]> git.proxmox.com Git - mirror_zfs.git/blob - module/zfs/zfs_ioctl.c
projects / mirror_zfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Enable PF_FSTRANS for ioctl secpolicy callbacks (#4571)
[mirror_zfs.git] / module / zfs / zfs_ioctl.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Portions Copyright 2011 Martin Matuska
25 * Portions Copyright 2012 Pawel Jakub Dawidek <pawel@dawidek.net>
26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
28 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
29 * Copyright (c) 2011, 2014 by Delphix. All rights reserved.
30 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
31 * Copyright (c) 2013 Steven Hartland. All rights reserved.
32 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
33 */
34
35 /*
36 * ZFS ioctls.
37 *
38 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
39 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
40 *
41 * There are two ways that we handle ioctls: the legacy way where almost
42 * all of the logic is in the ioctl callback, and the new way where most
43 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
44 *
45 * Non-legacy ioctls should be registered by calling
46 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
47 * from userland by lzc_ioctl().
48 *
49 * The registration arguments are as follows:
50 *
51 * const char *name
52 * The name of the ioctl. This is used for history logging. If the
53 * ioctl returns successfully (the callback returns 0), and allow_log
54 * is true, then a history log entry will be recorded with the input &
55 * output nvlists. The log entry can be printed with "zpool history -i".
56 *
57 * zfs_ioc_t ioc
58 * The ioctl request number, which userland will pass to ioctl(2).
59 * The ioctl numbers can change from release to release, because
60 * the caller (libzfs) must be matched to the kernel.
61 *
62 * zfs_secpolicy_func_t *secpolicy
63 * This function will be called before the zfs_ioc_func_t, to
64 * determine if this operation is permitted. It should return EPERM
65 * on failure, and 0 on success. Checks include determining if the
66 * dataset is visible in this zone, and if the user has either all
67 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
68 * to do this operation on this dataset with "zfs allow".
69 *
70 * zfs_ioc_namecheck_t namecheck
71 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
72 * name, a dataset name, or nothing. If the name is not well-formed,
73 * the ioctl will fail and the callback will not be called.
74 * Therefore, the callback can assume that the name is well-formed
75 * (e.g. is null-terminated, doesn't have more than one '@' character,
76 * doesn't have invalid characters).
77 *
78 * zfs_ioc_poolcheck_t pool_check
79 * This specifies requirements on the pool state. If the pool does
80 * not meet them (is suspended or is readonly), the ioctl will fail
81 * and the callback will not be called. If any checks are specified
82 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
83 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
84 * POOL_CHECK_READONLY).
85 *
86 * boolean_t smush_outnvlist
87 * If smush_outnvlist is true, then the output is presumed to be a
88 * list of errors, and it will be "smushed" down to fit into the
89 * caller's buffer, by removing some entries and replacing them with a
90 * single "N_MORE_ERRORS" entry indicating how many were removed. See
91 * nvlist_smush() for details. If smush_outnvlist is false, and the
92 * outnvlist does not fit into the userland-provided buffer, then the
93 * ioctl will fail with ENOMEM.
94 *
95 * zfs_ioc_func_t *func
96 * The callback function that will perform the operation.
97 *
98 * The callback should return 0 on success, or an error number on
99 * failure. If the function fails, the userland ioctl will return -1,
100 * and errno will be set to the callback's return value. The callback
101 * will be called with the following arguments:
102 *
103 * const char *name
104 * The name of the pool or dataset to operate on, from
105 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
106 * expected type (pool, dataset, or none).
107 *
108 * nvlist_t *innvl
109 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
110 * NULL if no input nvlist was provided. Changes to this nvlist are
111 * ignored. If the input nvlist could not be deserialized, the
112 * ioctl will fail and the callback will not be called.
113 *
114 * nvlist_t *outnvl
115 * The output nvlist, initially empty. The callback can fill it in,
116 * and it will be returned to userland by serializing it into
117 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
118 * fails (e.g. because the caller didn't supply a large enough
119 * buffer), then the overall ioctl will fail. See the
120 * 'smush_nvlist' argument above for additional behaviors.
121 *
122 * There are two typical uses of the output nvlist:
123 * - To return state, e.g. property values. In this case,
124 * smush_outnvlist should be false. If the buffer was not large
125 * enough, the caller will reallocate a larger buffer and try
126 * the ioctl again.
127 *
128 * - To return multiple errors from an ioctl which makes on-disk
129 * changes. In this case, smush_outnvlist should be true.
130 * Ioctls which make on-disk modifications should generally not
131 * use the outnvl if they succeed, because the caller can not
132 * distinguish between the operation failing, and
133 * deserialization failing.
134 */
135
136 #include <sys/types.h>
137 #include <sys/param.h>
138 #include <sys/errno.h>
139 #include <sys/uio.h>
140 #include <sys/buf.h>
141 #include <sys/modctl.h>
142 #include <sys/open.h>
143 #include <sys/file.h>
144 #include <sys/kmem.h>
145 #include <sys/conf.h>
146 #include <sys/cmn_err.h>
147 #include <sys/stat.h>
148 #include <sys/zfs_ioctl.h>
149 #include <sys/zfs_vfsops.h>
150 #include <sys/zfs_znode.h>
151 #include <sys/zap.h>
152 #include <sys/spa.h>
153 #include <sys/spa_impl.h>
154 #include <sys/vdev.h>
155 #include <sys/priv_impl.h>
156 #include <sys/dmu.h>
157 #include <sys/dsl_dir.h>
158 #include <sys/dsl_dataset.h>
159 #include <sys/dsl_prop.h>
160 #include <sys/dsl_deleg.h>
161 #include <sys/dmu_objset.h>
162 #include <sys/dmu_impl.h>
163 #include <sys/dmu_tx.h>
164 #include <sys/ddi.h>
165 #include <sys/sunddi.h>
166 #include <sys/sunldi.h>
167 #include <sys/policy.h>
168 #include <sys/zone.h>
169 #include <sys/nvpair.h>
170 #include <sys/pathname.h>
171 #include <sys/mount.h>
172 #include <sys/sdt.h>
173 #include <sys/fs/zfs.h>
174 #include <sys/zfs_ctldir.h>
175 #include <sys/zfs_dir.h>
176 #include <sys/zfs_onexit.h>
177 #include <sys/zvol.h>
178 #include <sys/dsl_scan.h>
179 #include <sharefs/share.h>
180 #include <sys/fm/util.h>
181
182 #include <sys/dmu_send.h>
183 #include <sys/dsl_destroy.h>
184 #include <sys/dsl_bookmark.h>
185 #include <sys/dsl_userhold.h>
186 #include <sys/zfeature.h>
187
188 #include <linux/miscdevice.h>
189
190 #include "zfs_namecheck.h"
191 #include "zfs_prop.h"
192 #include "zfs_deleg.h"
193 #include "zfs_comutil.h"
194
195 kmutex_t zfsdev_state_lock;
196 zfsdev_state_t *zfsdev_state_list;
197
198 extern void zfs_init(void);
199 extern void zfs_fini(void);
200
201 uint_t zfs_fsyncer_key;
202 extern uint_t rrw_tsd_key;
203 static uint_t zfs_allow_log_key;
204
205 typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *);
206 typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *);
207 typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *);
208
209 typedef enum {
210 NO_NAME,
211 POOL_NAME,
212 DATASET_NAME
213 } zfs_ioc_namecheck_t;
214
215 typedef enum {
216 POOL_CHECK_NONE = 1 << 0,
217 POOL_CHECK_SUSPENDED = 1 << 1,
218 POOL_CHECK_READONLY = 1 << 2,
219 } zfs_ioc_poolcheck_t;
220
221 typedef struct zfs_ioc_vec {
222 zfs_ioc_legacy_func_t *zvec_legacy_func;
223 zfs_ioc_func_t *zvec_func;
224 zfs_secpolicy_func_t *zvec_secpolicy;
225 zfs_ioc_namecheck_t zvec_namecheck;
226 boolean_t zvec_allow_log;
227 zfs_ioc_poolcheck_t zvec_pool_check;
228 boolean_t zvec_smush_outnvlist;
229 const char *zvec_name;
230 } zfs_ioc_vec_t;
231
232 /* This array is indexed by zfs_userquota_prop_t */
233 static const char *userquota_perms[] = {
234 ZFS_DELEG_PERM_USERUSED,
235 ZFS_DELEG_PERM_USERQUOTA,
236 ZFS_DELEG_PERM_GROUPUSED,
237 ZFS_DELEG_PERM_GROUPQUOTA,
238 };
239
240 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
241 static int zfs_check_settable(const char *name, nvpair_t *property,
242 cred_t *cr);
243 static int zfs_check_clearable(char *dataset, nvlist_t *props,
244 nvlist_t **errors);
245 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
246 boolean_t *);
247 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
248 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
249
250 static void
251 history_str_free(char *buf)
252 {
253 kmem_free(buf, HIS_MAX_RECORD_LEN);
254 }
255
256 static char *
257 history_str_get(zfs_cmd_t *zc)
258 {
259 char *buf;
260
261 if (zc->zc_history == 0)
262 return (NULL);
263
264 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
265 if (copyinstr((void *)(uintptr_t)zc->zc_history,
266 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
267 history_str_free(buf);
268 return (NULL);
269 }
270
271 buf[HIS_MAX_RECORD_LEN -1] = '\0';
272
273 return (buf);
274 }
275
276 /*
277 * Check to see if the named dataset is currently defined as bootable
278 */
279 static boolean_t
280 zfs_is_bootfs(const char *name)
281 {
282 objset_t *os;
283
284 if (dmu_objset_hold(name, FTAG, &os) == 0) {
285 boolean_t ret;
286 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
287 dmu_objset_rele(os, FTAG);
288 return (ret);
289 }
290 return (B_FALSE);
291 }
292
293 /*
294 * Return non-zero if the spa version is less than requested version.
295 */
296 static int
297 zfs_earlier_version(const char *name, int version)
298 {
299 spa_t *spa;
300
301 if (spa_open(name, &spa, FTAG) == 0) {
302 if (spa_version(spa) < version) {
303 spa_close(spa, FTAG);
304 return (1);
305 }
306 spa_close(spa, FTAG);
307 }
308 return (0);
309 }
310
311 /*
312 * Return TRUE if the ZPL version is less than requested version.
313 */
314 static boolean_t
315 zpl_earlier_version(const char *name, int version)
316 {
317 objset_t *os;
318 boolean_t rc = B_TRUE;
319
320 if (dmu_objset_hold(name, FTAG, &os) == 0) {
321 uint64_t zplversion;
322
323 if (dmu_objset_type(os) != DMU_OST_ZFS) {
324 dmu_objset_rele(os, FTAG);
325 return (B_TRUE);
326 }
327 /* XXX reading from non-owned objset */
328 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
329 rc = zplversion < version;
330 dmu_objset_rele(os, FTAG);
331 }
332 return (rc);
333 }
334
335 static void
336 zfs_log_history(zfs_cmd_t *zc)
337 {
338 spa_t *spa;
339 char *buf;
340
341 if ((buf = history_str_get(zc)) == NULL)
342 return;
343
344 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
345 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
346 (void) spa_history_log(spa, buf);
347 spa_close(spa, FTAG);
348 }
349 history_str_free(buf);
350 }
351
352 /*
353 * Policy for top-level read operations (list pools). Requires no privileges,
354 * and can be used in the local zone, as there is no associated dataset.
355 */
356 /* ARGSUSED */
357 static int
358 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
359 {
360 return (0);
361 }
362
363 /*
364 * Policy for dataset read operations (list children, get statistics). Requires
365 * no privileges, but must be visible in the local zone.
366 */
367 /* ARGSUSED */
368 static int
369 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
370 {
371 if (INGLOBALZONE(curproc) ||
372 zone_dataset_visible(zc->zc_name, NULL))
373 return (0);
374
375 return (SET_ERROR(ENOENT));
376 }
377
378 static int
379 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
380 {
381 int writable = 1;
382
383 /*
384 * The dataset must be visible by this zone -- check this first
385 * so they don't see EPERM on something they shouldn't know about.
386 */
387 if (!INGLOBALZONE(curproc) &&
388 !zone_dataset_visible(dataset, &writable))
389 return (SET_ERROR(ENOENT));
390
391 if (INGLOBALZONE(curproc)) {
392 /*
393 * If the fs is zoned, only root can access it from the
394 * global zone.
395 */
396 if (secpolicy_zfs(cr) && zoned)
397 return (SET_ERROR(EPERM));
398 } else {
399 /*
400 * If we are in a local zone, the 'zoned' property must be set.
401 */
402 if (!zoned)
403 return (SET_ERROR(EPERM));
404
405 /* must be writable by this zone */
406 if (!writable)
407 return (SET_ERROR(EPERM));
408 }
409 return (0);
410 }
411
412 static int
413 zfs_dozonecheck(const char *dataset, cred_t *cr)
414 {
415 uint64_t zoned;
416
417 if (dsl_prop_get_integer(dataset, "zoned", &zoned, NULL))
418 return (SET_ERROR(ENOENT));
419
420 return (zfs_dozonecheck_impl(dataset, zoned, cr));
421 }
422
423 static int
424 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
425 {
426 uint64_t zoned;
427
428 if (dsl_prop_get_int_ds(ds, "zoned", &zoned))
429 return (SET_ERROR(ENOENT));
430
431 return (zfs_dozonecheck_impl(dataset, zoned, cr));
432 }
433
434 static int
435 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
436 const char *perm, cred_t *cr)
437 {
438 int error;
439
440 error = zfs_dozonecheck_ds(name, ds, cr);
441 if (error == 0) {
442 error = secpolicy_zfs(cr);
443 if (error != 0)
444 error = dsl_deleg_access_impl(ds, perm, cr);
445 }
446 return (error);
447 }
448
449 static int
450 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
451 {
452 int error;
453 dsl_dataset_t *ds;
454 dsl_pool_t *dp;
455
456 error = dsl_pool_hold(name, FTAG, &dp);
457 if (error != 0)
458 return (error);
459
460 error = dsl_dataset_hold(dp, name, FTAG, &ds);
461 if (error != 0) {
462 dsl_pool_rele(dp, FTAG);
463 return (error);
464 }
465
466 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
467
468 dsl_dataset_rele(ds, FTAG);
469 dsl_pool_rele(dp, FTAG);
470 return (error);
471 }
472
473 /*
474 * Policy for setting the security label property.
475 *
476 * Returns 0 for success, non-zero for access and other errors.
477 */
478 static int
479 zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
480 {
481 #ifdef HAVE_MLSLABEL
482 char ds_hexsl[MAXNAMELEN];
483 bslabel_t ds_sl, new_sl;
484 boolean_t new_default = FALSE;
485 uint64_t zoned;
486 int needed_priv = -1;
487 int error;
488
489 /* First get the existing dataset label. */
490 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
491 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
492 if (error != 0)
493 return (SET_ERROR(EPERM));
494
495 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
496 new_default = TRUE;
497
498 /* The label must be translatable */
499 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
500 return (SET_ERROR(EINVAL));
501
502 /*
503 * In a non-global zone, disallow attempts to set a label that
504 * doesn't match that of the zone; otherwise no other checks
505 * are needed.
506 */
507 if (!INGLOBALZONE(curproc)) {
508 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
509 return (SET_ERROR(EPERM));
510 return (0);
511 }
512
513 /*
514 * For global-zone datasets (i.e., those whose zoned property is
515 * "off", verify that the specified new label is valid for the
516 * global zone.
517 */
518 if (dsl_prop_get_integer(name,
519 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
520 return (SET_ERROR(EPERM));
521 if (!zoned) {
522 if (zfs_check_global_label(name, strval) != 0)
523 return (SET_ERROR(EPERM));
524 }
525
526 /*
527 * If the existing dataset label is nondefault, check if the
528 * dataset is mounted (label cannot be changed while mounted).
529 * Get the zfs_sb_t; if there isn't one, then the dataset isn't
530 * mounted (or isn't a dataset, doesn't exist, ...).
531 */
532 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
533 objset_t *os;
534 static char *setsl_tag = "setsl_tag";
535
536 /*
537 * Try to own the dataset; abort if there is any error,
538 * (e.g., already mounted, in use, or other error).
539 */
540 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
541 setsl_tag, &os);
542 if (error != 0)
543 return (SET_ERROR(EPERM));
544
545 dmu_objset_disown(os, setsl_tag);
546
547 if (new_default) {
548 needed_priv = PRIV_FILE_DOWNGRADE_SL;
549 goto out_check;
550 }
551
552 if (hexstr_to_label(strval, &new_sl) != 0)
553 return (SET_ERROR(EPERM));
554
555 if (blstrictdom(&ds_sl, &new_sl))
556 needed_priv = PRIV_FILE_DOWNGRADE_SL;
557 else if (blstrictdom(&new_sl, &ds_sl))
558 needed_priv = PRIV_FILE_UPGRADE_SL;
559 } else {
560 /* dataset currently has a default label */
561 if (!new_default)
562 needed_priv = PRIV_FILE_UPGRADE_SL;
563 }
564
565 out_check:
566 if (needed_priv != -1)
567 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
568 return (0);
569 #else
570 return (ENOTSUP);
571 #endif /* HAVE_MLSLABEL */
572 }
573
574 static int
575 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
576 cred_t *cr)
577 {
578 char *strval;
579
580 /*
581 * Check permissions for special properties.
582 */
583 switch (prop) {
584 default:
585 break;
586 case ZFS_PROP_ZONED:
587 /*
588 * Disallow setting of 'zoned' from within a local zone.
589 */
590 if (!INGLOBALZONE(curproc))
591 return (SET_ERROR(EPERM));
592 break;
593
594 case ZFS_PROP_QUOTA:
595 case ZFS_PROP_FILESYSTEM_LIMIT:
596 case ZFS_PROP_SNAPSHOT_LIMIT:
597 if (!INGLOBALZONE(curproc)) {
598 uint64_t zoned;
599 char setpoint[MAXNAMELEN];
600 /*
601 * Unprivileged users are allowed to modify the
602 * limit on things *under* (ie. contained by)
603 * the thing they own.
604 */
605 if (dsl_prop_get_integer(dsname, "zoned", &zoned,
606 setpoint))
607 return (SET_ERROR(EPERM));
608 if (!zoned || strlen(dsname) <= strlen(setpoint))
609 return (SET_ERROR(EPERM));
610 }
611 break;
612
613 case ZFS_PROP_MLSLABEL:
614 if (!is_system_labeled())
615 return (SET_ERROR(EPERM));
616
617 if (nvpair_value_string(propval, &strval) == 0) {
618 int err;
619
620 err = zfs_set_slabel_policy(dsname, strval, CRED());
621 if (err != 0)
622 return (err);
623 }
624 break;
625 }
626
627 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
628 }
629
630 /* ARGSUSED */
631 static int
632 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
633 {
634 int error;
635
636 error = zfs_dozonecheck(zc->zc_name, cr);
637 if (error != 0)
638 return (error);
639
640 /*
641 * permission to set permissions will be evaluated later in
642 * dsl_deleg_can_allow()
643 */
644 return (0);
645 }
646
647 /* ARGSUSED */
648 static int
649 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
650 {
651 return (zfs_secpolicy_write_perms(zc->zc_name,
652 ZFS_DELEG_PERM_ROLLBACK, cr));
653 }
654
655 /* ARGSUSED */
656 static int
657 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
658 {
659 dsl_pool_t *dp;
660 dsl_dataset_t *ds;
661 char *cp;
662 int error;
663
664 /*
665 * Generate the current snapshot name from the given objsetid, then
666 * use that name for the secpolicy/zone checks.
667 */
668 cp = strchr(zc->zc_name, '@');
669 if (cp == NULL)
670 return (SET_ERROR(EINVAL));
671 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
672 if (error != 0)
673 return (error);
674
675 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
676 if (error != 0) {
677 dsl_pool_rele(dp, FTAG);
678 return (error);
679 }
680
681 dsl_dataset_name(ds, zc->zc_name);
682
683 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
684 ZFS_DELEG_PERM_SEND, cr);
685 dsl_dataset_rele(ds, FTAG);
686 dsl_pool_rele(dp, FTAG);
687
688 return (error);
689 }
690
691 /* ARGSUSED */
692 static int
693 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
694 {
695 return (zfs_secpolicy_write_perms(zc->zc_name,
696 ZFS_DELEG_PERM_SEND, cr));
697 }
698
699 #ifdef HAVE_SMB_SHARE
700 /* ARGSUSED */
701 static int
702 zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
703 {
704 vnode_t *vp;
705 int error;
706
707 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
708 NO_FOLLOW, NULL, &vp)) != 0)
709 return (error);
710
711 /* Now make sure mntpnt and dataset are ZFS */
712
713 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
714 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
715 zc->zc_name) != 0)) {
716 VN_RELE(vp);
717 return (SET_ERROR(EPERM));
718 }
719
720 VN_RELE(vp);
721 return (dsl_deleg_access(zc->zc_name,
722 ZFS_DELEG_PERM_SHARE, cr));
723 }
724 #endif /* HAVE_SMB_SHARE */
725
726 int
727 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
728 {
729 #ifdef HAVE_SMB_SHARE
730 if (!INGLOBALZONE(curproc))
731 return (SET_ERROR(EPERM));
732
733 if (secpolicy_nfs(cr) == 0) {
734 return (0);
735 } else {
736 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
737 }
738 #else
739 return (SET_ERROR(ENOTSUP));
740 #endif /* HAVE_SMB_SHARE */
741 }
742
743 int
744 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
745 {
746 #ifdef HAVE_SMB_SHARE
747 if (!INGLOBALZONE(curproc))
748 return (SET_ERROR(EPERM));
749
750 if (secpolicy_smb(cr) == 0) {
751 return (0);
752 } else {
753 return (zfs_secpolicy_deleg_share(zc, innvl, cr));
754 }
755 #else
756 return (SET_ERROR(ENOTSUP));
757 #endif /* HAVE_SMB_SHARE */
758 }
759
760 static int
761 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
762 {
763 char *cp;
764
765 /*
766 * Remove the @bla or /bla from the end of the name to get the parent.
767 */
768 (void) strncpy(parent, datasetname, parentsize);
769 cp = strrchr(parent, '@');
770 if (cp != NULL) {
771 cp[0] = '\0';
772 } else {
773 cp = strrchr(parent, '/');
774 if (cp == NULL)
775 return (SET_ERROR(ENOENT));
776 cp[0] = '\0';
777 }
778
779 return (0);
780 }
781
782 int
783 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
784 {
785 int error;
786
787 if ((error = zfs_secpolicy_write_perms(name,
788 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
789 return (error);
790
791 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
792 }
793
794 /* ARGSUSED */
795 static int
796 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
797 {
798 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
799 }
800
801 /*
802 * Destroying snapshots with delegated permissions requires
803 * descendant mount and destroy permissions.
804 */
805 /* ARGSUSED */
806 static int
807 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
808 {
809 nvlist_t *snaps;
810 nvpair_t *pair, *nextpair;
811 int error = 0;
812
813 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
814 return (SET_ERROR(EINVAL));
815 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
816 pair = nextpair) {
817 nextpair = nvlist_next_nvpair(snaps, pair);
818 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
819 if (error == ENOENT) {
820 /*
821 * Ignore any snapshots that don't exist (we consider
822 * them "already destroyed"). Remove the name from the
823 * nvl here in case the snapshot is created between
824 * now and when we try to destroy it (in which case
825 * we don't want to destroy it since we haven't
826 * checked for permission).
827 */
828 fnvlist_remove_nvpair(snaps, pair);
829 error = 0;
830 }
831 if (error != 0)
832 break;
833 }
834
835 return (error);
836 }
837
838 int
839 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
840 {
841 char parentname[MAXNAMELEN];
842 int error;
843
844 if ((error = zfs_secpolicy_write_perms(from,
845 ZFS_DELEG_PERM_RENAME, cr)) != 0)
846 return (error);
847
848 if ((error = zfs_secpolicy_write_perms(from,
849 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
850 return (error);
851
852 if ((error = zfs_get_parent(to, parentname,
853 sizeof (parentname))) != 0)
854 return (error);
855
856 if ((error = zfs_secpolicy_write_perms(parentname,
857 ZFS_DELEG_PERM_CREATE, cr)) != 0)
858 return (error);
859
860 if ((error = zfs_secpolicy_write_perms(parentname,
861 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
862 return (error);
863
864 return (error);
865 }
866
867 /* ARGSUSED */
868 static int
869 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
870 {
871 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
872 }
873
874 /* ARGSUSED */
875 static int
876 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
877 {
878 dsl_pool_t *dp;
879 dsl_dataset_t *clone;
880 int error;
881
882 error = zfs_secpolicy_write_perms(zc->zc_name,
883 ZFS_DELEG_PERM_PROMOTE, cr);
884 if (error != 0)
885 return (error);
886
887 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
888 if (error != 0)
889 return (error);
890
891 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
892
893 if (error == 0) {
894 char parentname[MAXNAMELEN];
895 dsl_dataset_t *origin = NULL;
896 dsl_dir_t *dd;
897 dd = clone->ds_dir;
898
899 error = dsl_dataset_hold_obj(dd->dd_pool,
900 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
901 if (error != 0) {
902 dsl_dataset_rele(clone, FTAG);
903 dsl_pool_rele(dp, FTAG);
904 return (error);
905 }
906
907 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
908 ZFS_DELEG_PERM_MOUNT, cr);
909
910 dsl_dataset_name(origin, parentname);
911 if (error == 0) {
912 error = zfs_secpolicy_write_perms_ds(parentname, origin,
913 ZFS_DELEG_PERM_PROMOTE, cr);
914 }
915 dsl_dataset_rele(clone, FTAG);
916 dsl_dataset_rele(origin, FTAG);
917 }
918 dsl_pool_rele(dp, FTAG);
919 return (error);
920 }
921
922 /* ARGSUSED */
923 static int
924 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
925 {
926 int error;
927
928 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
929 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
930 return (error);
931
932 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
933 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
934 return (error);
935
936 return (zfs_secpolicy_write_perms(zc->zc_name,
937 ZFS_DELEG_PERM_CREATE, cr));
938 }
939
940 int
941 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
942 {
943 return (zfs_secpolicy_write_perms(name,
944 ZFS_DELEG_PERM_SNAPSHOT, cr));
945 }
946
947 /*
948 * Check for permission to create each snapshot in the nvlist.
949 */
950 /* ARGSUSED */
951 static int
952 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
953 {
954 nvlist_t *snaps;
955 int error = 0;
956 nvpair_t *pair;
957
958 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
959 return (SET_ERROR(EINVAL));
960 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
961 pair = nvlist_next_nvpair(snaps, pair)) {
962 char *name = nvpair_name(pair);
963 char *atp = strchr(name, '@');
964
965 if (atp == NULL) {
966 error = SET_ERROR(EINVAL);
967 break;
968 }
969 *atp = '\0';
970 error = zfs_secpolicy_snapshot_perms(name, cr);
971 *atp = '@';
972 if (error != 0)
973 break;
974 }
975 return (error);
976 }
977
978 /*
979 * Check for permission to create each snapshot in the nvlist.
980 */
981 /* ARGSUSED */
982 static int
983 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
984 {
985 int error = 0;
986 nvpair_t *pair;
987
988 for (pair = nvlist_next_nvpair(innvl, NULL);
989 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
990 char *name = nvpair_name(pair);
991 char *hashp = strchr(name, '#');
992
993 if (hashp == NULL) {
994 error = SET_ERROR(EINVAL);
995 break;
996 }
997 *hashp = '\0';
998 error = zfs_secpolicy_write_perms(name,
999 ZFS_DELEG_PERM_BOOKMARK, cr);
1000 *hashp = '#';
1001 if (error != 0)
1002 break;
1003 }
1004 return (error);
1005 }
1006
1007 /* ARGSUSED */
1008 static int
1009 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1010 {
1011 nvpair_t *pair, *nextpair;
1012 int error = 0;
1013
1014 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1015 pair = nextpair) {
1016 char *name = nvpair_name(pair);
1017 char *hashp = strchr(name, '#');
1018 nextpair = nvlist_next_nvpair(innvl, pair);
1019
1020 if (hashp == NULL) {
1021 error = SET_ERROR(EINVAL);
1022 break;
1023 }
1024
1025 *hashp = '\0';
1026 error = zfs_secpolicy_write_perms(name,
1027 ZFS_DELEG_PERM_DESTROY, cr);
1028 *hashp = '#';
1029 if (error == ENOENT) {
1030 /*
1031 * Ignore any filesystems that don't exist (we consider
1032 * their bookmarks "already destroyed"). Remove
1033 * the name from the nvl here in case the filesystem
1034 * is created between now and when we try to destroy
1035 * the bookmark (in which case we don't want to
1036 * destroy it since we haven't checked for permission).
1037 */
1038 fnvlist_remove_nvpair(innvl, pair);
1039 error = 0;
1040 }
1041 if (error != 0)
1042 break;
1043 }
1044
1045 return (error);
1046 }
1047
1048 /* ARGSUSED */
1049 static int
1050 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1051 {
1052 /*
1053 * Even root must have a proper TSD so that we know what pool
1054 * to log to.
1055 */
1056 if (tsd_get(zfs_allow_log_key) == NULL)
1057 return (SET_ERROR(EPERM));
1058 return (0);
1059 }
1060
1061 static int
1062 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1063 {
1064 char parentname[MAXNAMELEN];
1065 int error;
1066 char *origin;
1067
1068 if ((error = zfs_get_parent(zc->zc_name, parentname,
1069 sizeof (parentname))) != 0)
1070 return (error);
1071
1072 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1073 (error = zfs_secpolicy_write_perms(origin,
1074 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1075 return (error);
1076
1077 if ((error = zfs_secpolicy_write_perms(parentname,
1078 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1079 return (error);
1080
1081 return (zfs_secpolicy_write_perms(parentname,
1082 ZFS_DELEG_PERM_MOUNT, cr));
1083 }
1084
1085 /*
1086 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1087 * SYS_CONFIG privilege, which is not available in a local zone.
1088 */
1089 /* ARGSUSED */
1090 static int
1091 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1092 {
1093 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1094 return (SET_ERROR(EPERM));
1095
1096 return (0);
1097 }
1098
1099 /*
1100 * Policy for object to name lookups.
1101 */
1102 /* ARGSUSED */
1103 static int
1104 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1105 {
1106 int error;
1107
1108 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
1109 return (0);
1110
1111 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1112 return (error);
1113 }
1114
1115 /*
1116 * Policy for fault injection. Requires all privileges.
1117 */
1118 /* ARGSUSED */
1119 static int
1120 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1121 {
1122 return (secpolicy_zinject(cr));
1123 }
1124
1125 /* ARGSUSED */
1126 static int
1127 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1128 {
1129 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1130
1131 if (prop == ZPROP_INVAL) {
1132 if (!zfs_prop_user(zc->zc_value))
1133 return (SET_ERROR(EINVAL));
1134 return (zfs_secpolicy_write_perms(zc->zc_name,
1135 ZFS_DELEG_PERM_USERPROP, cr));
1136 } else {
1137 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1138 NULL, cr));
1139 }
1140 }
1141
1142 static int
1143 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1144 {
1145 int err = zfs_secpolicy_read(zc, innvl, cr);
1146 if (err)
1147 return (err);
1148
1149 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1150 return (SET_ERROR(EINVAL));
1151
1152 if (zc->zc_value[0] == 0) {
1153 /*
1154 * They are asking about a posix uid/gid. If it's
1155 * themself, allow it.
1156 */
1157 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1158 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
1159 if (zc->zc_guid == crgetuid(cr))
1160 return (0);
1161 } else {
1162 if (groupmember(zc->zc_guid, cr))
1163 return (0);
1164 }
1165 }
1166
1167 return (zfs_secpolicy_write_perms(zc->zc_name,
1168 userquota_perms[zc->zc_objset_type], cr));
1169 }
1170
1171 static int
1172 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1173 {
1174 int err = zfs_secpolicy_read(zc, innvl, cr);
1175 if (err)
1176 return (err);
1177
1178 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1179 return (SET_ERROR(EINVAL));
1180
1181 return (zfs_secpolicy_write_perms(zc->zc_name,
1182 userquota_perms[zc->zc_objset_type], cr));
1183 }
1184
1185 /* ARGSUSED */
1186 static int
1187 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1188 {
1189 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1190 NULL, cr));
1191 }
1192
1193 /* ARGSUSED */
1194 static int
1195 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1196 {
1197 nvpair_t *pair;
1198 nvlist_t *holds;
1199 int error;
1200
1201 error = nvlist_lookup_nvlist(innvl, "holds", &holds);
1202 if (error != 0)
1203 return (SET_ERROR(EINVAL));
1204
1205 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1206 pair = nvlist_next_nvpair(holds, pair)) {
1207 char fsname[MAXNAMELEN];
1208 error = dmu_fsname(nvpair_name(pair), fsname);
1209 if (error != 0)
1210 return (error);
1211 error = zfs_secpolicy_write_perms(fsname,
1212 ZFS_DELEG_PERM_HOLD, cr);
1213 if (error != 0)
1214 return (error);
1215 }
1216 return (0);
1217 }
1218
1219 /* ARGSUSED */
1220 static int
1221 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1222 {
1223 nvpair_t *pair;
1224 int error;
1225
1226 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1227 pair = nvlist_next_nvpair(innvl, pair)) {
1228 char fsname[MAXNAMELEN];
1229 error = dmu_fsname(nvpair_name(pair), fsname);
1230 if (error != 0)
1231 return (error);
1232 error = zfs_secpolicy_write_perms(fsname,
1233 ZFS_DELEG_PERM_RELEASE, cr);
1234 if (error != 0)
1235 return (error);
1236 }
1237 return (0);
1238 }
1239
1240 /*
1241 * Policy for allowing temporary snapshots to be taken or released
1242 */
1243 static int
1244 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1245 {
1246 /*
1247 * A temporary snapshot is the same as a snapshot,
1248 * hold, destroy and release all rolled into one.
1249 * Delegated diff alone is sufficient that we allow this.
1250 */
1251 int error;
1252
1253 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1254 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1255 return (0);
1256
1257 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1258 if (error == 0)
1259 error = zfs_secpolicy_hold(zc, innvl, cr);
1260 if (error == 0)
1261 error = zfs_secpolicy_release(zc, innvl, cr);
1262 if (error == 0)
1263 error = zfs_secpolicy_destroy(zc, innvl, cr);
1264 return (error);
1265 }
1266
1267 /*
1268 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1269 */
1270 static int
1271 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1272 {
1273 char *packed;
1274 int error;
1275 nvlist_t *list = NULL;
1276
1277 /*
1278 * Read in and unpack the user-supplied nvlist.
1279 */
1280 if (size == 0)
1281 return (SET_ERROR(EINVAL));
1282
1283 packed = vmem_alloc(size, KM_SLEEP);
1284
1285 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1286 iflag)) != 0) {
1287 vmem_free(packed, size);
1288 return (SET_ERROR(EFAULT));
1289 }
1290
1291 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1292 vmem_free(packed, size);
1293 return (error);
1294 }
1295
1296 vmem_free(packed, size);
1297
1298 *nvp = list;
1299 return (0);
1300 }
1301
1302 /*
1303 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1304 * Entries will be removed from the end of the nvlist, and one int32 entry
1305 * named "N_MORE_ERRORS" will be added indicating how many entries were
1306 * removed.
1307 */
1308 static int
1309 nvlist_smush(nvlist_t *errors, size_t max)
1310 {
1311 size_t size;
1312
1313 size = fnvlist_size(errors);
1314
1315 if (size > max) {
1316 nvpair_t *more_errors;
1317 int n = 0;
1318
1319 if (max < 1024)
1320 return (SET_ERROR(ENOMEM));
1321
1322 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1323 more_errors = nvlist_prev_nvpair(errors, NULL);
1324
1325 do {
1326 nvpair_t *pair = nvlist_prev_nvpair(errors,
1327 more_errors);
1328 fnvlist_remove_nvpair(errors, pair);
1329 n++;
1330 size = fnvlist_size(errors);
1331 } while (size > max);
1332
1333 fnvlist_remove_nvpair(errors, more_errors);
1334 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1335 ASSERT3U(fnvlist_size(errors), <=, max);
1336 }
1337
1338 return (0);
1339 }
1340
1341 static int
1342 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1343 {
1344 char *packed = NULL;
1345 int error = 0;
1346 size_t size;
1347
1348 size = fnvlist_size(nvl);
1349
1350 if (size > zc->zc_nvlist_dst_size) {
1351 error = SET_ERROR(ENOMEM);
1352 } else {
1353 packed = fnvlist_pack(nvl, &size);
1354 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1355 size, zc->zc_iflags) != 0)
1356 error = SET_ERROR(EFAULT);
1357 fnvlist_pack_free(packed, size);
1358 }
1359
1360 zc->zc_nvlist_dst_size = size;
1361 zc->zc_nvlist_dst_filled = B_TRUE;
1362 return (error);
1363 }
1364
1365 static int
1366 get_zfs_sb(const char *dsname, zfs_sb_t **zsbp)
1367 {
1368 objset_t *os;
1369 int error;
1370
1371 error = dmu_objset_hold(dsname, FTAG, &os);
1372 if (error != 0)
1373 return (error);
1374 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1375 dmu_objset_rele(os, FTAG);
1376 return (SET_ERROR(EINVAL));
1377 }
1378
1379 mutex_enter(&os->os_user_ptr_lock);
1380 *zsbp = dmu_objset_get_user(os);
1381 if (*zsbp && (*zsbp)->z_sb) {
1382 atomic_inc(&((*zsbp)->z_sb->s_active));
1383 } else {
1384 error = SET_ERROR(ESRCH);
1385 }
1386 mutex_exit(&os->os_user_ptr_lock);
1387 dmu_objset_rele(os, FTAG);
1388 return (error);
1389 }
1390
1391 /*
1392 * Find a zfs_sb_t for a mounted filesystem, or create our own, in which
1393 * case its z_sb will be NULL, and it will be opened as the owner.
1394 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1395 * which prevents all inode ops from running.
1396 */
1397 static int
1398 zfs_sb_hold(const char *name, void *tag, zfs_sb_t **zsbp, boolean_t writer)
1399 {
1400 int error = 0;
1401
1402 if (get_zfs_sb(name, zsbp) != 0)
1403 error = zfs_sb_create(name, NULL, zsbp);
1404 if (error == 0) {
1405 rrm_enter(&(*zsbp)->z_teardown_lock, (writer) ? RW_WRITER :
1406 RW_READER, tag);
1407 if ((*zsbp)->z_unmounted) {
1408 /*
1409 * XXX we could probably try again, since the unmounting
1410 * thread should be just about to disassociate the
1411 * objset from the zsb.
1412 */
1413 rrm_exit(&(*zsbp)->z_teardown_lock, tag);
1414 return (SET_ERROR(EBUSY));
1415 }
1416 }
1417 return (error);
1418 }
1419
1420 static void
1421 zfs_sb_rele(zfs_sb_t *zsb, void *tag)
1422 {
1423 rrm_exit(&zsb->z_teardown_lock, tag);
1424
1425 if (zsb->z_sb) {
1426 deactivate_super(zsb->z_sb);
1427 } else {
1428 dmu_objset_disown(zsb->z_os, zsb);
1429 zfs_sb_free(zsb);
1430 }
1431 }
1432
1433 static int
1434 zfs_ioc_pool_create(zfs_cmd_t *zc)
1435 {
1436 int error;
1437 nvlist_t *config, *props = NULL;
1438 nvlist_t *rootprops = NULL;
1439 nvlist_t *zplprops = NULL;
1440
1441 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1442 zc->zc_iflags, &config)))
1443 return (error);
1444
1445 if (zc->zc_nvlist_src_size != 0 && (error =
1446 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1447 zc->zc_iflags, &props))) {
1448 nvlist_free(config);
1449 return (error);
1450 }
1451
1452 if (props) {
1453 nvlist_t *nvl = NULL;
1454 uint64_t version = SPA_VERSION;
1455
1456 (void) nvlist_lookup_uint64(props,
1457 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1458 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1459 error = SET_ERROR(EINVAL);
1460 goto pool_props_bad;
1461 }
1462 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1463 if (nvl) {
1464 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1465 if (error != 0) {
1466 nvlist_free(config);
1467 nvlist_free(props);
1468 return (error);
1469 }
1470 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1471 }
1472 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1473 error = zfs_fill_zplprops_root(version, rootprops,
1474 zplprops, NULL);
1475 if (error != 0)
1476 goto pool_props_bad;
1477 }
1478
1479 error = spa_create(zc->zc_name, config, props, zplprops);
1480
1481 /*
1482 * Set the remaining root properties
1483 */
1484 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1485 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1486 (void) spa_destroy(zc->zc_name);
1487
1488 pool_props_bad:
1489 nvlist_free(rootprops);
1490 nvlist_free(zplprops);
1491 nvlist_free(config);
1492 nvlist_free(props);
1493
1494 return (error);
1495 }
1496
1497 static int
1498 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1499 {
1500 int error;
1501 zfs_log_history(zc);
1502 error = spa_destroy(zc->zc_name);
1503
1504 return (error);
1505 }
1506
1507 static int
1508 zfs_ioc_pool_import(zfs_cmd_t *zc)
1509 {
1510 nvlist_t *config, *props = NULL;
1511 uint64_t guid;
1512 int error;
1513
1514 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1515 zc->zc_iflags, &config)) != 0)
1516 return (error);
1517
1518 if (zc->zc_nvlist_src_size != 0 && (error =
1519 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1520 zc->zc_iflags, &props))) {
1521 nvlist_free(config);
1522 return (error);
1523 }
1524
1525 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1526 guid != zc->zc_guid)
1527 error = SET_ERROR(EINVAL);
1528 else
1529 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1530
1531 if (zc->zc_nvlist_dst != 0) {
1532 int err;
1533
1534 if ((err = put_nvlist(zc, config)) != 0)
1535 error = err;
1536 }
1537
1538 nvlist_free(config);
1539 nvlist_free(props);
1540
1541 return (error);
1542 }
1543
1544 static int
1545 zfs_ioc_pool_export(zfs_cmd_t *zc)
1546 {
1547 int error;
1548 boolean_t force = (boolean_t)zc->zc_cookie;
1549 boolean_t hardforce = (boolean_t)zc->zc_guid;
1550
1551 zfs_log_history(zc);
1552 error = spa_export(zc->zc_name, NULL, force, hardforce);
1553
1554 return (error);
1555 }
1556
1557 static int
1558 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1559 {
1560 nvlist_t *configs;
1561 int error;
1562
1563 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1564 return (SET_ERROR(EEXIST));
1565
1566 error = put_nvlist(zc, configs);
1567
1568 nvlist_free(configs);
1569
1570 return (error);
1571 }
1572
1573 /*
1574 * inputs:
1575 * zc_name name of the pool
1576 *
1577 * outputs:
1578 * zc_cookie real errno
1579 * zc_nvlist_dst config nvlist
1580 * zc_nvlist_dst_size size of config nvlist
1581 */
1582 static int
1583 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1584 {
1585 nvlist_t *config;
1586 int error;
1587 int ret = 0;
1588
1589 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1590 sizeof (zc->zc_value));
1591
1592 if (config != NULL) {
1593 ret = put_nvlist(zc, config);
1594 nvlist_free(config);
1595
1596 /*
1597 * The config may be present even if 'error' is non-zero.
1598 * In this case we return success, and preserve the real errno
1599 * in 'zc_cookie'.
1600 */
1601 zc->zc_cookie = error;
1602 } else {
1603 ret = error;
1604 }
1605
1606 return (ret);
1607 }
1608
1609 /*
1610 * Try to import the given pool, returning pool stats as appropriate so that
1611 * user land knows which devices are available and overall pool health.
1612 */
1613 static int
1614 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1615 {
1616 nvlist_t *tryconfig, *config;
1617 int error;
1618
1619 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1620 zc->zc_iflags, &tryconfig)) != 0)
1621 return (error);
1622
1623 config = spa_tryimport(tryconfig);
1624
1625 nvlist_free(tryconfig);
1626
1627 if (config == NULL)
1628 return (SET_ERROR(EINVAL));
1629
1630 error = put_nvlist(zc, config);
1631 nvlist_free(config);
1632
1633 return (error);
1634 }
1635
1636 /*
1637 * inputs:
1638 * zc_name name of the pool
1639 * zc_cookie scan func (pool_scan_func_t)
1640 */
1641 static int
1642 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1643 {
1644 spa_t *spa;
1645 int error;
1646
1647 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1648 return (error);
1649
1650 if (zc->zc_cookie == POOL_SCAN_NONE)
1651 error = spa_scan_stop(spa);
1652 else
1653 error = spa_scan(spa, zc->zc_cookie);
1654
1655 spa_close(spa, FTAG);
1656
1657 return (error);
1658 }
1659
1660 static int
1661 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1662 {
1663 spa_t *spa;
1664 int error;
1665
1666 error = spa_open(zc->zc_name, &spa, FTAG);
1667 if (error == 0) {
1668 spa_freeze(spa);
1669 spa_close(spa, FTAG);
1670 }
1671 return (error);
1672 }
1673
1674 static int
1675 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1676 {
1677 spa_t *spa;
1678 int error;
1679
1680 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1681 return (error);
1682
1683 if (zc->zc_cookie < spa_version(spa) ||
1684 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1685 spa_close(spa, FTAG);
1686 return (SET_ERROR(EINVAL));
1687 }
1688
1689 spa_upgrade(spa, zc->zc_cookie);
1690 spa_close(spa, FTAG);
1691
1692 return (error);
1693 }
1694
1695 static int
1696 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1697 {
1698 spa_t *spa;
1699 char *hist_buf;
1700 uint64_t size;
1701 int error;
1702
1703 if ((size = zc->zc_history_len) == 0)
1704 return (SET_ERROR(EINVAL));
1705
1706 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1707 return (error);
1708
1709 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1710 spa_close(spa, FTAG);
1711 return (SET_ERROR(ENOTSUP));
1712 }
1713
1714 hist_buf = vmem_alloc(size, KM_SLEEP);
1715 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1716 &zc->zc_history_len, hist_buf)) == 0) {
1717 error = ddi_copyout(hist_buf,
1718 (void *)(uintptr_t)zc->zc_history,
1719 zc->zc_history_len, zc->zc_iflags);
1720 }
1721
1722 spa_close(spa, FTAG);
1723 vmem_free(hist_buf, size);
1724 return (error);
1725 }
1726
1727 static int
1728 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1729 {
1730 spa_t *spa;
1731 int error;
1732
1733 error = spa_open(zc->zc_name, &spa, FTAG);
1734 if (error == 0) {
1735 error = spa_change_guid(spa);
1736 spa_close(spa, FTAG);
1737 }
1738 return (error);
1739 }
1740
1741 static int
1742 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1743 {
1744 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1745 }
1746
1747 /*
1748 * inputs:
1749 * zc_name name of filesystem
1750 * zc_obj object to find
1751 *
1752 * outputs:
1753 * zc_value name of object
1754 */
1755 static int
1756 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1757 {
1758 objset_t *os;
1759 int error;
1760
1761 /* XXX reading from objset not owned */
1762 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1763 return (error);
1764 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1765 dmu_objset_rele(os, FTAG);
1766 return (SET_ERROR(EINVAL));
1767 }
1768 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1769 sizeof (zc->zc_value));
1770 dmu_objset_rele(os, FTAG);
1771
1772 return (error);
1773 }
1774
1775 /*
1776 * inputs:
1777 * zc_name name of filesystem
1778 * zc_obj object to find
1779 *
1780 * outputs:
1781 * zc_stat stats on object
1782 * zc_value path to object
1783 */
1784 static int
1785 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1786 {
1787 objset_t *os;
1788 int error;
1789
1790 /* XXX reading from objset not owned */
1791 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1792 return (error);
1793 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1794 dmu_objset_rele(os, FTAG);
1795 return (SET_ERROR(EINVAL));
1796 }
1797 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1798 sizeof (zc->zc_value));
1799 dmu_objset_rele(os, FTAG);
1800
1801 return (error);
1802 }
1803
1804 static int
1805 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1806 {
1807 spa_t *spa;
1808 int error;
1809 nvlist_t *config;
1810
1811 error = spa_open(zc->zc_name, &spa, FTAG);
1812 if (error != 0)
1813 return (error);
1814
1815 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1816 zc->zc_iflags, &config);
1817 if (error == 0) {
1818 error = spa_vdev_add(spa, config);
1819 nvlist_free(config);
1820 }
1821 spa_close(spa, FTAG);
1822 return (error);
1823 }
1824
1825 /*
1826 * inputs:
1827 * zc_name name of the pool
1828 * zc_nvlist_conf nvlist of devices to remove
1829 * zc_cookie to stop the remove?
1830 */
1831 static int
1832 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1833 {
1834 spa_t *spa;
1835 int error;
1836
1837 error = spa_open(zc->zc_name, &spa, FTAG);
1838 if (error != 0)
1839 return (error);
1840 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1841 spa_close(spa, FTAG);
1842 return (error);
1843 }
1844
1845 static int
1846 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1847 {
1848 spa_t *spa;
1849 int error;
1850 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1851
1852 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1853 return (error);
1854 switch (zc->zc_cookie) {
1855 case VDEV_STATE_ONLINE:
1856 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1857 break;
1858
1859 case VDEV_STATE_OFFLINE:
1860 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1861 break;
1862
1863 case VDEV_STATE_FAULTED:
1864 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1865 zc->zc_obj != VDEV_AUX_EXTERNAL)
1866 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1867
1868 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1869 break;
1870
1871 case VDEV_STATE_DEGRADED:
1872 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1873 zc->zc_obj != VDEV_AUX_EXTERNAL)
1874 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1875
1876 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1877 break;
1878
1879 default:
1880 error = SET_ERROR(EINVAL);
1881 }
1882 zc->zc_cookie = newstate;
1883 spa_close(spa, FTAG);
1884 return (error);
1885 }
1886
1887 static int
1888 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1889 {
1890 spa_t *spa;
1891 int replacing = zc->zc_cookie;
1892 nvlist_t *config;
1893 int error;
1894
1895 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1896 return (error);
1897
1898 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1899 zc->zc_iflags, &config)) == 0) {
1900 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1901 nvlist_free(config);
1902 }
1903
1904 spa_close(spa, FTAG);
1905 return (error);
1906 }
1907
1908 static int
1909 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1910 {
1911 spa_t *spa;
1912 int error;
1913
1914 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1915 return (error);
1916
1917 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1918
1919 spa_close(spa, FTAG);
1920 return (error);
1921 }
1922
1923 static int
1924 zfs_ioc_vdev_split(zfs_cmd_t *zc)
1925 {
1926 spa_t *spa;
1927 nvlist_t *config, *props = NULL;
1928 int error;
1929 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1930
1931 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1932 return (error);
1933
1934 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1935 zc->zc_iflags, &config))) {
1936 spa_close(spa, FTAG);
1937 return (error);
1938 }
1939
1940 if (zc->zc_nvlist_src_size != 0 && (error =
1941 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1942 zc->zc_iflags, &props))) {
1943 spa_close(spa, FTAG);
1944 nvlist_free(config);
1945 return (error);
1946 }
1947
1948 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1949
1950 spa_close(spa, FTAG);
1951
1952 nvlist_free(config);
1953 nvlist_free(props);
1954
1955 return (error);
1956 }
1957
1958 static int
1959 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1960 {
1961 spa_t *spa;
1962 char *path = zc->zc_value;
1963 uint64_t guid = zc->zc_guid;
1964 int error;
1965
1966 error = spa_open(zc->zc_name, &spa, FTAG);
1967 if (error != 0)
1968 return (error);
1969
1970 error = spa_vdev_setpath(spa, guid, path);
1971 spa_close(spa, FTAG);
1972 return (error);
1973 }
1974
1975 static int
1976 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1977 {
1978 spa_t *spa;
1979 char *fru = zc->zc_value;
1980 uint64_t guid = zc->zc_guid;
1981 int error;
1982
1983 error = spa_open(zc->zc_name, &spa, FTAG);
1984 if (error != 0)
1985 return (error);
1986
1987 error = spa_vdev_setfru(spa, guid, fru);
1988 spa_close(spa, FTAG);
1989 return (error);
1990 }
1991
1992 static int
1993 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1994 {
1995 int error = 0;
1996 nvlist_t *nv;
1997
1998 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1999
2000 if (zc->zc_nvlist_dst != 0 &&
2001 (error = dsl_prop_get_all(os, &nv)) == 0) {
2002 dmu_objset_stats(os, nv);
2003 /*
2004 * NB: zvol_get_stats() will read the objset contents,
2005 * which we aren't supposed to do with a
2006 * DS_MODE_USER hold, because it could be
2007 * inconsistent. So this is a bit of a workaround...
2008 * XXX reading with out owning
2009 */
2010 if (!zc->zc_objset_stats.dds_inconsistent &&
2011 dmu_objset_type(os) == DMU_OST_ZVOL) {
2012 error = zvol_get_stats(os, nv);
2013 if (error == EIO)
2014 return (error);
2015 VERIFY0(error);
2016 }
2017 if (error == 0)
2018 error = put_nvlist(zc, nv);
2019 nvlist_free(nv);
2020 }
2021
2022 return (error);
2023 }
2024
2025 /*
2026 * inputs:
2027 * zc_name name of filesystem
2028 * zc_nvlist_dst_size size of buffer for property nvlist
2029 *
2030 * outputs:
2031 * zc_objset_stats stats
2032 * zc_nvlist_dst property nvlist
2033 * zc_nvlist_dst_size size of property nvlist
2034 */
2035 static int
2036 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2037 {
2038 objset_t *os;
2039 int error;
2040
2041 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2042 if (error == 0) {
2043 error = zfs_ioc_objset_stats_impl(zc, os);
2044 dmu_objset_rele(os, FTAG);
2045 }
2046
2047 return (error);
2048 }
2049
2050 /*
2051 * inputs:
2052 * zc_name name of filesystem
2053 * zc_nvlist_dst_size size of buffer for property nvlist
2054 *
2055 * outputs:
2056 * zc_nvlist_dst received property nvlist
2057 * zc_nvlist_dst_size size of received property nvlist
2058 *
2059 * Gets received properties (distinct from local properties on or after
2060 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2061 * local property values.
2062 */
2063 static int
2064 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2065 {
2066 int error = 0;
2067 nvlist_t *nv;
2068
2069 /*
2070 * Without this check, we would return local property values if the
2071 * caller has not already received properties on or after
2072 * SPA_VERSION_RECVD_PROPS.
2073 */
2074 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2075 return (SET_ERROR(ENOTSUP));
2076
2077 if (zc->zc_nvlist_dst != 0 &&
2078 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2079 error = put_nvlist(zc, nv);
2080 nvlist_free(nv);
2081 }
2082
2083 return (error);
2084 }
2085
2086 static int
2087 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2088 {
2089 uint64_t value;
2090 int error;
2091
2092 /*
2093 * zfs_get_zplprop() will either find a value or give us
2094 * the default value (if there is one).
2095 */
2096 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2097 return (error);
2098 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2099 return (0);
2100 }
2101
2102 /*
2103 * inputs:
2104 * zc_name name of filesystem
2105 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2106 *
2107 * outputs:
2108 * zc_nvlist_dst zpl property nvlist
2109 * zc_nvlist_dst_size size of zpl property nvlist
2110 */
2111 static int
2112 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2113 {
2114 objset_t *os;
2115 int err;
2116
2117 /* XXX reading without owning */
2118 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2119 return (err);
2120
2121 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2122
2123 /*
2124 * NB: nvl_add_zplprop() will read the objset contents,
2125 * which we aren't supposed to do with a DS_MODE_USER
2126 * hold, because it could be inconsistent.
2127 */
2128 if (zc->zc_nvlist_dst != 0 &&
2129 !zc->zc_objset_stats.dds_inconsistent &&
2130 dmu_objset_type(os) == DMU_OST_ZFS) {
2131 nvlist_t *nv;
2132
2133 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2134 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2135 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2136 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2137 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2138 err = put_nvlist(zc, nv);
2139 nvlist_free(nv);
2140 } else {
2141 err = SET_ERROR(ENOENT);
2142 }
2143 dmu_objset_rele(os, FTAG);
2144 return (err);
2145 }
2146
2147 boolean_t
2148 dataset_name_hidden(const char *name)
2149 {
2150 /*
2151 * Skip over datasets that are not visible in this zone,
2152 * internal datasets (which have a $ in their name), and
2153 * temporary datasets (which have a % in their name).
2154 */
2155 if (strchr(name, '$') != NULL)
2156 return (B_TRUE);
2157 if (strchr(name, '%') != NULL)
2158 return (B_TRUE);
2159 if (!INGLOBALZONE(curproc) && !zone_dataset_visible(name, NULL))
2160 return (B_TRUE);
2161 return (B_FALSE);
2162 }
2163
2164 /*
2165 * inputs:
2166 * zc_name name of filesystem
2167 * zc_cookie zap cursor
2168 * zc_nvlist_dst_size size of buffer for property nvlist
2169 *
2170 * outputs:
2171 * zc_name name of next filesystem
2172 * zc_cookie zap cursor
2173 * zc_objset_stats stats
2174 * zc_nvlist_dst property nvlist
2175 * zc_nvlist_dst_size size of property nvlist
2176 */
2177 static int
2178 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2179 {
2180 objset_t *os;
2181 int error;
2182 char *p;
2183 size_t orig_len = strlen(zc->zc_name);
2184
2185 top:
2186 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2187 if (error == ENOENT)
2188 error = SET_ERROR(ESRCH);
2189 return (error);
2190 }
2191
2192 p = strrchr(zc->zc_name, '/');
2193 if (p == NULL || p[1] != '\0')
2194 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2195 p = zc->zc_name + strlen(zc->zc_name);
2196
2197 do {
2198 error = dmu_dir_list_next(os,
2199 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2200 NULL, &zc->zc_cookie);
2201 if (error == ENOENT)
2202 error = SET_ERROR(ESRCH);
2203 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2204 dmu_objset_rele(os, FTAG);
2205
2206 /*
2207 * If it's an internal dataset (ie. with a '$' in its name),
2208 * don't try to get stats for it, otherwise we'll return ENOENT.
2209 */
2210 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2211 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2212 if (error == ENOENT) {
2213 /* We lost a race with destroy, get the next one. */
2214 zc->zc_name[orig_len] = '\0';
2215 goto top;
2216 }
2217 }
2218 return (error);
2219 }
2220
2221 /*
2222 * inputs:
2223 * zc_name name of filesystem
2224 * zc_cookie zap cursor
2225 * zc_nvlist_dst_size size of buffer for property nvlist
2226 *
2227 * outputs:
2228 * zc_name name of next snapshot
2229 * zc_objset_stats stats
2230 * zc_nvlist_dst property nvlist
2231 * zc_nvlist_dst_size size of property nvlist
2232 */
2233 static int
2234 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2235 {
2236 objset_t *os;
2237 int error;
2238
2239 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2240 if (error != 0) {
2241 return (error == ENOENT ? ESRCH : error);
2242 }
2243
2244 /*
2245 * A dataset name of maximum length cannot have any snapshots,
2246 * so exit immediately.
2247 */
2248 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2249 dmu_objset_rele(os, FTAG);
2250 return (SET_ERROR(ESRCH));
2251 }
2252
2253 error = dmu_snapshot_list_next(os,
2254 sizeof (zc->zc_name) - strlen(zc->zc_name),
2255 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2256 NULL);
2257
2258 if (error == 0 && !zc->zc_simple) {
2259 dsl_dataset_t *ds;
2260 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2261
2262 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2263 if (error == 0) {
2264 objset_t *ossnap;
2265
2266 error = dmu_objset_from_ds(ds, &ossnap);
2267 if (error == 0)
2268 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2269 dsl_dataset_rele(ds, FTAG);
2270 }
2271 } else if (error == ENOENT) {
2272 error = SET_ERROR(ESRCH);
2273 }
2274
2275 dmu_objset_rele(os, FTAG);
2276 /* if we failed, undo the @ that we tacked on to zc_name */
2277 if (error != 0)
2278 *strchr(zc->zc_name, '@') = '\0';
2279 return (error);
2280 }
2281
2282 static int
2283 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2284 {
2285 const char *propname = nvpair_name(pair);
2286 uint64_t *valary;
2287 unsigned int vallen;
2288 const char *domain;
2289 char *dash;
2290 zfs_userquota_prop_t type;
2291 uint64_t rid;
2292 uint64_t quota;
2293 zfs_sb_t *zsb;
2294 int err;
2295
2296 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2297 nvlist_t *attrs;
2298 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2299 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2300 &pair) != 0)
2301 return (SET_ERROR(EINVAL));
2302 }
2303
2304 /*
2305 * A correctly constructed propname is encoded as
2306 * userquota@<rid>-<domain>.
2307 */
2308 if ((dash = strchr(propname, '-')) == NULL ||
2309 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2310 vallen != 3)
2311 return (SET_ERROR(EINVAL));
2312
2313 domain = dash + 1;
2314 type = valary[0];
2315 rid = valary[1];
2316 quota = valary[2];
2317
2318 err = zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE);
2319 if (err == 0) {
2320 err = zfs_set_userquota(zsb, type, domain, rid, quota);
2321 zfs_sb_rele(zsb, FTAG);
2322 }
2323
2324 return (err);
2325 }
2326
2327 /*
2328 * If the named property is one that has a special function to set its value,
2329 * return 0 on success and a positive error code on failure; otherwise if it is
2330 * not one of the special properties handled by this function, return -1.
2331 *
2332 * XXX: It would be better for callers of the property interface if we handled
2333 * these special cases in dsl_prop.c (in the dsl layer).
2334 */
2335 static int
2336 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2337 nvpair_t *pair)
2338 {
2339 const char *propname = nvpair_name(pair);
2340 zfs_prop_t prop = zfs_name_to_prop(propname);
2341 uint64_t intval;
2342 int err = -1;
2343
2344 if (prop == ZPROP_INVAL) {
2345 if (zfs_prop_userquota(propname))
2346 return (zfs_prop_set_userquota(dsname, pair));
2347 return (-1);
2348 }
2349
2350 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2351 nvlist_t *attrs;
2352 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2353 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2354 &pair) == 0);
2355 }
2356
2357 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2358 return (-1);
2359
2360 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2361
2362 switch (prop) {
2363 case ZFS_PROP_QUOTA:
2364 err = dsl_dir_set_quota(dsname, source, intval);
2365 break;
2366 case ZFS_PROP_REFQUOTA:
2367 err = dsl_dataset_set_refquota(dsname, source, intval);
2368 break;
2369 case ZFS_PROP_FILESYSTEM_LIMIT:
2370 case ZFS_PROP_SNAPSHOT_LIMIT:
2371 if (intval == UINT64_MAX) {
2372 /* clearing the limit, just do it */
2373 err = 0;
2374 } else {
2375 err = dsl_dir_activate_fs_ss_limit(dsname);
2376 }
2377 /*
2378 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2379 * default path to set the value in the nvlist.
2380 */
2381 if (err == 0)
2382 err = -1;
2383 break;
2384 case ZFS_PROP_RESERVATION:
2385 err = dsl_dir_set_reservation(dsname, source, intval);
2386 break;
2387 case ZFS_PROP_REFRESERVATION:
2388 err = dsl_dataset_set_refreservation(dsname, source, intval);
2389 break;
2390 case ZFS_PROP_VOLSIZE:
2391 err = zvol_set_volsize(dsname, intval);
2392 break;
2393 case ZFS_PROP_SNAPDEV:
2394 err = zvol_set_snapdev(dsname, source, intval);
2395 break;
2396 case ZFS_PROP_VERSION:
2397 {
2398 zfs_sb_t *zsb;
2399
2400 if ((err = zfs_sb_hold(dsname, FTAG, &zsb, B_TRUE)) != 0)
2401 break;
2402
2403 err = zfs_set_version(zsb, intval);
2404 zfs_sb_rele(zsb, FTAG);
2405
2406 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2407 zfs_cmd_t *zc;
2408
2409 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2410 (void) strcpy(zc->zc_name, dsname);
2411 (void) zfs_ioc_userspace_upgrade(zc);
2412 kmem_free(zc, sizeof (zfs_cmd_t));
2413 }
2414 break;
2415 }
2416 default:
2417 err = -1;
2418 }
2419
2420 return (err);
2421 }
2422
2423 /*
2424 * This function is best effort. If it fails to set any of the given properties,
2425 * it continues to set as many as it can and returns the last error
2426 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2427 * with the list of names of all the properties that failed along with the
2428 * corresponding error numbers.
2429 *
2430 * If every property is set successfully, zero is returned and errlist is not
2431 * modified.
2432 */
2433 int
2434 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2435 nvlist_t *errlist)
2436 {
2437 nvpair_t *pair;
2438 nvpair_t *propval;
2439 int rv = 0;
2440 uint64_t intval;
2441 char *strval;
2442
2443 nvlist_t *genericnvl = fnvlist_alloc();
2444 nvlist_t *retrynvl = fnvlist_alloc();
2445 retry:
2446 pair = NULL;
2447 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2448 const char *propname = nvpair_name(pair);
2449 zfs_prop_t prop = zfs_name_to_prop(propname);
2450 int err = 0;
2451
2452 /* decode the property value */
2453 propval = pair;
2454 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2455 nvlist_t *attrs;
2456 attrs = fnvpair_value_nvlist(pair);
2457 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2458 &propval) != 0)
2459 err = SET_ERROR(EINVAL);
2460 }
2461
2462 /* Validate value type */
2463 if (err == 0 && prop == ZPROP_INVAL) {
2464 if (zfs_prop_user(propname)) {
2465 if (nvpair_type(propval) != DATA_TYPE_STRING)
2466 err = SET_ERROR(EINVAL);
2467 } else if (zfs_prop_userquota(propname)) {
2468 if (nvpair_type(propval) !=
2469 DATA_TYPE_UINT64_ARRAY)
2470 err = SET_ERROR(EINVAL);
2471 } else {
2472 err = SET_ERROR(EINVAL);
2473 }
2474 } else if (err == 0) {
2475 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2476 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2477 err = SET_ERROR(EINVAL);
2478 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2479 const char *unused;
2480
2481 intval = fnvpair_value_uint64(propval);
2482
2483 switch (zfs_prop_get_type(prop)) {
2484 case PROP_TYPE_NUMBER:
2485 break;
2486 case PROP_TYPE_STRING:
2487 err = SET_ERROR(EINVAL);
2488 break;
2489 case PROP_TYPE_INDEX:
2490 if (zfs_prop_index_to_string(prop,
2491 intval, &unused) != 0)
2492 err = SET_ERROR(EINVAL);
2493 break;
2494 default:
2495 cmn_err(CE_PANIC,
2496 "unknown property type");
2497 }
2498 } else {
2499 err = SET_ERROR(EINVAL);
2500 }
2501 }
2502
2503 /* Validate permissions */
2504 if (err == 0)
2505 err = zfs_check_settable(dsname, pair, CRED());
2506
2507 if (err == 0) {
2508 err = zfs_prop_set_special(dsname, source, pair);
2509 if (err == -1) {
2510 /*
2511 * For better performance we build up a list of
2512 * properties to set in a single transaction.
2513 */
2514 err = nvlist_add_nvpair(genericnvl, pair);
2515 } else if (err != 0 && nvl != retrynvl) {
2516 /*
2517 * This may be a spurious error caused by
2518 * receiving quota and reservation out of order.
2519 * Try again in a second pass.
2520 */
2521 err = nvlist_add_nvpair(retrynvl, pair);
2522 }
2523 }
2524
2525 if (err != 0) {
2526 if (errlist != NULL)
2527 fnvlist_add_int32(errlist, propname, err);
2528 rv = err;
2529 }
2530 }
2531
2532 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2533 nvl = retrynvl;
2534 goto retry;
2535 }
2536
2537 if (!nvlist_empty(genericnvl) &&
2538 dsl_props_set(dsname, source, genericnvl) != 0) {
2539 /*
2540 * If this fails, we still want to set as many properties as we
2541 * can, so try setting them individually.
2542 */
2543 pair = NULL;
2544 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2545 const char *propname = nvpair_name(pair);
2546 int err = 0;
2547
2548 propval = pair;
2549 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2550 nvlist_t *attrs;
2551 attrs = fnvpair_value_nvlist(pair);
2552 propval = fnvlist_lookup_nvpair(attrs,
2553 ZPROP_VALUE);
2554 }
2555
2556 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2557 strval = fnvpair_value_string(propval);
2558 err = dsl_prop_set_string(dsname, propname,
2559 source, strval);
2560 } else {
2561 intval = fnvpair_value_uint64(propval);
2562 err = dsl_prop_set_int(dsname, propname, source,
2563 intval);
2564 }
2565
2566 if (err != 0) {
2567 if (errlist != NULL) {
2568 fnvlist_add_int32(errlist, propname,
2569 err);
2570 }
2571 rv = err;
2572 }
2573 }
2574 }
2575 nvlist_free(genericnvl);
2576 nvlist_free(retrynvl);
2577
2578 return (rv);
2579 }
2580
2581 /*
2582 * Check that all the properties are valid user properties.
2583 */
2584 static int
2585 zfs_check_userprops(const char *fsname, nvlist_t *nvl)
2586 {
2587 nvpair_t *pair = NULL;
2588 int error = 0;
2589
2590 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2591 const char *propname = nvpair_name(pair);
2592
2593 if (!zfs_prop_user(propname) ||
2594 nvpair_type(pair) != DATA_TYPE_STRING)
2595 return (SET_ERROR(EINVAL));
2596
2597 if ((error = zfs_secpolicy_write_perms(fsname,
2598 ZFS_DELEG_PERM_USERPROP, CRED())))
2599 return (error);
2600
2601 if (strlen(propname) >= ZAP_MAXNAMELEN)
2602 return (SET_ERROR(ENAMETOOLONG));
2603
2604 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2605 return (SET_ERROR(E2BIG));
2606 }
2607 return (0);
2608 }
2609
2610 static void
2611 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2612 {
2613 nvpair_t *pair;
2614
2615 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2616
2617 pair = NULL;
2618 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2619 if (nvlist_exists(skipped, nvpair_name(pair)))
2620 continue;
2621
2622 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2623 }
2624 }
2625
2626 static int
2627 clear_received_props(const char *dsname, nvlist_t *props,
2628 nvlist_t *skipped)
2629 {
2630 int err = 0;
2631 nvlist_t *cleared_props = NULL;
2632 props_skip(props, skipped, &cleared_props);
2633 if (!nvlist_empty(cleared_props)) {
2634 /*
2635 * Acts on local properties until the dataset has received
2636 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2637 */
2638 zprop_source_t flags = (ZPROP_SRC_NONE |
2639 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2640 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2641 }
2642 nvlist_free(cleared_props);
2643 return (err);
2644 }
2645
2646 /*
2647 * inputs:
2648 * zc_name name of filesystem
2649 * zc_value name of property to set
2650 * zc_nvlist_src{_size} nvlist of properties to apply
2651 * zc_cookie received properties flag
2652 *
2653 * outputs:
2654 * zc_nvlist_dst{_size} error for each unapplied received property
2655 */
2656 static int
2657 zfs_ioc_set_prop(zfs_cmd_t *zc)
2658 {
2659 nvlist_t *nvl;
2660 boolean_t received = zc->zc_cookie;
2661 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2662 ZPROP_SRC_LOCAL);
2663 nvlist_t *errors;
2664 int error;
2665
2666 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2667 zc->zc_iflags, &nvl)) != 0)
2668 return (error);
2669
2670 if (received) {
2671 nvlist_t *origprops;
2672
2673 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2674 (void) clear_received_props(zc->zc_name,
2675 origprops, nvl);
2676 nvlist_free(origprops);
2677 }
2678
2679 error = dsl_prop_set_hasrecvd(zc->zc_name);
2680 }
2681
2682 errors = fnvlist_alloc();
2683 if (error == 0)
2684 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2685
2686 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2687 (void) put_nvlist(zc, errors);
2688 }
2689
2690 nvlist_free(errors);
2691 nvlist_free(nvl);
2692 return (error);
2693 }
2694
2695 /*
2696 * inputs:
2697 * zc_name name of filesystem
2698 * zc_value name of property to inherit
2699 * zc_cookie revert to received value if TRUE
2700 *
2701 * outputs: none
2702 */
2703 static int
2704 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2705 {
2706 const char *propname = zc->zc_value;
2707 zfs_prop_t prop = zfs_name_to_prop(propname);
2708 boolean_t received = zc->zc_cookie;
2709 zprop_source_t source = (received
2710 ? ZPROP_SRC_NONE /* revert to received value, if any */
2711 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2712
2713 if (received) {
2714 nvlist_t *dummy;
2715 nvpair_t *pair;
2716 zprop_type_t type;
2717 int err;
2718
2719 /*
2720 * zfs_prop_set_special() expects properties in the form of an
2721 * nvpair with type info.
2722 */
2723 if (prop == ZPROP_INVAL) {
2724 if (!zfs_prop_user(propname))
2725 return (SET_ERROR(EINVAL));
2726
2727 type = PROP_TYPE_STRING;
2728 } else if (prop == ZFS_PROP_VOLSIZE ||
2729 prop == ZFS_PROP_VERSION) {
2730 return (SET_ERROR(EINVAL));
2731 } else {
2732 type = zfs_prop_get_type(prop);
2733 }
2734
2735 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2736
2737 switch (type) {
2738 case PROP_TYPE_STRING:
2739 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2740 break;
2741 case PROP_TYPE_NUMBER:
2742 case PROP_TYPE_INDEX:
2743 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2744 break;
2745 default:
2746 nvlist_free(dummy);
2747 return (SET_ERROR(EINVAL));
2748 }
2749
2750 pair = nvlist_next_nvpair(dummy, NULL);
2751 err = zfs_prop_set_special(zc->zc_name, source, pair);
2752 nvlist_free(dummy);
2753 if (err != -1)
2754 return (err); /* special property already handled */
2755 } else {
2756 /*
2757 * Only check this in the non-received case. We want to allow
2758 * 'inherit -S' to revert non-inheritable properties like quota
2759 * and reservation to the received or default values even though
2760 * they are not considered inheritable.
2761 */
2762 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2763 return (SET_ERROR(EINVAL));
2764 }
2765
2766 /* property name has been validated by zfs_secpolicy_inherit_prop() */
2767 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source));
2768 }
2769
2770 static int
2771 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2772 {
2773 nvlist_t *props;
2774 spa_t *spa;
2775 int error;
2776 nvpair_t *pair;
2777
2778 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2779 zc->zc_iflags, &props)))
2780 return (error);
2781
2782 /*
2783 * If the only property is the configfile, then just do a spa_lookup()
2784 * to handle the faulted case.
2785 */
2786 pair = nvlist_next_nvpair(props, NULL);
2787 if (pair != NULL && strcmp(nvpair_name(pair),
2788 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2789 nvlist_next_nvpair(props, pair) == NULL) {
2790 mutex_enter(&spa_namespace_lock);
2791 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2792 spa_configfile_set(spa, props, B_FALSE);
2793 spa_config_sync(spa, B_FALSE, B_TRUE);
2794 }
2795 mutex_exit(&spa_namespace_lock);
2796 if (spa != NULL) {
2797 nvlist_free(props);
2798 return (0);
2799 }
2800 }
2801
2802 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2803 nvlist_free(props);
2804 return (error);
2805 }
2806
2807 error = spa_prop_set(spa, props);
2808
2809 nvlist_free(props);
2810 spa_close(spa, FTAG);
2811
2812 return (error);
2813 }
2814
2815 static int
2816 zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2817 {
2818 spa_t *spa;
2819 int error;
2820 nvlist_t *nvp = NULL;
2821
2822 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2823 /*
2824 * If the pool is faulted, there may be properties we can still
2825 * get (such as altroot and cachefile), so attempt to get them
2826 * anyway.
2827 */
2828 mutex_enter(&spa_namespace_lock);
2829 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2830 error = spa_prop_get(spa, &nvp);
2831 mutex_exit(&spa_namespace_lock);
2832 } else {
2833 error = spa_prop_get(spa, &nvp);
2834 spa_close(spa, FTAG);
2835 }
2836
2837 if (error == 0 && zc->zc_nvlist_dst != 0)
2838 error = put_nvlist(zc, nvp);
2839 else
2840 error = SET_ERROR(EFAULT);
2841
2842 nvlist_free(nvp);
2843 return (error);
2844 }
2845
2846 /*
2847 * inputs:
2848 * zc_name name of filesystem
2849 * zc_nvlist_src{_size} nvlist of delegated permissions
2850 * zc_perm_action allow/unallow flag
2851 *
2852 * outputs: none
2853 */
2854 static int
2855 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2856 {
2857 int error;
2858 nvlist_t *fsaclnv = NULL;
2859
2860 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2861 zc->zc_iflags, &fsaclnv)) != 0)
2862 return (error);
2863
2864 /*
2865 * Verify nvlist is constructed correctly
2866 */
2867 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2868 nvlist_free(fsaclnv);
2869 return (SET_ERROR(EINVAL));
2870 }
2871
2872 /*
2873 * If we don't have PRIV_SYS_MOUNT, then validate
2874 * that user is allowed to hand out each permission in
2875 * the nvlist(s)
2876 */
2877
2878 error = secpolicy_zfs(CRED());
2879 if (error != 0) {
2880 if (zc->zc_perm_action == B_FALSE) {
2881 error = dsl_deleg_can_allow(zc->zc_name,
2882 fsaclnv, CRED());
2883 } else {
2884 error = dsl_deleg_can_unallow(zc->zc_name,
2885 fsaclnv, CRED());
2886 }
2887 }
2888
2889 if (error == 0)
2890 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2891
2892 nvlist_free(fsaclnv);
2893 return (error);
2894 }
2895
2896 /*
2897 * inputs:
2898 * zc_name name of filesystem
2899 *
2900 * outputs:
2901 * zc_nvlist_src{_size} nvlist of delegated permissions
2902 */
2903 static int
2904 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2905 {
2906 nvlist_t *nvp;
2907 int error;
2908
2909 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2910 error = put_nvlist(zc, nvp);
2911 nvlist_free(nvp);
2912 }
2913
2914 return (error);
2915 }
2916
2917 /* ARGSUSED */
2918 static void
2919 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2920 {
2921 zfs_creat_t *zct = arg;
2922
2923 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2924 }
2925
2926 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2927
2928 /*
2929 * inputs:
2930 * os parent objset pointer (NULL if root fs)
2931 * fuids_ok fuids allowed in this version of the spa?
2932 * sa_ok SAs allowed in this version of the spa?
2933 * createprops list of properties requested by creator
2934 *
2935 * outputs:
2936 * zplprops values for the zplprops we attach to the master node object
2937 * is_ci true if requested file system will be purely case-insensitive
2938 *
2939 * Determine the settings for utf8only, normalization and
2940 * casesensitivity. Specific values may have been requested by the
2941 * creator and/or we can inherit values from the parent dataset. If
2942 * the file system is of too early a vintage, a creator can not
2943 * request settings for these properties, even if the requested
2944 * setting is the default value. We don't actually want to create dsl
2945 * properties for these, so remove them from the source nvlist after
2946 * processing.
2947 */
2948 static int
2949 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2950 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2951 nvlist_t *zplprops, boolean_t *is_ci)
2952 {
2953 uint64_t sense = ZFS_PROP_UNDEFINED;
2954 uint64_t norm = ZFS_PROP_UNDEFINED;
2955 uint64_t u8 = ZFS_PROP_UNDEFINED;
2956 int error;
2957
2958 ASSERT(zplprops != NULL);
2959
2960 /*
2961 * Pull out creator prop choices, if any.
2962 */
2963 if (createprops) {
2964 (void) nvlist_lookup_uint64(createprops,
2965 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2966 (void) nvlist_lookup_uint64(createprops,
2967 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2968 (void) nvlist_remove_all(createprops,
2969 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2970 (void) nvlist_lookup_uint64(createprops,
2971 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2972 (void) nvlist_remove_all(createprops,
2973 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2974 (void) nvlist_lookup_uint64(createprops,
2975 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2976 (void) nvlist_remove_all(createprops,
2977 zfs_prop_to_name(ZFS_PROP_CASE));
2978 }
2979
2980 /*
2981 * If the zpl version requested is whacky or the file system
2982 * or pool is version is too "young" to support normalization
2983 * and the creator tried to set a value for one of the props,
2984 * error out.
2985 */
2986 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2987 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2988 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2989 (zplver < ZPL_VERSION_NORMALIZATION &&
2990 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2991 sense != ZFS_PROP_UNDEFINED)))
2992 return (SET_ERROR(ENOTSUP));
2993
2994 /*
2995 * Put the version in the zplprops
2996 */
2997 VERIFY(nvlist_add_uint64(zplprops,
2998 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2999
3000 if (norm == ZFS_PROP_UNDEFINED &&
3001 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3002 return (error);
3003 VERIFY(nvlist_add_uint64(zplprops,
3004 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3005
3006 /*
3007 * If we're normalizing, names must always be valid UTF-8 strings.
3008 */
3009 if (norm)
3010 u8 = 1;
3011 if (u8 == ZFS_PROP_UNDEFINED &&
3012 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3013 return (error);
3014 VERIFY(nvlist_add_uint64(zplprops,
3015 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3016
3017 if (sense == ZFS_PROP_UNDEFINED &&
3018 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3019 return (error);
3020 VERIFY(nvlist_add_uint64(zplprops,
3021 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3022
3023 if (is_ci)
3024 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3025
3026 return (0);
3027 }
3028
3029 static int
3030 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3031 nvlist_t *zplprops, boolean_t *is_ci)
3032 {
3033 boolean_t fuids_ok, sa_ok;
3034 uint64_t zplver = ZPL_VERSION;
3035 objset_t *os = NULL;
3036 char parentname[MAXNAMELEN];
3037 char *cp;
3038 spa_t *spa;
3039 uint64_t spa_vers;
3040 int error;
3041
3042 (void) strlcpy(parentname, dataset, sizeof (parentname));
3043 cp = strrchr(parentname, '/');
3044 ASSERT(cp != NULL);
3045 cp[0] = '\0';
3046
3047 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3048 return (error);
3049
3050 spa_vers = spa_version(spa);
3051 spa_close(spa, FTAG);
3052
3053 zplver = zfs_zpl_version_map(spa_vers);
3054 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3055 sa_ok = (zplver >= ZPL_VERSION_SA);
3056
3057 /*
3058 * Open parent object set so we can inherit zplprop values.
3059 */
3060 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3061 return (error);
3062
3063 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3064 zplprops, is_ci);
3065 dmu_objset_rele(os, FTAG);
3066 return (error);
3067 }
3068
3069 static int
3070 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3071 nvlist_t *zplprops, boolean_t *is_ci)
3072 {
3073 boolean_t fuids_ok;
3074 boolean_t sa_ok;
3075 uint64_t zplver = ZPL_VERSION;
3076 int error;
3077
3078 zplver = zfs_zpl_version_map(spa_vers);
3079 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3080 sa_ok = (zplver >= ZPL_VERSION_SA);
3081
3082 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3083 createprops, zplprops, is_ci);
3084 return (error);
3085 }
3086
3087 /*
3088 * innvl: {
3089 * "type" -> dmu_objset_type_t (int32)
3090 * (optional) "props" -> { prop -> value }
3091 * }
3092 *
3093 * outnvl: propname -> error code (int32)
3094 */
3095 static int
3096 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3097 {
3098 int error = 0;
3099 zfs_creat_t zct = { 0 };
3100 nvlist_t *nvprops = NULL;
3101 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3102 int32_t type32;
3103 dmu_objset_type_t type;
3104 boolean_t is_insensitive = B_FALSE;
3105
3106 if (nvlist_lookup_int32(innvl, "type", &type32) != 0)
3107 return (SET_ERROR(EINVAL));
3108 type = type32;
3109 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3110
3111 switch (type) {
3112 case DMU_OST_ZFS:
3113 cbfunc = zfs_create_cb;
3114 break;
3115
3116 case DMU_OST_ZVOL:
3117 cbfunc = zvol_create_cb;
3118 break;
3119
3120 default:
3121 cbfunc = NULL;
3122 break;
3123 }
3124 if (strchr(fsname, '@') ||
3125 strchr(fsname, '%'))
3126 return (SET_ERROR(EINVAL));
3127
3128 zct.zct_props = nvprops;
3129
3130 if (cbfunc == NULL)
3131 return (SET_ERROR(EINVAL));
3132
3133 if (type == DMU_OST_ZVOL) {
3134 uint64_t volsize, volblocksize;
3135
3136 if (nvprops == NULL)
3137 return (SET_ERROR(EINVAL));
3138 if (nvlist_lookup_uint64(nvprops,
3139 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3140 return (SET_ERROR(EINVAL));
3141
3142 if ((error = nvlist_lookup_uint64(nvprops,
3143 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3144 &volblocksize)) != 0 && error != ENOENT)
3145 return (SET_ERROR(EINVAL));
3146
3147 if (error != 0)
3148 volblocksize = zfs_prop_default_numeric(
3149 ZFS_PROP_VOLBLOCKSIZE);
3150
3151 if ((error = zvol_check_volblocksize(fsname,
3152 volblocksize)) != 0 ||
3153 (error = zvol_check_volsize(volsize,
3154 volblocksize)) != 0)
3155 return (error);
3156 } else if (type == DMU_OST_ZFS) {
3157 int error;
3158
3159 /*
3160 * We have to have normalization and
3161 * case-folding flags correct when we do the
3162 * file system creation, so go figure them out
3163 * now.
3164 */
3165 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3166 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3167 error = zfs_fill_zplprops(fsname, nvprops,
3168 zct.zct_zplprops, &is_insensitive);
3169 if (error != 0) {
3170 nvlist_free(zct.zct_zplprops);
3171 return (error);
3172 }
3173 }
3174
3175 error = dmu_objset_create(fsname, type,
3176 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3177 nvlist_free(zct.zct_zplprops);
3178
3179 /*
3180 * It would be nice to do this atomically.
3181 */
3182 if (error == 0) {
3183 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3184 nvprops, outnvl);
3185 if (error != 0)
3186 (void) dsl_destroy_head(fsname);
3187 }
3188 return (error);
3189 }
3190
3191 /*
3192 * innvl: {
3193 * "origin" -> name of origin snapshot
3194 * (optional) "props" -> { prop -> value }
3195 * }
3196 *
3197 * outputs:
3198 * outnvl: propname -> error code (int32)
3199 */
3200 static int
3201 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3202 {
3203 int error = 0;
3204 nvlist_t *nvprops = NULL;
3205 char *origin_name;
3206
3207 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0)
3208 return (SET_ERROR(EINVAL));
3209 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3210
3211 if (strchr(fsname, '@') ||
3212 strchr(fsname, '%'))
3213 return (SET_ERROR(EINVAL));
3214
3215 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3216 return (SET_ERROR(EINVAL));
3217 error = dmu_objset_clone(fsname, origin_name);
3218 if (error != 0)
3219 return (error);
3220
3221 /*
3222 * It would be nice to do this atomically.
3223 */
3224 if (error == 0) {
3225 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3226 nvprops, outnvl);
3227 if (error != 0)
3228 (void) dsl_destroy_head(fsname);
3229 }
3230 return (error);
3231 }
3232
3233 /*
3234 * innvl: {
3235 * "snaps" -> { snapshot1, snapshot2 }
3236 * (optional) "props" -> { prop -> value (string) }
3237 * }
3238 *
3239 * outnvl: snapshot -> error code (int32)
3240 */
3241 static int
3242 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3243 {
3244 nvlist_t *snaps;
3245 nvlist_t *props = NULL;
3246 int error, poollen;
3247 nvpair_t *pair, *pair2;
3248
3249 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3250 if ((error = zfs_check_userprops(poolname, props)) != 0)
3251 return (error);
3252
3253 if (!nvlist_empty(props) &&
3254 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3255 return (SET_ERROR(ENOTSUP));
3256
3257 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3258 return (SET_ERROR(EINVAL));
3259 poollen = strlen(poolname);
3260 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3261 pair = nvlist_next_nvpair(snaps, pair)) {
3262 const char *name = nvpair_name(pair);
3263 const char *cp = strchr(name, '@');
3264
3265 /*
3266 * The snap name must contain an @, and the part after it must
3267 * contain only valid characters.
3268 */
3269 if (cp == NULL ||
3270 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3271 return (SET_ERROR(EINVAL));
3272
3273 /*
3274 * The snap must be in the specified pool.
3275 */
3276 if (strncmp(name, poolname, poollen) != 0 ||
3277 (name[poollen] != '/' && name[poollen] != '@'))
3278 return (SET_ERROR(EXDEV));
3279
3280 /* This must be the only snap of this fs. */
3281 for (pair2 = nvlist_next_nvpair(snaps, pair);
3282 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3283 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3284 == 0) {
3285 return (SET_ERROR(EXDEV));
3286 }
3287 }
3288 }
3289
3290 error = dsl_dataset_snapshot(snaps, props, outnvl);
3291
3292 return (error);
3293 }
3294
3295 /*
3296 * innvl: "message" -> string
3297 */
3298 /* ARGSUSED */
3299 static int
3300 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3301 {
3302 char *message;
3303 spa_t *spa;
3304 int error;
3305 char *poolname;
3306
3307 /*
3308 * The poolname in the ioctl is not set, we get it from the TSD,
3309 * which was set at the end of the last successful ioctl that allows
3310 * logging. The secpolicy func already checked that it is set.
3311 * Only one log ioctl is allowed after each successful ioctl, so
3312 * we clear the TSD here.
3313 */
3314 poolname = tsd_get(zfs_allow_log_key);
3315 (void) tsd_set(zfs_allow_log_key, NULL);
3316 error = spa_open(poolname, &spa, FTAG);
3317 strfree(poolname);
3318 if (error != 0)
3319 return (error);
3320
3321 if (nvlist_lookup_string(innvl, "message", &message) != 0) {
3322 spa_close(spa, FTAG);
3323 return (SET_ERROR(EINVAL));
3324 }
3325
3326 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3327 spa_close(spa, FTAG);
3328 return (SET_ERROR(ENOTSUP));
3329 }
3330
3331 error = spa_history_log(spa, message);
3332 spa_close(spa, FTAG);
3333 return (error);
3334 }
3335
3336 /*
3337 * The dp_config_rwlock must not be held when calling this, because the
3338 * unmount may need to write out data.
3339 *
3340 * This function is best-effort. Callers must deal gracefully if it
3341 * remains mounted (or is remounted after this call).
3342 *
3343 * Returns 0 if the argument is not a snapshot, or it is not currently a
3344 * filesystem, or we were able to unmount it. Returns error code otherwise.
3345 */
3346 int
3347 zfs_unmount_snap(const char *snapname)
3348 {
3349 int err;
3350
3351 if (strchr(snapname, '@') == NULL)
3352 return (0);
3353
3354 err = zfsctl_snapshot_unmount((char *)snapname, MNT_FORCE);
3355 if (err != 0 && err != ENOENT)
3356 return (SET_ERROR(err));
3357
3358 return (0);
3359 }
3360
3361 /* ARGSUSED */
3362 static int
3363 zfs_unmount_snap_cb(const char *snapname, void *arg)
3364 {
3365 return (zfs_unmount_snap(snapname));
3366 }
3367
3368 /*
3369 * When a clone is destroyed, its origin may also need to be destroyed,
3370 * in which case it must be unmounted. This routine will do that unmount
3371 * if necessary.
3372 */
3373 void
3374 zfs_destroy_unmount_origin(const char *fsname)
3375 {
3376 int error;
3377 objset_t *os;
3378 dsl_dataset_t *ds;
3379
3380 error = dmu_objset_hold(fsname, FTAG, &os);
3381 if (error != 0)
3382 return;
3383 ds = dmu_objset_ds(os);
3384 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3385 char originname[MAXNAMELEN];
3386 dsl_dataset_name(ds->ds_prev, originname);
3387 dmu_objset_rele(os, FTAG);
3388 (void) zfs_unmount_snap(originname);
3389 } else {
3390 dmu_objset_rele(os, FTAG);
3391 }
3392 }
3393
3394 /*
3395 * innvl: {
3396 * "snaps" -> { snapshot1, snapshot2 }
3397 * (optional boolean) "defer"
3398 * }
3399 *
3400 * outnvl: snapshot -> error code (int32)
3401 */
3402 /* ARGSUSED */
3403 static int
3404 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3405 {
3406 nvlist_t *snaps;
3407 nvpair_t *pair;
3408 boolean_t defer;
3409
3410 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0)
3411 return (SET_ERROR(EINVAL));
3412 defer = nvlist_exists(innvl, "defer");
3413
3414 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3415 pair = nvlist_next_nvpair(snaps, pair)) {
3416 (void) zfs_unmount_snap(nvpair_name(pair));
3417 }
3418
3419 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3420 }
3421
3422 /*
3423 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>.
3424 * All bookmarks must be in the same pool.
3425 *
3426 * innvl: {
3427 * bookmark1 -> snapshot1, bookmark2 -> snapshot2
3428 * }
3429 *
3430 * outnvl: bookmark -> error code (int32)
3431 *
3432 */
3433 /* ARGSUSED */
3434 static int
3435 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3436 {
3437 nvpair_t *pair, *pair2;
3438
3439 for (pair = nvlist_next_nvpair(innvl, NULL);
3440 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3441 char *snap_name;
3442
3443 /*
3444 * Verify the snapshot argument.
3445 */
3446 if (nvpair_value_string(pair, &snap_name) != 0)
3447 return (SET_ERROR(EINVAL));
3448
3449
3450 /* Verify that the keys (bookmarks) are unique */
3451 for (pair2 = nvlist_next_nvpair(innvl, pair);
3452 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) {
3453 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0)
3454 return (SET_ERROR(EINVAL));
3455 }
3456 }
3457
3458 return (dsl_bookmark_create(innvl, outnvl));
3459 }
3460
3461 /*
3462 * innvl: {
3463 * property 1, property 2, ...
3464 * }
3465 *
3466 * outnvl: {
3467 * bookmark name 1 -> { property 1, property 2, ... },
3468 * bookmark name 2 -> { property 1, property 2, ... }
3469 * }
3470 *
3471 */
3472 static int
3473 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3474 {
3475 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3476 }
3477
3478 /*
3479 * innvl: {
3480 * bookmark name 1, bookmark name 2
3481 * }
3482 *
3483 * outnvl: bookmark -> error code (int32)
3484 *
3485 */
3486 static int
3487 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
3488 nvlist_t *outnvl)
3489 {
3490 int error, poollen;
3491 nvpair_t *pair;
3492
3493 poollen = strlen(poolname);
3494 for (pair = nvlist_next_nvpair(innvl, NULL);
3495 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
3496 const char *name = nvpair_name(pair);
3497 const char *cp = strchr(name, '#');
3498
3499 /*
3500 * The bookmark name must contain an #, and the part after it
3501 * must contain only valid characters.
3502 */
3503 if (cp == NULL ||
3504 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3505 return (SET_ERROR(EINVAL));
3506
3507 /*
3508 * The bookmark must be in the specified pool.
3509 */
3510 if (strncmp(name, poolname, poollen) != 0 ||
3511 (name[poollen] != '/' && name[poollen] != '#'))
3512 return (SET_ERROR(EXDEV));
3513 }
3514
3515 error = dsl_bookmark_destroy(innvl, outnvl);
3516 return (error);
3517 }
3518
3519 /*
3520 * inputs:
3521 * zc_name name of dataset to destroy
3522 * zc_objset_type type of objset
3523 * zc_defer_destroy mark for deferred destroy
3524 *
3525 * outputs: none
3526 */
3527 static int
3528 zfs_ioc_destroy(zfs_cmd_t *zc)
3529 {
3530 int err;
3531
3532 if (zc->zc_objset_type == DMU_OST_ZFS) {
3533 err = zfs_unmount_snap(zc->zc_name);
3534 if (err != 0)
3535 return (err);
3536 }
3537
3538 if (strchr(zc->zc_name, '@'))
3539 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
3540 else
3541 err = dsl_destroy_head(zc->zc_name);
3542
3543 return (err);
3544 }
3545
3546 /*
3547 * fsname is name of dataset to rollback (to most recent snapshot)
3548 *
3549 * innvl is not used.
3550 *
3551 * outnvl: "target" -> name of most recent snapshot
3552 * }
3553 */
3554 /* ARGSUSED */
3555 static int
3556 zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl)
3557 {
3558 zfs_sb_t *zsb;
3559 int error;
3560
3561 if (get_zfs_sb(fsname, &zsb) == 0) {
3562 error = zfs_suspend_fs(zsb);
3563 if (error == 0) {
3564 int resume_err;
3565
3566 error = dsl_dataset_rollback(fsname, zsb, outnvl);
3567 resume_err = zfs_resume_fs(zsb, fsname);
3568 error = error ? error : resume_err;
3569 }
3570 deactivate_super(zsb->z_sb);
3571 } else {
3572 error = dsl_dataset_rollback(fsname, NULL, outnvl);
3573 }
3574 return (error);
3575 }
3576
3577 static int
3578 recursive_unmount(const char *fsname, void *arg)
3579 {
3580 const char *snapname = arg;
3581 char *fullname;
3582 int error;
3583
3584 fullname = kmem_asprintf("%s@%s", fsname, snapname);
3585 error = zfs_unmount_snap(fullname);
3586 strfree(fullname);
3587
3588 return (error);
3589 }
3590
3591 /*
3592 * inputs:
3593 * zc_name old name of dataset
3594 * zc_value new name of dataset
3595 * zc_cookie recursive flag (only valid for snapshots)
3596 *
3597 * outputs: none
3598 */
3599 static int
3600 zfs_ioc_rename(zfs_cmd_t *zc)
3601 {
3602 boolean_t recursive = zc->zc_cookie & 1;
3603 char *at;
3604
3605 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3606 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3607 strchr(zc->zc_value, '%'))
3608 return (SET_ERROR(EINVAL));
3609
3610 at = strchr(zc->zc_name, '@');
3611 if (at != NULL) {
3612 /* snaps must be in same fs */
3613 int error;
3614
3615 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
3616 return (SET_ERROR(EXDEV));
3617 *at = '\0';
3618 if (zc->zc_objset_type == DMU_OST_ZFS) {
3619 error = dmu_objset_find(zc->zc_name,
3620 recursive_unmount, at + 1,
3621 recursive ? DS_FIND_CHILDREN : 0);
3622 if (error != 0) {
3623 *at = '@';
3624 return (error);
3625 }
3626 }
3627 error = dsl_dataset_rename_snapshot(zc->zc_name,
3628 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
3629 *at = '@';
3630
3631 return (error);
3632 } else {
3633 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
3634 }
3635 }
3636
3637 static int
3638 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3639 {
3640 const char *propname = nvpair_name(pair);
3641 boolean_t issnap = (strchr(dsname, '@') != NULL);
3642 zfs_prop_t prop = zfs_name_to_prop(propname);
3643 uint64_t intval;
3644 int err;
3645
3646 if (prop == ZPROP_INVAL) {
3647 if (zfs_prop_user(propname)) {
3648 if ((err = zfs_secpolicy_write_perms(dsname,
3649 ZFS_DELEG_PERM_USERPROP, cr)))
3650 return (err);
3651 return (0);
3652 }
3653
3654 if (!issnap && zfs_prop_userquota(propname)) {
3655 const char *perm = NULL;
3656 const char *uq_prefix =
3657 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3658 const char *gq_prefix =
3659 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3660
3661 if (strncmp(propname, uq_prefix,
3662 strlen(uq_prefix)) == 0) {
3663 perm = ZFS_DELEG_PERM_USERQUOTA;
3664 } else if (strncmp(propname, gq_prefix,
3665 strlen(gq_prefix)) == 0) {
3666 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3667 } else {
3668 /* USERUSED and GROUPUSED are read-only */
3669 return (SET_ERROR(EINVAL));
3670 }
3671
3672 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
3673 return (err);
3674 return (0);
3675 }
3676
3677 return (SET_ERROR(EINVAL));
3678 }
3679
3680 if (issnap)
3681 return (SET_ERROR(EINVAL));
3682
3683 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3684 /*
3685 * dsl_prop_get_all_impl() returns properties in this
3686 * format.
3687 */
3688 nvlist_t *attrs;
3689 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3690 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3691 &pair) == 0);
3692 }
3693
3694 /*
3695 * Check that this value is valid for this pool version
3696 */
3697 switch (prop) {
3698 case ZFS_PROP_COMPRESSION:
3699 /*
3700 * If the user specified gzip compression, make sure
3701 * the SPA supports it. We ignore any errors here since
3702 * we'll catch them later.
3703 */
3704 if (nvpair_value_uint64(pair, &intval) == 0) {
3705 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3706 intval <= ZIO_COMPRESS_GZIP_9 &&
3707 zfs_earlier_version(dsname,
3708 SPA_VERSION_GZIP_COMPRESSION)) {
3709 return (SET_ERROR(ENOTSUP));
3710 }
3711
3712 if (intval == ZIO_COMPRESS_ZLE &&
3713 zfs_earlier_version(dsname,
3714 SPA_VERSION_ZLE_COMPRESSION))
3715 return (SET_ERROR(ENOTSUP));
3716
3717 if (intval == ZIO_COMPRESS_LZ4) {
3718 spa_t *spa;
3719
3720 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3721 return (err);
3722
3723 if (!spa_feature_is_enabled(spa,
3724 SPA_FEATURE_LZ4_COMPRESS)) {
3725 spa_close(spa, FTAG);
3726 return (SET_ERROR(ENOTSUP));
3727 }
3728 spa_close(spa, FTAG);
3729 }
3730
3731 /*
3732 * If this is a bootable dataset then
3733 * verify that the compression algorithm
3734 * is supported for booting. We must return
3735 * something other than ENOTSUP since it
3736 * implies a downrev pool version.
3737 */
3738 if (zfs_is_bootfs(dsname) &&
3739 !BOOTFS_COMPRESS_VALID(intval)) {
3740 return (SET_ERROR(ERANGE));
3741 }
3742 }
3743 break;
3744
3745 case ZFS_PROP_COPIES:
3746 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3747 return (SET_ERROR(ENOTSUP));
3748 break;
3749
3750 case ZFS_PROP_DEDUP:
3751 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3752 return (SET_ERROR(ENOTSUP));
3753 break;
3754
3755 case ZFS_PROP_VOLBLOCKSIZE:
3756 case ZFS_PROP_RECORDSIZE:
3757 /* Record sizes above 128k need the feature to be enabled */
3758 if (nvpair_value_uint64(pair, &intval) == 0 &&
3759 intval > SPA_OLD_MAXBLOCKSIZE) {
3760 spa_t *spa;
3761
3762 /*
3763 * If this is a bootable dataset then
3764 * the we don't allow large (>128K) blocks,
3765 * because GRUB doesn't support them.
3766 */
3767 if (zfs_is_bootfs(dsname) &&
3768 intval > SPA_OLD_MAXBLOCKSIZE) {
3769 return (SET_ERROR(EDOM));
3770 }
3771
3772 /*
3773 * We don't allow setting the property above 1MB,
3774 * unless the tunable has been changed.
3775 */
3776 if (intval > zfs_max_recordsize ||
3777 intval > SPA_MAXBLOCKSIZE)
3778 return (SET_ERROR(EDOM));
3779
3780 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
3781 return (err);
3782
3783 if (!spa_feature_is_enabled(spa,
3784 SPA_FEATURE_LARGE_BLOCKS)) {
3785 spa_close(spa, FTAG);
3786 return (SET_ERROR(ENOTSUP));
3787 }
3788 spa_close(spa, FTAG);
3789 }
3790 break;
3791
3792 case ZFS_PROP_SHARESMB:
3793 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3794 return (SET_ERROR(ENOTSUP));
3795 break;
3796
3797 case ZFS_PROP_ACLINHERIT:
3798 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3799 nvpair_value_uint64(pair, &intval) == 0) {
3800 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3801 zfs_earlier_version(dsname,
3802 SPA_VERSION_PASSTHROUGH_X))
3803 return (SET_ERROR(ENOTSUP));
3804 }
3805 break;
3806 default:
3807 break;
3808 }
3809
3810 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3811 }
3812
3813 /*
3814 * Removes properties from the given props list that fail permission checks
3815 * needed to clear them and to restore them in case of a receive error. For each
3816 * property, make sure we have both set and inherit permissions.
3817 *
3818 * Returns the first error encountered if any permission checks fail. If the
3819 * caller provides a non-NULL errlist, it also gives the complete list of names
3820 * of all the properties that failed a permission check along with the
3821 * corresponding error numbers. The caller is responsible for freeing the
3822 * returned errlist.
3823 *
3824 * If every property checks out successfully, zero is returned and the list
3825 * pointed at by errlist is NULL.
3826 */
3827 static int
3828 zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3829 {
3830 zfs_cmd_t *zc;
3831 nvpair_t *pair, *next_pair;
3832 nvlist_t *errors;
3833 int err, rv = 0;
3834
3835 if (props == NULL)
3836 return (0);
3837
3838 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3839
3840 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3841 (void) strcpy(zc->zc_name, dataset);
3842 pair = nvlist_next_nvpair(props, NULL);
3843 while (pair != NULL) {
3844 next_pair = nvlist_next_nvpair(props, pair);
3845
3846 (void) strcpy(zc->zc_value, nvpair_name(pair));
3847 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3848 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
3849 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3850 VERIFY(nvlist_add_int32(errors,
3851 zc->zc_value, err) == 0);
3852 }
3853 pair = next_pair;
3854 }
3855 kmem_free(zc, sizeof (zfs_cmd_t));
3856
3857 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3858 nvlist_free(errors);
3859 errors = NULL;
3860 } else {
3861 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3862 }
3863
3864 if (errlist == NULL)
3865 nvlist_free(errors);
3866 else
3867 *errlist = errors;
3868
3869 return (rv);
3870 }
3871
3872 static boolean_t
3873 propval_equals(nvpair_t *p1, nvpair_t *p2)
3874 {
3875 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3876 /* dsl_prop_get_all_impl() format */
3877 nvlist_t *attrs;
3878 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3879 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3880 &p1) == 0);
3881 }
3882
3883 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3884 nvlist_t *attrs;
3885 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3886 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3887 &p2) == 0);
3888 }
3889
3890 if (nvpair_type(p1) != nvpair_type(p2))
3891 return (B_FALSE);
3892
3893 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3894 char *valstr1, *valstr2;
3895
3896 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3897 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3898 return (strcmp(valstr1, valstr2) == 0);
3899 } else {
3900 uint64_t intval1, intval2;
3901
3902 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3903 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3904 return (intval1 == intval2);
3905 }
3906 }
3907
3908 /*
3909 * Remove properties from props if they are not going to change (as determined
3910 * by comparison with origprops). Remove them from origprops as well, since we
3911 * do not need to clear or restore properties that won't change.
3912 */
3913 static void
3914 props_reduce(nvlist_t *props, nvlist_t *origprops)
3915 {
3916 nvpair_t *pair, *next_pair;
3917
3918 if (origprops == NULL)
3919 return; /* all props need to be received */
3920
3921 pair = nvlist_next_nvpair(props, NULL);
3922 while (pair != NULL) {
3923 const char *propname = nvpair_name(pair);
3924 nvpair_t *match;
3925
3926 next_pair = nvlist_next_nvpair(props, pair);
3927
3928 if ((nvlist_lookup_nvpair(origprops, propname,
3929 &match) != 0) || !propval_equals(pair, match))
3930 goto next; /* need to set received value */
3931
3932 /* don't clear the existing received value */
3933 (void) nvlist_remove_nvpair(origprops, match);
3934 /* don't bother receiving the property */
3935 (void) nvlist_remove_nvpair(props, pair);
3936 next:
3937 pair = next_pair;
3938 }
3939 }
3940
3941 #ifdef DEBUG
3942 static boolean_t zfs_ioc_recv_inject_err;
3943 #endif
3944
3945 /*
3946 * inputs:
3947 * zc_name name of containing filesystem
3948 * zc_nvlist_src{_size} nvlist of properties to apply
3949 * zc_value name of snapshot to create
3950 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3951 * zc_cookie file descriptor to recv from
3952 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3953 * zc_guid force flag
3954 * zc_cleanup_fd cleanup-on-exit file descriptor
3955 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3956 *
3957 * outputs:
3958 * zc_cookie number of bytes read
3959 * zc_nvlist_dst{_size} error for each unapplied received property
3960 * zc_obj zprop_errflags_t
3961 * zc_action_handle handle for this guid/ds mapping
3962 */
3963 static int
3964 zfs_ioc_recv(zfs_cmd_t *zc)
3965 {
3966 file_t *fp;
3967 dmu_recv_cookie_t drc;
3968 boolean_t force = (boolean_t)zc->zc_guid;
3969 int fd;
3970 int error = 0;
3971 int props_error = 0;
3972 nvlist_t *errors;
3973 offset_t off;
3974 nvlist_t *props = NULL; /* sent properties */
3975 nvlist_t *origprops = NULL; /* existing properties */
3976 char *origin = NULL;
3977 char *tosnap;
3978 char tofs[ZFS_MAXNAMELEN];
3979 boolean_t first_recvd_props = B_FALSE;
3980
3981 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3982 strchr(zc->zc_value, '@') == NULL ||
3983 strchr(zc->zc_value, '%'))
3984 return (SET_ERROR(EINVAL));
3985
3986 (void) strcpy(tofs, zc->zc_value);
3987 tosnap = strchr(tofs, '@');
3988 *tosnap++ = '\0';
3989
3990 if (zc->zc_nvlist_src != 0 &&
3991 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3992 zc->zc_iflags, &props)) != 0)
3993 return (error);
3994
3995 fd = zc->zc_cookie;
3996 fp = getf(fd);
3997 if (fp == NULL) {
3998 nvlist_free(props);
3999 return (SET_ERROR(EBADF));
4000 }
4001
4002 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4003
4004 if (zc->zc_string[0])
4005 origin = zc->zc_string;
4006
4007 error = dmu_recv_begin(tofs, tosnap,
4008 &zc->zc_begin_record, force, origin, &drc);
4009 if (error != 0)
4010 goto out;
4011
4012 /*
4013 * Set properties before we receive the stream so that they are applied
4014 * to the new data. Note that we must call dmu_recv_stream() if
4015 * dmu_recv_begin() succeeds.
4016 */
4017 if (props != NULL && !drc.drc_newfs) {
4018 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
4019 SPA_VERSION_RECVD_PROPS &&
4020 !dsl_prop_get_hasrecvd(tofs))
4021 first_recvd_props = B_TRUE;
4022
4023 /*
4024 * If new received properties are supplied, they are to
4025 * completely replace the existing received properties, so stash
4026 * away the existing ones.
4027 */
4028 if (dsl_prop_get_received(tofs, &origprops) == 0) {
4029 nvlist_t *errlist = NULL;
4030 /*
4031 * Don't bother writing a property if its value won't
4032 * change (and avoid the unnecessary security checks).
4033 *
4034 * The first receive after SPA_VERSION_RECVD_PROPS is a
4035 * special case where we blow away all local properties
4036 * regardless.
4037 */
4038 if (!first_recvd_props)
4039 props_reduce(props, origprops);
4040 if (zfs_check_clearable(tofs, origprops, &errlist) != 0)
4041 (void) nvlist_merge(errors, errlist, 0);
4042 nvlist_free(errlist);
4043
4044 if (clear_received_props(tofs, origprops,
4045 first_recvd_props ? NULL : props) != 0)
4046 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
4047 } else {
4048 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
4049 }
4050 }
4051
4052 if (props != NULL) {
4053 props_error = dsl_prop_set_hasrecvd(tofs);
4054
4055 if (props_error == 0) {
4056 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
4057 props, errors);
4058 }
4059 }
4060
4061 if (zc->zc_nvlist_dst_size != 0 &&
4062 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
4063 put_nvlist(zc, errors) != 0)) {
4064 /*
4065 * Caller made zc->zc_nvlist_dst less than the minimum expected
4066 * size or supplied an invalid address.
4067 */
4068 props_error = SET_ERROR(EINVAL);
4069 }
4070
4071 off = fp->f_offset;
4072 error = dmu_recv_stream(&drc, fp->f_vnode, &off, zc->zc_cleanup_fd,
4073 &zc->zc_action_handle);
4074
4075 if (error == 0) {
4076 zfs_sb_t *zsb = NULL;
4077
4078 if (get_zfs_sb(tofs, &zsb) == 0) {
4079 /* online recv */
4080 int end_err;
4081
4082 error = zfs_suspend_fs(zsb);
4083 /*
4084 * If the suspend fails, then the recv_end will
4085 * likely also fail, and clean up after itself.
4086 */
4087 end_err = dmu_recv_end(&drc, zsb);
4088 if (error == 0)
4089 error = zfs_resume_fs(zsb, tofs);
4090 error = error ? error : end_err;
4091 deactivate_super(zsb->z_sb);
4092 } else {
4093 error = dmu_recv_end(&drc, NULL);
4094 }
4095 }
4096
4097 zc->zc_cookie = off - fp->f_offset;
4098 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4099 fp->f_offset = off;
4100
4101 #ifdef DEBUG
4102 if (zfs_ioc_recv_inject_err) {
4103 zfs_ioc_recv_inject_err = B_FALSE;
4104 error = 1;
4105 }
4106 #endif
4107
4108 /*
4109 * On error, restore the original props.
4110 */
4111 if (error != 0 && props != NULL && !drc.drc_newfs) {
4112 if (clear_received_props(tofs, props, NULL) != 0) {
4113 /*
4114 * We failed to clear the received properties.
4115 * Since we may have left a $recvd value on the
4116 * system, we can't clear the $hasrecvd flag.
4117 */
4118 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4119 } else if (first_recvd_props) {
4120 dsl_prop_unset_hasrecvd(tofs);
4121 }
4122
4123 if (origprops == NULL && !drc.drc_newfs) {
4124 /* We failed to stash the original properties. */
4125 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4126 }
4127
4128 /*
4129 * dsl_props_set() will not convert RECEIVED to LOCAL on or
4130 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
4131 * explictly if we're restoring local properties cleared in the
4132 * first new-style receive.
4133 */
4134 if (origprops != NULL &&
4135 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
4136 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
4137 origprops, NULL) != 0) {
4138 /*
4139 * We stashed the original properties but failed to
4140 * restore them.
4141 */
4142 zc->zc_obj |= ZPROP_ERR_NORESTORE;
4143 }
4144 }
4145 out:
4146 nvlist_free(props);
4147 nvlist_free(origprops);
4148 nvlist_free(errors);
4149 releasef(fd);
4150
4151 if (error == 0)
4152 error = props_error;
4153
4154 return (error);
4155 }
4156
4157 /*
4158 * inputs:
4159 * zc_name name of snapshot to send
4160 * zc_cookie file descriptor to send stream to
4161 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
4162 * zc_sendobj objsetid of snapshot to send
4163 * zc_fromobj objsetid of incremental fromsnap (may be zero)
4164 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
4165 * output size in zc_objset_type.
4166 * zc_flags lzc_send_flags
4167 *
4168 * outputs:
4169 * zc_objset_type estimated size, if zc_guid is set
4170 */
4171 static int
4172 zfs_ioc_send(zfs_cmd_t *zc)
4173 {
4174 int error;
4175 offset_t off;
4176 boolean_t estimate = (zc->zc_guid != 0);
4177 boolean_t embedok = (zc->zc_flags & 0x1);
4178 boolean_t large_block_ok = (zc->zc_flags & 0x2);
4179
4180 if (zc->zc_obj != 0) {
4181 dsl_pool_t *dp;
4182 dsl_dataset_t *tosnap;
4183
4184 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4185 if (error != 0)
4186 return (error);
4187
4188 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4189 if (error != 0) {
4190 dsl_pool_rele(dp, FTAG);
4191 return (error);
4192 }
4193
4194 if (dsl_dir_is_clone(tosnap->ds_dir))
4195 zc->zc_fromobj =
4196 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
4197 dsl_dataset_rele(tosnap, FTAG);
4198 dsl_pool_rele(dp, FTAG);
4199 }
4200
4201 if (estimate) {
4202 dsl_pool_t *dp;
4203 dsl_dataset_t *tosnap;
4204 dsl_dataset_t *fromsnap = NULL;
4205
4206 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4207 if (error != 0)
4208 return (error);
4209
4210 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
4211 if (error != 0) {
4212 dsl_pool_rele(dp, FTAG);
4213 return (error);
4214 }
4215
4216 if (zc->zc_fromobj != 0) {
4217 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
4218 FTAG, &fromsnap);
4219 if (error != 0) {
4220 dsl_dataset_rele(tosnap, FTAG);
4221 dsl_pool_rele(dp, FTAG);
4222 return (error);
4223 }
4224 }
4225
4226 error = dmu_send_estimate(tosnap, fromsnap,
4227 &zc->zc_objset_type);
4228
4229 if (fromsnap != NULL)
4230 dsl_dataset_rele(fromsnap, FTAG);
4231 dsl_dataset_rele(tosnap, FTAG);
4232 dsl_pool_rele(dp, FTAG);
4233 } else {
4234 file_t *fp = getf(zc->zc_cookie);
4235 if (fp == NULL)
4236 return (SET_ERROR(EBADF));
4237
4238 off = fp->f_offset;
4239 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
4240 zc->zc_fromobj, embedok, large_block_ok,
4241 zc->zc_cookie, fp->f_vnode, &off);
4242
4243 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4244 fp->f_offset = off;
4245 releasef(zc->zc_cookie);
4246 }
4247 return (error);
4248 }
4249
4250 /*
4251 * inputs:
4252 * zc_name name of snapshot on which to report progress
4253 * zc_cookie file descriptor of send stream
4254 *
4255 * outputs:
4256 * zc_cookie number of bytes written in send stream thus far
4257 */
4258 static int
4259 zfs_ioc_send_progress(zfs_cmd_t *zc)
4260 {
4261 dsl_pool_t *dp;
4262 dsl_dataset_t *ds;
4263 dmu_sendarg_t *dsp = NULL;
4264 int error;
4265
4266 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
4267 if (error != 0)
4268 return (error);
4269
4270 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
4271 if (error != 0) {
4272 dsl_pool_rele(dp, FTAG);
4273 return (error);
4274 }
4275
4276 mutex_enter(&ds->ds_sendstream_lock);
4277
4278 /*
4279 * Iterate over all the send streams currently active on this dataset.
4280 * If there's one which matches the specified file descriptor _and_ the
4281 * stream was started by the current process, return the progress of
4282 * that stream.
4283 */
4284
4285 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
4286 dsp = list_next(&ds->ds_sendstreams, dsp)) {
4287 if (dsp->dsa_outfd == zc->zc_cookie &&
4288 dsp->dsa_proc->group_leader == curproc->group_leader)
4289 break;
4290 }
4291
4292 if (dsp != NULL)
4293 zc->zc_cookie = *(dsp->dsa_off);
4294 else
4295 error = SET_ERROR(ENOENT);
4296
4297 mutex_exit(&ds->ds_sendstream_lock);
4298 dsl_dataset_rele(ds, FTAG);
4299 dsl_pool_rele(dp, FTAG);
4300 return (error);
4301 }
4302
4303 static int
4304 zfs_ioc_inject_fault(zfs_cmd_t *zc)
4305 {
4306 int id, error;
4307
4308 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4309 &zc->zc_inject_record);
4310
4311 if (error == 0)
4312 zc->zc_guid = (uint64_t)id;
4313
4314 return (error);
4315 }
4316
4317 static int
4318 zfs_ioc_clear_fault(zfs_cmd_t *zc)
4319 {
4320 return (zio_clear_fault((int)zc->zc_guid));
4321 }
4322
4323 static int
4324 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4325 {
4326 int id = (int)zc->zc_guid;
4327 int error;
4328
4329 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4330 &zc->zc_inject_record);
4331
4332 zc->zc_guid = id;
4333
4334 return (error);
4335 }
4336
4337 static int
4338 zfs_ioc_error_log(zfs_cmd_t *zc)
4339 {
4340 spa_t *spa;
4341 int error;
4342 size_t count = (size_t)zc->zc_nvlist_dst_size;
4343
4344 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4345 return (error);
4346
4347 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4348 &count);
4349 if (error == 0)
4350 zc->zc_nvlist_dst_size = count;
4351 else
4352 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4353
4354 spa_close(spa, FTAG);
4355
4356 return (error);
4357 }
4358
4359 static int
4360 zfs_ioc_clear(zfs_cmd_t *zc)
4361 {
4362 spa_t *spa;
4363 vdev_t *vd;
4364 int error;
4365
4366 /*
4367 * On zpool clear we also fix up missing slogs
4368 */
4369 mutex_enter(&spa_namespace_lock);
4370 spa = spa_lookup(zc->zc_name);
4371 if (spa == NULL) {
4372 mutex_exit(&spa_namespace_lock);
4373 return (SET_ERROR(EIO));
4374 }
4375 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4376 /* we need to let spa_open/spa_load clear the chains */
4377 spa_set_log_state(spa, SPA_LOG_CLEAR);
4378 }
4379 spa->spa_last_open_failed = 0;
4380 mutex_exit(&spa_namespace_lock);
4381
4382 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4383 error = spa_open(zc->zc_name, &spa, FTAG);
4384 } else {
4385 nvlist_t *policy;
4386 nvlist_t *config = NULL;
4387
4388 if (zc->zc_nvlist_src == 0)
4389 return (SET_ERROR(EINVAL));
4390
4391 if ((error = get_nvlist(zc->zc_nvlist_src,
4392 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4393 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4394 policy, &config);
4395 if (config != NULL) {
4396 int err;
4397
4398 if ((err = put_nvlist(zc, config)) != 0)
4399 error = err;
4400 nvlist_free(config);
4401 }
4402 nvlist_free(policy);
4403 }
4404 }
4405
4406 if (error != 0)
4407 return (error);
4408
4409 spa_vdev_state_enter(spa, SCL_NONE);
4410
4411 if (zc->zc_guid == 0) {
4412 vd = NULL;
4413 } else {
4414 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4415 if (vd == NULL) {
4416 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4417 spa_close(spa, FTAG);
4418 return (SET_ERROR(ENODEV));
4419 }
4420 }
4421
4422 vdev_clear(spa, vd);
4423
4424 (void) spa_vdev_state_exit(spa, NULL, 0);
4425
4426 /*
4427 * Resume any suspended I/Os.
4428 */
4429 if (zio_resume(spa) != 0)
4430 error = SET_ERROR(EIO);
4431
4432 spa_close(spa, FTAG);
4433
4434 return (error);
4435 }
4436
4437 static int
4438 zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4439 {
4440 spa_t *spa;
4441 int error;
4442
4443 error = spa_open(zc->zc_name, &spa, FTAG);
4444 if (error != 0)
4445 return (error);
4446
4447 spa_vdev_state_enter(spa, SCL_NONE);
4448
4449 /*
4450 * If a resilver is already in progress then set the
4451 * spa_scrub_reopen flag to B_TRUE so that we don't restart
4452 * the scan as a side effect of the reopen. Otherwise, let
4453 * vdev_open() decided if a resilver is required.
4454 */
4455 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool);
4456 vdev_reopen(spa->spa_root_vdev);
4457 spa->spa_scrub_reopen = B_FALSE;
4458
4459 (void) spa_vdev_state_exit(spa, NULL, 0);
4460 spa_close(spa, FTAG);
4461 return (0);
4462 }
4463 /*
4464 * inputs:
4465 * zc_name name of filesystem
4466 * zc_value name of origin snapshot
4467 *
4468 * outputs:
4469 * zc_string name of conflicting snapshot, if there is one
4470 */
4471 static int
4472 zfs_ioc_promote(zfs_cmd_t *zc)
4473 {
4474 char *cp;
4475
4476 /*
4477 * We don't need to unmount *all* the origin fs's snapshots, but
4478 * it's easier.
4479 */
4480 cp = strchr(zc->zc_value, '@');
4481 if (cp)
4482 *cp = '\0';
4483 (void) dmu_objset_find(zc->zc_value,
4484 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
4485 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4486 }
4487
4488 /*
4489 * Retrieve a single {user|group}{used|quota}@... property.
4490 *
4491 * inputs:
4492 * zc_name name of filesystem
4493 * zc_objset_type zfs_userquota_prop_t
4494 * zc_value domain name (eg. "S-1-234-567-89")
4495 * zc_guid RID/UID/GID
4496 *
4497 * outputs:
4498 * zc_cookie property value
4499 */
4500 static int
4501 zfs_ioc_userspace_one(zfs_cmd_t *zc)
4502 {
4503 zfs_sb_t *zsb;
4504 int error;
4505
4506 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4507 return (SET_ERROR(EINVAL));
4508
4509 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4510 if (error != 0)
4511 return (error);
4512
4513 error = zfs_userspace_one(zsb,
4514 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4515 zfs_sb_rele(zsb, FTAG);
4516
4517 return (error);
4518 }
4519
4520 /*
4521 * inputs:
4522 * zc_name name of filesystem
4523 * zc_cookie zap cursor
4524 * zc_objset_type zfs_userquota_prop_t
4525 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4526 *
4527 * outputs:
4528 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4529 * zc_cookie zap cursor
4530 */
4531 static int
4532 zfs_ioc_userspace_many(zfs_cmd_t *zc)
4533 {
4534 zfs_sb_t *zsb;
4535 int bufsize = zc->zc_nvlist_dst_size;
4536 int error;
4537 void *buf;
4538
4539 if (bufsize <= 0)
4540 return (SET_ERROR(ENOMEM));
4541
4542 error = zfs_sb_hold(zc->zc_name, FTAG, &zsb, B_FALSE);
4543 if (error != 0)
4544 return (error);
4545
4546 buf = vmem_alloc(bufsize, KM_SLEEP);
4547
4548 error = zfs_userspace_many(zsb, zc->zc_objset_type, &zc->zc_cookie,
4549 buf, &zc->zc_nvlist_dst_size);
4550
4551 if (error == 0) {
4552 error = xcopyout(buf,
4553 (void *)(uintptr_t)zc->zc_nvlist_dst,
4554 zc->zc_nvlist_dst_size);
4555 }
4556 vmem_free(buf, bufsize);
4557 zfs_sb_rele(zsb, FTAG);
4558
4559 return (error);
4560 }
4561
4562 /*
4563 * inputs:
4564 * zc_name name of filesystem
4565 *
4566 * outputs:
4567 * none
4568 */
4569 static int
4570 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4571 {
4572 objset_t *os;
4573 int error = 0;
4574 zfs_sb_t *zsb;
4575
4576 if (get_zfs_sb(zc->zc_name, &zsb) == 0) {
4577 if (!dmu_objset_userused_enabled(zsb->z_os)) {
4578 /*
4579 * If userused is not enabled, it may be because the
4580 * objset needs to be closed & reopened (to grow the
4581 * objset_phys_t). Suspend/resume the fs will do that.
4582 */
4583 error = zfs_suspend_fs(zsb);
4584 if (error == 0) {
4585 dmu_objset_refresh_ownership(zsb->z_os,
4586 zsb);
4587 error = zfs_resume_fs(zsb, zc->zc_name);
4588 }
4589 }
4590 if (error == 0)
4591 error = dmu_objset_userspace_upgrade(zsb->z_os);
4592 deactivate_super(zsb->z_sb);
4593 } else {
4594 /* XXX kind of reading contents without owning */
4595 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4596 if (error != 0)
4597 return (error);
4598
4599 error = dmu_objset_userspace_upgrade(os);
4600 dmu_objset_rele(os, FTAG);
4601 }
4602
4603 return (error);
4604 }
4605
4606 static int
4607 zfs_ioc_share(zfs_cmd_t *zc)
4608 {
4609 return (SET_ERROR(ENOSYS));
4610 }
4611
4612 ace_t full_access[] = {
4613 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4614 };
4615
4616 /*
4617 * inputs:
4618 * zc_name name of containing filesystem
4619 * zc_obj object # beyond which we want next in-use object #
4620 *
4621 * outputs:
4622 * zc_obj next in-use object #
4623 */
4624 static int
4625 zfs_ioc_next_obj(zfs_cmd_t *zc)
4626 {
4627 objset_t *os = NULL;
4628 int error;
4629
4630 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4631 if (error != 0)
4632 return (error);
4633
4634 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
4635
4636 dmu_objset_rele(os, FTAG);
4637 return (error);
4638 }
4639
4640 /*
4641 * inputs:
4642 * zc_name name of filesystem
4643 * zc_value prefix name for snapshot
4644 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4645 *
4646 * outputs:
4647 * zc_value short name of new snapshot
4648 */
4649 static int
4650 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4651 {
4652 char *snap_name;
4653 char *hold_name;
4654 int error;
4655 minor_t minor;
4656
4657 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4658 if (error != 0)
4659 return (error);
4660
4661 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4662 (u_longlong_t)ddi_get_lbolt64());
4663 hold_name = kmem_asprintf("%%%s", zc->zc_value);
4664
4665 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
4666 hold_name);
4667 if (error == 0)
4668 (void) strcpy(zc->zc_value, snap_name);
4669 strfree(snap_name);
4670 strfree(hold_name);
4671 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4672 return (error);
4673 }
4674
4675 /*
4676 * inputs:
4677 * zc_name name of "to" snapshot
4678 * zc_value name of "from" snapshot
4679 * zc_cookie file descriptor to write diff data on
4680 *
4681 * outputs:
4682 * dmu_diff_record_t's to the file descriptor
4683 */
4684 static int
4685 zfs_ioc_diff(zfs_cmd_t *zc)
4686 {
4687 file_t *fp;
4688 offset_t off;
4689 int error;
4690
4691 fp = getf(zc->zc_cookie);
4692 if (fp == NULL)
4693 return (SET_ERROR(EBADF));
4694
4695 off = fp->f_offset;
4696
4697 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off);
4698
4699 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
4700 fp->f_offset = off;
4701 releasef(zc->zc_cookie);
4702
4703 return (error);
4704 }
4705
4706 /*
4707 * Remove all ACL files in shares dir
4708 */
4709 #ifdef HAVE_SMB_SHARE
4710 static int
4711 zfs_smb_acl_purge(znode_t *dzp)
4712 {
4713 zap_cursor_t zc;
4714 zap_attribute_t zap;
4715 zfs_sb_t *zsb = ZTOZSB(dzp);
4716 int error;
4717
4718 for (zap_cursor_init(&zc, zsb->z_os, dzp->z_id);
4719 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4720 zap_cursor_advance(&zc)) {
4721 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4722 NULL, 0)) != 0)
4723 break;
4724 }
4725 zap_cursor_fini(&zc);
4726 return (error);
4727 }
4728 #endif /* HAVE_SMB_SHARE */
4729
4730 static int
4731 zfs_ioc_smb_acl(zfs_cmd_t *zc)
4732 {
4733 #ifdef HAVE_SMB_SHARE
4734 vnode_t *vp;
4735 znode_t *dzp;
4736 vnode_t *resourcevp = NULL;
4737 znode_t *sharedir;
4738 zfs_sb_t *zsb;
4739 nvlist_t *nvlist;
4740 char *src, *target;
4741 vattr_t vattr;
4742 vsecattr_t vsec;
4743 int error = 0;
4744
4745 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4746 NO_FOLLOW, NULL, &vp)) != 0)
4747 return (error);
4748
4749 /* Now make sure mntpnt and dataset are ZFS */
4750
4751 if (vp->v_vfsp->vfs_fstype != zfsfstype ||
4752 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4753 zc->zc_name) != 0)) {
4754 VN_RELE(vp);
4755 return (SET_ERROR(EINVAL));
4756 }
4757
4758 dzp = VTOZ(vp);
4759 zsb = ZTOZSB(dzp);
4760 ZFS_ENTER(zsb);
4761
4762 /*
4763 * Create share dir if its missing.
4764 */
4765 mutex_enter(&zsb->z_lock);
4766 if (zsb->z_shares_dir == 0) {
4767 dmu_tx_t *tx;
4768
4769 tx = dmu_tx_create(zsb->z_os);
4770 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4771 ZFS_SHARES_DIR);
4772 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4773 error = dmu_tx_assign(tx, TXG_WAIT);
4774 if (error != 0) {
4775 dmu_tx_abort(tx);
4776 } else {
4777 error = zfs_create_share_dir(zsb, tx);
4778 dmu_tx_commit(tx);
4779 }
4780 if (error != 0) {
4781 mutex_exit(&zsb->z_lock);
4782 VN_RELE(vp);
4783 ZFS_EXIT(zsb);
4784 return (error);
4785 }
4786 }
4787 mutex_exit(&zsb->z_lock);
4788
4789 ASSERT(zsb->z_shares_dir);
4790 if ((error = zfs_zget(zsb, zsb->z_shares_dir, &sharedir)) != 0) {
4791 VN_RELE(vp);
4792 ZFS_EXIT(zsb);
4793 return (error);
4794 }
4795
4796 switch (zc->zc_cookie) {
4797 case ZFS_SMB_ACL_ADD:
4798 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4799 vattr.va_mode = S_IFREG|0777;
4800 vattr.va_uid = 0;
4801 vattr.va_gid = 0;
4802
4803 vsec.vsa_mask = VSA_ACE;
4804 vsec.vsa_aclentp = &full_access;
4805 vsec.vsa_aclentsz = sizeof (full_access);
4806 vsec.vsa_aclcnt = 1;
4807
4808 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4809 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4810 if (resourcevp)
4811 VN_RELE(resourcevp);
4812 break;
4813
4814 case ZFS_SMB_ACL_REMOVE:
4815 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4816 NULL, 0);
4817 break;
4818
4819 case ZFS_SMB_ACL_RENAME:
4820 if ((error = get_nvlist(zc->zc_nvlist_src,
4821 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4822 VN_RELE(vp);
4823 VN_RELE(ZTOV(sharedir));
4824 ZFS_EXIT(zsb);
4825 return (error);
4826 }
4827 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4828 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4829 &target)) {
4830 VN_RELE(vp);
4831 VN_RELE(ZTOV(sharedir));
4832 ZFS_EXIT(zsb);
4833 nvlist_free(nvlist);
4834 return (error);
4835 }
4836 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4837 kcred, NULL, 0);
4838 nvlist_free(nvlist);
4839 break;
4840
4841 case ZFS_SMB_ACL_PURGE:
4842 error = zfs_smb_acl_purge(sharedir);
4843 break;
4844
4845 default:
4846 error = SET_ERROR(EINVAL);
4847 break;
4848 }
4849
4850 VN_RELE(vp);
4851 VN_RELE(ZTOV(sharedir));
4852
4853 ZFS_EXIT(zsb);
4854
4855 return (error);
4856 #else
4857 return (SET_ERROR(ENOTSUP));
4858 #endif /* HAVE_SMB_SHARE */
4859 }
4860
4861 /*
4862 * innvl: {
4863 * "holds" -> { snapname -> holdname (string), ... }
4864 * (optional) "cleanup_fd" -> fd (int32)
4865 * }
4866 *
4867 * outnvl: {
4868 * snapname -> error value (int32)
4869 * ...
4870 * }
4871 */
4872 /* ARGSUSED */
4873 static int
4874 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
4875 {
4876 nvpair_t *pair;
4877 nvlist_t *holds;
4878 int cleanup_fd = -1;
4879 int error;
4880 minor_t minor = 0;
4881
4882 error = nvlist_lookup_nvlist(args, "holds", &holds);
4883 if (error != 0)
4884 return (SET_ERROR(EINVAL));
4885
4886 /* make sure the user didn't pass us any invalid (empty) tags */
4887 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
4888 pair = nvlist_next_nvpair(holds, pair)) {
4889 char *htag;
4890
4891 error = nvpair_value_string(pair, &htag);
4892 if (error != 0)
4893 return (SET_ERROR(error));
4894
4895 if (strlen(htag) == 0)
4896 return (SET_ERROR(EINVAL));
4897 }
4898
4899 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
4900 error = zfs_onexit_fd_hold(cleanup_fd, &minor);
4901 if (error != 0)
4902 return (error);
4903 }
4904
4905 error = dsl_dataset_user_hold(holds, minor, errlist);
4906 if (minor != 0)
4907 zfs_onexit_fd_rele(cleanup_fd);
4908 return (error);
4909 }
4910
4911 /*
4912 * innvl is not used.
4913 *
4914 * outnvl: {
4915 * holdname -> time added (uint64 seconds since epoch)
4916 * ...
4917 * }
4918 */
4919 /* ARGSUSED */
4920 static int
4921 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
4922 {
4923 return (dsl_dataset_get_holds(snapname, outnvl));
4924 }
4925
4926 /*
4927 * innvl: {
4928 * snapname -> { holdname, ... }
4929 * ...
4930 * }
4931 *
4932 * outnvl: {
4933 * snapname -> error value (int32)
4934 * ...
4935 * }
4936 */
4937 /* ARGSUSED */
4938 static int
4939 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
4940 {
4941 return (dsl_dataset_user_release(holds, errlist));
4942 }
4943
4944 /*
4945 * inputs:
4946 * zc_guid flags (ZEVENT_NONBLOCK)
4947 * zc_cleanup_fd zevent file descriptor
4948 *
4949 * outputs:
4950 * zc_nvlist_dst next nvlist event
4951 * zc_cookie dropped events since last get
4952 */
4953 static int
4954 zfs_ioc_events_next(zfs_cmd_t *zc)
4955 {
4956 zfs_zevent_t *ze;
4957 nvlist_t *event = NULL;
4958 minor_t minor;
4959 uint64_t dropped = 0;
4960 int error;
4961
4962 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
4963 if (error != 0)
4964 return (error);
4965
4966 do {
4967 error = zfs_zevent_next(ze, &event,
4968 &zc->zc_nvlist_dst_size, &dropped);
4969 if (event != NULL) {
4970 zc->zc_cookie = dropped;
4971 error = put_nvlist(zc, event);
4972 nvlist_free(event);
4973 }
4974
4975 if (zc->zc_guid & ZEVENT_NONBLOCK)
4976 break;
4977
4978 if ((error == 0) || (error != ENOENT))
4979 break;
4980
4981 error = zfs_zevent_wait(ze);
4982 if (error != 0)
4983 break;
4984 } while (1);
4985
4986 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
4987
4988 return (error);
4989 }
4990
4991 /*
4992 * outputs:
4993 * zc_cookie cleared events count
4994 */
4995 static int
4996 zfs_ioc_events_clear(zfs_cmd_t *zc)
4997 {
4998 int count;
4999
5000 zfs_zevent_drain_all(&count);
5001 zc->zc_cookie = count;
5002
5003 return (0);
5004 }
5005
5006 /*
5007 * inputs:
5008 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
5009 * zc_cleanup zevent file descriptor
5010 */
5011 static int
5012 zfs_ioc_events_seek(zfs_cmd_t *zc)
5013 {
5014 zfs_zevent_t *ze;
5015 minor_t minor;
5016 int error;
5017
5018 error = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
5019 if (error != 0)
5020 return (error);
5021
5022 error = zfs_zevent_seek(ze, zc->zc_guid);
5023 zfs_zevent_fd_rele(zc->zc_cleanup_fd);
5024
5025 return (error);
5026 }
5027
5028 /*
5029 * inputs:
5030 * zc_name name of new filesystem or snapshot
5031 * zc_value full name of old snapshot
5032 *
5033 * outputs:
5034 * zc_cookie space in bytes
5035 * zc_objset_type compressed space in bytes
5036 * zc_perm_action uncompressed space in bytes
5037 */
5038 static int
5039 zfs_ioc_space_written(zfs_cmd_t *zc)
5040 {
5041 int error;
5042 dsl_pool_t *dp;
5043 dsl_dataset_t *new, *old;
5044
5045 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5046 if (error != 0)
5047 return (error);
5048 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
5049 if (error != 0) {
5050 dsl_pool_rele(dp, FTAG);
5051 return (error);
5052 }
5053 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
5054 if (error != 0) {
5055 dsl_dataset_rele(new, FTAG);
5056 dsl_pool_rele(dp, FTAG);
5057 return (error);
5058 }
5059
5060 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
5061 &zc->zc_objset_type, &zc->zc_perm_action);
5062 dsl_dataset_rele(old, FTAG);
5063 dsl_dataset_rele(new, FTAG);
5064 dsl_pool_rele(dp, FTAG);
5065 return (error);
5066 }
5067
5068 /*
5069 * innvl: {
5070 * "firstsnap" -> snapshot name
5071 * }
5072 *
5073 * outnvl: {
5074 * "used" -> space in bytes
5075 * "compressed" -> compressed space in bytes
5076 * "uncompressed" -> uncompressed space in bytes
5077 * }
5078 */
5079 static int
5080 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
5081 {
5082 int error;
5083 dsl_pool_t *dp;
5084 dsl_dataset_t *new, *old;
5085 char *firstsnap;
5086 uint64_t used, comp, uncomp;
5087
5088 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0)
5089 return (SET_ERROR(EINVAL));
5090
5091 error = dsl_pool_hold(lastsnap, FTAG, &dp);
5092 if (error != 0)
5093 return (error);
5094
5095 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
5096 if (error == 0 && !new->ds_is_snapshot) {
5097 dsl_dataset_rele(new, FTAG);
5098 error = SET_ERROR(EINVAL);
5099 }
5100 if (error != 0) {
5101 dsl_pool_rele(dp, FTAG);
5102 return (error);
5103 }
5104 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
5105 if (error == 0 && !old->ds_is_snapshot) {
5106 dsl_dataset_rele(old, FTAG);
5107 error = SET_ERROR(EINVAL);
5108 }
5109 if (error != 0) {
5110 dsl_dataset_rele(new, FTAG);
5111 dsl_pool_rele(dp, FTAG);
5112 return (error);
5113 }
5114
5115 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
5116 dsl_dataset_rele(old, FTAG);
5117 dsl_dataset_rele(new, FTAG);
5118 dsl_pool_rele(dp, FTAG);
5119 fnvlist_add_uint64(outnvl, "used", used);
5120 fnvlist_add_uint64(outnvl, "compressed", comp);
5121 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
5122 return (error);
5123 }
5124
5125 /*
5126 * innvl: {
5127 * "fd" -> file descriptor to write stream to (int32)
5128 * (optional) "fromsnap" -> full snap name to send an incremental from
5129 * (optional) "largeblockok" -> (value ignored)
5130 * indicates that blocks > 128KB are permitted
5131 * (optional) "embedok" -> (value ignored)
5132 * presence indicates DRR_WRITE_EMBEDDED records are permitted
5133 * }
5134 *
5135 * outnvl is unused
5136 */
5137 /* ARGSUSED */
5138 static int
5139 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5140 {
5141 int error;
5142 offset_t off;
5143 char *fromname = NULL;
5144 int fd;
5145 file_t *fp;
5146 boolean_t largeblockok;
5147 boolean_t embedok;
5148
5149 error = nvlist_lookup_int32(innvl, "fd", &fd);
5150 if (error != 0)
5151 return (SET_ERROR(EINVAL));
5152
5153 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
5154
5155 largeblockok = nvlist_exists(innvl, "largeblockok");
5156 embedok = nvlist_exists(innvl, "embedok");
5157
5158 if ((fp = getf(fd)) == NULL)
5159 return (SET_ERROR(EBADF));
5160
5161 off = fp->f_offset;
5162 error = dmu_send(snapname, fromname, embedok, largeblockok,
5163 fd, fp->f_vnode, &off);
5164
5165 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0)
5166 fp->f_offset = off;
5167
5168 releasef(fd);
5169 return (error);
5170 }
5171
5172 /*
5173 * Determine approximately how large a zfs send stream will be -- the number
5174 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
5175 *
5176 * innvl: {
5177 * (optional) "from" -> full snap or bookmark name to send an incremental
5178 * from
5179 * }
5180 *
5181 * outnvl: {
5182 * "space" -> bytes of space (uint64)
5183 * }
5184 */
5185 static int
5186 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
5187 {
5188 dsl_pool_t *dp;
5189 dsl_dataset_t *tosnap;
5190 int error;
5191 char *fromname;
5192 uint64_t space;
5193
5194 error = dsl_pool_hold(snapname, FTAG, &dp);
5195 if (error != 0)
5196 return (error);
5197
5198 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
5199 if (error != 0) {
5200 dsl_pool_rele(dp, FTAG);
5201 return (error);
5202 }
5203
5204 error = nvlist_lookup_string(innvl, "from", &fromname);
5205 if (error == 0) {
5206 if (strchr(fromname, '@') != NULL) {
5207 /*
5208 * If from is a snapshot, hold it and use the more
5209 * efficient dmu_send_estimate to estimate send space
5210 * size using deadlists.
5211 */
5212 dsl_dataset_t *fromsnap;
5213 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
5214 if (error != 0)
5215 goto out;
5216 error = dmu_send_estimate(tosnap, fromsnap, &space);
5217 dsl_dataset_rele(fromsnap, FTAG);
5218 } else if (strchr(fromname, '#') != NULL) {
5219 /*
5220 * If from is a bookmark, fetch the creation TXG of the
5221 * snapshot it was created from and use that to find
5222 * blocks that were born after it.
5223 */
5224 zfs_bookmark_phys_t frombm;
5225
5226 error = dsl_bookmark_lookup(dp, fromname, tosnap,
5227 &frombm);
5228 if (error != 0)
5229 goto out;
5230 error = dmu_send_estimate_from_txg(tosnap,
5231 frombm.zbm_creation_txg, &space);
5232 } else {
5233 /*
5234 * from is not properly formatted as a snapshot or
5235 * bookmark
5236 */
5237 error = SET_ERROR(EINVAL);
5238 goto out;
5239 }
5240 } else {
5241 // If estimating the size of a full send, use dmu_send_estimate
5242 error = dmu_send_estimate(tosnap, NULL, &space);
5243 }
5244
5245 fnvlist_add_uint64(outnvl, "space", space);
5246
5247 out:
5248 dsl_dataset_rele(tosnap, FTAG);
5249 dsl_pool_rele(dp, FTAG);
5250 return (error);
5251 }
5252
5253 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
5254
5255 static void
5256 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5257 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5258 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
5259 {
5260 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5261
5262 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5263 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5264 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5265 ASSERT3P(vec->zvec_func, ==, NULL);
5266
5267 vec->zvec_legacy_func = func;
5268 vec->zvec_secpolicy = secpolicy;
5269 vec->zvec_namecheck = namecheck;
5270 vec->zvec_allow_log = log_history;
5271 vec->zvec_pool_check = pool_check;
5272 }
5273
5274 /*
5275 * See the block comment at the beginning of this file for details on
5276 * each argument to this function.
5277 */
5278 static void
5279 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
5280 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
5281 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
5282 boolean_t allow_log)
5283 {
5284 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
5285
5286 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
5287 ASSERT3U(ioc, <, ZFS_IOC_LAST);
5288 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
5289 ASSERT3P(vec->zvec_func, ==, NULL);
5290
5291 /* if we are logging, the name must be valid */
5292 ASSERT(!allow_log || namecheck != NO_NAME);
5293
5294 vec->zvec_name = name;
5295 vec->zvec_func = func;
5296 vec->zvec_secpolicy = secpolicy;
5297 vec->zvec_namecheck = namecheck;
5298 vec->zvec_pool_check = pool_check;
5299 vec->zvec_smush_outnvlist = smush_outnvlist;
5300 vec->zvec_allow_log = allow_log;
5301 }
5302
5303 static void
5304 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5305 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
5306 zfs_ioc_poolcheck_t pool_check)
5307 {
5308 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5309 POOL_NAME, log_history, pool_check);
5310 }
5311
5312 static void
5313 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5314 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
5315 {
5316 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5317 DATASET_NAME, B_FALSE, pool_check);
5318 }
5319
5320 static void
5321 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5322 {
5323 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
5324 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5325 }
5326
5327 static void
5328 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5329 zfs_secpolicy_func_t *secpolicy)
5330 {
5331 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5332 NO_NAME, B_FALSE, POOL_CHECK_NONE);
5333 }
5334
5335 static void
5336 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
5337 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
5338 {
5339 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5340 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
5341 }
5342
5343 static void
5344 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
5345 {
5346 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
5347 zfs_secpolicy_read);
5348 }
5349
5350 static void
5351 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
5352 zfs_secpolicy_func_t *secpolicy)
5353 {
5354 zfs_ioctl_register_legacy(ioc, func, secpolicy,
5355 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5356 }
5357
5358 static void
5359 zfs_ioctl_init(void)
5360 {
5361 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
5362 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
5363 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5364
5365 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
5366 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
5367 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE);
5368
5369 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
5370 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
5371 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5372
5373 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
5374 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
5375 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5376
5377 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
5378 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
5379 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5380
5381 zfs_ioctl_register("create", ZFS_IOC_CREATE,
5382 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
5383 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5384
5385 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
5386 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
5387 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5388
5389 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
5390 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
5391 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5392
5393 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
5394 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
5395 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5396 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
5397 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
5398 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5399
5400 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
5401 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
5402 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5403
5404 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
5405 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
5406 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE);
5407
5408 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
5409 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
5410 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5411
5412 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
5413 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
5414 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE);
5415
5416 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
5417 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
5418 POOL_NAME,
5419 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE);
5420
5421 /* IOCTLS that use the legacy function signature */
5422
5423 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
5424 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
5425
5426 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
5427 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5428 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
5429 zfs_ioc_pool_scan);
5430 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
5431 zfs_ioc_pool_upgrade);
5432 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
5433 zfs_ioc_vdev_add);
5434 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
5435 zfs_ioc_vdev_remove);
5436 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
5437 zfs_ioc_vdev_set_state);
5438 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
5439 zfs_ioc_vdev_attach);
5440 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
5441 zfs_ioc_vdev_detach);
5442 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
5443 zfs_ioc_vdev_setpath);
5444 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
5445 zfs_ioc_vdev_setfru);
5446 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
5447 zfs_ioc_pool_set_props);
5448 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
5449 zfs_ioc_vdev_split);
5450 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
5451 zfs_ioc_pool_reguid);
5452
5453 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
5454 zfs_ioc_pool_configs, zfs_secpolicy_none);
5455 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
5456 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
5457 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
5458 zfs_ioc_inject_fault, zfs_secpolicy_inject);
5459 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
5460 zfs_ioc_clear_fault, zfs_secpolicy_inject);
5461 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
5462 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
5463
5464 /*
5465 * pool destroy, and export don't log the history as part of
5466 * zfsdev_ioctl, but rather zfs_ioc_pool_export
5467 * does the logging of those commands.
5468 */
5469 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
5470 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5471 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
5472 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5473
5474 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
5475 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5476 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props,
5477 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
5478
5479 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
5480 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
5481 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
5482 zfs_ioc_dsobj_to_dsname,
5483 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
5484 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
5485 zfs_ioc_pool_get_history,
5486 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
5487
5488 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
5489 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5490
5491 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
5492 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
5493 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
5494 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED);
5495
5496 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
5497 zfs_ioc_space_written);
5498 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
5499 zfs_ioc_objset_recvd_props);
5500 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
5501 zfs_ioc_next_obj);
5502 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
5503 zfs_ioc_get_fsacl);
5504 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
5505 zfs_ioc_objset_stats);
5506 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
5507 zfs_ioc_objset_zplprops);
5508 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
5509 zfs_ioc_dataset_list_next);
5510 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
5511 zfs_ioc_snapshot_list_next);
5512 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
5513 zfs_ioc_send_progress);
5514
5515 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
5516 zfs_ioc_diff, zfs_secpolicy_diff);
5517 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
5518 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
5519 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
5520 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
5521 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
5522 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
5523 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
5524 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
5525 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
5526 zfs_ioc_send, zfs_secpolicy_send);
5527
5528 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
5529 zfs_secpolicy_none);
5530 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
5531 zfs_secpolicy_destroy);
5532 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
5533 zfs_secpolicy_rename);
5534 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
5535 zfs_secpolicy_recv);
5536 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
5537 zfs_secpolicy_promote);
5538 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
5539 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
5540 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
5541 zfs_secpolicy_set_fsacl);
5542
5543 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
5544 zfs_secpolicy_share, POOL_CHECK_NONE);
5545 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
5546 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
5547 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
5548 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
5549 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5550 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
5551 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
5552 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
5553
5554 /*
5555 * ZoL functions
5556 */
5557 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
5558 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5559 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
5560 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5561 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
5562 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
5563 }
5564
5565 int
5566 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
5567 zfs_ioc_poolcheck_t check)
5568 {
5569 spa_t *spa;
5570 int error;
5571
5572 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5573
5574 if (check & POOL_CHECK_NONE)
5575 return (0);
5576
5577 error = spa_open(name, &spa, FTAG);
5578 if (error == 0) {
5579 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
5580 error = SET_ERROR(EAGAIN);
5581 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
5582 error = SET_ERROR(EROFS);
5583 spa_close(spa, FTAG);
5584 }
5585 return (error);
5586 }
5587
5588 static void *
5589 zfsdev_get_state_impl(minor_t minor, enum zfsdev_state_type which)
5590 {
5591 zfsdev_state_t *zs;
5592
5593 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
5594 if (zs->zs_minor == minor) {
5595 smp_rmb();
5596 switch (which) {
5597 case ZST_ONEXIT:
5598 return (zs->zs_onexit);
5599 case ZST_ZEVENT:
5600 return (zs->zs_zevent);
5601 case ZST_ALL:
5602 return (zs);
5603 }
5604 }
5605 }
5606
5607 return (NULL);
5608 }
5609
5610 void *
5611 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
5612 {
5613 void *ptr;
5614
5615 ptr = zfsdev_get_state_impl(minor, which);
5616
5617 return (ptr);
5618 }
5619
5620 int
5621 zfsdev_getminor(struct file *filp, minor_t *minorp)
5622 {
5623 zfsdev_state_t *zs, *fpd;
5624
5625 ASSERT(filp != NULL);
5626 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
5627
5628 fpd = filp->private_data;
5629 if (fpd == NULL)
5630 return (EBADF);
5631
5632 mutex_enter(&zfsdev_state_lock);
5633
5634 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
5635
5636 if (zs->zs_minor == -1)
5637 continue;
5638
5639 if (fpd == zs) {
5640 *minorp = fpd->zs_minor;
5641 mutex_exit(&zfsdev_state_lock);
5642 return (0);
5643 }
5644 }
5645
5646 mutex_exit(&zfsdev_state_lock);
5647
5648 return (EBADF);
5649 }
5650
5651 /*
5652 * Find a free minor number. The zfsdev_state_list is expected to
5653 * be short since it is only a list of currently open file handles.
5654 */
5655 minor_t
5656 zfsdev_minor_alloc(void)
5657 {
5658 static minor_t last_minor = 0;
5659 minor_t m;
5660
5661 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5662
5663 for (m = last_minor + 1; m != last_minor; m++) {
5664 if (m > ZFSDEV_MAX_MINOR)
5665 m = 1;
5666 if (zfsdev_get_state_impl(m, ZST_ALL) == NULL) {
5667 last_minor = m;
5668 return (m);
5669 }
5670 }
5671
5672 return (0);
5673 }
5674
5675 static int
5676 zfsdev_state_init(struct file *filp)
5677 {
5678 zfsdev_state_t *zs, *zsprev = NULL;
5679 minor_t minor;
5680 boolean_t newzs = B_FALSE;
5681
5682 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5683
5684 minor = zfsdev_minor_alloc();
5685 if (minor == 0)
5686 return (SET_ERROR(ENXIO));
5687
5688 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
5689 if (zs->zs_minor == -1)
5690 break;
5691 zsprev = zs;
5692 }
5693
5694 if (!zs) {
5695 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
5696 newzs = B_TRUE;
5697 }
5698
5699 zs->zs_file = filp;
5700 filp->private_data = zs;
5701
5702 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
5703 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
5704
5705
5706 /*
5707 * In order to provide for lock-free concurrent read access
5708 * to the minor list in zfsdev_get_state_impl(), new entries
5709 * must be completely written before linking them into the
5710 * list whereas existing entries are already linked; the last
5711 * operation must be updating zs_minor (from -1 to the new
5712 * value).
5713 */
5714 if (newzs) {
5715 zs->zs_minor = minor;
5716 smp_wmb();
5717 zsprev->zs_next = zs;
5718 } else {
5719 smp_wmb();
5720 zs->zs_minor = minor;
5721 }
5722
5723 return (0);
5724 }
5725
5726 static int
5727 zfsdev_state_destroy(struct file *filp)
5728 {
5729 zfsdev_state_t *zs;
5730
5731 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
5732 ASSERT(filp->private_data != NULL);
5733
5734 zs = filp->private_data;
5735 zs->zs_minor = -1;
5736 zfs_onexit_destroy(zs->zs_onexit);
5737 zfs_zevent_destroy(zs->zs_zevent);
5738
5739 return (0);
5740 }
5741
5742 static int
5743 zfsdev_open(struct inode *ino, struct file *filp)
5744 {
5745 int error;
5746
5747 mutex_enter(&zfsdev_state_lock);
5748 error = zfsdev_state_init(filp);
5749 mutex_exit(&zfsdev_state_lock);
5750
5751 return (-error);
5752 }
5753
5754 static int
5755 zfsdev_release(struct inode *ino, struct file *filp)
5756 {
5757 int error;
5758
5759 mutex_enter(&zfsdev_state_lock);
5760 error = zfsdev_state_destroy(filp);
5761 mutex_exit(&zfsdev_state_lock);
5762
5763 return (-error);
5764 }
5765
5766 static long
5767 zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5768 {
5769 zfs_cmd_t *zc;
5770 uint_t vecnum;
5771 int error, rc, flag = 0;
5772 const zfs_ioc_vec_t *vec;
5773 char *saved_poolname = NULL;
5774 nvlist_t *innvl = NULL;
5775 fstrans_cookie_t cookie;
5776
5777 vecnum = cmd - ZFS_IOC_FIRST;
5778 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5779 return (-SET_ERROR(EINVAL));
5780 vec = &zfs_ioc_vec[vecnum];
5781
5782 /*
5783 * The registered ioctl list may be sparse, verify that either
5784 * a normal or legacy handler are registered.
5785 */
5786 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
5787 return (-SET_ERROR(EINVAL));
5788
5789 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
5790
5791 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag);
5792 if (error != 0) {
5793 error = SET_ERROR(EFAULT);
5794 goto out;
5795 }
5796
5797 zc->zc_iflags = flag & FKIOCTL;
5798 if (zc->zc_nvlist_src_size != 0) {
5799 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5800 zc->zc_iflags, &innvl);
5801 if (error != 0)
5802 goto out;
5803 }
5804
5805 /*
5806 * Ensure that all pool/dataset names are valid before we pass down to
5807 * the lower layers.
5808 */
5809 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5810 switch (vec->zvec_namecheck) {
5811 case POOL_NAME:
5812 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5813 error = SET_ERROR(EINVAL);
5814 else
5815 error = pool_status_check(zc->zc_name,
5816 vec->zvec_namecheck, vec->zvec_pool_check);
5817 break;
5818
5819 case DATASET_NAME:
5820 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5821 error = SET_ERROR(EINVAL);
5822 else
5823 error = pool_status_check(zc->zc_name,
5824 vec->zvec_namecheck, vec->zvec_pool_check);
5825 break;
5826
5827 case NO_NAME:
5828 break;
5829 }
5830
5831
5832 if (error == 0 && !(flag & FKIOCTL)) {
5833 cookie = spl_fstrans_mark();
5834 error = vec->zvec_secpolicy(zc, innvl, CRED());
5835 spl_fstrans_unmark(cookie);
5836 }
5837
5838 if (error != 0)
5839 goto out;
5840
5841 /* legacy ioctls can modify zc_name */
5842 saved_poolname = strdup(zc->zc_name);
5843 if (saved_poolname == NULL) {
5844 error = SET_ERROR(ENOMEM);
5845 goto out;
5846 } else {
5847 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
5848 }
5849
5850 if (vec->zvec_func != NULL) {
5851 nvlist_t *outnvl;
5852 int puterror = 0;
5853 spa_t *spa;
5854 nvlist_t *lognv = NULL;
5855
5856 ASSERT(vec->zvec_legacy_func == NULL);
5857
5858 /*
5859 * Add the innvl to the lognv before calling the func,
5860 * in case the func changes the innvl.
5861 */
5862 if (vec->zvec_allow_log) {
5863 lognv = fnvlist_alloc();
5864 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
5865 vec->zvec_name);
5866 if (!nvlist_empty(innvl)) {
5867 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
5868 innvl);
5869 }
5870 }
5871
5872 outnvl = fnvlist_alloc();
5873 cookie = spl_fstrans_mark();
5874 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
5875 spl_fstrans_unmark(cookie);
5876
5877 if (error == 0 && vec->zvec_allow_log &&
5878 spa_open(zc->zc_name, &spa, FTAG) == 0) {
5879 if (!nvlist_empty(outnvl)) {
5880 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL,
5881 outnvl);
5882 }
5883 (void) spa_history_log_nvl(spa, lognv);
5884 spa_close(spa, FTAG);
5885 }
5886 fnvlist_free(lognv);
5887
5888 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
5889 int smusherror = 0;
5890 if (vec->zvec_smush_outnvlist) {
5891 smusherror = nvlist_smush(outnvl,
5892 zc->zc_nvlist_dst_size);
5893 }
5894 if (smusherror == 0)
5895 puterror = put_nvlist(zc, outnvl);
5896 }
5897
5898 if (puterror != 0)
5899 error = puterror;
5900
5901 nvlist_free(outnvl);
5902 } else {
5903 cookie = spl_fstrans_mark();
5904 error = vec->zvec_legacy_func(zc);
5905 spl_fstrans_unmark(cookie);
5906 }
5907
5908 out:
5909 nvlist_free(innvl);
5910 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag);
5911 if (error == 0 && rc != 0)
5912 error = SET_ERROR(EFAULT);
5913 if (error == 0 && vec->zvec_allow_log) {
5914 char *s = tsd_get(zfs_allow_log_key);
5915 if (s != NULL)
5916 strfree(s);
5917 (void) tsd_set(zfs_allow_log_key, saved_poolname);
5918 } else {
5919 if (saved_poolname != NULL)
5920 strfree(saved_poolname);
5921 }
5922
5923 kmem_free(zc, sizeof (zfs_cmd_t));
5924 return (-error);
5925 }
5926
5927 #ifdef CONFIG_COMPAT
5928 static long
5929 zfsdev_compat_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
5930 {
5931 return (zfsdev_ioctl(filp, cmd, arg));
5932 }
5933 #else
5934 #define zfsdev_compat_ioctl NULL
5935 #endif
5936
5937 static const struct file_operations zfsdev_fops = {
5938 .open = zfsdev_open,
5939 .release = zfsdev_release,
5940 .unlocked_ioctl = zfsdev_ioctl,
5941 .compat_ioctl = zfsdev_compat_ioctl,
5942 .owner = THIS_MODULE,
5943 };
5944
5945 static struct miscdevice zfs_misc = {
5946 .minor = MISC_DYNAMIC_MINOR,
5947 .name = ZFS_DRIVER,
5948 .fops = &zfsdev_fops,
5949 };
5950
5951 static int
5952 zfs_attach(void)
5953 {
5954 int error;
5955
5956 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
5957 zfsdev_state_list = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
5958 zfsdev_state_list->zs_minor = -1;
5959
5960 error = misc_register(&zfs_misc);
5961 if (error != 0) {
5962 printk(KERN_INFO "ZFS: misc_register() failed %d\n", error);
5963 return (error);
5964 }
5965
5966 return (0);
5967 }
5968
5969 static void
5970 zfs_detach(void)
5971 {
5972 zfsdev_state_t *zs, *zsprev = NULL;
5973
5974 misc_deregister(&zfs_misc);
5975 mutex_destroy(&zfsdev_state_lock);
5976
5977 for (zs = zfsdev_state_list; zs != NULL; zs = zs->zs_next) {
5978 if (zsprev)
5979 kmem_free(zsprev, sizeof (zfsdev_state_t));
5980 zsprev = zs;
5981 }
5982 if (zsprev)
5983 kmem_free(zsprev, sizeof (zfsdev_state_t));
5984 }
5985
5986 static void
5987 zfs_allow_log_destroy(void *arg)
5988 {
5989 char *poolname = arg;
5990 strfree(poolname);
5991 }
5992
5993 #ifdef DEBUG
5994 #define ZFS_DEBUG_STR " (DEBUG mode)"
5995 #else
5996 #define ZFS_DEBUG_STR ""
5997 #endif
5998
5999 static int __init
6000 _init(void)
6001 {
6002 int error;
6003
6004 error = -vn_set_pwd("/");
6005 if (error) {
6006 printk(KERN_NOTICE
6007 "ZFS: Warning unable to set pwd to '/': %d\n", error);
6008 return (error);
6009 }
6010
6011 if ((error = -zvol_init()) != 0)
6012 return (error);
6013
6014 spa_init(FREAD | FWRITE);
6015 zfs_init();
6016
6017 zfs_ioctl_init();
6018
6019 if ((error = zfs_attach()) != 0)
6020 goto out;
6021
6022 tsd_create(&zfs_fsyncer_key, NULL);
6023 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
6024 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
6025
6026 printk(KERN_NOTICE "ZFS: Loaded module v%s-%s%s, "
6027 "ZFS pool version %s, ZFS filesystem version %s\n",
6028 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR,
6029 SPA_VERSION_STRING, ZPL_VERSION_STRING);
6030 #ifndef CONFIG_FS_POSIX_ACL
6031 printk(KERN_NOTICE "ZFS: Posix ACLs disabled by kernel\n");
6032 #endif /* CONFIG_FS_POSIX_ACL */
6033
6034 return (0);
6035
6036 out:
6037 zfs_fini();
6038 spa_fini();
6039 (void) zvol_fini();
6040 printk(KERN_NOTICE "ZFS: Failed to Load ZFS Filesystem v%s-%s%s"
6041 ", rc = %d\n", ZFS_META_VERSION, ZFS_META_RELEASE,
6042 ZFS_DEBUG_STR, error);
6043
6044 return (error);
6045 }
6046
6047 static void __exit
6048 _fini(void)
6049 {
6050 zfs_detach();
6051 zfs_fini();
6052 spa_fini();
6053 zvol_fini();
6054
6055 tsd_destroy(&zfs_fsyncer_key);
6056 tsd_destroy(&rrw_tsd_key);
6057 tsd_destroy(&zfs_allow_log_key);
6058
6059 printk(KERN_NOTICE "ZFS: Unloaded module v%s-%s%s\n",
6060 ZFS_META_VERSION, ZFS_META_RELEASE, ZFS_DEBUG_STR);
6061 }
6062
6063 #ifdef HAVE_SPL
6064 module_init(_init);
6065 module_exit(_fini);
6066
6067 MODULE_DESCRIPTION("ZFS");
6068 MODULE_AUTHOR(ZFS_META_AUTHOR);
6069 MODULE_LICENSE(ZFS_META_LICENSE);
6070 MODULE_VERSION(ZFS_META_VERSION "-" ZFS_META_RELEASE);
6071 #endif /* HAVE_SPL */
ZFS On Linux mirror for PVE