]> git.proxmox.com Git - mirror_zfs.git/blob - module/zfs/zfs_ioctl.c
projects / mirror_zfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Illumos #1748: desire support for reguid in zfs
[mirror_zfs.git] / module / zfs / zfs_ioctl.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Portions Copyright 2011 Martin Matuska
24 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
25 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 */
27 /*
28 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
29 * Copyright (c) 2011 by Delphix. All rights reserved.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/errno.h>
35 #include <sys/uio.h>
36 #include <sys/buf.h>
37 #include <sys/modctl.h>
38 #include <sys/open.h>
39 #include <sys/file.h>
40 #include <sys/kmem.h>
41 #include <sys/conf.h>
42 #include <sys/cmn_err.h>
43 #include <sys/stat.h>
44 #include <sys/zfs_ioctl.h>
45 #include <sys/zfs_vfsops.h>
46 #include <sys/zfs_znode.h>
47 #include <sys/zap.h>
48 #include <sys/spa.h>
49 #include <sys/spa_impl.h>
50 #include <sys/vdev.h>
51 #include <sys/priv_impl.h>
52 #include <sys/dmu.h>
53 #include <sys/dsl_dir.h>
54 #include <sys/dsl_dataset.h>
55 #include <sys/dsl_prop.h>
56 #include <sys/dsl_deleg.h>
57 #include <sys/dmu_objset.h>
58 #include <sys/ddi.h>
59 #include <sys/sunddi.h>
60 #include <sys/sunldi.h>
61 #include <sys/policy.h>
62 #include <sys/zone.h>
63 #include <sys/nvpair.h>
64 #include <sys/pathname.h>
65 #include <sys/mount.h>
66 #include <sys/sdt.h>
67 #include <sys/fs/zfs.h>
68 #include <sys/zfs_ctldir.h>
69 #include <sys/zfs_dir.h>
70 #include <sys/zfs_onexit.h>
71 #include <sys/zvol.h>
72 #include <sys/dsl_scan.h>
73 #include <sharefs/share.h>
74 #include <sys/dmu_objset.h>
75 #include <sys/fm/util.h>
76
77 #include <linux/miscdevice.h>
78
79 #include "zfs_namecheck.h"
80 #include "zfs_prop.h"
81 #include "zfs_deleg.h"
82 #include "zfs_comutil.h"
83
84 kmutex_t zfsdev_state_lock;
85 list_t zfsdev_state_list;
86
87 extern void zfs_init(void);
88 extern void zfs_fini(void);
89
90 typedef int zfs_ioc_func_t(zfs_cmd_t *);
91 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
92
93 typedef enum {
94 NO_NAME,
95 POOL_NAME,
96 DATASET_NAME
97 } zfs_ioc_namecheck_t;
98
99 typedef enum {
100 POOL_CHECK_NONE = 1 << 0,
101 POOL_CHECK_SUSPENDED = 1 << 1,
102 POOL_CHECK_READONLY = 1 << 2
103 } zfs_ioc_poolcheck_t;
104
105 typedef struct zfs_ioc_vec {
106 zfs_ioc_func_t *zvec_func;
107 zfs_secpolicy_func_t *zvec_secpolicy;
108 zfs_ioc_namecheck_t zvec_namecheck;
109 boolean_t zvec_his_log;
110 zfs_ioc_poolcheck_t zvec_pool_check;
111 } zfs_ioc_vec_t;
112
113 /* This array is indexed by zfs_userquota_prop_t */
114 static const char *userquota_perms[] = {
115 ZFS_DELEG_PERM_USERUSED,
116 ZFS_DELEG_PERM_USERQUOTA,
117 ZFS_DELEG_PERM_GROUPUSED,
118 ZFS_DELEG_PERM_GROUPQUOTA,
119 };
120
121 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
122 static int zfs_check_settable(const char *name, nvpair_t *property,
123 cred_t *cr);
124 static int zfs_check_clearable(char *dataset, nvlist_t *props,
125 nvlist_t **errors);
126 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
127 boolean_t *);
128 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
129
130 static void
131 history_str_free(char *buf)
132 {
133 kmem_free(buf, HIS_MAX_RECORD_LEN);
134 }
135
136 static char *
137 history_str_get(zfs_cmd_t *zc)
138 {
139 char *buf;
140
141 if (zc->zc_history == 0)
142 return (NULL);
143
144 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP | KM_NODEBUG);
145 if (copyinstr((void *)(uintptr_t)zc->zc_history,
146 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
147 history_str_free(buf);
148 return (NULL);
149 }
150
151 buf[HIS_MAX_RECORD_LEN -1] = '\0';
152
153 return (buf);
154 }
155
156 /*
157 * Check to see if the named dataset is currently defined as bootable
158 */
159 static boolean_t
160 zfs_is_bootfs(const char *name)
161 {
162 objset_t *os;
163
164 if (dmu_objset_hold(name, FTAG, &os) == 0) {
165 boolean_t ret;
166 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
167 dmu_objset_rele(os, FTAG);
168 return (ret);
169 }
170 return (B_FALSE);
171 }
172
173 /*
174 * zfs_earlier_version
175 *
176 * Return non-zero if the spa version is less than requested version.
177 */
178 static int
179 zfs_earlier_version(const char *name, int version)
180 {
181 spa_t *spa;
182
183 if (spa_open(name, &spa, FTAG) == 0) {
184 if (spa_version(spa) < version) {
185 spa_close(spa, FTAG);
186 return (1);
187 }
188 spa_close(spa, FTAG);
189 }
190 return (0);
191 }
192
193 /*
194 * zpl_earlier_version
195 *
196 * Return TRUE if the ZPL version is less than requested version.
197 */
198 static boolean_t
199 zpl_earlier_version(const char *name, int version)
200 {
201 objset_t *os;
202 boolean_t rc = B_TRUE;
203
204 if (dmu_objset_hold(name, FTAG, &os) == 0) {
205 uint64_t zplversion;
206
207 if (dmu_objset_type(os) != DMU_OST_ZFS) {
208 dmu_objset_rele(os, FTAG);
209 return (B_TRUE);
210 }
211 /* XXX reading from non-owned objset */
212 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
213 rc = zplversion < version;
214 dmu_objset_rele(os, FTAG);
215 }
216 return (rc);
217 }
218
219 static void
220 zfs_log_history(zfs_cmd_t *zc)
221 {
222 spa_t *spa;
223 char *buf;
224
225 if ((buf = history_str_get(zc)) == NULL)
226 return;
227
228 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
229 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
230 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
231 spa_close(spa, FTAG);
232 }
233 history_str_free(buf);
234 }
235
236 /*
237 * Policy for top-level read operations (list pools). Requires no privileges,
238 * and can be used in the local zone, as there is no associated dataset.
239 */
240 /* ARGSUSED */
241 static int
242 zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
243 {
244 return (0);
245 }
246
247 /*
248 * Policy for dataset read operations (list children, get statistics). Requires
249 * no privileges, but must be visible in the local zone.
250 */
251 /* ARGSUSED */
252 static int
253 zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
254 {
255 if (INGLOBALZONE(curproc) ||
256 zone_dataset_visible(zc->zc_name, NULL))
257 return (0);
258
259 return (ENOENT);
260 }
261
262 static int
263 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
264 {
265 int writable = 1;
266
267 /*
268 * The dataset must be visible by this zone -- check this first
269 * so they don't see EPERM on something they shouldn't know about.
270 */
271 if (!INGLOBALZONE(curproc) &&
272 !zone_dataset_visible(dataset, &writable))
273 return (ENOENT);
274
275 if (INGLOBALZONE(curproc)) {
276 /*
277 * If the fs is zoned, only root can access it from the
278 * global zone.
279 */
280 if (secpolicy_zfs(cr) && zoned)
281 return (EPERM);
282 } else {
283 /*
284 * If we are in a local zone, the 'zoned' property must be set.
285 */
286 if (!zoned)
287 return (EPERM);
288
289 /* must be writable by this zone */
290 if (!writable)
291 return (EPERM);
292 }
293 return (0);
294 }
295
296 static int
297 zfs_dozonecheck(const char *dataset, cred_t *cr)
298 {
299 uint64_t zoned;
300
301 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
302 return (ENOENT);
303
304 return (zfs_dozonecheck_impl(dataset, zoned, cr));
305 }
306
307 static int
308 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
309 {
310 uint64_t zoned;
311
312 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
313 if (dsl_prop_get_ds(ds, "zoned", 8, 1, &zoned, NULL)) {
314 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
315 return (ENOENT);
316 }
317 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
318
319 return (zfs_dozonecheck_impl(dataset, zoned, cr));
320 }
321
322 int
323 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
324 {
325 int error;
326
327 error = zfs_dozonecheck(name, cr);
328 if (error == 0) {
329 error = secpolicy_zfs(cr);
330 if (error)
331 error = dsl_deleg_access(name, perm, cr);
332 }
333 return (error);
334 }
335
336 int
337 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
338 const char *perm, cred_t *cr)
339 {
340 int error;
341
342 error = zfs_dozonecheck_ds(name, ds, cr);
343 if (error == 0) {
344 error = secpolicy_zfs(cr);
345 if (error)
346 error = dsl_deleg_access_impl(ds, perm, cr);
347 }
348 return (error);
349 }
350
351 /*
352 * Policy for setting the security label property.
353 *
354 * Returns 0 for success, non-zero for access and other errors.
355 */
356 static int
357 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
358 {
359 #ifdef HAVE_MLSLABEL
360 char ds_hexsl[MAXNAMELEN];
361 bslabel_t ds_sl, new_sl;
362 boolean_t new_default = FALSE;
363 uint64_t zoned;
364 int needed_priv = -1;
365 int error;
366
367 /* First get the existing dataset label. */
368 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
369 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
370 if (error)
371 return (EPERM);
372
373 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
374 new_default = TRUE;
375
376 /* The label must be translatable */
377 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
378 return (EINVAL);
379
380 /*
381 * In a non-global zone, disallow attempts to set a label that
382 * doesn't match that of the zone; otherwise no other checks
383 * are needed.
384 */
385 if (!INGLOBALZONE(curproc)) {
386 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
387 return (EPERM);
388 return (0);
389 }
390
391 /*
392 * For global-zone datasets (i.e., those whose zoned property is
393 * "off", verify that the specified new label is valid for the
394 * global zone.
395 */
396 if (dsl_prop_get_integer(name,
397 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
398 return (EPERM);
399 if (!zoned) {
400 if (zfs_check_global_label(name, strval) != 0)
401 return (EPERM);
402 }
403
404 /*
405 * If the existing dataset label is nondefault, check if the
406 * dataset is mounted (label cannot be changed while mounted).
407 * Get the zfs_sb_t; if there isn't one, then the dataset isn't
408 * mounted (or isn't a dataset, doesn't exist, ...).
409 */
410 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
411 objset_t *os;
412 static char *setsl_tag = "setsl_tag";
413
414 /*
415 * Try to own the dataset; abort if there is any error,
416 * (e.g., already mounted, in use, or other error).
417 */
418 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
419 setsl_tag, &os);
420 if (error)
421 return (EPERM);
422
423 dmu_objset_disown(os, setsl_tag);
424
425 if (new_default) {
426 needed_priv = PRIV_FILE_DOWNGRADE_SL;
427 goto out_check;
428 }
429
430 if (hexstr_to_label(strval, &new_sl) != 0)
431 return (EPERM);
432
433 if (blstrictdom(&ds_sl, &new_sl))
434 needed_priv = PRIV_FILE_DOWNGRADE_SL;
435 else if (blstrictdom(&new_sl, &ds_sl))
436 needed_priv = PRIV_FILE_UPGRADE_SL;
437 } else {
438 /* dataset currently has a default label */
439 if (!new_default)
440 needed_priv = PRIV_FILE_UPGRADE_SL;
441 }
442
443 out_check:
444 if (needed_priv != -1)
445 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
446 return (0);
447 #else
448 return ENOTSUP;
449 #endif /* HAVE_MLSLABEL */
450 }
451
452 static int
453 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
454 cred_t *cr)
455 {
456 char *strval;
457
458 /*
459 * Check permissions for special properties.
460 */
461 switch (prop) {
462 default:
463 break;
464 case ZFS_PROP_ZONED:
465 /*
466 * Disallow setting of 'zoned' from within a local zone.
467 */
468 if (!INGLOBALZONE(curproc))
469 return (EPERM);
470 break;
471
472 case ZFS_PROP_QUOTA:
473 if (!INGLOBALZONE(curproc)) {
474 uint64_t zoned;
475 char setpoint[MAXNAMELEN];
476 /*
477 * Unprivileged users are allowed to modify the
478 * quota on things *under* (ie. contained by)
479 * the thing they own.
480 */
481 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
482 setpoint))
483 return (EPERM);
484 if (!zoned || strlen(dsname) <= strlen(setpoint))
485 return (EPERM);
486 }
487 break;
488
489 case ZFS_PROP_MLSLABEL:
490 if (!is_system_labeled())
491 return (EPERM);
492
493 if (nvpair_value_string(propval, &strval) == 0) {
494 int err;
495
496 err = zfs_set_slabel_policy(dsname, strval, CRED());
497 if (err != 0)
498 return (err);
499 }
500 break;
501 }
502
503 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
504 }
505
506 int
507 zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
508 {
509 int error;
510
511 error = zfs_dozonecheck(zc->zc_name, cr);
512 if (error)
513 return (error);
514
515 /*
516 * permission to set permissions will be evaluated later in
517 * dsl_deleg_can_allow()
518 */
519 return (0);
520 }
521
522 int
523 zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
524 {
525 return (zfs_secpolicy_write_perms(zc->zc_name,
526 ZFS_DELEG_PERM_ROLLBACK, cr));
527 }
528
529 int
530 zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
531 {
532 spa_t *spa;
533 dsl_pool_t *dp;
534 dsl_dataset_t *ds;
535 char *cp;
536 int error;
537
538 /*
539 * Generate the current snapshot name from the given objsetid, then
540 * use that name for the secpolicy/zone checks.
541 */
542 cp = strchr(zc->zc_name, '@');
543 if (cp == NULL)
544 return (EINVAL);
545 error = spa_open(zc->zc_name, &spa, FTAG);
546 if (error)
547 return (error);
548
549 dp = spa_get_dsl(spa);
550 rw_enter(&dp->dp_config_rwlock, RW_READER);
551 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
552 rw_exit(&dp->dp_config_rwlock);
553 spa_close(spa, FTAG);
554 if (error)
555 return (error);
556
557 dsl_dataset_name(ds, zc->zc_name);
558
559 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
560 ZFS_DELEG_PERM_SEND, cr);
561 dsl_dataset_rele(ds, FTAG);
562
563 return (error);
564 }
565
566 #ifdef HAVE_SMB_SHARE
567 static int
568 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
569 {
570 vnode_t *vp;
571 int error;
572
573 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
574 NO_FOLLOW, NULL, &vp)) != 0)
575 return (error);
576
577 /* Now make sure mntpnt and dataset are ZFS */
578
579 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
580 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
581 zc->zc_name) != 0)) {
582 VN_RELE(vp);
583 return (EPERM);
584 }
585
586 VN_RELE(vp);
587 return (dsl_deleg_access(zc->zc_name,
588 ZFS_DELEG_PERM_SHARE, cr));
589 }
590 #endif /* HAVE_SMB_SHARE */
591
592 int
593 zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
594 {
595 #ifdef HAVE_SMB_SHARE
596 if (!INGLOBALZONE(curproc))
597 return (EPERM);
598
599 if (secpolicy_nfs(cr) == 0) {
600 return (0);
601 } else {
602 return (zfs_secpolicy_deleg_share(zc, cr));
603 }
604 #else
605 return (ENOTSUP);
606 #endif /* HAVE_SMB_SHARE */
607 }
608
609 int
610 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
611 {
612 #ifdef HAVE_SMB_SHARE
613 if (!INGLOBALZONE(curproc))
614 return (EPERM);
615
616 if (secpolicy_smb(cr) == 0) {
617 return (0);
618 } else {
619 return (zfs_secpolicy_deleg_share(zc, cr));
620 }
621 #else
622 return (ENOTSUP);
623 #endif /* HAVE_SMB_SHARE */
624 }
625
626 static int
627 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
628 {
629 char *cp;
630
631 /*
632 * Remove the @bla or /bla from the end of the name to get the parent.
633 */
634 (void) strncpy(parent, datasetname, parentsize);
635 cp = strrchr(parent, '@');
636 if (cp != NULL) {
637 cp[0] = '\0';
638 } else {
639 cp = strrchr(parent, '/');
640 if (cp == NULL)
641 return (ENOENT);
642 cp[0] = '\0';
643 }
644
645 return (0);
646 }
647
648 int
649 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
650 {
651 int error;
652
653 if ((error = zfs_secpolicy_write_perms(name,
654 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
655 return (error);
656
657 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
658 }
659
660 static int
661 zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
662 {
663 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
664 }
665
666 /*
667 * Destroying snapshots with delegated permissions requires
668 * descendent mount and destroy permissions.
669 * Reassemble the full filesystem@snap name so dsl_deleg_access()
670 * can do the correct permission check.
671 *
672 * Since this routine is used when doing a recursive destroy of snapshots
673 * and destroying snapshots requires descendent permissions, a successfull
674 * check of the top level snapshot applies to snapshots of all descendent
675 * datasets as well.
676 *
677 * The target snapshot may not exist when doing a recursive destroy.
678 * In this case fallback to permissions of the parent dataset.
679 */
680 static int
681 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, cred_t *cr)
682 {
683 int error;
684 char *dsname;
685
686 dsname = kmem_asprintf("%s@%s", zc->zc_name, zc->zc_value);
687
688 error = zfs_secpolicy_destroy_perms(dsname, cr);
689 if (error == ENOENT)
690 error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
691
692 strfree(dsname);
693 return (error);
694 }
695
696 int
697 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
698 {
699 char parentname[MAXNAMELEN];
700 int error;
701
702 if ((error = zfs_secpolicy_write_perms(from,
703 ZFS_DELEG_PERM_RENAME, cr)) != 0)
704 return (error);
705
706 if ((error = zfs_secpolicy_write_perms(from,
707 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
708 return (error);
709
710 if ((error = zfs_get_parent(to, parentname,
711 sizeof (parentname))) != 0)
712 return (error);
713
714 if ((error = zfs_secpolicy_write_perms(parentname,
715 ZFS_DELEG_PERM_CREATE, cr)) != 0)
716 return (error);
717
718 if ((error = zfs_secpolicy_write_perms(parentname,
719 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
720 return (error);
721
722 return (error);
723 }
724
725 static int
726 zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
727 {
728 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
729 }
730
731 static int
732 zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
733 {
734 char parentname[MAXNAMELEN];
735 objset_t *clone;
736 int error;
737
738 error = zfs_secpolicy_write_perms(zc->zc_name,
739 ZFS_DELEG_PERM_PROMOTE, cr);
740 if (error)
741 return (error);
742
743 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
744
745 if (error == 0) {
746 dsl_dataset_t *pclone = NULL;
747 dsl_dir_t *dd;
748 dd = clone->os_dsl_dataset->ds_dir;
749
750 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
751 error = dsl_dataset_hold_obj(dd->dd_pool,
752 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
753 rw_exit(&dd->dd_pool->dp_config_rwlock);
754 if (error) {
755 dmu_objset_rele(clone, FTAG);
756 return (error);
757 }
758
759 error = zfs_secpolicy_write_perms(zc->zc_name,
760 ZFS_DELEG_PERM_MOUNT, cr);
761
762 dsl_dataset_name(pclone, parentname);
763 dmu_objset_rele(clone, FTAG);
764 dsl_dataset_rele(pclone, FTAG);
765 if (error == 0)
766 error = zfs_secpolicy_write_perms(parentname,
767 ZFS_DELEG_PERM_PROMOTE, cr);
768 }
769 return (error);
770 }
771
772 static int
773 zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
774 {
775 int error;
776
777 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
778 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
779 return (error);
780
781 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
782 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
783 return (error);
784
785 return (zfs_secpolicy_write_perms(zc->zc_name,
786 ZFS_DELEG_PERM_CREATE, cr));
787 }
788
789 int
790 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
791 {
792 return (zfs_secpolicy_write_perms(name,
793 ZFS_DELEG_PERM_SNAPSHOT, cr));
794 }
795
796 static int
797 zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
798 {
799
800 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
801 }
802
803 static int
804 zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
805 {
806 char parentname[MAXNAMELEN];
807 int error;
808
809 if ((error = zfs_get_parent(zc->zc_name, parentname,
810 sizeof (parentname))) != 0)
811 return (error);
812
813 if (zc->zc_value[0] != '\0') {
814 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
815 ZFS_DELEG_PERM_CLONE, cr)) != 0)
816 return (error);
817 }
818
819 if ((error = zfs_secpolicy_write_perms(parentname,
820 ZFS_DELEG_PERM_CREATE, cr)) != 0)
821 return (error);
822
823 error = zfs_secpolicy_write_perms(parentname,
824 ZFS_DELEG_PERM_MOUNT, cr);
825
826 return (error);
827 }
828
829 /*
830 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
831 * SYS_CONFIG privilege, which is not available in a local zone.
832 */
833 /* ARGSUSED */
834 static int
835 zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
836 {
837 if (secpolicy_sys_config(cr, B_FALSE) != 0)
838 return (EPERM);
839
840 return (0);
841 }
842
843 /*
844 * Policy for object to name lookups.
845 */
846 /* ARGSUSED */
847 static int
848 zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
849 {
850 int error;
851
852 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
853 return (0);
854
855 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
856 return (error);
857 }
858
859 /*
860 * Policy for fault injection. Requires all privileges.
861 */
862 /* ARGSUSED */
863 static int
864 zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
865 {
866 return (secpolicy_zinject(cr));
867 }
868
869 static int
870 zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
871 {
872 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
873
874 if (prop == ZPROP_INVAL) {
875 if (!zfs_prop_user(zc->zc_value))
876 return (EINVAL);
877 return (zfs_secpolicy_write_perms(zc->zc_name,
878 ZFS_DELEG_PERM_USERPROP, cr));
879 } else {
880 return (zfs_secpolicy_setprop(zc->zc_name, prop,
881 NULL, cr));
882 }
883 }
884
885 static int
886 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
887 {
888 int err = zfs_secpolicy_read(zc, cr);
889 if (err)
890 return (err);
891
892 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
893 return (EINVAL);
894
895 if (zc->zc_value[0] == 0) {
896 /*
897 * They are asking about a posix uid/gid. If it's
898 * themself, allow it.
899 */
900 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
901 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
902 if (zc->zc_guid == crgetuid(cr))
903 return (0);
904 } else {
905 if (groupmember(zc->zc_guid, cr))
906 return (0);
907 }
908 }
909
910 return (zfs_secpolicy_write_perms(zc->zc_name,
911 userquota_perms[zc->zc_objset_type], cr));
912 }
913
914 static int
915 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
916 {
917 int err = zfs_secpolicy_read(zc, cr);
918 if (err)
919 return (err);
920
921 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
922 return (EINVAL);
923
924 return (zfs_secpolicy_write_perms(zc->zc_name,
925 userquota_perms[zc->zc_objset_type], cr));
926 }
927
928 static int
929 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
930 {
931 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
932 NULL, cr));
933 }
934
935 static int
936 zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
937 {
938 return (zfs_secpolicy_write_perms(zc->zc_name,
939 ZFS_DELEG_PERM_HOLD, cr));
940 }
941
942 static int
943 zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
944 {
945 return (zfs_secpolicy_write_perms(zc->zc_name,
946 ZFS_DELEG_PERM_RELEASE, cr));
947 }
948
949 /*
950 * Policy for allowing temporary snapshots to be taken or released
951 */
952 static int
953 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
954 {
955 /*
956 * A temporary snapshot is the same as a snapshot,
957 * hold, destroy and release all rolled into one.
958 * Delegated diff alone is sufficient that we allow this.
959 */
960 int error;
961
962 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
963 ZFS_DELEG_PERM_DIFF, cr)) == 0)
964 return (0);
965
966 error = zfs_secpolicy_snapshot(zc, cr);
967 if (!error)
968 error = zfs_secpolicy_hold(zc, cr);
969 if (!error)
970 error = zfs_secpolicy_release(zc, cr);
971 if (!error)
972 error = zfs_secpolicy_destroy(zc, cr);
973 return (error);
974 }
975
976 /*
977 * Returns the nvlist as specified by the user in the zfs_cmd_t.
978 */
979 static int
980 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
981 {
982 char *packed;
983 int error;
984 nvlist_t *list = NULL;
985
986 /*
987 * Read in and unpack the user-supplied nvlist.
988 */
989 if (size == 0)
990 return (EINVAL);
991
992 packed = kmem_alloc(size, KM_SLEEP | KM_NODEBUG);
993
994 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
995 iflag)) != 0) {
996 kmem_free(packed, size);
997 return (error);
998 }
999
1000 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1001 kmem_free(packed, size);
1002 return (error);
1003 }
1004
1005 kmem_free(packed, size);
1006
1007 *nvp = list;
1008 return (0);
1009 }
1010
1011 static int
1012 fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1013 {
1014 size_t size;
1015
1016 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1017
1018 if (size > zc->zc_nvlist_dst_size) {
1019 nvpair_t *more_errors;
1020 int n = 0;
1021
1022 if (zc->zc_nvlist_dst_size < 1024)
1023 return (ENOMEM);
1024
1025 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1026 more_errors = nvlist_prev_nvpair(*errors, NULL);
1027
1028 do {
1029 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1030 more_errors);
1031 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1032 n++;
1033 VERIFY(nvlist_size(*errors, &size,
1034 NV_ENCODE_NATIVE) == 0);
1035 } while (size > zc->zc_nvlist_dst_size);
1036
1037 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1038 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1039 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1040 ASSERT(size <= zc->zc_nvlist_dst_size);
1041 }
1042
1043 return (0);
1044 }
1045
1046 static int
1047 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1048 {
1049 char *packed = NULL;
1050 int error = 0;
1051 size_t size;
1052
1053 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1054
1055 if (size > zc->zc_nvlist_dst_size) {
1056 error = ENOMEM;
1057 } else {
1058 packed = kmem_alloc(size, KM_SLEEP | KM_NODEBUG);
1059 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1060 KM_SLEEP) == 0);
1061 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1062 size, zc->zc_iflags) != 0)
1063 error = EFAULT;
1064 kmem_free(packed, size);
1065 }
1066
1067 zc->zc_nvlist_dst_size = size;
1068 return (error);
1069 }
1070
1071 static int
1072 get_zfs_sb(const char *dsname, zfs_sb_t **zsbp)
1073 {
1074 objset_t *os;
1075 int error;
1076
1077 error = dmu_objset_hold(dsname, FTAG, &os);
1078 if (error)
1079 return (error);
1080 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1081 dmu_objset_rele(os, FTAG);
1082 return (EINVAL);
1083 }
1084
1085 mutex_enter(&os->os_user_ptr_lock);
1086 *zsbp = dmu_objset_get_user(os);
1087 if (*zsbp && (*zsbp)->z_sb) {
1088 atomic_inc(&((*zsbp)->z_sb->s_active));
1089 } else {
1090 error = ESRCH;
1091 }
1092 mutex_exit(&os->os_user_ptr_lock);
1093 dmu_objset_rele(os, FTAG);
1094 return (error);
1095 }
1096
1097 /*
1098 * Find a zfs_sb_t for a mounted filesystem, or create our own, in which
1099 * case its z_sb will be NULL, and it will be opened as the owner.
1100 */
1101 static int
1102 zfs_sb_hold(const char *name, void *tag, zfs_sb_t **zsbp, boolean_t writer)
1103 {
1104 int error = 0;
1105
1106 if (get_zfs_sb(name, zsbp) != 0)
1107 error = zfs_sb_create(name, zsbp);
1108 if (error == 0) {
1109 rrw_enter(&(*zsbp)->z_teardown_lock, (writer) ? RW_WRITER :
1110 RW_READER, tag);
1111 if ((*zsbp)->z_unmounted) {
1112 /*
1113 * XXX we could probably try again, since the unmounting
1114 * thread should be just about to disassociate the
1115 * objset from the zfsvfs.
1116 */
1117 rrw_exit(&(*zsbp)->z_teardown_lock, tag);
1118 return (EBUSY);
1119 }
1120 }
1121 return (error);
1122 }
1123
1124 static void
1125 zfs_sb_rele(zfs_sb_t *zsb, void *tag)
1126 {
1127 rrw_exit(&zsb->z_teardown_lock, tag);
1128
1129 if (zsb->z_sb) {
1130 deactivate_super(zsb->z_sb);
1131 } else {
1132 dmu_objset_disown(zsb->z_os, zsb);
1133 zfs_sb_free(zsb);
1134 }
1135 }
1136
1137 static int
1138 zfs_ioc_pool_create(zfs_cmd_t *zc)
1139 {
1140 int error;
1141 nvlist_t *config, *props = NULL;
1142 nvlist_t *rootprops = NULL;
1143 nvlist_t *zplprops = NULL;
1144 char *buf;
1145
1146 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1147 zc->zc_iflags, &config)))
1148 return (error);
1149
1150 if (zc->zc_nvlist_src_size != 0 && (error =
1151 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1152 zc->zc_iflags, &props))) {
1153 nvlist_free(config);
1154 return (error);
1155 }
1156
1157 if (props) {
1158 nvlist_t *nvl = NULL;
1159 uint64_t version = SPA_VERSION;
1160
1161 (void) nvlist_lookup_uint64(props,
1162 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1163 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
1164 error = EINVAL;
1165 goto pool_props_bad;
1166 }
1167 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1168 if (nvl) {
1169 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1170 if (error != 0) {
1171 nvlist_free(config);
1172 nvlist_free(props);
1173 return (error);
1174 }
1175 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1176 }
1177 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1178 error = zfs_fill_zplprops_root(version, rootprops,
1179 zplprops, NULL);
1180 if (error)
1181 goto pool_props_bad;
1182 }
1183
1184 buf = history_str_get(zc);
1185
1186 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1187
1188 /*
1189 * Set the remaining root properties
1190 */
1191 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1192 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1193 (void) spa_destroy(zc->zc_name);
1194
1195 if (buf != NULL)
1196 history_str_free(buf);
1197
1198 pool_props_bad:
1199 nvlist_free(rootprops);
1200 nvlist_free(zplprops);
1201 nvlist_free(config);
1202 nvlist_free(props);
1203
1204 return (error);
1205 }
1206
1207 static int
1208 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1209 {
1210 int error;
1211 zfs_log_history(zc);
1212 error = spa_destroy(zc->zc_name);
1213 if (error == 0)
1214 zvol_remove_minors(zc->zc_name);
1215 return (error);
1216 }
1217
1218 static int
1219 zfs_ioc_pool_import(zfs_cmd_t *zc)
1220 {
1221 nvlist_t *config, *props = NULL;
1222 uint64_t guid;
1223 int error;
1224
1225 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1226 zc->zc_iflags, &config)) != 0)
1227 return (error);
1228
1229 if (zc->zc_nvlist_src_size != 0 && (error =
1230 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1231 zc->zc_iflags, &props))) {
1232 nvlist_free(config);
1233 return (error);
1234 }
1235
1236 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1237 guid != zc->zc_guid)
1238 error = EINVAL;
1239 else
1240 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1241
1242 if (zc->zc_nvlist_dst != 0) {
1243 int err;
1244
1245 if ((err = put_nvlist(zc, config)) != 0)
1246 error = err;
1247 }
1248
1249 if (error == 0)
1250 zvol_create_minors(zc->zc_name);
1251
1252 nvlist_free(config);
1253
1254 if (props)
1255 nvlist_free(props);
1256
1257 return (error);
1258 }
1259
1260 static int
1261 zfs_ioc_pool_export(zfs_cmd_t *zc)
1262 {
1263 int error;
1264 boolean_t force = (boolean_t)zc->zc_cookie;
1265 boolean_t hardforce = (boolean_t)zc->zc_guid;
1266
1267 zfs_log_history(zc);
1268 error = spa_export(zc->zc_name, NULL, force, hardforce);
1269 if (error == 0)
1270 zvol_remove_minors(zc->zc_name);
1271 return (error);
1272 }
1273
1274 static int
1275 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1276 {
1277 nvlist_t *configs;
1278 int error;
1279
1280 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1281 return (EEXIST);
1282
1283 error = put_nvlist(zc, configs);
1284
1285 nvlist_free(configs);
1286
1287 return (error);
1288 }
1289
1290 static int
1291 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1292 {
1293 nvlist_t *config;
1294 int error;
1295 int ret = 0;
1296
1297 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1298 sizeof (zc->zc_value));
1299
1300 if (config != NULL) {
1301 ret = put_nvlist(zc, config);
1302 nvlist_free(config);
1303
1304 /*
1305 * The config may be present even if 'error' is non-zero.
1306 * In this case we return success, and preserve the real errno
1307 * in 'zc_cookie'.
1308 */
1309 zc->zc_cookie = error;
1310 } else {
1311 ret = error;
1312 }
1313
1314 return (ret);
1315 }
1316
1317 /*
1318 * Try to import the given pool, returning pool stats as appropriate so that
1319 * user land knows which devices are available and overall pool health.
1320 */
1321 static int
1322 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1323 {
1324 nvlist_t *tryconfig, *config;
1325 int error;
1326
1327 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1328 zc->zc_iflags, &tryconfig)) != 0)
1329 return (error);
1330
1331 config = spa_tryimport(tryconfig);
1332
1333 nvlist_free(tryconfig);
1334
1335 if (config == NULL)
1336 return (EINVAL);
1337
1338 error = put_nvlist(zc, config);
1339 nvlist_free(config);
1340
1341 return (error);
1342 }
1343
1344 /*
1345 * inputs:
1346 * zc_name name of the pool
1347 * zc_cookie scan func (pool_scan_func_t)
1348 */
1349 static int
1350 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1351 {
1352 spa_t *spa;
1353 int error;
1354
1355 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1356 return (error);
1357
1358 if (zc->zc_cookie == POOL_SCAN_NONE)
1359 error = spa_scan_stop(spa);
1360 else
1361 error = spa_scan(spa, zc->zc_cookie);
1362
1363 spa_close(spa, FTAG);
1364
1365 return (error);
1366 }
1367
1368 static int
1369 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1370 {
1371 spa_t *spa;
1372 int error;
1373
1374 error = spa_open(zc->zc_name, &spa, FTAG);
1375 if (error == 0) {
1376 spa_freeze(spa);
1377 spa_close(spa, FTAG);
1378 }
1379 return (error);
1380 }
1381
1382 static int
1383 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1384 {
1385 spa_t *spa;
1386 int error;
1387
1388 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1389 return (error);
1390
1391 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
1392 spa_close(spa, FTAG);
1393 return (EINVAL);
1394 }
1395
1396 spa_upgrade(spa, zc->zc_cookie);
1397 spa_close(spa, FTAG);
1398
1399 return (error);
1400 }
1401
1402 static int
1403 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1404 {
1405 spa_t *spa;
1406 char *hist_buf;
1407 uint64_t size;
1408 int error;
1409
1410 if ((size = zc->zc_history_len) == 0)
1411 return (EINVAL);
1412
1413 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1414 return (error);
1415
1416 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1417 spa_close(spa, FTAG);
1418 return (ENOTSUP);
1419 }
1420
1421 hist_buf = vmem_alloc(size, KM_SLEEP);
1422 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1423 &zc->zc_history_len, hist_buf)) == 0) {
1424 error = ddi_copyout(hist_buf,
1425 (void *)(uintptr_t)zc->zc_history,
1426 zc->zc_history_len, zc->zc_iflags);
1427 }
1428
1429 spa_close(spa, FTAG);
1430 vmem_free(hist_buf, size);
1431 return (error);
1432 }
1433
1434 static int
1435 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1436 {
1437 spa_t *spa;
1438 int error;
1439
1440 error = spa_open(zc->zc_name, &spa, FTAG);
1441 if (error == 0) {
1442 error = spa_change_guid(spa);
1443 spa_close(spa, FTAG);
1444 }
1445 return (error);
1446 }
1447
1448 static int
1449 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1450 {
1451 int error;
1452
1453 if ((error = dsl_dsobj_to_dsname(zc->zc_name,zc->zc_obj,zc->zc_value)))
1454 return (error);
1455
1456 return (0);
1457 }
1458
1459 /*
1460 * inputs:
1461 * zc_name name of filesystem
1462 * zc_obj object to find
1463 *
1464 * outputs:
1465 * zc_value name of object
1466 */
1467 static int
1468 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1469 {
1470 objset_t *os;
1471 int error;
1472
1473 /* XXX reading from objset not owned */
1474 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1475 return (error);
1476 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1477 dmu_objset_rele(os, FTAG);
1478 return (EINVAL);
1479 }
1480 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1481 sizeof (zc->zc_value));
1482 dmu_objset_rele(os, FTAG);
1483
1484 return (error);
1485 }
1486
1487 /*
1488 * inputs:
1489 * zc_name name of filesystem
1490 * zc_obj object to find
1491 *
1492 * outputs:
1493 * zc_stat stats on object
1494 * zc_value path to object
1495 */
1496 static int
1497 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1498 {
1499 objset_t *os;
1500 int error;
1501
1502 /* XXX reading from objset not owned */
1503 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1504 return (error);
1505 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1506 dmu_objset_rele(os, FTAG);
1507 return (EINVAL);
1508 }
1509 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1510 sizeof (zc->zc_value));
1511 dmu_objset_rele(os, FTAG);
1512
1513 return (error);
1514 }
1515
1516 static int
1517 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1518 {
1519 spa_t *spa;
1520 int error;
1521 nvlist_t *config, **l2cache, **spares;
1522 uint_t nl2cache = 0, nspares = 0;
1523
1524 error = spa_open(zc->zc_name, &spa, FTAG);
1525 if (error != 0)
1526 return (error);
1527
1528 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1529 zc->zc_iflags, &config);
1530 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1531 &l2cache, &nl2cache);
1532
1533 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1534 &spares, &nspares);
1535
1536 /*
1537 * A root pool with concatenated devices is not supported.
1538 * Thus, can not add a device to a root pool.
1539 *
1540 * Intent log device can not be added to a rootpool because
1541 * during mountroot, zil is replayed, a seperated log device
1542 * can not be accessed during the mountroot time.
1543 *
1544 * l2cache and spare devices are ok to be added to a rootpool.
1545 */
1546 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1547 nvlist_free(config);
1548 spa_close(spa, FTAG);
1549 return (EDOM);
1550 }
1551
1552 if (error == 0) {
1553 error = spa_vdev_add(spa, config);
1554 nvlist_free(config);
1555 }
1556 spa_close(spa, FTAG);
1557 return (error);
1558 }
1559
1560 /*
1561 * inputs:
1562 * zc_name name of the pool
1563 * zc_nvlist_conf nvlist of devices to remove
1564 * zc_cookie to stop the remove?
1565 */
1566 static int
1567 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1568 {
1569 spa_t *spa;
1570 int error;
1571
1572 error = spa_open(zc->zc_name, &spa, FTAG);
1573 if (error != 0)
1574 return (error);
1575 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1576 spa_close(spa, FTAG);
1577 return (error);
1578 }
1579
1580 static int
1581 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1582 {
1583 spa_t *spa;
1584 int error;
1585 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1586
1587 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1588 return (error);
1589 switch (zc->zc_cookie) {
1590 case VDEV_STATE_ONLINE:
1591 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1592 break;
1593
1594 case VDEV_STATE_OFFLINE:
1595 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1596 break;
1597
1598 case VDEV_STATE_FAULTED:
1599 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1600 zc->zc_obj != VDEV_AUX_EXTERNAL)
1601 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1602
1603 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1604 break;
1605
1606 case VDEV_STATE_DEGRADED:
1607 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1608 zc->zc_obj != VDEV_AUX_EXTERNAL)
1609 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1610
1611 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1612 break;
1613
1614 default:
1615 error = EINVAL;
1616 }
1617 zc->zc_cookie = newstate;
1618 spa_close(spa, FTAG);
1619 return (error);
1620 }
1621
1622 static int
1623 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1624 {
1625 spa_t *spa;
1626 int replacing = zc->zc_cookie;
1627 nvlist_t *config;
1628 int error;
1629
1630 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1631 return (error);
1632
1633 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1634 zc->zc_iflags, &config)) == 0) {
1635 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1636 nvlist_free(config);
1637 }
1638
1639 spa_close(spa, FTAG);
1640 return (error);
1641 }
1642
1643 static int
1644 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1645 {
1646 spa_t *spa;
1647 int error;
1648
1649 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1650 return (error);
1651
1652 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1653
1654 spa_close(spa, FTAG);
1655 return (error);
1656 }
1657
1658 static int
1659 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1660 {
1661 spa_t *spa;
1662 nvlist_t *config, *props = NULL;
1663 int error;
1664 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1665
1666 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1667 return (error);
1668
1669 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1670 zc->zc_iflags, &config))) {
1671 spa_close(spa, FTAG);
1672 return (error);
1673 }
1674
1675 if (zc->zc_nvlist_src_size != 0 && (error =
1676 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1677 zc->zc_iflags, &props))) {
1678 spa_close(spa, FTAG);
1679 nvlist_free(config);
1680 return (error);
1681 }
1682
1683 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1684
1685 spa_close(spa, FTAG);
1686
1687 nvlist_free(config);
1688 nvlist_free(props);
1689
1690 return (error);
1691 }
1692
1693 static int
1694 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1695 {
1696 spa_t *spa;
1697 char *path = zc->zc_value;
1698 uint64_t guid = zc->zc_guid;
1699 int error;
1700
1701 error = spa_open(zc->zc_name, &spa, FTAG);
1702 if (error != 0)
1703 return (error);
1704
1705 error = spa_vdev_setpath(spa, guid, path);
1706 spa_close(spa, FTAG);
1707 return (error);
1708 }
1709
1710 static int
1711 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1712 {
1713 spa_t *spa;
1714 char *fru = zc->zc_value;
1715 uint64_t guid = zc->zc_guid;
1716 int error;
1717
1718 error = spa_open(zc->zc_name, &spa, FTAG);
1719 if (error != 0)
1720 return (error);
1721
1722 error = spa_vdev_setfru(spa, guid, fru);
1723 spa_close(spa, FTAG);
1724 return (error);
1725 }
1726
1727 static int
1728 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1729 {
1730 int error = 0;
1731 nvlist_t *nv;
1732
1733 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1734
1735 if (zc->zc_nvlist_dst != 0 &&
1736 (error = dsl_prop_get_all(os, &nv)) == 0) {
1737 dmu_objset_stats(os, nv);
1738 /*
1739 * NB: zvol_get_stats() will read the objset contents,
1740 * which we aren't supposed to do with a
1741 * DS_MODE_USER hold, because it could be
1742 * inconsistent. So this is a bit of a workaround...
1743 * XXX reading with out owning
1744 */
1745 if (!zc->zc_objset_stats.dds_inconsistent) {
1746 if (dmu_objset_type(os) == DMU_OST_ZVOL)
1747 error = zvol_get_stats(os, nv);
1748 }
1749 if (error == 0)
1750 error = put_nvlist(zc, nv);
1751 nvlist_free(nv);
1752 }
1753
1754 return (error);
1755 }
1756
1757 /*
1758 * inputs:
1759 * zc_name name of filesystem
1760 * zc_nvlist_dst_size size of buffer for property nvlist
1761 *
1762 * outputs:
1763 * zc_objset_stats stats
1764 * zc_nvlist_dst property nvlist
1765 * zc_nvlist_dst_size size of property nvlist
1766 */
1767 static int
1768 zfs_ioc_objset_stats(zfs_cmd_t *zc)
1769 {
1770 objset_t *os = NULL;
1771 int error;
1772
1773 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1774 return (error);
1775
1776 error = zfs_ioc_objset_stats_impl(zc, os);
1777
1778 dmu_objset_rele(os, FTAG);
1779
1780 return (error);
1781 }
1782
1783 /*
1784 * inputs:
1785 * zc_name name of filesystem
1786 * zc_nvlist_dst_size size of buffer for property nvlist
1787 *
1788 * outputs:
1789 * zc_nvlist_dst received property nvlist
1790 * zc_nvlist_dst_size size of received property nvlist
1791 *
1792 * Gets received properties (distinct from local properties on or after
1793 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1794 * local property values.
1795 */
1796 static int
1797 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1798 {
1799 objset_t *os = NULL;
1800 int error;
1801 nvlist_t *nv;
1802
1803 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1804 return (error);
1805
1806 /*
1807 * Without this check, we would return local property values if the
1808 * caller has not already received properties on or after
1809 * SPA_VERSION_RECVD_PROPS.
1810 */
1811 if (!dsl_prop_get_hasrecvd(os)) {
1812 dmu_objset_rele(os, FTAG);
1813 return (ENOTSUP);
1814 }
1815
1816 if (zc->zc_nvlist_dst != 0 &&
1817 (error = dsl_prop_get_received(os, &nv)) == 0) {
1818 error = put_nvlist(zc, nv);
1819 nvlist_free(nv);
1820 }
1821
1822 dmu_objset_rele(os, FTAG);
1823 return (error);
1824 }
1825
1826 static int
1827 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1828 {
1829 uint64_t value;
1830 int error;
1831
1832 /*
1833 * zfs_get_zplprop() will either find a value or give us
1834 * the default value (if there is one).
1835 */
1836 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1837 return (error);
1838 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1839 return (0);
1840 }
1841
1842 /*
1843 * inputs:
1844 * zc_name name of filesystem
1845 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1846 *
1847 * outputs:
1848 * zc_nvlist_dst zpl property nvlist
1849 * zc_nvlist_dst_size size of zpl property nvlist
1850 */
1851 static int
1852 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1853 {
1854 objset_t *os;
1855 int err;
1856
1857 /* XXX reading without owning */
1858 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
1859 return (err);
1860
1861 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1862
1863 /*
1864 * NB: nvl_add_zplprop() will read the objset contents,
1865 * which we aren't supposed to do with a DS_MODE_USER
1866 * hold, because it could be inconsistent.
1867 */
1868 if (zc->zc_nvlist_dst != 0 &&
1869 !zc->zc_objset_stats.dds_inconsistent &&
1870 dmu_objset_type(os) == DMU_OST_ZFS) {
1871 nvlist_t *nv;
1872
1873 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1874 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1875 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1876 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1877 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1878 err = put_nvlist(zc, nv);
1879 nvlist_free(nv);
1880 } else {
1881 err = ENOENT;
1882 }
1883 dmu_objset_rele(os, FTAG);
1884 return (err);
1885 }
1886
1887 static boolean_t
1888 dataset_name_hidden(const char *name)
1889 {
1890 /*
1891 * Skip over datasets that are not visible in this zone,
1892 * internal datasets (which have a $ in their name), and
1893 * temporary datasets (which have a % in their name).
1894 */
1895 if (strchr(name, '$') != NULL)
1896 return (B_TRUE);
1897 if (strchr(name, '%') != NULL)
1898 return (B_TRUE);
1899 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
1900 return (B_TRUE);
1901 return (B_FALSE);
1902 }
1903
1904 /*
1905 * inputs:
1906 * zc_name name of filesystem
1907 * zc_cookie zap cursor
1908 * zc_nvlist_dst_size size of buffer for property nvlist
1909 *
1910 * outputs:
1911 * zc_name name of next filesystem
1912 * zc_cookie zap cursor
1913 * zc_objset_stats stats
1914 * zc_nvlist_dst property nvlist
1915 * zc_nvlist_dst_size size of property nvlist
1916 */
1917 static int
1918 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1919 {
1920 objset_t *os;
1921 int error;
1922 char *p;
1923 size_t orig_len = strlen(zc->zc_name);
1924
1925 top:
1926 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
1927 if (error == ENOENT)
1928 error = ESRCH;
1929 return (error);
1930 }
1931
1932 p = strrchr(zc->zc_name, '/');
1933 if (p == NULL || p[1] != '\0')
1934 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1935 p = zc->zc_name + strlen(zc->zc_name);
1936
1937 /*
1938 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
1939 * but is not declared void because its called by dmu_objset_find().
1940 */
1941 if (zc->zc_cookie == 0) {
1942 uint64_t cookie = 0;
1943 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
1944
1945 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
1946 if (!dataset_name_hidden(zc->zc_name))
1947 (void) dmu_objset_prefetch(zc->zc_name, NULL);
1948 }
1949 }
1950
1951 do {
1952 error = dmu_dir_list_next(os,
1953 sizeof (zc->zc_name) - (p - zc->zc_name), p,
1954 NULL, &zc->zc_cookie);
1955 if (error == ENOENT)
1956 error = ESRCH;
1957 } while (error == 0 && dataset_name_hidden(zc->zc_name) &&
1958 !(zc->zc_iflags & FKIOCTL));
1959 dmu_objset_rele(os, FTAG);
1960
1961 /*
1962 * If it's an internal dataset (ie. with a '$' in its name),
1963 * don't try to get stats for it, otherwise we'll return ENOENT.
1964 */
1965 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
1966 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
1967 if (error == ENOENT) {
1968 /* We lost a race with destroy, get the next one. */
1969 zc->zc_name[orig_len] = '\0';
1970 goto top;
1971 }
1972 }
1973 return (error);
1974 }
1975
1976 /*
1977 * inputs:
1978 * zc_name name of filesystem
1979 * zc_cookie zap cursor
1980 * zc_nvlist_dst_size size of buffer for property nvlist
1981 *
1982 * outputs:
1983 * zc_name name of next snapshot
1984 * zc_objset_stats stats
1985 * zc_nvlist_dst property nvlist
1986 * zc_nvlist_dst_size size of property nvlist
1987 */
1988 static int
1989 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
1990 {
1991 objset_t *os;
1992 int error;
1993
1994 top:
1995 if (zc->zc_cookie == 0 && !zc->zc_simple)
1996 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
1997 NULL, DS_FIND_SNAPSHOTS);
1998
1999 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2000 if (error)
2001 return (error == ENOENT ? ESRCH : error);
2002
2003 /*
2004 * A dataset name of maximum length cannot have any snapshots,
2005 * so exit immediately.
2006 */
2007 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2008 dmu_objset_rele(os, FTAG);
2009 return (ESRCH);
2010 }
2011
2012 error = dmu_snapshot_list_next(os,
2013 sizeof (zc->zc_name) - strlen(zc->zc_name),
2014 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2015 NULL);
2016
2017 if (error == 0 && !zc->zc_simple) {
2018 dsl_dataset_t *ds;
2019 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2020
2021 /*
2022 * Since we probably don't have a hold on this snapshot,
2023 * it's possible that the objsetid could have been destroyed
2024 * and reused for a new objset. It's OK if this happens during
2025 * a zfs send operation, since the new createtxg will be
2026 * beyond the range we're interested in.
2027 */
2028 rw_enter(&dp->dp_config_rwlock, RW_READER);
2029 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2030 rw_exit(&dp->dp_config_rwlock);
2031 if (error) {
2032 if (error == ENOENT) {
2033 /* Racing with destroy, get the next one. */
2034 *strchr(zc->zc_name, '@') = '\0';
2035 dmu_objset_rele(os, FTAG);
2036 goto top;
2037 }
2038 } else {
2039 objset_t *ossnap;
2040
2041 error = dmu_objset_from_ds(ds, &ossnap);
2042 if (error == 0)
2043 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2044 dsl_dataset_rele(ds, FTAG);
2045 }
2046 } else if (error == ENOENT) {
2047 error = ESRCH;
2048 }
2049
2050 dmu_objset_rele(os, FTAG);
2051 /* if we failed, undo the @ that we tacked on to zc_name */
2052 if (error)
2053 *strchr(zc->zc_name, '@') = '\0';
2054 return (error);
2055 }
2056
2057 static int
2058 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2059 {
2060 const char *propname = nvpair_name(pair);
2061 uint64_t *valary;
2062 unsigned int vallen;
2063 const char *domain;
2064 char *dash;
2065 zfs_userquota_prop_t type;
2066 uint64_t rid;
2067 uint64_t quota;
2068 zfs_sb_t *zsb;
2069 int err;
2070
2071 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2072 nvlist_t *attrs;
2073 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2074 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2075 &pair) != 0)
2076 return (EINVAL);
2077 }
2078
2079 /*
2080 * A correctly constructed propname is encoded as
2081 * userquota@<rid>-<domain>.
2082 */
2083 if ((dash = strchr(propname, '-')) == NULL ||
2084 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2085 vallen != 3)
2086 return (EINVAL);
2087
2088 domain = dash + 1;
2089 type = valary[0];
2090 rid = valary[1];
2091 quota = valary[2];
2092
2093 err = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
2094 if (err == 0) {
2095 err = zfs_set_userquota(zsb, type, domain, rid, quota);
2096 zfs_sb_rele(zsb, FTAG);
2097 }
2098
2099 return (err);
2100 }
2101
2102 /*
2103 * If the named property is one that has a special function to set its value,
2104 * return 0 on success and a positive error code on failure; otherwise if it is
2105 * not one of the special properties handled by this function, return -1.
2106 *
2107 * XXX: It would be better for callers of the property interface if we handled
2108 * these special cases in dsl_prop.c (in the dsl layer).
2109 */
2110 static int
2111 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2112 nvpair_t *pair)
2113 {
2114 const char *propname = nvpair_name(pair);
2115 zfs_prop_t prop = zfs_name_to_prop(propname);
2116 uint64_t intval;
2117 int err;
2118
2119 if (prop == ZPROP_INVAL) {
2120 if (zfs_prop_userquota(propname))
2121 return (zfs_prop_set_userquota(dsname, pair));
2122 return (-1);
2123 }
2124
2125 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2126 nvlist_t *attrs;
2127 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2128 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2129 &pair) == 0);
2130 }
2131
2132 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2133 return (-1);
2134
2135 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2136
2137 switch (prop) {
2138 case ZFS_PROP_QUOTA:
2139 err = dsl_dir_set_quota(dsname, source, intval);
2140 break;
2141 case ZFS_PROP_REFQUOTA:
2142 err = dsl_dataset_set_quota(dsname, source, intval);
2143 break;
2144 case ZFS_PROP_RESERVATION:
2145 err = dsl_dir_set_reservation(dsname, source, intval);
2146 break;
2147 case ZFS_PROP_REFRESERVATION:
2148 err = dsl_dataset_set_reservation(dsname, source, intval);
2149 break;
2150 case ZFS_PROP_VOLSIZE:
2151 err = zvol_set_volsize(dsname, intval);
2152 break;
2153 case ZFS_PROP_VERSION:
2154 {
2155 zfs_sb_t *zsb;
2156
2157 if ((err = zfs_sb_hold(dsname, FTAG, &zsb, B_TRUE)) != 0)
2158 break;
2159
2160 err = zfs_set_version(zsb, intval);
2161 zfs_sb_rele(zsb, FTAG);
2162
2163 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2164 zfs_cmd_t *zc;
2165
2166 zc = kmem_zalloc(sizeof (zfs_cmd_t),
2167 KM_SLEEP | KM_NODEBUG);
2168 (void) strcpy(zc->zc_name, dsname);
2169 (void) zfs_ioc_userspace_upgrade(zc);
2170 kmem_free(zc, sizeof (zfs_cmd_t));
2171 }
2172 break;
2173 }
2174
2175 default:
2176 err = -1;
2177 }
2178
2179 return (err);
2180 }
2181
2182 /*
2183 * This function is best effort. If it fails to set any of the given properties,
2184 * it continues to set as many as it can and returns the first error
2185 * encountered. If the caller provides a non-NULL errlist, it also gives the
2186 * complete list of names of all the properties it failed to set along with the
2187 * corresponding error numbers. The caller is responsible for freeing the
2188 * returned errlist.
2189 *
2190 * If every property is set successfully, zero is returned and the list pointed
2191 * at by errlist is NULL.
2192 */
2193 int
2194 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2195 nvlist_t **errlist)
2196 {
2197 nvpair_t *pair;
2198 nvpair_t *propval;
2199 int rv = 0;
2200 uint64_t intval;
2201 char *strval;
2202 nvlist_t *genericnvl;
2203 nvlist_t *errors;
2204 nvlist_t *retrynvl;
2205
2206 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2207 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2208 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2209
2210 retry:
2211 pair = NULL;
2212 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2213 const char *propname = nvpair_name(pair);
2214 zfs_prop_t prop = zfs_name_to_prop(propname);
2215 int err = 0;
2216
2217 /* decode the property value */
2218 propval = pair;
2219 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2220 nvlist_t *attrs;
2221 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2222 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2223 &propval) != 0)
2224 err = EINVAL;
2225 }
2226
2227 /* Validate value type */
2228 if (err == 0 && prop == ZPROP_INVAL) {
2229 if (zfs_prop_user(propname)) {
2230 if (nvpair_type(propval) != DATA_TYPE_STRING)
2231 err = EINVAL;
2232 } else if (zfs_prop_userquota(propname)) {
2233 if (nvpair_type(propval) !=
2234 DATA_TYPE_UINT64_ARRAY)
2235 err = EINVAL;
2236 }
2237 } else if (err == 0) {
2238 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2239 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2240 err = EINVAL;
2241 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2242 const char *unused;
2243
2244 VERIFY(nvpair_value_uint64(propval,
2245 &intval) == 0);
2246
2247 switch (zfs_prop_get_type(prop)) {
2248 case PROP_TYPE_NUMBER:
2249 break;
2250 case PROP_TYPE_STRING:
2251 err = EINVAL;
2252 break;
2253 case PROP_TYPE_INDEX:
2254 if (zfs_prop_index_to_string(prop,
2255 intval, &unused) != 0)
2256 err = EINVAL;
2257 break;
2258 default:
2259 cmn_err(CE_PANIC,
2260 "unknown property type");
2261 }
2262 } else {
2263 err = EINVAL;
2264 }
2265 }
2266
2267 /* Validate permissions */
2268 if (err == 0)
2269 err = zfs_check_settable(dsname, pair, CRED());
2270
2271 if (err == 0) {
2272 err = zfs_prop_set_special(dsname, source, pair);
2273 if (err == -1) {
2274 /*
2275 * For better performance we build up a list of
2276 * properties to set in a single transaction.
2277 */
2278 err = nvlist_add_nvpair(genericnvl, pair);
2279 } else if (err != 0 && nvl != retrynvl) {
2280 /*
2281 * This may be a spurious error caused by
2282 * receiving quota and reservation out of order.
2283 * Try again in a second pass.
2284 */
2285 err = nvlist_add_nvpair(retrynvl, pair);
2286 }
2287 }
2288
2289 if (err != 0)
2290 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2291 }
2292
2293 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2294 nvl = retrynvl;
2295 goto retry;
2296 }
2297
2298 if (!nvlist_empty(genericnvl) &&
2299 dsl_props_set(dsname, source, genericnvl) != 0) {
2300 /*
2301 * If this fails, we still want to set as many properties as we
2302 * can, so try setting them individually.
2303 */
2304 pair = NULL;
2305 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2306 const char *propname = nvpair_name(pair);
2307 int err = 0;
2308
2309 propval = pair;
2310 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2311 nvlist_t *attrs;
2312 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2313 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2314 &propval) == 0);
2315 }
2316
2317 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2318 VERIFY(nvpair_value_string(propval,
2319 &strval) == 0);
2320 err = dsl_prop_set(dsname, propname, source, 1,
2321 strlen(strval) + 1, strval);
2322 } else {
2323 VERIFY(nvpair_value_uint64(propval,
2324 &intval) == 0);
2325 err = dsl_prop_set(dsname, propname, source, 8,
2326 1, &intval);
2327 }
2328
2329 if (err != 0) {
2330 VERIFY(nvlist_add_int32(errors, propname,
2331 err) == 0);
2332 }
2333 }
2334 }
2335 nvlist_free(genericnvl);
2336 nvlist_free(retrynvl);
2337
2338 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2339 nvlist_free(errors);
2340 errors = NULL;
2341 } else {
2342 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2343 }
2344
2345 if (errlist == NULL)
2346 nvlist_free(errors);
2347 else
2348 *errlist = errors;
2349
2350 return (rv);
2351 }
2352
2353 /*
2354 * Check that all the properties are valid user properties.
2355 */
2356 static int
2357 zfs_check_userprops(char *fsname, nvlist_t *nvl)
2358 {
2359 nvpair_t *pair = NULL;
2360 int error = 0;
2361
2362 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2363 const char *propname = nvpair_name(pair);
2364 char *valstr;
2365
2366 if (!zfs_prop_user(propname) ||
2367 nvpair_type(pair) != DATA_TYPE_STRING)
2368 return (EINVAL);
2369
2370 if ((error = zfs_secpolicy_write_perms(fsname,
2371 ZFS_DELEG_PERM_USERPROP, CRED())))
2372 return (error);
2373
2374 if (strlen(propname) >= ZAP_MAXNAMELEN)
2375 return (ENAMETOOLONG);
2376
2377 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2378 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2379 return (E2BIG);
2380 }
2381 return (0);
2382 }
2383
2384 static void
2385 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2386 {
2387 nvpair_t *pair;
2388
2389 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2390
2391 pair = NULL;
2392 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2393 if (nvlist_exists(skipped, nvpair_name(pair)))
2394 continue;
2395
2396 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2397 }
2398 }
2399
2400 static int
2401 clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2402 nvlist_t *skipped)
2403 {
2404 int err = 0;
2405 nvlist_t *cleared_props = NULL;
2406 props_skip(props, skipped, &cleared_props);
2407 if (!nvlist_empty(cleared_props)) {
2408 /*
2409 * Acts on local properties until the dataset has received
2410 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2411 */
2412 zprop_source_t flags = (ZPROP_SRC_NONE |
2413 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2414 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2415 }
2416 nvlist_free(cleared_props);
2417 return (err);
2418 }
2419
2420 /*
2421 * inputs:
2422 * zc_name name of filesystem
2423 * zc_value name of property to set
2424 * zc_nvlist_src{_size} nvlist of properties to apply
2425 * zc_cookie received properties flag
2426 *
2427 * outputs:
2428 * zc_nvlist_dst{_size} error for each unapplied received property
2429 */
2430 static int
2431 zfs_ioc_set_prop(zfs_cmd_t *zc)
2432 {
2433 nvlist_t *nvl;
2434 boolean_t received = zc->zc_cookie;
2435 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2436 ZPROP_SRC_LOCAL);
2437 nvlist_t *errors = NULL;
2438 int error;
2439
2440 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2441 zc->zc_iflags, &nvl)) != 0)
2442 return (error);
2443
2444 if (received) {
2445 nvlist_t *origprops;
2446 objset_t *os;
2447
2448 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2449 if (dsl_prop_get_received(os, &origprops) == 0) {
2450 (void) clear_received_props(os,
2451 zc->zc_name, origprops, nvl);
2452 nvlist_free(origprops);
2453 }
2454
2455 dsl_prop_set_hasrecvd(os);
2456 dmu_objset_rele(os, FTAG);
2457 }
2458 }
2459
2460 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2461
2462 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2463 (void) put_nvlist(zc, errors);
2464 }
2465
2466 nvlist_free(errors);
2467 nvlist_free(nvl);
2468 return (error);
2469 }
2470
2471 /*
2472 * inputs:
2473 * zc_name name of filesystem
2474 * zc_value name of property to inherit
2475 * zc_cookie revert to received value if TRUE
2476 *
2477 * outputs: none
2478 */
2479 static int
2480 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2481 {
2482 const char *propname = zc->zc_value;
2483 zfs_prop_t prop = zfs_name_to_prop(propname);
2484 boolean_t received = zc->zc_cookie;
2485 zprop_source_t source = (received
2486 ? ZPROP_SRC_NONE /* revert to received value, if any */
2487 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2488
2489 if (received) {
2490 nvlist_t *dummy;
2491 nvpair_t *pair;
2492 zprop_type_t type;
2493 int err;
2494
2495 /*
2496 * zfs_prop_set_special() expects properties in the form of an
2497 * nvpair with type info.
2498 */
2499 if (prop == ZPROP_INVAL) {
2500 if (!zfs_prop_user(propname))
2501 return (EINVAL);
2502
2503 type = PROP_TYPE_STRING;
2504 } else if (prop == ZFS_PROP_VOLSIZE ||
2505 prop == ZFS_PROP_VERSION) {
2506 return (EINVAL);
2507 } else {
2508 type = zfs_prop_get_type(prop);
2509 }
2510
2511 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2512
2513 switch (type) {
2514 case PROP_TYPE_STRING:
2515 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2516 break;
2517 case PROP_TYPE_NUMBER:
2518 case PROP_TYPE_INDEX:
2519 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2520 break;
2521 default:
2522 nvlist_free(dummy);
2523 return (EINVAL);
2524 }
2525
2526 pair = nvlist_next_nvpair(dummy, NULL);
2527 err = zfs_prop_set_special(zc->zc_name, source, pair);
2528 nvlist_free(dummy);
2529 if (err != -1)
2530 return (err); /* special property already handled */
2531 } else {
2532 /*
2533 * Only check this in the non-received case. We want to allow
2534 * 'inherit -S' to revert non-inheritable properties like quota
2535 * and reservation to the received or default values even though
2536 * they are not considered inheritable.
2537 */
2538 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2539 return (EINVAL);
2540 }
2541
2542 /* the property name has been validated by zfs_secpolicy_inherit() */
2543 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2544 }
2545
2546 static int
2547 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2548 {
2549 nvlist_t *props;
2550 spa_t *spa;
2551 int error;
2552 nvpair_t *pair;
2553
2554 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2555 zc->zc_iflags, &props)))
2556 return (error);
2557
2558 /*
2559 * If the only property is the configfile, then just do a spa_lookup()
2560 * to handle the faulted case.
2561 */
2562 pair = nvlist_next_nvpair(props, NULL);
2563 if (pair != NULL && strcmp(nvpair_name(pair),
2564 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2565 nvlist_next_nvpair(props, pair) == NULL) {
2566 mutex_enter(&spa_namespace_lock);
2567 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2568 spa_configfile_set(spa, props, B_FALSE);
2569 spa_config_sync(spa, B_FALSE, B_TRUE);
2570 }
2571 mutex_exit(&spa_namespace_lock);
2572 if (spa != NULL) {
2573 nvlist_free(props);
2574 return (0);
2575 }
2576 }
2577
2578 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2579 nvlist_free(props);
2580 return (error);
2581 }
2582
2583 error = spa_prop_set(spa, props);
2584
2585 nvlist_free(props);
2586 spa_close(spa, FTAG);
2587
2588 return (error);
2589 }
2590
2591 static int
2592 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2593 {
2594 spa_t *spa;
2595 int error;
2596 nvlist_t *nvp = NULL;
2597
2598 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2599 /*
2600 * If the pool is faulted, there may be properties we can still
2601 * get (such as altroot and cachefile), so attempt to get them
2602 * anyway.
2603 */
2604 mutex_enter(&spa_namespace_lock);
2605 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2606 error = spa_prop_get(spa, &nvp);
2607 mutex_exit(&spa_namespace_lock);
2608 } else {
2609 error = spa_prop_get(spa, &nvp);
2610 spa_close(spa, FTAG);
2611 }
2612
2613 if (error == 0 && zc->zc_nvlist_dst != 0)
2614 error = put_nvlist(zc, nvp);
2615 else
2616 error = EFAULT;
2617
2618 nvlist_free(nvp);
2619 return (error);
2620 }
2621
2622 /*
2623 * inputs:
2624 * zc_name name of volume
2625 *
2626 * outputs: none
2627 */
2628 static int
2629 zfs_ioc_create_minor(zfs_cmd_t *zc)
2630 {
2631 return (zvol_create_minor(zc->zc_name));
2632 }
2633
2634 /*
2635 * inputs:
2636 * zc_name name of volume
2637 *
2638 * outputs: none
2639 */
2640 static int
2641 zfs_ioc_remove_minor(zfs_cmd_t *zc)
2642 {
2643 return (zvol_remove_minor(zc->zc_name));
2644 }
2645
2646 /*
2647 * inputs:
2648 * zc_name name of filesystem
2649 * zc_nvlist_src{_size} nvlist of delegated permissions
2650 * zc_perm_action allow/unallow flag
2651 *
2652 * outputs: none
2653 */
2654 static int
2655 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2656 {
2657 int error;
2658 nvlist_t *fsaclnv = NULL;
2659
2660 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2661 zc->zc_iflags, &fsaclnv)) != 0)
2662 return (error);
2663
2664 /*
2665 * Verify nvlist is constructed correctly
2666 */
2667 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2668 nvlist_free(fsaclnv);
2669 return (EINVAL);
2670 }
2671
2672 /*
2673 * If we don't have PRIV_SYS_MOUNT, then validate
2674 * that user is allowed to hand out each permission in
2675 * the nvlist(s)
2676 */
2677
2678 error = secpolicy_zfs(CRED());
2679 if (error) {
2680 if (zc->zc_perm_action == B_FALSE) {
2681 error = dsl_deleg_can_allow(zc->zc_name,
2682 fsaclnv, CRED());
2683 } else {
2684 error = dsl_deleg_can_unallow(zc->zc_name,
2685 fsaclnv, CRED());
2686 }
2687 }
2688
2689 if (error == 0)
2690 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2691
2692 nvlist_free(fsaclnv);
2693 return (error);
2694 }
2695
2696 /*
2697 * inputs:
2698 * zc_name name of filesystem
2699 *
2700 * outputs:
2701 * zc_nvlist_src{_size} nvlist of delegated permissions
2702 */
2703 static int
2704 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2705 {
2706 nvlist_t *nvp;
2707 int error;
2708
2709 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2710 error = put_nvlist(zc, nvp);
2711 nvlist_free(nvp);
2712 }
2713
2714 return (error);
2715 }
2716
2717 /* ARGSUSED */
2718 static void
2719 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2720 {
2721 zfs_creat_t *zct = arg;
2722
2723 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2724 }
2725
2726 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2727
2728 /*
2729 * inputs:
2730 * createprops list of properties requested by creator
2731 * default_zplver zpl version to use if unspecified in createprops
2732 * fuids_ok fuids allowed in this version of the spa?
2733 * os parent objset pointer (NULL if root fs)
2734 *
2735 * outputs:
2736 * zplprops values for the zplprops we attach to the master node object
2737 * is_ci true if requested file system will be purely case-insensitive
2738 *
2739 * Determine the settings for utf8only, normalization and
2740 * casesensitivity. Specific values may have been requested by the
2741 * creator and/or we can inherit values from the parent dataset. If
2742 * the file system is of too early a vintage, a creator can not
2743 * request settings for these properties, even if the requested
2744 * setting is the default value. We don't actually want to create dsl
2745 * properties for these, so remove them from the source nvlist after
2746 * processing.
2747 */
2748 static int
2749 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2750 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2751 nvlist_t *zplprops, boolean_t *is_ci)
2752 {
2753 uint64_t sense = ZFS_PROP_UNDEFINED;
2754 uint64_t norm = ZFS_PROP_UNDEFINED;
2755 uint64_t u8 = ZFS_PROP_UNDEFINED;
2756 int error;
2757
2758 ASSERT(zplprops != NULL);
2759
2760 /*
2761 * Pull out creator prop choices, if any.
2762 */
2763 if (createprops) {
2764 (void) nvlist_lookup_uint64(createprops,
2765 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2766 (void) nvlist_lookup_uint64(createprops,
2767 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2768 (void) nvlist_remove_all(createprops,
2769 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2770 (void) nvlist_lookup_uint64(createprops,
2771 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2772 (void) nvlist_remove_all(createprops,
2773 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2774 (void) nvlist_lookup_uint64(createprops,
2775 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2776 (void) nvlist_remove_all(createprops,
2777 zfs_prop_to_name(ZFS_PROP_CASE));
2778 }
2779
2780 /*
2781 * If the zpl version requested is whacky or the file system
2782 * or pool is version is too "young" to support normalization
2783 * and the creator tried to set a value for one of the props,
2784 * error out.
2785 */
2786 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2787 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2788 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2789 (zplver < ZPL_VERSION_NORMALIZATION &&
2790 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2791 sense != ZFS_PROP_UNDEFINED)))
2792 return (ENOTSUP);
2793
2794 /*
2795 * Put the version in the zplprops
2796 */
2797 VERIFY(nvlist_add_uint64(zplprops,
2798 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2799
2800 if (norm == ZFS_PROP_UNDEFINED &&
2801 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
2802 return (error);
2803 VERIFY(nvlist_add_uint64(zplprops,
2804 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2805
2806 /*
2807 * If we're normalizing, names must always be valid UTF-8 strings.
2808 */
2809 if (norm)
2810 u8 = 1;
2811 if (u8 == ZFS_PROP_UNDEFINED &&
2812 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
2813 return (error);
2814 VERIFY(nvlist_add_uint64(zplprops,
2815 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2816
2817 if (sense == ZFS_PROP_UNDEFINED &&
2818 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
2819 return (error);
2820 VERIFY(nvlist_add_uint64(zplprops,
2821 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2822
2823 if (is_ci)
2824 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2825
2826 return (0);
2827 }
2828
2829 static int
2830 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2831 nvlist_t *zplprops, boolean_t *is_ci)
2832 {
2833 boolean_t fuids_ok, sa_ok;
2834 uint64_t zplver = ZPL_VERSION;
2835 objset_t *os = NULL;
2836 char parentname[MAXNAMELEN];
2837 char *cp;
2838 spa_t *spa;
2839 uint64_t spa_vers;
2840 int error;
2841
2842 (void) strlcpy(parentname, dataset, sizeof (parentname));
2843 cp = strrchr(parentname, '/');
2844 ASSERT(cp != NULL);
2845 cp[0] = '\0';
2846
2847 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2848 return (error);
2849
2850 spa_vers = spa_version(spa);
2851 spa_close(spa, FTAG);
2852
2853 zplver = zfs_zpl_version_map(spa_vers);
2854 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2855 sa_ok = (zplver >= ZPL_VERSION_SA);
2856
2857 /*
2858 * Open parent object set so we can inherit zplprop values.
2859 */
2860 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2861 return (error);
2862
2863 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2864 zplprops, is_ci);
2865 dmu_objset_rele(os, FTAG);
2866 return (error);
2867 }
2868
2869 static int
2870 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2871 nvlist_t *zplprops, boolean_t *is_ci)
2872 {
2873 boolean_t fuids_ok;
2874 boolean_t sa_ok;
2875 uint64_t zplver = ZPL_VERSION;
2876 int error;
2877
2878 zplver = zfs_zpl_version_map(spa_vers);
2879 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2880 sa_ok = (zplver >= ZPL_VERSION_SA);
2881
2882 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2883 createprops, zplprops, is_ci);
2884 return (error);
2885 }
2886
2887 /*
2888 * inputs:
2889 * zc_objset_type type of objset to create (fs vs zvol)
2890 * zc_name name of new objset
2891 * zc_value name of snapshot to clone from (may be empty)
2892 * zc_nvlist_src{_size} nvlist of properties to apply
2893 *
2894 * outputs: none
2895 */
2896 static int
2897 zfs_ioc_create(zfs_cmd_t *zc)
2898 {
2899 objset_t *clone;
2900 int error = 0;
2901 zfs_creat_t zct;
2902 nvlist_t *nvprops = NULL;
2903 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2904 dmu_objset_type_t type = zc->zc_objset_type;
2905
2906 switch (type) {
2907
2908 case DMU_OST_ZFS:
2909 cbfunc = zfs_create_cb;
2910 break;
2911
2912 case DMU_OST_ZVOL:
2913 cbfunc = zvol_create_cb;
2914 break;
2915
2916 default:
2917 cbfunc = NULL;
2918 break;
2919 }
2920 if (strchr(zc->zc_name, '@') ||
2921 strchr(zc->zc_name, '%'))
2922 return (EINVAL);
2923
2924 if (zc->zc_nvlist_src != 0 &&
2925 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2926 zc->zc_iflags, &nvprops)) != 0)
2927 return (error);
2928
2929 zct.zct_zplprops = NULL;
2930 zct.zct_props = nvprops;
2931
2932 if (zc->zc_value[0] != '\0') {
2933 /*
2934 * We're creating a clone of an existing snapshot.
2935 */
2936 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2937 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2938 nvlist_free(nvprops);
2939 return (EINVAL);
2940 }
2941
2942 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2943 if (error) {
2944 nvlist_free(nvprops);
2945 return (error);
2946 }
2947
2948 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
2949 dmu_objset_rele(clone, FTAG);
2950 if (error) {
2951 nvlist_free(nvprops);
2952 return (error);
2953 }
2954 } else {
2955 boolean_t is_insensitive = B_FALSE;
2956
2957 if (cbfunc == NULL) {
2958 nvlist_free(nvprops);
2959 return (EINVAL);
2960 }
2961
2962 if (type == DMU_OST_ZVOL) {
2963 uint64_t volsize, volblocksize;
2964
2965 if (nvprops == NULL ||
2966 nvlist_lookup_uint64(nvprops,
2967 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
2968 &volsize) != 0) {
2969 nvlist_free(nvprops);
2970 return (EINVAL);
2971 }
2972
2973 if ((error = nvlist_lookup_uint64(nvprops,
2974 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
2975 &volblocksize)) != 0 && error != ENOENT) {
2976 nvlist_free(nvprops);
2977 return (EINVAL);
2978 }
2979
2980 if (error != 0)
2981 volblocksize = zfs_prop_default_numeric(
2982 ZFS_PROP_VOLBLOCKSIZE);
2983
2984 if ((error = zvol_check_volblocksize(
2985 volblocksize)) != 0 ||
2986 (error = zvol_check_volsize(volsize,
2987 volblocksize)) != 0) {
2988 nvlist_free(nvprops);
2989 return (error);
2990 }
2991 } else if (type == DMU_OST_ZFS) {
2992 int error;
2993
2994 /*
2995 * We have to have normalization and
2996 * case-folding flags correct when we do the
2997 * file system creation, so go figure them out
2998 * now.
2999 */
3000 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3001 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3002 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3003 zct.zct_zplprops, &is_insensitive);
3004 if (error != 0) {
3005 nvlist_free(nvprops);
3006 nvlist_free(zct.zct_zplprops);
3007 return (error);
3008 }
3009 }
3010 error = dmu_objset_create(zc->zc_name, type,
3011 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3012 nvlist_free(zct.zct_zplprops);
3013 }
3014
3015 /*
3016 * It would be nice to do this atomically.
3017 */
3018 if (error == 0) {
3019 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3020 nvprops, NULL);
3021 if (error != 0)
3022 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3023 }
3024 nvlist_free(nvprops);
3025 return (error);
3026 }
3027
3028 /*
3029 * inputs:
3030 * zc_name name of filesystem
3031 * zc_value short name of snapshot
3032 * zc_cookie recursive flag
3033 * zc_nvlist_src[_size] property list
3034 *
3035 * outputs:
3036 * zc_value short snapname (i.e. part after the '@')
3037 */
3038 static int
3039 zfs_ioc_snapshot(zfs_cmd_t *zc)
3040 {
3041 nvlist_t *nvprops = NULL;
3042 int error;
3043 boolean_t recursive = zc->zc_cookie;
3044
3045 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3046 return (EINVAL);
3047
3048 if (zc->zc_nvlist_src != 0 &&
3049 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3050 zc->zc_iflags, &nvprops)) != 0)
3051 return (error);
3052
3053 error = zfs_check_userprops(zc->zc_name, nvprops);
3054 if (error)
3055 goto out;
3056
3057 if (!nvlist_empty(nvprops) &&
3058 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3059 error = ENOTSUP;
3060 goto out;
3061 }
3062
3063 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3064 nvprops, recursive, B_FALSE, -1);
3065
3066 out:
3067 nvlist_free(nvprops);
3068 return (error);
3069 }
3070
3071 /*
3072 * inputs:
3073 * name dataset name, or when 'arg == NULL' the full snapshot name
3074 * arg short snapshot name (i.e. part after the '@')
3075 */
3076 int
3077 zfs_unmount_snap(const char *name, void *arg)
3078 {
3079 zfs_sb_t *zsb = NULL;
3080 char *dsname;
3081 char *snapname;
3082 char *fullname;
3083 char *ptr;
3084 int error;
3085
3086 if (arg) {
3087 dsname = strdup(name);
3088 snapname = strdup(arg);
3089 } else {
3090 ptr = strchr(name, '@');
3091 if (ptr) {
3092 dsname = strdup(name);
3093 dsname[ptr - name] = '\0';
3094 snapname = strdup(ptr + 1);
3095 } else {
3096 return (0);
3097 }
3098 }
3099
3100 fullname = kmem_asprintf("%s@%s", dsname, snapname);
3101
3102 error = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
3103 if (error == 0) {
3104 error = zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
3105 zfs_sb_rele(zsb, FTAG);
3106
3107 /* Allow ENOENT for consistency with upstream */
3108 if (error == ENOENT)
3109 error = 0;
3110 }
3111
3112 strfree(dsname);
3113 strfree(snapname);
3114 strfree(fullname);
3115
3116 return (error);
3117 }
3118
3119 /*
3120 * inputs:
3121 * zc_name name of filesystem
3122 * zc_value short name of snapshot
3123 * zc_defer_destroy mark for deferred destroy
3124 *
3125 * outputs: none
3126 */
3127 static int
3128 zfs_ioc_destroy_snaps(zfs_cmd_t *zc)
3129 {
3130 int err;
3131
3132 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3133 return (EINVAL);
3134 err = dmu_objset_find(zc->zc_name,
3135 zfs_unmount_snap, zc->zc_value, DS_FIND_CHILDREN);
3136 if (err)
3137 return (err);
3138 return (dmu_snapshots_destroy(zc->zc_name, zc->zc_value,
3139 zc->zc_defer_destroy));
3140 }
3141
3142 /*
3143 * inputs:
3144 * zc_name name of dataset to destroy
3145 * zc_objset_type type of objset
3146 * zc_defer_destroy mark for deferred destroy
3147 *
3148 * outputs: none
3149 */
3150 static int
3151 zfs_ioc_destroy(zfs_cmd_t *zc)
3152 {
3153 int err;
3154 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3155 err = zfs_unmount_snap(zc->zc_name, NULL);
3156 if (err)
3157 return (err);
3158 }
3159
3160 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3161 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3162 (void) zvol_remove_minor(zc->zc_name);
3163 return (err);
3164 }
3165
3166 /*
3167 * inputs:
3168 * zc_name name of dataset to rollback (to most recent snapshot)
3169 *
3170 * outputs: none
3171 */
3172 static int
3173 zfs_ioc_rollback(zfs_cmd_t *zc)
3174 {
3175 dsl_dataset_t *ds, *clone;
3176 int error;
3177 zfs_sb_t *zsb;
3178 char *clone_name;
3179
3180 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3181 if (error)
3182 return (error);
3183
3184 /* must not be a snapshot */
3185 if (dsl_dataset_is_snapshot(ds)) {
3186 dsl_dataset_rele(ds, FTAG);
3187 return (EINVAL);
3188 }
3189
3190 /* must have a most recent snapshot */
3191 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3192 dsl_dataset_rele(ds, FTAG);
3193 return (EINVAL);
3194 }
3195
3196 /*
3197 * Create clone of most recent snapshot.
3198 */
3199 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3200 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3201 if (error)
3202 goto out;
3203
3204 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3205 if (error)
3206 goto out;
3207
3208 /*
3209 * Do clone swap.
3210 */
3211 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
3212 error = zfs_suspend_fs(zsb);
3213 if (error == 0) {
3214 int resume_err;
3215
3216 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3217 error = dsl_dataset_clone_swap(clone, ds,
3218 B_TRUE);
3219 dsl_dataset_disown(ds, FTAG);
3220 ds = NULL;
3221 } else {
3222 error = EBUSY;
3223 }
3224 resume_err = zfs_resume_fs(zsb, zc->zc_name);
3225 error = error ? error : resume_err;
3226 }
3227 deactivate_super(zsb->z_sb);
3228 } else {
3229 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3230 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3231 dsl_dataset_disown(ds, FTAG);
3232 ds = NULL;
3233 } else {
3234 error = EBUSY;
3235 }
3236 }
3237
3238 /*
3239 * Destroy clone (which also closes it).
3240 */
3241 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3242
3243 out:
3244 strfree(clone_name);
3245 if (ds)
3246 dsl_dataset_rele(ds, FTAG);
3247 return (error);
3248 }
3249
3250 /*
3251 * inputs:
3252 * zc_name old name of dataset
3253 * zc_value new name of dataset
3254 * zc_cookie recursive flag (only valid for snapshots)
3255 *
3256 * outputs: none
3257 */
3258 static int
3259 zfs_ioc_rename(zfs_cmd_t *zc)
3260 {
3261 boolean_t recursive = zc->zc_cookie & 1;
3262 int err;
3263
3264 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3265 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3266 strchr(zc->zc_value, '%'))
3267 return (EINVAL);
3268
3269 /*
3270 * Unmount snapshot unless we're doing a recursive rename,
3271 * in which case the dataset code figures out which snapshots
3272 * to unmount.
3273 */
3274 if (!recursive && strchr(zc->zc_name, '@') != NULL &&
3275 zc->zc_objset_type == DMU_OST_ZFS) {
3276 err = zfs_unmount_snap(zc->zc_name, NULL);
3277 if (err)
3278 return (err);
3279 }
3280
3281 err = dmu_objset_rename(zc->zc_name, zc->zc_value, recursive);
3282 if ((err == 0) && (zc->zc_objset_type == DMU_OST_ZVOL)) {
3283 (void) zvol_remove_minor(zc->zc_name);
3284 (void) zvol_create_minor(zc->zc_value);
3285 }
3286
3287 return (err);
3288 }
3289
3290 static int
3291 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3292 {
3293 const char *propname = nvpair_name(pair);
3294 boolean_t issnap = (strchr(dsname, '@') != NULL);
3295 zfs_prop_t prop = zfs_name_to_prop(propname);
3296 uint64_t intval;
3297 int err;
3298
3299 if (prop == ZPROP_INVAL) {
3300 if (zfs_prop_user(propname)) {
3301 if ((err = zfs_secpolicy_write_perms(dsname,
3302 ZFS_DELEG_PERM_USERPROP, cr)))
3303 return (err);
3304 return (0);
3305 }
3306
3307 if (!issnap && zfs_prop_userquota(propname)) {
3308 const char *perm = NULL;
3309 const char *uq_prefix =
3310 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3311 const char *gq_prefix =
3312 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3313
3314 if (strncmp(propname, uq_prefix,
3315 strlen(uq_prefix)) == 0) {
3316 perm = ZFS_DELEG_PERM_USERQUOTA;
3317 } else if (strncmp(propname, gq_prefix,
3318 strlen(gq_prefix)) == 0) {
3319 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3320 } else {
3321 /* USERUSED and GROUPUSED are read-only */
3322 return (EINVAL);
3323 }
3324
3325 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3326 return (err);
3327 return (0);
3328 }
3329
3330 return (EINVAL);
3331 }
3332
3333 if (issnap)
3334 return (EINVAL);
3335
3336 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3337 /*
3338 * dsl_prop_get_all_impl() returns properties in this
3339 * format.
3340 */
3341 nvlist_t *attrs;
3342 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3343 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3344 &pair) == 0);
3345 }
3346
3347 /*
3348 * Check that this value is valid for this pool version
3349 */
3350 switch (prop) {
3351 case ZFS_PROP_COMPRESSION:
3352 /*
3353 * If the user specified gzip compression, make sure
3354 * the SPA supports it. We ignore any errors here since
3355 * we'll catch them later.
3356 */
3357 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3358 nvpair_value_uint64(pair, &intval) == 0) {
3359 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3360 intval <= ZIO_COMPRESS_GZIP_9 &&
3361 zfs_earlier_version(dsname,
3362 SPA_VERSION_GZIP_COMPRESSION)) {
3363 return (ENOTSUP);
3364 }
3365
3366 if (intval == ZIO_COMPRESS_ZLE &&
3367 zfs_earlier_version(dsname,
3368 SPA_VERSION_ZLE_COMPRESSION))
3369 return (ENOTSUP);
3370
3371 /*
3372 * If this is a bootable dataset then
3373 * verify that the compression algorithm
3374 * is supported for booting. We must return
3375 * something other than ENOTSUP since it
3376 * implies a downrev pool version.
3377 */
3378 if (zfs_is_bootfs(dsname) &&
3379 !BOOTFS_COMPRESS_VALID(intval)) {
3380 return (ERANGE);
3381 }
3382 }
3383 break;
3384
3385 case ZFS_PROP_COPIES:
3386 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3387 return (ENOTSUP);
3388 break;
3389
3390 case ZFS_PROP_DEDUP:
3391 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3392 return (ENOTSUP);
3393 break;
3394
3395 case ZFS_PROP_SHARESMB:
3396 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3397 return (ENOTSUP);
3398 break;
3399
3400 case ZFS_PROP_ACLINHERIT:
3401 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3402 nvpair_value_uint64(pair, &intval) == 0) {
3403 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3404 zfs_earlier_version(dsname,
3405 SPA_VERSION_PASSTHROUGH_X))
3406 return (ENOTSUP);
3407 }
3408 break;
3409 default:
3410 break;
3411 }
3412
3413 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3414 }
3415
3416 /*
3417 * Removes properties from the given props list that fail permission checks
3418 * needed to clear them and to restore them in case of a receive error. For each
3419 * property, make sure we have both set and inherit permissions.
3420 *
3421 * Returns the first error encountered if any permission checks fail. If the
3422 * caller provides a non-NULL errlist, it also gives the complete list of names
3423 * of all the properties that failed a permission check along with the
3424 * corresponding error numbers. The caller is responsible for freeing the
3425 * returned errlist.
3426 *
3427 * If every property checks out successfully, zero is returned and the list
3428 * pointed at by errlist is NULL.
3429 */
3430 static int
3431 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3432 {
3433 zfs_cmd_t *zc;
3434 nvpair_t *pair, *next_pair;
3435 nvlist_t *errors;
3436 int err, rv = 0;
3437
3438 if (props == NULL)
3439 return (0);
3440
3441 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3442
3443 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
3444 (void) strcpy(zc->zc_name, dataset);
3445 pair = nvlist_next_nvpair(props, NULL);
3446 while (pair != NULL) {
3447 next_pair = nvlist_next_nvpair(props, pair);
3448
3449 (void) strcpy(zc->zc_value, nvpair_name(pair));
3450 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3451 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3452 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3453 VERIFY(nvlist_add_int32(errors,
3454 zc->zc_value, err) == 0);
3455 }
3456 pair = next_pair;
3457 }
3458 kmem_free(zc, sizeof (zfs_cmd_t));
3459
3460 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3461 nvlist_free(errors);
3462 errors = NULL;
3463 } else {
3464 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3465 }
3466
3467 if (errlist == NULL)
3468 nvlist_free(errors);
3469 else
3470 *errlist = errors;
3471
3472 return (rv);
3473 }
3474
3475 static boolean_t
3476 propval_equals(nvpair_t *p1, nvpair_t *p2)
3477 {
3478 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3479 /* dsl_prop_get_all_impl() format */
3480 nvlist_t *attrs;
3481 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3482 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3483 &p1) == 0);
3484 }
3485
3486 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3487 nvlist_t *attrs;
3488 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3489 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3490 &p2) == 0);
3491 }
3492
3493 if (nvpair_type(p1) != nvpair_type(p2))
3494 return (B_FALSE);
3495
3496 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3497 char *valstr1, *valstr2;
3498
3499 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3500 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3501 return (strcmp(valstr1, valstr2) == 0);
3502 } else {
3503 uint64_t intval1, intval2;
3504
3505 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3506 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3507 return (intval1 == intval2);
3508 }
3509 }
3510
3511 /*
3512 * Remove properties from props if they are not going to change (as determined
3513 * by comparison with origprops). Remove them from origprops as well, since we
3514 * do not need to clear or restore properties that won't change.
3515 */
3516 static void
3517 props_reduce(nvlist_t *props, nvlist_t *origprops)
3518 {
3519 nvpair_t *pair, *next_pair;
3520
3521 if (origprops == NULL)
3522 return; /* all props need to be received */
3523
3524 pair = nvlist_next_nvpair(props, NULL);
3525 while (pair != NULL) {
3526 const char *propname = nvpair_name(pair);
3527 nvpair_t *match;
3528
3529 next_pair = nvlist_next_nvpair(props, pair);
3530
3531 if ((nvlist_lookup_nvpair(origprops, propname,
3532 &match) != 0) || !propval_equals(pair, match))
3533 goto next; /* need to set received value */
3534
3535 /* don't clear the existing received value */
3536 (void) nvlist_remove_nvpair(origprops, match);
3537 /* don't bother receiving the property */
3538 (void) nvlist_remove_nvpair(props, pair);
3539 next:
3540 pair = next_pair;
3541 }
3542 }
3543
3544 #ifdef DEBUG
3545 static boolean_t zfs_ioc_recv_inject_err;
3546 #endif
3547
3548 /*
3549 * inputs:
3550 * zc_name name of containing filesystem
3551 * zc_nvlist_src{_size} nvlist of properties to apply
3552 * zc_value name of snapshot to create
3553 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3554 * zc_cookie file descriptor to recv from
3555 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3556 * zc_guid force flag
3557 * zc_cleanup_fd cleanup-on-exit file descriptor
3558 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3559 *
3560 * outputs:
3561 * zc_cookie number of bytes read
3562 * zc_nvlist_dst{_size} error for each unapplied received property
3563 * zc_obj zprop_errflags_t
3564 * zc_action_handle handle for this guid/ds mapping
3565 */
3566 static int
3567 zfs_ioc_recv(zfs_cmd_t *zc)
3568 {
3569 file_t *fp;
3570 objset_t *os;
3571 dmu_recv_cookie_t drc;
3572 boolean_t force = (boolean_t)zc->zc_guid;
3573 int fd;
3574 int error = 0;
3575 int props_error = 0;
3576 nvlist_t *errors;
3577 offset_t off;
3578 nvlist_t *props = NULL; /* sent properties */
3579 nvlist_t *origprops = NULL; /* existing properties */
3580 objset_t *origin = NULL;
3581 char *tosnap;
3582 char tofs[ZFS_MAXNAMELEN];
3583 boolean_t first_recvd_props = B_FALSE;
3584
3585 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3586 strchr(zc->zc_value, '@') == NULL ||
3587 strchr(zc->zc_value, '%'))
3588 return (EINVAL);
3589
3590 (void) strcpy(tofs, zc->zc_value);
3591 tosnap = strchr(tofs, '@');
3592 *tosnap++ = '\0';
3593
3594 if (zc->zc_nvlist_src != 0 &&
3595 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3596 zc->zc_iflags, &props)) != 0)
3597 return (error);
3598
3599 fd = zc->zc_cookie;
3600 fp = getf(fd);
3601 if (fp == NULL) {
3602 nvlist_free(props);
3603 return (EBADF);
3604 }
3605
3606 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3607
3608 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3609 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3610 !dsl_prop_get_hasrecvd(os)) {
3611 first_recvd_props = B_TRUE;
3612 }
3613
3614 /*
3615 * If new received properties are supplied, they are to
3616 * completely replace the existing received properties, so stash
3617 * away the existing ones.
3618 */
3619 if (dsl_prop_get_received(os, &origprops) == 0) {
3620 nvlist_t *errlist = NULL;
3621 /*
3622 * Don't bother writing a property if its value won't
3623 * change (and avoid the unnecessary security checks).
3624 *
3625 * The first receive after SPA_VERSION_RECVD_PROPS is a
3626 * special case where we blow away all local properties
3627 * regardless.
3628 */
3629 if (!first_recvd_props)
3630 props_reduce(props, origprops);
3631 if (zfs_check_clearable(tofs, origprops,
3632 &errlist) != 0)
3633 (void) nvlist_merge(errors, errlist, 0);
3634 nvlist_free(errlist);
3635 }
3636
3637 dmu_objset_rele(os, FTAG);
3638 }
3639
3640 if (zc->zc_string[0]) {
3641 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3642 if (error)
3643 goto out;
3644 }
3645
3646 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3647 &zc->zc_begin_record, force, origin, &drc);
3648 if (origin)
3649 dmu_objset_rele(origin, FTAG);
3650 if (error)
3651 goto out;
3652
3653 /*
3654 * Set properties before we receive the stream so that they are applied
3655 * to the new data. Note that we must call dmu_recv_stream() if
3656 * dmu_recv_begin() succeeds.
3657 */
3658 if (props) {
3659 nvlist_t *errlist;
3660
3661 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3662 if (drc.drc_newfs) {
3663 if (spa_version(os->os_spa) >=
3664 SPA_VERSION_RECVD_PROPS)
3665 first_recvd_props = B_TRUE;
3666 } else if (origprops != NULL) {
3667 if (clear_received_props(os, tofs, origprops,
3668 first_recvd_props ? NULL : props) != 0)
3669 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3670 } else {
3671 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3672 }
3673 dsl_prop_set_hasrecvd(os);
3674 } else if (!drc.drc_newfs) {
3675 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3676 }
3677
3678 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3679 props, &errlist);
3680 (void) nvlist_merge(errors, errlist, 0);
3681 nvlist_free(errlist);
3682 }
3683
3684 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3685 /*
3686 * Caller made zc->zc_nvlist_dst less than the minimum expected
3687 * size or supplied an invalid address.
3688 */
3689 props_error = EINVAL;
3690 }
3691
3692 off = fp->f_offset;
3693 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
3694 &zc->zc_action_handle);
3695
3696 if (error == 0) {
3697 zfs_sb_t *zsb = NULL;
3698
3699 if (get_zfs_sb(tofs, &zsb) == 0) {
3700 /* online recv */
3701 int end_err;
3702
3703 error = zfs_suspend_fs(zsb);
3704 /*
3705 * If the suspend fails, then the recv_end will
3706 * likely also fail, and clean up after itself.
3707 */
3708 end_err = dmu_recv_end(&drc);
3709 if (error == 0)
3710 error = zfs_resume_fs(zsb, tofs);
3711 error = error ? error : end_err;
3712 deactivate_super(zsb->z_sb);
3713 } else {
3714 error = dmu_recv_end(&drc);
3715 }
3716 }
3717
3718 zc->zc_cookie = off - fp->f_offset;
3719 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3720 fp->f_offset = off;
3721
3722 #ifdef DEBUG
3723 if (zfs_ioc_recv_inject_err) {
3724 zfs_ioc_recv_inject_err = B_FALSE;
3725 error = 1;
3726 }
3727 #endif
3728 /*
3729 * On error, restore the original props.
3730 */
3731 if (error && props) {
3732 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3733 if (clear_received_props(os, tofs, props, NULL) != 0) {
3734 /*
3735 * We failed to clear the received properties.
3736 * Since we may have left a $recvd value on the
3737 * system, we can't clear the $hasrecvd flag.
3738 */
3739 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3740 } else if (first_recvd_props) {
3741 dsl_prop_unset_hasrecvd(os);
3742 }
3743 dmu_objset_rele(os, FTAG);
3744 } else if (!drc.drc_newfs) {
3745 /* We failed to clear the received properties. */
3746 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3747 }
3748
3749 if (origprops == NULL && !drc.drc_newfs) {
3750 /* We failed to stash the original properties. */
3751 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3752 }
3753
3754 /*
3755 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3756 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3757 * explictly if we're restoring local properties cleared in the
3758 * first new-style receive.
3759 */
3760 if (origprops != NULL &&
3761 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3762 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3763 origprops, NULL) != 0) {
3764 /*
3765 * We stashed the original properties but failed to
3766 * restore them.
3767 */
3768 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3769 }
3770 }
3771 out:
3772 nvlist_free(props);
3773 nvlist_free(origprops);
3774 nvlist_free(errors);
3775 releasef(fd);
3776
3777 if (error == 0)
3778 error = props_error;
3779
3780 return (error);
3781 }
3782
3783 /*
3784 * inputs:
3785 * zc_name name of snapshot to send
3786 * zc_cookie file descriptor to send stream to
3787 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3788 * zc_sendobj objsetid of snapshot to send
3789 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3790 *
3791 * outputs: none
3792 */
3793 static int
3794 zfs_ioc_send(zfs_cmd_t *zc)
3795 {
3796 objset_t *fromsnap = NULL;
3797 objset_t *tosnap;
3798 file_t *fp;
3799 int error;
3800 offset_t off;
3801 dsl_dataset_t *ds;
3802 dsl_dataset_t *dsfrom = NULL;
3803 spa_t *spa;
3804 dsl_pool_t *dp;
3805
3806 error = spa_open(zc->zc_name, &spa, FTAG);
3807 if (error)
3808 return (error);
3809
3810 dp = spa_get_dsl(spa);
3811 rw_enter(&dp->dp_config_rwlock, RW_READER);
3812 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3813 rw_exit(&dp->dp_config_rwlock);
3814 if (error) {
3815 spa_close(spa, FTAG);
3816 return (error);
3817 }
3818
3819 error = dmu_objset_from_ds(ds, &tosnap);
3820 if (error) {
3821 dsl_dataset_rele(ds, FTAG);
3822 spa_close(spa, FTAG);
3823 return (error);
3824 }
3825
3826 if (zc->zc_fromobj != 0) {
3827 rw_enter(&dp->dp_config_rwlock, RW_READER);
3828 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3829 rw_exit(&dp->dp_config_rwlock);
3830 spa_close(spa, FTAG);
3831 if (error) {
3832 dsl_dataset_rele(ds, FTAG);
3833 return (error);
3834 }
3835 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3836 if (error) {
3837 dsl_dataset_rele(dsfrom, FTAG);
3838 dsl_dataset_rele(ds, FTAG);
3839 return (error);
3840 }
3841 } else {
3842 spa_close(spa, FTAG);
3843 }
3844
3845 fp = getf(zc->zc_cookie);
3846 if (fp == NULL) {
3847 dsl_dataset_rele(ds, FTAG);
3848 if (dsfrom)
3849 dsl_dataset_rele(dsfrom, FTAG);
3850 return (EBADF);
3851 }
3852
3853 off = fp->f_offset;
3854 error = dmu_sendbackup(tosnap, fromsnap, zc->zc_obj, fp->f_vnode, &off);
3855
3856 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
3857 fp->f_offset = off;
3858 releasef(zc->zc_cookie);
3859 if (dsfrom)
3860 dsl_dataset_rele(dsfrom, FTAG);
3861 dsl_dataset_rele(ds, FTAG);
3862 return (error);
3863 }
3864
3865 static int
3866 zfs_ioc_inject_fault(zfs_cmd_t *zc)
3867 {
3868 int id, error;
3869
3870 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
3871 &zc->zc_inject_record);
3872
3873 if (error == 0)
3874 zc->zc_guid = (uint64_t)id;
3875
3876 return (error);
3877 }
3878
3879 static int
3880 zfs_ioc_clear_fault(zfs_cmd_t *zc)
3881 {
3882 return (zio_clear_fault((int)zc->zc_guid));
3883 }
3884
3885 static int
3886 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
3887 {
3888 int id = (int)zc->zc_guid;
3889 int error;
3890
3891 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
3892 &zc->zc_inject_record);
3893
3894 zc->zc_guid = id;
3895
3896 return (error);
3897 }
3898
3899 static int
3900 zfs_ioc_error_log(zfs_cmd_t *zc)
3901 {
3902 spa_t *spa;
3903 int error;
3904 size_t count = (size_t)zc->zc_nvlist_dst_size;
3905
3906 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
3907 return (error);
3908
3909 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
3910 &count);
3911 if (error == 0)
3912 zc->zc_nvlist_dst_size = count;
3913 else
3914 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
3915
3916 spa_close(spa, FTAG);
3917
3918 return (error);
3919 }
3920
3921 static int
3922 zfs_ioc_clear(zfs_cmd_t *zc)
3923 {
3924 spa_t *spa;
3925 vdev_t *vd;
3926 int error;
3927
3928 /*
3929 * On zpool clear we also fix up missing slogs
3930 */
3931 mutex_enter(&spa_namespace_lock);
3932 spa = spa_lookup(zc->zc_name);
3933 if (spa == NULL) {
3934 mutex_exit(&spa_namespace_lock);
3935 return (EIO);
3936 }
3937 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
3938 /* we need to let spa_open/spa_load clear the chains */
3939 spa_set_log_state(spa, SPA_LOG_CLEAR);
3940 }
3941 spa->spa_last_open_failed = 0;
3942 mutex_exit(&spa_namespace_lock);
3943
3944 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
3945 error = spa_open(zc->zc_name, &spa, FTAG);
3946 } else {
3947 nvlist_t *policy;
3948 nvlist_t *config = NULL;
3949
3950 if (zc->zc_nvlist_src == 0)
3951 return (EINVAL);
3952
3953 if ((error = get_nvlist(zc->zc_nvlist_src,
3954 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
3955 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
3956 policy, &config);
3957 if (config != NULL) {
3958 int err;
3959
3960 if ((err = put_nvlist(zc, config)) != 0)
3961 error = err;
3962 nvlist_free(config);
3963 }
3964 nvlist_free(policy);
3965 }
3966 }
3967
3968 if (error)
3969 return (error);
3970
3971 spa_vdev_state_enter(spa, SCL_NONE);
3972
3973 if (zc->zc_guid == 0) {
3974 vd = NULL;
3975 } else {
3976 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
3977 if (vd == NULL) {
3978 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
3979 spa_close(spa, FTAG);
3980 return (ENODEV);
3981 }
3982 }
3983
3984 vdev_clear(spa, vd);
3985
3986 (void) spa_vdev_state_exit(spa, NULL, 0);
3987
3988 /*
3989 * Resume any suspended I/Os.
3990 */
3991 if (zio_resume(spa) != 0)
3992 error = EIO;
3993
3994 spa_close(spa, FTAG);
3995
3996 return (error);
3997 }
3998
3999 /*
4000 * inputs:
4001 * zc_name name of filesystem
4002 * zc_value name of origin snapshot
4003 *
4004 * outputs:
4005 * zc_string name of conflicting snapshot, if there is one
4006 */
4007 static int
4008 zfs_ioc_promote(zfs_cmd_t *zc)
4009 {
4010 char *cp;
4011
4012 /*
4013 * We don't need to unmount *all* the origin fs's snapshots, but
4014 * it's easier.
4015 */
4016 cp = strchr(zc->zc_value, '@');
4017 if (cp)
4018 *cp = '\0';
4019 (void) dmu_objset_find(zc->zc_value,
4020 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4021 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4022 }
4023
4024 /*
4025 * Retrieve a single {user|group}{used|quota}@... property.
4026 *
4027 * inputs:
4028 * zc_name name of filesystem
4029 * zc_objset_type zfs_userquota_prop_t
4030 * zc_value domain name (eg. "S-1-234-567-89")
4031 * zc_guid RID/UID/GID
4032 *
4033 * outputs:
4034 * zc_cookie property value
4035 */
4036 static int
4037 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4038 {
4039 zfs_sb_t *zsb;
4040 int error;
4041
4042 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4043 return (EINVAL);
4044
4045 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4046 if (error)
4047 return (error);
4048
4049 error = zfs_userspace_one(zsb,
4050 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4051 zfs_sb_rele(zsb, FTAG);
4052
4053 return (error);
4054 }
4055
4056 /*
4057 * inputs:
4058 * zc_name name of filesystem
4059 * zc_cookie zap cursor
4060 * zc_objset_type zfs_userquota_prop_t
4061 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4062 *
4063 * outputs:
4064 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4065 * zc_cookie zap cursor
4066 */
4067 static int
4068 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4069 {
4070 zfs_sb_t *zsb;
4071 int bufsize = zc->zc_nvlist_dst_size;
4072 int error;
4073 void *buf;
4074
4075 if (bufsize <= 0)
4076 return (ENOMEM);
4077
4078 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4079 if (error)
4080 return (error);
4081
4082 buf = vmem_alloc(bufsize, KM_SLEEP);
4083
4084 error = zfs_userspace_many(zsb, zc->zc_objset_type, &zc->zc_cookie,
4085 buf, &zc->zc_nvlist_dst_size);
4086
4087 if (error == 0) {
4088 error = xcopyout(buf,
4089 (void *)(uintptr_t)zc->zc_nvlist_dst,
4090 zc->zc_nvlist_dst_size);
4091 }
4092 vmem_free(buf, bufsize);
4093 zfs_sb_rele(zsb, FTAG);
4094
4095 return (error);
4096 }
4097
4098 /*
4099 * inputs:
4100 * zc_name name of filesystem
4101 *
4102 * outputs:
4103 * none
4104 */
4105 static int
4106 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4107 {
4108 objset_t *os;
4109 int error = 0;
4110 zfs_sb_t *zsb;
4111
4112 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
4113 if (!dmu_objset_userused_enabled(zsb->z_os)) {
4114 /*
4115 * If userused is not enabled, it may be because the
4116 * objset needs to be closed & reopened (to grow the
4117 * objset_phys_t). Suspend/resume the fs will do that.
4118 */
4119 error = zfs_suspend_fs(zsb);
4120 if (error == 0)
4121 error = zfs_resume_fs(zsb, zc->zc_name);
4122 }
4123 if (error == 0)
4124 error = dmu_objset_userspace_upgrade(zsb->z_os);
4125 deactivate_super(zsb->z_sb);
4126 } else {
4127 /* XXX kind of reading contents without owning */
4128 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4129 if (error)
4130 return (error);
4131
4132 error = dmu_objset_userspace_upgrade(os);
4133 dmu_objset_rele(os, FTAG);
4134 }
4135
4136 return (error);
4137 }
4138
4139 static int
4140 zfs_ioc_share(zfs_cmd_t *zc)
4141 {
4142 return (ENOSYS);
4143 }
4144
4145 ace_t full_access[] = {
4146 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4147 };
4148
4149 /*
4150 * inputs:
4151 * zc_name name of containing filesystem
4152 * zc_obj object # beyond which we want next in-use object #
4153 *
4154 * outputs:
4155 * zc_obj next in-use object #
4156 */
4157 static int
4158 zfs_ioc_next_obj(zfs_cmd_t *zc)
4159 {
4160 objset_t *os = NULL;
4161 int error;
4162
4163 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4164 if (error)
4165 return (error);
4166
4167 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4168 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4169
4170 dmu_objset_rele(os, FTAG);
4171 return (error);
4172 }
4173
4174 /*
4175 * inputs:
4176 * zc_name name of filesystem
4177 * zc_value prefix name for snapshot
4178 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4179 *
4180 * outputs:
4181 */
4182 static int
4183 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4184 {
4185 char *snap_name;
4186 int error;
4187
4188 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4189 (u_longlong_t)ddi_get_lbolt64());
4190
4191 if (strlen(snap_name) >= MAXNAMELEN) {
4192 strfree(snap_name);
4193 return (E2BIG);
4194 }
4195
4196 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4197 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4198 if (error != 0) {
4199 strfree(snap_name);
4200 return (error);
4201 }
4202
4203 (void) strcpy(zc->zc_value, snap_name);
4204 strfree(snap_name);
4205 return (0);
4206 }
4207
4208 /*
4209 * inputs:
4210 * zc_name name of "to" snapshot
4211 * zc_value name of "from" snapshot
4212 * zc_cookie file descriptor to write diff data on
4213 *
4214 * outputs:
4215 * dmu_diff_record_t's to the file descriptor
4216 */
4217 static int
4218 zfs_ioc_diff(zfs_cmd_t *zc)
4219 {
4220 objset_t *fromsnap;
4221 objset_t *tosnap;
4222 file_t *fp;
4223 offset_t off;
4224 int error;
4225
4226 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4227 if (error)
4228 return (error);
4229
4230 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4231 if (error) {
4232 dmu_objset_rele(tosnap, FTAG);
4233 return (error);
4234 }
4235
4236 fp = getf(zc->zc_cookie);
4237 if (fp == NULL) {
4238 dmu_objset_rele(fromsnap, FTAG);
4239 dmu_objset_rele(tosnap, FTAG);
4240 return (EBADF);
4241 }
4242
4243 off = fp->f_offset;
4244
4245 error = dmu_diff(tosnap, fromsnap, fp->f_vnode, &off);
4246
4247 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4248 fp->f_offset = off;
4249 releasef(zc->zc_cookie);
4250
4251 dmu_objset_rele(fromsnap, FTAG);
4252 dmu_objset_rele(tosnap, FTAG);
4253 return (error);
4254 }
4255
4256 /*
4257 * Remove all ACL files in shares dir
4258 */
4259 #ifdef HAVE_SMB_SHARE
4260 static int
4261 zfs_smb_acl_purge(znode_t *dzp)
4262 {
4263 zap_cursor_t zc;
4264 zap_attribute_t zap;
4265 zfs_sb_t *zsb = ZTOZSB(dzp);
4266 int error;
4267
4268 for (zap_cursor_init(&zc, zsb->z_os, dzp->z_id);
4269 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4270 zap_cursor_advance(&zc)) {
4271 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4272 NULL, 0)) != 0)
4273 break;
4274 }
4275 zap_cursor_fini(&zc);
4276 return (error);
4277 }
4278 #endif /* HAVE_SMB_SHARE */
4279
4280 static int
4281 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4282 {
4283 #ifdef HAVE_SMB_SHARE
4284 vnode_t *vp;
4285 znode_t *dzp;
4286 vnode_t *resourcevp = NULL;
4287 znode_t *sharedir;
4288 zfs_sb_t *zsb;
4289 nvlist_t *nvlist;
4290 char *src, *target;
4291 vattr_t vattr;
4292 vsecattr_t vsec;
4293 int error = 0;
4294
4295 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4296 NO_FOLLOW, NULL, &vp)) != 0)
4297 return (error);
4298
4299 /* Now make sure mntpnt and dataset are ZFS */
4300
4301 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4302 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4303 zc->zc_name) != 0)) {
4304 VN_RELE(vp);
4305 return (EINVAL);
4306 }
4307
4308 dzp = VTOZ(vp);
4309 zsb = ZTOZSB(dzp);
4310 ZFS_ENTER(zsb);
4311
4312 /*
4313 * Create share dir if its missing.
4314 */
4315 mutex_enter(&zsb->z_lock);
4316 if (zsb->z_shares_dir == 0) {
4317 dmu_tx_t *tx;
4318
4319 tx = dmu_tx_create(zsb->z_os);
4320 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4321 ZFS_SHARES_DIR);
4322 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4323 error = dmu_tx_assign(tx, TXG_WAIT);
4324 if (error) {
4325 dmu_tx_abort(tx);
4326 } else {
4327 error = zfs_create_share_dir(zsb, tx);
4328 dmu_tx_commit(tx);
4329 }
4330 if (error) {
4331 mutex_exit(&zsb->z_lock);
4332 VN_RELE(vp);
4333 ZFS_EXIT(zsb);
4334 return (error);
4335 }
4336 }
4337 mutex_exit(&zsb->z_lock);
4338
4339 ASSERT(zsb->z_shares_dir);
4340 if ((error = zfs_zget(zsb, zsb->z_shares_dir, &sharedir)) != 0) {
4341 VN_RELE(vp);
4342 ZFS_EXIT(zsb);
4343 return (error);
4344 }
4345
4346 switch (zc->zc_cookie) {
4347 case ZFS_SMB_ACL_ADD:
4348 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4349 vattr.va_mode = S_IFREG|0777;
4350 vattr.va_uid = 0;
4351 vattr.va_gid = 0;
4352
4353 vsec.vsa_mask = VSA_ACE;
4354 vsec.vsa_aclentp = &full_access;
4355 vsec.vsa_aclentsz = sizeof (full_access);
4356 vsec.vsa_aclcnt = 1;
4357
4358 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4359 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4360 if (resourcevp)
4361 VN_RELE(resourcevp);
4362 break;
4363
4364 case ZFS_SMB_ACL_REMOVE:
4365 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4366 NULL, 0);
4367 break;
4368
4369 case ZFS_SMB_ACL_RENAME:
4370 if ((error = get_nvlist(zc->zc_nvlist_src,
4371 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4372 VN_RELE(vp);
4373 ZFS_EXIT(zsb);
4374 return (error);
4375 }
4376 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4377 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4378 &target)) {
4379 VN_RELE(vp);
4380 VN_RELE(ZTOV(sharedir));
4381 ZFS_EXIT(zsb);
4382 nvlist_free(nvlist);
4383 return (error);
4384 }
4385 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4386 kcred, NULL, 0);
4387 nvlist_free(nvlist);
4388 break;
4389
4390 case ZFS_SMB_ACL_PURGE:
4391 error = zfs_smb_acl_purge(sharedir);
4392 break;
4393
4394 default:
4395 error = EINVAL;
4396 break;
4397 }
4398
4399 VN_RELE(vp);
4400 VN_RELE(ZTOV(sharedir));
4401
4402 ZFS_EXIT(zsb);
4403
4404 return (error);
4405 #else
4406 return (ENOTSUP);
4407 #endif /* HAVE_SMB_SHARE */
4408 }
4409
4410 /*
4411 * inputs:
4412 * zc_name name of filesystem
4413 * zc_value short name of snap
4414 * zc_string user-supplied tag for this hold
4415 * zc_cookie recursive flag
4416 * zc_temphold set if hold is temporary
4417 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4418 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4419 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4420 *
4421 * outputs: none
4422 */
4423 static int
4424 zfs_ioc_hold(zfs_cmd_t *zc)
4425 {
4426 boolean_t recursive = zc->zc_cookie;
4427 spa_t *spa;
4428 dsl_pool_t *dp;
4429 dsl_dataset_t *ds;
4430 int error;
4431 minor_t minor = 0;
4432
4433 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4434 return (EINVAL);
4435
4436 if (zc->zc_sendobj == 0) {
4437 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4438 zc->zc_string, recursive, zc->zc_temphold,
4439 zc->zc_cleanup_fd));
4440 }
4441
4442 if (recursive)
4443 return (EINVAL);
4444
4445 error = spa_open(zc->zc_name, &spa, FTAG);
4446 if (error)
4447 return (error);
4448
4449 dp = spa_get_dsl(spa);
4450 rw_enter(&dp->dp_config_rwlock, RW_READER);
4451 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4452 rw_exit(&dp->dp_config_rwlock);
4453 spa_close(spa, FTAG);
4454 if (error)
4455 return (error);
4456
4457 /*
4458 * Until we have a hold on this snapshot, it's possible that
4459 * zc_sendobj could've been destroyed and reused as part
4460 * of a later txg. Make sure we're looking at the right object.
4461 */
4462 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4463 dsl_dataset_rele(ds, FTAG);
4464 return (ENOENT);
4465 }
4466
4467 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4468 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4469 if (error) {
4470 dsl_dataset_rele(ds, FTAG);
4471 return (error);
4472 }
4473 }
4474
4475 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4476 zc->zc_temphold);
4477 if (minor != 0) {
4478 if (error == 0) {
4479 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4480 minor);
4481 }
4482 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4483 }
4484 dsl_dataset_rele(ds, FTAG);
4485
4486 return (error);
4487 }
4488
4489 /*
4490 * inputs:
4491 * zc_name name of dataset from which we're releasing a user hold
4492 * zc_value short name of snap
4493 * zc_string user-supplied tag for this hold
4494 * zc_cookie recursive flag
4495 *
4496 * outputs: none
4497 */
4498 static int
4499 zfs_ioc_release(zfs_cmd_t *zc)
4500 {
4501 boolean_t recursive = zc->zc_cookie;
4502
4503 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4504 return (EINVAL);
4505
4506 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4507 zc->zc_string, recursive));
4508 }
4509
4510 /*
4511 * inputs:
4512 * zc_name name of filesystem
4513 *
4514 * outputs:
4515 * zc_nvlist_src{_size} nvlist of snapshot holds
4516 */
4517 static int
4518 zfs_ioc_get_holds(zfs_cmd_t *zc)
4519 {
4520 nvlist_t *nvp;
4521 int error;
4522
4523 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4524 error = put_nvlist(zc, nvp);
4525 nvlist_free(nvp);
4526 }
4527
4528 return (error);
4529 }
4530
4531 /*
4532 * inputs:
4533 * zc_guid flags (ZEVENT_NONBLOCK)
4534 *
4535 * outputs:
4536 * zc_nvlist_dst next nvlist event
4537 * zc_cookie dropped events since last get
4538 * zc_cleanup_fd cleanup-on-exit file descriptor
4539 */
4540 static int
4541 zfs_ioc_events_next(zfs_cmd_t *zc)
4542 {
4543 zfs_zevent_t *ze;
4544 nvlist_t *event = NULL;
4545 minor_t minor;
4546 uint64_t dropped = 0;
4547 int error;
4548
4549 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
4550 if (error != 0)
4551 return (error);
4552
4553 do {
4554 error = zfs_zevent_next(ze, &event,
4555 &zc->zc_nvlist_dst_size, &dropped);
4556 if (event != NULL) {
4557 zc->zc_cookie = dropped;
4558 error = put_nvlist(zc, event);
4559 nvlist_free(event);
4560 }
4561
4562 if (zc->zc_guid & ZEVENT_NONBLOCK)
4563 break;
4564
4565 if ((error == 0) || (error != ENOENT))
4566 break;
4567
4568 error = zfs_zevent_wait(ze);
4569 if (error)
4570 break;
4571 } while (1);
4572
4573 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
4574
4575 return (error);
4576 }
4577
4578 /*
4579 * outputs:
4580 * zc_cookie cleared events count
4581 */
4582 static int
4583 zfs_ioc_events_clear(zfs_cmd_t *zc)
4584 {
4585 int count;
4586
4587 zfs_zevent_drain_all(&count);
4588 zc->zc_cookie = count;
4589
4590 return 0;
4591 }
4592
4593 /*
4594 * pool create, destroy, and export don't log the history as part of
4595 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4596 * do the logging of those commands.
4597 */
4598 static zfs_ioc_vec_t zfs_ioc_vec[] = {
4599 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4600 POOL_CHECK_NONE },
4601 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4602 POOL_CHECK_NONE },
4603 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4604 POOL_CHECK_NONE },
4605 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4606 POOL_CHECK_NONE },
4607 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4608 POOL_CHECK_NONE },
4609 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4610 POOL_CHECK_NONE },
4611 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4612 POOL_CHECK_NONE },
4613 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4614 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4615 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4616 POOL_CHECK_READONLY },
4617 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4618 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4619 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4620 POOL_CHECK_NONE },
4621 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4622 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4623 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4624 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4625 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4626 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4627 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4628 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4629 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4630 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4631 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4632 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4633 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4634 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4635 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4636 POOL_CHECK_SUSPENDED },
4637 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4638 POOL_CHECK_NONE },
4639 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4640 POOL_CHECK_SUSPENDED },
4641 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4642 POOL_CHECK_SUSPENDED },
4643 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE,
4644 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4645 { zfs_ioc_create_minor, zfs_secpolicy_config, DATASET_NAME, B_FALSE,
4646 POOL_CHECK_NONE },
4647 { zfs_ioc_remove_minor, zfs_secpolicy_config, DATASET_NAME, B_FALSE,
4648 POOL_CHECK_NONE },
4649 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE,
4650 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4651 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4652 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4653 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4654 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4655 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE,
4656 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4657 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE,
4658 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4659 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_TRUE,
4660 POOL_CHECK_NONE },
4661 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4662 POOL_CHECK_NONE },
4663 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4664 POOL_CHECK_NONE },
4665 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4666 POOL_CHECK_NONE },
4667 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4668 POOL_CHECK_NONE },
4669 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4670 POOL_CHECK_NONE },
4671 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4672 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4673 { zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, DATASET_NAME,
4674 B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4675 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4676 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4677 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4678 POOL_CHECK_NONE },
4679 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4680 POOL_CHECK_SUSPENDED },
4681 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4682 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4683 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4684 POOL_CHECK_NONE },
4685 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4686 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4687 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4688 POOL_CHECK_NONE },
4689 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE,
4690 POOL_CHECK_NONE },
4691 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4692 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4693 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4694 POOL_CHECK_NONE },
4695 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one, DATASET_NAME,
4696 B_FALSE, POOL_CHECK_NONE },
4697 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many, DATASET_NAME,
4698 B_FALSE, POOL_CHECK_NONE },
4699 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4700 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4701 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE,
4702 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4703 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4704 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4705 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4706 POOL_CHECK_SUSPENDED },
4707 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4708 POOL_CHECK_NONE },
4709 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4710 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4711 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4712 POOL_CHECK_NONE },
4713 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4714 POOL_CHECK_NONE },
4715 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
4716 B_FALSE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4717 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4718 POOL_CHECK_SUSPENDED },
4719 { zfs_ioc_pool_reguid, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4720 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY },
4721 { zfs_ioc_events_next, zfs_secpolicy_config, NO_NAME, B_FALSE,
4722 POOL_CHECK_NONE },
4723 { zfs_ioc_events_clear, zfs_secpolicy_config, NO_NAME, B_FALSE,
4724 POOL_CHECK_NONE }
4725 };
4726
4727 int
4728 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
4729 zfs_ioc_poolcheck_t check)
4730 {
4731 spa_t *spa;
4732 int error;
4733
4734 ASSERT(type == POOL_NAME || type == DATASET_NAME);
4735
4736 if (check & POOL_CHECK_NONE)
4737 return (0);
4738
4739 error = spa_open(name, &spa, FTAG);
4740 if (error == 0) {
4741 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
4742 error = EAGAIN;
4743 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
4744 error = EROFS;
4745 spa_close(spa, FTAG);
4746 }
4747 return (error);
4748 }
4749
4750 static void *
4751 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
4752 {
4753 zfsdev_state_t *zs;
4754
4755 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4756
4757 for (zs = list_head(&zfsdev_state_list); zs != NULL;
4758 zs = list_next(&zfsdev_state_list, zs)) {
4759 if (zs->zs_minor == minor) {
4760 switch (which) {
4761 case ZST_ONEXIT: return (zs->zs_onexit);
4762 case ZST_ZEVENT: return (zs->zs_zevent);
4763 case ZST_ALL: return (zs);
4764 }
4765 }
4766 }
4767
4768 return NULL;
4769 }
4770
4771 void *
4772 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
4773 {
4774 void *ptr;
4775
4776 mutex_enter(&zfsdev_state_lock);
4777 ptr = zfsdev_get_state_impl(minor, which);
4778 mutex_exit(&zfsdev_state_lock);
4779
4780 return ptr;
4781 }
4782
4783 minor_t
4784 zfsdev_getminor(struct file *filp)
4785 {
4786 ASSERT(filp != NULL);
4787 ASSERT(filp->private_data != NULL);
4788
4789 return (((zfsdev_state_t *)filp->private_data)->zs_minor);
4790 }
4791
4792 /*
4793 * Find a free minor number. The zfsdev_state_list is expected to
4794 * be short since it is only a list of currently open file handles.
4795 */
4796 minor_t
4797 zfsdev_minor_alloc(void)
4798 {
4799 static minor_t last_minor = 0;
4800 minor_t m;
4801
4802 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4803
4804 for (m = last_minor + 1; m != last_minor; m++) {
4805 if (m > ZFSDEV_MAX_MINOR)
4806 m = 1;
4807 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
4808 last_minor = m;
4809 return (m);
4810 }
4811 }
4812
4813 return (0);
4814 }
4815
4816 static int
4817 zfsdev_state_init(struct file *filp)
4818 {
4819 zfsdev_state_t *zs;
4820 minor_t minor;
4821
4822 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4823
4824 minor = zfsdev_minor_alloc();
4825 if (minor == 0)
4826 return (ENXIO);
4827
4828 zs = kmem_zalloc( sizeof(zfsdev_state_t), KM_SLEEP);
4829 if (zs == NULL)
4830 return (ENOMEM);
4831
4832 zs->zs_file = filp;
4833 zs->zs_minor = minor;
4834 filp->private_data = zs;
4835
4836 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
4837 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
4838
4839 list_insert_tail(&zfsdev_state_list, zs);
4840
4841 return (0);
4842 }
4843
4844 static int
4845 zfsdev_state_destroy(struct file *filp)
4846 {
4847 zfsdev_state_t *zs;
4848
4849 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
4850 ASSERT(filp->private_data != NULL);
4851
4852 zs = filp->private_data;
4853 zfs_onexit_destroy(zs->zs_onexit);
4854 zfs_zevent_destroy(zs->zs_zevent);
4855
4856 list_remove(&zfsdev_state_list, zs);
4857 kmem_free(zs, sizeof(zfsdev_state_t));
4858
4859 return 0;
4860 }
4861
4862 static int
4863 zfsdev_open(struct inode *ino, struct file *filp)
4864 {
4865 int error;
4866
4867 mutex_enter(&zfsdev_state_lock);
4868 error = zfsdev_state_init(filp);
4869 mutex_exit(&zfsdev_state_lock);
4870
4871 return (-error);
4872 }
4873
4874 static int
4875 zfsdev_release(struct inode *ino, struct file *filp)
4876 {
4877 int error;
4878
4879 mutex_enter(&zfsdev_state_lock);
4880 error = zfsdev_state_destroy(filp);
4881 mutex_exit(&zfsdev_state_lock);
4882
4883 return (-error);
4884 }
4885
4886 static long
4887 zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
4888 {
4889 zfs_cmd_t *zc;
4890 uint_t vec;
4891 int error, rc, flag = 0;
4892
4893 vec = cmd - ZFS_IOC;
4894 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
4895 return (-EINVAL);
4896
4897 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP | KM_NODEBUG);
4898
4899 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
4900 if (error != 0)
4901 error = EFAULT;
4902
4903 if ((error == 0) && !(flag & FKIOCTL))
4904 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, CRED());
4905
4906 /*
4907 * Ensure that all pool/dataset names are valid before we pass down to
4908 * the lower layers.
4909 */
4910 if (error == 0) {
4911 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4912 zc->zc_iflags = flag & FKIOCTL;
4913 switch (zfs_ioc_vec[vec].zvec_namecheck) {
4914 case POOL_NAME:
4915 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
4916 error = EINVAL;
4917 error = pool_status_check(zc->zc_name,
4918 zfs_ioc_vec[vec].zvec_namecheck,
4919 zfs_ioc_vec[vec].zvec_pool_check);
4920 break;
4921
4922 case DATASET_NAME:
4923 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
4924 error = EINVAL;
4925 error = pool_status_check(zc->zc_name,
4926 zfs_ioc_vec[vec].zvec_namecheck,
4927 zfs_ioc_vec[vec].zvec_pool_check);
4928 break;
4929
4930 case NO_NAME:
4931 break;
4932 }
4933 }
4934
4935 if (error == 0)
4936 error = zfs_ioc_vec[vec].zvec_func(zc);
4937
4938 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
4939 if (error == 0) {
4940 if (rc != 0)
4941 error = EFAULT;
4942 if (zfs_ioc_vec[vec].zvec_his_log)
4943 zfs_log_history(zc);
4944 }
4945
4946 kmem_free(zc, sizeof (zfs_cmd_t));
4947 return (-error);
4948 }
4949
4950 #ifdef CONFIG_COMPAT
4951 static long
4952 zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
4953 {
4954 return zfsdev_ioctl(filp, cmd, arg);
4955 }
4956 #else
4957 #define zfsdev_compat_ioctl NULL
4958 #endif
4959
4960 static const struct file_operations zfsdev_fops = {
4961 .open = zfsdev_open,
4962 .release = zfsdev_release,
4963 .unlocked_ioctl = zfsdev_ioctl,
4964 .compat_ioctl = zfsdev_compat_ioctl,
4965 .owner = THIS_MODULE,
4966 };
4967
4968 static struct miscdevice zfs_misc = {
4969 .minor = MISC_DYNAMIC_MINOR,
4970 .name = ZFS_DRIVER,
4971 .fops = &zfsdev_fops,
4972 };
4973
4974 static int
4975 zfs_attach(void)
4976 {
4977 int error;
4978
4979 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
4980 list_create(&zfsdev_state_list, sizeof (zfsdev_state_t),
4981 offsetof(zfsdev_state_t, zs_next));
4982
4983 error = misc_register(&zfs_misc);
4984 if (error) {
4985 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
4986 return (error);
4987 }
4988
4989 return (0);
4990 }
4991
4992 static void
4993 zfs_detach(void)
4994 {
4995 int error;
4996
4997 error = misc_deregister(&zfs_misc);
4998 if (error)
4999 printk(KERN_INFO "ZFS: misc_deregister() failed %d\n", error);
5000
5001 mutex_destroy(&zfsdev_state_lock);
5002 list_destroy(&zfsdev_state_list);
5003 }
5004
5005 uint_t zfs_fsyncer_key;
5006 extern uint_t rrw_tsd_key;
5007
5008 #ifdef DEBUG
5009 #define ZFS_DEBUG_STR " (DEBUG mode)"
5010 #else
5011 #define ZFS_DEBUG_STR ""
5012 #endif
5013
5014 int
5015 _init(void)
5016 {
5017 int error;
5018
5019 spa_init(FREAD | FWRITE);
5020 zfs_init();
5021
5022 if ((error = zvol_init()) != 0)
5023 goto out1;
5024
5025 if ((error = zfs_attach()) != 0)
5026 goto out2;
5027
5028 tsd_create(&zfs_fsyncer_key, NULL);
5029 tsd_create(&rrw_tsd_key, NULL);
5030
5031 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
5032 "ZFS pool version %s, ZFS filesystem version %s\n",
5033 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
5034 SPA_VERSION_STRING, ZPL_VERSION_STRING);
5035
5036 return (0);
5037
5038 out2:
5039 (void) zvol_fini();
5040 out1:
5041 zfs_fini();
5042 spa_fini();
5043 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
5044 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
5045 ZFS_DEBUG_STR, error);
5046
5047 return (error);
5048 }
5049
5050 int
5051 _fini(void)
5052 {
5053 zfs_detach();
5054 zvol_fini();
5055 zfs_fini();
5056 spa_fini();
5057
5058 tsd_destroy(&zfs_fsyncer_key);
5059 tsd_destroy(&rrw_tsd_key);
5060
5061 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
5062 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
5063
5064 return (0);
5065 }
5066
5067 #ifdef HAVE_SPL
5068 spl_module_init(_init);
5069 spl_module_exit(_fini);
5070
5071 MODULE_DESCRIPTION("ZFS");
5072 MODULE_AUTHOR(ZFS_META_AUTHOR);
5073 MODULE_LICENSE(ZFS_META_LICENSE);
5074 #endif /* HAVE_SPL */
ZFS On Linux mirror for PVE