]> git.proxmox.com Git - mirror_zfs.git/blame - module/zfs/zfs_ioctl.c
projects / mirror_zfs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Teach zpool scrub to scrub only blocks in error log
[mirror_zfs.git] / module / zfs / zfs_ioctl.c
CommitLineData
34dc7c2f
BB		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1d3ba0bf 9 * or https://opensource.org/licenses/CDDL-1.0.
34dc7c2f
BB		 10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
9ae529ec 21
34dc7c2f 22/*
428870ff 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
b129c659 24 * Portions Copyright 2011 Martin Matuska
671c9354 25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
67a1b037 26 * Copyright (c) 2012 Pawel Jakub Dawidek
005e27e3 27 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
1b87e0f5 28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
788eb90c 29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
196bee4c 30 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
9759c60f 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
95fd54a1 32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
e550644f
BB		 33 * Copyright (c) 2014 Integros [integros.com]
34 * Copyright 2016 Toomas Soome <tsoome@me.com>
a0bd735a 35 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
d8d418ff 36 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
d12f91fd 37 * Copyright 2017 RackTop Systems.
d3f2cd7e 38 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
4c0883fb 39 * Copyright (c) 2019 Datto Inc.
a73f361f 40 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
2a673e76 41 * Copyright (c) 2019, 2021, Klara Inc.
10b3c7f5 42 * Copyright (c) 2019, Allan Jude
6f1ffb06
MA		 43 */
44
45/*
46 * ZFS ioctls.
47 *
48 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
49 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
50 *
51 * There are two ways that we handle ioctls: the legacy way where almost
52 * all of the logic is in the ioctl callback, and the new way where most
53 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
54 *
55 * Non-legacy ioctls should be registered by calling
56 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
57 * from userland by lzc_ioctl().
58 *
59 * The registration arguments are as follows:
60 *
61 * const char *name
62 * The name of the ioctl. This is used for history logging. If the
63 * ioctl returns successfully (the callback returns 0), and allow_log
64 * is true, then a history log entry will be recorded with the input &
65 * output nvlists. The log entry can be printed with "zpool history -i".
66 *
67 * zfs_ioc_t ioc
68 * The ioctl request number, which userland will pass to ioctl(2).
b83a0e2d
DB		 69 * We want newer versions of libzfs and libzfs_core to run against
70 * existing zfs kernel modules (i.e. a deferred reboot after an update).
71 * Therefore the ioctl numbers cannot change from release to release.
6f1ffb06
MA		 72 *
73 * zfs_secpolicy_func_t *secpolicy
74 * This function will be called before the zfs_ioc_func_t, to
75 * determine if this operation is permitted. It should return EPERM
76 * on failure, and 0 on success. Checks include determining if the
77 * dataset is visible in this zone, and if the user has either all
78 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
79 * to do this operation on this dataset with "zfs allow".
80 *
81 * zfs_ioc_namecheck_t namecheck
82 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
83 * name, a dataset name, or nothing. If the name is not well-formed,
84 * the ioctl will fail and the callback will not be called.
85 * Therefore, the callback can assume that the name is well-formed
86 * (e.g. is null-terminated, doesn't have more than one '@' character,
87 * doesn't have invalid characters).
88 *
89 * zfs_ioc_poolcheck_t pool_check
90 * This specifies requirements on the pool state. If the pool does
91 * not meet them (is suspended or is readonly), the ioctl will fail
92 * and the callback will not be called. If any checks are specified
93 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
94 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
95 * POOL_CHECK_READONLY).
96 *
b83a0e2d
DB		 97 * zfs_ioc_key_t *nvl_keys
98 * The list of expected/allowable innvl input keys. This list is used
99 * to validate the nvlist input to the ioctl.
100 *
6f1ffb06
MA		 101 * boolean_t smush_outnvlist
102 * If smush_outnvlist is true, then the output is presumed to be a
103 * list of errors, and it will be "smushed" down to fit into the
104 * caller's buffer, by removing some entries and replacing them with a
105 * single "N_MORE_ERRORS" entry indicating how many were removed. See
106 * nvlist_smush() for details. If smush_outnvlist is false, and the
107 * outnvlist does not fit into the userland-provided buffer, then the
108 * ioctl will fail with ENOMEM.
109 *
110 * zfs_ioc_func_t *func
111 * The callback function that will perform the operation.
112 *
113 * The callback should return 0 on success, or an error number on
114 * failure. If the function fails, the userland ioctl will return -1,
115 * and errno will be set to the callback's return value. The callback
116 * will be called with the following arguments:
117 *
118 * const char *name
119 * The name of the pool or dataset to operate on, from
120 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
121 * expected type (pool, dataset, or none).
122 *
123 * nvlist_t *innvl
124 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
125 * NULL if no input nvlist was provided. Changes to this nvlist are
126 * ignored. If the input nvlist could not be deserialized, the
127 * ioctl will fail and the callback will not be called.
128 *
129 * nvlist_t *outnvl
130 * The output nvlist, initially empty. The callback can fill it in,
131 * and it will be returned to userland by serializing it into
132 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
133 * fails (e.g. because the caller didn't supply a large enough
134 * buffer), then the overall ioctl will fail. See the
135 * 'smush_nvlist' argument above for additional behaviors.
136 *
137 * There are two typical uses of the output nvlist:
138 * - To return state, e.g. property values. In this case,
139 * smush_outnvlist should be false. If the buffer was not large
140 * enough, the caller will reallocate a larger buffer and try
141 * the ioctl again.
142 *
143 * - To return multiple errors from an ioctl which makes on-disk
144 * changes. In this case, smush_outnvlist should be true.
145 * Ioctls which make on-disk modifications should generally not
146 * use the outnvl if they succeed, because the caller can not
147 * distinguish between the operation failing, and
148 * deserialization failing.
b83a0e2d
DB		 149 *
150 * IOCTL Interface Errors
151 *
152 * The following ioctl input errors can be returned:
153 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
154 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
155 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
156 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
3541dc6d 157 */
34dc7c2f 158
34dc7c2f
BB		 159#include <sys/types.h>
160#include <sys/param.h>
161#include <sys/errno.h>
c0801bf3 162#include <sys/uio_impl.h>
34dc7c2f
BB		 163#include <sys/file.h>
164#include <sys/kmem.h>
34dc7c2f
BB		 165#include <sys/cmn_err.h>
166#include <sys/stat.h>
167#include <sys/zfs_ioctl.h>
957c7aa2 168#include <sys/zfs_quota.h>
428870ff 169#include <sys/zfs_vfsops.h>
34dc7c2f
BB		 170#include <sys/zfs_znode.h>
171#include <sys/zap.h>
172#include <sys/spa.h>
173#include <sys/spa_impl.h>
174#include <sys/vdev.h>
4a283c7f 175#include <sys/vdev_impl.h>
34dc7c2f
BB		 176#include <sys/dmu.h>
177#include <sys/dsl_dir.h>
178#include <sys/dsl_dataset.h>
179#include <sys/dsl_prop.h>
180#include <sys/dsl_deleg.h>
181#include <sys/dmu_objset.h>
37abac6d 182#include <sys/dmu_impl.h>
30af21b0 183#include <sys/dmu_redact.h>
13fe0198 184#include <sys/dmu_tx.h>
34dc7c2f 185#include <sys/sunddi.h>
34dc7c2f
BB		 186#include <sys/policy.h>
187#include <sys/zone.h>
188#include <sys/nvpair.h>
189#include <sys/pathname.h>
34dc7c2f 190#include <sys/fs/zfs.h>
ebe7e575 191#include <sys/zfs_ctldir.h>
34dc7c2f 192#include <sys/zfs_dir.h>
572e2857 193#include <sys/zfs_onexit.h>
34dc7c2f 194#include <sys/zvol.h>
428870ff 195#include <sys/dsl_scan.h>
325f0235 196#include <sys/fm/util.h>
b5256303 197#include <sys/dsl_crypt.h>
7bb0c294 198#include <sys/rrwlock.h>
da92d5cb 199#include <sys/zfs_file.h>
325f0235 200
03916905 201#include <sys/dmu_recv.h>
13fe0198 202#include <sys/dmu_send.h>
30af21b0 203#include <sys/dmu_recv.h>
13fe0198 204#include <sys/dsl_destroy.h>
da536844 205#include <sys/dsl_bookmark.h>
13fe0198 206#include <sys/dsl_userhold.h>
9759c60f 207#include <sys/zfeature.h>
d99a0153 208#include <sys/zcp.h>
3c67d83a 209#include <sys/zio_checksum.h>
a1d477c2 210#include <sys/vdev_removal.h>
619f0976
GW		 211#include <sys/vdev_impl.h>
212#include <sys/vdev_initialize.h>
1b939560 213#include <sys/vdev_trim.h>
9759c60f 214
34dc7c2f
BB		 215#include "zfs_namecheck.h"
216#include "zfs_prop.h"
217#include "zfs_deleg.h"
428870ff 218#include "zfs_comutil.h"
34dc7c2f 219
d99a0153
CW		 220#include <sys/lua/lua.h>
221#include <sys/lua/lauxlib.h>
7bb0c294 222#include <sys/zfs_ioctl_impl.h>
f74b821a 223
325f0235 224kmutex_t zfsdev_state_lock;
9a14ce43 225static zfsdev_state_t zfsdev_state_listhead;
34dc7c2f 226
b83a0e2d 227/*
7bb0c294
MM		 228 * Limit maximum nvlist size. We don't want users passing in insane values
229 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
009cc8e8 230 * Defaults to 0=auto which is handled by platform code.
b83a0e2d 231 */
ab8d9c17 232uint64_t zfs_max_nvlist_src_size = 0;
7bb0c294 233
d66aab7c
MA		 234/*
235 * When logging the output nvlist of an ioctl in the on-disk history, limit
bf169e9f 236 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS.
d66aab7c
MA		 237 * This applies primarily to zfs_ioc_channel_program().
238 */
ab8d9c17 239static uint64_t zfs_history_output_max = 1024 * 1024;
d66aab7c 240
7bb0c294
MM		 241uint_t zfs_fsyncer_key;
242uint_t zfs_allow_log_key;
b83a0e2d
DB		 243
244/* DATA_TYPE_ANY is used when zkey_type can vary. */
245#define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
246
34dc7c2f 247typedef struct zfs_ioc_vec {
6f1ffb06 248 zfs_ioc_legacy_func_t *zvec_legacy_func;
34dc7c2f
BB		 249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
9babb374 251 zfs_ioc_namecheck_t zvec_namecheck;
6f1ffb06 252 boolean_t zvec_allow_log;
572e2857 253 zfs_ioc_poolcheck_t zvec_pool_check;
6f1ffb06
MA		 254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
b83a0e2d
DB		 256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
34dc7c2f
BB		 258} zfs_ioc_vec_t;
259
9babb374
BB		 260/* This array is indexed by zfs_userquota_prop_t */
261static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
1de321e6
JX		 266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
9c5167d1
NF		 270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
9babb374
BB		 274};
275
276static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
9c5167d1 277static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
428870ff
BB		 278static int zfs_check_settable(const char *name, nvpair_t *property,
279 cred_t *cr);
4d55ea81 280static int zfs_check_clearable(const char *dataset, nvlist_t *props,
428870ff 281 nvlist_t **errors);
b128c09f
BB		 282static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
283 boolean_t *);
6f1ffb06
MA		 284int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
b128c09f 286
34dc7c2f
BB		 287static void
288history_str_free(char *buf)
289{
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
291}
292
293static char *
294history_str_get(zfs_cmd_t *zc)
295{
296 char *buf;
297
b8864a23 298 if (zc->zc_history == 0)
34dc7c2f
BB		 299 return (NULL);
300
efcd79a8 301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
34dc7c2f
BB		 302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
305 return (NULL);
306 }
307
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
309
310 return (buf);
311}
312
b128c09f 313/*
d3cc8b15 314 * Return non-zero if the spa version is less than requested version.
34dc7c2f
BB		 315 */
316static int
b128c09f 317zfs_earlier_version(const char *name, int version)
34dc7c2f 318{
34dc7c2f
BB		 319 spa_t *spa;
320
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
324 return (1);
325 }
326 spa_close(spa, FTAG);
327 }
328 return (0);
329}
330
331/*
b128c09f 332 * Return TRUE if the ZPL version is less than requested version.
34dc7c2f 333 */
b128c09f
BB		 334static boolean_t
335zpl_earlier_version(const char *name, int version)
34dc7c2f
BB		 336{
337 objset_t *os;
b128c09f 338 boolean_t rc = B_TRUE;
34dc7c2f 339
428870ff 340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
b128c09f 341 uint64_t zplversion;
34dc7c2f 342
428870ff
BB		 343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
345 return (B_TRUE);
346 }
347 /* XXX reading from non-owned objset */
b128c09f
BB		 348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
428870ff 350 dmu_objset_rele(os, FTAG);
34dc7c2f
BB		 351 }
352 return (rc);
353}
354
355static void
356zfs_log_history(zfs_cmd_t *zc)
357{
358 spa_t *spa;
359 char *buf;
360
361 if ((buf = history_str_get(zc)) == NULL)
362 return;
363
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
6f1ffb06 366 (void) spa_history_log(spa, buf);
34dc7c2f
BB		 367 spa_close(spa, FTAG);
368 }
369 history_str_free(buf);
370}
371
372/*
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
375 */
34dc7c2f 376static int
6f1ffb06 377zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 378{
ef70eff1 379 (void) zc, (void) innvl, (void) cr;
34dc7c2f
BB		 380 return (0);
381}
382
383/*
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
386 */
34dc7c2f 387static int
6f1ffb06 388zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 389{
ef70eff1 390 (void) innvl, (void) cr;
34dc7c2f
BB		 391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
393 return (0);
394
2e528b49 395 return (SET_ERROR(ENOENT));
34dc7c2f
BB		 396}
397
398static int
572e2857 399zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
34dc7c2f 400{
34dc7c2f
BB		 401 int writable = 1;
402
403 /*
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
406 */
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
2e528b49 409 return (SET_ERROR(ENOENT));
34dc7c2f 410
34dc7c2f
BB		 411 if (INGLOBALZONE(curproc)) {
412 /*
413 * If the fs is zoned, only root can access it from the
414 * global zone.
415 */
416 if (secpolicy_zfs(cr) && zoned)
2e528b49 417 return (SET_ERROR(EPERM));
34dc7c2f
BB		 418 } else {
419 /*
420 * If we are in a local zone, the 'zoned' property must be set.
421 */
422 if (!zoned)
2e528b49 423 return (SET_ERROR(EPERM));
34dc7c2f
BB		 424
425 /* must be writable by this zone */
426 if (!writable)
2e528b49 427 return (SET_ERROR(EPERM));
34dc7c2f
BB		 428 }
429 return (0);
430}
431
572e2857
BB		 432static int
433zfs_dozonecheck(const char *dataset, cred_t *cr)
434{
435 uint64_t zoned;
436
7bb0c294
MM		 437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
438 &zoned, NULL))
2e528b49 439 return (SET_ERROR(ENOENT));
572e2857
BB		 440
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
442}
443
444static int
445zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
446{
447 uint64_t zoned;
448
7bb0c294 449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
2e528b49 450 return (SET_ERROR(ENOENT));
572e2857
BB		 451
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
453}
454
6f1ffb06 455static int
13fe0198
MA		 456zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
34dc7c2f
BB		 458{
459 int error;
460
330d06f9 461 error = zfs_dozonecheck_ds(name, ds, cr);
34dc7c2f
BB		 462 if (error == 0) {
463 error = secpolicy_zfs(cr);
13fe0198 464 if (error != 0)
6f1ffb06 465 error = dsl_deleg_access_impl(ds, perm, cr);
34dc7c2f
BB		 466 }
467 return (error);
468}
469
6f1ffb06 470static int
13fe0198 471zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
572e2857
BB		 472{
473 int error;
13fe0198
MA		 474 dsl_dataset_t *ds;
475 dsl_pool_t *dp;
572e2857 476
e88551d5
GM		 477 /*
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
481 */
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
483 return (0);
484
13fe0198
MA		 485 error = dsl_pool_hold(name, FTAG, &dp);
486 if (error != 0)
487 return (error);
488
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
490 if (error != 0) {
491 dsl_pool_rele(dp, FTAG);
492 return (error);
572e2857 493 }
13fe0198
MA		 494
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
496
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
572e2857
BB		 499 return (error);
500}
501
428870ff
BB		 502/*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
34dc7c2f 507static int
4d55ea81 508zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
34dc7c2f 509{
d2c15e84 510#ifdef HAVE_MLSLABEL
428870ff
BB		 511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
514 uint64_t zoned;
515 int needed_priv = -1;
516 int error;
517
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
13fe0198 521 if (error != 0)
2e528b49 522 return (SET_ERROR(EPERM));
428870ff
BB		 523
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
525 new_default = TRUE;
526
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
2e528b49 529 return (SET_ERROR(EINVAL));
428870ff
BB		 530
531 /*
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
534 * are needed.
535 */
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
2e528b49 538 return (SET_ERROR(EPERM));
428870ff
BB		 539 return (0);
540 }
541
542 /*
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
545 * global zone.
546 */
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
2e528b49 549 return (SET_ERROR(EPERM));
428870ff
BB		 550 if (!zoned) {
551 if (zfs_check_global_label(name, strval) != 0)
2e528b49 552 return (SET_ERROR(EPERM));
428870ff
BB		 553 }
554
555 /*
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
0037b49e 558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
428870ff
BB		 559 * mounted (or isn't a dataset, doesn't exist, ...).
560 */
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
562 objset_t *os;
4d55ea81 563 static const char *setsl_tag = "setsl_tag";
428870ff
BB		 564
565 /*
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
568 */
b5256303 569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
428870ff 570 setsl_tag, &os);
13fe0198 571 if (error != 0)
2e528b49 572 return (SET_ERROR(EPERM));
428870ff 573
b5256303 574 dmu_objset_disown(os, B_TRUE, setsl_tag);
428870ff
BB		 575
576 if (new_default) {
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
578 goto out_check;
579 }
580
581 if (hexstr_to_label(strval, &new_sl) != 0)
2e528b49 582 return (SET_ERROR(EPERM));
428870ff
BB		 583
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
588 } else {
589 /* dataset currently has a default label */
590 if (!new_default)
591 needed_priv = PRIV_FILE_UPGRADE_SL;
592 }
593
594out_check:
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
597 return (0);
d2c15e84 598#else
ecb2b7dc 599 return (SET_ERROR(ENOTSUP));
d2c15e84 600#endif /* HAVE_MLSLABEL */
428870ff
BB		 601}
602
603static int
604zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
605 cred_t *cr)
606{
d1807f16 607 const char *strval;
428870ff 608
34dc7c2f
BB		 609 /*
610 * Check permissions for special properties.
611 */
612 switch (prop) {
e75c13c3
BB		 613 default:
614 break;
34dc7c2f
BB		 615 case ZFS_PROP_ZONED:
616 /*
617 * Disallow setting of 'zoned' from within a local zone.
618 */
619 if (!INGLOBALZONE(curproc))
2e528b49 620 return (SET_ERROR(EPERM));
34dc7c2f
BB		 621 break;
622
623 case ZFS_PROP_QUOTA:
788eb90c
JJ		 624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
34dc7c2f
BB		 626 if (!INGLOBALZONE(curproc)) {
627 uint64_t zoned;
eca7b760 628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
34dc7c2f
BB		 629 /*
630 * Unprivileged users are allowed to modify the
788eb90c 631 * limit on things *under* (ie. contained by)
34dc7c2f
BB		 632 * the thing they own.
633 */
7bb0c294
MM		 634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
2e528b49 636 return (SET_ERROR(EPERM));
428870ff 637 if (!zoned || strlen(dsname) <= strlen(setpoint))
2e528b49 638 return (SET_ERROR(EPERM));
34dc7c2f
BB		 639 }
640 break;
428870ff
BB		 641
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
2e528b49 644 return (SET_ERROR(EPERM));
428870ff
BB		 645
646 if (nvpair_value_string(propval, &strval) == 0) {
647 int err;
648
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
650 if (err != 0)
651 return (err);
652 }
653 break;
34dc7c2f
BB		 654 }
655
428870ff 656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
34dc7c2f
BB		 657}
658
6f1ffb06
MA		 659static int
660zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 661{
34dc7c2f
BB		 662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
ef70eff1
AZ		 666 (void) innvl;
667 return (zfs_dozonecheck(zc->zc_name, cr));
34dc7c2f
BB		 668}
669
6f1ffb06
MA		 670static int
671zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 672{
ef70eff1 673 (void) innvl;
428870ff
BB		 674 return (zfs_secpolicy_write_perms(zc->zc_name,
675 ZFS_DELEG_PERM_ROLLBACK, cr));
34dc7c2f
BB		 676}
677
6f1ffb06
MA		 678static int
679zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 680{
ef70eff1 681 (void) innvl;
572e2857
BB		 682 dsl_pool_t *dp;
683 dsl_dataset_t *ds;
4d55ea81 684 const char *cp;
572e2857
BB		 685 int error;
686
687 /*
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
690 */
691 cp = strchr(zc->zc_name, '@');
692 if (cp == NULL)
2e528b49 693 return (SET_ERROR(EINVAL));
13fe0198
MA		 694 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
695 if (error != 0)
572e2857
BB		 696 return (error);
697
572e2857 698 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
13fe0198
MA		 699 if (error != 0) {
700 dsl_pool_rele(dp, FTAG);
572e2857 701 return (error);
13fe0198 702 }
572e2857
BB		 703
704 dsl_dataset_name(ds, zc->zc_name);
705
706 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
707 ZFS_DELEG_PERM_SEND, cr);
708 dsl_dataset_rele(ds, FTAG);
13fe0198 709 dsl_pool_rele(dp, FTAG);
572e2857
BB		 710
711 return (error);
34dc7c2f
BB		 712}
713
6f1ffb06
MA		 714static int
715zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
716{
ef70eff1 717 (void) innvl;
6f1ffb06
MA		 718 return (zfs_secpolicy_write_perms(zc->zc_name,
719 ZFS_DELEG_PERM_SEND, cr));
720}
721
65c7cc49 722static int
6f1ffb06 723zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 724{
ef70eff1 725 (void) zc, (void) innvl, (void) cr;
2e528b49 726 return (SET_ERROR(ENOTSUP));
9babb374 727}
34dc7c2f 728
65c7cc49 729static int
6f1ffb06 730zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 731{
ef70eff1 732 (void) zc, (void) innvl, (void) cr;
2e528b49 733 return (SET_ERROR(ENOTSUP));
34dc7c2f
BB		 734}
735
736static int
737zfs_get_parent(const char *datasetname, char *parent, int parentsize)
738{
739 char *cp;
740
741 /*
742 * Remove the @bla or /bla from the end of the name to get the parent.
743 */
7584fbe8 744 (void) strlcpy(parent, datasetname, parentsize);
34dc7c2f
BB		 745 cp = strrchr(parent, '@');
746 if (cp != NULL) {
747 cp[0] = '\0';
748 } else {
749 cp = strrchr(parent, '/');
750 if (cp == NULL)
2e528b49 751 return (SET_ERROR(ENOENT));
34dc7c2f
BB		 752 cp[0] = '\0';
753 }
754
755 return (0);
756}
757
758int
759zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
760{
761 int error;
762
763 if ((error = zfs_secpolicy_write_perms(name,
764 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
765 return (error);
766
767 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
768}
769
770static int
6f1ffb06 771zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 772{
ef70eff1 773 (void) innvl;
34dc7c2f
BB		 774 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
775}
776
777/*
428870ff 778 * Destroying snapshots with delegated permissions requires
6f1ffb06 779 * descendant mount and destroy permissions.
34dc7c2f 780 */
34dc7c2f 781static int
6f1ffb06 782zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 783{
ef70eff1 784 (void) zc;
6f1ffb06
MA		 785 nvlist_t *snaps;
786 nvpair_t *pair, *nextpair;
787 int error = 0;
428870ff 788
b83a0e2d
DB		 789 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
790
6f1ffb06
MA		 791 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
792 pair = nextpair) {
6f1ffb06 793 nextpair = nvlist_next_nvpair(snaps, pair);
da536844
MA		 794 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
795 if (error == ENOENT) {
6f1ffb06
MA		 796 /*
797 * Ignore any snapshots that don't exist (we consider
798 * them "already destroyed"). Remove the name from the
799 * nvl here in case the snapshot is created between
800 * now and when we try to destroy it (in which case
801 * we don't want to destroy it since we haven't
802 * checked for permission).
803 */
804 fnvlist_remove_nvpair(snaps, pair);
805 error = 0;
6f1ffb06 806 }
6f1ffb06
MA		 807 if (error != 0)
808 break;
809 }
428870ff 810
428870ff 811 return (error);
34dc7c2f
BB		 812}
813
814int
815zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
816{
eca7b760 817 char parentname[ZFS_MAX_DATASET_NAME_LEN];
34dc7c2f
BB		 818 int error;
819
820 if ((error = zfs_secpolicy_write_perms(from,
821 ZFS_DELEG_PERM_RENAME, cr)) != 0)
822 return (error);
823
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
826 return (error);
827
828 if ((error = zfs_get_parent(to, parentname,
829 sizeof (parentname))) != 0)
830 return (error);
831
832 if ((error = zfs_secpolicy_write_perms(parentname,
833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
834 return (error);
835
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
838 return (error);
839
840 return (error);
841}
842
843static int
6f1ffb06 844zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 845{
ef70eff1 846 (void) innvl;
34dc7c2f
BB		 847 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
848}
849
850static int
6f1ffb06 851zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 852{
ef70eff1 853 (void) innvl;
13fe0198
MA		 854 dsl_pool_t *dp;
855 dsl_dataset_t *clone;
34dc7c2f
BB		 856 int error;
857
858 error = zfs_secpolicy_write_perms(zc->zc_name,
859 ZFS_DELEG_PERM_PROMOTE, cr);
13fe0198
MA		 860 if (error != 0)
861 return (error);
862
863 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
864 if (error != 0)
34dc7c2f
BB		 865 return (error);
866
13fe0198 867 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
34dc7c2f
BB		 868
869 if (error == 0) {
eca7b760 870 char parentname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198 871 dsl_dataset_t *origin = NULL;
34dc7c2f 872 dsl_dir_t *dd;
13fe0198 873 dd = clone->ds_dir;
34dc7c2f 874
b128c09f 875 error = dsl_dataset_hold_obj(dd->dd_pool,
d683ddbb 876 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
13fe0198
MA		 877 if (error != 0) {
878 dsl_dataset_rele(clone, FTAG);
879 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 880 return (error);
881 }
882
13fe0198 883 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
34dc7c2f
BB		 884 ZFS_DELEG_PERM_MOUNT, cr);
885
13fe0198
MA		 886 dsl_dataset_name(origin, parentname);
887 if (error == 0) {
888 error = zfs_secpolicy_write_perms_ds(parentname, origin,
34dc7c2f 889 ZFS_DELEG_PERM_PROMOTE, cr);
13fe0198
MA		 890 }
891 dsl_dataset_rele(clone, FTAG);
892 dsl_dataset_rele(origin, FTAG);
34dc7c2f 893 }
13fe0198 894 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 895 return (error);
896}
897
898static int
6f1ffb06 899zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 900{
ef70eff1 901 (void) innvl;
34dc7c2f
BB		 902 int error;
903
904 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
905 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
906 return (error);
907
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
910 return (error);
911
912 return (zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_CREATE, cr));
914}
915
916int
917zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
918{
428870ff
BB		 919 return (zfs_secpolicy_write_perms(name,
920 ZFS_DELEG_PERM_SNAPSHOT, cr));
34dc7c2f
BB		 921}
922
6f1ffb06
MA		 923/*
924 * Check for permission to create each snapshot in the nvlist.
925 */
34dc7c2f 926static int
6f1ffb06 927zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 928{
ef70eff1 929 (void) zc;
6f1ffb06
MA		 930 nvlist_t *snaps;
931 int error = 0;
932 nvpair_t *pair;
933
b83a0e2d
DB		 934 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
935
6f1ffb06
MA		 936 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
937 pair = nvlist_next_nvpair(snaps, pair)) {
d1807f16 938 char *name = (char *)nvpair_name(pair);
6f1ffb06 939 char *atp = strchr(name, '@');
34dc7c2f 940
6f1ffb06 941 if (atp == NULL) {
2e528b49 942 error = SET_ERROR(EINVAL);
6f1ffb06
MA		 943 break;
944 }
945 *atp = '\0';
946 error = zfs_secpolicy_snapshot_perms(name, cr);
947 *atp = '@';
948 if (error != 0)
949 break;
950 }
951 return (error);
952}
953
da536844 954/*
b83a0e2d 955 * Check for permission to create each bookmark in the nvlist.
da536844 956 */
da536844
MA		 957static int
958zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
959{
ef70eff1 960 (void) zc;
da536844 961 int error = 0;
da536844 962
1c27024e 963 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
da536844 964 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
d1807f16 965 char *name = (char *)nvpair_name(pair);
da536844
MA		 966 char *hashp = strchr(name, '#');
967
968 if (hashp == NULL) {
969 error = SET_ERROR(EINVAL);
970 break;
971 }
972 *hashp = '\0';
973 error = zfs_secpolicy_write_perms(name,
974 ZFS_DELEG_PERM_BOOKMARK, cr);
975 *hashp = '#';
976 if (error != 0)
977 break;
978 }
979 return (error);
980}
981
da536844
MA		 982static int
983zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
984{
ef70eff1 985 (void) zc;
da536844
MA		 986 nvpair_t *pair, *nextpair;
987 int error = 0;
988
989 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
990 pair = nextpair) {
d1807f16 991 char *name = (char *)nvpair_name(pair);
da536844
MA		 992 char *hashp = strchr(name, '#');
993 nextpair = nvlist_next_nvpair(innvl, pair);
994
995 if (hashp == NULL) {
996 error = SET_ERROR(EINVAL);
997 break;
998 }
999
1000 *hashp = '\0';
1001 error = zfs_secpolicy_write_perms(name,
1002 ZFS_DELEG_PERM_DESTROY, cr);
1003 *hashp = '#';
1004 if (error == ENOENT) {
1005 /*
1006 * Ignore any filesystems that don't exist (we consider
1007 * their bookmarks "already destroyed"). Remove
1008 * the name from the nvl here in case the filesystem
1009 * is created between now and when we try to destroy
1010 * the bookmark (in which case we don't want to
1011 * destroy it since we haven't checked for permission).
1012 */
1013 fnvlist_remove_nvpair(innvl, pair);
1014 error = 0;
1015 }
1016 if (error != 0)
1017 break;
1018 }
1019
1020 return (error);
1021}
1022
6f1ffb06
MA		 1023static int
1024zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1025{
ef70eff1 1026 (void) zc, (void) innvl, (void) cr;
6f1ffb06
MA		 1027 /*
1028 * Even root must have a proper TSD so that we know what pool
1029 * to log to.
1030 */
1031 if (tsd_get(zfs_allow_log_key) == NULL)
2e528b49 1032 return (SET_ERROR(EPERM));
6f1ffb06 1033 return (0);
34dc7c2f
BB		 1034}
1035
1036static int
6f1ffb06 1037zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 1038{
d1807f16
RY		 1039 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1040 int error;
1041 const char *origin;
34dc7c2f
BB		 1042
1043 if ((error = zfs_get_parent(zc->zc_name, parentname,
1044 sizeof (parentname))) != 0)
1045 return (error);
1046
6f1ffb06
MA		 1047 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1048 (error = zfs_secpolicy_write_perms(origin,
1049 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1050 return (error);
34dc7c2f
BB		 1051
1052 if ((error = zfs_secpolicy_write_perms(parentname,
1053 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1054 return (error);
1055
6f1ffb06
MA		 1056 return (zfs_secpolicy_write_perms(parentname,
1057 ZFS_DELEG_PERM_MOUNT, cr));
34dc7c2f
BB		 1058}
1059
34dc7c2f
BB		 1060/*
1061 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1062 * SYS_CONFIG privilege, which is not available in a local zone.
1063 */
7bb0c294 1064int
6f1ffb06 1065zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 1066{
ef70eff1
AZ		 1067 (void) zc, (void) innvl;
1068
34dc7c2f 1069 if (secpolicy_sys_config(cr, B_FALSE) != 0)
2e528b49 1070 return (SET_ERROR(EPERM));
34dc7c2f
BB		 1071
1072 return (0);
1073}
1074
572e2857
BB		 1075/*
1076 * Policy for object to name lookups.
1077 */
572e2857 1078static int
6f1ffb06 1079zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
572e2857 1080{
ef70eff1 1081 (void) innvl;
572e2857
BB		 1082 int error;
1083
2e7f664f 1084 if (secpolicy_sys_config(cr, B_FALSE) == 0)
572e2857
BB		 1085 return (0);
1086
1087 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1088 return (error);
1089}
1090
34dc7c2f
BB		 1091/*
1092 * Policy for fault injection. Requires all privileges.
1093 */
34dc7c2f 1094static int
6f1ffb06 1095zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 1096{
ef70eff1 1097 (void) zc, (void) innvl;
34dc7c2f
BB		 1098 return (secpolicy_zinject(cr));
1099}
1100
1101static int
6f1ffb06 1102zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 1103{
ef70eff1 1104 (void) innvl;
34dc7c2f
BB		 1105 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1106
4ff7a8fa 1107 if (prop == ZPROP_USERPROP) {
34dc7c2f 1108 if (!zfs_prop_user(zc->zc_value))
2e528b49 1109 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1110 return (zfs_secpolicy_write_perms(zc->zc_name,
1111 ZFS_DELEG_PERM_USERPROP, cr));
1112 } else {
428870ff
BB		 1113 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1114 NULL, cr));
34dc7c2f
BB		 1115 }
1116}
1117
9babb374 1118static int
6f1ffb06 1119zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1120{
6f1ffb06 1121 int err = zfs_secpolicy_read(zc, innvl, cr);
9babb374
BB		 1122 if (err)
1123 return (err);
1124
1125 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 1126 return (SET_ERROR(EINVAL));
9babb374
BB		 1127
1128 if (zc->zc_value[0] == 0) {
1129 /*
1130 * They are asking about a posix uid/gid. If it's
1131 * themself, allow it.
1132 */
1133 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1de321e6
JX		 1134 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1135 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1136 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
9babb374
BB		 1137 if (zc->zc_guid == crgetuid(cr))
1138 return (0);
9c5167d1
NF		 1139 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1140 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1141 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1142 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
9babb374
BB		 1143 if (groupmember(zc->zc_guid, cr))
1144 return (0);
1145 }
9c5167d1 1146 /* else is for project quota/used */
9babb374
BB		 1147 }
1148
1149 return (zfs_secpolicy_write_perms(zc->zc_name,
1150 userquota_perms[zc->zc_objset_type], cr));
1151}
1152
1153static int
6f1ffb06 1154zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1155{
6f1ffb06 1156 int err = zfs_secpolicy_read(zc, innvl, cr);
9babb374
BB		 1157 if (err)
1158 return (err);
1159
1160 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 1161 return (SET_ERROR(EINVAL));
9babb374
BB		 1162
1163 return (zfs_secpolicy_write_perms(zc->zc_name,
1164 userquota_perms[zc->zc_objset_type], cr));
1165}
1166
1167static int
6f1ffb06 1168zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1169{
ef70eff1 1170 (void) innvl;
428870ff
BB		 1171 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1172 NULL, cr));
9babb374
BB		 1173}
1174
45d1cae3 1175static int
6f1ffb06 1176zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
45d1cae3 1177{
ef70eff1 1178 (void) zc;
13fe0198
MA		 1179 nvpair_t *pair;
1180 nvlist_t *holds;
1181 int error;
1182
b83a0e2d 1183 holds = fnvlist_lookup_nvlist(innvl, "holds");
13fe0198
MA		 1184
1185 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1186 pair = nvlist_next_nvpair(holds, pair)) {
eca7b760 1187 char fsname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 1188 error = dmu_fsname(nvpair_name(pair), fsname);
1189 if (error != 0)
1190 return (error);
1191 error = zfs_secpolicy_write_perms(fsname,
1192 ZFS_DELEG_PERM_HOLD, cr);
1193 if (error != 0)
1194 return (error);
1195 }
1196 return (0);
45d1cae3
BB		 1197}
1198
1199static int
6f1ffb06 1200zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
45d1cae3 1201{
ef70eff1 1202 (void) zc;
13fe0198
MA		 1203 nvpair_t *pair;
1204 int error;
1205
1206 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1207 pair = nvlist_next_nvpair(innvl, pair)) {
eca7b760 1208 char fsname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 1209 error = dmu_fsname(nvpair_name(pair), fsname);
1210 if (error != 0)
1211 return (error);
1212 error = zfs_secpolicy_write_perms(fsname,
1213 ZFS_DELEG_PERM_RELEASE, cr);
1214 if (error != 0)
1215 return (error);
1216 }
1217 return (0);
45d1cae3
BB		 1218}
1219
572e2857
BB		 1220/*
1221 * Policy for allowing temporary snapshots to be taken or released
1222 */
1223static int
6f1ffb06 1224zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
572e2857
BB		 1225{
1226 /*
1227 * A temporary snapshot is the same as a snapshot,
1228 * hold, destroy and release all rolled into one.
1229 * Delegated diff alone is sufficient that we allow this.
1230 */
1231 int error;
1232
2e7f664f
RY		 1233 if (zfs_secpolicy_write_perms(zc->zc_name,
1234 ZFS_DELEG_PERM_DIFF, cr) == 0)
572e2857
BB		 1235 return (0);
1236
6f1ffb06 1237 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
b83a0e2d
DB		 1238
1239 if (innvl != NULL) {
1240 if (error == 0)
1241 error = zfs_secpolicy_hold(zc, innvl, cr);
1242 if (error == 0)
1243 error = zfs_secpolicy_release(zc, innvl, cr);
1244 if (error == 0)
1245 error = zfs_secpolicy_destroy(zc, innvl, cr);
1246 }
572e2857
BB		 1247 return (error);
1248}
1249
b5256303
TC		 1250static int
1251zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1252{
1253 return (zfs_secpolicy_write_perms(zc->zc_name,
1254 ZFS_DELEG_PERM_LOAD_KEY, cr));
1255}
1256
1257static int
1258zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1259{
1260 return (zfs_secpolicy_write_perms(zc->zc_name,
1261 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1262}
1263
34dc7c2f
BB		 1264/*
1265 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1266 */
1267static int
9babb374 1268get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
34dc7c2f
BB		 1269{
1270 char *packed;
1271 int error;
1272 nvlist_t *list = NULL;
1273
1274 /*
1275 * Read in and unpack the user-supplied nvlist.
1276 */
1277 if (size == 0)
2e528b49 1278 return (SET_ERROR(EINVAL));
34dc7c2f 1279
77aef6f6 1280 packed = vmem_alloc(size, KM_SLEEP);
34dc7c2f 1281
2e7f664f 1282 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) {
77aef6f6 1283 vmem_free(packed, size);
0de7c552 1284 return (SET_ERROR(EFAULT));
34dc7c2f
BB		 1285 }
1286
1287 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
77aef6f6 1288 vmem_free(packed, size);
34dc7c2f
BB		 1289 return (error);
1290 }
1291
77aef6f6 1292 vmem_free(packed, size);
34dc7c2f
BB		 1293
1294 *nvp = list;
1295 return (0);
1296}
1297
6f1ffb06
MA		 1298/*
1299 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1300 * Entries will be removed from the end of the nvlist, and one int32 entry
1301 * named "N_MORE_ERRORS" will be added indicating how many entries were
1302 * removed.
1303 */
428870ff 1304static int
6f1ffb06 1305nvlist_smush(nvlist_t *errors, size_t max)
428870ff
BB		 1306{
1307 size_t size;
1308
6f1ffb06 1309 size = fnvlist_size(errors);
428870ff 1310
6f1ffb06 1311 if (size > max) {
428870ff
BB		 1312 nvpair_t *more_errors;
1313 int n = 0;
1314
6f1ffb06 1315 if (max < 1024)
2e528b49 1316 return (SET_ERROR(ENOMEM));
428870ff 1317
6f1ffb06
MA		 1318 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1319 more_errors = nvlist_prev_nvpair(errors, NULL);
428870ff
BB		 1320
1321 do {
6f1ffb06 1322 nvpair_t *pair = nvlist_prev_nvpair(errors,
428870ff 1323 more_errors);
6f1ffb06 1324 fnvlist_remove_nvpair(errors, pair);
428870ff 1325 n++;
6f1ffb06
MA		 1326 size = fnvlist_size(errors);
1327 } while (size > max);
428870ff 1328
6f1ffb06
MA		 1329 fnvlist_remove_nvpair(errors, more_errors);
1330 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1331 ASSERT3U(fnvlist_size(errors), <=, max);
428870ff
BB		 1332 }
1333
1334 return (0);
1335}
1336
34dc7c2f
BB		 1337static int
1338put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1339{
1340 char *packed = NULL;
428870ff 1341 int error = 0;
34dc7c2f 1342 size_t size;
34dc7c2f 1343
6f1ffb06 1344 size = fnvlist_size(nvl);
34dc7c2f
BB		 1345
1346 if (size > zc->zc_nvlist_dst_size) {
2e528b49 1347 error = SET_ERROR(ENOMEM);
34dc7c2f 1348 } else {
6f1ffb06 1349 packed = fnvlist_pack(nvl, &size);
428870ff
BB		 1350 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1351 size, zc->zc_iflags) != 0)
2e528b49 1352 error = SET_ERROR(EFAULT);
6f1ffb06 1353 fnvlist_pack_free(packed, size);
34dc7c2f
BB		 1354 }
1355
1356 zc->zc_nvlist_dst_size = size;
6f1ffb06 1357 zc->zc_nvlist_dst_filled = B_TRUE;
34dc7c2f
BB		 1358 return (error);
1359}
1360
d99a0153
CW		 1361int
1362getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
9babb374 1363{
d99a0153 1364 int error = 0;
428870ff 1365 if (dmu_objset_type(os) != DMU_OST_ZFS) {
2e528b49 1366 return (SET_ERROR(EINVAL));
428870ff 1367 }
9babb374 1368
428870ff 1369 mutex_enter(&os->os_user_ptr_lock);
0037b49e 1370 *zfvp = dmu_objset_get_user(os);
061460df 1371 /* bump s_active only when non-zero to prevent umount race */
7bb0c294 1372 error = zfs_vfs_ref(zfvp);
428870ff 1373 mutex_exit(&os->os_user_ptr_lock);
d99a0153
CW		 1374 return (error);
1375}
1376
8d103d88 1377int
d99a0153
CW		 1378getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1379{
1380 objset_t *os;
1381 int error;
1382
1383 error = dmu_objset_hold(dsname, FTAG, &os);
1384 if (error != 0)
1385 return (error);
1386
1387 error = getzfsvfs_impl(os, zfvp);
428870ff 1388 dmu_objset_rele(os, FTAG);
9babb374
BB		 1389 return (error);
1390}
1391
1392/*
0037b49e 1393 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
2cf7f52b 1394 * case its z_sb will be NULL, and it will be opened as the owner.
9ae529ec
CS		 1395 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1396 * which prevents all inode ops from running.
9babb374
BB		 1397 */
1398static int
dd66857d
AZ		 1399zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp,
1400 boolean_t writer)
9babb374
BB		 1401{
1402 int error = 0;
9babb374 1403
f298b24d 1404 if (getzfsvfs(name, zfvp) != 0)
163a8c28 1405 error = zfsvfs_create(name, B_FALSE, zfvp);
9babb374 1406 if (error == 0) {
5ebe425a
MG		 1407 if (writer)
1408 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1409 else
1410 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
0037b49e 1411 if ((*zfvp)->z_unmounted) {
9babb374
BB		 1412 /*
1413 * XXX we could probably try again, since the unmounting
1414 * thread should be just about to disassociate the
0037b49e 1415 * objset from the zfsvfs.
9babb374 1416 */
5ebe425a 1417 ZFS_TEARDOWN_EXIT(*zfvp, tag);
2e528b49 1418 return (SET_ERROR(EBUSY));
9babb374
BB		 1419 }
1420 }
1421 return (error);
1422}
1423
1424static void
dd66857d 1425zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag)
9babb374 1426{
5ebe425a 1427 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
9babb374 1428
362ae8d1
MM		 1429 if (zfs_vfs_held(zfsvfs)) {
1430 zfs_vfs_rele(zfsvfs);
9babb374 1431 } else {
b5256303 1432 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
f298b24d 1433 zfsvfs_free(zfsvfs);
9babb374
BB		 1434 }
1435}
1436
34dc7c2f
BB		 1437static int
1438zfs_ioc_pool_create(zfs_cmd_t *zc)
1439{
1440 int error;
1441 nvlist_t *config, *props = NULL;
b128c09f
BB		 1442 nvlist_t *rootprops = NULL;
1443 nvlist_t *zplprops = NULL;
b5256303 1444 dsl_crypto_params_t *dcp = NULL;
4d55ea81 1445 const char *spa_name = zc->zc_name;
ab1a9705 1446 boolean_t unload_wkey = B_TRUE;
34dc7c2f 1447
c65aa5b2
BB		 1448 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1449 zc->zc_iflags, &config)))
34dc7c2f
BB		 1450 return (error);
1451
1452 if (zc->zc_nvlist_src_size != 0 && (error =
9babb374
BB		 1453 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1454 zc->zc_iflags, &props))) {
34dc7c2f
BB		 1455 nvlist_free(config);
1456 return (error);
1457 }
1458
b128c09f
BB		 1459 if (props) {
1460 nvlist_t *nvl = NULL;
b5256303 1461 nvlist_t *hidden_args = NULL;
b128c09f 1462 uint64_t version = SPA_VERSION;
d1807f16 1463 const char *tname;
b128c09f
BB		 1464
1465 (void) nvlist_lookup_uint64(props,
1466 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
9ae529ec 1467 if (!SPA_VERSION_IS_SUPPORTED(version)) {
2e528b49 1468 error = SET_ERROR(EINVAL);
b128c09f
BB		 1469 goto pool_props_bad;
1470 }
1471 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1472 if (nvl) {
1473 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
ab1a9705 1474 if (error != 0)
1475 goto pool_props_bad;
b128c09f
BB		 1476 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1477 }
b5256303
TC		 1478
1479 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1480 &hidden_args);
1481 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1482 rootprops, hidden_args, &dcp);
ab1a9705 1483 if (error != 0)
1484 goto pool_props_bad;
b5256303
TC		 1485 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1486
b128c09f
BB		 1487 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1488 error = zfs_fill_zplprops_root(version, rootprops,
1489 zplprops, NULL);
13fe0198 1490 if (error != 0)
b128c09f 1491 goto pool_props_bad;
4ceb8dd6 1492
1493 if (nvlist_lookup_string(props,
1494 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1495 spa_name = tname;
b128c09f
BB		 1496 }
1497
b5256303 1498 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
b128c09f
BB		 1499
1500 /*
1501 * Set the remaining root properties
1502 */
4ceb8dd6 1503 if (!error && (error = zfs_set_prop_nvlist(spa_name,
ab1a9705 1504 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
4ceb8dd6 1505 (void) spa_destroy(spa_name);
ab1a9705 1506 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1507 }
34dc7c2f 1508
b128c09f
BB		 1509pool_props_bad:
1510 nvlist_free(rootprops);
1511 nvlist_free(zplprops);
34dc7c2f 1512 nvlist_free(config);
b128c09f 1513 nvlist_free(props);
ab1a9705 1514 dsl_crypto_params_free(dcp, unload_wkey && !!error);
34dc7c2f
BB		 1515
1516 return (error);
1517}
1518
1519static int
1520zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1521{
1522 int error;
1523 zfs_log_history(zc);
1524 error = spa_destroy(zc->zc_name);
a0bd735a 1525
34dc7c2f
BB		 1526 return (error);
1527}
1528
1529static int
1530zfs_ioc_pool_import(zfs_cmd_t *zc)
1531{
34dc7c2f
BB		 1532 nvlist_t *config, *props = NULL;
1533 uint64_t guid;
428870ff 1534 int error;
34dc7c2f
BB		 1535
1536 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1537 zc->zc_iflags, &config)) != 0)
34dc7c2f
BB		 1538 return (error);
1539
1540 if (zc->zc_nvlist_src_size != 0 && (error =
9babb374
BB		 1541 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1542 zc->zc_iflags, &props))) {
34dc7c2f
BB		 1543 nvlist_free(config);
1544 return (error);
1545 }
1546
1547 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1548 guid != zc->zc_guid)
2e528b49 1549 error = SET_ERROR(EINVAL);
34dc7c2f 1550 else
572e2857 1551 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
34dc7c2f 1552
572e2857
BB		 1553 if (zc->zc_nvlist_dst != 0) {
1554 int err;
1555
1556 if ((err = put_nvlist(zc, config)) != 0)
1557 error = err;
1558 }
428870ff 1559
34dc7c2f 1560 nvlist_free(config);
8a5fc748 1561 nvlist_free(props);
34dc7c2f
BB		 1562
1563 return (error);
1564}
1565
1566static int
1567zfs_ioc_pool_export(zfs_cmd_t *zc)
1568{
1569 int error;
b128c09f 1570 boolean_t force = (boolean_t)zc->zc_cookie;
fb5f0bc8 1571 boolean_t hardforce = (boolean_t)zc->zc_guid;
b128c09f 1572
34dc7c2f 1573 zfs_log_history(zc);
fb5f0bc8 1574 error = spa_export(zc->zc_name, NULL, force, hardforce);
a0bd735a 1575
34dc7c2f
BB		 1576 return (error);
1577}
1578
1579static int
1580zfs_ioc_pool_configs(zfs_cmd_t *zc)
1581{
1582 nvlist_t *configs;
1583 int error;
1584
1585 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
2e528b49 1586 return (SET_ERROR(EEXIST));
34dc7c2f
BB		 1587
1588 error = put_nvlist(zc, configs);
1589
1590 nvlist_free(configs);
1591
1592 return (error);
1593}
1594
9ae529ec
CS		 1595/*
1596 * inputs:
1597 * zc_name name of the pool
1598 *
1599 * outputs:
1600 * zc_cookie real errno
1601 * zc_nvlist_dst config nvlist
1602 * zc_nvlist_dst_size size of config nvlist
1603 */
34dc7c2f
BB		 1604static int
1605zfs_ioc_pool_stats(zfs_cmd_t *zc)
1606{
1607 nvlist_t *config;
1608 int error;
1609 int ret = 0;
1610
1611 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1612 sizeof (zc->zc_value));
1613
1614 if (config != NULL) {
1615 ret = put_nvlist(zc, config);
1616 nvlist_free(config);
1617
1618 /*
1619 * The config may be present even if 'error' is non-zero.
1620 * In this case we return success, and preserve the real errno
1621 * in 'zc_cookie'.
1622 */
1623 zc->zc_cookie = error;
1624 } else {
1625 ret = error;
1626 }
1627
1628 return (ret);
1629}
1630
1631/*
1632 * Try to import the given pool, returning pool stats as appropriate so that
1633 * user land knows which devices are available and overall pool health.
1634 */
1635static int
1636zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1637{
379ca9cf 1638 nvlist_t *tryconfig, *config = NULL;
34dc7c2f
BB		 1639 int error;
1640
1641 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1642 zc->zc_iflags, &tryconfig)) != 0)
34dc7c2f
BB		 1643 return (error);
1644
1645 config = spa_tryimport(tryconfig);
1646
1647 nvlist_free(tryconfig);
1648
1649 if (config == NULL)
2e528b49 1650 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1651
1652 error = put_nvlist(zc, config);
1653 nvlist_free(config);
1654
1655 return (error);
1656}
1657
428870ff
BB		 1658/*
1659 * inputs:
1660 * zc_name name of the pool
1661 * zc_cookie scan func (pool_scan_func_t)
0ea05c64 1662 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
428870ff 1663 */
34dc7c2f 1664static int
428870ff 1665zfs_ioc_pool_scan(zfs_cmd_t *zc)
34dc7c2f
BB		 1666{
1667 spa_t *spa;
1668 int error;
1669
0ea05c64
AP		 1670 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1671 return (SET_ERROR(EINVAL));
1672
1724eb62 1673 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1674 return (error);
1675
0ea05c64
AP		 1676 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1677 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1678 else if (zc->zc_cookie == POOL_SCAN_NONE)
428870ff
BB		 1679 error = spa_scan_stop(spa);
1680 else
1681 error = spa_scan(spa, zc->zc_cookie);
34dc7c2f
BB		 1682
1683 spa_close(spa, FTAG);
1684
1685 return (error);
1686}
1687
482eeef8
GA		 1688/*
1689 * inputs:
1690 * poolname name of the pool
1691 * scan_type scan func (pool_scan_func_t)
1692 * scan_command scrub pause/resume flag (pool_scrub_cmd_t)
1693 */
1694static const zfs_ioc_key_t zfs_keys_pool_scrub[] = {
1695 {"scan_type", DATA_TYPE_UINT64, 0},
1696 {"scan_command", DATA_TYPE_UINT64, 0},
1697};
1698
1699static int
1700zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
1701{
1702 spa_t *spa;
1703 int error;
1704 uint64_t scan_type, scan_cmd;
1705
1706 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0)
1707 return (SET_ERROR(EINVAL));
1708 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0)
1709 return (SET_ERROR(EINVAL));
1710
1711 if (scan_cmd >= POOL_SCRUB_FLAGS_END)
1712 return (SET_ERROR(EINVAL));
1713
1714 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
1715 return (error);
1716
1717 if (scan_cmd == POOL_SCRUB_PAUSE) {
1718 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1719 } else if (scan_type == POOL_SCAN_NONE) {
1720 error = spa_scan_stop(spa);
1721 } else {
1722 error = spa_scan(spa, scan_type);
1723 }
1724
1725 spa_close(spa, FTAG);
1726 return (error);
1727}
1728
34dc7c2f
BB		 1729static int
1730zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1731{
1732 spa_t *spa;
1733 int error;
1734
1735 error = spa_open(zc->zc_name, &spa, FTAG);
1736 if (error == 0) {
1737 spa_freeze(spa);
1738 spa_close(spa, FTAG);
1739 }
1740 return (error);
1741}
1742
1743static int
1744zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1745{
1746 spa_t *spa;
1747 int error;
1748
1749 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1750 return (error);
1751
9ae529ec
CS		 1752 if (zc->zc_cookie < spa_version(spa) ||
1753 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
34dc7c2f 1754 spa_close(spa, FTAG);
2e528b49 1755 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1756 }
1757
1758 spa_upgrade(spa, zc->zc_cookie);
1759 spa_close(spa, FTAG);
1760
1761 return (error);
1762}
1763
1764static int
1765zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1766{
1767 spa_t *spa;
1768 char *hist_buf;
1769 uint64_t size;
1770 int error;
1771
1772 if ((size = zc->zc_history_len) == 0)
2e528b49 1773 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1774
1775 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1776 return (error);
1777
1778 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1779 spa_close(spa, FTAG);
2e528b49 1780 return (SET_ERROR(ENOTSUP));
34dc7c2f
BB		 1781 }
1782
34b84cb8 1783 hist_buf = vmem_alloc(size, KM_SLEEP);
34dc7c2f
BB		 1784 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1785 &zc->zc_history_len, hist_buf)) == 0) {
9babb374
BB		 1786 error = ddi_copyout(hist_buf,
1787 (void *)(uintptr_t)zc->zc_history,
1788 zc->zc_history_len, zc->zc_iflags);
34dc7c2f
BB		 1789 }
1790
1791 spa_close(spa, FTAG);
34b84cb8 1792 vmem_free(hist_buf, size);
34dc7c2f
BB		 1793 return (error);
1794}
1795
3541dc6d
GA		 1796static int
1797zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1798{
1799 spa_t *spa;
1800 int error;
1801
1802 error = spa_open(zc->zc_name, &spa, FTAG);
1803 if (error == 0) {
1804 error = spa_change_guid(spa);
1805 spa_close(spa, FTAG);
1806 }
1807 return (error);
1808}
1809
34dc7c2f
BB		 1810static int
1811zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1812{
13fe0198 1813 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
34dc7c2f
BB		 1814}
1815
428870ff
BB		 1816/*
1817 * inputs:
1818 * zc_name name of filesystem
1819 * zc_obj object to find
1820 *
1821 * outputs:
1822 * zc_value name of object
1823 */
34dc7c2f
BB		 1824static int
1825zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1826{
428870ff 1827 objset_t *os;
34dc7c2f
BB		 1828 int error;
1829
428870ff 1830 /* XXX reading from objset not owned */
b5256303
TC		 1831 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1832 FTAG, &os)) != 0)
34dc7c2f 1833 return (error);
428870ff 1834 if (dmu_objset_type(os) != DMU_OST_ZFS) {
b5256303 1835 dmu_objset_rele_flags(os, B_TRUE, FTAG);
2e528b49 1836 return (SET_ERROR(EINVAL));
428870ff
BB		 1837 }
1838 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
34dc7c2f 1839 sizeof (zc->zc_value));
b5256303 1840 dmu_objset_rele_flags(os, B_TRUE, FTAG);
34dc7c2f
BB		 1841
1842 return (error);
1843}
1844
572e2857
BB		 1845/*
1846 * inputs:
1847 * zc_name name of filesystem
1848 * zc_obj object to find
1849 *
1850 * outputs:
1851 * zc_stat stats on object
1852 * zc_value path to object
1853 */
1854static int
1855zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1856{
1857 objset_t *os;
1858 int error;
1859
1860 /* XXX reading from objset not owned */
b5256303
TC		 1861 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1862 FTAG, &os)) != 0)
572e2857
BB		 1863 return (error);
1864 if (dmu_objset_type(os) != DMU_OST_ZFS) {
b5256303 1865 dmu_objset_rele_flags(os, B_TRUE, FTAG);
2e528b49 1866 return (SET_ERROR(EINVAL));
572e2857
BB		 1867 }
1868 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1869 sizeof (zc->zc_value));
b5256303 1870 dmu_objset_rele_flags(os, B_TRUE, FTAG);
572e2857
BB		 1871
1872 return (error);
1873}
1874
34dc7c2f
BB		 1875static int
1876zfs_ioc_vdev_add(zfs_cmd_t *zc)
1877{
1878 spa_t *spa;
1879 int error;
64ad2b26 1880 nvlist_t *config;
34dc7c2f
BB		 1881
1882 error = spa_open(zc->zc_name, &spa, FTAG);
1883 if (error != 0)
1884 return (error);
1885
1886 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1887 zc->zc_iflags, &config);
34dc7c2f
BB		 1888 if (error == 0) {
1889 error = spa_vdev_add(spa, config);
1890 nvlist_free(config);
1891 }
1892 spa_close(spa, FTAG);
1893 return (error);
1894}
1895
428870ff
BB		 1896/*
1897 * inputs:
1898 * zc_name name of the pool
a1d477c2
MA		 1899 * zc_guid guid of vdev to remove
1900 * zc_cookie cancel removal
428870ff 1901 */
34dc7c2f
BB		 1902static int
1903zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1904{
1905 spa_t *spa;
1906 int error;
1907
1908 error = spa_open(zc->zc_name, &spa, FTAG);
1909 if (error != 0)
1910 return (error);
a1d477c2
MA		 1911 if (zc->zc_cookie != 0) {
1912 error = spa_vdev_remove_cancel(spa);
1913 } else {
1914 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1915 }
34dc7c2f
BB		 1916 spa_close(spa, FTAG);
1917 return (error);
1918}
1919
1920static int
1921zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1922{
1923 spa_t *spa;
1924 int error;
1925 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1926
1927 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1928 return (error);
1929 switch (zc->zc_cookie) {
1930 case VDEV_STATE_ONLINE:
1931 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1932 break;
1933
1934 case VDEV_STATE_OFFLINE:
1935 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1936 break;
1937
1938 case VDEV_STATE_FAULTED:
428870ff 1939 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
4a283c7f
TH		 1940 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1941 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
428870ff
BB		 1942 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1943
1944 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
34dc7c2f
BB		 1945 break;
1946
1947 case VDEV_STATE_DEGRADED:
428870ff
BB		 1948 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1949 zc->zc_obj != VDEV_AUX_EXTERNAL)
1950 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1951
1952 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
34dc7c2f
BB		 1953 break;
1954
55c12724
AH		 1955 case VDEV_STATE_REMOVED:
1956 error = vdev_remove_wanted(spa, zc->zc_guid);
1957 break;
1958
34dc7c2f 1959 default:
2e528b49 1960 error = SET_ERROR(EINVAL);
34dc7c2f
BB		 1961 }
1962 zc->zc_cookie = newstate;
1963 spa_close(spa, FTAG);
1964 return (error);
1965}
1966
1967static int
1968zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1969{
1970 spa_t *spa;
34dc7c2f 1971 nvlist_t *config;
9a49d3f3
BB		 1972 int replacing = zc->zc_cookie;
1973 int rebuild = zc->zc_simple;
34dc7c2f
BB		 1974 int error;
1975
1976 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1977 return (error);
1978
1979 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1980 zc->zc_iflags, &config)) == 0) {
9a49d3f3
BB		 1981 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
1982 rebuild);
34dc7c2f
BB		 1983 nvlist_free(config);
1984 }
1985
1986 spa_close(spa, FTAG);
1987 return (error);
1988}
1989
1990static int
1991zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1992{
1993 spa_t *spa;
1994 int error;
1995
1996 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1997 return (error);
1998
fb5f0bc8 1999 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
34dc7c2f
BB		 2000
2001 spa_close(spa, FTAG);
2002 return (error);
2003}
2004
428870ff
BB		 2005static int
2006zfs_ioc_vdev_split(zfs_cmd_t *zc)
2007{
2008 spa_t *spa;
2009 nvlist_t *config, *props = NULL;
2010 int error;
2011 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
2012
2013 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2014 return (error);
2015
c65aa5b2
BB		 2016 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2017 zc->zc_iflags, &config))) {
428870ff
BB		 2018 spa_close(spa, FTAG);
2019 return (error);
2020 }
2021
2022 if (zc->zc_nvlist_src_size != 0 && (error =
2023 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2024 zc->zc_iflags, &props))) {
2025 spa_close(spa, FTAG);
2026 nvlist_free(config);
2027 return (error);
2028 }
2029
2030 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2031
2032 spa_close(spa, FTAG);
2033
2034 nvlist_free(config);
2035 nvlist_free(props);
2036
2037 return (error);
2038}
2039
34dc7c2f
BB		 2040static int
2041zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2042{
2043 spa_t *spa;
4d55ea81 2044 const char *path = zc->zc_value;
34dc7c2f
BB		 2045 uint64_t guid = zc->zc_guid;
2046 int error;
2047
2048 error = spa_open(zc->zc_name, &spa, FTAG);
2049 if (error != 0)
2050 return (error);
2051
2052 error = spa_vdev_setpath(spa, guid, path);
2053 spa_close(spa, FTAG);
2054 return (error);
2055}
2056
9babb374
BB		 2057static int
2058zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2059{
2060 spa_t *spa;
4d55ea81 2061 const char *fru = zc->zc_value;
9babb374
BB		 2062 uint64_t guid = zc->zc_guid;
2063 int error;
2064
2065 error = spa_open(zc->zc_name, &spa, FTAG);
2066 if (error != 0)
2067 return (error);
2068
2069 error = spa_vdev_setfru(spa, guid, fru);
2070 spa_close(spa, FTAG);
2071 return (error);
2072}
2073
34dc7c2f 2074static int
572e2857 2075zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
34dc7c2f 2076{
572e2857 2077 int error = 0;
34dc7c2f
BB		 2078 nvlist_t *nv;
2079
34dc7c2f
BB		 2080 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2081
dc95911d 2082 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 &&
428870ff 2083 (error = dsl_prop_get_all(os, &nv)) == 0) {
34dc7c2f
BB		 2084 dmu_objset_stats(os, nv);
2085 /*
2086 * NB: zvol_get_stats() will read the objset contents,
2087 * which we aren't supposed to do with a
b128c09f 2088 * DS_MODE_USER hold, because it could be
34dc7c2f 2089 * inconsistent. So this is a bit of a workaround...
e1cfd73f 2090 * XXX reading without owning
34dc7c2f 2091 */
330d06f9
MA		 2092 if (!zc->zc_objset_stats.dds_inconsistent &&
2093 dmu_objset_type(os) == DMU_OST_ZVOL) {
2094 error = zvol_get_stats(os, nv);
6d421005
B		 2095 if (error == EIO) {
2096 nvlist_free(nv);
330d06f9 2097 return (error);
6d421005 2098 }
c99c9001 2099 VERIFY0(error);
34dc7c2f 2100 }
8a8f5c6b
BB		 2101 if (error == 0)
2102 error = put_nvlist(zc, nv);
34dc7c2f
BB		 2103 nvlist_free(nv);
2104 }
2105
572e2857
BB		 2106 return (error);
2107}
2108
2109/*
2110 * inputs:
2111 * zc_name name of filesystem
2112 * zc_nvlist_dst_size size of buffer for property nvlist
2113 *
2114 * outputs:
2115 * zc_objset_stats stats
2116 * zc_nvlist_dst property nvlist
2117 * zc_nvlist_dst_size size of property nvlist
2118 */
2119static int
2120zfs_ioc_objset_stats(zfs_cmd_t *zc)
2121{
13fe0198 2122 objset_t *os;
572e2857
BB		 2123 int error;
2124
13fe0198
MA		 2125 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2126 if (error == 0) {
2127 error = zfs_ioc_objset_stats_impl(zc, os);
2128 dmu_objset_rele(os, FTAG);
2129 }
572e2857 2130
428870ff
BB		 2131 return (error);
2132}
2133
2134/*
2135 * inputs:
2136 * zc_name name of filesystem
2137 * zc_nvlist_dst_size size of buffer for property nvlist
2138 *
2139 * outputs:
2140 * zc_nvlist_dst received property nvlist
2141 * zc_nvlist_dst_size size of received property nvlist
2142 *
2143 * Gets received properties (distinct from local properties on or after
2144 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2145 * local property values.
2146 */
2147static int
26685276 2148zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
428870ff 2149{
13fe0198 2150 int error = 0;
428870ff
BB		 2151 nvlist_t *nv;
2152
428870ff
BB		 2153 /*
2154 * Without this check, we would return local property values if the
2155 * caller has not already received properties on or after
2156 * SPA_VERSION_RECVD_PROPS.
2157 */
13fe0198 2158 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2e528b49 2159 return (SET_ERROR(ENOTSUP));
428870ff
BB		 2160
2161 if (zc->zc_nvlist_dst != 0 &&
13fe0198 2162 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
428870ff
BB		 2163 error = put_nvlist(zc, nv);
2164 nvlist_free(nv);
2165 }
2166
34dc7c2f
BB		 2167 return (error);
2168}
2169
2170static int
2171nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2172{
2173 uint64_t value;
2174 int error;
2175
2176 /*
2177 * zfs_get_zplprop() will either find a value or give us
2178 * the default value (if there is one).
2179 */
2180 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2181 return (error);
2182 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2183 return (0);
2184}
2185
2186/*
2187 * inputs:
2188 * zc_name name of filesystem
2189 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2190 *
2191 * outputs:
2192 * zc_nvlist_dst zpl property nvlist
2193 * zc_nvlist_dst_size size of zpl property nvlist
2194 */
2195static int
2196zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2197{
2198 objset_t *os;
2199 int err;
2200
428870ff 2201 /* XXX reading without owning */
c65aa5b2 2202 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
34dc7c2f
BB		 2203 return (err);
2204
2205 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2206
2207 /*
2208 * NB: nvl_add_zplprop() will read the objset contents,
b128c09f
BB		 2209 * which we aren't supposed to do with a DS_MODE_USER
2210 * hold, because it could be inconsistent.
34dc7c2f 2211 */
b8864a23 2212 if (zc->zc_nvlist_dst != 0 &&
34dc7c2f
BB		 2213 !zc->zc_objset_stats.dds_inconsistent &&
2214 dmu_objset_type(os) == DMU_OST_ZFS) {
2215 nvlist_t *nv;
2216
2217 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2218 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2219 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2220 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2221 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2222 err = put_nvlist(zc, nv);
2223 nvlist_free(nv);
2224 } else {
2e528b49 2225 err = SET_ERROR(ENOENT);
34dc7c2f 2226 }
428870ff 2227 dmu_objset_rele(os, FTAG);
34dc7c2f
BB		 2228 return (err);
2229}
2230
2231/*
2232 * inputs:
2233 * zc_name name of filesystem
2234 * zc_cookie zap cursor
2235 * zc_nvlist_dst_size size of buffer for property nvlist
2236 *
2237 * outputs:
2238 * zc_name name of next filesystem
9babb374 2239 * zc_cookie zap cursor
34dc7c2f
BB		 2240 * zc_objset_stats stats
2241 * zc_nvlist_dst property nvlist
2242 * zc_nvlist_dst_size size of property nvlist
34dc7c2f
BB		 2243 */
2244static int
2245zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2246{
2247 objset_t *os;
2248 int error;
2249 char *p;
428870ff 2250 size_t orig_len = strlen(zc->zc_name);
34dc7c2f 2251
428870ff 2252top:
c65aa5b2 2253 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
34dc7c2f 2254 if (error == ENOENT)
2e528b49 2255 error = SET_ERROR(ESRCH);
34dc7c2f
BB		 2256 return (error);
2257 }
2258
2259 p = strrchr(zc->zc_name, '/');
2260 if (p == NULL || p[1] != '\0')
2261 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2262 p = zc->zc_name + strlen(zc->zc_name);
2263
2264 do {
2265 error = dmu_dir_list_next(os,
2266 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2267 NULL, &zc->zc_cookie);
2268 if (error == ENOENT)
2e528b49 2269 error = SET_ERROR(ESRCH);
2e5dc449 2270 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
428870ff 2271 dmu_objset_rele(os, FTAG);
34dc7c2f 2272
428870ff
BB		 2273 /*
2274 * If it's an internal dataset (ie. with a '$' in its name),
2275 * don't try to get stats for it, otherwise we'll return ENOENT.
2276 */
2277 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
34dc7c2f 2278 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
428870ff
BB		 2279 if (error == ENOENT) {
2280 /* We lost a race with destroy, get the next one. */
2281 zc->zc_name[orig_len] = '\0';
2282 goto top;
2283 }
2284 }
34dc7c2f
BB		 2285 return (error);
2286}
2287
2288/*
2289 * inputs:
2290 * zc_name name of filesystem
2291 * zc_cookie zap cursor
4c0883fb
AP		 2292 * zc_nvlist_src iteration range nvlist
2293 * zc_nvlist_src_size size of iteration range nvlist
34dc7c2f
BB		 2294 *
2295 * outputs:
2296 * zc_name name of next snapshot
2297 * zc_objset_stats stats
2298 * zc_nvlist_dst property nvlist
2299 * zc_nvlist_dst_size size of property nvlist
34dc7c2f
BB		 2300 */
2301static int
2302zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2303{
34dc7c2f 2304 int error;
4c0883fb
AP		 2305 objset_t *os, *ossnap;
2306 dsl_dataset_t *ds;
2307 uint64_t min_txg = 0, max_txg = 0;
2308
2309 if (zc->zc_nvlist_src_size != 0) {
2310 nvlist_t *props = NULL;
2311 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2312 zc->zc_iflags, &props);
2313 if (error != 0)
2314 return (error);
2315 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2316 &min_txg);
2317 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2318 &max_txg);
2319 nvlist_free(props);
2320 }
34dc7c2f 2321
428870ff 2322 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13fe0198 2323 if (error != 0) {
28caa74b 2324 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
13fe0198 2325 }
34dc7c2f
BB		 2326
2327 /*
2328 * A dataset name of maximum length cannot have any snapshots,
2329 * so exit immediately.
2330 */
eca7b760
IK		 2331 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2332 ZFS_MAX_DATASET_NAME_LEN) {
428870ff 2333 dmu_objset_rele(os, FTAG);
2e528b49 2334 return (SET_ERROR(ESRCH));
34dc7c2f
BB		 2335 }
2336
4c0883fb
AP		 2337 while (error == 0) {
2338 if (issig(JUSTLOOKING) && issig(FORREAL)) {
2339 error = SET_ERROR(EINTR);
2340 break;
2341 }
572e2857 2342
4c0883fb
AP		 2343 error = dmu_snapshot_list_next(os,
2344 sizeof (zc->zc_name) - strlen(zc->zc_name),
2345 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2346 &zc->zc_cookie, NULL);
2347 if (error == ENOENT) {
2348 error = SET_ERROR(ESRCH);
2349 break;
2350 } else if (error != 0) {
2351 break;
2352 }
572e2857 2353
4c0883fb
AP		 2354 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2355 FTAG, &ds);
2356 if (error != 0)
2357 break;
572e2857 2358
4c0883fb
AP		 2359 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2360 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
572e2857 2361 dsl_dataset_rele(ds, FTAG);
4c0883fb
AP		 2362 /* undo snapshot name append */
2363 *(strchr(zc->zc_name, '@') + 1) = '\0';
2364 /* skip snapshot */
2365 continue;
428870ff 2366 }
4c0883fb
AP		 2367
2368 if (zc->zc_simple) {
dc95911d 2369 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats);
4c0883fb
AP		 2370 dsl_dataset_rele(ds, FTAG);
2371 break;
2372 }
2373
2374 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2375 dsl_dataset_rele(ds, FTAG);
2376 break;
2377 }
2378 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2379 dsl_dataset_rele(ds, FTAG);
2380 break;
2381 }
2382 dsl_dataset_rele(ds, FTAG);
2383 break;
428870ff 2384 }
34dc7c2f 2385
572e2857 2386 dmu_objset_rele(os, FTAG);
34dc7c2f 2387 /* if we failed, undo the @ that we tacked on to zc_name */
13fe0198 2388 if (error != 0)
34dc7c2f 2389 *strchr(zc->zc_name, '@') = '\0';
34dc7c2f
BB		 2390 return (error);
2391}
2392
428870ff
BB		 2393static int
2394zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
34dc7c2f 2395{
428870ff
BB		 2396 const char *propname = nvpair_name(pair);
2397 uint64_t *valary;
2398 unsigned int vallen;
4d55ea81 2399 const char *dash, *domain;
428870ff
BB		 2400 zfs_userquota_prop_t type;
2401 uint64_t rid;
2402 uint64_t quota;
0037b49e 2403 zfsvfs_t *zfsvfs;
428870ff
BB		 2404 int err;
2405
2406 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2407 nvlist_t *attrs;
2408 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2409 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2410 &pair) != 0)
2e528b49 2411 return (SET_ERROR(EINVAL));
428870ff 2412 }
34dc7c2f
BB		 2413
2414 /*
428870ff
BB		 2415 * A correctly constructed propname is encoded as
2416 * userquota@<rid>-<domain>.
34dc7c2f 2417 */
428870ff
BB		 2418 if ((dash = strchr(propname, '-')) == NULL ||
2419 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2420 vallen != 3)
2e528b49 2421 return (SET_ERROR(EINVAL));
34dc7c2f 2422
428870ff
BB		 2423 domain = dash + 1;
2424 type = valary[0];
2425 rid = valary[1];
2426 quota = valary[2];
34dc7c2f 2427
f298b24d 2428 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
428870ff 2429 if (err == 0) {
0037b49e 2430 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
f298b24d 2431 zfsvfs_rele(zfsvfs, FTAG);
428870ff 2432 }
9babb374 2433
428870ff
BB		 2434 return (err);
2435}
34dc7c2f 2436
428870ff
BB		 2437/*
2438 * If the named property is one that has a special function to set its value,
2439 * return 0 on success and a positive error code on failure; otherwise if it is
2440 * not one of the special properties handled by this function, return -1.
2441 *
2442 * XXX: It would be better for callers of the property interface if we handled
2443 * these special cases in dsl_prop.c (in the dsl layer).
2444 */
2445static int
2446zfs_prop_set_special(const char *dsname, zprop_source_t source,
2447 nvpair_t *pair)
2448{
2449 const char *propname = nvpair_name(pair);
2450 zfs_prop_t prop = zfs_name_to_prop(propname);
b5256303 2451 uint64_t intval = 0;
4d55ea81 2452 const char *strval = NULL;
f1512ee6 2453 int err = -1;
9babb374 2454
4ff7a8fa 2455 if (prop == ZPROP_USERPROP) {
428870ff
BB		 2456 if (zfs_prop_userquota(propname))
2457 return (zfs_prop_set_userquota(dsname, pair));
2458 return (-1);
2459 }
34dc7c2f 2460
428870ff
BB		 2461 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2462 nvlist_t *attrs;
2463 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2464 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2465 &pair) == 0);
2466 }
b128c09f 2467
b5256303
TC		 2468 /* all special properties are numeric except for keylocation */
2469 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2470 strval = fnvpair_value_string(pair);
2471 } else {
2472 intval = fnvpair_value_uint64(pair);
2473 }
34dc7c2f 2474
428870ff
BB		 2475 switch (prop) {
2476 case ZFS_PROP_QUOTA:
2477 err = dsl_dir_set_quota(dsname, source, intval);
2478 break;
2479 case ZFS_PROP_REFQUOTA:
13fe0198 2480 err = dsl_dataset_set_refquota(dsname, source, intval);
428870ff 2481 break;
788eb90c
JJ		 2482 case ZFS_PROP_FILESYSTEM_LIMIT:
2483 case ZFS_PROP_SNAPSHOT_LIMIT:
2484 if (intval == UINT64_MAX) {
2485 /* clearing the limit, just do it */
2486 err = 0;
2487 } else {
2488 err = dsl_dir_activate_fs_ss_limit(dsname);
2489 }
b5256303
TC		 2490 /*
2491 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2492 * default path to set the value in the nvlist.
2493 */
2494 if (err == 0)
2495 err = -1;
2496 break;
2497 case ZFS_PROP_KEYLOCATION:
2498 err = dsl_crypto_can_set_keylocation(dsname, strval);
2499
788eb90c
JJ		 2500 /*
2501 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2502 * default path to set the value in the nvlist.
2503 */
2504 if (err == 0)
2505 err = -1;
2506 break;
428870ff
BB		 2507 case ZFS_PROP_RESERVATION:
2508 err = dsl_dir_set_reservation(dsname, source, intval);
2509 break;
2510 case ZFS_PROP_REFRESERVATION:
13fe0198 2511 err = dsl_dataset_set_refreservation(dsname, source, intval);
428870ff 2512 break;
10b3c7f5
MN		 2513 case ZFS_PROP_COMPRESSION:
2514 err = dsl_dataset_set_compression(dsname, source, intval);
2515 /*
2516 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2517 * default path to set the value in the nvlist.
2518 */
2519 if (err == 0)
2520 err = -1;
2521 break;
428870ff 2522 case ZFS_PROP_VOLSIZE:
60101509 2523 err = zvol_set_volsize(dsname, intval);
428870ff 2524 break;
0b4d1b58 2525 case ZFS_PROP_SNAPDEV:
a0bd735a 2526 err = zvol_set_snapdev(dsname, source, intval);
0b4d1b58 2527 break;
cf8738d8 2528 case ZFS_PROP_VOLMODE:
2529 err = zvol_set_volmode(dsname, source, intval);
2530 break;
428870ff
BB		 2531 case ZFS_PROP_VERSION:
2532 {
0037b49e 2533 zfsvfs_t *zfsvfs;
428870ff 2534
f298b24d 2535 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
34dc7c2f 2536 break;
b128c09f 2537
0037b49e 2538 err = zfs_set_version(zfsvfs, intval);
f298b24d 2539 zfsvfs_rele(zfsvfs, FTAG);
34dc7c2f 2540
428870ff
BB		 2541 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2542 zfs_cmd_t *zc;
34dc7c2f 2543
efcd79a8 2544 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
c9e319fa
JL		 2545 (void) strlcpy(zc->zc_name, dsname,
2546 sizeof (zc->zc_name));
428870ff 2547 (void) zfs_ioc_userspace_upgrade(zc);
9c5167d1 2548 (void) zfs_ioc_id_quota_upgrade(zc);
428870ff 2549 kmem_free(zc, sizeof (zfs_cmd_t));
34dc7c2f 2550 }
428870ff
BB		 2551 break;
2552 }
428870ff
BB		 2553 default:
2554 err = -1;
2555 }
34dc7c2f 2556
428870ff
BB		 2557 return (err);
2558}
34dc7c2f 2559
75b4cbf6
AS		 2560static boolean_t
2561zfs_is_namespace_prop(zfs_prop_t prop)
2562{
2563 switch (prop) {
2564
2565 case ZFS_PROP_ATIME:
2566 case ZFS_PROP_RELATIME:
2567 case ZFS_PROP_DEVICES:
2568 case ZFS_PROP_EXEC:
2569 case ZFS_PROP_SETUID:
2570 case ZFS_PROP_READONLY:
2571 case ZFS_PROP_XATTR:
2572 case ZFS_PROP_NBMAND:
2573 return (B_TRUE);
2574
2575 default:
2576 return (B_FALSE);
2577 }
2578}
2579
428870ff
BB		 2580/*
2581 * This function is best effort. If it fails to set any of the given properties,
6f1ffb06
MA		 2582 * it continues to set as many as it can and returns the last error
2583 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2584 * with the list of names of all the properties that failed along with the
2585 * corresponding error numbers.
428870ff 2586 *
6f1ffb06
MA		 2587 * If every property is set successfully, zero is returned and errlist is not
2588 * modified.
428870ff
BB		 2589 */
2590int
2591zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
6f1ffb06 2592 nvlist_t *errlist)
428870ff
BB		 2593{
2594 nvpair_t *pair;
2595 nvpair_t *propval;
2596 int rv = 0;
2f14adac 2597 int err;
428870ff 2598 uint64_t intval;
4d55ea81 2599 const char *strval;
75b4cbf6 2600 boolean_t should_update_mount_cache = B_FALSE;
34dc7c2f 2601
6f1ffb06
MA		 2602 nvlist_t *genericnvl = fnvlist_alloc();
2603 nvlist_t *retrynvl = fnvlist_alloc();
428870ff
BB		 2604retry:
2605 pair = NULL;
2606 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2607 const char *propname = nvpair_name(pair);
2608 zfs_prop_t prop = zfs_name_to_prop(propname);
2f14adac 2609 err = 0;
428870ff
BB		 2610
2611 /* decode the property value */
2612 propval = pair;
2613 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2614 nvlist_t *attrs;
6f1ffb06 2615 attrs = fnvpair_value_nvlist(pair);
428870ff
BB		 2616 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2617 &propval) != 0)
2e528b49 2618 err = SET_ERROR(EINVAL);
9babb374 2619 }
34dc7c2f 2620
428870ff 2621 /* Validate value type */
a3eeab2d 2622 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2623 /* inherited properties are expected to be booleans */
2624 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2625 err = SET_ERROR(EINVAL);
4ff7a8fa 2626 } else if (err == 0 && prop == ZPROP_USERPROP) {
428870ff
BB		 2627 if (zfs_prop_user(propname)) {
2628 if (nvpair_type(propval) != DATA_TYPE_STRING)
2e528b49 2629 err = SET_ERROR(EINVAL);
428870ff
BB		 2630 } else if (zfs_prop_userquota(propname)) {
2631 if (nvpair_type(propval) !=
2632 DATA_TYPE_UINT64_ARRAY)
2e528b49 2633 err = SET_ERROR(EINVAL);
330d06f9 2634 } else {
2e528b49 2635 err = SET_ERROR(EINVAL);
428870ff
BB		 2636 }
2637 } else if (err == 0) {
2638 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2639 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2e528b49 2640 err = SET_ERROR(EINVAL);
428870ff 2641 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
34dc7c2f
BB		 2642 const char *unused;
2643
6f1ffb06 2644 intval = fnvpair_value_uint64(propval);
34dc7c2f
BB		 2645
2646 switch (zfs_prop_get_type(prop)) {
2647 case PROP_TYPE_NUMBER:
2648 break;
2649 case PROP_TYPE_STRING:
2e528b49 2650 err = SET_ERROR(EINVAL);
428870ff 2651 break;
34dc7c2f
BB		 2652 case PROP_TYPE_INDEX:
2653 if (zfs_prop_index_to_string(prop,
428870ff 2654 intval, &unused) != 0)
8fb79fdd
AJ		 2655 err =
2656 SET_ERROR(ZFS_ERR_BADPROP);
34dc7c2f
BB		 2657 break;
2658 default:
2659 cmn_err(CE_PANIC,
2660 "unknown property type");
34dc7c2f 2661 }
34dc7c2f 2662 } else {
2e528b49 2663 err = SET_ERROR(EINVAL);
34dc7c2f 2664 }
34dc7c2f 2665 }
428870ff
BB		 2666
2667 /* Validate permissions */
2668 if (err == 0)
2669 err = zfs_check_settable(dsname, pair, CRED());
2670
2671 if (err == 0) {
a3eeab2d 2672 if (source == ZPROP_SRC_INHERITED)
2673 err = -1; /* does not need special handling */
2674 else
2675 err = zfs_prop_set_special(dsname, source,
2676 pair);
428870ff
BB		 2677 if (err == -1) {
2678 /*
2679 * For better performance we build up a list of
2680 * properties to set in a single transaction.
2681 */
2682 err = nvlist_add_nvpair(genericnvl, pair);
2683 } else if (err != 0 && nvl != retrynvl) {
2684 /*
2685 * This may be a spurious error caused by
2686 * receiving quota and reservation out of order.
2687 * Try again in a second pass.
2688 */
2689 err = nvlist_add_nvpair(retrynvl, pair);
2690 }
2691 }
2692
6f1ffb06
MA		 2693 if (err != 0) {
2694 if (errlist != NULL)
2695 fnvlist_add_int32(errlist, propname, err);
2696 rv = err;
2697 }
75b4cbf6
AS		 2698
2699 if (zfs_is_namespace_prop(prop))
2700 should_update_mount_cache = B_TRUE;
34dc7c2f
BB		 2701 }
2702
428870ff
BB		 2703 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2704 nvl = retrynvl;
2705 goto retry;
2706 }
2707
2f14adac
CS		 2708 if (nvlist_empty(genericnvl))
2709 goto out;
428870ff 2710
2f14adac
CS		 2711 /*
2712 * Try to set them all in one batch.
2713 */
2714 err = dsl_props_set(dsname, source, genericnvl);
2715 if (err == 0)
2716 goto out;
428870ff 2717
2f14adac
CS		 2718 /*
2719 * If batching fails, we still want to set as many properties as we
2720 * can, so try setting them individually.
2721 */
2722 pair = NULL;
2723 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2724 const char *propname = nvpair_name(pair);
2f14adac
CS		 2725
2726 propval = pair;
2727 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2728 nvlist_t *attrs;
2729 attrs = fnvpair_value_nvlist(pair);
2730 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE);
2731 }
2732
2733 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2734 strval = fnvpair_value_string(propval);
2735 err = dsl_prop_set_string(dsname, propname,
2736 source, strval);
2737 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2738 err = dsl_prop_inherit(dsname, propname, source);
2739 } else {
2740 intval = fnvpair_value_uint64(propval);
2741 err = dsl_prop_set_int(dsname, propname, source,
2742 intval);
2743 }
2744
2745 if (err != 0) {
2746 if (errlist != NULL) {
2747 fnvlist_add_int32(errlist, propname, err);
428870ff 2748 }
2f14adac 2749 rv = err;
428870ff 2750 }
9babb374 2751 }
2f14adac
CS		 2752
2753out:
75b4cbf6
AS		 2754 if (should_update_mount_cache)
2755 zfs_ioctl_update_mount_cache(dsname);
2756
9babb374 2757 nvlist_free(genericnvl);
428870ff
BB		 2758 nvlist_free(retrynvl);
2759
428870ff 2760 return (rv);
9babb374
BB		 2761}
2762
2763/*
2764 * Check that all the properties are valid user properties.
2765 */
2766static int
e6203d28 2767zfs_check_userprops(nvlist_t *nvl)
9babb374 2768{
428870ff 2769 nvpair_t *pair = NULL;
9babb374 2770
428870ff
BB		 2771 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2772 const char *propname = nvpair_name(pair);
9babb374
BB		 2773
2774 if (!zfs_prop_user(propname) ||
428870ff 2775 nvpair_type(pair) != DATA_TYPE_STRING)
2e528b49 2776 return (SET_ERROR(EINVAL));
9babb374 2777
9babb374 2778 if (strlen(propname) >= ZAP_MAXNAMELEN)
2e528b49 2779 return (SET_ERROR(ENAMETOOLONG));
9babb374 2780
da536844 2781 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2e528b49 2782 return (SET_ERROR(E2BIG));
9babb374 2783 }
34dc7c2f
BB		 2784 return (0);
2785}
2786
428870ff
BB		 2787static void
2788props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2789{
2790 nvpair_t *pair;
2791
2792 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2793
2794 pair = NULL;
2795 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2796 if (nvlist_exists(skipped, nvpair_name(pair)))
2797 continue;
2798
2799 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2800 }
2801}
2802
2803static int
13fe0198 2804clear_received_props(const char *dsname, nvlist_t *props,
428870ff
BB		 2805 nvlist_t *skipped)
2806{
2807 int err = 0;
2808 nvlist_t *cleared_props = NULL;
2809 props_skip(props, skipped, &cleared_props);
2810 if (!nvlist_empty(cleared_props)) {
2811 /*
2812 * Acts on local properties until the dataset has received
2813 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2814 */
2815 zprop_source_t flags = (ZPROP_SRC_NONE |
13fe0198
MA		 2816 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2817 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
428870ff
BB		 2818 }
2819 nvlist_free(cleared_props);
2820 return (err);
2821}
2822
34dc7c2f
BB		 2823/*
2824 * inputs:
2825 * zc_name name of filesystem
9babb374 2826 * zc_value name of property to set
34dc7c2f 2827 * zc_nvlist_src{_size} nvlist of properties to apply
428870ff 2828 * zc_cookie received properties flag
34dc7c2f 2829 *
428870ff
BB		 2830 * outputs:
2831 * zc_nvlist_dst{_size} error for each unapplied received property
34dc7c2f
BB		 2832 */
2833static int
2834zfs_ioc_set_prop(zfs_cmd_t *zc)
2835{
2836 nvlist_t *nvl;
428870ff
BB		 2837 boolean_t received = zc->zc_cookie;
2838 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2839 ZPROP_SRC_LOCAL);
6f1ffb06 2840 nvlist_t *errors;
34dc7c2f
BB		 2841 int error;
2842
2843 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9babb374 2844 zc->zc_iflags, &nvl)) != 0)
34dc7c2f
BB		 2845 return (error);
2846
428870ff 2847 if (received) {
b128c09f 2848 nvlist_t *origprops;
b128c09f 2849
13fe0198
MA		 2850 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2851 (void) clear_received_props(zc->zc_name,
2852 origprops, nvl);
2853 nvlist_free(origprops);
428870ff 2854 }
13fe0198
MA		 2855
2856 error = dsl_prop_set_hasrecvd(zc->zc_name);
b128c09f
BB		 2857 }
2858
6f1ffb06 2859 errors = fnvlist_alloc();
13fe0198
MA		 2860 if (error == 0)
2861 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
34dc7c2f 2862
b8864a23 2863 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
428870ff
BB		 2864 (void) put_nvlist(zc, errors);
2865 }
2866
2867 nvlist_free(errors);
34dc7c2f
BB		 2868 nvlist_free(nvl);
2869 return (error);
2870}
2871
2872/*
2873 * inputs:
2874 * zc_name name of filesystem
2875 * zc_value name of property to inherit
428870ff 2876 * zc_cookie revert to received value if TRUE
34dc7c2f
BB		 2877 *
2878 * outputs: none
2879 */
2880static int
2881zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2882{
428870ff
BB		 2883 const char *propname = zc->zc_value;
2884 zfs_prop_t prop = zfs_name_to_prop(propname);
2885 boolean_t received = zc->zc_cookie;
2886 zprop_source_t source = (received
2887 ? ZPROP_SRC_NONE /* revert to received value, if any */
2888 : ZPROP_SRC_INHERITED); /* explicitly inherit */
92aceb2a 2889 nvlist_t *dummy;
2890 nvpair_t *pair;
2891 zprop_type_t type;
2892 int err;
428870ff 2893
92aceb2a 2894 if (!received) {
261c013f
BB		 2895 /*
2896 * Only check this in the non-received case. We want to allow
2897 * 'inherit -S' to revert non-inheritable properties like quota
2898 * and reservation to the received or default values even though
2899 * they are not considered inheritable.
2900 */
4ff7a8fa 2901 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop))
261c013f 2902 return (SET_ERROR(EINVAL));
959f56b9 2903 }
2904
4ff7a8fa 2905 if (prop == ZPROP_USERPROP) {
92aceb2a 2906 if (!zfs_prop_user(propname))
2907 return (SET_ERROR(EINVAL));
2908
2909 type = PROP_TYPE_STRING;
2910 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
2911 return (SET_ERROR(EINVAL));
2912 } else {
2913 type = zfs_prop_get_type(prop);
2914 }
2915
2916 /*
2917 * zfs_prop_set_special() expects properties in the form of an
2918 * nvpair with type info.
2919 */
2920 dummy = fnvlist_alloc();
2921
2922 switch (type) {
2923 case PROP_TYPE_STRING:
2924 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2925 break;
2926 case PROP_TYPE_NUMBER:
2927 case PROP_TYPE_INDEX:
2928 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2929 break;
2930 default:
2931 err = SET_ERROR(EINVAL);
2932 goto errout;
2933 }
2934
2935 pair = nvlist_next_nvpair(dummy, NULL);
2936 if (pair == NULL) {
2937 err = SET_ERROR(EINVAL);
2938 } else {
2939 err = zfs_prop_set_special(zc->zc_name, source, pair);
2940 if (err == -1) /* property is not "special", needs handling */
2941 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
2942 source);
2943 }
2944
2945errout:
2946 nvlist_free(dummy);
2947 return (err);
34dc7c2f
BB		 2948}
2949
2950static int
2951zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2952{
2953 nvlist_t *props;
2954 spa_t *spa;
2955 int error;
428870ff 2956 nvpair_t *pair;
34dc7c2f 2957
c65aa5b2
BB		 2958 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2959 zc->zc_iflags, &props)))
34dc7c2f
BB		 2960 return (error);
2961
d164b209
BB		 2962 /*
2963 * If the only property is the configfile, then just do a spa_lookup()
2964 * to handle the faulted case.
2965 */
428870ff
BB		 2966 pair = nvlist_next_nvpair(props, NULL);
2967 if (pair != NULL && strcmp(nvpair_name(pair),
d164b209 2968 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
428870ff 2969 nvlist_next_nvpair(props, pair) == NULL) {
d164b209
BB		 2970 mutex_enter(&spa_namespace_lock);
2971 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2972 spa_configfile_set(spa, props, B_FALSE);
55c12724 2973 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE);
d164b209
BB		 2974 }
2975 mutex_exit(&spa_namespace_lock);
428870ff
BB		 2976 if (spa != NULL) {
2977 nvlist_free(props);
d164b209 2978 return (0);
428870ff 2979 }
d164b209
BB		 2980 }
2981
34dc7c2f
BB		 2982 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2983 nvlist_free(props);
2984 return (error);
2985 }
2986
2987 error = spa_prop_set(spa, props);
2988
2989 nvlist_free(props);
2990 spa_close(spa, FTAG);
2991
2992 return (error);
2993}
2994
2995static int
2996zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2997{
2998 spa_t *spa;
2999 int error;
3000 nvlist_t *nvp = NULL;
3001
d164b209
BB		 3002 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
3003 /*
3004 * If the pool is faulted, there may be properties we can still
3005 * get (such as altroot and cachefile), so attempt to get them
3006 * anyway.
3007 */
3008 mutex_enter(&spa_namespace_lock);
3009 if ((spa = spa_lookup(zc->zc_name)) != NULL)
3010 error = spa_prop_get(spa, &nvp);
3011 mutex_exit(&spa_namespace_lock);
3012 } else {
3013 error = spa_prop_get(spa, &nvp);
3014 spa_close(spa, FTAG);
3015 }
34dc7c2f 3016
b8864a23 3017 if (error == 0 && zc->zc_nvlist_dst != 0)
34dc7c2f
BB		 3018 error = put_nvlist(zc, nvp);
3019 else
2e528b49 3020 error = SET_ERROR(EFAULT);
34dc7c2f 3021
d164b209 3022 nvlist_free(nvp);
34dc7c2f
BB		 3023 return (error);
3024}
3025
2a673e76
AJ		 3026/*
3027 * innvl: {
3028 * "vdevprops_set_vdev" -> guid
3029 * "vdevprops_set_props" -> { prop -> value }
3030 * }
3031 *
3032 * outnvl: propname -> error code (int32)
3033 */
3034static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = {
3035 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0},
3036 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0}
3037};
3038
3039static int
3040zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3041{
3042 spa_t *spa;
3043 int error;
3044 vdev_t *vd;
3045 uint64_t vdev_guid;
3046
3047 /* Early validation */
3048 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV,
3049 &vdev_guid) != 0)
3050 return (SET_ERROR(EINVAL));
3051
3052 if (outnvl == NULL)
3053 return (SET_ERROR(EINVAL));
3054
3055 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3056 return (error);
3057
3058 ASSERT(spa_writeable(spa));
3059
3060 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3061 spa_close(spa, FTAG);
3062 return (SET_ERROR(ENOENT));
3063 }
3064
3065 error = vdev_prop_set(vd, innvl, outnvl);
3066
3067 spa_close(spa, FTAG);
3068
3069 return (error);
3070}
3071
3072/*
3073 * innvl: {
3074 * "vdevprops_get_vdev" -> guid
3075 * (optional) "vdevprops_get_props" -> { propname -> propid }
3076 * }
3077 *
3078 * outnvl: propname -> value
3079 */
3080static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = {
3081 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0},
3082 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL}
3083};
3084
3085static int
3086zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3087{
3088 spa_t *spa;
3089 int error;
3090 vdev_t *vd;
3091 uint64_t vdev_guid;
3092
3093 /* Early validation */
3094 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV,
3095 &vdev_guid) != 0)
3096 return (SET_ERROR(EINVAL));
3097
3098 if (outnvl == NULL)
3099 return (SET_ERROR(EINVAL));
3100
3101 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3102 return (error);
3103
3104 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3105 spa_close(spa, FTAG);
3106 return (SET_ERROR(ENOENT));
3107 }
3108
3109 error = vdev_prop_get(vd, innvl, outnvl);
3110
3111 spa_close(spa, FTAG);
3112
3113 return (error);
3114}
3115
34dc7c2f
BB		 3116/*
3117 * inputs:
3118 * zc_name name of filesystem
3119 * zc_nvlist_src{_size} nvlist of delegated permissions
3120 * zc_perm_action allow/unallow flag
3121 *
3122 * outputs: none
3123 */
3124static int
3125zfs_ioc_set_fsacl(zfs_cmd_t *zc)
3126{
3127 int error;
3128 nvlist_t *fsaclnv = NULL;
3129
3130 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9babb374 3131 zc->zc_iflags, &fsaclnv)) != 0)
34dc7c2f
BB		 3132 return (error);
3133
3134 /*
3135 * Verify nvlist is constructed correctly
3136 */
2e7f664f 3137 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) {
34dc7c2f 3138 nvlist_free(fsaclnv);
2e528b49 3139 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 3140 }
3141
3142 /*
3143 * If we don't have PRIV_SYS_MOUNT, then validate
3144 * that user is allowed to hand out each permission in
3145 * the nvlist(s)
3146 */
3147
3148 error = secpolicy_zfs(CRED());
13fe0198 3149 if (error != 0) {
34dc7c2f
BB		 3150 if (zc->zc_perm_action == B_FALSE) {
3151 error = dsl_deleg_can_allow(zc->zc_name,
3152 fsaclnv, CRED());
3153 } else {
3154 error = dsl_deleg_can_unallow(zc->zc_name,
3155 fsaclnv, CRED());
3156 }
3157 }
3158
3159 if (error == 0)
3160 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3161
3162 nvlist_free(fsaclnv);
3163 return (error);
3164}
3165
3166/*
3167 * inputs:
3168 * zc_name name of filesystem
3169 *
3170 * outputs:
3171 * zc_nvlist_src{_size} nvlist of delegated permissions
3172 */
3173static int
3174zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3175{
3176 nvlist_t *nvp;
3177 int error;
3178
3179 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3180 error = put_nvlist(zc, nvp);
3181 nvlist_free(nvp);
3182 }
3183
3184 return (error);
3185}
3186
34dc7c2f
BB		 3187static void
3188zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3189{
3190 zfs_creat_t *zct = arg;
3191
3192 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3193}
3194
3195#define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3196
3197/*
3198 * inputs:
b128c09f 3199 * os parent objset pointer (NULL if root fs)
d3cc8b15
WA		 3200 * fuids_ok fuids allowed in this version of the spa?
3201 * sa_ok SAs allowed in this version of the spa?
3202 * createprops list of properties requested by creator
34dc7c2f
BB		 3203 *
3204 * outputs:
3205 * zplprops values for the zplprops we attach to the master node object
b128c09f 3206 * is_ci true if requested file system will be purely case-insensitive
34dc7c2f
BB		 3207 *
3208 * Determine the settings for utf8only, normalization and
3209 * casesensitivity. Specific values may have been requested by the
3210 * creator and/or we can inherit values from the parent dataset. If
3211 * the file system is of too early a vintage, a creator can not
3212 * request settings for these properties, even if the requested
3213 * setting is the default value. We don't actually want to create dsl
3214 * properties for these, so remove them from the source nvlist after
3215 * processing.
3216 */
3217static int
9babb374 3218zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
428870ff
BB		 3219 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3220 nvlist_t *zplprops, boolean_t *is_ci)
34dc7c2f 3221{
34dc7c2f
BB		 3222 uint64_t sense = ZFS_PROP_UNDEFINED;
3223 uint64_t norm = ZFS_PROP_UNDEFINED;
3224 uint64_t u8 = ZFS_PROP_UNDEFINED;
b129c659 3225 int error;
34dc7c2f
BB		 3226
3227 ASSERT(zplprops != NULL);
3228
d8d418ff 3229 /* parent dataset must be a filesystem */
87a275d9 3230 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
d8d418ff 3231 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
87a275d9 3232
34dc7c2f
BB		 3233 /*
3234 * Pull out creator prop choices, if any.
3235 */
3236 if (createprops) {
b128c09f
BB		 3237 (void) nvlist_lookup_uint64(createprops,
3238 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
34dc7c2f
BB		 3239 (void) nvlist_lookup_uint64(createprops,
3240 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3241 (void) nvlist_remove_all(createprops,
3242 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3243 (void) nvlist_lookup_uint64(createprops,
3244 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3245 (void) nvlist_remove_all(createprops,
3246 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3247 (void) nvlist_lookup_uint64(createprops,
3248 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3249 (void) nvlist_remove_all(createprops,
3250 zfs_prop_to_name(ZFS_PROP_CASE));
3251 }
3252
3253 /*
b128c09f
BB		 3254 * If the zpl version requested is whacky or the file system
3255 * or pool is version is too "young" to support normalization
3256 * and the creator tried to set a value for one of the props,
3257 * error out.
34dc7c2f 3258 */
b128c09f
BB		 3259 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3260 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
428870ff 3261 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
b128c09f 3262 (zplver < ZPL_VERSION_NORMALIZATION &&
34dc7c2f 3263 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
b128c09f 3264 sense != ZFS_PROP_UNDEFINED)))
2e528b49 3265 return (SET_ERROR(ENOTSUP));
34dc7c2f
BB		 3266
3267 /*
3268 * Put the version in the zplprops
3269 */
3270 VERIFY(nvlist_add_uint64(zplprops,
3271 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3272
b129c659
MM		 3273 if (norm == ZFS_PROP_UNDEFINED &&
3274 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3275 return (error);
34dc7c2f
BB		 3276 VERIFY(nvlist_add_uint64(zplprops,
3277 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3278
3279 /*
3280 * If we're normalizing, names must always be valid UTF-8 strings.
3281 */
3282 if (norm)
3283 u8 = 1;
b129c659
MM		 3284 if (u8 == ZFS_PROP_UNDEFINED &&
3285 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3286 return (error);
34dc7c2f
BB		 3287 VERIFY(nvlist_add_uint64(zplprops,
3288 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3289
b129c659
MM		 3290 if (sense == ZFS_PROP_UNDEFINED &&
3291 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3292 return (error);
34dc7c2f
BB		 3293 VERIFY(nvlist_add_uint64(zplprops,
3294 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3295
3296 if (is_ci)
3297 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3298
34dc7c2f
BB		 3299 return (0);
3300}
3301
b128c09f
BB		 3302static int
3303zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3304 nvlist_t *zplprops, boolean_t *is_ci)
3305{
428870ff 3306 boolean_t fuids_ok, sa_ok;
b128c09f
BB		 3307 uint64_t zplver = ZPL_VERSION;
3308 objset_t *os = NULL;
eca7b760 3309 char parentname[ZFS_MAX_DATASET_NAME_LEN];
428870ff
BB		 3310 spa_t *spa;
3311 uint64_t spa_vers;
b128c09f
BB		 3312 int error;
3313
d8d418ff 3314 zfs_get_parent(dataset, parentname, sizeof (parentname));
b128c09f 3315
428870ff
BB		 3316 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3317 return (error);
3318
3319 spa_vers = spa_version(spa);
3320 spa_close(spa, FTAG);
3321
3322 zplver = zfs_zpl_version_map(spa_vers);
3323 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3324 sa_ok = (zplver >= ZPL_VERSION_SA);
b128c09f
BB		 3325
3326 /*
3327 * Open parent object set so we can inherit zplprop values.
3328 */
428870ff 3329 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
b128c09f
BB		 3330 return (error);
3331
428870ff 3332 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
b128c09f 3333 zplprops, is_ci);
428870ff 3334 dmu_objset_rele(os, FTAG);
b128c09f
BB		 3335 return (error);
3336}
3337
3338static int
3339zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3340 nvlist_t *zplprops, boolean_t *is_ci)
3341{
428870ff
BB		 3342 boolean_t fuids_ok;
3343 boolean_t sa_ok;
b128c09f
BB		 3344 uint64_t zplver = ZPL_VERSION;
3345 int error;
3346
428870ff
BB		 3347 zplver = zfs_zpl_version_map(spa_vers);
3348 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3349 sa_ok = (zplver >= ZPL_VERSION_SA);
b128c09f 3350
428870ff
BB		 3351 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3352 createprops, zplprops, is_ci);
b128c09f
BB		 3353 return (error);
3354}
3355
34dc7c2f 3356/*
6f1ffb06
MA		 3357 * innvl: {
3358 * "type" -> dmu_objset_type_t (int32)
3359 * (optional) "props" -> { prop -> value }
b5256303
TC		 3360 * (optional) "hidden_args" -> { "wkeydata" -> value }
3361 * raw uint8_t array of encryption wrapping key data (32 bytes)
6f1ffb06 3362 * }
34dc7c2f 3363 *
6f1ffb06 3364 * outnvl: propname -> error code (int32)
34dc7c2f 3365 */
b83a0e2d
DB		 3366
3367static const zfs_ioc_key_t zfs_keys_create[] = {
3368 {"type", DATA_TYPE_INT32, 0},
3369 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3370 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3371};
3372
34dc7c2f 3373static int
6f1ffb06 3374zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3375{
34dc7c2f 3376 int error = 0;
6f1ffb06 3377 zfs_creat_t zct = { 0 };
34dc7c2f 3378 nvlist_t *nvprops = NULL;
b5256303 3379 nvlist_t *hidden_args = NULL;
34dc7c2f 3380 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
6f1ffb06
MA		 3381 dmu_objset_type_t type;
3382 boolean_t is_insensitive = B_FALSE;
b5256303 3383 dsl_crypto_params_t *dcp = NULL;
34dc7c2f 3384
b83a0e2d 3385 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
6f1ffb06 3386 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
b5256303 3387 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
34dc7c2f 3388
6f1ffb06 3389 switch (type) {
34dc7c2f
BB		 3390 case DMU_OST_ZFS:
3391 cbfunc = zfs_create_cb;
3392 break;
3393
3394 case DMU_OST_ZVOL:
3395 cbfunc = zvol_create_cb;
3396 break;
3397
3398 default:
3399 cbfunc = NULL;
3400 break;
3401 }
6f1ffb06
MA		 3402 if (strchr(fsname, '@') ||
3403 strchr(fsname, '%'))
2e528b49 3404 return (SET_ERROR(EINVAL));
34dc7c2f 3405
34dc7c2f
BB		 3406 zct.zct_props = nvprops;
3407
6f1ffb06 3408 if (cbfunc == NULL)
2e528b49 3409 return (SET_ERROR(EINVAL));
34dc7c2f 3410
6f1ffb06
MA		 3411 if (type == DMU_OST_ZVOL) {
3412 uint64_t volsize, volblocksize;
34dc7c2f 3413
6f1ffb06 3414 if (nvprops == NULL)
2e528b49 3415 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3416 if (nvlist_lookup_uint64(nvprops,
3417 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
2e528b49 3418 return (SET_ERROR(EINVAL));
34dc7c2f 3419
6f1ffb06
MA		 3420 if ((error = nvlist_lookup_uint64(nvprops,
3421 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3422 &volblocksize)) != 0 && error != ENOENT)
2e528b49 3423 return (SET_ERROR(EINVAL));
34dc7c2f 3424
6f1ffb06
MA		 3425 if (error != 0)
3426 volblocksize = zfs_prop_default_numeric(
3427 ZFS_PROP_VOLBLOCKSIZE);
34dc7c2f 3428
4cb7b9c5 3429 if ((error = zvol_check_volblocksize(fsname,
6f1ffb06
MA		 3430 volblocksize)) != 0 ||
3431 (error = zvol_check_volsize(volsize,
3432 volblocksize)) != 0)
3433 return (error);
3434 } else if (type == DMU_OST_ZFS) {
3435 int error;
34dc7c2f 3436
6f1ffb06
MA		 3437 /*
3438 * We have to have normalization and
3439 * case-folding flags correct when we do the
3440 * file system creation, so go figure them out
3441 * now.
3442 */
3443 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3444 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3445 error = zfs_fill_zplprops(fsname, nvprops,
3446 zct.zct_zplprops, &is_insensitive);
3447 if (error != 0) {
3448 nvlist_free(zct.zct_zplprops);
3449 return (error);
34dc7c2f 3450 }
34dc7c2f
BB		 3451 }
3452
b5256303
TC		 3453 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3454 hidden_args, &dcp);
3455 if (error != 0) {
3456 nvlist_free(zct.zct_zplprops);
3457 return (error);
3458 }
3459
6f1ffb06 3460 error = dmu_objset_create(fsname, type,
b5256303
TC		 3461 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3462
6f1ffb06 3463 nvlist_free(zct.zct_zplprops);
b5256303 3464 dsl_crypto_params_free(dcp, !!error);
6f1ffb06 3465
34dc7c2f
BB		 3466 /*
3467 * It would be nice to do this atomically.
3468 */
3469 if (error == 0) {
6f1ffb06
MA		 3470 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3471 nvprops, outnvl);
f74b821a
BB		 3472 if (error != 0) {
3473 spa_t *spa;
3474 int error2;
3475
3476 /*
3477 * Volumes will return EBUSY and cannot be destroyed
ec213971
MA		 3478 * until all asynchronous minor handling (e.g. from
3479 * setting the volmode property) has completed. Wait for
3480 * the spa_zvol_taskq to drain then retry.
f74b821a
BB		 3481 */
3482 error2 = dsl_destroy_head(fsname);
3483 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3484 error2 = spa_open(fsname, &spa, FTAG);
3485 if (error2 == 0) {
3486 taskq_wait(spa->spa_zvol_taskq);
3487 spa_close(spa, FTAG);
3488 }
3489 error2 = dsl_destroy_head(fsname);
3490 }
3491 }
34dc7c2f 3492 }
34dc7c2f
BB		 3493 return (error);
3494}
3495
3496/*
6f1ffb06
MA		 3497 * innvl: {
3498 * "origin" -> name of origin snapshot
3499 * (optional) "props" -> { prop -> value }
b5256303
TC		 3500 * (optional) "hidden_args" -> { "wkeydata" -> value }
3501 * raw uint8_t array of encryption wrapping key data (32 bytes)
6f1ffb06 3502 * }
34dc7c2f 3503 *
428870ff 3504 * outputs:
6f1ffb06 3505 * outnvl: propname -> error code (int32)
34dc7c2f 3506 */
b83a0e2d
DB		 3507static const zfs_ioc_key_t zfs_keys_clone[] = {
3508 {"origin", DATA_TYPE_STRING, 0},
3509 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3510 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3511};
3512
34dc7c2f 3513static int
6f1ffb06 3514zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3515{
6f1ffb06 3516 int error = 0;
b128c09f 3517 nvlist_t *nvprops = NULL;
4d55ea81 3518 const char *origin_name;
b128c09f 3519
b83a0e2d 3520 origin_name = fnvlist_lookup_string(innvl, "origin");
6f1ffb06 3521 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
b128c09f 3522
6f1ffb06
MA		 3523 if (strchr(fsname, '@') ||
3524 strchr(fsname, '%'))
2e528b49 3525 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3526
3527 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
2e528b49 3528 return (SET_ERROR(EINVAL));
b5256303 3529
13fe0198 3530 error = dmu_objset_clone(fsname, origin_name);
b128c09f 3531
6f1ffb06
MA		 3532 /*
3533 * It would be nice to do this atomically.
3534 */
3535 if (error == 0) {
3536 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3537 nvprops, outnvl);
3538 if (error != 0)
13fe0198 3539 (void) dsl_destroy_head(fsname);
b128c09f 3540 }
6f1ffb06
MA		 3541 return (error);
3542}
9babb374 3543
b83a0e2d
DB		 3544static const zfs_ioc_key_t zfs_keys_remap[] = {
3545 /* no nvl keys */
3546};
3547
a1d477c2
MA		 3548static int
3549zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3550{
59ec30a3 3551 /* This IOCTL is no longer supported. */
ef70eff1 3552 (void) fsname, (void) innvl, (void) outnvl;
59ec30a3 3553 return (0);
a1d477c2
MA		 3554}
3555
6f1ffb06
MA		 3556/*
3557 * innvl: {
3558 * "snaps" -> { snapshot1, snapshot2 }
3559 * (optional) "props" -> { prop -> value (string) }
3560 * }
3561 *
3562 * outnvl: snapshot -> error code (int32)
6f1ffb06 3563 */
b83a0e2d
DB		 3564static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3565 {"snaps", DATA_TYPE_NVLIST, 0},
3566 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3567};
3568
6f1ffb06
MA		 3569static int
3570zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3571{
3572 nvlist_t *snaps;
3573 nvlist_t *props = NULL;
3574 int error, poollen;
1c27024e 3575 nvpair_t *pair;
9babb374 3576
6f1ffb06 3577 (void) nvlist_lookup_nvlist(innvl, "props", &props);
6f1ffb06
MA		 3578 if (!nvlist_empty(props) &&
3579 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
2e528b49 3580 return (SET_ERROR(ENOTSUP));
e6203d28
AG		 3581 if ((error = zfs_check_userprops(props)) != 0)
3582 return (error);
6f1ffb06 3583
b83a0e2d 3584 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
6f1ffb06
MA		 3585 poollen = strlen(poolname);
3586 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3587 pair = nvlist_next_nvpair(snaps, pair)) {
3588 const char *name = nvpair_name(pair);
e6203d28 3589 char *cp = strchr(name, '@');
6f1ffb06
MA		 3590
3591 /*
3592 * The snap name must contain an @, and the part after it must
3593 * contain only valid characters.
3594 */
da536844
MA		 3595 if (cp == NULL ||
3596 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
2e528b49 3597 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3598
3599 /*
3600 * The snap must be in the specified pool.
3601 */
3602 if (strncmp(name, poolname, poollen) != 0 ||
3603 (name[poollen] != '/' && name[poollen] != '@'))
2e528b49 3604 return (SET_ERROR(EXDEV));
6f1ffb06 3605
e6203d28
AG		 3606 /*
3607 * Check for permission to set the properties on the fs.
3608 */
3609 if (!nvlist_empty(props)) {
3610 *cp = '\0';
3611 error = zfs_secpolicy_write_perms(name,
3612 ZFS_DELEG_PERM_USERPROP, CRED());
3613 *cp = '@';
3614 if (error != 0)
3615 return (error);
3616 }
3617
6f1ffb06 3618 /* This must be the only snap of this fs. */
1c27024e 3619 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
6f1ffb06
MA		 3620 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3621 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3622 == 0) {
2e528b49 3623 return (SET_ERROR(EXDEV));
6f1ffb06
MA		 3624 }
3625 }
3626 }
3627
13fe0198 3628 error = dsl_dataset_snapshot(snaps, props, outnvl);
ba6a2402 3629
6f1ffb06
MA		 3630 return (error);
3631}
3632
3633/*
3634 * innvl: "message" -> string
3635 */
b83a0e2d
DB		 3636static const zfs_ioc_key_t zfs_keys_log_history[] = {
3637 {"message", DATA_TYPE_STRING, 0},
3638};
3639
6f1ffb06
MA		 3640static int
3641zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3642{
ef70eff1 3643 (void) unused, (void) outnvl;
4d55ea81
RM		 3644 const char *message;
3645 char *poolname;
6f1ffb06
MA		 3646 spa_t *spa;
3647 int error;
6f1ffb06
MA		 3648
3649 /*
3650 * The poolname in the ioctl is not set, we get it from the TSD,
3651 * which was set at the end of the last successful ioctl that allows
3652 * logging. The secpolicy func already checked that it is set.
3653 * Only one log ioctl is allowed after each successful ioctl, so
3654 * we clear the TSD here.
3655 */
3656 poolname = tsd_get(zfs_allow_log_key);
9f3d1407 3657 if (poolname == NULL)
3658 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3659 (void) tsd_set(zfs_allow_log_key, NULL);
3660 error = spa_open(poolname, &spa, FTAG);
e4f5fa12 3661 kmem_strfree(poolname);
6f1ffb06
MA		 3662 if (error != 0)
3663 return (error);
3664
b83a0e2d 3665 message = fnvlist_lookup_string(innvl, "message");
6f1ffb06
MA		 3666
3667 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3668 spa_close(spa, FTAG);
2e528b49 3669 return (SET_ERROR(ENOTSUP));
6f1ffb06
MA		 3670 }
3671
3672 error = spa_history_log(spa, message);
3673 spa_close(spa, FTAG);
b128c09f 3674 return (error);
34dc7c2f
BB		 3675}
3676
108a454a
PD		 3677/*
3678 * This ioctl is used to set the bootenv configuration on the current
3679 * pool. This configuration is stored in the second padding area of the label,
1db9e6e4
TS		 3680 * and it is used by the bootloader(s) to store the bootloader and/or system
3681 * specific data.
3682 * The data is stored as nvlist data stream, and is protected by
3683 * an embedded checksum.
3684 * The version can have two possible values:
3685 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3686 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
108a454a 3687 */
108a454a 3688static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
1db9e6e4
TS		 3689 {"version", DATA_TYPE_UINT64, 0},
3690 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
108a454a
PD		 3691};
3692
3693static int
3694zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3695{
108a454a
PD		 3696 int error;
3697 spa_t *spa;
3698
108a454a
PD		 3699 if ((error = spa_open(name, &spa, FTAG)) != 0)
3700 return (error);
3701 spa_vdev_state_enter(spa, SCL_ALL);
1db9e6e4 3702 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
108a454a
PD		 3703 (void) spa_vdev_state_exit(spa, NULL, 0);
3704 spa_close(spa, FTAG);
3705 return (error);
3706}
3707
3708static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3709 /* no nvl keys */
3710};
3711
108a454a
PD		 3712static int
3713zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3714{
3715 spa_t *spa;
3716 int error;
3717
3718 if ((error = spa_open(name, &spa, FTAG)) != 0)
3719 return (error);
3720 spa_vdev_state_enter(spa, SCL_ALL);
3721 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3722 (void) spa_vdev_state_exit(spa, NULL, 0);
3723 spa_close(spa, FTAG);
3724 return (error);
3725}
3726
ebe7e575 3727/*
13fe0198
MA		 3728 * The dp_config_rwlock must not be held when calling this, because the
3729 * unmount may need to write out data.
3730 *
3731 * This function is best-effort. Callers must deal gracefully if it
3732 * remains mounted (or is remounted after this call).
d09f25dc 3733 *
278bee93
BB		 3734 * Returns 0 if the argument is not a snapshot, or it is not currently a
3735 * filesystem, or we were able to unmount it. Returns error code otherwise.
ebe7e575 3736 */
8d103d88 3737void
13fe0198 3738zfs_unmount_snap(const char *snapname)
34dc7c2f 3739{
278bee93 3740 if (strchr(snapname, '@') == NULL)
8d103d88 3741 return;
ebe7e575 3742
4d55ea81 3743 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
13fe0198
MA		 3744}
3745
13fe0198
MA		 3746static int
3747zfs_unmount_snap_cb(const char *snapname, void *arg)
3748{
ef70eff1 3749 (void) arg;
8d103d88
SD		 3750 zfs_unmount_snap(snapname);
3751 return (0);
13fe0198
MA		 3752}
3753
3754/*
3755 * When a clone is destroyed, its origin may also need to be destroyed,
3756 * in which case it must be unmounted. This routine will do that unmount
3757 * if necessary.
3758 */
3759void
3760zfs_destroy_unmount_origin(const char *fsname)
3761{
3762 int error;
3763 objset_t *os;
3764 dsl_dataset_t *ds;
3765
3766 error = dmu_objset_hold(fsname, FTAG, &os);
3767 if (error != 0)
3768 return;
3769 ds = dmu_objset_ds(os);
3770 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
eca7b760 3771 char originname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 3772 dsl_dataset_name(ds->ds_prev, originname);
3773 dmu_objset_rele(os, FTAG);
8d103d88 3774 zfs_unmount_snap(originname);
13fe0198
MA		 3775 } else {
3776 dmu_objset_rele(os, FTAG);
3777 }
34dc7c2f
BB		 3778}
3779
3780/*
6f1ffb06
MA		 3781 * innvl: {
3782 * "snaps" -> { snapshot1, snapshot2 }
3783 * (optional boolean) "defer"
3784 * }
34dc7c2f 3785 *
6f1ffb06 3786 * outnvl: snapshot -> error code (int32)
34dc7c2f 3787 */
b83a0e2d
DB		 3788static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3789 {"snaps", DATA_TYPE_NVLIST, 0},
7bb0c294 3790 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
b83a0e2d
DB		 3791};
3792
34dc7c2f 3793static int
6f1ffb06 3794zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3795{
7bb0c294 3796 int poollen;
6f1ffb06 3797 nvlist_t *snaps;
330d06f9 3798 nvpair_t *pair;
6f1ffb06 3799 boolean_t defer;
7bb0c294 3800 spa_t *spa;
34dc7c2f 3801
b83a0e2d 3802 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
6f1ffb06 3803 defer = nvlist_exists(innvl, "defer");
330d06f9 3804
7bb0c294 3805 poollen = strlen(poolname);
6f1ffb06
MA		 3806 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3807 pair = nvlist_next_nvpair(snaps, pair)) {
7bb0c294
MM		 3808 const char *name = nvpair_name(pair);
3809
3810 /*
3811 * The snap must be in the specified pool to prevent the
3812 * invalid removal of zvol minors below.
3813 */
3814 if (strncmp(name, poolname, poollen) != 0 ||
3815 (name[poollen] != '/' && name[poollen] != '@'))
3816 return (SET_ERROR(EXDEV));
3817
8d103d88 3818 zfs_unmount_snap(nvpair_name(pair));
7bb0c294
MM		 3819 if (spa_open(name, &spa, FTAG) == 0) {
3820 zvol_remove_minors(spa, name, B_TRUE);
3821 spa_close(spa, FTAG);
3822 }
da536844
MA		 3823 }
3824
3825 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3826}
3827
3828/*
a73f361f
CS		 3829 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3830 * All bookmarks and snapshots must be in the same pool.
3831 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
da536844
MA		 3832 *
3833 * innvl: {
a73f361f
CS		 3834 * new_bookmark1 -> existing_snapshot,
3835 * new_bookmark2 -> existing_bookmark,
da536844
MA		 3836 * }
3837 *
3838 * outnvl: bookmark -> error code (int32)
3839 *
3840 */
b83a0e2d
DB		 3841static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3842 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3843};
3844
da536844
MA		 3845static int
3846zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3847{
ef70eff1 3848 (void) poolname;
da536844
MA		 3849 return (dsl_bookmark_create(innvl, outnvl));
3850}
3851
3852/*
3853 * innvl: {
3854 * property 1, property 2, ...
3855 * }
3856 *
3857 * outnvl: {
3858 * bookmark name 1 -> { property 1, property 2, ... },
3859 * bookmark name 2 -> { property 1, property 2, ... }
3860 * }
3861 *
3862 */
b83a0e2d
DB		 3863static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3864 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3865};
3866
da536844
MA		 3867static int
3868zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3869{
3870 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3871}
3872
30af21b0
PD		 3873/*
3874 * innvl is not used.
3875 *
3876 * outnvl: {
3877 * property 1, property 2, ...
3878 * }
3879 *
3880 */
3881static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3882 /* no nvl keys */
3883};
3884
30af21b0
PD		 3885static int
3886zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3887 nvlist_t *outnvl)
3888{
ef70eff1 3889 (void) innvl;
30af21b0
PD		 3890 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3891 char *bmname;
3892
3893 bmname = strchr(bookmark, '#');
3894 if (bmname == NULL)
3895 return (SET_ERROR(EINVAL));
3896 bmname++;
3897
3898 (void) strlcpy(fsname, bookmark, sizeof (fsname));
3899 *(strchr(fsname, '#')) = '\0';
3900
3901 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
3902}
3903
da536844
MA		 3904/*
3905 * innvl: {
3906 * bookmark name 1, bookmark name 2
3907 * }
3908 *
3909 * outnvl: bookmark -> error code (int32)
3910 *
3911 */
b83a0e2d
DB		 3912static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
3913 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
3914};
3915
da536844
MA		 3916static int
3917zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3918 nvlist_t *outnvl)
3919{
3920 int error, poollen;
da536844
MA		 3921
3922 poollen = strlen(poolname);
1c27024e 3923 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
da536844 3924 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
330d06f9 3925 const char *name = nvpair_name(pair);
da536844 3926 const char *cp = strchr(name, '#');
6f1ffb06 3927
330d06f9 3928 /*
da536844
MA		 3929 * The bookmark name must contain an #, and the part after it
3930 * must contain only valid characters.
3931 */
3932 if (cp == NULL ||
3933 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3934 return (SET_ERROR(EINVAL));
3935
3936 /*
3937 * The bookmark must be in the specified pool.
330d06f9 3938 */
6f1ffb06 3939 if (strncmp(name, poolname, poollen) != 0 ||
da536844 3940 (name[poollen] != '/' && name[poollen] != '#'))
2e528b49 3941 return (SET_ERROR(EXDEV));
330d06f9
MA		 3942 }
3943
da536844
MA		 3944 error = dsl_bookmark_destroy(innvl, outnvl);
3945 return (error);
34dc7c2f
BB		 3946}
3947
b83a0e2d
DB		 3948static const zfs_ioc_key_t zfs_keys_channel_program[] = {
3949 {"program", DATA_TYPE_STRING, 0},
3950 {"arg", DATA_TYPE_ANY, 0},
3951 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
3952 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3953 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
3954};
3955
d99a0153
CW		 3956static int
3957zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
3958 nvlist_t *outnvl)
3959{
d1807f16 3960 const char *program;
d99a0153 3961 uint64_t instrlimit, memlimit;
5b72a38d 3962 boolean_t sync_flag;
d99a0153
CW		 3963 nvpair_t *nvarg = NULL;
3964
b83a0e2d 3965 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
5b72a38d
SD		 3966 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
3967 sync_flag = B_TRUE;
3968 }
d99a0153
CW		 3969 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
3970 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
3971 }
3972 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
3973 memlimit = ZCP_DEFAULT_MEMLIMIT;
3974 }
b83a0e2d 3975 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
d99a0153
CW		 3976
3977 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
7bb0c294 3978 return (SET_ERROR(EINVAL));
234c91c5 3979 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
7bb0c294 3980 return (SET_ERROR(EINVAL));
d99a0153 3981
5b72a38d 3982 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
d99a0153
CW		 3983 nvarg, outnvl));
3984}
3985
d2734cce
SD		 3986/*
3987 * innvl: unused
3988 * outnvl: empty
3989 */
b83a0e2d
DB		 3990static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
3991 /* no nvl keys */
3992};
3993
d2734cce
SD		 3994static int
3995zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3996{
ef70eff1 3997 (void) innvl, (void) outnvl;
d2734cce
SD		 3998 return (spa_checkpoint(poolname));
3999}
4000
4001/*
4002 * innvl: unused
4003 * outnvl: empty
4004 */
b83a0e2d
DB		 4005static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
4006 /* no nvl keys */
4007};
4008
d2734cce
SD		 4009static int
4010zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
4011 nvlist_t *outnvl)
4012{
ef70eff1 4013 (void) innvl, (void) outnvl;
d2734cce
SD		 4014 return (spa_checkpoint_discard(poolname));
4015}
4016
34dc7c2f
BB		 4017/*
4018 * inputs:
4019 * zc_name name of dataset to destroy
45d1cae3 4020 * zc_defer_destroy mark for deferred destroy
34dc7c2f
BB		 4021 *
4022 * outputs: none
4023 */
4024static int
4025zfs_ioc_destroy(zfs_cmd_t *zc)
4026{
dc1c630b
AG		 4027 objset_t *os;
4028 dmu_objset_type_t ost;
428870ff 4029 int err;
d09f25dc 4030
dc1c630b
AG		 4031 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4032 if (err != 0)
4033 return (err);
4034 ost = dmu_objset_type(os);
4035 dmu_objset_rele(os, FTAG);
4036
4037 if (ost == DMU_OST_ZFS)
8d103d88 4038 zfs_unmount_snap(zc->zc_name);
34dc7c2f 4039
1b87e0f5 4040 if (strchr(zc->zc_name, '@')) {
13fe0198 4041 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
1b87e0f5 4042 } else {
13fe0198 4043 err = dsl_destroy_head(zc->zc_name);
1b87e0f5
RS		 4044 if (err == EEXIST) {
4045 /*
4046 * It is possible that the given DS may have
4047 * hidden child (%recv) datasets - "leftovers"
4048 * resulting from the previously interrupted
4049 * 'zfs receive'.
4050 *
4051 * 6 extra bytes for /%recv
4052 */
4053 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
4054
682ce104
TH		 4055 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
4056 zc->zc_name, recv_clone_name) >=
4057 sizeof (namebuf))
4058 return (SET_ERROR(EINVAL));
1b87e0f5
RS		 4059
4060 /*
4061 * Try to remove the hidden child (%recv) and after
4062 * that try to remove the target dataset.
4063 * If the hidden child (%recv) does not exist
4064 * the original error (EEXIST) will be returned
4065 */
4066 err = dsl_destroy_head(namebuf);
4067 if (err == 0)
4068 err = dsl_destroy_head(zc->zc_name);
4069 else if (err == ENOENT)
ecb2b7dc 4070 err = SET_ERROR(EEXIST);
1b87e0f5
RS		 4071 }
4072 }
a0bd735a 4073
428870ff 4074 return (err);
34dc7c2f
BB		 4075}
4076
619f0976
GW		 4077/*
4078 * innvl: {
1b939560 4079 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
c10d37dd
GW		 4080 * "initialize_vdevs": { -> guids to initialize (nvlist)
4081 * "vdev_path_1": vdev_guid_1, (uint64),
4082 * "vdev_path_2": vdev_guid_2, (uint64),
4083 * ...
619f0976 4084 * },
619f0976
GW		 4085 * }
4086 *
4087 * outnvl: {
c10d37dd
GW		 4088 * "initialize_vdevs": { -> initialization errors (nvlist)
4089 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4090 * "vdev_path_2": errno, ... (uint64)
619f0976 4091 * ...
c10d37dd 4092 * }
619f0976
GW		 4093 * }
4094 *
c10d37dd
GW		 4095 * EINVAL is returned for an unknown commands or if any of the provided vdev
4096 * guids have be specified with a type other than uint64.
619f0976
GW		 4097 */
4098static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
c10d37dd 4099 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
619f0976
GW		 4100 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
4101};
4102
4103static int
4104zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4105{
619f0976
GW		 4106 uint64_t cmd_type;
4107 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
4108 &cmd_type) != 0) {
619f0976
GW		 4109 return (SET_ERROR(EINVAL));
4110 }
c10d37dd 4111
619f0976 4112 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
1b939560 4113 cmd_type == POOL_INITIALIZE_START ||
e34e15ed
BB		 4114 cmd_type == POOL_INITIALIZE_SUSPEND ||
4115 cmd_type == POOL_INITIALIZE_UNINIT)) {
619f0976
GW		 4116 return (SET_ERROR(EINVAL));
4117 }
4118
4119 nvlist_t *vdev_guids;
4120 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
4121 &vdev_guids) != 0) {
619f0976
GW		 4122 return (SET_ERROR(EINVAL));
4123 }
4124
619f0976
GW		 4125 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4126 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
c10d37dd
GW		 4127 uint64_t vdev_guid;
4128 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4129 return (SET_ERROR(EINVAL));
619f0976
GW		 4130 }
4131 }
c10d37dd
GW		 4132
4133 spa_t *spa;
4134 int error = spa_open(poolname, &spa, FTAG);
4135 if (error != 0)
4136 return (error);
4137
4138 nvlist_t *vdev_errlist = fnvlist_alloc();
4139 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
4140 vdev_errlist);
4141
619f0976
GW		 4142 if (fnvlist_size(vdev_errlist) > 0) {
4143 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
4144 vdev_errlist);
4145 }
4146 fnvlist_free(vdev_errlist);
4147
4148 spa_close(spa, FTAG);
51568629 4149 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
619f0976
GW		 4150}
4151
1b939560
BB		 4152/*
4153 * innvl: {
4154 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
4155 * "trim_vdevs": { -> guids to TRIM (nvlist)
4156 * "vdev_path_1": vdev_guid_1, (uint64),
4157 * "vdev_path_2": vdev_guid_2, (uint64),
4158 * ...
4159 * },
4160 * "trim_rate" -> Target TRIM rate in bytes/sec.
4161 * "trim_secure" -> Set to request a secure TRIM.
4162 * }
4163 *
4164 * outnvl: {
4165 * "trim_vdevs": { -> TRIM errors (nvlist)
4166 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4167 * "vdev_path_2": errno, ... (uint64)
4168 * ...
4169 * }
4170 * }
4171 *
4172 * EINVAL is returned for an unknown commands or if any of the provided vdev
4173 * guids have be specified with a type other than uint64.
4174 */
4175static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4176 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4177 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4178 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4179 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4180};
4181
4182static int
4183zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4184{
4185 uint64_t cmd_type;
4186 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4187 return (SET_ERROR(EINVAL));
4188
4189 if (!(cmd_type == POOL_TRIM_CANCEL ||
4190 cmd_type == POOL_TRIM_START ||
4191 cmd_type == POOL_TRIM_SUSPEND)) {
4192 return (SET_ERROR(EINVAL));
4193 }
4194
4195 nvlist_t *vdev_guids;
4196 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4197 return (SET_ERROR(EINVAL));
4198
4199 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4200 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4201 uint64_t vdev_guid;
4202 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4203 return (SET_ERROR(EINVAL));
4204 }
4205 }
4206
4207 /* Optional, defaults to maximum rate when not provided */
4208 uint64_t rate;
4209 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4210 rate = 0;
4211
4212 /* Optional, defaults to standard TRIM when not provided */
4213 boolean_t secure;
4214 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4215 &secure) != 0) {
4216 secure = B_FALSE;
4217 }
4218
4219 spa_t *spa;
4220 int error = spa_open(poolname, &spa, FTAG);
4221 if (error != 0)
4222 return (error);
4223
4224 nvlist_t *vdev_errlist = fnvlist_alloc();
4225 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4226 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4227
4228 if (fnvlist_size(vdev_errlist) > 0)
4229 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4230
4231 fnvlist_free(vdev_errlist);
4232
4233 spa_close(spa, FTAG);
51568629 4234 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
1b939560
BB		 4235}
4236
e60e158e
JG		 4237/*
4238 * This ioctl waits for activity of a particular type to complete. If there is
4239 * no activity of that type in progress, it returns immediately, and the
4240 * returned value "waited" is false. If there is activity in progress, and no
4241 * tag is passed in, the ioctl blocks until all activity of that type is
4242 * complete, and then returns with "waited" set to true.
4243 *
4244 * If a tag is provided, it identifies a particular instance of an activity to
4245 * wait for. Currently, this is only valid for use with 'initialize', because
4246 * that is the only activity for which there can be multiple instances running
4247 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4248 * the vdev on which to wait.
4249 *
4250 * If a thread waiting in the ioctl receives a signal, the call will return
4251 * immediately, and the return value will be EINTR.
4252 *
4253 * innvl: {
4254 * "wait_activity" -> int32_t
4255 * (optional) "wait_tag" -> uint64_t
4256 * }
4257 *
4258 * outnvl: "waited" -> boolean_t
4259 */
4260static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4261 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4262 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4263};
4264
4265static int
4266zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4267{
4268 int32_t activity;
4269 uint64_t tag;
4270 boolean_t waited;
4271 int error;
4272
4273 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4274 return (EINVAL);
4275
4276 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4277 error = spa_wait_tag(name, activity, tag, &waited);
4278 else
4279 error = spa_wait(name, activity, &waited);
4280
4281 if (error == 0)
4282 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4283
4284 return (error);
4285}
4286
5a42ef04
PD		 4287/*
4288 * This ioctl waits for activity of a particular type to complete. If there is
4289 * no activity of that type in progress, it returns immediately, and the
4290 * returned value "waited" is false. If there is activity in progress, and no
4291 * tag is passed in, the ioctl blocks until all activity of that type is
4292 * complete, and then returns with "waited" set to true.
4293 *
4294 * If a thread waiting in the ioctl receives a signal, the call will return
4295 * immediately, and the return value will be EINTR.
4296 *
4297 * innvl: {
4298 * "wait_activity" -> int32_t
4299 * }
4300 *
4301 * outnvl: "waited" -> boolean_t
4302 */
4303static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4304 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4305};
4306
4307static int
4308zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4309{
4310 int32_t activity;
4311 boolean_t waited = B_FALSE;
4312 int error;
4313 dsl_pool_t *dp;
4314 dsl_dir_t *dd;
4315 dsl_dataset_t *ds;
4316
4317 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4318 return (SET_ERROR(EINVAL));
4319
4320 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4321 return (SET_ERROR(EINVAL));
4322
4323 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4324 return (error);
4325
4326 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4327 dsl_pool_rele(dp, FTAG);
4328 return (error);
4329 }
4330
4331 dd = ds->ds_dir;
4332 mutex_enter(&dd->dd_activity_lock);
4333 dd->dd_activity_waiters++;
4334
4335 /*
4336 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4337 * aren't evicted while we're waiting. Normally this is prevented by
4338 * holding the pool, but we can't do that while we're waiting since
4339 * that would prevent TXGs from syncing out. Some of the functionality
4340 * of long-holds (e.g. preventing deletion) is unnecessary for this
4341 * case, since we would cancel the waiters before proceeding with a
4342 * deletion. An alternative mechanism for keeping the dataset around
4343 * could be developed but this is simpler.
4344 */
4345 dsl_dataset_long_hold(ds, FTAG);
4346 dsl_pool_rele(dp, FTAG);
4347
4348 error = dsl_dir_wait(dd, ds, activity, &waited);
4349
4350 dsl_dataset_long_rele(ds, FTAG);
4351 dd->dd_activity_waiters--;
4352 if (dd->dd_activity_waiters == 0)
4353 cv_signal(&dd->dd_activity_cv);
4354 mutex_exit(&dd->dd_activity_lock);
4355
4356 dsl_dataset_rele(ds, FTAG);
4357
4358 if (error == 0)
4359 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4360
4361 return (error);
4362}
4363
34dc7c2f 4364/*
46ba1e59 4365 * fsname is name of dataset to rollback (to most recent snapshot)
34dc7c2f 4366 *
8ca78ab0 4367 * innvl may contain name of expected target snapshot
46ba1e59
MA		 4368 *
4369 * outnvl: "target" -> name of most recent snapshot
4370 * }
34dc7c2f 4371 */
b83a0e2d
DB		 4372static const zfs_ioc_key_t zfs_keys_rollback[] = {
4373 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4374};
4375
34dc7c2f 4376static int
8ca78ab0 4377zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 4378{
0037b49e 4379 zfsvfs_t *zfsvfs;
5df7e9d8 4380 zvol_state_handle_t *zv;
d1807f16 4381 const char *target = NULL;
13fe0198 4382 int error;
34dc7c2f 4383
8ca78ab0
AG		 4384 (void) nvlist_lookup_string(innvl, "target", &target);
4385 if (target != NULL) {
13342832 4386 const char *cp = strchr(target, '@');
8ca78ab0 4387
13342832
AG		 4388 /*
4389 * The snap name must contain an @, and the part after it must
4390 * contain only valid characters.
4391 */
4392 if (cp == NULL ||
4393 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
8ca78ab0
AG		 4394 return (SET_ERROR(EINVAL));
4395 }
4396
f298b24d 4397 if (getzfsvfs(fsname, &zfsvfs) == 0) {
ec923db2
GM		 4398 dsl_dataset_t *ds;
4399
0037b49e
BB		 4400 ds = dmu_objset_ds(zfsvfs->z_os);
4401 error = zfs_suspend_fs(zfsvfs);
34dc7c2f
BB		 4402 if (error == 0) {
4403 int resume_err;
4404
8ca78ab0
AG		 4405 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4406 outnvl);
0037b49e 4407 resume_err = zfs_resume_fs(zfsvfs, ds);
34dc7c2f 4408 error = error ? error : resume_err;
34dc7c2f 4409 }
362ae8d1 4410 zfs_vfs_rele(zfsvfs);
040dab99 4411 } else if ((zv = zvol_suspend(fsname)) != NULL) {
8ca78ab0
AG		 4412 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4413 outnvl);
040dab99 4414 zvol_resume(zv);
34dc7c2f 4415 } else {
8ca78ab0 4416 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
34dc7c2f 4417 }
13fe0198
MA		 4418 return (error);
4419}
34dc7c2f 4420
13fe0198
MA		 4421static int
4422recursive_unmount(const char *fsname, void *arg)
4423{
4424 const char *snapname = arg;
4425 char *fullname;
428870ff 4426
13fe0198 4427 fullname = kmem_asprintf("%s@%s", fsname, snapname);
8d103d88 4428 zfs_unmount_snap(fullname);
e4f5fa12 4429 kmem_strfree(fullname);
00fcdee1 4430
8d103d88 4431 return (0);
34dc7c2f
BB		 4432}
4433
30af21b0
PD		 4434/*
4435 *
4436 * snapname is the snapshot to redact.
4437 * innvl: {
4438 * "bookname" -> (string)
a73f361f 4439 * shortname of the redaction bookmark to generate
30af21b0
PD		 4440 * "snapnv" -> (nvlist, values ignored)
4441 * snapshots to redact snapname with respect to
4442 * }
4443 *
4444 * outnvl is unused
4445 */
4446
30af21b0
PD		 4447static const zfs_ioc_key_t zfs_keys_redact[] = {
4448 {"bookname", DATA_TYPE_STRING, 0},
4449 {"snapnv", DATA_TYPE_NVLIST, 0},
4450};
ef70eff1 4451
30af21b0
PD		 4452static int
4453zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4454{
ef70eff1 4455 (void) outnvl;
30af21b0 4456 nvlist_t *redactnvl = NULL;
d1807f16 4457 const char *redactbook = NULL;
30af21b0
PD		 4458
4459 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4460 return (SET_ERROR(EINVAL));
4461 if (fnvlist_num_pairs(redactnvl) == 0)
4462 return (SET_ERROR(ENXIO));
4463 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4464 return (SET_ERROR(EINVAL));
4465
4466 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4467}
4468
34dc7c2f
BB		 4469/*
4470 * inputs:
4471 * zc_name old name of dataset
4472 * zc_value new name of dataset
4473 * zc_cookie recursive flag (only valid for snapshots)
4474 *
4475 * outputs: none
4476 */
4477static int
4478zfs_ioc_rename(zfs_cmd_t *zc)
4479{
dc1c630b
AG		 4480 objset_t *os;
4481 dmu_objset_type_t ost;
34dc7c2f 4482 boolean_t recursive = zc->zc_cookie & 1;
7b4e2723 4483 boolean_t nounmount = !!(zc->zc_cookie & 2);
13fe0198 4484 char *at;
dc1c630b 4485 int err;
34dc7c2f 4486
650258d7 4487 /* "zfs rename" from and to ...%recv datasets should both fail */
4488 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
34dc7c2f 4489 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
650258d7 4490 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4491 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4492 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
2e528b49 4493 return (SET_ERROR(EINVAL));
34dc7c2f 4494
dc1c630b
AG		 4495 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4496 if (err != 0)
4497 return (err);
4498 ost = dmu_objset_type(os);
4499 dmu_objset_rele(os, FTAG);
4500
13fe0198
MA		 4501 at = strchr(zc->zc_name, '@');
4502 if (at != NULL) {
4503 /* snaps must be in same fs */
9554185d
SH		 4504 int error;
4505
13fe0198 4506 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
2e528b49 4507 return (SET_ERROR(EXDEV));
13fe0198 4508 *at = '\0';
7b4e2723 4509 if (ost == DMU_OST_ZFS && !nounmount) {
9554185d 4510 error = dmu_objset_find(zc->zc_name,
13fe0198
MA		 4511 recursive_unmount, at + 1,
4512 recursive ? DS_FIND_CHILDREN : 0);
9554185d
SH		 4513 if (error != 0) {
4514 *at = '@';
13fe0198 4515 return (error);
9554185d 4516 }
13fe0198 4517 }
9554185d
SH		 4518 error = dsl_dataset_rename_snapshot(zc->zc_name,
4519 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4520 *at = '@';
4521
4522 return (error);
13fe0198 4523 } else {
ba6a2402 4524 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
95c73795 4525 }
34dc7c2f
BB		 4526}
4527
428870ff
BB		 4528static int
4529zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4530{
4531 const char *propname = nvpair_name(pair);
4532 boolean_t issnap = (strchr(dsname, '@') != NULL);
4533 zfs_prop_t prop = zfs_name_to_prop(propname);
10b3c7f5 4534 uint64_t intval, compval;
428870ff
BB		 4535 int err;
4536
4ff7a8fa 4537 if (prop == ZPROP_USERPROP) {
428870ff 4538 if (zfs_prop_user(propname)) {
c65aa5b2
BB		 4539 if ((err = zfs_secpolicy_write_perms(dsname,
4540 ZFS_DELEG_PERM_USERPROP, cr)))
428870ff
BB		 4541 return (err);
4542 return (0);
4543 }
4544
4545 if (!issnap && zfs_prop_userquota(propname)) {
4546 const char *perm = NULL;
4547 const char *uq_prefix =
4548 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4549 const char *gq_prefix =
4550 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
1de321e6
JX		 4551 const char *uiq_prefix =
4552 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4553 const char *giq_prefix =
4554 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
9c5167d1
NF		 4555 const char *pq_prefix =
4556 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4557 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4558 ZFS_PROP_PROJECTOBJQUOTA];
428870ff
BB		 4559
4560 if (strncmp(propname, uq_prefix,
4561 strlen(uq_prefix)) == 0) {
4562 perm = ZFS_DELEG_PERM_USERQUOTA;
1de321e6
JX		 4563 } else if (strncmp(propname, uiq_prefix,
4564 strlen(uiq_prefix)) == 0) {
4565 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
428870ff
BB		 4566 } else if (strncmp(propname, gq_prefix,
4567 strlen(gq_prefix)) == 0) {
4568 perm = ZFS_DELEG_PERM_GROUPQUOTA;
1de321e6
JX		 4569 } else if (strncmp(propname, giq_prefix,
4570 strlen(giq_prefix)) == 0) {
4571 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
9c5167d1
NF		 4572 } else if (strncmp(propname, pq_prefix,
4573 strlen(pq_prefix)) == 0) {
4574 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4575 } else if (strncmp(propname, piq_prefix,
4576 strlen(piq_prefix)) == 0) {
4577 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
428870ff 4578 } else {
9c5167d1 4579 /* {USER|GROUP|PROJECT}USED are read-only */
2e528b49 4580 return (SET_ERROR(EINVAL));
428870ff
BB		 4581 }
4582
c65aa5b2 4583 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
428870ff
BB		 4584 return (err);
4585 return (0);
4586 }
4587
2e528b49 4588 return (SET_ERROR(EINVAL));
428870ff
BB		 4589 }
4590
4591 if (issnap)
2e528b49 4592 return (SET_ERROR(EINVAL));
428870ff
BB		 4593
4594 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4595 /*
4596 * dsl_prop_get_all_impl() returns properties in this
4597 * format.
4598 */
4599 nvlist_t *attrs;
4600 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4601 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4602 &pair) == 0);
4603 }
4604
4605 /*
4606 * Check that this value is valid for this pool version
4607 */
4608 switch (prop) {
4609 case ZFS_PROP_COMPRESSION:
4610 /*
4611 * If the user specified gzip compression, make sure
4612 * the SPA supports it. We ignore any errors here since
4613 * we'll catch them later.
4614 */
f1512ee6 4615 if (nvpair_value_uint64(pair, &intval) == 0) {
10b3c7f5
MN		 4616 compval = ZIO_COMPRESS_ALGO(intval);
4617 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4618 compval <= ZIO_COMPRESS_GZIP_9 &&
428870ff
BB		 4619 zfs_earlier_version(dsname,
4620 SPA_VERSION_GZIP_COMPRESSION)) {
2e528b49 4621 return (SET_ERROR(ENOTSUP));
428870ff
BB		 4622 }
4623
10b3c7f5 4624 if (compval == ZIO_COMPRESS_ZLE &&
428870ff
BB		 4625 zfs_earlier_version(dsname,
4626 SPA_VERSION_ZLE_COMPRESSION))
2e528b49 4627 return (SET_ERROR(ENOTSUP));
428870ff 4628
10b3c7f5 4629 if (compval == ZIO_COMPRESS_LZ4) {
9759c60f
ED		 4630 spa_t *spa;
4631
4632 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4633 return (err);
4634
fa86b5db
MA		 4635 if (!spa_feature_is_enabled(spa,
4636 SPA_FEATURE_LZ4_COMPRESS)) {
9759c60f 4637 spa_close(spa, FTAG);
2e528b49 4638 return (SET_ERROR(ENOTSUP));
9759c60f
ED		 4639 }
4640 spa_close(spa, FTAG);
4641 }
10b3c7f5
MN		 4642
4643 if (compval == ZIO_COMPRESS_ZSTD) {
4644 spa_t *spa;
4645
4646 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4647 return (err);
4648
4649 if (!spa_feature_is_enabled(spa,
4650 SPA_FEATURE_ZSTD_COMPRESS)) {
4651 spa_close(spa, FTAG);
4652 return (SET_ERROR(ENOTSUP));
4653 }
4654 spa_close(spa, FTAG);
4655 }
428870ff
BB		 4656 }
4657 break;
4658
4659 case ZFS_PROP_COPIES:
4660 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
2e528b49 4661 return (SET_ERROR(ENOTSUP));
428870ff
BB		 4662 break;
4663
4cb7b9c5 4664 case ZFS_PROP_VOLBLOCKSIZE:
f1512ee6
MA		 4665 case ZFS_PROP_RECORDSIZE:
4666 /* Record sizes above 128k need the feature to be enabled */
4667 if (nvpair_value_uint64(pair, &intval) == 0 &&
4668 intval > SPA_OLD_MAXBLOCKSIZE) {
4669 spa_t *spa;
4670
f1512ee6
MA		 4671 /*
4672 * We don't allow setting the property above 1MB,
4673 * unless the tunable has been changed.
4674 */
4675 if (intval > zfs_max_recordsize ||
4676 intval > SPA_MAXBLOCKSIZE)
4b2a3e0c 4677 return (SET_ERROR(ERANGE));
f1512ee6
MA		 4678
4679 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4680 return (err);
4681
4682 if (!spa_feature_is_enabled(spa,
4683 SPA_FEATURE_LARGE_BLOCKS)) {
4684 spa_close(spa, FTAG);
4685 return (SET_ERROR(ENOTSUP));
4686 }
4687 spa_close(spa, FTAG);
4688 }
4689 break;
4690
50c957f7
NB		 4691 case ZFS_PROP_DNODESIZE:
4692 /* Dnode sizes above 512 need the feature to be enabled */
4693 if (nvpair_value_uint64(pair, &intval) == 0 &&
4694 intval != ZFS_DNSIZE_LEGACY) {
4695 spa_t *spa;
4696
50c957f7
NB		 4697 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4698 return (err);
4699
4700 if (!spa_feature_is_enabled(spa,
4701 SPA_FEATURE_LARGE_DNODE)) {
4702 spa_close(spa, FTAG);
4703 return (SET_ERROR(ENOTSUP));
4704 }
4705 spa_close(spa, FTAG);
4706 }
4707 break;
4708
cc99f275
DB		 4709 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4710 /*
4711 * This property could require the allocation classes
4712 * feature to be active for setting, however we allow
4713 * it so that tests of settable properties succeed.
4714 * The CLI will issue a warning in this case.
4715 */
4716 break;
4717
428870ff
BB		 4718 case ZFS_PROP_SHARESMB:
4719 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
2e528b49 4720 return (SET_ERROR(ENOTSUP));
428870ff
BB		 4721 break;
4722
4723 case ZFS_PROP_ACLINHERIT:
4724 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4725 nvpair_value_uint64(pair, &intval) == 0) {
4726 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4727 zfs_earlier_version(dsname,
4728 SPA_VERSION_PASSTHROUGH_X))
2e528b49 4729 return (SET_ERROR(ENOTSUP));
428870ff
BB		 4730 }
4731 break;
3c67d83a
TH		 4732 case ZFS_PROP_CHECKSUM:
4733 case ZFS_PROP_DEDUP:
4734 {
4735 spa_feature_t feature;
4736 spa_t *spa;
3c67d83a
TH		 4737 int err;
4738
4739 /* dedup feature version checks */
4740 if (prop == ZFS_PROP_DEDUP &&
4741 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4742 return (SET_ERROR(ENOTSUP));
4743
c8c30836 4744 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4745 nvpair_value_uint64(pair, &intval) == 0) {
4746 /* check prop value is enabled in features */
4747 feature = zio_checksum_to_feature(
4748 intval & ZIO_CHECKSUM_MASK);
4749 if (feature == SPA_FEATURE_NONE)
4750 break;
3c67d83a 4751
c8c30836 4752 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4753 return (err);
5fadb7fb 4754
c8c30836 4755 if (!spa_feature_is_enabled(spa, feature)) {
4756 spa_close(spa, FTAG);
4757 return (SET_ERROR(ENOTSUP));
4758 }
3c67d83a 4759 spa_close(spa, FTAG);
3c67d83a 4760 }
3c67d83a
TH		 4761 break;
4762 }
4763
e75c13c3
BB		 4764 default:
4765 break;
428870ff
BB		 4766 }
4767
4768 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4769}
4770
4771/*
4772 * Removes properties from the given props list that fail permission checks
4773 * needed to clear them and to restore them in case of a receive error. For each
4774 * property, make sure we have both set and inherit permissions.
4775 *
4776 * Returns the first error encountered if any permission checks fail. If the
4777 * caller provides a non-NULL errlist, it also gives the complete list of names
4778 * of all the properties that failed a permission check along with the
4779 * corresponding error numbers. The caller is responsible for freeing the
4780 * returned errlist.
4781 *
4782 * If every property checks out successfully, zero is returned and the list
4783 * pointed at by errlist is NULL.
4784 */
4785static int
4d55ea81 4786zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
b128c09f
BB		 4787{
4788 zfs_cmd_t *zc;
428870ff
BB		 4789 nvpair_t *pair, *next_pair;
4790 nvlist_t *errors;
4791 int err, rv = 0;
b128c09f
BB		 4792
4793 if (props == NULL)
428870ff
BB		 4794 return (0);
4795
4796 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4797
efcd79a8 4798 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
680eada9 4799 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
428870ff
BB		 4800 pair = nvlist_next_nvpair(props, NULL);
4801 while (pair != NULL) {
4802 next_pair = nvlist_next_nvpair(props, pair);
4803
680eada9 4804 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4805 sizeof (zc->zc_value));
428870ff 4806 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
6f1ffb06 4807 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
428870ff
BB		 4808 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4809 VERIFY(nvlist_add_int32(errors,
4810 zc->zc_value, err) == 0);
4811 }
4812 pair = next_pair;
b128c09f
BB		 4813 }
4814 kmem_free(zc, sizeof (zfs_cmd_t));
428870ff
BB		 4815
4816 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4817 nvlist_free(errors);
4818 errors = NULL;
4819 } else {
4820 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4821 }
4822
4823 if (errlist == NULL)
4824 nvlist_free(errors);
4825 else
4826 *errlist = errors;
4827
4828 return (rv);
4829}
4830
4831static boolean_t
4832propval_equals(nvpair_t *p1, nvpair_t *p2)
4833{
4834 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4835 /* dsl_prop_get_all_impl() format */
4836 nvlist_t *attrs;
4837 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4838 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4839 &p1) == 0);
4840 }
4841
4842 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4843 nvlist_t *attrs;
4844 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4845 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4846 &p2) == 0);
4847 }
4848
4849 if (nvpair_type(p1) != nvpair_type(p2))
4850 return (B_FALSE);
4851
4852 if (nvpair_type(p1) == DATA_TYPE_STRING) {
d1807f16 4853 const char *valstr1, *valstr2;
428870ff 4854
d1807f16
RY		 4855 VERIFY(nvpair_value_string(p1, &valstr1) == 0);
4856 VERIFY(nvpair_value_string(p2, &valstr2) == 0);
428870ff
BB		 4857 return (strcmp(valstr1, valstr2) == 0);
4858 } else {
4859 uint64_t intval1, intval2;
4860
4861 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4862 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4863 return (intval1 == intval2);
4864 }
b128c09f
BB		 4865}
4866
428870ff
BB		 4867/*
4868 * Remove properties from props if they are not going to change (as determined
4869 * by comparison with origprops). Remove them from origprops as well, since we
4870 * do not need to clear or restore properties that won't change.
4871 */
4872static void
4873props_reduce(nvlist_t *props, nvlist_t *origprops)
4874{
4875 nvpair_t *pair, *next_pair;
4876
4877 if (origprops == NULL)
4878 return; /* all props need to be received */
4879
4880 pair = nvlist_next_nvpair(props, NULL);
4881 while (pair != NULL) {
4882 const char *propname = nvpair_name(pair);
4883 nvpair_t *match;
4884
4885 next_pair = nvlist_next_nvpair(props, pair);
4886
4887 if ((nvlist_lookup_nvpair(origprops, propname,
4888 &match) != 0) || !propval_equals(pair, match))
4889 goto next; /* need to set received value */
4890
4891 /* don't clear the existing received value */
4892 (void) nvlist_remove_nvpair(origprops, match);
4893 /* don't bother receiving the property */
4894 (void) nvlist_remove_nvpair(props, pair);
4895next:
4896 pair = next_pair;
4897 }
4898}
4899
671c9354
DM		 4900/*
4901 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4902 * For example, refquota cannot be set until after the receipt of a dataset,
4903 * because in replication streams, an older/earlier snapshot may exceed the
4904 * refquota. We want to receive the older/earlier snapshot, but setting
4905 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4906 * the older/earlier snapshot from being received (with EDQUOT).
4907 *
4908 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4909 *
4910 * libzfs will need to be judicious handling errors encountered by props
4911 * extracted by this function.
4912 */
4913static nvlist_t *
4914extract_delay_props(nvlist_t *props)
4915{
4916 nvlist_t *delayprops;
4917 nvpair_t *nvp, *tmp;
b5256303
TC		 4918 static const zfs_prop_t delayable[] = {
4919 ZFS_PROP_REFQUOTA,
4920 ZFS_PROP_KEYLOCATION,
c50b3f14
AH		 4921 /*
4922 * Setting ZFS_PROP_SHARESMB requires the objset type to be
4923 * known, which is not possible prior to receipt of raw sends.
4924 */
4925 ZFS_PROP_SHARESMB,
b5256303
TC		 4926 0
4927 };
671c9354
DM		 4928 int i;
4929
4930 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4931
4932 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4933 nvp = nvlist_next_nvpair(props, nvp)) {
4934 /*
4935 * strcmp() is safe because zfs_prop_to_name() always returns
4936 * a bounded string.
4937 */
4938 for (i = 0; delayable[i] != 0; i++) {
4939 if (strcmp(zfs_prop_to_name(delayable[i]),
4940 nvpair_name(nvp)) == 0) {
4941 break;
4942 }
4943 }
4944 if (delayable[i] != 0) {
4945 tmp = nvlist_prev_nvpair(props, nvp);
4946 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4947 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4948 nvp = tmp;
4949 }
4950 }
4951
4952 if (nvlist_empty(delayprops)) {
4953 nvlist_free(delayprops);
4954 delayprops = NULL;
4955 }
4956 return (delayprops);
4957}
4958
7bb0c294
MM		 4959static void
4960zfs_allow_log_destroy(void *arg)
4961{
4962 char *poolname = arg;
4963
4964 if (poolname != NULL)
e4f5fa12 4965 kmem_strfree(poolname);
7bb0c294
MM		 4966}
4967
6d8da841 4968#ifdef ZFS_DEBUG
428870ff
BB		 4969static boolean_t zfs_ioc_recv_inject_err;
4970#endif
4971
34dc7c2f 4972/*
1bf3bf0e
GN		 4973 * nvlist 'errors' is always allocated. It will contain descriptions of
4974 * encountered errors, if any. It's the callers responsibility to free.
34dc7c2f
BB		 4975 */
4976static int
d1807f16
RY		 4977zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin,
4978 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args,
4979 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd,
196bee4c
MA		 4980 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
4981 uint64_t *errflags, nvlist_t **errors)
34dc7c2f 4982{
34dc7c2f 4983 dmu_recv_cookie_t drc;
428870ff
BB		 4984 int error = 0;
4985 int props_error = 0;
da92d5cb 4986 offset_t off, noff;
d9c460a0
TC		 4987 nvlist_t *local_delayprops = NULL;
4988 nvlist_t *recv_delayprops = NULL;
c50b3f14 4989 nvlist_t *inherited_delayprops = NULL;
43e52edd 4990 nvlist_t *origprops = NULL; /* existing properties */
a3eeab2d 4991 nvlist_t *origrecvd = NULL; /* existing received properties */
428870ff 4992 boolean_t first_recvd_props = B_FALSE;
30af21b0 4993 boolean_t tofs_was_redacted;
da92d5cb 4994 zfs_file_t *input_fp;
34dc7c2f 4995
1bf3bf0e
GN		 4996 *read_bytes = 0;
4997 *errflags = 0;
4998 *errors = fnvlist_alloc();
da92d5cb 4999 off = 0;
1bf3bf0e 5000
958826be
GW		 5001 if ((input_fp = zfs_file_get(input_fd)) == NULL)
5002 return (SET_ERROR(EBADF));
13fe0198 5003
da92d5cb 5004 noff = off = zfs_file_off(input_fp);
e8cf3a4f 5005 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal,
da92d5cb 5006 resumable, localprops, hidden_args, origin, &drc, input_fp,
30af21b0 5007 &off);
13fe0198
MA		 5008 if (error != 0)
5009 goto out;
30af21b0 5010 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
13fe0198
MA		 5011
5012 /*
5013 * Set properties before we receive the stream so that they are applied
5014 * to the new data. Note that we must call dmu_recv_stream() if
5015 * dmu_recv_begin() succeeds.
5016 */
a3eeab2d 5017 if (recvprops != NULL && !drc.drc_newfs) {
13fe0198
MA		 5018 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
5019 SPA_VERSION_RECVD_PROPS &&
5020 !dsl_prop_get_hasrecvd(tofs))
428870ff 5021 first_recvd_props = B_TRUE;
428870ff 5022
b128c09f 5023 /*
428870ff 5024 * If new received properties are supplied, they are to
d9c460a0
TC		 5025 * completely replace the existing received properties,
5026 * so stash away the existing ones.
b128c09f 5027 */
a3eeab2d 5028 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
428870ff
BB		 5029 nvlist_t *errlist = NULL;
5030 /*
5031 * Don't bother writing a property if its value won't
5032 * change (and avoid the unnecessary security checks).
5033 *
5034 * The first receive after SPA_VERSION_RECVD_PROPS is a
5035 * special case where we blow away all local properties
5036 * regardless.
5037 */
5038 if (!first_recvd_props)
a3eeab2d 5039 props_reduce(recvprops, origrecvd);
5040 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
43e52edd 5041 (void) nvlist_merge(*errors, errlist, 0);
428870ff 5042 nvlist_free(errlist);
b128c09f 5043
a3eeab2d 5044 if (clear_received_props(tofs, origrecvd,
5045 first_recvd_props ? NULL : recvprops) != 0)
5046 *errflags |= ZPROP_ERR_NOCLEAR;
5047 } else {
5048 *errflags |= ZPROP_ERR_NOCLEAR;
5049 }
5050 }
5051
5052 /*
5053 * Stash away existing properties so we can restore them on error unless
5054 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
5055 * case "origrecvd" will take care of that.
5056 */
5057 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
5058 objset_t *os;
5059 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
5060 if (dsl_prop_get_all(os, &origprops) != 0) {
43e52edd 5061 *errflags |= ZPROP_ERR_NOCLEAR;
a3eeab2d 5062 }
5063 dmu_objset_rele(os, FTAG);
13fe0198 5064 } else {
43e52edd 5065 *errflags |= ZPROP_ERR_NOCLEAR;
428870ff 5066 }
13fe0198
MA		 5067 }
5068
a3eeab2d 5069 if (recvprops != NULL) {
13fe0198 5070 props_error = dsl_prop_set_hasrecvd(tofs);
428870ff 5071
13fe0198 5072 if (props_error == 0) {
d9c460a0 5073 recv_delayprops = extract_delay_props(recvprops);
13fe0198 5074 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
a3eeab2d 5075 recvprops, *errors);
13fe0198 5076 }
428870ff
BB		 5077 }
5078
a3eeab2d 5079 if (localprops != NULL) {
5080 nvlist_t *oprops = fnvlist_alloc();
5081 nvlist_t *xprops = fnvlist_alloc();
5082 nvpair_t *nvp = NULL;
5083
5084 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5085 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
5086 /* -x property */
5087 const char *name = nvpair_name(nvp);
5088 zfs_prop_t prop = zfs_name_to_prop(name);
4ff7a8fa 5089 if (prop != ZPROP_USERPROP) {
a3eeab2d 5090 if (!zfs_prop_inheritable(prop))
5091 continue;
5092 } else if (!zfs_prop_user(name))
5093 continue;
5094 fnvlist_add_boolean(xprops, name);
5095 } else {
5096 /* -o property=value */
5097 fnvlist_add_nvpair(oprops, nvp);
5098 }
5099 }
d9c460a0
TC		 5100
5101 local_delayprops = extract_delay_props(oprops);
a3eeab2d 5102 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5103 oprops, *errors);
c50b3f14 5104 inherited_delayprops = extract_delay_props(xprops);
a3eeab2d 5105 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5106 xprops, *errors);
5107
5108 nvlist_free(oprops);
5109 nvlist_free(xprops);
5110 }
5111
196bee4c 5112 error = dmu_recv_stream(&drc, &off);
34dc7c2f 5113
45d1cae3 5114 if (error == 0) {
0037b49e 5115 zfsvfs_t *zfsvfs = NULL;
5df7e9d8 5116 zvol_state_handle_t *zv = NULL;
b128c09f 5117
f298b24d 5118 if (getzfsvfs(tofs, &zfsvfs) == 0) {
45d1cae3 5119 /* online recv */
ec923db2 5120 dsl_dataset_t *ds;
45d1cae3 5121 int end_err;
30af21b0
PD		 5122 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
5123 begin_record->drr_u.drr_begin.
5124 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
b128c09f 5125
0037b49e
BB		 5126 ds = dmu_objset_ds(zfsvfs->z_os);
5127 error = zfs_suspend_fs(zfsvfs);
45d1cae3
BB		 5128 /*
5129 * If the suspend fails, then the recv_end will
5130 * likely also fail, and clean up after itself.
5131 */
0037b49e 5132 end_err = dmu_recv_end(&drc, zfsvfs);
30af21b0
PD		 5133 /*
5134 * If the dataset was not redacted, but we received a
5135 * redacted stream onto it, we need to unmount the
5136 * dataset. Otherwise, resume the filesystem.
5137 */
5138 if (error == 0 && !drc.drc_newfs &&
5139 stream_is_redacted && !tofs_was_redacted) {
5140 error = zfs_end_fs(zfsvfs, ds);
5141 } else if (error == 0) {
0037b49e 5142 error = zfs_resume_fs(zfsvfs, ds);
30af21b0 5143 }
45d1cae3 5144 error = error ? error : end_err;
362ae8d1 5145 zfs_vfs_rele(zfsvfs);
040dab99
CC		 5146 } else if ((zv = zvol_suspend(tofs)) != NULL) {
5147 error = dmu_recv_end(&drc, zvol_tag(zv));
5148 zvol_resume(zv);
b128c09f 5149 } else {
831baf06 5150 error = dmu_recv_end(&drc, NULL);
34dc7c2f 5151 }
671c9354
DM		 5152
5153 /* Set delayed properties now, after we're done receiving. */
d9c460a0 5154 if (recv_delayprops != NULL && error == 0) {
671c9354 5155 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
d9c460a0
TC		 5156 recv_delayprops, *errors);
5157 }
5158 if (local_delayprops != NULL && error == 0) {
5159 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5160 local_delayprops, *errors);
671c9354 5161 }
c50b3f14
AH		 5162 if (inherited_delayprops != NULL && error == 0) {
5163 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5164 inherited_delayprops, *errors);
5165 }
671c9354
DM		 5166 }
5167
d9c460a0
TC		 5168 /*
5169 * Merge delayed props back in with initial props, in case
5170 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5171 * we have to make sure clear_received_props() includes
5172 * the delayed properties).
5173 *
5174 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5175 * using ASSERT() will be just like a VERIFY.
5176 */
5177 if (recv_delayprops != NULL) {
5178 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5179 nvlist_free(recv_delayprops);
5180 }
5181 if (local_delayprops != NULL) {
5182 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5183 nvlist_free(local_delayprops);
671c9354 5184 }
c50b3f14
AH		 5185 if (inherited_delayprops != NULL) {
5186 ASSERT(nvlist_merge(localprops, inherited_delayprops, 0) == 0);
5187 nvlist_free(inherited_delayprops);
5188 }
da92d5cb 5189 *read_bytes = off - noff;
34dc7c2f 5190
6d8da841 5191#ifdef ZFS_DEBUG
428870ff
BB		 5192 if (zfs_ioc_recv_inject_err) {
5193 zfs_ioc_recv_inject_err = B_FALSE;
5194 error = 1;
5195 }
5196#endif
ba6a2402 5197
b128c09f
BB		 5198 /*
5199 * On error, restore the original props.
5200 */
a3eeab2d 5201 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5202 if (clear_received_props(tofs, recvprops, NULL) != 0) {
13fe0198
MA		 5203 /*
5204 * We failed to clear the received properties.
5205 * Since we may have left a $recvd value on the
5206 * system, we can't clear the $hasrecvd flag.
5207 */
43e52edd 5208 *errflags |= ZPROP_ERR_NORESTORE;
13fe0198
MA		 5209 } else if (first_recvd_props) {
5210 dsl_prop_unset_hasrecvd(tofs);
428870ff
BB		 5211 }
5212
a3eeab2d 5213 if (origrecvd == NULL && !drc.drc_newfs) {
428870ff 5214 /* We failed to stash the original properties. */
43e52edd 5215 *errflags |= ZPROP_ERR_NORESTORE;
428870ff
BB		 5216 }
5217
5218 /*
5219 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5220 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4e33ba4c 5221 * explicitly if we're restoring local properties cleared in the
428870ff
BB		 5222 * first new-style receive.
5223 */
a3eeab2d 5224 if (origrecvd != NULL &&
428870ff
BB		 5225 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5226 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
a3eeab2d 5227 origrecvd, NULL) != 0) {
428870ff
BB		 5228 /*
5229 * We stashed the original properties but failed to
5230 * restore them.
5231 */
43e52edd 5232 *errflags |= ZPROP_ERR_NORESTORE;
428870ff 5233 }
b128c09f 5234 }
a3eeab2d 5235 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5236 !first_recvd_props) {
5237 nvlist_t *setprops;
5238 nvlist_t *inheritprops;
5239 nvpair_t *nvp;
5240
5241 if (origprops == NULL) {
5242 /* We failed to stash the original properties. */
5243 *errflags |= ZPROP_ERR_NORESTORE;
5244 goto out;
5245 }
5246
5247 /* Restore original props */
5248 setprops = fnvlist_alloc();
5249 inheritprops = fnvlist_alloc();
5250 nvp = NULL;
5251 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5252 const char *name = nvpair_name(nvp);
5253 const char *source;
5254 nvlist_t *attrs;
5255
5256 if (!nvlist_exists(origprops, name)) {
5257 /*
5258 * Property was not present or was explicitly
5259 * inherited before the receive, restore this.
5260 */
5261 fnvlist_add_boolean(inheritprops, name);
5262 continue;
5263 }
5264 attrs = fnvlist_lookup_nvlist(origprops, name);
5265 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5266
5267 /* Skip received properties */
5268 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5269 continue;
5270
5271 if (strcmp(source, tofs) == 0) {
5272 /* Property was locally set */
5273 fnvlist_add_nvlist(setprops, name, attrs);
5274 } else {
5275 /* Property was implicitly inherited */
5276 fnvlist_add_boolean(inheritprops, name);
5277 }
5278 }
5279
5280 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5281 NULL) != 0)
5282 *errflags |= ZPROP_ERR_NORESTORE;
5283 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5284 NULL) != 0)
5285 *errflags |= ZPROP_ERR_NORESTORE;
5286
5287 nvlist_free(setprops);
5288 nvlist_free(inheritprops);
5289 }
b128c09f 5290out:
958826be 5291 zfs_file_put(input_fp);
a3eeab2d 5292 nvlist_free(origrecvd);
b128c09f 5293 nvlist_free(origprops);
428870ff
BB		 5294
5295 if (error == 0)
5296 error = props_error;
5297
34dc7c2f
BB		 5298 return (error);
5299}
5300
43e52edd
BB		 5301/*
5302 * inputs:
5303 * zc_name name of containing filesystem (unused)
5304 * zc_nvlist_src{_size} nvlist of properties to apply
a3eeab2d 5305 * zc_nvlist_conf{_size} nvlist of properties to exclude
5306 * (DATA_TYPE_BOOLEAN) and override (everything else)
43e52edd
BB		 5307 * zc_value name of snapshot to create
5308 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5309 * zc_cookie file descriptor to recv from
5310 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5311 * zc_guid force flag
43e52edd
BB		 5312 *
5313 * outputs:
5314 * zc_cookie number of bytes read
5315 * zc_obj zprop_errflags_t
43e52edd
BB		 5316 * zc_nvlist_dst{_size} error for each unapplied received property
5317 */
5318static int
5319zfs_ioc_recv(zfs_cmd_t *zc)
5320{
5321 dmu_replay_record_t begin_record;
5322 nvlist_t *errors = NULL;
a3eeab2d 5323 nvlist_t *recvdprops = NULL;
5324 nvlist_t *localprops = NULL;
d1807f16 5325 const char *origin = NULL;
43e52edd 5326 char *tosnap;
eca7b760 5327 char tofs[ZFS_MAX_DATASET_NAME_LEN];
43e52edd
BB		 5328 int error = 0;
5329
5330 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5331 strchr(zc->zc_value, '@') == NULL ||
5332 strchr(zc->zc_value, '%'))
5333 return (SET_ERROR(EINVAL));
5334
30f3f2e1 5335 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
43e52edd
BB		 5336 tosnap = strchr(tofs, '@');
5337 *tosnap++ = '\0';
5338
5339 if (zc->zc_nvlist_src != 0 &&
5340 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
a3eeab2d 5341 zc->zc_iflags, &recvdprops)) != 0)
5342 return (error);
5343
5344 if (zc->zc_nvlist_conf != 0 &&
5345 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5346 zc->zc_iflags, &localprops)) != 0)
43e52edd
BB		 5347 return (error);
5348
5349 if (zc->zc_string[0])
5350 origin = zc->zc_string;
5351
5352 begin_record.drr_type = DRR_BEGIN;
5353 begin_record.drr_payloadlen = 0;
5354 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5355
a3eeab2d 5356 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
e8cf3a4f 5357 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record,
196bee4c 5358 &zc->zc_cookie, &zc->zc_obj, &errors);
a3eeab2d 5359 nvlist_free(recvdprops);
5360 nvlist_free(localprops);
43e52edd
BB		 5361
5362 /*
5363 * Now that all props, initial and delayed, are set, report the prop
5364 * errors to the caller.
5365 */
5366 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5367 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5368 put_nvlist(zc, errors) != 0)) {
5369 /*
5370 * Caller made zc->zc_nvlist_dst less than the minimum expected
5371 * size or supplied an invalid address.
5372 */
5373 error = SET_ERROR(EINVAL);
5374 }
5375
5376 nvlist_free(errors);
5377
5378 return (error);
5379}
5380
5381/*
5382 * innvl: {
5383 * "snapname" -> full name of the snapshot to create
a3eeab2d 5384 * (optional) "props" -> received properties to set (nvlist)
5385 * (optional) "localprops" -> override and exclude properties (nvlist)
43e52edd
BB		 5386 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5387 * "begin_record" -> non-byteswapped dmu_replay_record_t
5388 * "input_fd" -> file descriptor to read stream from (int32)
5389 * (optional) "force" -> force flag (value ignored)
e8cf3a4f 5390 * (optional) "heal" -> use send stream to heal data corruption
43e52edd 5391 * (optional) "resumable" -> resumable flag (value ignored)
196bee4c
MA		 5392 * (optional) "cleanup_fd" -> unused
5393 * (optional) "action_handle" -> unused
b83a0e2d 5394 * (optional) "hidden_args" -> { "wkeydata" -> value }
43e52edd
BB		 5395 * }
5396 *
5397 * outnvl: {
5398 * "read_bytes" -> number of bytes read
5399 * "error_flags" -> zprop_errflags_t
43e52edd
BB		 5400 * "errors" -> error for each unapplied received property (nvlist)
5401 * }
5402 */
b83a0e2d
DB		 5403static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5404 {"snapname", DATA_TYPE_STRING, 0},
5405 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5406 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5407 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5408 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5409 {"input_fd", DATA_TYPE_INT32, 0},
5410 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
e8cf3a4f 5411 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
b83a0e2d
DB		 5412 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5413 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5414 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5415 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5416};
5417
43e52edd
BB		 5418static int
5419zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5420{
5421 dmu_replay_record_t *begin_record;
5422 uint_t begin_record_size;
5423 nvlist_t *errors = NULL;
a3eeab2d 5424 nvlist_t *recvprops = NULL;
5425 nvlist_t *localprops = NULL;
d9c460a0 5426 nvlist_t *hidden_args = NULL;
d1807f16
RY		 5427 const char *snapname;
5428 const char *origin = NULL;
43e52edd 5429 char *tosnap;
eca7b760 5430 char tofs[ZFS_MAX_DATASET_NAME_LEN];
43e52edd 5431 boolean_t force;
e8cf3a4f 5432 boolean_t heal;
43e52edd 5433 boolean_t resumable;
43e52edd
BB		 5434 uint64_t read_bytes = 0;
5435 uint64_t errflags = 0;
5436 int input_fd = -1;
43e52edd
BB		 5437 int error;
5438
b83a0e2d 5439 snapname = fnvlist_lookup_string(innvl, "snapname");
43e52edd
BB		 5440
5441 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5442 strchr(snapname, '@') == NULL ||
5443 strchr(snapname, '%'))
5444 return (SET_ERROR(EINVAL));
5445
c9e319fa 5446 (void) strlcpy(tofs, snapname, sizeof (tofs));
43e52edd
BB		 5447 tosnap = strchr(tofs, '@');
5448 *tosnap++ = '\0';
5449
5450 error = nvlist_lookup_string(innvl, "origin", &origin);
5451 if (error && error != ENOENT)
5452 return (error);
5453
5454 error = nvlist_lookup_byte_array(innvl, "begin_record",
02730c33 5455 (uchar_t **)&begin_record, &begin_record_size);
43e52edd
BB		 5456 if (error != 0 || begin_record_size != sizeof (*begin_record))
5457 return (SET_ERROR(EINVAL));
5458
b83a0e2d 5459 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
43e52edd
BB		 5460
5461 force = nvlist_exists(innvl, "force");
e8cf3a4f 5462 heal = nvlist_exists(innvl, "heal");
43e52edd
BB		 5463 resumable = nvlist_exists(innvl, "resumable");
5464
a3eeab2d 5465 /* we still use "props" here for backwards compatibility */
5466 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
43e52edd
BB		 5467 if (error && error != ENOENT)
5468 return (error);
5469
a3eeab2d 5470 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5471 if (error && error != ENOENT)
5472 return (error);
5473
d9c460a0
TC		 5474 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5475 if (error && error != ENOENT)
5476 return (error);
5477
a3eeab2d 5478 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
e8cf3a4f 5479 hidden_args, force, heal, resumable, input_fd, begin_record,
196bee4c 5480 &read_bytes, &errflags, &errors);
43e52edd
BB		 5481
5482 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5483 fnvlist_add_uint64(outnvl, "error_flags", errflags);
43e52edd
BB		 5484 fnvlist_add_nvlist(outnvl, "errors", errors);
5485
5486 nvlist_free(errors);
a3eeab2d 5487 nvlist_free(recvprops);
5488 nvlist_free(localprops);
43e52edd
BB		 5489
5490 return (error);
5491}
5492
30af21b0 5493typedef struct dump_bytes_io {
da92d5cb
MM		 5494 zfs_file_t *dbi_fp;
5495 caddr_t dbi_buf;
30af21b0
PD		 5496 int dbi_len;
5497 int dbi_err;
5498} dump_bytes_io_t;
5499
5500static void
5501dump_bytes_cb(void *arg)
5502{
5503 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
da92d5cb
MM		 5504 zfs_file_t *fp;
5505 caddr_t buf;
5506
5507 fp = dbi->dbi_fp;
5508 buf = dbi->dbi_buf;
30af21b0 5509
da92d5cb 5510 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
30af21b0
PD		 5511}
5512
5513static int
5514dump_bytes(objset_t *os, void *buf, int len, void *arg)
5515{
5516 dump_bytes_io_t dbi;
5517
da92d5cb 5518 dbi.dbi_fp = arg;
30af21b0
PD		 5519 dbi.dbi_buf = buf;
5520 dbi.dbi_len = len;
5521
5522#if defined(HAVE_LARGE_STACKS)
5523 dump_bytes_cb(&dbi);
5524#else
5525 /*
5526 * The vn_rdwr() call is performed in a taskq to ensure that there is
5527 * always enough stack space to write safely to the target filesystem.
5528 * The ZIO_TYPE_FREE threads are used because there can be a lot of
5529 * them and they are used in vdev_file.c for a similar purpose.
5530 */
5531 spa_taskq_dispatch_sync(dmu_objset_spa(os), ZIO_TYPE_FREE,
5532 ZIO_TASKQ_ISSUE, dump_bytes_cb, &dbi, TQ_SLEEP);
5533#endif /* HAVE_LARGE_STACKS */
5534
5535 return (dbi.dbi_err);
5536}
5537
34dc7c2f
BB		 5538/*
5539 * inputs:
5540 * zc_name name of snapshot to send
34dc7c2f 5541 * zc_cookie file descriptor to send stream to
572e2857
BB		 5542 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5543 * zc_sendobj objsetid of snapshot to send
5544 * zc_fromobj objsetid of incremental fromsnap (may be zero)
330d06f9
MA		 5545 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5546 * output size in zc_objset_type.
f1512ee6 5547 * zc_flags lzc_send_flags
34dc7c2f 5548 *
da536844
MA		 5549 * outputs:
5550 * zc_objset_type estimated size, if zc_guid is set
cf7684bc 5551 *
5552 * NOTE: This is no longer the preferred interface, any new functionality
5553 * should be added to zfs_ioc_send_new() instead.
34dc7c2f
BB		 5554 */
5555static int
5556zfs_ioc_send(zfs_cmd_t *zc)
5557{
34dc7c2f
BB		 5558 int error;
5559 offset_t off;
330d06f9 5560 boolean_t estimate = (zc->zc_guid != 0);
9b67f605 5561 boolean_t embedok = (zc->zc_flags & 0x1);
f1512ee6 5562 boolean_t large_block_ok = (zc->zc_flags & 0x2);
2aa34383 5563 boolean_t compressok = (zc->zc_flags & 0x4);
b5256303 5564 boolean_t rawok = (zc->zc_flags & 0x8);
ba0ba69e 5565 boolean_t savedok = (zc->zc_flags & 0x10);
34dc7c2f 5566
13fe0198
MA		 5567 if (zc->zc_obj != 0) {
5568 dsl_pool_t *dp;
5569 dsl_dataset_t *tosnap;
34dc7c2f 5570
13fe0198
MA		 5571 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5572 if (error != 0)
572e2857 5573 return (error);
13fe0198
MA		 5574
5575 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5576 if (error != 0) {
5577 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 5578 return (error);
5579 }
13fe0198
MA		 5580
5581 if (dsl_dir_is_clone(tosnap->ds_dir))
d683ddbb
JG		 5582 zc->zc_fromobj =
5583 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
13fe0198
MA		 5584 dsl_dataset_rele(tosnap, FTAG);
5585 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 5586 }
5587
13fe0198
MA		 5588 if (estimate) {
5589 dsl_pool_t *dp;
5590 dsl_dataset_t *tosnap;
5591 dsl_dataset_t *fromsnap = NULL;
5592
5593 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5594 if (error != 0)
5595 return (error);
6f1ffb06 5596
b5256303
TC		 5597 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5598 FTAG, &tosnap);
13fe0198
MA		 5599 if (error != 0) {
5600 dsl_pool_rele(dp, FTAG);
5601 return (error);
6f1ffb06
MA		 5602 }
5603
13fe0198
MA		 5604 if (zc->zc_fromobj != 0) {
5605 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5606 FTAG, &fromsnap);
5607 if (error != 0) {
5608 dsl_dataset_rele(tosnap, FTAG);
5609 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 5610 return (error);
5611 }
5612 }
34dc7c2f 5613
30af21b0 5614 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
ba0ba69e 5615 compressok || rawok, savedok, &zc->zc_objset_type);
13fe0198
MA		 5616
5617 if (fromsnap != NULL)
5618 dsl_dataset_rele(fromsnap, FTAG);
5619 dsl_dataset_rele(tosnap, FTAG);
5620 dsl_pool_rele(dp, FTAG);
330d06f9 5621 } else {
da92d5cb 5622 zfs_file_t *fp;
30af21b0 5623 dmu_send_outparams_t out = {0};
da92d5cb 5624
958826be
GW		 5625 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
5626 return (SET_ERROR(EBADF));
da92d5cb
MM		 5627
5628 off = zfs_file_off(fp);
30af21b0 5629 out.dso_outfunc = dump_bytes;
da92d5cb 5630 out.dso_arg = fp;
30af21b0 5631 out.dso_dryrun = B_FALSE;
13fe0198 5632 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
ba0ba69e
TC		 5633 zc->zc_fromobj, embedok, large_block_ok, compressok,
5634 rawok, savedok, zc->zc_cookie, &off, &out);
34dc7c2f 5635
958826be 5636 zfs_file_put(fp);
330d06f9 5637 }
34dc7c2f
BB		 5638 return (error);
5639}
5640
37abac6d
BP		 5641/*
5642 * inputs:
30af21b0
PD		 5643 * zc_name name of snapshot on which to report progress
5644 * zc_cookie file descriptor of send stream
37abac6d
BP		 5645 *
5646 * outputs:
30af21b0
PD		 5647 * zc_cookie number of bytes written in send stream thus far
5648 * zc_objset_type logical size of data traversed by send thus far
37abac6d
BP		 5649 */
5650static int
5651zfs_ioc_send_progress(zfs_cmd_t *zc)
5652{
13fe0198 5653 dsl_pool_t *dp;
37abac6d 5654 dsl_dataset_t *ds;
30af21b0 5655 dmu_sendstatus_t *dsp = NULL;
37abac6d
BP		 5656 int error;
5657
13fe0198
MA		 5658 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5659 if (error != 0)
37abac6d
BP		 5660 return (error);
5661
13fe0198
MA		 5662 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5663 if (error != 0) {
5664 dsl_pool_rele(dp, FTAG);
5665 return (error);
5666 }
5667
37abac6d
BP		 5668 mutex_enter(&ds->ds_sendstream_lock);
5669
5670 /*
5671 * Iterate over all the send streams currently active on this dataset.
5672 * If there's one which matches the specified file descriptor _and_ the
5673 * stream was started by the current process, return the progress of
5674 * that stream.
5675 */
5676
5677 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5678 dsp = list_next(&ds->ds_sendstreams, dsp)) {
30af21b0 5679 if (dsp->dss_outfd == zc->zc_cookie &&
1f043c8b 5680 zfs_proc_is_caller(dsp->dss_proc))
37abac6d
BP		 5681 break;
5682 }
5683
30af21b0
PD		 5684 if (dsp != NULL) {
5685 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5686 0, 0);
5687 /* This is the closest thing we have to atomic_read_64. */
5688 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5689 } else {
2e528b49 5690 error = SET_ERROR(ENOENT);
30af21b0 5691 }
37abac6d
BP		 5692
5693 mutex_exit(&ds->ds_sendstream_lock);
5694 dsl_dataset_rele(ds, FTAG);
13fe0198 5695 dsl_pool_rele(dp, FTAG);
37abac6d
BP		 5696 return (error);
5697}
5698
34dc7c2f
BB		 5699static int
5700zfs_ioc_inject_fault(zfs_cmd_t *zc)
5701{
5702 int id, error;
5703
5704 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5705 &zc->zc_inject_record);
5706
5707 if (error == 0)
5708 zc->zc_guid = (uint64_t)id;
5709
5710 return (error);
5711}
5712
5713static int
5714zfs_ioc_clear_fault(zfs_cmd_t *zc)
5715{
5716 return (zio_clear_fault((int)zc->zc_guid));
5717}
5718
5719static int
5720zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5721{
5722 int id = (int)zc->zc_guid;
5723 int error;
5724
5725 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5726 &zc->zc_inject_record);
5727
5728 zc->zc_guid = id;
5729
5730 return (error);
5731}
5732
5733static int
5734zfs_ioc_error_log(zfs_cmd_t *zc)
5735{
5736 spa_t *spa;
5737 int error;
34dc7c2f
BB		 5738
5739 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5740 return (error);
5741
5742 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
018f2604 5743 &zc->zc_nvlist_dst_size);
34dc7c2f
BB		 5744
5745 spa_close(spa, FTAG);
5746
5747 return (error);
5748}
5749
5750static int
5751zfs_ioc_clear(zfs_cmd_t *zc)
5752{
5753 spa_t *spa;
5754 vdev_t *vd;
34dc7c2f
BB		 5755 int error;
5756
34dc7c2f 5757 /*
b128c09f 5758 * On zpool clear we also fix up missing slogs
34dc7c2f 5759 */
b128c09f
BB		 5760 mutex_enter(&spa_namespace_lock);
5761 spa = spa_lookup(zc->zc_name);
5762 if (spa == NULL) {
5763 mutex_exit(&spa_namespace_lock);
2e528b49 5764 return (SET_ERROR(EIO));
b128c09f 5765 }
428870ff 5766 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
b128c09f 5767 /* we need to let spa_open/spa_load clear the chains */
428870ff 5768 spa_set_log_state(spa, SPA_LOG_CLEAR);
34dc7c2f 5769 }
428870ff 5770 spa->spa_last_open_failed = 0;
b128c09f 5771 mutex_exit(&spa_namespace_lock);
34dc7c2f 5772
428870ff
BB		 5773 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
5774 error = spa_open(zc->zc_name, &spa, FTAG);
5775 } else {
5776 nvlist_t *policy;
5777 nvlist_t *config = NULL;
5778
b8864a23 5779 if (zc->zc_nvlist_src == 0)
2e528b49 5780 return (SET_ERROR(EINVAL));
428870ff
BB		 5781
5782 if ((error = get_nvlist(zc->zc_nvlist_src,
5783 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
5784 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
5785 policy, &config);
5786 if (config != NULL) {
572e2857
BB		 5787 int err;
5788
5789 if ((err = put_nvlist(zc, config)) != 0)
5790 error = err;
428870ff
BB		 5791 nvlist_free(config);
5792 }
5793 nvlist_free(policy);
5794 }
5795 }
5796
13fe0198 5797 if (error != 0)
b128c09f
BB		 5798 return (error);
5799
8133679f
OF		 5800 /*
5801 * If multihost is enabled, resuming I/O is unsafe as another
5802 * host may have imported the pool.
5803 */
5804 if (spa_multihost(spa) && spa_suspended(spa))
5805 return (SET_ERROR(EINVAL));
5806
428870ff 5807 spa_vdev_state_enter(spa, SCL_NONE);
34dc7c2f
BB		 5808
5809 if (zc->zc_guid == 0) {
5810 vd = NULL;
b128c09f
BB		 5811 } else {
5812 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
34dc7c2f 5813 if (vd == NULL) {
28caa74b
MM		 5814 error = SET_ERROR(ENODEV);
5815 (void) spa_vdev_state_exit(spa, NULL, error);
34dc7c2f 5816 spa_close(spa, FTAG);
28caa74b 5817 return (error);
34dc7c2f
BB		 5818 }
5819 }
5820
b128c09f
BB		 5821 vdev_clear(spa, vd);
5822
3f759c0c
BB		 5823 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
5824 NULL : spa->spa_root_vdev, 0);
34dc7c2f 5825
b128c09f
BB		 5826 /*
5827 * Resume any suspended I/Os.
5828 */
9babb374 5829 if (zio_resume(spa) != 0)
2e528b49 5830 error = SET_ERROR(EIO);
34dc7c2f
BB		 5831
5832 spa_close(spa, FTAG);
5833
9babb374 5834 return (error);
34dc7c2f
BB		 5835}
5836
d3f2cd7e
AB		 5837/*
5838 * Reopen all the vdevs associated with the pool.
5839 *
5840 * innvl: {
5841 * "scrub_restart" -> when true and scrub is running, allow to restart
5842 * scrub as the side effect of the reopen (boolean).
5843 * }
5844 *
5845 * outnvl is unused
5846 */
b83a0e2d 5847static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
7bb0c294 5848 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
b83a0e2d
DB		 5849};
5850
1bd201e7 5851static int
d3f2cd7e 5852zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
1bd201e7 5853{
ef70eff1 5854 (void) outnvl;
1bd201e7
CS		 5855 spa_t *spa;
5856 int error;
7bb0c294 5857 boolean_t rc, scrub_restart = B_TRUE;
1bd201e7 5858
d3f2cd7e 5859 if (innvl) {
7bb0c294
MM		 5860 error = nvlist_lookup_boolean_value(innvl,
5861 "scrub_restart", &rc);
5862 if (error == 0)
5863 scrub_restart = rc;
d3f2cd7e
AB		 5864 }
5865
5866 error = spa_open(pool, &spa, FTAG);
13fe0198 5867 if (error != 0)
1bd201e7
CS		 5868 return (error);
5869
5870 spa_vdev_state_enter(spa, SCL_NONE);
65947351
GW		 5871
5872 /*
d3f2cd7e
AB		 5873 * If the scrub_restart flag is B_FALSE and a scrub is already
5874 * in progress then set spa_scrub_reopen flag to B_TRUE so that
5875 * we don't restart the scrub as a side effect of the reopen.
5876 * Otherwise, let vdev_open() decided if a resilver is required.
65947351 5877 */
d3f2cd7e
AB		 5878
5879 spa->spa_scrub_reopen = (!scrub_restart &&
5880 dsl_scan_scrubbing(spa->spa_dsl_pool));
1bd201e7 5881 vdev_reopen(spa->spa_root_vdev);
65947351
GW		 5882 spa->spa_scrub_reopen = B_FALSE;
5883
1bd201e7
CS		 5884 (void) spa_vdev_state_exit(spa, NULL, 0);
5885 spa_close(spa, FTAG);
5886 return (0);
5887}
d3f2cd7e 5888
34dc7c2f
BB		 5889/*
5890 * inputs:
5891 * zc_name name of filesystem
34dc7c2f 5892 *
428870ff
BB		 5893 * outputs:
5894 * zc_string name of conflicting snapshot, if there is one
34dc7c2f
BB		 5895 */
5896static int
5897zfs_ioc_promote(zfs_cmd_t *zc)
5898{
d12f91fd
GDN		 5899 dsl_pool_t *dp;
5900 dsl_dataset_t *ds, *ods;
5901 char origin[ZFS_MAX_DATASET_NAME_LEN];
34dc7c2f 5902 char *cp;
d12f91fd
GDN		 5903 int error;
5904
650258d7 5905 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5906 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
5907 strchr(zc->zc_name, '%'))
5908 return (SET_ERROR(EINVAL));
5909
d12f91fd
GDN		 5910 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5911 if (error != 0)
5912 return (error);
5913
5914 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5915 if (error != 0) {
5916 dsl_pool_rele(dp, FTAG);
5917 return (error);
5918 }
5919
5920 if (!dsl_dir_is_clone(ds->ds_dir)) {
5921 dsl_dataset_rele(ds, FTAG);
5922 dsl_pool_rele(dp, FTAG);
5923 return (SET_ERROR(EINVAL));
5924 }
5925
5926 error = dsl_dataset_hold_obj(dp,
5927 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
5928 if (error != 0) {
5929 dsl_dataset_rele(ds, FTAG);
5930 dsl_pool_rele(dp, FTAG);
5931 return (error);
5932 }
5933
5934 dsl_dataset_name(ods, origin);
5935 dsl_dataset_rele(ods, FTAG);
5936 dsl_dataset_rele(ds, FTAG);
5937 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 5938
5939 /*
5940 * We don't need to unmount *all* the origin fs's snapshots, but
5941 * it's easier.
5942 */
d12f91fd 5943 cp = strchr(origin, '@');
34dc7c2f
BB		 5944 if (cp)
5945 *cp = '\0';
d12f91fd 5946 (void) dmu_objset_find(origin,
13fe0198 5947 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
428870ff 5948 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
34dc7c2f
BB		 5949}
5950
9babb374 5951/*
9c5167d1 5952 * Retrieve a single {user|group|project}{used|quota}@... property.
9babb374
BB		 5953 *
5954 * inputs:
5955 * zc_name name of filesystem
5956 * zc_objset_type zfs_userquota_prop_t
5957 * zc_value domain name (eg. "S-1-234-567-89")
5958 * zc_guid RID/UID/GID
5959 *
5960 * outputs:
5961 * zc_cookie property value
5962 */
5963static int
5964zfs_ioc_userspace_one(zfs_cmd_t *zc)
5965{
0037b49e 5966 zfsvfs_t *zfsvfs;
9babb374
BB		 5967 int error;
5968
5969 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 5970 return (SET_ERROR(EINVAL));
9babb374 5971
f298b24d 5972 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
13fe0198 5973 if (error != 0)
9babb374
BB		 5974 return (error);
5975
0037b49e 5976 error = zfs_userspace_one(zfsvfs,
9babb374 5977 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
f298b24d 5978 zfsvfs_rele(zfsvfs, FTAG);
9babb374
BB		 5979
5980 return (error);
5981}
5982
5983/*
5984 * inputs:
5985 * zc_name name of filesystem
5986 * zc_cookie zap cursor
5987 * zc_objset_type zfs_userquota_prop_t
5988 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
5989 *
5990 * outputs:
5991 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
5992 * zc_cookie zap cursor
5993 */
5994static int
5995zfs_ioc_userspace_many(zfs_cmd_t *zc)
5996{
0037b49e 5997 zfsvfs_t *zfsvfs;
428870ff
BB		 5998 int bufsize = zc->zc_nvlist_dst_size;
5999
6000 if (bufsize <= 0)
2e528b49 6001 return (SET_ERROR(ENOMEM));
9babb374 6002
1c27024e 6003 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
13fe0198 6004 if (error != 0)
9babb374
BB		 6005 return (error);
6006
1c27024e 6007 void *buf = vmem_alloc(bufsize, KM_SLEEP);
9babb374 6008
0037b49e 6009 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
9babb374
BB		 6010 buf, &zc->zc_nvlist_dst_size);
6011
6012 if (error == 0) {
6013 error = xcopyout(buf,
6014 (void *)(uintptr_t)zc->zc_nvlist_dst,
6015 zc->zc_nvlist_dst_size);
6016 }
2b8cad61 6017 vmem_free(buf, bufsize);
f298b24d 6018 zfsvfs_rele(zfsvfs, FTAG);
9babb374
BB		 6019
6020 return (error);
6021}
6022
6023/*
6024 * inputs:
6025 * zc_name name of filesystem
6026 *
6027 * outputs:
6028 * none
6029 */
6030static int
6031zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
6032{
428870ff 6033 int error = 0;
0037b49e 6034 zfsvfs_t *zfsvfs;
9babb374 6035
f298b24d 6036 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
0037b49e 6037 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
9babb374
BB		 6038 /*
6039 * If userused is not enabled, it may be because the
6040 * objset needs to be closed & reopened (to grow the
6041 * objset_phys_t). Suspend/resume the fs will do that.
6042 */
5e00213e 6043 dsl_dataset_t *ds, *newds;
ec923db2 6044
0037b49e
BB		 6045 ds = dmu_objset_ds(zfsvfs->z_os);
6046 error = zfs_suspend_fs(zfsvfs);
831baf06 6047 if (error == 0) {
5e00213e 6048 dmu_objset_refresh_ownership(ds, &newds,
b5256303 6049 B_TRUE, zfsvfs);
5e00213e 6050 error = zfs_resume_fs(zfsvfs, newds);
831baf06 6051 }
9babb374 6052 }
4072f465 6053 if (error == 0) {
6054 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
6055 if (zfsvfs->z_os->os_upgrade_id == 0) {
6056 /* clear potential error code and retry */
6057 zfsvfs->z_os->os_upgrade_status = 0;
6058 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6059
6060 dsl_pool_config_enter(
6061 dmu_objset_pool(zfsvfs->z_os), FTAG);
6062 dmu_objset_userspace_upgrade(zfsvfs->z_os);
6063 dsl_pool_config_exit(
6064 dmu_objset_pool(zfsvfs->z_os), FTAG);
6065 } else {
6066 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6067 }
6068
6069 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
6070 zfsvfs->z_os->os_upgrade_id);
6071 error = zfsvfs->z_os->os_upgrade_status;
6072 }
362ae8d1 6073 zfs_vfs_rele(zfsvfs);
9babb374 6074 } else {
4072f465 6075 objset_t *os;
6076
428870ff 6077 /* XXX kind of reading contents without owning */
b5256303 6078 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
13fe0198 6079 if (error != 0)
9babb374
BB		 6080 return (error);
6081
4072f465 6082 mutex_enter(&os->os_upgrade_lock);
6083 if (os->os_upgrade_id == 0) {
6084 /* clear potential error code and retry */
6085 os->os_upgrade_status = 0;
6086 mutex_exit(&os->os_upgrade_lock);
6087
6088 dmu_objset_userspace_upgrade(os);
6089 } else {
6090 mutex_exit(&os->os_upgrade_lock);
6091 }
9babb374 6092
4072f465 6093 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6094
6095 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6096 error = os->os_upgrade_status;
6097
6098 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
6099 FTAG);
6100 }
9babb374
BB		 6101 return (error);
6102}
6103
1de321e6
JX		 6104/*
6105 * inputs:
6106 * zc_name name of filesystem
6107 *
6108 * outputs:
6109 * none
6110 */
6111static int
9c5167d1 6112zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
1de321e6
JX		 6113{
6114 objset_t *os;
6115 int error;
6116
b5256303 6117 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
1de321e6
JX		 6118 if (error != 0)
6119 return (error);
6120
9c5167d1
NF		 6121 if (dmu_objset_userobjspace_upgradable(os) ||
6122 dmu_objset_projectquota_upgradable(os)) {
1de321e6
JX		 6123 mutex_enter(&os->os_upgrade_lock);
6124 if (os->os_upgrade_id == 0) {
6125 /* clear potential error code and retry */
6126 os->os_upgrade_status = 0;
6127 mutex_exit(&os->os_upgrade_lock);
6128
9c5167d1 6129 dmu_objset_id_quota_upgrade(os);
1de321e6
JX		 6130 } else {
6131 mutex_exit(&os->os_upgrade_lock);
6132 }
6133
c0daec32
AB		 6134 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6135
1de321e6
JX		 6136 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6137 error = os->os_upgrade_status;
c0daec32
AB		 6138 } else {
6139 dsl_pool_rele(dmu_objset_pool(os), FTAG);
1de321e6
JX		 6140 }
6141
b5256303 6142 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
1de321e6
JX		 6143
6144 return (error);
6145}
6146
34dc7c2f
BB		 6147static int
6148zfs_ioc_share(zfs_cmd_t *zc)
6149{
2e528b49 6150 return (SET_ERROR(ENOSYS));
34dc7c2f
BB		 6151}
6152
572e2857
BB		 6153/*
6154 * inputs:
6155 * zc_name name of containing filesystem
6156 * zc_obj object # beyond which we want next in-use object #
6157 *
6158 * outputs:
6159 * zc_obj next in-use object #
6160 */
6161static int
6162zfs_ioc_next_obj(zfs_cmd_t *zc)
6163{
6164 objset_t *os = NULL;
6165 int error;
6166
6167 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13fe0198 6168 if (error != 0)
572e2857
BB		 6169 return (error);
6170
7290cd3c 6171 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
572e2857
BB		 6172
6173 dmu_objset_rele(os, FTAG);
6174 return (error);
6175}
6176
6177/*
6178 * inputs:
6179 * zc_name name of filesystem
6180 * zc_value prefix name for snapshot
6181 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6182 *
6183 * outputs:
6f1ffb06 6184 * zc_value short name of new snapshot
572e2857
BB		 6185 */
6186static int
6187zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6188{
6189 char *snap_name;
13fe0198 6190 char *hold_name;
13fe0198 6191 minor_t minor;
572e2857 6192
958826be
GW		 6193 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6194 if (fp == NULL)
6195 return (SET_ERROR(EBADF));
572e2857 6196
13fe0198
MA		 6197 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6198 (u_longlong_t)ddi_get_lbolt64());
6199 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6200
958826be 6201 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
13fe0198
MA		 6202 hold_name);
6203 if (error == 0)
680eada9 6204 (void) strlcpy(zc->zc_value, snap_name,
6205 sizeof (zc->zc_value));
e4f5fa12
MM		 6206 kmem_strfree(snap_name);
6207 kmem_strfree(hold_name);
958826be 6208 zfs_onexit_fd_rele(fp);
13fe0198 6209 return (error);
572e2857
BB		 6210}
6211
6212/*
6213 * inputs:
6214 * zc_name name of "to" snapshot
6215 * zc_value name of "from" snapshot
6216 * zc_cookie file descriptor to write diff data on
6217 *
6218 * outputs:
6219 * dmu_diff_record_t's to the file descriptor
6220 */
6221static int
6222zfs_ioc_diff(zfs_cmd_t *zc)
6223{
da92d5cb 6224 zfs_file_t *fp;
572e2857
BB		 6225 offset_t off;
6226 int error;
6227
958826be
GW		 6228 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
6229 return (SET_ERROR(EBADF));
572e2857 6230
da92d5cb
MM		 6231 off = zfs_file_off(fp);
6232 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
572e2857 6233
958826be 6234 zfs_file_put(fp);
572e2857 6235
572e2857
BB		 6236 return (error);
6237}
6238
9babb374
BB		 6239static int
6240zfs_ioc_smb_acl(zfs_cmd_t *zc)
6241{
2e528b49 6242 return (SET_ERROR(ENOTSUP));
9babb374
BB		 6243}
6244
45d1cae3 6245/*
13fe0198
MA		 6246 * innvl: {
6247 * "holds" -> { snapname -> holdname (string), ... }
6248 * (optional) "cleanup_fd" -> fd (int32)
6249 * }
45d1cae3 6250 *
13fe0198
MA		 6251 * outnvl: {
6252 * snapname -> error value (int32)
6253 * ...
6254 * }
45d1cae3 6255 */
b83a0e2d
DB		 6256static const zfs_ioc_key_t zfs_keys_hold[] = {
6257 {"holds", DATA_TYPE_NVLIST, 0},
6258 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6259};
6260
45d1cae3 6261static int
13fe0198 6262zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
45d1cae3 6263{
ef70eff1 6264 (void) pool;
fc581e05 6265 nvpair_t *pair;
13fe0198
MA		 6266 nvlist_t *holds;
6267 int cleanup_fd = -1;
572e2857
BB		 6268 int error;
6269 minor_t minor = 0;
958826be 6270 zfs_file_t *fp = NULL;
45d1cae3 6271
b83a0e2d 6272 holds = fnvlist_lookup_nvlist(args, "holds");
572e2857 6273
fc581e05
JJS		 6274 /* make sure the user didn't pass us any invalid (empty) tags */
6275 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6276 pair = nvlist_next_nvpair(holds, pair)) {
d1807f16 6277 const char *htag;
fc581e05
JJS		 6278
6279 error = nvpair_value_string(pair, &htag);
6280 if (error != 0)
6281 return (SET_ERROR(error));
6282
6283 if (strlen(htag) == 0)
6284 return (SET_ERROR(EINVAL));
6285 }
6286
13fe0198 6287 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
958826be
GW		 6288 fp = zfs_onexit_fd_hold(cleanup_fd, &minor);
6289 if (fp == NULL)
6290 return (SET_ERROR(EBADF));
572e2857 6291 }
572e2857 6292
13fe0198 6293 error = dsl_dataset_user_hold(holds, minor, errlist);
958826be
GW		 6294 if (fp != NULL) {
6295 ASSERT3U(minor, !=, 0);
6296 zfs_onexit_fd_rele(fp);
6297 }
7bb0c294 6298 return (SET_ERROR(error));
45d1cae3
BB		 6299}
6300
6301/*
13fe0198 6302 * innvl is not used.
45d1cae3 6303 *
13fe0198
MA		 6304 * outnvl: {
6305 * holdname -> time added (uint64 seconds since epoch)
6306 * ...
6307 * }
45d1cae3 6308 */
b83a0e2d
DB		 6309static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6310 /* no nvl keys */
6311};
6312
45d1cae3 6313static int
13fe0198 6314zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
45d1cae3 6315{
ef70eff1 6316 (void) args;
13fe0198 6317 return (dsl_dataset_get_holds(snapname, outnvl));
45d1cae3
BB		 6318}
6319
6320/*
13fe0198
MA		 6321 * innvl: {
6322 * snapname -> { holdname, ... }
6323 * ...
6324 * }
45d1cae3 6325 *
13fe0198
MA		 6326 * outnvl: {
6327 * snapname -> error value (int32)
6328 * ...
6329 * }
45d1cae3 6330 */
b83a0e2d
DB		 6331static const zfs_ioc_key_t zfs_keys_release[] = {
6332 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6333};
6334
45d1cae3 6335static int
13fe0198 6336zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
45d1cae3 6337{
ef70eff1 6338 (void) pool;
13fe0198 6339 return (dsl_dataset_user_release(holds, errlist));
45d1cae3
BB		 6340}
6341
26685276
BB		 6342/*
6343 * inputs:
6344 * zc_guid flags (ZEVENT_NONBLOCK)
9b101a73 6345 * zc_cleanup_fd zevent file descriptor
26685276
BB		 6346 *
6347 * outputs:
6348 * zc_nvlist_dst next nvlist event
6349 * zc_cookie dropped events since last get
26685276
BB		 6350 */
6351static int
6352zfs_ioc_events_next(zfs_cmd_t *zc)
6353{
6354 zfs_zevent_t *ze;
6355 nvlist_t *event = NULL;
6356 minor_t minor;
6357 uint64_t dropped = 0;
6358 int error;
6359
958826be
GW		 6360 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6361 if (fp == NULL)
6362 return (SET_ERROR(EBADF));
26685276
BB		 6363
6364 do {
baa40d45 6365 error = zfs_zevent_next(ze, &event,
02730c33 6366 &zc->zc_nvlist_dst_size, &dropped);
26685276
BB		 6367 if (event != NULL) {
6368 zc->zc_cookie = dropped;
6369 error = put_nvlist(zc, event);
baa40d45 6370 nvlist_free(event);
26685276
BB		 6371 }
6372
6373 if (zc->zc_guid & ZEVENT_NONBLOCK)
6374 break;
6375
6376 if ((error == 0) || (error != ENOENT))
6377 break;
6378
6379 error = zfs_zevent_wait(ze);
13fe0198 6380 if (error != 0)
26685276
BB		 6381 break;
6382 } while (1);
6383
958826be 6384 zfs_zevent_fd_rele(fp);
26685276
BB		 6385
6386 return (error);
6387}
6388
6389/*
6390 * outputs:
6391 * zc_cookie cleared events count
6392 */
6393static int
6394zfs_ioc_events_clear(zfs_cmd_t *zc)
6395{
fdc2d303 6396 uint_t count;
26685276
BB		 6397
6398 zfs_zevent_drain_all(&count);
6399 zc->zc_cookie = count;
6400
d1d7e268 6401 return (0);
26685276
BB		 6402}
6403
75e3ff58
BB		 6404/*
6405 * inputs:
6406 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6407 * zc_cleanup zevent file descriptor
6408 */
6409static int
6410zfs_ioc_events_seek(zfs_cmd_t *zc)
6411{
6412 zfs_zevent_t *ze;
6413 minor_t minor;
6414 int error;
6415
958826be
GW		 6416 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6417 if (fp == NULL)
6418 return (SET_ERROR(EBADF));
75e3ff58
BB		 6419
6420 error = zfs_zevent_seek(ze, zc->zc_guid);
958826be 6421 zfs_zevent_fd_rele(fp);
75e3ff58
BB		 6422
6423 return (error);
6424}
6425
330d06f9
MA		 6426/*
6427 * inputs:
30af21b0
PD		 6428 * zc_name name of later filesystem or snapshot
6429 * zc_value full name of old snapshot or bookmark
330d06f9
MA		 6430 *
6431 * outputs:
6432 * zc_cookie space in bytes
6433 * zc_objset_type compressed space in bytes
6434 * zc_perm_action uncompressed space in bytes
6435 */
6436static int
6437zfs_ioc_space_written(zfs_cmd_t *zc)
6438{
6439 int error;
13fe0198 6440 dsl_pool_t *dp;
30af21b0 6441 dsl_dataset_t *new;
330d06f9 6442
13fe0198 6443 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
330d06f9
MA		 6444 if (error != 0)
6445 return (error);
13fe0198
MA		 6446 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6447 if (error != 0) {
6448 dsl_pool_rele(dp, FTAG);
6449 return (error);
6450 }
30af21b0
PD		 6451 if (strchr(zc->zc_value, '#') != NULL) {
6452 zfs_bookmark_phys_t bmp;
6453 error = dsl_bookmark_lookup(dp, zc->zc_value,
6454 new, &bmp);
6455 if (error == 0) {
6456 error = dsl_dataset_space_written_bookmark(&bmp, new,
6457 &zc->zc_cookie,
6458 &zc->zc_objset_type, &zc->zc_perm_action);
6459 }
6460 } else {
6461 dsl_dataset_t *old;
6462 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
330d06f9 6463
30af21b0
PD		 6464 if (error == 0) {
6465 error = dsl_dataset_space_written(old, new,
6466 &zc->zc_cookie,
6467 &zc->zc_objset_type, &zc->zc_perm_action);
6468 dsl_dataset_rele(old, FTAG);
6469 }
6470 }
330d06f9 6471 dsl_dataset_rele(new, FTAG);
13fe0198 6472 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 6473 return (error);
6474}
6475
6476/*
6f1ffb06
MA		 6477 * innvl: {
6478 * "firstsnap" -> snapshot name
6479 * }
330d06f9 6480 *
6f1ffb06
MA		 6481 * outnvl: {
6482 * "used" -> space in bytes
6483 * "compressed" -> compressed space in bytes
6484 * "uncompressed" -> uncompressed space in bytes
6485 * }
330d06f9 6486 */
b83a0e2d
DB		 6487static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6488 {"firstsnap", DATA_TYPE_STRING, 0},
6489};
6490
330d06f9 6491static int
6f1ffb06 6492zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
330d06f9
MA		 6493{
6494 int error;
13fe0198 6495 dsl_pool_t *dp;
330d06f9 6496 dsl_dataset_t *new, *old;
d1807f16 6497 const char *firstsnap;
6f1ffb06 6498 uint64_t used, comp, uncomp;
330d06f9 6499
b83a0e2d 6500 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6f1ffb06 6501
13fe0198 6502 error = dsl_pool_hold(lastsnap, FTAG, &dp);
330d06f9
MA		 6503 if (error != 0)
6504 return (error);
13fe0198
MA		 6505
6506 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
71e2fe41
AG		 6507 if (error == 0 && !new->ds_is_snapshot) {
6508 dsl_dataset_rele(new, FTAG);
6509 error = SET_ERROR(EINVAL);
6510 }
13fe0198
MA		 6511 if (error != 0) {
6512 dsl_pool_rele(dp, FTAG);
6513 return (error);
6514 }
6515 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
71e2fe41
AG		 6516 if (error == 0 && !old->ds_is_snapshot) {
6517 dsl_dataset_rele(old, FTAG);
6518 error = SET_ERROR(EINVAL);
6519 }
330d06f9
MA		 6520 if (error != 0) {
6521 dsl_dataset_rele(new, FTAG);
13fe0198 6522 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 6523 return (error);
6524 }
6525
6f1ffb06 6526 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
330d06f9
MA		 6527 dsl_dataset_rele(old, FTAG);
6528 dsl_dataset_rele(new, FTAG);
13fe0198 6529 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 6530 fnvlist_add_uint64(outnvl, "used", used);
6531 fnvlist_add_uint64(outnvl, "compressed", comp);
6532 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
330d06f9
MA		 6533 return (error);
6534}
6535
34dc7c2f 6536/*
6f1ffb06
MA		 6537 * innvl: {
6538 * "fd" -> file descriptor to write stream to (int32)
6539 * (optional) "fromsnap" -> full snap name to send an incremental from
f1512ee6
MA		 6540 * (optional) "largeblockok" -> (value ignored)
6541 * indicates that blocks > 128KB are permitted
9b67f605
MA		 6542 * (optional) "embedok" -> (value ignored)
6543 * presence indicates DRR_WRITE_EMBEDDED records are permitted
2aa34383
DK		 6544 * (optional) "compressok" -> (value ignored)
6545 * presence indicates compressed DRR_WRITE records are permitted
b5256303
TC		 6546 * (optional) "rawok" -> (value ignored)
6547 * presence indicates raw encrypted records should be used.
ba0ba69e
TC		 6548 * (optional) "savedok" -> (value ignored)
6549 * presence indicates we should send a partially received snapshot
47dfff3b
MA		 6550 * (optional) "resume_object" and "resume_offset" -> (uint64)
6551 * if present, resume send stream from specified object and offset.
30af21b0
PD		 6552 * (optional) "redactbook" -> (string)
6553 * if present, use this bookmark's redaction list to generate a redacted
6554 * send stream
6f1ffb06
MA		 6555 * }
6556 *
6557 * outnvl is unused
34dc7c2f 6558 */
b83a0e2d
DB		 6559static const zfs_ioc_key_t zfs_keys_send_new[] = {
6560 {"fd", DATA_TYPE_INT32, 0},
6561 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6562 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6563 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6564 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6565 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
ba0ba69e 6566 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
b83a0e2d
DB		 6567 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6568 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
30af21b0 6569 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
b83a0e2d
DB		 6570};
6571
6f1ffb06
MA		 6572static int
6573zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6574{
ef70eff1 6575 (void) outnvl;
6f1ffb06
MA		 6576 int error;
6577 offset_t off;
d1807f16 6578 const char *fromname = NULL;
6f1ffb06 6579 int fd;
da92d5cb 6580 zfs_file_t *fp;
f1512ee6 6581 boolean_t largeblockok;
9b67f605 6582 boolean_t embedok;
2aa34383 6583 boolean_t compressok;
b5256303 6584 boolean_t rawok;
ba0ba69e 6585 boolean_t savedok;
47dfff3b
MA		 6586 uint64_t resumeobj = 0;
6587 uint64_t resumeoff = 0;
d1807f16 6588 const char *redactbook = NULL;
6f1ffb06 6589
b83a0e2d 6590 fd = fnvlist_lookup_int32(innvl, "fd");
6f1ffb06 6591
13fe0198 6592 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6f1ffb06 6593
f1512ee6 6594 largeblockok = nvlist_exists(innvl, "largeblockok");
9b67f605 6595 embedok = nvlist_exists(innvl, "embedok");
2aa34383 6596 compressok = nvlist_exists(innvl, "compressok");
b5256303 6597 rawok = nvlist_exists(innvl, "rawok");
ba0ba69e 6598 savedok = nvlist_exists(innvl, "savedok");
9b67f605 6599
47dfff3b
MA		 6600 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6601 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6602
30af21b0
PD		 6603 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6604
958826be
GW		 6605 if ((fp = zfs_file_get(fd)) == NULL)
6606 return (SET_ERROR(EBADF));
da92d5cb
MM		 6607
6608 off = zfs_file_off(fp);
6f1ffb06 6609
30af21b0
PD		 6610 dmu_send_outparams_t out = {0};
6611 out.dso_outfunc = dump_bytes;
da92d5cb 6612 out.dso_arg = fp;
30af21b0 6613 out.dso_dryrun = B_FALSE;
ba0ba69e
TC		 6614 error = dmu_send(snapname, fromname, embedok, largeblockok,
6615 compressok, rawok, savedok, resumeobj, resumeoff,
6616 redactbook, fd, &off, &out);
6f1ffb06 6617
958826be 6618 zfs_file_put(fp);
6f1ffb06
MA		 6619 return (error);
6620}
6621
65c7cc49 6622static int
30af21b0
PD		 6623send_space_sum(objset_t *os, void *buf, int len, void *arg)
6624{
ef70eff1 6625 (void) os, (void) buf;
30af21b0 6626 uint64_t *size = arg;
ef70eff1 6627
30af21b0
PD		 6628 *size += len;
6629 return (0);
6630}
6631
6f1ffb06
MA		 6632/*
6633 * Determine approximately how large a zfs send stream will be -- the number
6634 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6635 *
6636 * innvl: {
5dc8b736
MG		 6637 * (optional) "from" -> full snap or bookmark name to send an incremental
6638 * from
2aa34383
DK		 6639 * (optional) "largeblockok" -> (value ignored)
6640 * indicates that blocks > 128KB are permitted
6641 * (optional) "embedok" -> (value ignored)
6642 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6643 * (optional) "compressok" -> (value ignored)
6644 * presence indicates compressed DRR_WRITE records are permitted
5b525165 6645 * (optional) "rawok" -> (value ignored)
cf7684bc 6646 * presence indicates raw encrypted records should be used.
5b525165
JP		 6647 * (optional) "resume_object" and "resume_offset" -> (uint64)
6648 * if present, resume send stream from specified object and offset.
30af21b0
PD		 6649 * (optional) "fd" -> file descriptor to use as a cookie for progress
6650 * tracking (int32)
6f1ffb06
MA		 6651 * }
6652 *
6653 * outnvl: {
6654 * "space" -> bytes of space (uint64)
6655 * }
6656 */
b83a0e2d
DB		 6657static const zfs_ioc_key_t zfs_keys_send_space[] = {
6658 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6659 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6660 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6661 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6662 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6663 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
30af21b0
PD		 6664 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6665 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
5b525165
JP		 6666 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6667 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6668 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
b83a0e2d
DB		 6669};
6670
6f1ffb06
MA		 6671static int
6672zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6673{
13fe0198 6674 dsl_pool_t *dp;
13fe0198 6675 dsl_dataset_t *tosnap;
30af21b0 6676 dsl_dataset_t *fromsnap = NULL;
6f1ffb06 6677 int error;
d1807f16
RY		 6678 const char *fromname = NULL;
6679 const char *redactlist_book = NULL;
30af21b0
PD		 6680 boolean_t largeblockok;
6681 boolean_t embedok;
2aa34383 6682 boolean_t compressok;
b5256303 6683 boolean_t rawok;
ba0ba69e 6684 boolean_t savedok;
30af21b0
PD		 6685 uint64_t space = 0;
6686 boolean_t full_estimate = B_FALSE;
6687 uint64_t resumeobj = 0;
6688 uint64_t resumeoff = 0;
6689 uint64_t resume_bytes = 0;
6690 int32_t fd = -1;
6691 zfs_bookmark_phys_t zbm = {0};
6f1ffb06 6692
13fe0198
MA		 6693 error = dsl_pool_hold(snapname, FTAG, &dp);
6694 if (error != 0)
6f1ffb06
MA		 6695 return (error);
6696
13fe0198
MA		 6697 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6698 if (error != 0) {
6699 dsl_pool_rele(dp, FTAG);
6700 return (error);
6701 }
30af21b0 6702 (void) nvlist_lookup_int32(innvl, "fd", &fd);
13fe0198 6703
30af21b0
PD		 6704 largeblockok = nvlist_exists(innvl, "largeblockok");
6705 embedok = nvlist_exists(innvl, "embedok");
2aa34383 6706 compressok = nvlist_exists(innvl, "compressok");
b5256303 6707 rawok = nvlist_exists(innvl, "rawok");
ba0ba69e 6708 savedok = nvlist_exists(innvl, "savedok");
30af21b0
PD		 6709 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6710 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6711 &redactlist_book) == 0);
6712
6713 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6714 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6715 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6716
6717 if (altbook) {
6718 full_estimate = B_TRUE;
6719 } else if (from) {
6720 if (strchr(fromname, '#')) {
6721 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
2aa34383 6722
5dc8b736 6723 /*
30af21b0
PD		 6724 * dsl_bookmark_lookup() will fail with EXDEV if
6725 * the from-bookmark and tosnap are at the same txg.
6726 * However, it's valid to do a send (and therefore,
6727 * a send estimate) from and to the same time point,
6728 * if the bookmark is redacted (the incremental send
6729 * can change what's redacted on the target). In
6730 * this case, dsl_bookmark_lookup() fills in zbm
6731 * but returns EXDEV. Ignore this error.
5dc8b736 6732 */
30af21b0
PD		 6733 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6734 zbm.zbm_guid ==
6735 dsl_dataset_phys(tosnap)->ds_guid)
6736 error = 0;
6737
6738 if (error != 0) {
6739 dsl_dataset_rele(tosnap, FTAG);
6740 dsl_pool_rele(dp, FTAG);
6741 return (error);
6742 }
6743 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6744 ZBM_FLAG_HAS_FBN)) {
6745 full_estimate = B_TRUE;
6746 }
6747 } else if (strchr(fromname, '@')) {
5dc8b736 6748 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
30af21b0
PD		 6749 if (error != 0) {
6750 dsl_dataset_rele(tosnap, FTAG);
6751 dsl_pool_rele(dp, FTAG);
6752 return (error);
6753 }
5dc8b736 6754
30af21b0
PD		 6755 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
6756 full_estimate = B_TRUE;
6757 dsl_dataset_rele(fromsnap, FTAG);
6758 }
5dc8b736
MG		 6759 } else {
6760 /*
6761 * from is not properly formatted as a snapshot or
6762 * bookmark
6763 */
30af21b0
PD		 6764 dsl_dataset_rele(tosnap, FTAG);
6765 dsl_pool_rele(dp, FTAG);
6766 return (SET_ERROR(EINVAL));
6f1ffb06 6767 }
30af21b0
PD		 6768 }
6769
6770 if (full_estimate) {
6771 dmu_send_outparams_t out = {0};
6772 offset_t off = 0;
6773 out.dso_outfunc = send_space_sum;
6774 out.dso_arg = &space;
6775 out.dso_dryrun = B_TRUE;
d8fdfc2d 6776 /*
30af21b0
PD		 6777 * We have to release these holds so dmu_send can take them. It
6778 * will do all the error checking we need.
d8fdfc2d 6779 */
30af21b0
PD		 6780 dsl_dataset_rele(tosnap, FTAG);
6781 dsl_pool_rele(dp, FTAG);
6782 error = dmu_send(snapname, fromname, embedok, largeblockok,
ba0ba69e
TC		 6783 compressok, rawok, savedok, resumeobj, resumeoff,
6784 redactlist_book, fd, &off, &out);
30af21b0
PD		 6785 } else {
6786 error = dmu_send_estimate_fast(tosnap, fromsnap,
6787 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
ba0ba69e 6788 compressok || rawok, savedok, &space);
30af21b0
PD		 6789 space -= resume_bytes;
6790 if (fromsnap != NULL)
6791 dsl_dataset_rele(fromsnap, FTAG);
6792 dsl_dataset_rele(tosnap, FTAG);
6793 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 6794 }
6795
6f1ffb06
MA		 6796 fnvlist_add_uint64(outnvl, "space", space);
6797
6f1ffb06
MA		 6798 return (error);
6799}
6800
bec1067d
AP		 6801/*
6802 * Sync the currently open TXG to disk for the specified pool.
6803 * This is somewhat similar to 'zfs_sync()'.
6804 * For cases that do not result in error this ioctl will wait for
6805 * the currently open TXG to commit before returning back to the caller.
6806 *
6807 * innvl: {
6808 * "force" -> when true, force uberblock update even if there is no dirty data.
6809 * In addition this will cause the vdev configuration to be written
6810 * out including updating the zpool cache file. (boolean_t)
6811 * }
6812 *
6813 * onvl is unused
6814 */
b83a0e2d
DB		 6815static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
6816 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
6817};
6818
bec1067d
AP		 6819static int
6820zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
6821{
ef70eff1 6822 (void) onvl;
bec1067d 6823 int err;
edb20ff3 6824 boolean_t rc, force = B_FALSE;
bec1067d
AP		 6825 spa_t *spa;
6826
6827 if ((err = spa_open(pool, &spa, FTAG)) != 0)
6828 return (err);
6829
edb20ff3
BB		 6830 if (innvl) {
6831 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
6832 if (err == 0)
6833 force = rc;
6834 }
05f85a6a 6835
bec1067d
AP		 6836 if (force) {
6837 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
6838 vdev_config_dirty(spa->spa_root_vdev);
6839 spa_config_exit(spa, SCL_CONFIG, FTAG);
6840 }
6841 txg_wait_synced(spa_get_dsl(spa), 0);
b83a0e2d 6842
bec1067d
AP		 6843 spa_close(spa, FTAG);
6844
edb20ff3 6845 return (0);
bec1067d
AP		 6846}
6847
b5256303
TC		 6848/*
6849 * Load a user's wrapping key into the kernel.
6850 * innvl: {
6851 * "hidden_args" -> { "wkeydata" -> value }
6852 * raw uint8_t array of encryption wrapping key data (32 bytes)
6853 * (optional) "noop" -> (value ignored)
6854 * presence indicated key should only be verified, not loaded
6855 * }
6856 */
b83a0e2d
DB		 6857static const zfs_ioc_key_t zfs_keys_load_key[] = {
6858 {"hidden_args", DATA_TYPE_NVLIST, 0},
6859 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6860};
6861
b5256303
TC		 6862static int
6863zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6864{
ef70eff1 6865 (void) outnvl;
b5256303
TC		 6866 int ret;
6867 dsl_crypto_params_t *dcp = NULL;
6868 nvlist_t *hidden_args;
6869 boolean_t noop = nvlist_exists(innvl, "noop");
6870
6871 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6872 ret = SET_ERROR(EINVAL);
6873 goto error;
6874 }
6875
b83a0e2d 6876 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
b5256303
TC		 6877
6878 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
6879 hidden_args, &dcp);
6880 if (ret != 0)
6881 goto error;
6882
6883 ret = spa_keystore_load_wkey(dsname, dcp, noop);
6884 if (ret != 0)
6885 goto error;
6886
6887 dsl_crypto_params_free(dcp, noop);
6888
6889 return (0);
6890
6891error:
6892 dsl_crypto_params_free(dcp, B_TRUE);
6893 return (ret);
6894}
6895
6896/*
6897 * Unload a user's wrapping key from the kernel.
6898 * Both innvl and outnvl are unused.
6899 */
b83a0e2d
DB		 6900static const zfs_ioc_key_t zfs_keys_unload_key[] = {
6901 /* no nvl keys */
6902};
6903
b5256303
TC		 6904static int
6905zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6906{
ef70eff1 6907 (void) innvl, (void) outnvl;
b5256303
TC		 6908 int ret = 0;
6909
6910 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6911 ret = (SET_ERROR(EINVAL));
6912 goto out;
6913 }
6914
6915 ret = spa_keystore_unload_wkey(dsname);
6916 if (ret != 0)
6917 goto out;
6918
6919out:
6920 return (ret);
6921}
6922
6923/*
6924 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
ef70eff1 6925 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
b5256303
TC		 6926 * here to change how the key is derived in userspace.
6927 *
6928 * innvl: {
6929 * "hidden_args" (optional) -> { "wkeydata" -> value }
6930 * raw uint8_t array of new encryption wrapping key data (32 bytes)
6931 * "props" (optional) -> { prop -> value }
6932 * }
6933 *
6934 * outnvl is unused
6935 */
b83a0e2d
DB		 6936static const zfs_ioc_key_t zfs_keys_change_key[] = {
6937 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
6938 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6939 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
6940};
6941
b5256303
TC		 6942static int
6943zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
6944{
ef70eff1 6945 (void) outnvl;
b5256303
TC		 6946 int ret;
6947 uint64_t cmd = DCP_CMD_NONE;
6948 dsl_crypto_params_t *dcp = NULL;
6949 nvlist_t *args = NULL, *hidden_args = NULL;
6950
6951 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
6952 ret = (SET_ERROR(EINVAL));
6953 goto error;
6954 }
6955
6956 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
6957 (void) nvlist_lookup_nvlist(innvl, "props", &args);
6958 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
6959
6960 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
6961 if (ret != 0)
6962 goto error;
6963
6964 ret = spa_keystore_change_key(dsname, dcp);
6965 if (ret != 0)
6966 goto error;
6967
6968 dsl_crypto_params_free(dcp, B_FALSE);
6969
6970 return (0);
6971
6972error:
6973 dsl_crypto_params_free(dcp, B_TRUE);
6974 return (ret);
6975}
6976
6f1ffb06
MA		 6977static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
6978
6979static void
6980zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
6981 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
6982 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
6983{
6984 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
6985
6986 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
6987 ASSERT3U(ioc, <, ZFS_IOC_LAST);
6988 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
6989 ASSERT3P(vec->zvec_func, ==, NULL);
6990
6991 vec->zvec_legacy_func = func;
6992 vec->zvec_secpolicy = secpolicy;
6993 vec->zvec_namecheck = namecheck;
6994 vec->zvec_allow_log = log_history;
6995 vec->zvec_pool_check = pool_check;
6996}
6997
6998/*
6999 * See the block comment at the beginning of this file for details on
7000 * each argument to this function.
7001 */
7bb0c294 7002void
6f1ffb06
MA		 7003zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
7004 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
7005 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
b83a0e2d 7006 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
6f1ffb06
MA		 7007{
7008 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
7009
7010 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
7011 ASSERT3U(ioc, <, ZFS_IOC_LAST);
7012 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
7013 ASSERT3P(vec->zvec_func, ==, NULL);
7014
7015 /* if we are logging, the name must be valid */
7016 ASSERT(!allow_log || namecheck != NO_NAME);
7017
7018 vec->zvec_name = name;
7019 vec->zvec_func = func;
7020 vec->zvec_secpolicy = secpolicy;
7021 vec->zvec_namecheck = namecheck;
7022 vec->zvec_pool_check = pool_check;
7023 vec->zvec_smush_outnvlist = smush_outnvlist;
7024 vec->zvec_allow_log = allow_log;
b83a0e2d
DB		 7025 vec->zvec_nvl_keys = nvl_keys;
7026 vec->zvec_nvl_key_count = num_keys;
6f1ffb06
MA		 7027}
7028
7029static void
7030zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7031 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
7032 zfs_ioc_poolcheck_t pool_check)
7033{
7034 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7035 POOL_NAME, log_history, pool_check);
7036}
7037
7bb0c294 7038void
6f1ffb06
MA		 7039zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7040 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
7041{
7042 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7043 DATASET_NAME, B_FALSE, pool_check);
7044}
7045
7046static void
7047zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7048{
7049 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
7050 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7051}
7052
7053static void
7054zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7055 zfs_secpolicy_func_t *secpolicy)
7056{
7057 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7058 NO_NAME, B_FALSE, POOL_CHECK_NONE);
7059}
7060
7061static void
7062zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
7063 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
7064{
7065 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7066 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
7067}
7068
7069static void
7070zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7071{
7072 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
7073 zfs_secpolicy_read);
7074}
7075
7076static void
7077zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
e9aa730c 7078 zfs_secpolicy_func_t *secpolicy)
6f1ffb06
MA		 7079{
7080 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7081 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7082}
7083
65c7cc49 7084static void
6f1ffb06
MA		 7085zfs_ioctl_init(void)
7086{
7087 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
7088 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
b83a0e2d
DB		 7089 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7090 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
6f1ffb06
MA		 7091
7092 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
7093 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
b83a0e2d
DB		 7094 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7095 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
6f1ffb06
MA		 7096
7097 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
7098 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
b83a0e2d
DB		 7099 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7100 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
6f1ffb06
MA		 7101
7102 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
7103 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
b83a0e2d
DB		 7104 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7105 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
6f1ffb06
MA		 7106
7107 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
7108 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
b83a0e2d
DB		 7109 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7110 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
6f1ffb06
MA		 7111
7112 zfs_ioctl_register("create", ZFS_IOC_CREATE,
7113 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
b83a0e2d
DB		 7114 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7115 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
6f1ffb06
MA		 7116
7117 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
7118 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
b83a0e2d
DB		 7119 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7120 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
6f1ffb06 7121
a1d477c2 7122 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
59ec30a3 7123 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
b83a0e2d
DB		 7124 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7125 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
a1d477c2 7126
6f1ffb06
MA		 7127 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
7128 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
b83a0e2d
DB		 7129 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7130 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
6f1ffb06 7131
13fe0198
MA		 7132 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
7133 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
b83a0e2d
DB		 7134 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7135 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
13fe0198
MA		 7136 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
7137 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
b83a0e2d
DB		 7138 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7139 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
13fe0198
MA		 7140
7141 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
7142 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
b83a0e2d
DB		 7143 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7144 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
13fe0198 7145
46ba1e59
MA		 7146 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
7147 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
b83a0e2d
DB		 7148 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7149 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
46ba1e59 7150
da536844
MA		 7151 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
7152 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
b83a0e2d
DB		 7153 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7154 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
da536844
MA		 7155
7156 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
7157 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
b83a0e2d
DB		 7158 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7159 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
da536844 7160
30af21b0
PD		 7161 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
7162 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
7163 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
7164 ARRAY_SIZE(zfs_keys_get_bookmark_props));
7165
da536844
MA		 7166 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
7167 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
7168 POOL_NAME,
b83a0e2d
DB		 7169 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7170 zfs_keys_destroy_bookmarks,
7171 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
da536844 7172
43e52edd 7173 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
ef70eff1 7174 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME,
b83a0e2d
DB		 7175 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7176 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
b5256303
TC		 7177 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7178 zfs_ioc_load_key, zfs_secpolicy_load_key,
b83a0e2d
DB		 7179 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7180 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
b5256303
TC		 7181 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7182 zfs_ioc_unload_key, zfs_secpolicy_load_key,
b83a0e2d
DB		 7183 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7184 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
b5256303
TC		 7185 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7186 zfs_ioc_change_key, zfs_secpolicy_change_key,
7187 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
b83a0e2d
DB		 7188 B_TRUE, B_TRUE, zfs_keys_change_key,
7189 ARRAY_SIZE(zfs_keys_change_key));
43e52edd 7190
bec1067d
AP		 7191 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7192 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
b83a0e2d
DB		 7193 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7194 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
d3f2cd7e
AB		 7195 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7196 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
b83a0e2d 7197 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
bec1067d 7198
d99a0153
CW		 7199 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7200 zfs_ioc_channel_program, zfs_secpolicy_config,
7201 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
b83a0e2d
DB		 7202 B_TRUE, zfs_keys_channel_program,
7203 ARRAY_SIZE(zfs_keys_channel_program));
d99a0153 7204
30af21b0
PD		 7205 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7206 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7207 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7208 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7209
d2734cce
SD		 7210 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7211 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
b83a0e2d
DB		 7212 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7213 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
d2734cce
SD		 7214
7215 zfs_ioctl_register("zpool_discard_checkpoint",
7216 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7217 zfs_secpolicy_config, POOL_NAME,
b83a0e2d
DB		 7218 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7219 zfs_keys_pool_discard_checkpoint,
7220 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
d2734cce 7221
619f0976
GW		 7222 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7223 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7224 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7225 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7226
1b939560
BB		 7227 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7228 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7229 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7230 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7231
e60e158e
JG		 7232 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7233 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7234 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7235 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7236
5a42ef04
PD		 7237 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7238 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7239 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7240 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7241
108a454a
PD		 7242 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7243 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7244 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7245 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7246
7247 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7248 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7249 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7250 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7251
2a673e76
AJ		 7252 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS,
7253 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME,
7254 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props,
7255 ARRAY_SIZE(zfs_keys_vdev_get_props));
7256
7257 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS,
7258 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME,
7259 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7260 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props));
7261
482eeef8
GA		 7262 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB,
7263 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME,
7264 POOL_CHECK_NONE, B_TRUE, B_TRUE,
7265 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub));
7266
6f1ffb06
MA		 7267 /* IOCTLS that use the legacy function signature */
7268
7269 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7270 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7271
7272 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7273 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7274 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7275 zfs_ioc_pool_scan);
7276 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7277 zfs_ioc_pool_upgrade);
7278 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7279 zfs_ioc_vdev_add);
7280 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7281 zfs_ioc_vdev_remove);
7282 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7283 zfs_ioc_vdev_set_state);
7284 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7285 zfs_ioc_vdev_attach);
7286 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7287 zfs_ioc_vdev_detach);
7288 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7289 zfs_ioc_vdev_setpath);
7290 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7291 zfs_ioc_vdev_setfru);
7292 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7293 zfs_ioc_pool_set_props);
7294 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7295 zfs_ioc_vdev_split);
7296 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7297 zfs_ioc_pool_reguid);
7298
7299 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7300 zfs_ioc_pool_configs, zfs_secpolicy_none);
7301 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7302 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7303 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7304 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7305 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7306 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7307 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7308 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7309
7310 /*
7311 * pool destroy, and export don't log the history as part of
7312 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7313 * does the logging of those commands.
7314 */
7315 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
87a63dd7 7316 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6f1ffb06 7317 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
87a63dd7 7318 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6f1ffb06
MA		 7319
7320 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7321 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7322 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
7323 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7324
7325 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7326 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7327 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7328 zfs_ioc_dsobj_to_dsname,
7329 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7330 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7331 zfs_ioc_pool_get_history,
7332 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7333
7334 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7335 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7336
7337 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
92e43c17 7338 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
6f1ffb06
MA		 7339
7340 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7341 zfs_ioc_space_written);
6f1ffb06
MA		 7342 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7343 zfs_ioc_objset_recvd_props);
7344 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7345 zfs_ioc_next_obj);
7346 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7347 zfs_ioc_get_fsacl);
7348 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7349 zfs_ioc_objset_stats);
7350 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7351 zfs_ioc_objset_zplprops);
7352 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7353 zfs_ioc_dataset_list_next);
7354 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7355 zfs_ioc_snapshot_list_next);
7356 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7357 zfs_ioc_send_progress);
7358
7359 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7360 zfs_ioc_diff, zfs_secpolicy_diff);
7361 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7362 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7363 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7364 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7365 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7366 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7367 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7368 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7369 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7370 zfs_ioc_send, zfs_secpolicy_send);
7371
7372 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7373 zfs_secpolicy_none);
7374 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7375 zfs_secpolicy_destroy);
6f1ffb06
MA		 7376 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7377 zfs_secpolicy_rename);
7378 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7379 zfs_secpolicy_recv);
7380 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7381 zfs_secpolicy_promote);
6f1ffb06
MA		 7382 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7383 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7384 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7385 zfs_secpolicy_set_fsacl);
7386
7387 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7388 zfs_secpolicy_share, POOL_CHECK_NONE);
7389 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7390 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7391 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7392 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7393 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7394 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7395 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7396 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7397
6f1ffb06
MA		 7398 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7399 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7400 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7401 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
75e3ff58
BB		 7402 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7403 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7bb0c294
MM		 7404
7405 zfs_ioctl_init_os();
6f1ffb06 7406}
34dc7c2f 7407
b83a0e2d
DB		 7408/*
7409 * Verify that for non-legacy ioctls the input nvlist
7410 * pairs match against the expected input.
7411 *
7412 * Possible errors are:
7413 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7414 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7415 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7416 */
7417static int
7418zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7419{
7420 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7421 boolean_t required_keys_found = B_FALSE;
7422
7423 /*
7424 * examine each input pair
7425 */
7426 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7427 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
d1807f16 7428 const char *name = nvpair_name(pair);
b83a0e2d
DB		 7429 data_type_t type = nvpair_type(pair);
7430 boolean_t identified = B_FALSE;
7431
7432 /*
7433 * check pair against the documented names and type
7434 */
7435 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7436 /* if not a wild card name, check for an exact match */
7437 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7438 strcmp(nvl_keys[k].zkey_name, name) != 0)
7439 continue;
7440
7441 identified = B_TRUE;
7442
7443 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7444 nvl_keys[k].zkey_type != type) {
7445 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7446 }
7447
7448 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7449 continue;
7450
7451 required_keys_found = B_TRUE;
7452 break;
7453 }
7454
7455 /* allow an 'optional' key, everything else is invalid */
7456 if (!identified &&
7457 (strcmp(name, "optional") != 0 ||
7458 type != DATA_TYPE_NVLIST)) {
7459 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7460 }
7461 }
7462
7463 /* verify that all required keys were found */
7464 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7465 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7466 continue;
7467
7468 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
e1cfd73f 7469 /* at least one non-optional key is expected here */
b83a0e2d
DB		 7470 if (!required_keys_found)
7471 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7472 continue;
7473 }
7474
7475 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7476 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7477 }
7478
7479 return (0);
7480}
7481
65c7cc49 7482static int
572e2857
BB		 7483pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7484 zfs_ioc_poolcheck_t check)
9babb374
BB		 7485{
7486 spa_t *spa;
7487 int error;
7488
30af21b0
PD		 7489 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7490 type == ENTITY_NAME);
9babb374 7491
572e2857
BB		 7492 if (check & POOL_CHECK_NONE)
7493 return (0);
7494
9babb374
BB		 7495 error = spa_open(name, &spa, FTAG);
7496 if (error == 0) {
572e2857 7497 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
2e528b49 7498 error = SET_ERROR(EAGAIN);
572e2857 7499 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
2e528b49 7500 error = SET_ERROR(EROFS);
9babb374
BB		 7501 spa_close(spa, FTAG);
7502 }
7503 return (error);
7504}
7505
ae9f92f6 7506int
958826be 7507zfsdev_getminor(zfs_file_t *fp, minor_t *minorp)
ae9f92f6
MM		 7508{
7509 zfsdev_state_t *zs, *fpd;
ae9f92f6
MM		 7510
7511 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7512
ae9f92f6
MM		 7513 fpd = zfs_file_private(fp);
7514 if (fpd == NULL)
7515 return (SET_ERROR(EBADF));
7516
7517 mutex_enter(&zfsdev_state_lock);
7518
9a14ce43 7519 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
ae9f92f6
MM		 7520
7521 if (zs->zs_minor == -1)
7522 continue;
7523
7524 if (fpd == zs) {
7525 *minorp = fpd->zs_minor;
7526 mutex_exit(&zfsdev_state_lock);
7527 return (0);
7528 }
7529 }
7530
7531 mutex_exit(&zfsdev_state_lock);
7532
7533 return (SET_ERROR(EBADF));
7534}
7535
1dff5452
RM		 7536void *
7537zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
325f0235
BB		 7538{
7539 zfsdev_state_t *zs;
7540
9a14ce43 7541 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
325f0235 7542 if (zs->zs_minor == minor) {
cf66e7e5 7543 membar_consumer();
325f0235 7544 switch (which) {
d1d7e268
MK		 7545 case ZST_ONEXIT:
7546 return (zs->zs_onexit);
7547 case ZST_ZEVENT:
7548 return (zs->zs_zevent);
7549 case ZST_ALL:
7550 return (zs);
325f0235
BB		 7551 }
7552 }
7553 }
7554
d1d7e268 7555 return (NULL);
325f0235
BB		 7556}
7557
572e2857 7558/*
325f0235
BB		 7559 * Find a free minor number. The zfsdev_state_list is expected to
7560 * be short since it is only a list of currently open file handles.
572e2857 7561 */
a631283b 7562static minor_t
572e2857
BB		 7563zfsdev_minor_alloc(void)
7564{
325f0235 7565 static minor_t last_minor = 0;
572e2857
BB		 7566 minor_t m;
7567
7568 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7569
7570 for (m = last_minor + 1; m != last_minor; m++) {
7571 if (m > ZFSDEV_MAX_MINOR)
7572 m = 1;
1dff5452 7573 if (zfsdev_get_state(m, ZST_ALL) == NULL) {
572e2857
BB		 7574 last_minor = m;
7575 return (m);
7576 }
7577 }
7578
7579 return (0);
7580}
7581
a631283b
RM		 7582int
7583zfsdev_state_init(void *priv)
7584{
7585 zfsdev_state_t *zs, *zsprev = NULL;
7586 minor_t minor;
7587 boolean_t newzs = B_FALSE;
7588
7589 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7590
7591 minor = zfsdev_minor_alloc();
7592 if (minor == 0)
7593 return (SET_ERROR(ENXIO));
7594
9a14ce43 7595 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
a631283b
RM		 7596 if (zs->zs_minor == -1)
7597 break;
7598 zsprev = zs;
7599 }
7600
7601 if (!zs) {
7602 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7603 newzs = B_TRUE;
7604 }
7605
7606 zfsdev_private_set_state(priv, zs);
7607
7608 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
7609 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
7610
7611 /*
7612 * In order to provide for lock-free concurrent read access
7613 * to the minor list in zfsdev_get_state(), new entries
7614 * must be completely written before linking them into the
7615 * list whereas existing entries are already linked; the last
7616 * operation must be updating zs_minor (from -1 to the new
7617 * value).
7618 */
7619 if (newzs) {
7620 zs->zs_minor = minor;
7621 membar_producer();
7622 zsprev->zs_next = zs;
7623 } else {
7624 membar_producer();
7625 zs->zs_minor = minor;
7626 }
7627
7628 return (0);
7629}
7630
7631void
7632zfsdev_state_destroy(void *priv)
7633{
7634 zfsdev_state_t *zs = zfsdev_private_get_state(priv);
7635
7636 ASSERT(zs != NULL);
7637 ASSERT3S(zs->zs_minor, >, 0);
7638
7639 /*
7640 * The last reference to this zfsdev file descriptor is being dropped.
7641 * We don't have to worry about lookup grabbing this state object, and
7642 * zfsdev_state_init() will not try to reuse this object until it is
7643 * invalidated by setting zs_minor to -1. Invalidation must be done
7644 * last, with a memory barrier to ensure ordering. This lets us avoid
7645 * taking the global zfsdev state lock around destruction.
7646 */
7647 zfs_onexit_destroy(zs->zs_onexit);
7648 zfs_zevent_destroy(zs->zs_zevent);
7649 zs->zs_onexit = NULL;
7650 zs->zs_zevent = NULL;
7651 membar_producer();
7652 zs->zs_minor = -1;
7653}
7654
7bb0c294 7655long
529246df 7656zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
34dc7c2f 7657{
529246df 7658 int error, cmd;
6f1ffb06 7659 const zfs_ioc_vec_t *vec;
fb8e608d 7660 char *saved_poolname = NULL;
009cc8e8 7661 uint64_t max_nvlist_src_size;
4458157b 7662 size_t saved_poolname_len = 0;
6f1ffb06 7663 nvlist_t *innvl = NULL;
40d06e3c 7664 fstrans_cookie_t cookie;
2ac90457 7665 hrtime_t start_time = gethrtime();
6f1ffb06 7666
7bb0c294 7667 cmd = vecnum;
51420321 7668 error = 0;
6f1ffb06 7669 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
51420321
MM		 7670 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7671
6f1ffb06 7672 vec = &zfs_ioc_vec[vecnum];
34dc7c2f 7673
2e0358cb
BB		 7674 /*
7675 * The registered ioctl list may be sparse, verify that either
7676 * a normal or legacy handler are registered.
7677 */
7678 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
51420321 7679 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
34dc7c2f 7680
6f1ffb06 7681 zc->zc_iflags = flag & FKIOCTL;
009cc8e8
RM		 7682 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7683 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
f74b821a
BB		 7684 /*
7685 * Make sure the user doesn't pass in an insane value for
7686 * zc_nvlist_src_size. We have to check, since we will end
7687 * up allocating that much memory inside of get_nvlist(). This
7688 * prevents a nefarious user from allocating tons of kernel
7689 * memory.
7690 *
7691 * Also, we return EINVAL instead of ENOMEM here. The reason
7692 * being that returning ENOMEM from an ioctl() has a special
7693 * connotation; that the user's size value is too small and
7694 * needs to be expanded to hold the nvlist. See
7695 * zcmd_expand_dst_nvlist() for details.
7696 */
7697 error = SET_ERROR(EINVAL); /* User's size too big */
7698
7699 } else if (zc->zc_nvlist_src_size != 0) {
6f1ffb06
MA		 7700 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7701 zc->zc_iflags, &innvl);
7702 if (error != 0)
7703 goto out;
7704 }
34dc7c2f
BB		 7705
7706 /*
7707 * Ensure that all pool/dataset names are valid before we pass down to
7708 * the lower layers.
7709 */
6f1ffb06
MA		 7710 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7711 switch (vec->zvec_namecheck) {
7712 case POOL_NAME:
7713 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
2e528b49 7714 error = SET_ERROR(EINVAL);
6f1ffb06 7715 else
572e2857 7716 error = pool_status_check(zc->zc_name,
6f1ffb06
MA		 7717 vec->zvec_namecheck, vec->zvec_pool_check);
7718 break;
34dc7c2f 7719
6f1ffb06
MA		 7720 case DATASET_NAME:
7721 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
2e528b49 7722 error = SET_ERROR(EINVAL);
6f1ffb06 7723 else
572e2857 7724 error = pool_status_check(zc->zc_name,
6f1ffb06
MA		 7725 vec->zvec_namecheck, vec->zvec_pool_check);
7726 break;
34dc7c2f 7727
30af21b0
PD		 7728 case ENTITY_NAME:
7729 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7730 error = SET_ERROR(EINVAL);
7731 } else {
7732 error = pool_status_check(zc->zc_name,
7733 vec->zvec_namecheck, vec->zvec_pool_check);
7734 }
7735 break;
7736
6f1ffb06
MA		 7737 case NO_NAME:
7738 break;
34dc7c2f 7739 }
b83a0e2d
DB		 7740 /*
7741 * Ensure that all input pairs are valid before we pass them down
7742 * to the lower layers.
7743 *
7744 * The vectored functions can use fnvlist_lookup_{type} for any
7745 * required pairs since zfs_check_input_nvpairs() confirmed that
7746 * they exist and are of the correct type.
7747 */
7748 if (error == 0 && vec->zvec_func != NULL) {
7749 error = zfs_check_input_nvpairs(innvl, vec);
7750 if (error != 0)
7751 goto out;
7752 }
34dc7c2f 7753
005e27e3 7754 if (error == 0) {
ddab862d 7755 cookie = spl_fstrans_mark();
6f1ffb06 7756 error = vec->zvec_secpolicy(zc, innvl, CRED());
ddab862d
TC		 7757 spl_fstrans_unmark(cookie);
7758 }
6f1ffb06
MA		 7759
7760 if (error != 0)
7761 goto out;
7762
7763 /* legacy ioctls can modify zc_name */
4458157b
JL		 7764 /*
7765 * Can't use kmem_strdup() as we might truncate the string and
7766 * kmem_strfree() would then free with incorrect size.
7767 */
7768 saved_poolname_len = strlen(zc->zc_name) + 1;
7769 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
7770
7771 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
7772 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
6f1ffb06
MA		 7773
7774 if (vec->zvec_func != NULL) {
7775 nvlist_t *outnvl;
7776 int puterror = 0;
7777 spa_t *spa;
7778 nvlist_t *lognv = NULL;
7779
7780 ASSERT(vec->zvec_legacy_func == NULL);
7781
7782 /*
7783 * Add the innvl to the lognv before calling the func,
7784 * in case the func changes the innvl.
7785 */
7786 if (vec->zvec_allow_log) {
7787 lognv = fnvlist_alloc();
7788 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
7789 vec->zvec_name);
7790 if (!nvlist_empty(innvl)) {
7791 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
7792 innvl);
7793 }
7794 }
7795
79c76d5b 7796 outnvl = fnvlist_alloc();
40d06e3c 7797 cookie = spl_fstrans_mark();
6f1ffb06 7798 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
40d06e3c 7799 spl_fstrans_unmark(cookie);
6f1ffb06 7800
d99a0153
CW		 7801 /*
7802 * Some commands can partially execute, modify state, and still
7803 * return an error. In these cases, attempt to record what
7804 * was modified.
7805 */
7806 if ((error == 0 ||
7807 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
7808 vec->zvec_allow_log &&
6f1ffb06
MA		 7809 spa_open(zc->zc_name, &spa, FTAG) == 0) {
7810 if (!nvlist_empty(outnvl)) {
d66aab7c
MA		 7811 size_t out_size = fnvlist_size(outnvl);
7812 if (out_size > zfs_history_output_max) {
7813 fnvlist_add_int64(lognv,
7814 ZPOOL_HIST_OUTPUT_SIZE, out_size);
7815 } else {
7816 fnvlist_add_nvlist(lognv,
7817 ZPOOL_HIST_OUTPUT_NVL, outnvl);
7818 }
6f1ffb06 7819 }
d99a0153
CW		 7820 if (error != 0) {
7821 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
7822 error);
7823 }
2ac90457
MA		 7824 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
7825 gethrtime() - start_time);
6f1ffb06
MA		 7826 (void) spa_history_log_nvl(spa, lognv);
7827 spa_close(spa, FTAG);
7828 }
7829 fnvlist_free(lognv);
7830
7831 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
7832 int smusherror = 0;
7833 if (vec->zvec_smush_outnvlist) {
7834 smusherror = nvlist_smush(outnvl,
7835 zc->zc_nvlist_dst_size);
7836 }
7837 if (smusherror == 0)
7838 puterror = put_nvlist(zc, outnvl);
7839 }
7840
7841 if (puterror != 0)
7842 error = puterror;
7843
7844 nvlist_free(outnvl);
7845 } else {
40d06e3c 7846 cookie = spl_fstrans_mark();
6f1ffb06 7847 error = vec->zvec_legacy_func(zc);
40d06e3c 7848 spl_fstrans_unmark(cookie);
6f1ffb06
MA		 7849 }
7850
7851out:
7852 nvlist_free(innvl);
6f1ffb06
MA		 7853 if (error == 0 && vec->zvec_allow_log) {
7854 char *s = tsd_get(zfs_allow_log_key);
7855 if (s != NULL)
e4f5fa12 7856 kmem_strfree(s);
4458157b 7857 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
34dc7c2f 7858 }
4458157b
JL		 7859 if (saved_poolname != NULL)
7860 kmem_free(saved_poolname, saved_poolname_len);
7861
51420321 7862 return (error);
34dc7c2f
BB		 7863}
7864
7bb0c294
MM		 7865int
7866zfs_kmod_init(void)
34dc7c2f 7867{
7bb0c294 7868 int error;
34dc7c2f 7869
7bb0c294
MM		 7870 if ((error = zvol_init()) != 0)
7871 return (error);
34dc7c2f 7872
da92d5cb 7873 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
7bb0c294 7874 zfs_init();
a6cc9756 7875
7bb0c294 7876 zfs_ioctl_init();
34dc7c2f 7877
325f0235 7878 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
9a14ce43 7879 zfsdev_state_listhead.zs_minor = -1;
34dc7c2f 7880
7bb0c294
MM		 7881 if ((error = zfsdev_attach()) != 0)
7882 goto out;
a6cc9756 7883
7bb0c294
MM		 7884 tsd_create(&zfs_fsyncer_key, NULL);
7885 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
7886 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
34dc7c2f 7887
7bb0c294
MM		 7888 return (0);
7889out:
7890 zfs_fini();
7891 spa_fini();
7892 zvol_fini();
a6cc9756
BB		 7893
7894 return (error);
34dc7c2f
BB		 7895}
7896
7bb0c294
MM		 7897void
7898zfs_kmod_fini(void)
34dc7c2f 7899{
faa296c7 7900 zfsdev_state_t *zs, *zsnext = NULL;
34dc7c2f 7901
7bb0c294
MM		 7902 zfsdev_detach();
7903
325f0235 7904 mutex_destroy(&zfsdev_state_lock);
3937ab20 7905
9a14ce43 7906 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) {
faa296c7
JL		 7907 zsnext = zs->zs_next;
7908 if (zs->zs_onexit)
7909 zfs_onexit_destroy(zs->zs_onexit);
7910 if (zs->zs_zevent)
7911 zfs_zevent_destroy(zs->zs_zevent);
599df820
PJD		 7912 if (zs != &zfsdev_state_listhead)
7913 kmem_free(zs, sizeof (zfsdev_state_t));
3937ab20 7914 }
325f0235 7915
4f072827 7916 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
34dc7c2f
BB		 7917 zfs_fini();
7918 spa_fini();
a0bd735a 7919 zvol_fini();
46e18b3f 7920
d5446cfc 7921 tsd_destroy(&zfs_fsyncer_key);
3fc050aa 7922 tsd_destroy(&rrw_tsd_key);
6f1ffb06 7923 tsd_destroy(&zfs_allow_log_key);
34dc7c2f 7924}
009cc8e8 7925
ab8d9c17 7926ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW,
7ada752a 7927 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
d66aab7c 7928
ab8d9c17 7929ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW,
7ada752a 7930 "Maximum size in bytes of ZFS ioctl output that will be logged");
ZFS On Linux mirror for PVE