zfs_ioctl.c revision 300482
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22/* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek <pawel@dawidek.net>. 25 * All rights reserved. 26 * Copyright 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved. 27 * Copyright 2014 Xin Li <delphij@FreeBSD.org>. All rights reserved. 28 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 29 * Copyright 2015 Nexenta Systems, Inc. All rights reserved. 30 * Copyright (c) 2014, Joyent, Inc. All rights reserved. 31 * Copyright (c) 2011, 2015 by Delphix. All rights reserved. 32 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 33 * Copyright (c) 2013 Steven Hartland. All rights reserved. 34 * Copyright (c) 2014 Integros [integros.com] 35 */ 36 37/* 38 * ZFS ioctls. 39 * 40 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 41 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 42 * 43 * There are two ways that we handle ioctls: the legacy way where almost 44 * all of the logic is in the ioctl callback, and the new way where most 45 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 46 * 47 * Non-legacy ioctls should be registered by calling 48 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 49 * from userland by lzc_ioctl(). 50 * 51 * The registration arguments are as follows: 52 * 53 * const char *name 54 * The name of the ioctl. This is used for history logging. If the 55 * ioctl returns successfully (the callback returns 0), and allow_log 56 * is true, then a history log entry will be recorded with the input & 57 * output nvlists. The log entry can be printed with "zpool history -i". 58 * 59 * zfs_ioc_t ioc 60 * The ioctl request number, which userland will pass to ioctl(2). 61 * The ioctl numbers can change from release to release, because 62 * the caller (libzfs) must be matched to the kernel. 63 * 64 * zfs_secpolicy_func_t *secpolicy 65 * This function will be called before the zfs_ioc_func_t, to 66 * determine if this operation is permitted. It should return EPERM 67 * on failure, and 0 on success. Checks include determining if the 68 * dataset is visible in this zone, and if the user has either all 69 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 70 * to do this operation on this dataset with "zfs allow". 71 * 72 * zfs_ioc_namecheck_t namecheck 73 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 74 * name, a dataset name, or nothing. If the name is not well-formed, 75 * the ioctl will fail and the callback will not be called. 76 * Therefore, the callback can assume that the name is well-formed 77 * (e.g. is null-terminated, doesn't have more than one '@' character, 78 * doesn't have invalid characters). 79 * 80 * zfs_ioc_poolcheck_t pool_check 81 * This specifies requirements on the pool state. If the pool does 82 * not meet them (is suspended or is readonly), the ioctl will fail 83 * and the callback will not be called. If any checks are specified 84 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 85 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 86 * POOL_CHECK_READONLY). 87 * 88 * boolean_t smush_outnvlist 89 * If smush_outnvlist is true, then the output is presumed to be a 90 * list of errors, and it will be "smushed" down to fit into the 91 * caller's buffer, by removing some entries and replacing them with a 92 * single "N_MORE_ERRORS" entry indicating how many were removed. See 93 * nvlist_smush() for details. If smush_outnvlist is false, and the 94 * outnvlist does not fit into the userland-provided buffer, then the 95 * ioctl will fail with ENOMEM. 96 * 97 * zfs_ioc_func_t *func 98 * The callback function that will perform the operation. 99 * 100 * The callback should return 0 on success, or an error number on 101 * failure. If the function fails, the userland ioctl will return -1, 102 * and errno will be set to the callback's return value. The callback 103 * will be called with the following arguments: 104 * 105 * const char *name 106 * The name of the pool or dataset to operate on, from 107 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 108 * expected type (pool, dataset, or none). 109 * 110 * nvlist_t *innvl 111 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 112 * NULL if no input nvlist was provided. Changes to this nvlist are 113 * ignored. If the input nvlist could not be deserialized, the 114 * ioctl will fail and the callback will not be called. 115 * 116 * nvlist_t *outnvl 117 * The output nvlist, initially empty. The callback can fill it in, 118 * and it will be returned to userland by serializing it into 119 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 120 * fails (e.g. because the caller didn't supply a large enough 121 * buffer), then the overall ioctl will fail. See the 122 * 'smush_nvlist' argument above for additional behaviors. 123 * 124 * There are two typical uses of the output nvlist: 125 * - To return state, e.g. property values. In this case, 126 * smush_outnvlist should be false. If the buffer was not large 127 * enough, the caller will reallocate a larger buffer and try 128 * the ioctl again. 129 * 130 * - To return multiple errors from an ioctl which makes on-disk 131 * changes. In this case, smush_outnvlist should be true. 132 * Ioctls which make on-disk modifications should generally not 133 * use the outnvl if they succeed, because the caller can not 134 * distinguish between the operation failing, and 135 * deserialization failing. 136 */ 137#ifdef __FreeBSD__ 138#include "opt_kstack_pages.h" 139#endif 140 141#include <sys/types.h> 142#include <sys/param.h> 143#include <sys/systm.h> 144#include <sys/conf.h> 145#include <sys/kernel.h> 146#include <sys/lock.h> 147#include <sys/malloc.h> 148#include <sys/mutex.h> 149#include <sys/proc.h> 150#include <sys/errno.h> 151#include <sys/uio.h> 152#include <sys/buf.h> 153#include <sys/file.h> 154#include <sys/kmem.h> 155#include <sys/conf.h> 156#include <sys/cmn_err.h> 157#include <sys/stat.h> 158#include <sys/zfs_ioctl.h> 159#include <sys/zfs_vfsops.h> 160#include <sys/zfs_znode.h> 161#include <sys/zap.h> 162#include <sys/spa.h> 163#include <sys/spa_impl.h> 164#include <sys/vdev.h> 165#include <sys/dmu.h> 166#include <sys/dsl_dir.h> 167#include <sys/dsl_dataset.h> 168#include <sys/dsl_prop.h> 169#include <sys/dsl_deleg.h> 170#include <sys/dmu_objset.h> 171#include <sys/dmu_impl.h> 172#include <sys/dmu_tx.h> 173#include <sys/sunddi.h> 174#include <sys/policy.h> 175#include <sys/zone.h> 176#include <sys/nvpair.h> 177#include <sys/mount.h> 178#include <sys/taskqueue.h> 179#include <sys/sdt.h> 180#include <sys/varargs.h> 181#include <sys/fs/zfs.h> 182#include <sys/zfs_ctldir.h> 183#include <sys/zfs_dir.h> 184#include <sys/zfs_onexit.h> 185#include <sys/zvol.h> 186#include <sys/dsl_scan.h> 187#include <sys/dmu_objset.h> 188#include <sys/dmu_send.h> 189#include <sys/dsl_destroy.h> 190#include <sys/dsl_bookmark.h> 191#include <sys/dsl_userhold.h> 192#include <sys/zfeature.h> 193#include <sys/zio_checksum.h> 194 195#include "zfs_namecheck.h" 196#include "zfs_prop.h" 197#include "zfs_deleg.h" 198#include "zfs_comutil.h" 199#include "zfs_ioctl_compat.h" 200 201CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX); 202 203static struct cdev *zfsdev; 204 205extern void zfs_init(void); 206extern void zfs_fini(void); 207 208uint_t zfs_fsyncer_key; 209extern uint_t rrw_tsd_key; 210static uint_t zfs_allow_log_key; 211 212typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 213typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 214typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 215 216typedef enum { 217 NO_NAME, 218 POOL_NAME, 219 DATASET_NAME 220} zfs_ioc_namecheck_t; 221 222typedef enum { 223 POOL_CHECK_NONE = 1 << 0, 224 POOL_CHECK_SUSPENDED = 1 << 1, 225 POOL_CHECK_READONLY = 1 << 2, 226} zfs_ioc_poolcheck_t; 227 228typedef struct zfs_ioc_vec { 229 zfs_ioc_legacy_func_t *zvec_legacy_func; 230 zfs_ioc_func_t *zvec_func; 231 zfs_secpolicy_func_t *zvec_secpolicy; 232 zfs_ioc_namecheck_t zvec_namecheck; 233 boolean_t zvec_allow_log; 234 zfs_ioc_poolcheck_t zvec_pool_check; 235 boolean_t zvec_smush_outnvlist; 236 const char *zvec_name; 237} zfs_ioc_vec_t; 238 239/* This array is indexed by zfs_userquota_prop_t */ 240static const char *userquota_perms[] = { 241 ZFS_DELEG_PERM_USERUSED, 242 ZFS_DELEG_PERM_USERQUOTA, 243 ZFS_DELEG_PERM_GROUPUSED, 244 ZFS_DELEG_PERM_GROUPQUOTA, 245}; 246 247static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 248static int zfs_check_settable(const char *name, nvpair_t *property, 249 cred_t *cr); 250static int zfs_check_clearable(char *dataset, nvlist_t *props, 251 nvlist_t **errors); 252static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 253 boolean_t *); 254int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 255static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 256 257static void zfsdev_close(void *data); 258 259static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 260 261/* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 262void 263__dprintf(const char *file, const char *func, int line, const char *fmt, ...) 264{ 265 const char *newfile; 266 char buf[512]; 267 va_list adx; 268 269 /* 270 * Get rid of annoying "../common/" prefix to filename. 271 */ 272 newfile = strrchr(file, '/'); 273 if (newfile != NULL) { 274 newfile = newfile + 1; /* Get rid of leading / */ 275 } else { 276 newfile = file; 277 } 278 279 va_start(adx, fmt); 280 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 281 va_end(adx); 282 283 /* 284 * To get this data, use the zfs-dprintf probe as so: 285 * dtrace -q -n 'zfs-dprintf \ 286 * /stringof(arg0) == "dbuf.c"/ \ 287 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 288 * arg0 = file name 289 * arg1 = function name 290 * arg2 = line number 291 * arg3 = message 292 */ 293 DTRACE_PROBE4(zfs__dprintf, 294 char *, newfile, char *, func, int, line, char *, buf); 295} 296 297static void 298history_str_free(char *buf) 299{ 300 kmem_free(buf, HIS_MAX_RECORD_LEN); 301} 302 303static char * 304history_str_get(zfs_cmd_t *zc) 305{ 306 char *buf; 307 308 if (zc->zc_history == 0) 309 return (NULL); 310 311 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 312 if (copyinstr((void *)(uintptr_t)zc->zc_history, 313 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 314 history_str_free(buf); 315 return (NULL); 316 } 317 318 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 319 320 return (buf); 321} 322 323/* 324 * Check to see if the named dataset is currently defined as bootable 325 */ 326static boolean_t 327zfs_is_bootfs(const char *name) 328{ 329 objset_t *os; 330 331 if (dmu_objset_hold(name, FTAG, &os) == 0) { 332 boolean_t ret; 333 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 334 dmu_objset_rele(os, FTAG); 335 return (ret); 336 } 337 return (B_FALSE); 338} 339 340/* 341 * Return non-zero if the spa version is less than requested version. 342 */ 343static int 344zfs_earlier_version(const char *name, int version) 345{ 346 spa_t *spa; 347 348 if (spa_open(name, &spa, FTAG) == 0) { 349 if (spa_version(spa) < version) { 350 spa_close(spa, FTAG); 351 return (1); 352 } 353 spa_close(spa, FTAG); 354 } 355 return (0); 356} 357 358/* 359 * Return TRUE if the ZPL version is less than requested version. 360 */ 361static boolean_t 362zpl_earlier_version(const char *name, int version) 363{ 364 objset_t *os; 365 boolean_t rc = B_TRUE; 366 367 if (dmu_objset_hold(name, FTAG, &os) == 0) { 368 uint64_t zplversion; 369 370 if (dmu_objset_type(os) != DMU_OST_ZFS) { 371 dmu_objset_rele(os, FTAG); 372 return (B_TRUE); 373 } 374 /* XXX reading from non-owned objset */ 375 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 376 rc = zplversion < version; 377 dmu_objset_rele(os, FTAG); 378 } 379 return (rc); 380} 381 382static void 383zfs_log_history(zfs_cmd_t *zc) 384{ 385 spa_t *spa; 386 char *buf; 387 388 if ((buf = history_str_get(zc)) == NULL) 389 return; 390 391 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 392 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 393 (void) spa_history_log(spa, buf); 394 spa_close(spa, FTAG); 395 } 396 history_str_free(buf); 397} 398 399/* 400 * Policy for top-level read operations (list pools). Requires no privileges, 401 * and can be used in the local zone, as there is no associated dataset. 402 */ 403/* ARGSUSED */ 404static int 405zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 406{ 407 return (0); 408} 409 410/* 411 * Policy for dataset read operations (list children, get statistics). Requires 412 * no privileges, but must be visible in the local zone. 413 */ 414/* ARGSUSED */ 415static int 416zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 417{ 418 if (INGLOBALZONE(curthread) || 419 zone_dataset_visible(zc->zc_name, NULL)) 420 return (0); 421 422 return (SET_ERROR(ENOENT)); 423} 424 425static int 426zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 427{ 428 int writable = 1; 429 430 /* 431 * The dataset must be visible by this zone -- check this first 432 * so they don't see EPERM on something they shouldn't know about. 433 */ 434 if (!INGLOBALZONE(curthread) && 435 !zone_dataset_visible(dataset, &writable)) 436 return (SET_ERROR(ENOENT)); 437 438 if (INGLOBALZONE(curthread)) { 439 /* 440 * If the fs is zoned, only root can access it from the 441 * global zone. 442 */ 443 if (secpolicy_zfs(cr) && zoned) 444 return (SET_ERROR(EPERM)); 445 } else { 446 /* 447 * If we are in a local zone, the 'zoned' property must be set. 448 */ 449 if (!zoned) 450 return (SET_ERROR(EPERM)); 451 452 /* must be writable by this zone */ 453 if (!writable) 454 return (SET_ERROR(EPERM)); 455 } 456 return (0); 457} 458 459static int 460zfs_dozonecheck(const char *dataset, cred_t *cr) 461{ 462 uint64_t zoned; 463 464 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL)) 465 return (SET_ERROR(ENOENT)); 466 467 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 468} 469 470static int 471zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 472{ 473 uint64_t zoned; 474 475 if (dsl_prop_get_int_ds(ds, "jailed", &zoned)) 476 return (SET_ERROR(ENOENT)); 477 478 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 479} 480 481static int 482zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 483 const char *perm, cred_t *cr) 484{ 485 int error; 486 487 error = zfs_dozonecheck_ds(name, ds, cr); 488 if (error == 0) { 489 error = secpolicy_zfs(cr); 490 if (error != 0) 491 error = dsl_deleg_access_impl(ds, perm, cr); 492 } 493 return (error); 494} 495 496static int 497zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 498{ 499 int error; 500 dsl_dataset_t *ds; 501 dsl_pool_t *dp; 502 503 error = dsl_pool_hold(name, FTAG, &dp); 504 if (error != 0) 505 return (error); 506 507 error = dsl_dataset_hold(dp, name, FTAG, &ds); 508 if (error != 0) { 509 dsl_pool_rele(dp, FTAG); 510 return (error); 511 } 512 513 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 514 515 dsl_dataset_rele(ds, FTAG); 516 dsl_pool_rele(dp, FTAG); 517 return (error); 518} 519 520#ifdef SECLABEL 521/* 522 * Policy for setting the security label property. 523 * 524 * Returns 0 for success, non-zero for access and other errors. 525 */ 526static int 527zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 528{ 529 char ds_hexsl[MAXNAMELEN]; 530 bslabel_t ds_sl, new_sl; 531 boolean_t new_default = FALSE; 532 uint64_t zoned; 533 int needed_priv = -1; 534 int error; 535 536 /* First get the existing dataset label. */ 537 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 538 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 539 if (error != 0) 540 return (SET_ERROR(EPERM)); 541 542 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 543 new_default = TRUE; 544 545 /* The label must be translatable */ 546 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 547 return (SET_ERROR(EINVAL)); 548 549 /* 550 * In a non-global zone, disallow attempts to set a label that 551 * doesn't match that of the zone; otherwise no other checks 552 * are needed. 553 */ 554 if (!INGLOBALZONE(curproc)) { 555 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 556 return (SET_ERROR(EPERM)); 557 return (0); 558 } 559 560 /* 561 * For global-zone datasets (i.e., those whose zoned property is 562 * "off", verify that the specified new label is valid for the 563 * global zone. 564 */ 565 if (dsl_prop_get_integer(name, 566 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 567 return (SET_ERROR(EPERM)); 568 if (!zoned) { 569 if (zfs_check_global_label(name, strval) != 0) 570 return (SET_ERROR(EPERM)); 571 } 572 573 /* 574 * If the existing dataset label is nondefault, check if the 575 * dataset is mounted (label cannot be changed while mounted). 576 * Get the zfsvfs; if there isn't one, then the dataset isn't 577 * mounted (or isn't a dataset, doesn't exist, ...). 578 */ 579 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 580 objset_t *os; 581 static char *setsl_tag = "setsl_tag"; 582 583 /* 584 * Try to own the dataset; abort if there is any error, 585 * (e.g., already mounted, in use, or other error). 586 */ 587 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 588 setsl_tag, &os); 589 if (error != 0) 590 return (SET_ERROR(EPERM)); 591 592 dmu_objset_disown(os, setsl_tag); 593 594 if (new_default) { 595 needed_priv = PRIV_FILE_DOWNGRADE_SL; 596 goto out_check; 597 } 598 599 if (hexstr_to_label(strval, &new_sl) != 0) 600 return (SET_ERROR(EPERM)); 601 602 if (blstrictdom(&ds_sl, &new_sl)) 603 needed_priv = PRIV_FILE_DOWNGRADE_SL; 604 else if (blstrictdom(&new_sl, &ds_sl)) 605 needed_priv = PRIV_FILE_UPGRADE_SL; 606 } else { 607 /* dataset currently has a default label */ 608 if (!new_default) 609 needed_priv = PRIV_FILE_UPGRADE_SL; 610 } 611 612out_check: 613 if (needed_priv != -1) 614 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 615 return (0); 616} 617#endif /* SECLABEL */ 618 619static int 620zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 621 cred_t *cr) 622{ 623 char *strval; 624 625 /* 626 * Check permissions for special properties. 627 */ 628 switch (prop) { 629 case ZFS_PROP_ZONED: 630 /* 631 * Disallow setting of 'zoned' from within a local zone. 632 */ 633 if (!INGLOBALZONE(curthread)) 634 return (SET_ERROR(EPERM)); 635 break; 636 637 case ZFS_PROP_QUOTA: 638 case ZFS_PROP_FILESYSTEM_LIMIT: 639 case ZFS_PROP_SNAPSHOT_LIMIT: 640 if (!INGLOBALZONE(curthread)) { 641 uint64_t zoned; 642 char setpoint[MAXNAMELEN]; 643 /* 644 * Unprivileged users are allowed to modify the 645 * limit on things *under* (ie. contained by) 646 * the thing they own. 647 */ 648 if (dsl_prop_get_integer(dsname, "jailed", &zoned, 649 setpoint)) 650 return (SET_ERROR(EPERM)); 651 if (!zoned || strlen(dsname) <= strlen(setpoint)) 652 return (SET_ERROR(EPERM)); 653 } 654 break; 655 656 case ZFS_PROP_MLSLABEL: 657#ifdef SECLABEL 658 if (!is_system_labeled()) 659 return (SET_ERROR(EPERM)); 660 661 if (nvpair_value_string(propval, &strval) == 0) { 662 int err; 663 664 err = zfs_set_slabel_policy(dsname, strval, CRED()); 665 if (err != 0) 666 return (err); 667 } 668#else 669 return (EOPNOTSUPP); 670#endif 671 break; 672 } 673 674 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 675} 676 677/* ARGSUSED */ 678static int 679zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 680{ 681 int error; 682 683 error = zfs_dozonecheck(zc->zc_name, cr); 684 if (error != 0) 685 return (error); 686 687 /* 688 * permission to set permissions will be evaluated later in 689 * dsl_deleg_can_allow() 690 */ 691 return (0); 692} 693 694/* ARGSUSED */ 695static int 696zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 697{ 698 return (zfs_secpolicy_write_perms(zc->zc_name, 699 ZFS_DELEG_PERM_ROLLBACK, cr)); 700} 701 702/* ARGSUSED */ 703static int 704zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 705{ 706 dsl_pool_t *dp; 707 dsl_dataset_t *ds; 708 char *cp; 709 int error; 710 711 /* 712 * Generate the current snapshot name from the given objsetid, then 713 * use that name for the secpolicy/zone checks. 714 */ 715 cp = strchr(zc->zc_name, '@'); 716 if (cp == NULL) 717 return (SET_ERROR(EINVAL)); 718 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 719 if (error != 0) 720 return (error); 721 722 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 723 if (error != 0) { 724 dsl_pool_rele(dp, FTAG); 725 return (error); 726 } 727 728 dsl_dataset_name(ds, zc->zc_name); 729 730 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 731 ZFS_DELEG_PERM_SEND, cr); 732 dsl_dataset_rele(ds, FTAG); 733 dsl_pool_rele(dp, FTAG); 734 735 return (error); 736} 737 738/* ARGSUSED */ 739static int 740zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 741{ 742 return (zfs_secpolicy_write_perms(zc->zc_name, 743 ZFS_DELEG_PERM_SEND, cr)); 744} 745 746/* ARGSUSED */ 747static int 748zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 749{ 750 vnode_t *vp; 751 int error; 752 753 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 754 NO_FOLLOW, NULL, &vp)) != 0) 755 return (error); 756 757 /* Now make sure mntpnt and dataset are ZFS */ 758 759 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 760 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 761 zc->zc_name) != 0)) { 762 VN_RELE(vp); 763 return (SET_ERROR(EPERM)); 764 } 765 766 VN_RELE(vp); 767 return (dsl_deleg_access(zc->zc_name, 768 ZFS_DELEG_PERM_SHARE, cr)); 769} 770 771int 772zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 773{ 774 if (!INGLOBALZONE(curthread)) 775 return (SET_ERROR(EPERM)); 776 777 if (secpolicy_nfs(cr) == 0) { 778 return (0); 779 } else { 780 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 781 } 782} 783 784int 785zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 786{ 787 if (!INGLOBALZONE(curthread)) 788 return (SET_ERROR(EPERM)); 789 790 if (secpolicy_smb(cr) == 0) { 791 return (0); 792 } else { 793 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 794 } 795} 796 797static int 798zfs_get_parent(const char *datasetname, char *parent, int parentsize) 799{ 800 char *cp; 801 802 /* 803 * Remove the @bla or /bla from the end of the name to get the parent. 804 */ 805 (void) strncpy(parent, datasetname, parentsize); 806 cp = strrchr(parent, '@'); 807 if (cp != NULL) { 808 cp[0] = '\0'; 809 } else { 810 cp = strrchr(parent, '/'); 811 if (cp == NULL) 812 return (SET_ERROR(ENOENT)); 813 cp[0] = '\0'; 814 } 815 816 return (0); 817} 818 819int 820zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 821{ 822 int error; 823 824 if ((error = zfs_secpolicy_write_perms(name, 825 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 826 return (error); 827 828 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 829} 830 831/* ARGSUSED */ 832static int 833zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 834{ 835 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 836} 837 838/* 839 * Destroying snapshots with delegated permissions requires 840 * descendant mount and destroy permissions. 841 */ 842/* ARGSUSED */ 843static int 844zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 845{ 846 nvlist_t *snaps; 847 nvpair_t *pair, *nextpair; 848 int error = 0; 849 850 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 851 return (SET_ERROR(EINVAL)); 852 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 853 pair = nextpair) { 854 nextpair = nvlist_next_nvpair(snaps, pair); 855 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 856 if (error == ENOENT) { 857 /* 858 * Ignore any snapshots that don't exist (we consider 859 * them "already destroyed"). Remove the name from the 860 * nvl here in case the snapshot is created between 861 * now and when we try to destroy it (in which case 862 * we don't want to destroy it since we haven't 863 * checked for permission). 864 */ 865 fnvlist_remove_nvpair(snaps, pair); 866 error = 0; 867 } 868 if (error != 0) 869 break; 870 } 871 872 return (error); 873} 874 875int 876zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 877{ 878 char parentname[MAXNAMELEN]; 879 int error; 880 881 if ((error = zfs_secpolicy_write_perms(from, 882 ZFS_DELEG_PERM_RENAME, cr)) != 0) 883 return (error); 884 885 if ((error = zfs_secpolicy_write_perms(from, 886 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 887 return (error); 888 889 if ((error = zfs_get_parent(to, parentname, 890 sizeof (parentname))) != 0) 891 return (error); 892 893 if ((error = zfs_secpolicy_write_perms(parentname, 894 ZFS_DELEG_PERM_CREATE, cr)) != 0) 895 return (error); 896 897 if ((error = zfs_secpolicy_write_perms(parentname, 898 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 899 return (error); 900 901 return (error); 902} 903 904/* ARGSUSED */ 905static int 906zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 907{ 908 char *at = NULL; 909 int error; 910 911 if ((zc->zc_cookie & 1) != 0) { 912 /* 913 * This is recursive rename, so the starting snapshot might 914 * not exist. Check file system or volume permission instead. 915 */ 916 at = strchr(zc->zc_name, '@'); 917 if (at == NULL) 918 return (EINVAL); 919 *at = '\0'; 920 } 921 922 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr); 923 924 if (at != NULL) 925 *at = '@'; 926 927 return (error); 928} 929 930/* ARGSUSED */ 931static int 932zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 933{ 934 dsl_pool_t *dp; 935 dsl_dataset_t *clone; 936 int error; 937 938 error = zfs_secpolicy_write_perms(zc->zc_name, 939 ZFS_DELEG_PERM_PROMOTE, cr); 940 if (error != 0) 941 return (error); 942 943 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 944 if (error != 0) 945 return (error); 946 947 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 948 949 if (error == 0) { 950 char parentname[MAXNAMELEN]; 951 dsl_dataset_t *origin = NULL; 952 dsl_dir_t *dd; 953 dd = clone->ds_dir; 954 955 error = dsl_dataset_hold_obj(dd->dd_pool, 956 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 957 if (error != 0) { 958 dsl_dataset_rele(clone, FTAG); 959 dsl_pool_rele(dp, FTAG); 960 return (error); 961 } 962 963 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 964 ZFS_DELEG_PERM_MOUNT, cr); 965 966 dsl_dataset_name(origin, parentname); 967 if (error == 0) { 968 error = zfs_secpolicy_write_perms_ds(parentname, origin, 969 ZFS_DELEG_PERM_PROMOTE, cr); 970 } 971 dsl_dataset_rele(clone, FTAG); 972 dsl_dataset_rele(origin, FTAG); 973 } 974 dsl_pool_rele(dp, FTAG); 975 return (error); 976} 977 978/* ARGSUSED */ 979static int 980zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 981{ 982 int error; 983 984 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 985 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 986 return (error); 987 988 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 989 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 990 return (error); 991 992 return (zfs_secpolicy_write_perms(zc->zc_name, 993 ZFS_DELEG_PERM_CREATE, cr)); 994} 995 996int 997zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 998{ 999 return (zfs_secpolicy_write_perms(name, 1000 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1001} 1002 1003/* 1004 * Check for permission to create each snapshot in the nvlist. 1005 */ 1006/* ARGSUSED */ 1007static int 1008zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1009{ 1010 nvlist_t *snaps; 1011 int error; 1012 nvpair_t *pair; 1013 1014 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1015 return (SET_ERROR(EINVAL)); 1016 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1017 pair = nvlist_next_nvpair(snaps, pair)) { 1018 char *name = nvpair_name(pair); 1019 char *atp = strchr(name, '@'); 1020 1021 if (atp == NULL) { 1022 error = SET_ERROR(EINVAL); 1023 break; 1024 } 1025 *atp = '\0'; 1026 error = zfs_secpolicy_snapshot_perms(name, cr); 1027 *atp = '@'; 1028 if (error != 0) 1029 break; 1030 } 1031 return (error); 1032} 1033 1034/* 1035 * Check for permission to create each snapshot in the nvlist. 1036 */ 1037/* ARGSUSED */ 1038static int 1039zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1040{ 1041 int error = 0; 1042 1043 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1044 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1045 char *name = nvpair_name(pair); 1046 char *hashp = strchr(name, '#'); 1047 1048 if (hashp == NULL) { 1049 error = SET_ERROR(EINVAL); 1050 break; 1051 } 1052 *hashp = '\0'; 1053 error = zfs_secpolicy_write_perms(name, 1054 ZFS_DELEG_PERM_BOOKMARK, cr); 1055 *hashp = '#'; 1056 if (error != 0) 1057 break; 1058 } 1059 return (error); 1060} 1061 1062/* ARGSUSED */ 1063static int 1064zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1065{ 1066 nvpair_t *pair, *nextpair; 1067 int error = 0; 1068 1069 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1070 pair = nextpair) { 1071 char *name = nvpair_name(pair); 1072 char *hashp = strchr(name, '#'); 1073 nextpair = nvlist_next_nvpair(innvl, pair); 1074 1075 if (hashp == NULL) { 1076 error = SET_ERROR(EINVAL); 1077 break; 1078 } 1079 1080 *hashp = '\0'; 1081 error = zfs_secpolicy_write_perms(name, 1082 ZFS_DELEG_PERM_DESTROY, cr); 1083 *hashp = '#'; 1084 if (error == ENOENT) { 1085 /* 1086 * Ignore any filesystems that don't exist (we consider 1087 * their bookmarks "already destroyed"). Remove 1088 * the name from the nvl here in case the filesystem 1089 * is created between now and when we try to destroy 1090 * the bookmark (in which case we don't want to 1091 * destroy it since we haven't checked for permission). 1092 */ 1093 fnvlist_remove_nvpair(innvl, pair); 1094 error = 0; 1095 } 1096 if (error != 0) 1097 break; 1098 } 1099 1100 return (error); 1101} 1102 1103/* ARGSUSED */ 1104static int 1105zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1106{ 1107 /* 1108 * Even root must have a proper TSD so that we know what pool 1109 * to log to. 1110 */ 1111 if (tsd_get(zfs_allow_log_key) == NULL) 1112 return (SET_ERROR(EPERM)); 1113 return (0); 1114} 1115 1116static int 1117zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1118{ 1119 char parentname[MAXNAMELEN]; 1120 int error; 1121 char *origin; 1122 1123 if ((error = zfs_get_parent(zc->zc_name, parentname, 1124 sizeof (parentname))) != 0) 1125 return (error); 1126 1127 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1128 (error = zfs_secpolicy_write_perms(origin, 1129 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1130 return (error); 1131 1132 if ((error = zfs_secpolicy_write_perms(parentname, 1133 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1134 return (error); 1135 1136 return (zfs_secpolicy_write_perms(parentname, 1137 ZFS_DELEG_PERM_MOUNT, cr)); 1138} 1139 1140/* 1141 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1142 * SYS_CONFIG privilege, which is not available in a local zone. 1143 */ 1144/* ARGSUSED */ 1145static int 1146zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1147{ 1148 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1149 return (SET_ERROR(EPERM)); 1150 1151 return (0); 1152} 1153 1154/* 1155 * Policy for object to name lookups. 1156 */ 1157/* ARGSUSED */ 1158static int 1159zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1160{ 1161 int error; 1162 1163 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1164 return (0); 1165 1166 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1167 return (error); 1168} 1169 1170/* 1171 * Policy for fault injection. Requires all privileges. 1172 */ 1173/* ARGSUSED */ 1174static int 1175zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1176{ 1177 return (secpolicy_zinject(cr)); 1178} 1179 1180/* ARGSUSED */ 1181static int 1182zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1183{ 1184 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1185 1186 if (prop == ZPROP_INVAL) { 1187 if (!zfs_prop_user(zc->zc_value)) 1188 return (SET_ERROR(EINVAL)); 1189 return (zfs_secpolicy_write_perms(zc->zc_name, 1190 ZFS_DELEG_PERM_USERPROP, cr)); 1191 } else { 1192 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1193 NULL, cr)); 1194 } 1195} 1196 1197static int 1198zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1199{ 1200 int err = zfs_secpolicy_read(zc, innvl, cr); 1201 if (err) 1202 return (err); 1203 1204 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1205 return (SET_ERROR(EINVAL)); 1206 1207 if (zc->zc_value[0] == 0) { 1208 /* 1209 * They are asking about a posix uid/gid. If it's 1210 * themself, allow it. 1211 */ 1212 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1213 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1214 if (zc->zc_guid == crgetuid(cr)) 1215 return (0); 1216 } else { 1217 if (groupmember(zc->zc_guid, cr)) 1218 return (0); 1219 } 1220 } 1221 1222 return (zfs_secpolicy_write_perms(zc->zc_name, 1223 userquota_perms[zc->zc_objset_type], cr)); 1224} 1225 1226static int 1227zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1228{ 1229 int err = zfs_secpolicy_read(zc, innvl, cr); 1230 if (err) 1231 return (err); 1232 1233 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1234 return (SET_ERROR(EINVAL)); 1235 1236 return (zfs_secpolicy_write_perms(zc->zc_name, 1237 userquota_perms[zc->zc_objset_type], cr)); 1238} 1239 1240/* ARGSUSED */ 1241static int 1242zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1243{ 1244 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1245 NULL, cr)); 1246} 1247 1248/* ARGSUSED */ 1249static int 1250zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1251{ 1252 nvpair_t *pair; 1253 nvlist_t *holds; 1254 int error; 1255 1256 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1257 if (error != 0) 1258 return (SET_ERROR(EINVAL)); 1259 1260 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1261 pair = nvlist_next_nvpair(holds, pair)) { 1262 char fsname[MAXNAMELEN]; 1263 error = dmu_fsname(nvpair_name(pair), fsname); 1264 if (error != 0) 1265 return (error); 1266 error = zfs_secpolicy_write_perms(fsname, 1267 ZFS_DELEG_PERM_HOLD, cr); 1268 if (error != 0) 1269 return (error); 1270 } 1271 return (0); 1272} 1273 1274/* ARGSUSED */ 1275static int 1276zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1277{ 1278 nvpair_t *pair; 1279 int error; 1280 1281 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1282 pair = nvlist_next_nvpair(innvl, pair)) { 1283 char fsname[MAXNAMELEN]; 1284 error = dmu_fsname(nvpair_name(pair), fsname); 1285 if (error != 0) 1286 return (error); 1287 error = zfs_secpolicy_write_perms(fsname, 1288 ZFS_DELEG_PERM_RELEASE, cr); 1289 if (error != 0) 1290 return (error); 1291 } 1292 return (0); 1293} 1294 1295/* 1296 * Policy for allowing temporary snapshots to be taken or released 1297 */ 1298static int 1299zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1300{ 1301 /* 1302 * A temporary snapshot is the same as a snapshot, 1303 * hold, destroy and release all rolled into one. 1304 * Delegated diff alone is sufficient that we allow this. 1305 */ 1306 int error; 1307 1308 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1309 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1310 return (0); 1311 1312 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1313 if (error == 0) 1314 error = zfs_secpolicy_hold(zc, innvl, cr); 1315 if (error == 0) 1316 error = zfs_secpolicy_release(zc, innvl, cr); 1317 if (error == 0) 1318 error = zfs_secpolicy_destroy(zc, innvl, cr); 1319 return (error); 1320} 1321 1322/* 1323 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1324 */ 1325static int 1326get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1327{ 1328 char *packed; 1329 int error; 1330 nvlist_t *list = NULL; 1331 1332 /* 1333 * Read in and unpack the user-supplied nvlist. 1334 */ 1335 if (size == 0) 1336 return (SET_ERROR(EINVAL)); 1337 1338 packed = kmem_alloc(size, KM_SLEEP); 1339 1340 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1341 iflag)) != 0) { 1342 kmem_free(packed, size); 1343 return (SET_ERROR(EFAULT)); 1344 } 1345 1346 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1347 kmem_free(packed, size); 1348 return (error); 1349 } 1350 1351 kmem_free(packed, size); 1352 1353 *nvp = list; 1354 return (0); 1355} 1356 1357/* 1358 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1359 * Entries will be removed from the end of the nvlist, and one int32 entry 1360 * named "N_MORE_ERRORS" will be added indicating how many entries were 1361 * removed. 1362 */ 1363static int 1364nvlist_smush(nvlist_t *errors, size_t max) 1365{ 1366 size_t size; 1367 1368 size = fnvlist_size(errors); 1369 1370 if (size > max) { 1371 nvpair_t *more_errors; 1372 int n = 0; 1373 1374 if (max < 1024) 1375 return (SET_ERROR(ENOMEM)); 1376 1377 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1378 more_errors = nvlist_prev_nvpair(errors, NULL); 1379 1380 do { 1381 nvpair_t *pair = nvlist_prev_nvpair(errors, 1382 more_errors); 1383 fnvlist_remove_nvpair(errors, pair); 1384 n++; 1385 size = fnvlist_size(errors); 1386 } while (size > max); 1387 1388 fnvlist_remove_nvpair(errors, more_errors); 1389 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1390 ASSERT3U(fnvlist_size(errors), <=, max); 1391 } 1392 1393 return (0); 1394} 1395 1396static int 1397put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1398{ 1399 char *packed = NULL; 1400 int error = 0; 1401 size_t size; 1402 1403 size = fnvlist_size(nvl); 1404 1405 if (size > zc->zc_nvlist_dst_size) { 1406 /* 1407 * Solaris returns ENOMEM here, because even if an error is 1408 * returned from an ioctl(2), new zc_nvlist_dst_size will be 1409 * passed to the userland. This is not the case for FreeBSD. 1410 * We need to return 0, so the kernel will copy the 1411 * zc_nvlist_dst_size back and the userland can discover that a 1412 * bigger buffer is needed. 1413 */ 1414 error = 0; 1415 } else { 1416 packed = fnvlist_pack(nvl, &size); 1417 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1418 size, zc->zc_iflags) != 0) 1419 error = SET_ERROR(EFAULT); 1420 fnvlist_pack_free(packed, size); 1421 } 1422 1423 zc->zc_nvlist_dst_size = size; 1424 zc->zc_nvlist_dst_filled = B_TRUE; 1425 return (error); 1426} 1427 1428static int 1429getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1430{ 1431 objset_t *os; 1432 int error; 1433 1434 error = dmu_objset_hold(dsname, FTAG, &os); 1435 if (error != 0) 1436 return (error); 1437 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1438 dmu_objset_rele(os, FTAG); 1439 return (SET_ERROR(EINVAL)); 1440 } 1441 1442 mutex_enter(&os->os_user_ptr_lock); 1443 *zfvp = dmu_objset_get_user(os); 1444 if (*zfvp) { 1445#ifdef illumos 1446 VFS_HOLD((*zfvp)->z_vfs); 1447#else 1448 if (vfs_busy((*zfvp)->z_vfs, 0) != 0) { 1449 *zfvp = NULL; 1450 error = SET_ERROR(ESRCH); 1451 } 1452#endif 1453 } else { 1454 error = SET_ERROR(ESRCH); 1455 } 1456 mutex_exit(&os->os_user_ptr_lock); 1457 dmu_objset_rele(os, FTAG); 1458 return (error); 1459} 1460 1461/* 1462 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1463 * case its z_vfs will be NULL, and it will be opened as the owner. 1464 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1465 * which prevents all vnode ops from running. 1466 */ 1467static int 1468zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1469{ 1470 int error = 0; 1471 1472 if (getzfsvfs(name, zfvp) != 0) 1473 error = zfsvfs_create(name, zfvp); 1474 if (error == 0) { 1475 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1476 RW_READER, tag); 1477 if ((*zfvp)->z_unmounted) { 1478 /* 1479 * XXX we could probably try again, since the unmounting 1480 * thread should be just about to disassociate the 1481 * objset from the zfsvfs. 1482 */ 1483 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1484 return (SET_ERROR(EBUSY)); 1485 } 1486 } 1487 return (error); 1488} 1489 1490static void 1491zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1492{ 1493 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1494 1495 if (zfsvfs->z_vfs) { 1496#ifdef illumos 1497 VFS_RELE(zfsvfs->z_vfs); 1498#else 1499 vfs_unbusy(zfsvfs->z_vfs); 1500#endif 1501 } else { 1502 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1503 zfsvfs_free(zfsvfs); 1504 } 1505} 1506 1507static int 1508zfs_ioc_pool_create(zfs_cmd_t *zc) 1509{ 1510 int error; 1511 nvlist_t *config, *props = NULL; 1512 nvlist_t *rootprops = NULL; 1513 nvlist_t *zplprops = NULL; 1514 1515 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1516 zc->zc_iflags, &config)) 1517 return (error); 1518 1519 if (zc->zc_nvlist_src_size != 0 && (error = 1520 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1521 zc->zc_iflags, &props))) { 1522 nvlist_free(config); 1523 return (error); 1524 } 1525 1526 if (props) { 1527 nvlist_t *nvl = NULL; 1528 uint64_t version = SPA_VERSION; 1529 1530 (void) nvlist_lookup_uint64(props, 1531 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1532 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1533 error = SET_ERROR(EINVAL); 1534 goto pool_props_bad; 1535 } 1536 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1537 if (nvl) { 1538 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1539 if (error != 0) { 1540 nvlist_free(config); 1541 nvlist_free(props); 1542 return (error); 1543 } 1544 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1545 } 1546 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1547 error = zfs_fill_zplprops_root(version, rootprops, 1548 zplprops, NULL); 1549 if (error != 0) 1550 goto pool_props_bad; 1551 } 1552 1553 error = spa_create(zc->zc_name, config, props, zplprops); 1554 1555 /* 1556 * Set the remaining root properties 1557 */ 1558 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1559 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1560 (void) spa_destroy(zc->zc_name); 1561 1562pool_props_bad: 1563 nvlist_free(rootprops); 1564 nvlist_free(zplprops); 1565 nvlist_free(config); 1566 nvlist_free(props); 1567 1568 return (error); 1569} 1570 1571static int 1572zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1573{ 1574 int error; 1575 zfs_log_history(zc); 1576 error = spa_destroy(zc->zc_name); 1577 if (error == 0) 1578 zvol_remove_minors(zc->zc_name); 1579 return (error); 1580} 1581 1582static int 1583zfs_ioc_pool_import(zfs_cmd_t *zc) 1584{ 1585 nvlist_t *config, *props = NULL; 1586 uint64_t guid; 1587 int error; 1588 1589 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1590 zc->zc_iflags, &config)) != 0) 1591 return (error); 1592 1593 if (zc->zc_nvlist_src_size != 0 && (error = 1594 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1595 zc->zc_iflags, &props))) { 1596 nvlist_free(config); 1597 return (error); 1598 } 1599 1600 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1601 guid != zc->zc_guid) 1602 error = SET_ERROR(EINVAL); 1603 else 1604 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1605 1606 if (zc->zc_nvlist_dst != 0) { 1607 int err; 1608 1609 if ((err = put_nvlist(zc, config)) != 0) 1610 error = err; 1611 } 1612 1613 nvlist_free(config); 1614 1615 nvlist_free(props); 1616 1617 return (error); 1618} 1619 1620static int 1621zfs_ioc_pool_export(zfs_cmd_t *zc) 1622{ 1623 int error; 1624 boolean_t force = (boolean_t)zc->zc_cookie; 1625 boolean_t hardforce = (boolean_t)zc->zc_guid; 1626 1627 zfs_log_history(zc); 1628 error = spa_export(zc->zc_name, NULL, force, hardforce); 1629 if (error == 0) 1630 zvol_remove_minors(zc->zc_name); 1631 return (error); 1632} 1633 1634static int 1635zfs_ioc_pool_configs(zfs_cmd_t *zc) 1636{ 1637 nvlist_t *configs; 1638 int error; 1639 1640 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1641 return (SET_ERROR(EEXIST)); 1642 1643 error = put_nvlist(zc, configs); 1644 1645 nvlist_free(configs); 1646 1647 return (error); 1648} 1649 1650/* 1651 * inputs: 1652 * zc_name name of the pool 1653 * 1654 * outputs: 1655 * zc_cookie real errno 1656 * zc_nvlist_dst config nvlist 1657 * zc_nvlist_dst_size size of config nvlist 1658 */ 1659static int 1660zfs_ioc_pool_stats(zfs_cmd_t *zc) 1661{ 1662 nvlist_t *config; 1663 int error; 1664 int ret = 0; 1665 1666 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1667 sizeof (zc->zc_value)); 1668 1669 if (config != NULL) { 1670 ret = put_nvlist(zc, config); 1671 nvlist_free(config); 1672 1673 /* 1674 * The config may be present even if 'error' is non-zero. 1675 * In this case we return success, and preserve the real errno 1676 * in 'zc_cookie'. 1677 */ 1678 zc->zc_cookie = error; 1679 } else { 1680 ret = error; 1681 } 1682 1683 return (ret); 1684} 1685 1686/* 1687 * Try to import the given pool, returning pool stats as appropriate so that 1688 * user land knows which devices are available and overall pool health. 1689 */ 1690static int 1691zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1692{ 1693 nvlist_t *tryconfig, *config; 1694 int error; 1695 1696 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1697 zc->zc_iflags, &tryconfig)) != 0) 1698 return (error); 1699 1700 config = spa_tryimport(tryconfig); 1701 1702 nvlist_free(tryconfig); 1703 1704 if (config == NULL) 1705 return (SET_ERROR(EINVAL)); 1706 1707 error = put_nvlist(zc, config); 1708 nvlist_free(config); 1709 1710 return (error); 1711} 1712 1713/* 1714 * inputs: 1715 * zc_name name of the pool 1716 * zc_cookie scan func (pool_scan_func_t) 1717 */ 1718static int 1719zfs_ioc_pool_scan(zfs_cmd_t *zc) 1720{ 1721 spa_t *spa; 1722 int error; 1723 1724 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1725 return (error); 1726 1727 if (zc->zc_cookie == POOL_SCAN_NONE) 1728 error = spa_scan_stop(spa); 1729 else 1730 error = spa_scan(spa, zc->zc_cookie); 1731 1732 spa_close(spa, FTAG); 1733 1734 return (error); 1735} 1736 1737static int 1738zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1739{ 1740 spa_t *spa; 1741 int error; 1742 1743 error = spa_open(zc->zc_name, &spa, FTAG); 1744 if (error == 0) { 1745 spa_freeze(spa); 1746 spa_close(spa, FTAG); 1747 } 1748 return (error); 1749} 1750 1751static int 1752zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1753{ 1754 spa_t *spa; 1755 int error; 1756 1757 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1758 return (error); 1759 1760 if (zc->zc_cookie < spa_version(spa) || 1761 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1762 spa_close(spa, FTAG); 1763 return (SET_ERROR(EINVAL)); 1764 } 1765 1766 spa_upgrade(spa, zc->zc_cookie); 1767 spa_close(spa, FTAG); 1768 1769 return (error); 1770} 1771 1772static int 1773zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1774{ 1775 spa_t *spa; 1776 char *hist_buf; 1777 uint64_t size; 1778 int error; 1779 1780 if ((size = zc->zc_history_len) == 0) 1781 return (SET_ERROR(EINVAL)); 1782 1783 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1784 return (error); 1785 1786 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1787 spa_close(spa, FTAG); 1788 return (SET_ERROR(ENOTSUP)); 1789 } 1790 1791 hist_buf = kmem_alloc(size, KM_SLEEP); 1792 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1793 &zc->zc_history_len, hist_buf)) == 0) { 1794 error = ddi_copyout(hist_buf, 1795 (void *)(uintptr_t)zc->zc_history, 1796 zc->zc_history_len, zc->zc_iflags); 1797 } 1798 1799 spa_close(spa, FTAG); 1800 kmem_free(hist_buf, size); 1801 return (error); 1802} 1803 1804static int 1805zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1806{ 1807 spa_t *spa; 1808 int error; 1809 1810 error = spa_open(zc->zc_name, &spa, FTAG); 1811 if (error == 0) { 1812 error = spa_change_guid(spa); 1813 spa_close(spa, FTAG); 1814 } 1815 return (error); 1816} 1817 1818static int 1819zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1820{ 1821 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1822} 1823 1824/* 1825 * inputs: 1826 * zc_name name of filesystem 1827 * zc_obj object to find 1828 * 1829 * outputs: 1830 * zc_value name of object 1831 */ 1832static int 1833zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1834{ 1835 objset_t *os; 1836 int error; 1837 1838 /* XXX reading from objset not owned */ 1839 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1840 return (error); 1841 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1842 dmu_objset_rele(os, FTAG); 1843 return (SET_ERROR(EINVAL)); 1844 } 1845 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1846 sizeof (zc->zc_value)); 1847 dmu_objset_rele(os, FTAG); 1848 1849 return (error); 1850} 1851 1852/* 1853 * inputs: 1854 * zc_name name of filesystem 1855 * zc_obj object to find 1856 * 1857 * outputs: 1858 * zc_stat stats on object 1859 * zc_value path to object 1860 */ 1861static int 1862zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1863{ 1864 objset_t *os; 1865 int error; 1866 1867 /* XXX reading from objset not owned */ 1868 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1869 return (error); 1870 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1871 dmu_objset_rele(os, FTAG); 1872 return (SET_ERROR(EINVAL)); 1873 } 1874 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1875 sizeof (zc->zc_value)); 1876 dmu_objset_rele(os, FTAG); 1877 1878 return (error); 1879} 1880 1881static int 1882zfs_ioc_vdev_add(zfs_cmd_t *zc) 1883{ 1884 spa_t *spa; 1885 int error; 1886 nvlist_t *config, **l2cache, **spares; 1887 uint_t nl2cache = 0, nspares = 0; 1888 1889 error = spa_open(zc->zc_name, &spa, FTAG); 1890 if (error != 0) 1891 return (error); 1892 1893 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1894 zc->zc_iflags, &config); 1895 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1896 &l2cache, &nl2cache); 1897 1898 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1899 &spares, &nspares); 1900 1901#ifdef illumos 1902 /* 1903 * A root pool with concatenated devices is not supported. 1904 * Thus, can not add a device to a root pool. 1905 * 1906 * Intent log device can not be added to a rootpool because 1907 * during mountroot, zil is replayed, a seperated log device 1908 * can not be accessed during the mountroot time. 1909 * 1910 * l2cache and spare devices are ok to be added to a rootpool. 1911 */ 1912 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1913 nvlist_free(config); 1914 spa_close(spa, FTAG); 1915 return (SET_ERROR(EDOM)); 1916 } 1917#endif /* illumos */ 1918 1919 if (error == 0) { 1920 error = spa_vdev_add(spa, config); 1921 nvlist_free(config); 1922 } 1923 spa_close(spa, FTAG); 1924 return (error); 1925} 1926 1927/* 1928 * inputs: 1929 * zc_name name of the pool 1930 * zc_nvlist_conf nvlist of devices to remove 1931 * zc_cookie to stop the remove? 1932 */ 1933static int 1934zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1935{ 1936 spa_t *spa; 1937 int error; 1938 1939 error = spa_open(zc->zc_name, &spa, FTAG); 1940 if (error != 0) 1941 return (error); 1942 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1943 spa_close(spa, FTAG); 1944 return (error); 1945} 1946 1947static int 1948zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1949{ 1950 spa_t *spa; 1951 int error; 1952 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1953 1954 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1955 return (error); 1956 switch (zc->zc_cookie) { 1957 case VDEV_STATE_ONLINE: 1958 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1959 break; 1960 1961 case VDEV_STATE_OFFLINE: 1962 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1963 break; 1964 1965 case VDEV_STATE_FAULTED: 1966 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1967 zc->zc_obj != VDEV_AUX_EXTERNAL) 1968 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1969 1970 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1971 break; 1972 1973 case VDEV_STATE_DEGRADED: 1974 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1975 zc->zc_obj != VDEV_AUX_EXTERNAL) 1976 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1977 1978 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1979 break; 1980 1981 default: 1982 error = SET_ERROR(EINVAL); 1983 } 1984 zc->zc_cookie = newstate; 1985 spa_close(spa, FTAG); 1986 return (error); 1987} 1988 1989static int 1990zfs_ioc_vdev_attach(zfs_cmd_t *zc) 1991{ 1992 spa_t *spa; 1993 int replacing = zc->zc_cookie; 1994 nvlist_t *config; 1995 int error; 1996 1997 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1998 return (error); 1999 2000 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2001 zc->zc_iflags, &config)) == 0) { 2002 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2003 nvlist_free(config); 2004 } 2005 2006 spa_close(spa, FTAG); 2007 return (error); 2008} 2009 2010static int 2011zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2012{ 2013 spa_t *spa; 2014 int error; 2015 2016 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2017 return (error); 2018 2019 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2020 2021 spa_close(spa, FTAG); 2022 return (error); 2023} 2024 2025static int 2026zfs_ioc_vdev_split(zfs_cmd_t *zc) 2027{ 2028 spa_t *spa; 2029 nvlist_t *config, *props = NULL; 2030 int error; 2031 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2032 2033 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2034 return (error); 2035 2036 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2037 zc->zc_iflags, &config)) { 2038 spa_close(spa, FTAG); 2039 return (error); 2040 } 2041 2042 if (zc->zc_nvlist_src_size != 0 && (error = 2043 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2044 zc->zc_iflags, &props))) { 2045 spa_close(spa, FTAG); 2046 nvlist_free(config); 2047 return (error); 2048 } 2049 2050 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2051 2052 spa_close(spa, FTAG); 2053 2054 nvlist_free(config); 2055 nvlist_free(props); 2056 2057 return (error); 2058} 2059 2060static int 2061zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2062{ 2063 spa_t *spa; 2064 char *path = zc->zc_value; 2065 uint64_t guid = zc->zc_guid; 2066 int error; 2067 2068 error = spa_open(zc->zc_name, &spa, FTAG); 2069 if (error != 0) 2070 return (error); 2071 2072 error = spa_vdev_setpath(spa, guid, path); 2073 spa_close(spa, FTAG); 2074 return (error); 2075} 2076 2077static int 2078zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2079{ 2080 spa_t *spa; 2081 char *fru = zc->zc_value; 2082 uint64_t guid = zc->zc_guid; 2083 int error; 2084 2085 error = spa_open(zc->zc_name, &spa, FTAG); 2086 if (error != 0) 2087 return (error); 2088 2089 error = spa_vdev_setfru(spa, guid, fru); 2090 spa_close(spa, FTAG); 2091 return (error); 2092} 2093 2094static int 2095zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2096{ 2097 int error = 0; 2098 nvlist_t *nv; 2099 2100 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2101 2102 if (zc->zc_nvlist_dst != 0 && 2103 (error = dsl_prop_get_all(os, &nv)) == 0) { 2104 dmu_objset_stats(os, nv); 2105 /* 2106 * NB: zvol_get_stats() will read the objset contents, 2107 * which we aren't supposed to do with a 2108 * DS_MODE_USER hold, because it could be 2109 * inconsistent. So this is a bit of a workaround... 2110 * XXX reading with out owning 2111 */ 2112 if (!zc->zc_objset_stats.dds_inconsistent && 2113 dmu_objset_type(os) == DMU_OST_ZVOL) { 2114 error = zvol_get_stats(os, nv); 2115 if (error == EIO) 2116 return (error); 2117 VERIFY0(error); 2118 } 2119 error = put_nvlist(zc, nv); 2120 nvlist_free(nv); 2121 } 2122 2123 return (error); 2124} 2125 2126/* 2127 * inputs: 2128 * zc_name name of filesystem 2129 * zc_nvlist_dst_size size of buffer for property nvlist 2130 * 2131 * outputs: 2132 * zc_objset_stats stats 2133 * zc_nvlist_dst property nvlist 2134 * zc_nvlist_dst_size size of property nvlist 2135 */ 2136static int 2137zfs_ioc_objset_stats(zfs_cmd_t *zc) 2138{ 2139 objset_t *os; 2140 int error; 2141 2142 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2143 if (error == 0) { 2144 error = zfs_ioc_objset_stats_impl(zc, os); 2145 dmu_objset_rele(os, FTAG); 2146 } 2147 2148 if (error == ENOMEM) 2149 error = 0; 2150 return (error); 2151} 2152 2153/* 2154 * inputs: 2155 * zc_name name of filesystem 2156 * zc_nvlist_dst_size size of buffer for property nvlist 2157 * 2158 * outputs: 2159 * zc_nvlist_dst received property nvlist 2160 * zc_nvlist_dst_size size of received property nvlist 2161 * 2162 * Gets received properties (distinct from local properties on or after 2163 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2164 * local property values. 2165 */ 2166static int 2167zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2168{ 2169 int error = 0; 2170 nvlist_t *nv; 2171 2172 /* 2173 * Without this check, we would return local property values if the 2174 * caller has not already received properties on or after 2175 * SPA_VERSION_RECVD_PROPS. 2176 */ 2177 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2178 return (SET_ERROR(ENOTSUP)); 2179 2180 if (zc->zc_nvlist_dst != 0 && 2181 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2182 error = put_nvlist(zc, nv); 2183 nvlist_free(nv); 2184 } 2185 2186 return (error); 2187} 2188 2189static int 2190nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2191{ 2192 uint64_t value; 2193 int error; 2194 2195 /* 2196 * zfs_get_zplprop() will either find a value or give us 2197 * the default value (if there is one). 2198 */ 2199 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2200 return (error); 2201 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2202 return (0); 2203} 2204 2205/* 2206 * inputs: 2207 * zc_name name of filesystem 2208 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2209 * 2210 * outputs: 2211 * zc_nvlist_dst zpl property nvlist 2212 * zc_nvlist_dst_size size of zpl property nvlist 2213 */ 2214static int 2215zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2216{ 2217 objset_t *os; 2218 int err; 2219 2220 /* XXX reading without owning */ 2221 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2222 return (err); 2223 2224 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2225 2226 /* 2227 * NB: nvl_add_zplprop() will read the objset contents, 2228 * which we aren't supposed to do with a DS_MODE_USER 2229 * hold, because it could be inconsistent. 2230 */ 2231 if (zc->zc_nvlist_dst != 0 && 2232 !zc->zc_objset_stats.dds_inconsistent && 2233 dmu_objset_type(os) == DMU_OST_ZFS) { 2234 nvlist_t *nv; 2235 2236 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2237 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2238 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2239 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2240 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2241 err = put_nvlist(zc, nv); 2242 nvlist_free(nv); 2243 } else { 2244 err = SET_ERROR(ENOENT); 2245 } 2246 dmu_objset_rele(os, FTAG); 2247 return (err); 2248} 2249 2250boolean_t 2251dataset_name_hidden(const char *name) 2252{ 2253 /* 2254 * Skip over datasets that are not visible in this zone, 2255 * internal datasets (which have a $ in their name), and 2256 * temporary datasets (which have a % in their name). 2257 */ 2258 if (strchr(name, '$') != NULL) 2259 return (B_TRUE); 2260 if (strchr(name, '%') != NULL) 2261 return (B_TRUE); 2262 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL)) 2263 return (B_TRUE); 2264 return (B_FALSE); 2265} 2266 2267/* 2268 * inputs: 2269 * zc_name name of filesystem 2270 * zc_cookie zap cursor 2271 * zc_nvlist_dst_size size of buffer for property nvlist 2272 * 2273 * outputs: 2274 * zc_name name of next filesystem 2275 * zc_cookie zap cursor 2276 * zc_objset_stats stats 2277 * zc_nvlist_dst property nvlist 2278 * zc_nvlist_dst_size size of property nvlist 2279 */ 2280static int 2281zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2282{ 2283 objset_t *os; 2284 int error; 2285 char *p; 2286 size_t orig_len = strlen(zc->zc_name); 2287 2288top: 2289 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2290 if (error == ENOENT) 2291 error = SET_ERROR(ESRCH); 2292 return (error); 2293 } 2294 2295 p = strrchr(zc->zc_name, '/'); 2296 if (p == NULL || p[1] != '\0') 2297 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2298 p = zc->zc_name + strlen(zc->zc_name); 2299 2300 do { 2301 error = dmu_dir_list_next(os, 2302 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2303 NULL, &zc->zc_cookie); 2304 if (error == ENOENT) 2305 error = SET_ERROR(ESRCH); 2306 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2307 dmu_objset_rele(os, FTAG); 2308 2309 /* 2310 * If it's an internal dataset (ie. with a '$' in its name), 2311 * don't try to get stats for it, otherwise we'll return ENOENT. 2312 */ 2313 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2314 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2315 if (error == ENOENT) { 2316 /* We lost a race with destroy, get the next one. */ 2317 zc->zc_name[orig_len] = '\0'; 2318 goto top; 2319 } 2320 } 2321 return (error); 2322} 2323 2324/* 2325 * inputs: 2326 * zc_name name of filesystem 2327 * zc_cookie zap cursor 2328 * zc_nvlist_dst_size size of buffer for property nvlist 2329 * zc_simple when set, only name is requested 2330 * 2331 * outputs: 2332 * zc_name name of next snapshot 2333 * zc_objset_stats stats 2334 * zc_nvlist_dst property nvlist 2335 * zc_nvlist_dst_size size of property nvlist 2336 */ 2337static int 2338zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2339{ 2340 objset_t *os; 2341 int error; 2342 2343 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2344 if (error != 0) { 2345 return (error == ENOENT ? ESRCH : error); 2346 } 2347 2348 /* 2349 * A dataset name of maximum length cannot have any snapshots, 2350 * so exit immediately. 2351 */ 2352 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= MAXNAMELEN) { 2353 dmu_objset_rele(os, FTAG); 2354 return (SET_ERROR(ESRCH)); 2355 } 2356 2357 error = dmu_snapshot_list_next(os, 2358 sizeof (zc->zc_name) - strlen(zc->zc_name), 2359 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2360 NULL); 2361 2362 if (error == 0 && !zc->zc_simple) { 2363 dsl_dataset_t *ds; 2364 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2365 2366 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2367 if (error == 0) { 2368 objset_t *ossnap; 2369 2370 error = dmu_objset_from_ds(ds, &ossnap); 2371 if (error == 0) 2372 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2373 dsl_dataset_rele(ds, FTAG); 2374 } 2375 } else if (error == ENOENT) { 2376 error = SET_ERROR(ESRCH); 2377 } 2378 2379 dmu_objset_rele(os, FTAG); 2380 /* if we failed, undo the @ that we tacked on to zc_name */ 2381 if (error != 0) 2382 *strchr(zc->zc_name, '@') = '\0'; 2383 return (error); 2384} 2385 2386static int 2387zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2388{ 2389 const char *propname = nvpair_name(pair); 2390 uint64_t *valary; 2391 unsigned int vallen; 2392 const char *domain; 2393 char *dash; 2394 zfs_userquota_prop_t type; 2395 uint64_t rid; 2396 uint64_t quota; 2397 zfsvfs_t *zfsvfs; 2398 int err; 2399 2400 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2401 nvlist_t *attrs; 2402 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2403 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2404 &pair) != 0) 2405 return (SET_ERROR(EINVAL)); 2406 } 2407 2408 /* 2409 * A correctly constructed propname is encoded as 2410 * userquota@<rid>-<domain>. 2411 */ 2412 if ((dash = strchr(propname, '-')) == NULL || 2413 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2414 vallen != 3) 2415 return (SET_ERROR(EINVAL)); 2416 2417 domain = dash + 1; 2418 type = valary[0]; 2419 rid = valary[1]; 2420 quota = valary[2]; 2421 2422 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2423 if (err == 0) { 2424 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2425 zfsvfs_rele(zfsvfs, FTAG); 2426 } 2427 2428 return (err); 2429} 2430 2431/* 2432 * If the named property is one that has a special function to set its value, 2433 * return 0 on success and a positive error code on failure; otherwise if it is 2434 * not one of the special properties handled by this function, return -1. 2435 * 2436 * XXX: It would be better for callers of the property interface if we handled 2437 * these special cases in dsl_prop.c (in the dsl layer). 2438 */ 2439static int 2440zfs_prop_set_special(const char *dsname, zprop_source_t source, 2441 nvpair_t *pair) 2442{ 2443 const char *propname = nvpair_name(pair); 2444 zfs_prop_t prop = zfs_name_to_prop(propname); 2445 uint64_t intval; 2446 int err = -1; 2447 2448 if (prop == ZPROP_INVAL) { 2449 if (zfs_prop_userquota(propname)) 2450 return (zfs_prop_set_userquota(dsname, pair)); 2451 return (-1); 2452 } 2453 2454 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2455 nvlist_t *attrs; 2456 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2457 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2458 &pair) == 0); 2459 } 2460 2461 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2462 return (-1); 2463 2464 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2465 2466 switch (prop) { 2467 case ZFS_PROP_QUOTA: 2468 err = dsl_dir_set_quota(dsname, source, intval); 2469 break; 2470 case ZFS_PROP_REFQUOTA: 2471 err = dsl_dataset_set_refquota(dsname, source, intval); 2472 break; 2473 case ZFS_PROP_FILESYSTEM_LIMIT: 2474 case ZFS_PROP_SNAPSHOT_LIMIT: 2475 if (intval == UINT64_MAX) { 2476 /* clearing the limit, just do it */ 2477 err = 0; 2478 } else { 2479 err = dsl_dir_activate_fs_ss_limit(dsname); 2480 } 2481 /* 2482 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2483 * default path to set the value in the nvlist. 2484 */ 2485 if (err == 0) 2486 err = -1; 2487 break; 2488 case ZFS_PROP_RESERVATION: 2489 err = dsl_dir_set_reservation(dsname, source, intval); 2490 break; 2491 case ZFS_PROP_REFRESERVATION: 2492 err = dsl_dataset_set_refreservation(dsname, source, intval); 2493 break; 2494 case ZFS_PROP_VOLSIZE: 2495 err = zvol_set_volsize(dsname, intval); 2496 break; 2497 case ZFS_PROP_VERSION: 2498 { 2499 zfsvfs_t *zfsvfs; 2500 2501 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2502 break; 2503 2504 err = zfs_set_version(zfsvfs, intval); 2505 zfsvfs_rele(zfsvfs, FTAG); 2506 2507 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2508 zfs_cmd_t *zc; 2509 2510 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2511 (void) strcpy(zc->zc_name, dsname); 2512 (void) zfs_ioc_userspace_upgrade(zc); 2513 kmem_free(zc, sizeof (zfs_cmd_t)); 2514 } 2515 break; 2516 } 2517 default: 2518 err = -1; 2519 } 2520 2521 return (err); 2522} 2523 2524/* 2525 * This function is best effort. If it fails to set any of the given properties, 2526 * it continues to set as many as it can and returns the last error 2527 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2528 * with the list of names of all the properties that failed along with the 2529 * corresponding error numbers. 2530 * 2531 * If every property is set successfully, zero is returned and errlist is not 2532 * modified. 2533 */ 2534int 2535zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2536 nvlist_t *errlist) 2537{ 2538 nvpair_t *pair; 2539 nvpair_t *propval; 2540 int rv = 0; 2541 uint64_t intval; 2542 char *strval; 2543 nvlist_t *genericnvl = fnvlist_alloc(); 2544 nvlist_t *retrynvl = fnvlist_alloc(); 2545 2546retry: 2547 pair = NULL; 2548 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2549 const char *propname = nvpair_name(pair); 2550 zfs_prop_t prop = zfs_name_to_prop(propname); 2551 int err = 0; 2552 2553 /* decode the property value */ 2554 propval = pair; 2555 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2556 nvlist_t *attrs; 2557 attrs = fnvpair_value_nvlist(pair); 2558 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2559 &propval) != 0) 2560 err = SET_ERROR(EINVAL); 2561 } 2562 2563 /* Validate value type */ 2564 if (err == 0 && prop == ZPROP_INVAL) { 2565 if (zfs_prop_user(propname)) { 2566 if (nvpair_type(propval) != DATA_TYPE_STRING) 2567 err = SET_ERROR(EINVAL); 2568 } else if (zfs_prop_userquota(propname)) { 2569 if (nvpair_type(propval) != 2570 DATA_TYPE_UINT64_ARRAY) 2571 err = SET_ERROR(EINVAL); 2572 } else { 2573 err = SET_ERROR(EINVAL); 2574 } 2575 } else if (err == 0) { 2576 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2577 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2578 err = SET_ERROR(EINVAL); 2579 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2580 const char *unused; 2581 2582 intval = fnvpair_value_uint64(propval); 2583 2584 switch (zfs_prop_get_type(prop)) { 2585 case PROP_TYPE_NUMBER: 2586 break; 2587 case PROP_TYPE_STRING: 2588 err = SET_ERROR(EINVAL); 2589 break; 2590 case PROP_TYPE_INDEX: 2591 if (zfs_prop_index_to_string(prop, 2592 intval, &unused) != 0) 2593 err = SET_ERROR(EINVAL); 2594 break; 2595 default: 2596 cmn_err(CE_PANIC, 2597 "unknown property type"); 2598 } 2599 } else { 2600 err = SET_ERROR(EINVAL); 2601 } 2602 } 2603 2604 /* Validate permissions */ 2605 if (err == 0) 2606 err = zfs_check_settable(dsname, pair, CRED()); 2607 2608 if (err == 0) { 2609 err = zfs_prop_set_special(dsname, source, pair); 2610 if (err == -1) { 2611 /* 2612 * For better performance we build up a list of 2613 * properties to set in a single transaction. 2614 */ 2615 err = nvlist_add_nvpair(genericnvl, pair); 2616 } else if (err != 0 && nvl != retrynvl) { 2617 /* 2618 * This may be a spurious error caused by 2619 * receiving quota and reservation out of order. 2620 * Try again in a second pass. 2621 */ 2622 err = nvlist_add_nvpair(retrynvl, pair); 2623 } 2624 } 2625 2626 if (err != 0) { 2627 if (errlist != NULL) 2628 fnvlist_add_int32(errlist, propname, err); 2629 rv = err; 2630 } 2631 } 2632 2633 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2634 nvl = retrynvl; 2635 goto retry; 2636 } 2637 2638 if (!nvlist_empty(genericnvl) && 2639 dsl_props_set(dsname, source, genericnvl) != 0) { 2640 /* 2641 * If this fails, we still want to set as many properties as we 2642 * can, so try setting them individually. 2643 */ 2644 pair = NULL; 2645 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2646 const char *propname = nvpair_name(pair); 2647 int err = 0; 2648 2649 propval = pair; 2650 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2651 nvlist_t *attrs; 2652 attrs = fnvpair_value_nvlist(pair); 2653 propval = fnvlist_lookup_nvpair(attrs, 2654 ZPROP_VALUE); 2655 } 2656 2657 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2658 strval = fnvpair_value_string(propval); 2659 err = dsl_prop_set_string(dsname, propname, 2660 source, strval); 2661 } else { 2662 intval = fnvpair_value_uint64(propval); 2663 err = dsl_prop_set_int(dsname, propname, source, 2664 intval); 2665 } 2666 2667 if (err != 0) { 2668 if (errlist != NULL) { 2669 fnvlist_add_int32(errlist, propname, 2670 err); 2671 } 2672 rv = err; 2673 } 2674 } 2675 } 2676 nvlist_free(genericnvl); 2677 nvlist_free(retrynvl); 2678 2679 return (rv); 2680} 2681 2682/* 2683 * Check that all the properties are valid user properties. 2684 */ 2685static int 2686zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2687{ 2688 nvpair_t *pair = NULL; 2689 int error = 0; 2690 2691 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2692 const char *propname = nvpair_name(pair); 2693 2694 if (!zfs_prop_user(propname) || 2695 nvpair_type(pair) != DATA_TYPE_STRING) 2696 return (SET_ERROR(EINVAL)); 2697 2698 if (error = zfs_secpolicy_write_perms(fsname, 2699 ZFS_DELEG_PERM_USERPROP, CRED())) 2700 return (error); 2701 2702 if (strlen(propname) >= ZAP_MAXNAMELEN) 2703 return (SET_ERROR(ENAMETOOLONG)); 2704 2705 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2706 return (E2BIG); 2707 } 2708 return (0); 2709} 2710 2711static void 2712props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2713{ 2714 nvpair_t *pair; 2715 2716 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2717 2718 pair = NULL; 2719 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2720 if (nvlist_exists(skipped, nvpair_name(pair))) 2721 continue; 2722 2723 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2724 } 2725} 2726 2727static int 2728clear_received_props(const char *dsname, nvlist_t *props, 2729 nvlist_t *skipped) 2730{ 2731 int err = 0; 2732 nvlist_t *cleared_props = NULL; 2733 props_skip(props, skipped, &cleared_props); 2734 if (!nvlist_empty(cleared_props)) { 2735 /* 2736 * Acts on local properties until the dataset has received 2737 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2738 */ 2739 zprop_source_t flags = (ZPROP_SRC_NONE | 2740 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2741 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2742 } 2743 nvlist_free(cleared_props); 2744 return (err); 2745} 2746 2747/* 2748 * inputs: 2749 * zc_name name of filesystem 2750 * zc_value name of property to set 2751 * zc_nvlist_src{_size} nvlist of properties to apply 2752 * zc_cookie received properties flag 2753 * 2754 * outputs: 2755 * zc_nvlist_dst{_size} error for each unapplied received property 2756 */ 2757static int 2758zfs_ioc_set_prop(zfs_cmd_t *zc) 2759{ 2760 nvlist_t *nvl; 2761 boolean_t received = zc->zc_cookie; 2762 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2763 ZPROP_SRC_LOCAL); 2764 nvlist_t *errors; 2765 int error; 2766 2767 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2768 zc->zc_iflags, &nvl)) != 0) 2769 return (error); 2770 2771 if (received) { 2772 nvlist_t *origprops; 2773 2774 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2775 (void) clear_received_props(zc->zc_name, 2776 origprops, nvl); 2777 nvlist_free(origprops); 2778 } 2779 2780 error = dsl_prop_set_hasrecvd(zc->zc_name); 2781 } 2782 2783 errors = fnvlist_alloc(); 2784 if (error == 0) 2785 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2786 2787 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2788 (void) put_nvlist(zc, errors); 2789 } 2790 2791 nvlist_free(errors); 2792 nvlist_free(nvl); 2793 return (error); 2794} 2795 2796/* 2797 * inputs: 2798 * zc_name name of filesystem 2799 * zc_value name of property to inherit 2800 * zc_cookie revert to received value if TRUE 2801 * 2802 * outputs: none 2803 */ 2804static int 2805zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2806{ 2807 const char *propname = zc->zc_value; 2808 zfs_prop_t prop = zfs_name_to_prop(propname); 2809 boolean_t received = zc->zc_cookie; 2810 zprop_source_t source = (received 2811 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2812 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2813 2814 if (received) { 2815 nvlist_t *dummy; 2816 nvpair_t *pair; 2817 zprop_type_t type; 2818 int err; 2819 2820 /* 2821 * zfs_prop_set_special() expects properties in the form of an 2822 * nvpair with type info. 2823 */ 2824 if (prop == ZPROP_INVAL) { 2825 if (!zfs_prop_user(propname)) 2826 return (SET_ERROR(EINVAL)); 2827 2828 type = PROP_TYPE_STRING; 2829 } else if (prop == ZFS_PROP_VOLSIZE || 2830 prop == ZFS_PROP_VERSION) { 2831 return (SET_ERROR(EINVAL)); 2832 } else { 2833 type = zfs_prop_get_type(prop); 2834 } 2835 2836 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2837 2838 switch (type) { 2839 case PROP_TYPE_STRING: 2840 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2841 break; 2842 case PROP_TYPE_NUMBER: 2843 case PROP_TYPE_INDEX: 2844 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2845 break; 2846 default: 2847 nvlist_free(dummy); 2848 return (SET_ERROR(EINVAL)); 2849 } 2850 2851 pair = nvlist_next_nvpair(dummy, NULL); 2852 err = zfs_prop_set_special(zc->zc_name, source, pair); 2853 nvlist_free(dummy); 2854 if (err != -1) 2855 return (err); /* special property already handled */ 2856 } else { 2857 /* 2858 * Only check this in the non-received case. We want to allow 2859 * 'inherit -S' to revert non-inheritable properties like quota 2860 * and reservation to the received or default values even though 2861 * they are not considered inheritable. 2862 */ 2863 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2864 return (SET_ERROR(EINVAL)); 2865 } 2866 2867 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2868 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2869} 2870 2871static int 2872zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2873{ 2874 nvlist_t *props; 2875 spa_t *spa; 2876 int error; 2877 nvpair_t *pair; 2878 2879 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2880 zc->zc_iflags, &props)) 2881 return (error); 2882 2883 /* 2884 * If the only property is the configfile, then just do a spa_lookup() 2885 * to handle the faulted case. 2886 */ 2887 pair = nvlist_next_nvpair(props, NULL); 2888 if (pair != NULL && strcmp(nvpair_name(pair), 2889 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2890 nvlist_next_nvpair(props, pair) == NULL) { 2891 mutex_enter(&spa_namespace_lock); 2892 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2893 spa_configfile_set(spa, props, B_FALSE); 2894 spa_config_sync(spa, B_FALSE, B_TRUE); 2895 } 2896 mutex_exit(&spa_namespace_lock); 2897 if (spa != NULL) { 2898 nvlist_free(props); 2899 return (0); 2900 } 2901 } 2902 2903 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2904 nvlist_free(props); 2905 return (error); 2906 } 2907 2908 error = spa_prop_set(spa, props); 2909 2910 nvlist_free(props); 2911 spa_close(spa, FTAG); 2912 2913 return (error); 2914} 2915 2916static int 2917zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2918{ 2919 spa_t *spa; 2920 int error; 2921 nvlist_t *nvp = NULL; 2922 2923 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2924 /* 2925 * If the pool is faulted, there may be properties we can still 2926 * get (such as altroot and cachefile), so attempt to get them 2927 * anyway. 2928 */ 2929 mutex_enter(&spa_namespace_lock); 2930 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2931 error = spa_prop_get(spa, &nvp); 2932 mutex_exit(&spa_namespace_lock); 2933 } else { 2934 error = spa_prop_get(spa, &nvp); 2935 spa_close(spa, FTAG); 2936 } 2937 2938 if (error == 0 && zc->zc_nvlist_dst != 0) 2939 error = put_nvlist(zc, nvp); 2940 else 2941 error = SET_ERROR(EFAULT); 2942 2943 nvlist_free(nvp); 2944 return (error); 2945} 2946 2947/* 2948 * inputs: 2949 * zc_name name of filesystem 2950 * zc_nvlist_src{_size} nvlist of delegated permissions 2951 * zc_perm_action allow/unallow flag 2952 * 2953 * outputs: none 2954 */ 2955static int 2956zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2957{ 2958 int error; 2959 nvlist_t *fsaclnv = NULL; 2960 2961 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2962 zc->zc_iflags, &fsaclnv)) != 0) 2963 return (error); 2964 2965 /* 2966 * Verify nvlist is constructed correctly 2967 */ 2968 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2969 nvlist_free(fsaclnv); 2970 return (SET_ERROR(EINVAL)); 2971 } 2972 2973 /* 2974 * If we don't have PRIV_SYS_MOUNT, then validate 2975 * that user is allowed to hand out each permission in 2976 * the nvlist(s) 2977 */ 2978 2979 error = secpolicy_zfs(CRED()); 2980 if (error != 0) { 2981 if (zc->zc_perm_action == B_FALSE) { 2982 error = dsl_deleg_can_allow(zc->zc_name, 2983 fsaclnv, CRED()); 2984 } else { 2985 error = dsl_deleg_can_unallow(zc->zc_name, 2986 fsaclnv, CRED()); 2987 } 2988 } 2989 2990 if (error == 0) 2991 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 2992 2993 nvlist_free(fsaclnv); 2994 return (error); 2995} 2996 2997/* 2998 * inputs: 2999 * zc_name name of filesystem 3000 * 3001 * outputs: 3002 * zc_nvlist_src{_size} nvlist of delegated permissions 3003 */ 3004static int 3005zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3006{ 3007 nvlist_t *nvp; 3008 int error; 3009 3010 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3011 error = put_nvlist(zc, nvp); 3012 nvlist_free(nvp); 3013 } 3014 3015 return (error); 3016} 3017 3018/* 3019 * Search the vfs list for a specified resource. Returns a pointer to it 3020 * or NULL if no suitable entry is found. The caller of this routine 3021 * is responsible for releasing the returned vfs pointer. 3022 */ 3023static vfs_t * 3024zfs_get_vfs(const char *resource) 3025{ 3026 vfs_t *vfsp; 3027 3028 mtx_lock(&mountlist_mtx); 3029 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) { 3030 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3031 if (vfs_busy(vfsp, MBF_MNTLSTLOCK) != 0) 3032 vfsp = NULL; 3033 break; 3034 } 3035 } 3036 if (vfsp == NULL) 3037 mtx_unlock(&mountlist_mtx); 3038 return (vfsp); 3039} 3040 3041/* ARGSUSED */ 3042static void 3043zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3044{ 3045 zfs_creat_t *zct = arg; 3046 3047 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3048} 3049 3050#define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3051 3052/* 3053 * inputs: 3054 * os parent objset pointer (NULL if root fs) 3055 * fuids_ok fuids allowed in this version of the spa? 3056 * sa_ok SAs allowed in this version of the spa? 3057 * createprops list of properties requested by creator 3058 * 3059 * outputs: 3060 * zplprops values for the zplprops we attach to the master node object 3061 * is_ci true if requested file system will be purely case-insensitive 3062 * 3063 * Determine the settings for utf8only, normalization and 3064 * casesensitivity. Specific values may have been requested by the 3065 * creator and/or we can inherit values from the parent dataset. If 3066 * the file system is of too early a vintage, a creator can not 3067 * request settings for these properties, even if the requested 3068 * setting is the default value. We don't actually want to create dsl 3069 * properties for these, so remove them from the source nvlist after 3070 * processing. 3071 */ 3072static int 3073zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3074 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3075 nvlist_t *zplprops, boolean_t *is_ci) 3076{ 3077 uint64_t sense = ZFS_PROP_UNDEFINED; 3078 uint64_t norm = ZFS_PROP_UNDEFINED; 3079 uint64_t u8 = ZFS_PROP_UNDEFINED; 3080 3081 ASSERT(zplprops != NULL); 3082 3083 /* 3084 * Pull out creator prop choices, if any. 3085 */ 3086 if (createprops) { 3087 (void) nvlist_lookup_uint64(createprops, 3088 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3089 (void) nvlist_lookup_uint64(createprops, 3090 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3091 (void) nvlist_remove_all(createprops, 3092 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3093 (void) nvlist_lookup_uint64(createprops, 3094 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3095 (void) nvlist_remove_all(createprops, 3096 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3097 (void) nvlist_lookup_uint64(createprops, 3098 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3099 (void) nvlist_remove_all(createprops, 3100 zfs_prop_to_name(ZFS_PROP_CASE)); 3101 } 3102 3103 /* 3104 * If the zpl version requested is whacky or the file system 3105 * or pool is version is too "young" to support normalization 3106 * and the creator tried to set a value for one of the props, 3107 * error out. 3108 */ 3109 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3110 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3111 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3112 (zplver < ZPL_VERSION_NORMALIZATION && 3113 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3114 sense != ZFS_PROP_UNDEFINED))) 3115 return (SET_ERROR(ENOTSUP)); 3116 3117 /* 3118 * Put the version in the zplprops 3119 */ 3120 VERIFY(nvlist_add_uint64(zplprops, 3121 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3122 3123 if (norm == ZFS_PROP_UNDEFINED) 3124 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3125 VERIFY(nvlist_add_uint64(zplprops, 3126 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3127 3128 /* 3129 * If we're normalizing, names must always be valid UTF-8 strings. 3130 */ 3131 if (norm) 3132 u8 = 1; 3133 if (u8 == ZFS_PROP_UNDEFINED) 3134 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3135 VERIFY(nvlist_add_uint64(zplprops, 3136 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3137 3138 if (sense == ZFS_PROP_UNDEFINED) 3139 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3140 VERIFY(nvlist_add_uint64(zplprops, 3141 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3142 3143 if (is_ci) 3144 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3145 3146 return (0); 3147} 3148 3149static int 3150zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3151 nvlist_t *zplprops, boolean_t *is_ci) 3152{ 3153 boolean_t fuids_ok, sa_ok; 3154 uint64_t zplver = ZPL_VERSION; 3155 objset_t *os = NULL; 3156 char parentname[MAXNAMELEN]; 3157 char *cp; 3158 spa_t *spa; 3159 uint64_t spa_vers; 3160 int error; 3161 3162 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3163 cp = strrchr(parentname, '/'); 3164 ASSERT(cp != NULL); 3165 cp[0] = '\0'; 3166 3167 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3168 return (error); 3169 3170 spa_vers = spa_version(spa); 3171 spa_close(spa, FTAG); 3172 3173 zplver = zfs_zpl_version_map(spa_vers); 3174 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3175 sa_ok = (zplver >= ZPL_VERSION_SA); 3176 3177 /* 3178 * Open parent object set so we can inherit zplprop values. 3179 */ 3180 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3181 return (error); 3182 3183 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3184 zplprops, is_ci); 3185 dmu_objset_rele(os, FTAG); 3186 return (error); 3187} 3188 3189static int 3190zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3191 nvlist_t *zplprops, boolean_t *is_ci) 3192{ 3193 boolean_t fuids_ok; 3194 boolean_t sa_ok; 3195 uint64_t zplver = ZPL_VERSION; 3196 int error; 3197 3198 zplver = zfs_zpl_version_map(spa_vers); 3199 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3200 sa_ok = (zplver >= ZPL_VERSION_SA); 3201 3202 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3203 createprops, zplprops, is_ci); 3204 return (error); 3205} 3206 3207/* 3208 * innvl: { 3209 * "type" -> dmu_objset_type_t (int32) 3210 * (optional) "props" -> { prop -> value } 3211 * } 3212 * 3213 * outnvl: propname -> error code (int32) 3214 */ 3215static int 3216zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3217{ 3218 int error = 0; 3219 zfs_creat_t zct = { 0 }; 3220 nvlist_t *nvprops = NULL; 3221 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3222 int32_t type32; 3223 dmu_objset_type_t type; 3224 boolean_t is_insensitive = B_FALSE; 3225 3226 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3227 return (SET_ERROR(EINVAL)); 3228 type = type32; 3229 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3230 3231 switch (type) { 3232 case DMU_OST_ZFS: 3233 cbfunc = zfs_create_cb; 3234 break; 3235 3236 case DMU_OST_ZVOL: 3237 cbfunc = zvol_create_cb; 3238 break; 3239 3240 default: 3241 cbfunc = NULL; 3242 break; 3243 } 3244 if (strchr(fsname, '@') || 3245 strchr(fsname, '%')) 3246 return (SET_ERROR(EINVAL)); 3247 3248 zct.zct_props = nvprops; 3249 3250 if (cbfunc == NULL) 3251 return (SET_ERROR(EINVAL)); 3252 3253 if (type == DMU_OST_ZVOL) { 3254 uint64_t volsize, volblocksize; 3255 3256 if (nvprops == NULL) 3257 return (SET_ERROR(EINVAL)); 3258 if (nvlist_lookup_uint64(nvprops, 3259 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3260 return (SET_ERROR(EINVAL)); 3261 3262 if ((error = nvlist_lookup_uint64(nvprops, 3263 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3264 &volblocksize)) != 0 && error != ENOENT) 3265 return (SET_ERROR(EINVAL)); 3266 3267 if (error != 0) 3268 volblocksize = zfs_prop_default_numeric( 3269 ZFS_PROP_VOLBLOCKSIZE); 3270 3271 if ((error = zvol_check_volblocksize( 3272 volblocksize)) != 0 || 3273 (error = zvol_check_volsize(volsize, 3274 volblocksize)) != 0) 3275 return (error); 3276 } else if (type == DMU_OST_ZFS) { 3277 int error; 3278 3279 /* 3280 * We have to have normalization and 3281 * case-folding flags correct when we do the 3282 * file system creation, so go figure them out 3283 * now. 3284 */ 3285 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3286 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3287 error = zfs_fill_zplprops(fsname, nvprops, 3288 zct.zct_zplprops, &is_insensitive); 3289 if (error != 0) { 3290 nvlist_free(zct.zct_zplprops); 3291 return (error); 3292 } 3293 } 3294 3295 error = dmu_objset_create(fsname, type, 3296 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3297 nvlist_free(zct.zct_zplprops); 3298 3299 /* 3300 * It would be nice to do this atomically. 3301 */ 3302 if (error == 0) { 3303 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3304 nvprops, outnvl); 3305 if (error != 0) 3306 (void) dsl_destroy_head(fsname); 3307 } 3308#ifdef __FreeBSD__ 3309 if (error == 0 && type == DMU_OST_ZVOL) 3310 zvol_create_minors(fsname); 3311#endif 3312 return (error); 3313} 3314 3315/* 3316 * innvl: { 3317 * "origin" -> name of origin snapshot 3318 * (optional) "props" -> { prop -> value } 3319 * } 3320 * 3321 * outnvl: propname -> error code (int32) 3322 */ 3323static int 3324zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3325{ 3326 int error = 0; 3327 nvlist_t *nvprops = NULL; 3328 char *origin_name; 3329 3330 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3331 return (SET_ERROR(EINVAL)); 3332 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3333 3334 if (strchr(fsname, '@') || 3335 strchr(fsname, '%')) 3336 return (SET_ERROR(EINVAL)); 3337 3338 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3339 return (SET_ERROR(EINVAL)); 3340 error = dmu_objset_clone(fsname, origin_name); 3341 if (error != 0) 3342 return (error); 3343 3344 /* 3345 * It would be nice to do this atomically. 3346 */ 3347 if (error == 0) { 3348 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3349 nvprops, outnvl); 3350 if (error != 0) 3351 (void) dsl_destroy_head(fsname); 3352 } 3353#ifdef __FreeBSD__ 3354 if (error == 0) 3355 zvol_create_minors(fsname); 3356#endif 3357 return (error); 3358} 3359 3360/* 3361 * innvl: { 3362 * "snaps" -> { snapshot1, snapshot2 } 3363 * (optional) "props" -> { prop -> value (string) } 3364 * } 3365 * 3366 * outnvl: snapshot -> error code (int32) 3367 */ 3368static int 3369zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3370{ 3371 nvlist_t *snaps; 3372 nvlist_t *props = NULL; 3373 int error, poollen; 3374 nvpair_t *pair; 3375 3376 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3377 if ((error = zfs_check_userprops(poolname, props)) != 0) 3378 return (error); 3379 3380 if (!nvlist_empty(props) && 3381 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3382 return (SET_ERROR(ENOTSUP)); 3383 3384 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3385 return (SET_ERROR(EINVAL)); 3386 poollen = strlen(poolname); 3387 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3388 pair = nvlist_next_nvpair(snaps, pair)) { 3389 const char *name = nvpair_name(pair); 3390 const char *cp = strchr(name, '@'); 3391 3392 /* 3393 * The snap name must contain an @, and the part after it must 3394 * contain only valid characters. 3395 */ 3396 if (cp == NULL || 3397 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3398 return (SET_ERROR(EINVAL)); 3399 3400 /* 3401 * The snap must be in the specified pool. 3402 */ 3403 if (strncmp(name, poolname, poollen) != 0 || 3404 (name[poollen] != '/' && name[poollen] != '@')) 3405 return (SET_ERROR(EXDEV)); 3406 3407 /* This must be the only snap of this fs. */ 3408 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3409 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3410 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3411 == 0) { 3412 return (SET_ERROR(EXDEV)); 3413 } 3414 } 3415 } 3416 3417 error = dsl_dataset_snapshot(snaps, props, outnvl); 3418 return (error); 3419} 3420 3421/* 3422 * innvl: "message" -> string 3423 */ 3424/* ARGSUSED */ 3425static int 3426zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3427{ 3428 char *message; 3429 spa_t *spa; 3430 int error; 3431 char *poolname; 3432 3433 /* 3434 * The poolname in the ioctl is not set, we get it from the TSD, 3435 * which was set at the end of the last successful ioctl that allows 3436 * logging. The secpolicy func already checked that it is set. 3437 * Only one log ioctl is allowed after each successful ioctl, so 3438 * we clear the TSD here. 3439 */ 3440 poolname = tsd_get(zfs_allow_log_key); 3441 (void) tsd_set(zfs_allow_log_key, NULL); 3442 error = spa_open(poolname, &spa, FTAG); 3443 strfree(poolname); 3444 if (error != 0) 3445 return (error); 3446 3447 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3448 spa_close(spa, FTAG); 3449 return (SET_ERROR(EINVAL)); 3450 } 3451 3452 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3453 spa_close(spa, FTAG); 3454 return (SET_ERROR(ENOTSUP)); 3455 } 3456 3457 error = spa_history_log(spa, message); 3458 spa_close(spa, FTAG); 3459 return (error); 3460} 3461 3462/* 3463 * The dp_config_rwlock must not be held when calling this, because the 3464 * unmount may need to write out data. 3465 * 3466 * This function is best-effort. Callers must deal gracefully if it 3467 * remains mounted (or is remounted after this call). 3468 * 3469 * Returns 0 if the argument is not a snapshot, or it is not currently a 3470 * filesystem, or we were able to unmount it. Returns error code otherwise. 3471 */ 3472int 3473zfs_unmount_snap(const char *snapname) 3474{ 3475 vfs_t *vfsp; 3476 zfsvfs_t *zfsvfs; 3477 int err; 3478 3479 if (strchr(snapname, '@') == NULL) 3480 return (0); 3481 3482 vfsp = zfs_get_vfs(snapname); 3483 if (vfsp == NULL) 3484 return (0); 3485 3486 zfsvfs = vfsp->vfs_data; 3487 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3488 3489 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3490#ifdef illumos 3491 VFS_RELE(vfsp); 3492#else 3493 vfs_unbusy(vfsp); 3494#endif 3495 if (err != 0) 3496 return (SET_ERROR(err)); 3497 3498 /* 3499 * Always force the unmount for snapshots. 3500 */ 3501 3502#ifdef illumos 3503 (void) dounmount(vfsp, MS_FORCE, kcred); 3504#else 3505 vfs_ref(vfsp); 3506 (void) dounmount(vfsp, MS_FORCE, curthread); 3507#endif 3508 return (0); 3509} 3510 3511/* ARGSUSED */ 3512static int 3513zfs_unmount_snap_cb(const char *snapname, void *arg) 3514{ 3515 return (zfs_unmount_snap(snapname)); 3516} 3517 3518/* 3519 * When a clone is destroyed, its origin may also need to be destroyed, 3520 * in which case it must be unmounted. This routine will do that unmount 3521 * if necessary. 3522 */ 3523void 3524zfs_destroy_unmount_origin(const char *fsname) 3525{ 3526 int error; 3527 objset_t *os; 3528 dsl_dataset_t *ds; 3529 3530 error = dmu_objset_hold(fsname, FTAG, &os); 3531 if (error != 0) 3532 return; 3533 ds = dmu_objset_ds(os); 3534 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3535 char originname[MAXNAMELEN]; 3536 dsl_dataset_name(ds->ds_prev, originname); 3537 dmu_objset_rele(os, FTAG); 3538 (void) zfs_unmount_snap(originname); 3539 } else { 3540 dmu_objset_rele(os, FTAG); 3541 } 3542} 3543 3544/* 3545 * innvl: { 3546 * "snaps" -> { snapshot1, snapshot2 } 3547 * (optional boolean) "defer" 3548 * } 3549 * 3550 * outnvl: snapshot -> error code (int32) 3551 * 3552 */ 3553/* ARGSUSED */ 3554static int 3555zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3556{ 3557 int error, poollen; 3558 nvlist_t *snaps; 3559 nvpair_t *pair; 3560 boolean_t defer; 3561 3562 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3563 return (SET_ERROR(EINVAL)); 3564 defer = nvlist_exists(innvl, "defer"); 3565 3566 poollen = strlen(poolname); 3567 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3568 pair = nvlist_next_nvpair(snaps, pair)) { 3569 const char *name = nvpair_name(pair); 3570 3571 /* 3572 * The snap must be in the specified pool to prevent the 3573 * invalid removal of zvol minors below. 3574 */ 3575 if (strncmp(name, poolname, poollen) != 0 || 3576 (name[poollen] != '/' && name[poollen] != '@')) 3577 return (SET_ERROR(EXDEV)); 3578 3579 error = zfs_unmount_snap(name); 3580 if (error != 0) 3581 return (error); 3582#if defined(__FreeBSD__) 3583 zvol_remove_minors(name); 3584#endif 3585 } 3586 3587 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3588} 3589 3590/* 3591 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3592 * All bookmarks must be in the same pool. 3593 * 3594 * innvl: { 3595 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3596 * } 3597 * 3598 * outnvl: bookmark -> error code (int32) 3599 * 3600 */ 3601/* ARGSUSED */ 3602static int 3603zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3604{ 3605 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3606 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3607 char *snap_name; 3608 3609 /* 3610 * Verify the snapshot argument. 3611 */ 3612 if (nvpair_value_string(pair, &snap_name) != 0) 3613 return (SET_ERROR(EINVAL)); 3614 3615 3616 /* Verify that the keys (bookmarks) are unique */ 3617 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3618 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3619 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3620 return (SET_ERROR(EINVAL)); 3621 } 3622 } 3623 3624 return (dsl_bookmark_create(innvl, outnvl)); 3625} 3626 3627/* 3628 * innvl: { 3629 * property 1, property 2, ... 3630 * } 3631 * 3632 * outnvl: { 3633 * bookmark name 1 -> { property 1, property 2, ... }, 3634 * bookmark name 2 -> { property 1, property 2, ... } 3635 * } 3636 * 3637 */ 3638static int 3639zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3640{ 3641 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3642} 3643 3644/* 3645 * innvl: { 3646 * bookmark name 1, bookmark name 2 3647 * } 3648 * 3649 * outnvl: bookmark -> error code (int32) 3650 * 3651 */ 3652static int 3653zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3654 nvlist_t *outnvl) 3655{ 3656 int error, poollen; 3657 3658 poollen = strlen(poolname); 3659 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3660 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3661 const char *name = nvpair_name(pair); 3662 const char *cp = strchr(name, '#'); 3663 3664 /* 3665 * The bookmark name must contain an #, and the part after it 3666 * must contain only valid characters. 3667 */ 3668 if (cp == NULL || 3669 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3670 return (SET_ERROR(EINVAL)); 3671 3672 /* 3673 * The bookmark must be in the specified pool. 3674 */ 3675 if (strncmp(name, poolname, poollen) != 0 || 3676 (name[poollen] != '/' && name[poollen] != '#')) 3677 return (SET_ERROR(EXDEV)); 3678 } 3679 3680 error = dsl_bookmark_destroy(innvl, outnvl); 3681 return (error); 3682} 3683 3684/* 3685 * inputs: 3686 * zc_name name of dataset to destroy 3687 * zc_objset_type type of objset 3688 * zc_defer_destroy mark for deferred destroy 3689 * 3690 * outputs: none 3691 */ 3692static int 3693zfs_ioc_destroy(zfs_cmd_t *zc) 3694{ 3695 int err; 3696 3697 if (zc->zc_objset_type == DMU_OST_ZFS) { 3698 err = zfs_unmount_snap(zc->zc_name); 3699 if (err != 0) 3700 return (err); 3701 } 3702 3703 if (strchr(zc->zc_name, '@')) 3704 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3705 else 3706 err = dsl_destroy_head(zc->zc_name); 3707 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3708#ifdef __FreeBSD__ 3709 zvol_remove_minors(zc->zc_name); 3710#else 3711 (void) zvol_remove_minor(zc->zc_name); 3712#endif 3713 return (err); 3714} 3715 3716/* 3717 * fsname is name of dataset to rollback (to most recent snapshot) 3718 * 3719 * innvl is not used. 3720 * 3721 * outnvl: "target" -> name of most recent snapshot 3722 * } 3723 */ 3724/* ARGSUSED */ 3725static int 3726zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl) 3727{ 3728 zfsvfs_t *zfsvfs; 3729 int error; 3730 3731 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3732 error = zfs_suspend_fs(zfsvfs); 3733 if (error == 0) { 3734 int resume_err; 3735 3736 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl); 3737 resume_err = zfs_resume_fs(zfsvfs, fsname); 3738 error = error ? error : resume_err; 3739 } 3740#ifdef illumos 3741 VFS_RELE(zfsvfs->z_vfs); 3742#else 3743 vfs_unbusy(zfsvfs->z_vfs); 3744#endif 3745 } else { 3746 error = dsl_dataset_rollback(fsname, NULL, outnvl); 3747 } 3748 return (error); 3749} 3750 3751static int 3752recursive_unmount(const char *fsname, void *arg) 3753{ 3754 const char *snapname = arg; 3755 char fullname[MAXNAMELEN]; 3756 3757 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3758 return (zfs_unmount_snap(fullname)); 3759} 3760 3761/* 3762 * inputs: 3763 * zc_name old name of dataset 3764 * zc_value new name of dataset 3765 * zc_cookie recursive flag (only valid for snapshots) 3766 * 3767 * outputs: none 3768 */ 3769static int 3770zfs_ioc_rename(zfs_cmd_t *zc) 3771{ 3772 boolean_t recursive = zc->zc_cookie & 1; 3773 char *at; 3774 boolean_t allow_mounted = B_TRUE; 3775 3776#ifdef __FreeBSD__ 3777 allow_mounted = (zc->zc_cookie & 2) != 0; 3778#endif 3779 3780 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3781 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3782 strchr(zc->zc_value, '%')) 3783 return (SET_ERROR(EINVAL)); 3784 3785 at = strchr(zc->zc_name, '@'); 3786 if (at != NULL) { 3787 /* snaps must be in same fs */ 3788 int error; 3789 3790 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 3791 return (SET_ERROR(EXDEV)); 3792 *at = '\0'; 3793 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) { 3794 error = dmu_objset_find(zc->zc_name, 3795 recursive_unmount, at + 1, 3796 recursive ? DS_FIND_CHILDREN : 0); 3797 if (error != 0) { 3798 *at = '@'; 3799 return (error); 3800 } 3801 } 3802 error = dsl_dataset_rename_snapshot(zc->zc_name, 3803 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 3804 *at = '@'; 3805 3806 return (error); 3807 } else { 3808#ifdef illumos 3809 if (zc->zc_objset_type == DMU_OST_ZVOL) 3810 (void) zvol_remove_minor(zc->zc_name); 3811#endif 3812 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 3813 } 3814} 3815 3816static int 3817zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3818{ 3819 const char *propname = nvpair_name(pair); 3820 boolean_t issnap = (strchr(dsname, '@') != NULL); 3821 zfs_prop_t prop = zfs_name_to_prop(propname); 3822 uint64_t intval; 3823 int err; 3824 3825 if (prop == ZPROP_INVAL) { 3826 if (zfs_prop_user(propname)) { 3827 if (err = zfs_secpolicy_write_perms(dsname, 3828 ZFS_DELEG_PERM_USERPROP, cr)) 3829 return (err); 3830 return (0); 3831 } 3832 3833 if (!issnap && zfs_prop_userquota(propname)) { 3834 const char *perm = NULL; 3835 const char *uq_prefix = 3836 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3837 const char *gq_prefix = 3838 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3839 3840 if (strncmp(propname, uq_prefix, 3841 strlen(uq_prefix)) == 0) { 3842 perm = ZFS_DELEG_PERM_USERQUOTA; 3843 } else if (strncmp(propname, gq_prefix, 3844 strlen(gq_prefix)) == 0) { 3845 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3846 } else { 3847 /* USERUSED and GROUPUSED are read-only */ 3848 return (SET_ERROR(EINVAL)); 3849 } 3850 3851 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3852 return (err); 3853 return (0); 3854 } 3855 3856 return (SET_ERROR(EINVAL)); 3857 } 3858 3859 if (issnap) 3860 return (SET_ERROR(EINVAL)); 3861 3862 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3863 /* 3864 * dsl_prop_get_all_impl() returns properties in this 3865 * format. 3866 */ 3867 nvlist_t *attrs; 3868 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3869 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3870 &pair) == 0); 3871 } 3872 3873 /* 3874 * Check that this value is valid for this pool version 3875 */ 3876 switch (prop) { 3877 case ZFS_PROP_COMPRESSION: 3878 /* 3879 * If the user specified gzip compression, make sure 3880 * the SPA supports it. We ignore any errors here since 3881 * we'll catch them later. 3882 */ 3883 if (nvpair_value_uint64(pair, &intval) == 0) { 3884 if (intval >= ZIO_COMPRESS_GZIP_1 && 3885 intval <= ZIO_COMPRESS_GZIP_9 && 3886 zfs_earlier_version(dsname, 3887 SPA_VERSION_GZIP_COMPRESSION)) { 3888 return (SET_ERROR(ENOTSUP)); 3889 } 3890 3891 if (intval == ZIO_COMPRESS_ZLE && 3892 zfs_earlier_version(dsname, 3893 SPA_VERSION_ZLE_COMPRESSION)) 3894 return (SET_ERROR(ENOTSUP)); 3895 3896 if (intval == ZIO_COMPRESS_LZ4) { 3897 spa_t *spa; 3898 3899 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 3900 return (err); 3901 3902 if (!spa_feature_is_enabled(spa, 3903 SPA_FEATURE_LZ4_COMPRESS)) { 3904 spa_close(spa, FTAG); 3905 return (SET_ERROR(ENOTSUP)); 3906 } 3907 spa_close(spa, FTAG); 3908 } 3909 3910 /* 3911 * If this is a bootable dataset then 3912 * verify that the compression algorithm 3913 * is supported for booting. We must return 3914 * something other than ENOTSUP since it 3915 * implies a downrev pool version. 3916 */ 3917 if (zfs_is_bootfs(dsname) && 3918 !BOOTFS_COMPRESS_VALID(intval)) { 3919 return (SET_ERROR(ERANGE)); 3920 } 3921 } 3922 break; 3923 3924 case ZFS_PROP_COPIES: 3925 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3926 return (SET_ERROR(ENOTSUP)); 3927 break; 3928 3929 case ZFS_PROP_RECORDSIZE: 3930 /* Record sizes above 128k need the feature to be enabled */ 3931 if (nvpair_value_uint64(pair, &intval) == 0 && 3932 intval > SPA_OLD_MAXBLOCKSIZE) { 3933 spa_t *spa; 3934 3935 /* 3936 * If this is a bootable dataset then 3937 * the we don't allow large (>128K) blocks, 3938 * because GRUB doesn't support them. 3939 */ 3940 if (zfs_is_bootfs(dsname) && 3941 intval > SPA_OLD_MAXBLOCKSIZE) { 3942 return (SET_ERROR(ERANGE)); 3943 } 3944 3945 /* 3946 * We don't allow setting the property above 1MB, 3947 * unless the tunable has been changed. 3948 */ 3949 if (intval > zfs_max_recordsize || 3950 intval > SPA_MAXBLOCKSIZE) 3951 return (SET_ERROR(ERANGE)); 3952 3953 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 3954 return (err); 3955 3956 if (!spa_feature_is_enabled(spa, 3957 SPA_FEATURE_LARGE_BLOCKS)) { 3958 spa_close(spa, FTAG); 3959 return (SET_ERROR(ENOTSUP)); 3960 } 3961 spa_close(spa, FTAG); 3962 } 3963 break; 3964 3965 case ZFS_PROP_SHARESMB: 3966 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 3967 return (SET_ERROR(ENOTSUP)); 3968 break; 3969 3970 case ZFS_PROP_ACLINHERIT: 3971 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 3972 nvpair_value_uint64(pair, &intval) == 0) { 3973 if (intval == ZFS_ACL_PASSTHROUGH_X && 3974 zfs_earlier_version(dsname, 3975 SPA_VERSION_PASSTHROUGH_X)) 3976 return (SET_ERROR(ENOTSUP)); 3977 } 3978 break; 3979 3980 case ZFS_PROP_CHECKSUM: 3981 case ZFS_PROP_DEDUP: 3982 { 3983 spa_feature_t feature; 3984 spa_t *spa; 3985 3986 /* dedup feature version checks */ 3987 if (prop == ZFS_PROP_DEDUP && 3988 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 3989 return (SET_ERROR(ENOTSUP)); 3990 3991 if (nvpair_value_uint64(pair, &intval) != 0) 3992 return (SET_ERROR(EINVAL)); 3993 3994 /* check prop value is enabled in features */ 3995 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 3996 if (feature == SPA_FEATURE_NONE) 3997 break; 3998 3999 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4000 return (err); 4001 /* 4002 * Salted checksums are not supported on root pools. 4003 */ 4004 if (spa_bootfs(spa) != 0 && 4005 intval < ZIO_CHECKSUM_FUNCTIONS && 4006 (zio_checksum_table[intval].ci_flags & 4007 ZCHECKSUM_FLAG_SALTED)) { 4008 spa_close(spa, FTAG); 4009 return (SET_ERROR(ERANGE)); 4010 } 4011 if (!spa_feature_is_enabled(spa, feature)) { 4012 spa_close(spa, FTAG); 4013 return (SET_ERROR(ENOTSUP)); 4014 } 4015 spa_close(spa, FTAG); 4016 break; 4017 } 4018 } 4019 4020 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4021} 4022 4023/* 4024 * Checks for a race condition to make sure we don't increment a feature flag 4025 * multiple times. 4026 */ 4027static int 4028zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4029{ 4030 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4031 spa_feature_t *featurep = arg; 4032 4033 if (!spa_feature_is_active(spa, *featurep)) 4034 return (0); 4035 else 4036 return (SET_ERROR(EBUSY)); 4037} 4038 4039/* 4040 * The callback invoked on feature activation in the sync task caused by 4041 * zfs_prop_activate_feature. 4042 */ 4043static void 4044zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4045{ 4046 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4047 spa_feature_t *featurep = arg; 4048 4049 spa_feature_incr(spa, *featurep, tx); 4050} 4051 4052/* 4053 * Activates a feature on a pool in response to a property setting. This 4054 * creates a new sync task which modifies the pool to reflect the feature 4055 * as being active. 4056 */ 4057static int 4058zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4059{ 4060 int err; 4061 4062 /* EBUSY here indicates that the feature is already active */ 4063 err = dsl_sync_task(spa_name(spa), 4064 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4065 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4066 4067 if (err != 0 && err != EBUSY) 4068 return (err); 4069 else 4070 return (0); 4071} 4072 4073/* 4074 * Removes properties from the given props list that fail permission checks 4075 * needed to clear them and to restore them in case of a receive error. For each 4076 * property, make sure we have both set and inherit permissions. 4077 * 4078 * Returns the first error encountered if any permission checks fail. If the 4079 * caller provides a non-NULL errlist, it also gives the complete list of names 4080 * of all the properties that failed a permission check along with the 4081 * corresponding error numbers. The caller is responsible for freeing the 4082 * returned errlist. 4083 * 4084 * If every property checks out successfully, zero is returned and the list 4085 * pointed at by errlist is NULL. 4086 */ 4087static int 4088zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4089{ 4090 zfs_cmd_t *zc; 4091 nvpair_t *pair, *next_pair; 4092 nvlist_t *errors; 4093 int err, rv = 0; 4094 4095 if (props == NULL) 4096 return (0); 4097 4098 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4099 4100 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4101 (void) strcpy(zc->zc_name, dataset); 4102 pair = nvlist_next_nvpair(props, NULL); 4103 while (pair != NULL) { 4104 next_pair = nvlist_next_nvpair(props, pair); 4105 4106 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4107 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4108 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4109 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4110 VERIFY(nvlist_add_int32(errors, 4111 zc->zc_value, err) == 0); 4112 } 4113 pair = next_pair; 4114 } 4115 kmem_free(zc, sizeof (zfs_cmd_t)); 4116 4117 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4118 nvlist_free(errors); 4119 errors = NULL; 4120 } else { 4121 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4122 } 4123 4124 if (errlist == NULL) 4125 nvlist_free(errors); 4126 else 4127 *errlist = errors; 4128 4129 return (rv); 4130} 4131 4132static boolean_t 4133propval_equals(nvpair_t *p1, nvpair_t *p2) 4134{ 4135 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4136 /* dsl_prop_get_all_impl() format */ 4137 nvlist_t *attrs; 4138 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4139 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4140 &p1) == 0); 4141 } 4142 4143 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4144 nvlist_t *attrs; 4145 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4146 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4147 &p2) == 0); 4148 } 4149 4150 if (nvpair_type(p1) != nvpair_type(p2)) 4151 return (B_FALSE); 4152 4153 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4154 char *valstr1, *valstr2; 4155 4156 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4157 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4158 return (strcmp(valstr1, valstr2) == 0); 4159 } else { 4160 uint64_t intval1, intval2; 4161 4162 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4163 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4164 return (intval1 == intval2); 4165 } 4166} 4167 4168/* 4169 * Remove properties from props if they are not going to change (as determined 4170 * by comparison with origprops). Remove them from origprops as well, since we 4171 * do not need to clear or restore properties that won't change. 4172 */ 4173static void 4174props_reduce(nvlist_t *props, nvlist_t *origprops) 4175{ 4176 nvpair_t *pair, *next_pair; 4177 4178 if (origprops == NULL) 4179 return; /* all props need to be received */ 4180 4181 pair = nvlist_next_nvpair(props, NULL); 4182 while (pair != NULL) { 4183 const char *propname = nvpair_name(pair); 4184 nvpair_t *match; 4185 4186 next_pair = nvlist_next_nvpair(props, pair); 4187 4188 if ((nvlist_lookup_nvpair(origprops, propname, 4189 &match) != 0) || !propval_equals(pair, match)) 4190 goto next; /* need to set received value */ 4191 4192 /* don't clear the existing received value */ 4193 (void) nvlist_remove_nvpair(origprops, match); 4194 /* don't bother receiving the property */ 4195 (void) nvlist_remove_nvpair(props, pair); 4196next: 4197 pair = next_pair; 4198 } 4199} 4200 4201/* 4202 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4203 * For example, refquota cannot be set until after the receipt of a dataset, 4204 * because in replication streams, an older/earlier snapshot may exceed the 4205 * refquota. We want to receive the older/earlier snapshot, but setting 4206 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4207 * the older/earlier snapshot from being received (with EDQUOT). 4208 * 4209 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4210 * 4211 * libzfs will need to be judicious handling errors encountered by props 4212 * extracted by this function. 4213 */ 4214static nvlist_t * 4215extract_delay_props(nvlist_t *props) 4216{ 4217 nvlist_t *delayprops; 4218 nvpair_t *nvp, *tmp; 4219 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 }; 4220 int i; 4221 4222 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4223 4224 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4225 nvp = nvlist_next_nvpair(props, nvp)) { 4226 /* 4227 * strcmp() is safe because zfs_prop_to_name() always returns 4228 * a bounded string. 4229 */ 4230 for (i = 0; delayable[i] != 0; i++) { 4231 if (strcmp(zfs_prop_to_name(delayable[i]), 4232 nvpair_name(nvp)) == 0) { 4233 break; 4234 } 4235 } 4236 if (delayable[i] != 0) { 4237 tmp = nvlist_prev_nvpair(props, nvp); 4238 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4239 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4240 nvp = tmp; 4241 } 4242 } 4243 4244 if (nvlist_empty(delayprops)) { 4245 nvlist_free(delayprops); 4246 delayprops = NULL; 4247 } 4248 return (delayprops); 4249} 4250 4251#ifdef DEBUG 4252static boolean_t zfs_ioc_recv_inject_err; 4253#endif 4254 4255/* 4256 * inputs: 4257 * zc_name name of containing filesystem 4258 * zc_nvlist_src{_size} nvlist of properties to apply 4259 * zc_value name of snapshot to create 4260 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4261 * zc_cookie file descriptor to recv from 4262 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4263 * zc_guid force flag 4264 * zc_cleanup_fd cleanup-on-exit file descriptor 4265 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4266 * zc_resumable if data is incomplete assume sender will resume 4267 * 4268 * outputs: 4269 * zc_cookie number of bytes read 4270 * zc_nvlist_dst{_size} error for each unapplied received property 4271 * zc_obj zprop_errflags_t 4272 * zc_action_handle handle for this guid/ds mapping 4273 */ 4274static int 4275zfs_ioc_recv(zfs_cmd_t *zc) 4276{ 4277 file_t *fp; 4278 dmu_recv_cookie_t drc; 4279 boolean_t force = (boolean_t)zc->zc_guid; 4280 int fd; 4281 int error = 0; 4282 int props_error = 0; 4283 nvlist_t *errors; 4284 offset_t off; 4285 nvlist_t *props = NULL; /* sent properties */ 4286 nvlist_t *origprops = NULL; /* existing properties */ 4287 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */ 4288 char *origin = NULL; 4289 char *tosnap; 4290 char tofs[ZFS_MAXNAMELEN]; 4291 cap_rights_t rights; 4292 boolean_t first_recvd_props = B_FALSE; 4293 4294 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4295 strchr(zc->zc_value, '@') == NULL || 4296 strchr(zc->zc_value, '%')) 4297 return (SET_ERROR(EINVAL)); 4298 4299 (void) strcpy(tofs, zc->zc_value); 4300 tosnap = strchr(tofs, '@'); 4301 *tosnap++ = '\0'; 4302 4303 if (zc->zc_nvlist_src != 0 && 4304 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4305 zc->zc_iflags, &props)) != 0) 4306 return (error); 4307 4308 fd = zc->zc_cookie; 4309#ifdef illumos 4310 fp = getf(fd); 4311#else 4312 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp); 4313#endif 4314 if (fp == NULL) { 4315 nvlist_free(props); 4316 return (SET_ERROR(EBADF)); 4317 } 4318 4319 errors = fnvlist_alloc(); 4320 4321 if (zc->zc_string[0]) 4322 origin = zc->zc_string; 4323 4324 error = dmu_recv_begin(tofs, tosnap, 4325 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc); 4326 if (error != 0) 4327 goto out; 4328 4329 /* 4330 * Set properties before we receive the stream so that they are applied 4331 * to the new data. Note that we must call dmu_recv_stream() if 4332 * dmu_recv_begin() succeeds. 4333 */ 4334 if (props != NULL && !drc.drc_newfs) { 4335 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4336 SPA_VERSION_RECVD_PROPS && 4337 !dsl_prop_get_hasrecvd(tofs)) 4338 first_recvd_props = B_TRUE; 4339 4340 /* 4341 * If new received properties are supplied, they are to 4342 * completely replace the existing received properties, so stash 4343 * away the existing ones. 4344 */ 4345 if (dsl_prop_get_received(tofs, &origprops) == 0) { 4346 nvlist_t *errlist = NULL; 4347 /* 4348 * Don't bother writing a property if its value won't 4349 * change (and avoid the unnecessary security checks). 4350 * 4351 * The first receive after SPA_VERSION_RECVD_PROPS is a 4352 * special case where we blow away all local properties 4353 * regardless. 4354 */ 4355 if (!first_recvd_props) 4356 props_reduce(props, origprops); 4357 if (zfs_check_clearable(tofs, origprops, &errlist) != 0) 4358 (void) nvlist_merge(errors, errlist, 0); 4359 nvlist_free(errlist); 4360 4361 if (clear_received_props(tofs, origprops, 4362 first_recvd_props ? NULL : props) != 0) 4363 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4364 } else { 4365 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4366 } 4367 } 4368 4369 if (props != NULL) { 4370 props_error = dsl_prop_set_hasrecvd(tofs); 4371 4372 if (props_error == 0) { 4373 delayprops = extract_delay_props(props); 4374 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4375 props, errors); 4376 } 4377 } 4378 4379 off = fp->f_offset; 4380 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd, 4381 &zc->zc_action_handle); 4382 4383 if (error == 0) { 4384 zfsvfs_t *zfsvfs = NULL; 4385 4386 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4387 /* online recv */ 4388 int end_err; 4389 4390 error = zfs_suspend_fs(zfsvfs); 4391 /* 4392 * If the suspend fails, then the recv_end will 4393 * likely also fail, and clean up after itself. 4394 */ 4395 end_err = dmu_recv_end(&drc, zfsvfs); 4396 if (error == 0) 4397 error = zfs_resume_fs(zfsvfs, tofs); 4398 error = error ? error : end_err; 4399#ifdef illumos 4400 VFS_RELE(zfsvfs->z_vfs); 4401#else 4402 vfs_unbusy(zfsvfs->z_vfs); 4403#endif 4404 } else { 4405 error = dmu_recv_end(&drc, NULL); 4406 } 4407 4408 /* Set delayed properties now, after we're done receiving. */ 4409 if (delayprops != NULL && error == 0) { 4410 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4411 delayprops, errors); 4412 } 4413 } 4414 4415 if (delayprops != NULL) { 4416 /* 4417 * Merge delayed props back in with initial props, in case 4418 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4419 * we have to make sure clear_received_props() includes 4420 * the delayed properties). 4421 * 4422 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4423 * using ASSERT() will be just like a VERIFY. 4424 */ 4425 ASSERT(nvlist_merge(props, delayprops, 0) == 0); 4426 nvlist_free(delayprops); 4427 } 4428 4429 /* 4430 * Now that all props, initial and delayed, are set, report the prop 4431 * errors to the caller. 4432 */ 4433 if (zc->zc_nvlist_dst_size != 0 && 4434 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4435 put_nvlist(zc, errors) != 0)) { 4436 /* 4437 * Caller made zc->zc_nvlist_dst less than the minimum expected 4438 * size or supplied an invalid address. 4439 */ 4440 props_error = SET_ERROR(EINVAL); 4441 } 4442 4443 zc->zc_cookie = off - fp->f_offset; 4444 if (off >= 0 && off <= MAXOFFSET_T) 4445 fp->f_offset = off; 4446 4447#ifdef DEBUG 4448 if (zfs_ioc_recv_inject_err) { 4449 zfs_ioc_recv_inject_err = B_FALSE; 4450 error = 1; 4451 } 4452#endif 4453 4454#ifdef __FreeBSD__ 4455 if (error == 0) 4456 zvol_create_minors(tofs); 4457#endif 4458 4459 /* 4460 * On error, restore the original props. 4461 */ 4462 if (error != 0 && props != NULL && !drc.drc_newfs) { 4463 if (clear_received_props(tofs, props, NULL) != 0) { 4464 /* 4465 * We failed to clear the received properties. 4466 * Since we may have left a $recvd value on the 4467 * system, we can't clear the $hasrecvd flag. 4468 */ 4469 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4470 } else if (first_recvd_props) { 4471 dsl_prop_unset_hasrecvd(tofs); 4472 } 4473 4474 if (origprops == NULL && !drc.drc_newfs) { 4475 /* We failed to stash the original properties. */ 4476 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4477 } 4478 4479 /* 4480 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4481 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4482 * explictly if we're restoring local properties cleared in the 4483 * first new-style receive. 4484 */ 4485 if (origprops != NULL && 4486 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4487 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4488 origprops, NULL) != 0) { 4489 /* 4490 * We stashed the original properties but failed to 4491 * restore them. 4492 */ 4493 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4494 } 4495 } 4496out: 4497 nvlist_free(props); 4498 nvlist_free(origprops); 4499 nvlist_free(errors); 4500 releasef(fd); 4501 4502 if (error == 0) 4503 error = props_error; 4504 4505 return (error); 4506} 4507 4508/* 4509 * inputs: 4510 * zc_name name of snapshot to send 4511 * zc_cookie file descriptor to send stream to 4512 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4513 * zc_sendobj objsetid of snapshot to send 4514 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4515 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4516 * output size in zc_objset_type. 4517 * zc_flags lzc_send_flags 4518 * 4519 * outputs: 4520 * zc_objset_type estimated size, if zc_guid is set 4521 */ 4522static int 4523zfs_ioc_send(zfs_cmd_t *zc) 4524{ 4525 int error; 4526 offset_t off; 4527 boolean_t estimate = (zc->zc_guid != 0); 4528 boolean_t embedok = (zc->zc_flags & 0x1); 4529 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4530 4531 if (zc->zc_obj != 0) { 4532 dsl_pool_t *dp; 4533 dsl_dataset_t *tosnap; 4534 4535 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4536 if (error != 0) 4537 return (error); 4538 4539 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4540 if (error != 0) { 4541 dsl_pool_rele(dp, FTAG); 4542 return (error); 4543 } 4544 4545 if (dsl_dir_is_clone(tosnap->ds_dir)) 4546 zc->zc_fromobj = 4547 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4548 dsl_dataset_rele(tosnap, FTAG); 4549 dsl_pool_rele(dp, FTAG); 4550 } 4551 4552 if (estimate) { 4553 dsl_pool_t *dp; 4554 dsl_dataset_t *tosnap; 4555 dsl_dataset_t *fromsnap = NULL; 4556 4557 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4558 if (error != 0) 4559 return (error); 4560 4561 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4562 if (error != 0) { 4563 dsl_pool_rele(dp, FTAG); 4564 return (error); 4565 } 4566 4567 if (zc->zc_fromobj != 0) { 4568 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4569 FTAG, &fromsnap); 4570 if (error != 0) { 4571 dsl_dataset_rele(tosnap, FTAG); 4572 dsl_pool_rele(dp, FTAG); 4573 return (error); 4574 } 4575 } 4576 4577 error = dmu_send_estimate(tosnap, fromsnap, 4578 &zc->zc_objset_type); 4579 4580 if (fromsnap != NULL) 4581 dsl_dataset_rele(fromsnap, FTAG); 4582 dsl_dataset_rele(tosnap, FTAG); 4583 dsl_pool_rele(dp, FTAG); 4584 } else { 4585 file_t *fp; 4586 cap_rights_t rights; 4587 4588#ifdef illumos 4589 fp = getf(zc->zc_cookie); 4590#else 4591 fget_write(curthread, zc->zc_cookie, 4592 cap_rights_init(&rights, CAP_WRITE), &fp); 4593#endif 4594 if (fp == NULL) 4595 return (SET_ERROR(EBADF)); 4596 4597 off = fp->f_offset; 4598 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4599 zc->zc_fromobj, embedok, large_block_ok, 4600#ifdef illumos 4601 zc->zc_cookie, fp->f_vnode, &off); 4602#else 4603 zc->zc_cookie, fp, &off); 4604#endif 4605 4606 if (off >= 0 && off <= MAXOFFSET_T) 4607 fp->f_offset = off; 4608 releasef(zc->zc_cookie); 4609 } 4610 return (error); 4611} 4612 4613/* 4614 * inputs: 4615 * zc_name name of snapshot on which to report progress 4616 * zc_cookie file descriptor of send stream 4617 * 4618 * outputs: 4619 * zc_cookie number of bytes written in send stream thus far 4620 */ 4621static int 4622zfs_ioc_send_progress(zfs_cmd_t *zc) 4623{ 4624 dsl_pool_t *dp; 4625 dsl_dataset_t *ds; 4626 dmu_sendarg_t *dsp = NULL; 4627 int error; 4628 4629 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4630 if (error != 0) 4631 return (error); 4632 4633 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4634 if (error != 0) { 4635 dsl_pool_rele(dp, FTAG); 4636 return (error); 4637 } 4638 4639 mutex_enter(&ds->ds_sendstream_lock); 4640 4641 /* 4642 * Iterate over all the send streams currently active on this dataset. 4643 * If there's one which matches the specified file descriptor _and_ the 4644 * stream was started by the current process, return the progress of 4645 * that stream. 4646 */ 4647 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4648 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4649 if (dsp->dsa_outfd == zc->zc_cookie && 4650 dsp->dsa_proc == curproc) 4651 break; 4652 } 4653 4654 if (dsp != NULL) 4655 zc->zc_cookie = *(dsp->dsa_off); 4656 else 4657 error = SET_ERROR(ENOENT); 4658 4659 mutex_exit(&ds->ds_sendstream_lock); 4660 dsl_dataset_rele(ds, FTAG); 4661 dsl_pool_rele(dp, FTAG); 4662 return (error); 4663} 4664 4665static int 4666zfs_ioc_inject_fault(zfs_cmd_t *zc) 4667{ 4668 int id, error; 4669 4670 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4671 &zc->zc_inject_record); 4672 4673 if (error == 0) 4674 zc->zc_guid = (uint64_t)id; 4675 4676 return (error); 4677} 4678 4679static int 4680zfs_ioc_clear_fault(zfs_cmd_t *zc) 4681{ 4682 return (zio_clear_fault((int)zc->zc_guid)); 4683} 4684 4685static int 4686zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4687{ 4688 int id = (int)zc->zc_guid; 4689 int error; 4690 4691 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4692 &zc->zc_inject_record); 4693 4694 zc->zc_guid = id; 4695 4696 return (error); 4697} 4698 4699static int 4700zfs_ioc_error_log(zfs_cmd_t *zc) 4701{ 4702 spa_t *spa; 4703 int error; 4704 size_t count = (size_t)zc->zc_nvlist_dst_size; 4705 4706 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4707 return (error); 4708 4709 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4710 &count); 4711 if (error == 0) 4712 zc->zc_nvlist_dst_size = count; 4713 else 4714 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4715 4716 spa_close(spa, FTAG); 4717 4718 return (error); 4719} 4720 4721static int 4722zfs_ioc_clear(zfs_cmd_t *zc) 4723{ 4724 spa_t *spa; 4725 vdev_t *vd; 4726 int error; 4727 4728 /* 4729 * On zpool clear we also fix up missing slogs 4730 */ 4731 mutex_enter(&spa_namespace_lock); 4732 spa = spa_lookup(zc->zc_name); 4733 if (spa == NULL) { 4734 mutex_exit(&spa_namespace_lock); 4735 return (SET_ERROR(EIO)); 4736 } 4737 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4738 /* we need to let spa_open/spa_load clear the chains */ 4739 spa_set_log_state(spa, SPA_LOG_CLEAR); 4740 } 4741 spa->spa_last_open_failed = 0; 4742 mutex_exit(&spa_namespace_lock); 4743 4744 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4745 error = spa_open(zc->zc_name, &spa, FTAG); 4746 } else { 4747 nvlist_t *policy; 4748 nvlist_t *config = NULL; 4749 4750 if (zc->zc_nvlist_src == 0) 4751 return (SET_ERROR(EINVAL)); 4752 4753 if ((error = get_nvlist(zc->zc_nvlist_src, 4754 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4755 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4756 policy, &config); 4757 if (config != NULL) { 4758 int err; 4759 4760 if ((err = put_nvlist(zc, config)) != 0) 4761 error = err; 4762 nvlist_free(config); 4763 } 4764 nvlist_free(policy); 4765 } 4766 } 4767 4768 if (error != 0) 4769 return (error); 4770 4771 spa_vdev_state_enter(spa, SCL_NONE); 4772 4773 if (zc->zc_guid == 0) { 4774 vd = NULL; 4775 } else { 4776 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4777 if (vd == NULL) { 4778 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4779 spa_close(spa, FTAG); 4780 return (SET_ERROR(ENODEV)); 4781 } 4782 } 4783 4784 vdev_clear(spa, vd); 4785 4786 (void) spa_vdev_state_exit(spa, NULL, 0); 4787 4788 /* 4789 * Resume any suspended I/Os. 4790 */ 4791 if (zio_resume(spa) != 0) 4792 error = SET_ERROR(EIO); 4793 4794 spa_close(spa, FTAG); 4795 4796 return (error); 4797} 4798 4799static int 4800zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4801{ 4802 spa_t *spa; 4803 int error; 4804 4805 error = spa_open(zc->zc_name, &spa, FTAG); 4806 if (error != 0) 4807 return (error); 4808 4809 spa_vdev_state_enter(spa, SCL_NONE); 4810 4811 /* 4812 * If a resilver is already in progress then set the 4813 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4814 * the scan as a side effect of the reopen. Otherwise, let 4815 * vdev_open() decided if a resilver is required. 4816 */ 4817 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4818 vdev_reopen(spa->spa_root_vdev); 4819 spa->spa_scrub_reopen = B_FALSE; 4820 4821 (void) spa_vdev_state_exit(spa, NULL, 0); 4822 spa_close(spa, FTAG); 4823 return (0); 4824} 4825/* 4826 * inputs: 4827 * zc_name name of filesystem 4828 * zc_value name of origin snapshot 4829 * 4830 * outputs: 4831 * zc_string name of conflicting snapshot, if there is one 4832 */ 4833static int 4834zfs_ioc_promote(zfs_cmd_t *zc) 4835{ 4836 char *cp; 4837 4838 /* 4839 * We don't need to unmount *all* the origin fs's snapshots, but 4840 * it's easier. 4841 */ 4842 cp = strchr(zc->zc_value, '@'); 4843 if (cp) 4844 *cp = '\0'; 4845 (void) dmu_objset_find(zc->zc_value, 4846 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 4847 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4848} 4849 4850/* 4851 * Retrieve a single {user|group}{used|quota}@... property. 4852 * 4853 * inputs: 4854 * zc_name name of filesystem 4855 * zc_objset_type zfs_userquota_prop_t 4856 * zc_value domain name (eg. "S-1-234-567-89") 4857 * zc_guid RID/UID/GID 4858 * 4859 * outputs: 4860 * zc_cookie property value 4861 */ 4862static int 4863zfs_ioc_userspace_one(zfs_cmd_t *zc) 4864{ 4865 zfsvfs_t *zfsvfs; 4866 int error; 4867 4868 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4869 return (SET_ERROR(EINVAL)); 4870 4871 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4872 if (error != 0) 4873 return (error); 4874 4875 error = zfs_userspace_one(zfsvfs, 4876 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4877 zfsvfs_rele(zfsvfs, FTAG); 4878 4879 return (error); 4880} 4881 4882/* 4883 * inputs: 4884 * zc_name name of filesystem 4885 * zc_cookie zap cursor 4886 * zc_objset_type zfs_userquota_prop_t 4887 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4888 * 4889 * outputs: 4890 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4891 * zc_cookie zap cursor 4892 */ 4893static int 4894zfs_ioc_userspace_many(zfs_cmd_t *zc) 4895{ 4896 zfsvfs_t *zfsvfs; 4897 int bufsize = zc->zc_nvlist_dst_size; 4898 4899 if (bufsize <= 0) 4900 return (SET_ERROR(ENOMEM)); 4901 4902 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4903 if (error != 0) 4904 return (error); 4905 4906 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4907 4908 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4909 buf, &zc->zc_nvlist_dst_size); 4910 4911 if (error == 0) { 4912 error = ddi_copyout(buf, 4913 (void *)(uintptr_t)zc->zc_nvlist_dst, 4914 zc->zc_nvlist_dst_size, zc->zc_iflags); 4915 } 4916 kmem_free(buf, bufsize); 4917 zfsvfs_rele(zfsvfs, FTAG); 4918 4919 return (error); 4920} 4921 4922/* 4923 * inputs: 4924 * zc_name name of filesystem 4925 * 4926 * outputs: 4927 * none 4928 */ 4929static int 4930zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 4931{ 4932 objset_t *os; 4933 int error = 0; 4934 zfsvfs_t *zfsvfs; 4935 4936 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 4937 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 4938 /* 4939 * If userused is not enabled, it may be because the 4940 * objset needs to be closed & reopened (to grow the 4941 * objset_phys_t). Suspend/resume the fs will do that. 4942 */ 4943 error = zfs_suspend_fs(zfsvfs); 4944 if (error == 0) { 4945 dmu_objset_refresh_ownership(zfsvfs->z_os, 4946 zfsvfs); 4947 error = zfs_resume_fs(zfsvfs, zc->zc_name); 4948 } 4949 } 4950 if (error == 0) 4951 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 4952#ifdef illumos 4953 VFS_RELE(zfsvfs->z_vfs); 4954#else 4955 vfs_unbusy(zfsvfs->z_vfs); 4956#endif 4957 } else { 4958 /* XXX kind of reading contents without owning */ 4959 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 4960 if (error != 0) 4961 return (error); 4962 4963 error = dmu_objset_userspace_upgrade(os); 4964 dmu_objset_rele(os, FTAG); 4965 } 4966 4967 return (error); 4968} 4969 4970#ifdef illumos 4971/* 4972 * We don't want to have a hard dependency 4973 * against some special symbols in sharefs 4974 * nfs, and smbsrv. Determine them if needed when 4975 * the first file system is shared. 4976 * Neither sharefs, nfs or smbsrv are unloadable modules. 4977 */ 4978int (*znfsexport_fs)(void *arg); 4979int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 4980int (*zsmbexport_fs)(void *arg, boolean_t add_share); 4981 4982int zfs_nfsshare_inited; 4983int zfs_smbshare_inited; 4984 4985ddi_modhandle_t nfs_mod; 4986ddi_modhandle_t sharefs_mod; 4987ddi_modhandle_t smbsrv_mod; 4988#endif /* illumos */ 4989kmutex_t zfs_share_lock; 4990 4991#ifdef illumos 4992static int 4993zfs_init_sharefs() 4994{ 4995 int error; 4996 4997 ASSERT(MUTEX_HELD(&zfs_share_lock)); 4998 /* Both NFS and SMB shares also require sharetab support. */ 4999 if (sharefs_mod == NULL && ((sharefs_mod = 5000 ddi_modopen("fs/sharefs", 5001 KRTLD_MODE_FIRST, &error)) == NULL)) { 5002 return (SET_ERROR(ENOSYS)); 5003 } 5004 if (zshare_fs == NULL && ((zshare_fs = 5005 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5006 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5007 return (SET_ERROR(ENOSYS)); 5008 } 5009 return (0); 5010} 5011#endif /* illumos */ 5012 5013static int 5014zfs_ioc_share(zfs_cmd_t *zc) 5015{ 5016#ifdef illumos 5017 int error; 5018 int opcode; 5019 5020 switch (zc->zc_share.z_sharetype) { 5021 case ZFS_SHARE_NFS: 5022 case ZFS_UNSHARE_NFS: 5023 if (zfs_nfsshare_inited == 0) { 5024 mutex_enter(&zfs_share_lock); 5025 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5026 KRTLD_MODE_FIRST, &error)) == NULL)) { 5027 mutex_exit(&zfs_share_lock); 5028 return (SET_ERROR(ENOSYS)); 5029 } 5030 if (znfsexport_fs == NULL && 5031 ((znfsexport_fs = (int (*)(void *)) 5032 ddi_modsym(nfs_mod, 5033 "nfs_export", &error)) == NULL)) { 5034 mutex_exit(&zfs_share_lock); 5035 return (SET_ERROR(ENOSYS)); 5036 } 5037 error = zfs_init_sharefs(); 5038 if (error != 0) { 5039 mutex_exit(&zfs_share_lock); 5040 return (SET_ERROR(ENOSYS)); 5041 } 5042 zfs_nfsshare_inited = 1; 5043 mutex_exit(&zfs_share_lock); 5044 } 5045 break; 5046 case ZFS_SHARE_SMB: 5047 case ZFS_UNSHARE_SMB: 5048 if (zfs_smbshare_inited == 0) { 5049 mutex_enter(&zfs_share_lock); 5050 if (smbsrv_mod == NULL && ((smbsrv_mod = 5051 ddi_modopen("drv/smbsrv", 5052 KRTLD_MODE_FIRST, &error)) == NULL)) { 5053 mutex_exit(&zfs_share_lock); 5054 return (SET_ERROR(ENOSYS)); 5055 } 5056 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5057 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5058 "smb_server_share", &error)) == NULL)) { 5059 mutex_exit(&zfs_share_lock); 5060 return (SET_ERROR(ENOSYS)); 5061 } 5062 error = zfs_init_sharefs(); 5063 if (error != 0) { 5064 mutex_exit(&zfs_share_lock); 5065 return (SET_ERROR(ENOSYS)); 5066 } 5067 zfs_smbshare_inited = 1; 5068 mutex_exit(&zfs_share_lock); 5069 } 5070 break; 5071 default: 5072 return (SET_ERROR(EINVAL)); 5073 } 5074 5075 switch (zc->zc_share.z_sharetype) { 5076 case ZFS_SHARE_NFS: 5077 case ZFS_UNSHARE_NFS: 5078 if (error = 5079 znfsexport_fs((void *) 5080 (uintptr_t)zc->zc_share.z_exportdata)) 5081 return (error); 5082 break; 5083 case ZFS_SHARE_SMB: 5084 case ZFS_UNSHARE_SMB: 5085 if (error = zsmbexport_fs((void *) 5086 (uintptr_t)zc->zc_share.z_exportdata, 5087 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5088 B_TRUE: B_FALSE)) { 5089 return (error); 5090 } 5091 break; 5092 } 5093 5094 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5095 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5096 SHAREFS_ADD : SHAREFS_REMOVE; 5097 5098 /* 5099 * Add or remove share from sharetab 5100 */ 5101 error = zshare_fs(opcode, 5102 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5103 zc->zc_share.z_sharemax); 5104 5105 return (error); 5106 5107#else /* !illumos */ 5108 return (ENOSYS); 5109#endif /* illumos */ 5110} 5111 5112ace_t full_access[] = { 5113 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5114}; 5115 5116/* 5117 * inputs: 5118 * zc_name name of containing filesystem 5119 * zc_obj object # beyond which we want next in-use object # 5120 * 5121 * outputs: 5122 * zc_obj next in-use object # 5123 */ 5124static int 5125zfs_ioc_next_obj(zfs_cmd_t *zc) 5126{ 5127 objset_t *os = NULL; 5128 int error; 5129 5130 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5131 if (error != 0) 5132 return (error); 5133 5134 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5135 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5136 5137 dmu_objset_rele(os, FTAG); 5138 return (error); 5139} 5140 5141/* 5142 * inputs: 5143 * zc_name name of filesystem 5144 * zc_value prefix name for snapshot 5145 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5146 * 5147 * outputs: 5148 * zc_value short name of new snapshot 5149 */ 5150static int 5151zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5152{ 5153 char *snap_name; 5154 char *hold_name; 5155 int error; 5156 minor_t minor; 5157 5158 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5159 if (error != 0) 5160 return (error); 5161 5162 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5163 (u_longlong_t)ddi_get_lbolt64()); 5164 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5165 5166 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5167 hold_name); 5168 if (error == 0) 5169 (void) strcpy(zc->zc_value, snap_name); 5170 strfree(snap_name); 5171 strfree(hold_name); 5172 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5173 return (error); 5174} 5175 5176/* 5177 * inputs: 5178 * zc_name name of "to" snapshot 5179 * zc_value name of "from" snapshot 5180 * zc_cookie file descriptor to write diff data on 5181 * 5182 * outputs: 5183 * dmu_diff_record_t's to the file descriptor 5184 */ 5185static int 5186zfs_ioc_diff(zfs_cmd_t *zc) 5187{ 5188 file_t *fp; 5189 cap_rights_t rights; 5190 offset_t off; 5191 int error; 5192 5193#ifdef illumos 5194 fp = getf(zc->zc_cookie); 5195#else 5196 fget_write(curthread, zc->zc_cookie, 5197 cap_rights_init(&rights, CAP_WRITE), &fp); 5198#endif 5199 if (fp == NULL) 5200 return (SET_ERROR(EBADF)); 5201 5202 off = fp->f_offset; 5203 5204#ifdef illumos 5205 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5206#else 5207 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 5208#endif 5209 5210 if (off >= 0 && off <= MAXOFFSET_T) 5211 fp->f_offset = off; 5212 releasef(zc->zc_cookie); 5213 5214 return (error); 5215} 5216 5217#ifdef illumos 5218/* 5219 * Remove all ACL files in shares dir 5220 */ 5221static int 5222zfs_smb_acl_purge(znode_t *dzp) 5223{ 5224 zap_cursor_t zc; 5225 zap_attribute_t zap; 5226 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5227 int error; 5228 5229 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5230 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5231 zap_cursor_advance(&zc)) { 5232 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5233 NULL, 0)) != 0) 5234 break; 5235 } 5236 zap_cursor_fini(&zc); 5237 return (error); 5238} 5239#endif /* illumos */ 5240 5241static int 5242zfs_ioc_smb_acl(zfs_cmd_t *zc) 5243{ 5244#ifdef illumos 5245 vnode_t *vp; 5246 znode_t *dzp; 5247 vnode_t *resourcevp = NULL; 5248 znode_t *sharedir; 5249 zfsvfs_t *zfsvfs; 5250 nvlist_t *nvlist; 5251 char *src, *target; 5252 vattr_t vattr; 5253 vsecattr_t vsec; 5254 int error = 0; 5255 5256 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5257 NO_FOLLOW, NULL, &vp)) != 0) 5258 return (error); 5259 5260 /* Now make sure mntpnt and dataset are ZFS */ 5261 5262 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 5263 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5264 zc->zc_name) != 0)) { 5265 VN_RELE(vp); 5266 return (SET_ERROR(EINVAL)); 5267 } 5268 5269 dzp = VTOZ(vp); 5270 zfsvfs = dzp->z_zfsvfs; 5271 ZFS_ENTER(zfsvfs); 5272 5273 /* 5274 * Create share dir if its missing. 5275 */ 5276 mutex_enter(&zfsvfs->z_lock); 5277 if (zfsvfs->z_shares_dir == 0) { 5278 dmu_tx_t *tx; 5279 5280 tx = dmu_tx_create(zfsvfs->z_os); 5281 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5282 ZFS_SHARES_DIR); 5283 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5284 error = dmu_tx_assign(tx, TXG_WAIT); 5285 if (error != 0) { 5286 dmu_tx_abort(tx); 5287 } else { 5288 error = zfs_create_share_dir(zfsvfs, tx); 5289 dmu_tx_commit(tx); 5290 } 5291 if (error != 0) { 5292 mutex_exit(&zfsvfs->z_lock); 5293 VN_RELE(vp); 5294 ZFS_EXIT(zfsvfs); 5295 return (error); 5296 } 5297 } 5298 mutex_exit(&zfsvfs->z_lock); 5299 5300 ASSERT(zfsvfs->z_shares_dir); 5301 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5302 VN_RELE(vp); 5303 ZFS_EXIT(zfsvfs); 5304 return (error); 5305 } 5306 5307 switch (zc->zc_cookie) { 5308 case ZFS_SMB_ACL_ADD: 5309 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5310 vattr.va_type = VREG; 5311 vattr.va_mode = S_IFREG|0777; 5312 vattr.va_uid = 0; 5313 vattr.va_gid = 0; 5314 5315 vsec.vsa_mask = VSA_ACE; 5316 vsec.vsa_aclentp = &full_access; 5317 vsec.vsa_aclentsz = sizeof (full_access); 5318 vsec.vsa_aclcnt = 1; 5319 5320 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5321 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5322 if (resourcevp) 5323 VN_RELE(resourcevp); 5324 break; 5325 5326 case ZFS_SMB_ACL_REMOVE: 5327 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5328 NULL, 0); 5329 break; 5330 5331 case ZFS_SMB_ACL_RENAME: 5332 if ((error = get_nvlist(zc->zc_nvlist_src, 5333 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5334 VN_RELE(vp); 5335 VN_RELE(ZTOV(sharedir)); 5336 ZFS_EXIT(zfsvfs); 5337 return (error); 5338 } 5339 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5340 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5341 &target)) { 5342 VN_RELE(vp); 5343 VN_RELE(ZTOV(sharedir)); 5344 ZFS_EXIT(zfsvfs); 5345 nvlist_free(nvlist); 5346 return (error); 5347 } 5348 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5349 kcred, NULL, 0); 5350 nvlist_free(nvlist); 5351 break; 5352 5353 case ZFS_SMB_ACL_PURGE: 5354 error = zfs_smb_acl_purge(sharedir); 5355 break; 5356 5357 default: 5358 error = SET_ERROR(EINVAL); 5359 break; 5360 } 5361 5362 VN_RELE(vp); 5363 VN_RELE(ZTOV(sharedir)); 5364 5365 ZFS_EXIT(zfsvfs); 5366 5367 return (error); 5368#else /* !illumos */ 5369 return (EOPNOTSUPP); 5370#endif /* illumos */ 5371} 5372 5373/* 5374 * innvl: { 5375 * "holds" -> { snapname -> holdname (string), ... } 5376 * (optional) "cleanup_fd" -> fd (int32) 5377 * } 5378 * 5379 * outnvl: { 5380 * snapname -> error value (int32) 5381 * ... 5382 * } 5383 */ 5384/* ARGSUSED */ 5385static int 5386zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5387{ 5388 nvpair_t *pair; 5389 nvlist_t *holds; 5390 int cleanup_fd = -1; 5391 int error; 5392 minor_t minor = 0; 5393 5394 error = nvlist_lookup_nvlist(args, "holds", &holds); 5395 if (error != 0) 5396 return (SET_ERROR(EINVAL)); 5397 5398 /* make sure the user didn't pass us any invalid (empty) tags */ 5399 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5400 pair = nvlist_next_nvpair(holds, pair)) { 5401 char *htag; 5402 5403 error = nvpair_value_string(pair, &htag); 5404 if (error != 0) 5405 return (SET_ERROR(error)); 5406 5407 if (strlen(htag) == 0) 5408 return (SET_ERROR(EINVAL)); 5409 } 5410 5411 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5412 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5413 if (error != 0) 5414 return (error); 5415 } 5416 5417 error = dsl_dataset_user_hold(holds, minor, errlist); 5418 if (minor != 0) 5419 zfs_onexit_fd_rele(cleanup_fd); 5420 return (error); 5421} 5422 5423/* 5424 * innvl is not used. 5425 * 5426 * outnvl: { 5427 * holdname -> time added (uint64 seconds since epoch) 5428 * ... 5429 * } 5430 */ 5431/* ARGSUSED */ 5432static int 5433zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5434{ 5435 return (dsl_dataset_get_holds(snapname, outnvl)); 5436} 5437 5438/* 5439 * innvl: { 5440 * snapname -> { holdname, ... } 5441 * ... 5442 * } 5443 * 5444 * outnvl: { 5445 * snapname -> error value (int32) 5446 * ... 5447 * } 5448 */ 5449/* ARGSUSED */ 5450static int 5451zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5452{ 5453 return (dsl_dataset_user_release(holds, errlist)); 5454} 5455 5456/* 5457 * inputs: 5458 * zc_name name of new filesystem or snapshot 5459 * zc_value full name of old snapshot 5460 * 5461 * outputs: 5462 * zc_cookie space in bytes 5463 * zc_objset_type compressed space in bytes 5464 * zc_perm_action uncompressed space in bytes 5465 */ 5466static int 5467zfs_ioc_space_written(zfs_cmd_t *zc) 5468{ 5469 int error; 5470 dsl_pool_t *dp; 5471 dsl_dataset_t *new, *old; 5472 5473 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5474 if (error != 0) 5475 return (error); 5476 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5477 if (error != 0) { 5478 dsl_pool_rele(dp, FTAG); 5479 return (error); 5480 } 5481 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5482 if (error != 0) { 5483 dsl_dataset_rele(new, FTAG); 5484 dsl_pool_rele(dp, FTAG); 5485 return (error); 5486 } 5487 5488 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5489 &zc->zc_objset_type, &zc->zc_perm_action); 5490 dsl_dataset_rele(old, FTAG); 5491 dsl_dataset_rele(new, FTAG); 5492 dsl_pool_rele(dp, FTAG); 5493 return (error); 5494} 5495 5496/* 5497 * innvl: { 5498 * "firstsnap" -> snapshot name 5499 * } 5500 * 5501 * outnvl: { 5502 * "used" -> space in bytes 5503 * "compressed" -> compressed space in bytes 5504 * "uncompressed" -> uncompressed space in bytes 5505 * } 5506 */ 5507static int 5508zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5509{ 5510 int error; 5511 dsl_pool_t *dp; 5512 dsl_dataset_t *new, *old; 5513 char *firstsnap; 5514 uint64_t used, comp, uncomp; 5515 5516 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5517 return (SET_ERROR(EINVAL)); 5518 5519 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5520 if (error != 0) 5521 return (error); 5522 5523 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5524 if (error == 0 && !new->ds_is_snapshot) { 5525 dsl_dataset_rele(new, FTAG); 5526 error = SET_ERROR(EINVAL); 5527 } 5528 if (error != 0) { 5529 dsl_pool_rele(dp, FTAG); 5530 return (error); 5531 } 5532 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5533 if (error == 0 && !old->ds_is_snapshot) { 5534 dsl_dataset_rele(old, FTAG); 5535 error = SET_ERROR(EINVAL); 5536 } 5537 if (error != 0) { 5538 dsl_dataset_rele(new, FTAG); 5539 dsl_pool_rele(dp, FTAG); 5540 return (error); 5541 } 5542 5543 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5544 dsl_dataset_rele(old, FTAG); 5545 dsl_dataset_rele(new, FTAG); 5546 dsl_pool_rele(dp, FTAG); 5547 fnvlist_add_uint64(outnvl, "used", used); 5548 fnvlist_add_uint64(outnvl, "compressed", comp); 5549 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5550 return (error); 5551} 5552 5553static int 5554zfs_ioc_jail(zfs_cmd_t *zc) 5555{ 5556 5557 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name, 5558 (int)zc->zc_jailid)); 5559} 5560 5561static int 5562zfs_ioc_unjail(zfs_cmd_t *zc) 5563{ 5564 5565 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name, 5566 (int)zc->zc_jailid)); 5567} 5568 5569/* 5570 * innvl: { 5571 * "fd" -> file descriptor to write stream to (int32) 5572 * (optional) "fromsnap" -> full snap name to send an incremental from 5573 * (optional) "largeblockok" -> (value ignored) 5574 * indicates that blocks > 128KB are permitted 5575 * (optional) "embedok" -> (value ignored) 5576 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5577 * (optional) "resume_object" and "resume_offset" -> (uint64) 5578 * if present, resume send stream from specified object and offset. 5579 * } 5580 * 5581 * outnvl is unused 5582 */ 5583/* ARGSUSED */ 5584static int 5585zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5586{ 5587 cap_rights_t rights; 5588 file_t *fp; 5589 int error; 5590 offset_t off; 5591 char *fromname = NULL; 5592 int fd; 5593 boolean_t largeblockok; 5594 boolean_t embedok; 5595 uint64_t resumeobj = 0; 5596 uint64_t resumeoff = 0; 5597 5598 error = nvlist_lookup_int32(innvl, "fd", &fd); 5599 if (error != 0) 5600 return (SET_ERROR(EINVAL)); 5601 5602 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5603 5604 largeblockok = nvlist_exists(innvl, "largeblockok"); 5605 embedok = nvlist_exists(innvl, "embedok"); 5606 5607 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5608 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5609 5610#ifdef illumos 5611 file_t *fp = getf(fd); 5612#else 5613 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 5614#endif 5615 if (fp == NULL) 5616 return (SET_ERROR(EBADF)); 5617 5618 off = fp->f_offset; 5619 error = dmu_send(snapname, fromname, embedok, largeblockok, fd, 5620#ifdef illumos 5621 resumeobj, resumeoff, fp->f_vnode, &off); 5622#else 5623 resumeobj, resumeoff, fp, &off); 5624#endif 5625 5626#ifdef illumos 5627 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5628 fp->f_offset = off; 5629#else 5630 fp->f_offset = off; 5631#endif 5632 5633 releasef(fd); 5634 return (error); 5635} 5636 5637/* 5638 * Determine approximately how large a zfs send stream will be -- the number 5639 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5640 * 5641 * innvl: { 5642 * (optional) "from" -> full snap or bookmark name to send an incremental 5643 * from 5644 * } 5645 * 5646 * outnvl: { 5647 * "space" -> bytes of space (uint64) 5648 * } 5649 */ 5650static int 5651zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5652{ 5653 dsl_pool_t *dp; 5654 dsl_dataset_t *tosnap; 5655 int error; 5656 char *fromname; 5657 uint64_t space; 5658 5659 error = dsl_pool_hold(snapname, FTAG, &dp); 5660 if (error != 0) 5661 return (error); 5662 5663 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 5664 if (error != 0) { 5665 dsl_pool_rele(dp, FTAG); 5666 return (error); 5667 } 5668 5669 error = nvlist_lookup_string(innvl, "from", &fromname); 5670 if (error == 0) { 5671 if (strchr(fromname, '@') != NULL) { 5672 /* 5673 * If from is a snapshot, hold it and use the more 5674 * efficient dmu_send_estimate to estimate send space 5675 * size using deadlists. 5676 */ 5677 dsl_dataset_t *fromsnap; 5678 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 5679 if (error != 0) 5680 goto out; 5681 error = dmu_send_estimate(tosnap, fromsnap, &space); 5682 dsl_dataset_rele(fromsnap, FTAG); 5683 } else if (strchr(fromname, '#') != NULL) { 5684 /* 5685 * If from is a bookmark, fetch the creation TXG of the 5686 * snapshot it was created from and use that to find 5687 * blocks that were born after it. 5688 */ 5689 zfs_bookmark_phys_t frombm; 5690 5691 error = dsl_bookmark_lookup(dp, fromname, tosnap, 5692 &frombm); 5693 if (error != 0) 5694 goto out; 5695 error = dmu_send_estimate_from_txg(tosnap, 5696 frombm.zbm_creation_txg, &space); 5697 } else { 5698 /* 5699 * from is not properly formatted as a snapshot or 5700 * bookmark 5701 */ 5702 error = SET_ERROR(EINVAL); 5703 goto out; 5704 } 5705 } else { 5706 // If estimating the size of a full send, use dmu_send_estimate 5707 error = dmu_send_estimate(tosnap, NULL, &space); 5708 } 5709 5710 fnvlist_add_uint64(outnvl, "space", space); 5711 5712out: 5713 dsl_dataset_rele(tosnap, FTAG); 5714 dsl_pool_rele(dp, FTAG); 5715 return (error); 5716} 5717 5718static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5719 5720static void 5721zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5722 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5723 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5724{ 5725 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5726 5727 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5728 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5729 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5730 ASSERT3P(vec->zvec_func, ==, NULL); 5731 5732 vec->zvec_legacy_func = func; 5733 vec->zvec_secpolicy = secpolicy; 5734 vec->zvec_namecheck = namecheck; 5735 vec->zvec_allow_log = log_history; 5736 vec->zvec_pool_check = pool_check; 5737} 5738 5739/* 5740 * See the block comment at the beginning of this file for details on 5741 * each argument to this function. 5742 */ 5743static void 5744zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5745 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5746 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5747 boolean_t allow_log) 5748{ 5749 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5750 5751 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5752 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5753 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5754 ASSERT3P(vec->zvec_func, ==, NULL); 5755 5756 /* if we are logging, the name must be valid */ 5757 ASSERT(!allow_log || namecheck != NO_NAME); 5758 5759 vec->zvec_name = name; 5760 vec->zvec_func = func; 5761 vec->zvec_secpolicy = secpolicy; 5762 vec->zvec_namecheck = namecheck; 5763 vec->zvec_pool_check = pool_check; 5764 vec->zvec_smush_outnvlist = smush_outnvlist; 5765 vec->zvec_allow_log = allow_log; 5766} 5767 5768static void 5769zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5770 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5771 zfs_ioc_poolcheck_t pool_check) 5772{ 5773 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5774 POOL_NAME, log_history, pool_check); 5775} 5776 5777static void 5778zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5779 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5780{ 5781 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5782 DATASET_NAME, B_FALSE, pool_check); 5783} 5784 5785static void 5786zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5787{ 5788 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5789 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5790} 5791 5792static void 5793zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5794 zfs_secpolicy_func_t *secpolicy) 5795{ 5796 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5797 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5798} 5799 5800static void 5801zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5802 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5803{ 5804 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5805 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5806} 5807 5808static void 5809zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5810{ 5811 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5812 zfs_secpolicy_read); 5813} 5814 5815static void 5816zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5817 zfs_secpolicy_func_t *secpolicy) 5818{ 5819 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5820 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5821} 5822 5823static void 5824zfs_ioctl_init(void) 5825{ 5826 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5827 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5828 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5829 5830 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5831 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5832 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5833 5834 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5835 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5836 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5837 5838 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5839 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5840 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5841 5842 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5843 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5844 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5845 5846 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5847 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5848 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5849 5850 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5851 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5852 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5853 5854 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5855 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5856 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5857 5858 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 5859 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 5860 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5861 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 5862 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 5863 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5864 5865 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 5866 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 5867 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5868 5869 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 5870 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 5871 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 5872 5873 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 5874 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 5875 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5876 5877 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 5878 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 5879 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5880 5881 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 5882 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 5883 POOL_NAME, 5884 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5885 5886 /* IOCTLS that use the legacy function signature */ 5887 5888 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5889 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 5890 5891 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 5892 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5893 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 5894 zfs_ioc_pool_scan); 5895 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 5896 zfs_ioc_pool_upgrade); 5897 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 5898 zfs_ioc_vdev_add); 5899 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 5900 zfs_ioc_vdev_remove); 5901 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 5902 zfs_ioc_vdev_set_state); 5903 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 5904 zfs_ioc_vdev_attach); 5905 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 5906 zfs_ioc_vdev_detach); 5907 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 5908 zfs_ioc_vdev_setpath); 5909 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 5910 zfs_ioc_vdev_setfru); 5911 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 5912 zfs_ioc_pool_set_props); 5913 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 5914 zfs_ioc_vdev_split); 5915 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 5916 zfs_ioc_pool_reguid); 5917 5918 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 5919 zfs_ioc_pool_configs, zfs_secpolicy_none); 5920 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 5921 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 5922 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 5923 zfs_ioc_inject_fault, zfs_secpolicy_inject); 5924 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 5925 zfs_ioc_clear_fault, zfs_secpolicy_inject); 5926 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 5927 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 5928 5929 /* 5930 * pool destroy, and export don't log the history as part of 5931 * zfsdev_ioctl, but rather zfs_ioc_pool_export 5932 * does the logging of those commands. 5933 */ 5934 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 5935 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 5936 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 5937 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 5938 5939 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 5940 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 5941 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 5942 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 5943 5944 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 5945 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE); 5946 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 5947 zfs_ioc_dsobj_to_dsname, 5948 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE); 5949 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 5950 zfs_ioc_pool_get_history, 5951 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 5952 5953 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 5954 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5955 5956 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 5957 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5958 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 5959 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 5960 5961 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 5962 zfs_ioc_space_written); 5963 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 5964 zfs_ioc_objset_recvd_props); 5965 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 5966 zfs_ioc_next_obj); 5967 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 5968 zfs_ioc_get_fsacl); 5969 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 5970 zfs_ioc_objset_stats); 5971 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 5972 zfs_ioc_objset_zplprops); 5973 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 5974 zfs_ioc_dataset_list_next); 5975 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 5976 zfs_ioc_snapshot_list_next); 5977 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 5978 zfs_ioc_send_progress); 5979 5980 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 5981 zfs_ioc_diff, zfs_secpolicy_diff); 5982 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 5983 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 5984 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 5985 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 5986 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 5987 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 5988 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 5989 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 5990 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 5991 zfs_ioc_send, zfs_secpolicy_send); 5992 5993 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 5994 zfs_secpolicy_none); 5995 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 5996 zfs_secpolicy_destroy); 5997 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 5998 zfs_secpolicy_rename); 5999 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6000 zfs_secpolicy_recv); 6001 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6002 zfs_secpolicy_promote); 6003 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6004 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6005 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6006 zfs_secpolicy_set_fsacl); 6007 6008 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6009 zfs_secpolicy_share, POOL_CHECK_NONE); 6010 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6011 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6012 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6013 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6014 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6015 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6016 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6017 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6018 6019#ifdef __FreeBSD__ 6020 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail, 6021 zfs_secpolicy_config, POOL_CHECK_NONE); 6022 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail, 6023 zfs_secpolicy_config, POOL_CHECK_NONE); 6024#endif 6025} 6026 6027int 6028pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6029 zfs_ioc_poolcheck_t check) 6030{ 6031 spa_t *spa; 6032 int error; 6033 6034 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6035 6036 if (check & POOL_CHECK_NONE) 6037 return (0); 6038 6039 error = spa_open(name, &spa, FTAG); 6040 if (error == 0) { 6041 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6042 error = SET_ERROR(EAGAIN); 6043 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6044 error = SET_ERROR(EROFS); 6045 spa_close(spa, FTAG); 6046 } 6047 return (error); 6048} 6049 6050/* 6051 * Find a free minor number. 6052 */ 6053minor_t 6054zfsdev_minor_alloc(void) 6055{ 6056 static minor_t last_minor; 6057 minor_t m; 6058 6059 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6060 6061 for (m = last_minor + 1; m != last_minor; m++) { 6062 if (m > ZFSDEV_MAX_MINOR) 6063 m = 1; 6064 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6065 last_minor = m; 6066 return (m); 6067 } 6068 } 6069 6070 return (0); 6071} 6072 6073static int 6074zfs_ctldev_init(struct cdev *devp) 6075{ 6076 minor_t minor; 6077 zfs_soft_state_t *zs; 6078 6079 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6080 6081 minor = zfsdev_minor_alloc(); 6082 if (minor == 0) 6083 return (SET_ERROR(ENXIO)); 6084 6085 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6086 return (SET_ERROR(EAGAIN)); 6087 6088 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close); 6089 6090 zs = ddi_get_soft_state(zfsdev_state, minor); 6091 zs->zss_type = ZSST_CTLDEV; 6092 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6093 6094 return (0); 6095} 6096 6097static void 6098zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6099{ 6100 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6101 6102 zfs_onexit_destroy(zo); 6103 ddi_soft_state_free(zfsdev_state, minor); 6104} 6105 6106void * 6107zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6108{ 6109 zfs_soft_state_t *zp; 6110 6111 zp = ddi_get_soft_state(zfsdev_state, minor); 6112 if (zp == NULL || zp->zss_type != which) 6113 return (NULL); 6114 6115 return (zp->zss_data); 6116} 6117 6118static int 6119zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td) 6120{ 6121 int error = 0; 6122 6123#ifdef illumos 6124 if (getminor(*devp) != 0) 6125 return (zvol_open(devp, flag, otyp, cr)); 6126#endif 6127 6128 /* This is the control device. Allocate a new minor if requested. */ 6129 if (flag & FEXCL) { 6130 mutex_enter(&spa_namespace_lock); 6131 error = zfs_ctldev_init(devp); 6132 mutex_exit(&spa_namespace_lock); 6133 } 6134 6135 return (error); 6136} 6137 6138static void 6139zfsdev_close(void *data) 6140{ 6141 zfs_onexit_t *zo; 6142 minor_t minor = (minor_t)(uintptr_t)data; 6143 6144 if (minor == 0) 6145 return; 6146 6147 mutex_enter(&spa_namespace_lock); 6148 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6149 if (zo == NULL) { 6150 mutex_exit(&spa_namespace_lock); 6151 return; 6152 } 6153 zfs_ctldev_destroy(zo, minor); 6154 mutex_exit(&spa_namespace_lock); 6155} 6156 6157static int 6158zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag, 6159 struct thread *td) 6160{ 6161 zfs_cmd_t *zc; 6162 uint_t vecnum; 6163 int error, rc, len; 6164#ifdef illumos 6165 minor_t minor = getminor(dev); 6166#else 6167 zfs_iocparm_t *zc_iocparm; 6168 int cflag, cmd, oldvecnum; 6169 boolean_t newioc, compat; 6170 void *compat_zc = NULL; 6171 cred_t *cr = td->td_ucred; 6172#endif 6173 const zfs_ioc_vec_t *vec; 6174 char *saved_poolname = NULL; 6175 nvlist_t *innvl = NULL; 6176 6177 cflag = ZFS_CMD_COMPAT_NONE; 6178 compat = B_FALSE; 6179 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */ 6180 6181 len = IOCPARM_LEN(zcmd); 6182 vecnum = cmd = zcmd & 0xff; 6183 6184 /* 6185 * Check if we are talking to supported older binaries 6186 * and translate zfs_cmd if necessary 6187 */ 6188 if (len != sizeof(zfs_iocparm_t)) { 6189 newioc = B_FALSE; 6190 compat = B_TRUE; 6191 6192 vecnum = cmd; 6193 6194 switch (len) { 6195 case sizeof(zfs_cmd_zcmd_t): 6196 cflag = ZFS_CMD_COMPAT_LZC; 6197 break; 6198 case sizeof(zfs_cmd_deadman_t): 6199 cflag = ZFS_CMD_COMPAT_DEADMAN; 6200 break; 6201 case sizeof(zfs_cmd_v28_t): 6202 cflag = ZFS_CMD_COMPAT_V28; 6203 break; 6204 case sizeof(zfs_cmd_v15_t): 6205 cflag = ZFS_CMD_COMPAT_V15; 6206 vecnum = zfs_ioctl_v15_to_v28[cmd]; 6207 6208 /* 6209 * Return without further handling 6210 * if the command is blacklisted. 6211 */ 6212 if (vecnum == ZFS_IOC_COMPAT_PASS) 6213 return (0); 6214 else if (vecnum == ZFS_IOC_COMPAT_FAIL) 6215 return (ENOTSUP); 6216 break; 6217 default: 6218 return (EINVAL); 6219 } 6220 } 6221 6222#ifdef illumos 6223 vecnum = cmd - ZFS_IOC_FIRST; 6224 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6225#endif 6226 6227 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6228 return (SET_ERROR(EINVAL)); 6229 vec = &zfs_ioc_vec[vecnum]; 6230 6231 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6232 6233#ifdef illumos 6234 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6235 if (error != 0) { 6236 error = SET_ERROR(EFAULT); 6237 goto out; 6238 } 6239#else /* !illumos */ 6240 bzero(zc, sizeof(zfs_cmd_t)); 6241 6242 if (newioc) { 6243 zc_iocparm = (void *)arg; 6244 6245 switch (zc_iocparm->zfs_ioctl_version) { 6246 case ZFS_IOCVER_CURRENT: 6247 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) { 6248 error = SET_ERROR(EINVAL); 6249 goto out; 6250 } 6251 break; 6252 case ZFS_IOCVER_RESUME: 6253 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) { 6254 error = SET_ERROR(EFAULT); 6255 goto out; 6256 } 6257 compat = B_TRUE; 6258 cflag = ZFS_CMD_COMPAT_RESUME; 6259 break; 6260 case ZFS_IOCVER_EDBP: 6261 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) { 6262 error = SET_ERROR(EFAULT); 6263 goto out; 6264 } 6265 compat = B_TRUE; 6266 cflag = ZFS_CMD_COMPAT_EDBP; 6267 break; 6268 case ZFS_IOCVER_ZCMD: 6269 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) || 6270 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) { 6271 error = SET_ERROR(EFAULT); 6272 goto out; 6273 } 6274 compat = B_TRUE; 6275 cflag = ZFS_CMD_COMPAT_ZCMD; 6276 break; 6277 default: 6278 error = SET_ERROR(EINVAL); 6279 goto out; 6280 /* NOTREACHED */ 6281 } 6282 6283 if (compat) { 6284 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6285 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6286 bzero(compat_zc, sizeof(zfs_cmd_t)); 6287 6288 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6289 compat_zc, zc_iocparm->zfs_cmd_size, flag); 6290 if (error != 0) { 6291 error = SET_ERROR(EFAULT); 6292 goto out; 6293 } 6294 } else { 6295 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6296 zc, zc_iocparm->zfs_cmd_size, flag); 6297 if (error != 0) { 6298 error = SET_ERROR(EFAULT); 6299 goto out; 6300 } 6301 } 6302 } 6303 6304 if (compat) { 6305 if (newioc) { 6306 ASSERT(compat_zc != NULL); 6307 zfs_cmd_compat_get(zc, compat_zc, cflag); 6308 } else { 6309 ASSERT(compat_zc == NULL); 6310 zfs_cmd_compat_get(zc, arg, cflag); 6311 } 6312 oldvecnum = vecnum; 6313 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag); 6314 if (error != 0) 6315 goto out; 6316 if (oldvecnum != vecnum) 6317 vec = &zfs_ioc_vec[vecnum]; 6318 } 6319#endif /* !illumos */ 6320 6321 zc->zc_iflags = flag & FKIOCTL; 6322 if (zc->zc_nvlist_src_size != 0) { 6323 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6324 zc->zc_iflags, &innvl); 6325 if (error != 0) 6326 goto out; 6327 } 6328 6329 /* rewrite innvl for backwards compatibility */ 6330 if (compat) 6331 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag); 6332 6333 /* 6334 * Ensure that all pool/dataset names are valid before we pass down to 6335 * the lower layers. 6336 */ 6337 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6338 switch (vec->zvec_namecheck) { 6339 case POOL_NAME: 6340 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6341 error = SET_ERROR(EINVAL); 6342 else 6343 error = pool_status_check(zc->zc_name, 6344 vec->zvec_namecheck, vec->zvec_pool_check); 6345 break; 6346 6347 case DATASET_NAME: 6348 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6349 error = SET_ERROR(EINVAL); 6350 else 6351 error = pool_status_check(zc->zc_name, 6352 vec->zvec_namecheck, vec->zvec_pool_check); 6353 break; 6354 6355 case NO_NAME: 6356 break; 6357 } 6358 6359 if (error == 0 && !(flag & FKIOCTL)) 6360 error = vec->zvec_secpolicy(zc, innvl, cr); 6361 6362 if (error != 0) 6363 goto out; 6364 6365 /* legacy ioctls can modify zc_name */ 6366 len = strcspn(zc->zc_name, "/@#") + 1; 6367 saved_poolname = kmem_alloc(len, KM_SLEEP); 6368 (void) strlcpy(saved_poolname, zc->zc_name, len); 6369 6370 if (vec->zvec_func != NULL) { 6371 nvlist_t *outnvl; 6372 int puterror = 0; 6373 spa_t *spa; 6374 nvlist_t *lognv = NULL; 6375 6376 ASSERT(vec->zvec_legacy_func == NULL); 6377 6378 /* 6379 * Add the innvl to the lognv before calling the func, 6380 * in case the func changes the innvl. 6381 */ 6382 if (vec->zvec_allow_log) { 6383 lognv = fnvlist_alloc(); 6384 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6385 vec->zvec_name); 6386 if (!nvlist_empty(innvl)) { 6387 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6388 innvl); 6389 } 6390 } 6391 6392 outnvl = fnvlist_alloc(); 6393 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6394 6395 if (error == 0 && vec->zvec_allow_log && 6396 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6397 if (!nvlist_empty(outnvl)) { 6398 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6399 outnvl); 6400 } 6401 (void) spa_history_log_nvl(spa, lognv); 6402 spa_close(spa, FTAG); 6403 } 6404 fnvlist_free(lognv); 6405 6406 /* rewrite outnvl for backwards compatibility */ 6407 if (compat) 6408 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum, 6409 cflag); 6410 6411 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6412 int smusherror = 0; 6413 if (vec->zvec_smush_outnvlist) { 6414 smusherror = nvlist_smush(outnvl, 6415 zc->zc_nvlist_dst_size); 6416 } 6417 if (smusherror == 0) 6418 puterror = put_nvlist(zc, outnvl); 6419 } 6420 6421 if (puterror != 0) 6422 error = puterror; 6423 6424 nvlist_free(outnvl); 6425 } else { 6426 error = vec->zvec_legacy_func(zc); 6427 } 6428 6429out: 6430 nvlist_free(innvl); 6431 6432#ifdef illumos 6433 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6434 if (error == 0 && rc != 0) 6435 error = SET_ERROR(EFAULT); 6436#else 6437 if (compat) { 6438 zfs_ioctl_compat_post(zc, cmd, cflag); 6439 if (newioc) { 6440 ASSERT(compat_zc != NULL); 6441 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6442 6443 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag); 6444 rc = ddi_copyout(compat_zc, 6445 (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6446 zc_iocparm->zfs_cmd_size, flag); 6447 if (error == 0 && rc != 0) 6448 error = SET_ERROR(EFAULT); 6449 kmem_free(compat_zc, sizeof (zfs_cmd_t)); 6450 } else { 6451 zfs_cmd_compat_put(zc, arg, vecnum, cflag); 6452 } 6453 } else { 6454 ASSERT(newioc); 6455 6456 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6457 sizeof (zfs_cmd_t), flag); 6458 if (error == 0 && rc != 0) 6459 error = SET_ERROR(EFAULT); 6460 } 6461#endif 6462 if (error == 0 && vec->zvec_allow_log) { 6463 char *s = tsd_get(zfs_allow_log_key); 6464 if (s != NULL) 6465 strfree(s); 6466 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6467 } else { 6468 if (saved_poolname != NULL) 6469 strfree(saved_poolname); 6470 } 6471 6472 kmem_free(zc, sizeof (zfs_cmd_t)); 6473 return (error); 6474} 6475 6476#ifdef illumos 6477static int 6478zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6479{ 6480 if (cmd != DDI_ATTACH) 6481 return (DDI_FAILURE); 6482 6483 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6484 DDI_PSEUDO, 0) == DDI_FAILURE) 6485 return (DDI_FAILURE); 6486 6487 zfs_dip = dip; 6488 6489 ddi_report_dev(dip); 6490 6491 return (DDI_SUCCESS); 6492} 6493 6494static int 6495zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6496{ 6497 if (spa_busy() || zfs_busy() || zvol_busy()) 6498 return (DDI_FAILURE); 6499 6500 if (cmd != DDI_DETACH) 6501 return (DDI_FAILURE); 6502 6503 zfs_dip = NULL; 6504 6505 ddi_prop_remove_all(dip); 6506 ddi_remove_minor_node(dip, NULL); 6507 6508 return (DDI_SUCCESS); 6509} 6510 6511/*ARGSUSED*/ 6512static int 6513zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6514{ 6515 switch (infocmd) { 6516 case DDI_INFO_DEVT2DEVINFO: 6517 *result = zfs_dip; 6518 return (DDI_SUCCESS); 6519 6520 case DDI_INFO_DEVT2INSTANCE: 6521 *result = (void *)0; 6522 return (DDI_SUCCESS); 6523 } 6524 6525 return (DDI_FAILURE); 6526} 6527#endif /* illumos */ 6528 6529/* 6530 * OK, so this is a little weird. 6531 * 6532 * /dev/zfs is the control node, i.e. minor 0. 6533 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6534 * 6535 * /dev/zfs has basically nothing to do except serve up ioctls, 6536 * so most of the standard driver entry points are in zvol.c. 6537 */ 6538#ifdef illumos 6539static struct cb_ops zfs_cb_ops = { 6540 zfsdev_open, /* open */ 6541 zfsdev_close, /* close */ 6542 zvol_strategy, /* strategy */ 6543 nodev, /* print */ 6544 zvol_dump, /* dump */ 6545 zvol_read, /* read */ 6546 zvol_write, /* write */ 6547 zfsdev_ioctl, /* ioctl */ 6548 nodev, /* devmap */ 6549 nodev, /* mmap */ 6550 nodev, /* segmap */ 6551 nochpoll, /* poll */ 6552 ddi_prop_op, /* prop_op */ 6553 NULL, /* streamtab */ 6554 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6555 CB_REV, /* version */ 6556 nodev, /* async read */ 6557 nodev, /* async write */ 6558}; 6559 6560static struct dev_ops zfs_dev_ops = { 6561 DEVO_REV, /* version */ 6562 0, /* refcnt */ 6563 zfs_info, /* info */ 6564 nulldev, /* identify */ 6565 nulldev, /* probe */ 6566 zfs_attach, /* attach */ 6567 zfs_detach, /* detach */ 6568 nodev, /* reset */ 6569 &zfs_cb_ops, /* driver operations */ 6570 NULL, /* no bus operations */ 6571 NULL, /* power */ 6572 ddi_quiesce_not_needed, /* quiesce */ 6573}; 6574 6575static struct modldrv zfs_modldrv = { 6576 &mod_driverops, 6577 "ZFS storage pool", 6578 &zfs_dev_ops 6579}; 6580 6581static struct modlinkage modlinkage = { 6582 MODREV_1, 6583 (void *)&zfs_modlfs, 6584 (void *)&zfs_modldrv, 6585 NULL 6586}; 6587#endif /* illumos */ 6588 6589static struct cdevsw zfs_cdevsw = { 6590 .d_version = D_VERSION, 6591 .d_open = zfsdev_open, 6592 .d_ioctl = zfsdev_ioctl, 6593 .d_name = ZFS_DEV_NAME 6594}; 6595 6596static void 6597zfs_allow_log_destroy(void *arg) 6598{ 6599 char *poolname = arg; 6600 strfree(poolname); 6601} 6602 6603static void 6604zfsdev_init(void) 6605{ 6606 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666, 6607 ZFS_DEV_NAME); 6608} 6609 6610static void 6611zfsdev_fini(void) 6612{ 6613 if (zfsdev != NULL) 6614 destroy_dev(zfsdev); 6615} 6616 6617static struct root_hold_token *zfs_root_token; 6618struct proc *zfsproc; 6619 6620#ifdef illumos 6621int 6622_init(void) 6623{ 6624 int error; 6625 6626 spa_init(FREAD | FWRITE); 6627 zfs_init(); 6628 zvol_init(); 6629 zfs_ioctl_init(); 6630 6631 if ((error = mod_install(&modlinkage)) != 0) { 6632 zvol_fini(); 6633 zfs_fini(); 6634 spa_fini(); 6635 return (error); 6636 } 6637 6638 tsd_create(&zfs_fsyncer_key, NULL); 6639 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6640 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6641 6642 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 6643 ASSERT(error == 0); 6644 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6645 6646 return (0); 6647} 6648 6649int 6650_fini(void) 6651{ 6652 int error; 6653 6654 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 6655 return (SET_ERROR(EBUSY)); 6656 6657 if ((error = mod_remove(&modlinkage)) != 0) 6658 return (error); 6659 6660 zvol_fini(); 6661 zfs_fini(); 6662 spa_fini(); 6663 if (zfs_nfsshare_inited) 6664 (void) ddi_modclose(nfs_mod); 6665 if (zfs_smbshare_inited) 6666 (void) ddi_modclose(smbsrv_mod); 6667 if (zfs_nfsshare_inited || zfs_smbshare_inited) 6668 (void) ddi_modclose(sharefs_mod); 6669 6670 tsd_destroy(&zfs_fsyncer_key); 6671 ldi_ident_release(zfs_li); 6672 zfs_li = NULL; 6673 mutex_destroy(&zfs_share_lock); 6674 6675 return (error); 6676} 6677 6678int 6679_info(struct modinfo *modinfop) 6680{ 6681 return (mod_info(&modlinkage, modinfop)); 6682} 6683#endif /* illumos */ 6684 6685static int zfs__init(void); 6686static int zfs__fini(void); 6687static void zfs_shutdown(void *, int); 6688 6689static eventhandler_tag zfs_shutdown_event_tag; 6690 6691#ifdef __FreeBSD__ 6692#define ZFS_MIN_KSTACK_PAGES 4 6693#endif 6694 6695int 6696zfs__init(void) 6697{ 6698 6699#ifdef __FreeBSD__ 6700#if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES 6701 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack " 6702 "overflow panic!\nPlease consider adding " 6703 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES, 6704 ZFS_MIN_KSTACK_PAGES); 6705#endif 6706#endif 6707 zfs_root_token = root_mount_hold("ZFS"); 6708 6709 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6710 6711 spa_init(FREAD | FWRITE); 6712 zfs_init(); 6713 zvol_init(); 6714 zfs_ioctl_init(); 6715 6716 tsd_create(&zfs_fsyncer_key, NULL); 6717 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6718 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6719 6720 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n"); 6721 root_mount_rel(zfs_root_token); 6722 6723 zfsdev_init(); 6724 6725 return (0); 6726} 6727 6728int 6729zfs__fini(void) 6730{ 6731 if (spa_busy() || zfs_busy() || zvol_busy() || 6732 zio_injection_enabled) { 6733 return (EBUSY); 6734 } 6735 6736 zfsdev_fini(); 6737 zvol_fini(); 6738 zfs_fini(); 6739 spa_fini(); 6740 6741 tsd_destroy(&zfs_fsyncer_key); 6742 tsd_destroy(&rrw_tsd_key); 6743 tsd_destroy(&zfs_allow_log_key); 6744 6745 mutex_destroy(&zfs_share_lock); 6746 6747 return (0); 6748} 6749 6750static void 6751zfs_shutdown(void *arg __unused, int howto __unused) 6752{ 6753 6754 /* 6755 * ZFS fini routines can not properly work in a panic-ed system. 6756 */ 6757 if (panicstr == NULL) 6758 (void)zfs__fini(); 6759} 6760 6761 6762static int 6763zfs_modevent(module_t mod, int type, void *unused __unused) 6764{ 6765 int err; 6766 6767 switch (type) { 6768 case MOD_LOAD: 6769 err = zfs__init(); 6770 if (err == 0) 6771 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER( 6772 shutdown_post_sync, zfs_shutdown, NULL, 6773 SHUTDOWN_PRI_FIRST); 6774 return (err); 6775 case MOD_UNLOAD: 6776 err = zfs__fini(); 6777 if (err == 0 && zfs_shutdown_event_tag != NULL) 6778 EVENTHANDLER_DEREGISTER(shutdown_post_sync, 6779 zfs_shutdown_event_tag); 6780 return (err); 6781 case MOD_SHUTDOWN: 6782 return (0); 6783 default: 6784 break; 6785 } 6786 return (EOPNOTSUPP); 6787} 6788 6789static moduledata_t zfs_mod = { 6790 "zfsctrl", 6791 zfs_modevent, 6792 0 6793}; 6794DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY); 6795MODULE_VERSION(zfsctrl, 1); 6796MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1); 6797MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1); 6798MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1); 6799