlist(zc, nvp);
2816 else
2817 error = EFAULT;
2818
2819 nvlist_free(nvp);
2820 return (error);
2821 }
2822
2823 /*
2824 * inputs:
2825 * zc_name name of filesystem
2826 * zc_nvlist_src{_size} nvlist of delegated permissions
2827 * zc_perm_action allow/unallow flag
2828 *
2829 * outputs: none
2830 */
2831 static int
2832 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2833 {
2834 int error;
2835 nvlist_t *fsaclnv = NULL;
2836
2837 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2838 zc->zc_iflags, &fsaclnv)) != 0)
2839 return (error);
2840
2841 /*
2842 * Verify nvlist is constructed correctly
2843 */
2844 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2845 nvlist_free(fsaclnv);
2846 return (EINVAL);
2847 }
2848
2849 /*
2850 * If we don't have PRIV_SYS_MOUNT, then validate
2851 * that user is allowed to hand out each permission in
2852 * the nvlist(s)
2853 */
2854
2855 error = secpolicy_zfs(CRED());
2856 if (error) {
2857 if (zc->zc_perm_action == B_FALSE) {
2858 error = dsl_deleg_can_allow(zc->zc_name,
2859 fsaclnv, CRED());
2860 } else {
2861 error = dsl_deleg_can_unallow(zc->zc_name,
2862 fsaclnv, CRED());
2863 }
2864 }
2865
2866 if (error == 0)
2867 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2868
2869 nvlist_free(fsaclnv);
2870 return (error);
2871 }
2872
2873 /*
2874 * inputs:
2875 * zc_name name of filesystem
2876 *
2877 * outputs:
2878 * zc_nvlist_src{_size} nvlist of delegated permissions
2879 */
2880 static int
2881 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2882 {
2883 nvlist_t *nvp;
2884 int error;
2885
2886 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2887 error = put_nvlist(zc, nvp);
2888 nvlist_free(nvp);
2889 }
2890
2891 return (error);
2892 }
2893
2894 /*
2895 * Search the vfs list for a specified resource. Returns a pointer to it
2896 * or NULL if no suitable entry is found. The caller of this routine
2897 * is responsible for releasing the returned vfs pointer.
2898 */
2899 static vfs_t *
2900 zfs_get_vfs(const char *resource)
2901 {
2902 struct vfs *vfsp;
2903 struct vfs *vfs_found = NULL;
2904
2905 vfs_list_read_lock();
2906 vfsp = rootvfs;
2907 do {
2908 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2909 VFS_HOLD(vfsp);
2910 vfs_found = vfsp;
2911 break;
2912 }
2913 vfsp = vfsp->vfs_next;
2914 } while (vfsp != rootvfs);
2915 vfs_list_unlock();
2916 return (vfs_found);
2917 }
2918
2919 /* ARGSUSED */
2920 static void
2921 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2922 {
2923 zfs_creat_t *zct = arg;
2924
2925 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2926 }
2927
2928 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2929
2930 /*
2931 * inputs:
2932 * createprops list of properties requested by creator
2933 * default_zplver zpl version to use if unspecified in createprops
2934 * fuids_ok fuids allowed in this version of the spa?
2935 * os parent objset pointer (NULL if root fs)
2936 *
2937 * outputs:
2938 * zplprops values for the zplprops we attach to the master node object
2939 * is_ci true if requested file system will be purely case-insensitive
2940 *
2941 * Determine the settings for utf8only, normalization and
2942 * casesensitivity. Specific values may have been requested by the
2943 * creator and/or we can inherit values from the parent dataset. If
2944 * the file system is of too early a vintage, a creator can not
2945 * request settings for these properties, even if the requested
2946 * setting is the default value. We don't actually want to create dsl
2947 * properties for these, so remove them from the source nvlist after
2948 * processing.
2949 */
2950 static int
2951 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2952 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2953 nvlist_t *zplprops, boolean_t *is_ci)
2954 {
2955 uint64_t sense = ZFS_PROP_UNDEFINED;
2956 uint64_t norm = ZFS_PROP_UNDEFINED;
2957 uint64_t u8 = ZFS_PROP_UNDEFINED;
2958
2959 ASSERT(zplprops != NULL);
2960
2961 /*
2962 * Pull out creator prop choices, if any.
2963 */
2964 if (createprops) {
2965 (void) nvlist_lookup_uint64(createprops,
2966 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2967 (void) nvlist_lookup_uint64(createprops,
2968 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2969 (void) nvlist_remove_all(createprops,
2970 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2971 (void) nvlist_lookup_uint64(createprops,
2972 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2973 (void) nvlist_remove_all(createprops,
2974 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2975 (void) nvlist_lookup_uint64(createprops,
2976 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2977 (void) nvlist_remove_all(createprops,
2978 zfs_prop_to_name(ZFS_PROP_CASE));
2979 }
2980
2981 /*
2982 * If the zpl version requested is whacky or the file system
2983 * or pool is version is too "young" to support normalization
2984 * and the creator tried to set a value for one of the props,
2985 * error out.
2986 */
2987 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2988 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2989 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2990 (zplver < ZPL_VERSION_NORMALIZATION &&
2991 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2992 sense != ZFS_PROP_UNDEFINED)))
2993 return (ENOTSUP);
2994
2995 /*
2996 * Put the version in the zplprops
2997 */
2998 VERIFY(nvlist_add_uint64(zplprops,
2999 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3000
3001 if (norm == ZFS_PROP_UNDEFINED)
3002 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
3003 VERIFY(nvlist_add_uint64(zplprops,
3004 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3005
3006 /*
3007 * If we're normalizing, names must always be valid UTF-8 strings.
3008 */
3009 if (norm)
3010 u8 = 1;
3011 if (u8 == ZFS_PROP_UNDEFINED)
3012 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
3013 VERIFY(nvlist_add_uint64(zplprops,
3014 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3015
3016 if (sense == ZFS_PROP_UNDEFINED)
3017 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
3018 VERIFY(nvlist_add_uint64(zplprops,
3019 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3020
3021 if (is_ci)
3022 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3023
3024 return (0);
3025 }
3026
3027 static int
3028 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3029 nvlist_t *zplprops, boolean_t *is_ci)
3030 {
3031 boolean_t fuids_ok, sa_ok;
3032 uint64_t zplver = ZPL_VERSION;
3033 objset_t *os = NULL;
3034 char parentname[MAXNAMELEN];
3035 char *cp;
3036 spa_t *spa;
3037 uint64_t spa_vers;
3038 int error;
3039
3040 (void) strlcpy(parentname, dataset, sizeof (parentname));
3041 cp = strrchr(parentname, '/');
3042 ASSERT(cp != NULL);
3043 cp[0] = '\0';
3044
3045 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3046 return (error);
3047
3048 spa_vers = spa_version(spa);
3049 spa_close(spa, FTAG);
3050
3051 zplver = zfs_zpl_version_map(spa_vers);
3052 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3053 sa_ok = (zplver >= ZPL_VERSION_SA);
3054
3055 /*
3056 * Open parent object set so we can inherit zplprop values.
3057 */
3058 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3059 return (error);
3060
3061 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3062 zplprops, is_ci);
3063 dmu_objset_rele(os, FTAG);
3064 return (error);
3065 }
3066
3067 static int
3068 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3069 nvlist_t *zplprops, boolean_t *is_ci)
3070 {
3071 boolean_t fuids_ok;
3072 boolean_t sa_ok;
3073 uint64_t zplver = ZPL_VERSION;
3074 int error;
3075
3076 zplver = zfs_zpl_version_map(spa_vers);
3077 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3078 sa_ok = (zplver >= ZPL_VERSION_SA);
3079
3080 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3081 createprops, zplprops, is_ci);
3082 return (error);
3083 }
3084
3085 /*
3086 * innvl: {
3087 * "type" -> dmu_objset_type_t (int32)
3088 * (optional) "props" -> { prop -> value }
3089 * }
3090 *
3091 * outnvl: propname -> error code (int32)
3092 */
3093 static int
3094 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3095 {
3096 int error = 0;
3097 zfs_creat_t zct = { 0 };
3098 nvlist_t *nvprops = NULL;
3099 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3100 int32_t type32;
3101 dmu_objset_type_t type;
3102 boolean_t is_insensitive = B_FALSE;
3103
3104 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3105 return (EINVAL);
3106 type = type32;
3107 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3108
3109 switch (type) {
3110 case DMU_OST_ZFS:
3111 cbfunc = zfs_create_cb;
3112 break;
3113
3114 case DMU_OST_ZVOL:
3115 cbfunc = zvol_create_cb;
3116 break;
3117
3118 default:
3119 cbfunc = NULL;
3120 break;
3121 }
3122 if (strchr(fsname, '@') ||
3123 strchr(fsname, '%'))
3124 return (EINVAL);
3125
3126 zct.zct_props = nvprops;
3127
3128 if (cbfunc == NULL)
3129 return (EINVAL);
3130
3131 if (type == DMU_OST_ZVOL) {
3132 uint64_t volsize, volblocksize;
3133
3134 if (nvprops == NULL)
3135 return (EINVAL);
3136 if (nvlist_lookup_uint64(nvprops,
3137 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3138 return (EINVAL);
3139
3140 if ((error = nvlist_lookup_uint64(nvprops,
3141 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3142 &volblocksize)) != 0 && error != ENOENT)
3143 return (EINVAL);
3144
3145 if (error != 0)
3146 volblocksize = zfs_prop_default_numeric(
3147 ZFS_PROP_VOLBLOCKSIZE);
3148
3149 if ((error = zvol_check_volblocksize(
3150 volblocksize)) != 0 ||
3151 (error = zvol_check_volsize(volsize,
3152 volblocksize)) != 0)
3153 return (error);
3154 } else if (type == DMU_OST_ZFS) {
3155 int error;
3156
3157 /*
3158 * We have to have normalization and
3159 * case-folding flags correct when we do the
3160 * file system creation, so go figure them out
3161 * now.
3162 */
3163 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3164 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3165 error = zfs_fill_zplprops(fsname, nvprops,
3166 zct.zct_zplprops, &is_insensitive);
3167 if (error != 0) {
3168 nvlist_free(zct.zct_zplprops);
3169 return (error);
3170 }
3171 }
3172
3173 error = dmu_objset_create(fsname, type,
3174 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3175 nvlist_free(zct.zct_zplprops);
3176
3177 /*
3178 * It would be nice to do this atomically.
3179 */
3180 if (error == 0) {
3181 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3182 nvprops, outnvl);
3183 if (error != 0)
3184 (void) dmu_objset_destroy(fsname, B_FALSE);
3185 }
3186 return (error);
3187 }
3188
3189 /*
3190 * innvl: {
3191 * "origin" -> name of origin snapshot
3192 * (optional) "props" -> { prop -> value }
3193 * }
3194 *
3195 * outnvl: propname -> error code (int32)
3196 */
3197 static int
3198 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3199 {
3200 int error = 0;
3201 nvlist_t *nvprops = NULL;
3202 char *origin_name;
3203 dsl_dataset_t *origin;
3204
3205 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3206 return (EINVAL);
3207 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3208
3209 if (strchr(fsname, '@') ||
3210 strchr(fsname, '%'))
3211 return (EINVAL);
3212
3213 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3214 return (EINVAL);
3215
3216 error = dsl_dataset_hold(origin_name, FTAG, &origin);
3217 if (error)
3218 return (error);
3219
3220 error = dmu_objset_clone(fsname, origin, 0);
3221 dsl_dataset_rele(origin, FTAG);
3222 if (error)
3223 return (error);
3224
3225 /*
3226 * It would be nice to do this atomically.
3227 */
3228 if (error == 0) {
3229 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3230 nvprops, outnvl);
3231 if (error != 0)
3232 (void) dmu_objset_destroy(fsname, B_FALSE);
3233 }
3234 return (error);
3235 }
3236
3237 /*
3238 * innvl: {
3239 * "snaps" -> { snapshot1, snapshot2 }
3240 * (optional) "props" -> { prop -> value (string) }
3241 * }
3242 *
3243 * outnvl: snapshot -> error code (int32)
3244 *
3245 */
3246 static int
3247 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3248 {
3249 nvlist_t *snaps;
3250 nvlist_t *props = NULL;
3251 int error, poollen;
3252 nvpair_t *pair;
3253
3254 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3255 if ((error = zfs_check_userprops(poolname, props)) != 0)
3256 return (error);
3257
3258 if (!nvlist_empty(props) &&
3259 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3260 return (ENOTSUP);
3261
3262 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3263 return (EINVAL);
3264 poollen = strlen(poolname);
3265 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3266 pair = nvlist_next_nvpair(snaps, pair)) {
3267 const char *name = nvpair_name(pair);
3268 const char *cp = strchr(name, '@');
3269
3270 /*
3271 * The snap name must contain an @, and the part after it must
3272 * contain only valid characters.
3273 */
3274 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3275 return (EINVAL);
3276
3277 /*
3278 * The snap must be in the specified pool.
3279 */
3280 if (strncmp(name, poolname, poollen) != 0 ||
3281 (name[poollen] != '/' && name[poollen] != '@'))
3282 return (EXDEV);
3283
3284 /* This must be the only snap of this fs. */
3285 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3286 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3287 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3288 == 0) {
3289 return (EXDEV);
3290 }
3291 }
3292 }
3293
3294 error = dmu_objset_snapshot(snaps, props, outnvl);
3295 return (error);
3296 }
3297
3298 /*
3299 * innvl: "message" -> string
3300 */
3301 /* ARGSUSED */
3302 static int
3303 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3304 {
3305 char *message;
3306 spa_t *spa;
3307 int error;
3308 char *poolname;
3309
3310 /*
3311 * The poolname in the ioctl is not set, we get it from the TSD,
3312 * which was set at the end of the last successful ioctl that allows
3313 * logging. The secpolicy func already checked that it is set.
3314 * Only one log ioctl is allowed after each successful ioctl, so
3315 * we clear the TSD here.
3316 */
3317 poolname = tsd_get(zfs_allow_log_key);
3318 (void) tsd_set(zfs_allow_log_key, NULL);
3319 error = spa_open(poolname, &spa, FTAG);
3320 strfree(poolname);
3321 if (error != 0)
3322 return (error);
3323
3324 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3325 spa_close(spa, FTAG);
3326 return (EINVAL);
3327 }
3328
3329 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3330 spa_close(spa, FTAG);
3331 return (ENOTSUP);
3332 }
3333
3334 error = spa_history_log(spa, message);
3335 spa_close(spa, FTAG);
3336 return (error);
3337 }
3338
3339 /* ARGSUSED */
3340 int
3341 zfs_unmount_snap(const char *name, void *arg)
3342 {
3343 vfs_t *vfsp;
3344 int err;
3345
3346 if (strchr(name, '@') == NULL)
3347 return (0);
3348
3349 vfsp = zfs_get_vfs(name);
3350 if (vfsp == NULL)
3351 return (0);
3352
3353 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3354 VFS_RELE(vfsp);
3355 return (err);
3356 }
3357 VFS_RELE(vfsp);
3358
3359 /*
3360 * Always force the unmount for snapshots.
3361 */
3362 return (dounmount(vfsp, MS_FORCE, kcred));
3363 }
3364
3365 /*
3366 * innvl: {
3367 * "snaps" -> { snapshot1, snapshot2 }
3368 * (optional boolean) "defer"
3369 * }
3370 *
3371 * outnvl: snapshot -> error code (int32)
3372 *
3373 */
3374 static int
3375 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3376 {
3377 int poollen;
3378 nvlist_t *snaps;
3379 nvpair_t *pair;
3380 boolean_t defer;
3381
3382 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3383 return (EINVAL);
3384 defer = nvlist_exists(innvl, "defer");
3385
3386 poollen = strlen(poolname);
3387 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3388 pair = nvlist_next_nvpair(snaps, pair)) {
3389 const char *name = nvpair_name(pair);
3390
3391 /*
3392 * The snap must be in the specified pool.
3393 */
3394 if (strncmp(name, poolname, poollen) != 0 ||
3395 (name[poollen] != '/' && name[poollen] != '@'))
3396 return (EXDEV);
3397
3398 /*
3399 * Ignore failures to unmount; dmu_snapshots_destroy_nvl()
3400 * will deal with this gracefully (by filling in outnvl).
3401 */
3402 (void) zfs_unmount_snap(name, NULL);
3403 }
3404
3405 return (dmu_snapshots_destroy_nvl(snaps, defer, outnvl));
3406 }
3407
3408 /*
3409 * inputs:
3410 * zc_name name of dataset to destroy
3411 * zc_objset_type type of objset
3412 * zc_defer_destroy mark for deferred destroy
3413 *
3414 * outputs: none
3415 */
3416 static int
3417 zfs_ioc_destroy(zfs_cmd_t *zc)
3418 {
3419 int err;
3420 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3421 err = zfs_unmount_snap(zc->zc_name, NULL);
3422 if (err)
3423 return (err);
3424 }
3425
3426 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3427 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3428 (void) zvol_remove_minor(zc->zc_name);
3429 return (err);
3430 }
3431
3432 /*
3433 * inputs:
3434 * zc_name name of dataset to rollback (to most recent snapshot)
3435 *
3436 * outputs: none
3437 */
3438 static int
3439 zfs_ioc_rollback(zfs_cmd_t *zc)
3440 {
3441 dsl_dataset_t *ds, *clone;
3442 int error;
3443 zfsvfs_t *zfsvfs;
3444 char *clone_name;
3445
3446 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3447 if (error)
3448 return (error);
3449
3450 /* must not be a snapshot */
3451 if (dsl_dataset_is_snapshot(ds)) {
3452 dsl_dataset_rele(ds, FTAG);
3453 return (EINVAL);
3454 }
3455
3456 /* must have a most recent snapshot */
3457 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3458 dsl_dataset_rele(ds, FTAG);
3459 return (EINVAL);
3460 }
3461
3462 /*
3463 * Create clone of most recent snapshot.
3464 */
3465 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3466 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3467 if (error)
3468 goto out;
3469
3470 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3471 if (error)
3472 goto out;
3473
3474 /*
3475 * Do clone swap.
3476 */
3477 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3478 error = zfs_suspend_fs(zfsvfs);
3479 if (error == 0) {
3480 int resume_err;
3481
3482 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3483 error = dsl_dataset_clone_swap(clone, ds,
3484 B_TRUE);
3485 dsl_dataset_disown(ds, FTAG);
3486 ds = NULL;
3487 } else {
3488 error = EBUSY;
3489 }
3490 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3491 error = error ? error : resume_err;
3492 }
3493 VFS_RELE(zfsvfs->z_vfs);
3494 } else {
3495 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3496 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3497 dsl_dataset_disown(ds, FTAG);
3498 ds = NULL;
3499 } else {
3500 error = EBUSY;
3501 }
3502 }
3503
3504 /*
3505 * Destroy clone (which also closes it).
3506 */
3507 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3508
3509 out:
3510 strfree(clone_name);
3511 if (ds)
3512 dsl_dataset_rele(ds, FTAG);
3513 return (error);
3514 }
3515
3516 /*
3517 * inputs:
3518 * zc_name old name of dataset
3519 * zc_value new name of dataset
3520 * zc_cookie recursive flag (only valid for snapshots)
3521 *
3522 * outputs: none
3523 */
3524 static int
3525 zfs_ioc_rename(zfs_cmd_t *zc)
3526 {
3527 boolean_t recursive = zc->zc_cookie & 1;
3528
3529 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3530 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3531 strchr(zc->zc_value, '%'))
3532 return (EINVAL);
3533
3534 /*
3535 * Unmount snapshot unless we're doing a recursive rename,
3536 * in which case the dataset code figures out which snapshots
3537 * to unmount.
3538 */
3539 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3540 zc->zc_objset_type == DMU_OST_ZFS) {
3541 int err = zfs_unmount_snap(zc->zc_name, NULL);
3542 if (err)
3543 return (err);
3544 }
3545 if (zc->zc_objset_type == DMU_OST_ZVOL)
3546 (void) zvol_remove_minor(zc->zc_name);
3547 return (dmu_objset_rename(zc->zc_name, zc->zc_value, recursive));
3548 }
3549
3550 static int
3551 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3552 {
3553 const char *propname = nvpair_name(pair);
3554 boolean_t issnap = (strchr(dsname, '@') != NULL);
3555 zfs_prop_t prop = zfs_name_to_prop(propname);
3556 uint64_t intval;
3557 int err;
3558
3559 if (prop == ZPROP_INVAL) {
3560 if (zfs_prop_user(propname)) {
3561 if (err = zfs_secpolicy_write_perms(dsname,
3562 ZFS_DELEG_PERM_USERPROP, cr))
3563 return (err);
3564 return (0);
3565 }
3566
3567 if (!issnap && zfs_prop_userquota(propname)) {
3568 const char *perm = NULL;
3569 const char *uq_prefix =
3570 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3571 const char *gq_prefix =
3572 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3573
3574 if (strncmp(propname, uq_prefix,
3575 strlen(uq_prefix)) == 0) {
3576 perm = ZFS_DELEG_PERM_USERQUOTA;
3577 } else if (strncmp(propname, gq_prefix,
3578 strlen(gq_prefix)) == 0) {
3579 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3580 } else {
3581 /* USERUSED and GROUPUSED are read-only */
3582 return (EINVAL);
3583 }
3584
3585 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3586 return (err);
3587 return (0);
3588 }
3589
3590 return (EINVAL);
3591 }
3592
3593 if (issnap)
3594 return (EINVAL);
3595
3596 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3597 /*
3598 * dsl_prop_get_all_impl() returns properties in this
3599 * format.
3600 */
3601 nvlist_t *attrs;
3602 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3603 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3604 &pair) == 0);
3605 }
3606
3607 /*
3608 * Check that this value is valid for this pool version
3609 */
3610 switch (prop) {
3611 case ZFS_PROP_COMPRESSION:
3612 /*
3613 * If the user specified gzip compression, make sure
3614 * the SPA supports it. We ignore any errors here since
3615 * we'll catch them later.
3616 */
3617 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3618 nvpair_value_uint64(pair, &intval) == 0) {
3619 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3620 intval <= ZIO_COMPRESS_GZIP_9 &&
3621 zfs_earlier_version(dsname,
3622 SPA_VERSION_GZIP_COMPRESSION)) {
3623 return (ENOTSUP);
3624 }
3625
3626 if (intval == ZIO_COMPRESS_ZLE &&
3627 zfs_earlier_version(dsname,
3628 SPA_VERSION_ZLE_COMPRESSION))
3629 return (ENOTSUP);
3630
3631 /*
3632 * If this is a bootable dataset then
3633 * verify that the compression algorithm
3634 * is supported for booting. We must return
3635 * something other than ENOTSUP since it
3636 * implies a downrev pool version.
3637 */
3638 if (zfs_is_bootfs(dsname) &&
3639 !BOOTFS_COMPRESS_VALID(intval)) {
3640 return (ERANGE);
3641 }
3642 }
3643 break;
3644
3645 case ZFS_PROP_COPIES:
3646 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3647 return (ENOTSUP);
3648 break;
3649
3650 case ZFS_PROP_DEDUP:
3651 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3652 return (ENOTSUP);
3653 break;
3654
3655 case ZFS_PROP_SHARESMB:
3656 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3657 return (ENOTSUP);
3658 break;
3659
3660 case ZFS_PROP_ACLINHERIT:
3661 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3662 nvpair_value_uint64(pair, &intval) == 0) {
3663 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3664 zfs_earlier_version(dsname,
3665 SPA_VERSION_PASSTHROUGH_X))
3666 return (ENOTSUP);
3667 }
3668 break;
3669 }
3670
3671 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3672 }
3673
3674 /*
3675 * Removes properties from the given props list that fail permission checks
3676 * needed to clear them and to restore them in case of a receive error. For each
3677 * property, make sure we have both set and inherit permissions.
3678 *
3679 * Returns the first error encountered if any permission checks fail. If the
3680 * caller provides a non-NULL errlist, it also gives the complete list of names
3681 * of all the properties that failed a permission check along with the
3682 * corresponding error numbers. The caller is responsible for freeing the
3683 * returned errlist.
3684 *
3685 * If every property checks out successfully, zero is returned and the list
3686 * pointed at by errlist is NULL.
3687 */
3688 static int
3689 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3690 {
3691 zfs_cmd_t *zc;
3692 nvpair_t *pair, *next_pair;
3693 nvlist_t *errors;
3694 int err, rv = 0;
3695
3696 if (props == NULL)
3697 return (0);
3698
3699 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3700
3701 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3702 (void) strcpy(zc->zc_name, dataset);
3703 pair = nvlist_next_nvpair(props, NULL);
3704 while (pair != NULL) {
3705 next_pair = nvlist_next_nvpair(props, pair);
3706
3707 (void) strcpy(zc->zc_value, nvpair_name(pair));
3708 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3709 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3710 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3711 VERIFY(nvlist_add_int32(errors,
3712 zc->zc_value, err) == 0);
3713 }
3714 pair = next_pair;
3715 }
3716 kmem_free(zc, sizeof (zfs_cmd_t));
3717
3718 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3719 nvlist_free(errors);
3720 errors = NULL;
3721 } else {
3722 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3723 }
3724
3725 if (errlist == NULL)
3726 nvlist_free(errors);
3727 else
3728 *errlist = errors;
3729
3730 return (rv);
3731 }
3732
3733 static boolean_t
3734 propval_equals(nvpair_t *p1, nvpair_t *p2)
3735 {
3736 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3737 /* dsl_prop_get_all_impl() format */
3738 nvlist_t *attrs;
3739 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3740 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3741 &p1) == 0);
3742 }
3743
3744 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3745 nvlist_t *attrs;
3746 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3747 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3748 &p2) == 0);
3749 }
3750
3751 if (nvpair_type(p1) != nvpair_type(p2))
3752 return (B_FALSE);
3753
3754 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3755 char *valstr1, *valstr2;
3756
3757 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3758 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3759 return (strcmp(valstr1, valstr2) == 0);
3760 } else {
3761 uint64_t intval1, intval2;
3762
3763 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3764 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3765 return (intval1 == intval2);
3766 }
3767 }
3768
3769 /*
3770 * Remove properties from props if they are not going to change (as determined
3771 * by comparison with origprops). Remove them from origprops as well, since we
3772 * do not need to clear or restore properties that won't change.
3773 */
3774 static void
3775 props_reduce(nvlist_t *props, nvlist_t *origprops)
3776 {
3777 nvpair_t *pair, *next_pair;
3778
3779 if (origprops == NULL)
3780 return; /* all props need to be received */
3781
3782 pair = nvlist_next_nvpair(props, NULL);
3783 while (pair != NULL) {
3784 const char *propname = nvpair_name(pair);
3785 nvpair_t *match;
3786
3787 next_pair = nvlist_next_nvpair(props, pair);
3788
3789 if ((nvlist_lookup_nvpair(origprops, propname,
3790 &match) != 0) || !propval_equals(pair, match))
3791 goto next; /* need to set received value */
3792
3793 /* don't clear the existing received value */
3794 (void) nvlist_remove_nvpair(origprops, match);
3795 /* don't bother receiving the property */
3796 (void) nvlist_remove_nvpair(props, pair);
3797 next:
3798 pair = next_pair;
3799 }
3800 }
3801
3802 #ifdef DEBUG
3803 static boolean_t zfs_ioc_recv_inject_err;
3804 #endif
3805
3806 /*
3807 * inputs:
3808 * zc_name name of containing filesystem
3809 * zc_nvlist_src{_size} nvlist of properties to apply
3810 * zc_value name of snapshot to create
3811 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3812 * zc_cookie file descriptor to recv from
3813 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3814 * zc_guid force flag
3815 * zc_cleanup_fd cleanup-on-exit file descriptor
3816 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3817 *
3818 * outputs:
3819 * zc_cookie number of bytes read
3820 * zc_nvlist_dst{_size} error for each unapplied received property
3821 * zc_obj zprop_errflags_t
3822 * zc_action_handle handle for this guid/ds mapping
3823 */
3824 static int
3825 zfs_ioc_recv(zfs_cmd_t *zc)
3826 {
3827 file_t *fp;
3828 objset_t *os;
3829 dmu_recv_cookie_t drc;
3830 boolean_t force = (boolean_t)zc->zc_guid;
3831 int fd;
3832 int error = 0;
3833 int props_error = 0;
3834 nvlist_t *errors;
3835 offset_t off;
3836 nvlist_t *props = NULL; /* sent properties */
3837 nvlist_t *origprops = NULL; /* existing properties */
3838 objset_t *origin = NULL;
3839 char *tosnap;
3840 char tofs[ZFS_MAXNAMELEN];
3841 boolean_t first_recvd_props = B_FALSE;
3842
3843 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3844 strchr(zc->zc_value, '@') == NULL ||
3845 strchr(zc->zc_value, '%'))
3846 return (EINVAL);
3847
3848 (void) strcpy(tofs, zc->zc_value);
3849 tosnap = strchr(tofs, '@');
3850 *tosnap++ = '\0';
3851
3852 if (zc->zc_nvlist_src != NULL &&
3853 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3854 zc->zc_iflags, &props)) != 0)
3855 return (error);
3856
3857 fd = zc->zc_cookie;
3858 fp = getf(fd);
3859 if (fp == NULL) {
3860 nvlist_free(props);
3861 return (EBADF);
3862 }
3863
3864 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3865
3866 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3867 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3868 !dsl_prop_get_hasrecvd(os)) {
3869 first_recvd_props = B_TRUE;
3870 }
3871
3872 /*
3873 * If new received properties are supplied, they are to
3874 * completely replace the existing received properties, so stash
3875 * away the existing ones.
3876 */
3877 if (dsl_prop_get_received(os, &origprops) == 0) {
3878 nvlist_t *errlist = NULL;
3879 /*
3880 * Don't bother writing a property if its value won't
3881 * change (and avoid the unnecessary security checks).
3882 *
3883 * The first receive after SPA_VERSION_RECVD_PROPS is a
3884 * special case where we blow away all local properties
3885 * regardless.
3886 */
3887 if (!first_recvd_props)
3888 props_reduce(props, origprops);
3889 if (zfs_check_clearable(tofs, origprops,
3890 &errlist) != 0)
3891 (void) nvlist_merge(errors, errlist, 0);
3892 nvlist_free(errlist);
3893 }
3894
3895 dmu_objset_rele(os, FTAG);
3896 }
3897
3898 if (zc->zc_string[0]) {
3899 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3900 if (error)
3901 goto out;
3902 }
3903
3904 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3905 &zc->zc_begin_record, force, origin, &drc);
3906 if (origin)
3907 dmu_objset_rele(origin, FTAG);
3908 if (error)
3909 goto out;
3910
3911 /*
3912 * Set properties before we receive the stream so that they are applied
3913 * to the new data. Note that we must call dmu_recv_stream() if
3914 * dmu_recv_begin() succeeds.
3915 */
3916 if (props) {
3917 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3918 if (drc.drc_newfs) {
3919 if (spa_version(os->os_spa) >=
3920 SPA_VERSION_RECVD_PROPS)
3921 first_recvd_props = B_TRUE;
3922 } else if (origprops != NULL) {
3923 if (clear_received_props(os, tofs, origprops,
3924 first_recvd_props ? NULL : props) != 0)
3925 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3926 } else {
3927 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3928 }
3929 dsl_prop_set_hasrecvd(os);
3930 } else if (!drc.drc_newfs) {
3931 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3932 }
3933
3934 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3935 props, errors);
3936 }
3937
3938 if (zc->zc_nvlist_dst_size != 0 &&
3939 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
3940 put_nvlist(zc, errors) != 0)) {
3941 /*
3942 * Caller made zc->zc_nvlist_dst less than the minimum expected
3943 * size or supplied an invalid address.
3944 */
3945 props_error = EINVAL;
3946 }
3947
3948 off = fp->f_offset;
3949 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3950 &zc->zc_action_handle);
3951
3952 if (error == 0) {
3953 zfsvfs_t *zfsvfs = NULL;
3954
3955 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3956 /* online recv */
3957 int end_err;
3958
3959 error = zfs_suspend_fs(zfsvfs);
3960 /*
3961 * If the suspend fails, then the recv_end will
3962 * likely also fail, and clean up after itself.
3963 */
3964 end_err = dmu_recv_end(&drc);
3965 if (error == 0)
3966 error = zfs_resume_fs(zfsvfs, tofs);
3967 error = error ? error : end_err;
3968 VFS_RELE(zfsvfs->z_vfs);
3969 } else {
3970 error = dmu_recv_end(&drc);
3971 }
3972 }
3973
3974 zc->zc_cookie = off - fp->f_offset;
3975 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3976 fp->f_offset = off;
3977
3978 #ifdef DEBUG
3979 if (zfs_ioc_recv_inject_err) {
3980 zfs_ioc_recv_inject_err = B_FALSE;
3981 error = 1;
3982 }
3983 #endif
3984 /*
3985 * On error, restore the original props.
3986 */
3987 if (error && props) {
3988 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3989 if (clear_received_props(os, tofs, props, NULL) != 0) {
3990 /*
3991 * We failed to clear the received properties.
3992 * Since we may have left a $recvd value on the
3993 * system, we can't clear the $hasrecvd flag.
3994 */
3995 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3996 } else if (first_recvd_props) {
3997 dsl_prop_unset_hasrecvd(os);
3998 }
3999 dmu_objset_rele(os, FTAG);
4000 } else if (!drc.drc_newfs) {
4001 /* We failed to clear the received properties. */
4002 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4003 }
4004
4005 if (origprops == NULL && !drc.drc_newfs) {
4006 /* We failed to stash the original properties. */
4007 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4008 }
4009
4010 /*
4011 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4012 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4013 * explictly if we're restoring local properties cleared in the
4014 * first new-style receive.
4015 */
4016 if (origprops != NULL &&
4017 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4018 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4019 origprops, NULL) != 0) {
4020 /*
4021 * We stashed the original properties but failed to
4022 * restore them.
4023 */
4024 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4025 }
4026 }
4027 out:
4028 nvlist_free(props);
4029 nvlist_free(origprops);
4030 nvlist_free(errors);
4031 releasef(fd);
4032
4033 if (error == 0)
4034 error = props_error;
4035
4036 return (error);
4037 }
4038
4039 /*
4040 * inputs:
4041 * zc_name name of snapshot to send
4042 * zc_cookie file descriptor to send stream to
4043 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4044 * zc_sendobj objsetid of snapshot to send
4045 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4046 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4047 * output size in zc_objset_type.
4048 *
4049 * outputs: none
4050 */
4051 static int
4052 zfs_ioc_send(zfs_cmd_t *zc)
4053 {
4054 objset_t *fromsnap = NULL;
4055 objset_t *tosnap;
4056 int error;
4057 offset_t off;
4058 dsl_dataset_t *ds;
4059 dsl_dataset_t *dsfrom = NULL;
4060 spa_t *spa;
4061 dsl_pool_t *dp;
4062 boolean_t estimate = (zc->zc_guid != 0);
4063
4064 error = spa_open(zc->zc_name, &spa, FTAG);
4065 if (error)
4066 return (error);
4067
4068 dp = spa_get_dsl(spa);
4069 rw_enter(&dp->dp_config_rwlock, RW_READER);
4070 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4071 rw_exit(&dp->dp_config_rwlock);
4072 spa_close(spa, FTAG);
4073 if (error)
4074 return (error);
4075
4076 error = dmu_objset_from_ds(ds, &tosnap);
4077 if (error) {
4078 dsl_dataset_rele(ds, FTAG);
4079 return (error);
4080 }
4081
4082 if (zc->zc_fromobj != 0) {
4083 rw_enter(&dp->dp_config_rwlock, RW_READER);
4084 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
4085 rw_exit(&dp->dp_config_rwlock);
4086 if (error) {
4087 dsl_dataset_rele(ds, FTAG);
4088 return (error);
4089 }
4090 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4091 if (error) {
4092 dsl_dataset_rele(dsfrom, FTAG);
4093 dsl_dataset_rele(ds, FTAG);
4094 return (error);
4095 }
4096 }
4097
4098 if (zc->zc_obj) {
4099 dsl_pool_t *dp = ds->ds_dir->dd_pool;
4100
4101 if (fromsnap != NULL) {
4102 dsl_dataset_rele(dsfrom, FTAG);
4103 dsl_dataset_rele(ds, FTAG);
4104 return (EINVAL);
4105 }
4106
4107 if (dsl_dir_is_clone(ds->ds_dir)) {
4108 rw_enter(&dp->dp_config_rwlock, RW_READER);
4109 error = dsl_dataset_hold_obj(dp,
4110 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
4111 rw_exit(&dp->dp_config_rwlock);
4112 if (error) {
4113 dsl_dataset_rele(ds, FTAG);
4114 return (error);
4115 }
4116 error = dmu_objset_from_ds(dsfrom, &fromsnap);
4117 if (error) {
4118 dsl_dataset_rele(dsfrom, FTAG);
4119 dsl_dataset_rele(ds, FTAG);
4120 return (error);
4121 }
4122 }
4123 }
4124
4125 if (estimate) {
4126 error = dmu_send_estimate(tosnap, fromsnap,
4127 &zc->zc_objset_type);
4128 } else {
4129 file_t *fp = getf(zc->zc_cookie);
4130 if (fp == NULL) {
4131 dsl_dataset_rele(ds, FTAG);
4132 if (dsfrom)
4133 dsl_dataset_rele(dsfrom, FTAG);
4134 return (EBADF);
4135 }
4136
4137 off = fp->f_offset;
4138 error = dmu_send(tosnap, fromsnap,
4139 zc->zc_cookie, fp->f_vnode, &off);
4140
4141 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4142 fp->f_offset = off;
4143 releasef(zc->zc_cookie);
4144 }
4145 if (dsfrom)
4146 dsl_dataset_rele(dsfrom, FTAG);
4147 dsl_dataset_rele(ds, FTAG);
4148 return (error);
4149 }
4150
4151 /*
4152 * inputs:
4153 * zc_name name of snapshot on which to report progress
4154 * zc_cookie file descriptor of send stream
4155 *
4156 * outputs:
4157 * zc_cookie number of bytes written in send stream thus far
4158 */
4159 static int
4160 zfs_ioc_send_progress(zfs_cmd_t *zc)
4161 {
4162 dsl_dataset_t *ds;
4163 dmu_sendarg_t *dsp = NULL;
4164 int error;
4165
4166 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
4167 return (error);
4168
4169 mutex_enter(&ds->ds_sendstream_lock);
4170
4171 /*
4172 * Iterate over all the send streams currently active on this dataset.
4173 * If there's one which matches the specified file descriptor _and_ the
4174 * stream was started by the current process, return the progress of
4175 * that stream.
4176 */
4177 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4178 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4179 if (dsp->dsa_outfd == zc->zc_cookie &&
4180 dsp->dsa_proc == curproc)
4181 break;
4182 }
4183
4184 if (dsp != NULL)
4185 zc->zc_cookie = *(dsp->dsa_off);
4186 else
4187 error = ENOENT;
4188
4189 mutex_exit(&ds->ds_sendstream_lock);
4190 dsl_dataset_rele(ds, FTAG);
4191 return (error);
4192 }
4193
4194 static int
4195 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4196 {
4197 int id, error;
4198
4199 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4200 &zc->zc_inject_record);
4201
4202 if (error == 0)
4203 zc->zc_guid = (uint64_t)id;
4204
4205 return (error);
4206 }
4207
4208 static int
4209 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4210 {
4211 return (zio_clear_fault((int)zc->zc_guid));
4212 }
4213
4214 static int
4215 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4216 {
4217 int id = (int)zc->zc_guid;
4218 int error;
4219
4220 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4221 &zc->zc_inject_record);
4222
4223 zc->zc_guid = id;
4224
4225 return (error);
4226 }
4227
4228 static int
4229 zfs_ioc_error_log(zfs_cmd_t *zc)
4230 {
4231 spa_t *spa;
4232 int error;
4233 size_t count = (size_t)zc->zc_nvlist_dst_size;
4234
4235 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4236 return (error);
4237
4238 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4239 &count);
4240 if (error == 0)
4241 zc->zc_nvlist_dst_size = count;
4242 else
4243 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4244
4245 spa_close(spa, FTAG);
4246
4247 return (error);
4248 }
4249
4250 static int
4251 zfs_ioc_clear(zfs_cmd_t *zc)
4252 {
4253 spa_t *spa;
4254 vdev_t *vd;
4255 int error;
4256
4257 /*
4258 * On zpool clear we also fix up missing slogs
4259 */
4260 mutex_enter(&spa_namespace_lock);
4261 spa = spa_lookup(zc->zc_name);
4262 if (spa == NULL) {
4263 mutex_exit(&spa_namespace_lock);
4264 return (EIO);
4265 }
4266 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4267 /* we need to let spa_open/spa_load clear the chains */
4268 spa_set_log_state(spa, SPA_LOG_CLEAR);
4269 }
4270 spa->spa_last_open_failed = 0;
4271 mutex_exit(&spa_namespace_lock);
4272
4273 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4274 error = spa_open(zc->zc_name, &spa, FTAG);
4275 } else {
4276 nvlist_t *policy;
4277 nvlist_t *config = NULL;
4278
4279 if (zc->zc_nvlist_src == NULL)
4280 return (EINVAL);
4281
4282 if ((error = get_nvlist(zc->zc_nvlist_src,
4283 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4284 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4285 policy, &config);
4286 if (config != NULL) {
4287 int err;
4288
4289 if ((err = put_nvlist(zc, config)) != 0)
4290 error = err;
4291 nvlist_free(config);
4292 }
4293 nvlist_free(policy);
4294 }
4295 }
4296
4297 if (error)
4298 return (error);
4299
4300 spa_vdev_state_enter(spa, SCL_NONE);
4301
4302 if (zc->zc_guid == 0) {
4303 vd = NULL;
4304 } else {
4305 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4306 if (vd == NULL) {
4307 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4308 spa_close(spa, FTAG);
4309 return (ENODEV);
4310 }
4311 }
4312
4313 vdev_clear(spa, vd);
4314
4315 (void) spa_vdev_state_exit(spa, NULL, 0);
4316
4317 /*
4318 * Resume any suspended I/Os.
4319 */
4320 if (zio_resume(spa) != 0)
4321 error = EIO;
4322
4323 spa_close(spa, FTAG);
4324
4325 return (error);
4326 }
4327
4328 static int
4329 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4330 {
4331 spa_t *spa;
4332 int error;
4333
4334 error = spa_open(zc->zc_name, &spa, FTAG);
4335 if (error)
4336 return (error);
4337
4338 spa_vdev_state_enter(spa, SCL_NONE);
4339
4340 /*
4341 * If a resilver is already in progress then set the
4342 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4343 * the scan as a side effect of the reopen. Otherwise, let
4344 * vdev_open() decided if a resilver is required.
4345 */
4346 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4347 vdev_reopen(spa->spa_root_vdev);
4348 spa->spa_scrub_reopen = B_FALSE;
4349
4350 (void) spa_vdev_state_exit(spa, NULL, 0);
4351 spa_close(spa, FTAG);
4352 return (0);
4353 }
4354 /*
4355 * inputs:
4356 * zc_name name of filesystem
4357 * zc_value name of origin snapshot
4358 *
4359 * outputs:
4360 * zc_string name of conflicting snapshot, if there is one
4361 */
4362 static int
4363 zfs_ioc_promote(zfs_cmd_t *zc)
4364 {
4365 char *cp;
4366
4367 /*
4368 * We don't need to unmount *all* the origin fs's snapshots, but
4369 * it's easier.
4370 */
4371 cp = strchr(zc->zc_value, '@');
4372 if (cp)
4373 *cp = '\0';
4374 (void) dmu_objset_find(zc->zc_value,
4375 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4376 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4377 }
4378
4379 /*
4380 * Retrieve a single {user|group}{used|quota}@... property.
4381 *
4382 * inputs:
4383 * zc_name name of filesystem
4384 * zc_objset_type zfs_userquota_prop_t
4385 * zc_value domain name (eg. "S-1-234-567-89")
4386 * zc_guid RID/UID/GID
4387 *
4388 * outputs:
4389 * zc_cookie property value
4390 */
4391 static int
4392 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4393 {
4394 zfsvfs_t *zfsvfs;
4395 int error;
4396
4397 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4398 return (EINVAL);
4399
4400 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4401 if (error)
4402 return (error);
4403
4404 error = zfs_userspace_one(zfsvfs,
4405 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4406 zfsvfs_rele(zfsvfs, FTAG);
4407
4408 return (error);
4409 }
4410
4411 /*
4412 * inputs:
4413 * zc_name name of filesystem
4414 * zc_cookie zap cursor
4415 * zc_objset_type zfs_userquota_prop_t
4416 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4417 *
4418 * outputs:
4419 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4420 * zc_cookie zap cursor
4421 */
4422 static int
4423 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4424 {
4425 zfsvfs_t *zfsvfs;
4426 int bufsize = zc->zc_nvlist_dst_size;
4427
4428 if (bufsize <= 0)
4429 return (ENOMEM);
4430
4431 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4432 if (error)
4433 return (error);
4434
4435 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4436
4437 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4438 buf, &zc->zc_nvlist_dst_size);
4439
4440 if (error == 0) {
4441 error = xcopyout(buf,
4442 (void *)(uintptr_t)zc->zc_nvlist_dst,
4443 zc->zc_nvlist_dst_size);
4444 }
4445 kmem_free(buf, bufsize);
4446 zfsvfs_rele(zfsvfs, FTAG);
4447
4448 return (error);
4449 }
4450
4451 /*
4452 * inputs:
4453 * zc_name name of filesystem
4454 *
4455 * outputs:
4456 * none
4457 */
4458 static int
4459 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4460 {
4461 objset_t *os;
4462 int error = 0;
4463 zfsvfs_t *zfsvfs;
4464
4465 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4466 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4467 /*
4468 * If userused is not enabled, it may be because the
4469 * objset needs to be closed & reopened (to grow the
4470 * objset_phys_t). Suspend/resume the fs will do that.
4471 */
4472 error = zfs_suspend_fs(zfsvfs);
4473 if (error == 0)
4474 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4475 }
4476 if (error == 0)
4477 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4478 VFS_RELE(zfsvfs->z_vfs);
4479 } else {
4480 /* XXX kind of reading contents without owning */
4481 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4482 if (error)
4483 return (error);
4484
4485 error = dmu_objset_userspace_upgrade(os);
4486 dmu_objset_rele(os, FTAG);
4487 }
4488
4489 return (error);
4490 }
4491
4492 /*
4493 * We don't want to have a hard dependency
4494 * against some special symbols in sharefs
4495 * nfs, and smbsrv. Determine them if needed when
4496 * the first file system is shared.
4497 * Neither sharefs, nfs or smbsrv are unloadable modules.
4498 */
4499 int (*znfsexport_fs)(void *arg);
4500 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4501 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4502
4503 int zfs_nfsshare_inited;
4504 int zfs_smbshare_inited;
4505
4506 ddi_modhandle_t nfs_mod;
4507 ddi_modhandle_t sharefs_mod;
4508 ddi_modhandle_t smbsrv_mod;
4509 kmutex_t zfs_share_lock;
4510
4511 static int
4512 zfs_init_sharefs()
4513 {
4514 int error;
4515
4516 ASSERT(MUTEX_HELD(&zfs_share_lock));
4517 /* Both NFS and SMB shares also require sharetab support. */
4518 if (sharefs_mod == NULL && ((sharefs_mod =
4519 ddi_modopen("fs/sharefs",
4520 KRTLD_MODE_FIRST, &error)) == NULL)) {
4521 return (ENOSYS);
4522 }
4523 if (zshare_fs == NULL && ((zshare_fs =
4524 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4525 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4526 return (ENOSYS);
4527 }
4528 return (0);
4529 }
4530
4531 static int
4532 zfs_ioc_share(zfs_cmd_t *zc)
4533 {
4534 int error;
4535 int opcode;
4536
4537 switch (zc->zc_share.z_sharetype) {
4538 case ZFS_SHARE_NFS:
4539 case ZFS_UNSHARE_NFS:
4540 if (zfs_nfsshare_inited == 0) {
4541 mutex_enter(&zfs_share_lock);
4542 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4543 KRTLD_MODE_FIRST, &error)) == NULL)) {
4544 mutex_exit(&zfs_share_lock);
4545 return (ENOSYS);
4546 }
4547 if (znfsexport_fs == NULL &&
4548 ((znfsexport_fs = (int (*)(void *))
4549 ddi_modsym(nfs_mod,
4550 "nfs_export", &error)) == NULL)) {
4551 mutex_exit(&zfs_share_lock);
4552 return (ENOSYS);
4553 }
4554 error = zfs_init_sharefs();
4555 if (error) {
4556 mutex_exit(&zfs_share_lock);
4557 return (ENOSYS);
4558 }
4559 zfs_nfsshare_inited = 1;
4560 mutex_exit(&zfs_share_lock);
4561 }
4562 break;
4563 case ZFS_SHARE_SMB:
4564 case ZFS_UNSHARE_SMB:
4565 if (zfs_smbshare_inited == 0) {
4566 mutex_enter(&zfs_share_lock);
4567 if (smbsrv_mod == NULL && ((smbsrv_mod =
4568 ddi_modopen("drv/smbsrv",
4569 KRTLD_MODE_FIRST, &error)) == NULL)) {
4570 mutex_exit(&zfs_share_lock);
4571 return (ENOSYS);
4572 }
4573 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4574 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4575 "smb_server_share", &error)) == NULL)) {
4576 mutex_exit(&zfs_share_lock);
4577 return (ENOSYS);
4578 }
4579 error = zfs_init_sharefs();
4580 if (error) {
4581 mutex_exit(&zfs_share_lock);
4582 return (ENOSYS);
4583 }
4584 zfs_smbshare_inited = 1;
4585 mutex_exit(&zfs_share_lock);
4586 }
4587 break;
4588 default:
4589 return (EINVAL);
4590 }
4591
4592 switch (zc->zc_share.z_sharetype) {
4593 case ZFS_SHARE_NFS:
4594 case ZFS_UNSHARE_NFS:
4595 if (error =
4596 znfsexport_fs((void *)
4597 (uintptr_t)zc->zc_share.z_exportdata))
4598 return (error);
4599 break;
4600 case ZFS_SHARE_SMB:
4601 case ZFS_UNSHARE_SMB:
4602 if (error = zsmbexport_fs((void *)
4603 (uintptr_t)zc->zc_share.z_exportdata,
4604 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4605 B_TRUE: B_FALSE)) {
4606 return (error);
4607 }
4608 break;
4609 }
4610
4611 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4612 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4613 SHAREFS_ADD : SHAREFS_REMOVE;
4614
4615 /*
4616 * Add or remove share from sharetab
4617 */
4618 error = zshare_fs(opcode,
4619 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4620 zc->zc_share.z_sharemax);
4621
4622 return (error);
4623
4624 }
4625
4626 ace_t full_access[] = {
4627 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4628 };
4629
4630 /*
4631 * inputs:
4632 * zc_name name of containing filesystem
4633 * zc_obj object # beyond which we want next in-use object #
4634 *
4635 * outputs:
4636 * zc_obj next in-use object #
4637 */
4638 static int
4639 zfs_ioc_next_obj(zfs_cmd_t *zc)
4640 {
4641 objset_t *os = NULL;
4642 int error;
4643
4644 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4645 if (error)
4646 return (error);
4647
4648 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4649 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4650
4651 dmu_objset_rele(os, FTAG);
4652 return (error);
4653 }
4654
4655 /*
4656 * inputs:
4657 * zc_name name of filesystem
4658 * zc_value prefix name for snapshot
4659 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4660 *
4661 * outputs:
4662 * zc_value short name of new snapshot
4663 */
4664 static int
4665 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4666 {
4667 char *snap_name;
4668 int error;
4669
4670 snap_name = kmem_asprintf("%s@%s-%016llx", zc->zc_name, zc->zc_value,
4671 (u_longlong_t)ddi_get_lbolt64());
4672
4673 if (strlen(snap_name) >= MAXPATHLEN) {
4674 strfree(snap_name);
4675 return (E2BIG);
4676 }
4677
4678 error = dmu_objset_snapshot_tmp(snap_name, "%temp", zc->zc_cleanup_fd);
4679 if (error != 0) {
4680 strfree(snap_name);
4681 return (error);
4682 }
4683
4684 (void) strcpy(zc->zc_value, strchr(snap_name, '@') + 1);
4685 strfree(snap_name);
4686 return (0);
4687 }
4688
4689 /*
4690 * inputs:
4691 * zc_name name of "to" snapshot
4692 * zc_value name of "from" snapshot
4693 * zc_cookie file descriptor to write diff data on
4694 *
4695 * outputs:
4696 * dmu_diff_record_t's to the file descriptor
4697 */
4698 static int
4699 zfs_ioc_diff(zfs_cmd_t *zc)
4700 {
4701 objset_t *fromsnap;
4702 objset_t *tosnap;
4703 file_t *fp;
4704 offset_t off;
4705 int error;
4706
4707 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4708 if (error)
4709 return (error);
4710
4711 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4712 if (error) {
4713 dmu_objset_rele(tosnap, FTAG);
4714 return (error);
4715 }
4716
4717 fp = getf(zc->zc_cookie);
4718 if (fp == NULL) {
4719 dmu_objset_rele(fromsnap, FTAG);
4720 dmu_objset_rele(tosnap, FTAG);
4721 return (EBADF);
4722 }
4723
4724 off = fp->f_offset;
4725
4726 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4727
4728 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4729 fp->f_offset = off;
4730 releasef(zc->zc_cookie);
4731
4732 dmu_objset_rele(fromsnap, FTAG);
4733 dmu_objset_rele(tosnap, FTAG);
4734 return (error);
4735 }
4736
4737 /*
4738 * Remove all ACL files in shares dir
4739 */
4740 static int
4741 zfs_smb_acl_purge(znode_t *dzp)
4742 {
4743 zap_cursor_t zc;
4744 zap_attribute_t zap;
4745 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4746 int error;
4747
4748 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4749 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4750 zap_cursor_advance(&zc)) {
4751 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4752 NULL, 0)) != 0)
4753 break;
4754 }
4755 zap_cursor_fini(&zc);
4756 return (error);
4757 }
4758
4759 static int
4760 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4761 {
4762 vnode_t *vp;
4763 znode_t *dzp;
4764 vnode_t *resourcevp = NULL;
4765 znode_t *sharedir;
4766 zfsvfs_t *zfsvfs;
4767 nvlist_t *nvlist;
4768 char *src, *target;
4769 vattr_t vattr;
4770 vsecattr_t vsec;
4771 int error = 0;
4772
4773 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4774 NO_FOLLOW, NULL, &vp)) != 0)
4775 return (error);
4776
4777 /* Now make sure mntpnt and dataset are ZFS */
4778
4779 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4780 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4781 zc->zc_name) != 0)) {
4782 VN_RELE(vp);
4783 return (EINVAL);
4784 }
4785
4786 dzp = VTOZ(vp);
4787 zfsvfs = dzp->z_zfsvfs;
4788 ZFS_ENTER(zfsvfs);
4789
4790 /*
4791 * Create share dir if its missing.
4792 */
4793 mutex_enter(&zfsvfs->z_lock);
4794 if (zfsvfs->z_shares_dir == 0) {
4795 dmu_tx_t *tx;
4796
4797 tx = dmu_tx_create(zfsvfs->z_os);
4798 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4799 ZFS_SHARES_DIR);
4800 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4801 error = dmu_tx_assign(tx, TXG_WAIT);
4802 if (error) {
4803 dmu_tx_abort(tx);
4804 } else {
4805 error = zfs_create_share_dir(zfsvfs, tx);
4806 dmu_tx_commit(tx);
4807 }
4808 if (error) {
4809 mutex_exit(&zfsvfs->z_lock);
4810 VN_RELE(vp);
4811 ZFS_EXIT(zfsvfs);
4812 return (error);
4813 }
4814 }
4815 mutex_exit(&zfsvfs->z_lock);
4816
4817 ASSERT(zfsvfs->z_shares_dir);
4818 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4819 VN_RELE(vp);
4820 ZFS_EXIT(zfsvfs);
4821 return (error);
4822 }
4823
4824 switch (zc->zc_cookie) {
4825 case ZFS_SMB_ACL_ADD:
4826 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4827 vattr.va_type = VREG;
4828 vattr.va_mode = S_IFREG|0777;
4829 vattr.va_uid = 0;
4830 vattr.va_gid = 0;
4831
4832 vsec.vsa_mask = VSA_ACE;
4833 vsec.vsa_aclentp = &full_access;
4834 vsec.vsa_aclentsz = sizeof (full_access);
4835 vsec.vsa_aclcnt = 1;
4836
4837 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4838 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4839 if (resourcevp)
4840 VN_RELE(resourcevp);
4841 break;
4842
4843 case ZFS_SMB_ACL_REMOVE:
4844 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4845 NULL, 0);
4846 break;
4847
4848 case ZFS_SMB_ACL_RENAME:
4849 if ((error = get_nvlist(zc->zc_nvlist_src,
4850 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4851 VN_RELE(vp);
4852 ZFS_EXIT(zfsvfs);
4853 return (error);
4854 }
4855 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4856 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4857 &target)) {
4858 VN_RELE(vp);
4859 VN_RELE(ZTOV(sharedir));
4860 ZFS_EXIT(zfsvfs);
4861 nvlist_free(nvlist);
4862 return (error);
4863 }
4864 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4865 kcred, NULL, 0);
4866 nvlist_free(nvlist);
4867 break;
4868
4869 case ZFS_SMB_ACL_PURGE:
4870 error = zfs_smb_acl_purge(sharedir);
4871 break;
4872
4873 default:
4874 error = EINVAL;
4875 break;
4876 }
4877
4878 VN_RELE(vp);
4879 VN_RELE(ZTOV(sharedir));
4880
4881 ZFS_EXIT(zfsvfs);
4882
4883 return (error);
4884 }
4885
4886 /*
4887 * inputs:
4888 * zc_name name of filesystem
4889 * zc_value short name of snap
4890 * zc_string user-supplied tag for this hold
4891 * zc_cookie recursive flag
4892 * zc_temphold set if hold is temporary
4893 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4894 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4895 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4896 *
4897 * outputs: none
4898 */
4899 static int
4900 zfs_ioc_hold(zfs_cmd_t *zc)
4901 {
4902 boolean_t recursive = zc->zc_cookie;
4903 spa_t *spa;
4904 dsl_pool_t *dp;
4905 dsl_dataset_t *ds;
4906 int error;
4907 minor_t minor = 0;
4908
4909 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4910 return (EINVAL);
4911
4912 if (zc->zc_sendobj == 0) {
4913 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4914 zc->zc_string, recursive, zc->zc_temphold,
4915 zc->zc_cleanup_fd));
4916 }
4917
4918 if (recursive)
4919 return (EINVAL);
4920
4921 error = spa_open(zc->zc_name, &spa, FTAG);
4922 if (error)
4923 return (error);
4924
4925 dp = spa_get_dsl(spa);
4926 rw_enter(&dp->dp_config_rwlock, RW_READER);
4927 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4928 rw_exit(&dp->dp_config_rwlock);
4929 spa_close(spa, FTAG);
4930 if (error)
4931 return (error);
4932
4933 /*
4934 * Until we have a hold on this snapshot, it's possible that
4935 * zc_sendobj could've been destroyed and reused as part
4936 * of a later txg. Make sure we're looking at the right object.
4937 */
4938 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4939 dsl_dataset_rele(ds, FTAG);
4940 return (ENOENT);
4941 }
4942
4943 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4944 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4945 if (error) {
4946 dsl_dataset_rele(ds, FTAG);
4947 return (error);
4948 }
4949 }
4950
4951 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4952 zc->zc_temphold);
4953 if (minor != 0) {
4954 if (error == 0) {
4955 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4956 minor);
4957 }
4958 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4959 }
4960 dsl_dataset_rele(ds, FTAG);
4961
4962 return (error);
4963 }
4964
4965 /*
4966 * inputs:
4967 * zc_name name of dataset from which we're releasing a user hold
4968 * zc_value short name of snap
4969 * zc_string user-supplied tag for this hold
4970 * zc_cookie recursive flag
4971 *
4972 * outputs: none
4973 */
4974 static int
4975 zfs_ioc_release(zfs_cmd_t *zc)
4976 {
4977 boolean_t recursive = zc->zc_cookie;
4978
4979 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4980 return (EINVAL);
4981
4982 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4983 zc->zc_string, recursive));
4984 }
4985
4986 /*
4987 * inputs:
4988 * zc_name name of filesystem
4989 *
4990 * outputs:
4991 * zc_nvlist_src{_size} nvlist of snapshot holds
4992 */
4993 static int
4994 zfs_ioc_get_holds(zfs_cmd_t *zc)
4995 {
4996 nvlist_t *nvp;
4997 int error;
4998
4999 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
5000 error = put_nvlist(zc, nvp);
5001 nvlist_free(nvp);
5002 }
5003
5004 return (error);
5005 }
5006
5007 /*
5008 * inputs:
5009 * zc_name name of new filesystem or snapshot
5010 * zc_value full name of old snapshot
5011 *
5012 * outputs:
5013 * zc_cookie space in bytes
5014 * zc_objset_type compressed space in bytes
5015 * zc_perm_action uncompressed space in bytes
5016 */
5017 static int
5018 zfs_ioc_space_written(zfs_cmd_t *zc)
5019 {
5020 int error;
5021 dsl_dataset_t *new, *old;
5022
5023 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
5024 if (error != 0)
5025 return (error);
5026 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
5027 if (error != 0) {
5028 dsl_dataset_rele(new, FTAG);
5029 return (error);
5030 }
5031
5032 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5033 &zc->zc_objset_type, &zc->zc_perm_action);
5034 dsl_dataset_rele(old, FTAG);
5035 dsl_dataset_rele(new, FTAG);
5036 return (error);
5037 }
5038 /*
5039 * innvl: {
5040 * "firstsnap" -> snapshot name
5041 * }
5042 *
5043 * outnvl: {
5044 * "used" -> space in bytes
5045 * "compressed" -> compressed space in bytes
5046 * "uncompressed" -> uncompressed space in bytes
5047 * }
5048 */
5049 static int
5050 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5051 {
5052 int error;
5053 dsl_dataset_t *new, *old;
5054 char *firstsnap;
5055 uint64_t used, comp, uncomp;
5056
5057 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5058 return (EINVAL);
5059
5060 error = dsl_dataset_hold(lastsnap, FTAG, &new);
5061 if (error != 0)
5062 return (error);
5063 error = dsl_dataset_hold(firstsnap, FTAG, &old);
5064 if (error != 0) {
5065 dsl_dataset_rele(new, FTAG);
5066 return (error);
5067 }
5068
5069 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5070 dsl_dataset_rele(old, FTAG);
5071 dsl_dataset_rele(new, FTAG);
5072 fnvlist_add_uint64(outnvl, "used", used);
5073 fnvlist_add_uint64(outnvl, "compressed", comp);
5074 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5075 return (error);
5076 }
5077
5078 /*
5079 * innvl: {
5080 * "fd" -> file descriptor to write stream to (int32)
5081 * (optional) "fromsnap" -> full snap name to send an incremental from
5082 * }
5083 *
5084 * outnvl is unused
5085 */
5086 /* ARGSUSED */
5087 static int
5088 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5089 {
5090 objset_t *fromsnap = NULL;
5091 objset_t *tosnap;
5092 int error;
5093 offset_t off;
5094 char *fromname;
5095 int fd;
5096
5097 error = nvlist_lookup_int32(innvl, "fd", &fd);
5098 if (error != 0)
5099 return (EINVAL);
5100
5101 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5102 if (error)
5103 return (error);
5104
5105 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5106 if (error == 0) {
5107 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5108 if (error) {
5109 dmu_objset_rele(tosnap, FTAG);
5110 return (error);
5111 }
5112 }
5113
5114 file_t *fp = getf(fd);
5115 if (fp == NULL) {
5116 dmu_objset_rele(tosnap, FTAG);
5117 if (fromsnap != NULL)
5118 dmu_objset_rele(fromsnap, FTAG);
5119 return (EBADF);
5120 }
5121
5122 off = fp->f_offset;
5123 error = dmu_send(tosnap, fromsnap, fd, fp->f_vnode, &off);
5124
5125 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5126 fp->f_offset = off;
5127 releasef(fd);
5128 if (fromsnap != NULL)
5129 dmu_objset_rele(fromsnap, FTAG);
5130 dmu_objset_rele(tosnap, FTAG);
5131 return (error);
5132 }
5133
5134 /*
5135 * inputs:
5136 * zc_name name of snapshot to send
5137 * zc_cookie file descriptor to send stream to
5138 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5139 * zc_sendobj objsetid of snapshot to send
5140 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5141 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5142 * output size in zc_objset_type.
5143 *
5144 * outputs: none
5145 */
5146 static int
5147 zfs_ioc_fits_send(zfs_cmd_t *zc)
5148 {
5149 objset_t *fromsnap = NULL;
5150 objset_t *tosnap;
5151 int error;
5152 offset_t off;
5153 dsl_dataset_t *ds;
5154 dsl_dataset_t *dsfrom = NULL;
5155 spa_t *spa;
5156 file_t *fp;
5157 dsl_pool_t *dp;
5158 boolean_t estimate = (zc->zc_guid != 0);
5159
5160 error = spa_open(zc->zc_name, &spa, FTAG);
5161 if (error)
5162 return (error);
5163
5164 dp = spa_get_dsl(spa);
5165 rw_enter(&dp->dp_config_rwlock, RW_READER);
5166 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
5167 rw_exit(&dp->dp_config_rwlock);
5168 spa_close(spa, FTAG);
5169 if (error)
5170 return (error);
5171
5172 error = dmu_objset_from_ds(ds, &tosnap);
5173 if (error) {
5174 dsl_dataset_rele(ds, FTAG);
5175 return (error);
5176 }
5177
5178 if (zc->zc_fromobj != 0) {
5179 rw_enter(&dp->dp_config_rwlock, RW_READER);
5180 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
5181 rw_exit(&dp->dp_config_rwlock);
5182 if (error) {
5183 dsl_dataset_rele(ds, FTAG);
5184 return (error);
5185 }
5186 error = dmu_objset_from_ds(dsfrom, &fromsnap);
5187 if (error) {
5188 dsl_dataset_rele(dsfrom, FTAG);
5189 dsl_dataset_rele(ds, FTAG);
5190 return (error);
5191 }
5192 }
5193
5194 if (zc->zc_obj) {
5195 dsl_pool_t *dp = ds->ds_dir->dd_pool;
5196
5197 if (fromsnap != NULL) {
5198 dsl_dataset_rele(dsfrom, FTAG);
5199 dsl_dataset_rele(ds, FTAG);
5200 return (EINVAL);
5201 }
5202
5203 if (dsl_dir_is_clone(ds->ds_dir)) {
5204 rw_enter(&dp->dp_config_rwlock, RW_READER);
5205 error = dsl_dataset_hold_obj(dp,
5206 ds->ds_dir->dd_phys->dd_origin_obj, FTAG, &dsfrom);
5207 rw_exit(&dp->dp_config_rwlock);
5208 if (error) {
5209 dsl_dataset_rele(ds, FTAG);
5210 return (error);
5211 }
5212 error = dmu_objset_from_ds(dsfrom, &fromsnap);
5213 if (error) {
5214 dsl_dataset_rele(dsfrom, FTAG);
5215 dsl_dataset_rele(ds, FTAG);
5216 return (error);
5217 }
5218 }
5219 }
5220
5221 fp = getf(zc->zc_cookie);
5222 if (fp == NULL) {
5223 dsl_dataset_rele(ds, FTAG);
5224 if (dsfrom)
5225 dsl_dataset_rele(dsfrom, FTAG);
5226 return (EBADF);
5227 }
5228
5229 off = fp->f_offset;
5230 error = fits_send(tosnap, fromsnap, zc->zc_cookie, fp->f_vnode, &off);
5231
5232 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5233 fp->f_offset = off;
5234 releasef(zc->zc_cookie);
5235
5236 if (dsfrom)
5237 dsl_dataset_rele(dsfrom, FTAG);
5238 dsl_dataset_rele(ds, FTAG);
5239 return (error);
5240 }
5241
5242 /*
5243 * Determine approximately how large a zfs send stream will be -- the number
5244 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5245 *
5246 * innvl: {
5247 * (optional) "fromsnap" -> full snap name to send an incremental from
5248 * }
5249 *
5250 * outnvl: {
5251 * "space" -> bytes of space (uint64)
5252 * }
5253 */
5254 static int
5255 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5256 {
5257 objset_t *fromsnap = NULL;
5258 objset_t *tosnap;
5259 int error;
5260 char *fromname;
5261 uint64_t space;
5262
5263 error = dmu_objset_hold(snapname, FTAG, &tosnap);
5264 if (error)
5265 return (error);
5266
5267 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5268 if (error == 0) {
5269 error = dmu_objset_hold(fromname, FTAG, &fromsnap);
5270 if (error) {
5271 dmu_objset_rele(tosnap, FTAG);
5272 return (error);
5273 }
5274 }
5275
5276 error = dmu_send_estimate(tosnap, fromsnap, &space);
5277 fnvlist_add_uint64(outnvl, "space", space);
5278
5279 if (fromsnap != NULL)
5280 dmu_objset_rele(fromsnap, FTAG);
5281 dmu_objset_rele(tosnap, FTAG);
5282 return (error);
5283 }
5284
5285
5286 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5287
5288 static void
5289 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5290 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5291 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5292 {
5293 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5294
5295 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5296 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5297 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5298 ASSERT3P(vec->zvec_func, ==, NULL);
5299
5300 vec->zvec_legacy_func = func;
5301 vec->zvec_secpolicy = secpolicy;
5302 vec->zvec_namecheck = namecheck;
5303 vec->zvec_allow_log = log_history;
5304 vec->zvec_pool_check = pool_check;
5305 }
5306
5307 /*
5308 * See the block comment at the beginning of this file for details on
5309 * each argument to this function.
5310 */
5311 static void
5312 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5313 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5314 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5315 boolean_t allow_log)
5316 {
5317 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5318
5319 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5320 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5321 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5322 ASSERT3P(vec->zvec_func, ==, NULL);
5323
5324 /* if we are logging, the name must be valid */
5325 ASSERT(!allow_log || namecheck != NO_NAME);
5326
5327 vec->zvec_name = name;
5328 vec->zvec_func = func;
5329 vec->zvec_secpolicy = secpolicy;
5330 vec->zvec_namecheck = namecheck;
5331 vec->zvec_pool_check = pool_check;
5332 vec->zvec_smush_outnvlist = smush_outnvlist;
5333 vec->zvec_allow_log = allow_log;
5334 }
5335
5336 static void
5337 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5338 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5339 zfs_ioc_poolcheck_t pool_check)
5340 {
5341 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5342 POOL_NAME, log_history, pool_check);
5343 }
5344
5345 static void
5346 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5347 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5348 {
5349 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5350 DATASET_NAME, B_FALSE, pool_check);
5351 }
5352
5353 static void
5354 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5355 {
5356 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5357 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5358 }
5359
5360 static void
5361 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5362 zfs_secpolicy_func_t *secpolicy)
5363 {
5364 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5365 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5366 }
5367
5368 static void
5369 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5370 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5371 {
5372 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5373 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5374 }
5375
5376 static void
5377 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5378 {
5379 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5380 zfs_secpolicy_read);
5381 }
5382
5383 static void
5384 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5385 zfs_secpolicy_func_t *secpolicy)
5386 {
5387 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5388 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5389 }
5390
5391 static void
5392 zfs_ioctl_init(void)
5393 {
5394 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5395 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5396 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5397
5398 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5399 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5400 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5401
5402 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5403 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5404 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5405
5406 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5407 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5408 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5409
5410 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5411 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5412 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5413
5414 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5415 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5416 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5417
5418 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5419 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5420 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5421
5422 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5423 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5424 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5425
5426 /* IOCTLS that use the legacy function signature */
5427
5428 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5429 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5430
5431 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5432 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5433 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5434 zfs_ioc_pool_scan);
5435 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5436 zfs_ioc_pool_upgrade);
5437 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5438 zfs_ioc_vdev_add);
5439 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5440 zfs_ioc_vdev_remove);
5441 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5442 zfs_ioc_vdev_set_state);
5443 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5444 zfs_ioc_vdev_attach);
5445 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5446 zfs_ioc_vdev_detach);
5447 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5448 zfs_ioc_vdev_setpath);
5449 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5450 zfs_ioc_vdev_setfru);
5451 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5452 zfs_ioc_pool_set_props);
5453 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5454 zfs_ioc_vdev_split);
5455 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5456 zfs_ioc_pool_reguid);
5457
5458 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5459 zfs_ioc_pool_configs, zfs_secpolicy_none);
5460 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5461 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5462 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5463 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5464 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5465 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5466 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5467 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5468
5469 /*
5470 * pool destroy, and export don't log the history as part of
5471 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5472 * does the logging of those commands.
5473 */
5474 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5475 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5476 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5477 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5478
5479 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5480 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5481 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5482 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5483
5484 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5485 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5486 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5487 zfs_ioc_dsobj_to_dsname,
5488 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5489 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5490 zfs_ioc_pool_get_history,
5491 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5492
5493 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5494 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5495
5496 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5497 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5498 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5499 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5500
5501 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5502 zfs_ioc_space_written);
5503 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_HOLDS,
5504 zfs_ioc_get_holds);
5505 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5506 zfs_ioc_objset_recvd_props);
5507 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5508 zfs_ioc_next_obj);
5509 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5510 zfs_ioc_get_fsacl);
5511 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5512 zfs_ioc_objset_stats);
5513 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5514 zfs_ioc_objset_zplprops);
5515 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5516 zfs_ioc_dataset_list_next);
5517 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5518 zfs_ioc_snapshot_list_next);
5519 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5520 zfs_ioc_send_progress);
5521
5522 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5523 zfs_ioc_diff, zfs_secpolicy_diff);
5524 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5525 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5526 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5527 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5528 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5529 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5530 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5531 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5532 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5533 zfs_ioc_send, zfs_secpolicy_send);
5534 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_FITS_SEND,
5535 zfs_ioc_fits_send, zfs_secpolicy_send);
5536
5537 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5538 zfs_secpolicy_none);
5539 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5540 zfs_secpolicy_destroy);
5541 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5542 zfs_secpolicy_rollback);
5543 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5544 zfs_secpolicy_rename);
5545 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5546 zfs_secpolicy_recv);
5547 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5548 zfs_secpolicy_promote);
5549 zfs_ioctl_register_dataset_modify(ZFS_IOC_HOLD, zfs_ioc_hold,
5550 zfs_secpolicy_hold);
5551 zfs_ioctl_register_dataset_modify(ZFS_IOC_RELEASE, zfs_ioc_release,
5552 zfs_secpolicy_release);
5553 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5554 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5555 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5556 zfs_secpolicy_set_fsacl);
5557
5558 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5559 zfs_secpolicy_share, POOL_CHECK_NONE);
5560 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5561 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5562 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5563 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5564 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5565 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5566 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5567 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5568 }
5569
5570 int
5571 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5572 zfs_ioc_poolcheck_t check)
5573 {
5574 spa_t *spa;
5575 int error;
5576
5577 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5578
5579 if (check & POOL_CHECK_NONE)
5580 return (0);
5581
5582 error = spa_open(name, &spa, FTAG);
5583 if (error == 0) {
5584 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5585 error = EAGAIN;
5586 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5587 error = EROFS;
5588 spa_close(spa, FTAG);
5589 }
5590 return (error);
5591 }
5592
5593 /*
5594 * Find a free minor number.
5595 */
5596 minor_t
5597 zfsdev_minor_alloc(void)
5598 {
5599 static minor_t last_minor;
5600 minor_t m;
5601
5602 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5603
5604 for (m = last_minor + 1; m != last_minor; m++) {
5605 if (m > ZFSDEV_MAX_MINOR)
5606 m = 1;
5607 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5608 last_minor = m;
5609 return (m);
5610 }
5611 }
5612
5613 return (0);
5614 }
5615
5616 static int
5617 zfs_ctldev_init(dev_t *devp)
5618 {
5619 minor_t minor;
5620 zfs_soft_state_t *zs;
5621
5622 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5623 ASSERT(getminor(*devp) == 0);
5624
5625 minor = zfsdev_minor_alloc();
5626 if (minor == 0)
5627 return (ENXIO);
5628
5629 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5630 return (EAGAIN);
5631
5632 *devp = makedevice(getemajor(*devp), minor);
5633
5634 zs = ddi_get_soft_state(zfsdev_state, minor);
5635 zs->zss_type = ZSST_CTLDEV;
5636 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5637
5638 return (0);
5639 }
5640
5641 static void
5642 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5643 {
5644 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5645
5646 zfs_onexit_destroy(zo);
5647 ddi_soft_state_free(zfsdev_state, minor);
5648 }
5649
5650 void *
5651 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5652 {
5653 zfs_soft_state_t *zp;
5654
5655 zp = ddi_get_soft_state(zfsdev_state, minor);
5656 if (zp == NULL || zp->zss_type != which)
5657 return (NULL);
5658
5659 return (zp->zss_data);
5660 }
5661
5662 static int
5663 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5664 {
5665 int error = 0;
5666
5667 if (getminor(*devp) != 0)
5668 return (zvol_open(devp, flag, otyp, cr));
5669
5670 /* This is the control device. Allocate a new minor if requested. */
5671 if (flag & FEXCL) {
5672 mutex_enter(&zfsdev_state_lock);
5673 error = zfs_ctldev_init(devp);
5674 mutex_exit(&zfsdev_state_lock);
5675 }
5676
5677 return (error);
5678 }
5679
5680 static int
5681 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5682 {
5683 zfs_onexit_t *zo;
5684 minor_t minor = getminor(dev);
5685
5686 if (minor == 0)
5687 return (0);
5688
5689 mutex_enter(&zfsdev_state_lock);
5690 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5691 if (zo == NULL) {
5692 mutex_exit(&zfsdev_state_lock);
5693 return (zvol_close(dev, flag, otyp, cr));
5694 }
5695 zfs_ctldev_destroy(zo, minor);
5696 mutex_exit(&zfsdev_state_lock);
5697
5698 return (0);
5699 }
5700
5701 static int
5702 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5703 {
5704 zfs_cmd_t *zc;
5705 uint_t vecnum;
5706 int error, rc, len;
5707 minor_t minor = getminor(dev);
5708 const zfs_ioc_vec_t *vec;
5709 char *saved_poolname = NULL;
5710 nvlist_t *innvl = NULL;
5711
5712 if (minor != 0 &&
5713 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5714 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5715
5716 vecnum = cmd - ZFS_IOC_FIRST;
5717 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5718
5719 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5720 return (EINVAL);
5721 vec = &zfs_ioc_vec[vecnum];
5722
5723 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5724
5725 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5726 if (error != 0) {
5727 error = EFAULT;
5728 goto out;
5729 }
5730
5731 zc->zc_iflags = flag & FKIOCTL;
5732 if (zc->zc_nvlist_src_size != 0) {
5733 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5734 zc->zc_iflags, &innvl);
5735 if (error != 0)
5736 goto out;
5737 }
5738
5739 /*
5740 * Ensure that all pool/dataset names are valid before we pass down to
5741 * the lower layers.
5742 */
5743 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5744 switch (vec->zvec_namecheck) {
5745 case POOL_NAME:
5746 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5747 error = EINVAL;
5748 else
5749 error = pool_status_check(zc->zc_name,
5750 vec->zvec_namecheck, vec->zvec_pool_check);
5751 break;
5752
5753 case DATASET_NAME:
5754 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5755 error = EINVAL;
5756 else
5757 error = pool_status_check(zc->zc_name,
5758 vec->zvec_namecheck, vec->zvec_pool_check);
5759 break;
5760
5761 case NO_NAME:
5762 break;
5763 }
5764
5765
5766 if (error == 0 && !(flag & FKIOCTL))
5767 error = vec->zvec_secpolicy(zc, innvl, cr);
5768
5769 if (error != 0)
5770 goto out;
5771
5772 /* legacy ioctls can modify zc_name */
5773 len = strcspn(zc->zc_name, "/@") + 1;
5774 saved_poolname = kmem_alloc(len, KM_SLEEP);
5775 (void) strlcpy(saved_poolname, zc->zc_name, len);
5776
5777 if (vec->zvec_func != NULL) {
5778 nvlist_t *outnvl;
5779 int puterror = 0;
5780 spa_t *spa;
5781 nvlist_t *lognv = NULL;
5782
5783 ASSERT(vec->zvec_legacy_func == NULL);
5784
5785 /*
5786 * Add the innvl to the lognv before calling the func,
5787 * in case the func changes the innvl.
5788 */
5789 if (vec->zvec_allow_log) {
5790 lognv = fnvlist_alloc();
5791 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5792 vec->zvec_name);
5793 if (!nvlist_empty(innvl)) {
5794 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5795 innvl);
5796 }
5797 }
5798
5799 outnvl = fnvlist_alloc();
5800 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5801
5802 if (error == 0 && vec->zvec_allow_log &&
5803 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5804 if (!nvlist_empty(outnvl)) {
5805 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5806 outnvl);
5807 }
5808 (void) spa_history_log_nvl(spa, lognv);
5809 spa_close(spa, FTAG);
5810 }
5811 fnvlist_free(lognv);
5812
5813 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5814 int smusherror = 0;
5815 if (vec->zvec_smush_outnvlist) {
5816 smusherror = nvlist_smush(outnvl,
5817 zc->zc_nvlist_dst_size);
5818 }
5819 if (smusherror == 0)
5820 puterror = put_nvlist(zc, outnvl);
5821 }
5822
5823 if (puterror != 0)
5824 error = puterror;
5825
5826 nvlist_free(outnvl);
5827 } else {
5828 error = vec->zvec_legacy_func(zc);
5829 }
5830
5831 out:
5832 nvlist_free(innvl);
5833 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5834 if (error == 0 && rc != 0)
5835 error = EFAULT;
5836 if (error == 0 && vec->zvec_allow_log) {
5837 char *s = tsd_get(zfs_allow_log_key);
5838 if (s != NULL)
5839 strfree(s);
5840 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5841 } else {
5842 if (saved_poolname != NULL)
5843 strfree(saved_poolname);
5844 }
5845
5846 kmem_free(zc, sizeof (zfs_cmd_t));
5847 return (error);
5848 }
5849
5850 static int
5851 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5852 {
5853 if (cmd != DDI_ATTACH)
5854 return (DDI_FAILURE);
5855
5856 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5857 DDI_PSEUDO, 0) == DDI_FAILURE)
5858 return (DDI_FAILURE);
5859
5860 zfs_dip = dip;
5861
5862 ddi_report_dev(dip);
5863
5864 return (DDI_SUCCESS);
5865 }
5866
5867 static int
5868 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5869 {
5870 if (spa_busy() || zfs_busy() || zvol_busy())
5871 return (DDI_FAILURE);
5872
5873 if (cmd != DDI_DETACH)
5874 return (DDI_FAILURE);
5875
5876 zfs_dip = NULL;
5877
5878 ddi_prop_remove_all(dip);
5879 ddi_remove_minor_node(dip, NULL);
5880
5881 return (DDI_SUCCESS);
5882 }
5883
5884 /*ARGSUSED*/
5885 static int
5886 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5887 {
5888 switch (infocmd) {
5889 case DDI_INFO_DEVT2DEVINFO:
5890 *result = zfs_dip;
5891 return (DDI_SUCCESS);
5892
5893 case DDI_INFO_DEVT2INSTANCE:
5894 *result = (void *)0;
5895 return (DDI_SUCCESS);
5896 }
5897
5898 return (DDI_FAILURE);
5899 }
5900
5901 /*
5902 * OK, so this is a little weird.
5903 *
5904 * /dev/zfs is the control node, i.e. minor 0.
5905 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5906 *
5907 * /dev/zfs has basically nothing to do except serve up ioctls,
5908 * so most of the standard driver entry points are in zvol.c.
5909 */
5910 static struct cb_ops zfs_cb_ops = {
5911 zfsdev_open, /* open */
5912 zfsdev_close, /* close */
5913 zvol_strategy, /* strategy */
5914 nodev, /* print */
5915 zvol_dump, /* dump */
5916 zvol_read, /* read */
5917 zvol_write, /* write */
5918 zfsdev_ioctl, /* ioctl */
5919 nodev, /* devmap */
5920 nodev, /* mmap */
5921 nodev, /* segmap */
5922 nochpoll, /* poll */
5923 ddi_prop_op, /* prop_op */
5924 NULL, /* streamtab */
5925 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5926 CB_REV, /* version */
5927 nodev, /* async read */
5928 nodev, /* async write */
5929 };
5930
5931 static struct dev_ops zfs_dev_ops = {
5932 DEVO_REV, /* version */
5933 0, /* refcnt */
5934 zfs_info, /* info */
5935 nulldev, /* identify */
5936 nulldev, /* probe */
5937 zfs_attach, /* attach */
5938 zfs_detach, /* detach */
5939 nodev, /* reset */
5940 &zfs_cb_ops, /* driver operations */
5941 NULL, /* no bus operations */
5942 NULL, /* power */
5943 ddi_quiesce_not_needed, /* quiesce */
5944 };
5945
5946 static struct modldrv zfs_modldrv = {
5947 &mod_driverops,
5948 "ZFS storage pool",
5949 &zfs_dev_ops
5950 };
5951
5952 static struct modlinkage modlinkage = {
5953 MODREV_1,
5954 (void *)&zfs_modlfs,
5955 (void *)&zfs_modldrv,
5956 NULL
5957 };
5958
5959 static void
5960 zfs_allow_log_destroy(void *arg)
5961 {
5962 char *poolname = arg;
5963 strfree(poolname);
5964 }
5965
5966 int
5967 _init(void)
5968 {
5969 int error;
5970
5971 spa_init(FREAD | FWRITE);
5972 zfs_init();
5973 zvol_init();
5974 zfs_ioctl_init();
5975
5976 if ((error = mod_install(&modlinkage)) != 0) {
5977 zvol_fini();
5978 zfs_fini();
5979 spa_fini();
5980 return (error);
5981 }
5982
5983 tsd_create(&zfs_fsyncer_key, NULL);
5984 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5985 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5986
5987 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5988 ASSERT(error == 0);
5989 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5990
5991 return (0);
5992 }
5993
5994 int
5995 _fini(void)
5996 {
5997 int error;
5998
5999 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
6000 return (EBUSY);
6001
6002 if ((error = mod_remove(&modlinkage)) != 0)
6003 return (error);
6004
6005 zvol_fini();
6006 zfs_fini();
6007 spa_fini();
6008 if (zfs_nfsshare_inited)
6009 (void) ddi_modclose(nfs_mod);
6010 if (zfs_smbshare_inited)
6011 (void) ddi_modclose(smbsrv_mod);
6012 if (zfs_nfsshare_inited || zfs_smbshare_inited)
6013 (void) ddi_modclose(sharefs_mod);
6014
6015 tsd_destroy(&zfs_fsyncer_key);
6016 ldi_ident_release(zfs_li);
6017 zfs_li = NULL;
6018 mutex_destroy(&zfs_share_lock);
6019
6020 return (error);
6021 }
6022
6023 int
6024 _info(struct modinfo *modinfop)
6025 {
6026 return (mod_info(&modlinkage, modinfop));
6027 }