]> git.proxmox.com Git - mirror_zfs.git/blame - module/zfs/zfs_ioctl.c
projects / mirror_zfs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OpenZFS 6529 - Properly handle updates of variably-sized SA entries
[mirror_zfs.git] / module / zfs / zfs_ioctl.c
CommitLineData
34dc7c2f
BB		 1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
9ae529ec 21
34dc7c2f 22/*
428870ff 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
b129c659 24 * Portions Copyright 2011 Martin Matuska
671c9354 25 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
0cee2406 26 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
b129c659 27 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
1b87e0f5 28 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
788eb90c 29 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
4b2a3e0c 30 * Copyright (c) 2011, 2015 by Delphix. All rights reserved.
9759c60f 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
95fd54a1 32 * Copyright (c) 2013 Steven Hartland. All rights reserved.
a0bd735a 33 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
6f1ffb06
MA		 34 */
35
36/*
37 * ZFS ioctls.
38 *
39 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
40 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
41 *
42 * There are two ways that we handle ioctls: the legacy way where almost
43 * all of the logic is in the ioctl callback, and the new way where most
44 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
45 *
46 * Non-legacy ioctls should be registered by calling
47 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
48 * from userland by lzc_ioctl().
49 *
50 * The registration arguments are as follows:
51 *
52 * const char *name
53 * The name of the ioctl. This is used for history logging. If the
54 * ioctl returns successfully (the callback returns 0), and allow_log
55 * is true, then a history log entry will be recorded with the input &
56 * output nvlists. The log entry can be printed with "zpool history -i".
57 *
58 * zfs_ioc_t ioc
59 * The ioctl request number, which userland will pass to ioctl(2).
60 * The ioctl numbers can change from release to release, because
61 * the caller (libzfs) must be matched to the kernel.
62 *
63 * zfs_secpolicy_func_t *secpolicy
64 * This function will be called before the zfs_ioc_func_t, to
65 * determine if this operation is permitted. It should return EPERM
66 * on failure, and 0 on success. Checks include determining if the
67 * dataset is visible in this zone, and if the user has either all
68 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
69 * to do this operation on this dataset with "zfs allow".
70 *
71 * zfs_ioc_namecheck_t namecheck
72 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
73 * name, a dataset name, or nothing. If the name is not well-formed,
74 * the ioctl will fail and the callback will not be called.
75 * Therefore, the callback can assume that the name is well-formed
76 * (e.g. is null-terminated, doesn't have more than one '@' character,
77 * doesn't have invalid characters).
78 *
79 * zfs_ioc_poolcheck_t pool_check
80 * This specifies requirements on the pool state. If the pool does
81 * not meet them (is suspended or is readonly), the ioctl will fail
82 * and the callback will not be called. If any checks are specified
83 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
84 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
85 * POOL_CHECK_READONLY).
86 *
87 * boolean_t smush_outnvlist
88 * If smush_outnvlist is true, then the output is presumed to be a
89 * list of errors, and it will be "smushed" down to fit into the
90 * caller's buffer, by removing some entries and replacing them with a
91 * single "N_MORE_ERRORS" entry indicating how many were removed. See
92 * nvlist_smush() for details. If smush_outnvlist is false, and the
93 * outnvlist does not fit into the userland-provided buffer, then the
94 * ioctl will fail with ENOMEM.
95 *
96 * zfs_ioc_func_t *func
97 * The callback function that will perform the operation.
98 *
99 * The callback should return 0 on success, or an error number on
100 * failure. If the function fails, the userland ioctl will return -1,
101 * and errno will be set to the callback's return value. The callback
102 * will be called with the following arguments:
103 *
104 * const char *name
105 * The name of the pool or dataset to operate on, from
106 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
107 * expected type (pool, dataset, or none).
108 *
109 * nvlist_t *innvl
110 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
111 * NULL if no input nvlist was provided. Changes to this nvlist are
112 * ignored. If the input nvlist could not be deserialized, the
113 * ioctl will fail and the callback will not be called.
114 *
115 * nvlist_t *outnvl
116 * The output nvlist, initially empty. The callback can fill it in,
117 * and it will be returned to userland by serializing it into
118 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
119 * fails (e.g. because the caller didn't supply a large enough
120 * buffer), then the overall ioctl will fail. See the
121 * 'smush_nvlist' argument above for additional behaviors.
122 *
123 * There are two typical uses of the output nvlist:
124 * - To return state, e.g. property values. In this case,
125 * smush_outnvlist should be false. If the buffer was not large
126 * enough, the caller will reallocate a larger buffer and try
127 * the ioctl again.
128 *
129 * - To return multiple errors from an ioctl which makes on-disk
130 * changes. In this case, smush_outnvlist should be true.
131 * Ioctls which make on-disk modifications should generally not
132 * use the outnvl if they succeed, because the caller can not
133 * distinguish between the operation failing, and
134 * deserialization failing.
3541dc6d 135 */
34dc7c2f 136
34dc7c2f
BB		 137#include <sys/types.h>
138#include <sys/param.h>
139#include <sys/errno.h>
140#include <sys/uio.h>
141#include <sys/buf.h>
142#include <sys/modctl.h>
143#include <sys/open.h>
144#include <sys/file.h>
145#include <sys/kmem.h>
146#include <sys/conf.h>
147#include <sys/cmn_err.h>
148#include <sys/stat.h>
149#include <sys/zfs_ioctl.h>
428870ff 150#include <sys/zfs_vfsops.h>
34dc7c2f
BB		 151#include <sys/zfs_znode.h>
152#include <sys/zap.h>
153#include <sys/spa.h>
154#include <sys/spa_impl.h>
155#include <sys/vdev.h>
428870ff 156#include <sys/priv_impl.h>
34dc7c2f
BB		 157#include <sys/dmu.h>
158#include <sys/dsl_dir.h>
159#include <sys/dsl_dataset.h>
160#include <sys/dsl_prop.h>
161#include <sys/dsl_deleg.h>
162#include <sys/dmu_objset.h>
37abac6d 163#include <sys/dmu_impl.h>
13fe0198 164#include <sys/dmu_tx.h>
34dc7c2f
BB		 165#include <sys/ddi.h>
166#include <sys/sunddi.h>
167#include <sys/sunldi.h>
168#include <sys/policy.h>
169#include <sys/zone.h>
170#include <sys/nvpair.h>
171#include <sys/pathname.h>
172#include <sys/mount.h>
173#include <sys/sdt.h>
174#include <sys/fs/zfs.h>
ebe7e575 175#include <sys/zfs_ctldir.h>
34dc7c2f 176#include <sys/zfs_dir.h>
572e2857 177#include <sys/zfs_onexit.h>
34dc7c2f 178#include <sys/zvol.h>
428870ff 179#include <sys/dsl_scan.h>
34dc7c2f 180#include <sharefs/share.h>
325f0235
BB		 181#include <sys/fm/util.h>
182
13fe0198
MA		 183#include <sys/dmu_send.h>
184#include <sys/dsl_destroy.h>
da536844 185#include <sys/dsl_bookmark.h>
13fe0198 186#include <sys/dsl_userhold.h>
9759c60f 187#include <sys/zfeature.h>
3c67d83a 188#include <sys/zio_checksum.h>
9759c60f 189
325f0235 190#include <linux/miscdevice.h>
f74b821a 191#include <linux/slab.h>
34dc7c2f
BB		 192
193#include "zfs_namecheck.h"
194#include "zfs_prop.h"
195#include "zfs_deleg.h"
428870ff 196#include "zfs_comutil.h"
34dc7c2f 197
f74b821a
BB		 198/*
199 * Limit maximum nvlist size. We don't want users passing in insane values
200 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
201 */
202#define MAX_NVLIST_SRC_SIZE KMALLOC_MAX_SIZE
203
325f0235 204kmutex_t zfsdev_state_lock;
3937ab20 205zfsdev_state_t *zfsdev_state_list;
34dc7c2f
BB		 206
207extern void zfs_init(void);
208extern void zfs_fini(void);
209
6f1ffb06
MA		 210uint_t zfs_fsyncer_key;
211extern uint_t rrw_tsd_key;
212static uint_t zfs_allow_log_key;
213
214typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
215typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
216typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
34dc7c2f 217
9babb374
BB		 218typedef enum {
219 NO_NAME,
220 POOL_NAME,
221 DATASET_NAME
222} zfs_ioc_namecheck_t;
223
572e2857
BB		 224typedef enum {
225 POOL_CHECK_NONE = 1 << 0,
226 POOL_CHECK_SUSPENDED = 1 << 1,
6f1ffb06 227 POOL_CHECK_READONLY = 1 << 2,
572e2857
BB		 228} zfs_ioc_poolcheck_t;
229
34dc7c2f 230typedef struct zfs_ioc_vec {
6f1ffb06 231 zfs_ioc_legacy_func_t *zvec_legacy_func;
34dc7c2f
BB		 232 zfs_ioc_func_t *zvec_func;
233 zfs_secpolicy_func_t *zvec_secpolicy;
9babb374 234 zfs_ioc_namecheck_t zvec_namecheck;
6f1ffb06 235 boolean_t zvec_allow_log;
572e2857 236 zfs_ioc_poolcheck_t zvec_pool_check;
6f1ffb06
MA		 237 boolean_t zvec_smush_outnvlist;
238 const char *zvec_name;
34dc7c2f
BB		 239} zfs_ioc_vec_t;
240
9babb374
BB		 241/* This array is indexed by zfs_userquota_prop_t */
242static const char *userquota_perms[] = {
243 ZFS_DELEG_PERM_USERUSED,
244 ZFS_DELEG_PERM_USERQUOTA,
245 ZFS_DELEG_PERM_GROUPUSED,
246 ZFS_DELEG_PERM_GROUPQUOTA,
1de321e6
JX		 247 ZFS_DELEG_PERM_USEROBJUSED,
248 ZFS_DELEG_PERM_USEROBJQUOTA,
249 ZFS_DELEG_PERM_GROUPOBJUSED,
250 ZFS_DELEG_PERM_GROUPOBJQUOTA,
9babb374
BB		 251};
252
253static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
1de321e6 254static int zfs_ioc_userobjspace_upgrade(zfs_cmd_t *zc);
428870ff
BB		 255static int zfs_check_settable(const char *name, nvpair_t *property,
256 cred_t *cr);
257static int zfs_check_clearable(char *dataset, nvlist_t *props,
258 nvlist_t **errors);
b128c09f
BB		 259static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
260 boolean_t *);
6f1ffb06
MA		 261int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
262static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
b128c09f 263
34dc7c2f
BB		 264static void
265history_str_free(char *buf)
266{
267 kmem_free(buf, HIS_MAX_RECORD_LEN);
268}
269
270static char *
271history_str_get(zfs_cmd_t *zc)
272{
273 char *buf;
274
b8864a23 275 if (zc->zc_history == 0)
34dc7c2f
BB		 276 return (NULL);
277
efcd79a8 278 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
34dc7c2f
BB		 279 if (copyinstr((void *)(uintptr_t)zc->zc_history,
280 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
281 history_str_free(buf);
282 return (NULL);
283 }
284
285 buf[HIS_MAX_RECORD_LEN -1] = '\0';
286
287 return (buf);
288}
289
290/*
b128c09f
BB		 291 * Check to see if the named dataset is currently defined as bootable
292 */
293static boolean_t
294zfs_is_bootfs(const char *name)
295{
428870ff 296 objset_t *os;
b128c09f 297
428870ff
BB		 298 if (dmu_objset_hold(name, FTAG, &os) == 0) {
299 boolean_t ret;
300 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
301 dmu_objset_rele(os, FTAG);
302 return (ret);
b128c09f 303 }
428870ff 304 return (B_FALSE);
b128c09f
BB		 305}
306
307/*
d3cc8b15 308 * Return non-zero if the spa version is less than requested version.
34dc7c2f
BB		 309 */
310static int
b128c09f 311zfs_earlier_version(const char *name, int version)
34dc7c2f 312{
34dc7c2f
BB		 313 spa_t *spa;
314
315 if (spa_open(name, &spa, FTAG) == 0) {
316 if (spa_version(spa) < version) {
317 spa_close(spa, FTAG);
318 return (1);
319 }
320 spa_close(spa, FTAG);
321 }
322 return (0);
323}
324
325/*
b128c09f 326 * Return TRUE if the ZPL version is less than requested version.
34dc7c2f 327 */
b128c09f
BB		 328static boolean_t
329zpl_earlier_version(const char *name, int version)
34dc7c2f
BB		 330{
331 objset_t *os;
b128c09f 332 boolean_t rc = B_TRUE;
34dc7c2f 333
428870ff 334 if (dmu_objset_hold(name, FTAG, &os) == 0) {
b128c09f 335 uint64_t zplversion;
34dc7c2f 336
428870ff
BB		 337 if (dmu_objset_type(os) != DMU_OST_ZFS) {
338 dmu_objset_rele(os, FTAG);
339 return (B_TRUE);
340 }
341 /* XXX reading from non-owned objset */
b128c09f
BB		 342 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
343 rc = zplversion < version;
428870ff 344 dmu_objset_rele(os, FTAG);
34dc7c2f
BB		 345 }
346 return (rc);
347}
348
349static void
350zfs_log_history(zfs_cmd_t *zc)
351{
352 spa_t *spa;
353 char *buf;
354
355 if ((buf = history_str_get(zc)) == NULL)
356 return;
357
358 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
359 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
6f1ffb06 360 (void) spa_history_log(spa, buf);
34dc7c2f
BB		 361 spa_close(spa, FTAG);
362 }
363 history_str_free(buf);
364}
365
366/*
367 * Policy for top-level read operations (list pools). Requires no privileges,
368 * and can be used in the local zone, as there is no associated dataset.
369 */
370/* ARGSUSED */
371static int
6f1ffb06 372zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 373{
374 return (0);
375}
376
377/*
378 * Policy for dataset read operations (list children, get statistics). Requires
379 * no privileges, but must be visible in the local zone.
380 */
381/* ARGSUSED */
382static int
6f1ffb06 383zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 384{
385 if (INGLOBALZONE(curproc) ||
386 zone_dataset_visible(zc->zc_name, NULL))
387 return (0);
388
2e528b49 389 return (SET_ERROR(ENOENT));
34dc7c2f
BB		 390}
391
392static int
572e2857 393zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
34dc7c2f 394{
34dc7c2f
BB		 395 int writable = 1;
396
397 /*
398 * The dataset must be visible by this zone -- check this first
399 * so they don't see EPERM on something they shouldn't know about.
400 */
401 if (!INGLOBALZONE(curproc) &&
402 !zone_dataset_visible(dataset, &writable))
2e528b49 403 return (SET_ERROR(ENOENT));
34dc7c2f 404
34dc7c2f
BB		 405 if (INGLOBALZONE(curproc)) {
406 /*
407 * If the fs is zoned, only root can access it from the
408 * global zone.
409 */
410 if (secpolicy_zfs(cr) && zoned)
2e528b49 411 return (SET_ERROR(EPERM));
34dc7c2f
BB		 412 } else {
413 /*
414 * If we are in a local zone, the 'zoned' property must be set.
415 */
416 if (!zoned)
2e528b49 417 return (SET_ERROR(EPERM));
34dc7c2f
BB		 418
419 /* must be writable by this zone */
420 if (!writable)
2e528b49 421 return (SET_ERROR(EPERM));
34dc7c2f
BB		 422 }
423 return (0);
424}
425
572e2857
BB		 426static int
427zfs_dozonecheck(const char *dataset, cred_t *cr)
428{
429 uint64_t zoned;
430
431 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
2e528b49 432 return (SET_ERROR(ENOENT));
572e2857
BB		 433
434 return (zfs_dozonecheck_impl(dataset, zoned, cr));
435}
436
437static int
438zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
439{
440 uint64_t zoned;
441
13fe0198 442 if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
2e528b49 443 return (SET_ERROR(ENOENT));
572e2857
BB		 444
445 return (zfs_dozonecheck_impl(dataset, zoned, cr));
446}
447
6f1ffb06 448static int
13fe0198
MA		 449zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
450 const char *perm, cred_t *cr)
34dc7c2f
BB		 451{
452 int error;
453
330d06f9 454 error = zfs_dozonecheck_ds(name, ds, cr);
34dc7c2f
BB		 455 if (error == 0) {
456 error = secpolicy_zfs(cr);
13fe0198 457 if (error != 0)
6f1ffb06 458 error = dsl_deleg_access_impl(ds, perm, cr);
34dc7c2f
BB		 459 }
460 return (error);
461}
462
6f1ffb06 463static int
13fe0198 464zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
572e2857
BB		 465{
466 int error;
13fe0198
MA		 467 dsl_dataset_t *ds;
468 dsl_pool_t *dp;
572e2857 469
e88551d5
GM		 470 /*
471 * First do a quick check for root in the global zone, which
472 * is allowed to do all write_perms. This ensures that zfs_ioc_*
473 * will get to handle nonexistent datasets.
474 */
475 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
476 return (0);
477
13fe0198
MA		 478 error = dsl_pool_hold(name, FTAG, &dp);
479 if (error != 0)
480 return (error);
481
482 error = dsl_dataset_hold(dp, name, FTAG, &ds);
483 if (error != 0) {
484 dsl_pool_rele(dp, FTAG);
485 return (error);
572e2857 486 }
13fe0198
MA		 487
488 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
489
490 dsl_dataset_rele(ds, FTAG);
491 dsl_pool_rele(dp, FTAG);
572e2857
BB		 492 return (error);
493}
494
428870ff
BB		 495/*
496 * Policy for setting the security label property.
497 *
498 * Returns 0 for success, non-zero for access and other errors.
499 */
34dc7c2f 500static int
428870ff 501zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
34dc7c2f 502{
d2c15e84 503#ifdef HAVE_MLSLABEL
428870ff
BB		 504 char ds_hexsl[MAXNAMELEN];
505 bslabel_t ds_sl, new_sl;
506 boolean_t new_default = FALSE;
507 uint64_t zoned;
508 int needed_priv = -1;
509 int error;
510
511 /* First get the existing dataset label. */
512 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
513 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
13fe0198 514 if (error != 0)
2e528b49 515 return (SET_ERROR(EPERM));
428870ff
BB		 516
517 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
518 new_default = TRUE;
519
520 /* The label must be translatable */
521 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
2e528b49 522 return (SET_ERROR(EINVAL));
428870ff
BB		 523
524 /*
525 * In a non-global zone, disallow attempts to set a label that
526 * doesn't match that of the zone; otherwise no other checks
527 * are needed.
528 */
529 if (!INGLOBALZONE(curproc)) {
530 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
2e528b49 531 return (SET_ERROR(EPERM));
428870ff
BB		 532 return (0);
533 }
534
535 /*
536 * For global-zone datasets (i.e., those whose zoned property is
537 * "off", verify that the specified new label is valid for the
538 * global zone.
539 */
540 if (dsl_prop_get_integer(name,
541 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
2e528b49 542 return (SET_ERROR(EPERM));
428870ff
BB		 543 if (!zoned) {
544 if (zfs_check_global_label(name, strval) != 0)
2e528b49 545 return (SET_ERROR(EPERM));
428870ff
BB		 546 }
547
548 /*
549 * If the existing dataset label is nondefault, check if the
550 * dataset is mounted (label cannot be changed while mounted).
3558fd73 551 * Get the zfs_sb_t; if there isn't one, then the dataset isn't
428870ff
BB		 552 * mounted (or isn't a dataset, doesn't exist, ...).
553 */
554 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
555 objset_t *os;
556 static char *setsl_tag = "setsl_tag";
557
558 /*
559 * Try to own the dataset; abort if there is any error,
560 * (e.g., already mounted, in use, or other error).
561 */
562 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
563 setsl_tag, &os);
13fe0198 564 if (error != 0)
2e528b49 565 return (SET_ERROR(EPERM));
428870ff
BB		 566
567 dmu_objset_disown(os, setsl_tag);
568
569 if (new_default) {
570 needed_priv = PRIV_FILE_DOWNGRADE_SL;
571 goto out_check;
572 }
573
574 if (hexstr_to_label(strval, &new_sl) != 0)
2e528b49 575 return (SET_ERROR(EPERM));
428870ff
BB		 576
577 if (blstrictdom(&ds_sl, &new_sl))
578 needed_priv = PRIV_FILE_DOWNGRADE_SL;
579 else if (blstrictdom(&new_sl, &ds_sl))
580 needed_priv = PRIV_FILE_UPGRADE_SL;
581 } else {
582 /* dataset currently has a default label */
583 if (!new_default)
584 needed_priv = PRIV_FILE_UPGRADE_SL;
585 }
586
587out_check:
588 if (needed_priv != -1)
589 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
590 return (0);
d2c15e84 591#else
d1d7e268 592 return (ENOTSUP);
d2c15e84 593#endif /* HAVE_MLSLABEL */
428870ff
BB		 594}
595
596static int
597zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
598 cred_t *cr)
599{
600 char *strval;
601
34dc7c2f
BB		 602 /*
603 * Check permissions for special properties.
604 */
605 switch (prop) {
e75c13c3
BB		 606 default:
607 break;
34dc7c2f
BB		 608 case ZFS_PROP_ZONED:
609 /*
610 * Disallow setting of 'zoned' from within a local zone.
611 */
612 if (!INGLOBALZONE(curproc))
2e528b49 613 return (SET_ERROR(EPERM));
34dc7c2f
BB		 614 break;
615
616 case ZFS_PROP_QUOTA:
788eb90c
JJ		 617 case ZFS_PROP_FILESYSTEM_LIMIT:
618 case ZFS_PROP_SNAPSHOT_LIMIT:
34dc7c2f
BB		 619 if (!INGLOBALZONE(curproc)) {
620 uint64_t zoned;
eca7b760 621 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
34dc7c2f
BB		 622 /*
623 * Unprivileged users are allowed to modify the
788eb90c 624 * limit on things *under* (ie. contained by)
34dc7c2f
BB		 625 * the thing they own.
626 */
428870ff 627 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
34dc7c2f 628 setpoint))
2e528b49 629 return (SET_ERROR(EPERM));
428870ff 630 if (!zoned || strlen(dsname) <= strlen(setpoint))
2e528b49 631 return (SET_ERROR(EPERM));
34dc7c2f
BB		 632 }
633 break;
428870ff
BB		 634
635 case ZFS_PROP_MLSLABEL:
636 if (!is_system_labeled())
2e528b49 637 return (SET_ERROR(EPERM));
428870ff
BB		 638
639 if (nvpair_value_string(propval, &strval) == 0) {
640 int err;
641
642 err = zfs_set_slabel_policy(dsname, strval, CRED());
643 if (err != 0)
644 return (err);
645 }
646 break;
34dc7c2f
BB		 647 }
648
428870ff 649 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
34dc7c2f
BB		 650}
651
6f1ffb06
MA		 652/* ARGSUSED */
653static int
654zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 655{
656 int error;
657
658 error = zfs_dozonecheck(zc->zc_name, cr);
13fe0198 659 if (error != 0)
34dc7c2f
BB		 660 return (error);
661
662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
666 return (0);
667}
668
6f1ffb06
MA		 669/* ARGSUSED */
670static int
671zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 672{
428870ff
BB		 673 return (zfs_secpolicy_write_perms(zc->zc_name,
674 ZFS_DELEG_PERM_ROLLBACK, cr));
34dc7c2f
BB		 675}
676
6f1ffb06
MA		 677/* ARGSUSED */
678static int
679zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 680{
572e2857
BB		 681 dsl_pool_t *dp;
682 dsl_dataset_t *ds;
683 char *cp;
684 int error;
685
686 /*
687 * Generate the current snapshot name from the given objsetid, then
688 * use that name for the secpolicy/zone checks.
689 */
690 cp = strchr(zc->zc_name, '@');
691 if (cp == NULL)
2e528b49 692 return (SET_ERROR(EINVAL));
13fe0198
MA		 693 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
694 if (error != 0)
572e2857
BB		 695 return (error);
696
572e2857 697 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
13fe0198
MA		 698 if (error != 0) {
699 dsl_pool_rele(dp, FTAG);
572e2857 700 return (error);
13fe0198 701 }
572e2857
BB		 702
703 dsl_dataset_name(ds, zc->zc_name);
704
705 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
706 ZFS_DELEG_PERM_SEND, cr);
707 dsl_dataset_rele(ds, FTAG);
13fe0198 708 dsl_pool_rele(dp, FTAG);
572e2857
BB		 709
710 return (error);
34dc7c2f
BB		 711}
712
6f1ffb06
MA		 713/* ARGSUSED */
714static int
715zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
716{
717 return (zfs_secpolicy_write_perms(zc->zc_name,
718 ZFS_DELEG_PERM_SEND, cr));
719}
720
3c9609b3 721#ifdef HAVE_SMB_SHARE
6f1ffb06 722/* ARGSUSED */
9babb374 723static int
6f1ffb06 724zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374
BB		 725{
726 vnode_t *vp;
727 int error;
728
729 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
730 NO_FOLLOW, NULL, &vp)) != 0)
731 return (error);
732
733 /* Now make sure mntpnt and dataset are ZFS */
734
735 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
736 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
737 zc->zc_name) != 0)) {
738 VN_RELE(vp);
2e528b49 739 return (SET_ERROR(EPERM));
9babb374
BB		 740 }
741
742 VN_RELE(vp);
743 return (dsl_deleg_access(zc->zc_name,
744 ZFS_DELEG_PERM_SHARE, cr));
745}
3c9609b3 746#endif /* HAVE_SMB_SHARE */
9babb374 747
34dc7c2f 748int
6f1ffb06 749zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 750{
3c9609b3 751#ifdef HAVE_SMB_SHARE
34dc7c2f 752 if (!INGLOBALZONE(curproc))
2e528b49 753 return (SET_ERROR(EPERM));
34dc7c2f
BB		 754
755 if (secpolicy_nfs(cr) == 0) {
756 return (0);
757 } else {
6f1ffb06 758 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
9babb374 759 }
325f0235 760#else
2e528b49 761 return (SET_ERROR(ENOTSUP));
3c9609b3 762#endif /* HAVE_SMB_SHARE */
9babb374 763}
34dc7c2f 764
9babb374 765int
6f1ffb06 766zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 767{
3c9609b3 768#ifdef HAVE_SMB_SHARE
9babb374 769 if (!INGLOBALZONE(curproc))
2e528b49 770 return (SET_ERROR(EPERM));
34dc7c2f 771
9babb374
BB		 772 if (secpolicy_smb(cr) == 0) {
773 return (0);
774 } else {
6f1ffb06 775 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
34dc7c2f 776 }
325f0235 777#else
2e528b49 778 return (SET_ERROR(ENOTSUP));
3c9609b3 779#endif /* HAVE_SMB_SHARE */
34dc7c2f
BB		 780}
781
782static int
783zfs_get_parent(const char *datasetname, char *parent, int parentsize)
784{
785 char *cp;
786
787 /*
788 * Remove the @bla or /bla from the end of the name to get the parent.
789 */
790 (void) strncpy(parent, datasetname, parentsize);
791 cp = strrchr(parent, '@');
792 if (cp != NULL) {
793 cp[0] = '\0';
794 } else {
795 cp = strrchr(parent, '/');
796 if (cp == NULL)
2e528b49 797 return (SET_ERROR(ENOENT));
34dc7c2f
BB		 798 cp[0] = '\0';
799 }
800
801 return (0);
802}
803
804int
805zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
806{
807 int error;
808
809 if ((error = zfs_secpolicy_write_perms(name,
810 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
811 return (error);
812
813 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
814}
815
6f1ffb06 816/* ARGSUSED */
34dc7c2f 817static int
6f1ffb06 818zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 819{
820 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
821}
822
823/*
428870ff 824 * Destroying snapshots with delegated permissions requires
6f1ffb06 825 * descendant mount and destroy permissions.
34dc7c2f 826 */
6f1ffb06 827/* ARGSUSED */
34dc7c2f 828static int
6f1ffb06 829zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 830{
6f1ffb06
MA		 831 nvlist_t *snaps;
832 nvpair_t *pair, *nextpair;
833 int error = 0;
428870ff 834
6f1ffb06 835 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
2e528b49 836 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 837 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
838 pair = nextpair) {
6f1ffb06 839 nextpair = nvlist_next_nvpair(snaps, pair);
da536844
MA		 840 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
841 if (error == ENOENT) {
6f1ffb06
MA		 842 /*
843 * Ignore any snapshots that don't exist (we consider
844 * them "already destroyed"). Remove the name from the
845 * nvl here in case the snapshot is created between
846 * now and when we try to destroy it (in which case
847 * we don't want to destroy it since we haven't
848 * checked for permission).
849 */
850 fnvlist_remove_nvpair(snaps, pair);
851 error = 0;
6f1ffb06 852 }
6f1ffb06
MA		 853 if (error != 0)
854 break;
855 }
428870ff 856
428870ff 857 return (error);
34dc7c2f
BB		 858}
859
860int
861zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
862{
eca7b760 863 char parentname[ZFS_MAX_DATASET_NAME_LEN];
34dc7c2f
BB		 864 int error;
865
866 if ((error = zfs_secpolicy_write_perms(from,
867 ZFS_DELEG_PERM_RENAME, cr)) != 0)
868 return (error);
869
870 if ((error = zfs_secpolicy_write_perms(from,
871 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
872 return (error);
873
874 if ((error = zfs_get_parent(to, parentname,
875 sizeof (parentname))) != 0)
876 return (error);
877
878 if ((error = zfs_secpolicy_write_perms(parentname,
879 ZFS_DELEG_PERM_CREATE, cr)) != 0)
880 return (error);
881
882 if ((error = zfs_secpolicy_write_perms(parentname,
883 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
884 return (error);
885
886 return (error);
887}
888
6f1ffb06 889/* ARGSUSED */
34dc7c2f 890static int
6f1ffb06 891zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 892{
893 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
894}
895
6f1ffb06 896/* ARGSUSED */
34dc7c2f 897static int
6f1ffb06 898zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 899{
13fe0198
MA		 900 dsl_pool_t *dp;
901 dsl_dataset_t *clone;
34dc7c2f
BB		 902 int error;
903
904 error = zfs_secpolicy_write_perms(zc->zc_name,
905 ZFS_DELEG_PERM_PROMOTE, cr);
13fe0198
MA		 906 if (error != 0)
907 return (error);
908
909 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
910 if (error != 0)
34dc7c2f
BB		 911 return (error);
912
13fe0198 913 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
34dc7c2f
BB		 914
915 if (error == 0) {
eca7b760 916 char parentname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198 917 dsl_dataset_t *origin = NULL;
34dc7c2f 918 dsl_dir_t *dd;
13fe0198 919 dd = clone->ds_dir;
34dc7c2f 920
b128c09f 921 error = dsl_dataset_hold_obj(dd->dd_pool,
d683ddbb 922 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
13fe0198
MA		 923 if (error != 0) {
924 dsl_dataset_rele(clone, FTAG);
925 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 926 return (error);
927 }
928
13fe0198 929 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
34dc7c2f
BB		 930 ZFS_DELEG_PERM_MOUNT, cr);
931
13fe0198
MA		 932 dsl_dataset_name(origin, parentname);
933 if (error == 0) {
934 error = zfs_secpolicy_write_perms_ds(parentname, origin,
34dc7c2f 935 ZFS_DELEG_PERM_PROMOTE, cr);
13fe0198
MA		 936 }
937 dsl_dataset_rele(clone, FTAG);
938 dsl_dataset_rele(origin, FTAG);
34dc7c2f 939 }
13fe0198 940 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 941 return (error);
942}
943
6f1ffb06 944/* ARGSUSED */
34dc7c2f 945static int
6f1ffb06 946zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 947{
948 int error;
949
950 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
951 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
952 return (error);
953
954 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
955 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
956 return (error);
957
958 return (zfs_secpolicy_write_perms(zc->zc_name,
959 ZFS_DELEG_PERM_CREATE, cr));
960}
961
43e52edd
BB		 962/* ARGSUSED */
963static int
964zfs_secpolicy_recv_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
965{
966 return (zfs_secpolicy_recv(zc, innvl, cr));
967}
968
34dc7c2f
BB		 969int
970zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
971{
428870ff
BB		 972 return (zfs_secpolicy_write_perms(name,
973 ZFS_DELEG_PERM_SNAPSHOT, cr));
34dc7c2f
BB		 974}
975
6f1ffb06
MA		 976/*
977 * Check for permission to create each snapshot in the nvlist.
978 */
979/* ARGSUSED */
34dc7c2f 980static int
6f1ffb06 981zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 982{
6f1ffb06
MA		 983 nvlist_t *snaps;
984 int error = 0;
985 nvpair_t *pair;
986
987 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
2e528b49 988 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 989 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
990 pair = nvlist_next_nvpair(snaps, pair)) {
991 char *name = nvpair_name(pair);
992 char *atp = strchr(name, '@');
34dc7c2f 993
6f1ffb06 994 if (atp == NULL) {
2e528b49 995 error = SET_ERROR(EINVAL);
6f1ffb06
MA		 996 break;
997 }
998 *atp = '\0';
999 error = zfs_secpolicy_snapshot_perms(name, cr);
1000 *atp = '@';
1001 if (error != 0)
1002 break;
1003 }
1004 return (error);
1005}
1006
da536844
MA		 1007/*
1008 * Check for permission to create each snapshot in the nvlist.
1009 */
1010/* ARGSUSED */
1011static int
1012zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1013{
1014 int error = 0;
1015 nvpair_t *pair;
1016
1017 for (pair = nvlist_next_nvpair(innvl, NULL);
1018 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
1019 char *name = nvpair_name(pair);
1020 char *hashp = strchr(name, '#');
1021
1022 if (hashp == NULL) {
1023 error = SET_ERROR(EINVAL);
1024 break;
1025 }
1026 *hashp = '\0';
1027 error = zfs_secpolicy_write_perms(name,
1028 ZFS_DELEG_PERM_BOOKMARK, cr);
1029 *hashp = '#';
1030 if (error != 0)
1031 break;
1032 }
1033 return (error);
1034}
1035
1036/* ARGSUSED */
1037static int
1038zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1039{
1040 nvpair_t *pair, *nextpair;
1041 int error = 0;
1042
1043 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1044 pair = nextpair) {
1045 char *name = nvpair_name(pair);
1046 char *hashp = strchr(name, '#');
1047 nextpair = nvlist_next_nvpair(innvl, pair);
1048
1049 if (hashp == NULL) {
1050 error = SET_ERROR(EINVAL);
1051 break;
1052 }
1053
1054 *hashp = '\0';
1055 error = zfs_secpolicy_write_perms(name,
1056 ZFS_DELEG_PERM_DESTROY, cr);
1057 *hashp = '#';
1058 if (error == ENOENT) {
1059 /*
1060 * Ignore any filesystems that don't exist (we consider
1061 * their bookmarks "already destroyed"). Remove
1062 * the name from the nvl here in case the filesystem
1063 * is created between now and when we try to destroy
1064 * the bookmark (in which case we don't want to
1065 * destroy it since we haven't checked for permission).
1066 */
1067 fnvlist_remove_nvpair(innvl, pair);
1068 error = 0;
1069 }
1070 if (error != 0)
1071 break;
1072 }
1073
1074 return (error);
1075}
1076
6f1ffb06
MA		 1077/* ARGSUSED */
1078static int
1079zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1080{
1081 /*
1082 * Even root must have a proper TSD so that we know what pool
1083 * to log to.
1084 */
1085 if (tsd_get(zfs_allow_log_key) == NULL)
2e528b49 1086 return (SET_ERROR(EPERM));
6f1ffb06 1087 return (0);
34dc7c2f
BB		 1088}
1089
1090static int
6f1ffb06 1091zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f 1092{
eca7b760 1093 char parentname[ZFS_MAX_DATASET_NAME_LEN];
428870ff 1094 int error;
6f1ffb06 1095 char *origin;
34dc7c2f
BB		 1096
1097 if ((error = zfs_get_parent(zc->zc_name, parentname,
1098 sizeof (parentname))) != 0)
1099 return (error);
1100
6f1ffb06
MA		 1101 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1102 (error = zfs_secpolicy_write_perms(origin,
1103 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1104 return (error);
34dc7c2f
BB		 1105
1106 if ((error = zfs_secpolicy_write_perms(parentname,
1107 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1108 return (error);
1109
6f1ffb06
MA		 1110 return (zfs_secpolicy_write_perms(parentname,
1111 ZFS_DELEG_PERM_MOUNT, cr));
34dc7c2f
BB		 1112}
1113
34dc7c2f
BB		 1114/*
1115 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1116 * SYS_CONFIG privilege, which is not available in a local zone.
1117 */
1118/* ARGSUSED */
1119static int
6f1ffb06 1120zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 1121{
1122 if (secpolicy_sys_config(cr, B_FALSE) != 0)
2e528b49 1123 return (SET_ERROR(EPERM));
34dc7c2f
BB		 1124
1125 return (0);
1126}
1127
572e2857
BB		 1128/*
1129 * Policy for object to name lookups.
1130 */
1131/* ARGSUSED */
1132static int
6f1ffb06 1133zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
572e2857
BB		 1134{
1135 int error;
1136
1137 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1138 return (0);
1139
1140 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1141 return (error);
1142}
1143
34dc7c2f
BB		 1144/*
1145 * Policy for fault injection. Requires all privileges.
1146 */
1147/* ARGSUSED */
1148static int
6f1ffb06 1149zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 1150{
1151 return (secpolicy_zinject(cr));
1152}
1153
6f1ffb06 1154/* ARGSUSED */
34dc7c2f 1155static int
6f1ffb06 1156zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
34dc7c2f
BB		 1157{
1158 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1159
1160 if (prop == ZPROP_INVAL) {
1161 if (!zfs_prop_user(zc->zc_value))
2e528b49 1162 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1163 return (zfs_secpolicy_write_perms(zc->zc_name,
1164 ZFS_DELEG_PERM_USERPROP, cr));
1165 } else {
428870ff
BB		 1166 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1167 NULL, cr));
34dc7c2f
BB		 1168 }
1169}
1170
9babb374 1171static int
6f1ffb06 1172zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1173{
6f1ffb06 1174 int err = zfs_secpolicy_read(zc, innvl, cr);
9babb374
BB		 1175 if (err)
1176 return (err);
1177
1178 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 1179 return (SET_ERROR(EINVAL));
9babb374
BB		 1180
1181 if (zc->zc_value[0] == 0) {
1182 /*
1183 * They are asking about a posix uid/gid. If it's
1184 * themself, allow it.
1185 */
1186 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1de321e6
JX		 1187 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1188 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1189 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
9babb374
BB		 1190 if (zc->zc_guid == crgetuid(cr))
1191 return (0);
1192 } else {
1193 if (groupmember(zc->zc_guid, cr))
1194 return (0);
1195 }
1196 }
1197
1198 return (zfs_secpolicy_write_perms(zc->zc_name,
1199 userquota_perms[zc->zc_objset_type], cr));
1200}
1201
1202static int
6f1ffb06 1203zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1204{
6f1ffb06 1205 int err = zfs_secpolicy_read(zc, innvl, cr);
9babb374
BB		 1206 if (err)
1207 return (err);
1208
1209 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 1210 return (SET_ERROR(EINVAL));
9babb374
BB		 1211
1212 return (zfs_secpolicy_write_perms(zc->zc_name,
1213 userquota_perms[zc->zc_objset_type], cr));
1214}
1215
6f1ffb06 1216/* ARGSUSED */
9babb374 1217static int
6f1ffb06 1218zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
9babb374 1219{
428870ff
BB		 1220 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1221 NULL, cr));
9babb374
BB		 1222}
1223
6f1ffb06 1224/* ARGSUSED */
45d1cae3 1225static int
6f1ffb06 1226zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
45d1cae3 1227{
13fe0198
MA		 1228 nvpair_t *pair;
1229 nvlist_t *holds;
1230 int error;
1231
1232 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1233 if (error != 0)
2e528b49 1234 return (SET_ERROR(EINVAL));
13fe0198
MA		 1235
1236 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1237 pair = nvlist_next_nvpair(holds, pair)) {
eca7b760 1238 char fsname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 1239 error = dmu_fsname(nvpair_name(pair), fsname);
1240 if (error != 0)
1241 return (error);
1242 error = zfs_secpolicy_write_perms(fsname,
1243 ZFS_DELEG_PERM_HOLD, cr);
1244 if (error != 0)
1245 return (error);
1246 }
1247 return (0);
45d1cae3
BB		 1248}
1249
6f1ffb06 1250/* ARGSUSED */
45d1cae3 1251static int
6f1ffb06 1252zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
45d1cae3 1253{
13fe0198
MA		 1254 nvpair_t *pair;
1255 int error;
1256
1257 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1258 pair = nvlist_next_nvpair(innvl, pair)) {
eca7b760 1259 char fsname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 1260 error = dmu_fsname(nvpair_name(pair), fsname);
1261 if (error != 0)
1262 return (error);
1263 error = zfs_secpolicy_write_perms(fsname,
1264 ZFS_DELEG_PERM_RELEASE, cr);
1265 if (error != 0)
1266 return (error);
1267 }
1268 return (0);
45d1cae3
BB		 1269}
1270
572e2857
BB		 1271/*
1272 * Policy for allowing temporary snapshots to be taken or released
1273 */
1274static int
6f1ffb06 1275zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
572e2857
BB		 1276{
1277 /*
1278 * A temporary snapshot is the same as a snapshot,
1279 * hold, destroy and release all rolled into one.
1280 * Delegated diff alone is sufficient that we allow this.
1281 */
1282 int error;
1283
1284 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1285 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1286 return (0);
1287
6f1ffb06 1288 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
13fe0198 1289 if (error == 0)
6f1ffb06 1290 error = zfs_secpolicy_hold(zc, innvl, cr);
13fe0198 1291 if (error == 0)
6f1ffb06 1292 error = zfs_secpolicy_release(zc, innvl, cr);
13fe0198 1293 if (error == 0)
6f1ffb06 1294 error = zfs_secpolicy_destroy(zc, innvl, cr);
572e2857
BB		 1295 return (error);
1296}
1297
34dc7c2f
BB		 1298/*
1299 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1300 */
1301static int
9babb374 1302get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
34dc7c2f
BB		 1303{
1304 char *packed;
1305 int error;
1306 nvlist_t *list = NULL;
1307
1308 /*
1309 * Read in and unpack the user-supplied nvlist.
1310 */
1311 if (size == 0)
2e528b49 1312 return (SET_ERROR(EINVAL));
34dc7c2f 1313
77aef6f6 1314 packed = vmem_alloc(size, KM_SLEEP);
34dc7c2f 1315
9babb374
BB		 1316 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1317 iflag)) != 0) {
77aef6f6 1318 vmem_free(packed, size);
0de7c552 1319 return (SET_ERROR(EFAULT));
34dc7c2f
BB		 1320 }
1321
1322 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
77aef6f6 1323 vmem_free(packed, size);
34dc7c2f
BB		 1324 return (error);
1325 }
1326
77aef6f6 1327 vmem_free(packed, size);
34dc7c2f
BB		 1328
1329 *nvp = list;
1330 return (0);
1331}
1332
6f1ffb06
MA		 1333/*
1334 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1335 * Entries will be removed from the end of the nvlist, and one int32 entry
1336 * named "N_MORE_ERRORS" will be added indicating how many entries were
1337 * removed.
1338 */
428870ff 1339static int
6f1ffb06 1340nvlist_smush(nvlist_t *errors, size_t max)
428870ff
BB		 1341{
1342 size_t size;
1343
6f1ffb06 1344 size = fnvlist_size(errors);
428870ff 1345
6f1ffb06 1346 if (size > max) {
428870ff
BB		 1347 nvpair_t *more_errors;
1348 int n = 0;
1349
6f1ffb06 1350 if (max < 1024)
2e528b49 1351 return (SET_ERROR(ENOMEM));
428870ff 1352
6f1ffb06
MA		 1353 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1354 more_errors = nvlist_prev_nvpair(errors, NULL);
428870ff
BB		 1355
1356 do {
6f1ffb06 1357 nvpair_t *pair = nvlist_prev_nvpair(errors,
428870ff 1358 more_errors);
6f1ffb06 1359 fnvlist_remove_nvpair(errors, pair);
428870ff 1360 n++;
6f1ffb06
MA		 1361 size = fnvlist_size(errors);
1362 } while (size > max);
428870ff 1363
6f1ffb06
MA		 1364 fnvlist_remove_nvpair(errors, more_errors);
1365 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1366 ASSERT3U(fnvlist_size(errors), <=, max);
428870ff
BB		 1367 }
1368
1369 return (0);
1370}
1371
34dc7c2f
BB		 1372static int
1373put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1374{
1375 char *packed = NULL;
428870ff 1376 int error = 0;
34dc7c2f 1377 size_t size;
34dc7c2f 1378
6f1ffb06 1379 size = fnvlist_size(nvl);
34dc7c2f
BB		 1380
1381 if (size > zc->zc_nvlist_dst_size) {
2e528b49 1382 error = SET_ERROR(ENOMEM);
34dc7c2f 1383 } else {
6f1ffb06 1384 packed = fnvlist_pack(nvl, &size);
428870ff
BB		 1385 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1386 size, zc->zc_iflags) != 0)
2e528b49 1387 error = SET_ERROR(EFAULT);
6f1ffb06 1388 fnvlist_pack_free(packed, size);
34dc7c2f
BB		 1389 }
1390
1391 zc->zc_nvlist_dst_size = size;
6f1ffb06 1392 zc->zc_nvlist_dst_filled = B_TRUE;
34dc7c2f
BB		 1393 return (error);
1394}
1395
9babb374 1396static int
3558fd73 1397get_zfs_sb(const char *dsname, zfs_sb_t **zsbp)
9babb374
BB		 1398{
1399 objset_t *os;
1400 int error;
1401
428870ff 1402 error = dmu_objset_hold(dsname, FTAG, &os);
13fe0198 1403 if (error != 0)
9babb374 1404 return (error);
428870ff
BB		 1405 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1406 dmu_objset_rele(os, FTAG);
2e528b49 1407 return (SET_ERROR(EINVAL));
428870ff 1408 }
9babb374 1409
428870ff 1410 mutex_enter(&os->os_user_ptr_lock);
3558fd73 1411 *zsbp = dmu_objset_get_user(os);
061460df
CC		 1412 /* bump s_active only when non-zero to prevent umount race */
1413 if (*zsbp == NULL || (*zsbp)->z_sb == NULL ||
1414 !atomic_inc_not_zero(&((*zsbp)->z_sb->s_active))) {
2e528b49 1415 error = SET_ERROR(ESRCH);
9babb374 1416 }
428870ff
BB		 1417 mutex_exit(&os->os_user_ptr_lock);
1418 dmu_objset_rele(os, FTAG);
9babb374
BB		 1419 return (error);
1420}
1421
1422/*
3558fd73 1423 * Find a zfs_sb_t for a mounted filesystem, or create our own, in which
2cf7f52b 1424 * case its z_sb will be NULL, and it will be opened as the owner.
9ae529ec
CS		 1425 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1426 * which prevents all inode ops from running.
9babb374
BB		 1427 */
1428static int
3558fd73 1429zfs_sb_hold(const char *name, void *tag, zfs_sb_t **zsbp, boolean_t writer)
9babb374
BB		 1430{
1431 int error = 0;
9babb374 1432
3558fd73 1433 if (get_zfs_sb(name, zsbp) != 0)
0282c413 1434 error = zfs_sb_create(name, NULL, zsbp);
9babb374 1435 if (error == 0) {
e16b3fcc 1436 rrm_enter(&(*zsbp)->z_teardown_lock, (writer) ? RW_WRITER :
572e2857 1437 RW_READER, tag);
3558fd73 1438 if ((*zsbp)->z_unmounted) {
9babb374
BB		 1439 /*
1440 * XXX we could probably try again, since the unmounting
1441 * thread should be just about to disassociate the
831baf06 1442 * objset from the zsb.
9babb374 1443 */
e16b3fcc 1444 rrm_exit(&(*zsbp)->z_teardown_lock, tag);
2e528b49 1445 return (SET_ERROR(EBUSY));
9babb374
BB		 1446 }
1447 }
1448 return (error);
1449}
1450
1451static void
3558fd73 1452zfs_sb_rele(zfs_sb_t *zsb, void *tag)
9babb374 1453{
e16b3fcc 1454 rrm_exit(&zsb->z_teardown_lock, tag);
9babb374 1455
2cf7f52b
BB		 1456 if (zsb->z_sb) {
1457 deactivate_super(zsb->z_sb);
9babb374 1458 } else {
3558fd73
BB		 1459 dmu_objset_disown(zsb->z_os, zsb);
1460 zfs_sb_free(zsb);
9babb374
BB		 1461 }
1462}
1463
34dc7c2f
BB		 1464static int
1465zfs_ioc_pool_create(zfs_cmd_t *zc)
1466{
1467 int error;
1468 nvlist_t *config, *props = NULL;
b128c09f
BB		 1469 nvlist_t *rootprops = NULL;
1470 nvlist_t *zplprops = NULL;
34dc7c2f 1471
c65aa5b2
BB		 1472 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1473 zc->zc_iflags, &config)))
34dc7c2f
BB		 1474 return (error);
1475
1476 if (zc->zc_nvlist_src_size != 0 && (error =
9babb374
BB		 1477 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1478 zc->zc_iflags, &props))) {
34dc7c2f
BB		 1479 nvlist_free(config);
1480 return (error);
1481 }
1482
b128c09f
BB		 1483 if (props) {
1484 nvlist_t *nvl = NULL;
1485 uint64_t version = SPA_VERSION;
1486
1487 (void) nvlist_lookup_uint64(props,
1488 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
9ae529ec 1489 if (!SPA_VERSION_IS_SUPPORTED(version)) {
2e528b49 1490 error = SET_ERROR(EINVAL);
b128c09f
BB		 1491 goto pool_props_bad;
1492 }
1493 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1494 if (nvl) {
1495 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1496 if (error != 0) {
1497 nvlist_free(config);
1498 nvlist_free(props);
1499 return (error);
1500 }
1501 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1502 }
1503 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1504 error = zfs_fill_zplprops_root(version, rootprops,
1505 zplprops, NULL);
13fe0198 1506 if (error != 0)
b128c09f
BB		 1507 goto pool_props_bad;
1508 }
1509
6f1ffb06 1510 error = spa_create(zc->zc_name, config, props, zplprops);
b128c09f
BB		 1511
1512 /*
1513 * Set the remaining root properties
1514 */
428870ff
BB		 1515 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1516 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
b128c09f 1517 (void) spa_destroy(zc->zc_name);
34dc7c2f 1518
b128c09f
BB		 1519pool_props_bad:
1520 nvlist_free(rootprops);
1521 nvlist_free(zplprops);
34dc7c2f 1522 nvlist_free(config);
b128c09f 1523 nvlist_free(props);
34dc7c2f
BB		 1524
1525 return (error);
1526}
1527
1528static int
1529zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1530{
1531 int error;
1532 zfs_log_history(zc);
1533 error = spa_destroy(zc->zc_name);
a0bd735a 1534
34dc7c2f
BB		 1535 return (error);
1536}
1537
1538static int
1539zfs_ioc_pool_import(zfs_cmd_t *zc)
1540{
34dc7c2f
BB		 1541 nvlist_t *config, *props = NULL;
1542 uint64_t guid;
428870ff 1543 int error;
34dc7c2f
BB		 1544
1545 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1546 zc->zc_iflags, &config)) != 0)
34dc7c2f
BB		 1547 return (error);
1548
1549 if (zc->zc_nvlist_src_size != 0 && (error =
9babb374
BB		 1550 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1551 zc->zc_iflags, &props))) {
34dc7c2f
BB		 1552 nvlist_free(config);
1553 return (error);
1554 }
1555
1556 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1557 guid != zc->zc_guid)
2e528b49 1558 error = SET_ERROR(EINVAL);
34dc7c2f 1559 else
572e2857 1560 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
34dc7c2f 1561
572e2857
BB		 1562 if (zc->zc_nvlist_dst != 0) {
1563 int err;
1564
1565 if ((err = put_nvlist(zc, config)) != 0)
1566 error = err;
1567 }
428870ff 1568
34dc7c2f 1569 nvlist_free(config);
8a5fc748 1570 nvlist_free(props);
34dc7c2f
BB		 1571
1572 return (error);
1573}
1574
1575static int
1576zfs_ioc_pool_export(zfs_cmd_t *zc)
1577{
1578 int error;
b128c09f 1579 boolean_t force = (boolean_t)zc->zc_cookie;
fb5f0bc8 1580 boolean_t hardforce = (boolean_t)zc->zc_guid;
b128c09f 1581
34dc7c2f 1582 zfs_log_history(zc);
fb5f0bc8 1583 error = spa_export(zc->zc_name, NULL, force, hardforce);
a0bd735a 1584
34dc7c2f
BB		 1585 return (error);
1586}
1587
1588static int
1589zfs_ioc_pool_configs(zfs_cmd_t *zc)
1590{
1591 nvlist_t *configs;
1592 int error;
1593
1594 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
2e528b49 1595 return (SET_ERROR(EEXIST));
34dc7c2f
BB		 1596
1597 error = put_nvlist(zc, configs);
1598
1599 nvlist_free(configs);
1600
1601 return (error);
1602}
1603
9ae529ec
CS		 1604/*
1605 * inputs:
1606 * zc_name name of the pool
1607 *
1608 * outputs:
1609 * zc_cookie real errno
1610 * zc_nvlist_dst config nvlist
1611 * zc_nvlist_dst_size size of config nvlist
1612 */
34dc7c2f
BB		 1613static int
1614zfs_ioc_pool_stats(zfs_cmd_t *zc)
1615{
1616 nvlist_t *config;
1617 int error;
1618 int ret = 0;
1619
1620 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1621 sizeof (zc->zc_value));
1622
1623 if (config != NULL) {
1624 ret = put_nvlist(zc, config);
1625 nvlist_free(config);
1626
1627 /*
1628 * The config may be present even if 'error' is non-zero.
1629 * In this case we return success, and preserve the real errno
1630 * in 'zc_cookie'.
1631 */
1632 zc->zc_cookie = error;
1633 } else {
1634 ret = error;
1635 }
1636
1637 return (ret);
1638}
1639
1640/*
1641 * Try to import the given pool, returning pool stats as appropriate so that
1642 * user land knows which devices are available and overall pool health.
1643 */
1644static int
1645zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1646{
1647 nvlist_t *tryconfig, *config;
1648 int error;
1649
1650 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1651 zc->zc_iflags, &tryconfig)) != 0)
34dc7c2f
BB		 1652 return (error);
1653
1654 config = spa_tryimport(tryconfig);
1655
1656 nvlist_free(tryconfig);
1657
1658 if (config == NULL)
2e528b49 1659 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1660
1661 error = put_nvlist(zc, config);
1662 nvlist_free(config);
1663
1664 return (error);
1665}
1666
428870ff
BB		 1667/*
1668 * inputs:
1669 * zc_name name of the pool
1670 * zc_cookie scan func (pool_scan_func_t)
1671 */
34dc7c2f 1672static int
428870ff 1673zfs_ioc_pool_scan(zfs_cmd_t *zc)
34dc7c2f
BB		 1674{
1675 spa_t *spa;
1676 int error;
1677
1678 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1679 return (error);
1680
428870ff
BB		 1681 if (zc->zc_cookie == POOL_SCAN_NONE)
1682 error = spa_scan_stop(spa);
1683 else
1684 error = spa_scan(spa, zc->zc_cookie);
34dc7c2f
BB		 1685
1686 spa_close(spa, FTAG);
1687
1688 return (error);
1689}
1690
1691static int
1692zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1693{
1694 spa_t *spa;
1695 int error;
1696
1697 error = spa_open(zc->zc_name, &spa, FTAG);
1698 if (error == 0) {
1699 spa_freeze(spa);
1700 spa_close(spa, FTAG);
1701 }
1702 return (error);
1703}
1704
1705static int
1706zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1707{
1708 spa_t *spa;
1709 int error;
1710
1711 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1712 return (error);
1713
9ae529ec
CS		 1714 if (zc->zc_cookie < spa_version(spa) ||
1715 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
34dc7c2f 1716 spa_close(spa, FTAG);
2e528b49 1717 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1718 }
1719
1720 spa_upgrade(spa, zc->zc_cookie);
1721 spa_close(spa, FTAG);
1722
1723 return (error);
1724}
1725
1726static int
1727zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1728{
1729 spa_t *spa;
1730 char *hist_buf;
1731 uint64_t size;
1732 int error;
1733
1734 if ((size = zc->zc_history_len) == 0)
2e528b49 1735 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 1736
1737 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1738 return (error);
1739
1740 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1741 spa_close(spa, FTAG);
2e528b49 1742 return (SET_ERROR(ENOTSUP));
34dc7c2f
BB		 1743 }
1744
34b84cb8 1745 hist_buf = vmem_alloc(size, KM_SLEEP);
34dc7c2f
BB		 1746 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1747 &zc->zc_history_len, hist_buf)) == 0) {
9babb374
BB		 1748 error = ddi_copyout(hist_buf,
1749 (void *)(uintptr_t)zc->zc_history,
1750 zc->zc_history_len, zc->zc_iflags);
34dc7c2f
BB		 1751 }
1752
1753 spa_close(spa, FTAG);
34b84cb8 1754 vmem_free(hist_buf, size);
34dc7c2f
BB		 1755 return (error);
1756}
1757
3541dc6d
GA		 1758static int
1759zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1760{
1761 spa_t *spa;
1762 int error;
1763
1764 error = spa_open(zc->zc_name, &spa, FTAG);
1765 if (error == 0) {
1766 error = spa_change_guid(spa);
1767 spa_close(spa, FTAG);
1768 }
1769 return (error);
1770}
1771
34dc7c2f
BB		 1772static int
1773zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1774{
13fe0198 1775 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
34dc7c2f
BB		 1776}
1777
428870ff
BB		 1778/*
1779 * inputs:
1780 * zc_name name of filesystem
1781 * zc_obj object to find
1782 *
1783 * outputs:
1784 * zc_value name of object
1785 */
34dc7c2f
BB		 1786static int
1787zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1788{
428870ff 1789 objset_t *os;
34dc7c2f
BB		 1790 int error;
1791
428870ff
BB		 1792 /* XXX reading from objset not owned */
1793 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
34dc7c2f 1794 return (error);
428870ff
BB		 1795 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1796 dmu_objset_rele(os, FTAG);
2e528b49 1797 return (SET_ERROR(EINVAL));
428870ff
BB		 1798 }
1799 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
34dc7c2f 1800 sizeof (zc->zc_value));
428870ff 1801 dmu_objset_rele(os, FTAG);
34dc7c2f
BB		 1802
1803 return (error);
1804}
1805
572e2857
BB		 1806/*
1807 * inputs:
1808 * zc_name name of filesystem
1809 * zc_obj object to find
1810 *
1811 * outputs:
1812 * zc_stat stats on object
1813 * zc_value path to object
1814 */
1815static int
1816zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1817{
1818 objset_t *os;
1819 int error;
1820
1821 /* XXX reading from objset not owned */
1822 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1823 return (error);
1824 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1825 dmu_objset_rele(os, FTAG);
2e528b49 1826 return (SET_ERROR(EINVAL));
572e2857
BB		 1827 }
1828 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1829 sizeof (zc->zc_value));
1830 dmu_objset_rele(os, FTAG);
1831
1832 return (error);
1833}
1834
34dc7c2f
BB		 1835static int
1836zfs_ioc_vdev_add(zfs_cmd_t *zc)
1837{
1838 spa_t *spa;
1839 int error;
64ad2b26 1840 nvlist_t *config;
34dc7c2f
BB		 1841
1842 error = spa_open(zc->zc_name, &spa, FTAG);
1843 if (error != 0)
1844 return (error);
1845
1846 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1847 zc->zc_iflags, &config);
34dc7c2f
BB		 1848 if (error == 0) {
1849 error = spa_vdev_add(spa, config);
1850 nvlist_free(config);
1851 }
1852 spa_close(spa, FTAG);
1853 return (error);
1854}
1855
428870ff
BB		 1856/*
1857 * inputs:
1858 * zc_name name of the pool
1859 * zc_nvlist_conf nvlist of devices to remove
1860 * zc_cookie to stop the remove?
1861 */
34dc7c2f
BB		 1862static int
1863zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1864{
1865 spa_t *spa;
1866 int error;
1867
1868 error = spa_open(zc->zc_name, &spa, FTAG);
1869 if (error != 0)
1870 return (error);
1871 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1872 spa_close(spa, FTAG);
1873 return (error);
1874}
1875
1876static int
1877zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1878{
1879 spa_t *spa;
1880 int error;
1881 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1882
1883 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1884 return (error);
1885 switch (zc->zc_cookie) {
1886 case VDEV_STATE_ONLINE:
1887 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1888 break;
1889
1890 case VDEV_STATE_OFFLINE:
1891 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1892 break;
1893
1894 case VDEV_STATE_FAULTED:
428870ff
BB		 1895 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1896 zc->zc_obj != VDEV_AUX_EXTERNAL)
1897 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1898
1899 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
34dc7c2f
BB		 1900 break;
1901
1902 case VDEV_STATE_DEGRADED:
428870ff
BB		 1903 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1904 zc->zc_obj != VDEV_AUX_EXTERNAL)
1905 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1906
1907 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
34dc7c2f
BB		 1908 break;
1909
1910 default:
2e528b49 1911 error = SET_ERROR(EINVAL);
34dc7c2f
BB		 1912 }
1913 zc->zc_cookie = newstate;
1914 spa_close(spa, FTAG);
1915 return (error);
1916}
1917
1918static int
1919zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1920{
1921 spa_t *spa;
1922 int replacing = zc->zc_cookie;
1923 nvlist_t *config;
1924 int error;
1925
1926 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1927 return (error);
1928
1929 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
9babb374 1930 zc->zc_iflags, &config)) == 0) {
34dc7c2f
BB		 1931 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1932 nvlist_free(config);
1933 }
1934
1935 spa_close(spa, FTAG);
1936 return (error);
1937}
1938
1939static int
1940zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1941{
1942 spa_t *spa;
1943 int error;
1944
1945 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1946 return (error);
1947
fb5f0bc8 1948 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
34dc7c2f
BB		 1949
1950 spa_close(spa, FTAG);
1951 return (error);
1952}
1953
428870ff
BB		 1954static int
1955zfs_ioc_vdev_split(zfs_cmd_t *zc)
1956{
1957 spa_t *spa;
1958 nvlist_t *config, *props = NULL;
1959 int error;
1960 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1961
1962 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1963 return (error);
1964
c65aa5b2
BB		 1965 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1966 zc->zc_iflags, &config))) {
428870ff
BB		 1967 spa_close(spa, FTAG);
1968 return (error);
1969 }
1970
1971 if (zc->zc_nvlist_src_size != 0 && (error =
1972 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1973 zc->zc_iflags, &props))) {
1974 spa_close(spa, FTAG);
1975 nvlist_free(config);
1976 return (error);
1977 }
1978
1979 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1980
1981 spa_close(spa, FTAG);
1982
1983 nvlist_free(config);
1984 nvlist_free(props);
1985
1986 return (error);
1987}
1988
34dc7c2f
BB		 1989static int
1990zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1991{
1992 spa_t *spa;
1993 char *path = zc->zc_value;
1994 uint64_t guid = zc->zc_guid;
1995 int error;
1996
1997 error = spa_open(zc->zc_name, &spa, FTAG);
1998 if (error != 0)
1999 return (error);
2000
2001 error = spa_vdev_setpath(spa, guid, path);
2002 spa_close(spa, FTAG);
2003 return (error);
2004}
2005
9babb374
BB		 2006static int
2007zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2008{
2009 spa_t *spa;
2010 char *fru = zc->zc_value;
2011 uint64_t guid = zc->zc_guid;
2012 int error;
2013
2014 error = spa_open(zc->zc_name, &spa, FTAG);
2015 if (error != 0)
2016 return (error);
2017
2018 error = spa_vdev_setfru(spa, guid, fru);
2019 spa_close(spa, FTAG);
2020 return (error);
2021}
2022
34dc7c2f 2023static int
572e2857 2024zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
34dc7c2f 2025{
572e2857 2026 int error = 0;
34dc7c2f
BB		 2027 nvlist_t *nv;
2028
34dc7c2f
BB		 2029 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2030
2031 if (zc->zc_nvlist_dst != 0 &&
428870ff 2032 (error = dsl_prop_get_all(os, &nv)) == 0) {
34dc7c2f
BB		 2033 dmu_objset_stats(os, nv);
2034 /*
2035 * NB: zvol_get_stats() will read the objset contents,
2036 * which we aren't supposed to do with a
b128c09f 2037 * DS_MODE_USER hold, because it could be
34dc7c2f 2038 * inconsistent. So this is a bit of a workaround...
428870ff 2039 * XXX reading with out owning
34dc7c2f 2040 */
330d06f9
MA		 2041 if (!zc->zc_objset_stats.dds_inconsistent &&
2042 dmu_objset_type(os) == DMU_OST_ZVOL) {
2043 error = zvol_get_stats(os, nv);
6d421005
B		 2044 if (error == EIO) {
2045 nvlist_free(nv);
330d06f9 2046 return (error);
6d421005 2047 }
c99c9001 2048 VERIFY0(error);
34dc7c2f 2049 }
8a8f5c6b
BB		 2050 if (error == 0)
2051 error = put_nvlist(zc, nv);
34dc7c2f
BB		 2052 nvlist_free(nv);
2053 }
2054
572e2857
BB		 2055 return (error);
2056}
2057
2058/*
2059 * inputs:
2060 * zc_name name of filesystem
2061 * zc_nvlist_dst_size size of buffer for property nvlist
2062 *
2063 * outputs:
2064 * zc_objset_stats stats
2065 * zc_nvlist_dst property nvlist
2066 * zc_nvlist_dst_size size of property nvlist
2067 */
2068static int
2069zfs_ioc_objset_stats(zfs_cmd_t *zc)
2070{
13fe0198 2071 objset_t *os;
572e2857
BB		 2072 int error;
2073
13fe0198
MA		 2074 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2075 if (error == 0) {
2076 error = zfs_ioc_objset_stats_impl(zc, os);
2077 dmu_objset_rele(os, FTAG);
2078 }
572e2857 2079
428870ff
BB		 2080 return (error);
2081}
2082
2083/*
2084 * inputs:
2085 * zc_name name of filesystem
2086 * zc_nvlist_dst_size size of buffer for property nvlist
2087 *
2088 * outputs:
2089 * zc_nvlist_dst received property nvlist
2090 * zc_nvlist_dst_size size of received property nvlist
2091 *
2092 * Gets received properties (distinct from local properties on or after
2093 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2094 * local property values.
2095 */
2096static int
26685276 2097zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
428870ff 2098{
13fe0198 2099 int error = 0;
428870ff
BB		 2100 nvlist_t *nv;
2101
428870ff
BB		 2102 /*
2103 * Without this check, we would return local property values if the
2104 * caller has not already received properties on or after
2105 * SPA_VERSION_RECVD_PROPS.
2106 */
13fe0198 2107 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2e528b49 2108 return (SET_ERROR(ENOTSUP));
428870ff
BB		 2109
2110 if (zc->zc_nvlist_dst != 0 &&
13fe0198 2111 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
428870ff
BB		 2112 error = put_nvlist(zc, nv);
2113 nvlist_free(nv);
2114 }
2115
34dc7c2f
BB		 2116 return (error);
2117}
2118
2119static int
2120nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2121{
2122 uint64_t value;
2123 int error;
2124
2125 /*
2126 * zfs_get_zplprop() will either find a value or give us
2127 * the default value (if there is one).
2128 */
2129 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2130 return (error);
2131 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2132 return (0);
2133}
2134
2135/*
2136 * inputs:
2137 * zc_name name of filesystem
2138 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2139 *
2140 * outputs:
2141 * zc_nvlist_dst zpl property nvlist
2142 * zc_nvlist_dst_size size of zpl property nvlist
2143 */
2144static int
2145zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2146{
2147 objset_t *os;
2148 int err;
2149
428870ff 2150 /* XXX reading without owning */
c65aa5b2 2151 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
34dc7c2f
BB		 2152 return (err);
2153
2154 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2155
2156 /*
2157 * NB: nvl_add_zplprop() will read the objset contents,
b128c09f
BB		 2158 * which we aren't supposed to do with a DS_MODE_USER
2159 * hold, because it could be inconsistent.
34dc7c2f 2160 */
b8864a23 2161 if (zc->zc_nvlist_dst != 0 &&
34dc7c2f
BB		 2162 !zc->zc_objset_stats.dds_inconsistent &&
2163 dmu_objset_type(os) == DMU_OST_ZFS) {
2164 nvlist_t *nv;
2165
2166 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2167 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2168 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2169 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2170 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2171 err = put_nvlist(zc, nv);
2172 nvlist_free(nv);
2173 } else {
2e528b49 2174 err = SET_ERROR(ENOENT);
34dc7c2f 2175 }
428870ff 2176 dmu_objset_rele(os, FTAG);
34dc7c2f
BB		 2177 return (err);
2178}
2179
ba6a2402 2180boolean_t
9babb374
BB		 2181dataset_name_hidden(const char *name)
2182{
2183 /*
2184 * Skip over datasets that are not visible in this zone,
2185 * internal datasets (which have a $ in their name), and
2186 * temporary datasets (which have a % in their name).
2187 */
2188 if (strchr(name, '$') != NULL)
2189 return (B_TRUE);
2190 if (strchr(name, '%') != NULL)
2191 return (B_TRUE);
2192 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2193 return (B_TRUE);
2194 return (B_FALSE);
2195}
2196
34dc7c2f
BB		 2197/*
2198 * inputs:
2199 * zc_name name of filesystem
2200 * zc_cookie zap cursor
2201 * zc_nvlist_dst_size size of buffer for property nvlist
2202 *
2203 * outputs:
2204 * zc_name name of next filesystem
9babb374 2205 * zc_cookie zap cursor
34dc7c2f
BB		 2206 * zc_objset_stats stats
2207 * zc_nvlist_dst property nvlist
2208 * zc_nvlist_dst_size size of property nvlist
34dc7c2f
BB		 2209 */
2210static int
2211zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2212{
2213 objset_t *os;
2214 int error;
2215 char *p;
428870ff 2216 size_t orig_len = strlen(zc->zc_name);
34dc7c2f 2217
428870ff 2218top:
c65aa5b2 2219 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
34dc7c2f 2220 if (error == ENOENT)
2e528b49 2221 error = SET_ERROR(ESRCH);
34dc7c2f
BB		 2222 return (error);
2223 }
2224
2225 p = strrchr(zc->zc_name, '/');
2226 if (p == NULL || p[1] != '\0')
2227 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2228 p = zc->zc_name + strlen(zc->zc_name);
2229
2230 do {
2231 error = dmu_dir_list_next(os,
2232 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2233 NULL, &zc->zc_cookie);
2234 if (error == ENOENT)
2e528b49 2235 error = SET_ERROR(ESRCH);
330d06f9 2236 } while (error == 0 && dataset_name_hidden(zc->zc_name));
428870ff 2237 dmu_objset_rele(os, FTAG);
34dc7c2f 2238
428870ff
BB		 2239 /*
2240 * If it's an internal dataset (ie. with a '$' in its name),
2241 * don't try to get stats for it, otherwise we'll return ENOENT.
2242 */
2243 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
34dc7c2f 2244 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
428870ff
BB		 2245 if (error == ENOENT) {
2246 /* We lost a race with destroy, get the next one. */
2247 zc->zc_name[orig_len] = '\0';
2248 goto top;
2249 }
2250 }
34dc7c2f
BB		 2251 return (error);
2252}
2253
2254/*
2255 * inputs:
2256 * zc_name name of filesystem
2257 * zc_cookie zap cursor
2258 * zc_nvlist_dst_size size of buffer for property nvlist
2259 *
2260 * outputs:
2261 * zc_name name of next snapshot
2262 * zc_objset_stats stats
2263 * zc_nvlist_dst property nvlist
2264 * zc_nvlist_dst_size size of property nvlist
34dc7c2f
BB		 2265 */
2266static int
2267zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2268{
2269 objset_t *os;
2270 int error;
2271
428870ff 2272 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13fe0198 2273 if (error != 0) {
b128c09f 2274 return (error == ENOENT ? ESRCH : error);
13fe0198 2275 }
34dc7c2f
BB		 2276
2277 /*
2278 * A dataset name of maximum length cannot have any snapshots,
2279 * so exit immediately.
2280 */
eca7b760
IK		 2281 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2282 ZFS_MAX_DATASET_NAME_LEN) {
428870ff 2283 dmu_objset_rele(os, FTAG);
2e528b49 2284 return (SET_ERROR(ESRCH));
34dc7c2f
BB		 2285 }
2286
2287 error = dmu_snapshot_list_next(os,
2288 sizeof (zc->zc_name) - strlen(zc->zc_name),
572e2857
BB		 2289 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2290 NULL);
2291
0cee2406 2292 if (error == 0 && !zc->zc_simple) {
572e2857
BB		 2293 dsl_dataset_t *ds;
2294 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2295
572e2857 2296 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
13fe0198 2297 if (error == 0) {
572e2857
BB		 2298 objset_t *ossnap;
2299
2300 error = dmu_objset_from_ds(ds, &ossnap);
2301 if (error == 0)
2302 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2303 dsl_dataset_rele(ds, FTAG);
428870ff
BB		 2304 }
2305 } else if (error == ENOENT) {
2e528b49 2306 error = SET_ERROR(ESRCH);
428870ff 2307 }
34dc7c2f 2308
572e2857 2309 dmu_objset_rele(os, FTAG);
34dc7c2f 2310 /* if we failed, undo the @ that we tacked on to zc_name */
13fe0198 2311 if (error != 0)
34dc7c2f 2312 *strchr(zc->zc_name, '@') = '\0';
34dc7c2f
BB		 2313 return (error);
2314}
2315
428870ff
BB		 2316static int
2317zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
34dc7c2f 2318{
428870ff
BB		 2319 const char *propname = nvpair_name(pair);
2320 uint64_t *valary;
2321 unsigned int vallen;
2322 const char *domain;
2323 char *dash;
2324 zfs_userquota_prop_t type;
2325 uint64_t rid;
2326 uint64_t quota;
3558fd73 2327 zfs_sb_t *zsb;
428870ff
BB		 2328 int err;
2329
2330 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2331 nvlist_t *attrs;
2332 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2333 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2334 &pair) != 0)
2e528b49 2335 return (SET_ERROR(EINVAL));
428870ff 2336 }
34dc7c2f
BB		 2337
2338 /*
428870ff
BB		 2339 * A correctly constructed propname is encoded as
2340 * userquota@<rid>-<domain>.
34dc7c2f 2341 */
428870ff
BB		 2342 if ((dash = strchr(propname, '-')) == NULL ||
2343 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2344 vallen != 3)
2e528b49 2345 return (SET_ERROR(EINVAL));
34dc7c2f 2346
428870ff
BB		 2347 domain = dash + 1;
2348 type = valary[0];
2349 rid = valary[1];
2350 quota = valary[2];
34dc7c2f 2351
3558fd73 2352 err = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
428870ff 2353 if (err == 0) {
3558fd73
BB		 2354 err = zfs_set_userquota(zsb, type, domain, rid, quota);
2355 zfs_sb_rele(zsb, FTAG);
428870ff 2356 }
9babb374 2357
428870ff
BB		 2358 return (err);
2359}
34dc7c2f 2360
428870ff
BB		 2361/*
2362 * If the named property is one that has a special function to set its value,
2363 * return 0 on success and a positive error code on failure; otherwise if it is
2364 * not one of the special properties handled by this function, return -1.
2365 *
2366 * XXX: It would be better for callers of the property interface if we handled
2367 * these special cases in dsl_prop.c (in the dsl layer).
2368 */
2369static int
2370zfs_prop_set_special(const char *dsname, zprop_source_t source,
2371 nvpair_t *pair)
2372{
2373 const char *propname = nvpair_name(pair);
2374 zfs_prop_t prop = zfs_name_to_prop(propname);
2375 uint64_t intval;
f1512ee6 2376 int err = -1;
9babb374 2377
428870ff
BB		 2378 if (prop == ZPROP_INVAL) {
2379 if (zfs_prop_userquota(propname))
2380 return (zfs_prop_set_userquota(dsname, pair));
2381 return (-1);
2382 }
34dc7c2f 2383
428870ff
BB		 2384 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2385 nvlist_t *attrs;
2386 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2387 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2388 &pair) == 0);
2389 }
b128c09f 2390
428870ff
BB		 2391 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2392 return (-1);
34dc7c2f 2393
428870ff 2394 VERIFY(0 == nvpair_value_uint64(pair, &intval));
34dc7c2f 2395
428870ff
BB		 2396 switch (prop) {
2397 case ZFS_PROP_QUOTA:
2398 err = dsl_dir_set_quota(dsname, source, intval);
2399 break;
2400 case ZFS_PROP_REFQUOTA:
13fe0198 2401 err = dsl_dataset_set_refquota(dsname, source, intval);
428870ff 2402 break;
788eb90c
JJ		 2403 case ZFS_PROP_FILESYSTEM_LIMIT:
2404 case ZFS_PROP_SNAPSHOT_LIMIT:
2405 if (intval == UINT64_MAX) {
2406 /* clearing the limit, just do it */
2407 err = 0;
2408 } else {
2409 err = dsl_dir_activate_fs_ss_limit(dsname);
2410 }
2411 /*
2412 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2413 * default path to set the value in the nvlist.
2414 */
2415 if (err == 0)
2416 err = -1;
2417 break;
428870ff
BB		 2418 case ZFS_PROP_RESERVATION:
2419 err = dsl_dir_set_reservation(dsname, source, intval);
2420 break;
2421 case ZFS_PROP_REFRESERVATION:
13fe0198 2422 err = dsl_dataset_set_refreservation(dsname, source, intval);
428870ff
BB		 2423 break;
2424 case ZFS_PROP_VOLSIZE:
60101509 2425 err = zvol_set_volsize(dsname, intval);
428870ff 2426 break;
0b4d1b58 2427 case ZFS_PROP_SNAPDEV:
a0bd735a 2428 err = zvol_set_snapdev(dsname, source, intval);
0b4d1b58 2429 break;
428870ff
BB		 2430 case ZFS_PROP_VERSION:
2431 {
3558fd73 2432 zfs_sb_t *zsb;
428870ff 2433
3558fd73 2434 if ((err = zfs_sb_hold(dsname, FTAG, &zsb, B_TRUE)) != 0)
34dc7c2f 2435 break;
b128c09f 2436
3558fd73
BB		 2437 err = zfs_set_version(zsb, intval);
2438 zfs_sb_rele(zsb, FTAG);
34dc7c2f 2439
428870ff
BB		 2440 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2441 zfs_cmd_t *zc;
34dc7c2f 2442
efcd79a8 2443 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
428870ff
BB		 2444 (void) strcpy(zc->zc_name, dsname);
2445 (void) zfs_ioc_userspace_upgrade(zc);
1de321e6 2446 (void) zfs_ioc_userobjspace_upgrade(zc);
428870ff 2447 kmem_free(zc, sizeof (zfs_cmd_t));
34dc7c2f 2448 }
428870ff
BB		 2449 break;
2450 }
428870ff
BB		 2451 default:
2452 err = -1;
2453 }
34dc7c2f 2454
428870ff
BB		 2455 return (err);
2456}
34dc7c2f 2457
428870ff
BB		 2458/*
2459 * This function is best effort. If it fails to set any of the given properties,
6f1ffb06
MA		 2460 * it continues to set as many as it can and returns the last error
2461 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2462 * with the list of names of all the properties that failed along with the
2463 * corresponding error numbers.
428870ff 2464 *
6f1ffb06
MA		 2465 * If every property is set successfully, zero is returned and errlist is not
2466 * modified.
428870ff
BB		 2467 */
2468int
2469zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
6f1ffb06 2470 nvlist_t *errlist)
428870ff
BB		 2471{
2472 nvpair_t *pair;
2473 nvpair_t *propval;
2474 int rv = 0;
2475 uint64_t intval;
2476 char *strval;
34dc7c2f 2477
6f1ffb06
MA		 2478 nvlist_t *genericnvl = fnvlist_alloc();
2479 nvlist_t *retrynvl = fnvlist_alloc();
428870ff
BB		 2480retry:
2481 pair = NULL;
2482 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2483 const char *propname = nvpair_name(pair);
2484 zfs_prop_t prop = zfs_name_to_prop(propname);
2485 int err = 0;
2486
2487 /* decode the property value */
2488 propval = pair;
2489 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2490 nvlist_t *attrs;
6f1ffb06 2491 attrs = fnvpair_value_nvlist(pair);
428870ff
BB		 2492 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2493 &propval) != 0)
2e528b49 2494 err = SET_ERROR(EINVAL);
9babb374 2495 }
34dc7c2f 2496
428870ff
BB		 2497 /* Validate value type */
2498 if (err == 0 && prop == ZPROP_INVAL) {
2499 if (zfs_prop_user(propname)) {
2500 if (nvpair_type(propval) != DATA_TYPE_STRING)
2e528b49 2501 err = SET_ERROR(EINVAL);
428870ff
BB		 2502 } else if (zfs_prop_userquota(propname)) {
2503 if (nvpair_type(propval) !=
2504 DATA_TYPE_UINT64_ARRAY)
2e528b49 2505 err = SET_ERROR(EINVAL);
330d06f9 2506 } else {
2e528b49 2507 err = SET_ERROR(EINVAL);
428870ff
BB		 2508 }
2509 } else if (err == 0) {
2510 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2511 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2e528b49 2512 err = SET_ERROR(EINVAL);
428870ff 2513 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
34dc7c2f
BB		 2514 const char *unused;
2515
6f1ffb06 2516 intval = fnvpair_value_uint64(propval);
34dc7c2f
BB		 2517
2518 switch (zfs_prop_get_type(prop)) {
2519 case PROP_TYPE_NUMBER:
2520 break;
2521 case PROP_TYPE_STRING:
2e528b49 2522 err = SET_ERROR(EINVAL);
428870ff 2523 break;
34dc7c2f
BB		 2524 case PROP_TYPE_INDEX:
2525 if (zfs_prop_index_to_string(prop,
428870ff 2526 intval, &unused) != 0)
2e528b49 2527 err = SET_ERROR(EINVAL);
34dc7c2f
BB		 2528 break;
2529 default:
2530 cmn_err(CE_PANIC,
2531 "unknown property type");
34dc7c2f 2532 }
34dc7c2f 2533 } else {
2e528b49 2534 err = SET_ERROR(EINVAL);
34dc7c2f 2535 }
34dc7c2f 2536 }
428870ff
BB		 2537
2538 /* Validate permissions */
2539 if (err == 0)
2540 err = zfs_check_settable(dsname, pair, CRED());
2541
2542 if (err == 0) {
2543 err = zfs_prop_set_special(dsname, source, pair);
2544 if (err == -1) {
2545 /*
2546 * For better performance we build up a list of
2547 * properties to set in a single transaction.
2548 */
2549 err = nvlist_add_nvpair(genericnvl, pair);
2550 } else if (err != 0 && nvl != retrynvl) {
2551 /*
2552 * This may be a spurious error caused by
2553 * receiving quota and reservation out of order.
2554 * Try again in a second pass.
2555 */
2556 err = nvlist_add_nvpair(retrynvl, pair);
2557 }
2558 }
2559
6f1ffb06
MA		 2560 if (err != 0) {
2561 if (errlist != NULL)
2562 fnvlist_add_int32(errlist, propname, err);
2563 rv = err;
2564 }
34dc7c2f
BB		 2565 }
2566
428870ff
BB		 2567 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2568 nvl = retrynvl;
2569 goto retry;
2570 }
2571
2572 if (!nvlist_empty(genericnvl) &&
2573 dsl_props_set(dsname, source, genericnvl) != 0) {
2574 /*
2575 * If this fails, we still want to set as many properties as we
2576 * can, so try setting them individually.
2577 */
2578 pair = NULL;
2579 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2580 const char *propname = nvpair_name(pair);
2581 int err = 0;
2582
2583 propval = pair;
2584 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2585 nvlist_t *attrs;
6f1ffb06
MA		 2586 attrs = fnvpair_value_nvlist(pair);
2587 propval = fnvlist_lookup_nvpair(attrs,
2588 ZPROP_VALUE);
428870ff
BB		 2589 }
2590
2591 if (nvpair_type(propval) == DATA_TYPE_STRING) {
6f1ffb06 2592 strval = fnvpair_value_string(propval);
13fe0198
MA		 2593 err = dsl_prop_set_string(dsname, propname,
2594 source, strval);
428870ff 2595 } else {
6f1ffb06 2596 intval = fnvpair_value_uint64(propval);
13fe0198
MA		 2597 err = dsl_prop_set_int(dsname, propname, source,
2598 intval);
428870ff
BB		 2599 }
2600
2601 if (err != 0) {
6f1ffb06
MA		 2602 if (errlist != NULL) {
2603 fnvlist_add_int32(errlist, propname,
2604 err);
2605 }
2606 rv = err;
428870ff
BB		 2607 }
2608 }
9babb374 2609 }
9babb374 2610 nvlist_free(genericnvl);
428870ff
BB		 2611 nvlist_free(retrynvl);
2612
428870ff 2613 return (rv);
9babb374
BB		 2614}
2615
2616/*
2617 * Check that all the properties are valid user properties.
2618 */
2619static int
6f1ffb06 2620zfs_check_userprops(const char *fsname, nvlist_t *nvl)
9babb374 2621{
428870ff 2622 nvpair_t *pair = NULL;
9babb374
BB		 2623 int error = 0;
2624
428870ff
BB		 2625 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2626 const char *propname = nvpair_name(pair);
9babb374
BB		 2627
2628 if (!zfs_prop_user(propname) ||
428870ff 2629 nvpair_type(pair) != DATA_TYPE_STRING)
2e528b49 2630 return (SET_ERROR(EINVAL));
9babb374 2631
c65aa5b2
BB		 2632 if ((error = zfs_secpolicy_write_perms(fsname,
2633 ZFS_DELEG_PERM_USERPROP, CRED())))
9babb374
BB		 2634 return (error);
2635
2636 if (strlen(propname) >= ZAP_MAXNAMELEN)
2e528b49 2637 return (SET_ERROR(ENAMETOOLONG));
9babb374 2638
da536844 2639 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2e528b49 2640 return (SET_ERROR(E2BIG));
9babb374 2641 }
34dc7c2f
BB		 2642 return (0);
2643}
2644
428870ff
BB		 2645static void
2646props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2647{
2648 nvpair_t *pair;
2649
2650 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2651
2652 pair = NULL;
2653 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2654 if (nvlist_exists(skipped, nvpair_name(pair)))
2655 continue;
2656
2657 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2658 }
2659}
2660
2661static int
13fe0198 2662clear_received_props(const char *dsname, nvlist_t *props,
428870ff
BB		 2663 nvlist_t *skipped)
2664{
2665 int err = 0;
2666 nvlist_t *cleared_props = NULL;
2667 props_skip(props, skipped, &cleared_props);
2668 if (!nvlist_empty(cleared_props)) {
2669 /*
2670 * Acts on local properties until the dataset has received
2671 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2672 */
2673 zprop_source_t flags = (ZPROP_SRC_NONE |
13fe0198
MA		 2674 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2675 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
428870ff
BB		 2676 }
2677 nvlist_free(cleared_props);
2678 return (err);
2679}
2680
34dc7c2f
BB		 2681/*
2682 * inputs:
2683 * zc_name name of filesystem
9babb374 2684 * zc_value name of property to set
34dc7c2f 2685 * zc_nvlist_src{_size} nvlist of properties to apply
428870ff 2686 * zc_cookie received properties flag
34dc7c2f 2687 *
428870ff
BB		 2688 * outputs:
2689 * zc_nvlist_dst{_size} error for each unapplied received property
34dc7c2f
BB		 2690 */
2691static int
2692zfs_ioc_set_prop(zfs_cmd_t *zc)
2693{
2694 nvlist_t *nvl;
428870ff
BB		 2695 boolean_t received = zc->zc_cookie;
2696 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2697 ZPROP_SRC_LOCAL);
6f1ffb06 2698 nvlist_t *errors;
34dc7c2f
BB		 2699 int error;
2700
2701 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9babb374 2702 zc->zc_iflags, &nvl)) != 0)
34dc7c2f
BB		 2703 return (error);
2704
428870ff 2705 if (received) {
b128c09f 2706 nvlist_t *origprops;
b128c09f 2707
13fe0198
MA		 2708 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2709 (void) clear_received_props(zc->zc_name,
2710 origprops, nvl);
2711 nvlist_free(origprops);
428870ff 2712 }
13fe0198
MA		 2713
2714 error = dsl_prop_set_hasrecvd(zc->zc_name);
b128c09f
BB		 2715 }
2716
6f1ffb06 2717 errors = fnvlist_alloc();
13fe0198
MA		 2718 if (error == 0)
2719 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
34dc7c2f 2720
b8864a23 2721 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
428870ff
BB		 2722 (void) put_nvlist(zc, errors);
2723 }
2724
2725 nvlist_free(errors);
34dc7c2f
BB		 2726 nvlist_free(nvl);
2727 return (error);
2728}
2729
2730/*
2731 * inputs:
2732 * zc_name name of filesystem
2733 * zc_value name of property to inherit
428870ff 2734 * zc_cookie revert to received value if TRUE
34dc7c2f
BB		 2735 *
2736 * outputs: none
2737 */
2738static int
2739zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2740{
428870ff
BB		 2741 const char *propname = zc->zc_value;
2742 zfs_prop_t prop = zfs_name_to_prop(propname);
2743 boolean_t received = zc->zc_cookie;
2744 zprop_source_t source = (received
2745 ? ZPROP_SRC_NONE /* revert to received value, if any */
2746 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2747
2748 if (received) {
2749 nvlist_t *dummy;
2750 nvpair_t *pair;
2751 zprop_type_t type;
2752 int err;
2753
2754 /*
2755 * zfs_prop_set_special() expects properties in the form of an
2756 * nvpair with type info.
2757 */
2758 if (prop == ZPROP_INVAL) {
2759 if (!zfs_prop_user(propname))
2e528b49 2760 return (SET_ERROR(EINVAL));
428870ff
BB		 2761
2762 type = PROP_TYPE_STRING;
2763 } else if (prop == ZFS_PROP_VOLSIZE ||
2764 prop == ZFS_PROP_VERSION) {
2e528b49 2765 return (SET_ERROR(EINVAL));
428870ff
BB		 2766 } else {
2767 type = zfs_prop_get_type(prop);
2768 }
2769
2770 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2771
2772 switch (type) {
2773 case PROP_TYPE_STRING:
2774 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2775 break;
2776 case PROP_TYPE_NUMBER:
2777 case PROP_TYPE_INDEX:
2778 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2779 break;
2780 default:
2781 nvlist_free(dummy);
2e528b49 2782 return (SET_ERROR(EINVAL));
428870ff
BB		 2783 }
2784
2785 pair = nvlist_next_nvpair(dummy, NULL);
9d016804 2786 if (pair == NULL) {
2787 nvlist_free(dummy);
2788 return (SET_ERROR(EINVAL));
2789 }
428870ff
BB		 2790 err = zfs_prop_set_special(zc->zc_name, source, pair);
2791 nvlist_free(dummy);
2792 if (err != -1)
2793 return (err); /* special property already handled */
2794 } else {
2795 /*
2796 * Only check this in the non-received case. We want to allow
2797 * 'inherit -S' to revert non-inheritable properties like quota
2798 * and reservation to the received or default values even though
2799 * they are not considered inheritable.
2800 */
2801 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2e528b49 2802 return (SET_ERROR(EINVAL));
428870ff
BB		 2803 }
2804
6f1ffb06 2805 /* property name has been validated by zfs_secpolicy_inherit_prop() */
13fe0198 2806 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source));
34dc7c2f
BB		 2807}
2808
2809static int
2810zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2811{
2812 nvlist_t *props;
2813 spa_t *spa;
2814 int error;
428870ff 2815 nvpair_t *pair;
34dc7c2f 2816
c65aa5b2
BB		 2817 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2818 zc->zc_iflags, &props)))
34dc7c2f
BB		 2819 return (error);
2820
d164b209
BB		 2821 /*
2822 * If the only property is the configfile, then just do a spa_lookup()
2823 * to handle the faulted case.
2824 */
428870ff
BB		 2825 pair = nvlist_next_nvpair(props, NULL);
2826 if (pair != NULL && strcmp(nvpair_name(pair),
d164b209 2827 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
428870ff 2828 nvlist_next_nvpair(props, pair) == NULL) {
d164b209
BB		 2829 mutex_enter(&spa_namespace_lock);
2830 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2831 spa_configfile_set(spa, props, B_FALSE);
2832 spa_config_sync(spa, B_FALSE, B_TRUE);
2833 }
2834 mutex_exit(&spa_namespace_lock);
428870ff
BB		 2835 if (spa != NULL) {
2836 nvlist_free(props);
d164b209 2837 return (0);
428870ff 2838 }
d164b209
BB		 2839 }
2840
34dc7c2f
BB		 2841 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2842 nvlist_free(props);
2843 return (error);
2844 }
2845
2846 error = spa_prop_set(spa, props);
2847
2848 nvlist_free(props);
2849 spa_close(spa, FTAG);
2850
2851 return (error);
2852}
2853
2854static int
2855zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2856{
2857 spa_t *spa;
2858 int error;
2859 nvlist_t *nvp = NULL;
2860
d164b209
BB		 2861 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2862 /*
2863 * If the pool is faulted, there may be properties we can still
2864 * get (such as altroot and cachefile), so attempt to get them
2865 * anyway.
2866 */
2867 mutex_enter(&spa_namespace_lock);
2868 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2869 error = spa_prop_get(spa, &nvp);
2870 mutex_exit(&spa_namespace_lock);
2871 } else {
2872 error = spa_prop_get(spa, &nvp);
2873 spa_close(spa, FTAG);
2874 }
34dc7c2f 2875
b8864a23 2876 if (error == 0 && zc->zc_nvlist_dst != 0)
34dc7c2f
BB		 2877 error = put_nvlist(zc, nvp);
2878 else
2e528b49 2879 error = SET_ERROR(EFAULT);
34dc7c2f 2880
d164b209 2881 nvlist_free(nvp);
34dc7c2f
BB		 2882 return (error);
2883}
2884
34dc7c2f
BB		 2885/*
2886 * inputs:
2887 * zc_name name of filesystem
2888 * zc_nvlist_src{_size} nvlist of delegated permissions
2889 * zc_perm_action allow/unallow flag
2890 *
2891 * outputs: none
2892 */
2893static int
2894zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2895{
2896 int error;
2897 nvlist_t *fsaclnv = NULL;
2898
2899 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
9babb374 2900 zc->zc_iflags, &fsaclnv)) != 0)
34dc7c2f
BB		 2901 return (error);
2902
2903 /*
2904 * Verify nvlist is constructed correctly
2905 */
2906 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2907 nvlist_free(fsaclnv);
2e528b49 2908 return (SET_ERROR(EINVAL));
34dc7c2f
BB		 2909 }
2910
2911 /*
2912 * If we don't have PRIV_SYS_MOUNT, then validate
2913 * that user is allowed to hand out each permission in
2914 * the nvlist(s)
2915 */
2916
2917 error = secpolicy_zfs(CRED());
13fe0198 2918 if (error != 0) {
34dc7c2f
BB		 2919 if (zc->zc_perm_action == B_FALSE) {
2920 error = dsl_deleg_can_allow(zc->zc_name,
2921 fsaclnv, CRED());
2922 } else {
2923 error = dsl_deleg_can_unallow(zc->zc_name,
2924 fsaclnv, CRED());
2925 }
2926 }
2927
2928 if (error == 0)
2929 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2930
2931 nvlist_free(fsaclnv);
2932 return (error);
2933}
2934
2935/*
2936 * inputs:
2937 * zc_name name of filesystem
2938 *
2939 * outputs:
2940 * zc_nvlist_src{_size} nvlist of delegated permissions
2941 */
2942static int
2943zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2944{
2945 nvlist_t *nvp;
2946 int error;
2947
2948 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2949 error = put_nvlist(zc, nvp);
2950 nvlist_free(nvp);
2951 }
2952
2953 return (error);
2954}
2955
34dc7c2f
BB		 2956/* ARGSUSED */
2957static void
2958zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2959{
2960 zfs_creat_t *zct = arg;
2961
2962 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2963}
2964
2965#define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2966
2967/*
2968 * inputs:
b128c09f 2969 * os parent objset pointer (NULL if root fs)
d3cc8b15
WA		 2970 * fuids_ok fuids allowed in this version of the spa?
2971 * sa_ok SAs allowed in this version of the spa?
2972 * createprops list of properties requested by creator
34dc7c2f
BB		 2973 *
2974 * outputs:
2975 * zplprops values for the zplprops we attach to the master node object
b128c09f 2976 * is_ci true if requested file system will be purely case-insensitive
34dc7c2f
BB		 2977 *
2978 * Determine the settings for utf8only, normalization and
2979 * casesensitivity. Specific values may have been requested by the
2980 * creator and/or we can inherit values from the parent dataset. If
2981 * the file system is of too early a vintage, a creator can not
2982 * request settings for these properties, even if the requested
2983 * setting is the default value. We don't actually want to create dsl
2984 * properties for these, so remove them from the source nvlist after
2985 * processing.
2986 */
2987static int
9babb374 2988zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
428870ff
BB		 2989 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2990 nvlist_t *zplprops, boolean_t *is_ci)
34dc7c2f 2991{
34dc7c2f
BB		 2992 uint64_t sense = ZFS_PROP_UNDEFINED;
2993 uint64_t norm = ZFS_PROP_UNDEFINED;
2994 uint64_t u8 = ZFS_PROP_UNDEFINED;
b129c659 2995 int error;
34dc7c2f
BB		 2996
2997 ASSERT(zplprops != NULL);
2998
34dc7c2f
BB		 2999 /*
3000 * Pull out creator prop choices, if any.
3001 */
3002 if (createprops) {
b128c09f
BB		 3003 (void) nvlist_lookup_uint64(createprops,
3004 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
34dc7c2f
BB		 3005 (void) nvlist_lookup_uint64(createprops,
3006 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3007 (void) nvlist_remove_all(createprops,
3008 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3009 (void) nvlist_lookup_uint64(createprops,
3010 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3011 (void) nvlist_remove_all(createprops,
3012 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3013 (void) nvlist_lookup_uint64(createprops,
3014 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3015 (void) nvlist_remove_all(createprops,
3016 zfs_prop_to_name(ZFS_PROP_CASE));
3017 }
3018
3019 /*
b128c09f
BB		 3020 * If the zpl version requested is whacky or the file system
3021 * or pool is version is too "young" to support normalization
3022 * and the creator tried to set a value for one of the props,
3023 * error out.
34dc7c2f 3024 */
b128c09f
BB		 3025 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3026 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
428870ff 3027 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
b128c09f 3028 (zplver < ZPL_VERSION_NORMALIZATION &&
34dc7c2f 3029 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
b128c09f 3030 sense != ZFS_PROP_UNDEFINED)))
2e528b49 3031 return (SET_ERROR(ENOTSUP));
34dc7c2f
BB		 3032
3033 /*
3034 * Put the version in the zplprops
3035 */
3036 VERIFY(nvlist_add_uint64(zplprops,
3037 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3038
b129c659
MM		 3039 if (norm == ZFS_PROP_UNDEFINED &&
3040 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3041 return (error);
34dc7c2f
BB		 3042 VERIFY(nvlist_add_uint64(zplprops,
3043 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3044
3045 /*
3046 * If we're normalizing, names must always be valid UTF-8 strings.
3047 */
3048 if (norm)
3049 u8 = 1;
b129c659
MM		 3050 if (u8 == ZFS_PROP_UNDEFINED &&
3051 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3052 return (error);
34dc7c2f
BB		 3053 VERIFY(nvlist_add_uint64(zplprops,
3054 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3055
b129c659
MM		 3056 if (sense == ZFS_PROP_UNDEFINED &&
3057 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3058 return (error);
34dc7c2f
BB		 3059 VERIFY(nvlist_add_uint64(zplprops,
3060 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3061
3062 if (is_ci)
3063 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3064
34dc7c2f
BB		 3065 return (0);
3066}
3067
b128c09f
BB		 3068static int
3069zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3070 nvlist_t *zplprops, boolean_t *is_ci)
3071{
428870ff 3072 boolean_t fuids_ok, sa_ok;
b128c09f
BB		 3073 uint64_t zplver = ZPL_VERSION;
3074 objset_t *os = NULL;
eca7b760 3075 char parentname[ZFS_MAX_DATASET_NAME_LEN];
b128c09f 3076 char *cp;
428870ff
BB		 3077 spa_t *spa;
3078 uint64_t spa_vers;
b128c09f
BB		 3079 int error;
3080
3081 (void) strlcpy(parentname, dataset, sizeof (parentname));
3082 cp = strrchr(parentname, '/');
3083 ASSERT(cp != NULL);
3084 cp[0] = '\0';
3085
428870ff
BB		 3086 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3087 return (error);
3088
3089 spa_vers = spa_version(spa);
3090 spa_close(spa, FTAG);
3091
3092 zplver = zfs_zpl_version_map(spa_vers);
3093 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3094 sa_ok = (zplver >= ZPL_VERSION_SA);
b128c09f
BB		 3095
3096 /*
3097 * Open parent object set so we can inherit zplprop values.
3098 */
428870ff 3099 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
b128c09f
BB		 3100 return (error);
3101
428870ff 3102 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
b128c09f 3103 zplprops, is_ci);
428870ff 3104 dmu_objset_rele(os, FTAG);
b128c09f
BB		 3105 return (error);
3106}
3107
3108static int
3109zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3110 nvlist_t *zplprops, boolean_t *is_ci)
3111{
428870ff
BB		 3112 boolean_t fuids_ok;
3113 boolean_t sa_ok;
b128c09f
BB		 3114 uint64_t zplver = ZPL_VERSION;
3115 int error;
3116
428870ff
BB		 3117 zplver = zfs_zpl_version_map(spa_vers);
3118 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3119 sa_ok = (zplver >= ZPL_VERSION_SA);
b128c09f 3120
428870ff
BB		 3121 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3122 createprops, zplprops, is_ci);
b128c09f
BB		 3123 return (error);
3124}
3125
34dc7c2f 3126/*
6f1ffb06
MA		 3127 * innvl: {
3128 * "type" -> dmu_objset_type_t (int32)
3129 * (optional) "props" -> { prop -> value }
3130 * }
34dc7c2f 3131 *
6f1ffb06 3132 * outnvl: propname -> error code (int32)
34dc7c2f
BB		 3133 */
3134static int
6f1ffb06 3135zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3136{
34dc7c2f 3137 int error = 0;
6f1ffb06 3138 zfs_creat_t zct = { 0 };
34dc7c2f
BB		 3139 nvlist_t *nvprops = NULL;
3140 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
6f1ffb06
MA		 3141 int32_t type32;
3142 dmu_objset_type_t type;
3143 boolean_t is_insensitive = B_FALSE;
34dc7c2f 3144
6f1ffb06 3145 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
2e528b49 3146 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3147 type = type32;
3148 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
34dc7c2f 3149
6f1ffb06 3150 switch (type) {
34dc7c2f
BB		 3151 case DMU_OST_ZFS:
3152 cbfunc = zfs_create_cb;
3153 break;
3154
3155 case DMU_OST_ZVOL:
3156 cbfunc = zvol_create_cb;
3157 break;
3158
3159 default:
3160 cbfunc = NULL;
3161 break;
3162 }
6f1ffb06
MA		 3163 if (strchr(fsname, '@') ||
3164 strchr(fsname, '%'))
2e528b49 3165 return (SET_ERROR(EINVAL));
34dc7c2f 3166
34dc7c2f
BB		 3167 zct.zct_props = nvprops;
3168
6f1ffb06 3169 if (cbfunc == NULL)
2e528b49 3170 return (SET_ERROR(EINVAL));
34dc7c2f 3171
6f1ffb06
MA		 3172 if (type == DMU_OST_ZVOL) {
3173 uint64_t volsize, volblocksize;
34dc7c2f 3174
6f1ffb06 3175 if (nvprops == NULL)
2e528b49 3176 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3177 if (nvlist_lookup_uint64(nvprops,
3178 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
2e528b49 3179 return (SET_ERROR(EINVAL));
34dc7c2f 3180
6f1ffb06
MA		 3181 if ((error = nvlist_lookup_uint64(nvprops,
3182 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3183 &volblocksize)) != 0 && error != ENOENT)
2e528b49 3184 return (SET_ERROR(EINVAL));
34dc7c2f 3185
6f1ffb06
MA		 3186 if (error != 0)
3187 volblocksize = zfs_prop_default_numeric(
3188 ZFS_PROP_VOLBLOCKSIZE);
34dc7c2f 3189
4cb7b9c5 3190 if ((error = zvol_check_volblocksize(fsname,
6f1ffb06
MA		 3191 volblocksize)) != 0 ||
3192 (error = zvol_check_volsize(volsize,
3193 volblocksize)) != 0)
3194 return (error);
3195 } else if (type == DMU_OST_ZFS) {
3196 int error;
34dc7c2f 3197
6f1ffb06
MA		 3198 /*
3199 * We have to have normalization and
3200 * case-folding flags correct when we do the
3201 * file system creation, so go figure them out
3202 * now.
3203 */
3204 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3205 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3206 error = zfs_fill_zplprops(fsname, nvprops,
3207 zct.zct_zplprops, &is_insensitive);
3208 if (error != 0) {
3209 nvlist_free(zct.zct_zplprops);
3210 return (error);
34dc7c2f 3211 }
34dc7c2f
BB		 3212 }
3213
6f1ffb06
MA		 3214 error = dmu_objset_create(fsname, type,
3215 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3216 nvlist_free(zct.zct_zplprops);
3217
34dc7c2f
BB		 3218 /*
3219 * It would be nice to do this atomically.
3220 */
3221 if (error == 0) {
6f1ffb06
MA		 3222 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3223 nvprops, outnvl);
f74b821a
BB		 3224 if (error != 0) {
3225 spa_t *spa;
3226 int error2;
3227
3228 /*
3229 * Volumes will return EBUSY and cannot be destroyed
3230 * until all asynchronous minor handling has completed.
3231 * Wait for the spa_zvol_taskq to drain then retry.
3232 */
3233 error2 = dsl_destroy_head(fsname);
3234 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3235 error2 = spa_open(fsname, &spa, FTAG);
3236 if (error2 == 0) {
3237 taskq_wait(spa->spa_zvol_taskq);
3238 spa_close(spa, FTAG);
3239 }
3240 error2 = dsl_destroy_head(fsname);
3241 }
3242 }
34dc7c2f 3243 }
34dc7c2f
BB		 3244 return (error);
3245}
3246
3247/*
6f1ffb06
MA		 3248 * innvl: {
3249 * "origin" -> name of origin snapshot
3250 * (optional) "props" -> { prop -> value }
3251 * }
34dc7c2f 3252 *
428870ff 3253 * outputs:
6f1ffb06 3254 * outnvl: propname -> error code (int32)
34dc7c2f
BB		 3255 */
3256static int
6f1ffb06 3257zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3258{
6f1ffb06 3259 int error = 0;
b128c09f 3260 nvlist_t *nvprops = NULL;
6f1ffb06 3261 char *origin_name;
b128c09f 3262
6f1ffb06 3263 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
2e528b49 3264 return (SET_ERROR(EINVAL));
6f1ffb06 3265 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
b128c09f 3266
6f1ffb06
MA		 3267 if (strchr(fsname, '@') ||
3268 strchr(fsname, '%'))
2e528b49 3269 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3270
3271 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
2e528b49 3272 return (SET_ERROR(EINVAL));
13fe0198
MA		 3273 error = dmu_objset_clone(fsname, origin_name);
3274 if (error != 0)
6f1ffb06 3275 return (error);
b128c09f 3276
6f1ffb06
MA		 3277 /*
3278 * It would be nice to do this atomically.
3279 */
3280 if (error == 0) {
3281 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3282 nvprops, outnvl);
3283 if (error != 0)
13fe0198 3284 (void) dsl_destroy_head(fsname);
b128c09f 3285 }
6f1ffb06
MA		 3286 return (error);
3287}
9babb374 3288
6f1ffb06
MA		 3289/*
3290 * innvl: {
3291 * "snaps" -> { snapshot1, snapshot2 }
3292 * (optional) "props" -> { prop -> value (string) }
3293 * }
3294 *
3295 * outnvl: snapshot -> error code (int32)
6f1ffb06
MA		 3296 */
3297static int
3298zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3299{
3300 nvlist_t *snaps;
3301 nvlist_t *props = NULL;
3302 int error, poollen;
3303 nvpair_t *pair, *pair2;
9babb374 3304
6f1ffb06
MA		 3305 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3306 if ((error = zfs_check_userprops(poolname, props)) != 0)
3307 return (error);
3308
3309 if (!nvlist_empty(props) &&
3310 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
2e528b49 3311 return (SET_ERROR(ENOTSUP));
6f1ffb06
MA		 3312
3313 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
2e528b49 3314 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3315 poollen = strlen(poolname);
3316 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3317 pair = nvlist_next_nvpair(snaps, pair)) {
3318 const char *name = nvpair_name(pair);
3319 const char *cp = strchr(name, '@');
3320
3321 /*
3322 * The snap name must contain an @, and the part after it must
3323 * contain only valid characters.
3324 */
da536844
MA		 3325 if (cp == NULL ||
3326 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
2e528b49 3327 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3328
3329 /*
3330 * The snap must be in the specified pool.
3331 */
3332 if (strncmp(name, poolname, poollen) != 0 ||
3333 (name[poollen] != '/' && name[poollen] != '@'))
2e528b49 3334 return (SET_ERROR(EXDEV));
6f1ffb06
MA		 3335
3336 /* This must be the only snap of this fs. */
3337 for (pair2 = nvlist_next_nvpair(snaps, pair);
3338 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3339 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3340 == 0) {
2e528b49 3341 return (SET_ERROR(EXDEV));
6f1ffb06
MA		 3342 }
3343 }
3344 }
3345
13fe0198 3346 error = dsl_dataset_snapshot(snaps, props, outnvl);
ba6a2402 3347
6f1ffb06
MA		 3348 return (error);
3349}
3350
3351/*
3352 * innvl: "message" -> string
3353 */
3354/* ARGSUSED */
3355static int
3356zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3357{
3358 char *message;
3359 spa_t *spa;
3360 int error;
3361 char *poolname;
3362
3363 /*
3364 * The poolname in the ioctl is not set, we get it from the TSD,
3365 * which was set at the end of the last successful ioctl that allows
3366 * logging. The secpolicy func already checked that it is set.
3367 * Only one log ioctl is allowed after each successful ioctl, so
3368 * we clear the TSD here.
3369 */
3370 poolname = tsd_get(zfs_allow_log_key);
9f3d1407 3371 if (poolname == NULL)
3372 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3373 (void) tsd_set(zfs_allow_log_key, NULL);
3374 error = spa_open(poolname, &spa, FTAG);
3375 strfree(poolname);
3376 if (error != 0)
3377 return (error);
3378
3379 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3380 spa_close(spa, FTAG);
2e528b49 3381 return (SET_ERROR(EINVAL));
6f1ffb06
MA		 3382 }
3383
3384 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3385 spa_close(spa, FTAG);
2e528b49 3386 return (SET_ERROR(ENOTSUP));
6f1ffb06
MA		 3387 }
3388
3389 error = spa_history_log(spa, message);
3390 spa_close(spa, FTAG);
b128c09f 3391 return (error);
34dc7c2f
BB		 3392}
3393
ebe7e575 3394/*
13fe0198
MA		 3395 * The dp_config_rwlock must not be held when calling this, because the
3396 * unmount may need to write out data.
3397 *
3398 * This function is best-effort. Callers must deal gracefully if it
3399 * remains mounted (or is remounted after this call).
d09f25dc 3400 *
278bee93
BB		 3401 * Returns 0 if the argument is not a snapshot, or it is not currently a
3402 * filesystem, or we were able to unmount it. Returns error code otherwise.
ebe7e575 3403 */
d09f25dc 3404int
13fe0198 3405zfs_unmount_snap(const char *snapname)
34dc7c2f 3406{
278bee93 3407 int err;
34dc7c2f 3408
278bee93 3409 if (strchr(snapname, '@') == NULL)
d09f25dc 3410 return (0);
34dc7c2f 3411
278bee93
BB		 3412 err = zfsctl_snapshot_unmount((char *)snapname, MNT_FORCE);
3413 if (err != 0 && err != ENOENT)
3414 return (SET_ERROR(err));
ebe7e575 3415
d09f25dc 3416 return (0);
13fe0198
MA		 3417}
3418
3419/* ARGSUSED */
3420static int
3421zfs_unmount_snap_cb(const char *snapname, void *arg)
3422{
d09f25dc 3423 return (zfs_unmount_snap(snapname));
13fe0198
MA		 3424}
3425
3426/*
3427 * When a clone is destroyed, its origin may also need to be destroyed,
3428 * in which case it must be unmounted. This routine will do that unmount
3429 * if necessary.
3430 */
3431void
3432zfs_destroy_unmount_origin(const char *fsname)
3433{
3434 int error;
3435 objset_t *os;
3436 dsl_dataset_t *ds;
3437
3438 error = dmu_objset_hold(fsname, FTAG, &os);
3439 if (error != 0)
3440 return;
3441 ds = dmu_objset_ds(os);
3442 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
eca7b760 3443 char originname[ZFS_MAX_DATASET_NAME_LEN];
13fe0198
MA		 3444 dsl_dataset_name(ds->ds_prev, originname);
3445 dmu_objset_rele(os, FTAG);
d09f25dc 3446 (void) zfs_unmount_snap(originname);
13fe0198
MA		 3447 } else {
3448 dmu_objset_rele(os, FTAG);
3449 }
34dc7c2f
BB		 3450}
3451
3452/*
6f1ffb06
MA		 3453 * innvl: {
3454 * "snaps" -> { snapshot1, snapshot2 }
3455 * (optional boolean) "defer"
3456 * }
34dc7c2f 3457 *
6f1ffb06 3458 * outnvl: snapshot -> error code (int32)
34dc7c2f 3459 */
da536844 3460/* ARGSUSED */
34dc7c2f 3461static int
6f1ffb06 3462zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
34dc7c2f 3463{
6f1ffb06 3464 nvlist_t *snaps;
330d06f9 3465 nvpair_t *pair;
6f1ffb06 3466 boolean_t defer;
34dc7c2f 3467
6f1ffb06 3468 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
2e528b49 3469 return (SET_ERROR(EINVAL));
6f1ffb06 3470 defer = nvlist_exists(innvl, "defer");
330d06f9 3471
6f1ffb06
MA		 3472 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3473 pair = nvlist_next_nvpair(snaps, pair)) {
da536844 3474 (void) zfs_unmount_snap(nvpair_name(pair));
da536844
MA		 3475 }
3476
3477 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3478}
3479
3480/*
3481 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>.
3482 * All bookmarks must be in the same pool.
3483 *
3484 * innvl: {
3485 * bookmark1 -> snapshot1, bookmark2 -> snapshot2
3486 * }
3487 *
3488 * outnvl: bookmark -> error code (int32)
3489 *
3490 */
3491/* ARGSUSED */
3492static int
3493zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3494{
3495 nvpair_t *pair, *pair2;
3496
3497 for (pair = nvlist_next_nvpair(innvl, NULL);
3498 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3499 char *snap_name;
3500
3501 /*
3502 * Verify the snapshot argument.
3503 */
3504 if (nvpair_value_string(pair, &snap_name) != 0)
3505 return (SET_ERROR(EINVAL));
3506
3507
3508 /* Verify that the keys (bookmarks) are unique */
3509 for (pair2 = nvlist_next_nvpair(innvl, pair);
3510 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) {
3511 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0)
3512 return (SET_ERROR(EINVAL));
3513 }
3514 }
3515
3516 return (dsl_bookmark_create(innvl, outnvl));
3517}
3518
3519/*
3520 * innvl: {
3521 * property 1, property 2, ...
3522 * }
3523 *
3524 * outnvl: {
3525 * bookmark name 1 -> { property 1, property 2, ... },
3526 * bookmark name 2 -> { property 1, property 2, ... }
3527 * }
3528 *
3529 */
3530static int
3531zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3532{
3533 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3534}
3535
3536/*
3537 * innvl: {
3538 * bookmark name 1, bookmark name 2
3539 * }
3540 *
3541 * outnvl: bookmark -> error code (int32)
3542 *
3543 */
3544static int
3545zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3546 nvlist_t *outnvl)
3547{
3548 int error, poollen;
3549 nvpair_t *pair;
3550
3551 poollen = strlen(poolname);
3552 for (pair = nvlist_next_nvpair(innvl, NULL);
3553 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
330d06f9 3554 const char *name = nvpair_name(pair);
da536844 3555 const char *cp = strchr(name, '#');
6f1ffb06 3556
330d06f9 3557 /*
da536844
MA		 3558 * The bookmark name must contain an #, and the part after it
3559 * must contain only valid characters.
3560 */
3561 if (cp == NULL ||
3562 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3563 return (SET_ERROR(EINVAL));
3564
3565 /*
3566 * The bookmark must be in the specified pool.
330d06f9 3567 */
6f1ffb06 3568 if (strncmp(name, poolname, poollen) != 0 ||
da536844 3569 (name[poollen] != '/' && name[poollen] != '#'))
2e528b49 3570 return (SET_ERROR(EXDEV));
330d06f9
MA		 3571 }
3572
da536844
MA		 3573 error = dsl_bookmark_destroy(innvl, outnvl);
3574 return (error);
34dc7c2f
BB		 3575}
3576
3577/*
3578 * inputs:
3579 * zc_name name of dataset to destroy
3580 * zc_objset_type type of objset
45d1cae3 3581 * zc_defer_destroy mark for deferred destroy
34dc7c2f
BB		 3582 *
3583 * outputs: none
3584 */
3585static int
3586zfs_ioc_destroy(zfs_cmd_t *zc)
3587{
428870ff 3588 int err;
d09f25dc
WA		 3589
3590 if (zc->zc_objset_type == DMU_OST_ZFS) {
3591 err = zfs_unmount_snap(zc->zc_name);
3592 if (err != 0)
3593 return (err);
3594 }
34dc7c2f 3595
1b87e0f5 3596 if (strchr(zc->zc_name, '@')) {
13fe0198 3597 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
1b87e0f5 3598 } else {
13fe0198 3599 err = dsl_destroy_head(zc->zc_name);
1b87e0f5
RS		 3600 if (err == EEXIST) {
3601 /*
3602 * It is possible that the given DS may have
3603 * hidden child (%recv) datasets - "leftovers"
3604 * resulting from the previously interrupted
3605 * 'zfs receive'.
3606 *
3607 * 6 extra bytes for /%recv
3608 */
3609 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
3610
3611 (void) snprintf(namebuf, sizeof (namebuf),
3612 "%s/%s", zc->zc_name, recv_clone_name);
3613
3614 /*
3615 * Try to remove the hidden child (%recv) and after
3616 * that try to remove the target dataset.
3617 * If the hidden child (%recv) does not exist
3618 * the original error (EEXIST) will be returned
3619 */
3620 err = dsl_destroy_head(namebuf);
3621 if (err == 0)
3622 err = dsl_destroy_head(zc->zc_name);
3623 else if (err == ENOENT)
3624 err = EEXIST;
3625 }
3626 }
a0bd735a 3627
428870ff 3628 return (err);
34dc7c2f
BB		 3629}
3630
3631/*
46ba1e59 3632 * fsname is name of dataset to rollback (to most recent snapshot)
34dc7c2f 3633 *
46ba1e59
MA		 3634 * innvl is not used.
3635 *
3636 * outnvl: "target" -> name of most recent snapshot
3637 * }
34dc7c2f 3638 */
46ba1e59 3639/* ARGSUSED */
34dc7c2f 3640static int
46ba1e59 3641zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl)
34dc7c2f 3642{
3558fd73 3643 zfs_sb_t *zsb;
13fe0198 3644 int error;
34dc7c2f 3645
46ba1e59 3646 if (get_zfs_sb(fsname, &zsb) == 0) {
3558fd73 3647 error = zfs_suspend_fs(zsb);
34dc7c2f
BB		 3648 if (error == 0) {
3649 int resume_err;
3650
46ba1e59
MA		 3651 error = dsl_dataset_rollback(fsname, zsb, outnvl);
3652 resume_err = zfs_resume_fs(zsb, fsname);
34dc7c2f 3653 error = error ? error : resume_err;
34dc7c2f 3654 }
2cf7f52b 3655 deactivate_super(zsb->z_sb);
34dc7c2f 3656 } else {
46ba1e59 3657 error = dsl_dataset_rollback(fsname, NULL, outnvl);
34dc7c2f 3658 }
13fe0198
MA		 3659 return (error);
3660}
34dc7c2f 3661
13fe0198
MA		 3662static int
3663recursive_unmount(const char *fsname, void *arg)
3664{
3665 const char *snapname = arg;
3666 char *fullname;
00fcdee1 3667 int error;
428870ff 3668
13fe0198 3669 fullname = kmem_asprintf("%s@%s", fsname, snapname);
00fcdee1 3670 error = zfs_unmount_snap(fullname);
13fe0198 3671 strfree(fullname);
00fcdee1
AV		 3672
3673 return (error);
34dc7c2f
BB		 3674}
3675
3676/*
3677 * inputs:
3678 * zc_name old name of dataset
3679 * zc_value new name of dataset
3680 * zc_cookie recursive flag (only valid for snapshots)
3681 *
3682 * outputs: none
3683 */
3684static int
3685zfs_ioc_rename(zfs_cmd_t *zc)
3686{
3687 boolean_t recursive = zc->zc_cookie & 1;
13fe0198 3688 char *at;
34dc7c2f
BB		 3689
3690 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3691 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3692 strchr(zc->zc_value, '%'))
2e528b49 3693 return (SET_ERROR(EINVAL));
34dc7c2f 3694
13fe0198
MA		 3695 at = strchr(zc->zc_name, '@');
3696 if (at != NULL) {
3697 /* snaps must be in same fs */
9554185d
SH		 3698 int error;
3699
13fe0198 3700 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
2e528b49 3701 return (SET_ERROR(EXDEV));
13fe0198
MA		 3702 *at = '\0';
3703 if (zc->zc_objset_type == DMU_OST_ZFS) {
9554185d 3704 error = dmu_objset_find(zc->zc_name,
13fe0198
MA		 3705 recursive_unmount, at + 1,
3706 recursive ? DS_FIND_CHILDREN : 0);
9554185d
SH		 3707 if (error != 0) {
3708 *at = '@';
13fe0198 3709 return (error);
9554185d 3710 }
13fe0198 3711 }
9554185d
SH		 3712 error = dsl_dataset_rename_snapshot(zc->zc_name,
3713 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
3714 *at = '@';
3715
3716 return (error);
13fe0198 3717 } else {
ba6a2402 3718 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
95c73795 3719 }
34dc7c2f
BB		 3720}
3721
428870ff
BB		 3722static int
3723zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3724{
3725 const char *propname = nvpair_name(pair);
3726 boolean_t issnap = (strchr(dsname, '@') != NULL);
3727 zfs_prop_t prop = zfs_name_to_prop(propname);
3728 uint64_t intval;
3729 int err;
3730
3731 if (prop == ZPROP_INVAL) {
3732 if (zfs_prop_user(propname)) {
c65aa5b2
BB		 3733 if ((err = zfs_secpolicy_write_perms(dsname,
3734 ZFS_DELEG_PERM_USERPROP, cr)))
428870ff
BB		 3735 return (err);
3736 return (0);
3737 }
3738
3739 if (!issnap && zfs_prop_userquota(propname)) {
3740 const char *perm = NULL;
3741 const char *uq_prefix =
3742 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3743 const char *gq_prefix =
3744 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
1de321e6
JX		 3745 const char *uiq_prefix =
3746 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
3747 const char *giq_prefix =
3748 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
428870ff
BB		 3749
3750 if (strncmp(propname, uq_prefix,
3751 strlen(uq_prefix)) == 0) {
3752 perm = ZFS_DELEG_PERM_USERQUOTA;
1de321e6
JX		 3753 } else if (strncmp(propname, uiq_prefix,
3754 strlen(uiq_prefix)) == 0) {
3755 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
428870ff
BB		 3756 } else if (strncmp(propname, gq_prefix,
3757 strlen(gq_prefix)) == 0) {
3758 perm = ZFS_DELEG_PERM_GROUPQUOTA;
1de321e6
JX		 3759 } else if (strncmp(propname, giq_prefix,
3760 strlen(giq_prefix)) == 0) {
3761 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
428870ff
BB		 3762 } else {
3763 /* USERUSED and GROUPUSED are read-only */
2e528b49 3764 return (SET_ERROR(EINVAL));
428870ff
BB		 3765 }
3766
c65aa5b2 3767 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
428870ff
BB		 3768 return (err);
3769 return (0);
3770 }
3771
2e528b49 3772 return (SET_ERROR(EINVAL));
428870ff
BB		 3773 }
3774
3775 if (issnap)
2e528b49 3776 return (SET_ERROR(EINVAL));
428870ff
BB		 3777
3778 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3779 /*
3780 * dsl_prop_get_all_impl() returns properties in this
3781 * format.
3782 */
3783 nvlist_t *attrs;
3784 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3785 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3786 &pair) == 0);
3787 }
3788
3789 /*
3790 * Check that this value is valid for this pool version
3791 */
3792 switch (prop) {
3793 case ZFS_PROP_COMPRESSION:
3794 /*
3795 * If the user specified gzip compression, make sure
3796 * the SPA supports it. We ignore any errors here since
3797 * we'll catch them later.
3798 */
f1512ee6 3799 if (nvpair_value_uint64(pair, &intval) == 0) {
428870ff
BB		 3800 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3801 intval <= ZIO_COMPRESS_GZIP_9 &&
3802 zfs_earlier_version(dsname,
3803 SPA_VERSION_GZIP_COMPRESSION)) {
2e528b49 3804 return (SET_ERROR(ENOTSUP));
428870ff
BB		 3805 }
3806
3807 if (intval == ZIO_COMPRESS_ZLE &&
3808 zfs_earlier_version(dsname,
3809 SPA_VERSION_ZLE_COMPRESSION))
2e528b49 3810 return (SET_ERROR(ENOTSUP));
428870ff 3811
9759c60f 3812 if (intval == ZIO_COMPRESS_LZ4) {
9759c60f
ED		 3813 spa_t *spa;
3814
3815 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3816 return (err);
3817
fa86b5db
MA		 3818 if (!spa_feature_is_enabled(spa,
3819 SPA_FEATURE_LZ4_COMPRESS)) {
9759c60f 3820 spa_close(spa, FTAG);
2e528b49 3821 return (SET_ERROR(ENOTSUP));
9759c60f
ED		 3822 }
3823 spa_close(spa, FTAG);
3824 }
3825
428870ff
BB		 3826 /*
3827 * If this is a bootable dataset then
3828 * verify that the compression algorithm
3829 * is supported for booting. We must return
3830 * something other than ENOTSUP since it
3831 * implies a downrev pool version.
3832 */
3833 if (zfs_is_bootfs(dsname) &&
3834 !BOOTFS_COMPRESS_VALID(intval)) {
2e528b49 3835 return (SET_ERROR(ERANGE));
428870ff
BB		 3836 }
3837 }
3838 break;
3839
3840 case ZFS_PROP_COPIES:
3841 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
2e528b49 3842 return (SET_ERROR(ENOTSUP));
428870ff
BB		 3843 break;
3844
4cb7b9c5 3845 case ZFS_PROP_VOLBLOCKSIZE:
f1512ee6
MA		 3846 case ZFS_PROP_RECORDSIZE:
3847 /* Record sizes above 128k need the feature to be enabled */
3848 if (nvpair_value_uint64(pair, &intval) == 0 &&
3849 intval > SPA_OLD_MAXBLOCKSIZE) {
3850 spa_t *spa;
3851
3852 /*
3853 * If this is a bootable dataset then
50c957f7 3854 * we don't allow large (>128K) blocks,
f1512ee6
MA		 3855 * because GRUB doesn't support them.
3856 */
3857 if (zfs_is_bootfs(dsname) &&
3858 intval > SPA_OLD_MAXBLOCKSIZE) {
4b2a3e0c 3859 return (SET_ERROR(ERANGE));
f1512ee6
MA		 3860 }
3861
3862 /*
3863 * We don't allow setting the property above 1MB,
3864 * unless the tunable has been changed.
3865 */
3866 if (intval > zfs_max_recordsize ||
3867 intval > SPA_MAXBLOCKSIZE)
4b2a3e0c 3868 return (SET_ERROR(ERANGE));
f1512ee6
MA		 3869
3870 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3871 return (err);
3872
3873 if (!spa_feature_is_enabled(spa,
3874 SPA_FEATURE_LARGE_BLOCKS)) {
3875 spa_close(spa, FTAG);
3876 return (SET_ERROR(ENOTSUP));
3877 }
3878 spa_close(spa, FTAG);
3879 }
3880 break;
3881
50c957f7
NB		 3882 case ZFS_PROP_DNODESIZE:
3883 /* Dnode sizes above 512 need the feature to be enabled */
3884 if (nvpair_value_uint64(pair, &intval) == 0 &&
3885 intval != ZFS_DNSIZE_LEGACY) {
3886 spa_t *spa;
3887
3888 /*
3889 * If this is a bootable dataset then
3890 * we don't allow large (>512B) dnodes,
3891 * because GRUB doesn't support them.
3892 */
3893 if (zfs_is_bootfs(dsname) &&
02730c33 3894 intval != ZFS_DNSIZE_LEGACY) {
50c957f7
NB		 3895 return (SET_ERROR(EDOM));
3896 }
3897
3898 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3899 return (err);
3900
3901 if (!spa_feature_is_enabled(spa,
3902 SPA_FEATURE_LARGE_DNODE)) {
3903 spa_close(spa, FTAG);
3904 return (SET_ERROR(ENOTSUP));
3905 }
3906 spa_close(spa, FTAG);
3907 }
3908 break;
3909
428870ff
BB		 3910 case ZFS_PROP_SHARESMB:
3911 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
2e528b49 3912 return (SET_ERROR(ENOTSUP));
428870ff
BB		 3913 break;
3914
3915 case ZFS_PROP_ACLINHERIT:
3916 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3917 nvpair_value_uint64(pair, &intval) == 0) {
3918 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3919 zfs_earlier_version(dsname,
3920 SPA_VERSION_PASSTHROUGH_X))
2e528b49 3921 return (SET_ERROR(ENOTSUP));
428870ff
BB		 3922 }
3923 break;
3c67d83a
TH		 3924 case ZFS_PROP_CHECKSUM:
3925 case ZFS_PROP_DEDUP:
3926 {
3927 spa_feature_t feature;
3928 spa_t *spa;
3929 uint64_t intval;
3930 int err;
3931
3932 /* dedup feature version checks */
3933 if (prop == ZFS_PROP_DEDUP &&
3934 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3935 return (SET_ERROR(ENOTSUP));
3936
3937 if (nvpair_value_uint64(pair, &intval) != 0)
3938 return (SET_ERROR(EINVAL));
3939
3940 /* check prop value is enabled in features */
4a2e9a17 3941 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK);
3c67d83a
TH		 3942 if (feature == SPA_FEATURE_NONE)
3943 break;
3944
3945 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3946 return (err);
3947 /*
3948 * Salted checksums are not supported on root pools.
3949 */
3950 if (spa_bootfs(spa) != 0 &&
3951 intval < ZIO_CHECKSUM_FUNCTIONS &&
3952 (zio_checksum_table[intval].ci_flags &
3953 ZCHECKSUM_FLAG_SALTED)) {
3954 spa_close(spa, FTAG);
3955 return (SET_ERROR(ERANGE));
3956 }
3957 if (!spa_feature_is_enabled(spa, feature)) {
3958 spa_close(spa, FTAG);
3959 return (SET_ERROR(ENOTSUP));
3960 }
3961 spa_close(spa, FTAG);
3962 break;
3963 }
3964
e75c13c3
BB		 3965 default:
3966 break;
428870ff
BB		 3967 }
3968
3969 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3970}
3971
3972/*
3973 * Removes properties from the given props list that fail permission checks
3974 * needed to clear them and to restore them in case of a receive error. For each
3975 * property, make sure we have both set and inherit permissions.
3976 *
3977 * Returns the first error encountered if any permission checks fail. If the
3978 * caller provides a non-NULL errlist, it also gives the complete list of names
3979 * of all the properties that failed a permission check along with the
3980 * corresponding error numbers. The caller is responsible for freeing the
3981 * returned errlist.
3982 *
3983 * If every property checks out successfully, zero is returned and the list
3984 * pointed at by errlist is NULL.
3985 */
3986static int
3987zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
b128c09f
BB		 3988{
3989 zfs_cmd_t *zc;
428870ff
BB		 3990 nvpair_t *pair, *next_pair;
3991 nvlist_t *errors;
3992 int err, rv = 0;
b128c09f
BB		 3993
3994 if (props == NULL)
428870ff
BB		 3995 return (0);
3996
3997 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3998
efcd79a8 3999 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
680eada9 4000 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
428870ff
BB		 4001 pair = nvlist_next_nvpair(props, NULL);
4002 while (pair != NULL) {
4003 next_pair = nvlist_next_nvpair(props, pair);
4004
680eada9 4005 (void) strlcpy(zc->zc_value, nvpair_name(pair),
4006 sizeof (zc->zc_value));
428870ff 4007 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
6f1ffb06 4008 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
428870ff
BB		 4009 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
4010 VERIFY(nvlist_add_int32(errors,
4011 zc->zc_value, err) == 0);
4012 }
4013 pair = next_pair;
b128c09f
BB		 4014 }
4015 kmem_free(zc, sizeof (zfs_cmd_t));
428870ff
BB		 4016
4017 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
4018 nvlist_free(errors);
4019 errors = NULL;
4020 } else {
4021 VERIFY(nvpair_value_int32(pair, &rv) == 0);
4022 }
4023
4024 if (errlist == NULL)
4025 nvlist_free(errors);
4026 else
4027 *errlist = errors;
4028
4029 return (rv);
4030}
4031
4032static boolean_t
4033propval_equals(nvpair_t *p1, nvpair_t *p2)
4034{
4035 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
4036 /* dsl_prop_get_all_impl() format */
4037 nvlist_t *attrs;
4038 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
4039 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4040 &p1) == 0);
4041 }
4042
4043 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
4044 nvlist_t *attrs;
4045 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
4046 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4047 &p2) == 0);
4048 }
4049
4050 if (nvpair_type(p1) != nvpair_type(p2))
4051 return (B_FALSE);
4052
4053 if (nvpair_type(p1) == DATA_TYPE_STRING) {
4054 char *valstr1, *valstr2;
4055
4056 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
4057 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
4058 return (strcmp(valstr1, valstr2) == 0);
4059 } else {
4060 uint64_t intval1, intval2;
4061
4062 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
4063 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
4064 return (intval1 == intval2);
4065 }
b128c09f
BB		 4066}
4067
428870ff
BB		 4068/*
4069 * Remove properties from props if they are not going to change (as determined
4070 * by comparison with origprops). Remove them from origprops as well, since we
4071 * do not need to clear or restore properties that won't change.
4072 */
4073static void
4074props_reduce(nvlist_t *props, nvlist_t *origprops)
4075{
4076 nvpair_t *pair, *next_pair;
4077
4078 if (origprops == NULL)
4079 return; /* all props need to be received */
4080
4081 pair = nvlist_next_nvpair(props, NULL);
4082 while (pair != NULL) {
4083 const char *propname = nvpair_name(pair);
4084 nvpair_t *match;
4085
4086 next_pair = nvlist_next_nvpair(props, pair);
4087
4088 if ((nvlist_lookup_nvpair(origprops, propname,
4089 &match) != 0) || !propval_equals(pair, match))
4090 goto next; /* need to set received value */
4091
4092 /* don't clear the existing received value */
4093 (void) nvlist_remove_nvpair(origprops, match);
4094 /* don't bother receiving the property */
4095 (void) nvlist_remove_nvpair(props, pair);
4096next:
4097 pair = next_pair;
4098 }
4099}
4100
671c9354
DM		 4101/*
4102 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
4103 * For example, refquota cannot be set until after the receipt of a dataset,
4104 * because in replication streams, an older/earlier snapshot may exceed the
4105 * refquota. We want to receive the older/earlier snapshot, but setting
4106 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
4107 * the older/earlier snapshot from being received (with EDQUOT).
4108 *
4109 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
4110 *
4111 * libzfs will need to be judicious handling errors encountered by props
4112 * extracted by this function.
4113 */
4114static nvlist_t *
4115extract_delay_props(nvlist_t *props)
4116{
4117 nvlist_t *delayprops;
4118 nvpair_t *nvp, *tmp;
4119 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 };
4120 int i;
4121
4122 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4123
4124 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
4125 nvp = nvlist_next_nvpair(props, nvp)) {
4126 /*
4127 * strcmp() is safe because zfs_prop_to_name() always returns
4128 * a bounded string.
4129 */
4130 for (i = 0; delayable[i] != 0; i++) {
4131 if (strcmp(zfs_prop_to_name(delayable[i]),
4132 nvpair_name(nvp)) == 0) {
4133 break;
4134 }
4135 }
4136 if (delayable[i] != 0) {
4137 tmp = nvlist_prev_nvpair(props, nvp);
4138 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
4139 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
4140 nvp = tmp;
4141 }
4142 }
4143
4144 if (nvlist_empty(delayprops)) {
4145 nvlist_free(delayprops);
4146 delayprops = NULL;
4147 }
4148 return (delayprops);
4149}
4150
428870ff
BB		 4151#ifdef DEBUG
4152static boolean_t zfs_ioc_recv_inject_err;
4153#endif
4154
34dc7c2f 4155/*
1bf3bf0e
GN		 4156 * nvlist 'errors' is always allocated. It will contain descriptions of
4157 * encountered errors, if any. It's the callers responsibility to free.
34dc7c2f
BB		 4158 */
4159static int
43e52edd
BB		 4160zfs_ioc_recv_impl(char *tofs, char *tosnap, char *origin,
4161 nvlist_t *props, boolean_t force, boolean_t resumable, int input_fd,
4162 dmu_replay_record_t *begin_record, int cleanup_fd, uint64_t *read_bytes,
4163 uint64_t *errflags, uint64_t *action_handle, nvlist_t **errors)
34dc7c2f 4164{
34dc7c2f 4165 dmu_recv_cookie_t drc;
428870ff
BB		 4166 int error = 0;
4167 int props_error = 0;
34dc7c2f 4168 offset_t off;
671c9354 4169 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */
43e52edd 4170 nvlist_t *origprops = NULL; /* existing properties */
428870ff 4171 boolean_t first_recvd_props = B_FALSE;
43e52edd 4172 file_t *input_fp;
34dc7c2f 4173
1bf3bf0e
GN		 4174 *read_bytes = 0;
4175 *errflags = 0;
4176 *errors = fnvlist_alloc();
4177
43e52edd
BB		 4178 input_fp = getf(input_fd);
4179 if (input_fp == NULL)
2e528b49 4180 return (SET_ERROR(EBADF));
13fe0198
MA		 4181
4182 error = dmu_recv_begin(tofs, tosnap,
43e52edd 4183 begin_record, force, resumable, origin, &drc);
13fe0198
MA		 4184 if (error != 0)
4185 goto out;
4186
4187 /*
4188 * Set properties before we receive the stream so that they are applied
4189 * to the new data. Note that we must call dmu_recv_stream() if
4190 * dmu_recv_begin() succeeds.
4191 */
4192 if (props != NULL && !drc.drc_newfs) {
4193 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4194 SPA_VERSION_RECVD_PROPS &&
4195 !dsl_prop_get_hasrecvd(tofs))
428870ff 4196 first_recvd_props = B_TRUE;
428870ff 4197
b128c09f 4198 /*
428870ff
BB		 4199 * If new received properties are supplied, they are to
4200 * completely replace the existing received properties, so stash
4201 * away the existing ones.
b128c09f 4202 */
13fe0198 4203 if (dsl_prop_get_received(tofs, &origprops) == 0) {
428870ff
BB		 4204 nvlist_t *errlist = NULL;
4205 /*
4206 * Don't bother writing a property if its value won't
4207 * change (and avoid the unnecessary security checks).
4208 *
4209 * The first receive after SPA_VERSION_RECVD_PROPS is a
4210 * special case where we blow away all local properties
4211 * regardless.
4212 */
4213 if (!first_recvd_props)
4214 props_reduce(props, origprops);
13fe0198 4215 if (zfs_check_clearable(tofs, origprops, &errlist) != 0)
43e52edd 4216 (void) nvlist_merge(*errors, errlist, 0);
428870ff 4217 nvlist_free(errlist);
b128c09f 4218
13fe0198
MA		 4219 if (clear_received_props(tofs, origprops,
4220 first_recvd_props ? NULL : props) != 0)
43e52edd 4221 *errflags |= ZPROP_ERR_NOCLEAR;
13fe0198 4222 } else {
43e52edd 4223 *errflags |= ZPROP_ERR_NOCLEAR;
428870ff 4224 }
13fe0198
MA		 4225 }
4226
4227 if (props != NULL) {
4228 props_error = dsl_prop_set_hasrecvd(tofs);
428870ff 4229
13fe0198 4230 if (props_error == 0) {
671c9354 4231 delayprops = extract_delay_props(props);
13fe0198 4232 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
43e52edd 4233 props, *errors);
13fe0198 4234 }
428870ff
BB		 4235 }
4236
43e52edd
BB		 4237 off = input_fp->f_offset;
4238 error = dmu_recv_stream(&drc, input_fp->f_vnode, &off, cleanup_fd,
4239 action_handle);
34dc7c2f 4240
45d1cae3 4241 if (error == 0) {
3558fd73 4242 zfs_sb_t *zsb = NULL;
b128c09f 4243
3558fd73 4244 if (get_zfs_sb(tofs, &zsb) == 0) {
45d1cae3
BB		 4245 /* online recv */
4246 int end_err;
b128c09f 4247
3558fd73 4248 error = zfs_suspend_fs(zsb);
45d1cae3
BB		 4249 /*
4250 * If the suspend fails, then the recv_end will
4251 * likely also fail, and clean up after itself.
4252 */
831baf06 4253 end_err = dmu_recv_end(&drc, zsb);
428870ff 4254 if (error == 0)
3558fd73 4255 error = zfs_resume_fs(zsb, tofs);
45d1cae3 4256 error = error ? error : end_err;
2cf7f52b 4257 deactivate_super(zsb->z_sb);
b128c09f 4258 } else {
831baf06 4259 error = dmu_recv_end(&drc, NULL);
34dc7c2f 4260 }
671c9354
DM		 4261
4262 /* Set delayed properties now, after we're done receiving. */
4263 if (delayprops != NULL && error == 0) {
4264 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
43e52edd 4265 delayprops, *errors);
671c9354
DM		 4266 }
4267 }
4268
4269 if (delayprops != NULL) {
4270 /*
4271 * Merge delayed props back in with initial props, in case
4272 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
4273 * we have to make sure clear_received_props() includes
4274 * the delayed properties).
4275 *
4276 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
4277 * using ASSERT() will be just like a VERIFY.
4278 */
4279 ASSERT(nvlist_merge(props, delayprops, 0) == 0);
4280 nvlist_free(delayprops);
4281 }
4282
34dc7c2f 4283
43e52edd
BB		 4284 *read_bytes = off - input_fp->f_offset;
4285 if (VOP_SEEK(input_fp->f_vnode, input_fp->f_offset, &off, NULL) == 0)
02730c33 4286 input_fp->f_offset = off;
34dc7c2f 4287
428870ff
BB		 4288#ifdef DEBUG
4289 if (zfs_ioc_recv_inject_err) {
4290 zfs_ioc_recv_inject_err = B_FALSE;
4291 error = 1;
4292 }
4293#endif
ba6a2402 4294
b128c09f
BB		 4295 /*
4296 * On error, restore the original props.
4297 */
13fe0198
MA		 4298 if (error != 0 && props != NULL && !drc.drc_newfs) {
4299 if (clear_received_props(tofs, props, NULL) != 0) {
4300 /*
4301 * We failed to clear the received properties.
4302 * Since we may have left a $recvd value on the
4303 * system, we can't clear the $hasrecvd flag.
4304 */
43e52edd 4305 *errflags |= ZPROP_ERR_NORESTORE;
13fe0198
MA		 4306 } else if (first_recvd_props) {
4307 dsl_prop_unset_hasrecvd(tofs);
428870ff
BB		 4308 }
4309
4310 if (origprops == NULL && !drc.drc_newfs) {
4311 /* We failed to stash the original properties. */
43e52edd 4312 *errflags |= ZPROP_ERR_NORESTORE;
428870ff
BB		 4313 }
4314
4315 /*
4316 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4317 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4e33ba4c 4318 * explicitly if we're restoring local properties cleared in the
428870ff
BB		 4319 * first new-style receive.
4320 */
4321 if (origprops != NULL &&
4322 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4323 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4324 origprops, NULL) != 0) {
4325 /*
4326 * We stashed the original properties but failed to
4327 * restore them.
4328 */
43e52edd 4329 *errflags |= ZPROP_ERR_NORESTORE;
428870ff 4330 }
b128c09f
BB		 4331 }
4332out:
43e52edd 4333 releasef(input_fd);
b128c09f 4334 nvlist_free(origprops);
428870ff
BB		 4335
4336 if (error == 0)
4337 error = props_error;
4338
34dc7c2f
BB		 4339 return (error);
4340}
4341
43e52edd
BB		 4342/*
4343 * inputs:
4344 * zc_name name of containing filesystem (unused)
4345 * zc_nvlist_src{_size} nvlist of properties to apply
4346 * zc_value name of snapshot to create
4347 * zc_string name of clone origin (if DRR_FLAG_CLONE)
4348 * zc_cookie file descriptor to recv from
4349 * zc_begin_record the BEGIN record of the stream (not byteswapped)
4350 * zc_guid force flag
4351 * zc_cleanup_fd cleanup-on-exit file descriptor
4352 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
4353 *
4354 * outputs:
4355 * zc_cookie number of bytes read
4356 * zc_obj zprop_errflags_t
4357 * zc_action_handle handle for this guid/ds mapping
4358 * zc_nvlist_dst{_size} error for each unapplied received property
4359 */
4360static int
4361zfs_ioc_recv(zfs_cmd_t *zc)
4362{
4363 dmu_replay_record_t begin_record;
4364 nvlist_t *errors = NULL;
4365 nvlist_t *props = NULL;
4366 char *origin = NULL;
4367 char *tosnap;
eca7b760 4368 char tofs[ZFS_MAX_DATASET_NAME_LEN];
43e52edd
BB		 4369 int error = 0;
4370
4371 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4372 strchr(zc->zc_value, '@') == NULL ||
4373 strchr(zc->zc_value, '%'))
4374 return (SET_ERROR(EINVAL));
4375
30f3f2e1 4376 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
43e52edd
BB		 4377 tosnap = strchr(tofs, '@');
4378 *tosnap++ = '\0';
4379
4380 if (zc->zc_nvlist_src != 0 &&
4381 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
4382 zc->zc_iflags, &props)) != 0)
4383 return (error);
4384
4385 if (zc->zc_string[0])
4386 origin = zc->zc_string;
4387
4388 begin_record.drr_type = DRR_BEGIN;
4389 begin_record.drr_payloadlen = 0;
4390 begin_record.drr_u.drr_begin = zc->zc_begin_record;
4391
4392 error = zfs_ioc_recv_impl(tofs, tosnap, origin, props, zc->zc_guid,
4393 B_FALSE, zc->zc_cookie, &begin_record, zc->zc_cleanup_fd,
4394 &zc->zc_cookie, &zc->zc_obj, &zc->zc_action_handle, &errors);
4395 nvlist_free(props);
4396
4397 /*
4398 * Now that all props, initial and delayed, are set, report the prop
4399 * errors to the caller.
4400 */
4401 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
4402 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4403 put_nvlist(zc, errors) != 0)) {
4404 /*
4405 * Caller made zc->zc_nvlist_dst less than the minimum expected
4406 * size or supplied an invalid address.
4407 */
4408 error = SET_ERROR(EINVAL);
4409 }
4410
4411 nvlist_free(errors);
4412
4413 return (error);
4414}
4415
4416/*
4417 * innvl: {
4418 * "snapname" -> full name of the snapshot to create
4419 * (optional) "props" -> properties to set (nvlist)
4420 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
4421 * "begin_record" -> non-byteswapped dmu_replay_record_t
4422 * "input_fd" -> file descriptor to read stream from (int32)
4423 * (optional) "force" -> force flag (value ignored)
4424 * (optional) "resumable" -> resumable flag (value ignored)
4425 * (optional) "cleanup_fd" -> cleanup-on-exit file descriptor
4426 * (optional) "action_handle" -> handle for this guid/ds mapping
4427 * }
4428 *
4429 * outnvl: {
4430 * "read_bytes" -> number of bytes read
4431 * "error_flags" -> zprop_errflags_t
4432 * "action_handle" -> handle for this guid/ds mapping
4433 * "errors" -> error for each unapplied received property (nvlist)
4434 * }
4435 */
4436static int
4437zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4438{
4439 dmu_replay_record_t *begin_record;
4440 uint_t begin_record_size;
4441 nvlist_t *errors = NULL;
4442 nvlist_t *props = NULL;
4443 char *snapname = NULL;
4444 char *origin = NULL;
4445 char *tosnap;
eca7b760 4446 char tofs[ZFS_MAX_DATASET_NAME_LEN];
43e52edd
BB		 4447 boolean_t force;
4448 boolean_t resumable;
4449 uint64_t action_handle = 0;
4450 uint64_t read_bytes = 0;
4451 uint64_t errflags = 0;
4452 int input_fd = -1;
4453 int cleanup_fd = -1;
4454 int error;
4455
4456 error = nvlist_lookup_string(innvl, "snapname", &snapname);
4457 if (error != 0)
4458 return (SET_ERROR(EINVAL));
4459
4460 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
4461 strchr(snapname, '@') == NULL ||
4462 strchr(snapname, '%'))
4463 return (SET_ERROR(EINVAL));
4464
4465 (void) strcpy(tofs, snapname);
4466 tosnap = strchr(tofs, '@');
4467 *tosnap++ = '\0';
4468
4469 error = nvlist_lookup_string(innvl, "origin", &origin);
4470 if (error && error != ENOENT)
4471 return (error);
4472
4473 error = nvlist_lookup_byte_array(innvl, "begin_record",
02730c33 4474 (uchar_t **)&begin_record, &begin_record_size);
43e52edd
BB		 4475 if (error != 0 || begin_record_size != sizeof (*begin_record))
4476 return (SET_ERROR(EINVAL));
4477
4478 error = nvlist_lookup_int32(innvl, "input_fd", &input_fd);
4479 if (error != 0)
4480 return (SET_ERROR(EINVAL));
4481
4482 force = nvlist_exists(innvl, "force");
4483 resumable = nvlist_exists(innvl, "resumable");
4484
4485 error = nvlist_lookup_int32(innvl, "cleanup_fd", &cleanup_fd);
4486 if (error && error != ENOENT)
4487 return (error);
4488
4489 error = nvlist_lookup_uint64(innvl, "action_handle", &action_handle);
4490 if (error && error != ENOENT)
4491 return (error);
4492
4493 error = nvlist_lookup_nvlist(innvl, "props", &props);
4494 if (error && error != ENOENT)
4495 return (error);
4496
4497 error = zfs_ioc_recv_impl(tofs, tosnap, origin, props, force,
4498 resumable, input_fd, begin_record, cleanup_fd, &read_bytes,
4499 &errflags, &action_handle, &errors);
4500
4501 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
4502 fnvlist_add_uint64(outnvl, "error_flags", errflags);
4503 fnvlist_add_uint64(outnvl, "action_handle", action_handle);
4504 fnvlist_add_nvlist(outnvl, "errors", errors);
4505
4506 nvlist_free(errors);
4507 nvlist_free(props);
4508
4509 return (error);
4510}
4511
34dc7c2f
BB		 4512/*
4513 * inputs:
4514 * zc_name name of snapshot to send
34dc7c2f 4515 * zc_cookie file descriptor to send stream to
572e2857
BB		 4516 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4517 * zc_sendobj objsetid of snapshot to send
4518 * zc_fromobj objsetid of incremental fromsnap (may be zero)
330d06f9
MA		 4519 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4520 * output size in zc_objset_type.
f1512ee6 4521 * zc_flags lzc_send_flags
34dc7c2f 4522 *
da536844
MA		 4523 * outputs:
4524 * zc_objset_type estimated size, if zc_guid is set
34dc7c2f
BB		 4525 */
4526static int
4527zfs_ioc_send(zfs_cmd_t *zc)
4528{
34dc7c2f
BB		 4529 int error;
4530 offset_t off;
330d06f9 4531 boolean_t estimate = (zc->zc_guid != 0);
9b67f605 4532 boolean_t embedok = (zc->zc_flags & 0x1);
f1512ee6 4533 boolean_t large_block_ok = (zc->zc_flags & 0x2);
2aa34383 4534 boolean_t compressok = (zc->zc_flags & 0x4);
34dc7c2f 4535
13fe0198
MA		 4536 if (zc->zc_obj != 0) {
4537 dsl_pool_t *dp;
4538 dsl_dataset_t *tosnap;
34dc7c2f 4539
13fe0198
MA		 4540 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4541 if (error != 0)
572e2857 4542 return (error);
13fe0198
MA		 4543
4544 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4545 if (error != 0) {
4546 dsl_pool_rele(dp, FTAG);
34dc7c2f
BB		 4547 return (error);
4548 }
13fe0198
MA		 4549
4550 if (dsl_dir_is_clone(tosnap->ds_dir))
d683ddbb
JG		 4551 zc->zc_fromobj =
4552 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
13fe0198
MA		 4553 dsl_dataset_rele(tosnap, FTAG);
4554 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 4555 }
4556
13fe0198
MA		 4557 if (estimate) {
4558 dsl_pool_t *dp;
4559 dsl_dataset_t *tosnap;
4560 dsl_dataset_t *fromsnap = NULL;
4561
4562 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4563 if (error != 0)
4564 return (error);
6f1ffb06 4565
13fe0198
MA		 4566 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4567 if (error != 0) {
4568 dsl_pool_rele(dp, FTAG);
4569 return (error);
6f1ffb06
MA		 4570 }
4571
13fe0198
MA		 4572 if (zc->zc_fromobj != 0) {
4573 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4574 FTAG, &fromsnap);
4575 if (error != 0) {
4576 dsl_dataset_rele(tosnap, FTAG);
4577 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 4578 return (error);
4579 }
4580 }
34dc7c2f 4581
2aa34383 4582 error = dmu_send_estimate(tosnap, fromsnap, compressok,
330d06f9 4583 &zc->zc_objset_type);
13fe0198
MA		 4584
4585 if (fromsnap != NULL)
4586 dsl_dataset_rele(fromsnap, FTAG);
4587 dsl_dataset_rele(tosnap, FTAG);
4588 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 4589 } else {
4590 file_t *fp = getf(zc->zc_cookie);
13fe0198 4591 if (fp == NULL)
2e528b49 4592 return (SET_ERROR(EBADF));
34dc7c2f 4593
330d06f9 4594 off = fp->f_offset;
13fe0198 4595 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
2aa34383 4596 zc->zc_fromobj, embedok, large_block_ok, compressok,
f1512ee6 4597 zc->zc_cookie, fp->f_vnode, &off);
34dc7c2f 4598
330d06f9
MA		 4599 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4600 fp->f_offset = off;
4601 releasef(zc->zc_cookie);
4602 }
34dc7c2f
BB		 4603 return (error);
4604}
4605
37abac6d
BP		 4606/*
4607 * inputs:
4608 * zc_name name of snapshot on which to report progress
4609 * zc_cookie file descriptor of send stream
4610 *
4611 * outputs:
4612 * zc_cookie number of bytes written in send stream thus far
4613 */
4614static int
4615zfs_ioc_send_progress(zfs_cmd_t *zc)
4616{
13fe0198 4617 dsl_pool_t *dp;
37abac6d
BP		 4618 dsl_dataset_t *ds;
4619 dmu_sendarg_t *dsp = NULL;
4620 int error;
4621
13fe0198
MA		 4622 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4623 if (error != 0)
37abac6d
BP		 4624 return (error);
4625
13fe0198
MA		 4626 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4627 if (error != 0) {
4628 dsl_pool_rele(dp, FTAG);
4629 return (error);
4630 }
4631
37abac6d
BP		 4632 mutex_enter(&ds->ds_sendstream_lock);
4633
4634 /*
4635 * Iterate over all the send streams currently active on this dataset.
4636 * If there's one which matches the specified file descriptor _and_ the
4637 * stream was started by the current process, return the progress of
4638 * that stream.
4639 */
4640
4641 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4642 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4643 if (dsp->dsa_outfd == zc->zc_cookie &&
4644 dsp->dsa_proc->group_leader == curproc->group_leader)
4645 break;
4646 }
4647
4648 if (dsp != NULL)
4649 zc->zc_cookie = *(dsp->dsa_off);
4650 else
2e528b49 4651 error = SET_ERROR(ENOENT);
37abac6d
BP		 4652
4653 mutex_exit(&ds->ds_sendstream_lock);
4654 dsl_dataset_rele(ds, FTAG);
13fe0198 4655 dsl_pool_rele(dp, FTAG);
37abac6d
BP		 4656 return (error);
4657}
4658
34dc7c2f
BB		 4659static int
4660zfs_ioc_inject_fault(zfs_cmd_t *zc)
4661{
4662 int id, error;
4663
4664 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4665 &zc->zc_inject_record);
4666
4667 if (error == 0)
4668 zc->zc_guid = (uint64_t)id;
4669
4670 return (error);
4671}
4672
4673static int
4674zfs_ioc_clear_fault(zfs_cmd_t *zc)
4675{
4676 return (zio_clear_fault((int)zc->zc_guid));
4677}
4678
4679static int
4680zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4681{
4682 int id = (int)zc->zc_guid;
4683 int error;
4684
4685 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4686 &zc->zc_inject_record);
4687
4688 zc->zc_guid = id;
4689
4690 return (error);
4691}
4692
4693static int
4694zfs_ioc_error_log(zfs_cmd_t *zc)
4695{
4696 spa_t *spa;
4697 int error;
4698 size_t count = (size_t)zc->zc_nvlist_dst_size;
4699
4700 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4701 return (error);
4702
4703 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4704 &count);
4705 if (error == 0)
4706 zc->zc_nvlist_dst_size = count;
4707 else
4708 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4709
4710 spa_close(spa, FTAG);
4711
4712 return (error);
4713}
4714
4715static int
4716zfs_ioc_clear(zfs_cmd_t *zc)
4717{
4718 spa_t *spa;
4719 vdev_t *vd;
34dc7c2f
BB		 4720 int error;
4721
34dc7c2f 4722 /*
b128c09f 4723 * On zpool clear we also fix up missing slogs
34dc7c2f 4724 */
b128c09f
BB		 4725 mutex_enter(&spa_namespace_lock);
4726 spa = spa_lookup(zc->zc_name);
4727 if (spa == NULL) {
4728 mutex_exit(&spa_namespace_lock);
2e528b49 4729 return (SET_ERROR(EIO));
b128c09f 4730 }
428870ff 4731 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
b128c09f 4732 /* we need to let spa_open/spa_load clear the chains */
428870ff 4733 spa_set_log_state(spa, SPA_LOG_CLEAR);
34dc7c2f 4734 }
428870ff 4735 spa->spa_last_open_failed = 0;
b128c09f 4736 mutex_exit(&spa_namespace_lock);
34dc7c2f 4737
428870ff
BB		 4738 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4739 error = spa_open(zc->zc_name, &spa, FTAG);
4740 } else {
4741 nvlist_t *policy;
4742 nvlist_t *config = NULL;
4743
b8864a23 4744 if (zc->zc_nvlist_src == 0)
2e528b49 4745 return (SET_ERROR(EINVAL));
428870ff
BB		 4746
4747 if ((error = get_nvlist(zc->zc_nvlist_src,
4748 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4749 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4750 policy, &config);
4751 if (config != NULL) {
572e2857
BB		 4752 int err;
4753
4754 if ((err = put_nvlist(zc, config)) != 0)
4755 error = err;
428870ff
BB		 4756 nvlist_free(config);
4757 }
4758 nvlist_free(policy);
4759 }
4760 }
4761
13fe0198 4762 if (error != 0)
b128c09f
BB		 4763 return (error);
4764
428870ff 4765 spa_vdev_state_enter(spa, SCL_NONE);
34dc7c2f
BB		 4766
4767 if (zc->zc_guid == 0) {
4768 vd = NULL;
b128c09f
BB		 4769 } else {
4770 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
34dc7c2f 4771 if (vd == NULL) {
b128c09f 4772 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
34dc7c2f 4773 spa_close(spa, FTAG);
2e528b49 4774 return (SET_ERROR(ENODEV));
34dc7c2f
BB		 4775 }
4776 }
4777
b128c09f
BB		 4778 vdev_clear(spa, vd);
4779
4780 (void) spa_vdev_state_exit(spa, NULL, 0);
34dc7c2f 4781
b128c09f
BB		 4782 /*
4783 * Resume any suspended I/Os.
4784 */
9babb374 4785 if (zio_resume(spa) != 0)
2e528b49 4786 error = SET_ERROR(EIO);
34dc7c2f
BB		 4787
4788 spa_close(spa, FTAG);
4789
9babb374 4790 return (error);
34dc7c2f
BB		 4791}
4792
1bd201e7
CS		 4793static int
4794zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4795{
4796 spa_t *spa;
4797 int error;
4798
4799 error = spa_open(zc->zc_name, &spa, FTAG);
13fe0198 4800 if (error != 0)
1bd201e7
CS		 4801 return (error);
4802
4803 spa_vdev_state_enter(spa, SCL_NONE);
65947351
GW		 4804
4805 /*
4806 * If a resilver is already in progress then set the
4807 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4808 * the scan as a side effect of the reopen. Otherwise, let
4809 * vdev_open() decided if a resilver is required.
4810 */
4811 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
1bd201e7 4812 vdev_reopen(spa->spa_root_vdev);
65947351
GW		 4813 spa->spa_scrub_reopen = B_FALSE;
4814
1bd201e7
CS		 4815 (void) spa_vdev_state_exit(spa, NULL, 0);
4816 spa_close(spa, FTAG);
4817 return (0);
4818}
34dc7c2f
BB		 4819/*
4820 * inputs:
4821 * zc_name name of filesystem
4822 * zc_value name of origin snapshot
4823 *
428870ff
BB		 4824 * outputs:
4825 * zc_string name of conflicting snapshot, if there is one
34dc7c2f
BB		 4826 */
4827static int
4828zfs_ioc_promote(zfs_cmd_t *zc)
4829{
4830 char *cp;
4831
4832 /*
4833 * We don't need to unmount *all* the origin fs's snapshots, but
4834 * it's easier.
4835 */
4836 cp = strchr(zc->zc_value, '@');
4837 if (cp)
4838 *cp = '\0';
4839 (void) dmu_objset_find(zc->zc_value,
13fe0198 4840 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
428870ff 4841 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
34dc7c2f
BB		 4842}
4843
9babb374
BB		 4844/*
4845 * Retrieve a single {user|group}{used|quota}@... property.
4846 *
4847 * inputs:
4848 * zc_name name of filesystem
4849 * zc_objset_type zfs_userquota_prop_t
4850 * zc_value domain name (eg. "S-1-234-567-89")
4851 * zc_guid RID/UID/GID
4852 *
4853 * outputs:
4854 * zc_cookie property value
4855 */
4856static int
4857zfs_ioc_userspace_one(zfs_cmd_t *zc)
4858{
3558fd73 4859 zfs_sb_t *zsb;
9babb374
BB		 4860 int error;
4861
4862 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
2e528b49 4863 return (SET_ERROR(EINVAL));
9babb374 4864
3558fd73 4865 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
13fe0198 4866 if (error != 0)
9babb374
BB		 4867 return (error);
4868
3558fd73 4869 error = zfs_userspace_one(zsb,
9babb374 4870 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
3558fd73 4871 zfs_sb_rele(zsb, FTAG);
9babb374
BB		 4872
4873 return (error);
4874}
4875
4876/*
4877 * inputs:
4878 * zc_name name of filesystem
4879 * zc_cookie zap cursor
4880 * zc_objset_type zfs_userquota_prop_t
4881 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4882 *
4883 * outputs:
4884 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4885 * zc_cookie zap cursor
4886 */
4887static int
4888zfs_ioc_userspace_many(zfs_cmd_t *zc)
4889{
3558fd73 4890 zfs_sb_t *zsb;
428870ff 4891 int bufsize = zc->zc_nvlist_dst_size;
3558fd73
BB		 4892 int error;
4893 void *buf;
428870ff
BB		 4894
4895 if (bufsize <= 0)
2e528b49 4896 return (SET_ERROR(ENOMEM));
9babb374 4897
3558fd73 4898 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
13fe0198 4899 if (error != 0)
9babb374
BB		 4900 return (error);
4901
2b8cad61 4902 buf = vmem_alloc(bufsize, KM_SLEEP);
9babb374 4903
3558fd73 4904 error = zfs_userspace_many(zsb, zc->zc_objset_type, &zc->zc_cookie,
9babb374
BB		 4905 buf, &zc->zc_nvlist_dst_size);
4906
4907 if (error == 0) {
4908 error = xcopyout(buf,
4909 (void *)(uintptr_t)zc->zc_nvlist_dst,
4910 zc->zc_nvlist_dst_size);
4911 }
2b8cad61 4912 vmem_free(buf, bufsize);
3558fd73 4913 zfs_sb_rele(zsb, FTAG);
9babb374
BB		 4914
4915 return (error);
4916}
4917
4918/*
4919 * inputs:
4920 * zc_name name of filesystem
4921 *
4922 * outputs:
4923 * none
4924 */
4925static int
4926zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4927{
4928 objset_t *os;
428870ff 4929 int error = 0;
3558fd73 4930 zfs_sb_t *zsb;
9babb374 4931
3558fd73
BB		 4932 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
4933 if (!dmu_objset_userused_enabled(zsb->z_os)) {
9babb374
BB		 4934 /*
4935 * If userused is not enabled, it may be because the
4936 * objset needs to be closed & reopened (to grow the
4937 * objset_phys_t). Suspend/resume the fs will do that.
4938 */
3558fd73 4939 error = zfs_suspend_fs(zsb);
831baf06
KW		 4940 if (error == 0) {
4941 dmu_objset_refresh_ownership(zsb->z_os,
4942 zsb);
3558fd73 4943 error = zfs_resume_fs(zsb, zc->zc_name);
831baf06 4944 }
9babb374
BB		 4945 }
4946 if (error == 0)
3558fd73 4947 error = dmu_objset_userspace_upgrade(zsb->z_os);
2cf7f52b 4948 deactivate_super(zsb->z_sb);
9babb374 4949 } else {
428870ff
BB		 4950 /* XXX kind of reading contents without owning */
4951 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13fe0198 4952 if (error != 0)
9babb374
BB		 4953 return (error);
4954
4955 error = dmu_objset_userspace_upgrade(os);
428870ff 4956 dmu_objset_rele(os, FTAG);
9babb374
BB		 4957 }
4958
4959 return (error);
4960}
4961
1de321e6
JX		 4962/*
4963 * inputs:
4964 * zc_name name of filesystem
4965 *
4966 * outputs:
4967 * none
4968 */
4969static int
4970zfs_ioc_userobjspace_upgrade(zfs_cmd_t *zc)
4971{
4972 objset_t *os;
4973 int error;
4974
4975 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4976 if (error != 0)
4977 return (error);
4978
4979 dsl_dataset_long_hold(dmu_objset_ds(os), FTAG);
4980 dsl_pool_rele(dmu_objset_pool(os), FTAG);
4981
4982 if (dmu_objset_userobjspace_upgradable(os)) {
4983 mutex_enter(&os->os_upgrade_lock);
4984 if (os->os_upgrade_id == 0) {
4985 /* clear potential error code and retry */
4986 os->os_upgrade_status = 0;
4987 mutex_exit(&os->os_upgrade_lock);
4988
4989 dmu_objset_userobjspace_upgrade(os);
4990 } else {
4991 mutex_exit(&os->os_upgrade_lock);
4992 }
4993
4994 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
4995 error = os->os_upgrade_status;
4996 }
4997
4998 dsl_dataset_long_rele(dmu_objset_ds(os), FTAG);
4999 dsl_dataset_rele(dmu_objset_ds(os), FTAG);
5000
5001 return (error);
5002}
5003
34dc7c2f
BB		 5004static int
5005zfs_ioc_share(zfs_cmd_t *zc)
5006{
2e528b49 5007 return (SET_ERROR(ENOSYS));
34dc7c2f
BB		 5008}
5009
9babb374
BB		 5010ace_t full_access[] = {
5011 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
5012};
5013
572e2857
BB		 5014/*
5015 * inputs:
5016 * zc_name name of containing filesystem
5017 * zc_obj object # beyond which we want next in-use object #
5018 *
5019 * outputs:
5020 * zc_obj next in-use object #
5021 */
5022static int
5023zfs_ioc_next_obj(zfs_cmd_t *zc)
5024{
5025 objset_t *os = NULL;
5026 int error;
5027
5028 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
13fe0198 5029 if (error != 0)
572e2857
BB		 5030 return (error);
5031
7290cd3c 5032 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
572e2857
BB		 5033
5034 dmu_objset_rele(os, FTAG);
5035 return (error);
5036}
5037
5038/*
5039 * inputs:
5040 * zc_name name of filesystem
5041 * zc_value prefix name for snapshot
5042 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
5043 *
5044 * outputs:
6f1ffb06 5045 * zc_value short name of new snapshot
572e2857
BB		 5046 */
5047static int
5048zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
5049{
5050 char *snap_name;
13fe0198 5051 char *hold_name;
572e2857 5052 int error;
13fe0198 5053 minor_t minor;
572e2857 5054
13fe0198
MA		 5055 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
5056 if (error != 0)
572e2857 5057 return (error);
572e2857 5058
13fe0198
MA		 5059 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
5060 (u_longlong_t)ddi_get_lbolt64());
5061 hold_name = kmem_asprintf("%%%s", zc->zc_value);
5062
5063 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
5064 hold_name);
5065 if (error == 0)
680eada9 5066 (void) strlcpy(zc->zc_value, snap_name,
5067 sizeof (zc->zc_value));
572e2857 5068 strfree(snap_name);
13fe0198
MA		 5069 strfree(hold_name);
5070 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
5071 return (error);
572e2857
BB		 5072}
5073
5074/*
5075 * inputs:
5076 * zc_name name of "to" snapshot
5077 * zc_value name of "from" snapshot
5078 * zc_cookie file descriptor to write diff data on
5079 *
5080 * outputs:
5081 * dmu_diff_record_t's to the file descriptor
5082 */
5083static int
5084zfs_ioc_diff(zfs_cmd_t *zc)
5085{
572e2857
BB		 5086 file_t *fp;
5087 offset_t off;
5088 int error;
5089
572e2857 5090 fp = getf(zc->zc_cookie);
13fe0198 5091 if (fp == NULL)
2e528b49 5092 return (SET_ERROR(EBADF));
572e2857
BB		 5093
5094 off = fp->f_offset;
5095
13fe0198 5096 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
572e2857
BB		 5097
5098 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5099 fp->f_offset = off;
5100 releasef(zc->zc_cookie);
5101
572e2857
BB		 5102 return (error);
5103}
5104
9babb374
BB		 5105/*
5106 * Remove all ACL files in shares dir
5107 */
3c9609b3 5108#ifdef HAVE_SMB_SHARE
9babb374
BB		 5109static int
5110zfs_smb_acl_purge(znode_t *dzp)
5111{
5112 zap_cursor_t zc;
5113 zap_attribute_t zap;
3558fd73 5114 zfs_sb_t *zsb = ZTOZSB(dzp);
9babb374
BB		 5115 int error;
5116
3558fd73 5117 for (zap_cursor_init(&zc, zsb->z_os, dzp->z_id);
9babb374
BB		 5118 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
5119 zap_cursor_advance(&zc)) {
5120 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
5121 NULL, 0)) != 0)
5122 break;
5123 }
5124 zap_cursor_fini(&zc);
5125 return (error);
5126}
3c9609b3 5127#endif /* HAVE_SMB_SHARE */
9babb374
BB		 5128
5129static int
5130zfs_ioc_smb_acl(zfs_cmd_t *zc)
5131{
3c9609b3 5132#ifdef HAVE_SMB_SHARE
9babb374
BB		 5133 vnode_t *vp;
5134 znode_t *dzp;
5135 vnode_t *resourcevp = NULL;
5136 znode_t *sharedir;
3558fd73 5137 zfs_sb_t *zsb;
9babb374
BB		 5138 nvlist_t *nvlist;
5139 char *src, *target;
5140 vattr_t vattr;
5141 vsecattr_t vsec;
5142 int error = 0;
5143
5144 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
5145 NO_FOLLOW, NULL, &vp)) != 0)
5146 return (error);
5147
5148 /* Now make sure mntpnt and dataset are ZFS */
5149
5150 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
5151 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
5152 zc->zc_name) != 0)) {
5153 VN_RELE(vp);
2e528b49 5154 return (SET_ERROR(EINVAL));
9babb374
BB		 5155 }
5156
5157 dzp = VTOZ(vp);
3558fd73
BB		 5158 zsb = ZTOZSB(dzp);
5159 ZFS_ENTER(zsb);
9babb374
BB		 5160
5161 /*
5162 * Create share dir if its missing.
5163 */
3558fd73
BB		 5164 mutex_enter(&zsb->z_lock);
5165 if (zsb->z_shares_dir == 0) {
9babb374
BB		 5166 dmu_tx_t *tx;
5167
3558fd73 5168 tx = dmu_tx_create(zsb->z_os);
9babb374
BB		 5169 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
5170 ZFS_SHARES_DIR);
5171 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
5172 error = dmu_tx_assign(tx, TXG_WAIT);
13fe0198 5173 if (error != 0) {
9babb374
BB		 5174 dmu_tx_abort(tx);
5175 } else {
3558fd73 5176 error = zfs_create_share_dir(zsb, tx);
9babb374
BB		 5177 dmu_tx_commit(tx);
5178 }
13fe0198 5179 if (error != 0) {
3558fd73 5180 mutex_exit(&zsb->z_lock);
9babb374 5181 VN_RELE(vp);
3558fd73 5182 ZFS_EXIT(zsb);
9babb374
BB		 5183 return (error);
5184 }
5185 }
3558fd73 5186 mutex_exit(&zsb->z_lock);
9babb374 5187
3558fd73
BB		 5188 ASSERT(zsb->z_shares_dir);
5189 if ((error = zfs_zget(zsb, zsb->z_shares_dir, &sharedir)) != 0) {
9babb374 5190 VN_RELE(vp);
3558fd73 5191 ZFS_EXIT(zsb);
9babb374
BB		 5192 return (error);
5193 }
5194
5195 switch (zc->zc_cookie) {
5196 case ZFS_SMB_ACL_ADD:
5197 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
9babb374
BB		 5198 vattr.va_mode = S_IFREG|0777;
5199 vattr.va_uid = 0;
5200 vattr.va_gid = 0;
5201
5202 vsec.vsa_mask = VSA_ACE;
5203 vsec.vsa_aclentp = &full_access;
5204 vsec.vsa_aclentsz = sizeof (full_access);
5205 vsec.vsa_aclcnt = 1;
5206
5207 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
5208 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
5209 if (resourcevp)
5210 VN_RELE(resourcevp);
5211 break;
5212
5213 case ZFS_SMB_ACL_REMOVE:
5214 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
5215 NULL, 0);
5216 break;
5217
5218 case ZFS_SMB_ACL_RENAME:
5219 if ((error = get_nvlist(zc->zc_nvlist_src,
5220 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
5221 VN_RELE(vp);
a4d179ef 5222 VN_RELE(ZTOV(sharedir));
3558fd73 5223 ZFS_EXIT(zsb);
9babb374
BB		 5224 return (error);
5225 }
5226 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
5227 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
5228 &target)) {
5229 VN_RELE(vp);
5230 VN_RELE(ZTOV(sharedir));
3558fd73 5231 ZFS_EXIT(zsb);
428870ff 5232 nvlist_free(nvlist);
9babb374
BB		 5233 return (error);
5234 }
5235 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
5236 kcred, NULL, 0);
5237 nvlist_free(nvlist);
5238 break;
5239
5240 case ZFS_SMB_ACL_PURGE:
5241 error = zfs_smb_acl_purge(sharedir);
5242 break;
5243
5244 default:
2e528b49 5245 error = SET_ERROR(EINVAL);
9babb374
BB		 5246 break;
5247 }
5248
5249 VN_RELE(vp);
5250 VN_RELE(ZTOV(sharedir));
5251
3558fd73 5252 ZFS_EXIT(zsb);
9babb374
BB		 5253
5254 return (error);
325f0235 5255#else
2e528b49 5256 return (SET_ERROR(ENOTSUP));
3c9609b3 5257#endif /* HAVE_SMB_SHARE */
9babb374
BB		 5258}
5259
45d1cae3 5260/*
13fe0198
MA		 5261 * innvl: {
5262 * "holds" -> { snapname -> holdname (string), ... }
5263 * (optional) "cleanup_fd" -> fd (int32)
5264 * }
45d1cae3 5265 *
13fe0198
MA		 5266 * outnvl: {
5267 * snapname -> error value (int32)
5268 * ...
5269 * }
45d1cae3 5270 */
13fe0198 5271/* ARGSUSED */
45d1cae3 5272static int
13fe0198 5273zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
45d1cae3 5274{
fc581e05 5275 nvpair_t *pair;
13fe0198
MA		 5276 nvlist_t *holds;
5277 int cleanup_fd = -1;
572e2857
BB		 5278 int error;
5279 minor_t minor = 0;
45d1cae3 5280
13fe0198
MA		 5281 error = nvlist_lookup_nvlist(args, "holds", &holds);
5282 if (error != 0)
2e528b49 5283 return (SET_ERROR(EINVAL));
572e2857 5284
fc581e05
JJS		 5285 /* make sure the user didn't pass us any invalid (empty) tags */
5286 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
5287 pair = nvlist_next_nvpair(holds, pair)) {
5288 char *htag;
5289
5290 error = nvpair_value_string(pair, &htag);
5291 if (error != 0)
5292 return (SET_ERROR(error));
5293
5294 if (strlen(htag) == 0)
5295 return (SET_ERROR(EINVAL));
5296 }
5297
13fe0198
MA		 5298 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
5299 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
5300 if (error != 0)
572e2857 5301 return (error);
572e2857 5302 }
572e2857 5303
13fe0198
MA		 5304 error = dsl_dataset_user_hold(holds, minor, errlist);
5305 if (minor != 0)
5306 zfs_onexit_fd_rele(cleanup_fd);
572e2857 5307 return (error);
45d1cae3
BB		 5308}
5309
5310/*
13fe0198 5311 * innvl is not used.
45d1cae3 5312 *
13fe0198
MA		 5313 * outnvl: {
5314 * holdname -> time added (uint64 seconds since epoch)
5315 * ...
5316 * }
45d1cae3 5317 */
13fe0198 5318/* ARGSUSED */
45d1cae3 5319static int
13fe0198 5320zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
45d1cae3 5321{
13fe0198 5322 return (dsl_dataset_get_holds(snapname, outnvl));
45d1cae3
BB		 5323}
5324
5325/*
13fe0198
MA		 5326 * innvl: {
5327 * snapname -> { holdname, ... }
5328 * ...
5329 * }
45d1cae3 5330 *
13fe0198
MA		 5331 * outnvl: {
5332 * snapname -> error value (int32)
5333 * ...
5334 * }
45d1cae3 5335 */
13fe0198 5336/* ARGSUSED */
45d1cae3 5337static int
13fe0198 5338zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
45d1cae3 5339{
13fe0198 5340 return (dsl_dataset_user_release(holds, errlist));
45d1cae3
BB		 5341}
5342
26685276
BB		 5343/*
5344 * inputs:
5345 * zc_guid flags (ZEVENT_NONBLOCK)
9b101a73 5346 * zc_cleanup_fd zevent file descriptor
26685276
BB		 5347 *
5348 * outputs:
5349 * zc_nvlist_dst next nvlist event
5350 * zc_cookie dropped events since last get
26685276
BB		 5351 */
5352static int
5353zfs_ioc_events_next(zfs_cmd_t *zc)
5354{
5355 zfs_zevent_t *ze;
5356 nvlist_t *event = NULL;
5357 minor_t minor;
5358 uint64_t dropped = 0;
5359 int error;
5360
5361 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
5362 if (error != 0)
5363 return (error);
5364
5365 do {
baa40d45 5366 error = zfs_zevent_next(ze, &event,
02730c33 5367 &zc->zc_nvlist_dst_size, &dropped);
26685276
BB		 5368 if (event != NULL) {
5369 zc->zc_cookie = dropped;
5370 error = put_nvlist(zc, event);
baa40d45 5371 nvlist_free(event);
26685276
BB		 5372 }
5373
5374 if (zc->zc_guid & ZEVENT_NONBLOCK)
5375 break;
5376
5377 if ((error == 0) || (error != ENOENT))
5378 break;
5379
5380 error = zfs_zevent_wait(ze);
13fe0198 5381 if (error != 0)
26685276
BB		 5382 break;
5383 } while (1);
5384
5385 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
5386
5387 return (error);
5388}
5389
5390/*
5391 * outputs:
5392 * zc_cookie cleared events count
5393 */
5394static int
5395zfs_ioc_events_clear(zfs_cmd_t *zc)
5396{
5397 int count;
5398
5399 zfs_zevent_drain_all(&count);
5400 zc->zc_cookie = count;
5401
d1d7e268 5402 return (0);
26685276
BB		 5403}
5404
75e3ff58
BB		 5405/*
5406 * inputs:
5407 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
5408 * zc_cleanup zevent file descriptor
5409 */
5410static int
5411zfs_ioc_events_seek(zfs_cmd_t *zc)
5412{
5413 zfs_zevent_t *ze;
5414 minor_t minor;
5415 int error;
5416
5417 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
5418 if (error != 0)
5419 return (error);
5420
5421 error = zfs_zevent_seek(ze, zc->zc_guid);
5422 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
5423
5424 return (error);
5425}
5426
330d06f9
MA		 5427/*
5428 * inputs:
5429 * zc_name name of new filesystem or snapshot
5430 * zc_value full name of old snapshot
5431 *
5432 * outputs:
5433 * zc_cookie space in bytes
5434 * zc_objset_type compressed space in bytes
5435 * zc_perm_action uncompressed space in bytes
5436 */
5437static int
5438zfs_ioc_space_written(zfs_cmd_t *zc)
5439{
5440 int error;
13fe0198 5441 dsl_pool_t *dp;
330d06f9
MA		 5442 dsl_dataset_t *new, *old;
5443
13fe0198 5444 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
330d06f9
MA		 5445 if (error != 0)
5446 return (error);
13fe0198
MA		 5447 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
5448 if (error != 0) {
5449 dsl_pool_rele(dp, FTAG);
5450 return (error);
5451 }
5452 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
330d06f9
MA		 5453 if (error != 0) {
5454 dsl_dataset_rele(new, FTAG);
13fe0198 5455 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 5456 return (error);
5457 }
5458
5459 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5460 &zc->zc_objset_type, &zc->zc_perm_action);
5461 dsl_dataset_rele(old, FTAG);
5462 dsl_dataset_rele(new, FTAG);
13fe0198 5463 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 5464 return (error);
5465}
5466
5467/*
6f1ffb06
MA		 5468 * innvl: {
5469 * "firstsnap" -> snapshot name
5470 * }
330d06f9 5471 *
6f1ffb06
MA		 5472 * outnvl: {
5473 * "used" -> space in bytes
5474 * "compressed" -> compressed space in bytes
5475 * "uncompressed" -> uncompressed space in bytes
5476 * }
330d06f9
MA		 5477 */
5478static int
6f1ffb06 5479zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
330d06f9
MA		 5480{
5481 int error;
13fe0198 5482 dsl_pool_t *dp;
330d06f9 5483 dsl_dataset_t *new, *old;
6f1ffb06
MA		 5484 char *firstsnap;
5485 uint64_t used, comp, uncomp;
330d06f9 5486
6f1ffb06 5487 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
2e528b49 5488 return (SET_ERROR(EINVAL));
6f1ffb06 5489
13fe0198 5490 error = dsl_pool_hold(lastsnap, FTAG, &dp);
330d06f9
MA		 5491 if (error != 0)
5492 return (error);
13fe0198
MA		 5493
5494 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
71e2fe41
AG		 5495 if (error == 0 && !new->ds_is_snapshot) {
5496 dsl_dataset_rele(new, FTAG);
5497 error = SET_ERROR(EINVAL);
5498 }
13fe0198
MA		 5499 if (error != 0) {
5500 dsl_pool_rele(dp, FTAG);
5501 return (error);
5502 }
5503 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
71e2fe41
AG		 5504 if (error == 0 && !old->ds_is_snapshot) {
5505 dsl_dataset_rele(old, FTAG);
5506 error = SET_ERROR(EINVAL);
5507 }
330d06f9
MA		 5508 if (error != 0) {
5509 dsl_dataset_rele(new, FTAG);
13fe0198 5510 dsl_pool_rele(dp, FTAG);
330d06f9
MA		 5511 return (error);
5512 }
5513
6f1ffb06 5514 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
330d06f9
MA		 5515 dsl_dataset_rele(old, FTAG);
5516 dsl_dataset_rele(new, FTAG);
13fe0198 5517 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 5518 fnvlist_add_uint64(outnvl, "used", used);
5519 fnvlist_add_uint64(outnvl, "compressed", comp);
5520 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
330d06f9
MA		 5521 return (error);
5522}
5523
34dc7c2f 5524/*
6f1ffb06
MA		 5525 * innvl: {
5526 * "fd" -> file descriptor to write stream to (int32)
5527 * (optional) "fromsnap" -> full snap name to send an incremental from
f1512ee6
MA		 5528 * (optional) "largeblockok" -> (value ignored)
5529 * indicates that blocks > 128KB are permitted
9b67f605
MA		 5530 * (optional) "embedok" -> (value ignored)
5531 * presence indicates DRR_WRITE_EMBEDDED records are permitted
2aa34383
DK		 5532 * (optional) "compressok" -> (value ignored)
5533 * presence indicates compressed DRR_WRITE records are permitted
47dfff3b
MA		 5534 * (optional) "resume_object" and "resume_offset" -> (uint64)
5535 * if present, resume send stream from specified object and offset.
6f1ffb06
MA		 5536 * }
5537 *
5538 * outnvl is unused
34dc7c2f 5539 */
6f1ffb06
MA		 5540/* ARGSUSED */
5541static int
5542zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5543{
6f1ffb06
MA		 5544 int error;
5545 offset_t off;
13fe0198 5546 char *fromname = NULL;
6f1ffb06 5547 int fd;
13fe0198 5548 file_t *fp;
f1512ee6 5549 boolean_t largeblockok;
9b67f605 5550 boolean_t embedok;
2aa34383 5551 boolean_t compressok;
47dfff3b
MA		 5552 uint64_t resumeobj = 0;
5553 uint64_t resumeoff = 0;
6f1ffb06
MA		 5554
5555 error = nvlist_lookup_int32(innvl, "fd", &fd);
5556 if (error != 0)
2e528b49 5557 return (SET_ERROR(EINVAL));
6f1ffb06 5558
13fe0198 5559 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6f1ffb06 5560
f1512ee6 5561 largeblockok = nvlist_exists(innvl, "largeblockok");
9b67f605 5562 embedok = nvlist_exists(innvl, "embedok");
2aa34383 5563 compressok = nvlist_exists(innvl, "compressok");
9b67f605 5564
47dfff3b
MA		 5565 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
5566 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
5567
13fe0198 5568 if ((fp = getf(fd)) == NULL)
2e528b49 5569 return (SET_ERROR(EBADF));
6f1ffb06
MA		 5570
5571 off = fp->f_offset;
2aa34383 5572 error = dmu_send(snapname, fromname, embedok, largeblockok, compressok,
02730c33 5573 fd, resumeobj, resumeoff, fp->f_vnode, &off);
6f1ffb06
MA		 5574
5575 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5576 fp->f_offset = off;
13fe0198 5577
6f1ffb06 5578 releasef(fd);
6f1ffb06
MA		 5579 return (error);
5580}
5581
5582/*
5583 * Determine approximately how large a zfs send stream will be -- the number
5584 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5585 *
5586 * innvl: {
5dc8b736
MG		 5587 * (optional) "from" -> full snap or bookmark name to send an incremental
5588 * from
2aa34383
DK		 5589 * (optional) "largeblockok" -> (value ignored)
5590 * indicates that blocks > 128KB are permitted
5591 * (optional) "embedok" -> (value ignored)
5592 * presence indicates DRR_WRITE_EMBEDDED records are permitted
5593 * (optional) "compressok" -> (value ignored)
5594 * presence indicates compressed DRR_WRITE records are permitted
6f1ffb06
MA		 5595 * }
5596 *
5597 * outnvl: {
5598 * "space" -> bytes of space (uint64)
5599 * }
5600 */
5601static int
5602zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5603{
13fe0198 5604 dsl_pool_t *dp;
13fe0198 5605 dsl_dataset_t *tosnap;
6f1ffb06
MA		 5606 int error;
5607 char *fromname;
2aa34383
DK		 5608 /* LINTED E_FUNC_SET_NOT_USED */
5609 boolean_t largeblockok;
5610 /* LINTED E_FUNC_SET_NOT_USED */
5611 boolean_t embedok;
5612 boolean_t compressok;
6f1ffb06
MA		 5613 uint64_t space;
5614
13fe0198
MA		 5615 error = dsl_pool_hold(snapname, FTAG, &dp);
5616 if (error != 0)
6f1ffb06
MA		 5617 return (error);
5618
13fe0198
MA		 5619 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
5620 if (error != 0) {
5621 dsl_pool_rele(dp, FTAG);
5622 return (error);
5623 }
5624
2aa34383
DK		 5625 largeblockok = nvlist_exists(innvl, "largeblockok");
5626 embedok = nvlist_exists(innvl, "embedok");
5627 compressok = nvlist_exists(innvl, "compressok");
5628
5dc8b736 5629 error = nvlist_lookup_string(innvl, "from", &fromname);
6f1ffb06 5630 if (error == 0) {
5dc8b736
MG		 5631 if (strchr(fromname, '@') != NULL) {
5632 /*
5633 * If from is a snapshot, hold it and use the more
5634 * efficient dmu_send_estimate to estimate send space
5635 * size using deadlists.
5636 */
5637 dsl_dataset_t *fromsnap;
5638 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
5639 if (error != 0)
5640 goto out;
2aa34383 5641 error = dmu_send_estimate(tosnap, fromsnap, compressok,
02730c33 5642 &space);
5dc8b736
MG		 5643 dsl_dataset_rele(fromsnap, FTAG);
5644 } else if (strchr(fromname, '#') != NULL) {
5645 /*
5646 * If from is a bookmark, fetch the creation TXG of the
5647 * snapshot it was created from and use that to find
5648 * blocks that were born after it.
5649 */
5650 zfs_bookmark_phys_t frombm;
5651
5652 error = dsl_bookmark_lookup(dp, fromname, tosnap,
5653 &frombm);
5654 if (error != 0)
5655 goto out;
5656 error = dmu_send_estimate_from_txg(tosnap,
2aa34383 5657 frombm.zbm_creation_txg, compressok, &space);
5dc8b736
MG		 5658 } else {
5659 /*
5660 * from is not properly formatted as a snapshot or
5661 * bookmark
5662 */
5663 error = SET_ERROR(EINVAL);
5664 goto out;
6f1ffb06 5665 }
5dc8b736
MG		 5666 } else {
5667 // If estimating the size of a full send, use dmu_send_estimate
2aa34383 5668 error = dmu_send_estimate(tosnap, NULL, compressok, &space);
6f1ffb06
MA		 5669 }
5670
6f1ffb06
MA		 5671 fnvlist_add_uint64(outnvl, "space", space);
5672
5dc8b736 5673out:
13fe0198
MA		 5674 dsl_dataset_rele(tosnap, FTAG);
5675 dsl_pool_rele(dp, FTAG);
6f1ffb06
MA		 5676 return (error);
5677}
5678
6f1ffb06
MA		 5679static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5680
5681static void
5682zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5683 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5684 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5685{
5686 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5687
5688 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5689 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5690 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5691 ASSERT3P(vec->zvec_func, ==, NULL);
5692
5693 vec->zvec_legacy_func = func;
5694 vec->zvec_secpolicy = secpolicy;
5695 vec->zvec_namecheck = namecheck;
5696 vec->zvec_allow_log = log_history;
5697 vec->zvec_pool_check = pool_check;
5698}
5699
5700/*
5701 * See the block comment at the beginning of this file for details on
5702 * each argument to this function.
5703 */
5704static void
5705zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5706 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5707 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5708 boolean_t allow_log)
5709{
5710 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5711
5712 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5713 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5714 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5715 ASSERT3P(vec->zvec_func, ==, NULL);
5716
5717 /* if we are logging, the name must be valid */
5718 ASSERT(!allow_log || namecheck != NO_NAME);
5719
5720 vec->zvec_name = name;
5721 vec->zvec_func = func;
5722 vec->zvec_secpolicy = secpolicy;
5723 vec->zvec_namecheck = namecheck;
5724 vec->zvec_pool_check = pool_check;
5725 vec->zvec_smush_outnvlist = smush_outnvlist;
5726 vec->zvec_allow_log = allow_log;
5727}
5728
5729static void
5730zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5731 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5732 zfs_ioc_poolcheck_t pool_check)
5733{
5734 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5735 POOL_NAME, log_history, pool_check);
5736}
5737
5738static void
5739zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5740 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5741{
5742 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5743 DATASET_NAME, B_FALSE, pool_check);
5744}
5745
5746static void
5747zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5748{
5749 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5750 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5751}
5752
5753static void
5754zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5755 zfs_secpolicy_func_t *secpolicy)
5756{
5757 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5758 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5759}
5760
5761static void
5762zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5763 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5764{
5765 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5766 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5767}
5768
5769static void
5770zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5771{
5772 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5773 zfs_secpolicy_read);
5774}
5775
5776static void
5777zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
e9aa730c 5778 zfs_secpolicy_func_t *secpolicy)
6f1ffb06
MA		 5779{
5780 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5781 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5782}
5783
5784static void
5785zfs_ioctl_init(void)
5786{
5787 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5788 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5789 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5790
5791 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5792 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5793 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5794
5795 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5796 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5797 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5798
5799 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5800 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5801 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5802
5803 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5804 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5805 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5806
5807 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5808 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5809 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5810
5811 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5812 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5813 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5814
5815 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5816 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5817 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5818
13fe0198
MA		 5819 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
5820 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
5821 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5822 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
5823 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
5824 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5825
5826 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
5827 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
5828 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5829
46ba1e59
MA		 5830 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
5831 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
5832 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE);
5833
da536844
MA		 5834 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
5835 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
5836 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5837
5838 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
5839 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
5840 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5841
5842 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
5843 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
5844 POOL_NAME,
5845 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5846
43e52edd
BB		 5847 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
5848 zfs_ioc_recv_new, zfs_secpolicy_recv_new, DATASET_NAME,
5849 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5850
6f1ffb06
MA		 5851 /* IOCTLS that use the legacy function signature */
5852
5853 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5854 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5855
5856 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5857 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5858 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5859 zfs_ioc_pool_scan);
5860 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5861 zfs_ioc_pool_upgrade);
5862 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5863 zfs_ioc_vdev_add);
5864 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5865 zfs_ioc_vdev_remove);
5866 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5867 zfs_ioc_vdev_set_state);
5868 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5869 zfs_ioc_vdev_attach);
5870 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5871 zfs_ioc_vdev_detach);
5872 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5873 zfs_ioc_vdev_setpath);
5874 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5875 zfs_ioc_vdev_setfru);
5876 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5877 zfs_ioc_pool_set_props);
5878 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5879 zfs_ioc_vdev_split);
5880 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5881 zfs_ioc_pool_reguid);
5882
5883 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5884 zfs_ioc_pool_configs, zfs_secpolicy_none);
5885 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5886 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5887 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5888 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5889 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5890 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5891 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5892 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5893
5894 /*
5895 * pool destroy, and export don't log the history as part of
5896 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5897 * does the logging of those commands.
5898 */
5899 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
87a63dd7 5900 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6f1ffb06 5901 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
87a63dd7 5902 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
6f1ffb06
MA		 5903
5904 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5905 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5906 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5907 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5908
5909 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5910 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5911 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5912 zfs_ioc_dsobj_to_dsname,
5913 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5914 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5915 zfs_ioc_pool_get_history,
5916 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5917
5918 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5919 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5920
5921 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
ac72fac3 5922 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
6f1ffb06
MA		 5923 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5924 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5925
5926 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5927 zfs_ioc_space_written);
6f1ffb06
MA		 5928 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5929 zfs_ioc_objset_recvd_props);
5930 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5931 zfs_ioc_next_obj);
5932 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5933 zfs_ioc_get_fsacl);
5934 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5935 zfs_ioc_objset_stats);
5936 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5937 zfs_ioc_objset_zplprops);
5938 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5939 zfs_ioc_dataset_list_next);
5940 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5941 zfs_ioc_snapshot_list_next);
5942 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5943 zfs_ioc_send_progress);
5944
5945 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5946 zfs_ioc_diff, zfs_secpolicy_diff);
5947 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5948 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5949 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5950 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5951 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5952 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5953 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5954 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5955 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5956 zfs_ioc_send, zfs_secpolicy_send);
5957
5958 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5959 zfs_secpolicy_none);
5960 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5961 zfs_secpolicy_destroy);
6f1ffb06
MA		 5962 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5963 zfs_secpolicy_rename);
5964 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5965 zfs_secpolicy_recv);
5966 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5967 zfs_secpolicy_promote);
6f1ffb06
MA		 5968 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5969 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5970 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5971 zfs_secpolicy_set_fsacl);
5972
5973 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5974 zfs_secpolicy_share, POOL_CHECK_NONE);
5975 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5976 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5977 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5978 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5979 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5980 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5981 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5982 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5983
5984 /*
ba6a2402 5985 * ZoL functions
6f1ffb06 5986 */
6f1ffb06
MA		 5987 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
5988 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5989 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
5990 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
75e3ff58
BB		 5991 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
5992 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
6f1ffb06 5993}
34dc7c2f 5994
9babb374 5995int
572e2857
BB		 5996pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5997 zfs_ioc_poolcheck_t check)
9babb374
BB		 5998{
5999 spa_t *spa;
6000 int error;
6001
6002 ASSERT(type == POOL_NAME || type == DATASET_NAME);
6003
572e2857
BB		 6004 if (check & POOL_CHECK_NONE)
6005 return (0);
6006
9babb374
BB		 6007 error = spa_open(name, &spa, FTAG);
6008 if (error == 0) {
572e2857 6009 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
2e528b49 6010 error = SET_ERROR(EAGAIN);
572e2857 6011 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
2e528b49 6012 error = SET_ERROR(EROFS);
9babb374
BB		 6013 spa_close(spa, FTAG);
6014 }
6015 return (error);
6016}
6017
325f0235
BB		 6018static void *
6019zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
6020{
6021 zfsdev_state_t *zs;
6022
3937ab20 6023 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
325f0235 6024 if (zs->zs_minor == minor) {
3937ab20 6025 smp_rmb();
325f0235 6026 switch (which) {
d1d7e268
MK		 6027 case ZST_ONEXIT:
6028 return (zs->zs_onexit);
6029 case ZST_ZEVENT:
6030 return (zs->zs_zevent);
6031 case ZST_ALL:
6032 return (zs);
325f0235
BB		 6033 }
6034 }
6035 }
6036
d1d7e268 6037 return (NULL);
325f0235
BB		 6038}
6039
6040void *
6041zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
6042{
6043 void *ptr;
6044
325f0235 6045 ptr = zfsdev_get_state_impl(minor, which);
325f0235 6046
d1d7e268 6047 return (ptr);
325f0235
BB		 6048}
6049
72540ea3
RY		 6050int
6051zfsdev_getminor(struct file *filp, minor_t *minorp)
325f0235 6052{
72540ea3
RY		 6053 zfsdev_state_t *zs, *fpd;
6054
325f0235 6055 ASSERT(filp != NULL);
72540ea3
RY		 6056 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
6057
6058 fpd = filp->private_data;
6059 if (fpd == NULL)
6060 return (EBADF);
6061
6062 mutex_enter(&zfsdev_state_lock);
6063
6064 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6065
6066 if (zs->zs_minor == -1)
6067 continue;
6068
6069 if (fpd == zs) {
6070 *minorp = fpd->zs_minor;
6071 mutex_exit(&zfsdev_state_lock);
6072 return (0);
6073 }
6074 }
6075
6076 mutex_exit(&zfsdev_state_lock);
325f0235 6077
72540ea3 6078 return (EBADF);
325f0235
BB		 6079}
6080
572e2857 6081/*
325f0235
BB		 6082 * Find a free minor number. The zfsdev_state_list is expected to
6083 * be short since it is only a list of currently open file handles.
572e2857
BB		 6084 */
6085minor_t
6086zfsdev_minor_alloc(void)
6087{
325f0235 6088 static minor_t last_minor = 0;
572e2857
BB		 6089 minor_t m;
6090
6091 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
6092
6093 for (m = last_minor + 1; m != last_minor; m++) {
6094 if (m > ZFSDEV_MAX_MINOR)
6095 m = 1;
325f0235 6096 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
572e2857
BB		 6097 last_minor = m;
6098 return (m);
6099 }
6100 }
6101
6102 return (0);
6103}
6104
6105static int
325f0235 6106zfsdev_state_init(struct file *filp)
572e2857 6107{
3937ab20 6108 zfsdev_state_t *zs, *zsprev = NULL;
572e2857 6109 minor_t minor;
3937ab20 6110 boolean_t newzs = B_FALSE;
572e2857
BB		 6111
6112 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
572e2857 6113
d1d7e268
MK		 6114 minor = zfsdev_minor_alloc();
6115 if (minor == 0)
6116 return (SET_ERROR(ENXIO));
325f0235 6117
3937ab20
TC		 6118 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6119 if (zs->zs_minor == -1)
6120 break;
6121 zsprev = zs;
6122 }
6123
6124 if (!zs) {
6125 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
6126 newzs = B_TRUE;
6127 }
572e2857 6128
325f0235 6129 zs->zs_file = filp;
325f0235 6130 filp->private_data = zs;
572e2857 6131
325f0235
BB		 6132 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
6133 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
572e2857 6134
3937ab20
TC		 6135
6136 /*
6137 * In order to provide for lock-free concurrent read access
6138 * to the minor list in zfsdev_get_state_impl(), new entries
6139 * must be completely written before linking them into the
6140 * list whereas existing entries are already linked; the last
6141 * operation must be updating zs_minor (from -1 to the new
6142 * value).
6143 */
6144 if (newzs) {
6145 zs->zs_minor = minor;
6146 smp_wmb();
6147 zsprev->zs_next = zs;
6148 } else {
6149 smp_wmb();
6150 zs->zs_minor = minor;
6151 }
572e2857
BB		 6152
6153 return (0);
6154}
6155
325f0235
BB		 6156static int
6157zfsdev_state_destroy(struct file *filp)
572e2857 6158{
325f0235 6159 zfsdev_state_t *zs;
572e2857 6160
325f0235
BB		 6161 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
6162 ASSERT(filp->private_data != NULL);
572e2857 6163
325f0235 6164 zs = filp->private_data;
3937ab20 6165 zs->zs_minor = -1;
325f0235
BB		 6166 zfs_onexit_destroy(zs->zs_onexit);
6167 zfs_zevent_destroy(zs->zs_zevent);
572e2857 6168
d1d7e268 6169 return (0);
572e2857
BB		 6170}
6171
6172static int
325f0235 6173zfsdev_open(struct inode *ino, struct file *filp)
572e2857 6174{
325f0235 6175 int error;
572e2857 6176
325f0235
BB		 6177 mutex_enter(&zfsdev_state_lock);
6178 error = zfsdev_state_init(filp);
6179 mutex_exit(&zfsdev_state_lock);
572e2857 6180
325f0235 6181 return (-error);
572e2857
BB		 6182}
6183
6184static int
325f0235 6185zfsdev_release(struct inode *ino, struct file *filp)
572e2857 6186{
325f0235 6187 int error;
572e2857
BB		 6188
6189 mutex_enter(&zfsdev_state_lock);
325f0235 6190 error = zfsdev_state_destroy(filp);
572e2857
BB		 6191 mutex_exit(&zfsdev_state_lock);
6192
325f0235 6193 return (-error);
572e2857
BB		 6194}
6195
325f0235
BB		 6196static long
6197zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
34dc7c2f
BB		 6198{
6199 zfs_cmd_t *zc;
6f1ffb06 6200 uint_t vecnum;
4fd762f8 6201 int error, rc, flag = 0;
6f1ffb06 6202 const zfs_ioc_vec_t *vec;
fb8e608d 6203 char *saved_poolname = NULL;
6f1ffb06 6204 nvlist_t *innvl = NULL;
40d06e3c 6205 fstrans_cookie_t cookie;
6f1ffb06
MA		 6206
6207 vecnum = cmd - ZFS_IOC_FIRST;
6208 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
2e528b49 6209 return (-SET_ERROR(EINVAL));
6f1ffb06 6210 vec = &zfs_ioc_vec[vecnum];
34dc7c2f 6211
2e0358cb
BB		 6212 /*
6213 * The registered ioctl list may be sparse, verify that either
6214 * a normal or legacy handler are registered.
6215 */
6216 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
6217 return (-SET_ERROR(EINVAL));
6218
efcd79a8 6219 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
34dc7c2f 6220
9babb374 6221 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
6f1ffb06 6222 if (error != 0) {
2e528b49 6223 error = SET_ERROR(EFAULT);
6f1ffb06
MA		 6224 goto out;
6225 }
34dc7c2f 6226
6f1ffb06 6227 zc->zc_iflags = flag & FKIOCTL;
f74b821a
BB		 6228 if (zc->zc_nvlist_src_size > MAX_NVLIST_SRC_SIZE) {
6229 /*
6230 * Make sure the user doesn't pass in an insane value for
6231 * zc_nvlist_src_size. We have to check, since we will end
6232 * up allocating that much memory inside of get_nvlist(). This
6233 * prevents a nefarious user from allocating tons of kernel
6234 * memory.
6235 *
6236 * Also, we return EINVAL instead of ENOMEM here. The reason
6237 * being that returning ENOMEM from an ioctl() has a special
6238 * connotation; that the user's size value is too small and
6239 * needs to be expanded to hold the nvlist. See
6240 * zcmd_expand_dst_nvlist() for details.
6241 */
6242 error = SET_ERROR(EINVAL); /* User's size too big */
6243
6244 } else if (zc->zc_nvlist_src_size != 0) {
6f1ffb06
MA		 6245 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
6246 zc->zc_iflags, &innvl);
6247 if (error != 0)
6248 goto out;
6249 }
34dc7c2f
BB		 6250
6251 /*
6252 * Ensure that all pool/dataset names are valid before we pass down to
6253 * the lower layers.
6254 */
6f1ffb06
MA		 6255 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
6256 switch (vec->zvec_namecheck) {
6257 case POOL_NAME:
6258 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
2e528b49 6259 error = SET_ERROR(EINVAL);
6f1ffb06 6260 else
572e2857 6261 error = pool_status_check(zc->zc_name,
6f1ffb06
MA		 6262 vec->zvec_namecheck, vec->zvec_pool_check);
6263 break;
34dc7c2f 6264
6f1ffb06
MA		 6265 case DATASET_NAME:
6266 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
2e528b49 6267 error = SET_ERROR(EINVAL);
6f1ffb06 6268 else
572e2857 6269 error = pool_status_check(zc->zc_name,
6f1ffb06
MA		 6270 vec->zvec_namecheck, vec->zvec_pool_check);
6271 break;
34dc7c2f 6272
6f1ffb06
MA		 6273 case NO_NAME:
6274 break;
34dc7c2f
BB		 6275 }
6276
34dc7c2f 6277
ddab862d
TC		 6278 if (error == 0 && !(flag & FKIOCTL)) {
6279 cookie = spl_fstrans_mark();
6f1ffb06 6280 error = vec->zvec_secpolicy(zc, innvl, CRED());
ddab862d
TC		 6281 spl_fstrans_unmark(cookie);
6282 }
6f1ffb06
MA		 6283
6284 if (error != 0)
6285 goto out;
6286
6287 /* legacy ioctls can modify zc_name */
4fd762f8
BB		 6288 saved_poolname = strdup(zc->zc_name);
6289 if (saved_poolname == NULL) {
6290 error = SET_ERROR(ENOMEM);
6291 goto out;
6292 } else {
6293 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
6294 }
6f1ffb06
MA		 6295
6296 if (vec->zvec_func != NULL) {
6297 nvlist_t *outnvl;
6298 int puterror = 0;
6299 spa_t *spa;
6300 nvlist_t *lognv = NULL;
6301
6302 ASSERT(vec->zvec_legacy_func == NULL);
6303
6304 /*
6305 * Add the innvl to the lognv before calling the func,
6306 * in case the func changes the innvl.
6307 */
6308 if (vec->zvec_allow_log) {
6309 lognv = fnvlist_alloc();
6310 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
6311 vec->zvec_name);
6312 if (!nvlist_empty(innvl)) {
6313 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
6314 innvl);
6315 }
6316 }
6317
79c76d5b 6318 outnvl = fnvlist_alloc();
40d06e3c 6319 cookie = spl_fstrans_mark();
6f1ffb06 6320 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
40d06e3c 6321 spl_fstrans_unmark(cookie);
6f1ffb06
MA		 6322
6323 if (error == 0 && vec->zvec_allow_log &&
6324 spa_open(zc->zc_name, &spa, FTAG) == 0) {
6325 if (!nvlist_empty(outnvl)) {
6326 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
6327 outnvl);
6328 }
6329 (void) spa_history_log_nvl(spa, lognv);
6330 spa_close(spa, FTAG);
6331 }
6332 fnvlist_free(lognv);
6333
6334 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
6335 int smusherror = 0;
6336 if (vec->zvec_smush_outnvlist) {
6337 smusherror = nvlist_smush(outnvl,
6338 zc->zc_nvlist_dst_size);
6339 }
6340 if (smusherror == 0)
6341 puterror = put_nvlist(zc, outnvl);
6342 }
6343
6344 if (puterror != 0)
6345 error = puterror;
6346
6347 nvlist_free(outnvl);
6348 } else {
40d06e3c 6349 cookie = spl_fstrans_mark();
6f1ffb06 6350 error = vec->zvec_legacy_func(zc);
40d06e3c 6351 spl_fstrans_unmark(cookie);
6f1ffb06
MA		 6352 }
6353
6354out:
6355 nvlist_free(innvl);
9babb374 6356 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
6f1ffb06 6357 if (error == 0 && rc != 0)
2e528b49 6358 error = SET_ERROR(EFAULT);
6f1ffb06
MA		 6359 if (error == 0 && vec->zvec_allow_log) {
6360 char *s = tsd_get(zfs_allow_log_key);
6361 if (s != NULL)
6362 strfree(s);
fb8e608d
TC		 6363 (void) tsd_set(zfs_allow_log_key, saved_poolname);
6364 } else {
6365 if (saved_poolname != NULL)
4fd762f8 6366 strfree(saved_poolname);
34dc7c2f
BB		 6367 }
6368
6369 kmem_free(zc, sizeof (zfs_cmd_t));
325f0235 6370 return (-error);
34dc7c2f
BB		 6371}
6372
325f0235
BB		 6373#ifdef CONFIG_COMPAT
6374static long
6375zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
34dc7c2f 6376{
d1d7e268 6377 return (zfsdev_ioctl(filp, cmd, arg));
325f0235
BB		 6378}
6379#else
d1d7e268 6380#define zfsdev_compat_ioctl NULL
325f0235 6381#endif
34dc7c2f 6382
325f0235 6383static const struct file_operations zfsdev_fops = {
d1d7e268
MK		 6384 .open = zfsdev_open,
6385 .release = zfsdev_release,
6386 .unlocked_ioctl = zfsdev_ioctl,
6387 .compat_ioctl = zfsdev_compat_ioctl,
6388 .owner = THIS_MODULE,
325f0235 6389};
34dc7c2f 6390
325f0235 6391static struct miscdevice zfs_misc = {
d1d7e268
MK		 6392 .minor = MISC_DYNAMIC_MINOR,
6393 .name = ZFS_DRIVER,
6394 .fops = &zfsdev_fops,
325f0235 6395};
34dc7c2f
BB		 6396
6397static int
325f0235 6398zfs_attach(void)
34dc7c2f 6399{
325f0235 6400 int error;
34dc7c2f 6401
325f0235 6402 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
3937ab20
TC		 6403 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
6404 zfsdev_state_list->zs_minor = -1;
34dc7c2f 6405
325f0235 6406 error = misc_register(&zfs_misc);
d1d7e268 6407 if (error != 0) {
325f0235
BB		 6408 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
6409 return (error);
6410 }
34dc7c2f 6411
325f0235 6412 return (0);
34dc7c2f
BB		 6413}
6414
325f0235
BB		 6415static void
6416zfs_detach(void)
34dc7c2f 6417{
3937ab20 6418 zfsdev_state_t *zs, *zsprev = NULL;
34dc7c2f 6419
324dcd37 6420 misc_deregister(&zfs_misc);
325f0235 6421 mutex_destroy(&zfsdev_state_lock);
3937ab20
TC		 6422
6423 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
6424 if (zsprev)
6425 kmem_free(zsprev, sizeof (zfsdev_state_t));
6426 zsprev = zs;
6427 }
6428 if (zsprev)
6429 kmem_free(zsprev, sizeof (zfsdev_state_t));
34dc7c2f
BB		 6430}
6431
6f1ffb06
MA		 6432static void
6433zfs_allow_log_destroy(void *arg)
6434{
6435 char *poolname = arg;
9f3d1407 6436
6437 if (poolname != NULL)
6438 strfree(poolname);
6f1ffb06 6439}
325f0235
BB		 6440
6441#ifdef DEBUG
d1d7e268 6442#define ZFS_DEBUG_STR " (DEBUG mode)"
325f0235 6443#else
d1d7e268 6444#define ZFS_DEBUG_STR ""
325f0235 6445#endif
34dc7c2f 6446
b4f3666a 6447static int __init
34dc7c2f
BB		 6448_init(void)
6449{
6450 int error;
6451
3d8d245f 6452 error = -vn_set_pwd("/");
b4f3666a
BB		 6453 if (error) {
6454 printk(KERN_NOTICE
6455 "ZFS: Warning unable to set pwd to '/': %d\n", error);
6456 return (error);
6457 }
6458
a0bd735a
BP		 6459 if ((error = -zvol_init()) != 0)
6460 return (error);
6461
34dc7c2f
BB		 6462 spa_init(FREAD | FWRITE);
6463 zfs_init();
34dc7c2f 6464
6f1ffb06
MA		 6465 zfs_ioctl_init();
6466
325f0235 6467 if ((error = zfs_attach()) != 0)
a0bd735a 6468 goto out;
34dc7c2f 6469
d5446cfc 6470 tsd_create(&zfs_fsyncer_key, NULL);
6f1ffb06
MA		 6471 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
6472 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
34dc7c2f 6473
4b5d425f 6474 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
d1d7e268
MK		 6475 "ZFS pool version %s, ZFS filesystem version %s\n",
6476 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
6477 SPA_VERSION_STRING, ZPL_VERSION_STRING);
b695c34e
MM		 6478#ifndef CONFIG_FS_POSIX_ACL
6479 printk(KERN_NOTICE "ZFS: Posix ACLs disabled by kernel\n");
6480#endif /* CONFIG_FS_POSIX_ACL */
34dc7c2f
BB		 6481
6482 return (0);
325f0235 6483
a0bd735a 6484out:
325f0235
BB		 6485 zfs_fini();
6486 spa_fini();
a0bd735a 6487 (void) zvol_fini();
4b5d425f 6488 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
d1d7e268
MK		 6489 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
6490 ZFS_DEBUG_STR, error);
325f0235
BB		 6491
6492 return (error);
34dc7c2f
BB		 6493}
6494
b4f3666a 6495static void __exit
34dc7c2f
BB		 6496_fini(void)
6497{
325f0235 6498 zfs_detach();
34dc7c2f
BB		 6499 zfs_fini();
6500 spa_fini();
a0bd735a 6501 zvol_fini();
46e18b3f 6502
d5446cfc 6503 tsd_destroy(&zfs_fsyncer_key);
3fc050aa 6504 tsd_destroy(&rrw_tsd_key);
6f1ffb06 6505 tsd_destroy(&zfs_allow_log_key);
34dc7c2f 6506
4b5d425f 6507 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
d1d7e268 6508 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
34dc7c2f 6509}
325f0235
BB		 6510
6511#ifdef HAVE_SPL
b4f3666a
BB		 6512module_init(_init);
6513module_exit(_fini);
325f0235
BB		 6514
6515MODULE_DESCRIPTION("ZFS");
6516MODULE_AUTHOR(ZFS_META_AUTHOR);
6517MODULE_LICENSE(ZFS_META_LICENSE);
99e349db 6518MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE);
325f0235 6519#endif /* HAVE_SPL */
ZFS On Linux mirror for PVE