1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2011-2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
24 * All rights reserved.
25 * Portions Copyright 2011 Martin Matuska <mm@FreeBSD.org>
26 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
27 * Copyright (c) 2012 by Delphix. All rights reserved.
28 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
29 */
30
31#include <sys/types.h>
32#include <sys/param.h>
33#include <sys/systm.h>
34#include <sys/conf.h>
35#include <sys/kernel.h>
36#include <sys/lock.h>
37#include <sys/malloc.h>
38#include <sys/mutex.h>
39#include <sys/proc.h>
40#include <sys/errno.h>
41#include <sys/uio.h>
42#include <sys/buf.h>
43#include <sys/file.h>
44#include <sys/kmem.h>
45#include <sys/conf.h>
46#include <sys/cmn_err.h>
47#include <sys/stat.h>
48#include <sys/zfs_ioctl.h>
49#include <sys/zfs_vfsops.h>
50#include <sys/zfs_znode.h>
51#include <sys/zap.h>
52#include <sys/spa.h>
53#include <sys/spa_impl.h>
54#include <sys/vdev.h>
55#include <sys/dmu.h>
56#include <sys/dsl_dir.h>
57#include <sys/dsl_dataset.h>
58#include <sys/dsl_prop.h>
59#include <sys/dsl_deleg.h>
60#include <sys/dmu_objset.h>
61#include <sys/dmu_impl.h>
62#include <sys/sunddi.h>
63#include <sys/policy.h>
64#include <sys/zone.h>
65#include <sys/nvpair.h>
66#include <sys/mount.h>
67#include <sys/taskqueue.h>
68#include <sys/sdt.h>
69#include <sys/varargs.h>
70#include <sys/fs/zfs.h>
71#include <sys/zfs_ctldir.h>
72#include <sys/zfs_dir.h>
73#include <sys/zfs_onexit.h>
74#include <sys/zvol.h>
75#include <sys/dsl_scan.h>
76#include <sys/dmu_objset.h>
77
78#include "zfs_namecheck.h"
79#include "zfs_prop.h"
80#include "zfs_deleg.h"
81#include "zfs_comutil.h"
82#include "zfs_ioctl_compat.h"
83
84CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX);
85
86static int snapshot_list_prefetch;
87SYSCTL_DECL(_vfs_zfs);
88TUNABLE_INT("vfs.zfs.snapshot_list_prefetch", &snapshot_list_prefetch);
89SYSCTL_INT(_vfs_zfs, OID_AUTO, snapshot_list_prefetch, CTLFLAG_RW,
90 &snapshot_list_prefetch, 0, "Prefetch data when listing snapshots");
91
92static struct cdev *zfsdev;
93
94extern void zfs_init(void);
95extern void zfs_fini(void);
96
97typedef int zfs_ioc_func_t(zfs_cmd_t *);
98typedef int zfs_secpolicy_func_t(zfs_cmd_t *, cred_t *);
99
100typedef enum {
101 NO_NAME,
102 POOL_NAME,
103 DATASET_NAME
104} zfs_ioc_namecheck_t;
105
106typedef struct zfs_ioc_vec {
107 zfs_ioc_func_t *zvec_func;
108 zfs_secpolicy_func_t *zvec_secpolicy;
109 zfs_ioc_namecheck_t zvec_namecheck;
110 boolean_t zvec_his_log;
111 boolean_t zvec_pool_check;
112} zfs_ioc_vec_t;
113
114/* This array is indexed by zfs_userquota_prop_t */
115static const char *userquota_perms[] = {
116 ZFS_DELEG_PERM_USERUSED,
117 ZFS_DELEG_PERM_USERQUOTA,
118 ZFS_DELEG_PERM_GROUPUSED,
119 ZFS_DELEG_PERM_GROUPQUOTA,
120};
121
122static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
123static int zfs_check_settable(const char *name, nvpair_t *property,
124 cred_t *cr);
125static int zfs_check_clearable(char *dataset, nvlist_t *props,
126 nvlist_t **errors);
127static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
128 boolean_t *);
129int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t **);
130
131static void zfsdev_close(void *data);
132
133/* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */
134void
135__dprintf(const char *file, const char *func, int line, const char *fmt, ...)
136{
137 const char *newfile;
138 char buf[512];
139 va_list adx;
140
141 /*
142 * Get rid of annoying "../common/" prefix to filename.
143 */
144 newfile = strrchr(file, '/');
145 if (newfile != NULL) {
146 newfile = newfile + 1; /* Get rid of leading / */
147 } else {
148 newfile = file;
149 }
150
151 va_start(adx, fmt);
152 (void) vsnprintf(buf, sizeof (buf), fmt, adx);
153 va_end(adx);
154
155 /*
156 * To get this data, use the zfs-dprintf probe as so:
157 * dtrace -q -n 'zfs-dprintf \
158 * /stringof(arg0) == "dbuf.c"/ \
159 * {printf("%s: %s", stringof(arg1), stringof(arg3))}'
160 * arg0 = file name
161 * arg1 = function name
162 * arg2 = line number
163 * arg3 = message
164 */
165 DTRACE_PROBE4(zfs__dprintf,
166 char *, newfile, char *, func, int, line, char *, buf);
167}
168
169static void
170history_str_free(char *buf)
171{
172 kmem_free(buf, HIS_MAX_RECORD_LEN);
173}
174
175static char *
176history_str_get(zfs_cmd_t *zc)
177{
178 char *buf;
179
180 if (zc->zc_history == 0)
181 return (NULL);
182
183 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
184 if (copyinstr((void *)(uintptr_t)zc->zc_history,
185 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
186 history_str_free(buf);
187 return (NULL);
188 }
189
190 buf[HIS_MAX_RECORD_LEN -1] = '\0';
191
192 return (buf);
193}
194
195/*
196 * Check to see if the named dataset is currently defined as bootable
197 */
198static boolean_t
199zfs_is_bootfs(const char *name)
200{
201 objset_t *os;
202
203 if (dmu_objset_hold(name, FTAG, &os) == 0) {
204 boolean_t ret;
205 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os)));
206 dmu_objset_rele(os, FTAG);
207 return (ret);
208 }
209 return (B_FALSE);
210}
211
212/*
213 * zfs_earlier_version
214 *
215 * Return non-zero if the spa version is less than requested version.
216 */
217static int
218zfs_earlier_version(const char *name, int version)
219{
220 spa_t *spa;
221
222 if (spa_open(name, &spa, FTAG) == 0) {
223 if (spa_version(spa) < version) {
224 spa_close(spa, FTAG);
225 return (1);
226 }
227 spa_close(spa, FTAG);
228 }
229 return (0);
230}
231
232/*
233 * zpl_earlier_version
234 *
235 * Return TRUE if the ZPL version is less than requested version.
236 */
237static boolean_t
238zpl_earlier_version(const char *name, int version)
239{
240 objset_t *os;
241 boolean_t rc = B_TRUE;
242
243 if (dmu_objset_hold(name, FTAG, &os) == 0) {
244 uint64_t zplversion;
245
246 if (dmu_objset_type(os) != DMU_OST_ZFS) {
247 dmu_objset_rele(os, FTAG);
248 return (B_TRUE);
249 }
250 /* XXX reading from non-owned objset */
251 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
252 rc = zplversion < version;
253 dmu_objset_rele(os, FTAG);
254 }
255 return (rc);
256}
257
258static void
259zfs_log_history(zfs_cmd_t *zc)
260{
261 spa_t *spa;
262 char *buf;
263
264 if ((buf = history_str_get(zc)) == NULL)
265 return;
266
267 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
268 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
269 (void) spa_history_log(spa, buf, LOG_CMD_NORMAL);
270 spa_close(spa, FTAG);
271 }
272 history_str_free(buf);
273}
274
275/*
276 * Policy for top-level read operations (list pools). Requires no privileges,
277 * and can be used in the local zone, as there is no associated dataset.
278 */
279/* ARGSUSED */
280static int
281zfs_secpolicy_none(zfs_cmd_t *zc, cred_t *cr)
282{
283 return (0);
284}
285
286/*
287 * Policy for dataset read operations (list children, get statistics). Requires
288 * no privileges, but must be visible in the local zone.
289 */
290/* ARGSUSED */
291static int
292zfs_secpolicy_read(zfs_cmd_t *zc, cred_t *cr)
293{
294 if (INGLOBALZONE(curthread) ||
295 zone_dataset_visible(zc->zc_name, NULL))
296 return (0);
297
298 return (ENOENT);
299}
300
301static int
302zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
303{
304 int writable = 1;
305
306 /*
307 * The dataset must be visible by this zone -- check this first
308 * so they don't see EPERM on something they shouldn't know about.
309 */
310 if (!INGLOBALZONE(curthread) &&
311 !zone_dataset_visible(dataset, &writable))
312 return (ENOENT);
313
314 if (INGLOBALZONE(curthread)) {
315 /*
316 * If the fs is zoned, only root can access it from the
317 * global zone.
318 */
319 if (secpolicy_zfs(cr) && zoned)
320 return (EPERM);
321 } else {
322 /*
323 * If we are in a local zone, the 'zoned' property must be set.
324 */
325 if (!zoned)
326 return (EPERM);
327
328 /* must be writable by this zone */
329 if (!writable)
330 return (EPERM);
331 }
332 return (0);
333}
334
335static int
336zfs_dozonecheck(const char *dataset, cred_t *cr)
337{
338 uint64_t zoned;
339
340 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL))
341 return (ENOENT);
342
343 return (zfs_dozonecheck_impl(dataset, zoned, cr));
344}
345
346static int
347zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
348{
349 uint64_t zoned;
350
351 rw_enter(&ds->ds_dir->dd_pool->dp_config_rwlock, RW_READER);
352 if (dsl_prop_get_ds(ds, "jailed", 8, 1, &zoned, NULL)) {
353 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
354 return (ENOENT);
355 }
356 rw_exit(&ds->ds_dir->dd_pool->dp_config_rwlock);
357
358 return (zfs_dozonecheck_impl(dataset, zoned, cr));
359}
360
361/*
362 * If name ends in a '@', then require recursive permissions.
363 */
364int
365zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
366{
367 int error;
368 boolean_t descendent = B_FALSE;
369 dsl_dataset_t *ds;
370 char *at;
371
372 at = strchr(name, '@');
373 if (at != NULL && at[1] == '\0') {
374 *at = '\0';
375 descendent = B_TRUE;
376 }
377
378 error = dsl_dataset_hold(name, FTAG, &ds);
379 if (at != NULL)
380 *at = '@';
381 if (error != 0)
382 return (error);
383
384 error = zfs_dozonecheck_ds(name, ds, cr);
385 if (error == 0) {
386 error = secpolicy_zfs(cr);
387 if (error)
388 error = dsl_deleg_access_impl(ds, descendent, perm, cr);
389 }
390
391 dsl_dataset_rele(ds, FTAG);
392 return (error);
393}
394
395int
396zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
397 const char *perm, cred_t *cr)
398{
399 int error;
400
401 error = zfs_dozonecheck_ds(name, ds, cr);
402 if (error == 0) {
403 error = secpolicy_zfs(cr);
404 if (error)
405 error = dsl_deleg_access_impl(ds, B_FALSE, perm, cr);
406 }
407 return (error);
408}
409
410#ifdef SECLABEL
411/*
412 * Policy for setting the security label property.
413 *
414 * Returns 0 for success, non-zero for access and other errors.
415 */
416static int
417zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
418{
419 char ds_hexsl[MAXNAMELEN];
420 bslabel_t ds_sl, new_sl;
421 boolean_t new_default = FALSE;
422 uint64_t zoned;
423 int needed_priv = -1;
424 int error;
425
426 /* First get the existing dataset label. */
427 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
428 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
429 if (error)
430 return (EPERM);
431
432 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
433 new_default = TRUE;
434
435 /* The label must be translatable */
436 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
437 return (EINVAL);
438
439 /*
440 * In a non-global zone, disallow attempts to set a label that
441 * doesn't match that of the zone; otherwise no other checks
442 * are needed.
443 */
444 if (!INGLOBALZONE(curproc)) {
445 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
446 return (EPERM);
447 return (0);
448 }
449
450 /*
451 * For global-zone datasets (i.e., those whose zoned property is
452 * "off", verify that the specified new label is valid for the
453 * global zone.
454 */
455 if (dsl_prop_get_integer(name,
456 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
457 return (EPERM);
458 if (!zoned) {
459 if (zfs_check_global_label(name, strval) != 0)
460 return (EPERM);
461 }
462
463 /*
464 * If the existing dataset label is nondefault, check if the
465 * dataset is mounted (label cannot be changed while mounted).
466 * Get the zfsvfs; if there isn't one, then the dataset isn't
467 * mounted (or isn't a dataset, doesn't exist, ...).
468 */
469 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
470 objset_t *os;
471 static char *setsl_tag = "setsl_tag";
472
473 /*
474 * Try to own the dataset; abort if there is any error,
475 * (e.g., already mounted, in use, or other error).
476 */
477 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE,
478 setsl_tag, &os);
479 if (error)
480 return (EPERM);
481
482 dmu_objset_disown(os, setsl_tag);
483
484 if (new_default) {
485 needed_priv = PRIV_FILE_DOWNGRADE_SL;
486 goto out_check;
487 }
488
489 if (hexstr_to_label(strval, &new_sl) != 0)
490 return (EPERM);
491
492 if (blstrictdom(&ds_sl, &new_sl))
493 needed_priv = PRIV_FILE_DOWNGRADE_SL;
494 else if (blstrictdom(&new_sl, &ds_sl))
495 needed_priv = PRIV_FILE_UPGRADE_SL;
496 } else {
497 /* dataset currently has a default label */
498 if (!new_default)
499 needed_priv = PRIV_FILE_UPGRADE_SL;
500 }
501
502out_check:
503 if (needed_priv != -1)
504 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
505 return (0);
506}
507#endif /* SECLABEL */
508
509static int
510zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
511 cred_t *cr)
512{
513 char *strval;
514
515 /*
516 * Check permissions for special properties.
517 */
518 switch (prop) {
519 case ZFS_PROP_ZONED:
520 /*
521 * Disallow setting of 'zoned' from within a local zone.
522 */
523 if (!INGLOBALZONE(curthread))
524 return (EPERM);
525 break;
526
527 case ZFS_PROP_QUOTA:
528 if (!INGLOBALZONE(curthread)) {
529 uint64_t zoned;
530 char setpoint[MAXNAMELEN];
531 /*
532 * Unprivileged users are allowed to modify the
533 * quota on things *under* (ie. contained by)
534 * the thing they own.
535 */
536 if (dsl_prop_get_integer(dsname, "jailed", &zoned,
537 setpoint))
538 return (EPERM);
539 if (!zoned || strlen(dsname) <= strlen(setpoint))
540 return (EPERM);
541 }
542 break;
543
544 case ZFS_PROP_MLSLABEL:
545#ifdef SECLABEL
546 if (!is_system_labeled())
547 return (EPERM);
548
549 if (nvpair_value_string(propval, &strval) == 0) {
550 int err;
551
552 err = zfs_set_slabel_policy(dsname, strval, CRED());
553 if (err != 0)
554 return (err);
555 }
556#else
557 return (EOPNOTSUPP);
558#endif
559 break;
560 }
561
562 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
563}
564
565int
566zfs_secpolicy_fsacl(zfs_cmd_t *zc, cred_t *cr)
567{
568 int error;
569
570 error = zfs_dozonecheck(zc->zc_name, cr);
571 if (error)
572 return (error);
573
574 /*
575 * permission to set permissions will be evaluated later in
576 * dsl_deleg_can_allow()
577 */
578 return (0);
579}
580
581int
582zfs_secpolicy_rollback(zfs_cmd_t *zc, cred_t *cr)
583{
584 return (zfs_secpolicy_write_perms(zc->zc_name,
585 ZFS_DELEG_PERM_ROLLBACK, cr));
586}
587
588int
589zfs_secpolicy_send(zfs_cmd_t *zc, cred_t *cr)
590{
591 spa_t *spa;
592 dsl_pool_t *dp;
593 dsl_dataset_t *ds;
594 char *cp;
595 int error;
596
597 /*
598 * Generate the current snapshot name from the given objsetid, then
599 * use that name for the secpolicy/zone checks.
600 */
601 cp = strchr(zc->zc_name, '@');
602 if (cp == NULL)
603 return (EINVAL);
604 error = spa_open(zc->zc_name, &spa, FTAG);
605 if (error)
606 return (error);
607
608 dp = spa_get_dsl(spa);
609 rw_enter(&dp->dp_config_rwlock, RW_READER);
610 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
611 rw_exit(&dp->dp_config_rwlock);
612 spa_close(spa, FTAG);
613 if (error)
614 return (error);
615
616 dsl_dataset_name(ds, zc->zc_name);
617
618 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
619 ZFS_DELEG_PERM_SEND, cr);
620 dsl_dataset_rele(ds, FTAG);
621
622 return (error);
623}
624
625static int
626zfs_secpolicy_deleg_share(zfs_cmd_t *zc, cred_t *cr)
627{
628 vnode_t *vp;
629 int error;
630
631 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
632 NO_FOLLOW, NULL, &vp)) != 0)
633 return (error);
634
635 /* Now make sure mntpnt and dataset are ZFS */
636
637 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
638 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
639 zc->zc_name) != 0)) {
640 VN_RELE(vp);
641 return (EPERM);
642 }
643
644 VN_RELE(vp);
645 return (dsl_deleg_access(zc->zc_name,
646 ZFS_DELEG_PERM_SHARE, cr));
647}
648
649int
650zfs_secpolicy_share(zfs_cmd_t *zc, cred_t *cr)
651{
652 if (!INGLOBALZONE(curthread))
653 return (EPERM);
654
655 if (secpolicy_nfs(cr) == 0) {
656 return (0);
657 } else {
658 return (zfs_secpolicy_deleg_share(zc, cr));
659 }
660}
661
662int
663zfs_secpolicy_smb_acl(zfs_cmd_t *zc, cred_t *cr)
664{
665 if (!INGLOBALZONE(curthread))
666 return (EPERM);
667
668 if (secpolicy_smb(cr) == 0) {
669 return (0);
670 } else {
671 return (zfs_secpolicy_deleg_share(zc, cr));
672 }
673}
674
675static int
676zfs_get_parent(const char *datasetname, char *parent, int parentsize)
677{
678 char *cp;
679
680 /*
681 * Remove the @bla or /bla from the end of the name to get the parent.
682 */
683 (void) strncpy(parent, datasetname, parentsize);
684 cp = strrchr(parent, '@');
685 if (cp != NULL) {
686 cp[0] = '\0';
687 } else {
688 cp = strrchr(parent, '/');
689 if (cp == NULL)
690 return (ENOENT);
691 cp[0] = '\0';
692 }
693
694 return (0);
695}
696
697int
698zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
699{
700 int error;
701
702 if ((error = zfs_secpolicy_write_perms(name,
703 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
704 return (error);
705
706 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
707}
708
709static int
710zfs_secpolicy_destroy(zfs_cmd_t *zc, cred_t *cr)
711{
712 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
713}
714
715/*
716 * Destroying snapshots with delegated permissions requires
717 * descendent mount and destroy permissions.
718 */
719static int
720zfs_secpolicy_destroy_recursive(zfs_cmd_t *zc, cred_t *cr)
721{
722 int error;
723 char *dsname;
724
725 dsname = kmem_asprintf("%s@", zc->zc_name);
726
727 error = zfs_secpolicy_destroy_perms(dsname, cr);
728
729 if (error == ENOENT)
730 error = zfs_secpolicy_destroy_perms(zc->zc_name, cr);
731
732 strfree(dsname);
733 return (error);
734}
735
736int
737zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
738{
739 char parentname[MAXNAMELEN];
740 int error;
741
742 if ((error = zfs_secpolicy_write_perms(from,
743 ZFS_DELEG_PERM_RENAME, cr)) != 0)
744 return (error);
745
746 if ((error = zfs_secpolicy_write_perms(from,
747 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
748 return (error);
749
750 if ((error = zfs_get_parent(to, parentname,
751 sizeof (parentname))) != 0)
752 return (error);
753
754 if ((error = zfs_secpolicy_write_perms(parentname,
755 ZFS_DELEG_PERM_CREATE, cr)) != 0)
756 return (error);
757
758 if ((error = zfs_secpolicy_write_perms(parentname,
759 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
760 return (error);
761
762 return (error);
763}
764
765static int
766zfs_secpolicy_rename(zfs_cmd_t *zc, cred_t *cr)
767{
768 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
769}
770
771static int
772zfs_secpolicy_promote(zfs_cmd_t *zc, cred_t *cr)
773{
774 char parentname[MAXNAMELEN];
775 objset_t *clone;
776 int error;
777
778 error = zfs_secpolicy_write_perms(zc->zc_name,
779 ZFS_DELEG_PERM_PROMOTE, cr);
780 if (error)
781 return (error);
782
783 error = dmu_objset_hold(zc->zc_name, FTAG, &clone);
784
785 if (error == 0) {
786 dsl_dataset_t *pclone = NULL;
787 dsl_dir_t *dd;
788 dd = clone->os_dsl_dataset->ds_dir;
789
790 rw_enter(&dd->dd_pool->dp_config_rwlock, RW_READER);
791 error = dsl_dataset_hold_obj(dd->dd_pool,
792 dd->dd_phys->dd_origin_obj, FTAG, &pclone);
793 rw_exit(&dd->dd_pool->dp_config_rwlock);
794 if (error) {
795 dmu_objset_rele(clone, FTAG);
796 return (error);
797 }
798
799 error = zfs_secpolicy_write_perms(zc->zc_name,
800 ZFS_DELEG_PERM_MOUNT, cr);
801
802 dsl_dataset_name(pclone, parentname);
803 dmu_objset_rele(clone, FTAG);
804 dsl_dataset_rele(pclone, FTAG);
805 if (error == 0)
806 error = zfs_secpolicy_write_perms(parentname,
807 ZFS_DELEG_PERM_PROMOTE, cr);
808 }
809 return (error);
810}
811
812static int
813zfs_secpolicy_receive(zfs_cmd_t *zc, cred_t *cr)
814{
815 int error;
816
817 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
818 ZFS_DELEG_PERM_RECEIVE, cr)) != 0)
819 return (error);
820
821 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
822 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
823 return (error);
824
825 return (zfs_secpolicy_write_perms(zc->zc_name,
826 ZFS_DELEG_PERM_CREATE, cr));
827}
828
829int
830zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
831{
832 return (zfs_secpolicy_write_perms(name,
833 ZFS_DELEG_PERM_SNAPSHOT, cr));
834}
835
836static int
837zfs_secpolicy_snapshot(zfs_cmd_t *zc, cred_t *cr)
838{
839
840 return (zfs_secpolicy_snapshot_perms(zc->zc_name, cr));
841}
842
843static int
844zfs_secpolicy_create(zfs_cmd_t *zc, cred_t *cr)
845{
846 char parentname[MAXNAMELEN];
847 int error;
848
849 if ((error = zfs_get_parent(zc->zc_name, parentname,
850 sizeof (parentname))) != 0)
851 return (error);
852
853 if (zc->zc_value[0] != '\0') {
854 if ((error = zfs_secpolicy_write_perms(zc->zc_value,
855 ZFS_DELEG_PERM_CLONE, cr)) != 0)
856 return (error);
857 }
858
859 if ((error = zfs_secpolicy_write_perms(parentname,
860 ZFS_DELEG_PERM_CREATE, cr)) != 0)
861 return (error);
862
863 error = zfs_secpolicy_write_perms(parentname,
864 ZFS_DELEG_PERM_MOUNT, cr);
865
866 return (error);
867}
868
869static int
870zfs_secpolicy_umount(zfs_cmd_t *zc, cred_t *cr)
871{
872 int error;
873
874 error = secpolicy_fs_unmount(cr, NULL);
875 if (error) {
876 error = dsl_deleg_access(zc->zc_name, ZFS_DELEG_PERM_MOUNT, cr);
877 }
878 return (error);
879}
880
881/*
882 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
883 * SYS_CONFIG privilege, which is not available in a local zone.
884 */
885/* ARGSUSED */
886static int
887zfs_secpolicy_config(zfs_cmd_t *zc, cred_t *cr)
888{
889 if (secpolicy_sys_config(cr, B_FALSE) != 0)
890 return (EPERM);
891
892 return (0);
893}
894
895/*
896 * Policy for object to name lookups.
897 */
898/* ARGSUSED */
899static int
900zfs_secpolicy_diff(zfs_cmd_t *zc, cred_t *cr)
901{
902 int error;
903
904 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0)
905 return (0);
906
907 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
908 return (error);
909}
910
911/*
912 * Policy for fault injection. Requires all privileges.
913 */
914/* ARGSUSED */
915static int
916zfs_secpolicy_inject(zfs_cmd_t *zc, cred_t *cr)
917{
918 return (secpolicy_zinject(cr));
919}
920
921static int
922zfs_secpolicy_inherit(zfs_cmd_t *zc, cred_t *cr)
923{
924 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
925
926 if (prop == ZPROP_INVAL) {
927 if (!zfs_prop_user(zc->zc_value))
928 return (EINVAL);
929 return (zfs_secpolicy_write_perms(zc->zc_name,
930 ZFS_DELEG_PERM_USERPROP, cr));
931 } else {
932 return (zfs_secpolicy_setprop(zc->zc_name, prop,
933 NULL, cr));
934 }
935}
936
937static int
938zfs_secpolicy_userspace_one(zfs_cmd_t *zc, cred_t *cr)
939{
940 int err = zfs_secpolicy_read(zc, cr);
941 if (err)
942 return (err);
943
944 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
945 return (EINVAL);
946
947 if (zc->zc_value[0] == 0) {
948 /*
949 * They are asking about a posix uid/gid. If it's
950 * themself, allow it.
951 */
952 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
953 zc->zc_objset_type == ZFS_PROP_USERQUOTA) {
954 if (zc->zc_guid == crgetuid(cr))
955 return (0);
956 } else {
957 if (groupmember(zc->zc_guid, cr))
958 return (0);
959 }
960 }
961
962 return (zfs_secpolicy_write_perms(zc->zc_name,
963 userquota_perms[zc->zc_objset_type], cr));
964}
965
966static int
967zfs_secpolicy_userspace_many(zfs_cmd_t *zc, cred_t *cr)
968{
969 int err = zfs_secpolicy_read(zc, cr);
970 if (err)
971 return (err);
972
973 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
974 return (EINVAL);
975
976 return (zfs_secpolicy_write_perms(zc->zc_name,
977 userquota_perms[zc->zc_objset_type], cr));
978}
979
980static int
981zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, cred_t *cr)
982{
983 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
984 NULL, cr));
985}
986
987static int
988zfs_secpolicy_hold(zfs_cmd_t *zc, cred_t *cr)
989{
990 return (zfs_secpolicy_write_perms(zc->zc_name,
991 ZFS_DELEG_PERM_HOLD, cr));
992}
993
994static int
995zfs_secpolicy_release(zfs_cmd_t *zc, cred_t *cr)
996{
997 return (zfs_secpolicy_write_perms(zc->zc_name,
998 ZFS_DELEG_PERM_RELEASE, cr));
999}
1000
1001/*
1002 * Policy for allowing temporary snapshots to be taken or released
1003 */
1004static int
1005zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, cred_t *cr)
1006{
1007 /*
1008 * A temporary snapshot is the same as a snapshot,
1009 * hold, destroy and release all rolled into one.
1010 * Delegated diff alone is sufficient that we allow this.
1011 */
1012 int error;
1013
1014 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
1015 ZFS_DELEG_PERM_DIFF, cr)) == 0)
1016 return (0);
1017
1018 error = zfs_secpolicy_snapshot(zc, cr);
1019 if (!error)
1020 error = zfs_secpolicy_hold(zc, cr);
1021 if (!error)
1022 error = zfs_secpolicy_release(zc, cr);
1023 if (!error)
1024 error = zfs_secpolicy_destroy(zc, cr);
1025 return (error);
1026}
1027
1028/*
1029 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1030 */
1031static int
1032get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1033{
1034 char *packed;
1035 int error;
1036 nvlist_t *list = NULL;
1037
1038 /*
1039 * Read in and unpack the user-supplied nvlist.
1040 */
1041 if (size == 0)
1042 return (EINVAL);
1043
1044 packed = kmem_alloc(size, KM_SLEEP);
1045
1046 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size,
1047 iflag)) != 0) {
1048 kmem_free(packed, size);
1049 return (error);
1050 }
1051
1052 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1053 kmem_free(packed, size);
1054 return (error);
1055 }
1056
1057 kmem_free(packed, size);
1058
1059 *nvp = list;
1060 return (0);
1061}
1062
1063static int
1064fit_error_list(zfs_cmd_t *zc, nvlist_t **errors)
1065{
1066 size_t size;
1067
1068 VERIFY(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1069
1070 if (size > zc->zc_nvlist_dst_size) {
1071 nvpair_t *more_errors;
1072 int n = 0;
1073
1074 if (zc->zc_nvlist_dst_size < 1024)
1075 return (ENOMEM);
1076
1077 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, 0) == 0);
1078 more_errors = nvlist_prev_nvpair(*errors, NULL);
1079
1080 do {
1081 nvpair_t *pair = nvlist_prev_nvpair(*errors,
1082 more_errors);
1083 VERIFY(nvlist_remove_nvpair(*errors, pair) == 0);
1084 n++;
1085 VERIFY(nvlist_size(*errors, &size,
1086 NV_ENCODE_NATIVE) == 0);
1087 } while (size > zc->zc_nvlist_dst_size);
1088
1089 VERIFY(nvlist_remove_nvpair(*errors, more_errors) == 0);
1090 VERIFY(nvlist_add_int32(*errors, ZPROP_N_MORE_ERRORS, n) == 0);
1091 ASSERT(nvlist_size(*errors, &size, NV_ENCODE_NATIVE) == 0);
1092 ASSERT(size <= zc->zc_nvlist_dst_size);
1093 }
1094
1095 return (0);
1096}
1097
1098static int
1099put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1100{
1101 char *packed = NULL;
1102 int error = 0;
1103 size_t size;
1104
1105 VERIFY(nvlist_size(nvl, &size, NV_ENCODE_NATIVE) == 0);
1106
1107 if (size > zc->zc_nvlist_dst_size) {
1108 /*
1109 * Solaris returns ENOMEM here, because even if an error is
1110 * returned from an ioctl(2), new zc_nvlist_dst_size will be
1111 * passed to the userland. This is not the case for FreeBSD.
1112 * We need to return 0, so the kernel will copy the
1113 * zc_nvlist_dst_size back and the userland can discover that a
1114 * bigger buffer is needed.
1115 */
1116 error = 0;
1117 } else {
1118 packed = kmem_alloc(size, KM_SLEEP);
1119 VERIFY(nvlist_pack(nvl, &packed, &size, NV_ENCODE_NATIVE,
1120 KM_SLEEP) == 0);
1121 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1122 size, zc->zc_iflags) != 0)
1123 error = EFAULT;
1124 kmem_free(packed, size);
1125 }
1126
1127 zc->zc_nvlist_dst_size = size;
1128 return (error);
1129}
1130
1131static int
1132getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1133{
1134 objset_t *os;
1135 int error;
1136
1137 error = dmu_objset_hold(dsname, FTAG, &os);
1138 if (error)
1139 return (error);
1140 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1141 dmu_objset_rele(os, FTAG);
1142 return (EINVAL);
1143 }
1144
1145 mutex_enter(&os->os_user_ptr_lock);
1146 *zfvp = dmu_objset_get_user(os);
1147 if (*zfvp) {
1148 VFS_HOLD((*zfvp)->z_vfs);
1149 } else {
1150 error = ESRCH;
1151 }
1152 mutex_exit(&os->os_user_ptr_lock);
1153 dmu_objset_rele(os, FTAG);
1154 return (error);
1155}
1156
1157/*
1158 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1159 * case its z_vfs will be NULL, and it will be opened as the owner.
1160 */
1161static int
1162zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer)
1163{
1164 int error = 0;
1165
1166 if (getzfsvfs(name, zfvp) != 0)
1167 error = zfsvfs_create(name, zfvp);
1168 if (error == 0) {
1169 rrw_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER :
1170 RW_READER, tag);
1171 if ((*zfvp)->z_unmounted) {
1172 /*
1173 * XXX we could probably try again, since the unmounting
1174 * thread should be just about to disassociate the
1175 * objset from the zfsvfs.
1176 */
1177 rrw_exit(&(*zfvp)->z_teardown_lock, tag);
1178 return (EBUSY);
1179 }
1180 }
1181 return (error);
1182}
1183
1184static void
1185zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag)
1186{
1187 rrw_exit(&zfsvfs->z_teardown_lock, tag);
1188
1189 if (zfsvfs->z_vfs) {
1190 VFS_RELE(zfsvfs->z_vfs);
1191 } else {
1192 dmu_objset_disown(zfsvfs->z_os, zfsvfs);
1193 zfsvfs_free(zfsvfs);
1194 }
1195}
1196
1197static int
1198zfs_ioc_pool_create(zfs_cmd_t *zc)
1199{
1200 int error;
1201 nvlist_t *config, *props = NULL;
1202 nvlist_t *rootprops = NULL;
1203 nvlist_t *zplprops = NULL;
1204 char *buf;
1205
1206 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1207 zc->zc_iflags, &config))
1208 return (error);
1209
1210 if (zc->zc_nvlist_src_size != 0 && (error =
1211 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1212 zc->zc_iflags, &props))) {
1213 nvlist_free(config);
1214 return (error);
1215 }
1216
1217 if (props) {
1218 nvlist_t *nvl = NULL;
1219 uint64_t version = SPA_VERSION;
1220
1221 (void) nvlist_lookup_uint64(props,
1222 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1223 if (version < SPA_VERSION_INITIAL || version > SPA_VERSION) {
1224 error = EINVAL;
1225 goto pool_props_bad;
1226 }
1227 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1228 if (nvl) {
1229 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1230 if (error != 0) {
1231 nvlist_free(config);
1232 nvlist_free(props);
1233 return (error);
1234 }
1235 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1236 }
1237 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1238 error = zfs_fill_zplprops_root(version, rootprops,
1239 zplprops, NULL);
1240 if (error)
1241 goto pool_props_bad;
1242 }
1243
1244 buf = history_str_get(zc);
1245
1246 error = spa_create(zc->zc_name, config, props, buf, zplprops);
1247
1248 /*
1249 * Set the remaining root properties
1250 */
1251 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name,
1252 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0)
1253 (void) spa_destroy(zc->zc_name);
1254
1255 if (buf != NULL)
1256 history_str_free(buf);
1257
1258pool_props_bad:
1259 nvlist_free(rootprops);
1260 nvlist_free(zplprops);
1261 nvlist_free(config);
1262 nvlist_free(props);
1263
1264 return (error);
1265}
1266
1267static int
1268zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1269{
1270 int error;
1271 zfs_log_history(zc);
1272 error = spa_destroy(zc->zc_name);
1273 if (error == 0)
1274 zvol_remove_minors(zc->zc_name);
1275 return (error);
1276}
1277
1278static int
1279zfs_ioc_pool_import(zfs_cmd_t *zc)
1280{
1281 nvlist_t *config, *props = NULL;
1282 uint64_t guid;
1283 int error;
1284
1285 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1286 zc->zc_iflags, &config)) != 0)
1287 return (error);
1288
1289 if (zc->zc_nvlist_src_size != 0 && (error =
1290 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1291 zc->zc_iflags, &props))) {
1292 nvlist_free(config);
1293 return (error);
1294 }
1295
1296 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1297 guid != zc->zc_guid)
1298 error = EINVAL;
1299 else
1300 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1301
1302 if (zc->zc_nvlist_dst != 0) {
1303 int err;
1304
1305 if ((err = put_nvlist(zc, config)) != 0)
1306 error = err;
1307 }
1308
1309 nvlist_free(config);
1310
1311 if (props)
1312 nvlist_free(props);
1313
1314 return (error);
1315}
1316
1317static int
1318zfs_ioc_pool_export(zfs_cmd_t *zc)
1319{
1320 int error;
1321 boolean_t force = (boolean_t)zc->zc_cookie;
1322 boolean_t hardforce = (boolean_t)zc->zc_guid;
1323
1324 zfs_log_history(zc);
1325 error = spa_export(zc->zc_name, NULL, force, hardforce);
1326 if (error == 0)
1327 zvol_remove_minors(zc->zc_name);
1328 return (error);
1329}
1330
1331static int
1332zfs_ioc_pool_configs(zfs_cmd_t *zc)
1333{
1334 nvlist_t *configs;
1335 int error;
1336
1337 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL)
1338 return (EEXIST);
1339
1340 error = put_nvlist(zc, configs);
1341
1342 nvlist_free(configs);
1343
1344 return (error);
1345}
1346
1347static int
1348zfs_ioc_pool_stats(zfs_cmd_t *zc)
1349{
1350 nvlist_t *config;
1351 int error;
1352 int ret = 0;
1353
1354 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1355 sizeof (zc->zc_value));
1356
1357 if (config != NULL) {
1358 ret = put_nvlist(zc, config);
1359 nvlist_free(config);
1360
1361 /*
1362 * The config may be present even if 'error' is non-zero.
1363 * In this case we return success, and preserve the real errno
1364 * in 'zc_cookie'.
1365 */
1366 zc->zc_cookie = error;
1367 } else {
1368 ret = error;
1369 }
1370
1371 return (ret);
1372}
1373
1374/*
1375 * Try to import the given pool, returning pool stats as appropriate so that
1376 * user land knows which devices are available and overall pool health.
1377 */
1378static int
1379zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1380{
1381 nvlist_t *tryconfig, *config;
1382 int error;
1383
1384 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1385 zc->zc_iflags, &tryconfig)) != 0)
1386 return (error);
1387
1388 config = spa_tryimport(tryconfig);
1389
1390 nvlist_free(tryconfig);
1391
1392 if (config == NULL)
1393 return (EINVAL);
1394
1395 error = put_nvlist(zc, config);
1396 nvlist_free(config);
1397
1398 return (error);
1399}
1400
1401/*
1402 * inputs:
1403 * zc_name name of the pool
1404 * zc_cookie scan func (pool_scan_func_t)
1405 */
1406static int
1407zfs_ioc_pool_scan(zfs_cmd_t *zc)
1408{
1409 spa_t *spa;
1410 int error;
1411
1412 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1413 return (error);
1414
1415 if (zc->zc_cookie == POOL_SCAN_NONE)
1416 error = spa_scan_stop(spa);
1417 else
1418 error = spa_scan(spa, zc->zc_cookie);
1419
1420 spa_close(spa, FTAG);
1421
1422 return (error);
1423}
1424
1425static int
1426zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1427{
1428 spa_t *spa;
1429 int error;
1430
1431 error = spa_open(zc->zc_name, &spa, FTAG);
1432 if (error == 0) {
1433 spa_freeze(spa);
1434 spa_close(spa, FTAG);
1435 }
1436 return (error);
1437}
1438
1439static int
1440zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1441{
1442 spa_t *spa;
1443 int error;
1444
1445 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1446 return (error);
1447
1448 if (zc->zc_cookie < spa_version(spa) || zc->zc_cookie > SPA_VERSION) {
1449 spa_close(spa, FTAG);
1450 return (EINVAL);
1451 }
1452
1453 spa_upgrade(spa, zc->zc_cookie);
1454 spa_close(spa, FTAG);
1455
1456 return (error);
1457}
1458
1459static int
1460zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1461{
1462 spa_t *spa;
1463 char *hist_buf;
1464 uint64_t size;
1465 int error;
1466
1467 if ((size = zc->zc_history_len) == 0)
1468 return (EINVAL);
1469
1470 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1471 return (error);
1472
1473 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1474 spa_close(spa, FTAG);
1475 return (ENOTSUP);
1476 }
1477
1478 hist_buf = kmem_alloc(size, KM_SLEEP);
1479 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1480 &zc->zc_history_len, hist_buf)) == 0) {
1481 error = ddi_copyout(hist_buf,
1482 (void *)(uintptr_t)zc->zc_history,
1483 zc->zc_history_len, zc->zc_iflags);
1484 }
1485
1486 spa_close(spa, FTAG);
1487 kmem_free(hist_buf, size);
1488 return (error);
1489}
1490
1491static int
1492zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1493{
1494 spa_t *spa;
1495 int error;
1496
1497 error = spa_open(zc->zc_name, &spa, FTAG);
1498 if (error == 0) {
1499 error = spa_change_guid(spa);
1500 spa_close(spa, FTAG);
1501 }
1502 return (error);
1503}
1504
1505static int
1506zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1507{
1508 int error;
1509
1510 if (error = dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value))
1511 return (error);
1512
1513 return (0);
1514}
1515
1516/*
1517 * inputs:
1518 * zc_name name of filesystem
1519 * zc_obj object to find
1520 *
1521 * outputs:
1522 * zc_value name of object
1523 */
1524static int
1525zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1526{
1527 objset_t *os;
1528 int error;
1529
1530 /* XXX reading from objset not owned */
1531 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1532 return (error);
1533 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1534 dmu_objset_rele(os, FTAG);
1535 return (EINVAL);
1536 }
1537 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1538 sizeof (zc->zc_value));
1539 dmu_objset_rele(os, FTAG);
1540
1541 return (error);
1542}
1543
1544/*
1545 * inputs:
1546 * zc_name name of filesystem
1547 * zc_obj object to find
1548 *
1549 * outputs:
1550 * zc_stat stats on object
1551 * zc_value path to object
1552 */
1553static int
1554zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1555{
1556 objset_t *os;
1557 int error;
1558
1559 /* XXX reading from objset not owned */
1560 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0)
1561 return (error);
1562 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1563 dmu_objset_rele(os, FTAG);
1564 return (EINVAL);
1565 }
1566 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1567 sizeof (zc->zc_value));
1568 dmu_objset_rele(os, FTAG);
1569
1570 return (error);
1571}
1572
1573static int
1574zfs_ioc_vdev_add(zfs_cmd_t *zc)
1575{
1576 spa_t *spa;
1577 int error;
1578 nvlist_t *config, **l2cache, **spares;
1579 uint_t nl2cache = 0, nspares = 0;
1580
1581 error = spa_open(zc->zc_name, &spa, FTAG);
1582 if (error != 0)
1583 return (error);
1584
1585 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1586 zc->zc_iflags, &config);
1587 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE,
1588 &l2cache, &nl2cache);
1589
1590 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES,
1591 &spares, &nspares);
1592
1593 /*
1594 * A root pool with concatenated devices is not supported.
1595 * Thus, can not add a device to a root pool.
1596 *
1597 * Intent log device can not be added to a rootpool because
1598 * during mountroot, zil is replayed, a seperated log device
1599 * can not be accessed during the mountroot time.
1600 *
1601 * l2cache and spare devices are ok to be added to a rootpool.
1602 */
1603 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) {
1604 nvlist_free(config);
1605 spa_close(spa, FTAG);
1606 return (EDOM);
1607 }
1608
1609 if (error == 0) {
1610 error = spa_vdev_add(spa, config);
1611 nvlist_free(config);
1612 }
1613 spa_close(spa, FTAG);
1614 return (error);
1615}
1616
1617/*
1618 * inputs:
1619 * zc_name name of the pool
1620 * zc_nvlist_conf nvlist of devices to remove
1621 * zc_cookie to stop the remove?
1622 */
1623static int
1624zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1625{
1626 spa_t *spa;
1627 int error;
1628
1629 error = spa_open(zc->zc_name, &spa, FTAG);
1630 if (error != 0)
1631 return (error);
1632 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1633 spa_close(spa, FTAG);
1634 return (error);
1635}
1636
1637static int
1638zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1639{
1640 spa_t *spa;
1641 int error;
1642 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1643
1644 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1645 return (error);
1646 switch (zc->zc_cookie) {
1647 case VDEV_STATE_ONLINE:
1648 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1649 break;
1650
1651 case VDEV_STATE_OFFLINE:
1652 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1653 break;
1654
1655 case VDEV_STATE_FAULTED:
1656 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1657 zc->zc_obj != VDEV_AUX_EXTERNAL)
1658 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1659
1660 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1661 break;
1662
1663 case VDEV_STATE_DEGRADED:
1664 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1665 zc->zc_obj != VDEV_AUX_EXTERNAL)
1666 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1667
1668 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1669 break;
1670
1671 default:
1672 error = EINVAL;
1673 }
1674 zc->zc_cookie = newstate;
1675 spa_close(spa, FTAG);
1676 return (error);
1677}
1678
1679static int
1680zfs_ioc_vdev_attach(zfs_cmd_t *zc)
1681{
1682 spa_t *spa;
1683 int replacing = zc->zc_cookie;
1684 nvlist_t *config;
1685 int error;
1686
1687 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1688 return (error);
1689
1690 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1691 zc->zc_iflags, &config)) == 0) {
1692 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing);
1693 nvlist_free(config);
1694 }
1695
1696 spa_close(spa, FTAG);
1697 return (error);
1698}
1699
1700static int
1701zfs_ioc_vdev_detach(zfs_cmd_t *zc)
1702{
1703 spa_t *spa;
1704 int error;
1705
1706 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1707 return (error);
1708
1709 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
1710
1711 spa_close(spa, FTAG);
1712 return (error);
1713}
1714
1715static int
1716zfs_ioc_vdev_split(zfs_cmd_t *zc)
1717{
1718 spa_t *spa;
1719 nvlist_t *config, *props = NULL;
1720 int error;
1721 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
1722
1723 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1724 return (error);
1725
1726 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1727 zc->zc_iflags, &config)) {
1728 spa_close(spa, FTAG);
1729 return (error);
1730 }
1731
1732 if (zc->zc_nvlist_src_size != 0 && (error =
1733 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1734 zc->zc_iflags, &props))) {
1735 spa_close(spa, FTAG);
1736 nvlist_free(config);
1737 return (error);
1738 }
1739
1740 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
1741
1742 spa_close(spa, FTAG);
1743
1744 nvlist_free(config);
1745 nvlist_free(props);
1746
1747 return (error);
1748}
1749
1750static int
1751zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
1752{
1753 spa_t *spa;
1754 char *path = zc->zc_value;
1755 uint64_t guid = zc->zc_guid;
1756 int error;
1757
1758 error = spa_open(zc->zc_name, &spa, FTAG);
1759 if (error != 0)
1760 return (error);
1761
1762 error = spa_vdev_setpath(spa, guid, path);
1763 spa_close(spa, FTAG);
1764 return (error);
1765}
1766
1767static int
1768zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
1769{
1770 spa_t *spa;
1771 char *fru = zc->zc_value;
1772 uint64_t guid = zc->zc_guid;
1773 int error;
1774
1775 error = spa_open(zc->zc_name, &spa, FTAG);
1776 if (error != 0)
1777 return (error);
1778
1779 error = spa_vdev_setfru(spa, guid, fru);
1780 spa_close(spa, FTAG);
1781 return (error);
1782}
1783
1784static int
1785zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
1786{
1787 int error = 0;
1788 nvlist_t *nv;
1789
1790 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1791
1792 if (zc->zc_nvlist_dst != 0 &&
1793 (error = dsl_prop_get_all(os, &nv)) == 0) {
1794 dmu_objset_stats(os, nv);
1795 /*
1796 * NB: zvol_get_stats() will read the objset contents,
1797 * which we aren't supposed to do with a
1798 * DS_MODE_USER hold, because it could be
1799 * inconsistent. So this is a bit of a workaround...
1800 * XXX reading with out owning
1801 */
1802 if (!zc->zc_objset_stats.dds_inconsistent &&
1803 dmu_objset_type(os) == DMU_OST_ZVOL) {
1804 error = zvol_get_stats(os, nv);
1805 if (error == EIO)
1806 return (error);
1807 VERIFY3S(error, ==, 0);
1808 }
1809 error = put_nvlist(zc, nv);
1810 nvlist_free(nv);
1811 }
1812
1813 return (error);
1814}
1815
1816/*
1817 * inputs:
1818 * zc_name name of filesystem
1819 * zc_nvlist_dst_size size of buffer for property nvlist
1820 *
1821 * outputs:
1822 * zc_objset_stats stats
1823 * zc_nvlist_dst property nvlist
1824 * zc_nvlist_dst_size size of property nvlist
1825 */
1826static int
1827zfs_ioc_objset_stats(zfs_cmd_t *zc)
1828{
1829 objset_t *os = NULL;
1830 int error;
1831
1832 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1833 return (error);
1834
1835 error = zfs_ioc_objset_stats_impl(zc, os);
1836
1837 dmu_objset_rele(os, FTAG);
1838
1839 if (error == ENOMEM)
1840 error = 0;
1841 return (error);
1842}
1843
1844/*
1845 * inputs:
1846 * zc_name name of filesystem
1847 * zc_nvlist_dst_size size of buffer for property nvlist
1848 *
1849 * outputs:
1850 * zc_nvlist_dst received property nvlist
1851 * zc_nvlist_dst_size size of received property nvlist
1852 *
1853 * Gets received properties (distinct from local properties on or after
1854 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
1855 * local property values.
1856 */
1857static int
1858zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
1859{
1860 objset_t *os = NULL;
1861 int error;
1862 nvlist_t *nv;
1863
1864 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os))
1865 return (error);
1866
1867 /*
1868 * Without this check, we would return local property values if the
1869 * caller has not already received properties on or after
1870 * SPA_VERSION_RECVD_PROPS.
1871 */
1872 if (!dsl_prop_get_hasrecvd(os)) {
1873 dmu_objset_rele(os, FTAG);
1874 return (ENOTSUP);
1875 }
1876
1877 if (zc->zc_nvlist_dst != 0 &&
1878 (error = dsl_prop_get_received(os, &nv)) == 0) {
1879 error = put_nvlist(zc, nv);
1880 nvlist_free(nv);
1881 }
1882
1883 dmu_objset_rele(os, FTAG);
1884 return (error);
1885}
1886
1887static int
1888nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
1889{
1890 uint64_t value;
1891 int error;
1892
1893 /*
1894 * zfs_get_zplprop() will either find a value or give us
1895 * the default value (if there is one).
1896 */
1897 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
1898 return (error);
1899 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
1900 return (0);
1901}
1902
1903/*
1904 * inputs:
1905 * zc_name name of filesystem
1906 * zc_nvlist_dst_size size of buffer for zpl property nvlist
1907 *
1908 * outputs:
1909 * zc_nvlist_dst zpl property nvlist
1910 * zc_nvlist_dst_size size of zpl property nvlist
1911 */
1912static int
1913zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
1914{
1915 objset_t *os;
1916 int err;
1917
1918 /* XXX reading without owning */
1919 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os))
1920 return (err);
1921
1922 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
1923
1924 /*
1925 * NB: nvl_add_zplprop() will read the objset contents,
1926 * which we aren't supposed to do with a DS_MODE_USER
1927 * hold, because it could be inconsistent.
1928 */
1929 if (zc->zc_nvlist_dst != 0 &&
1930 !zc->zc_objset_stats.dds_inconsistent &&
1931 dmu_objset_type(os) == DMU_OST_ZFS) {
1932 nvlist_t *nv;
1933
1934 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1935 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
1936 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
1937 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
1938 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
1939 err = put_nvlist(zc, nv);
1940 nvlist_free(nv);
1941 } else {
1942 err = ENOENT;
1943 }
1944 dmu_objset_rele(os, FTAG);
1945 return (err);
1946}
1947
1948boolean_t
1949dataset_name_hidden(const char *name)
1950{
1951 /*
1952 * Skip over datasets that are not visible in this zone,
1953 * internal datasets (which have a $ in their name), and
1954 * temporary datasets (which have a % in their name).
1955 */
1956 if (strchr(name, '$') != NULL)
1957 return (B_TRUE);
1958 if (strchr(name, '%') != NULL)
1959 return (B_TRUE);
1960 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL))
1961 return (B_TRUE);
1962 return (B_FALSE);
1963}
1964
1965/*
1966 * inputs:
1967 * zc_name name of filesystem
1968 * zc_cookie zap cursor
1969 * zc_nvlist_dst_size size of buffer for property nvlist
1970 *
1971 * outputs:
1972 * zc_name name of next filesystem
1973 * zc_cookie zap cursor
1974 * zc_objset_stats stats
1975 * zc_nvlist_dst property nvlist
1976 * zc_nvlist_dst_size size of property nvlist
1977 */
1978static int
1979zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
1980{
1981 objset_t *os;
1982 int error;
1983 char *p;
1984 size_t orig_len = strlen(zc->zc_name);
1985
1986top:
1987 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) {
1988 if (error == ENOENT)
1989 error = ESRCH;
1990 return (error);
1991 }
1992
1993 p = strrchr(zc->zc_name, '/');
1994 if (p == NULL || p[1] != '\0')
1995 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
1996 p = zc->zc_name + strlen(zc->zc_name);
1997
1998 /*
1999 * Pre-fetch the datasets. dmu_objset_prefetch() always returns 0
2000 * but is not declared void because its called by dmu_objset_find().
2001 */
2002 if (zc->zc_cookie == 0) {
2003 uint64_t cookie = 0;
2004 int len = sizeof (zc->zc_name) - (p - zc->zc_name);
2005
2006 while (dmu_dir_list_next(os, len, p, NULL, &cookie) == 0) {
2007 if (!dataset_name_hidden(zc->zc_name))
2008 (void) dmu_objset_prefetch(zc->zc_name, NULL);
2009 }
2010 }
2011
2012 do {
2013 error = dmu_dir_list_next(os,
2014 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2015 NULL, &zc->zc_cookie);
2016 if (error == ENOENT)
2017 error = ESRCH;
2018 } while (error == 0 && dataset_name_hidden(zc->zc_name));
2019 dmu_objset_rele(os, FTAG);
2020
2021 /*
2022 * If it's an internal dataset (ie. with a '$' in its name),
2023 * don't try to get stats for it, otherwise we'll return ENOENT.
2024 */
2025 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2026 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2027 if (error == ENOENT) {
2028 /* We lost a race with destroy, get the next one. */
2029 zc->zc_name[orig_len] = '\0';
2030 goto top;
2031 }
2032 }
2033 return (error);
2034}
2035
2036/*
2037 * inputs:
2038 * zc_name name of filesystem
2039 * zc_cookie zap cursor
2040 * zc_nvlist_dst_size size of buffer for property nvlist
2041 * zc_simple when set, only name is requested
2042 *
2043 * outputs:
2044 * zc_name name of next snapshot
2045 * zc_objset_stats stats
2046 * zc_nvlist_dst property nvlist
2047 * zc_nvlist_dst_size size of property nvlist
2048 */
2049static int
2050zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2051{
2052 objset_t *os;
2053 int error;
2054
2055top:
2056 if (snapshot_list_prefetch && zc->zc_cookie == 0 && !zc->zc_simple)
2057 (void) dmu_objset_find(zc->zc_name, dmu_objset_prefetch,
2058 NULL, DS_FIND_SNAPSHOTS);
2059
2060 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2061 if (error)
2062 return (error == ENOENT ? ESRCH : error);
2063
2064 /*
2065 * A dataset name of maximum length cannot have any snapshots,
2066 * so exit immediately.
2067 */
2068 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) {
2069 dmu_objset_rele(os, FTAG);
2070 return (ESRCH);
2071 }
2072
2073 error = dmu_snapshot_list_next(os,
2074 sizeof (zc->zc_name) - strlen(zc->zc_name),
2075 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie,
2076 NULL);
2077
2078 if (error == 0 && !zc->zc_simple) {
2079 dsl_dataset_t *ds;
2080 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool;
2081
2082 /*
2083 * Since we probably don't have a hold on this snapshot,
2084 * it's possible that the objsetid could have been destroyed
2085 * and reused for a new objset. It's OK if this happens during
2086 * a zfs send operation, since the new createtxg will be
2087 * beyond the range we're interested in.
2088 */
2089 rw_enter(&dp->dp_config_rwlock, RW_READER);
2090 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds);
2091 rw_exit(&dp->dp_config_rwlock);
2092 if (error) {
2093 if (error == ENOENT) {
2094 /* Racing with destroy, get the next one. */
2095 *strchr(zc->zc_name, '@') = '\0';
2096 dmu_objset_rele(os, FTAG);
2097 goto top;
2098 }
2099 } else {
2100 objset_t *ossnap;
2101
2102 error = dmu_objset_from_ds(ds, &ossnap);
2103 if (error == 0)
2104 error = zfs_ioc_objset_stats_impl(zc, ossnap);
2105 dsl_dataset_rele(ds, FTAG);
2106 }
2107 } else if (error == ENOENT) {
2108 error = ESRCH;
2109 }
2110
2111 dmu_objset_rele(os, FTAG);
2112 /* if we failed, undo the @ that we tacked on to zc_name */
2113 if (error)
2114 *strchr(zc->zc_name, '@') = '\0';
2115 return (error);
2116}
2117
2118static int
2119zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2120{
2121 const char *propname = nvpair_name(pair);
2122 uint64_t *valary;
2123 unsigned int vallen;
2124 const char *domain;
2125 char *dash;
2126 zfs_userquota_prop_t type;
2127 uint64_t rid;
2128 uint64_t quota;
2129 zfsvfs_t *zfsvfs;
2130 int err;
2131
2132 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2133 nvlist_t *attrs;
2134 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2135 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2136 &pair) != 0)
2137 return (EINVAL);
2138 }
2139
2140 /*
2141 * A correctly constructed propname is encoded as
2142 * userquota@<rid>-<domain>.
2143 */
2144 if ((dash = strchr(propname, '-')) == NULL ||
2145 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2146 vallen != 3)
2147 return (EINVAL);
2148
2149 domain = dash + 1;
2150 type = valary[0];
2151 rid = valary[1];
2152 quota = valary[2];
2153
2154 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2155 if (err == 0) {
2156 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2157 zfsvfs_rele(zfsvfs, FTAG);
2158 }
2159
2160 return (err);
2161}
2162
2163/*
2164 * If the named property is one that has a special function to set its value,
2165 * return 0 on success and a positive error code on failure; otherwise if it is
2166 * not one of the special properties handled by this function, return -1.
2167 *
2168 * XXX: It would be better for callers of the property interface if we handled
2169 * these special cases in dsl_prop.c (in the dsl layer).
2170 */
2171static int
2172zfs_prop_set_special(const char *dsname, zprop_source_t source,
2173 nvpair_t *pair)
2174{
2175 const char *propname = nvpair_name(pair);
2176 zfs_prop_t prop = zfs_name_to_prop(propname);
2177 uint64_t intval;
2178 int err;
2179
2180 if (prop == ZPROP_INVAL) {
2181 if (zfs_prop_userquota(propname))
2182 return (zfs_prop_set_userquota(dsname, pair));
2183 return (-1);
2184 }
2185
2186 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2187 nvlist_t *attrs;
2188 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2189 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2190 &pair) == 0);
2191 }
2192
2193 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING)
2194 return (-1);
2195
2196 VERIFY(0 == nvpair_value_uint64(pair, &intval));
2197
2198 switch (prop) {
2199 case ZFS_PROP_QUOTA:
2200 err = dsl_dir_set_quota(dsname, source, intval);
2201 break;
2202 case ZFS_PROP_REFQUOTA:
2203 err = dsl_dataset_set_quota(dsname, source, intval);
2204 break;
2205 case ZFS_PROP_RESERVATION:
2206 err = dsl_dir_set_reservation(dsname, source, intval);
2207 break;
2208 case ZFS_PROP_REFRESERVATION:
2209 err = dsl_dataset_set_reservation(dsname, source, intval);
2210 break;
2211 case ZFS_PROP_VOLSIZE:
2212 err = zvol_set_volsize(dsname, ddi_driver_major(zfs_dip),
2213 intval);
2214 break;
2215 case ZFS_PROP_VERSION:
2216 {
2217 zfsvfs_t *zfsvfs;
2218
2219 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2220 break;
2221
2222 err = zfs_set_version(zfsvfs, intval);
2223 zfsvfs_rele(zfsvfs, FTAG);
2224
2225 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2226 zfs_cmd_t *zc;
2227
2228 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2229 (void) strcpy(zc->zc_name, dsname);
2230 (void) zfs_ioc_userspace_upgrade(zc);
2231 kmem_free(zc, sizeof (zfs_cmd_t));
2232 }
2233 break;
2234 }
2235
2236 default:
2237 err = -1;
2238 }
2239
2240 return (err);
2241}
2242
2243/*
2244 * This function is best effort. If it fails to set any of the given properties,
2245 * it continues to set as many as it can and returns the first error
2246 * encountered. If the caller provides a non-NULL errlist, it also gives the
2247 * complete list of names of all the properties it failed to set along with the
2248 * corresponding error numbers. The caller is responsible for freeing the
2249 * returned errlist.
2250 *
2251 * If every property is set successfully, zero is returned and the list pointed
2252 * at by errlist is NULL.
2253 */
2254int
2255zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2256 nvlist_t **errlist)
2257{
2258 nvpair_t *pair;
2259 nvpair_t *propval;
2260 int rv = 0;
2261 uint64_t intval;
2262 char *strval;
2263 nvlist_t *genericnvl;
2264 nvlist_t *errors;
2265 nvlist_t *retrynvl;
2266
2267 VERIFY(nvlist_alloc(&genericnvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2268 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2269 VERIFY(nvlist_alloc(&retrynvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2270
2271retry:
2272 pair = NULL;
2273 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2274 const char *propname = nvpair_name(pair);
2275 zfs_prop_t prop = zfs_name_to_prop(propname);
2276 int err = 0;
2277
2278 /* decode the property value */
2279 propval = pair;
2280 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2281 nvlist_t *attrs;
2282 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2283 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2284 &propval) != 0)
2285 err = EINVAL;
2286 }
2287
2288 /* Validate value type */
2289 if (err == 0 && prop == ZPROP_INVAL) {
2290 if (zfs_prop_user(propname)) {
2291 if (nvpair_type(propval) != DATA_TYPE_STRING)
2292 err = EINVAL;
2293 } else if (zfs_prop_userquota(propname)) {
2294 if (nvpair_type(propval) !=
2295 DATA_TYPE_UINT64_ARRAY)
2296 err = EINVAL;
2297 } else {
2298 err = EINVAL;
2299 }
2300 } else if (err == 0) {
2301 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2302 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2303 err = EINVAL;
2304 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2305 const char *unused;
2306
2307 VERIFY(nvpair_value_uint64(propval,
2308 &intval) == 0);
2309
2310 switch (zfs_prop_get_type(prop)) {
2311 case PROP_TYPE_NUMBER:
2312 break;
2313 case PROP_TYPE_STRING:
2314 err = EINVAL;
2315 break;
2316 case PROP_TYPE_INDEX:
2317 if (zfs_prop_index_to_string(prop,
2318 intval, &unused) != 0)
2319 err = EINVAL;
2320 break;
2321 default:
2322 cmn_err(CE_PANIC,
2323 "unknown property type");
2324 }
2325 } else {
2326 err = EINVAL;
2327 }
2328 }
2329
2330 /* Validate permissions */
2331 if (err == 0)
2332 err = zfs_check_settable(dsname, pair, CRED());
2333
2334 if (err == 0) {
2335 err = zfs_prop_set_special(dsname, source, pair);
2336 if (err == -1) {
2337 /*
2338 * For better performance we build up a list of
2339 * properties to set in a single transaction.
2340 */
2341 err = nvlist_add_nvpair(genericnvl, pair);
2342 } else if (err != 0 && nvl != retrynvl) {
2343 /*
2344 * This may be a spurious error caused by
2345 * receiving quota and reservation out of order.
2346 * Try again in a second pass.
2347 */
2348 err = nvlist_add_nvpair(retrynvl, pair);
2349 }
2350 }
2351
2352 if (err != 0)
2353 VERIFY(nvlist_add_int32(errors, propname, err) == 0);
2354 }
2355
2356 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2357 nvl = retrynvl;
2358 goto retry;
2359 }
2360
2361 if (!nvlist_empty(genericnvl) &&
2362 dsl_props_set(dsname, source, genericnvl) != 0) {
2363 /*
2364 * If this fails, we still want to set as many properties as we
2365 * can, so try setting them individually.
2366 */
2367 pair = NULL;
2368 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2369 const char *propname = nvpair_name(pair);
2370 int err = 0;
2371
2372 propval = pair;
2373 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2374 nvlist_t *attrs;
2375 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2376 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2377 &propval) == 0);
2378 }
2379
2380 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2381 VERIFY(nvpair_value_string(propval,
2382 &strval) == 0);
2383 err = dsl_prop_set(dsname, propname, source, 1,
2384 strlen(strval) + 1, strval);
2385 } else {
2386 VERIFY(nvpair_value_uint64(propval,
2387 &intval) == 0);
2388 err = dsl_prop_set(dsname, propname, source, 8,
2389 1, &intval);
2390 }
2391
2392 if (err != 0) {
2393 VERIFY(nvlist_add_int32(errors, propname,
2394 err) == 0);
2395 }
2396 }
2397 }
2398 nvlist_free(genericnvl);
2399 nvlist_free(retrynvl);
2400
2401 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
2402 nvlist_free(errors);
2403 errors = NULL;
2404 } else {
2405 VERIFY(nvpair_value_int32(pair, &rv) == 0);
2406 }
2407
2408 if (errlist == NULL)
2409 nvlist_free(errors);
2410 else
2411 *errlist = errors;
2412
2413 return (rv);
2414}
2415
2416/*
2417 * Check that all the properties are valid user properties.
2418 */
2419static int
2420zfs_check_userprops(char *fsname, nvlist_t *nvl)
2421{
2422 nvpair_t *pair = NULL;
2423 int error = 0;
2424
2425 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2426 const char *propname = nvpair_name(pair);
2427 char *valstr;
2428
2429 if (!zfs_prop_user(propname) ||
2430 nvpair_type(pair) != DATA_TYPE_STRING)
2431 return (EINVAL);
2432
2433 if (error = zfs_secpolicy_write_perms(fsname,
2434 ZFS_DELEG_PERM_USERPROP, CRED()))
2435 return (error);
2436
2437 if (strlen(propname) >= ZAP_MAXNAMELEN)
2438 return (ENAMETOOLONG);
2439
2440 VERIFY(nvpair_value_string(pair, &valstr) == 0);
2441 if (strlen(valstr) >= ZAP_MAXVALUELEN)
2442 return (E2BIG);
2443 }
2444 return (0);
2445}
2446
2447static void
2448props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2449{
2450 nvpair_t *pair;
2451
2452 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2453
2454 pair = NULL;
2455 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2456 if (nvlist_exists(skipped, nvpair_name(pair)))
2457 continue;
2458
2459 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2460 }
2461}
2462
2463static int
2464clear_received_props(objset_t *os, const char *fs, nvlist_t *props,
2465 nvlist_t *skipped)
2466{
2467 int err = 0;
2468 nvlist_t *cleared_props = NULL;
2469 props_skip(props, skipped, &cleared_props);
2470 if (!nvlist_empty(cleared_props)) {
2471 /*
2472 * Acts on local properties until the dataset has received
2473 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2474 */
2475 zprop_source_t flags = (ZPROP_SRC_NONE |
2476 (dsl_prop_get_hasrecvd(os) ? ZPROP_SRC_RECEIVED : 0));
2477 err = zfs_set_prop_nvlist(fs, flags, cleared_props, NULL);
2478 }
2479 nvlist_free(cleared_props);
2480 return (err);
2481}
2482
2483/*
2484 * inputs:
2485 * zc_name name of filesystem
2486 * zc_value name of property to set
2487 * zc_nvlist_src{_size} nvlist of properties to apply
2488 * zc_cookie received properties flag
2489 *
2490 * outputs:
2491 * zc_nvlist_dst{_size} error for each unapplied received property
2492 */
2493static int
2494zfs_ioc_set_prop(zfs_cmd_t *zc)
2495{
2496 nvlist_t *nvl;
2497 boolean_t received = zc->zc_cookie;
2498 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2499 ZPROP_SRC_LOCAL);
2500 nvlist_t *errors = NULL;
2501 int error;
2502
2503 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2504 zc->zc_iflags, &nvl)) != 0)
2505 return (error);
2506
2507 if (received) {
2508 nvlist_t *origprops;
2509 objset_t *os;
2510
2511 if (dmu_objset_hold(zc->zc_name, FTAG, &os) == 0) {
2512 if (dsl_prop_get_received(os, &origprops) == 0) {
2513 (void) clear_received_props(os,
2514 zc->zc_name, origprops, nvl);
2515 nvlist_free(origprops);
2516 }
2517
2518 dsl_prop_set_hasrecvd(os);
2519 dmu_objset_rele(os, FTAG);
2520 }
2521 }
2522
2523 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, &errors);
2524
2525 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2526 (void) put_nvlist(zc, errors);
2527 }
2528
2529 nvlist_free(errors);
2530 nvlist_free(nvl);
2531 return (error);
2532}
2533
2534/*
2535 * inputs:
2536 * zc_name name of filesystem
2537 * zc_value name of property to inherit
2538 * zc_cookie revert to received value if TRUE
2539 *
2540 * outputs: none
2541 */
2542static int
2543zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2544{
2545 const char *propname = zc->zc_value;
2546 zfs_prop_t prop = zfs_name_to_prop(propname);
2547 boolean_t received = zc->zc_cookie;
2548 zprop_source_t source = (received
2549 ? ZPROP_SRC_NONE /* revert to received value, if any */
2550 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2551
2552 if (received) {
2553 nvlist_t *dummy;
2554 nvpair_t *pair;
2555 zprop_type_t type;
2556 int err;
2557
2558 /*
2559 * zfs_prop_set_special() expects properties in the form of an
2560 * nvpair with type info.
2561 */
2562 if (prop == ZPROP_INVAL) {
2563 if (!zfs_prop_user(propname))
2564 return (EINVAL);
2565
2566 type = PROP_TYPE_STRING;
2567 } else if (prop == ZFS_PROP_VOLSIZE ||
2568 prop == ZFS_PROP_VERSION) {
2569 return (EINVAL);
2570 } else {
2571 type = zfs_prop_get_type(prop);
2572 }
2573
2574 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2575
2576 switch (type) {
2577 case PROP_TYPE_STRING:
2578 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
2579 break;
2580 case PROP_TYPE_NUMBER:
2581 case PROP_TYPE_INDEX:
2582 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
2583 break;
2584 default:
2585 nvlist_free(dummy);
2586 return (EINVAL);
2587 }
2588
2589 pair = nvlist_next_nvpair(dummy, NULL);
2590 err = zfs_prop_set_special(zc->zc_name, source, pair);
2591 nvlist_free(dummy);
2592 if (err != -1)
2593 return (err); /* special property already handled */
2594 } else {
2595 /*
2596 * Only check this in the non-received case. We want to allow
2597 * 'inherit -S' to revert non-inheritable properties like quota
2598 * and reservation to the received or default values even though
2599 * they are not considered inheritable.
2600 */
2601 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop))
2602 return (EINVAL);
2603 }
2604
2605 /* the property name has been validated by zfs_secpolicy_inherit() */
2606 return (dsl_prop_set(zc->zc_name, zc->zc_value, source, 0, 0, NULL));
2607}
2608
2609static int
2610zfs_ioc_pool_set_props(zfs_cmd_t *zc)
2611{
2612 nvlist_t *props;
2613 spa_t *spa;
2614 int error;
2615 nvpair_t *pair;
2616
2617 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2618 zc->zc_iflags, &props))
2619 return (error);
2620
2621 /*
2622 * If the only property is the configfile, then just do a spa_lookup()
2623 * to handle the faulted case.
2624 */
2625 pair = nvlist_next_nvpair(props, NULL);
2626 if (pair != NULL && strcmp(nvpair_name(pair),
2627 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
2628 nvlist_next_nvpair(props, pair) == NULL) {
2629 mutex_enter(&spa_namespace_lock);
2630 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
2631 spa_configfile_set(spa, props, B_FALSE);
2632 spa_config_sync(spa, B_FALSE, B_TRUE);
2633 }
2634 mutex_exit(&spa_namespace_lock);
2635 if (spa != NULL) {
2636 nvlist_free(props);
2637 return (0);
2638 }
2639 }
2640
2641 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2642 nvlist_free(props);
2643 return (error);
2644 }
2645
2646 error = spa_prop_set(spa, props);
2647
2648 nvlist_free(props);
2649 spa_close(spa, FTAG);
2650
2651 return (error);
2652}
2653
2654static int
2655zfs_ioc_pool_get_props(zfs_cmd_t *zc)
2656{
2657 spa_t *spa;
2658 int error;
2659 nvlist_t *nvp = NULL;
2660
2661 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
2662 /*
2663 * If the pool is faulted, there may be properties we can still
2664 * get (such as altroot and cachefile), so attempt to get them
2665 * anyway.
2666 */
2667 mutex_enter(&spa_namespace_lock);
2668 if ((spa = spa_lookup(zc->zc_name)) != NULL)
2669 error = spa_prop_get(spa, &nvp);
2670 mutex_exit(&spa_namespace_lock);
2671 } else {
2672 error = spa_prop_get(spa, &nvp);
2673 spa_close(spa, FTAG);
2674 }
2675
2676 if (error == 0 && zc->zc_nvlist_dst != 0)
2677 error = put_nvlist(zc, nvp);
2678 else
2679 error = EFAULT;
2680
2681 nvlist_free(nvp);
2682 return (error);
2683}
2684
2685/*
2686 * inputs:
2687 * zc_name name of filesystem
2688 * zc_nvlist_src{_size} nvlist of delegated permissions
2689 * zc_perm_action allow/unallow flag
2690 *
2691 * outputs: none
2692 */
2693static int
2694zfs_ioc_set_fsacl(zfs_cmd_t *zc)
2695{
2696 int error;
2697 nvlist_t *fsaclnv = NULL;
2698
2699 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2700 zc->zc_iflags, &fsaclnv)) != 0)
2701 return (error);
2702
2703 /*
2704 * Verify nvlist is constructed correctly
2705 */
2706 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) {
2707 nvlist_free(fsaclnv);
2708 return (EINVAL);
2709 }
2710
2711 /*
2712 * If we don't have PRIV_SYS_MOUNT, then validate
2713 * that user is allowed to hand out each permission in
2714 * the nvlist(s)
2715 */
2716
2717 error = secpolicy_zfs(CRED());
2718 if (error) {
2719 if (zc->zc_perm_action == B_FALSE) {
2720 error = dsl_deleg_can_allow(zc->zc_name,
2721 fsaclnv, CRED());
2722 } else {
2723 error = dsl_deleg_can_unallow(zc->zc_name,
2724 fsaclnv, CRED());
2725 }
2726 }
2727
2728 if (error == 0)
2729 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
2730
2731 nvlist_free(fsaclnv);
2732 return (error);
2733}
2734
2735/*
2736 * inputs:
2737 * zc_name name of filesystem
2738 *
2739 * outputs:
2740 * zc_nvlist_src{_size} nvlist of delegated permissions
2741 */
2742static int
2743zfs_ioc_get_fsacl(zfs_cmd_t *zc)
2744{
2745 nvlist_t *nvp;
2746 int error;
2747
2748 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
2749 error = put_nvlist(zc, nvp);
2750 nvlist_free(nvp);
2751 }
2752
2753 return (error);
2754}
2755
2756/*
2757 * Search the vfs list for a specified resource. Returns a pointer to it
2758 * or NULL if no suitable entry is found. The caller of this routine
2759 * is responsible for releasing the returned vfs pointer.
2760 */
2761static vfs_t *
2762zfs_get_vfs(const char *resource)
2763{
2764 vfs_t *vfsp;
2765
2766 mtx_lock(&mountlist_mtx);
2767 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) {
2768 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) {
2769 VFS_HOLD(vfsp);
2770 break;
2771 }
2772 }
2773 mtx_unlock(&mountlist_mtx);
2774 return (vfsp);
2775}
2776
2777/* ARGSUSED */
2778static void
2779zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
2780{
2781 zfs_creat_t *zct = arg;
2782
2783 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
2784}
2785
2786#define ZFS_PROP_UNDEFINED ((uint64_t)-1)
2787
2788/*
2789 * inputs:
2790 * createprops list of properties requested by creator
2791 * default_zplver zpl version to use if unspecified in createprops
2792 * fuids_ok fuids allowed in this version of the spa?
2793 * os parent objset pointer (NULL if root fs)
2794 *
2795 * outputs:
2796 * zplprops values for the zplprops we attach to the master node object
2797 * is_ci true if requested file system will be purely case-insensitive
2798 *
2799 * Determine the settings for utf8only, normalization and
2800 * casesensitivity. Specific values may have been requested by the
2801 * creator and/or we can inherit values from the parent dataset. If
2802 * the file system is of too early a vintage, a creator can not
2803 * request settings for these properties, even if the requested
2804 * setting is the default value. We don't actually want to create dsl
2805 * properties for these, so remove them from the source nvlist after
2806 * processing.
2807 */
2808static int
2809zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
2810 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
2811 nvlist_t *zplprops, boolean_t *is_ci)
2812{
2813 uint64_t sense = ZFS_PROP_UNDEFINED;
2814 uint64_t norm = ZFS_PROP_UNDEFINED;
2815 uint64_t u8 = ZFS_PROP_UNDEFINED;
2816
2817 ASSERT(zplprops != NULL);
2818
2819 /*
2820 * Pull out creator prop choices, if any.
2821 */
2822 if (createprops) {
2823 (void) nvlist_lookup_uint64(createprops,
2824 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
2825 (void) nvlist_lookup_uint64(createprops,
2826 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
2827 (void) nvlist_remove_all(createprops,
2828 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
2829 (void) nvlist_lookup_uint64(createprops,
2830 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
2831 (void) nvlist_remove_all(createprops,
2832 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
2833 (void) nvlist_lookup_uint64(createprops,
2834 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
2835 (void) nvlist_remove_all(createprops,
2836 zfs_prop_to_name(ZFS_PROP_CASE));
2837 }
2838
2839 /*
2840 * If the zpl version requested is whacky or the file system
2841 * or pool is version is too "young" to support normalization
2842 * and the creator tried to set a value for one of the props,
2843 * error out.
2844 */
2845 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
2846 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
2847 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
2848 (zplver < ZPL_VERSION_NORMALIZATION &&
2849 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
2850 sense != ZFS_PROP_UNDEFINED)))
2851 return (ENOTSUP);
2852
2853 /*
2854 * Put the version in the zplprops
2855 */
2856 VERIFY(nvlist_add_uint64(zplprops,
2857 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
2858
2859 if (norm == ZFS_PROP_UNDEFINED)
2860 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0);
2861 VERIFY(nvlist_add_uint64(zplprops,
2862 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
2863
2864 /*
2865 * If we're normalizing, names must always be valid UTF-8 strings.
2866 */
2867 if (norm)
2868 u8 = 1;
2869 if (u8 == ZFS_PROP_UNDEFINED)
2870 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0);
2871 VERIFY(nvlist_add_uint64(zplprops,
2872 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
2873
2874 if (sense == ZFS_PROP_UNDEFINED)
2875 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0);
2876 VERIFY(nvlist_add_uint64(zplprops,
2877 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
2878
2879 if (is_ci)
2880 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
2881
2882 return (0);
2883}
2884
2885static int
2886zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
2887 nvlist_t *zplprops, boolean_t *is_ci)
2888{
2889 boolean_t fuids_ok, sa_ok;
2890 uint64_t zplver = ZPL_VERSION;
2891 objset_t *os = NULL;
2892 char parentname[MAXNAMELEN];
2893 char *cp;
2894 spa_t *spa;
2895 uint64_t spa_vers;
2896 int error;
2897
2898 (void) strlcpy(parentname, dataset, sizeof (parentname));
2899 cp = strrchr(parentname, '/');
2900 ASSERT(cp != NULL);
2901 cp[0] = '\0';
2902
2903 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
2904 return (error);
2905
2906 spa_vers = spa_version(spa);
2907 spa_close(spa, FTAG);
2908
2909 zplver = zfs_zpl_version_map(spa_vers);
2910 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2911 sa_ok = (zplver >= ZPL_VERSION_SA);
2912
2913 /*
2914 * Open parent object set so we can inherit zplprop values.
2915 */
2916 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
2917 return (error);
2918
2919 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
2920 zplprops, is_ci);
2921 dmu_objset_rele(os, FTAG);
2922 return (error);
2923}
2924
2925static int
2926zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
2927 nvlist_t *zplprops, boolean_t *is_ci)
2928{
2929 boolean_t fuids_ok;
2930 boolean_t sa_ok;
2931 uint64_t zplver = ZPL_VERSION;
2932 int error;
2933
2934 zplver = zfs_zpl_version_map(spa_vers);
2935 fuids_ok = (zplver >= ZPL_VERSION_FUID);
2936 sa_ok = (zplver >= ZPL_VERSION_SA);
2937
2938 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
2939 createprops, zplprops, is_ci);
2940 return (error);
2941}
2942
2943/*
2944 * inputs:
2945 * zc_objset_type type of objset to create (fs vs zvol)
2946 * zc_name name of new objset
2947 * zc_value name of snapshot to clone from (may be empty)
2948 * zc_nvlist_src{_size} nvlist of properties to apply
2949 *
2950 * outputs: none
2951 */
2952static int
2953zfs_ioc_create(zfs_cmd_t *zc)
2954{
2955 objset_t *clone;
2956 int error = 0;
2957 zfs_creat_t zct;
2958 nvlist_t *nvprops = NULL;
2959 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
2960 dmu_objset_type_t type = zc->zc_objset_type;
2961
2962 switch (type) {
2963
2964 case DMU_OST_ZFS:
2965 cbfunc = zfs_create_cb;
2966 break;
2967
2968 case DMU_OST_ZVOL:
2969 cbfunc = zvol_create_cb;
2970 break;
2971
2972 default:
2973 cbfunc = NULL;
2974 break;
2975 }
2976 if (strchr(zc->zc_name, '@') ||
2977 strchr(zc->zc_name, '%'))
2978 return (EINVAL);
2979
2980 if (zc->zc_nvlist_src != 0 &&
2981 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2982 zc->zc_iflags, &nvprops)) != 0)
2983 return (error);
2984
2985 zct.zct_zplprops = NULL;
2986 zct.zct_props = nvprops;
2987
2988 if (zc->zc_value[0] != '\0') {
2989 /*
2990 * We're creating a clone of an existing snapshot.
2991 */
2992 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
2993 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0) {
2994 nvlist_free(nvprops);
2995 return (EINVAL);
2996 }
2997
2998 error = dmu_objset_hold(zc->zc_value, FTAG, &clone);
2999 if (error) {
3000 nvlist_free(nvprops);
3001 return (error);
3002 }
3003
3004 error = dmu_objset_clone(zc->zc_name, dmu_objset_ds(clone), 0);
3005 dmu_objset_rele(clone, FTAG);
3006 if (error) {
3007 nvlist_free(nvprops);
3008 return (error);
3009 }
3010 } else {
3011 boolean_t is_insensitive = B_FALSE;
3012
3013 if (cbfunc == NULL) {
3014 nvlist_free(nvprops);
3015 return (EINVAL);
3016 }
3017
3018 if (type == DMU_OST_ZVOL) {
3019 uint64_t volsize, volblocksize;
3020
3021 if (nvprops == NULL ||
3022 nvlist_lookup_uint64(nvprops,
3023 zfs_prop_to_name(ZFS_PROP_VOLSIZE),
3024 &volsize) != 0) {
3025 nvlist_free(nvprops);
3026 return (EINVAL);
3027 }
3028
3029 if ((error = nvlist_lookup_uint64(nvprops,
3030 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3031 &volblocksize)) != 0 && error != ENOENT) {
3032 nvlist_free(nvprops);
3033 return (EINVAL);
3034 }
3035
3036 if (error != 0)
3037 volblocksize = zfs_prop_default_numeric(
3038 ZFS_PROP_VOLBLOCKSIZE);
3039
3040 if ((error = zvol_check_volblocksize(
3041 volblocksize)) != 0 ||
3042 (error = zvol_check_volsize(volsize,
3043 volblocksize)) != 0) {
3044 nvlist_free(nvprops);
3045 return (error);
3046 }
3047 } else if (type == DMU_OST_ZFS) {
3048 int error;
3049
3050 /*
3051 * We have to have normalization and
3052 * case-folding flags correct when we do the
3053 * file system creation, so go figure them out
3054 * now.
3055 */
3056 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3057 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3058 error = zfs_fill_zplprops(zc->zc_name, nvprops,
3059 zct.zct_zplprops, &is_insensitive);
3060 if (error != 0) {
3061 nvlist_free(nvprops);
3062 nvlist_free(zct.zct_zplprops);
3063 return (error);
3064 }
3065 }
3066 error = dmu_objset_create(zc->zc_name, type,
3067 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct);
3068 nvlist_free(zct.zct_zplprops);
3069 }
3070
3071 /*
3072 * It would be nice to do this atomically.
3073 */
3074 if (error == 0) {
3075 error = zfs_set_prop_nvlist(zc->zc_name, ZPROP_SRC_LOCAL,
3076 nvprops, NULL);
3077 if (error != 0)
3078 (void) dmu_objset_destroy(zc->zc_name, B_FALSE);
3079 }
3080 nvlist_free(nvprops);
3081#ifdef __FreeBSD__
3082 if (error == 0 && type == DMU_OST_ZVOL)
3083 zvol_create_minors(zc->zc_name);
3084#endif
3085 return (error);
3086}
3087
3088/*
3089 * inputs:
3090 * zc_name name of filesystem
3091 * zc_value short name of snapshot
3092 * zc_cookie recursive flag
3093 * zc_nvlist_src[_size] property list
3094 *
3095 * outputs:
3096 * zc_value short snapname (i.e. part after the '@')
3097 */
3098static int
3099zfs_ioc_snapshot(zfs_cmd_t *zc)
3100{
3101 nvlist_t *nvprops = NULL;
3102 int error;
3103 boolean_t recursive = zc->zc_cookie;
3104
3105 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3106 return (EINVAL);
3107
3108 if (zc->zc_nvlist_src != 0 &&
3109 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3110 zc->zc_iflags, &nvprops)) != 0)
3111 return (error);
3112
3113 error = zfs_check_userprops(zc->zc_name, nvprops);
3114 if (error)
3115 goto out;
3116
3117 if (!nvlist_empty(nvprops) &&
3118 zfs_earlier_version(zc->zc_name, SPA_VERSION_SNAP_PROPS)) {
3119 error = ENOTSUP;
3120 goto out;
3121 }
3122
3123 error = dmu_objset_snapshot(zc->zc_name, zc->zc_value, NULL,
3124 nvprops, recursive, B_FALSE, -1);
3125
3126out:
3127 nvlist_free(nvprops);
3128 return (error);
3129}
3130
3131int
3132zfs_unmount_snap(const char *name, void *arg)
3133{
3134 vfs_t *vfsp = NULL;
3135
3136 if (arg) {
3137 char *snapname = arg;
3138 char *fullname = kmem_asprintf("%s@%s", name, snapname);
3139 vfsp = zfs_get_vfs(fullname);
3140 strfree(fullname);
3141 } else if (strchr(name, '@')) {
3142 vfsp = zfs_get_vfs(name);
3143 }
3144
3145 if (vfsp) {
3146 /*
3147 * Always force the unmount for snapshots.
3148 */
3149 int flag = MS_FORCE;
3150 int err;
3151
3152 if ((err = vn_vfswlock(vfsp->vfs_vnodecovered)) != 0) {
3153 VFS_RELE(vfsp);
3154 return (err);
3155 }
3156 VFS_RELE(vfsp);
3157 mtx_lock(&Giant); /* dounmount() */
3158 dounmount(vfsp, flag, curthread);
3159 mtx_unlock(&Giant); /* dounmount() */
3160 }
3161 return (0);
3162}
3163
3164/*
3165 * inputs:
3166 * zc_name name of filesystem, snaps must be under it
3167 * zc_nvlist_src[_size] full names of snapshots to destroy
3168 * zc_defer_destroy mark for deferred destroy
3169 *
3170 * outputs:
3171 * zc_name on failure, name of failed snapshot
3172 */
3173static int
3174zfs_ioc_destroy_snaps_nvl(zfs_cmd_t *zc)
3175{
3176 int err, len;
3177 nvlist_t *nvl;
3178 nvpair_t *pair;
3179
3180 if ((err = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3181 zc->zc_iflags, &nvl)) != 0) {
3182#ifndef __FreeBSD__
3183 return (err);
3184#else
3185 /*
3186 * We are probably called by older binaries,
3187 * allocate and populate nvlist with recursive snapshots
3188 */
3189 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
3190 return (EINVAL);
3191 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3192 err = dmu_get_recursive_snaps_nvl(zc->zc_name,
3193 zc->zc_value, nvl);
3194 if (err) {
3195 nvlist_free(nvl);
3196 return (err);
3197 }
3198#endif /* __FreeBSD__ */
3199 }
3200
3201 len = strlen(zc->zc_name);
3202 for (pair = nvlist_next_nvpair(nvl, NULL); pair != NULL;
3203 pair = nvlist_next_nvpair(nvl, pair)) {
3204 const char *name = nvpair_name(pair);
3205 /*
3206 * The snap name must be underneath the zc_name. This ensures
3207 * that our permission checks were legitimate.
3208 */
3209 if (strncmp(zc->zc_name, name, len) != 0 ||
3210 (name[len] != '@' && name[len] != '/')) {
3211 nvlist_free(nvl);
3212 return (EINVAL);
3213 }
3214
3215 (void) zfs_unmount_snap(name, NULL);
3216 }
3217
3218 err = dmu_snapshots_destroy_nvl(nvl, zc->zc_defer_destroy,
3219 zc->zc_name);
3220 nvlist_free(nvl);
3221 return (err);
3222}
3223
3224/*
3225 * inputs:
3226 * zc_name name of dataset to destroy
3227 * zc_objset_type type of objset
3228 * zc_defer_destroy mark for deferred destroy
3229 *
3230 * outputs: none
3231 */
3232static int
3233zfs_ioc_destroy(zfs_cmd_t *zc)
3234{
3235 int err;
3236 if (strchr(zc->zc_name, '@') && zc->zc_objset_type == DMU_OST_ZFS) {
3237 err = zfs_unmount_snap(zc->zc_name, NULL);
3238 if (err)
3239 return (err);
3240 }
3241
3242 err = dmu_objset_destroy(zc->zc_name, zc->zc_defer_destroy);
3243 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0)
3244 (void) zvol_remove_minor(zc->zc_name);
3245 return (err);
3246}
3247
3248/*
3249 * inputs:
3250 * zc_name name of dataset to rollback (to most recent snapshot)
3251 *
3252 * outputs: none
3253 */
3254static int
3255zfs_ioc_rollback(zfs_cmd_t *zc)
3256{
3257 dsl_dataset_t *ds, *clone;
3258 int error;
3259 zfsvfs_t *zfsvfs;
3260 char *clone_name;
3261
3262 error = dsl_dataset_hold(zc->zc_name, FTAG, &ds);
3263 if (error)
3264 return (error);
3265
3266 /* must not be a snapshot */
3267 if (dsl_dataset_is_snapshot(ds)) {
3268 dsl_dataset_rele(ds, FTAG);
3269 return (EINVAL);
3270 }
3271
3272 /* must have a most recent snapshot */
3273 if (ds->ds_phys->ds_prev_snap_txg < TXG_INITIAL) {
3274 dsl_dataset_rele(ds, FTAG);
3275 return (EINVAL);
3276 }
3277
3278 /*
3279 * Create clone of most recent snapshot.
3280 */
3281 clone_name = kmem_asprintf("%s/%%rollback", zc->zc_name);
3282 error = dmu_objset_clone(clone_name, ds->ds_prev, DS_FLAG_INCONSISTENT);
3283 if (error)
3284 goto out;
3285
3286 error = dsl_dataset_own(clone_name, B_TRUE, FTAG, &clone);
3287 if (error)
3288 goto out;
3289
3290 /*
3291 * Do clone swap.
3292 */
3293 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
3294 error = zfs_suspend_fs(zfsvfs);
3295 if (error == 0) {
3296 int resume_err;
3297
3298 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3299 error = dsl_dataset_clone_swap(clone, ds,
3300 B_TRUE);
3301 dsl_dataset_disown(ds, FTAG);
3302 ds = NULL;
3303 } else {
3304 error = EBUSY;
3305 }
3306 resume_err = zfs_resume_fs(zfsvfs, zc->zc_name);
3307 error = error ? error : resume_err;
3308 }
3309 VFS_RELE(zfsvfs->z_vfs);
3310 } else {
3311 if (dsl_dataset_tryown(ds, B_FALSE, FTAG)) {
3312 error = dsl_dataset_clone_swap(clone, ds, B_TRUE);
3313 dsl_dataset_disown(ds, FTAG);
3314 ds = NULL;
3315 } else {
3316 error = EBUSY;
3317 }
3318 }
3319
3320 /*
3321 * Destroy clone (which also closes it).
3322 */
3323 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3324
3325out:
3326 strfree(clone_name);
3327 if (ds)
3328 dsl_dataset_rele(ds, FTAG);
3329 return (error);
3330}
3331
3332/*
3333 * inputs:
3334 * zc_name old name of dataset
3335 * zc_value new name of dataset
3336 * zc_cookie recursive flag (only valid for snapshots)
3337 *
3338 * outputs: none
3339 */
3340static int
3341zfs_ioc_rename(zfs_cmd_t *zc)
3342{
3343 int flags = 0;
3344
3345 if (zc->zc_cookie & 1)
3346 flags |= ZFS_RENAME_RECURSIVE;
3347 if (zc->zc_cookie & 2)
3348 flags |= ZFS_RENAME_ALLOW_MOUNTED;
3349
3350 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
3351 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3352 strchr(zc->zc_value, '%'))
3353 return (EINVAL);
3354
3355 /*
3356 * Unmount snapshot unless we're doing a recursive rename,
3357 * in which case the dataset code figures out which snapshots
3358 * to unmount.
3359 */
3360 if (!(flags & ZFS_RENAME_RECURSIVE) &&
3361 strchr(zc->zc_name, '@') != NULL &&
3362 zc->zc_objset_type == DMU_OST_ZFS) {
3363 int err = zfs_unmount_snap(zc->zc_name, NULL);
3364 if (err)
3365 return (err);
3366 }
3367 return (dmu_objset_rename(zc->zc_name, zc->zc_value, flags));
3368}
3369
3370static int
3371zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
3372{
3373 const char *propname = nvpair_name(pair);
3374 boolean_t issnap = (strchr(dsname, '@') != NULL);
3375 zfs_prop_t prop = zfs_name_to_prop(propname);
3376 uint64_t intval;
3377 int err;
3378
3379 if (prop == ZPROP_INVAL) {
3380 if (zfs_prop_user(propname)) {
3381 if (err = zfs_secpolicy_write_perms(dsname,
3382 ZFS_DELEG_PERM_USERPROP, cr))
3383 return (err);
3384 return (0);
3385 }
3386
3387 if (!issnap && zfs_prop_userquota(propname)) {
3388 const char *perm = NULL;
3389 const char *uq_prefix =
3390 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
3391 const char *gq_prefix =
3392 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
3393
3394 if (strncmp(propname, uq_prefix,
3395 strlen(uq_prefix)) == 0) {
3396 perm = ZFS_DELEG_PERM_USERQUOTA;
3397 } else if (strncmp(propname, gq_prefix,
3398 strlen(gq_prefix)) == 0) {
3399 perm = ZFS_DELEG_PERM_GROUPQUOTA;
3400 } else {
3401 /* USERUSED and GROUPUSED are read-only */
3402 return (EINVAL);
3403 }
3404
3405 if (err = zfs_secpolicy_write_perms(dsname, perm, cr))
3406 return (err);
3407 return (0);
3408 }
3409
3410 return (EINVAL);
3411 }
3412
3413 if (issnap)
3414 return (EINVAL);
3415
3416 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
3417 /*
3418 * dsl_prop_get_all_impl() returns properties in this
3419 * format.
3420 */
3421 nvlist_t *attrs;
3422 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
3423 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3424 &pair) == 0);
3425 }
3426
3427 /*
3428 * Check that this value is valid for this pool version
3429 */
3430 switch (prop) {
3431 case ZFS_PROP_COMPRESSION:
3432 /*
3433 * If the user specified gzip compression, make sure
3434 * the SPA supports it. We ignore any errors here since
3435 * we'll catch them later.
3436 */
3437 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3438 nvpair_value_uint64(pair, &intval) == 0) {
3439 if (intval >= ZIO_COMPRESS_GZIP_1 &&
3440 intval <= ZIO_COMPRESS_GZIP_9 &&
3441 zfs_earlier_version(dsname,
3442 SPA_VERSION_GZIP_COMPRESSION)) {
3443 return (ENOTSUP);
3444 }
3445
3446 if (intval == ZIO_COMPRESS_ZLE &&
3447 zfs_earlier_version(dsname,
3448 SPA_VERSION_ZLE_COMPRESSION))
3449 return (ENOTSUP);
3450
3451 /*
3452 * If this is a bootable dataset then
3453 * verify that the compression algorithm
3454 * is supported for booting. We must return
3455 * something other than ENOTSUP since it
3456 * implies a downrev pool version.
3457 */
3458 if (zfs_is_bootfs(dsname) &&
3459 !BOOTFS_COMPRESS_VALID(intval)) {
3460 return (ERANGE);
3461 }
3462 }
3463 break;
3464
3465 case ZFS_PROP_COPIES:
3466 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
3467 return (ENOTSUP);
3468 break;
3469
3470 case ZFS_PROP_DEDUP:
3471 if (zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
3472 return (ENOTSUP);
3473 break;
3474
3475 case ZFS_PROP_SHARESMB:
3476 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
3477 return (ENOTSUP);
3478 break;
3479
3480 case ZFS_PROP_ACLINHERIT:
3481 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
3482 nvpair_value_uint64(pair, &intval) == 0) {
3483 if (intval == ZFS_ACL_PASSTHROUGH_X &&
3484 zfs_earlier_version(dsname,
3485 SPA_VERSION_PASSTHROUGH_X))
3486 return (ENOTSUP);
3487 }
3488 break;
3489 }
3490
3491 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
3492}
3493
3494/*
3495 * Removes properties from the given props list that fail permission checks
3496 * needed to clear them and to restore them in case of a receive error. For each
3497 * property, make sure we have both set and inherit permissions.
3498 *
3499 * Returns the first error encountered if any permission checks fail. If the
3500 * caller provides a non-NULL errlist, it also gives the complete list of names
3501 * of all the properties that failed a permission check along with the
3502 * corresponding error numbers. The caller is responsible for freeing the
3503 * returned errlist.
3504 *
3505 * If every property checks out successfully, zero is returned and the list
3506 * pointed at by errlist is NULL.
3507 */
3508static int
3509zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist)
3510{
3511 zfs_cmd_t *zc;
3512 nvpair_t *pair, *next_pair;
3513 nvlist_t *errors;
3514 int err, rv = 0;
3515
3516 if (props == NULL)
3517 return (0);
3518
3519 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3520
3521 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
3522 (void) strcpy(zc->zc_name, dataset);
3523 pair = nvlist_next_nvpair(props, NULL);
3524 while (pair != NULL) {
3525 next_pair = nvlist_next_nvpair(props, pair);
3526
3527 (void) strcpy(zc->zc_value, nvpair_name(pair));
3528 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
3529 (err = zfs_secpolicy_inherit(zc, CRED())) != 0) {
3530 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
3531 VERIFY(nvlist_add_int32(errors,
3532 zc->zc_value, err) == 0);
3533 }
3534 pair = next_pair;
3535 }
3536 kmem_free(zc, sizeof (zfs_cmd_t));
3537
3538 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
3539 nvlist_free(errors);
3540 errors = NULL;
3541 } else {
3542 VERIFY(nvpair_value_int32(pair, &rv) == 0);
3543 }
3544
3545 if (errlist == NULL)
3546 nvlist_free(errors);
3547 else
3548 *errlist = errors;
3549
3550 return (rv);
3551}
3552
3553static boolean_t
3554propval_equals(nvpair_t *p1, nvpair_t *p2)
3555{
3556 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
3557 /* dsl_prop_get_all_impl() format */
3558 nvlist_t *attrs;
3559 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
3560 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3561 &p1) == 0);
3562 }
3563
3564 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
3565 nvlist_t *attrs;
3566 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
3567 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
3568 &p2) == 0);
3569 }
3570
3571 if (nvpair_type(p1) != nvpair_type(p2))
3572 return (B_FALSE);
3573
3574 if (nvpair_type(p1) == DATA_TYPE_STRING) {
3575 char *valstr1, *valstr2;
3576
3577 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0);
3578 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0);
3579 return (strcmp(valstr1, valstr2) == 0);
3580 } else {
3581 uint64_t intval1, intval2;
3582
3583 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
3584 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
3585 return (intval1 == intval2);
3586 }
3587}
3588
3589/*
3590 * Remove properties from props if they are not going to change (as determined
3591 * by comparison with origprops). Remove them from origprops as well, since we
3592 * do not need to clear or restore properties that won't change.
3593 */
3594static void
3595props_reduce(nvlist_t *props, nvlist_t *origprops)
3596{
3597 nvpair_t *pair, *next_pair;
3598
3599 if (origprops == NULL)
3600 return; /* all props need to be received */
3601
3602 pair = nvlist_next_nvpair(props, NULL);
3603 while (pair != NULL) {
3604 const char *propname = nvpair_name(pair);
3605 nvpair_t *match;
3606
3607 next_pair = nvlist_next_nvpair(props, pair);
3608
3609 if ((nvlist_lookup_nvpair(origprops, propname,
3610 &match) != 0) || !propval_equals(pair, match))
3611 goto next; /* need to set received value */
3612
3613 /* don't clear the existing received value */
3614 (void) nvlist_remove_nvpair(origprops, match);
3615 /* don't bother receiving the property */
3616 (void) nvlist_remove_nvpair(props, pair);
3617next:
3618 pair = next_pair;
3619 }
3620}
3621
3622#ifdef DEBUG
3623static boolean_t zfs_ioc_recv_inject_err;
3624#endif
3625
3626/*
3627 * inputs:
3628 * zc_name name of containing filesystem
3629 * zc_nvlist_src{_size} nvlist of properties to apply
3630 * zc_value name of snapshot to create
3631 * zc_string name of clone origin (if DRR_FLAG_CLONE)
3632 * zc_cookie file descriptor to recv from
3633 * zc_begin_record the BEGIN record of the stream (not byteswapped)
3634 * zc_guid force flag
3635 * zc_cleanup_fd cleanup-on-exit file descriptor
3636 * zc_action_handle handle for this guid/ds mapping (or zero on first call)
3637 *
3638 * outputs:
3639 * zc_cookie number of bytes read
3640 * zc_nvlist_dst{_size} error for each unapplied received property
3641 * zc_obj zprop_errflags_t
3642 * zc_action_handle handle for this guid/ds mapping
3643 */
3644static int
3645zfs_ioc_recv(zfs_cmd_t *zc)
3646{
3647 file_t *fp;
3648 objset_t *os;
3649 dmu_recv_cookie_t drc;
3650 boolean_t force = (boolean_t)zc->zc_guid;
3651 int fd;
3652 int error = 0;
3653 int props_error = 0;
3654 nvlist_t *errors;
3655 offset_t off;
3656 nvlist_t *props = NULL; /* sent properties */
3657 nvlist_t *origprops = NULL; /* existing properties */
3658 objset_t *origin = NULL;
3659 char *tosnap;
3660 char tofs[ZFS_MAXNAMELEN];
3661 boolean_t first_recvd_props = B_FALSE;
3662
3663 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
3664 strchr(zc->zc_value, '@') == NULL ||
3665 strchr(zc->zc_value, '%'))
3666 return (EINVAL);
3667
3668 (void) strcpy(tofs, zc->zc_value);
3669 tosnap = strchr(tofs, '@');
3670 *tosnap++ = '\0';
3671
3672 if (zc->zc_nvlist_src != 0 &&
3673 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3674 zc->zc_iflags, &props)) != 0)
3675 return (error);
3676
3677 fd = zc->zc_cookie;
3678 fp = getf(fd);
3679 if (fp == NULL) {
3680 nvlist_free(props);
3681 return (EBADF);
3682 }
3683
3684 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
3685
3686 if (props && dmu_objset_hold(tofs, FTAG, &os) == 0) {
3687 if ((spa_version(os->os_spa) >= SPA_VERSION_RECVD_PROPS) &&
3688 !dsl_prop_get_hasrecvd(os)) {
3689 first_recvd_props = B_TRUE;
3690 }
3691
3692 /*
3693 * If new received properties are supplied, they are to
3694 * completely replace the existing received properties, so stash
3695 * away the existing ones.
3696 */
3697 if (dsl_prop_get_received(os, &origprops) == 0) {
3698 nvlist_t *errlist = NULL;
3699 /*
3700 * Don't bother writing a property if its value won't
3701 * change (and avoid the unnecessary security checks).
3702 *
3703 * The first receive after SPA_VERSION_RECVD_PROPS is a
3704 * special case where we blow away all local properties
3705 * regardless.
3706 */
3707 if (!first_recvd_props)
3708 props_reduce(props, origprops);
3709 if (zfs_check_clearable(tofs, origprops,
3710 &errlist) != 0)
3711 (void) nvlist_merge(errors, errlist, 0);
3712 nvlist_free(errlist);
3713 }
3714
3715 dmu_objset_rele(os, FTAG);
3716 }
3717
3718 if (zc->zc_string[0]) {
3719 error = dmu_objset_hold(zc->zc_string, FTAG, &origin);
3720 if (error)
3721 goto out;
3722 }
3723
3724 error = dmu_recv_begin(tofs, tosnap, zc->zc_top_ds,
3725 &zc->zc_begin_record, force, origin, &drc);
3726 if (origin)
3727 dmu_objset_rele(origin, FTAG);
3728 if (error)
3729 goto out;
3730
3731 /*
3732 * Set properties before we receive the stream so that they are applied
3733 * to the new data. Note that we must call dmu_recv_stream() if
3734 * dmu_recv_begin() succeeds.
3735 */
3736 if (props) {
3737 nvlist_t *errlist;
3738
3739 if (dmu_objset_from_ds(drc.drc_logical_ds, &os) == 0) {
3740 if (drc.drc_newfs) {
3741 if (spa_version(os->os_spa) >=
3742 SPA_VERSION_RECVD_PROPS)
3743 first_recvd_props = B_TRUE;
3744 } else if (origprops != NULL) {
3745 if (clear_received_props(os, tofs, origprops,
3746 first_recvd_props ? NULL : props) != 0)
3747 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3748 } else {
3749 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3750 }
3751 dsl_prop_set_hasrecvd(os);
3752 } else if (!drc.drc_newfs) {
3753 zc->zc_obj |= ZPROP_ERR_NOCLEAR;
3754 }
3755
3756 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
3757 props, &errlist);
3758 (void) nvlist_merge(errors, errlist, 0);
3759 nvlist_free(errlist);
3760 }
3761
3762 if (fit_error_list(zc, &errors) != 0 || put_nvlist(zc, errors) != 0) {
3763 /*
3764 * Caller made zc->zc_nvlist_dst less than the minimum expected
3765 * size or supplied an invalid address.
3766 */
3767 props_error = EINVAL;
3768 }
3769
3770 off = fp->f_offset;
3771 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd,
3772 &zc->zc_action_handle);
3773
3774 if (error == 0) {
3775 zfsvfs_t *zfsvfs = NULL;
3776
3777 if (getzfsvfs(tofs, &zfsvfs) == 0) {
3778 /* online recv */
3779 int end_err;
3780
3781 error = zfs_suspend_fs(zfsvfs);
3782 /*
3783 * If the suspend fails, then the recv_end will
3784 * likely also fail, and clean up after itself.
3785 */
3786 end_err = dmu_recv_end(&drc);
3787 if (error == 0)
3788 error = zfs_resume_fs(zfsvfs, tofs);
3789 error = error ? error : end_err;
3790 VFS_RELE(zfsvfs->z_vfs);
3791 } else {
3792 error = dmu_recv_end(&drc);
3793 }
3794 }
3795
3796 zc->zc_cookie = off - fp->f_offset;
3797 if (off >= 0 && off <= MAXOFFSET_T)
3798 fp->f_offset = off;
3799
3800#ifdef DEBUG
3801 if (zfs_ioc_recv_inject_err) {
3802 zfs_ioc_recv_inject_err = B_FALSE;
3803 error = 1;
3804 }
3805#endif
3806 /*
3807 * On error, restore the original props.
3808 */
3809 if (error && props) {
3810 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
3811 if (clear_received_props(os, tofs, props, NULL) != 0) {
3812 /*
3813 * We failed to clear the received properties.
3814 * Since we may have left a $recvd value on the
3815 * system, we can't clear the $hasrecvd flag.
3816 */
3817 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3818 } else if (first_recvd_props) {
3819 dsl_prop_unset_hasrecvd(os);
3820 }
3821 dmu_objset_rele(os, FTAG);
3822 } else if (!drc.drc_newfs) {
3823 /* We failed to clear the received properties. */
3824 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3825 }
3826
3827 if (origprops == NULL && !drc.drc_newfs) {
3828 /* We failed to stash the original properties. */
3829 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3830 }
3831
3832 /*
3833 * dsl_props_set() will not convert RECEIVED to LOCAL on or
3834 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
3835 * explictly if we're restoring local properties cleared in the
3836 * first new-style receive.
3837 */
3838 if (origprops != NULL &&
3839 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
3840 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
3841 origprops, NULL) != 0) {
3842 /*
3843 * We stashed the original properties but failed to
3844 * restore them.
3845 */
3846 zc->zc_obj |= ZPROP_ERR_NORESTORE;
3847 }
3848 }
3849out:
3850 nvlist_free(props);
3851 nvlist_free(origprops);
3852 nvlist_free(errors);
3853 releasef(fd);
3854
3855 if (error == 0)
3856 error = props_error;
3857
3858 return (error);
3859}
3860
3861/*
3862 * inputs:
3863 * zc_name name of snapshot to send
3864 * zc_cookie file descriptor to send stream to
3865 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
3866 * zc_sendobj objsetid of snapshot to send
3867 * zc_fromobj objsetid of incremental fromsnap (may be zero)
3868 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
3869 * output size in zc_objset_type.
3870 *
3871 * outputs: none
3872 */
3873static int
3874zfs_ioc_send(zfs_cmd_t *zc)
3875{
3876 objset_t *fromsnap = NULL;
3877 objset_t *tosnap;
3878 int error;
3879 offset_t off;
3880 dsl_dataset_t *ds;
3881 dsl_dataset_t *dsfrom = NULL;
3882 spa_t *spa;
3883 dsl_pool_t *dp;
3884 boolean_t estimate = (zc->zc_guid != 0);
3885
3886 error = spa_open(zc->zc_name, &spa, FTAG);
3887 if (error)
3888 return (error);
3889
3890 dp = spa_get_dsl(spa);
3891 rw_enter(&dp->dp_config_rwlock, RW_READER);
3892 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
3893 rw_exit(&dp->dp_config_rwlock);
3894 if (error) {
3895 spa_close(spa, FTAG);
3896 return (error);
3897 }
3898
3899 error = dmu_objset_from_ds(ds, &tosnap);
3900 if (error) {
3901 dsl_dataset_rele(ds, FTAG);
3902 spa_close(spa, FTAG);
3903 return (error);
3904 }
3905
3906 if (zc->zc_fromobj != 0) {
3907 rw_enter(&dp->dp_config_rwlock, RW_READER);
3908 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, FTAG, &dsfrom);
3909 rw_exit(&dp->dp_config_rwlock);
3910 spa_close(spa, FTAG);
3911 if (error) {
3912 dsl_dataset_rele(ds, FTAG);
3913 return (error);
3914 }
3915 error = dmu_objset_from_ds(dsfrom, &fromsnap);
3916 if (error) {
3917 dsl_dataset_rele(dsfrom, FTAG);
3918 dsl_dataset_rele(ds, FTAG);
3919 return (error);
3920 }
3921 } else {
3922 spa_close(spa, FTAG);
3923 }
3924
3925 if (estimate) {
3926 error = dmu_send_estimate(tosnap, fromsnap, zc->zc_obj,
3927 &zc->zc_objset_type);
3928 } else {
3929 file_t *fp = getf(zc->zc_cookie);
3930 if (fp == NULL) {
3931 dsl_dataset_rele(ds, FTAG);
3932 if (dsfrom)
3933 dsl_dataset_rele(dsfrom, FTAG);
3934 return (EBADF);
3935 }
3936
3937 off = fp->f_offset;
3938 error = dmu_send(tosnap, fromsnap, zc->zc_obj,
3939 zc->zc_cookie, fp, &off);
3940
3941 if (off >= 0 && off <= MAXOFFSET_T)
3942 fp->f_offset = off;
3943 releasef(zc->zc_cookie);
3944 }
3945 if (dsfrom)
3946 dsl_dataset_rele(dsfrom, FTAG);
3947 dsl_dataset_rele(ds, FTAG);
3948 return (error);
3949}
3950
3951/*
3952 * inputs:
3953 * zc_name name of snapshot on which to report progress
3954 * zc_cookie file descriptor of send stream
3955 *
3956 * outputs:
3957 * zc_cookie number of bytes written in send stream thus far
3958 */
3959static int
3960zfs_ioc_send_progress(zfs_cmd_t *zc)
3961{
3962 dsl_dataset_t *ds;
3963 dmu_sendarg_t *dsp = NULL;
3964 int error;
3965
3966 if ((error = dsl_dataset_hold(zc->zc_name, FTAG, &ds)) != 0)
3967 return (error);
3968
3969 mutex_enter(&ds->ds_sendstream_lock);
3970
3971 /*
3972 * Iterate over all the send streams currently active on this dataset.
3973 * If there's one which matches the specified file descriptor _and_ the
3974 * stream was started by the current process, return the progress of
3975 * that stream.
3976 */
3977 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
3978 dsp = list_next(&ds->ds_sendstreams, dsp)) {
3979 if (dsp->dsa_outfd == zc->zc_cookie &&
3980 dsp->dsa_proc == curproc)
3981 break;
3982 }
3983
3984 if (dsp != NULL)
3985 zc->zc_cookie = *(dsp->dsa_off);
3986 else
3987 error = ENOENT;
3988
3989 mutex_exit(&ds->ds_sendstream_lock);
3990 dsl_dataset_rele(ds, FTAG);
3991 return (error);
3992}
3993
3994static int
3995zfs_ioc_inject_fault(zfs_cmd_t *zc)
3996{
3997 int id, error;
3998
3999 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
4000 &zc->zc_inject_record);
4001
4002 if (error == 0)
4003 zc->zc_guid = (uint64_t)id;
4004
4005 return (error);
4006}
4007
4008static int
4009zfs_ioc_clear_fault(zfs_cmd_t *zc)
4010{
4011 return (zio_clear_fault((int)zc->zc_guid));
4012}
4013
4014static int
4015zfs_ioc_inject_list_next(zfs_cmd_t *zc)
4016{
4017 int id = (int)zc->zc_guid;
4018 int error;
4019
4020 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
4021 &zc->zc_inject_record);
4022
4023 zc->zc_guid = id;
4024
4025 return (error);
4026}
4027
4028static int
4029zfs_ioc_error_log(zfs_cmd_t *zc)
4030{
4031 spa_t *spa;
4032 int error;
4033 size_t count = (size_t)zc->zc_nvlist_dst_size;
4034
4035 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
4036 return (error);
4037
4038 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
4039 &count);
4040 if (error == 0)
4041 zc->zc_nvlist_dst_size = count;
4042 else
4043 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa);
4044
4045 spa_close(spa, FTAG);
4046
4047 return (error);
4048}
4049
4050static int
4051zfs_ioc_clear(zfs_cmd_t *zc)
4052{
4053 spa_t *spa;
4054 vdev_t *vd;
4055 int error;
4056
4057 /*
4058 * On zpool clear we also fix up missing slogs
4059 */
4060 mutex_enter(&spa_namespace_lock);
4061 spa = spa_lookup(zc->zc_name);
4062 if (spa == NULL) {
4063 mutex_exit(&spa_namespace_lock);
4064 return (EIO);
4065 }
4066 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
4067 /* we need to let spa_open/spa_load clear the chains */
4068 spa_set_log_state(spa, SPA_LOG_CLEAR);
4069 }
4070 spa->spa_last_open_failed = 0;
4071 mutex_exit(&spa_namespace_lock);
4072
4073 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
4074 error = spa_open(zc->zc_name, &spa, FTAG);
4075 } else {
4076 nvlist_t *policy;
4077 nvlist_t *config = NULL;
4078
4079 if (zc->zc_nvlist_src == 0)
4080 return (EINVAL);
4081
4082 if ((error = get_nvlist(zc->zc_nvlist_src,
4083 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
4084 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
4085 policy, &config);
4086 if (config != NULL) {
4087 int err;
4088
4089 if ((err = put_nvlist(zc, config)) != 0)
4090 error = err;
4091 nvlist_free(config);
4092 }
4093 nvlist_free(policy);
4094 }
4095 }
4096
4097 if (error)
4098 return (error);
4099
4100 spa_vdev_state_enter(spa, SCL_NONE);
4101
4102 if (zc->zc_guid == 0) {
4103 vd = NULL;
4104 } else {
4105 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
4106 if (vd == NULL) {
4107 (void) spa_vdev_state_exit(spa, NULL, ENODEV);
4108 spa_close(spa, FTAG);
4109 return (ENODEV);
4110 }
4111 }
4112
4113 vdev_clear(spa, vd);
4114
4115 (void) spa_vdev_state_exit(spa, NULL, 0);
4116
4117 /*
4118 * Resume any suspended I/Os.
4119 */
4120 if (zio_resume(spa) != 0)
4121 error = EIO;
4122
4123 spa_close(spa, FTAG);
4124
4125 return (error);
4126}
4127
4128static int
4129zfs_ioc_pool_reopen(zfs_cmd_t *zc)
4130{
4131 spa_t *spa;
4132 int error;
4133
4134 error = spa_open(zc->zc_name, &spa, FTAG);
4135 if (error)
4136 return (error);
4137
4138 spa_vdev_state_enter(spa, SCL_NONE);
4139 vdev_reopen(spa->spa_root_vdev);
4140 (void) spa_vdev_state_exit(spa, NULL, 0);
4141 spa_close(spa, FTAG);
4142 return (0);
4143}
4144/*
4145 * inputs:
4146 * zc_name name of filesystem
4147 * zc_value name of origin snapshot
4148 *
4149 * outputs:
4150 * zc_string name of conflicting snapshot, if there is one
4151 */
4152static int
4153zfs_ioc_promote(zfs_cmd_t *zc)
4154{
4155 char *cp;
4156
4157 /*
4158 * We don't need to unmount *all* the origin fs's snapshots, but
4159 * it's easier.
4160 */
4161 cp = strchr(zc->zc_value, '@');
4162 if (cp)
4163 *cp = '\0';
4164 (void) dmu_objset_find(zc->zc_value,
4165 zfs_unmount_snap, NULL, DS_FIND_SNAPSHOTS);
4166 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
4167}
4168
4169/*
4170 * Retrieve a single {user|group}{used|quota}@... property.
4171 *
4172 * inputs:
4173 * zc_name name of filesystem
4174 * zc_objset_type zfs_userquota_prop_t
4175 * zc_value domain name (eg. "S-1-234-567-89")
4176 * zc_guid RID/UID/GID
4177 *
4178 * outputs:
4179 * zc_cookie property value
4180 */
4181static int
4182zfs_ioc_userspace_one(zfs_cmd_t *zc)
4183{
4184 zfsvfs_t *zfsvfs;
4185 int error;
4186
4187 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
4188 return (EINVAL);
4189
4190 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4191 if (error)
4192 return (error);
4193
4194 error = zfs_userspace_one(zfsvfs,
4195 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
4196 zfsvfs_rele(zfsvfs, FTAG);
4197
4198 return (error);
4199}
4200
4201/*
4202 * inputs:
4203 * zc_name name of filesystem
4204 * zc_cookie zap cursor
4205 * zc_objset_type zfs_userquota_prop_t
4206 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
4207 *
4208 * outputs:
4209 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
4210 * zc_cookie zap cursor
4211 */
4212static int
4213zfs_ioc_userspace_many(zfs_cmd_t *zc)
4214{
4215 zfsvfs_t *zfsvfs;
4216 int bufsize = zc->zc_nvlist_dst_size;
4217
4218 if (bufsize <= 0)
4219 return (ENOMEM);
4220
4221 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
4222 if (error)
4223 return (error);
4224
4225 void *buf = kmem_alloc(bufsize, KM_SLEEP);
4226
4227 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
4228 buf, &zc->zc_nvlist_dst_size);
4229
4230 if (error == 0) {
4231 error = ddi_copyout(buf,
4232 (void *)(uintptr_t)zc->zc_nvlist_dst,
4233 zc->zc_nvlist_dst_size, zc->zc_iflags);
4234 }
4235 kmem_free(buf, bufsize);
4236 zfsvfs_rele(zfsvfs, FTAG);
4237
4238 return (error);
4239}
4240
4241/*
4242 * inputs:
4243 * zc_name name of filesystem
4244 *
4245 * outputs:
4246 * none
4247 */
4248static int
4249zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
4250{
4251 objset_t *os;
4252 int error = 0;
4253 zfsvfs_t *zfsvfs;
4254
4255 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
4256 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
4257 /*
4258 * If userused is not enabled, it may be because the
4259 * objset needs to be closed & reopened (to grow the
4260 * objset_phys_t). Suspend/resume the fs will do that.
4261 */
4262 error = zfs_suspend_fs(zfsvfs);
4263 if (error == 0)
4264 error = zfs_resume_fs(zfsvfs, zc->zc_name);
4265 }
4266 if (error == 0)
4267 error = dmu_objset_userspace_upgrade(zfsvfs->z_os);
4268 VFS_RELE(zfsvfs->z_vfs);
4269 } else {
4270 /* XXX kind of reading contents without owning */
4271 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4272 if (error)
4273 return (error);
4274
4275 error = dmu_objset_userspace_upgrade(os);
4276 dmu_objset_rele(os, FTAG);
4277 }
4278
4279 return (error);
4280}
4281
4282#ifdef sun
4283/*
4284 * We don't want to have a hard dependency
4285 * against some special symbols in sharefs
4286 * nfs, and smbsrv. Determine them if needed when
4287 * the first file system is shared.
4288 * Neither sharefs, nfs or smbsrv are unloadable modules.
4289 */
4290int (*znfsexport_fs)(void *arg);
4291int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t);
4292int (*zsmbexport_fs)(void *arg, boolean_t add_share);
4293
4294int zfs_nfsshare_inited;
4295int zfs_smbshare_inited;
4296
4297ddi_modhandle_t nfs_mod;
4298ddi_modhandle_t sharefs_mod;
4299ddi_modhandle_t smbsrv_mod;
4300#endif /* sun */
4301kmutex_t zfs_share_lock;
4302
4303#ifdef sun
4304static int
4305zfs_init_sharefs()
4306{
4307 int error;
4308
4309 ASSERT(MUTEX_HELD(&zfs_share_lock));
4310 /* Both NFS and SMB shares also require sharetab support. */
4311 if (sharefs_mod == NULL && ((sharefs_mod =
4312 ddi_modopen("fs/sharefs",
4313 KRTLD_MODE_FIRST, &error)) == NULL)) {
4314 return (ENOSYS);
4315 }
4316 if (zshare_fs == NULL && ((zshare_fs =
4317 (int (*)(enum sharefs_sys_op, share_t *, uint32_t))
4318 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) {
4319 return (ENOSYS);
4320 }
4321 return (0);
4322}
4323#endif /* sun */
4324
4325static int
4326zfs_ioc_share(zfs_cmd_t *zc)
4327{
4328#ifdef sun
4329 int error;
4330 int opcode;
4331
4332 switch (zc->zc_share.z_sharetype) {
4333 case ZFS_SHARE_NFS:
4334 case ZFS_UNSHARE_NFS:
4335 if (zfs_nfsshare_inited == 0) {
4336 mutex_enter(&zfs_share_lock);
4337 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs",
4338 KRTLD_MODE_FIRST, &error)) == NULL)) {
4339 mutex_exit(&zfs_share_lock);
4340 return (ENOSYS);
4341 }
4342 if (znfsexport_fs == NULL &&
4343 ((znfsexport_fs = (int (*)(void *))
4344 ddi_modsym(nfs_mod,
4345 "nfs_export", &error)) == NULL)) {
4346 mutex_exit(&zfs_share_lock);
4347 return (ENOSYS);
4348 }
4349 error = zfs_init_sharefs();
4350 if (error) {
4351 mutex_exit(&zfs_share_lock);
4352 return (ENOSYS);
4353 }
4354 zfs_nfsshare_inited = 1;
4355 mutex_exit(&zfs_share_lock);
4356 }
4357 break;
4358 case ZFS_SHARE_SMB:
4359 case ZFS_UNSHARE_SMB:
4360 if (zfs_smbshare_inited == 0) {
4361 mutex_enter(&zfs_share_lock);
4362 if (smbsrv_mod == NULL && ((smbsrv_mod =
4363 ddi_modopen("drv/smbsrv",
4364 KRTLD_MODE_FIRST, &error)) == NULL)) {
4365 mutex_exit(&zfs_share_lock);
4366 return (ENOSYS);
4367 }
4368 if (zsmbexport_fs == NULL && ((zsmbexport_fs =
4369 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod,
4370 "smb_server_share", &error)) == NULL)) {
4371 mutex_exit(&zfs_share_lock);
4372 return (ENOSYS);
4373 }
4374 error = zfs_init_sharefs();
4375 if (error) {
4376 mutex_exit(&zfs_share_lock);
4377 return (ENOSYS);
4378 }
4379 zfs_smbshare_inited = 1;
4380 mutex_exit(&zfs_share_lock);
4381 }
4382 break;
4383 default:
4384 return (EINVAL);
4385 }
4386
4387 switch (zc->zc_share.z_sharetype) {
4388 case ZFS_SHARE_NFS:
4389 case ZFS_UNSHARE_NFS:
4390 if (error =
4391 znfsexport_fs((void *)
4392 (uintptr_t)zc->zc_share.z_exportdata))
4393 return (error);
4394 break;
4395 case ZFS_SHARE_SMB:
4396 case ZFS_UNSHARE_SMB:
4397 if (error = zsmbexport_fs((void *)
4398 (uintptr_t)zc->zc_share.z_exportdata,
4399 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ?
4400 B_TRUE: B_FALSE)) {
4401 return (error);
4402 }
4403 break;
4404 }
4405
4406 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS ||
4407 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ?
4408 SHAREFS_ADD : SHAREFS_REMOVE;
4409
4410 /*
4411 * Add or remove share from sharetab
4412 */
4413 error = zshare_fs(opcode,
4414 (void *)(uintptr_t)zc->zc_share.z_sharedata,
4415 zc->zc_share.z_sharemax);
4416
4417 return (error);
4418
4419#else /* !sun */
4420 return (ENOSYS);
4421#endif /* !sun */
4422}
4423
4424ace_t full_access[] = {
4425 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0}
4426};
4427
4428/*
4429 * inputs:
4430 * zc_name name of containing filesystem
4431 * zc_obj object # beyond which we want next in-use object #
4432 *
4433 * outputs:
4434 * zc_obj next in-use object #
4435 */
4436static int
4437zfs_ioc_next_obj(zfs_cmd_t *zc)
4438{
4439 objset_t *os = NULL;
4440 int error;
4441
4442 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
4443 if (error)
4444 return (error);
4445
4446 error = dmu_object_next(os, &zc->zc_obj, B_FALSE,
4447 os->os_dsl_dataset->ds_phys->ds_prev_snap_txg);
4448
4449 dmu_objset_rele(os, FTAG);
4450 return (error);
4451}
4452
4453/*
4454 * inputs:
4455 * zc_name name of filesystem
4456 * zc_value prefix name for snapshot
4457 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4458 *
4459 * outputs:
4460 */
4461static int
4462zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
4463{
4464 char *snap_name;
4465 int error;
4466
4467 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
4468 (u_longlong_t)ddi_get_lbolt64());
4469
4470 if (strlen(snap_name) >= MAXNAMELEN) {
4471 strfree(snap_name);
4472 return (E2BIG);
4473 }
4474
4475 error = dmu_objset_snapshot(zc->zc_name, snap_name, snap_name,
4476 NULL, B_FALSE, B_TRUE, zc->zc_cleanup_fd);
4477 if (error != 0) {
4478 strfree(snap_name);
4479 return (error);
4480 }
4481
4482 (void) strcpy(zc->zc_value, snap_name);
4483 strfree(snap_name);
4484 return (0);
4485}
4486
4487/*
4488 * inputs:
4489 * zc_name name of "to" snapshot
4490 * zc_value name of "from" snapshot
4491 * zc_cookie file descriptor to write diff data on
4492 *
4493 * outputs:
4494 * dmu_diff_record_t's to the file descriptor
4495 */
4496static int
4497zfs_ioc_diff(zfs_cmd_t *zc)
4498{
4499 objset_t *fromsnap;
4500 objset_t *tosnap;
4501 file_t *fp;
4502 offset_t off;
4503 int error;
4504
4505 error = dmu_objset_hold(zc->zc_name, FTAG, &tosnap);
4506 if (error)
4507 return (error);
4508
4509 error = dmu_objset_hold(zc->zc_value, FTAG, &fromsnap);
4510 if (error) {
4511 dmu_objset_rele(tosnap, FTAG);
4512 return (error);
4513 }
4514
4515 fp = getf(zc->zc_cookie);
4516 if (fp == NULL) {
4517 dmu_objset_rele(fromsnap, FTAG);
4518 dmu_objset_rele(tosnap, FTAG);
4519 return (EBADF);
4520 }
4521
4522 off = fp->f_offset;
4523
4524 error = dmu_diff(tosnap, fromsnap, fp, &off);
4525
4526 if (off >= 0 && off <= MAXOFFSET_T)
4527 fp->f_offset = off;
4528 releasef(zc->zc_cookie);
4529
4530 dmu_objset_rele(fromsnap, FTAG);
4531 dmu_objset_rele(tosnap, FTAG);
4532 return (error);
4533}
4534
4535#ifdef sun
4536/*
4537 * Remove all ACL files in shares dir
4538 */
4539static int
4540zfs_smb_acl_purge(znode_t *dzp)
4541{
4542 zap_cursor_t zc;
4543 zap_attribute_t zap;
4544 zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
4545 int error;
4546
4547 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
4548 (error = zap_cursor_retrieve(&zc, &zap)) == 0;
4549 zap_cursor_advance(&zc)) {
4550 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred,
4551 NULL, 0)) != 0)
4552 break;
4553 }
4554 zap_cursor_fini(&zc);
4555 return (error);
4556}
4557#endif /* sun */
4558
4559static int
4560zfs_ioc_smb_acl(zfs_cmd_t *zc)
4561{
4562#ifdef sun
4563 vnode_t *vp;
4564 znode_t *dzp;
4565 vnode_t *resourcevp = NULL;
4566 znode_t *sharedir;
4567 zfsvfs_t *zfsvfs;
4568 nvlist_t *nvlist;
4569 char *src, *target;
4570 vattr_t vattr;
4571 vsecattr_t vsec;
4572 int error = 0;
4573
4574 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE,
4575 NO_FOLLOW, NULL, &vp)) != 0)
4576 return (error);
4577
4578 /* Now make sure mntpnt and dataset are ZFS */
4579
4580 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 ||
4581 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource),
4582 zc->zc_name) != 0)) {
4583 VN_RELE(vp);
4584 return (EINVAL);
4585 }
4586
4587 dzp = VTOZ(vp);
4588 zfsvfs = dzp->z_zfsvfs;
4589 ZFS_ENTER(zfsvfs);
4590
4591 /*
4592 * Create share dir if its missing.
4593 */
4594 mutex_enter(&zfsvfs->z_lock);
4595 if (zfsvfs->z_shares_dir == 0) {
4596 dmu_tx_t *tx;
4597
4598 tx = dmu_tx_create(zfsvfs->z_os);
4599 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE,
4600 ZFS_SHARES_DIR);
4601 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
4602 error = dmu_tx_assign(tx, TXG_WAIT);
4603 if (error) {
4604 dmu_tx_abort(tx);
4605 } else {
4606 error = zfs_create_share_dir(zfsvfs, tx);
4607 dmu_tx_commit(tx);
4608 }
4609 if (error) {
4610 mutex_exit(&zfsvfs->z_lock);
4611 VN_RELE(vp);
4612 ZFS_EXIT(zfsvfs);
4613 return (error);
4614 }
4615 }
4616 mutex_exit(&zfsvfs->z_lock);
4617
4618 ASSERT(zfsvfs->z_shares_dir);
4619 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) {
4620 VN_RELE(vp);
4621 ZFS_EXIT(zfsvfs);
4622 return (error);
4623 }
4624
4625 switch (zc->zc_cookie) {
4626 case ZFS_SMB_ACL_ADD:
4627 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE;
4628 vattr.va_type = VREG;
4629 vattr.va_mode = S_IFREG|0777;
4630 vattr.va_uid = 0;
4631 vattr.va_gid = 0;
4632
4633 vsec.vsa_mask = VSA_ACE;
4634 vsec.vsa_aclentp = &full_access;
4635 vsec.vsa_aclentsz = sizeof (full_access);
4636 vsec.vsa_aclcnt = 1;
4637
4638 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string,
4639 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec);
4640 if (resourcevp)
4641 VN_RELE(resourcevp);
4642 break;
4643
4644 case ZFS_SMB_ACL_REMOVE:
4645 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred,
4646 NULL, 0);
4647 break;
4648
4649 case ZFS_SMB_ACL_RENAME:
4650 if ((error = get_nvlist(zc->zc_nvlist_src,
4651 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) {
4652 VN_RELE(vp);
4653 ZFS_EXIT(zfsvfs);
4654 return (error);
4655 }
4656 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) ||
4657 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET,
4658 &target)) {
4659 VN_RELE(vp);
4660 VN_RELE(ZTOV(sharedir));
4661 ZFS_EXIT(zfsvfs);
4662 nvlist_free(nvlist);
4663 return (error);
4664 }
4665 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target,
4666 kcred, NULL, 0);
4667 nvlist_free(nvlist);
4668 break;
4669
4670 case ZFS_SMB_ACL_PURGE:
4671 error = zfs_smb_acl_purge(sharedir);
4672 break;
4673
4674 default:
4675 error = EINVAL;
4676 break;
4677 }
4678
4679 VN_RELE(vp);
4680 VN_RELE(ZTOV(sharedir));
4681
4682 ZFS_EXIT(zfsvfs);
4683
4684 return (error);
4685#else /* !sun */
4686 return (EOPNOTSUPP);
4687#endif /* !sun */
4688}
4689
4690/*
4691 * inputs:
4692 * zc_name name of filesystem
4693 * zc_value short name of snap
4694 * zc_string user-supplied tag for this hold
4695 * zc_cookie recursive flag
4696 * zc_temphold set if hold is temporary
4697 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
4698 * zc_sendobj if non-zero, the objid for zc_name@zc_value
4699 * zc_createtxg if zc_sendobj is non-zero, snap must have zc_createtxg
4700 *
4701 * outputs: none
4702 */
4703static int
4704zfs_ioc_hold(zfs_cmd_t *zc)
4705{
4706 boolean_t recursive = zc->zc_cookie;
4707 spa_t *spa;
4708 dsl_pool_t *dp;
4709 dsl_dataset_t *ds;
4710 int error;
4711 minor_t minor = 0;
4712
4713 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4714 return (EINVAL);
4715
4716 if (zc->zc_sendobj == 0) {
4717 return (dsl_dataset_user_hold(zc->zc_name, zc->zc_value,
4718 zc->zc_string, recursive, zc->zc_temphold,
4719 zc->zc_cleanup_fd));
4720 }
4721
4722 if (recursive)
4723 return (EINVAL);
4724
4725 error = spa_open(zc->zc_name, &spa, FTAG);
4726 if (error)
4727 return (error);
4728
4729 dp = spa_get_dsl(spa);
4730 rw_enter(&dp->dp_config_rwlock, RW_READER);
4731 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
4732 rw_exit(&dp->dp_config_rwlock);
4733 spa_close(spa, FTAG);
4734 if (error)
4735 return (error);
4736
4737 /*
4738 * Until we have a hold on this snapshot, it's possible that
4739 * zc_sendobj could've been destroyed and reused as part
4740 * of a later txg. Make sure we're looking at the right object.
4741 */
4742 if (zc->zc_createtxg != ds->ds_phys->ds_creation_txg) {
4743 dsl_dataset_rele(ds, FTAG);
4744 return (ENOENT);
4745 }
4746
4747 if (zc->zc_cleanup_fd != -1 && zc->zc_temphold) {
4748 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
4749 if (error) {
4750 dsl_dataset_rele(ds, FTAG);
4751 return (error);
4752 }
4753 }
4754
4755 error = dsl_dataset_user_hold_for_send(ds, zc->zc_string,
4756 zc->zc_temphold);
4757 if (minor != 0) {
4758 if (error == 0) {
4759 dsl_register_onexit_hold_cleanup(ds, zc->zc_string,
4760 minor);
4761 }
4762 zfs_onexit_fd_rele(zc->zc_cleanup_fd);
4763 }
4764 dsl_dataset_rele(ds, FTAG);
4765
4766 return (error);
4767}
4768
4769/*
4770 * inputs:
4771 * zc_name name of dataset from which we're releasing a user hold
4772 * zc_value short name of snap
4773 * zc_string user-supplied tag for this hold
4774 * zc_cookie recursive flag
4775 *
4776 * outputs: none
4777 */
4778static int
4779zfs_ioc_release(zfs_cmd_t *zc)
4780{
4781 boolean_t recursive = zc->zc_cookie;
4782
4783 if (snapshot_namecheck(zc->zc_value, NULL, NULL) != 0)
4784 return (EINVAL);
4785
4786 return (dsl_dataset_user_release(zc->zc_name, zc->zc_value,
4787 zc->zc_string, recursive));
4788}
4789
4790/*
4791 * inputs:
4792 * zc_name name of filesystem
4793 *
4794 * outputs:
4795 * zc_nvlist_src{_size} nvlist of snapshot holds
4796 */
4797static int
4798zfs_ioc_get_holds(zfs_cmd_t *zc)
4799{
4800 nvlist_t *nvp;
4801 int error;
4802
4803 if ((error = dsl_dataset_get_holds(zc->zc_name, &nvp)) == 0) {
4804 error = put_nvlist(zc, nvp);
4805 nvlist_free(nvp);
4806 }
4807
4808 return (error);
4809}
4810
4811/*
4812 * inputs:
4813 * zc_name name of new filesystem or snapshot
4814 * zc_value full name of old snapshot
4815 *
4816 * outputs:
4817 * zc_cookie space in bytes
4818 * zc_objset_type compressed space in bytes
4819 * zc_perm_action uncompressed space in bytes
4820 */
4821static int
4822zfs_ioc_space_written(zfs_cmd_t *zc)
4823{
4824 int error;
4825 dsl_dataset_t *new, *old;
4826
4827 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4828 if (error != 0)
4829 return (error);
4830 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4831 if (error != 0) {
4832 dsl_dataset_rele(new, FTAG);
4833 return (error);
4834 }
4835
4836 error = dsl_dataset_space_written(old, new, &zc->zc_cookie,
4837 &zc->zc_objset_type, &zc->zc_perm_action);
4838 dsl_dataset_rele(old, FTAG);
4839 dsl_dataset_rele(new, FTAG);
4840 return (error);
4841}
4842
4843/*
4844 * inputs:
4845 * zc_name full name of last snapshot
4846 * zc_value full name of first snapshot
4847 *
4848 * outputs:
4849 * zc_cookie space in bytes
4850 * zc_objset_type compressed space in bytes
4851 * zc_perm_action uncompressed space in bytes
4852 */
4853static int
4854zfs_ioc_space_snaps(zfs_cmd_t *zc)
4855{
4856 int error;
4857 dsl_dataset_t *new, *old;
4858
4859 error = dsl_dataset_hold(zc->zc_name, FTAG, &new);
4860 if (error != 0)
4861 return (error);
4862 error = dsl_dataset_hold(zc->zc_value, FTAG, &old);
4863 if (error != 0) {
4864 dsl_dataset_rele(new, FTAG);
4865 return (error);
4866 }
4867
4868 error = dsl_dataset_space_wouldfree(old, new, &zc->zc_cookie,
4869 &zc->zc_objset_type, &zc->zc_perm_action);
4870 dsl_dataset_rele(old, FTAG);
4871 dsl_dataset_rele(new, FTAG);
4872 return (error);
4873}
4874
4875/*
4876 * pool create, destroy, and export don't log the history as part of
4877 * zfsdev_ioctl, but rather zfs_ioc_pool_create, and zfs_ioc_pool_export
4878 * do the logging of those commands.
4879 */
4880static int
4881zfs_ioc_jail(zfs_cmd_t *zc)
4882{
4883
4884 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name,
4885 (int)zc->zc_jailid));
4886}
4887
4888static int
4889zfs_ioc_unjail(zfs_cmd_t *zc)
4890{
4891
4892 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name,
4893 (int)zc->zc_jailid));
4894}
4895
4896static zfs_ioc_vec_t zfs_ioc_vec[] = {
4897 { zfs_ioc_pool_create, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4898 B_FALSE },
4899 { zfs_ioc_pool_destroy, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4900 B_FALSE },
4901 { zfs_ioc_pool_import, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4902 B_FALSE },
4903 { zfs_ioc_pool_export, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4904 B_FALSE },
4905 { zfs_ioc_pool_configs, zfs_secpolicy_none, NO_NAME, B_FALSE,
4906 B_FALSE },
4907 { zfs_ioc_pool_stats, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4908 B_FALSE },
4909 { zfs_ioc_pool_tryimport, zfs_secpolicy_config, NO_NAME, B_FALSE,
4910 B_FALSE },
4911 { zfs_ioc_pool_scan, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4912 B_TRUE },
4913 { zfs_ioc_pool_freeze, zfs_secpolicy_config, NO_NAME, B_FALSE,
4914 B_FALSE },
4915 { zfs_ioc_pool_upgrade, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4916 B_TRUE },
4917 { zfs_ioc_pool_get_history, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4918 B_FALSE },
4919 { zfs_ioc_vdev_add, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4920 B_TRUE },
4921 { zfs_ioc_vdev_remove, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4922 B_TRUE },
4923 { zfs_ioc_vdev_set_state, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4924 B_FALSE },
4925 { zfs_ioc_vdev_attach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4926 B_TRUE },
4927 { zfs_ioc_vdev_detach, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4928 B_TRUE },
4929 { zfs_ioc_vdev_setpath, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4930 B_TRUE },
4931 { zfs_ioc_vdev_setfru, zfs_secpolicy_config, POOL_NAME, B_FALSE,
4932 B_TRUE },
4933 { zfs_ioc_objset_stats, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4934 B_TRUE },
4935 { zfs_ioc_objset_zplprops, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4936 B_FALSE },
4937 { zfs_ioc_dataset_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4938 B_TRUE },
4939 { zfs_ioc_snapshot_list_next, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4940 B_TRUE },
4941 { zfs_ioc_set_prop, zfs_secpolicy_none, DATASET_NAME, B_TRUE, B_TRUE },
4942 { zfs_ioc_create, zfs_secpolicy_create, DATASET_NAME, B_TRUE, B_TRUE },
4943 { zfs_ioc_destroy, zfs_secpolicy_destroy, DATASET_NAME, B_TRUE,
4944 B_TRUE},
4945 { zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, B_TRUE,
4946 B_TRUE },
4947 { zfs_ioc_rename, zfs_secpolicy_rename, DATASET_NAME, B_TRUE, B_TRUE },
4948 { zfs_ioc_recv, zfs_secpolicy_receive, DATASET_NAME, B_TRUE, B_TRUE },
4949 { zfs_ioc_send, zfs_secpolicy_send, DATASET_NAME, B_FALSE, B_FALSE },
4950 { zfs_ioc_inject_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4951 B_FALSE },
4952 { zfs_ioc_clear_fault, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4953 B_FALSE },
4954 { zfs_ioc_inject_list_next, zfs_secpolicy_inject, NO_NAME, B_FALSE,
4955 B_FALSE },
4956 { zfs_ioc_error_log, zfs_secpolicy_inject, POOL_NAME, B_FALSE,
4957 B_FALSE },
4958 { zfs_ioc_clear, zfs_secpolicy_config, POOL_NAME, B_TRUE, B_FALSE },
4959 { zfs_ioc_promote, zfs_secpolicy_promote, DATASET_NAME, B_TRUE,
4960 B_TRUE },
4961 { zfs_ioc_destroy_snaps_nvl, zfs_secpolicy_destroy_recursive, DATASET_NAME,
4962 B_TRUE, B_TRUE },
4963 { zfs_ioc_snapshot, zfs_secpolicy_snapshot, DATASET_NAME, B_TRUE,
4964 B_TRUE },
4965 { zfs_ioc_dsobj_to_dsname, zfs_secpolicy_diff, POOL_NAME, B_FALSE,
4966 B_FALSE },
4967 { zfs_ioc_obj_to_path, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
4968 B_TRUE },
4969 { zfs_ioc_pool_set_props, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4970 B_TRUE },
4971 { zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME, B_FALSE,
4972 B_FALSE },
4973 { zfs_ioc_set_fsacl, zfs_secpolicy_fsacl, DATASET_NAME, B_TRUE,
4974 B_TRUE },
4975 { zfs_ioc_get_fsacl, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4976 B_FALSE },
4977 { zfs_ioc_share, zfs_secpolicy_share, DATASET_NAME, B_FALSE, B_FALSE },
4978 { zfs_ioc_inherit_prop, zfs_secpolicy_inherit, DATASET_NAME, B_TRUE,
4979 B_TRUE },
4980 { zfs_ioc_smb_acl, zfs_secpolicy_smb_acl, DATASET_NAME, B_FALSE,
4981 B_FALSE },
4982 { zfs_ioc_userspace_one, zfs_secpolicy_userspace_one,
4983 DATASET_NAME, B_FALSE, B_FALSE },
4984 { zfs_ioc_userspace_many, zfs_secpolicy_userspace_many,
4985 DATASET_NAME, B_FALSE, B_FALSE },
4986 { zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
4987 DATASET_NAME, B_FALSE, B_TRUE },
4988 { zfs_ioc_hold, zfs_secpolicy_hold, DATASET_NAME, B_TRUE, B_TRUE },
4989 { zfs_ioc_release, zfs_secpolicy_release, DATASET_NAME, B_TRUE,
4990 B_TRUE },
4991 { zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4992 B_TRUE },
4993 { zfs_ioc_objset_recvd_props, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4994 B_FALSE },
4995 { zfs_ioc_vdev_split, zfs_secpolicy_config, POOL_NAME, B_TRUE,
4996 B_TRUE },
4997 { zfs_ioc_next_obj, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
4998 B_FALSE },
4999 { zfs_ioc_diff, zfs_secpolicy_diff, DATASET_NAME, B_FALSE, B_FALSE },
5000 { zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, DATASET_NAME,
5001 B_FALSE, B_FALSE },
5002 { zfs_ioc_obj_to_stats, zfs_secpolicy_diff, DATASET_NAME, B_FALSE,
5003 B_TRUE },
5004 { zfs_ioc_jail, zfs_secpolicy_config, DATASET_NAME, B_TRUE, B_FALSE },
5005 { zfs_ioc_unjail, zfs_secpolicy_config, DATASET_NAME, B_TRUE, B_FALSE },
5006 { zfs_ioc_pool_reguid, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5007 B_TRUE },
5008 { zfs_ioc_space_written, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5009 B_TRUE },
5010 { zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5011 B_TRUE },
5012 { zfs_ioc_send_progress, zfs_secpolicy_read, DATASET_NAME, B_FALSE,
5013 B_FALSE },
5014 { zfs_ioc_pool_reopen, zfs_secpolicy_config, POOL_NAME, B_TRUE,
5015 B_TRUE },
5016};
5017
5018int
5019pool_status_check(const char *name, zfs_ioc_namecheck_t type)
5020{
5021 spa_t *spa;
5022 int error;
5023
5024 ASSERT(type == POOL_NAME || type == DATASET_NAME);
5025
5026 error = spa_open(name, &spa, FTAG);
5027 if (error == 0) {
5028 if (spa_suspended(spa))
5029 error = EAGAIN;
5030 spa_close(spa, FTAG);
5031 }
5032 return (error);
5033}
5034
5035/*
5036 * Find a free minor number.
5037 */
5038minor_t
5039zfsdev_minor_alloc(void)
5040{
5041 static minor_t last_minor;
5042 minor_t m;
5043
5044 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5045
5046 for (m = last_minor + 1; m != last_minor; m++) {
5047 if (m > ZFSDEV_MAX_MINOR)
5048 m = 1;
5049 if (ddi_get_soft_state(zfsdev_state, m) == NULL) {
5050 last_minor = m;
5051 return (m);
5052 }
5053 }
5054
5055 return (0);
5056}
5057
5058static int
5059zfs_ctldev_init(struct cdev *devp)
5060{
5061 minor_t minor;
5062 zfs_soft_state_t *zs;
5063
5064 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5065
5066 minor = zfsdev_minor_alloc();
5067 if (minor == 0)
5068 return (ENXIO);
5069
5070 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS)
5071 return (EAGAIN);
5072
5073 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close);
5074
5075 zs = ddi_get_soft_state(zfsdev_state, minor);
5076 zs->zss_type = ZSST_CTLDEV;
5077 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data);
5078
5079 return (0);
5080}
5081
5082static void
5083zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor)
5084{
5085 ASSERT(MUTEX_HELD(&spa_namespace_lock));
5086
5087 zfs_onexit_destroy(zo);
5088 ddi_soft_state_free(zfsdev_state, minor);
5089}
5090
5091void *
5092zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which)
5093{
5094 zfs_soft_state_t *zp;
5095
5096 zp = ddi_get_soft_state(zfsdev_state, minor);
5097 if (zp == NULL || zp->zss_type != which)
5098 return (NULL);
5099
5100 return (zp->zss_data);
5101}
5102
5103static int
5104zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td)
5105{
5106 int error = 0;
5107
5108#ifdef sun
5109 if (getminor(*devp) != 0)
5110 return (zvol_open(devp, flag, otyp, cr));
5111#endif
5112
5113 /* This is the control device. Allocate a new minor if requested. */
5114 if (flag & FEXCL) {
5115 mutex_enter(&spa_namespace_lock);
5116 error = zfs_ctldev_init(devp);
5117 mutex_exit(&spa_namespace_lock);
5118 }
5119
5120 return (error);
5121}
5122
5123static void
5124zfsdev_close(void *data)
5125{
5126 zfs_onexit_t *zo;
5127 minor_t minor = (minor_t)(uintptr_t)data;
5128
5129 if (minor == 0)
5130 return;
5131
5132 mutex_enter(&spa_namespace_lock);
5133 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV);
5134 if (zo == NULL) {
5135 mutex_exit(&spa_namespace_lock);
5136 return;
5137 }
5138 zfs_ctldev_destroy(zo, minor);
5139 mutex_exit(&spa_namespace_lock);
5140}
5141
5142static int
5143zfsdev_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
5144 struct thread *td)
5145{
5146 zfs_cmd_t *zc;
5147 uint_t vec;
5148 int cflag, error, len;
5149
5150 cflag = ZFS_CMD_COMPAT_NONE;
5151 len = IOCPARM_LEN(cmd);
5152
5153 /*
5154 * Check if we have sufficient kernel memory allocated
5155 * for the zfs_cmd_t request. Bail out if not so we
5156 * will not access undefined memory region.
5157 */
5158 if (len < sizeof(zfs_cmd_t))
5159 if (len == sizeof(zfs_cmd_v15_t)) {
5160 cflag = ZFS_CMD_COMPAT_V15;
5161 vec = zfs_ioctl_v15_to_v28[ZFS_IOC(cmd)];
5162 } else
5163 return (EINVAL);
5164 else
5165 vec = ZFS_IOC(cmd);
5166
5167 if (cflag != ZFS_CMD_COMPAT_NONE) {
5168 if (vec == ZFS_IOC_COMPAT_PASS)
5169 return (0);
5170 else if (vec == ZFS_IOC_COMPAT_FAIL)
5171 return (ENOTSUP);
5172 }
5173
5174 if (vec >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
5175 return (EINVAL);
5176
5177 if (cflag != ZFS_CMD_COMPAT_NONE) {
5178 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP);
5179 bzero(zc, sizeof(zfs_cmd_t));
5180 zfs_cmd_compat_get(zc, addr, cflag);
5181 zfs_ioctl_compat_pre(zc, &vec, cflag);
5182 } else {
5183 zc = (void *)addr;
5184 }
5185
5186 error = zfs_ioc_vec[vec].zvec_secpolicy(zc, td->td_ucred);
5187
5188 /*
5189 * Ensure that all pool/dataset names are valid before we pass down to
5190 * the lower layers.
5191 */
5192 if (error == 0) {
5193 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
5194 zc->zc_iflags = flag & FKIOCTL;
5195 switch (zfs_ioc_vec[vec].zvec_namecheck) {
5196 case POOL_NAME:
5197 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
5198 error = EINVAL;
5199 if (zfs_ioc_vec[vec].zvec_pool_check)
5200 error = pool_status_check(zc->zc_name,
5201 zfs_ioc_vec[vec].zvec_namecheck);
5202 break;
5203
5204 case DATASET_NAME:
5205 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
5206 error = EINVAL;
5207 if (zfs_ioc_vec[vec].zvec_pool_check)
5208 error = pool_status_check(zc->zc_name,
5209 zfs_ioc_vec[vec].zvec_namecheck);
5210 break;
5211
5212 case NO_NAME:
5213 break;
5214 }
5215 }
5216
5217 if (error == 0)
5218 error = zfs_ioc_vec[vec].zvec_func(zc);
5219
5220 if (error == 0) {
5221 if (zfs_ioc_vec[vec].zvec_his_log)
5222 zfs_log_history(zc);
5223 }
5224
5225 if (cflag != ZFS_CMD_COMPAT_NONE) {
5226 zfs_ioctl_compat_post(zc, ZFS_IOC(cmd), cflag);
5227 zfs_cmd_compat_put(zc, addr, cflag);
5228 kmem_free(zc, sizeof(zfs_cmd_t));
5229 }
5230
5231 return (error);
5232}
5233
5234#ifdef sun
5235static int
5236zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
5237{
5238 if (cmd != DDI_ATTACH)
5239 return (DDI_FAILURE);
5240
5241 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0,
5242 DDI_PSEUDO, 0) == DDI_FAILURE)
5243 return (DDI_FAILURE);
5244
5245 zfs_dip = dip;
5246
5247 ddi_report_dev(dip);
5248
5249 return (DDI_SUCCESS);
5250}
5251
5252static int
5253zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
5254{
5255 if (spa_busy() || zfs_busy() || zvol_busy())
5256 return (DDI_FAILURE);
5257
5258 if (cmd != DDI_DETACH)
5259 return (DDI_FAILURE);
5260
5261 zfs_dip = NULL;
5262
5263 ddi_prop_remove_all(dip);
5264 ddi_remove_minor_node(dip, NULL);
5265
5266 return (DDI_SUCCESS);
5267}
5268
5269/*ARGSUSED*/
5270static int
5271zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
5272{
5273 switch (infocmd) {
5274 case DDI_INFO_DEVT2DEVINFO:
5275 *result = zfs_dip;
5276 return (DDI_SUCCESS);
5277
5278 case DDI_INFO_DEVT2INSTANCE:
5279 *result = (void *)0;
5280 return (DDI_SUCCESS);
5281 }
5282
5283 return (DDI_FAILURE);
5284}
5285#endif /* sun */
5286
5287/*
5288 * OK, so this is a little weird.
5289 *
5290 * /dev/zfs is the control node, i.e. minor 0.
5291 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0.
5292 *
5293 * /dev/zfs has basically nothing to do except serve up ioctls,
5294 * so most of the standard driver entry points are in zvol.c.
5295 */
5296#ifdef sun
5297static struct cb_ops zfs_cb_ops = {
5298 zfsdev_open, /* open */
5299 zfsdev_close, /* close */
5300 zvol_strategy, /* strategy */
5301 nodev, /* print */
5302 zvol_dump, /* dump */
5303 zvol_read, /* read */
5304 zvol_write, /* write */
5305 zfsdev_ioctl, /* ioctl */
5306 nodev, /* devmap */
5307 nodev, /* mmap */
5308 nodev, /* segmap */
5309 nochpoll, /* poll */
5310 ddi_prop_op, /* prop_op */
5311 NULL, /* streamtab */
5312 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */
5313 CB_REV, /* version */
5314 nodev, /* async read */
5315 nodev, /* async write */
5316};
5317
5318static struct dev_ops zfs_dev_ops = {
5319 DEVO_REV, /* version */
5320 0, /* refcnt */
5321 zfs_info, /* info */
5322 nulldev, /* identify */
5323 nulldev, /* probe */
5324 zfs_attach, /* attach */
5325 zfs_detach, /* detach */
5326 nodev, /* reset */
5327 &zfs_cb_ops, /* driver operations */
5328 NULL, /* no bus operations */
5329 NULL, /* power */
5330 ddi_quiesce_not_needed, /* quiesce */
5331};
5332
5333static struct modldrv zfs_modldrv = {
5334 &mod_driverops,
5335 "ZFS storage pool",
5336 &zfs_dev_ops
5337};
5338
5339static struct modlinkage modlinkage = {
5340 MODREV_1,
5341 (void *)&zfs_modlfs,
5342 (void *)&zfs_modldrv,
5343 NULL
5344};
5345#endif /* sun */
5346
5347static struct cdevsw zfs_cdevsw = {
5348 .d_version = D_VERSION,
5349 .d_open = zfsdev_open,
5350 .d_ioctl = zfsdev_ioctl,
5351 .d_name = ZFS_DEV_NAME
5352};
5353
5354static void
5355zfsdev_init(void)
5356{
5357 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666,
5358 ZFS_DEV_NAME);
5359}
5360
5361static void
5362zfsdev_fini(void)
5363{
5364 if (zfsdev != NULL)
5365 destroy_dev(zfsdev);
5366}
5367
5368static struct root_hold_token *zfs_root_token;
5369struct proc *zfsproc;
5370
5371uint_t zfs_fsyncer_key;
5372extern uint_t rrw_tsd_key;
5373
5374#ifdef sun
5375int
5376_init(void)
5377{
5378 int error;
5379
5380 spa_init(FREAD | FWRITE);
5381 zfs_init();
5382 zvol_init();
5383
5384 if ((error = mod_install(&modlinkage)) != 0) {
5385 zvol_fini();
5386 zfs_fini();
5387 spa_fini();
5388 return (error);
5389 }
5390
5391 tsd_create(&zfs_fsyncer_key, NULL);
5392 tsd_create(&rrw_tsd_key, NULL);
5393
5394 error = ldi_ident_from_mod(&modlinkage, &zfs_li);
5395 ASSERT(error == 0);
5396 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5397
5398 return (0);
5399}
5400
5401int
5402_fini(void)
5403{
5404 int error;
5405
5406 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled)
5407 return (EBUSY);
5408
5409 if ((error = mod_remove(&modlinkage)) != 0)
5410 return (error);
5411
5412 zvol_fini();
5413 zfs_fini();
5414 spa_fini();
5415 if (zfs_nfsshare_inited)
5416 (void) ddi_modclose(nfs_mod);
5417 if (zfs_smbshare_inited)
5418 (void) ddi_modclose(smbsrv_mod);
5419 if (zfs_nfsshare_inited || zfs_smbshare_inited)
5420 (void) ddi_modclose(sharefs_mod);
5421
5422 tsd_destroy(&zfs_fsyncer_key);
5423 ldi_ident_release(zfs_li);
5424 zfs_li = NULL;
5425 mutex_destroy(&zfs_share_lock);
5426
5427 return (error);
5428}
5429
5430int
5431_info(struct modinfo *modinfop)
5432{
5433 return (mod_info(&modlinkage, modinfop));
5434}
5435#endif /* sun */
5436
5437static int
5438zfs_modevent(module_t mod, int type, void *unused __unused)
5439{
5440 int error = 0;
5441
5442 switch (type) {
5443 case MOD_LOAD:
5444 zfs_root_token = root_mount_hold("ZFS");
5445
5446 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL);
5447
5448 spa_init(FREAD | FWRITE);
5449 zfs_init();
5450 zvol_init();
5451
5452 tsd_create(&zfs_fsyncer_key, NULL);
5453 tsd_create(&rrw_tsd_key, NULL);
5454
5455 printf("ZFS storage pool version " SPA_VERSION_STRING "\n");
5456 root_mount_rel(zfs_root_token);
5457
5458 zfsdev_init();
5459 break;
5460 case MOD_UNLOAD:
5461 if (spa_busy() || zfs_busy() || zvol_busy() ||
5462 zio_injection_enabled) {
5463 error = EBUSY;
5464 break;
5465 }
5466
5467 zfsdev_fini();
5468 zvol_fini();
5469 zfs_fini();
5470 spa_fini();
5471
5472 tsd_destroy(&zfs_fsyncer_key);
5473 tsd_destroy(&rrw_tsd_key);
5474
5475 mutex_destroy(&zfs_share_lock);
5476 break;
5477 default:
5478 error = EOPNOTSUPP;
5479 break;
5480 }
5481 return (error);
5482}
5483
5484static moduledata_t zfs_mod = {
5485 "zfsctrl",
5486 zfs_modevent,
5487 0
5488};
5489DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY);
5490MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1);
5491MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1);
5492MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1);