1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 * Copyright (c) 2013 by Delphix. All rights reserved.
28 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
29 */
30
31 /*
32 * ZFS ioctls.
33 *
34 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
35 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
36 *
37 * There are two ways that we handle ioctls: the legacy way where almost
38 * all of the logic is in the ioctl callback, and the new way where most
39 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
40 *
41 * Non-legacy ioctls should be registered by calling
42 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
43 * from userland by lzc_ioctl().
44 *
45 * The registration arguments are as follows:
46 *
47 * const char *name
48 * The name of the ioctl. This is used for history logging. If the
49 * ioctl returns successfully (the callback returns 0), and allow_log
50 * is true, then a history log entry will be recorded with the input &
51 * output nvlists. The log entry can be printed with "zpool history -i".
52 *
53 * zfs_ioc_t ioc
54 * The ioctl request number, which userland will pass to ioctl(2).
55 * The ioctl numbers can change from release to release, because
56 * the caller (libzfs) must be matched to the kernel.
57 *
58 * zfs_secpolicy_func_t *secpolicy
59 * This function will be called before the zfs_ioc_func_t, to
60 * determine if this operation is permitted. It should return EPERM
61 * on failure, and 0 on success. Checks include determining if the
62 * dataset is visible in this zone, and if the user has either all
63 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
64 * to do this operation on this dataset with "zfs allow".
65 *
66 * zfs_ioc_namecheck_t namecheck
67 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
68 * name, a dataset name, or nothing. If the name is not well-formed,
69 * the ioctl will fail and the callback will not be called.
70 * Therefore, the callback can assume that the name is well-formed
71 * (e.g. is null-terminated, doesn't have more than one '@' character,
72 * doesn't have invalid characters).
73 *
74 * zfs_ioc_poolcheck_t pool_check
75 * This specifies requirements on the pool state. If the pool does
76 * not meet them (is suspended or is readonly), the ioctl will fail
77 * and the callback will not be called. If any checks are specified
78 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
79 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
80 * POOL_CHECK_READONLY).
81 *
82 * boolean_t smush_outnvlist
83 * If smush_outnvlist is true, then the output is presumed to be a
84 * list of errors, and it will be "smushed" down to fit into the
85 * caller's buffer, by removing some entries and replacing them with a
86 * single "N_MORE_ERRORS" entry indicating how many were removed. See
87 * nvlist_smush() for details. If smush_outnvlist is false, and the
88 * outnvlist does not fit into the userland-provided buffer, then the
89 * ioctl will fail with ENOMEM.
90 *
91 * zfs_ioc_func_t *func
92 * The callback function that will perform the operation.
93 *
94 * The callback should return 0 on success, or an error number on
95 * failure. If the function fails, the userland ioctl will return -1,
96 * and errno will be set to the callback's return value. The callback
97 * will be called with the following arguments:
98 *
99 * const char *name
100 * The name of the pool or dataset to operate on, from
101 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
102 * expected type (pool, dataset, or none).
103 *
104 * nvlist_t *innvl
105 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
106 * NULL if no input nvlist was provided. Changes to this nvlist are
107 * ignored. If the input nvlist could not be deserialized, the
108 * ioctl will fail and the callback will not be called.
109 *
110 * nvlist_t *outnvl
111 * The output nvlist, initially empty. The callback can fill it in,
112 * and it will be returned to userland by serializing it into
113 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
114 * fails (e.g. because the caller didn't supply a large enough
115 * buffer), then the overall ioctl will fail. See the
116 * 'smush_nvlist' argument above for additional behaviors.
117 *
118 * There are two typical uses of the output nvlist:
119 * - To return state, e.g. property values. In this case,
120 * smush_outnvlist should be false. If the buffer was not large
121 * enough, the caller will reallocate a larger buffer and try
122 * the ioctl again.
123 *
124 * - To return multiple errors from an ioctl which makes on-disk
125 * changes. In this case, smush_outnvlist should be true.
126 * Ioctls which make on-disk modifications should generally not
127 * use the outnvl if they succeed, because the caller can not
128 * distinguish between the operation failing, and
129 * deserialization failing.
130 */
131
132 #include <sys/types.h>
133 #include <sys/param.h>
134 #include <sys/errno.h>
135 #include <sys/uio.h>
136 #include <sys/buf.h>
137 #include <sys/modctl.h>
138 #include <sys/open.h>
139 #include <sys/file.h>
140 #include <sys/kmem.h>
141 #include <sys/conf.h>
142 #include <sys/cmn_err.h>
143 #include <sys/stat.h>
144 #include <sys/zfs_ioctl.h>
145 #include <sys/zfs_vfsops.h>
146 #include <sys/zfs_znode.h>
147 #include <sys/zap.h>
148 #include <sys/spa.h>
149 #include <sys/spa_impl.h>
150 #include <sys/vdev.h>
151 #include <sys/priv_impl.h>
152 #include <sys/dmu.h>
153 #include <sys/dsl_dir.h>
154 #include <sys/dsl_dataset.h>
155 #include <sys/dsl_prop.h>
156 #include <sys/dsl_deleg.h>
157 #include <sys/dmu_objset.h>
158 #include <sys/dmu_impl.h>
159 #include <sys/dmu_tx.h>
160 #include <sys/ddi.h>
161 #include <sys/sunddi.h>
162 #include <sys/sunldi.h>
163 #include <sys/policy.h>
164 #include <sys/zone.h>
165 #include <sys/nvpair.h>
166 #include <sys/pathname.h>
167 #include <sys/mount.h>
168 #include <sys/sdt.h>
169 #include <sys/fs/zfs.h>
170 #include <sys/zfs_ctldir.h>
171 #include <sys/zfs_dir.h>
172 #include <sys/zfs_onexit.h>
173 #include <sys/zvol.h>
174 #include <sys/dsl_scan.h>
175 #include <sharefs/share.h>
176 #include <sys/dmu_objset.h>
177 #include <sys/dmu_send.h>
178 #include <sys/dsl_destroy.h>
179 #include <sys/dsl_userhold.h>
180 #include <sys/zfeature.h>
181
182 #include "zfs_namecheck.h"
183 #include "zfs_prop.h"
184 #include "zfs_deleg.h"
185 #include "zfs_comutil.h"
186
187 extern struct modlfs zfs_modlfs;
188
189 extern void zfs_init(void);
190 extern void zfs_fini(void);
191
192 ldi_ident_t zfs_li = NULL;
193 dev_info_t *zfs_dip;
194
195 uint_t zfs_fsyncer_key;
196 extern uint_t rrw_tsd_key;
197 static uint_t zfs_allow_log_key;
198
199 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
200 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
201 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
202
203 typedef enum {
204 NO_NAME,
205 POOL_NAME,
206 DATASET_NAME
207 } zfs_ioc_namecheck_t;
208
209 typedef enum {
210 POOL_CHECK_NONE = 1 << 0,
211 POOL_CHECK_SUSPENDED = 1 << 1,
212 POOL_CHECK_READONLY = 1 << 2,
213 } zfs_ioc_poolcheck_t;
214
215 typedef struct zfs_ioc_vec {
216 zfs_ioc_legacy_func_t *zvec_legacy_func;
217 zfs_ioc_func_t *zvec_func;
218 zfs_secpolicy_func_t *zvec_secpolicy;
219 zfs_ioc_namecheck_t zvec_namecheck;
220 boolean_t zvec_allow_log;
221 zfs_ioc_poolcheck_t zvec_pool_check;
222 boolean_t zvec_smush_outnvlist;
223 const char *zvec_name;
224 } zfs_ioc_vec_t;
225
226 /* This array is indexed by zfs_userquota_prop_t */
227 static const char *userquota_perms[] = {
228 ZFS_DELEG_PERM_USERUSED,
229 ZFS_DELEG_PERM_USERQUOTA,
230 ZFS_DELEG_PERM_GROUPUSED,
231 ZFS_DELEG_PERM_GROUPQUOTA,
232 };
233
234 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
235 static int zfs_check_settable(const char *name, nvpair_t *property,
236 cred_t *cr);
237 static int zfs_check_clearable(char *dataset, nvlist_t *props,
238 nvlist_t **errors);
239 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
240 boolean_t *);
241 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
242 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
243
244 static int zfs_prop_activate_feature(spa_t *spa, zfeature_info_t *feature);
245
246 /* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
247 void
248 __dprintf(const char *file, const char *func, int line, const char *fmt, ...)
249 {
250 const char *newfile;
251 char buf[512];
252 va_list adx;
253
254 /*
255 * Get rid of annoying "../common/" prefix to filename.
256 */
257 newfile = strrchr(file, '/');
258 if (newfile != NULL) {
259 newfile = newfile + 1; /* Get rid of leading / */
260 } else {
261 newfile = file;
262 }
263
264 va_start(adx, fmt);
265 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
266 va_end(adx);
267
268 /*
269 * To get this data, use the zfs-dprintf probe as so:
270 * dtrace -q -n 'zfs-dprintf \
271 * /stringof(arg0) == "dbuf.c"/ \
272 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
273 * arg0 = file name
274 * arg1 = function name
275 * arg2 = line number
276 * arg3 = message
277 */
278 DTRACE_PROBE4(zfs__dprintf,
279 char *, newfile, char *, func, int, line, char *, buf);
280 }
281
282 static void
283 history_str_free(char *buf)
284 {
285 kmem_free(buf, HIS_MAX_RECORD_LEN);
286 }
287
288 static char *
289 history_str_get(zfs_cmd_t *zc)
290 {
291 char *buf;
292
293 if (zc->zc_history == NULL)
294 return (NULL);
295
296 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
297 if (copyinstr((void *)(uintptr_t)zc->zc_history,
298 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
299 history_str_free(buf);
300 return (NULL);
301 }
302
303 buf[HIS_MAX_RECORD_LEN -1] = '\0';
304
305 return (buf);
306 }
307
308 /*
309 * Check to see if the named dataset is currently defined as bootable
310 */
311 static boolean_t
312 zfs_is_bootfs(const char *name)
313 {
314 objset_t *os;
315
316 if (dmu_objset_hold(name, FTAG, &os) == 0) {
317 boolean_t ret;
318 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
319 dmu_objset_rele(os, FTAG);
320 return (ret);
321 }
322 return (B_FALSE);
323 }
324
325 /*
326 * Return non-zero if the spa version is less than requested version.
327 */
328 static int
329 zfs_earlier_version(const char *name, int version)
330 {
331 spa_t *spa;
332
333 if (spa_open(name, &spa, FTAG) == 0) {
334 if (spa_version(spa) < version) {
335 spa_close(spa, FTAG);
336 return (1);
337 }
338 spa_close(spa, FTAG);
339 }
340 return (0);
341 }
342
343 /*
344 * Return TRUE if the ZPL version is less than requested version.
345 */
346 static boolean_t
347 zpl_earlier_version(const char *name, int version)
348 {
349 objset_t *os;
350 boolean_t rc = B_TRUE;
351
352 if (dmu_objset_hold(name, FTAG, &os) == 0) {
353 uint64_t zplversion;
354
355 if (dmu_objset_type(os) != DMU_OST_ZFS) {
356 dmu_objset_rele(os, FTAG);
357 return (B_TRUE);
358 }
359 /* XXX reading from non-owned objset */
360 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
361 rc = zplversion < version;
362 dmu_objset_rele(os, FTAG);
363 }
364 return (rc);
365 }
366
367 static void
368 zfs_log_history(zfs_cmd_t *zc)
369 {
370 spa_t *spa;
371 char *buf;
372
373 if ((buf = history_str_get(zc)) == NULL)
374 return;
375
376 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
377 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
378 (void) spa_history_log(spa, buf);
379 spa_close(spa, FTAG);
380 }
381 history_str_free(buf);
382 }
383
384 /*
385 * Policy for top-level read operations (list pools). Requires no privileges,
386 * and can be used in the local zone, as there is no associated dataset.
387 */
388 /* ARGSUSED */
389 static int
390 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
391 {
392 return (0);
393 }
394
395 /*
396 * Policy for dataset read operations (list children, get statistics). Requires
397 * no privileges, but must be visible in the local zone.
398 */
399 /* ARGSUSED */
400 static int
401 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
402 {
403 if (INGLOBALZONE(curproc) ||
404 zone_dataset_visible(zc->zc_name, NULL))
405 return (0);
406
407 return (SET_ERROR(ENOENT));
408 }
409
410 static int
411 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
412 {
413 int writable = 1;
414
415 /*
416 * The dataset must be visible by this zone -- check this first
417 * so they don't see EPERM on something they shouldn't know about.
418 */
419 if (!INGLOBALZONE(curproc) &&
420 !zone_dataset_visible(dataset, &writable))
421 return (SET_ERROR(ENOENT));
422
423 if (INGLOBALZONE(curproc)) {
424 /*
425 * If the fs is zoned, only root can access it from the
426 * global zone.
427 */
428 if (secpolicy_zfs(cr) && zoned)
429 return (SET_ERROR(EPERM));
430 } else {
431 /*
432 * If we are in a local zone, the 'zoned' property must be set.
433 */
434 if (!zoned)
435 return (SET_ERROR(EPERM));
436
437 /* must be writable by this zone */
438 if (!writable)
439 return (SET_ERROR(EPERM));
440 }
441 return (0);
442 }
443
444 static int
445 zfs_dozonecheck(const char *dataset, cred_t *cr)
446 {
447 uint64_t zoned;
448
449 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
450 return (SET_ERROR(ENOENT));
451
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
453 }
454
455 static int
456 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
457 {
458 uint64_t zoned;
459
460 if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
461 return (SET_ERROR(ENOENT));
462
463 return (zfs_dozonecheck_impl(dataset, zoned, cr));
464 }
465
466 static int
467 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
468 const char *perm, cred_t *cr)
469 {
470 int error;
471
472 error = zfs_dozonecheck_ds(name, ds, cr);
473 if (error == 0) {
474 error = secpolicy_zfs(cr);
475 if (error != 0)
476 error = dsl_deleg_access_impl(ds, perm, cr);
477 }
478 return (error);
479 }
480
481 static int
482 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
483 {
484 int error;
485 dsl_dataset_t *ds;
486 dsl_pool_t *dp;
487
488 error = dsl_pool_hold(name, FTAG, &dp);
489 if (error != 0)
490 return (error);
491
492 error = dsl_dataset_hold(dp, name, FTAG, &ds);
493 if (error != 0) {
494 dsl_pool_rele(dp, FTAG);
495 return (error);
496 }
497
498 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
499
500 dsl_dataset_rele(ds, FTAG);
501 dsl_pool_rele(dp, FTAG);
502 return (error);
503 }
504
505 /*
506 * Policy for setting the security label property.
507 *
508 * Returns 0 for success, non-zero for access and other errors.
509 */
510 static int
511 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
512 {
513 char ds_hexsl[MAXNAMELEN];
514 bslabel_t ds_sl, new_sl;
515 boolean_t new_default = FALSE;
516 uint64_t zoned;
517 int needed_priv = -1;
518 int error;
519
520 /* First get the existing dataset label. */
521 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
522 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
523 if (error != 0)
524 return (SET_ERROR(EPERM));
525
526 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
527 new_default = TRUE;
528
529 /* The label must be translatable */
530 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
531 return (SET_ERROR(EINVAL));
532
533 /*
534 * In a non-global zone, disallow attempts to set a label that
535 * doesn't match that of the zone; otherwise no other checks
536 * are needed.
537 */
538 if (!INGLOBALZONE(curproc)) {
539 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
540 return (SET_ERROR(EPERM));
541 return (0);
542 }
543
544 /*
545 * For global-zone datasets (i.e., those whose zoned property is
546 * "off", verify that the specified new label is valid for the
547 * global zone.
548 */
549 if (dsl_prop_get_integer(name,
550 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
551 return (SET_ERROR(EPERM));
552 if (!zoned) {
553 if (zfs_check_global_label(name, strval) != 0)
554 return (SET_ERROR(EPERM));
555 }
556
557 /*
558 * If the existing dataset label is nondefault, check if the
559 * dataset is mounted (label cannot be changed while mounted).
560 * Get the zfsvfs; if there isn't one, then the dataset isn't
561 * mounted (or isn't a dataset, doesn't exist, ...).
562 */
563 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
564 objset_t *os;
565 static char *setsl_tag = "setsl_tag";
566
567 /*
568 * Try to own the dataset; abort if there is any error,
569 * (e.g., already mounted, in use, or other error).
570 */
571 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
572 setsl_tag, &os);
573 if (error != 0)
574 return (SET_ERROR(EPERM));
575
576 dmu_objset_disown(os, setsl_tag);
577
578 if (new_default) {
579 needed_priv = PRIV_FILE_DOWNGRADE_SL;
580 goto out_check;
581 }
582
583 if (hexstr_to_label(strval, &new_sl) != 0)
584 return (SET_ERROR(EPERM));
585
586 if (blstrictdom(&ds_sl, &new_sl))
587 needed_priv = PRIV_FILE_DOWNGRADE_SL;
588 else if (blstrictdom(&new_sl, &ds_sl))
589 needed_priv = PRIV_FILE_UPGRADE_SL;
590 } else {
591 /* dataset currently has a default label */
592 if (!new_default)
593 needed_priv = PRIV_FILE_UPGRADE_SL;
594 }
595
596 out_check:
597 if (needed_priv != -1)
598 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
599 return (0);
600 }
601
602 static int
603 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
604 cred_t *cr)
605 {
606 char *strval;
607
608 /*
609 * Check permissions for special properties.
610 */
611 switch (prop) {
612 case ZFS_PROP_ZONED:
613 /*
614 * Disallow setting of 'zoned' from within a local zone.
615 */
616 if (!INGLOBALZONE(curproc))
617 return (SET_ERROR(EPERM));
618 break;
619
620 case ZFS_PROP_QUOTA:
621 if (!INGLOBALZONE(curproc)) {
622 uint64_t zoned;
623 char setpoint[MAXNAMELEN];
624 /*
625 * Unprivileged users are allowed to modify the
626 * quota on things *under* (ie. contained by)
627 * the thing they own.
628 */
629 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
630 setpoint))
631 return (SET_ERROR(EPERM));
632 if (!zoned || strlen(dsname) <= strlen(setpoint))
633 return (SET_ERROR(EPERM));
634 }
635 break;
636
637 case ZFS_PROP_MLSLABEL:
638 if (!is_system_labeled())
639 return (SET_ERROR(EPERM));
640
641 if (nvpair_value_string(propval, &strval) == 0) {
642 int err;
643
644 err = zfs_set_slabel_policy(dsname, strval, CRED());
645 if (err != 0)
646 return (err);
647 }
648 break;
649 }
650
651 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
652 }
653
654 /* ARGSUSED */
655 static int
656 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
657 {
658 int error;
659
660 error = zfs_dozonecheck(zc->zc_name, cr);
661 if (error != 0)
662 return (error);
663
664 /*
665 * permission to set permissions will be evaluated later in
666 * dsl_deleg_can_allow()
667 */
668 return (0);
669 }
670
671 /* ARGSUSED */
672 static int
673 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
674 {
675 return (zfs_secpolicy_write_perms(zc->zc_name,
676 ZFS_DELEG_PERM_ROLLBACK, cr));
677 }
678
679 /* ARGSUSED */
680 static int
681 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
682 {
683 dsl_pool_t *dp;
684 dsl_dataset_t *ds;
685 char *cp;
686 int error;
687
688 /*
689 * Generate the current snapshot name from the given objsetid, then
690 * use that name for the secpolicy/zone checks.
691 */
692 cp = strchr(zc->zc_name, '@');
693 if (cp == NULL)
694 return (SET_ERROR(EINVAL));
695 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
696 if (error != 0)
697 return (error);
698
699 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
700 if (error != 0) {
701 dsl_pool_rele(dp, FTAG);
702 return (error);
703 }
704
705 dsl_dataset_name(ds, zc->zc_name);
706
707 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
708 ZFS_DELEG_PERM_SEND, cr);
709 dsl_dataset_rele(ds, FTAG);
710 dsl_pool_rele(dp, FTAG);
711
712 return (error);
713 }
714
715 /* ARGSUSED */
716 static int
717 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
718 {
719 return (zfs_secpolicy_write_perms(zc->zc_name,
720 ZFS_DELEG_PERM_SEND, cr));
721 }
722
723 /* ARGSUSED */
724 static int
725 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
726 {
727 vnode_t *vp;
728 int error;
729
730 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
731 NO_FOLLOW, NULL, &vp)) != 0)
732 return (error);
733
734 /* Now make sure mntpnt and dataset are ZFS */
735
736 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
737 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
738 zc->zc_name) != 0)) {
739 VN_RELE(vp);
740 return (SET_ERROR(EPERM));
741 }
742
743 VN_RELE(vp);
744 return (dsl_deleg_access(zc->zc_name,
745 ZFS_DELEG_PERM_SHARE, cr));
746 }
747
748 int
749 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
750 {
751 if (!INGLOBALZONE(curproc))
752 return (SET_ERROR(EPERM));
753
754 if (secpolicy_nfs(cr) == 0) {
755 return (0);
756 } else {
757 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
758 }
759 }
760
761 int
762 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
763 {
764 if (!INGLOBALZONE(curproc))
765 return (SET_ERROR(EPERM));
766
767 if (secpolicy_smb(cr) == 0) {
768 return (0);
769 } else {
770 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
771 }
772 }
773
774 static int
775 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
776 {
777 char *cp;
778
779 /*
780 * Remove the @bla or /bla from the end of the name to get the parent.
781 */
782 (void) strncpy(parent, datasetname, parentsize);
783 cp = strrchr(parent, '@');
784 if (cp != NULL) {
785 cp[0] = '\0';
786 } else {
787 cp = strrchr(parent, '/');
788 if (cp == NULL)
789 return (SET_ERROR(ENOENT));
790 cp[0] = '\0';
791 }
792
793 return (0);
794 }
795
796 int
797 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
798 {
799 int error;
800
801 if ((error = zfs_secpolicy_write_perms(name,
802 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
803 return (error);
804
805 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
806 }
807
808 /* ARGSUSED */
809 static int
810 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
811 {
812 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
813 }
814
815 /*
816 * Destroying snapshots with delegated permissions requires
817 * descendant mount and destroy permissions.
818 */
819 /* ARGSUSED */
820 static int
821 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
822 {
823 nvlist_t *snaps;
824 nvpair_t *pair, *nextpair;
825 int error = 0;
826
827 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
828 return (SET_ERROR(EINVAL));
829 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
830 pair = nextpair) {
831 dsl_pool_t *dp;
832 dsl_dataset_t *ds;
833
834 error = dsl_pool_hold(nvpair_name(pair), FTAG, &dp);
835 if (error != 0)
836 break;
837 nextpair = nvlist_next_nvpair(snaps, pair);
838 error = dsl_dataset_hold(dp, nvpair_name(pair), FTAG, &ds);
839 if (error == 0)
840 dsl_dataset_rele(ds, FTAG);
841 dsl_pool_rele(dp, FTAG);
842
843 if (error == 0) {
844 error = zfs_secpolicy_destroy_perms(nvpair_name(pair),
845 cr);
846 } else if (error == ENOENT) {
847 /*
848 * Ignore any snapshots that don't exist (we consider
849 * them "already destroyed"). Remove the name from the
850 * nvl here in case the snapshot is created between
851 * now and when we try to destroy it (in which case
852 * we don't want to destroy it since we haven't
853 * checked for permission).
854 */
855 fnvlist_remove_nvpair(snaps, pair);
856 error = 0;
857 }
858 if (error != 0)
859 break;
860 }
861
862 return (error);
863 }
864
865 int
866 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
867 {
868 char parentname[MAXNAMELEN];
869 int error;
870
871 if ((error = zfs_secpolicy_write_perms(from,
872 ZFS_DELEG_PERM_RENAME, cr)) != 0)
873 return (error);
874
875 if ((error = zfs_secpolicy_write_perms(from,
876 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
877 return (error);
878
879 if ((error = zfs_get_parent(to, parentname,
880 sizeof (parentname))) != 0)
881 return (error);
882
883 if ((error = zfs_secpolicy_write_perms(parentname,
884 ZFS_DELEG_PERM_CREATE, cr)) != 0)
885 return (error);
886
887 if ((error = zfs_secpolicy_write_perms(parentname,
888 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
889 return (error);
890
891 return (error);
892 }
893
894 /* ARGSUSED */
895 static int
896 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
897 {
898 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
899 }
900
901 /* ARGSUSED */
902 static int
903 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
904 {
905 dsl_pool_t *dp;
906 dsl_dataset_t *clone;
907 int error;
908
909 error = zfs_secpolicy_write_perms(zc->zc_name,
910 ZFS_DELEG_PERM_PROMOTE, cr);
911 if (error != 0)
912 return (error);
913
914 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
915 if (error != 0)
916 return (error);
917
918 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
919
920 if (error == 0) {
921 char parentname[MAXNAMELEN];
922 dsl_dataset_t *origin = NULL;
923 dsl_dir_t *dd;
924 dd = clone->ds_dir;
925
926 error = dsl_dataset_hold_obj(dd->dd_pool,
927 dd->dd_phys->dd_origin_obj, FTAG, &origin);
928 if (error != 0) {
929 dsl_dataset_rele(clone, FTAG);
930 dsl_pool_rele(dp, FTAG);
931 return (error);
932 }
933
934 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
935 ZFS_DELEG_PERM_MOUNT, cr);
936
937 dsl_dataset_name(origin, parentname);
938 if (error == 0) {
939 error = zfs_secpolicy_write_perms_ds(parentname, origin,
940 ZFS_DELEG_PERM_PROMOTE, cr);
941 }
942 dsl_dataset_rele(clone, FTAG);
943 dsl_dataset_rele(origin, FTAG);
944 }
945 dsl_pool_rele(dp, FTAG);
946 return (error);
947 }
948
949 /* ARGSUSED */
950 static int
951 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
952 {
953 int error;
954
955 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
956 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
957 return (error);
958
959 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
960 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
961 return (error);
962
963 return (zfs_secpolicy_write_perms(zc->zc_name,
964 ZFS_DELEG_PERM_CREATE, cr));
965 }
966
967 int
968 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
969 {
970 return (zfs_secpolicy_write_perms(name,
971 ZFS_DELEG_PERM_SNAPSHOT, cr));
972 }
973
974 /*
975 * Check for permission to create each snapshot in the nvlist.
976 */
977 /* ARGSUSED */
978 static int
979 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
980 {
981 nvlist_t *snaps;
982 int error = 0;
983 nvpair_t *pair;
984
985 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
986 return (SET_ERROR(EINVAL));
987 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
988 pair = nvlist_next_nvpair(snaps, pair)) {
989 char *name = nvpair_name(pair);
990 char *atp = strchr(name, '@');
991
992 if (atp == NULL) {
993 error = SET_ERROR(EINVAL);
994 break;
995 }
996 *atp = '\0';
997 error = zfs_secpolicy_snapshot_perms(name, cr);
998 *atp = '@';
999 if (error != 0)
1000 break;
1001 }
1002 return (error);
1003 }
1004
1005 /* ARGSUSED */
1006 static int
1007 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1008 {
1009 /*
1010 * Even root must have a proper TSD so that we know what pool
1011 * to log to.
1012 */
1013 if (tsd_get(zfs_allow_log_key) == NULL)
1014 return (SET_ERROR(EPERM));
1015 return (0);
1016 }
1017
1018 static int
1019 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1020 {
1021 char parentname[MAXNAMELEN];
1022 int error;
1023 char *origin;
1024
1025 if ((error = zfs_get_parent(zc->zc_name, parentname,
1026 sizeof (parentname))) != 0)
1027 return (error);
1028
1029 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1030 (error = zfs_secpolicy_write_perms(origin,
1031 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1032 return (error);
1033
1034 if ((error = zfs_secpolicy_write_perms(parentname,
1035 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1036 return (error);
1037
1038 return (zfs_secpolicy_write_perms(parentname,
1039 ZFS_DELEG_PERM_MOUNT, cr));
1040 }
1041
1042 /*
1043 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1044 * SYS_CONFIG privilege, which is not available in a local zone.
1045 */
1046 /* ARGSUSED */
1047 static int
1048 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1049 {
1050 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1051 return (SET_ERROR(EPERM));
1052
1053 return (0);
1054 }
1055
1056 /*
1057 * Policy for object to name lookups.
1058 */
1059 /* ARGSUSED */
1060 static int
1061 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1062 {
1063 int error;
1064
1065 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1066 return (0);
1067
1068 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1069 return (error);
1070 }
1071
1072 /*
1073 * Policy for fault injection. Requires all privileges.
1074 */
1075 /* ARGSUSED */
1076 static int
1077 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1078 {
1079 return (secpolicy_zinject(cr));
1080 }
1081
1082 /* ARGSUSED */
1083 static int
1084 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1085 {
1086 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1087
1088 if (prop == ZPROP_INVAL) {
1089 if (!zfs_prop_user(zc->zc_value))
1090 return (SET_ERROR(EINVAL));
1091 return (zfs_secpolicy_write_perms(zc->zc_name,
1092 ZFS_DELEG_PERM_USERPROP, cr));
1093 } else {
1094 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1095 NULL, cr));
1096 }
1097 }
1098
1099 static int
1100 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1101 {
1102 int err = zfs_secpolicy_read(zc, innvl, cr);
1103 if (err)
1104 return (err);
1105
1106 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1107 return (SET_ERROR(EINVAL));
1108
1109 if (zc->zc_value[0] == 0) {
1110 /*
1111 * They are asking about a posix uid/gid. If it's
1112 * themself, allow it.
1113 */
1114 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1115 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1116 if (zc->zc_guid == crgetuid(cr))
1117 return (0);
1118 } else {
1119 if (groupmember(zc->zc_guid, cr))
1120 return (0);
1121 }
1122 }
1123
1124 return (zfs_secpolicy_write_perms(zc->zc_name,
1125 userquota_perms[zc->zc_objset_type], cr));
1126 }
1127
1128 static int
1129 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1130 {
1131 int err = zfs_secpolicy_read(zc, innvl, cr);
1132 if (err)
1133 return (err);
1134
1135 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1136 return (SET_ERROR(EINVAL));
1137
1138 return (zfs_secpolicy_write_perms(zc->zc_name,
1139 userquota_perms[zc->zc_objset_type], cr));
1140 }
1141
1142 /* ARGSUSED */
1143 static int
1144 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1145 {
1146 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1147 NULL, cr));
1148 }
1149
1150 /* ARGSUSED */
1151 static int
1152 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1153 {
1154 nvpair_t *pair;
1155 nvlist_t *holds;
1156 int error;
1157
1158 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1159 if (error != 0)
1160 return (SET_ERROR(EINVAL));
1161
1162 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1163 pair = nvlist_next_nvpair(holds, pair)) {
1164 char fsname[MAXNAMELEN];
1165 error = dmu_fsname(nvpair_name(pair), fsname);
1166 if (error != 0)
1167 return (error);
1168 error = zfs_secpolicy_write_perms(fsname,
1169 ZFS_DELEG_PERM_HOLD, cr);
1170 if (error != 0)
1171 return (error);
1172 }
1173 return (0);
1174 }
1175
1176 /* ARGSUSED */
1177 static int
1178 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1179 {
1180 nvpair_t *pair;
1181 int error;
1182
1183 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1184 pair = nvlist_next_nvpair(innvl, pair)) {
1185 char fsname[MAXNAMELEN];
1186 error = dmu_fsname(nvpair_name(pair), fsname);
1187 if (error != 0)
1188 return (error);
1189 error = zfs_secpolicy_write_perms(fsname,
1190 ZFS_DELEG_PERM_RELEASE, cr);
1191 if (error != 0)
1192 return (error);
1193 }
1194 return (0);
1195 }
1196
1197 /*
1198 * Policy for allowing temporary snapshots to be taken or released
1199 */
1200 static int
1201 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1202 {
1203 /*
1204 * A temporary snapshot is the same as a snapshot,
1205 * hold, destroy and release all rolled into one.
1206 * Delegated diff alone is sufficient that we allow this.
1207 */
1208 int error;
1209
1210 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1211 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1212 return (0);
1213
1214 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1215 if (error == 0)
1216 error = zfs_secpolicy_hold(zc, innvl, cr);
1217 if (error == 0)
1218 error = zfs_secpolicy_release(zc, innvl, cr);
1219 if (error == 0)
1220 error = zfs_secpolicy_destroy(zc, innvl, cr);
1221 return (error);
1222 }
1223
1224 /*
1225 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1226 */
1227 static int
1228 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1229 {
1230 char *packed;
1231 int error;
1232 nvlist_t *list = NULL;
1233
1234 /*
1235 * Read in and unpack the user-supplied nvlist.
1236 */
1237 if (size == 0)
1238 return (SET_ERROR(EINVAL));
1239
1240 packed = kmem_alloc(size, KM_SLEEP);
1241
1242 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1243 iflag)) != 0) {
1244 kmem_free(packed, size);
1245 return (error);
1246 }
1247
1248 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1249 kmem_free(packed, size);
1250 return (error);
1251 }
1252
1253 kmem_free(packed, size);
1254
1255 *nvp = list;
1256 return (0);
1257 }
1258
1259 /*
1260 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1261 * Entries will be removed from the end of the nvlist, and one int32 entry
1262 * named "N_MORE_ERRORS" will be added indicating how many entries were
1263 * removed.
1264 */
1265 static int
1266 nvlist_smush(nvlist_t *errors, size_t max)
1267 {
1268 size_t size;
1269
1270 size = fnvlist_size(errors);
1271
1272 if (size > max) {
1273 nvpair_t *more_errors;
1274 int n = 0;
1275
1276 if (max < 1024)
1277 return (SET_ERROR(ENOMEM));
1278
1279 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1280 more_errors = nvlist_prev_nvpair(errors, NULL);
1281
1282 do {
1283 nvpair_t *pair = nvlist_prev_nvpair(errors,
1284 more_errors);
1285 fnvlist_remove_nvpair(errors, pair);
1286 n++;
1287 size = fnvlist_size(errors);
1288 } while (size > max);
1289
1290 fnvlist_remove_nvpair(errors, more_errors);
1291 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1292 ASSERT3U(fnvlist_size(errors), <=, max);
1293 }
1294
1295 return (0);
1296 }
1297
1298 static int
1299 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1300 {
1301 char *packed = NULL;
1302 int error = 0;
1303 size_t size;
1304
1305 size = fnvlist_size(nvl);
1306
1307 if (size > zc->zc_nvlist_dst_size) {
1308 error = SET_ERROR(ENOMEM);
1309 } else {
1310 packed = fnvlist_pack(nvl, &size);
1311 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1312 size, zc->zc_iflags) != 0)
1313 error = SET_ERROR(EFAULT);
1314 fnvlist_pack_free(packed, size);
1315 }
1316
1317 zc->zc_nvlist_dst_size = size;
1318 zc->zc_nvlist_dst_filled = B_TRUE;
1319 return (error);
1320 }
1321
1322 static int
1323 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1324 {
1325 objset_t *os;
1326 int error;
1327
1328 error = dmu_objset_hold(dsname, FTAG, &os);
1329 if (error != 0)
1330 return (error);
1331 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1332 dmu_objset_rele(os, FTAG);
1333 return (SET_ERROR(EINVAL));
1334 }
1335
1336 mutex_enter(&os->os_user_ptr_lock);
1337 *zfvp = dmu_objset_get_user(os);
1338 if (*zfvp) {
1339 VFS_HOLD((*zfvp)->z_vfs);
1340 } else {
1341 error = SET_ERROR(ESRCH);
1342 }
1343 mutex_exit(&os->os_user_ptr_lock);
1344 dmu_objset_rele(os, FTAG);
1345 return (error);
1346 }
1347
1348 /*
1349 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1350 * case its z_vfs will be NULL, and it will be opened as the owner.
1351 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1352 * which prevents all vnode ops from running.
1353 */
1354 static int
1355 zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1356 {
1357 int error = 0;
1358
1359 if (getzfsvfs(name, zfvp) != 0)
1360 error = zfsvfs_create(name, zfvp);
1361 if (error == 0) {
1362 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1363 RW_READER, tag);
1364 if ((*zfvp)->z_unmounted) {
1365 /*
1366 * XXX we could probably try again, since the unmounting
1367 * thread should be just about to disassociate the
1368 * objset from the zfsvfs.
1369 */
1370 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1371 return (SET_ERROR(EBUSY));
1372 }
1373 }
1374 return (error);
1375 }
1376
1377 static void
1378 zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1379 {
1380 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1381
1382 if (zfsvfs->z_vfs) {
1383 VFS_RELE(zfsvfs->z_vfs);
1384 } else {
1385 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1386 zfsvfs_free(zfsvfs);
1387 }
1388 }
1389
1390 static int
1391 zfs_ioc_pool_create(zfs_cmd_t *zc)
1392 {
1393 int error;
1394 nvlist_t *config, *props = NULL;
1395 nvlist_t *rootprops = NULL;
1396 nvlist_t *zplprops = NULL;
1397
1398 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1399 zc->zc_iflags, &config))
1400 return (error);
1401
1402 if (zc->zc_nvlist_src_size != 0 && (error =
1403 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1404 zc->zc_iflags, &props))) {
1405 nvlist_free(config);
1406 return (error);
1407 }
1408
1409 if (props) {
1410 nvlist_t *nvl = NULL;
1411 uint64_t version = SPA_VERSION;
1412
1413 (void) nvlist_lookup_uint64(props,
1414 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1415 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1416 error = SET_ERROR(EINVAL);
1417 goto pool_props_bad;
1418 }
1419 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1420 if (nvl) {
1421 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1422 if (error != 0) {
1423 nvlist_free(config);
1424 nvlist_free(props);
1425 return (error);
1426 }
1427 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1428 }
1429 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1430 error = zfs_fill_zplprops_root(version, rootprops,
1431 zplprops, NULL);
1432 if (error != 0)
1433 goto pool_props_bad;
1434 }
1435
1436 error = spa_create(zc->zc_name, config, props, zplprops);
1437
1438 /*
1439 * Set the remaining root properties
1440 */
1441 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1442 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1443 (void) spa_destroy(zc->zc_name);
1444
1445 pool_props_bad:
1446 nvlist_free(rootprops);
1447 nvlist_free(zplprops);
1448 nvlist_free(config);
1449 nvlist_free(props);
1450
1451 return (error);
1452 }
1453
1454 static int
1455 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1456 {
1457 int error;
1458 zfs_log_history(zc);
1459 error = spa_destroy(zc->zc_name);
1460 if (error == 0)
1461 zvol_remove_minors(zc->zc_name);
1462 return (error);
1463 }
1464
1465 static int
1466 zfs_ioc_pool_import(zfs_cmd_t *zc)
1467 {
1468 nvlist_t *config, *props = NULL;
1469 uint64_t guid;
1470 int error;
1471
1472 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1473 zc->zc_iflags, &config)) != 0)
1474 return (error);
1475
1476 if (zc->zc_nvlist_src_size != 0 && (error =
1477 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1478 zc->zc_iflags, &props))) {
1479 nvlist_free(config);
1480 return (error);
1481 }
1482
1483 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1484 guid != zc->zc_guid)
1485 error = SET_ERROR(EINVAL);
1486 else
1487 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1488
1489 if (zc->zc_nvlist_dst != 0) {
1490 int err;
1491
1492 if ((err = put_nvlist(zc, config)) != 0)
1493 error = err;
1494 }
1495
1496 nvlist_free(config);
1497
1498 if (props)
1499 nvlist_free(props);
1500
1501 return (error);
1502 }
1503
1504 static int
1505 zfs_ioc_pool_export(zfs_cmd_t *zc)
1506 {
1507 int error;
1508 boolean_t force = (boolean_t)zc->zc_cookie;
1509 boolean_t hardforce = (boolean_t)zc->zc_guid;
1510
1511 zfs_log_history(zc);
1512 error = spa_export(zc->zc_name, NULL, force, hardforce);
1513 if (error == 0)
1514 zvol_remove_minors(zc->zc_name);
1515 return (error);
1516 }
1517
1518 static int
1519 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1520 {
1521 nvlist_t *configs;
1522 int error;
1523
1524 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1525 return (SET_ERROR(EEXIST));
1526
1527 error = put_nvlist(zc, configs);
1528
1529 nvlist_free(configs);
1530
1531 return (error);
1532 }
1533
1534 /*
1535 * inputs:
1536 * zc_name name of the pool
1537 *
1538 * outputs:
1539 * zc_cookie real errno
1540 * zc_nvlist_dst config nvlist
1541 * zc_nvlist_dst_size size of config nvlist
1542 */
1543 static int
1544 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1545 {
1546 nvlist_t *config;
1547 int error;
1548 int ret = 0;
1549
1550 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1551 sizeof (zc->zc_value));
1552
1553 if (config != NULL) {
1554 ret = put_nvlist(zc, config);
1555 nvlist_free(config);
1556
1557 /*
1558 * The config may be present even if 'error' is non-zero.
1559 * In this case we return success, and preserve the real errno
1560 * in 'zc_cookie'.
1561 */
1562 zc->zc_cookie = error;
1563 } else {
1564 ret = error;
1565 }
1566
1567 return (ret);
1568 }
1569
1570 /*
1571 * Try to import the given pool, returning pool stats as appropriate so that
1572 * user land knows which devices are available and overall pool health.
1573 */
1574 static int
1575 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1576 {
1577 nvlist_t *tryconfig, *config;
1578 int error;
1579
1580 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1581 zc->zc_iflags, &tryconfig)) != 0)
1582 return (error);
1583
1584 config = spa_tryimport(tryconfig);
1585
1586 nvlist_free(tryconfig);
1587
1588 if (config == NULL)
1589 return (SET_ERROR(EINVAL));
1590
1591 error = put_nvlist(zc, config);
1592 nvlist_free(config);
1593
1594 return (error);
1595 }
1596
1597 /*
1598 * inputs:
1599 * zc_name name of the pool
1600 * zc_cookie scan func (pool_scan_func_t)
1601 */
1602 static int
1603 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1604 {
1605 spa_t *spa;
1606 int error;
1607
1608 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1609 return (error);
1610
1611 if (zc->zc_cookie == POOL_SCAN_NONE)
1612 error = spa_scan_stop(spa);
1613 else
1614 error = spa_scan(spa, zc->zc_cookie);
1615
1616 spa_close(spa, FTAG);
1617
1618 return (error);
1619 }
1620
1621 static int
1622 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1623 {
1624 spa_t *spa;
1625 int error;
1626
1627 error = spa_open(zc->zc_name, &spa, FTAG);
1628 if (error == 0) {
1629 spa_freeze(spa);
1630 spa_close(spa, FTAG);
1631 }
1632 return (error);
1633 }
1634
1635 static int
1636 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1637 {
1638 spa_t *spa;
1639 int error;
1640
1641 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1642 return (error);
1643
1644 if (zc->zc_cookie < spa_version(spa) ||
1645 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1646 spa_close(spa, FTAG);
1647 return (SET_ERROR(EINVAL));
1648 }
1649
1650 spa_upgrade(spa, zc->zc_cookie);
1651 spa_close(spa, FTAG);
1652
1653 return (error);
1654 }
1655
1656 static int
1657 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1658 {
1659 spa_t *spa;
1660 char *hist_buf;
1661 uint64_t size;
1662 int error;
1663
1664 if ((size = zc->zc_history_len) == 0)
1665 return (SET_ERROR(EINVAL));
1666
1667 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1668 return (error);
1669
1670 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1671 spa_close(spa, FTAG);
1672 return (SET_ERROR(ENOTSUP));
1673 }
1674
1675 hist_buf = kmem_alloc(size, KM_SLEEP);
1676 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1677 &zc->zc_history_len, hist_buf)) == 0) {
1678 error = ddi_copyout(hist_buf,
1679 (void *)(uintptr_t)zc->zc_history,
1680 zc->zc_history_len, zc->zc_iflags);
1681 }
1682
1683 spa_close(spa, FTAG);
1684 kmem_free(hist_buf, size);
1685 return (error);
1686 }
1687
1688 static int
1689 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1690 {
1691 spa_t *spa;
1692 int error;
1693
1694 error = spa_open(zc->zc_name, &spa, FTAG);
1695 if (error == 0) {
1696 error = spa_change_guid(spa);
1697 spa_close(spa, FTAG);
1698 }
1699 return (error);
1700 }
1701
1702 static int
1703 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1704 {
1705 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1706 }
1707
1708 /*
1709 * inputs:
1710 * zc_name name of filesystem
1711 * zc_obj object to find
1712 *
1713 * outputs:
1714 * zc_value name of object
1715 */
1716 static int
1717 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1718 {
1719 objset_t *os;
1720 int error;
1721
1722 /* XXX reading from objset not owned */
1723 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1724 return (error);
1725 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1726 dmu_objset_rele(os, FTAG);
1727 return (SET_ERROR(EINVAL));
1728 }
1729 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1730 sizeof (zc->zc_value));
1731 dmu_objset_rele(os, FTAG);
1732
1733 return (error);
1734 }
1735
1736 /*
1737 * inputs:
1738 * zc_name name of filesystem
1739 * zc_obj object to find
1740 *
1741 * outputs:
1742 * zc_stat stats on object
1743 * zc_value path to object
1744 */
1745 static int
1746 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1747 {
1748 objset_t *os;
1749 int error;
1750
1751 /* XXX reading from objset not owned */
1752 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1753 return (error);
1754 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1755 dmu_objset_rele(os, FTAG);
1756 return (SET_ERROR(EINVAL));
1757 }
1758 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1759 sizeof (zc->zc_value));
1760 dmu_objset_rele(os, FTAG);
1761
1762 return (error);
1763 }
1764
1765 static int
1766 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1767 {
1768 spa_t *spa;
1769 int error;
1770 nvlist_t *config, **l2cache, **spares;
1771 uint_t nl2cache = 0, nspares = 0;
1772
1773 error = spa_open(zc->zc_name, &spa, FTAG);
1774 if (error != 0)
1775 return (error);
1776
1777 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1778 zc->zc_iflags, &config);
1779 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1780 &l2cache, &nl2cache);
1781
1782 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1783 &spares, &nspares);
1784
1785 /*
1786 * A root pool with concatenated devices is not supported.
1787 * Thus, can not add a device to a root pool.
1788 *
1789 * Intent log device can not be added to a rootpool because
1790 * during mountroot, zil is replayed, a seperated log device
1791 * can not be accessed during the mountroot time.
1792 *
1793 * l2cache and spare devices are ok to be added to a rootpool.
1794 */
1795 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1796 nvlist_free(config);
1797 spa_close(spa, FTAG);
1798 return (SET_ERROR(EDOM));
1799 }
1800
1801 if (error == 0) {
1802 error = spa_vdev_add(spa, config);
1803 nvlist_free(config);
1804 }
1805 spa_close(spa, FTAG);
1806 return (error);
1807 }
1808
1809 /*
1810 * inputs:
1811 * zc_name name of the pool
1812 * zc_nvlist_conf nvlist of devices to remove
1813 * zc_cookie to stop the remove?
1814 */
1815 static int
1816 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1817 {
1818 spa_t *spa;
1819 int error;
1820
1821 error = spa_open(zc->zc_name, &spa, FTAG);
1822 if (error != 0)
1823 return (error);
1824 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1825 spa_close(spa, FTAG);
1826 return (error);
1827 }
1828
1829 static int
1830 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1831 {
1832 spa_t *spa;
1833 int error;
1834 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1835
1836 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1837 return (error);
1838 switch (zc->zc_cookie) {
1839 case VDEV_STATE_ONLINE:
1840 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1841 break;
1842
1843 case VDEV_STATE_OFFLINE:
1844 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1845 break;
1846
1847 case VDEV_STATE_FAULTED:
1848 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1849 zc->zc_obj != VDEV_AUX_EXTERNAL)
1850 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1851
1852 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1853 break;
1854
1855 case VDEV_STATE_DEGRADED:
1856 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1857 zc->zc_obj != VDEV_AUX_EXTERNAL)
1858 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1859
1860 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1861 break;
1862
1863 default:
1864 error = SET_ERROR(EINVAL);
1865 }
1866 zc->zc_cookie = newstate;
1867 spa_close(spa, FTAG);
1868 return (error);
1869 }
1870
1871 static int
1872 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1873 {
1874 spa_t *spa;
1875 int replacing = zc->zc_cookie;
1876 nvlist_t *config;
1877 int error;
1878
1879 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1880 return (error);
1881
1882 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1883 zc->zc_iflags, &config)) == 0) {
1884 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1885 nvlist_free(config);
1886 }
1887
1888 spa_close(spa, FTAG);
1889 return (error);
1890 }
1891
1892 static int
1893 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1894 {
1895 spa_t *spa;
1896 int error;
1897
1898 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1899 return (error);
1900
1901 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1902
1903 spa_close(spa, FTAG);
1904 return (error);
1905 }
1906
1907 static int
1908 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1909 {
1910 spa_t *spa;
1911 nvlist_t *config, *props = NULL;
1912 int error;
1913 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1914
1915 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1916 return (error);
1917
1918 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1919 zc->zc_iflags, &config)) {
1920 spa_close(spa, FTAG);
1921 return (error);
1922 }
1923
1924 if (zc->zc_nvlist_src_size != 0 && (error =
1925 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1926 zc->zc_iflags, &props))) {
1927 spa_close(spa, FTAG);
1928 nvlist_free(config);
1929 return (error);
1930 }
1931
1932 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1933
1934 spa_close(spa, FTAG);
1935
1936 nvlist_free(config);
1937 nvlist_free(props);
1938
1939 return (error);
1940 }
1941
1942 static int
1943 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1944 {
1945 spa_t *spa;
1946 char *path = zc->zc_value;
1947 uint64_t guid = zc->zc_guid;
1948 int error;
1949
1950 error = spa_open(zc->zc_name, &spa, FTAG);
1951 if (error != 0)
1952 return (error);
1953
1954 error = spa_vdev_setpath(spa, guid, path);
1955 spa_close(spa, FTAG);
1956 return (error);
1957 }
1958
1959 static int
1960 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1961 {
1962 spa_t *spa;
1963 char *fru = zc->zc_value;
1964 uint64_t guid = zc->zc_guid;
1965 int error;
1966
1967 error = spa_open(zc->zc_name, &spa, FTAG);
1968 if (error != 0)
1969 return (error);
1970
1971 error = spa_vdev_setfru(spa, guid, fru);
1972 spa_close(spa, FTAG);
1973 return (error);
1974 }
1975
1976 static int
1977 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1978 {
1979 int error = 0;
1980 nvlist_t *nv;
1981
1982 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1983
1984 if (zc->zc_nvlist_dst != 0 &&
1985 (error = dsl_prop_get_all(os, &nv)) == 0) {
1986 dmu_objset_stats(os, nv);
1987 /*
1988 * NB: zvol_get_stats() will read the objset contents,
1989 * which we aren't supposed to do with a
1990 * DS_MODE_USER hold, because it could be
1991 * inconsistent. So this is a bit of a workaround...
1992 * XXX reading with out owning
1993 */
1994 if (!zc->zc_objset_stats.dds_inconsistent &&
1995 dmu_objset_type(os) == DMU_OST_ZVOL) {
1996 error = zvol_get_stats(os, nv);
1997 if (error == EIO)
1998 return (error);
1999 VERIFY0(error);
2000 }
2001 error = put_nvlist(zc, nv);
2002 nvlist_free(nv);
2003 }
2004
2005 return (error);
2006 }
2007
2008 /*
2009 * inputs:
2010 * zc_name name of filesystem
2011 * zc_nvlist_dst_size size of buffer for property nvlist
2012 *
2013 * outputs:
2014 * zc_objset_stats stats
2015 * zc_nvlist_dst property nvlist
2016 * zc_nvlist_dst_size size of property nvlist
2017 */
2018 static int
2019 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2020 {
2021 objset_t *os;
2022 int error;
2023
2024 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2025 if (error == 0) {
2026 error = zfs_ioc_objset_stats_impl(zc, os);
2027 dmu_objset_rele(os, FTAG);
2028 }
2029
2030 return (error);
2031 }
2032
2033 /*
2034 * inputs:
2035 * zc_name name of filesystem
2036 * zc_nvlist_dst_size size of buffer for property nvlist
2037 *
2038 * outputs:
2039 * zc_nvlist_dst received property nvlist
2040 * zc_nvlist_dst_size size of received property nvlist
2041 *
2042 * Gets received properties (distinct from local properties on or after
2043 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2044 * local property values.
2045 */
2046 static int
2047 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2048 {
2049 int error = 0;
2050 nvlist_t *nv;
2051
2052 /*
2053 * Without this check, we would return local property values if the
2054 * caller has not already received properties on or after
2055 * SPA_VERSION_RECVD_PROPS.
2056 */
2057 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2058 return (SET_ERROR(ENOTSUP));
2059
2060 if (zc->zc_nvlist_dst != 0 &&
2061 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2062 error = put_nvlist(zc, nv);
2063 nvlist_free(nv);
2064 }
2065
2066 return (error);
2067 }
2068
2069 static int
2070 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2071 {
2072 uint64_t value;
2073 int error;
2074
2075 /*
2076 * zfs_get_zplprop() will either find a value or give us
2077 * the default value (if there is one).
2078 */
2079 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2080 return (error);
2081 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2082 return (0);
2083 }
2084
2085 /*
2086 * inputs:
2087 * zc_name name of filesystem
2088 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2089 *
2090 * outputs:
2091 * zc_nvlist_dst zpl property nvlist
2092 * zc_nvlist_dst_size size of zpl property nvlist
2093 */
2094 static int
2095 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2096 {
2097 objset_t *os;
2098 int err;
2099
2100 /* XXX reading without owning */
2101 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
2102 return (err);
2103
2104 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2105
2106 /*
2107 * NB: nvl_add_zplprop() will read the objset contents,
2108 * which we aren't supposed to do with a DS_MODE_USER
2109 * hold, because it could be inconsistent.
2110 */
2111 if (zc->zc_nvlist_dst != NULL &&
2112 !zc->zc_objset_stats.dds_inconsistent &&
2113 dmu_objset_type(os) == DMU_OST_ZFS) {
2114 nvlist_t *nv;
2115
2116 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2117 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2118 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2119 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2120 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2121 err = put_nvlist(zc, nv);
2122 nvlist_free(nv);
2123 } else {
2124 err = SET_ERROR(ENOENT);
2125 }
2126 dmu_objset_rele(os, FTAG);
2127 return (err);
2128 }
2129
2130 static boolean_t
2131 dataset_name_hidden(const char *name)
2132 {
2133 /*
2134 * Skip over datasets that are not visible in this zone,
2135 * internal datasets (which have a $ in their name), and
2136 * temporary datasets (which have a % in their name).
2137 */
2138 if (strchr(name, '$') != NULL)
2139 return (B_TRUE);
2140 if (strchr(name, '%') != NULL)
2141 return (B_TRUE);
2142 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2143 return (B_TRUE);
2144 return (B_FALSE);
2145 }
2146
2147 /*
2148 * inputs:
2149 * zc_name name of filesystem
2150 * zc_cookie zap cursor
2151 * zc_nvlist_dst_size size of buffer for property nvlist
2152 *
2153 * outputs:
2154 * zc_name name of next filesystem
2155 * zc_cookie zap cursor
2156 * zc_objset_stats stats
2157 * zc_nvlist_dst property nvlist
2158 * zc_nvlist_dst_size size of property nvlist
2159 */
2160 static int
2161 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2162 {
2163 objset_t *os;
2164 int error;
2165 char *p;
2166 size_t orig_len = strlen(zc->zc_name);
2167
2168 top:
2169 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
2170 if (error == ENOENT)
2171 error = SET_ERROR(ESRCH);
2172 return (error);
2173 }
2174
2175 p = strrchr(zc->zc_name, '/');
2176 if (p == NULL || p[1] != '\0')
2177 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2178 p = zc->zc_name + strlen(zc->zc_name);
2179
2180 do {
2181 error = dmu_dir_list_next(os,
2182 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2183 NULL, &zc->zc_cookie);
2184 if (error == ENOENT)
2185 error = SET_ERROR(ESRCH);
2186 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2187 dmu_objset_rele(os, FTAG);
2188
2189 /*
2190 * If it's an internal dataset (ie. with a '$' in its name),
2191 * don't try to get stats for it, otherwise we'll return ENOENT.
2192 */
2193 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2194 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2195 if (error == ENOENT) {
2196 /* We lost a race with destroy, get the next one. */
2197 zc->zc_name[orig_len] = '\0';
2198 goto top;
2199 }
2200 }
2201 return (error);
2202 }
2203
2204 /*
2205 * inputs:
2206 * zc_name name of filesystem
2207 * zc_cookie zap cursor
2208 * zc_nvlist_dst_size size of buffer for property nvlist
2209 *
2210 * outputs:
2211 * zc_name name of next snapshot
2212 * zc_objset_stats stats
2213 * zc_nvlist_dst property nvlist
2214 * zc_nvlist_dst_size size of property nvlist
2215 */
2216 static int
2217 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2218 {
2219 objset_t *os;
2220 int error;
2221
2222 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2223 if (error != 0) {
2224 return (error == ENOENT ? ESRCH : error);
2225 }
2226
2227 /*
2228 * A dataset name of maximum length cannot have any snapshots,
2229 * so exit immediately.
2230 */
2231 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2232 dmu_objset_rele(os, FTAG);
2233 return (SET_ERROR(ESRCH));
2234 }
2235
2236 error = dmu_snapshot_list_next(os,
2237 sizeof (zc->zc_name) - strlen(zc->zc_name),
2238 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2239 NULL);
2240
2241 if (error == 0) {
2242 dsl_dataset_t *ds;
2243 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2244
2245 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2246 if (error == 0) {
2247 objset_t *ossnap;
2248
2249 error = dmu_objset_from_ds(ds, &ossnap);
2250 if (error == 0)
2251 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2252 dsl_dataset_rele(ds, FTAG);
2253 }
2254 } else if (error == ENOENT) {
2255 error = SET_ERROR(ESRCH);
2256 }
2257
2258 dmu_objset_rele(os, FTAG);
2259 /* if we failed, undo the @ that we tacked on to zc_name */
2260 if (error != 0)
2261 *strchr(zc->zc_name, '@') = '\0';
2262 return (error);
2263 }
2264
2265 static int
2266 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2267 {
2268 const char *propname = nvpair_name(pair);
2269 uint64_t *valary;
2270 unsigned int vallen;
2271 const char *domain;
2272 char *dash;
2273 zfs_userquota_prop_t type;
2274 uint64_t rid;
2275 uint64_t quota;
2276 zfsvfs_t *zfsvfs;
2277 int err;
2278
2279 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2280 nvlist_t *attrs;
2281 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2282 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2283 &pair) != 0)
2284 return (SET_ERROR(EINVAL));
2285 }
2286
2287 /*
2288 * A correctly constructed propname is encoded as
2289 * userquota@<rid>-<domain>.
2290 */
2291 if ((dash = strchr(propname, '-')) == NULL ||
2292 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2293 vallen != 3)
2294 return (SET_ERROR(EINVAL));
2295
2296 domain = dash + 1;
2297 type = valary[0];
2298 rid = valary[1];
2299 quota = valary[2];
2300
2301 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2302 if (err == 0) {
2303 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2304 zfsvfs_rele(zfsvfs, FTAG);
2305 }
2306
2307 return (err);
2308 }
2309
2310 /*
2311 * If the named property is one that has a special function to set its value,
2312 * return 0 on success and a positive error code on failure; otherwise if it is
2313 * not one of the special properties handled by this function, return -1.
2314 *
2315 * XXX: It would be better for callers of the property interface if we handled
2316 * these special cases in dsl_prop.c (in the dsl layer).
2317 */
2318 static int
2319 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2320 nvpair_t *pair)
2321 {
2322 const char *propname = nvpair_name(pair);
2323 zfs_prop_t prop = zfs_name_to_prop(propname);
2324 uint64_t intval;
2325 int err;
2326
2327 if (prop == ZPROP_INVAL) {
2328 if (zfs_prop_userquota(propname))
2329 return (zfs_prop_set_userquota(dsname, pair));
2330 return (-1);
2331 }
2332
2333 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2334 nvlist_t *attrs;
2335 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2336 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2337 &pair) == 0);
2338 }
2339
2340 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2341 return (-1);
2342
2343 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2344
2345 switch (prop) {
2346 case ZFS_PROP_QUOTA:
2347 err = dsl_dir_set_quota(dsname, source, intval);
2348 break;
2349 case ZFS_PROP_REFQUOTA:
2350 err = dsl_dataset_set_refquota(dsname, source, intval);
2351 break;
2352 case ZFS_PROP_RESERVATION:
2353 err = dsl_dir_set_reservation(dsname, source, intval);
2354 break;
2355 case ZFS_PROP_REFRESERVATION:
2356 err = dsl_dataset_set_refreservation(dsname, source, intval);
2357 break;
2358 case ZFS_PROP_VOLSIZE:
2359 err = zvol_set_volsize(dsname, intval);
2360 break;
2361 case ZFS_PROP_VERSION:
2362 {
2363 zfsvfs_t *zfsvfs;
2364
2365 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2366 break;
2367
2368 err = zfs_set_version(zfsvfs, intval);
2369 zfsvfs_rele(zfsvfs, FTAG);
2370
2371 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2372 zfs_cmd_t *zc;
2373
2374 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2375 (void) strcpy(zc->zc_name, dsname);
2376 (void) zfs_ioc_userspace_upgrade(zc);
2377 kmem_free(zc, sizeof (zfs_cmd_t));
2378 }
2379 break;
2380 }
2381 case ZFS_PROP_COMPRESSION:
2382 {
2383 if (intval == ZIO_COMPRESS_LZ4) {
2384 zfeature_info_t *feature =
2385 &spa_feature_table[SPA_FEATURE_LZ4_COMPRESS];
2386 spa_t *spa;
2387
2388 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
2389 return (err);
2390
2391 /*
2392 * Setting the LZ4 compression algorithm activates
2393 * the feature.
2394 */
2395 if (!spa_feature_is_active(spa, feature)) {
2396 if ((err = zfs_prop_activate_feature(spa,
2397 feature)) != 0) {
2398 spa_close(spa, FTAG);
2399 return (err);
2400 }
2401 }
2402
2403 spa_close(spa, FTAG);
2404 }
2405 /*
2406 * We still want the default set action to be performed in the
2407 * caller, we only performed zfeature settings here.
2408 */
2409 err = -1;
2410 break;
2411 }
2412
2413 default:
2414 err = -1;
2415 }
2416
2417 return (err);
2418 }
2419
2420 /*
2421 * This function is best effort. If it fails to set any of the given properties,
2422 * it continues to set as many as it can and returns the last error
2423 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2424 * with the list of names of all the properties that failed along with the
2425 * corresponding error numbers.
2426 *
2427 * If every property is set successfully, zero is returned and errlist is not
2428 * modified.
2429 */
2430 int
2431 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2432 nvlist_t *errlist)
2433 {
2434 nvpair_t *pair;
2435 nvpair_t *propval;
2436 int rv = 0;
2437 uint64_t intval;
2438 char *strval;
2439 nvlist_t *genericnvl = fnvlist_alloc();
2440 nvlist_t *retrynvl = fnvlist_alloc();
2441
2442 retry:
2443 pair = NULL;
2444 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2445 const char *propname = nvpair_name(pair);
2446 zfs_prop_t prop = zfs_name_to_prop(propname);
2447 int err = 0;
2448
2449 /* decode the property value */
2450 propval = pair;
2451 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2452 nvlist_t *attrs;
2453 attrs = fnvpair_value_nvlist(pair);
2454 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2455 &propval) != 0)
2456 err = SET_ERROR(EINVAL);
2457 }
2458
2459 /* Validate value type */
2460 if (err == 0 && prop == ZPROP_INVAL) {
2461 if (zfs_prop_user(propname)) {
2462 if (nvpair_type(propval) != DATA_TYPE_STRING)
2463 err = SET_ERROR(EINVAL);
2464 } else if (zfs_prop_userquota(propname)) {
2465 if (nvpair_type(propval) !=
2466 DATA_TYPE_UINT64_ARRAY)
2467 err = SET_ERROR(EINVAL);
2468 } else {
2469 err = SET_ERROR(EINVAL);
2470 }
2471 } else if (err == 0) {
2472 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2473 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2474 err = SET_ERROR(EINVAL);
2475 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2476 const char *unused;
2477
2478 intval = fnvpair_value_uint64(propval);
2479
2480 switch (zfs_prop_get_type(prop)) {
2481 case PROP_TYPE_NUMBER:
2482 break;
2483 case PROP_TYPE_STRING:
2484 err = SET_ERROR(EINVAL);
2485 break;
2486 case PROP_TYPE_INDEX:
2487 if (zfs_prop_index_to_string(prop,
2488 intval, &unused) != 0)
2489 err = SET_ERROR(EINVAL);
2490 break;
2491 default:
2492 cmn_err(CE_PANIC,
2493 "unknown property type");
2494 }
2495 } else {
2496 err = SET_ERROR(EINVAL);
2497 }
2498 }
2499
2500 /* Validate permissions */
2501 if (err == 0)
2502 err = zfs_check_settable(dsname, pair, CRED());
2503
2504 if (err == 0) {
2505 err = zfs_prop_set_special(dsname, source, pair);
2506 if (err == -1) {
2507 /*
2508 * For better performance we build up a list of
2509 * properties to set in a single transaction.
2510 */
2511 err = nvlist_add_nvpair(genericnvl, pair);
2512 } else if (err != 0 && nvl != retrynvl) {
2513 /*
2514 * This may be a spurious error caused by
2515 * receiving quota and reservation out of order.
2516 * Try again in a second pass.
2517 */
2518 err = nvlist_add_nvpair(retrynvl, pair);
2519 }
2520 }
2521
2522 if (err != 0) {
2523 if (errlist != NULL)
2524 fnvlist_add_int32(errlist, propname, err);
2525 rv = err;
2526 }
2527 }
2528
2529 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2530 nvl = retrynvl;
2531 goto retry;
2532 }
2533
2534 if (!nvlist_empty(genericnvl) &&
2535 dsl_props_set(dsname, source, genericnvl) != 0) {
2536 /*
2537 * If this fails, we still want to set as many properties as we
2538 * can, so try setting them individually.
2539 */
2540 pair = NULL;
2541 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2542 const char *propname = nvpair_name(pair);
2543 int err = 0;
2544
2545 propval = pair;
2546 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2547 nvlist_t *attrs;
2548 attrs = fnvpair_value_nvlist(pair);
2549 propval = fnvlist_lookup_nvpair(attrs,
2550 ZPROP_VALUE);
2551 }
2552
2553 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2554 strval = fnvpair_value_string(propval);
2555 err = dsl_prop_set_string(dsname, propname,
2556 source, strval);
2557 } else {
2558 intval = fnvpair_value_uint64(propval);
2559 err = dsl_prop_set_int(dsname, propname, source,
2560 intval);
2561 }
2562
2563 if (err != 0) {
2564 if (errlist != NULL) {
2565 fnvlist_add_int32(errlist, propname,
2566 err);
2567 }
2568 rv = err;
2569 }
2570 }
2571 }
2572 nvlist_free(genericnvl);
2573 nvlist_free(retrynvl);
2574
2575 return (rv);
2576 }
2577
2578 /*
2579 * Check that all the properties are valid user properties.
2580 */
2581 static int
2582 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2583 {
2584 nvpair_t *pair = NULL;
2585 int error = 0;
2586
2587 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2588 const char *propname = nvpair_name(pair);
2589 char *valstr;
2590
2591 if (!zfs_prop_user(propname) ||
2592 nvpair_type(pair) != DATA_TYPE_STRING)
2593 return (SET_ERROR(EINVAL));
2594
2595 if (error = zfs_secpolicy_write_perms(fsname,
2596 ZFS_DELEG_PERM_USERPROP, CRED()))
2597 return (error);
2598
2599 if (strlen(propname) >= ZAP_MAXNAMELEN)
2600 return (SET_ERROR(ENAMETOOLONG));
2601
2602 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2603 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2604 return (E2BIG);
2605 }
2606 return (0);
2607 }
2608
2609 static void
2610 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2611 {
2612 nvpair_t *pair;
2613
2614 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2615
2616 pair = NULL;
2617 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2618 if (nvlist_exists(skipped, nvpair_name(pair)))
2619 continue;
2620
2621 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2622 }
2623 }
2624
2625 static int
2626 clear_received_props(const char *dsname, nvlist_t *props,
2627 nvlist_t *skipped)
2628 {
2629 int err = 0;
2630 nvlist_t *cleared_props = NULL;
2631 props_skip(props, skipped, &cleared_props);
2632 if (!nvlist_empty(cleared_props)) {
2633 /*
2634 * Acts on local properties until the dataset has received
2635 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2636 */
2637 zprop_source_t flags = (ZPROP_SRC_NONE |
2638 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2639 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2640 }
2641 nvlist_free(cleared_props);
2642 return (err);
2643 }
2644
2645 /*
2646 * inputs:
2647 * zc_name name of filesystem
2648 * zc_value name of property to set
2649 * zc_nvlist_src{_size} nvlist of properties to apply
2650 * zc_cookie received properties flag
2651 *
2652 * outputs:
2653 * zc_nvlist_dst{_size} error for each unapplied received property
2654 */
2655 static int
2656 zfs_ioc_set_prop(zfs_cmd_t *zc)
2657 {
2658 nvlist_t *nvl;
2659 boolean_t received = zc->zc_cookie;
2660 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2661 ZPROP_SRC_LOCAL);
2662 nvlist_t *errors;
2663 int error;
2664
2665 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2666 zc->zc_iflags, &nvl)) != 0)
2667 return (error);
2668
2669 if (received) {
2670 nvlist_t *origprops;
2671
2672 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2673 (void) clear_received_props(zc->zc_name,
2674 origprops, nvl);
2675 nvlist_free(origprops);
2676 }
2677
2678 error = dsl_prop_set_hasrecvd(zc->zc_name);
2679 }
2680
2681 errors = fnvlist_alloc();
2682 if (error == 0)
2683 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2684
2685 if (zc->zc_nvlist_dst != NULL && errors != NULL) {
2686 (void) put_nvlist(zc, errors);
2687 }
2688
2689 nvlist_free(errors);
2690 nvlist_free(nvl);
2691 return (error);
2692 }
2693
2694 /*
2695 * inputs:
2696 * zc_name name of filesystem
2697 * zc_value name of property to inherit
2698 * zc_cookie revert to received value if TRUE
2699 *
2700 * outputs: none
2701 */
2702 static int
2703 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2704 {
2705 const char *propname = zc->zc_value;
2706 zfs_prop_t prop = zfs_name_to_prop(propname);
2707 boolean_t received = zc->zc_cookie;
2708 zprop_source_t source = (received
2709 ? ZPROP_SRC_NONE /* revert to received value, if any */
2710 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2711
2712 if (received) {
2713 nvlist_t *dummy;
2714 nvpair_t *pair;
2715 zprop_type_t type;
2716 int err;
2717
2718 /*
2719 * zfs_prop_set_special() expects properties in the form of an
2720 * nvpair with type info.
2721 */
2722 if (prop == ZPROP_INVAL) {
2723 if (!zfs_prop_user(propname))
2724 return (SET_ERROR(EINVAL));
2725
2726 type = PROP_TYPE_STRING;
2727 } else if (prop == ZFS_PROP_VOLSIZE ||
2728 prop == ZFS_PROP_VERSION) {
2729 return (SET_ERROR(EINVAL));
2730 } else {
2731 type = zfs_prop_get_type(prop);
2732 }
2733
2734 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2735
2736 switch (type) {
2737 case PROP_TYPE_STRING:
2738 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2739 break;
2740 case PROP_TYPE_NUMBER:
2741 case PROP_TYPE_INDEX:
2742 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2743 break;
2744 default:
2745 nvlist_free(dummy);
2746 return (SET_ERROR(EINVAL));
2747 }
2748
2749 pair = nvlist_next_nvpair(dummy, NULL);
2750 err = zfs_prop_set_special(zc->zc_name, source, pair);
2751 nvlist_free(dummy);
2752 if (err != -1)
2753 return (err); /* special property already handled */
2754 } else {
2755 /*
2756 * Only check this in the non-received case. We want to allow
2757 * 'inherit -S' to revert non-inheritable properties like quota
2758 * and reservation to the received or default values even though
2759 * they are not considered inheritable.
2760 */
2761 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2762 return (SET_ERROR(EINVAL));
2763 }
2764
2765 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2766 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source));
2767 }
2768
2769 static int
2770 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2771 {
2772 nvlist_t *props;
2773 spa_t *spa;
2774 int error;
2775 nvpair_t *pair;
2776
2777 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2778 zc->zc_iflags, &props))
2779 return (error);
2780
2781 /*
2782 * If the only property is the configfile, then just do a spa_lookup()
2783 * to handle the faulted case.
2784 */
2785 pair = nvlist_next_nvpair(props, NULL);
2786 if (pair != NULL && strcmp(nvpair_name(pair),
2787 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2788 nvlist_next_nvpair(props, pair) == NULL) {
2789 mutex_enter(&spa_namespace_lock);
2790 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2791 spa_configfile_set(spa, props, B_FALSE);
2792 spa_config_sync(spa, B_FALSE, B_TRUE);
2793 }
2794 mutex_exit(&spa_namespace_lock);
2795 if (spa != NULL) {
2796 nvlist_free(props);
2797 return (0);
2798 }
2799 }
2800
2801 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2802 nvlist_free(props);
2803 return (error);
2804 }
2805
2806 error = spa_prop_set(spa, props);
2807
2808 nvlist_free(props);
2809 spa_close(spa, FTAG);
2810
2811 return (error);
2812 }
2813
2814 static int
2815 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2816 {
2817 spa_t *spa;
2818 int error;
2819 nvlist_t *nvp = NULL;
2820
2821 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2822 /*
2823 * If the pool is faulted, there may be properties we can still
2824 * get (such as altroot and cachefile), so attempt to get them
2825 * anyway.
2826 */
2827 mutex_enter(&spa_namespace_lock);
2828 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2829 error = spa_prop_get(spa, &nvp);
2830 mutex_exit(&spa_namespace_lock);
2831 } else {
2832 error = spa_prop_get(spa, &nvp);
2833 spa_close(spa, FTAG);
2834 }
2835
2836 if (error == 0 && zc->zc_nvlist_dst != NULL)
2837 error = put_nvlist(zc, nvp);
2838 else
2839 error = SET_ERROR(EFAULT);
2840
2841 nvlist_free(nvp);
2842 return (error);
2843 }
2844
2845 /*
2846 * inputs:
2847 * zc_name name of filesystem
2848 * zc_nvlist_src{_size} nvlist of delegated permissions
2849 * zc_perm_action allow/unallow flag
2850 *
2851 * outputs: none
2852 */
2853 static int
2854 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2855 {
2856 int error;
2857 nvlist_t *fsaclnv = NULL;
2858
2859 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2860 zc->zc_iflags, &fsaclnv)) != 0)
2861 return (error);
2862
2863 /*
2864 * Verify nvlist is constructed correctly
2865 */
2866 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2867 nvlist_free(fsaclnv);
2868 return (SET_ERROR(EINVAL));
2869 }
2870
2871 /*
2872 * If we don't have PRIV_SYS_MOUNT, then validate
2873 * that user is allowed to hand out each permission in
2874 * the nvlist(s)
2875 */
2876
2877 error = secpolicy_zfs(CRED());
2878 if (error != 0) {
2879 if (zc->zc_perm_action == B_FALSE) {
2880 error = dsl_deleg_can_allow(zc->zc_name,
2881 fsaclnv, CRED());
2882 } else {
2883 error = dsl_deleg_can_unallow(zc->zc_name,
2884 fsaclnv, CRED());
2885 }
2886 }
2887
2888 if (error == 0)
2889 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2890
2891 nvlist_free(fsaclnv);
2892 return (error);
2893 }
2894
2895 /*
2896 * inputs:
2897 * zc_name name of filesystem
2898 *
2899 * outputs:
2900 * zc_nvlist_src{_size} nvlist of delegated permissions
2901 */
2902 static int
2903 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2904 {
2905 nvlist_t *nvp;
2906 int error;
2907
2908 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2909 error = put_nvlist(zc, nvp);
2910 nvlist_free(nvp);
2911 }
2912
2913 return (error);
2914 }
2915
2916 /*
2917 * Search the vfs list for a specified resource. Returns a pointer to it
2918 * or NULL if no suitable entry is found. The caller of this routine
2919 * is responsible for releasing the returned vfs pointer.
2920 */
2921 static vfs_t *
2922 zfs_get_vfs(const char *resource)
2923 {
2924 struct vfs *vfsp;
2925 struct vfs *vfs_found = NULL;
2926
2927 vfs_list_read_lock();
2928 vfsp = rootvfs;
2929 do {
2930 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2931 VFS_HOLD(vfsp);
2932 vfs_found = vfsp;
2933 break;
2934 }
2935 vfsp = vfsp->vfs_next;
2936 } while (vfsp != rootvfs);
2937 vfs_list_unlock();
2938 return (vfs_found);
2939 }
2940
2941 /* ARGSUSED */
2942 static void
2943 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2944 {
2945 zfs_creat_t *zct = arg;
2946
2947 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2948 }
2949
2950 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2951
2952 /*
2953 * inputs:
2954 * os parent objset pointer (NULL if root fs)
2955 * fuids_ok fuids allowed in this version of the spa?
2956 * sa_ok SAs allowed in this version of the spa?
2957 * createprops list of properties requested by creator
2958 *
2959 * outputs:
2960 * zplprops values for the zplprops we attach to the master node object
2961 * is_ci true if requested file system will be purely case-insensitive
2962 *
2963 * Determine the settings for utf8only, normalization and
2964 * casesensitivity. Specific values may have been requested by the
2965 * creator and/or we can inherit values from the parent dataset. If
2966 * the file system is of too early a vintage, a creator can not
2967 * request settings for these properties, even if the requested
2968 * setting is the default value. We don't actually want to create dsl
2969 * properties for these, so remove them from the source nvlist after
2970 * processing.
2971 */
2972 static int
2973 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2974 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2975 nvlist_t *zplprops, boolean_t *is_ci)
2976 {
2977 uint64_t sense = ZFS_PROP_UNDEFINED;
2978 uint64_t norm = ZFS_PROP_UNDEFINED;
2979 uint64_t u8 = ZFS_PROP_UNDEFINED;
2980
2981 ASSERT(zplprops != NULL);
2982
2983 /*
2984 * Pull out creator prop choices, if any.
2985 */
2986 if (createprops) {
2987 (void) nvlist_lookup_uint64(createprops,
2988 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2989 (void) nvlist_lookup_uint64(createprops,
2990 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2991 (void) nvlist_remove_all(createprops,
2992 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2993 (void) nvlist_lookup_uint64(createprops,
2994 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2995 (void) nvlist_remove_all(createprops,
2996 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2997 (void) nvlist_lookup_uint64(createprops,
2998 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2999 (void) nvlist_remove_all(createprops,
3000 zfs_prop_to_name(ZFS_PROP_CASE));
3001 }
3002
3003 /*
3004 * If the zpl version requested is whacky or the file system
3005 * or pool is version is too "young" to support normalization
3006 * and the creator tried to set a value for one of the props,
3007 * error out.
3008 */
3009 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3010 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3011 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3012 (zplver < ZPL_VERSION_NORMALIZATION &&
3013 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3014 sense != ZFS_PROP_UNDEFINED)))
3015 return (SET_ERROR(ENOTSUP));
3016
3017 /*
3018 * Put the version in the zplprops
3019 */
3020 VERIFY(nvlist_add_uint64(zplprops,
3021 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3022
3023 if (norm == ZFS_PROP_UNDEFINED)
3024 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
3025 VERIFY(nvlist_add_uint64(zplprops,
3026 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3027
3028 /*
3029 * If we're normalizing, names must always be valid UTF-8 strings.
3030 */
3031 if (norm)
3032 u8 = 1;
3033 if (u8 == ZFS_PROP_UNDEFINED)
3034 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
3035 VERIFY(nvlist_add_uint64(zplprops,
3036 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3037
3038 if (sense == ZFS_PROP_UNDEFINED)
3039 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
3040 VERIFY(nvlist_add_uint64(zplprops,
3041 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3042
3043 if (is_ci)
3044 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3045
3046 return (0);
3047 }
3048
3049 static int
3050 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3051 nvlist_t *zplprops, boolean_t *is_ci)
3052 {
3053 boolean_t fuids_ok, sa_ok;
3054 uint64_t zplver = ZPL_VERSION;
3055 objset_t *os = NULL;
3056 char parentname[MAXNAMELEN];
3057 char *cp;
3058 spa_t *spa;
3059 uint64_t spa_vers;
3060 int error;
3061
3062 (void) strlcpy(parentname, dataset, sizeof (parentname));
3063 cp = strrchr(parentname, '/');
3064 ASSERT(cp != NULL);
3065 cp[0] = '\0';
3066
3067 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3068 return (error);
3069
3070 spa_vers = spa_version(spa);
3071 spa_close(spa, FTAG);
3072
3073 zplver = zfs_zpl_version_map(spa_vers);
3074 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3075 sa_ok = (zplver >= ZPL_VERSION_SA);
3076
3077 /*
3078 * Open parent object set so we can inherit zplprop values.
3079 */
3080 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3081 return (error);
3082
3083 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3084 zplprops, is_ci);
3085 dmu_objset_rele(os, FTAG);
3086 return (error);
3087 }
3088
3089 static int
3090 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3091 nvlist_t *zplprops, boolean_t *is_ci)
3092 {
3093 boolean_t fuids_ok;
3094 boolean_t sa_ok;
3095 uint64_t zplver = ZPL_VERSION;
3096 int error;
3097
3098 zplver = zfs_zpl_version_map(spa_vers);
3099 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3100 sa_ok = (zplver >= ZPL_VERSION_SA);
3101
3102 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3103 createprops, zplprops, is_ci);
3104 return (error);
3105 }
3106
3107 /*
3108 * innvl: {
3109 * "type" -> dmu_objset_type_t (int32)
3110 * (optional) "props" -> { prop -> value }
3111 * }
3112 *
3113 * outnvl: propname -> error code (int32)
3114 */
3115 static int
3116 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3117 {
3118 int error = 0;
3119 zfs_creat_t zct = { 0 };
3120 nvlist_t *nvprops = NULL;
3121 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3122 int32_t type32;
3123 dmu_objset_type_t type;
3124 boolean_t is_insensitive = B_FALSE;
3125
3126 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3127 return (SET_ERROR(EINVAL));
3128 type = type32;
3129 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3130
3131 switch (type) {
3132 case DMU_OST_ZFS:
3133 cbfunc = zfs_create_cb;
3134 break;
3135
3136 case DMU_OST_ZVOL:
3137 cbfunc = zvol_create_cb;
3138 break;
3139
3140 default:
3141 cbfunc = NULL;
3142 break;
3143 }
3144 if (strchr(fsname, '@') ||
3145 strchr(fsname, '%'))
3146 return (SET_ERROR(EINVAL));
3147
3148 zct.zct_props = nvprops;
3149
3150 if (cbfunc == NULL)
3151 return (SET_ERROR(EINVAL));
3152
3153 if (type == DMU_OST_ZVOL) {
3154 uint64_t volsize, volblocksize;
3155
3156 if (nvprops == NULL)
3157 return (SET_ERROR(EINVAL));
3158 if (nvlist_lookup_uint64(nvprops,
3159 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3160 return (SET_ERROR(EINVAL));
3161
3162 if ((error = nvlist_lookup_uint64(nvprops,
3163 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3164 &volblocksize)) != 0 && error != ENOENT)
3165 return (SET_ERROR(EINVAL));
3166
3167 if (error != 0)
3168 volblocksize = zfs_prop_default_numeric(
3169 ZFS_PROP_VOLBLOCKSIZE);
3170
3171 if ((error = zvol_check_volblocksize(
3172 volblocksize)) != 0 ||
3173 (error = zvol_check_volsize(volsize,
3174 volblocksize)) != 0)
3175 return (error);
3176 } else if (type == DMU_OST_ZFS) {
3177 int error;
3178
3179 /*
3180 * We have to have normalization and
3181 * case-folding flags correct when we do the
3182 * file system creation, so go figure them out
3183 * now.
3184 */
3185 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3186 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3187 error = zfs_fill_zplprops(fsname, nvprops,
3188 zct.zct_zplprops, &is_insensitive);
3189 if (error != 0) {
3190 nvlist_free(zct.zct_zplprops);
3191 return (error);
3192 }
3193 }
3194
3195 error = dmu_objset_create(fsname, type,
3196 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3197 nvlist_free(zct.zct_zplprops);
3198
3199 /*
3200 * It would be nice to do this atomically.
3201 */
3202 if (error == 0) {
3203 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3204 nvprops, outnvl);
3205 if (error != 0)
3206 (void) dsl_destroy_head(fsname);
3207 }
3208 return (error);
3209 }
3210
3211 /*
3212 * innvl: {
3213 * "origin" -> name of origin snapshot
3214 * (optional) "props" -> { prop -> value }
3215 * }
3216 *
3217 * outnvl: propname -> error code (int32)
3218 */
3219 static int
3220 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3221 {
3222 int error = 0;
3223 nvlist_t *nvprops = NULL;
3224 char *origin_name;
3225
3226 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3227 return (SET_ERROR(EINVAL));
3228 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3229
3230 if (strchr(fsname, '@') ||
3231 strchr(fsname, '%'))
3232 return (SET_ERROR(EINVAL));
3233
3234 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3235 return (SET_ERROR(EINVAL));
3236 error = dmu_objset_clone(fsname, origin_name);
3237 if (error != 0)
3238 return (error);
3239
3240 /*
3241 * It would be nice to do this atomically.
3242 */
3243 if (error == 0) {
3244 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3245 nvprops, outnvl);
3246 if (error != 0)
3247 (void) dsl_destroy_head(fsname);
3248 }
3249 return (error);
3250 }
3251
3252 /*
3253 * innvl: {
3254 * "snaps" -> { snapshot1, snapshot2 }
3255 * (optional) "props" -> { prop -> value (string) }
3256 * }
3257 *
3258 * outnvl: snapshot -> error code (int32)
3259 */
3260 static int
3261 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3262 {
3263 nvlist_t *snaps;
3264 nvlist_t *props = NULL;
3265 int error, poollen;
3266 nvpair_t *pair;
3267
3268 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3269 if ((error = zfs_check_userprops(poolname, props)) != 0)
3270 return (error);
3271
3272 if (!nvlist_empty(props) &&
3273 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3274 return (SET_ERROR(ENOTSUP));
3275
3276 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3277 return (SET_ERROR(EINVAL));
3278 poollen = strlen(poolname);
3279 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3280 pair = nvlist_next_nvpair(snaps, pair)) {
3281 const char *name = nvpair_name(pair);
3282 const char *cp = strchr(name, '@');
3283
3284 /*
3285 * The snap name must contain an @, and the part after it must
3286 * contain only valid characters.
3287 */
3288 if (cp == NULL || snapshot_namecheck(cp + 1, NULL, NULL) != 0)
3289 return (SET_ERROR(EINVAL));
3290
3291 /*
3292 * The snap must be in the specified pool.
3293 */
3294 if (strncmp(name, poolname, poollen) != 0 ||
3295 (name[poollen] != '/' && name[poollen] != '@'))
3296 return (SET_ERROR(EXDEV));
3297
3298 /* This must be the only snap of this fs. */
3299 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3300 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3301 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3302 == 0) {
3303 return (SET_ERROR(EXDEV));
3304 }
3305 }
3306 }
3307
3308 error = dsl_dataset_snapshot(snaps, props, outnvl);
3309 return (error);
3310 }
3311
3312 /*
3313 * innvl: "message" -> string
3314 */
3315 /* ARGSUSED */
3316 static int
3317 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3318 {
3319 char *message;
3320 spa_t *spa;
3321 int error;
3322 char *poolname;
3323
3324 /*
3325 * The poolname in the ioctl is not set, we get it from the TSD,
3326 * which was set at the end of the last successful ioctl that allows
3327 * logging. The secpolicy func already checked that it is set.
3328 * Only one log ioctl is allowed after each successful ioctl, so
3329 * we clear the TSD here.
3330 */
3331 poolname = tsd_get(zfs_allow_log_key);
3332 (void) tsd_set(zfs_allow_log_key, NULL);
3333 error = spa_open(poolname, &spa, FTAG);
3334 strfree(poolname);
3335 if (error != 0)
3336 return (error);
3337
3338 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3339 spa_close(spa, FTAG);
3340 return (SET_ERROR(EINVAL));
3341 }
3342
3343 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3344 spa_close(spa, FTAG);
3345 return (SET_ERROR(ENOTSUP));
3346 }
3347
3348 error = spa_history_log(spa, message);
3349 spa_close(spa, FTAG);
3350 return (error);
3351 }
3352
3353 /*
3354 * The dp_config_rwlock must not be held when calling this, because the
3355 * unmount may need to write out data.
3356 *
3357 * This function is best-effort. Callers must deal gracefully if it
3358 * remains mounted (or is remounted after this call).
3359 */
3360 void
3361 zfs_unmount_snap(const char *snapname)
3362 {
3363 vfs_t *vfsp;
3364 zfsvfs_t *zfsvfs;
3365
3366 if (strchr(snapname, '@') == NULL)
3367 return;
3368
3369 vfsp = zfs_get_vfs(snapname);
3370 if (vfsp == NULL)
3371 return;
3372
3373 zfsvfs = vfsp->vfs_data;
3374 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os)));
3375
3376 if (vn_vfswlock(vfsp->vfs_vnodecovered) != 0) {
3377 VFS_RELE(vfsp);
3378 return;
3379 }
3380 VFS_RELE(vfsp);
3381
3382 /*
3383 * Always force the unmount for snapshots.
3384 */
3385 (void) dounmount(vfsp, MS_FORCE, kcred);
3386 }
3387
3388 /* ARGSUSED */
3389 static int
3390 zfs_unmount_snap_cb(const char *snapname, void *arg)
3391 {
3392 zfs_unmount_snap(snapname);
3393 return (0);
3394 }
3395
3396 /*
3397 * When a clone is destroyed, its origin may also need to be destroyed,
3398 * in which case it must be unmounted. This routine will do that unmount
3399 * if necessary.
3400 */
3401 void
3402 zfs_destroy_unmount_origin(const char *fsname)
3403 {
3404 int error;
3405 objset_t *os;
3406 dsl_dataset_t *ds;
3407
3408 error = dmu_objset_hold(fsname, FTAG, &os);
3409 if (error != 0)
3410 return;
3411 ds = dmu_objset_ds(os);
3412 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3413 char originname[MAXNAMELEN];
3414 dsl_dataset_name(ds->ds_prev, originname);
3415 dmu_objset_rele(os, FTAG);
3416 zfs_unmount_snap(originname);
3417 } else {
3418 dmu_objset_rele(os, FTAG);
3419 }
3420 }
3421
3422 /*
3423 * innvl: {
3424 * "snaps" -> { snapshot1, snapshot2 }
3425 * (optional boolean) "defer"
3426 * }
3427 *
3428 * outnvl: snapshot -> error code (int32)
3429 *
3430 */
3431 static int
3432 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3433 {
3434 int poollen;
3435 nvlist_t *snaps;
3436 nvpair_t *pair;
3437 boolean_t defer;
3438
3439 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3440 return (SET_ERROR(EINVAL));
3441 defer = nvlist_exists(innvl, "defer");
3442
3443 poollen = strlen(poolname);
3444 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3445 pair = nvlist_next_nvpair(snaps, pair)) {
3446 const char *name = nvpair_name(pair);
3447
3448 /*
3449 * The snap must be in the specified pool.
3450 */
3451 if (strncmp(name, poolname, poollen) != 0 ||
3452 (name[poollen] != '/' && name[poollen] != '@'))
3453 return (SET_ERROR(EXDEV));
3454
3455 zfs_unmount_snap(name);
3456 }
3457
3458 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3459 }
3460
3461 /*
3462 * inputs:
3463 * zc_name name of dataset to destroy
3464 * zc_objset_type type of objset
3465 * zc_defer_destroy mark for deferred destroy
3466 *
3467 * outputs: none
3468 */
3469 static int
3470 zfs_ioc_destroy(zfs_cmd_t *zc)
3471 {
3472 int err;
3473 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS)
3474 zfs_unmount_snap(zc->zc_name);
3475
3476 if (strchr(zc->zc_name, '@'))
3477 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3478 else
3479 err = dsl_destroy_head(zc->zc_name);
3480 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3481 (void) zvol_remove_minor(zc->zc_name);
3482 return (err);
3483 }
3484
3485 /*
3486 * inputs:
3487 * zc_name name of dataset to rollback (to most recent snapshot)
3488 *
3489 * outputs: none
3490 */
3491 static int
3492 zfs_ioc_rollback(zfs_cmd_t *zc)
3493 {
3494 zfsvfs_t *zfsvfs;
3495 int error;
3496
3497 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3498 error = zfs_suspend_fs(zfsvfs);
3499 if (error == 0) {
3500 int resume_err;
3501
3502 error = dsl_dataset_rollback(zc->zc_name);
3503 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3504 error = error ? error : resume_err;
3505 }
3506 VFS_RELE(zfsvfs->z_vfs);
3507 } else {
3508 error = dsl_dataset_rollback(zc->zc_name);
3509 }
3510 return (error);
3511 }
3512
3513 static int
3514 recursive_unmount(const char *fsname, void *arg)
3515 {
3516 const char *snapname = arg;
3517 char fullname[MAXNAMELEN];
3518
3519 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname);
3520 zfs_unmount_snap(fullname);
3521 return (0);
3522 }
3523
3524 /*
3525 * inputs:
3526 * zc_name old name of dataset
3527 * zc_value new name of dataset
3528 * zc_cookie recursive flag (only valid for snapshots)
3529 *
3530 * outputs: none
3531 */
3532 static int
3533 zfs_ioc_rename(zfs_cmd_t *zc)
3534 {
3535 boolean_t recursive = zc->zc_cookie & 1;
3536 char *at;
3537
3538 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3539 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3540 strchr(zc->zc_value, '%'))
3541 return (SET_ERROR(EINVAL));
3542
3543 at = strchr(zc->zc_name, '@');
3544 if (at != NULL) {
3545 /* snaps must be in same fs */
3546 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
3547 return (SET_ERROR(EXDEV));
3548 *at = '\0';
3549 if (zc->zc_objset_type == DMU_OST_ZFS) {
3550 int error = dmu_objset_find(zc->zc_name,
3551 recursive_unmount, at + 1,
3552 recursive ? DS_FIND_CHILDREN : 0);
3553 if (error != 0)
3554 return (error);
3555 }
3556 return (dsl_dataset_rename_snapshot(zc->zc_name,
3557 at + 1, strchr(zc->zc_value, '@') + 1, recursive));
3558 } else {
3559 if (zc->zc_objset_type == DMU_OST_ZVOL)
3560 (void) zvol_remove_minor(zc->zc_name);
3561 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
3562 }
3563 }
3564
3565 static int
3566 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3567 {
3568 const char *propname = nvpair_name(pair);
3569 boolean_t issnap = (strchr(dsname, '@') != NULL);
3570 zfs_prop_t prop = zfs_name_to_prop(propname);
3571 uint64_t intval;
3572 int err;
3573
3574 if (prop == ZPROP_INVAL) {
3575 if (zfs_prop_user(propname)) {
3576 if (err = zfs_secpolicy_write_perms(dsname,
3577 ZFS_DELEG_PERM_USERPROP, cr))
3578 return (err);
3579 return (0);
3580 }
3581
3582 if (!issnap && zfs_prop_userquota(propname)) {
3583 const char *perm = NULL;
3584 const char *uq_prefix =
3585 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3586 const char *gq_prefix =
3587 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3588
3589 if (strncmp(propname, uq_prefix,
3590 strlen(uq_prefix)) == 0) {
3591 perm = ZFS_DELEG_PERM_USERQUOTA;
3592 } else if (strncmp(propname, gq_prefix,
3593 strlen(gq_prefix)) == 0) {
3594 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3595 } else {
3596 /* USERUSED and GROUPUSED are read-only */
3597 return (SET_ERROR(EINVAL));
3598 }
3599
3600 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3601 return (err);
3602 return (0);
3603 }
3604
3605 return (SET_ERROR(EINVAL));
3606 }
3607
3608 if (issnap)
3609 return (SET_ERROR(EINVAL));
3610
3611 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3612 /*
3613 * dsl_prop_get_all_impl() returns properties in this
3614 * format.
3615 */
3616 nvlist_t *attrs;
3617 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3618 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3619 &pair) == 0);
3620 }
3621
3622 /*
3623 * Check that this value is valid for this pool version
3624 */
3625 switch (prop) {
3626 case ZFS_PROP_COMPRESSION:
3627 /*
3628 * If the user specified gzip compression, make sure
3629 * the SPA supports it. We ignore any errors here since
3630 * we'll catch them later.
3631 */
3632 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3633 nvpair_value_uint64(pair, &intval) == 0) {
3634 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3635 intval <= ZIO_COMPRESS_GZIP_9 &&
3636 zfs_earlier_version(dsname,
3637 SPA_VERSION_GZIP_COMPRESSION)) {
3638 return (SET_ERROR(ENOTSUP));
3639 }
3640
3641 if (intval == ZIO_COMPRESS_ZLE &&
3642 zfs_earlier_version(dsname,
3643 SPA_VERSION_ZLE_COMPRESSION))
3644 return (SET_ERROR(ENOTSUP));
3645
3646 if (intval == ZIO_COMPRESS_LZ4) {
3647 zfeature_info_t *feature =
3648 &spa_feature_table[
3649 SPA_FEATURE_LZ4_COMPRESS];
3650 spa_t *spa;
3651
3652 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3653 return (err);
3654
3655 if (!spa_feature_is_enabled(spa, feature)) {
3656 spa_close(spa, FTAG);
3657 return (SET_ERROR(ENOTSUP));
3658 }
3659 spa_close(spa, FTAG);
3660 }
3661
3662 /*
3663 * If this is a bootable dataset then
3664 * verify that the compression algorithm
3665 * is supported for booting. We must return
3666 * something other than ENOTSUP since it
3667 * implies a downrev pool version.
3668 */
3669 if (zfs_is_bootfs(dsname) &&
3670 !BOOTFS_COMPRESS_VALID(intval)) {
3671 return (SET_ERROR(ERANGE));
3672 }
3673 }
3674 break;
3675
3676 case ZFS_PROP_COPIES:
3677 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3678 return (SET_ERROR(ENOTSUP));
3679 break;
3680
3681 case ZFS_PROP_DEDUP:
3682 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3683 return (SET_ERROR(ENOTSUP));
3684 break;
3685
3686 case ZFS_PROP_SHARESMB:
3687 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3688 return (SET_ERROR(ENOTSUP));
3689 break;
3690
3691 case ZFS_PROP_ACLINHERIT:
3692 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3693 nvpair_value_uint64(pair, &intval) == 0) {
3694 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3695 zfs_earlier_version(dsname,
3696 SPA_VERSION_PASSTHROUGH_X))
3697 return (SET_ERROR(ENOTSUP));
3698 }
3699 break;
3700 }
3701
3702 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3703 }
3704
3705 /*
3706 * Checks for a race condition to make sure we don't increment a feature flag
3707 * multiple times.
3708 */
3709 static int
3710 zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx)
3711 {
3712 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
3713 zfeature_info_t *feature = arg;
3714
3715 if (!spa_feature_is_active(spa, feature))
3716 return (0);
3717 else
3718 return (SET_ERROR(EBUSY));
3719 }
3720
3721 /*
3722 * The callback invoked on feature activation in the sync task caused by
3723 * zfs_prop_activate_feature.
3724 */
3725 static void
3726 zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx)
3727 {
3728 spa_t *spa = dmu_tx_pool(tx)->dp_spa;
3729 zfeature_info_t *feature = arg;
3730
3731 spa_feature_incr(spa, feature, tx);
3732 }
3733
3734 /*
3735 * Activates a feature on a pool in response to a property setting. This
3736 * creates a new sync task which modifies the pool to reflect the feature
3737 * as being active.
3738 */
3739 static int
3740 zfs_prop_activate_feature(spa_t *spa, zfeature_info_t *feature)
3741 {
3742 int err;
3743
3744 /* EBUSY here indicates that the feature is already active */
3745 err = dsl_sync_task(spa_name(spa),
3746 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync,
3747 feature, 2);
3748
3749 if (err != 0 && err != EBUSY)
3750 return (err);
3751 else
3752 return (0);
3753 }
3754
3755 /*
3756 * Removes properties from the given props list that fail permission checks
3757 * needed to clear them and to restore them in case of a receive error. For each
3758 * property, make sure we have both set and inherit permissions.
3759 *
3760 * Returns the first error encountered if any permission checks fail. If the
3761 * caller provides a non-NULL errlist, it also gives the complete list of names
3762 * of all the properties that failed a permission check along with the
3763 * corresponding error numbers. The caller is responsible for freeing the
3764 * returned errlist.
3765 *
3766 * If every property checks out successfully, zero is returned and the list
3767 * pointed at by errlist is NULL.
3768 */
3769 static int
3770 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3771 {
3772 zfs_cmd_t *zc;
3773 nvpair_t *pair, *next_pair;
3774 nvlist_t *errors;
3775 int err, rv = 0;
3776
3777 if (props == NULL)
3778 return (0);
3779
3780 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3781
3782 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3783 (void) strcpy(zc->zc_name, dataset);
3784 pair = nvlist_next_nvpair(props, NULL);
3785 while (pair != NULL) {
3786 next_pair = nvlist_next_nvpair(props, pair);
3787
3788 (void) strcpy(zc->zc_value, nvpair_name(pair));
3789 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3790 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3791 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3792 VERIFY(nvlist_add_int32(errors,
3793 zc->zc_value, err) == 0);
3794 }
3795 pair = next_pair;
3796 }
3797 kmem_free(zc, sizeof (zfs_cmd_t));
3798
3799 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3800 nvlist_free(errors);
3801 errors = NULL;
3802 } else {
3803 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3804 }
3805
3806 if (errlist == NULL)
3807 nvlist_free(errors);
3808 else
3809 *errlist = errors;
3810
3811 return (rv);
3812 }
3813
3814 static boolean_t
3815 propval_equals(nvpair_t *p1, nvpair_t *p2)
3816 {
3817 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3818 /* dsl_prop_get_all_impl() format */
3819 nvlist_t *attrs;
3820 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3821 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3822 &p1) == 0);
3823 }
3824
3825 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3826 nvlist_t *attrs;
3827 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3828 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3829 &p2) == 0);
3830 }
3831
3832 if (nvpair_type(p1) != nvpair_type(p2))
3833 return (B_FALSE);
3834
3835 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3836 char *valstr1, *valstr2;
3837
3838 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3839 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3840 return (strcmp(valstr1, valstr2) == 0);
3841 } else {
3842 uint64_t intval1, intval2;
3843
3844 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3845 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3846 return (intval1 == intval2);
3847 }
3848 }
3849
3850 /*
3851 * Remove properties from props if they are not going to change (as determined
3852 * by comparison with origprops). Remove them from origprops as well, since we
3853 * do not need to clear or restore properties that won't change.
3854 */
3855 static void
3856 props_reduce(nvlist_t *props, nvlist_t *origprops)
3857 {
3858 nvpair_t *pair, *next_pair;
3859
3860 if (origprops == NULL)
3861 return; /* all props need to be received */
3862
3863 pair = nvlist_next_nvpair(props, NULL);
3864 while (pair != NULL) {
3865 const char *propname = nvpair_name(pair);
3866 nvpair_t *match;
3867
3868 next_pair = nvlist_next_nvpair(props, pair);
3869
3870 if ((nvlist_lookup_nvpair(origprops, propname,
3871 &match) != 0) || !propval_equals(pair, match))
3872 goto next; /* need to set received value */
3873
3874 /* don't clear the existing received value */
3875 (void) nvlist_remove_nvpair(origprops, match);
3876 /* don't bother receiving the property */
3877 (void) nvlist_remove_nvpair(props, pair);
3878 next:
3879 pair = next_pair;
3880 }
3881 }
3882
3883 #ifdef DEBUG
3884 static boolean_t zfs_ioc_recv_inject_err;
3885 #endif
3886
3887 /*
3888 * inputs:
3889 * zc_name name of containing filesystem
3890 * zc_nvlist_src{_size} nvlist of properties to apply
3891 * zc_value name of snapshot to create
3892 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3893 * zc_cookie file descriptor to recv from
3894 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3895 * zc_guid force flag
3896 * zc_cleanup_fd cleanup-on-exit file descriptor
3897 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3898 *
3899 * outputs:
3900 * zc_cookie number of bytes read
3901 * zc_nvlist_dst{_size} error for each unapplied received property
3902 * zc_obj zprop_errflags_t
3903 * zc_action_handle handle for this guid/ds mapping
3904 */
3905 static int
3906 zfs_ioc_recv(zfs_cmd_t *zc)
3907 {
3908 file_t *fp;
3909 dmu_recv_cookie_t drc;
3910 boolean_t force = (boolean_t)zc->zc_guid;
3911 int fd;
3912 int error = 0;
3913 int props_error = 0;
3914 nvlist_t *errors;
3915 offset_t off;
3916 nvlist_t *props = NULL; /* sent properties */
3917 nvlist_t *origprops = NULL; /* existing properties */
3918 char *origin = NULL;
3919 char *tosnap;
3920 char tofs[ZFS_MAXNAMELEN];
3921 boolean_t first_recvd_props = B_FALSE;
3922
3923 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3924 strchr(zc->zc_value, '@') == NULL ||
3925 strchr(zc->zc_value, '%'))
3926 return (SET_ERROR(EINVAL));
3927
3928 (void) strcpy(tofs, zc->zc_value);
3929 tosnap = strchr(tofs, '@');
3930 *tosnap++ = '\0';
3931
3932 if (zc->zc_nvlist_src != NULL &&
3933 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3934 zc->zc_iflags, &props)) != 0)
3935 return (error);
3936
3937 fd = zc->zc_cookie;
3938 fp = getf(fd);
3939 if (fp == NULL) {
3940 nvlist_free(props);
3941 return (SET_ERROR(EBADF));
3942 }
3943
3944 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3945
3946 if (zc->zc_string[0])
3947 origin = zc->zc_string;
3948
3949 error = dmu_recv_begin(tofs, tosnap,
3950 &zc->zc_begin_record, force, origin, &drc);
3951 if (error != 0)
3952 goto out;
3953
3954 /*
3955 * Set properties before we receive the stream so that they are applied
3956 * to the new data. Note that we must call dmu_recv_stream() if
3957 * dmu_recv_begin() succeeds.
3958 */
3959 if (props != NULL && !drc.drc_newfs) {
3960 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
3961 SPA_VERSION_RECVD_PROPS &&
3962 !dsl_prop_get_hasrecvd(tofs))
3963 first_recvd_props = B_TRUE;
3964
3965 /*
3966 * If new received properties are supplied, they are to
3967 * completely replace the existing received properties, so stash
3968 * away the existing ones.
3969 */
3970 if (dsl_prop_get_received(tofs, &origprops) == 0) {
3971 nvlist_t *errlist = NULL;
3972 /*
3973 * Don't bother writing a property if its value won't
3974 * change (and avoid the unnecessary security checks).
3975 *
3976 * The first receive after SPA_VERSION_RECVD_PROPS is a
3977 * special case where we blow away all local properties
3978 * regardless.
3979 */
3980 if (!first_recvd_props)
3981 props_reduce(props, origprops);
3982 if (zfs_check_clearable(tofs, origprops, &errlist) != 0)
3983 (void) nvlist_merge(errors, errlist, 0);
3984 nvlist_free(errlist);
3985
3986 if (clear_received_props(tofs, origprops,
3987 first_recvd_props ? NULL : props) != 0)
3988 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3989 } else {
3990 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3991 }
3992 }
3993
3994 if (props != NULL) {
3995 props_error = dsl_prop_set_hasrecvd(tofs);
3996
3997 if (props_error == 0) {
3998 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3999 props, errors);
4000 }
4001 }
4002
4003 if (zc->zc_nvlist_dst_size != 0 &&
4004 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4005 put_nvlist(zc, errors) != 0)) {
4006 /*
4007 * Caller made zc->zc_nvlist_dst less than the minimum expected
4008 * size or supplied an invalid address.
4009 */
4010 props_error = SET_ERROR(EINVAL);
4011 }
4012
4013 off = fp->f_offset;
4014 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
4015 &zc->zc_action_handle);
4016
4017 if (error == 0) {
4018 zfsvfs_t *zfsvfs = NULL;
4019
4020 if (getzfsvfs(tofs, &zfsvfs) == 0) {
4021 /* online recv */
4022 int end_err;
4023
4024 error = zfs_suspend_fs(zfsvfs);
4025 /*
4026 * If the suspend fails, then the recv_end will
4027 * likely also fail, and clean up after itself.
4028 */
4029 end_err = dmu_recv_end(&drc);
4030 if (error == 0)
4031 error = zfs_resume_fs(zfsvfs, tofs);
4032 error = error ? error : end_err;
4033 VFS_RELE(zfsvfs->z_vfs);
4034 } else {
4035 error = dmu_recv_end(&drc);
4036 }
4037 }
4038
4039 zc->zc_cookie = off - fp->f_offset;
4040 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4041 fp->f_offset = off;
4042
4043 #ifdef DEBUG
4044 if (zfs_ioc_recv_inject_err) {
4045 zfs_ioc_recv_inject_err = B_FALSE;
4046 error = 1;
4047 }
4048 #endif
4049 /*
4050 * On error, restore the original props.
4051 */
4052 if (error != 0 && props != NULL && !drc.drc_newfs) {
4053 if (clear_received_props(tofs, props, NULL) != 0) {
4054 /*
4055 * We failed to clear the received properties.
4056 * Since we may have left a $recvd value on the
4057 * system, we can't clear the $hasrecvd flag.
4058 */
4059 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4060 } else if (first_recvd_props) {
4061 dsl_prop_unset_hasrecvd(tofs);
4062 }
4063
4064 if (origprops == NULL && !drc.drc_newfs) {
4065 /* We failed to stash the original properties. */
4066 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4067 }
4068
4069 /*
4070 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4071 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4072 * explictly if we're restoring local properties cleared in the
4073 * first new-style receive.
4074 */
4075 if (origprops != NULL &&
4076 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4077 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4078 origprops, NULL) != 0) {
4079 /*
4080 * We stashed the original properties but failed to
4081 * restore them.
4082 */
4083 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4084 }
4085 }
4086 out:
4087 nvlist_free(props);
4088 nvlist_free(origprops);
4089 nvlist_free(errors);
4090 releasef(fd);
4091
4092 if (error == 0)
4093 error = props_error;
4094
4095 return (error);
4096 }
4097
4098 /*
4099 * inputs:
4100 * zc_name name of snapshot to send
4101 * zc_cookie file descriptor to send stream to
4102 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4103 * zc_sendobj objsetid of snapshot to send
4104 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4105 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4106 * output size in zc_objset_type.
4107 *
4108 * outputs: none
4109 */
4110 static int
4111 zfs_ioc_send(zfs_cmd_t *zc)
4112 {
4113 int error;
4114 offset_t off;
4115 boolean_t estimate = (zc->zc_guid != 0);
4116
4117 if (zc->zc_obj != 0) {
4118 dsl_pool_t *dp;
4119 dsl_dataset_t *tosnap;
4120
4121 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4122 if (error != 0)
4123 return (error);
4124
4125 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4126 if (error != 0) {
4127 dsl_pool_rele(dp, FTAG);
4128 return (error);
4129 }
4130
4131 if (dsl_dir_is_clone(tosnap->ds_dir))
4132 zc->zc_fromobj = tosnap->ds_dir->dd_phys->dd_origin_obj;
4133 dsl_dataset_rele(tosnap, FTAG);
4134 dsl_pool_rele(dp, FTAG);
4135 }
4136
4137 if (estimate) {
4138 dsl_pool_t *dp;
4139 dsl_dataset_t *tosnap;
4140 dsl_dataset_t *fromsnap = NULL;
4141
4142 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4143 if (error != 0)
4144 return (error);
4145
4146 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4147 if (error != 0) {
4148 dsl_pool_rele(dp, FTAG);
4149 return (error);
4150 }
4151
4152 if (zc->zc_fromobj != 0) {
4153 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4154 FTAG, &fromsnap);
4155 if (error != 0) {
4156 dsl_dataset_rele(tosnap, FTAG);
4157 dsl_pool_rele(dp, FTAG);
4158 return (error);
4159 }
4160 }
4161
4162 error = dmu_send_estimate(tosnap, fromsnap,
4163 &zc->zc_objset_type);
4164
4165 if (fromsnap != NULL)
4166 dsl_dataset_rele(fromsnap, FTAG);
4167 dsl_dataset_rele(tosnap, FTAG);
4168 dsl_pool_rele(dp, FTAG);
4169 } else {
4170 file_t *fp = getf(zc->zc_cookie);
4171 if (fp == NULL)
4172 return (SET_ERROR(EBADF));
4173
4174 off = fp->f_offset;
4175 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
4176 zc->zc_fromobj, zc->zc_cookie, fp->f_vnode, &off);
4177
4178 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4179 fp->f_offset = off;
4180 releasef(zc->zc_cookie);
4181 }
4182 return (error);
4183 }
4184
4185 /*
4186 * inputs:
4187 * zc_name name of snapshot on which to report progress
4188 * zc_cookie file descriptor of send stream
4189 *
4190 * outputs:
4191 * zc_cookie number of bytes written in send stream thus far
4192 */
4193 static int
4194 zfs_ioc_send_progress(zfs_cmd_t *zc)
4195 {
4196 dsl_pool_t *dp;
4197 dsl_dataset_t *ds;
4198 dmu_sendarg_t *dsp = NULL;
4199 int error;
4200
4201 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4202 if (error != 0)
4203 return (error);
4204
4205 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4206 if (error != 0) {
4207 dsl_pool_rele(dp, FTAG);
4208 return (error);
4209 }
4210
4211 mutex_enter(&ds->ds_sendstream_lock);
4212
4213 /*
4214 * Iterate over all the send streams currently active on this dataset.
4215 * If there's one which matches the specified file descriptor _and_ the
4216 * stream was started by the current process, return the progress of
4217 * that stream.
4218 */
4219 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4220 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4221 if (dsp->dsa_outfd == zc->zc_cookie &&
4222 dsp->dsa_proc == curproc)
4223 break;
4224 }
4225
4226 if (dsp != NULL)
4227 zc->zc_cookie = *(dsp->dsa_off);
4228 else
4229 error = SET_ERROR(ENOENT);
4230
4231 mutex_exit(&ds->ds_sendstream_lock);
4232 dsl_dataset_rele(ds, FTAG);
4233 dsl_pool_rele(dp, FTAG);
4234 return (error);
4235 }
4236
4237 static int
4238 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4239 {
4240 int id, error;
4241
4242 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4243 &zc->zc_inject_record);
4244
4245 if (error == 0)
4246 zc->zc_guid = (uint64_t)id;
4247
4248 return (error);
4249 }
4250
4251 static int
4252 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4253 {
4254 return (zio_clear_fault((int)zc->zc_guid));
4255 }
4256
4257 static int
4258 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4259 {
4260 int id = (int)zc->zc_guid;
4261 int error;
4262
4263 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4264 &zc->zc_inject_record);
4265
4266 zc->zc_guid = id;
4267
4268 return (error);
4269 }
4270
4271 static int
4272 zfs_ioc_error_log(zfs_cmd_t *zc)
4273 {
4274 spa_t *spa;
4275 int error;
4276 size_t count = (size_t)zc->zc_nvlist_dst_size;
4277
4278 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4279 return (error);
4280
4281 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4282 &count);
4283 if (error == 0)
4284 zc->zc_nvlist_dst_size = count;
4285 else
4286 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4287
4288 spa_close(spa, FTAG);
4289
4290 return (error);
4291 }
4292
4293 static int
4294 zfs_ioc_clear(zfs_cmd_t *zc)
4295 {
4296 spa_t *spa;
4297 vdev_t *vd;
4298 int error;
4299
4300 /*
4301 * On zpool clear we also fix up missing slogs
4302 */
4303 mutex_enter(&spa_namespace_lock);
4304 spa = spa_lookup(zc->zc_name);
4305 if (spa == NULL) {
4306 mutex_exit(&spa_namespace_lock);
4307 return (SET_ERROR(EIO));
4308 }
4309 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4310 /* we need to let spa_open/spa_load clear the chains */
4311 spa_set_log_state(spa, SPA_LOG_CLEAR);
4312 }
4313 spa->spa_last_open_failed = 0;
4314 mutex_exit(&spa_namespace_lock);
4315
4316 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4317 error = spa_open(zc->zc_name, &spa, FTAG);
4318 } else {
4319 nvlist_t *policy;
4320 nvlist_t *config = NULL;
4321
4322 if (zc->zc_nvlist_src == NULL)
4323 return (SET_ERROR(EINVAL));
4324
4325 if ((error = get_nvlist(zc->zc_nvlist_src,
4326 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4327 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4328 policy, &config);
4329 if (config != NULL) {
4330 int err;
4331
4332 if ((err = put_nvlist(zc, config)) != 0)
4333 error = err;
4334 nvlist_free(config);
4335 }
4336 nvlist_free(policy);
4337 }
4338 }
4339
4340 if (error != 0)
4341 return (error);
4342
4343 spa_vdev_state_enter(spa, SCL_NONE);
4344
4345 if (zc->zc_guid == 0) {
4346 vd = NULL;
4347 } else {
4348 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4349 if (vd == NULL) {
4350 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4351 spa_close(spa, FTAG);
4352 return (SET_ERROR(ENODEV));
4353 }
4354 }
4355
4356 vdev_clear(spa, vd);
4357
4358 (void) spa_vdev_state_exit(spa, NULL, 0);
4359
4360 /*
4361 * Resume any suspended I/Os.
4362 */
4363 if (zio_resume(spa) != 0)
4364 error = SET_ERROR(EIO);
4365
4366 spa_close(spa, FTAG);
4367
4368 return (error);
4369 }
4370
4371 static int
4372 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4373 {
4374 spa_t *spa;
4375 int error;
4376
4377 error = spa_open(zc->zc_name, &spa, FTAG);
4378 if (error != 0)
4379 return (error);
4380
4381 spa_vdev_state_enter(spa, SCL_NONE);
4382
4383 /*
4384 * If a resilver is already in progress then set the
4385 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4386 * the scan as a side effect of the reopen. Otherwise, let
4387 * vdev_open() decided if a resilver is required.
4388 */
4389 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4390 vdev_reopen(spa->spa_root_vdev);
4391 spa->spa_scrub_reopen = B_FALSE;
4392
4393 (void) spa_vdev_state_exit(spa, NULL, 0);
4394 spa_close(spa, FTAG);
4395 return (0);
4396 }
4397 /*
4398 * inputs:
4399 * zc_name name of filesystem
4400 * zc_value name of origin snapshot
4401 *
4402 * outputs:
4403 * zc_string name of conflicting snapshot, if there is one
4404 */
4405 static int
4406 zfs_ioc_promote(zfs_cmd_t *zc)
4407 {
4408 char *cp;
4409
4410 /*
4411 * We don't need to unmount *all* the origin fs's snapshots, but
4412 * it's easier.
4413 */
4414 cp = strchr(zc->zc_value, '@');
4415 if (cp)
4416 *cp = '\0';
4417 (void) dmu_objset_find(zc->zc_value,
4418 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
4419 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4420 }
4421
4422 /*
4423 * Retrieve a single {user|group}{used|quota}@... property.
4424 *
4425 * inputs:
4426 * zc_name name of filesystem
4427 * zc_objset_type zfs_userquota_prop_t
4428 * zc_value domain name (eg. "S-1-234-567-89")
4429 * zc_guid RID/UID/GID
4430 *
4431 * outputs:
4432 * zc_cookie property value
4433 */
4434 static int
4435 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4436 {
4437 zfsvfs_t *zfsvfs;
4438 int error;
4439
4440 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4441 return (SET_ERROR(EINVAL));
4442
4443 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4444 if (error != 0)
4445 return (error);
4446
4447 error = zfs_userspace_one(zfsvfs,
4448 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4449 zfsvfs_rele(zfsvfs, FTAG);
4450
4451 return (error);
4452 }
4453
4454 /*
4455 * inputs:
4456 * zc_name name of filesystem
4457 * zc_cookie zap cursor
4458 * zc_objset_type zfs_userquota_prop_t
4459 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4460 *
4461 * outputs:
4462 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4463 * zc_cookie zap cursor
4464 */
4465 static int
4466 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4467 {
4468 zfsvfs_t *zfsvfs;
4469 int bufsize = zc->zc_nvlist_dst_size;
4470
4471 if (bufsize <= 0)
4472 return (SET_ERROR(ENOMEM));
4473
4474 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4475 if (error != 0)
4476 return (error);
4477
4478 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4479
4480 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4481 buf, &zc->zc_nvlist_dst_size);
4482
4483 if (error == 0) {
4484 error = xcopyout(buf,
4485 (void *)(uintptr_t)zc->zc_nvlist_dst,
4486 zc->zc_nvlist_dst_size);
4487 }
4488 kmem_free(buf, bufsize);
4489 zfsvfs_rele(zfsvfs, FTAG);
4490
4491 return (error);
4492 }
4493
4494 /*
4495 * inputs:
4496 * zc_name name of filesystem
4497 *
4498 * outputs:
4499 * none
4500 */
4501 static int
4502 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4503 {
4504 objset_t *os;
4505 int error = 0;
4506 zfsvfs_t *zfsvfs;
4507
4508 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4509 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4510 /*
4511 * If userused is not enabled, it may be because the
4512 * objset needs to be closed & reopened (to grow the
4513 * objset_phys_t). Suspend/resume the fs will do that.
4514 */
4515 error = zfs_suspend_fs(zfsvfs);
4516 if (error == 0)
4517 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4518 }
4519 if (error == 0)
4520 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4521 VFS_RELE(zfsvfs->z_vfs);
4522 } else {
4523 /* XXX kind of reading contents without owning */
4524 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4525 if (error != 0)
4526 return (error);
4527
4528 error = dmu_objset_userspace_upgrade(os);
4529 dmu_objset_rele(os, FTAG);
4530 }
4531
4532 return (error);
4533 }
4534
4535 /*
4536 * We don't want to have a hard dependency
4537 * against some special symbols in sharefs
4538 * nfs, and smbsrv. Determine them if needed when
4539 * the first file system is shared.
4540 * Neither sharefs, nfs or smbsrv are unloadable modules.
4541 */
4542 int (*znfsexport_fs)(void *arg);
4543 int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4544 int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4545
4546 int zfs_nfsshare_inited;
4547 int zfs_smbshare_inited;
4548
4549 ddi_modhandle_t nfs_mod;
4550 ddi_modhandle_t sharefs_mod;
4551 ddi_modhandle_t smbsrv_mod;
4552 kmutex_t zfs_share_lock;
4553
4554 static int
4555 zfs_init_sharefs()
4556 {
4557 int error;
4558
4559 ASSERT(MUTEX_HELD(&zfs_share_lock));
4560 /* Both NFS and SMB shares also require sharetab support. */
4561 if (sharefs_mod == NULL && ((sharefs_mod =
4562 ddi_modopen("fs/sharefs",
4563 KRTLD_MODE_FIRST, &error)) == NULL)) {
4564 return (SET_ERROR(ENOSYS));
4565 }
4566 if (zshare_fs == NULL && ((zshare_fs =
4567 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4568 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4569 return (SET_ERROR(ENOSYS));
4570 }
4571 return (0);
4572 }
4573
4574 static int
4575 zfs_ioc_share(zfs_cmd_t *zc)
4576 {
4577 int error;
4578 int opcode;
4579
4580 switch (zc->zc_share.z_sharetype) {
4581 case ZFS_SHARE_NFS:
4582 case ZFS_UNSHARE_NFS:
4583 if (zfs_nfsshare_inited == 0) {
4584 mutex_enter(&zfs_share_lock);
4585 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4586 KRTLD_MODE_FIRST, &error)) == NULL)) {
4587 mutex_exit(&zfs_share_lock);
4588 return (SET_ERROR(ENOSYS));
4589 }
4590 if (znfsexport_fs == NULL &&
4591 ((znfsexport_fs = (int (*)(void *))
4592 ddi_modsym(nfs_mod,
4593 "nfs_export", &error)) == NULL)) {
4594 mutex_exit(&zfs_share_lock);
4595 return (SET_ERROR(ENOSYS));
4596 }
4597 error = zfs_init_sharefs();
4598 if (error != 0) {
4599 mutex_exit(&zfs_share_lock);
4600 return (SET_ERROR(ENOSYS));
4601 }
4602 zfs_nfsshare_inited = 1;
4603 mutex_exit(&zfs_share_lock);
4604 }
4605 break;
4606 case ZFS_SHARE_SMB:
4607 case ZFS_UNSHARE_SMB:
4608 if (zfs_smbshare_inited == 0) {
4609 mutex_enter(&zfs_share_lock);
4610 if (smbsrv_mod == NULL && ((smbsrv_mod =
4611 ddi_modopen("drv/smbsrv",
4612 KRTLD_MODE_FIRST, &error)) == NULL)) {
4613 mutex_exit(&zfs_share_lock);
4614 return (SET_ERROR(ENOSYS));
4615 }
4616 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4617 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4618 "smb_server_share", &error)) == NULL)) {
4619 mutex_exit(&zfs_share_lock);
4620 return (SET_ERROR(ENOSYS));
4621 }
4622 error = zfs_init_sharefs();
4623 if (error != 0) {
4624 mutex_exit(&zfs_share_lock);
4625 return (SET_ERROR(ENOSYS));
4626 }
4627 zfs_smbshare_inited = 1;
4628 mutex_exit(&zfs_share_lock);
4629 }
4630 break;
4631 default:
4632 return (SET_ERROR(EINVAL));
4633 }
4634
4635 switch (zc->zc_share.z_sharetype) {
4636 case ZFS_SHARE_NFS:
4637 case ZFS_UNSHARE_NFS:
4638 if (error =
4639 znfsexport_fs((void *)
4640 (uintptr_t)zc->zc_share.z_exportdata))
4641 return (error);
4642 break;
4643 case ZFS_SHARE_SMB:
4644 case ZFS_UNSHARE_SMB:
4645 if (error = zsmbexport_fs((void *)
4646 (uintptr_t)zc->zc_share.z_exportdata,
4647 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4648 B_TRUE: B_FALSE)) {
4649 return (error);
4650 }
4651 break;
4652 }
4653
4654 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4655 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4656 SHAREFS_ADD : SHAREFS_REMOVE;
4657
4658 /*
4659 * Add or remove share from sharetab
4660 */
4661 error = zshare_fs(opcode,
4662 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4663 zc->zc_share.z_sharemax);
4664
4665 return (error);
4666
4667 }
4668
4669 ace_t full_access[] = {
4670 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4671 };
4672
4673 /*
4674 * inputs:
4675 * zc_name name of containing filesystem
4676 * zc_obj object # beyond which we want next in-use object #
4677 *
4678 * outputs:
4679 * zc_obj next in-use object #
4680 */
4681 static int
4682 zfs_ioc_next_obj(zfs_cmd_t *zc)
4683 {
4684 objset_t *os = NULL;
4685 int error;
4686
4687 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4688 if (error != 0)
4689 return (error);
4690
4691 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4692 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4693
4694 dmu_objset_rele(os, FTAG);
4695 return (error);
4696 }
4697
4698 /*
4699 * inputs:
4700 * zc_name name of filesystem
4701 * zc_value prefix name for snapshot
4702 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4703 *
4704 * outputs:
4705 * zc_value short name of new snapshot
4706 */
4707 static int
4708 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4709 {
4710 char *snap_name;
4711 char *hold_name;
4712 int error;
4713 minor_t minor;
4714
4715 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4716 if (error != 0)
4717 return (error);
4718
4719 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4720 (u_longlong_t)ddi_get_lbolt64());
4721 hold_name = kmem_asprintf("%%%s", zc->zc_value);
4722
4723 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
4724 hold_name);
4725 if (error == 0)
4726 (void) strcpy(zc->zc_value, snap_name);
4727 strfree(snap_name);
4728 strfree(hold_name);
4729 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4730 return (error);
4731 }
4732
4733 /*
4734 * inputs:
4735 * zc_name name of "to" snapshot
4736 * zc_value name of "from" snapshot
4737 * zc_cookie file descriptor to write diff data on
4738 *
4739 * outputs:
4740 * dmu_diff_record_t's to the file descriptor
4741 */
4742 static int
4743 zfs_ioc_diff(zfs_cmd_t *zc)
4744 {
4745 file_t *fp;
4746 offset_t off;
4747 int error;
4748
4749 fp = getf(zc->zc_cookie);
4750 if (fp == NULL)
4751 return (SET_ERROR(EBADF));
4752
4753 off = fp->f_offset;
4754
4755 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
4756
4757 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4758 fp->f_offset = off;
4759 releasef(zc->zc_cookie);
4760
4761 return (error);
4762 }
4763
4764 /*
4765 * Remove all ACL files in shares dir
4766 */
4767 static int
4768 zfs_smb_acl_purge(znode_t *dzp)
4769 {
4770 zap_cursor_t zc;
4771 zap_attribute_t zap;
4772 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4773 int error;
4774
4775 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4776 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4777 zap_cursor_advance(&zc)) {
4778 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4779 NULL, 0)) != 0)
4780 break;
4781 }
4782 zap_cursor_fini(&zc);
4783 return (error);
4784 }
4785
4786 static int
4787 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4788 {
4789 vnode_t *vp;
4790 znode_t *dzp;
4791 vnode_t *resourcevp = NULL;
4792 znode_t *sharedir;
4793 zfsvfs_t *zfsvfs;
4794 nvlist_t *nvlist;
4795 char *src, *target;
4796 vattr_t vattr;
4797 vsecattr_t vsec;
4798 int error = 0;
4799
4800 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4801 NO_FOLLOW, NULL, &vp)) != 0)
4802 return (error);
4803
4804 /* Now make sure mntpnt and dataset are ZFS */
4805
4806 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4807 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4808 zc->zc_name) != 0)) {
4809 VN_RELE(vp);
4810 return (SET_ERROR(EINVAL));
4811 }
4812
4813 dzp = VTOZ(vp);
4814 zfsvfs = dzp->z_zfsvfs;
4815 ZFS_ENTER(zfsvfs);
4816
4817 /*
4818 * Create share dir if its missing.
4819 */
4820 mutex_enter(&zfsvfs->z_lock);
4821 if (zfsvfs->z_shares_dir == 0) {
4822 dmu_tx_t *tx;
4823
4824 tx = dmu_tx_create(zfsvfs->z_os);
4825 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4826 ZFS_SHARES_DIR);
4827 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4828 error = dmu_tx_assign(tx, TXG_WAIT);
4829 if (error != 0) {
4830 dmu_tx_abort(tx);
4831 } else {
4832 error = zfs_create_share_dir(zfsvfs, tx);
4833 dmu_tx_commit(tx);
4834 }
4835 if (error != 0) {
4836 mutex_exit(&zfsvfs->z_lock);
4837 VN_RELE(vp);
4838 ZFS_EXIT(zfsvfs);
4839 return (error);
4840 }
4841 }
4842 mutex_exit(&zfsvfs->z_lock);
4843
4844 ASSERT(zfsvfs->z_shares_dir);
4845 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4846 VN_RELE(vp);
4847 ZFS_EXIT(zfsvfs);
4848 return (error);
4849 }
4850
4851 switch (zc->zc_cookie) {
4852 case ZFS_SMB_ACL_ADD:
4853 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4854 vattr.va_type = VREG;
4855 vattr.va_mode = S_IFREG|0777;
4856 vattr.va_uid = 0;
4857 vattr.va_gid = 0;
4858
4859 vsec.vsa_mask = VSA_ACE;
4860 vsec.vsa_aclentp = &full_access;
4861 vsec.vsa_aclentsz = sizeof (full_access);
4862 vsec.vsa_aclcnt = 1;
4863
4864 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4865 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4866 if (resourcevp)
4867 VN_RELE(resourcevp);
4868 break;
4869
4870 case ZFS_SMB_ACL_REMOVE:
4871 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4872 NULL, 0);
4873 break;
4874
4875 case ZFS_SMB_ACL_RENAME:
4876 if ((error = get_nvlist(zc->zc_nvlist_src,
4877 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4878 VN_RELE(vp);
4879 ZFS_EXIT(zfsvfs);
4880 return (error);
4881 }
4882 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4883 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4884 &target)) {
4885 VN_RELE(vp);
4886 VN_RELE(ZTOV(sharedir));
4887 ZFS_EXIT(zfsvfs);
4888 nvlist_free(nvlist);
4889 return (error);
4890 }
4891 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4892 kcred, NULL, 0);
4893 nvlist_free(nvlist);
4894 break;
4895
4896 case ZFS_SMB_ACL_PURGE:
4897 error = zfs_smb_acl_purge(sharedir);
4898 break;
4899
4900 default:
4901 error = SET_ERROR(EINVAL);
4902 break;
4903 }
4904
4905 VN_RELE(vp);
4906 VN_RELE(ZTOV(sharedir));
4907
4908 ZFS_EXIT(zfsvfs);
4909
4910 return (error);
4911 }
4912
4913 /*
4914 * innvl: {
4915 * "holds" -> { snapname -> holdname (string), ... }
4916 * (optional) "cleanup_fd" -> fd (int32)
4917 * }
4918 *
4919 * outnvl: {
4920 * snapname -> error value (int32)
4921 * ...
4922 * }
4923 */
4924 /* ARGSUSED */
4925 static int
4926 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
4927 {
4928 nvlist_t *holds;
4929 int cleanup_fd = -1;
4930 int error;
4931 minor_t minor = 0;
4932
4933 error = nvlist_lookup_nvlist(args, "holds", &holds);
4934 if (error != 0)
4935 return (SET_ERROR(EINVAL));
4936
4937 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
4938 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
4939 if (error != 0)
4940 return (error);
4941 }
4942
4943 error = dsl_dataset_user_hold(holds, minor, errlist);
4944 if (minor != 0)
4945 zfs_onexit_fd_rele(cleanup_fd);
4946 return (error);
4947 }
4948
4949 /*
4950 * innvl is not used.
4951 *
4952 * outnvl: {
4953 * holdname -> time added (uint64 seconds since epoch)
4954 * ...
4955 * }
4956 */
4957 /* ARGSUSED */
4958 static int
4959 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
4960 {
4961 return (dsl_dataset_get_holds(snapname, outnvl));
4962 }
4963
4964 /*
4965 * innvl: {
4966 * snapname -> { holdname, ... }
4967 * ...
4968 * }
4969 *
4970 * outnvl: {
4971 * snapname -> error value (int32)
4972 * ...
4973 * }
4974 */
4975 /* ARGSUSED */
4976 static int
4977 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
4978 {
4979 nvpair_t *pair;
4980
4981 /*
4982 * The release may cause the snapshot to be destroyed; make sure it
4983 * is not mounted.
4984 */
4985 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
4986 pair = nvlist_next_nvpair(holds, pair))
4987 zfs_unmount_snap(nvpair_name(pair));
4988
4989 return (dsl_dataset_user_release(holds, errlist));
4990 }
4991
4992 /*
4993 * inputs:
4994 * zc_name name of new filesystem or snapshot
4995 * zc_value full name of old snapshot
4996 *
4997 * outputs:
4998 * zc_cookie space in bytes
4999 * zc_objset_type compressed space in bytes
5000 * zc_perm_action uncompressed space in bytes
5001 */
5002 static int
5003 zfs_ioc_space_written(zfs_cmd_t *zc)
5004 {
5005 int error;
5006 dsl_pool_t *dp;
5007 dsl_dataset_t *new, *old;
5008
5009 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5010 if (error != 0)
5011 return (error);
5012 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
5013 if (error != 0) {
5014 dsl_pool_rele(dp, FTAG);
5015 return (error);
5016 }
5017 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
5018 if (error != 0) {
5019 dsl_dataset_rele(new, FTAG);
5020 dsl_pool_rele(dp, FTAG);
5021 return (error);
5022 }
5023
5024 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5025 &zc->zc_objset_type, &zc->zc_perm_action);
5026 dsl_dataset_rele(old, FTAG);
5027 dsl_dataset_rele(new, FTAG);
5028 dsl_pool_rele(dp, FTAG);
5029 return (error);
5030 }
5031
5032 /*
5033 * innvl: {
5034 * "firstsnap" -> snapshot name
5035 * }
5036 *
5037 * outnvl: {
5038 * "used" -> space in bytes
5039 * "compressed" -> compressed space in bytes
5040 * "uncompressed" -> uncompressed space in bytes
5041 * }
5042 */
5043 static int
5044 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5045 {
5046 int error;
5047 dsl_pool_t *dp;
5048 dsl_dataset_t *new, *old;
5049 char *firstsnap;
5050 uint64_t used, comp, uncomp;
5051
5052 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5053 return (SET_ERROR(EINVAL));
5054
5055 error = dsl_pool_hold(lastsnap, FTAG, &dp);
5056 if (error != 0)
5057 return (error);
5058
5059 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
5060 if (error != 0) {
5061 dsl_pool_rele(dp, FTAG);
5062 return (error);
5063 }
5064 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
5065 if (error != 0) {
5066 dsl_dataset_rele(new, FTAG);
5067 dsl_pool_rele(dp, FTAG);
5068 return (error);
5069 }
5070
5071 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5072 dsl_dataset_rele(old, FTAG);
5073 dsl_dataset_rele(new, FTAG);
5074 dsl_pool_rele(dp, FTAG);
5075 fnvlist_add_uint64(outnvl, "used", used);
5076 fnvlist_add_uint64(outnvl, "compressed", comp);
5077 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5078 return (error);
5079 }
5080
5081 /*
5082 * innvl: {
5083 * "fd" -> file descriptor to write stream to (int32)
5084 * (optional) "fromsnap" -> full snap name to send an incremental from
5085 * }
5086 *
5087 * outnvl is unused
5088 */
5089 /* ARGSUSED */
5090 static int
5091 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5092 {
5093 int error;
5094 offset_t off;
5095 char *fromname = NULL;
5096 int fd;
5097
5098 error = nvlist_lookup_int32(innvl, "fd", &fd);
5099 if (error != 0)
5100 return (SET_ERROR(EINVAL));
5101
5102 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
5103
5104 file_t *fp = getf(fd);
5105 if (fp == NULL)
5106 return (SET_ERROR(EBADF));
5107
5108 off = fp->f_offset;
5109 error = dmu_send(snapname, fromname, fd, fp->f_vnode, &off);
5110
5111 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5112 fp->f_offset = off;
5113 releasef(fd);
5114 return (error);
5115 }
5116
5117 /*
5118 * Determine approximately how large a zfs send stream will be -- the number
5119 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5120 *
5121 * innvl: {
5122 * (optional) "fromsnap" -> full snap name to send an incremental from
5123 * }
5124 *
5125 * outnvl: {
5126 * "space" -> bytes of space (uint64)
5127 * }
5128 */
5129 static int
5130 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5131 {
5132 dsl_pool_t *dp;
5133 dsl_dataset_t *fromsnap = NULL;
5134 dsl_dataset_t *tosnap;
5135 int error;
5136 char *fromname;
5137 uint64_t space;
5138
5139 error = dsl_pool_hold(snapname, FTAG, &dp);
5140 if (error != 0)
5141 return (error);
5142
5143 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
5144 if (error != 0) {
5145 dsl_pool_rele(dp, FTAG);
5146 return (error);
5147 }
5148
5149 error = nvlist_lookup_string(innvl, "fromsnap", &fromname);
5150 if (error == 0) {
5151 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
5152 if (error != 0) {
5153 dsl_dataset_rele(tosnap, FTAG);
5154 dsl_pool_rele(dp, FTAG);
5155 return (error);
5156 }
5157 }
5158
5159 error = dmu_send_estimate(tosnap, fromsnap, &space);
5160 fnvlist_add_uint64(outnvl, "space", space);
5161
5162 if (fromsnap != NULL)
5163 dsl_dataset_rele(fromsnap, FTAG);
5164 dsl_dataset_rele(tosnap, FTAG);
5165 dsl_pool_rele(dp, FTAG);
5166 return (error);
5167 }
5168
5169
5170 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5171
5172 static void
5173 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5174 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5175 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5176 {
5177 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5178
5179 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5180 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5181 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5182 ASSERT3P(vec->zvec_func, ==, NULL);
5183
5184 vec->zvec_legacy_func = func;
5185 vec->zvec_secpolicy = secpolicy;
5186 vec->zvec_namecheck = namecheck;
5187 vec->zvec_allow_log = log_history;
5188 vec->zvec_pool_check = pool_check;
5189 }
5190
5191 /*
5192 * See the block comment at the beginning of this file for details on
5193 * each argument to this function.
5194 */
5195 static void
5196 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5197 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5198 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5199 boolean_t allow_log)
5200 {
5201 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5202
5203 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5204 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5205 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5206 ASSERT3P(vec->zvec_func, ==, NULL);
5207
5208 /* if we are logging, the name must be valid */
5209 ASSERT(!allow_log || namecheck != NO_NAME);
5210
5211 vec->zvec_name = name;
5212 vec->zvec_func = func;
5213 vec->zvec_secpolicy = secpolicy;
5214 vec->zvec_namecheck = namecheck;
5215 vec->zvec_pool_check = pool_check;
5216 vec->zvec_smush_outnvlist = smush_outnvlist;
5217 vec->zvec_allow_log = allow_log;
5218 }
5219
5220 static void
5221 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5222 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5223 zfs_ioc_poolcheck_t pool_check)
5224 {
5225 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5226 POOL_NAME, log_history, pool_check);
5227 }
5228
5229 static void
5230 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5231 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5232 {
5233 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5234 DATASET_NAME, B_FALSE, pool_check);
5235 }
5236
5237 static void
5238 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5239 {
5240 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5241 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5242 }
5243
5244 static void
5245 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5246 zfs_secpolicy_func_t *secpolicy)
5247 {
5248 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5249 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5250 }
5251
5252 static void
5253 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5254 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5255 {
5256 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5257 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5258 }
5259
5260 static void
5261 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5262 {
5263 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5264 zfs_secpolicy_read);
5265 }
5266
5267 static void
5268 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5269 zfs_secpolicy_func_t *secpolicy)
5270 {
5271 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5272 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5273 }
5274
5275 static void
5276 zfs_ioctl_init(void)
5277 {
5278 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5279 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5280 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5281
5282 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5283 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5284 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5285
5286 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5287 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5288 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5289
5290 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5291 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5292 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5293
5294 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5295 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5296 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5297
5298 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5299 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5300 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5301
5302 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5303 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5304 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5305
5306 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5307 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5308 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5309
5310 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
5311 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
5312 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5313 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
5314 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
5315 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5316
5317 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
5318 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
5319 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5320
5321 /* IOCTLS that use the legacy function signature */
5322
5323 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5324 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5325
5326 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5327 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5328 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5329 zfs_ioc_pool_scan);
5330 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5331 zfs_ioc_pool_upgrade);
5332 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5333 zfs_ioc_vdev_add);
5334 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5335 zfs_ioc_vdev_remove);
5336 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5337 zfs_ioc_vdev_set_state);
5338 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5339 zfs_ioc_vdev_attach);
5340 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5341 zfs_ioc_vdev_detach);
5342 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5343 zfs_ioc_vdev_setpath);
5344 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5345 zfs_ioc_vdev_setfru);
5346 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5347 zfs_ioc_pool_set_props);
5348 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5349 zfs_ioc_vdev_split);
5350 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5351 zfs_ioc_pool_reguid);
5352
5353 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5354 zfs_ioc_pool_configs, zfs_secpolicy_none);
5355 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5356 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5357 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5358 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5359 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5360 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5361 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5362 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5363
5364 /*
5365 * pool destroy, and export don't log the history as part of
5366 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5367 * does the logging of those commands.
5368 */
5369 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5370 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5371 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5372 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE);
5373
5374 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5375 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5376 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5377 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5378
5379 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5380 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5381 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5382 zfs_ioc_dsobj_to_dsname,
5383 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5384 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5385 zfs_ioc_pool_get_history,
5386 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5387
5388 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5389 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5390
5391 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5392 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5393 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5394 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5395
5396 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5397 zfs_ioc_space_written);
5398 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5399 zfs_ioc_objset_recvd_props);
5400 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5401 zfs_ioc_next_obj);
5402 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5403 zfs_ioc_get_fsacl);
5404 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5405 zfs_ioc_objset_stats);
5406 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5407 zfs_ioc_objset_zplprops);
5408 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5409 zfs_ioc_dataset_list_next);
5410 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5411 zfs_ioc_snapshot_list_next);
5412 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5413 zfs_ioc_send_progress);
5414
5415 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5416 zfs_ioc_diff, zfs_secpolicy_diff);
5417 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5418 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5419 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5420 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5421 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5422 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5423 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5424 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5425 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5426 zfs_ioc_send, zfs_secpolicy_send);
5427
5428 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5429 zfs_secpolicy_none);
5430 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5431 zfs_secpolicy_destroy);
5432 zfs_ioctl_register_dataset_modify(ZFS_IOC_ROLLBACK, zfs_ioc_rollback,
5433 zfs_secpolicy_rollback);
5434 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5435 zfs_secpolicy_rename);
5436 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5437 zfs_secpolicy_recv);
5438 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5439 zfs_secpolicy_promote);
5440 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5441 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5442 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5443 zfs_secpolicy_set_fsacl);
5444
5445 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5446 zfs_secpolicy_share, POOL_CHECK_NONE);
5447 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5448 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5449 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5450 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5451 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5452 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5453 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5454 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5455 }
5456
5457 int
5458 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5459 zfs_ioc_poolcheck_t check)
5460 {
5461 spa_t *spa;
5462 int error;
5463
5464 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5465
5466 if (check & POOL_CHECK_NONE)
5467 return (0);
5468
5469 error = spa_open(name, &spa, FTAG);
5470 if (error == 0) {
5471 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5472 error = SET_ERROR(EAGAIN);
5473 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5474 error = SET_ERROR(EROFS);
5475 spa_close(spa, FTAG);
5476 }
5477 return (error);
5478 }
5479
5480 /*
5481 * Find a free minor number.
5482 */
5483 minor_t
5484 zfsdev_minor_alloc(void)
5485 {
5486 static minor_t last_minor;
5487 minor_t m;
5488
5489 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5490
5491 for (m = last_minor + 1; m != last_minor; m++) {
5492 if (m > ZFSDEV_MAX_MINOR)
5493 m = 1;
5494 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5495 last_minor = m;
5496 return (m);
5497 }
5498 }
5499
5500 return (0);
5501 }
5502
5503 static int
5504 zfs_ctldev_init(dev_t *devp)
5505 {
5506 minor_t minor;
5507 zfs_soft_state_t *zs;
5508
5509 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5510 ASSERT(getminor(*devp) == 0);
5511
5512 minor = zfsdev_minor_alloc();
5513 if (minor == 0)
5514 return (SET_ERROR(ENXIO));
5515
5516 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5517 return (SET_ERROR(EAGAIN));
5518
5519 *devp = makedevice(getemajor(*devp), minor);
5520
5521 zs = ddi_get_soft_state(zfsdev_state, minor);
5522 zs->zss_type = ZSST_CTLDEV;
5523 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5524
5525 return (0);
5526 }
5527
5528 static void
5529 zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5530 {
5531 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5532
5533 zfs_onexit_destroy(zo);
5534 ddi_soft_state_free(zfsdev_state, minor);
5535 }
5536
5537 void *
5538 zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5539 {
5540 zfs_soft_state_t *zp;
5541
5542 zp = ddi_get_soft_state(zfsdev_state, minor);
5543 if (zp == NULL || zp->zss_type != which)
5544 return (NULL);
5545
5546 return (zp->zss_data);
5547 }
5548
5549 static int
5550 zfsdev_open(dev_t *devp, int flag, int otyp, cred_t *cr)
5551 {
5552 int error = 0;
5553
5554 if (getminor(*devp) != 0)
5555 return (zvol_open(devp, flag, otyp, cr));
5556
5557 /* This is the control device. Allocate a new minor if requested. */
5558 if (flag & FEXCL) {
5559 mutex_enter(&zfsdev_state_lock);
5560 error = zfs_ctldev_init(devp);
5561 mutex_exit(&zfsdev_state_lock);
5562 }
5563
5564 return (error);
5565 }
5566
5567 static int
5568 zfsdev_close(dev_t dev, int flag, int otyp, cred_t *cr)
5569 {
5570 zfs_onexit_t *zo;
5571 minor_t minor = getminor(dev);
5572
5573 if (minor == 0)
5574 return (0);
5575
5576 mutex_enter(&zfsdev_state_lock);
5577 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5578 if (zo == NULL) {
5579 mutex_exit(&zfsdev_state_lock);
5580 return (zvol_close(dev, flag, otyp, cr));
5581 }
5582 zfs_ctldev_destroy(zo, minor);
5583 mutex_exit(&zfsdev_state_lock);
5584
5585 return (0);
5586 }
5587
5588 static int
5589 zfsdev_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
5590 {
5591 zfs_cmd_t *zc;
5592 uint_t vecnum;
5593 int error, rc, len;
5594 minor_t minor = getminor(dev);
5595 const zfs_ioc_vec_t *vec;
5596 char *saved_poolname = NULL;
5597 nvlist_t *innvl = NULL;
5598
5599 if (minor != 0 &&
5600 zfsdev_get_soft_state(minor, ZSST_CTLDEV) == NULL)
5601 return (zvol_ioctl(dev, cmd, arg, flag, cr, rvalp));
5602
5603 vecnum = cmd - ZFS_IOC_FIRST;
5604 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip));
5605
5606 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5607 return (SET_ERROR(EINVAL));
5608 vec = &zfs_ioc_vec[vecnum];
5609
5610 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5611
5612 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5613 if (error != 0) {
5614 error = SET_ERROR(EFAULT);
5615 goto out;
5616 }
5617
5618 zc->zc_iflags = flag & FKIOCTL;
5619 if (zc->zc_nvlist_src_size != 0) {
5620 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5621 zc->zc_iflags, &innvl);
5622 if (error != 0)
5623 goto out;
5624 }
5625
5626 /*
5627 * Ensure that all pool/dataset names are valid before we pass down to
5628 * the lower layers.
5629 */
5630 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5631 switch (vec->zvec_namecheck) {
5632 case POOL_NAME:
5633 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5634 error = SET_ERROR(EINVAL);
5635 else
5636 error = pool_status_check(zc->zc_name,
5637 vec->zvec_namecheck, vec->zvec_pool_check);
5638 break;
5639
5640 case DATASET_NAME:
5641 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5642 error = SET_ERROR(EINVAL);
5643 else
5644 error = pool_status_check(zc->zc_name,
5645 vec->zvec_namecheck, vec->zvec_pool_check);
5646 break;
5647
5648 case NO_NAME:
5649 break;
5650 }
5651
5652
5653 if (error == 0 && !(flag & FKIOCTL))
5654 error = vec->zvec_secpolicy(zc, innvl, cr);
5655
5656 if (error != 0)
5657 goto out;
5658
5659 /* legacy ioctls can modify zc_name */
5660 len = strcspn(zc->zc_name, "/@") + 1;
5661 saved_poolname = kmem_alloc(len, KM_SLEEP);
5662 (void) strlcpy(saved_poolname, zc->zc_name, len);
5663
5664 if (vec->zvec_func != NULL) {
5665 nvlist_t *outnvl;
5666 int puterror = 0;
5667 spa_t *spa;
5668 nvlist_t *lognv = NULL;
5669
5670 ASSERT(vec->zvec_legacy_func == NULL);
5671
5672 /*
5673 * Add the innvl to the lognv before calling the func,
5674 * in case the func changes the innvl.
5675 */
5676 if (vec->zvec_allow_log) {
5677 lognv = fnvlist_alloc();
5678 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5679 vec->zvec_name);
5680 if (!nvlist_empty(innvl)) {
5681 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5682 innvl);
5683 }
5684 }
5685
5686 outnvl = fnvlist_alloc();
5687 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5688
5689 if (error == 0 && vec->zvec_allow_log &&
5690 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5691 if (!nvlist_empty(outnvl)) {
5692 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5693 outnvl);
5694 }
5695 (void) spa_history_log_nvl(spa, lognv);
5696 spa_close(spa, FTAG);
5697 }
5698 fnvlist_free(lognv);
5699
5700 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5701 int smusherror = 0;
5702 if (vec->zvec_smush_outnvlist) {
5703 smusherror = nvlist_smush(outnvl,
5704 zc->zc_nvlist_dst_size);
5705 }
5706 if (smusherror == 0)
5707 puterror = put_nvlist(zc, outnvl);
5708 }
5709
5710 if (puterror != 0)
5711 error = puterror;
5712
5713 nvlist_free(outnvl);
5714 } else {
5715 error = vec->zvec_legacy_func(zc);
5716 }
5717
5718 out:
5719 nvlist_free(innvl);
5720 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5721 if (error == 0 && rc != 0)
5722 error = SET_ERROR(EFAULT);
5723 if (error == 0 && vec->zvec_allow_log) {
5724 char *s = tsd_get(zfs_allow_log_key);
5725 if (s != NULL)
5726 strfree(s);
5727 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5728 } else {
5729 if (saved_poolname != NULL)
5730 strfree(saved_poolname);
5731 }
5732
5733 kmem_free(zc, sizeof (zfs_cmd_t));
5734 return (error);
5735 }
5736
5737 static int
5738 zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5739 {
5740 if (cmd != DDI_ATTACH)
5741 return (DDI_FAILURE);
5742
5743 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5744 DDI_PSEUDO, 0) == DDI_FAILURE)
5745 return (DDI_FAILURE);
5746
5747 zfs_dip = dip;
5748
5749 ddi_report_dev(dip);
5750
5751 return (DDI_SUCCESS);
5752 }
5753
5754 static int
5755 zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5756 {
5757 if (spa_busy() || zfs_busy() || zvol_busy())
5758 return (DDI_FAILURE);
5759
5760 if (cmd != DDI_DETACH)
5761 return (DDI_FAILURE);
5762
5763 zfs_dip = NULL;
5764
5765 ddi_prop_remove_all(dip);
5766 ddi_remove_minor_node(dip, NULL);
5767
5768 return (DDI_SUCCESS);
5769 }
5770
5771 /*ARGSUSED*/
5772 static int
5773 zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5774 {
5775 switch (infocmd) {
5776 case DDI_INFO_DEVT2DEVINFO:
5777 *result = zfs_dip;
5778 return (DDI_SUCCESS);
5779
5780 case DDI_INFO_DEVT2INSTANCE:
5781 *result = (void *)0;
5782 return (DDI_SUCCESS);
5783 }
5784
5785 return (DDI_FAILURE);
5786 }
5787
5788 /*
5789 * OK, so this is a little weird.
5790 *
5791 * /dev/zfs is the control node, i.e. minor 0.
5792 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5793 *
5794 * /dev/zfs has basically nothing to do except serve up ioctls,
5795 * so most of the standard driver entry points are in zvol.c.
5796 */
5797 static struct cb_ops zfs_cb_ops = {
5798 zfsdev_open, /* open */
5799 zfsdev_close, /* close */
5800 zvol_strategy, /* strategy */
5801 nodev, /* print */
5802 zvol_dump, /* dump */
5803 zvol_read, /* read */
5804 zvol_write, /* write */
5805 zfsdev_ioctl, /* ioctl */
5806 nodev, /* devmap */
5807 nodev, /* mmap */
5808 nodev, /* segmap */
5809 nochpoll, /* poll */
5810 ddi_prop_op, /* prop_op */
5811 NULL, /* streamtab */
5812 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5813 CB_REV, /* version */
5814 nodev, /* async read */
5815 nodev, /* async write */
5816 };
5817
5818 static struct dev_ops zfs_dev_ops = {
5819 DEVO_REV, /* version */
5820 0, /* refcnt */
5821 zfs_info, /* info */
5822 nulldev, /* identify */
5823 nulldev, /* probe */
5824 zfs_attach, /* attach */
5825 zfs_detach, /* detach */
5826 nodev, /* reset */
5827 &zfs_cb_ops, /* driver operations */
5828 NULL, /* no bus operations */
5829 NULL, /* power */
5830 ddi_quiesce_not_needed, /* quiesce */
5831 };
5832
5833 static struct modldrv zfs_modldrv = {
5834 &mod_driverops,
5835 "ZFS storage pool",
5836 &zfs_dev_ops
5837 };
5838
5839 static struct modlinkage modlinkage = {
5840 MODREV_1,
5841 (void *)&zfs_modlfs,
5842 (void *)&zfs_modldrv,
5843 NULL
5844 };
5845
5846 static void
5847 zfs_allow_log_destroy(void *arg)
5848 {
5849 char *poolname = arg;
5850 strfree(poolname);
5851 }
5852
5853 int
5854 _init(void)
5855 {
5856 int error;
5857
5858 spa_init(FREAD | FWRITE);
5859 zfs_init();
5860 zvol_init();
5861 zfs_ioctl_init();
5862
5863 if ((error = mod_install(&modlinkage)) != 0) {
5864 zvol_fini();
5865 zfs_fini();
5866 spa_fini();
5867 return (error);
5868 }
5869
5870 tsd_create(&zfs_fsyncer_key, NULL);
5871 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
5872 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
5873
5874 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5875 ASSERT(error == 0);
5876 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5877
5878 return (0);
5879 }
5880
5881 int
5882 _fini(void)
5883 {
5884 int error;
5885
5886 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5887 return (SET_ERROR(EBUSY));
5888
5889 if ((error = mod_remove(&modlinkage)) != 0)
5890 return (error);
5891
5892 zvol_fini();
5893 zfs_fini();
5894 spa_fini();
5895 if (zfs_nfsshare_inited)
5896 (void) ddi_modclose(nfs_mod);
5897 if (zfs_smbshare_inited)
5898 (void) ddi_modclose(smbsrv_mod);
5899 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5900 (void) ddi_modclose(sharefs_mod);
5901
5902 tsd_destroy(&zfs_fsyncer_key);
5903 ldi_ident_release(zfs_li);
5904 zfs_li = NULL;
5905 mutex_destroy(&zfs_share_lock);
5906
5907 return (error);
5908 }
5909
5910 int
5911 _info(struct modinfo *modinfop)
5912 {
5913 return (mod_info(&modlinkage, modinfop));
5914 }