zfs_ioctl.c revision 335546
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22/* 23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 25 * Copyright 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved. 26 * Copyright 2014 Xin Li <delphij@FreeBSD.org>. All rights reserved. 27 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 28 * Copyright 2015 Nexenta Systems, Inc. All rights reserved. 29 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 30 * Copyright (c) 2011, 2015 by Delphix. All rights reserved. 31 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 32 * Copyright (c) 2013 Steven Hartland. All rights reserved. 33 * Copyright (c) 2014 Integros [integros.com] 34 */ 35 36/* 37 * ZFS ioctls. 38 * 39 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 40 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 41 * 42 * There are two ways that we handle ioctls: the legacy way where almost 43 * all of the logic is in the ioctl callback, and the new way where most 44 * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 45 * 46 * Non-legacy ioctls should be registered by calling 47 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 48 * from userland by lzc_ioctl(). 49 * 50 * The registration arguments are as follows: 51 * 52 * const char *name 53 * The name of the ioctl. This is used for history logging. If the 54 * ioctl returns successfully (the callback returns 0), and allow_log 55 * is true, then a history log entry will be recorded with the input & 56 * output nvlists. The log entry can be printed with "zpool history -i". 57 * 58 * zfs_ioc_t ioc 59 * The ioctl request number, which userland will pass to ioctl(2). 60 * The ioctl numbers can change from release to release, because 61 * the caller (libzfs) must be matched to the kernel. 62 * 63 * zfs_secpolicy_func_t *secpolicy 64 * This function will be called before the zfs_ioc_func_t, to 65 * determine if this operation is permitted. It should return EPERM 66 * on failure, and 0 on success. Checks include determining if the 67 * dataset is visible in this zone, and if the user has either all 68 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 69 * to do this operation on this dataset with "zfs allow". 70 * 71 * zfs_ioc_namecheck_t namecheck 72 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 73 * name, a dataset name, or nothing. If the name is not well-formed, 74 * the ioctl will fail and the callback will not be called. 75 * Therefore, the callback can assume that the name is well-formed 76 * (e.g. is null-terminated, doesn't have more than one '@' character, 77 * doesn't have invalid characters). 78 * 79 * zfs_ioc_poolcheck_t pool_check 80 * This specifies requirements on the pool state. If the pool does 81 * not meet them (is suspended or is readonly), the ioctl will fail 82 * and the callback will not be called. If any checks are specified 83 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 84 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 85 * POOL_CHECK_READONLY). 86 * 87 * boolean_t smush_outnvlist 88 * If smush_outnvlist is true, then the output is presumed to be a 89 * list of errors, and it will be "smushed" down to fit into the 90 * caller's buffer, by removing some entries and replacing them with a 91 * single "N_MORE_ERRORS" entry indicating how many were removed. See 92 * nvlist_smush() for details. If smush_outnvlist is false, and the 93 * outnvlist does not fit into the userland-provided buffer, then the 94 * ioctl will fail with ENOMEM. 95 * 96 * zfs_ioc_func_t *func 97 * The callback function that will perform the operation. 98 * 99 * The callback should return 0 on success, or an error number on 100 * failure. If the function fails, the userland ioctl will return -1, 101 * and errno will be set to the callback's return value. The callback 102 * will be called with the following arguments: 103 * 104 * const char *name 105 * The name of the pool or dataset to operate on, from 106 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 107 * expected type (pool, dataset, or none). 108 * 109 * nvlist_t *innvl 110 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 111 * NULL if no input nvlist was provided. Changes to this nvlist are 112 * ignored. If the input nvlist could not be deserialized, the 113 * ioctl will fail and the callback will not be called. 114 * 115 * nvlist_t *outnvl 116 * The output nvlist, initially empty. The callback can fill it in, 117 * and it will be returned to userland by serializing it into 118 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 119 * fails (e.g. because the caller didn't supply a large enough 120 * buffer), then the overall ioctl will fail. See the 121 * 'smush_nvlist' argument above for additional behaviors. 122 * 123 * There are two typical uses of the output nvlist: 124 * - To return state, e.g. property values. In this case, 125 * smush_outnvlist should be false. If the buffer was not large 126 * enough, the caller will reallocate a larger buffer and try 127 * the ioctl again. 128 * 129 * - To return multiple errors from an ioctl which makes on-disk 130 * changes. In this case, smush_outnvlist should be true. 131 * Ioctls which make on-disk modifications should generally not 132 * use the outnvl if they succeed, because the caller can not 133 * distinguish between the operation failing, and 134 * deserialization failing. 135 */ 136#ifdef __FreeBSD__ 137#include "opt_kstack_pages.h" 138#endif 139 140#include <sys/types.h> 141#include <sys/param.h> 142#include <sys/systm.h> 143#include <sys/conf.h> 144#include <sys/kernel.h> 145#include <sys/lock.h> 146#include <sys/malloc.h> 147#include <sys/mutex.h> 148#include <sys/proc.h> 149#include <sys/errno.h> 150#include <sys/uio.h> 151#include <sys/buf.h> 152#include <sys/file.h> 153#include <sys/kmem.h> 154#include <sys/conf.h> 155#include <sys/cmn_err.h> 156#include <sys/stat.h> 157#include <sys/zfs_ioctl.h> 158#include <sys/zfs_vfsops.h> 159#include <sys/zfs_znode.h> 160#include <sys/zap.h> 161#include <sys/spa.h> 162#include <sys/spa_impl.h> 163#include <sys/vdev.h> 164#include <sys/dmu.h> 165#include <sys/dsl_dir.h> 166#include <sys/dsl_dataset.h> 167#include <sys/dsl_prop.h> 168#include <sys/dsl_deleg.h> 169#include <sys/dmu_objset.h> 170#include <sys/dmu_impl.h> 171#include <sys/dmu_tx.h> 172#include <sys/sunddi.h> 173#include <sys/policy.h> 174#include <sys/zone.h> 175#include <sys/nvpair.h> 176#include <sys/mount.h> 177#include <sys/taskqueue.h> 178#include <sys/sdt.h> 179#include <sys/varargs.h> 180#include <sys/fs/zfs.h> 181#include <sys/zfs_ctldir.h> 182#include <sys/zfs_dir.h> 183#include <sys/zfs_onexit.h> 184#include <sys/zvol.h> 185#include <sys/dsl_scan.h> 186#include <sys/dmu_objset.h> 187#include <sys/dmu_send.h> 188#include <sys/dsl_destroy.h> 189#include <sys/dsl_bookmark.h> 190#include <sys/dsl_userhold.h> 191#include <sys/zfeature.h> 192#include <sys/zio_checksum.h> 193 194#include "zfs_namecheck.h" 195#include "zfs_prop.h" 196#include "zfs_deleg.h" 197#include "zfs_comutil.h" 198#include "zfs_ioctl_compat.h" 199 200 201static struct cdev *zfsdev; 202 203extern void zfs_init(void); 204extern void zfs_fini(void); 205 206uint_t zfs_fsyncer_key; 207extern uint_t rrw_tsd_key; 208static uint_t zfs_allow_log_key; 209extern uint_t zfs_geom_probe_vdev_key; 210 211typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 212typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 213typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 214 215typedef enum { 216 NO_NAME, 217 POOL_NAME, 218 DATASET_NAME 219} zfs_ioc_namecheck_t; 220 221typedef enum { 222 POOL_CHECK_NONE = 1 << 0, 223 POOL_CHECK_SUSPENDED = 1 << 1, 224 POOL_CHECK_READONLY = 1 << 2, 225} zfs_ioc_poolcheck_t; 226 227typedef struct zfs_ioc_vec { 228 zfs_ioc_legacy_func_t *zvec_legacy_func; 229 zfs_ioc_func_t *zvec_func; 230 zfs_secpolicy_func_t *zvec_secpolicy; 231 zfs_ioc_namecheck_t zvec_namecheck; 232 boolean_t zvec_allow_log; 233 zfs_ioc_poolcheck_t zvec_pool_check; 234 boolean_t zvec_smush_outnvlist; 235 const char *zvec_name; 236} zfs_ioc_vec_t; 237 238/* This array is indexed by zfs_userquota_prop_t */ 239static const char *userquota_perms[] = { 240 ZFS_DELEG_PERM_USERUSED, 241 ZFS_DELEG_PERM_USERQUOTA, 242 ZFS_DELEG_PERM_GROUPUSED, 243 ZFS_DELEG_PERM_GROUPQUOTA, 244}; 245 246static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 247static int zfs_check_settable(const char *name, nvpair_t *property, 248 cred_t *cr); 249static int zfs_check_clearable(char *dataset, nvlist_t *props, 250 nvlist_t **errors); 251static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 252 boolean_t *); 253int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 254static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 255 256static void zfsdev_close(void *data); 257 258static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 259 260/* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 261void 262__dprintf(const char *file, const char *func, int line, const char *fmt, ...) 263{ 264 const char *newfile; 265 char buf[512]; 266 va_list adx; 267 268 /* 269 * Get rid of annoying "../common/" prefix to filename. 270 */ 271 newfile = strrchr(file, '/'); 272 if (newfile != NULL) { 273 newfile = newfile + 1; /* Get rid of leading / */ 274 } else { 275 newfile = file; 276 } 277 278 va_start(adx, fmt); 279 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 280 va_end(adx); 281 282 /* 283 * To get this data, use the zfs-dprintf probe as so: 284 * dtrace -q -n 'zfs-dprintf \ 285 * /stringof(arg0) == "dbuf.c"/ \ 286 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 287 * arg0 = file name 288 * arg1 = function name 289 * arg2 = line number 290 * arg3 = message 291 */ 292 DTRACE_PROBE4(zfs__dprintf, 293 char *, newfile, char *, func, int, line, char *, buf); 294} 295 296static void 297history_str_free(char *buf) 298{ 299 kmem_free(buf, HIS_MAX_RECORD_LEN); 300} 301 302static char * 303history_str_get(zfs_cmd_t *zc) 304{ 305 char *buf; 306 307 if (zc->zc_history == 0) 308 return (NULL); 309 310 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 311 if (copyinstr((void *)(uintptr_t)zc->zc_history, 312 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 313 history_str_free(buf); 314 return (NULL); 315 } 316 317 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 318 319 return (buf); 320} 321 322/* 323 * Check to see if the named dataset is currently defined as bootable 324 */ 325static boolean_t 326zfs_is_bootfs(const char *name) 327{ 328 objset_t *os; 329 330 if (dmu_objset_hold(name, FTAG, &os) == 0) { 331 boolean_t ret; 332 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 333 dmu_objset_rele(os, FTAG); 334 return (ret); 335 } 336 return (B_FALSE); 337} 338 339/* 340 * Return non-zero if the spa version is less than requested version. 341 */ 342static int 343zfs_earlier_version(const char *name, int version) 344{ 345 spa_t *spa; 346 347 if (spa_open(name, &spa, FTAG) == 0) { 348 if (spa_version(spa) < version) { 349 spa_close(spa, FTAG); 350 return (1); 351 } 352 spa_close(spa, FTAG); 353 } 354 return (0); 355} 356 357/* 358 * Return TRUE if the ZPL version is less than requested version. 359 */ 360static boolean_t 361zpl_earlier_version(const char *name, int version) 362{ 363 objset_t *os; 364 boolean_t rc = B_TRUE; 365 366 if (dmu_objset_hold(name, FTAG, &os) == 0) { 367 uint64_t zplversion; 368 369 if (dmu_objset_type(os) != DMU_OST_ZFS) { 370 dmu_objset_rele(os, FTAG); 371 return (B_TRUE); 372 } 373 /* XXX reading from non-owned objset */ 374 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 375 rc = zplversion < version; 376 dmu_objset_rele(os, FTAG); 377 } 378 return (rc); 379} 380 381static void 382zfs_log_history(zfs_cmd_t *zc) 383{ 384 spa_t *spa; 385 char *buf; 386 387 if ((buf = history_str_get(zc)) == NULL) 388 return; 389 390 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 391 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 392 (void) spa_history_log(spa, buf); 393 spa_close(spa, FTAG); 394 } 395 history_str_free(buf); 396} 397 398/* 399 * Policy for top-level read operations (list pools). Requires no privileges, 400 * and can be used in the local zone, as there is no associated dataset. 401 */ 402/* ARGSUSED */ 403static int 404zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 405{ 406 return (0); 407} 408 409/* 410 * Policy for dataset read operations (list children, get statistics). Requires 411 * no privileges, but must be visible in the local zone. 412 */ 413/* ARGSUSED */ 414static int 415zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 416{ 417 if (INGLOBALZONE(curthread) || 418 zone_dataset_visible(zc->zc_name, NULL)) 419 return (0); 420 421 return (SET_ERROR(ENOENT)); 422} 423 424static int 425zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 426{ 427 int writable = 1; 428 429 /* 430 * The dataset must be visible by this zone -- check this first 431 * so they don't see EPERM on something they shouldn't know about. 432 */ 433 if (!INGLOBALZONE(curthread) && 434 !zone_dataset_visible(dataset, &writable)) 435 return (SET_ERROR(ENOENT)); 436 437 if (INGLOBALZONE(curthread)) { 438 /* 439 * If the fs is zoned, only root can access it from the 440 * global zone. 441 */ 442 if (secpolicy_zfs(cr) && zoned) 443 return (SET_ERROR(EPERM)); 444 } else { 445 /* 446 * If we are in a local zone, the 'zoned' property must be set. 447 */ 448 if (!zoned) 449 return (SET_ERROR(EPERM)); 450 451 /* must be writable by this zone */ 452 if (!writable) 453 return (SET_ERROR(EPERM)); 454 } 455 return (0); 456} 457 458static int 459zfs_dozonecheck(const char *dataset, cred_t *cr) 460{ 461 uint64_t zoned; 462 463 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL)) 464 return (SET_ERROR(ENOENT)); 465 466 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 467} 468 469static int 470zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 471{ 472 uint64_t zoned; 473 474 if (dsl_prop_get_int_ds(ds, "jailed", &zoned)) 475 return (SET_ERROR(ENOENT)); 476 477 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 478} 479 480static int 481zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 482 const char *perm, cred_t *cr) 483{ 484 int error; 485 486 error = zfs_dozonecheck_ds(name, ds, cr); 487 if (error == 0) { 488 error = secpolicy_zfs(cr); 489 if (error != 0) 490 error = dsl_deleg_access_impl(ds, perm, cr); 491 } 492 return (error); 493} 494 495static int 496zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 497{ 498 int error; 499 dsl_dataset_t *ds; 500 dsl_pool_t *dp; 501 502 /* 503 * First do a quick check for root in the global zone, which 504 * is allowed to do all write_perms. This ensures that zfs_ioc_* 505 * will get to handle nonexistent datasets. 506 */ 507 if (INGLOBALZONE(curthread) && secpolicy_zfs(cr) == 0) 508 return (0); 509 510 error = dsl_pool_hold(name, FTAG, &dp); 511 if (error != 0) 512 return (error); 513 514 error = dsl_dataset_hold(dp, name, FTAG, &ds); 515 if (error != 0) { 516 dsl_pool_rele(dp, FTAG); 517 return (error); 518 } 519 520 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 521 522 dsl_dataset_rele(ds, FTAG); 523 dsl_pool_rele(dp, FTAG); 524 return (error); 525} 526 527#ifdef SECLABEL 528/* 529 * Policy for setting the security label property. 530 * 531 * Returns 0 for success, non-zero for access and other errors. 532 */ 533static int 534zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 535{ 536 char ds_hexsl[MAXNAMELEN]; 537 bslabel_t ds_sl, new_sl; 538 boolean_t new_default = FALSE; 539 uint64_t zoned; 540 int needed_priv = -1; 541 int error; 542 543 /* First get the existing dataset label. */ 544 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 545 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 546 if (error != 0) 547 return (SET_ERROR(EPERM)); 548 549 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 550 new_default = TRUE; 551 552 /* The label must be translatable */ 553 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 554 return (SET_ERROR(EINVAL)); 555 556 /* 557 * In a non-global zone, disallow attempts to set a label that 558 * doesn't match that of the zone; otherwise no other checks 559 * are needed. 560 */ 561 if (!INGLOBALZONE(curproc)) { 562 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 563 return (SET_ERROR(EPERM)); 564 return (0); 565 } 566 567 /* 568 * For global-zone datasets (i.e., those whose zoned property is 569 * "off", verify that the specified new label is valid for the 570 * global zone. 571 */ 572 if (dsl_prop_get_integer(name, 573 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 574 return (SET_ERROR(EPERM)); 575 if (!zoned) { 576 if (zfs_check_global_label(name, strval) != 0) 577 return (SET_ERROR(EPERM)); 578 } 579 580 /* 581 * If the existing dataset label is nondefault, check if the 582 * dataset is mounted (label cannot be changed while mounted). 583 * Get the zfsvfs; if there isn't one, then the dataset isn't 584 * mounted (or isn't a dataset, doesn't exist, ...). 585 */ 586 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 587 objset_t *os; 588 static char *setsl_tag = "setsl_tag"; 589 590 /* 591 * Try to own the dataset; abort if there is any error, 592 * (e.g., already mounted, in use, or other error). 593 */ 594 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 595 setsl_tag, &os); 596 if (error != 0) 597 return (SET_ERROR(EPERM)); 598 599 dmu_objset_disown(os, setsl_tag); 600 601 if (new_default) { 602 needed_priv = PRIV_FILE_DOWNGRADE_SL; 603 goto out_check; 604 } 605 606 if (hexstr_to_label(strval, &new_sl) != 0) 607 return (SET_ERROR(EPERM)); 608 609 if (blstrictdom(&ds_sl, &new_sl)) 610 needed_priv = PRIV_FILE_DOWNGRADE_SL; 611 else if (blstrictdom(&new_sl, &ds_sl)) 612 needed_priv = PRIV_FILE_UPGRADE_SL; 613 } else { 614 /* dataset currently has a default label */ 615 if (!new_default) 616 needed_priv = PRIV_FILE_UPGRADE_SL; 617 } 618 619out_check: 620 if (needed_priv != -1) 621 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 622 return (0); 623} 624#endif /* SECLABEL */ 625 626static int 627zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 628 cred_t *cr) 629{ 630 char *strval; 631 632 /* 633 * Check permissions for special properties. 634 */ 635 switch (prop) { 636 case ZFS_PROP_ZONED: 637 /* 638 * Disallow setting of 'zoned' from within a local zone. 639 */ 640 if (!INGLOBALZONE(curthread)) 641 return (SET_ERROR(EPERM)); 642 break; 643 644 case ZFS_PROP_QUOTA: 645 case ZFS_PROP_FILESYSTEM_LIMIT: 646 case ZFS_PROP_SNAPSHOT_LIMIT: 647 if (!INGLOBALZONE(curthread)) { 648 uint64_t zoned; 649 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 650 /* 651 * Unprivileged users are allowed to modify the 652 * limit on things *under* (ie. contained by) 653 * the thing they own. 654 */ 655 if (dsl_prop_get_integer(dsname, "jailed", &zoned, 656 setpoint)) 657 return (SET_ERROR(EPERM)); 658 if (!zoned || strlen(dsname) <= strlen(setpoint)) 659 return (SET_ERROR(EPERM)); 660 } 661 break; 662 663 case ZFS_PROP_MLSLABEL: 664#ifdef SECLABEL 665 if (!is_system_labeled()) 666 return (SET_ERROR(EPERM)); 667 668 if (nvpair_value_string(propval, &strval) == 0) { 669 int err; 670 671 err = zfs_set_slabel_policy(dsname, strval, CRED()); 672 if (err != 0) 673 return (err); 674 } 675#else 676 return (EOPNOTSUPP); 677#endif 678 break; 679 } 680 681 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 682} 683 684/* ARGSUSED */ 685static int 686zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 687{ 688 int error; 689 690 error = zfs_dozonecheck(zc->zc_name, cr); 691 if (error != 0) 692 return (error); 693 694 /* 695 * permission to set permissions will be evaluated later in 696 * dsl_deleg_can_allow() 697 */ 698 return (0); 699} 700 701/* ARGSUSED */ 702static int 703zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 704{ 705 return (zfs_secpolicy_write_perms(zc->zc_name, 706 ZFS_DELEG_PERM_ROLLBACK, cr)); 707} 708 709/* ARGSUSED */ 710static int 711zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 712{ 713 dsl_pool_t *dp; 714 dsl_dataset_t *ds; 715 char *cp; 716 int error; 717 718 /* 719 * Generate the current snapshot name from the given objsetid, then 720 * use that name for the secpolicy/zone checks. 721 */ 722 cp = strchr(zc->zc_name, '@'); 723 if (cp == NULL) 724 return (SET_ERROR(EINVAL)); 725 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 726 if (error != 0) 727 return (error); 728 729 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 730 if (error != 0) { 731 dsl_pool_rele(dp, FTAG); 732 return (error); 733 } 734 735 dsl_dataset_name(ds, zc->zc_name); 736 737 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 738 ZFS_DELEG_PERM_SEND, cr); 739 dsl_dataset_rele(ds, FTAG); 740 dsl_pool_rele(dp, FTAG); 741 742 return (error); 743} 744 745/* ARGSUSED */ 746static int 747zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 748{ 749 return (zfs_secpolicy_write_perms(zc->zc_name, 750 ZFS_DELEG_PERM_SEND, cr)); 751} 752 753/* ARGSUSED */ 754static int 755zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 756{ 757 vnode_t *vp; 758 int error; 759 760 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 761 NO_FOLLOW, NULL, &vp)) != 0) 762 return (error); 763 764 /* Now make sure mntpnt and dataset are ZFS */ 765 766 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 767 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 768 zc->zc_name) != 0)) { 769 VN_RELE(vp); 770 return (SET_ERROR(EPERM)); 771 } 772 773 VN_RELE(vp); 774 return (dsl_deleg_access(zc->zc_name, 775 ZFS_DELEG_PERM_SHARE, cr)); 776} 777 778int 779zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 780{ 781 if (!INGLOBALZONE(curthread)) 782 return (SET_ERROR(EPERM)); 783 784 if (secpolicy_nfs(cr) == 0) { 785 return (0); 786 } else { 787 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 788 } 789} 790 791int 792zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 793{ 794 if (!INGLOBALZONE(curthread)) 795 return (SET_ERROR(EPERM)); 796 797 if (secpolicy_smb(cr) == 0) { 798 return (0); 799 } else { 800 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 801 } 802} 803 804static int 805zfs_get_parent(const char *datasetname, char *parent, int parentsize) 806{ 807 char *cp; 808 809 /* 810 * Remove the @bla or /bla from the end of the name to get the parent. 811 */ 812 (void) strncpy(parent, datasetname, parentsize); 813 cp = strrchr(parent, '@'); 814 if (cp != NULL) { 815 cp[0] = '\0'; 816 } else { 817 cp = strrchr(parent, '/'); 818 if (cp == NULL) 819 return (SET_ERROR(ENOENT)); 820 cp[0] = '\0'; 821 } 822 823 return (0); 824} 825 826int 827zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 828{ 829 int error; 830 831 if ((error = zfs_secpolicy_write_perms(name, 832 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 833 return (error); 834 835 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 836} 837 838/* ARGSUSED */ 839static int 840zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 841{ 842 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 843} 844 845/* 846 * Destroying snapshots with delegated permissions requires 847 * descendant mount and destroy permissions. 848 */ 849/* ARGSUSED */ 850static int 851zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 852{ 853 nvlist_t *snaps; 854 nvpair_t *pair, *nextpair; 855 int error = 0; 856 857 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 858 return (SET_ERROR(EINVAL)); 859 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 860 pair = nextpair) { 861 nextpair = nvlist_next_nvpair(snaps, pair); 862 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 863 if (error == ENOENT) { 864 /* 865 * Ignore any snapshots that don't exist (we consider 866 * them "already destroyed"). Remove the name from the 867 * nvl here in case the snapshot is created between 868 * now and when we try to destroy it (in which case 869 * we don't want to destroy it since we haven't 870 * checked for permission). 871 */ 872 fnvlist_remove_nvpair(snaps, pair); 873 error = 0; 874 } 875 if (error != 0) 876 break; 877 } 878 879 return (error); 880} 881 882int 883zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 884{ 885 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 886 int error; 887 888 if ((error = zfs_secpolicy_write_perms(from, 889 ZFS_DELEG_PERM_RENAME, cr)) != 0) 890 return (error); 891 892 if ((error = zfs_secpolicy_write_perms(from, 893 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 894 return (error); 895 896 if ((error = zfs_get_parent(to, parentname, 897 sizeof (parentname))) != 0) 898 return (error); 899 900 if ((error = zfs_secpolicy_write_perms(parentname, 901 ZFS_DELEG_PERM_CREATE, cr)) != 0) 902 return (error); 903 904 if ((error = zfs_secpolicy_write_perms(parentname, 905 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 906 return (error); 907 908 return (error); 909} 910 911/* ARGSUSED */ 912static int 913zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 914{ 915 char *at = NULL; 916 int error; 917 918 if ((zc->zc_cookie & 1) != 0) { 919 /* 920 * This is recursive rename, so the starting snapshot might 921 * not exist. Check file system or volume permission instead. 922 */ 923 at = strchr(zc->zc_name, '@'); 924 if (at == NULL) 925 return (EINVAL); 926 *at = '\0'; 927 } 928 929 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr); 930 931 if (at != NULL) 932 *at = '@'; 933 934 return (error); 935} 936 937/* ARGSUSED */ 938static int 939zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 940{ 941 dsl_pool_t *dp; 942 dsl_dataset_t *clone; 943 int error; 944 945 error = zfs_secpolicy_write_perms(zc->zc_name, 946 ZFS_DELEG_PERM_PROMOTE, cr); 947 if (error != 0) 948 return (error); 949 950 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 951 if (error != 0) 952 return (error); 953 954 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 955 956 if (error == 0) { 957 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 958 dsl_dataset_t *origin = NULL; 959 dsl_dir_t *dd; 960 dd = clone->ds_dir; 961 962 error = dsl_dataset_hold_obj(dd->dd_pool, 963 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 964 if (error != 0) { 965 dsl_dataset_rele(clone, FTAG); 966 dsl_pool_rele(dp, FTAG); 967 return (error); 968 } 969 970 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 971 ZFS_DELEG_PERM_MOUNT, cr); 972 973 dsl_dataset_name(origin, parentname); 974 if (error == 0) { 975 error = zfs_secpolicy_write_perms_ds(parentname, origin, 976 ZFS_DELEG_PERM_PROMOTE, cr); 977 } 978 dsl_dataset_rele(clone, FTAG); 979 dsl_dataset_rele(origin, FTAG); 980 } 981 dsl_pool_rele(dp, FTAG); 982 return (error); 983} 984 985/* ARGSUSED */ 986static int 987zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 988{ 989 int error; 990 991 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 992 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 993 return (error); 994 995 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 996 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 997 return (error); 998 999 return (zfs_secpolicy_write_perms(zc->zc_name, 1000 ZFS_DELEG_PERM_CREATE, cr)); 1001} 1002 1003int 1004zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 1005{ 1006 return (zfs_secpolicy_write_perms(name, 1007 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1008} 1009 1010/* 1011 * Check for permission to create each snapshot in the nvlist. 1012 */ 1013/* ARGSUSED */ 1014static int 1015zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1016{ 1017 nvlist_t *snaps; 1018 int error; 1019 nvpair_t *pair; 1020 1021 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1022 return (SET_ERROR(EINVAL)); 1023 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1024 pair = nvlist_next_nvpair(snaps, pair)) { 1025 char *name = nvpair_name(pair); 1026 char *atp = strchr(name, '@'); 1027 1028 if (atp == NULL) { 1029 error = SET_ERROR(EINVAL); 1030 break; 1031 } 1032 *atp = '\0'; 1033 error = zfs_secpolicy_snapshot_perms(name, cr); 1034 *atp = '@'; 1035 if (error != 0) 1036 break; 1037 } 1038 return (error); 1039} 1040 1041/* 1042 * Check for permission to create each snapshot in the nvlist. 1043 */ 1044/* ARGSUSED */ 1045static int 1046zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1047{ 1048 int error = 0; 1049 1050 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1051 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1052 char *name = nvpair_name(pair); 1053 char *hashp = strchr(name, '#'); 1054 1055 if (hashp == NULL) { 1056 error = SET_ERROR(EINVAL); 1057 break; 1058 } 1059 *hashp = '\0'; 1060 error = zfs_secpolicy_write_perms(name, 1061 ZFS_DELEG_PERM_BOOKMARK, cr); 1062 *hashp = '#'; 1063 if (error != 0) 1064 break; 1065 } 1066 return (error); 1067} 1068 1069/* ARGSUSED */ 1070static int 1071zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1072{ 1073 nvpair_t *pair, *nextpair; 1074 int error = 0; 1075 1076 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1077 pair = nextpair) { 1078 char *name = nvpair_name(pair); 1079 char *hashp = strchr(name, '#'); 1080 nextpair = nvlist_next_nvpair(innvl, pair); 1081 1082 if (hashp == NULL) { 1083 error = SET_ERROR(EINVAL); 1084 break; 1085 } 1086 1087 *hashp = '\0'; 1088 error = zfs_secpolicy_write_perms(name, 1089 ZFS_DELEG_PERM_DESTROY, cr); 1090 *hashp = '#'; 1091 if (error == ENOENT) { 1092 /* 1093 * Ignore any filesystems that don't exist (we consider 1094 * their bookmarks "already destroyed"). Remove 1095 * the name from the nvl here in case the filesystem 1096 * is created between now and when we try to destroy 1097 * the bookmark (in which case we don't want to 1098 * destroy it since we haven't checked for permission). 1099 */ 1100 fnvlist_remove_nvpair(innvl, pair); 1101 error = 0; 1102 } 1103 if (error != 0) 1104 break; 1105 } 1106 1107 return (error); 1108} 1109 1110/* ARGSUSED */ 1111static int 1112zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1113{ 1114 /* 1115 * Even root must have a proper TSD so that we know what pool 1116 * to log to. 1117 */ 1118 if (tsd_get(zfs_allow_log_key) == NULL) 1119 return (SET_ERROR(EPERM)); 1120 return (0); 1121} 1122 1123static int 1124zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1125{ 1126 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1127 int error; 1128 char *origin; 1129 1130 if ((error = zfs_get_parent(zc->zc_name, parentname, 1131 sizeof (parentname))) != 0) 1132 return (error); 1133 1134 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1135 (error = zfs_secpolicy_write_perms(origin, 1136 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1137 return (error); 1138 1139 if ((error = zfs_secpolicy_write_perms(parentname, 1140 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1141 return (error); 1142 1143 return (zfs_secpolicy_write_perms(parentname, 1144 ZFS_DELEG_PERM_MOUNT, cr)); 1145} 1146 1147/* 1148 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1149 * SYS_CONFIG privilege, which is not available in a local zone. 1150 */ 1151/* ARGSUSED */ 1152static int 1153zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1154{ 1155 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1156 return (SET_ERROR(EPERM)); 1157 1158 return (0); 1159} 1160 1161/* 1162 * Policy for object to name lookups. 1163 */ 1164/* ARGSUSED */ 1165static int 1166zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1167{ 1168 int error; 1169 1170 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1171 return (0); 1172 1173 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1174 return (error); 1175} 1176 1177/* 1178 * Policy for fault injection. Requires all privileges. 1179 */ 1180/* ARGSUSED */ 1181static int 1182zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1183{ 1184 return (secpolicy_zinject(cr)); 1185} 1186 1187/* ARGSUSED */ 1188static int 1189zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1190{ 1191 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1192 1193 if (prop == ZPROP_INVAL) { 1194 if (!zfs_prop_user(zc->zc_value)) 1195 return (SET_ERROR(EINVAL)); 1196 return (zfs_secpolicy_write_perms(zc->zc_name, 1197 ZFS_DELEG_PERM_USERPROP, cr)); 1198 } else { 1199 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1200 NULL, cr)); 1201 } 1202} 1203 1204static int 1205zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1206{ 1207 int err = zfs_secpolicy_read(zc, innvl, cr); 1208 if (err) 1209 return (err); 1210 1211 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1212 return (SET_ERROR(EINVAL)); 1213 1214 if (zc->zc_value[0] == 0) { 1215 /* 1216 * They are asking about a posix uid/gid. If it's 1217 * themself, allow it. 1218 */ 1219 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1220 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1221 if (zc->zc_guid == crgetuid(cr)) 1222 return (0); 1223 } else { 1224 if (groupmember(zc->zc_guid, cr)) 1225 return (0); 1226 } 1227 } 1228 1229 return (zfs_secpolicy_write_perms(zc->zc_name, 1230 userquota_perms[zc->zc_objset_type], cr)); 1231} 1232 1233static int 1234zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1235{ 1236 int err = zfs_secpolicy_read(zc, innvl, cr); 1237 if (err) 1238 return (err); 1239 1240 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1241 return (SET_ERROR(EINVAL)); 1242 1243 return (zfs_secpolicy_write_perms(zc->zc_name, 1244 userquota_perms[zc->zc_objset_type], cr)); 1245} 1246 1247/* ARGSUSED */ 1248static int 1249zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1250{ 1251 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1252 NULL, cr)); 1253} 1254 1255/* ARGSUSED */ 1256static int 1257zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1258{ 1259 nvpair_t *pair; 1260 nvlist_t *holds; 1261 int error; 1262 1263 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1264 if (error != 0) 1265 return (SET_ERROR(EINVAL)); 1266 1267 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1268 pair = nvlist_next_nvpair(holds, pair)) { 1269 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1270 error = dmu_fsname(nvpair_name(pair), fsname); 1271 if (error != 0) 1272 return (error); 1273 error = zfs_secpolicy_write_perms(fsname, 1274 ZFS_DELEG_PERM_HOLD, cr); 1275 if (error != 0) 1276 return (error); 1277 } 1278 return (0); 1279} 1280 1281/* ARGSUSED */ 1282static int 1283zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1284{ 1285 nvpair_t *pair; 1286 int error; 1287 1288 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1289 pair = nvlist_next_nvpair(innvl, pair)) { 1290 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1291 error = dmu_fsname(nvpair_name(pair), fsname); 1292 if (error != 0) 1293 return (error); 1294 error = zfs_secpolicy_write_perms(fsname, 1295 ZFS_DELEG_PERM_RELEASE, cr); 1296 if (error != 0) 1297 return (error); 1298 } 1299 return (0); 1300} 1301 1302/* 1303 * Policy for allowing temporary snapshots to be taken or released 1304 */ 1305static int 1306zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1307{ 1308 /* 1309 * A temporary snapshot is the same as a snapshot, 1310 * hold, destroy and release all rolled into one. 1311 * Delegated diff alone is sufficient that we allow this. 1312 */ 1313 int error; 1314 1315 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1316 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1317 return (0); 1318 1319 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1320 if (error == 0) 1321 error = zfs_secpolicy_hold(zc, innvl, cr); 1322 if (error == 0) 1323 error = zfs_secpolicy_release(zc, innvl, cr); 1324 if (error == 0) 1325 error = zfs_secpolicy_destroy(zc, innvl, cr); 1326 return (error); 1327} 1328 1329/* 1330 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1331 */ 1332static int 1333get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1334{ 1335 char *packed; 1336 int error; 1337 nvlist_t *list = NULL; 1338 1339 /* 1340 * Read in and unpack the user-supplied nvlist. 1341 */ 1342 if (size == 0) 1343 return (SET_ERROR(EINVAL)); 1344 1345 packed = kmem_alloc(size, KM_SLEEP); 1346 1347 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1348 iflag)) != 0) { 1349 kmem_free(packed, size); 1350 return (SET_ERROR(EFAULT)); 1351 } 1352 1353 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1354 kmem_free(packed, size); 1355 return (error); 1356 } 1357 1358 kmem_free(packed, size); 1359 1360 *nvp = list; 1361 return (0); 1362} 1363 1364/* 1365 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1366 * Entries will be removed from the end of the nvlist, and one int32 entry 1367 * named "N_MORE_ERRORS" will be added indicating how many entries were 1368 * removed. 1369 */ 1370static int 1371nvlist_smush(nvlist_t *errors, size_t max) 1372{ 1373 size_t size; 1374 1375 size = fnvlist_size(errors); 1376 1377 if (size > max) { 1378 nvpair_t *more_errors; 1379 int n = 0; 1380 1381 if (max < 1024) 1382 return (SET_ERROR(ENOMEM)); 1383 1384 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1385 more_errors = nvlist_prev_nvpair(errors, NULL); 1386 1387 do { 1388 nvpair_t *pair = nvlist_prev_nvpair(errors, 1389 more_errors); 1390 fnvlist_remove_nvpair(errors, pair); 1391 n++; 1392 size = fnvlist_size(errors); 1393 } while (size > max); 1394 1395 fnvlist_remove_nvpair(errors, more_errors); 1396 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1397 ASSERT3U(fnvlist_size(errors), <=, max); 1398 } 1399 1400 return (0); 1401} 1402 1403static int 1404put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1405{ 1406 char *packed = NULL; 1407 int error = 0; 1408 size_t size; 1409 1410 size = fnvlist_size(nvl); 1411 1412 if (size > zc->zc_nvlist_dst_size) { 1413 /* 1414 * Solaris returns ENOMEM here, because even if an error is 1415 * returned from an ioctl(2), new zc_nvlist_dst_size will be 1416 * passed to the userland. This is not the case for FreeBSD. 1417 * We need to return 0, so the kernel will copy the 1418 * zc_nvlist_dst_size back and the userland can discover that a 1419 * bigger buffer is needed. 1420 */ 1421 error = 0; 1422 } else { 1423 packed = fnvlist_pack(nvl, &size); 1424 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1425 size, zc->zc_iflags) != 0) 1426 error = SET_ERROR(EFAULT); 1427 fnvlist_pack_free(packed, size); 1428 } 1429 1430 zc->zc_nvlist_dst_size = size; 1431 zc->zc_nvlist_dst_filled = B_TRUE; 1432 return (error); 1433} 1434 1435static int 1436getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1437{ 1438 objset_t *os; 1439 vfs_t *vfsp; 1440 int error; 1441 1442 error = dmu_objset_hold(dsname, FTAG, &os); 1443 if (error != 0) 1444 return (error); 1445 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1446 dmu_objset_rele(os, FTAG); 1447 return (SET_ERROR(EINVAL)); 1448 } 1449 1450 mutex_enter(&os->os_user_ptr_lock); 1451 *zfvp = dmu_objset_get_user(os); 1452 if (*zfvp) { 1453 vfsp = (*zfvp)->z_vfs; 1454 vfs_ref(vfsp); 1455 } else { 1456 error = SET_ERROR(ESRCH); 1457 } 1458 mutex_exit(&os->os_user_ptr_lock); 1459 dmu_objset_rele(os, FTAG); 1460 if (error == 0) { 1461 error = vfs_busy(vfsp, 0); 1462 vfs_rel(vfsp); 1463 if (error != 0) { 1464 *zfvp = NULL; 1465 error = SET_ERROR(ESRCH); 1466 } 1467 } 1468 return (error); 1469} 1470 1471/* 1472 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1473 * case its z_vfs will be NULL, and it will be opened as the owner. 1474 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1475 * which prevents all vnode ops from running. 1476 */ 1477static int 1478zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1479{ 1480 int error = 0; 1481 1482 if (getzfsvfs(name, zfvp) != 0) 1483 error = zfsvfs_create(name, zfvp); 1484 if (error == 0) { 1485 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1486 RW_READER, tag); 1487#ifdef illumos 1488 if ((*zfvp)->z_unmounted) { 1489 /* 1490 * XXX we could probably try again, since the unmounting 1491 * thread should be just about to disassociate the 1492 * objset from the zfsvfs. 1493 */ 1494 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1495 return (SET_ERROR(EBUSY)); 1496 } 1497#else 1498 /* 1499 * vfs_busy() ensures that the filesystem is not and 1500 * can not be unmounted. 1501 */ 1502 ASSERT(!(*zfvp)->z_unmounted); 1503#endif 1504 } 1505 return (error); 1506} 1507 1508static void 1509zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1510{ 1511 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1512 1513 if (zfsvfs->z_vfs) { 1514#ifdef illumos 1515 VFS_RELE(zfsvfs->z_vfs); 1516#else 1517 vfs_unbusy(zfsvfs->z_vfs); 1518#endif 1519 } else { 1520 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1521 zfsvfs_free(zfsvfs); 1522 } 1523} 1524 1525static int 1526zfs_ioc_pool_create(zfs_cmd_t *zc) 1527{ 1528 int error; 1529 nvlist_t *config, *props = NULL; 1530 nvlist_t *rootprops = NULL; 1531 nvlist_t *zplprops = NULL; 1532 char *spa_name = zc->zc_name; 1533 1534 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1535 zc->zc_iflags, &config)) 1536 return (error); 1537 1538 if (zc->zc_nvlist_src_size != 0 && (error = 1539 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1540 zc->zc_iflags, &props))) { 1541 nvlist_free(config); 1542 return (error); 1543 } 1544 1545 if (props) { 1546 nvlist_t *nvl = NULL; 1547 uint64_t version = SPA_VERSION; 1548 char *tname; 1549 1550 (void) nvlist_lookup_uint64(props, 1551 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1552 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1553 error = SET_ERROR(EINVAL); 1554 goto pool_props_bad; 1555 } 1556 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1557 if (nvl) { 1558 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1559 if (error != 0) { 1560 nvlist_free(config); 1561 nvlist_free(props); 1562 return (error); 1563 } 1564 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1565 } 1566 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1567 error = zfs_fill_zplprops_root(version, rootprops, 1568 zplprops, NULL); 1569 if (error != 0) 1570 goto pool_props_bad; 1571 1572 if (nvlist_lookup_string(props, 1573 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0) 1574 spa_name = tname; 1575 } 1576 1577 error = spa_create(zc->zc_name, config, props, zplprops); 1578 1579 /* 1580 * Set the remaining root properties 1581 */ 1582 if (!error && (error = zfs_set_prop_nvlist(spa_name, 1583 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1584 (void) spa_destroy(spa_name); 1585 1586pool_props_bad: 1587 nvlist_free(rootprops); 1588 nvlist_free(zplprops); 1589 nvlist_free(config); 1590 nvlist_free(props); 1591 1592 return (error); 1593} 1594 1595static int 1596zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1597{ 1598 int error; 1599 zfs_log_history(zc); 1600 error = spa_destroy(zc->zc_name); 1601 if (error == 0) 1602 zvol_remove_minors(zc->zc_name); 1603 return (error); 1604} 1605 1606static int 1607zfs_ioc_pool_import(zfs_cmd_t *zc) 1608{ 1609 nvlist_t *config, *props = NULL; 1610 uint64_t guid; 1611 int error; 1612 1613 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1614 zc->zc_iflags, &config)) != 0) 1615 return (error); 1616 1617 if (zc->zc_nvlist_src_size != 0 && (error = 1618 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1619 zc->zc_iflags, &props))) { 1620 nvlist_free(config); 1621 return (error); 1622 } 1623 1624 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1625 guid != zc->zc_guid) 1626 error = SET_ERROR(EINVAL); 1627 else 1628 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1629 1630 if (zc->zc_nvlist_dst != 0) { 1631 int err; 1632 1633 if ((err = put_nvlist(zc, config)) != 0) 1634 error = err; 1635 } 1636 1637 nvlist_free(config); 1638 1639 nvlist_free(props); 1640 1641 return (error); 1642} 1643 1644static int 1645zfs_ioc_pool_export(zfs_cmd_t *zc) 1646{ 1647 int error; 1648 boolean_t force = (boolean_t)zc->zc_cookie; 1649 boolean_t hardforce = (boolean_t)zc->zc_guid; 1650 1651 zfs_log_history(zc); 1652 error = spa_export(zc->zc_name, NULL, force, hardforce); 1653 if (error == 0) 1654 zvol_remove_minors(zc->zc_name); 1655 return (error); 1656} 1657 1658static int 1659zfs_ioc_pool_configs(zfs_cmd_t *zc) 1660{ 1661 nvlist_t *configs; 1662 int error; 1663 1664 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1665 return (SET_ERROR(EEXIST)); 1666 1667 error = put_nvlist(zc, configs); 1668 1669 nvlist_free(configs); 1670 1671 return (error); 1672} 1673 1674/* 1675 * inputs: 1676 * zc_name name of the pool 1677 * 1678 * outputs: 1679 * zc_cookie real errno 1680 * zc_nvlist_dst config nvlist 1681 * zc_nvlist_dst_size size of config nvlist 1682 */ 1683static int 1684zfs_ioc_pool_stats(zfs_cmd_t *zc) 1685{ 1686 nvlist_t *config; 1687 int error; 1688 int ret = 0; 1689 1690 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1691 sizeof (zc->zc_value)); 1692 1693 if (config != NULL) { 1694 ret = put_nvlist(zc, config); 1695 nvlist_free(config); 1696 1697 /* 1698 * The config may be present even if 'error' is non-zero. 1699 * In this case we return success, and preserve the real errno 1700 * in 'zc_cookie'. 1701 */ 1702 zc->zc_cookie = error; 1703 } else { 1704 ret = error; 1705 } 1706 1707 return (ret); 1708} 1709 1710/* 1711 * Try to import the given pool, returning pool stats as appropriate so that 1712 * user land knows which devices are available and overall pool health. 1713 */ 1714static int 1715zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1716{ 1717 nvlist_t *tryconfig, *config; 1718 int error; 1719 1720 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1721 zc->zc_iflags, &tryconfig)) != 0) 1722 return (error); 1723 1724 config = spa_tryimport(tryconfig); 1725 1726 nvlist_free(tryconfig); 1727 1728 if (config == NULL) 1729 return (SET_ERROR(EINVAL)); 1730 1731 error = put_nvlist(zc, config); 1732 nvlist_free(config); 1733 1734 return (error); 1735} 1736 1737/* 1738 * inputs: 1739 * zc_name name of the pool 1740 * zc_cookie scan func (pool_scan_func_t) 1741 */ 1742static int 1743zfs_ioc_pool_scan(zfs_cmd_t *zc) 1744{ 1745 spa_t *spa; 1746 int error; 1747 1748 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1749 return (error); 1750 1751 if (zc->zc_cookie == POOL_SCAN_NONE) 1752 error = spa_scan_stop(spa); 1753 else 1754 error = spa_scan(spa, zc->zc_cookie); 1755 1756 spa_close(spa, FTAG); 1757 1758 return (error); 1759} 1760 1761static int 1762zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1763{ 1764 spa_t *spa; 1765 int error; 1766 1767 error = spa_open(zc->zc_name, &spa, FTAG); 1768 if (error == 0) { 1769 spa_freeze(spa); 1770 spa_close(spa, FTAG); 1771 } 1772 return (error); 1773} 1774 1775static int 1776zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1777{ 1778 spa_t *spa; 1779 int error; 1780 1781 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1782 return (error); 1783 1784 if (zc->zc_cookie < spa_version(spa) || 1785 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1786 spa_close(spa, FTAG); 1787 return (SET_ERROR(EINVAL)); 1788 } 1789 1790 spa_upgrade(spa, zc->zc_cookie); 1791 spa_close(spa, FTAG); 1792 1793 return (error); 1794} 1795 1796static int 1797zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1798{ 1799 spa_t *spa; 1800 char *hist_buf; 1801 uint64_t size; 1802 int error; 1803 1804 if ((size = zc->zc_history_len) == 0) 1805 return (SET_ERROR(EINVAL)); 1806 1807 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1808 return (error); 1809 1810 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1811 spa_close(spa, FTAG); 1812 return (SET_ERROR(ENOTSUP)); 1813 } 1814 1815 hist_buf = kmem_alloc(size, KM_SLEEP); 1816 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1817 &zc->zc_history_len, hist_buf)) == 0) { 1818 error = ddi_copyout(hist_buf, 1819 (void *)(uintptr_t)zc->zc_history, 1820 zc->zc_history_len, zc->zc_iflags); 1821 } 1822 1823 spa_close(spa, FTAG); 1824 kmem_free(hist_buf, size); 1825 return (error); 1826} 1827 1828static int 1829zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1830{ 1831 spa_t *spa; 1832 int error; 1833 1834 error = spa_open(zc->zc_name, &spa, FTAG); 1835 if (error == 0) { 1836 error = spa_change_guid(spa); 1837 spa_close(spa, FTAG); 1838 } 1839 return (error); 1840} 1841 1842static int 1843zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1844{ 1845 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1846} 1847 1848/* 1849 * inputs: 1850 * zc_name name of filesystem 1851 * zc_obj object to find 1852 * 1853 * outputs: 1854 * zc_value name of object 1855 */ 1856static int 1857zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1858{ 1859 objset_t *os; 1860 int error; 1861 1862 /* XXX reading from objset not owned */ 1863 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1864 return (error); 1865 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1866 dmu_objset_rele(os, FTAG); 1867 return (SET_ERROR(EINVAL)); 1868 } 1869 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1870 sizeof (zc->zc_value)); 1871 dmu_objset_rele(os, FTAG); 1872 1873 return (error); 1874} 1875 1876/* 1877 * inputs: 1878 * zc_name name of filesystem 1879 * zc_obj object to find 1880 * 1881 * outputs: 1882 * zc_stat stats on object 1883 * zc_value path to object 1884 */ 1885static int 1886zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1887{ 1888 objset_t *os; 1889 int error; 1890 1891 /* XXX reading from objset not owned */ 1892 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1893 return (error); 1894 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1895 dmu_objset_rele(os, FTAG); 1896 return (SET_ERROR(EINVAL)); 1897 } 1898 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1899 sizeof (zc->zc_value)); 1900 dmu_objset_rele(os, FTAG); 1901 1902 return (error); 1903} 1904 1905static int 1906zfs_ioc_vdev_add(zfs_cmd_t *zc) 1907{ 1908 spa_t *spa; 1909 int error; 1910 nvlist_t *config, **l2cache, **spares; 1911 uint_t nl2cache = 0, nspares = 0; 1912 1913 error = spa_open(zc->zc_name, &spa, FTAG); 1914 if (error != 0) 1915 return (error); 1916 1917 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1918 zc->zc_iflags, &config); 1919 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1920 &l2cache, &nl2cache); 1921 1922 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1923 &spares, &nspares); 1924 1925#ifdef illumos 1926 /* 1927 * A root pool with concatenated devices is not supported. 1928 * Thus, can not add a device to a root pool. 1929 * 1930 * Intent log device can not be added to a rootpool because 1931 * during mountroot, zil is replayed, a seperated log device 1932 * can not be accessed during the mountroot time. 1933 * 1934 * l2cache and spare devices are ok to be added to a rootpool. 1935 */ 1936 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1937 nvlist_free(config); 1938 spa_close(spa, FTAG); 1939 return (SET_ERROR(EDOM)); 1940 } 1941#endif /* illumos */ 1942 1943 if (error == 0) { 1944 error = spa_vdev_add(spa, config); 1945 nvlist_free(config); 1946 } 1947 spa_close(spa, FTAG); 1948 return (error); 1949} 1950 1951/* 1952 * inputs: 1953 * zc_name name of the pool 1954 * zc_nvlist_conf nvlist of devices to remove 1955 * zc_cookie to stop the remove? 1956 */ 1957static int 1958zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1959{ 1960 spa_t *spa; 1961 int error; 1962 1963 error = spa_open(zc->zc_name, &spa, FTAG); 1964 if (error != 0) 1965 return (error); 1966 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1967 spa_close(spa, FTAG); 1968 return (error); 1969} 1970 1971static int 1972zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1973{ 1974 spa_t *spa; 1975 int error; 1976 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1977 1978 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1979 return (error); 1980 switch (zc->zc_cookie) { 1981 case VDEV_STATE_ONLINE: 1982 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1983 break; 1984 1985 case VDEV_STATE_OFFLINE: 1986 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1987 break; 1988 1989 case VDEV_STATE_FAULTED: 1990 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1991 zc->zc_obj != VDEV_AUX_EXTERNAL) 1992 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1993 1994 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1995 break; 1996 1997 case VDEV_STATE_DEGRADED: 1998 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1999 zc->zc_obj != VDEV_AUX_EXTERNAL) 2000 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 2001 2002 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 2003 break; 2004 2005 default: 2006 error = SET_ERROR(EINVAL); 2007 } 2008 zc->zc_cookie = newstate; 2009 spa_close(spa, FTAG); 2010 return (error); 2011} 2012 2013static int 2014zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2015{ 2016 spa_t *spa; 2017 int replacing = zc->zc_cookie; 2018 nvlist_t *config; 2019 int error; 2020 2021 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2022 return (error); 2023 2024 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2025 zc->zc_iflags, &config)) == 0) { 2026 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2027 nvlist_free(config); 2028 } 2029 2030 spa_close(spa, FTAG); 2031 return (error); 2032} 2033 2034static int 2035zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2036{ 2037 spa_t *spa; 2038 int error; 2039 2040 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2041 return (error); 2042 2043 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2044 2045 spa_close(spa, FTAG); 2046 return (error); 2047} 2048 2049static int 2050zfs_ioc_vdev_split(zfs_cmd_t *zc) 2051{ 2052 spa_t *spa; 2053 nvlist_t *config, *props = NULL; 2054 int error; 2055 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2056 2057 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2058 return (error); 2059 2060 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2061 zc->zc_iflags, &config)) { 2062 spa_close(spa, FTAG); 2063 return (error); 2064 } 2065 2066 if (zc->zc_nvlist_src_size != 0 && (error = 2067 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2068 zc->zc_iflags, &props))) { 2069 spa_close(spa, FTAG); 2070 nvlist_free(config); 2071 return (error); 2072 } 2073 2074 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2075 2076 spa_close(spa, FTAG); 2077 2078 nvlist_free(config); 2079 nvlist_free(props); 2080 2081 return (error); 2082} 2083 2084static int 2085zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2086{ 2087 spa_t *spa; 2088 char *path = zc->zc_value; 2089 uint64_t guid = zc->zc_guid; 2090 int error; 2091 2092 error = spa_open(zc->zc_name, &spa, FTAG); 2093 if (error != 0) 2094 return (error); 2095 2096 error = spa_vdev_setpath(spa, guid, path); 2097 spa_close(spa, FTAG); 2098 return (error); 2099} 2100 2101static int 2102zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2103{ 2104 spa_t *spa; 2105 char *fru = zc->zc_value; 2106 uint64_t guid = zc->zc_guid; 2107 int error; 2108 2109 error = spa_open(zc->zc_name, &spa, FTAG); 2110 if (error != 0) 2111 return (error); 2112 2113 error = spa_vdev_setfru(spa, guid, fru); 2114 spa_close(spa, FTAG); 2115 return (error); 2116} 2117 2118static int 2119zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2120{ 2121 int error = 0; 2122 nvlist_t *nv; 2123 2124 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2125 2126 if (zc->zc_nvlist_dst != 0 && 2127 (error = dsl_prop_get_all(os, &nv)) == 0) { 2128 dmu_objset_stats(os, nv); 2129 /* 2130 * NB: zvol_get_stats() will read the objset contents, 2131 * which we aren't supposed to do with a 2132 * DS_MODE_USER hold, because it could be 2133 * inconsistent. So this is a bit of a workaround... 2134 * XXX reading with out owning 2135 */ 2136 if (!zc->zc_objset_stats.dds_inconsistent && 2137 dmu_objset_type(os) == DMU_OST_ZVOL) { 2138 error = zvol_get_stats(os, nv); 2139 if (error == EIO) 2140 return (error); 2141 VERIFY0(error); 2142 } 2143 error = put_nvlist(zc, nv); 2144 nvlist_free(nv); 2145 } 2146 2147 return (error); 2148} 2149 2150/* 2151 * inputs: 2152 * zc_name name of filesystem 2153 * zc_nvlist_dst_size size of buffer for property nvlist 2154 * 2155 * outputs: 2156 * zc_objset_stats stats 2157 * zc_nvlist_dst property nvlist 2158 * zc_nvlist_dst_size size of property nvlist 2159 */ 2160static int 2161zfs_ioc_objset_stats(zfs_cmd_t *zc) 2162{ 2163 objset_t *os; 2164 int error; 2165 2166 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2167 if (error == 0) { 2168 error = zfs_ioc_objset_stats_impl(zc, os); 2169 dmu_objset_rele(os, FTAG); 2170 } 2171 2172 if (error == ENOMEM) 2173 error = 0; 2174 return (error); 2175} 2176 2177/* 2178 * inputs: 2179 * zc_name name of filesystem 2180 * zc_nvlist_dst_size size of buffer for property nvlist 2181 * 2182 * outputs: 2183 * zc_nvlist_dst received property nvlist 2184 * zc_nvlist_dst_size size of received property nvlist 2185 * 2186 * Gets received properties (distinct from local properties on or after 2187 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2188 * local property values. 2189 */ 2190static int 2191zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2192{ 2193 int error = 0; 2194 nvlist_t *nv; 2195 2196 /* 2197 * Without this check, we would return local property values if the 2198 * caller has not already received properties on or after 2199 * SPA_VERSION_RECVD_PROPS. 2200 */ 2201 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2202 return (SET_ERROR(ENOTSUP)); 2203 2204 if (zc->zc_nvlist_dst != 0 && 2205 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2206 error = put_nvlist(zc, nv); 2207 nvlist_free(nv); 2208 } 2209 2210 return (error); 2211} 2212 2213static int 2214nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2215{ 2216 uint64_t value; 2217 int error; 2218 2219 /* 2220 * zfs_get_zplprop() will either find a value or give us 2221 * the default value (if there is one). 2222 */ 2223 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2224 return (error); 2225 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2226 return (0); 2227} 2228 2229/* 2230 * inputs: 2231 * zc_name name of filesystem 2232 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2233 * 2234 * outputs: 2235 * zc_nvlist_dst zpl property nvlist 2236 * zc_nvlist_dst_size size of zpl property nvlist 2237 */ 2238static int 2239zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2240{ 2241 objset_t *os; 2242 int err; 2243 2244 /* XXX reading without owning */ 2245 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2246 return (err); 2247 2248 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2249 2250 /* 2251 * NB: nvl_add_zplprop() will read the objset contents, 2252 * which we aren't supposed to do with a DS_MODE_USER 2253 * hold, because it could be inconsistent. 2254 */ 2255 if (zc->zc_nvlist_dst != 0 && 2256 !zc->zc_objset_stats.dds_inconsistent && 2257 dmu_objset_type(os) == DMU_OST_ZFS) { 2258 nvlist_t *nv; 2259 2260 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2261 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2262 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2263 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2264 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2265 err = put_nvlist(zc, nv); 2266 nvlist_free(nv); 2267 } else { 2268 err = SET_ERROR(ENOENT); 2269 } 2270 dmu_objset_rele(os, FTAG); 2271 return (err); 2272} 2273 2274boolean_t 2275dataset_name_hidden(const char *name) 2276{ 2277 /* 2278 * Skip over datasets that are not visible in this zone, 2279 * internal datasets (which have a $ in their name), and 2280 * temporary datasets (which have a % in their name). 2281 */ 2282 if (strchr(name, '$') != NULL) 2283 return (B_TRUE); 2284 if (strchr(name, '%') != NULL) 2285 return (B_TRUE); 2286 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL)) 2287 return (B_TRUE); 2288 return (B_FALSE); 2289} 2290 2291/* 2292 * inputs: 2293 * zc_name name of filesystem 2294 * zc_cookie zap cursor 2295 * zc_nvlist_dst_size size of buffer for property nvlist 2296 * 2297 * outputs: 2298 * zc_name name of next filesystem 2299 * zc_cookie zap cursor 2300 * zc_objset_stats stats 2301 * zc_nvlist_dst property nvlist 2302 * zc_nvlist_dst_size size of property nvlist 2303 */ 2304static int 2305zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2306{ 2307 objset_t *os; 2308 int error; 2309 char *p; 2310 size_t orig_len = strlen(zc->zc_name); 2311 2312top: 2313 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2314 if (error == ENOENT) 2315 error = SET_ERROR(ESRCH); 2316 return (error); 2317 } 2318 2319 p = strrchr(zc->zc_name, '/'); 2320 if (p == NULL || p[1] != '\0') 2321 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2322 p = zc->zc_name + strlen(zc->zc_name); 2323 2324 do { 2325 error = dmu_dir_list_next(os, 2326 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2327 NULL, &zc->zc_cookie); 2328 if (error == ENOENT) 2329 error = SET_ERROR(ESRCH); 2330 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2331 dmu_objset_rele(os, FTAG); 2332 2333 /* 2334 * If it's an internal dataset (ie. with a '$' in its name), 2335 * don't try to get stats for it, otherwise we'll return ENOENT. 2336 */ 2337 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2338 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2339 if (error == ENOENT) { 2340 /* We lost a race with destroy, get the next one. */ 2341 zc->zc_name[orig_len] = '\0'; 2342 goto top; 2343 } 2344 } 2345 return (error); 2346} 2347 2348/* 2349 * inputs: 2350 * zc_name name of filesystem 2351 * zc_cookie zap cursor 2352 * zc_nvlist_dst_size size of buffer for property nvlist 2353 * zc_simple when set, only name is requested 2354 * 2355 * outputs: 2356 * zc_name name of next snapshot 2357 * zc_objset_stats stats 2358 * zc_nvlist_dst property nvlist 2359 * zc_nvlist_dst_size size of property nvlist 2360 */ 2361static int 2362zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2363{ 2364 objset_t *os; 2365 int error; 2366 2367 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2368 if (error != 0) { 2369 return (error == ENOENT ? ESRCH : error); 2370 } 2371 2372 /* 2373 * A dataset name of maximum length cannot have any snapshots, 2374 * so exit immediately. 2375 */ 2376 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2377 ZFS_MAX_DATASET_NAME_LEN) { 2378 dmu_objset_rele(os, FTAG); 2379 return (SET_ERROR(ESRCH)); 2380 } 2381 2382 error = dmu_snapshot_list_next(os, 2383 sizeof (zc->zc_name) - strlen(zc->zc_name), 2384 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2385 NULL); 2386 2387 if (error == 0 && !zc->zc_simple) { 2388 dsl_dataset_t *ds; 2389 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2390 2391 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2392 if (error == 0) { 2393 objset_t *ossnap; 2394 2395 error = dmu_objset_from_ds(ds, &ossnap); 2396 if (error == 0) 2397 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2398 dsl_dataset_rele(ds, FTAG); 2399 } 2400 } else if (error == ENOENT) { 2401 error = SET_ERROR(ESRCH); 2402 } 2403 2404 dmu_objset_rele(os, FTAG); 2405 /* if we failed, undo the @ that we tacked on to zc_name */ 2406 if (error != 0) 2407 *strchr(zc->zc_name, '@') = '\0'; 2408 return (error); 2409} 2410 2411static int 2412zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2413{ 2414 const char *propname = nvpair_name(pair); 2415 uint64_t *valary; 2416 unsigned int vallen; 2417 const char *domain; 2418 char *dash; 2419 zfs_userquota_prop_t type; 2420 uint64_t rid; 2421 uint64_t quota; 2422 zfsvfs_t *zfsvfs; 2423 int err; 2424 2425 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2426 nvlist_t *attrs; 2427 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2428 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2429 &pair) != 0) 2430 return (SET_ERROR(EINVAL)); 2431 } 2432 2433 /* 2434 * A correctly constructed propname is encoded as 2435 * userquota@<rid>-<domain>. 2436 */ 2437 if ((dash = strchr(propname, '-')) == NULL || 2438 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2439 vallen != 3) 2440 return (SET_ERROR(EINVAL)); 2441 2442 domain = dash + 1; 2443 type = valary[0]; 2444 rid = valary[1]; 2445 quota = valary[2]; 2446 2447 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2448 if (err == 0) { 2449 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2450 zfsvfs_rele(zfsvfs, FTAG); 2451 } 2452 2453 return (err); 2454} 2455 2456/* 2457 * If the named property is one that has a special function to set its value, 2458 * return 0 on success and a positive error code on failure; otherwise if it is 2459 * not one of the special properties handled by this function, return -1. 2460 * 2461 * XXX: It would be better for callers of the property interface if we handled 2462 * these special cases in dsl_prop.c (in the dsl layer). 2463 */ 2464static int 2465zfs_prop_set_special(const char *dsname, zprop_source_t source, 2466 nvpair_t *pair) 2467{ 2468 const char *propname = nvpair_name(pair); 2469 zfs_prop_t prop = zfs_name_to_prop(propname); 2470 uint64_t intval; 2471 int err = -1; 2472 2473 if (prop == ZPROP_INVAL) { 2474 if (zfs_prop_userquota(propname)) 2475 return (zfs_prop_set_userquota(dsname, pair)); 2476 return (-1); 2477 } 2478 2479 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2480 nvlist_t *attrs; 2481 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2482 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2483 &pair) == 0); 2484 } 2485 2486 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2487 return (-1); 2488 2489 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2490 2491 switch (prop) { 2492 case ZFS_PROP_QUOTA: 2493 err = dsl_dir_set_quota(dsname, source, intval); 2494 break; 2495 case ZFS_PROP_REFQUOTA: 2496 err = dsl_dataset_set_refquota(dsname, source, intval); 2497 break; 2498 case ZFS_PROP_FILESYSTEM_LIMIT: 2499 case ZFS_PROP_SNAPSHOT_LIMIT: 2500 if (intval == UINT64_MAX) { 2501 /* clearing the limit, just do it */ 2502 err = 0; 2503 } else { 2504 err = dsl_dir_activate_fs_ss_limit(dsname); 2505 } 2506 /* 2507 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2508 * default path to set the value in the nvlist. 2509 */ 2510 if (err == 0) 2511 err = -1; 2512 break; 2513 case ZFS_PROP_RESERVATION: 2514 err = dsl_dir_set_reservation(dsname, source, intval); 2515 break; 2516 case ZFS_PROP_REFRESERVATION: 2517 err = dsl_dataset_set_refreservation(dsname, source, intval); 2518 break; 2519 case ZFS_PROP_VOLSIZE: 2520 err = zvol_set_volsize(dsname, intval); 2521 break; 2522 case ZFS_PROP_VERSION: 2523 { 2524 zfsvfs_t *zfsvfs; 2525 2526 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2527 break; 2528 2529 err = zfs_set_version(zfsvfs, intval); 2530 zfsvfs_rele(zfsvfs, FTAG); 2531 2532 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2533 zfs_cmd_t *zc; 2534 2535 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2536 (void) strcpy(zc->zc_name, dsname); 2537 (void) zfs_ioc_userspace_upgrade(zc); 2538 kmem_free(zc, sizeof (zfs_cmd_t)); 2539 } 2540 break; 2541 } 2542 default: 2543 err = -1; 2544 } 2545 2546 return (err); 2547} 2548 2549/* 2550 * This function is best effort. If it fails to set any of the given properties, 2551 * it continues to set as many as it can and returns the last error 2552 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2553 * with the list of names of all the properties that failed along with the 2554 * corresponding error numbers. 2555 * 2556 * If every property is set successfully, zero is returned and errlist is not 2557 * modified. 2558 */ 2559int 2560zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2561 nvlist_t *errlist) 2562{ 2563 nvpair_t *pair; 2564 nvpair_t *propval; 2565 int rv = 0; 2566 uint64_t intval; 2567 char *strval; 2568 nvlist_t *genericnvl = fnvlist_alloc(); 2569 nvlist_t *retrynvl = fnvlist_alloc(); 2570 2571retry: 2572 pair = NULL; 2573 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2574 const char *propname = nvpair_name(pair); 2575 zfs_prop_t prop = zfs_name_to_prop(propname); 2576 int err = 0; 2577 2578 /* decode the property value */ 2579 propval = pair; 2580 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2581 nvlist_t *attrs; 2582 attrs = fnvpair_value_nvlist(pair); 2583 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2584 &propval) != 0) 2585 err = SET_ERROR(EINVAL); 2586 } 2587 2588 /* Validate value type */ 2589 if (err == 0 && prop == ZPROP_INVAL) { 2590 if (zfs_prop_user(propname)) { 2591 if (nvpair_type(propval) != DATA_TYPE_STRING) 2592 err = SET_ERROR(EINVAL); 2593 } else if (zfs_prop_userquota(propname)) { 2594 if (nvpair_type(propval) != 2595 DATA_TYPE_UINT64_ARRAY) 2596 err = SET_ERROR(EINVAL); 2597 } else { 2598 err = SET_ERROR(EINVAL); 2599 } 2600 } else if (err == 0) { 2601 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2602 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2603 err = SET_ERROR(EINVAL); 2604 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2605 const char *unused; 2606 2607 intval = fnvpair_value_uint64(propval); 2608 2609 switch (zfs_prop_get_type(prop)) { 2610 case PROP_TYPE_NUMBER: 2611 break; 2612 case PROP_TYPE_STRING: 2613 err = SET_ERROR(EINVAL); 2614 break; 2615 case PROP_TYPE_INDEX: 2616 if (zfs_prop_index_to_string(prop, 2617 intval, &unused) != 0) 2618 err = SET_ERROR(EINVAL); 2619 break; 2620 default: 2621 cmn_err(CE_PANIC, 2622 "unknown property type"); 2623 } 2624 } else { 2625 err = SET_ERROR(EINVAL); 2626 } 2627 } 2628 2629 /* Validate permissions */ 2630 if (err == 0) 2631 err = zfs_check_settable(dsname, pair, CRED()); 2632 2633 if (err == 0) { 2634 err = zfs_prop_set_special(dsname, source, pair); 2635 if (err == -1) { 2636 /* 2637 * For better performance we build up a list of 2638 * properties to set in a single transaction. 2639 */ 2640 err = nvlist_add_nvpair(genericnvl, pair); 2641 } else if (err != 0 && nvl != retrynvl) { 2642 /* 2643 * This may be a spurious error caused by 2644 * receiving quota and reservation out of order. 2645 * Try again in a second pass. 2646 */ 2647 err = nvlist_add_nvpair(retrynvl, pair); 2648 } 2649 } 2650 2651 if (err != 0) { 2652 if (errlist != NULL) 2653 fnvlist_add_int32(errlist, propname, err); 2654 rv = err; 2655 } 2656 } 2657 2658 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2659 nvl = retrynvl; 2660 goto retry; 2661 } 2662 2663 if (!nvlist_empty(genericnvl) && 2664 dsl_props_set(dsname, source, genericnvl) != 0) { 2665 /* 2666 * If this fails, we still want to set as many properties as we 2667 * can, so try setting them individually. 2668 */ 2669 pair = NULL; 2670 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2671 const char *propname = nvpair_name(pair); 2672 int err = 0; 2673 2674 propval = pair; 2675 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2676 nvlist_t *attrs; 2677 attrs = fnvpair_value_nvlist(pair); 2678 propval = fnvlist_lookup_nvpair(attrs, 2679 ZPROP_VALUE); 2680 } 2681 2682 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2683 strval = fnvpair_value_string(propval); 2684 err = dsl_prop_set_string(dsname, propname, 2685 source, strval); 2686 } else { 2687 intval = fnvpair_value_uint64(propval); 2688 err = dsl_prop_set_int(dsname, propname, source, 2689 intval); 2690 } 2691 2692 if (err != 0) { 2693 if (errlist != NULL) { 2694 fnvlist_add_int32(errlist, propname, 2695 err); 2696 } 2697 rv = err; 2698 } 2699 } 2700 } 2701 nvlist_free(genericnvl); 2702 nvlist_free(retrynvl); 2703 2704 return (rv); 2705} 2706 2707/* 2708 * Check that all the properties are valid user properties. 2709 */ 2710static int 2711zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2712{ 2713 nvpair_t *pair = NULL; 2714 int error = 0; 2715 2716 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2717 const char *propname = nvpair_name(pair); 2718 2719 if (!zfs_prop_user(propname) || 2720 nvpair_type(pair) != DATA_TYPE_STRING) 2721 return (SET_ERROR(EINVAL)); 2722 2723 if (error = zfs_secpolicy_write_perms(fsname, 2724 ZFS_DELEG_PERM_USERPROP, CRED())) 2725 return (error); 2726 2727 if (strlen(propname) >= ZAP_MAXNAMELEN) 2728 return (SET_ERROR(ENAMETOOLONG)); 2729 2730 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2731 return (E2BIG); 2732 } 2733 return (0); 2734} 2735 2736static void 2737props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2738{ 2739 nvpair_t *pair; 2740 2741 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2742 2743 pair = NULL; 2744 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2745 if (nvlist_exists(skipped, nvpair_name(pair))) 2746 continue; 2747 2748 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2749 } 2750} 2751 2752static int 2753clear_received_props(const char *dsname, nvlist_t *props, 2754 nvlist_t *skipped) 2755{ 2756 int err = 0; 2757 nvlist_t *cleared_props = NULL; 2758 props_skip(props, skipped, &cleared_props); 2759 if (!nvlist_empty(cleared_props)) { 2760 /* 2761 * Acts on local properties until the dataset has received 2762 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2763 */ 2764 zprop_source_t flags = (ZPROP_SRC_NONE | 2765 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2766 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2767 } 2768 nvlist_free(cleared_props); 2769 return (err); 2770} 2771 2772/* 2773 * inputs: 2774 * zc_name name of filesystem 2775 * zc_value name of property to set 2776 * zc_nvlist_src{_size} nvlist of properties to apply 2777 * zc_cookie received properties flag 2778 * 2779 * outputs: 2780 * zc_nvlist_dst{_size} error for each unapplied received property 2781 */ 2782static int 2783zfs_ioc_set_prop(zfs_cmd_t *zc) 2784{ 2785 nvlist_t *nvl; 2786 boolean_t received = zc->zc_cookie; 2787 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2788 ZPROP_SRC_LOCAL); 2789 nvlist_t *errors; 2790 int error; 2791 2792 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2793 zc->zc_iflags, &nvl)) != 0) 2794 return (error); 2795 2796 if (received) { 2797 nvlist_t *origprops; 2798 2799 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2800 (void) clear_received_props(zc->zc_name, 2801 origprops, nvl); 2802 nvlist_free(origprops); 2803 } 2804 2805 error = dsl_prop_set_hasrecvd(zc->zc_name); 2806 } 2807 2808 errors = fnvlist_alloc(); 2809 if (error == 0) 2810 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2811 2812 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2813 (void) put_nvlist(zc, errors); 2814 } 2815 2816 nvlist_free(errors); 2817 nvlist_free(nvl); 2818 return (error); 2819} 2820 2821/* 2822 * inputs: 2823 * zc_name name of filesystem 2824 * zc_value name of property to inherit 2825 * zc_cookie revert to received value if TRUE 2826 * 2827 * outputs: none 2828 */ 2829static int 2830zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2831{ 2832 const char *propname = zc->zc_value; 2833 zfs_prop_t prop = zfs_name_to_prop(propname); 2834 boolean_t received = zc->zc_cookie; 2835 zprop_source_t source = (received 2836 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2837 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2838 2839 if (received) { 2840 nvlist_t *dummy; 2841 nvpair_t *pair; 2842 zprop_type_t type; 2843 int err; 2844 2845 /* 2846 * zfs_prop_set_special() expects properties in the form of an 2847 * nvpair with type info. 2848 */ 2849 if (prop == ZPROP_INVAL) { 2850 if (!zfs_prop_user(propname)) 2851 return (SET_ERROR(EINVAL)); 2852 2853 type = PROP_TYPE_STRING; 2854 } else if (prop == ZFS_PROP_VOLSIZE || 2855 prop == ZFS_PROP_VERSION) { 2856 return (SET_ERROR(EINVAL)); 2857 } else { 2858 type = zfs_prop_get_type(prop); 2859 } 2860 2861 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2862 2863 switch (type) { 2864 case PROP_TYPE_STRING: 2865 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2866 break; 2867 case PROP_TYPE_NUMBER: 2868 case PROP_TYPE_INDEX: 2869 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2870 break; 2871 default: 2872 nvlist_free(dummy); 2873 return (SET_ERROR(EINVAL)); 2874 } 2875 2876 pair = nvlist_next_nvpair(dummy, NULL); 2877 err = zfs_prop_set_special(zc->zc_name, source, pair); 2878 nvlist_free(dummy); 2879 if (err != -1) 2880 return (err); /* special property already handled */ 2881 } else { 2882 /* 2883 * Only check this in the non-received case. We want to allow 2884 * 'inherit -S' to revert non-inheritable properties like quota 2885 * and reservation to the received or default values even though 2886 * they are not considered inheritable. 2887 */ 2888 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2889 return (SET_ERROR(EINVAL)); 2890 } 2891 2892 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2893 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2894} 2895 2896static int 2897zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2898{ 2899 nvlist_t *props; 2900 spa_t *spa; 2901 int error; 2902 nvpair_t *pair; 2903 2904 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2905 zc->zc_iflags, &props)) 2906 return (error); 2907 2908 /* 2909 * If the only property is the configfile, then just do a spa_lookup() 2910 * to handle the faulted case. 2911 */ 2912 pair = nvlist_next_nvpair(props, NULL); 2913 if (pair != NULL && strcmp(nvpair_name(pair), 2914 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2915 nvlist_next_nvpair(props, pair) == NULL) { 2916 mutex_enter(&spa_namespace_lock); 2917 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2918 spa_configfile_set(spa, props, B_FALSE); 2919 spa_config_sync(spa, B_FALSE, B_TRUE); 2920 } 2921 mutex_exit(&spa_namespace_lock); 2922 if (spa != NULL) { 2923 nvlist_free(props); 2924 return (0); 2925 } 2926 } 2927 2928 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2929 nvlist_free(props); 2930 return (error); 2931 } 2932 2933 error = spa_prop_set(spa, props); 2934 2935 nvlist_free(props); 2936 spa_close(spa, FTAG); 2937 2938 return (error); 2939} 2940 2941static int 2942zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2943{ 2944 spa_t *spa; 2945 int error; 2946 nvlist_t *nvp = NULL; 2947 2948 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2949 /* 2950 * If the pool is faulted, there may be properties we can still 2951 * get (such as altroot and cachefile), so attempt to get them 2952 * anyway. 2953 */ 2954 mutex_enter(&spa_namespace_lock); 2955 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2956 error = spa_prop_get(spa, &nvp); 2957 mutex_exit(&spa_namespace_lock); 2958 } else { 2959 error = spa_prop_get(spa, &nvp); 2960 spa_close(spa, FTAG); 2961 } 2962 2963 if (error == 0 && zc->zc_nvlist_dst != 0) 2964 error = put_nvlist(zc, nvp); 2965 else 2966 error = SET_ERROR(EFAULT); 2967 2968 nvlist_free(nvp); 2969 return (error); 2970} 2971 2972/* 2973 * inputs: 2974 * zc_name name of filesystem 2975 * zc_nvlist_src{_size} nvlist of delegated permissions 2976 * zc_perm_action allow/unallow flag 2977 * 2978 * outputs: none 2979 */ 2980static int 2981zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2982{ 2983 int error; 2984 nvlist_t *fsaclnv = NULL; 2985 2986 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2987 zc->zc_iflags, &fsaclnv)) != 0) 2988 return (error); 2989 2990 /* 2991 * Verify nvlist is constructed correctly 2992 */ 2993 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2994 nvlist_free(fsaclnv); 2995 return (SET_ERROR(EINVAL)); 2996 } 2997 2998 /* 2999 * If we don't have PRIV_SYS_MOUNT, then validate 3000 * that user is allowed to hand out each permission in 3001 * the nvlist(s) 3002 */ 3003 3004 error = secpolicy_zfs(CRED()); 3005 if (error != 0) { 3006 if (zc->zc_perm_action == B_FALSE) { 3007 error = dsl_deleg_can_allow(zc->zc_name, 3008 fsaclnv, CRED()); 3009 } else { 3010 error = dsl_deleg_can_unallow(zc->zc_name, 3011 fsaclnv, CRED()); 3012 } 3013 } 3014 3015 if (error == 0) 3016 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3017 3018 nvlist_free(fsaclnv); 3019 return (error); 3020} 3021 3022/* 3023 * inputs: 3024 * zc_name name of filesystem 3025 * 3026 * outputs: 3027 * zc_nvlist_src{_size} nvlist of delegated permissions 3028 */ 3029static int 3030zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3031{ 3032 nvlist_t *nvp; 3033 int error; 3034 3035 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3036 error = put_nvlist(zc, nvp); 3037 nvlist_free(nvp); 3038 } 3039 3040 return (error); 3041} 3042 3043/* 3044 * Search the vfs list for a specified resource. Returns a pointer to it 3045 * or NULL if no suitable entry is found. The caller of this routine 3046 * is responsible for releasing the returned vfs pointer. 3047 */ 3048static vfs_t * 3049zfs_get_vfs(const char *resource) 3050{ 3051 vfs_t *vfsp; 3052 3053 mtx_lock(&mountlist_mtx); 3054 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) { 3055 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3056 vfs_ref(vfsp); 3057 break; 3058 } 3059 } 3060 mtx_unlock(&mountlist_mtx); 3061 return (vfsp); 3062} 3063 3064/* ARGSUSED */ 3065static void 3066zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3067{ 3068 zfs_creat_t *zct = arg; 3069 3070 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3071} 3072 3073#define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3074 3075/* 3076 * inputs: 3077 * os parent objset pointer (NULL if root fs) 3078 * fuids_ok fuids allowed in this version of the spa? 3079 * sa_ok SAs allowed in this version of the spa? 3080 * createprops list of properties requested by creator 3081 * 3082 * outputs: 3083 * zplprops values for the zplprops we attach to the master node object 3084 * is_ci true if requested file system will be purely case-insensitive 3085 * 3086 * Determine the settings for utf8only, normalization and 3087 * casesensitivity. Specific values may have been requested by the 3088 * creator and/or we can inherit values from the parent dataset. If 3089 * the file system is of too early a vintage, a creator can not 3090 * request settings for these properties, even if the requested 3091 * setting is the default value. We don't actually want to create dsl 3092 * properties for these, so remove them from the source nvlist after 3093 * processing. 3094 */ 3095static int 3096zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3097 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3098 nvlist_t *zplprops, boolean_t *is_ci) 3099{ 3100 uint64_t sense = ZFS_PROP_UNDEFINED; 3101 uint64_t norm = ZFS_PROP_UNDEFINED; 3102 uint64_t u8 = ZFS_PROP_UNDEFINED; 3103 3104 ASSERT(zplprops != NULL); 3105 3106 /* 3107 * Pull out creator prop choices, if any. 3108 */ 3109 if (createprops) { 3110 (void) nvlist_lookup_uint64(createprops, 3111 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3112 (void) nvlist_lookup_uint64(createprops, 3113 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3114 (void) nvlist_remove_all(createprops, 3115 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3116 (void) nvlist_lookup_uint64(createprops, 3117 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3118 (void) nvlist_remove_all(createprops, 3119 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3120 (void) nvlist_lookup_uint64(createprops, 3121 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3122 (void) nvlist_remove_all(createprops, 3123 zfs_prop_to_name(ZFS_PROP_CASE)); 3124 } 3125 3126 /* 3127 * If the zpl version requested is whacky or the file system 3128 * or pool is version is too "young" to support normalization 3129 * and the creator tried to set a value for one of the props, 3130 * error out. 3131 */ 3132 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3133 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3134 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3135 (zplver < ZPL_VERSION_NORMALIZATION && 3136 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3137 sense != ZFS_PROP_UNDEFINED))) 3138 return (SET_ERROR(ENOTSUP)); 3139 3140 /* 3141 * Put the version in the zplprops 3142 */ 3143 VERIFY(nvlist_add_uint64(zplprops, 3144 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3145 3146 if (norm == ZFS_PROP_UNDEFINED) 3147 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3148 VERIFY(nvlist_add_uint64(zplprops, 3149 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3150 3151 /* 3152 * If we're normalizing, names must always be valid UTF-8 strings. 3153 */ 3154 if (norm) 3155 u8 = 1; 3156 if (u8 == ZFS_PROP_UNDEFINED) 3157 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3158 VERIFY(nvlist_add_uint64(zplprops, 3159 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3160 3161 if (sense == ZFS_PROP_UNDEFINED) 3162 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3163 VERIFY(nvlist_add_uint64(zplprops, 3164 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3165 3166 if (is_ci) 3167 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3168 3169 return (0); 3170} 3171 3172static int 3173zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3174 nvlist_t *zplprops, boolean_t *is_ci) 3175{ 3176 boolean_t fuids_ok, sa_ok; 3177 uint64_t zplver = ZPL_VERSION; 3178 objset_t *os = NULL; 3179 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3180 char *cp; 3181 spa_t *spa; 3182 uint64_t spa_vers; 3183 int error; 3184 3185 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3186 cp = strrchr(parentname, '/'); 3187 ASSERT(cp != NULL); 3188 cp[0] = '\0'; 3189 3190 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3191 return (error); 3192 3193 spa_vers = spa_version(spa); 3194 spa_close(spa, FTAG); 3195 3196 zplver = zfs_zpl_version_map(spa_vers); 3197 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3198 sa_ok = (zplver >= ZPL_VERSION_SA); 3199 3200 /* 3201 * Open parent object set so we can inherit zplprop values. 3202 */ 3203 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3204 return (error); 3205 3206 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3207 zplprops, is_ci); 3208 dmu_objset_rele(os, FTAG); 3209 return (error); 3210} 3211 3212static int 3213zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3214 nvlist_t *zplprops, boolean_t *is_ci) 3215{ 3216 boolean_t fuids_ok; 3217 boolean_t sa_ok; 3218 uint64_t zplver = ZPL_VERSION; 3219 int error; 3220 3221 zplver = zfs_zpl_version_map(spa_vers); 3222 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3223 sa_ok = (zplver >= ZPL_VERSION_SA); 3224 3225 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3226 createprops, zplprops, is_ci); 3227 return (error); 3228} 3229 3230/* 3231 * innvl: { 3232 * "type" -> dmu_objset_type_t (int32) 3233 * (optional) "props" -> { prop -> value } 3234 * } 3235 * 3236 * outnvl: propname -> error code (int32) 3237 */ 3238static int 3239zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3240{ 3241 int error = 0; 3242 zfs_creat_t zct = { 0 }; 3243 nvlist_t *nvprops = NULL; 3244 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3245 int32_t type32; 3246 dmu_objset_type_t type; 3247 boolean_t is_insensitive = B_FALSE; 3248 3249 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3250 return (SET_ERROR(EINVAL)); 3251 type = type32; 3252 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3253 3254 switch (type) { 3255 case DMU_OST_ZFS: 3256 cbfunc = zfs_create_cb; 3257 break; 3258 3259 case DMU_OST_ZVOL: 3260 cbfunc = zvol_create_cb; 3261 break; 3262 3263 default: 3264 cbfunc = NULL; 3265 break; 3266 } 3267 if (strchr(fsname, '@') || 3268 strchr(fsname, '%')) 3269 return (SET_ERROR(EINVAL)); 3270 3271 zct.zct_props = nvprops; 3272 3273 if (cbfunc == NULL) 3274 return (SET_ERROR(EINVAL)); 3275 3276 if (type == DMU_OST_ZVOL) { 3277 uint64_t volsize, volblocksize; 3278 3279 if (nvprops == NULL) 3280 return (SET_ERROR(EINVAL)); 3281 if (nvlist_lookup_uint64(nvprops, 3282 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3283 return (SET_ERROR(EINVAL)); 3284 3285 if ((error = nvlist_lookup_uint64(nvprops, 3286 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3287 &volblocksize)) != 0 && error != ENOENT) 3288 return (SET_ERROR(EINVAL)); 3289 3290 if (error != 0) 3291 volblocksize = zfs_prop_default_numeric( 3292 ZFS_PROP_VOLBLOCKSIZE); 3293 3294 if ((error = zvol_check_volblocksize( 3295 volblocksize)) != 0 || 3296 (error = zvol_check_volsize(volsize, 3297 volblocksize)) != 0) 3298 return (error); 3299 } else if (type == DMU_OST_ZFS) { 3300 int error; 3301 3302 /* 3303 * We have to have normalization and 3304 * case-folding flags correct when we do the 3305 * file system creation, so go figure them out 3306 * now. 3307 */ 3308 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3309 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3310 error = zfs_fill_zplprops(fsname, nvprops, 3311 zct.zct_zplprops, &is_insensitive); 3312 if (error != 0) { 3313 nvlist_free(zct.zct_zplprops); 3314 return (error); 3315 } 3316 } 3317 3318 error = dmu_objset_create(fsname, type, 3319 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3320 nvlist_free(zct.zct_zplprops); 3321 3322 /* 3323 * It would be nice to do this atomically. 3324 */ 3325 if (error == 0) { 3326 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3327 nvprops, outnvl); 3328 if (error != 0) 3329 (void) dsl_destroy_head(fsname); 3330 } 3331#ifdef __FreeBSD__ 3332 if (error == 0 && type == DMU_OST_ZVOL) 3333 zvol_create_minors(fsname); 3334#endif 3335 return (error); 3336} 3337 3338/* 3339 * innvl: { 3340 * "origin" -> name of origin snapshot 3341 * (optional) "props" -> { prop -> value } 3342 * } 3343 * 3344 * outnvl: propname -> error code (int32) 3345 */ 3346static int 3347zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3348{ 3349 int error = 0; 3350 nvlist_t *nvprops = NULL; 3351 char *origin_name; 3352 3353 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3354 return (SET_ERROR(EINVAL)); 3355 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3356 3357 if (strchr(fsname, '@') || 3358 strchr(fsname, '%')) 3359 return (SET_ERROR(EINVAL)); 3360 3361 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3362 return (SET_ERROR(EINVAL)); 3363 error = dmu_objset_clone(fsname, origin_name); 3364 if (error != 0) 3365 return (error); 3366 3367 /* 3368 * It would be nice to do this atomically. 3369 */ 3370 if (error == 0) { 3371 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3372 nvprops, outnvl); 3373 if (error != 0) 3374 (void) dsl_destroy_head(fsname); 3375 } 3376#ifdef __FreeBSD__ 3377 if (error == 0) 3378 zvol_create_minors(fsname); 3379#endif 3380 return (error); 3381} 3382 3383/* 3384 * innvl: { 3385 * "snaps" -> { snapshot1, snapshot2 } 3386 * (optional) "props" -> { prop -> value (string) } 3387 * } 3388 * 3389 * outnvl: snapshot -> error code (int32) 3390 */ 3391static int 3392zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3393{ 3394 nvlist_t *snaps; 3395 nvlist_t *props = NULL; 3396 int error, poollen; 3397 nvpair_t *pair; 3398 3399 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3400 if ((error = zfs_check_userprops(poolname, props)) != 0) 3401 return (error); 3402 3403 if (!nvlist_empty(props) && 3404 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3405 return (SET_ERROR(ENOTSUP)); 3406 3407 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3408 return (SET_ERROR(EINVAL)); 3409 poollen = strlen(poolname); 3410 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3411 pair = nvlist_next_nvpair(snaps, pair)) { 3412 const char *name = nvpair_name(pair); 3413 const char *cp = strchr(name, '@'); 3414 3415 /* 3416 * The snap name must contain an @, and the part after it must 3417 * contain only valid characters. 3418 */ 3419 if (cp == NULL || 3420 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3421 return (SET_ERROR(EINVAL)); 3422 3423 /* 3424 * The snap must be in the specified pool. 3425 */ 3426 if (strncmp(name, poolname, poollen) != 0 || 3427 (name[poollen] != '/' && name[poollen] != '@')) 3428 return (SET_ERROR(EXDEV)); 3429 3430 /* This must be the only snap of this fs. */ 3431 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3432 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3433 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3434 == 0) { 3435 return (SET_ERROR(EXDEV)); 3436 } 3437 } 3438 } 3439 3440 error = dsl_dataset_snapshot(snaps, props, outnvl); 3441 return (error); 3442} 3443 3444/* 3445 * innvl: "message" -> string 3446 */ 3447/* ARGSUSED */ 3448static int 3449zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3450{ 3451 char *message; 3452 spa_t *spa; 3453 int error; 3454 char *poolname; 3455 3456 /* 3457 * The poolname in the ioctl is not set, we get it from the TSD, 3458 * which was set at the end of the last successful ioctl that allows 3459 * logging. The secpolicy func already checked that it is set. 3460 * Only one log ioctl is allowed after each successful ioctl, so 3461 * we clear the TSD here. 3462 */ 3463 poolname = tsd_get(zfs_allow_log_key); 3464 (void) tsd_set(zfs_allow_log_key, NULL); 3465 error = spa_open(poolname, &spa, FTAG); 3466 strfree(poolname); 3467 if (error != 0) 3468 return (error); 3469 3470 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3471 spa_close(spa, FTAG); 3472 return (SET_ERROR(EINVAL)); 3473 } 3474 3475 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3476 spa_close(spa, FTAG); 3477 return (SET_ERROR(ENOTSUP)); 3478 } 3479 3480 error = spa_history_log(spa, message); 3481 spa_close(spa, FTAG); 3482 return (error); 3483} 3484 3485#ifdef __FreeBSD__ 3486static int 3487zfs_ioc_nextboot(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3488{ 3489 char name[MAXNAMELEN]; 3490 spa_t *spa; 3491 vdev_t *vd; 3492 char *command; 3493 uint64_t pool_guid; 3494 uint64_t vdev_guid; 3495 int error; 3496 3497 if (nvlist_lookup_uint64(innvl, 3498 ZPOOL_CONFIG_POOL_GUID, &pool_guid) != 0) 3499 return (EINVAL); 3500 if (nvlist_lookup_uint64(innvl, 3501 ZPOOL_CONFIG_GUID, &vdev_guid) != 0) 3502 return (EINVAL); 3503 if (nvlist_lookup_string(innvl, 3504 "command", &command) != 0) 3505 return (EINVAL); 3506 3507 mutex_enter(&spa_namespace_lock); 3508 spa = spa_by_guid(pool_guid, vdev_guid); 3509 if (spa != NULL) 3510 strcpy(name, spa_name(spa)); 3511 mutex_exit(&spa_namespace_lock); 3512 if (spa == NULL) 3513 return (ENOENT); 3514 3515 if ((error = spa_open(name, &spa, FTAG)) != 0) 3516 return (error); 3517 spa_vdev_state_enter(spa, SCL_ALL); 3518 vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE); 3519 if (vd == NULL) { 3520 (void) spa_vdev_state_exit(spa, NULL, ENXIO); 3521 spa_close(spa, FTAG); 3522 return (ENODEV); 3523 } 3524 error = vdev_label_write_pad2(vd, command, strlen(command)); 3525 (void) spa_vdev_state_exit(spa, NULL, 0); 3526 txg_wait_synced(spa->spa_dsl_pool, 0); 3527 spa_close(spa, FTAG); 3528 return (error); 3529} 3530#endif 3531 3532/* 3533 * The dp_config_rwlock must not be held when calling this, because the 3534 * unmount may need to write out data. 3535 * 3536 * This function is best-effort. Callers must deal gracefully if it 3537 * remains mounted (or is remounted after this call). 3538 * 3539 * Returns 0 if the argument is not a snapshot, or it is not currently a 3540 * filesystem, or we were able to unmount it. Returns error code otherwise. 3541 */ 3542int 3543zfs_unmount_snap(const char *snapname) 3544{ 3545 vfs_t *vfsp; 3546 zfsvfs_t *zfsvfs; 3547#ifdef illumos 3548 int err; 3549#endif 3550 3551 if (strchr(snapname, '@') == NULL) 3552 return (0); 3553 3554 vfsp = zfs_get_vfs(snapname); 3555 if (vfsp == NULL) 3556 return (0); 3557 3558 zfsvfs = vfsp->vfs_data; 3559 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3560 3561#ifdef illumos 3562 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3563 VFS_RELE(vfsp); 3564 if (err != 0) 3565 return (SET_ERROR(err)); 3566#endif 3567 3568 /* 3569 * Always force the unmount for snapshots. 3570 */ 3571#ifdef illumos 3572 (void) dounmount(vfsp, MS_FORCE, kcred); 3573#else 3574 (void) dounmount(vfsp, MS_FORCE, curthread); 3575#endif 3576 return (0); 3577} 3578 3579/* ARGSUSED */ 3580static int 3581zfs_unmount_snap_cb(const char *snapname, void *arg) 3582{ 3583 return (zfs_unmount_snap(snapname)); 3584} 3585 3586/* 3587 * When a clone is destroyed, its origin may also need to be destroyed, 3588 * in which case it must be unmounted. This routine will do that unmount 3589 * if necessary. 3590 */ 3591void 3592zfs_destroy_unmount_origin(const char *fsname) 3593{ 3594 int error; 3595 objset_t *os; 3596 dsl_dataset_t *ds; 3597 3598 error = dmu_objset_hold(fsname, FTAG, &os); 3599 if (error != 0) 3600 return; 3601 ds = dmu_objset_ds(os); 3602 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3603 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3604 dsl_dataset_name(ds->ds_prev, originname); 3605 dmu_objset_rele(os, FTAG); 3606 (void) zfs_unmount_snap(originname); 3607 } else { 3608 dmu_objset_rele(os, FTAG); 3609 } 3610} 3611 3612/* 3613 * innvl: { 3614 * "snaps" -> { snapshot1, snapshot2 } 3615 * (optional boolean) "defer" 3616 * } 3617 * 3618 * outnvl: snapshot -> error code (int32) 3619 * 3620 */ 3621/* ARGSUSED */ 3622static int 3623zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3624{ 3625 int error, poollen; 3626 nvlist_t *snaps; 3627 nvpair_t *pair; 3628 boolean_t defer; 3629 3630 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3631 return (SET_ERROR(EINVAL)); 3632 defer = nvlist_exists(innvl, "defer"); 3633 3634 poollen = strlen(poolname); 3635 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3636 pair = nvlist_next_nvpair(snaps, pair)) { 3637 const char *name = nvpair_name(pair); 3638 3639 /* 3640 * The snap must be in the specified pool to prevent the 3641 * invalid removal of zvol minors below. 3642 */ 3643 if (strncmp(name, poolname, poollen) != 0 || 3644 (name[poollen] != '/' && name[poollen] != '@')) 3645 return (SET_ERROR(EXDEV)); 3646 3647 error = zfs_unmount_snap(name); 3648 if (error != 0) 3649 return (error); 3650#if defined(__FreeBSD__) 3651 zvol_remove_minors(name); 3652#endif 3653 } 3654 3655 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3656} 3657 3658/* 3659 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3660 * All bookmarks must be in the same pool. 3661 * 3662 * innvl: { 3663 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3664 * } 3665 * 3666 * outnvl: bookmark -> error code (int32) 3667 * 3668 */ 3669/* ARGSUSED */ 3670static int 3671zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3672{ 3673 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3674 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3675 char *snap_name; 3676 3677 /* 3678 * Verify the snapshot argument. 3679 */ 3680 if (nvpair_value_string(pair, &snap_name) != 0) 3681 return (SET_ERROR(EINVAL)); 3682 3683 3684 /* Verify that the keys (bookmarks) are unique */ 3685 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3686 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3687 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3688 return (SET_ERROR(EINVAL)); 3689 } 3690 } 3691 3692 return (dsl_bookmark_create(innvl, outnvl)); 3693} 3694 3695/* 3696 * innvl: { 3697 * property 1, property 2, ... 3698 * } 3699 * 3700 * outnvl: { 3701 * bookmark name 1 -> { property 1, property 2, ... }, 3702 * bookmark name 2 -> { property 1, property 2, ... } 3703 * } 3704 * 3705 */ 3706static int 3707zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3708{ 3709 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3710} 3711 3712/* 3713 * innvl: { 3714 * bookmark name 1, bookmark name 2 3715 * } 3716 * 3717 * outnvl: bookmark -> error code (int32) 3718 * 3719 */ 3720static int 3721zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3722 nvlist_t *outnvl) 3723{ 3724 int error, poollen; 3725 3726 poollen = strlen(poolname); 3727 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3728 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3729 const char *name = nvpair_name(pair); 3730 const char *cp = strchr(name, '#'); 3731 3732 /* 3733 * The bookmark name must contain an #, and the part after it 3734 * must contain only valid characters. 3735 */ 3736 if (cp == NULL || 3737 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3738 return (SET_ERROR(EINVAL)); 3739 3740 /* 3741 * The bookmark must be in the specified pool. 3742 */ 3743 if (strncmp(name, poolname, poollen) != 0 || 3744 (name[poollen] != '/' && name[poollen] != '#')) 3745 return (SET_ERROR(EXDEV)); 3746 } 3747 3748 error = dsl_bookmark_destroy(innvl, outnvl); 3749 return (error); 3750} 3751 3752/* 3753 * inputs: 3754 * zc_name name of dataset to destroy 3755 * zc_objset_type type of objset 3756 * zc_defer_destroy mark for deferred destroy 3757 * 3758 * outputs: none 3759 */ 3760static int 3761zfs_ioc_destroy(zfs_cmd_t *zc) 3762{ 3763 int err; 3764 3765 if (zc->zc_objset_type == DMU_OST_ZFS) { 3766 err = zfs_unmount_snap(zc->zc_name); 3767 if (err != 0) 3768 return (err); 3769 } 3770 3771 if (strchr(zc->zc_name, '@')) 3772 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3773 else 3774 err = dsl_destroy_head(zc->zc_name); 3775 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3776#ifdef __FreeBSD__ 3777 zvol_remove_minors(zc->zc_name); 3778#else 3779 (void) zvol_remove_minor(zc->zc_name); 3780#endif 3781 return (err); 3782} 3783 3784/* 3785 * fsname is name of dataset to rollback (to most recent snapshot) 3786 * 3787 * innvl is not used. 3788 * 3789 * outnvl: "target" -> name of most recent snapshot 3790 * } 3791 */ 3792/* ARGSUSED */ 3793static int 3794zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl) 3795{ 3796 zfsvfs_t *zfsvfs; 3797 int error; 3798 3799 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3800 dsl_dataset_t *ds; 3801 3802 ds = dmu_objset_ds(zfsvfs->z_os); 3803 error = zfs_suspend_fs(zfsvfs); 3804 if (error == 0) { 3805 int resume_err; 3806 3807 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl); 3808 resume_err = zfs_resume_fs(zfsvfs, ds); 3809 error = error ? error : resume_err; 3810 } 3811#ifdef illumos 3812 VFS_RELE(zfsvfs->z_vfs); 3813#else 3814 vfs_unbusy(zfsvfs->z_vfs); 3815#endif 3816 } else { 3817 error = dsl_dataset_rollback(fsname, NULL, outnvl); 3818 } 3819 return (error); 3820} 3821 3822static int 3823recursive_unmount(const char *fsname, void *arg) 3824{ 3825 const char *snapname = arg; 3826 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 3827 3828 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3829 return (zfs_unmount_snap(fullname)); 3830} 3831 3832/* 3833 * inputs: 3834 * zc_name old name of dataset 3835 * zc_value new name of dataset 3836 * zc_cookie recursive flag (only valid for snapshots) 3837 * 3838 * outputs: none 3839 */ 3840static int 3841zfs_ioc_rename(zfs_cmd_t *zc) 3842{ 3843 boolean_t recursive = zc->zc_cookie & 1; 3844 char *at; 3845 boolean_t allow_mounted = B_TRUE; 3846 3847#ifdef __FreeBSD__ 3848 allow_mounted = (zc->zc_cookie & 2) != 0; 3849#endif 3850 3851 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3852 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3853 strchr(zc->zc_value, '%')) 3854 return (SET_ERROR(EINVAL)); 3855 3856 at = strchr(zc->zc_name, '@'); 3857 if (at != NULL) { 3858 /* snaps must be in same fs */ 3859 int error; 3860 3861 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 3862 return (SET_ERROR(EXDEV)); 3863 *at = '\0'; 3864 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) { 3865 error = dmu_objset_find(zc->zc_name, 3866 recursive_unmount, at + 1, 3867 recursive ? DS_FIND_CHILDREN : 0); 3868 if (error != 0) { 3869 *at = '@'; 3870 return (error); 3871 } 3872 } 3873 error = dsl_dataset_rename_snapshot(zc->zc_name, 3874 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 3875 *at = '@'; 3876 3877 return (error); 3878 } else { 3879#ifdef illumos 3880 if (zc->zc_objset_type == DMU_OST_ZVOL) 3881 (void) zvol_remove_minor(zc->zc_name); 3882#endif 3883 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 3884 } 3885} 3886 3887static int 3888zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3889{ 3890 const char *propname = nvpair_name(pair); 3891 boolean_t issnap = (strchr(dsname, '@') != NULL); 3892 zfs_prop_t prop = zfs_name_to_prop(propname); 3893 uint64_t intval; 3894 int err; 3895 3896 if (prop == ZPROP_INVAL) { 3897 if (zfs_prop_user(propname)) { 3898 if (err = zfs_secpolicy_write_perms(dsname, 3899 ZFS_DELEG_PERM_USERPROP, cr)) 3900 return (err); 3901 return (0); 3902 } 3903 3904 if (!issnap && zfs_prop_userquota(propname)) { 3905 const char *perm = NULL; 3906 const char *uq_prefix = 3907 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3908 const char *gq_prefix = 3909 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3910 3911 if (strncmp(propname, uq_prefix, 3912 strlen(uq_prefix)) == 0) { 3913 perm = ZFS_DELEG_PERM_USERQUOTA; 3914 } else if (strncmp(propname, gq_prefix, 3915 strlen(gq_prefix)) == 0) { 3916 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3917 } else { 3918 /* USERUSED and GROUPUSED are read-only */ 3919 return (SET_ERROR(EINVAL)); 3920 } 3921 3922 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3923 return (err); 3924 return (0); 3925 } 3926 3927 return (SET_ERROR(EINVAL)); 3928 } 3929 3930 if (issnap) 3931 return (SET_ERROR(EINVAL)); 3932 3933 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3934 /* 3935 * dsl_prop_get_all_impl() returns properties in this 3936 * format. 3937 */ 3938 nvlist_t *attrs; 3939 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3940 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3941 &pair) == 0); 3942 } 3943 3944 /* 3945 * Check that this value is valid for this pool version 3946 */ 3947 switch (prop) { 3948 case ZFS_PROP_COMPRESSION: 3949 /* 3950 * If the user specified gzip compression, make sure 3951 * the SPA supports it. We ignore any errors here since 3952 * we'll catch them later. 3953 */ 3954 if (nvpair_value_uint64(pair, &intval) == 0) { 3955 if (intval >= ZIO_COMPRESS_GZIP_1 && 3956 intval <= ZIO_COMPRESS_GZIP_9 && 3957 zfs_earlier_version(dsname, 3958 SPA_VERSION_GZIP_COMPRESSION)) { 3959 return (SET_ERROR(ENOTSUP)); 3960 } 3961 3962 if (intval == ZIO_COMPRESS_ZLE && 3963 zfs_earlier_version(dsname, 3964 SPA_VERSION_ZLE_COMPRESSION)) 3965 return (SET_ERROR(ENOTSUP)); 3966 3967 if (intval == ZIO_COMPRESS_LZ4) { 3968 spa_t *spa; 3969 3970 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 3971 return (err); 3972 3973 if (!spa_feature_is_enabled(spa, 3974 SPA_FEATURE_LZ4_COMPRESS)) { 3975 spa_close(spa, FTAG); 3976 return (SET_ERROR(ENOTSUP)); 3977 } 3978 spa_close(spa, FTAG); 3979 } 3980 3981 /* 3982 * If this is a bootable dataset then 3983 * verify that the compression algorithm 3984 * is supported for booting. We must return 3985 * something other than ENOTSUP since it 3986 * implies a downrev pool version. 3987 */ 3988 if (zfs_is_bootfs(dsname) && 3989 !BOOTFS_COMPRESS_VALID(intval)) { 3990 return (SET_ERROR(ERANGE)); 3991 } 3992 } 3993 break; 3994 3995 case ZFS_PROP_COPIES: 3996 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3997 return (SET_ERROR(ENOTSUP)); 3998 break; 3999 4000 case ZFS_PROP_RECORDSIZE: 4001 /* Record sizes above 128k need the feature to be enabled */ 4002 if (nvpair_value_uint64(pair, &intval) == 0 && 4003 intval > SPA_OLD_MAXBLOCKSIZE) { 4004 spa_t *spa; 4005 4006 /* 4007 * If this is a bootable dataset then 4008 * the we don't allow large (>128K) blocks, 4009 * because GRUB doesn't support them. 4010 */ 4011 if (zfs_is_bootfs(dsname) && 4012 intval > SPA_OLD_MAXBLOCKSIZE) { 4013 return (SET_ERROR(ERANGE)); 4014 } 4015 4016 /* 4017 * We don't allow setting the property above 1MB, 4018 * unless the tunable has been changed. 4019 */ 4020 if (intval > zfs_max_recordsize || 4021 intval > SPA_MAXBLOCKSIZE) 4022 return (SET_ERROR(ERANGE)); 4023 4024 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4025 return (err); 4026 4027 if (!spa_feature_is_enabled(spa, 4028 SPA_FEATURE_LARGE_BLOCKS)) { 4029 spa_close(spa, FTAG); 4030 return (SET_ERROR(ENOTSUP)); 4031 } 4032 spa_close(spa, FTAG); 4033 } 4034 break; 4035 4036 case ZFS_PROP_SHARESMB: 4037 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4038 return (SET_ERROR(ENOTSUP)); 4039 break; 4040 4041 case ZFS_PROP_ACLINHERIT: 4042 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4043 nvpair_value_uint64(pair, &intval) == 0) { 4044 if (intval == ZFS_ACL_PASSTHROUGH_X && 4045 zfs_earlier_version(dsname, 4046 SPA_VERSION_PASSTHROUGH_X)) 4047 return (SET_ERROR(ENOTSUP)); 4048 } 4049 break; 4050 4051 case ZFS_PROP_CHECKSUM: 4052 case ZFS_PROP_DEDUP: 4053 { 4054 spa_feature_t feature; 4055 spa_t *spa; 4056 4057 /* dedup feature version checks */ 4058 if (prop == ZFS_PROP_DEDUP && 4059 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4060 return (SET_ERROR(ENOTSUP)); 4061 4062 if (nvpair_value_uint64(pair, &intval) != 0) 4063 return (SET_ERROR(EINVAL)); 4064 4065 /* check prop value is enabled in features */ 4066 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4067 if (feature == SPA_FEATURE_NONE) 4068 break; 4069 4070 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4071 return (err); 4072 /* 4073 * Salted checksums are not supported on root pools. 4074 */ 4075 if (spa_bootfs(spa) != 0 && 4076 intval < ZIO_CHECKSUM_FUNCTIONS && 4077 (zio_checksum_table[intval].ci_flags & 4078 ZCHECKSUM_FLAG_SALTED)) { 4079 spa_close(spa, FTAG); 4080 return (SET_ERROR(ERANGE)); 4081 } 4082 if (!spa_feature_is_enabled(spa, feature)) { 4083 spa_close(spa, FTAG); 4084 return (SET_ERROR(ENOTSUP)); 4085 } 4086 spa_close(spa, FTAG); 4087 break; 4088 } 4089 } 4090 4091 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4092} 4093 4094/* 4095 * Checks for a race condition to make sure we don't increment a feature flag 4096 * multiple times. 4097 */ 4098static int 4099zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4100{ 4101 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4102 spa_feature_t *featurep = arg; 4103 4104 if (!spa_feature_is_active(spa, *featurep)) 4105 return (0); 4106 else 4107 return (SET_ERROR(EBUSY)); 4108} 4109 4110/* 4111 * The callback invoked on feature activation in the sync task caused by 4112 * zfs_prop_activate_feature. 4113 */ 4114static void 4115zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4116{ 4117 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4118 spa_feature_t *featurep = arg; 4119 4120 spa_feature_incr(spa, *featurep, tx); 4121} 4122 4123/* 4124 * Activates a feature on a pool in response to a property setting. This 4125 * creates a new sync task which modifies the pool to reflect the feature 4126 * as being active. 4127 */ 4128static int 4129zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4130{ 4131 int err; 4132 4133 /* EBUSY here indicates that the feature is already active */ 4134 err = dsl_sync_task(spa_name(spa), 4135 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4136 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4137 4138 if (err != 0 && err != EBUSY) 4139 return (err); 4140 else 4141 return (0); 4142} 4143 4144/* 4145 * Removes properties from the given props list that fail permission checks 4146 * needed to clear them and to restore them in case of a receive error. For each 4147 * property, make sure we have both set and inherit permissions. 4148 * 4149 * Returns the first error encountered if any permission checks fail. If the 4150 * caller provides a non-NULL errlist, it also gives the complete list of names 4151 * of all the properties that failed a permission check along with the 4152 * corresponding error numbers. The caller is responsible for freeing the 4153 * returned errlist. 4154 * 4155 * If every property checks out successfully, zero is returned and the list 4156 * pointed at by errlist is NULL. 4157 */ 4158static int 4159zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4160{ 4161 zfs_cmd_t *zc; 4162 nvpair_t *pair, *next_pair; 4163 nvlist_t *errors; 4164 int err, rv = 0; 4165 4166 if (props == NULL) 4167 return (0); 4168 4169 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4170 4171 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4172 (void) strcpy(zc->zc_name, dataset); 4173 pair = nvlist_next_nvpair(props, NULL); 4174 while (pair != NULL) { 4175 next_pair = nvlist_next_nvpair(props, pair); 4176 4177 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4178 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4179 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4180 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4181 VERIFY(nvlist_add_int32(errors, 4182 zc->zc_value, err) == 0); 4183 } 4184 pair = next_pair; 4185 } 4186 kmem_free(zc, sizeof (zfs_cmd_t)); 4187 4188 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4189 nvlist_free(errors); 4190 errors = NULL; 4191 } else { 4192 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4193 } 4194 4195 if (errlist == NULL) 4196 nvlist_free(errors); 4197 else 4198 *errlist = errors; 4199 4200 return (rv); 4201} 4202 4203static boolean_t 4204propval_equals(nvpair_t *p1, nvpair_t *p2) 4205{ 4206 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4207 /* dsl_prop_get_all_impl() format */ 4208 nvlist_t *attrs; 4209 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4210 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4211 &p1) == 0); 4212 } 4213 4214 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4215 nvlist_t *attrs; 4216 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4217 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4218 &p2) == 0); 4219 } 4220 4221 if (nvpair_type(p1) != nvpair_type(p2)) 4222 return (B_FALSE); 4223 4224 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4225 char *valstr1, *valstr2; 4226 4227 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4228 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4229 return (strcmp(valstr1, valstr2) == 0); 4230 } else { 4231 uint64_t intval1, intval2; 4232 4233 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4234 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4235 return (intval1 == intval2); 4236 } 4237} 4238 4239/* 4240 * Remove properties from props if they are not going to change (as determined 4241 * by comparison with origprops). Remove them from origprops as well, since we 4242 * do not need to clear or restore properties that won't change. 4243 */ 4244static void 4245props_reduce(nvlist_t *props, nvlist_t *origprops) 4246{ 4247 nvpair_t *pair, *next_pair; 4248 4249 if (origprops == NULL) 4250 return; /* all props need to be received */ 4251 4252 pair = nvlist_next_nvpair(props, NULL); 4253 while (pair != NULL) { 4254 const char *propname = nvpair_name(pair); 4255 nvpair_t *match; 4256 4257 next_pair = nvlist_next_nvpair(props, pair); 4258 4259 if ((nvlist_lookup_nvpair(origprops, propname, 4260 &match) != 0) || !propval_equals(pair, match)) 4261 goto next; /* need to set received value */ 4262 4263 /* don't clear the existing received value */ 4264 (void) nvlist_remove_nvpair(origprops, match); 4265 /* don't bother receiving the property */ 4266 (void) nvlist_remove_nvpair(props, pair); 4267next: 4268 pair = next_pair; 4269 } 4270} 4271 4272/* 4273 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4274 * For example, refquota cannot be set until after the receipt of a dataset, 4275 * because in replication streams, an older/earlier snapshot may exceed the 4276 * refquota. We want to receive the older/earlier snapshot, but setting 4277 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4278 * the older/earlier snapshot from being received (with EDQUOT). 4279 * 4280 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4281 * 4282 * libzfs will need to be judicious handling errors encountered by props 4283 * extracted by this function. 4284 */ 4285static nvlist_t * 4286extract_delay_props(nvlist_t *props) 4287{ 4288 nvlist_t *delayprops; 4289 nvpair_t *nvp, *tmp; 4290 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 }; 4291 int i; 4292 4293 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4294 4295 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4296 nvp = nvlist_next_nvpair(props, nvp)) { 4297 /* 4298 * strcmp() is safe because zfs_prop_to_name() always returns 4299 * a bounded string. 4300 */ 4301 for (i = 0; delayable[i] != 0; i++) { 4302 if (strcmp(zfs_prop_to_name(delayable[i]), 4303 nvpair_name(nvp)) == 0) { 4304 break; 4305 } 4306 } 4307 if (delayable[i] != 0) { 4308 tmp = nvlist_prev_nvpair(props, nvp); 4309 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4310 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4311 nvp = tmp; 4312 } 4313 } 4314 4315 if (nvlist_empty(delayprops)) { 4316 nvlist_free(delayprops); 4317 delayprops = NULL; 4318 } 4319 return (delayprops); 4320} 4321 4322#ifdef DEBUG 4323static boolean_t zfs_ioc_recv_inject_err; 4324#endif 4325 4326/* 4327 * inputs: 4328 * zc_name name of containing filesystem 4329 * zc_nvlist_src{_size} nvlist of properties to apply 4330 * zc_value name of snapshot to create 4331 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4332 * zc_cookie file descriptor to recv from 4333 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4334 * zc_guid force flag 4335 * zc_cleanup_fd cleanup-on-exit file descriptor 4336 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4337 * zc_resumable if data is incomplete assume sender will resume 4338 * 4339 * outputs: 4340 * zc_cookie number of bytes read 4341 * zc_nvlist_dst{_size} error for each unapplied received property 4342 * zc_obj zprop_errflags_t 4343 * zc_action_handle handle for this guid/ds mapping 4344 */ 4345static int 4346zfs_ioc_recv(zfs_cmd_t *zc) 4347{ 4348 file_t *fp; 4349 dmu_recv_cookie_t drc; 4350 boolean_t force = (boolean_t)zc->zc_guid; 4351 int fd; 4352 int error = 0; 4353 int props_error = 0; 4354 nvlist_t *errors; 4355 offset_t off; 4356 nvlist_t *props = NULL; /* sent properties */ 4357 nvlist_t *origprops = NULL; /* existing properties */ 4358 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */ 4359 char *origin = NULL; 4360 char *tosnap; 4361 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 4362 cap_rights_t rights; 4363 boolean_t first_recvd_props = B_FALSE; 4364 4365 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4366 strchr(zc->zc_value, '@') == NULL || 4367 strchr(zc->zc_value, '%')) 4368 return (SET_ERROR(EINVAL)); 4369 4370 (void) strcpy(tofs, zc->zc_value); 4371 tosnap = strchr(tofs, '@'); 4372 *tosnap++ = '\0'; 4373 4374 if (zc->zc_nvlist_src != 0 && 4375 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4376 zc->zc_iflags, &props)) != 0) 4377 return (error); 4378 4379 fd = zc->zc_cookie; 4380#ifdef illumos 4381 fp = getf(fd); 4382#else 4383 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp); 4384#endif 4385 if (fp == NULL) { 4386 nvlist_free(props); 4387 return (SET_ERROR(EBADF)); 4388 } 4389 4390 errors = fnvlist_alloc(); 4391 4392 if (zc->zc_string[0]) 4393 origin = zc->zc_string; 4394 4395 error = dmu_recv_begin(tofs, tosnap, 4396 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc); 4397 if (error != 0) 4398 goto out; 4399 4400 /* 4401 * Set properties before we receive the stream so that they are applied 4402 * to the new data. Note that we must call dmu_recv_stream() if 4403 * dmu_recv_begin() succeeds. 4404 */ 4405 if (props != NULL && !drc.drc_newfs) { 4406 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4407 SPA_VERSION_RECVD_PROPS && 4408 !dsl_prop_get_hasrecvd(tofs)) 4409 first_recvd_props = B_TRUE; 4410 4411 /* 4412 * If new received properties are supplied, they are to 4413 * completely replace the existing received properties, so stash 4414 * away the existing ones. 4415 */ 4416 if (dsl_prop_get_received(tofs, &origprops) == 0) { 4417 nvlist_t *errlist = NULL; 4418 /* 4419 * Don't bother writing a property if its value won't 4420 * change (and avoid the unnecessary security checks). 4421 * 4422 * The first receive after SPA_VERSION_RECVD_PROPS is a 4423 * special case where we blow away all local properties 4424 * regardless. 4425 */ 4426 if (!first_recvd_props) 4427 props_reduce(props, origprops); 4428 if (zfs_check_clearable(tofs, origprops, &errlist) != 0) 4429 (void) nvlist_merge(errors, errlist, 0); 4430 nvlist_free(errlist); 4431 4432 if (clear_received_props(tofs, origprops, 4433 first_recvd_props ? NULL : props) != 0) 4434 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4435 } else { 4436 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4437 } 4438 } 4439 4440 if (props != NULL) { 4441 props_error = dsl_prop_set_hasrecvd(tofs); 4442 4443 if (props_error == 0) { 4444 delayprops = extract_delay_props(props); 4445 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4446 props, errors); 4447 } 4448 } 4449 4450 off = fp->f_offset; 4451 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd, 4452 &zc->zc_action_handle); 4453 4454 if (error == 0) { 4455 zfsvfs_t *zfsvfs = NULL; 4456 4457 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4458 /* online recv */ 4459 dsl_dataset_t *ds; 4460 int end_err; 4461 4462 ds = dmu_objset_ds(zfsvfs->z_os); 4463 error = zfs_suspend_fs(zfsvfs); 4464 /* 4465 * If the suspend fails, then the recv_end will 4466 * likely also fail, and clean up after itself. 4467 */ 4468 end_err = dmu_recv_end(&drc, zfsvfs); 4469 if (error == 0) 4470 error = zfs_resume_fs(zfsvfs, ds); 4471 error = error ? error : end_err; 4472#ifdef illumos 4473 VFS_RELE(zfsvfs->z_vfs); 4474#else 4475 vfs_unbusy(zfsvfs->z_vfs); 4476#endif 4477 } else { 4478 error = dmu_recv_end(&drc, NULL); 4479 } 4480 4481 /* Set delayed properties now, after we're done receiving. */ 4482 if (delayprops != NULL && error == 0) { 4483 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4484 delayprops, errors); 4485 } 4486 } 4487 4488 if (delayprops != NULL) { 4489 /* 4490 * Merge delayed props back in with initial props, in case 4491 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4492 * we have to make sure clear_received_props() includes 4493 * the delayed properties). 4494 * 4495 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4496 * using ASSERT() will be just like a VERIFY. 4497 */ 4498 ASSERT(nvlist_merge(props, delayprops, 0) == 0); 4499 nvlist_free(delayprops); 4500 } 4501 4502 /* 4503 * Now that all props, initial and delayed, are set, report the prop 4504 * errors to the caller. 4505 */ 4506 if (zc->zc_nvlist_dst_size != 0 && 4507 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4508 put_nvlist(zc, errors) != 0)) { 4509 /* 4510 * Caller made zc->zc_nvlist_dst less than the minimum expected 4511 * size or supplied an invalid address. 4512 */ 4513 props_error = SET_ERROR(EINVAL); 4514 } 4515 4516 zc->zc_cookie = off - fp->f_offset; 4517 if (off >= 0 && off <= MAXOFFSET_T) 4518 fp->f_offset = off; 4519 4520#ifdef DEBUG 4521 if (zfs_ioc_recv_inject_err) { 4522 zfs_ioc_recv_inject_err = B_FALSE; 4523 error = 1; 4524 } 4525#endif 4526 4527#ifdef __FreeBSD__ 4528 if (error == 0) 4529 zvol_create_minors(tofs); 4530#endif 4531 4532 /* 4533 * On error, restore the original props. 4534 */ 4535 if (error != 0 && props != NULL && !drc.drc_newfs) { 4536 if (clear_received_props(tofs, props, NULL) != 0) { 4537 /* 4538 * We failed to clear the received properties. 4539 * Since we may have left a $recvd value on the 4540 * system, we can't clear the $hasrecvd flag. 4541 */ 4542 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4543 } else if (first_recvd_props) { 4544 dsl_prop_unset_hasrecvd(tofs); 4545 } 4546 4547 if (origprops == NULL && !drc.drc_newfs) { 4548 /* We failed to stash the original properties. */ 4549 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4550 } 4551 4552 /* 4553 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4554 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4555 * explictly if we're restoring local properties cleared in the 4556 * first new-style receive. 4557 */ 4558 if (origprops != NULL && 4559 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4560 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4561 origprops, NULL) != 0) { 4562 /* 4563 * We stashed the original properties but failed to 4564 * restore them. 4565 */ 4566 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4567 } 4568 } 4569out: 4570 nvlist_free(props); 4571 nvlist_free(origprops); 4572 nvlist_free(errors); 4573 releasef(fd); 4574 4575 if (error == 0) 4576 error = props_error; 4577 4578 return (error); 4579} 4580 4581/* 4582 * inputs: 4583 * zc_name name of snapshot to send 4584 * zc_cookie file descriptor to send stream to 4585 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4586 * zc_sendobj objsetid of snapshot to send 4587 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4588 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4589 * output size in zc_objset_type. 4590 * zc_flags lzc_send_flags 4591 * 4592 * outputs: 4593 * zc_objset_type estimated size, if zc_guid is set 4594 */ 4595static int 4596zfs_ioc_send(zfs_cmd_t *zc) 4597{ 4598 int error; 4599 offset_t off; 4600 boolean_t estimate = (zc->zc_guid != 0); 4601 boolean_t embedok = (zc->zc_flags & 0x1); 4602 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4603 4604 if (zc->zc_obj != 0) { 4605 dsl_pool_t *dp; 4606 dsl_dataset_t *tosnap; 4607 4608 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4609 if (error != 0) 4610 return (error); 4611 4612 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4613 if (error != 0) { 4614 dsl_pool_rele(dp, FTAG); 4615 return (error); 4616 } 4617 4618 if (dsl_dir_is_clone(tosnap->ds_dir)) 4619 zc->zc_fromobj = 4620 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4621 dsl_dataset_rele(tosnap, FTAG); 4622 dsl_pool_rele(dp, FTAG); 4623 } 4624 4625 if (estimate) { 4626 dsl_pool_t *dp; 4627 dsl_dataset_t *tosnap; 4628 dsl_dataset_t *fromsnap = NULL; 4629 4630 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4631 if (error != 0) 4632 return (error); 4633 4634 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4635 if (error != 0) { 4636 dsl_pool_rele(dp, FTAG); 4637 return (error); 4638 } 4639 4640 if (zc->zc_fromobj != 0) { 4641 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4642 FTAG, &fromsnap); 4643 if (error != 0) { 4644 dsl_dataset_rele(tosnap, FTAG); 4645 dsl_pool_rele(dp, FTAG); 4646 return (error); 4647 } 4648 } 4649 4650 error = dmu_send_estimate(tosnap, fromsnap, 4651 &zc->zc_objset_type); 4652 4653 if (fromsnap != NULL) 4654 dsl_dataset_rele(fromsnap, FTAG); 4655 dsl_dataset_rele(tosnap, FTAG); 4656 dsl_pool_rele(dp, FTAG); 4657 } else { 4658 file_t *fp; 4659 cap_rights_t rights; 4660 4661#ifdef illumos 4662 fp = getf(zc->zc_cookie); 4663#else 4664 fget_write(curthread, zc->zc_cookie, 4665 cap_rights_init(&rights, CAP_WRITE), &fp); 4666#endif 4667 if (fp == NULL) 4668 return (SET_ERROR(EBADF)); 4669 4670 off = fp->f_offset; 4671 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4672 zc->zc_fromobj, embedok, large_block_ok, 4673#ifdef illumos 4674 zc->zc_cookie, fp->f_vnode, &off); 4675#else 4676 zc->zc_cookie, fp, &off); 4677#endif 4678 4679 if (off >= 0 && off <= MAXOFFSET_T) 4680 fp->f_offset = off; 4681 releasef(zc->zc_cookie); 4682 } 4683 return (error); 4684} 4685 4686/* 4687 * inputs: 4688 * zc_name name of snapshot on which to report progress 4689 * zc_cookie file descriptor of send stream 4690 * 4691 * outputs: 4692 * zc_cookie number of bytes written in send stream thus far 4693 */ 4694static int 4695zfs_ioc_send_progress(zfs_cmd_t *zc) 4696{ 4697 dsl_pool_t *dp; 4698 dsl_dataset_t *ds; 4699 dmu_sendarg_t *dsp = NULL; 4700 int error; 4701 4702 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4703 if (error != 0) 4704 return (error); 4705 4706 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4707 if (error != 0) { 4708 dsl_pool_rele(dp, FTAG); 4709 return (error); 4710 } 4711 4712 mutex_enter(&ds->ds_sendstream_lock); 4713 4714 /* 4715 * Iterate over all the send streams currently active on this dataset. 4716 * If there's one which matches the specified file descriptor _and_ the 4717 * stream was started by the current process, return the progress of 4718 * that stream. 4719 */ 4720 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4721 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4722 if (dsp->dsa_outfd == zc->zc_cookie && 4723 dsp->dsa_proc == curproc) 4724 break; 4725 } 4726 4727 if (dsp != NULL) 4728 zc->zc_cookie = *(dsp->dsa_off); 4729 else 4730 error = SET_ERROR(ENOENT); 4731 4732 mutex_exit(&ds->ds_sendstream_lock); 4733 dsl_dataset_rele(ds, FTAG); 4734 dsl_pool_rele(dp, FTAG); 4735 return (error); 4736} 4737 4738static int 4739zfs_ioc_inject_fault(zfs_cmd_t *zc) 4740{ 4741 int id, error; 4742 4743 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4744 &zc->zc_inject_record); 4745 4746 if (error == 0) 4747 zc->zc_guid = (uint64_t)id; 4748 4749 return (error); 4750} 4751 4752static int 4753zfs_ioc_clear_fault(zfs_cmd_t *zc) 4754{ 4755 return (zio_clear_fault((int)zc->zc_guid)); 4756} 4757 4758static int 4759zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4760{ 4761 int id = (int)zc->zc_guid; 4762 int error; 4763 4764 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4765 &zc->zc_inject_record); 4766 4767 zc->zc_guid = id; 4768 4769 return (error); 4770} 4771 4772static int 4773zfs_ioc_error_log(zfs_cmd_t *zc) 4774{ 4775 spa_t *spa; 4776 int error; 4777 size_t count = (size_t)zc->zc_nvlist_dst_size; 4778 4779 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4780 return (error); 4781 4782 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4783 &count); 4784 if (error == 0) 4785 zc->zc_nvlist_dst_size = count; 4786 else 4787 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4788 4789 spa_close(spa, FTAG); 4790 4791 return (error); 4792} 4793 4794static int 4795zfs_ioc_clear(zfs_cmd_t *zc) 4796{ 4797 spa_t *spa; 4798 vdev_t *vd; 4799 int error; 4800 4801 /* 4802 * On zpool clear we also fix up missing slogs 4803 */ 4804 mutex_enter(&spa_namespace_lock); 4805 spa = spa_lookup(zc->zc_name); 4806 if (spa == NULL) { 4807 mutex_exit(&spa_namespace_lock); 4808 return (SET_ERROR(EIO)); 4809 } 4810 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4811 /* we need to let spa_open/spa_load clear the chains */ 4812 spa_set_log_state(spa, SPA_LOG_CLEAR); 4813 } 4814 spa->spa_last_open_failed = 0; 4815 mutex_exit(&spa_namespace_lock); 4816 4817 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4818 error = spa_open(zc->zc_name, &spa, FTAG); 4819 } else { 4820 nvlist_t *policy; 4821 nvlist_t *config = NULL; 4822 4823 if (zc->zc_nvlist_src == 0) 4824 return (SET_ERROR(EINVAL)); 4825 4826 if ((error = get_nvlist(zc->zc_nvlist_src, 4827 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4828 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4829 policy, &config); 4830 if (config != NULL) { 4831 int err; 4832 4833 if ((err = put_nvlist(zc, config)) != 0) 4834 error = err; 4835 nvlist_free(config); 4836 } 4837 nvlist_free(policy); 4838 } 4839 } 4840 4841 if (error != 0) 4842 return (error); 4843 4844 spa_vdev_state_enter(spa, SCL_NONE); 4845 4846 if (zc->zc_guid == 0) { 4847 vd = NULL; 4848 } else { 4849 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4850 if (vd == NULL) { 4851 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4852 spa_close(spa, FTAG); 4853 return (SET_ERROR(ENODEV)); 4854 } 4855 } 4856 4857 vdev_clear(spa, vd); 4858 4859 (void) spa_vdev_state_exit(spa, NULL, 0); 4860 4861 /* 4862 * Resume any suspended I/Os. 4863 */ 4864 if (zio_resume(spa) != 0) 4865 error = SET_ERROR(EIO); 4866 4867 spa_close(spa, FTAG); 4868 4869 return (error); 4870} 4871 4872static int 4873zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4874{ 4875 spa_t *spa; 4876 int error; 4877 4878 error = spa_open(zc->zc_name, &spa, FTAG); 4879 if (error != 0) 4880 return (error); 4881 4882 spa_vdev_state_enter(spa, SCL_NONE); 4883 4884 /* 4885 * If a resilver is already in progress then set the 4886 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4887 * the scan as a side effect of the reopen. Otherwise, let 4888 * vdev_open() decided if a resilver is required. 4889 */ 4890 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4891 vdev_reopen(spa->spa_root_vdev); 4892 spa->spa_scrub_reopen = B_FALSE; 4893 4894 (void) spa_vdev_state_exit(spa, NULL, 0); 4895 spa_close(spa, FTAG); 4896 return (0); 4897} 4898/* 4899 * inputs: 4900 * zc_name name of filesystem 4901 * zc_value name of origin snapshot 4902 * 4903 * outputs: 4904 * zc_string name of conflicting snapshot, if there is one 4905 */ 4906static int 4907zfs_ioc_promote(zfs_cmd_t *zc) 4908{ 4909 char *cp; 4910 4911 /* 4912 * We don't need to unmount *all* the origin fs's snapshots, but 4913 * it's easier. 4914 */ 4915 cp = strchr(zc->zc_value, '@'); 4916 if (cp) 4917 *cp = '\0'; 4918 (void) dmu_objset_find(zc->zc_value, 4919 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 4920 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4921} 4922 4923/* 4924 * Retrieve a single {user|group}{used|quota}@... property. 4925 * 4926 * inputs: 4927 * zc_name name of filesystem 4928 * zc_objset_type zfs_userquota_prop_t 4929 * zc_value domain name (eg. "S-1-234-567-89") 4930 * zc_guid RID/UID/GID 4931 * 4932 * outputs: 4933 * zc_cookie property value 4934 */ 4935static int 4936zfs_ioc_userspace_one(zfs_cmd_t *zc) 4937{ 4938 zfsvfs_t *zfsvfs; 4939 int error; 4940 4941 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4942 return (SET_ERROR(EINVAL)); 4943 4944 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4945 if (error != 0) 4946 return (error); 4947 4948 error = zfs_userspace_one(zfsvfs, 4949 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4950 zfsvfs_rele(zfsvfs, FTAG); 4951 4952 return (error); 4953} 4954 4955/* 4956 * inputs: 4957 * zc_name name of filesystem 4958 * zc_cookie zap cursor 4959 * zc_objset_type zfs_userquota_prop_t 4960 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4961 * 4962 * outputs: 4963 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4964 * zc_cookie zap cursor 4965 */ 4966static int 4967zfs_ioc_userspace_many(zfs_cmd_t *zc) 4968{ 4969 zfsvfs_t *zfsvfs; 4970 int bufsize = zc->zc_nvlist_dst_size; 4971 4972 if (bufsize <= 0) 4973 return (SET_ERROR(ENOMEM)); 4974 4975 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4976 if (error != 0) 4977 return (error); 4978 4979 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4980 4981 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4982 buf, &zc->zc_nvlist_dst_size); 4983 4984 if (error == 0) { 4985 error = ddi_copyout(buf, 4986 (void *)(uintptr_t)zc->zc_nvlist_dst, 4987 zc->zc_nvlist_dst_size, zc->zc_iflags); 4988 } 4989 kmem_free(buf, bufsize); 4990 zfsvfs_rele(zfsvfs, FTAG); 4991 4992 return (error); 4993} 4994 4995/* 4996 * inputs: 4997 * zc_name name of filesystem 4998 * 4999 * outputs: 5000 * none 5001 */ 5002static int 5003zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 5004{ 5005 objset_t *os; 5006 int error = 0; 5007 zfsvfs_t *zfsvfs; 5008 5009 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5010 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5011 /* 5012 * If userused is not enabled, it may be because the 5013 * objset needs to be closed & reopened (to grow the 5014 * objset_phys_t). Suspend/resume the fs will do that. 5015 */ 5016 dsl_dataset_t *ds, *newds; 5017 5018 ds = dmu_objset_ds(zfsvfs->z_os); 5019 error = zfs_suspend_fs(zfsvfs); 5020 if (error == 0) { 5021 dmu_objset_refresh_ownership(ds, &newds, 5022 zfsvfs); 5023 error = zfs_resume_fs(zfsvfs, newds); 5024 } 5025 } 5026 if (error == 0) 5027 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5028#ifdef illumos 5029 VFS_RELE(zfsvfs->z_vfs); 5030#else 5031 vfs_unbusy(zfsvfs->z_vfs); 5032#endif 5033 } else { 5034 /* XXX kind of reading contents without owning */ 5035 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5036 if (error != 0) 5037 return (error); 5038 5039 error = dmu_objset_userspace_upgrade(os); 5040 dmu_objset_rele(os, FTAG); 5041 } 5042 5043 return (error); 5044} 5045 5046#ifdef illumos 5047/* 5048 * We don't want to have a hard dependency 5049 * against some special symbols in sharefs 5050 * nfs, and smbsrv. Determine them if needed when 5051 * the first file system is shared. 5052 * Neither sharefs, nfs or smbsrv are unloadable modules. 5053 */ 5054int (*znfsexport_fs)(void *arg); 5055int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5056int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5057 5058int zfs_nfsshare_inited; 5059int zfs_smbshare_inited; 5060 5061ddi_modhandle_t nfs_mod; 5062ddi_modhandle_t sharefs_mod; 5063ddi_modhandle_t smbsrv_mod; 5064#endif /* illumos */ 5065kmutex_t zfs_share_lock; 5066 5067#ifdef illumos 5068static int 5069zfs_init_sharefs() 5070{ 5071 int error; 5072 5073 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5074 /* Both NFS and SMB shares also require sharetab support. */ 5075 if (sharefs_mod == NULL && ((sharefs_mod = 5076 ddi_modopen("fs/sharefs", 5077 KRTLD_MODE_FIRST, &error)) == NULL)) { 5078 return (SET_ERROR(ENOSYS)); 5079 } 5080 if (zshare_fs == NULL && ((zshare_fs = 5081 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5082 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5083 return (SET_ERROR(ENOSYS)); 5084 } 5085 return (0); 5086} 5087#endif /* illumos */ 5088 5089static int 5090zfs_ioc_share(zfs_cmd_t *zc) 5091{ 5092#ifdef illumos 5093 int error; 5094 int opcode; 5095 5096 switch (zc->zc_share.z_sharetype) { 5097 case ZFS_SHARE_NFS: 5098 case ZFS_UNSHARE_NFS: 5099 if (zfs_nfsshare_inited == 0) { 5100 mutex_enter(&zfs_share_lock); 5101 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5102 KRTLD_MODE_FIRST, &error)) == NULL)) { 5103 mutex_exit(&zfs_share_lock); 5104 return (SET_ERROR(ENOSYS)); 5105 } 5106 if (znfsexport_fs == NULL && 5107 ((znfsexport_fs = (int (*)(void *)) 5108 ddi_modsym(nfs_mod, 5109 "nfs_export", &error)) == NULL)) { 5110 mutex_exit(&zfs_share_lock); 5111 return (SET_ERROR(ENOSYS)); 5112 } 5113 error = zfs_init_sharefs(); 5114 if (error != 0) { 5115 mutex_exit(&zfs_share_lock); 5116 return (SET_ERROR(ENOSYS)); 5117 } 5118 zfs_nfsshare_inited = 1; 5119 mutex_exit(&zfs_share_lock); 5120 } 5121 break; 5122 case ZFS_SHARE_SMB: 5123 case ZFS_UNSHARE_SMB: 5124 if (zfs_smbshare_inited == 0) { 5125 mutex_enter(&zfs_share_lock); 5126 if (smbsrv_mod == NULL && ((smbsrv_mod = 5127 ddi_modopen("drv/smbsrv", 5128 KRTLD_MODE_FIRST, &error)) == NULL)) { 5129 mutex_exit(&zfs_share_lock); 5130 return (SET_ERROR(ENOSYS)); 5131 } 5132 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5133 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5134 "smb_server_share", &error)) == NULL)) { 5135 mutex_exit(&zfs_share_lock); 5136 return (SET_ERROR(ENOSYS)); 5137 } 5138 error = zfs_init_sharefs(); 5139 if (error != 0) { 5140 mutex_exit(&zfs_share_lock); 5141 return (SET_ERROR(ENOSYS)); 5142 } 5143 zfs_smbshare_inited = 1; 5144 mutex_exit(&zfs_share_lock); 5145 } 5146 break; 5147 default: 5148 return (SET_ERROR(EINVAL)); 5149 } 5150 5151 switch (zc->zc_share.z_sharetype) { 5152 case ZFS_SHARE_NFS: 5153 case ZFS_UNSHARE_NFS: 5154 if (error = 5155 znfsexport_fs((void *) 5156 (uintptr_t)zc->zc_share.z_exportdata)) 5157 return (error); 5158 break; 5159 case ZFS_SHARE_SMB: 5160 case ZFS_UNSHARE_SMB: 5161 if (error = zsmbexport_fs((void *) 5162 (uintptr_t)zc->zc_share.z_exportdata, 5163 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5164 B_TRUE: B_FALSE)) { 5165 return (error); 5166 } 5167 break; 5168 } 5169 5170 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5171 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5172 SHAREFS_ADD : SHAREFS_REMOVE; 5173 5174 /* 5175 * Add or remove share from sharetab 5176 */ 5177 error = zshare_fs(opcode, 5178 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5179 zc->zc_share.z_sharemax); 5180 5181 return (error); 5182 5183#else /* !illumos */ 5184 return (ENOSYS); 5185#endif /* illumos */ 5186} 5187 5188ace_t full_access[] = { 5189 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5190}; 5191 5192/* 5193 * inputs: 5194 * zc_name name of containing filesystem 5195 * zc_obj object # beyond which we want next in-use object # 5196 * 5197 * outputs: 5198 * zc_obj next in-use object # 5199 */ 5200static int 5201zfs_ioc_next_obj(zfs_cmd_t *zc) 5202{ 5203 objset_t *os = NULL; 5204 int error; 5205 5206 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5207 if (error != 0) 5208 return (error); 5209 5210 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5211 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5212 5213 dmu_objset_rele(os, FTAG); 5214 return (error); 5215} 5216 5217/* 5218 * inputs: 5219 * zc_name name of filesystem 5220 * zc_value prefix name for snapshot 5221 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5222 * 5223 * outputs: 5224 * zc_value short name of new snapshot 5225 */ 5226static int 5227zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5228{ 5229 char *snap_name; 5230 char *hold_name; 5231 int error; 5232 minor_t minor; 5233 5234 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5235 if (error != 0) 5236 return (error); 5237 5238 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5239 (u_longlong_t)ddi_get_lbolt64()); 5240 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5241 5242 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5243 hold_name); 5244 if (error == 0) 5245 (void) strcpy(zc->zc_value, snap_name); 5246 strfree(snap_name); 5247 strfree(hold_name); 5248 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5249 return (error); 5250} 5251 5252/* 5253 * inputs: 5254 * zc_name name of "to" snapshot 5255 * zc_value name of "from" snapshot 5256 * zc_cookie file descriptor to write diff data on 5257 * 5258 * outputs: 5259 * dmu_diff_record_t's to the file descriptor 5260 */ 5261static int 5262zfs_ioc_diff(zfs_cmd_t *zc) 5263{ 5264 file_t *fp; 5265 cap_rights_t rights; 5266 offset_t off; 5267 int error; 5268 5269#ifdef illumos 5270 fp = getf(zc->zc_cookie); 5271#else 5272 fget_write(curthread, zc->zc_cookie, 5273 cap_rights_init(&rights, CAP_WRITE), &fp); 5274#endif 5275 if (fp == NULL) 5276 return (SET_ERROR(EBADF)); 5277 5278 off = fp->f_offset; 5279 5280#ifdef illumos 5281 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5282#else 5283 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 5284#endif 5285 5286 if (off >= 0 && off <= MAXOFFSET_T) 5287 fp->f_offset = off; 5288 releasef(zc->zc_cookie); 5289 5290 return (error); 5291} 5292 5293#ifdef illumos 5294/* 5295 * Remove all ACL files in shares dir 5296 */ 5297static int 5298zfs_smb_acl_purge(znode_t *dzp) 5299{ 5300 zap_cursor_t zc; 5301 zap_attribute_t zap; 5302 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5303 int error; 5304 5305 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5306 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5307 zap_cursor_advance(&zc)) { 5308 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5309 NULL, 0)) != 0) 5310 break; 5311 } 5312 zap_cursor_fini(&zc); 5313 return (error); 5314} 5315#endif /* illumos */ 5316 5317static int 5318zfs_ioc_smb_acl(zfs_cmd_t *zc) 5319{ 5320#ifdef illumos 5321 vnode_t *vp; 5322 znode_t *dzp; 5323 vnode_t *resourcevp = NULL; 5324 znode_t *sharedir; 5325 zfsvfs_t *zfsvfs; 5326 nvlist_t *nvlist; 5327 char *src, *target; 5328 vattr_t vattr; 5329 vsecattr_t vsec; 5330 int error = 0; 5331 5332 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5333 NO_FOLLOW, NULL, &vp)) != 0) 5334 return (error); 5335 5336 /* Now make sure mntpnt and dataset are ZFS */ 5337 5338 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 5339 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5340 zc->zc_name) != 0)) { 5341 VN_RELE(vp); 5342 return (SET_ERROR(EINVAL)); 5343 } 5344 5345 dzp = VTOZ(vp); 5346 zfsvfs = dzp->z_zfsvfs; 5347 ZFS_ENTER(zfsvfs); 5348 5349 /* 5350 * Create share dir if its missing. 5351 */ 5352 mutex_enter(&zfsvfs->z_lock); 5353 if (zfsvfs->z_shares_dir == 0) { 5354 dmu_tx_t *tx; 5355 5356 tx = dmu_tx_create(zfsvfs->z_os); 5357 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5358 ZFS_SHARES_DIR); 5359 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5360 error = dmu_tx_assign(tx, TXG_WAIT); 5361 if (error != 0) { 5362 dmu_tx_abort(tx); 5363 } else { 5364 error = zfs_create_share_dir(zfsvfs, tx); 5365 dmu_tx_commit(tx); 5366 } 5367 if (error != 0) { 5368 mutex_exit(&zfsvfs->z_lock); 5369 VN_RELE(vp); 5370 ZFS_EXIT(zfsvfs); 5371 return (error); 5372 } 5373 } 5374 mutex_exit(&zfsvfs->z_lock); 5375 5376 ASSERT(zfsvfs->z_shares_dir); 5377 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5378 VN_RELE(vp); 5379 ZFS_EXIT(zfsvfs); 5380 return (error); 5381 } 5382 5383 switch (zc->zc_cookie) { 5384 case ZFS_SMB_ACL_ADD: 5385 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5386 vattr.va_type = VREG; 5387 vattr.va_mode = S_IFREG|0777; 5388 vattr.va_uid = 0; 5389 vattr.va_gid = 0; 5390 5391 vsec.vsa_mask = VSA_ACE; 5392 vsec.vsa_aclentp = &full_access; 5393 vsec.vsa_aclentsz = sizeof (full_access); 5394 vsec.vsa_aclcnt = 1; 5395 5396 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5397 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5398 if (resourcevp) 5399 VN_RELE(resourcevp); 5400 break; 5401 5402 case ZFS_SMB_ACL_REMOVE: 5403 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5404 NULL, 0); 5405 break; 5406 5407 case ZFS_SMB_ACL_RENAME: 5408 if ((error = get_nvlist(zc->zc_nvlist_src, 5409 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5410 VN_RELE(vp); 5411 VN_RELE(ZTOV(sharedir)); 5412 ZFS_EXIT(zfsvfs); 5413 return (error); 5414 } 5415 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5416 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5417 &target)) { 5418 VN_RELE(vp); 5419 VN_RELE(ZTOV(sharedir)); 5420 ZFS_EXIT(zfsvfs); 5421 nvlist_free(nvlist); 5422 return (error); 5423 } 5424 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5425 kcred, NULL, 0); 5426 nvlist_free(nvlist); 5427 break; 5428 5429 case ZFS_SMB_ACL_PURGE: 5430 error = zfs_smb_acl_purge(sharedir); 5431 break; 5432 5433 default: 5434 error = SET_ERROR(EINVAL); 5435 break; 5436 } 5437 5438 VN_RELE(vp); 5439 VN_RELE(ZTOV(sharedir)); 5440 5441 ZFS_EXIT(zfsvfs); 5442 5443 return (error); 5444#else /* !illumos */ 5445 return (EOPNOTSUPP); 5446#endif /* illumos */ 5447} 5448 5449/* 5450 * innvl: { 5451 * "holds" -> { snapname -> holdname (string), ... } 5452 * (optional) "cleanup_fd" -> fd (int32) 5453 * } 5454 * 5455 * outnvl: { 5456 * snapname -> error value (int32) 5457 * ... 5458 * } 5459 */ 5460/* ARGSUSED */ 5461static int 5462zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5463{ 5464 nvpair_t *pair; 5465 nvlist_t *holds; 5466 int cleanup_fd = -1; 5467 int error; 5468 minor_t minor = 0; 5469 5470 error = nvlist_lookup_nvlist(args, "holds", &holds); 5471 if (error != 0) 5472 return (SET_ERROR(EINVAL)); 5473 5474 /* make sure the user didn't pass us any invalid (empty) tags */ 5475 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5476 pair = nvlist_next_nvpair(holds, pair)) { 5477 char *htag; 5478 5479 error = nvpair_value_string(pair, &htag); 5480 if (error != 0) 5481 return (SET_ERROR(error)); 5482 5483 if (strlen(htag) == 0) 5484 return (SET_ERROR(EINVAL)); 5485 } 5486 5487 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5488 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5489 if (error != 0) 5490 return (error); 5491 } 5492 5493 error = dsl_dataset_user_hold(holds, minor, errlist); 5494 if (minor != 0) 5495 zfs_onexit_fd_rele(cleanup_fd); 5496 return (error); 5497} 5498 5499/* 5500 * innvl is not used. 5501 * 5502 * outnvl: { 5503 * holdname -> time added (uint64 seconds since epoch) 5504 * ... 5505 * } 5506 */ 5507/* ARGSUSED */ 5508static int 5509zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5510{ 5511 return (dsl_dataset_get_holds(snapname, outnvl)); 5512} 5513 5514/* 5515 * innvl: { 5516 * snapname -> { holdname, ... } 5517 * ... 5518 * } 5519 * 5520 * outnvl: { 5521 * snapname -> error value (int32) 5522 * ... 5523 * } 5524 */ 5525/* ARGSUSED */ 5526static int 5527zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5528{ 5529 return (dsl_dataset_user_release(holds, errlist)); 5530} 5531 5532/* 5533 * inputs: 5534 * zc_name name of new filesystem or snapshot 5535 * zc_value full name of old snapshot 5536 * 5537 * outputs: 5538 * zc_cookie space in bytes 5539 * zc_objset_type compressed space in bytes 5540 * zc_perm_action uncompressed space in bytes 5541 */ 5542static int 5543zfs_ioc_space_written(zfs_cmd_t *zc) 5544{ 5545 int error; 5546 dsl_pool_t *dp; 5547 dsl_dataset_t *new, *old; 5548 5549 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5550 if (error != 0) 5551 return (error); 5552 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5553 if (error != 0) { 5554 dsl_pool_rele(dp, FTAG); 5555 return (error); 5556 } 5557 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5558 if (error != 0) { 5559 dsl_dataset_rele(new, FTAG); 5560 dsl_pool_rele(dp, FTAG); 5561 return (error); 5562 } 5563 5564 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5565 &zc->zc_objset_type, &zc->zc_perm_action); 5566 dsl_dataset_rele(old, FTAG); 5567 dsl_dataset_rele(new, FTAG); 5568 dsl_pool_rele(dp, FTAG); 5569 return (error); 5570} 5571 5572/* 5573 * innvl: { 5574 * "firstsnap" -> snapshot name 5575 * } 5576 * 5577 * outnvl: { 5578 * "used" -> space in bytes 5579 * "compressed" -> compressed space in bytes 5580 * "uncompressed" -> uncompressed space in bytes 5581 * } 5582 */ 5583static int 5584zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5585{ 5586 int error; 5587 dsl_pool_t *dp; 5588 dsl_dataset_t *new, *old; 5589 char *firstsnap; 5590 uint64_t used, comp, uncomp; 5591 5592 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5593 return (SET_ERROR(EINVAL)); 5594 5595 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5596 if (error != 0) 5597 return (error); 5598 5599 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5600 if (error == 0 && !new->ds_is_snapshot) { 5601 dsl_dataset_rele(new, FTAG); 5602 error = SET_ERROR(EINVAL); 5603 } 5604 if (error != 0) { 5605 dsl_pool_rele(dp, FTAG); 5606 return (error); 5607 } 5608 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5609 if (error == 0 && !old->ds_is_snapshot) { 5610 dsl_dataset_rele(old, FTAG); 5611 error = SET_ERROR(EINVAL); 5612 } 5613 if (error != 0) { 5614 dsl_dataset_rele(new, FTAG); 5615 dsl_pool_rele(dp, FTAG); 5616 return (error); 5617 } 5618 5619 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5620 dsl_dataset_rele(old, FTAG); 5621 dsl_dataset_rele(new, FTAG); 5622 dsl_pool_rele(dp, FTAG); 5623 fnvlist_add_uint64(outnvl, "used", used); 5624 fnvlist_add_uint64(outnvl, "compressed", comp); 5625 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5626 return (error); 5627} 5628 5629static int 5630zfs_ioc_jail(zfs_cmd_t *zc) 5631{ 5632 5633 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name, 5634 (int)zc->zc_jailid)); 5635} 5636 5637static int 5638zfs_ioc_unjail(zfs_cmd_t *zc) 5639{ 5640 5641 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name, 5642 (int)zc->zc_jailid)); 5643} 5644 5645/* 5646 * innvl: { 5647 * "fd" -> file descriptor to write stream to (int32) 5648 * (optional) "fromsnap" -> full snap name to send an incremental from 5649 * (optional) "largeblockok" -> (value ignored) 5650 * indicates that blocks > 128KB are permitted 5651 * (optional) "embedok" -> (value ignored) 5652 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5653 * (optional) "resume_object" and "resume_offset" -> (uint64) 5654 * if present, resume send stream from specified object and offset. 5655 * } 5656 * 5657 * outnvl is unused 5658 */ 5659/* ARGSUSED */ 5660static int 5661zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5662{ 5663 cap_rights_t rights; 5664 file_t *fp; 5665 int error; 5666 offset_t off; 5667 char *fromname = NULL; 5668 int fd; 5669 boolean_t largeblockok; 5670 boolean_t embedok; 5671 uint64_t resumeobj = 0; 5672 uint64_t resumeoff = 0; 5673 5674 error = nvlist_lookup_int32(innvl, "fd", &fd); 5675 if (error != 0) 5676 return (SET_ERROR(EINVAL)); 5677 5678 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5679 5680 largeblockok = nvlist_exists(innvl, "largeblockok"); 5681 embedok = nvlist_exists(innvl, "embedok"); 5682 5683 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5684 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5685 5686#ifdef illumos 5687 file_t *fp = getf(fd); 5688#else 5689 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 5690#endif 5691 if (fp == NULL) 5692 return (SET_ERROR(EBADF)); 5693 5694 off = fp->f_offset; 5695 error = dmu_send(snapname, fromname, embedok, largeblockok, fd, 5696#ifdef illumos 5697 resumeobj, resumeoff, fp->f_vnode, &off); 5698#else 5699 resumeobj, resumeoff, fp, &off); 5700#endif 5701 5702#ifdef illumos 5703 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5704 fp->f_offset = off; 5705#else 5706 fp->f_offset = off; 5707#endif 5708 5709 releasef(fd); 5710 return (error); 5711} 5712 5713/* 5714 * Determine approximately how large a zfs send stream will be -- the number 5715 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5716 * 5717 * innvl: { 5718 * (optional) "from" -> full snap or bookmark name to send an incremental 5719 * from 5720 * } 5721 * 5722 * outnvl: { 5723 * "space" -> bytes of space (uint64) 5724 * } 5725 */ 5726static int 5727zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5728{ 5729 dsl_pool_t *dp; 5730 dsl_dataset_t *tosnap; 5731 int error; 5732 char *fromname; 5733 uint64_t space; 5734 5735 error = dsl_pool_hold(snapname, FTAG, &dp); 5736 if (error != 0) 5737 return (error); 5738 5739 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 5740 if (error != 0) { 5741 dsl_pool_rele(dp, FTAG); 5742 return (error); 5743 } 5744 5745 error = nvlist_lookup_string(innvl, "from", &fromname); 5746 if (error == 0) { 5747 if (strchr(fromname, '@') != NULL) { 5748 /* 5749 * If from is a snapshot, hold it and use the more 5750 * efficient dmu_send_estimate to estimate send space 5751 * size using deadlists. 5752 */ 5753 dsl_dataset_t *fromsnap; 5754 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 5755 if (error != 0) 5756 goto out; 5757 error = dmu_send_estimate(tosnap, fromsnap, &space); 5758 dsl_dataset_rele(fromsnap, FTAG); 5759 } else if (strchr(fromname, '#') != NULL) { 5760 /* 5761 * If from is a bookmark, fetch the creation TXG of the 5762 * snapshot it was created from and use that to find 5763 * blocks that were born after it. 5764 */ 5765 zfs_bookmark_phys_t frombm; 5766 5767 error = dsl_bookmark_lookup(dp, fromname, tosnap, 5768 &frombm); 5769 if (error != 0) 5770 goto out; 5771 error = dmu_send_estimate_from_txg(tosnap, 5772 frombm.zbm_creation_txg, &space); 5773 } else { 5774 /* 5775 * from is not properly formatted as a snapshot or 5776 * bookmark 5777 */ 5778 error = SET_ERROR(EINVAL); 5779 goto out; 5780 } 5781 } else { 5782 // If estimating the size of a full send, use dmu_send_estimate 5783 error = dmu_send_estimate(tosnap, NULL, &space); 5784 } 5785 5786 fnvlist_add_uint64(outnvl, "space", space); 5787 5788out: 5789 dsl_dataset_rele(tosnap, FTAG); 5790 dsl_pool_rele(dp, FTAG); 5791 return (error); 5792} 5793 5794static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5795 5796static void 5797zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5798 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5799 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5800{ 5801 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5802 5803 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5804 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5805 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5806 ASSERT3P(vec->zvec_func, ==, NULL); 5807 5808 vec->zvec_legacy_func = func; 5809 vec->zvec_secpolicy = secpolicy; 5810 vec->zvec_namecheck = namecheck; 5811 vec->zvec_allow_log = log_history; 5812 vec->zvec_pool_check = pool_check; 5813} 5814 5815/* 5816 * See the block comment at the beginning of this file for details on 5817 * each argument to this function. 5818 */ 5819static void 5820zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5821 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5822 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5823 boolean_t allow_log) 5824{ 5825 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5826 5827 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5828 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5829 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5830 ASSERT3P(vec->zvec_func, ==, NULL); 5831 5832 /* if we are logging, the name must be valid */ 5833 ASSERT(!allow_log || namecheck != NO_NAME); 5834 5835 vec->zvec_name = name; 5836 vec->zvec_func = func; 5837 vec->zvec_secpolicy = secpolicy; 5838 vec->zvec_namecheck = namecheck; 5839 vec->zvec_pool_check = pool_check; 5840 vec->zvec_smush_outnvlist = smush_outnvlist; 5841 vec->zvec_allow_log = allow_log; 5842} 5843 5844static void 5845zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5846 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5847 zfs_ioc_poolcheck_t pool_check) 5848{ 5849 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5850 POOL_NAME, log_history, pool_check); 5851} 5852 5853static void 5854zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5855 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5856{ 5857 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5858 DATASET_NAME, B_FALSE, pool_check); 5859} 5860 5861static void 5862zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5863{ 5864 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5865 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5866} 5867 5868static void 5869zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5870 zfs_secpolicy_func_t *secpolicy) 5871{ 5872 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5873 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5874} 5875 5876static void 5877zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5878 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5879{ 5880 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5881 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5882} 5883 5884static void 5885zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5886{ 5887 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5888 zfs_secpolicy_read); 5889} 5890 5891static void 5892zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5893 zfs_secpolicy_func_t *secpolicy) 5894{ 5895 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5896 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5897} 5898 5899static void 5900zfs_ioctl_init(void) 5901{ 5902 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5903 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5904 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5905 5906 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5907 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5908 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5909 5910 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5911 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5912 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5913 5914 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5915 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5916 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5917 5918 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5919 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5920 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5921 5922 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5923 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5924 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5925 5926 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5927 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5928 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5929 5930 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5931 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5932 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5933 5934 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 5935 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 5936 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5937 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 5938 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 5939 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5940 5941 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 5942 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 5943 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5944 5945 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 5946 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 5947 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 5948 5949 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 5950 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 5951 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5952 5953 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 5954 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 5955 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5956 5957 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 5958 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 5959 POOL_NAME, 5960 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5961 5962 /* IOCTLS that use the legacy function signature */ 5963 5964 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5965 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 5966 5967 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 5968 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5969 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 5970 zfs_ioc_pool_scan); 5971 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 5972 zfs_ioc_pool_upgrade); 5973 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 5974 zfs_ioc_vdev_add); 5975 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 5976 zfs_ioc_vdev_remove); 5977 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 5978 zfs_ioc_vdev_set_state); 5979 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 5980 zfs_ioc_vdev_attach); 5981 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 5982 zfs_ioc_vdev_detach); 5983 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 5984 zfs_ioc_vdev_setpath); 5985 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 5986 zfs_ioc_vdev_setfru); 5987 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 5988 zfs_ioc_pool_set_props); 5989 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 5990 zfs_ioc_vdev_split); 5991 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 5992 zfs_ioc_pool_reguid); 5993 5994 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 5995 zfs_ioc_pool_configs, zfs_secpolicy_none); 5996 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 5997 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 5998 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 5999 zfs_ioc_inject_fault, zfs_secpolicy_inject); 6000 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 6001 zfs_ioc_clear_fault, zfs_secpolicy_inject); 6002 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 6003 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 6004 6005 /* 6006 * pool destroy, and export don't log the history as part of 6007 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6008 * does the logging of those commands. 6009 */ 6010 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6011 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6012 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6013 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6014 6015 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6016 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6017 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6018 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6019 6020 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6021 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE); 6022 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6023 zfs_ioc_dsobj_to_dsname, 6024 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE); 6025 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6026 zfs_ioc_pool_get_history, 6027 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6028 6029 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6030 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6031 6032 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6033 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6034 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6035 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6036 6037 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6038 zfs_ioc_space_written); 6039 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6040 zfs_ioc_objset_recvd_props); 6041 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6042 zfs_ioc_next_obj); 6043 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6044 zfs_ioc_get_fsacl); 6045 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6046 zfs_ioc_objset_stats); 6047 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6048 zfs_ioc_objset_zplprops); 6049 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6050 zfs_ioc_dataset_list_next); 6051 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6052 zfs_ioc_snapshot_list_next); 6053 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6054 zfs_ioc_send_progress); 6055 6056 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6057 zfs_ioc_diff, zfs_secpolicy_diff); 6058 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6059 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6060 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6061 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6062 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6063 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6064 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6065 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6066 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6067 zfs_ioc_send, zfs_secpolicy_send); 6068 6069 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6070 zfs_secpolicy_none); 6071 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6072 zfs_secpolicy_destroy); 6073 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6074 zfs_secpolicy_rename); 6075 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6076 zfs_secpolicy_recv); 6077 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6078 zfs_secpolicy_promote); 6079 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6080 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6081 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6082 zfs_secpolicy_set_fsacl); 6083 6084 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6085 zfs_secpolicy_share, POOL_CHECK_NONE); 6086 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6087 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6088 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6089 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6090 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6091 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6092 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6093 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6094 6095#ifdef __FreeBSD__ 6096 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail, 6097 zfs_secpolicy_config, POOL_CHECK_NONE); 6098 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail, 6099 zfs_secpolicy_config, POOL_CHECK_NONE); 6100 zfs_ioctl_register("fbsd_nextboot", ZFS_IOC_NEXTBOOT, 6101 zfs_ioc_nextboot, zfs_secpolicy_config, NO_NAME, 6102 POOL_CHECK_NONE, B_FALSE, B_FALSE); 6103#endif 6104} 6105 6106int 6107pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6108 zfs_ioc_poolcheck_t check) 6109{ 6110 spa_t *spa; 6111 int error; 6112 6113 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6114 6115 if (check & POOL_CHECK_NONE) 6116 return (0); 6117 6118 error = spa_open(name, &spa, FTAG); 6119 if (error == 0) { 6120 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6121 error = SET_ERROR(EAGAIN); 6122 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6123 error = SET_ERROR(EROFS); 6124 spa_close(spa, FTAG); 6125 } 6126 return (error); 6127} 6128 6129/* 6130 * Find a free minor number. 6131 */ 6132minor_t 6133zfsdev_minor_alloc(void) 6134{ 6135 static minor_t last_minor; 6136 minor_t m; 6137 6138 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6139 6140 for (m = last_minor + 1; m != last_minor; m++) { 6141 if (m > ZFSDEV_MAX_MINOR) 6142 m = 1; 6143 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6144 last_minor = m; 6145 return (m); 6146 } 6147 } 6148 6149 return (0); 6150} 6151 6152static int 6153zfs_ctldev_init(struct cdev *devp) 6154{ 6155 minor_t minor; 6156 zfs_soft_state_t *zs; 6157 6158 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6159 6160 minor = zfsdev_minor_alloc(); 6161 if (minor == 0) 6162 return (SET_ERROR(ENXIO)); 6163 6164 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6165 return (SET_ERROR(EAGAIN)); 6166 6167 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close); 6168 6169 zs = ddi_get_soft_state(zfsdev_state, minor); 6170 zs->zss_type = ZSST_CTLDEV; 6171 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6172 6173 return (0); 6174} 6175 6176static void 6177zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6178{ 6179 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6180 6181 zfs_onexit_destroy(zo); 6182 ddi_soft_state_free(zfsdev_state, minor); 6183} 6184 6185void * 6186zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6187{ 6188 zfs_soft_state_t *zp; 6189 6190 zp = ddi_get_soft_state(zfsdev_state, minor); 6191 if (zp == NULL || zp->zss_type != which) 6192 return (NULL); 6193 6194 return (zp->zss_data); 6195} 6196 6197static int 6198zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td) 6199{ 6200 int error = 0; 6201 6202#ifdef illumos 6203 if (getminor(*devp) != 0) 6204 return (zvol_open(devp, flag, otyp, cr)); 6205#endif 6206 6207 /* This is the control device. Allocate a new minor if requested. */ 6208 if (flag & FEXCL) { 6209 mutex_enter(&spa_namespace_lock); 6210 error = zfs_ctldev_init(devp); 6211 mutex_exit(&spa_namespace_lock); 6212 } 6213 6214 return (error); 6215} 6216 6217static void 6218zfsdev_close(void *data) 6219{ 6220 zfs_onexit_t *zo; 6221 minor_t minor = (minor_t)(uintptr_t)data; 6222 6223 if (minor == 0) 6224 return; 6225 6226 mutex_enter(&spa_namespace_lock); 6227 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6228 if (zo == NULL) { 6229 mutex_exit(&spa_namespace_lock); 6230 return; 6231 } 6232 zfs_ctldev_destroy(zo, minor); 6233 mutex_exit(&spa_namespace_lock); 6234} 6235 6236static int 6237zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag, 6238 struct thread *td) 6239{ 6240 zfs_cmd_t *zc; 6241 uint_t vecnum; 6242 int error, rc, len; 6243#ifdef illumos 6244 minor_t minor = getminor(dev); 6245#else 6246 zfs_iocparm_t *zc_iocparm; 6247 int cflag, cmd, oldvecnum; 6248 boolean_t newioc, compat; 6249 void *compat_zc = NULL; 6250 cred_t *cr = td->td_ucred; 6251#endif 6252 const zfs_ioc_vec_t *vec; 6253 char *saved_poolname = NULL; 6254 nvlist_t *innvl = NULL; 6255 6256 cflag = ZFS_CMD_COMPAT_NONE; 6257 compat = B_FALSE; 6258 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */ 6259 6260 len = IOCPARM_LEN(zcmd); 6261 vecnum = cmd = zcmd & 0xff; 6262 6263 /* 6264 * Check if we are talking to supported older binaries 6265 * and translate zfs_cmd if necessary 6266 */ 6267 if (len != sizeof(zfs_iocparm_t)) { 6268 newioc = B_FALSE; 6269 compat = B_TRUE; 6270 6271 vecnum = cmd; 6272 6273 switch (len) { 6274 case sizeof(zfs_cmd_zcmd_t): 6275 cflag = ZFS_CMD_COMPAT_LZC; 6276 break; 6277 case sizeof(zfs_cmd_deadman_t): 6278 cflag = ZFS_CMD_COMPAT_DEADMAN; 6279 break; 6280 case sizeof(zfs_cmd_v28_t): 6281 cflag = ZFS_CMD_COMPAT_V28; 6282 break; 6283 case sizeof(zfs_cmd_v15_t): 6284 if (cmd >= sizeof(zfs_ioctl_v15_to_v28) / 6285 sizeof(zfs_ioctl_v15_to_v28[0])) 6286 return (EINVAL); 6287 6288 cflag = ZFS_CMD_COMPAT_V15; 6289 vecnum = zfs_ioctl_v15_to_v28[cmd]; 6290 6291 /* 6292 * Return without further handling 6293 * if the command is blacklisted. 6294 */ 6295 if (vecnum == ZFS_IOC_COMPAT_PASS) 6296 return (0); 6297 else if (vecnum == ZFS_IOC_COMPAT_FAIL) 6298 return (ENOTSUP); 6299 break; 6300 default: 6301 return (EINVAL); 6302 } 6303 } 6304 6305#ifdef illumos 6306 vecnum = cmd - ZFS_IOC_FIRST; 6307 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6308#endif 6309 6310 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6311 return (SET_ERROR(EINVAL)); 6312 vec = &zfs_ioc_vec[vecnum]; 6313 6314 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6315 6316#ifdef illumos 6317 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6318 if (error != 0) { 6319 error = SET_ERROR(EFAULT); 6320 goto out; 6321 } 6322#else /* !illumos */ 6323 bzero(zc, sizeof(zfs_cmd_t)); 6324 6325 if (newioc) { 6326 zc_iocparm = (void *)arg; 6327 6328 switch (zc_iocparm->zfs_ioctl_version) { 6329 case ZFS_IOCVER_CURRENT: 6330 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) { 6331 error = SET_ERROR(EINVAL); 6332 goto out; 6333 } 6334 break; 6335 case ZFS_IOCVER_INLANES: 6336 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_inlanes_t)) { 6337 error = SET_ERROR(EFAULT); 6338 goto out; 6339 } 6340 compat = B_TRUE; 6341 cflag = ZFS_CMD_COMPAT_INLANES; 6342 break; 6343 case ZFS_IOCVER_RESUME: 6344 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) { 6345 error = SET_ERROR(EFAULT); 6346 goto out; 6347 } 6348 compat = B_TRUE; 6349 cflag = ZFS_CMD_COMPAT_RESUME; 6350 break; 6351 case ZFS_IOCVER_EDBP: 6352 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) { 6353 error = SET_ERROR(EFAULT); 6354 goto out; 6355 } 6356 compat = B_TRUE; 6357 cflag = ZFS_CMD_COMPAT_EDBP; 6358 break; 6359 case ZFS_IOCVER_ZCMD: 6360 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) || 6361 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) { 6362 error = SET_ERROR(EFAULT); 6363 goto out; 6364 } 6365 compat = B_TRUE; 6366 cflag = ZFS_CMD_COMPAT_ZCMD; 6367 break; 6368 default: 6369 error = SET_ERROR(EINVAL); 6370 goto out; 6371 /* NOTREACHED */ 6372 } 6373 6374 if (compat) { 6375 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6376 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6377 bzero(compat_zc, sizeof(zfs_cmd_t)); 6378 6379 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6380 compat_zc, zc_iocparm->zfs_cmd_size, flag); 6381 if (error != 0) { 6382 error = SET_ERROR(EFAULT); 6383 goto out; 6384 } 6385 } else { 6386 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6387 zc, zc_iocparm->zfs_cmd_size, flag); 6388 if (error != 0) { 6389 error = SET_ERROR(EFAULT); 6390 goto out; 6391 } 6392 } 6393 } 6394 6395 if (compat) { 6396 if (newioc) { 6397 ASSERT(compat_zc != NULL); 6398 zfs_cmd_compat_get(zc, compat_zc, cflag); 6399 } else { 6400 ASSERT(compat_zc == NULL); 6401 zfs_cmd_compat_get(zc, arg, cflag); 6402 } 6403 oldvecnum = vecnum; 6404 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag); 6405 if (error != 0) 6406 goto out; 6407 if (oldvecnum != vecnum) 6408 vec = &zfs_ioc_vec[vecnum]; 6409 } 6410#endif /* !illumos */ 6411 6412 zc->zc_iflags = flag & FKIOCTL; 6413 if (zc->zc_nvlist_src_size != 0) { 6414 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6415 zc->zc_iflags, &innvl); 6416 if (error != 0) 6417 goto out; 6418 } 6419 6420 /* rewrite innvl for backwards compatibility */ 6421 if (compat) 6422 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag); 6423 6424 /* 6425 * Ensure that all pool/dataset names are valid before we pass down to 6426 * the lower layers. 6427 */ 6428 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6429 switch (vec->zvec_namecheck) { 6430 case POOL_NAME: 6431 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6432 error = SET_ERROR(EINVAL); 6433 else 6434 error = pool_status_check(zc->zc_name, 6435 vec->zvec_namecheck, vec->zvec_pool_check); 6436 break; 6437 6438 case DATASET_NAME: 6439 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6440 error = SET_ERROR(EINVAL); 6441 else 6442 error = pool_status_check(zc->zc_name, 6443 vec->zvec_namecheck, vec->zvec_pool_check); 6444 break; 6445 6446 case NO_NAME: 6447 break; 6448 } 6449 6450 if (error == 0) 6451 error = vec->zvec_secpolicy(zc, innvl, cr); 6452 6453 if (error != 0) 6454 goto out; 6455 6456 /* legacy ioctls can modify zc_name */ 6457 len = strcspn(zc->zc_name, "/@#") + 1; 6458 saved_poolname = kmem_alloc(len, KM_SLEEP); 6459 (void) strlcpy(saved_poolname, zc->zc_name, len); 6460 6461 if (vec->zvec_func != NULL) { 6462 nvlist_t *outnvl; 6463 int puterror = 0; 6464 spa_t *spa; 6465 nvlist_t *lognv = NULL; 6466 6467 ASSERT(vec->zvec_legacy_func == NULL); 6468 6469 /* 6470 * Add the innvl to the lognv before calling the func, 6471 * in case the func changes the innvl. 6472 */ 6473 if (vec->zvec_allow_log) { 6474 lognv = fnvlist_alloc(); 6475 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6476 vec->zvec_name); 6477 if (!nvlist_empty(innvl)) { 6478 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6479 innvl); 6480 } 6481 } 6482 6483 outnvl = fnvlist_alloc(); 6484 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6485 6486 if (error == 0 && vec->zvec_allow_log && 6487 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6488 if (!nvlist_empty(outnvl)) { 6489 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6490 outnvl); 6491 } 6492 (void) spa_history_log_nvl(spa, lognv); 6493 spa_close(spa, FTAG); 6494 } 6495 fnvlist_free(lognv); 6496 6497 /* rewrite outnvl for backwards compatibility */ 6498 if (compat) 6499 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum, 6500 cflag); 6501 6502 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6503 int smusherror = 0; 6504 if (vec->zvec_smush_outnvlist) { 6505 smusherror = nvlist_smush(outnvl, 6506 zc->zc_nvlist_dst_size); 6507 } 6508 if (smusherror == 0) 6509 puterror = put_nvlist(zc, outnvl); 6510 } 6511 6512 if (puterror != 0) 6513 error = puterror; 6514 6515 nvlist_free(outnvl); 6516 } else { 6517 error = vec->zvec_legacy_func(zc); 6518 } 6519 6520out: 6521 nvlist_free(innvl); 6522 6523#ifdef illumos 6524 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6525 if (error == 0 && rc != 0) 6526 error = SET_ERROR(EFAULT); 6527#else 6528 if (compat) { 6529 zfs_ioctl_compat_post(zc, cmd, cflag); 6530 if (newioc) { 6531 ASSERT(compat_zc != NULL); 6532 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6533 6534 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag); 6535 rc = ddi_copyout(compat_zc, 6536 (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6537 zc_iocparm->zfs_cmd_size, flag); 6538 if (error == 0 && rc != 0) 6539 error = SET_ERROR(EFAULT); 6540 kmem_free(compat_zc, sizeof (zfs_cmd_t)); 6541 } else { 6542 zfs_cmd_compat_put(zc, arg, vecnum, cflag); 6543 } 6544 } else { 6545 ASSERT(newioc); 6546 6547 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6548 sizeof (zfs_cmd_t), flag); 6549 if (error == 0 && rc != 0) 6550 error = SET_ERROR(EFAULT); 6551 } 6552#endif 6553 if (error == 0 && vec->zvec_allow_log) { 6554 char *s = tsd_get(zfs_allow_log_key); 6555 if (s != NULL) 6556 strfree(s); 6557 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6558 } else { 6559 if (saved_poolname != NULL) 6560 strfree(saved_poolname); 6561 } 6562 6563 kmem_free(zc, sizeof (zfs_cmd_t)); 6564 return (error); 6565} 6566 6567#ifdef illumos 6568static int 6569zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6570{ 6571 if (cmd != DDI_ATTACH) 6572 return (DDI_FAILURE); 6573 6574 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6575 DDI_PSEUDO, 0) == DDI_FAILURE) 6576 return (DDI_FAILURE); 6577 6578 zfs_dip = dip; 6579 6580 ddi_report_dev(dip); 6581 6582 return (DDI_SUCCESS); 6583} 6584 6585static int 6586zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6587{ 6588 if (spa_busy() || zfs_busy() || zvol_busy()) 6589 return (DDI_FAILURE); 6590 6591 if (cmd != DDI_DETACH) 6592 return (DDI_FAILURE); 6593 6594 zfs_dip = NULL; 6595 6596 ddi_prop_remove_all(dip); 6597 ddi_remove_minor_node(dip, NULL); 6598 6599 return (DDI_SUCCESS); 6600} 6601 6602/*ARGSUSED*/ 6603static int 6604zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6605{ 6606 switch (infocmd) { 6607 case DDI_INFO_DEVT2DEVINFO: 6608 *result = zfs_dip; 6609 return (DDI_SUCCESS); 6610 6611 case DDI_INFO_DEVT2INSTANCE: 6612 *result = (void *)0; 6613 return (DDI_SUCCESS); 6614 } 6615 6616 return (DDI_FAILURE); 6617} 6618#endif /* illumos */ 6619 6620/* 6621 * OK, so this is a little weird. 6622 * 6623 * /dev/zfs is the control node, i.e. minor 0. 6624 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6625 * 6626 * /dev/zfs has basically nothing to do except serve up ioctls, 6627 * so most of the standard driver entry points are in zvol.c. 6628 */ 6629#ifdef illumos 6630static struct cb_ops zfs_cb_ops = { 6631 zfsdev_open, /* open */ 6632 zfsdev_close, /* close */ 6633 zvol_strategy, /* strategy */ 6634 nodev, /* print */ 6635 zvol_dump, /* dump */ 6636 zvol_read, /* read */ 6637 zvol_write, /* write */ 6638 zfsdev_ioctl, /* ioctl */ 6639 nodev, /* devmap */ 6640 nodev, /* mmap */ 6641 nodev, /* segmap */ 6642 nochpoll, /* poll */ 6643 ddi_prop_op, /* prop_op */ 6644 NULL, /* streamtab */ 6645 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6646 CB_REV, /* version */ 6647 nodev, /* async read */ 6648 nodev, /* async write */ 6649}; 6650 6651static struct dev_ops zfs_dev_ops = { 6652 DEVO_REV, /* version */ 6653 0, /* refcnt */ 6654 zfs_info, /* info */ 6655 nulldev, /* identify */ 6656 nulldev, /* probe */ 6657 zfs_attach, /* attach */ 6658 zfs_detach, /* detach */ 6659 nodev, /* reset */ 6660 &zfs_cb_ops, /* driver operations */ 6661 NULL, /* no bus operations */ 6662 NULL, /* power */ 6663 ddi_quiesce_not_needed, /* quiesce */ 6664}; 6665 6666static struct modldrv zfs_modldrv = { 6667 &mod_driverops, 6668 "ZFS storage pool", 6669 &zfs_dev_ops 6670}; 6671 6672static struct modlinkage modlinkage = { 6673 MODREV_1, 6674 (void *)&zfs_modlfs, 6675 (void *)&zfs_modldrv, 6676 NULL 6677}; 6678#endif /* illumos */ 6679 6680static struct cdevsw zfs_cdevsw = { 6681 .d_version = D_VERSION, 6682 .d_open = zfsdev_open, 6683 .d_ioctl = zfsdev_ioctl, 6684 .d_name = ZFS_DEV_NAME 6685}; 6686 6687static void 6688zfs_allow_log_destroy(void *arg) 6689{ 6690 char *poolname = arg; 6691 strfree(poolname); 6692} 6693 6694static void 6695zfsdev_init(void) 6696{ 6697 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666, 6698 ZFS_DEV_NAME); 6699} 6700 6701static void 6702zfsdev_fini(void) 6703{ 6704 if (zfsdev != NULL) 6705 destroy_dev(zfsdev); 6706} 6707 6708static struct root_hold_token *zfs_root_token; 6709struct proc *zfsproc; 6710 6711#ifdef illumos 6712int 6713_init(void) 6714{ 6715 int error; 6716 6717 spa_init(FREAD | FWRITE); 6718 zfs_init(); 6719 zvol_init(); 6720 zfs_ioctl_init(); 6721 6722 if ((error = mod_install(&modlinkage)) != 0) { 6723 zvol_fini(); 6724 zfs_fini(); 6725 spa_fini(); 6726 return (error); 6727 } 6728 6729 tsd_create(&zfs_fsyncer_key, NULL); 6730 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6731 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6732 6733 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 6734 ASSERT(error == 0); 6735 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6736 6737 return (0); 6738} 6739 6740int 6741_fini(void) 6742{ 6743 int error; 6744 6745 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 6746 return (SET_ERROR(EBUSY)); 6747 6748 if ((error = mod_remove(&modlinkage)) != 0) 6749 return (error); 6750 6751 zvol_fini(); 6752 zfs_fini(); 6753 spa_fini(); 6754 if (zfs_nfsshare_inited) 6755 (void) ddi_modclose(nfs_mod); 6756 if (zfs_smbshare_inited) 6757 (void) ddi_modclose(smbsrv_mod); 6758 if (zfs_nfsshare_inited || zfs_smbshare_inited) 6759 (void) ddi_modclose(sharefs_mod); 6760 6761 tsd_destroy(&zfs_fsyncer_key); 6762 ldi_ident_release(zfs_li); 6763 zfs_li = NULL; 6764 mutex_destroy(&zfs_share_lock); 6765 6766 return (error); 6767} 6768 6769int 6770_info(struct modinfo *modinfop) 6771{ 6772 return (mod_info(&modlinkage, modinfop)); 6773} 6774#endif /* illumos */ 6775 6776static int zfs__init(void); 6777static int zfs__fini(void); 6778static void zfs_shutdown(void *, int); 6779 6780static eventhandler_tag zfs_shutdown_event_tag; 6781 6782#ifdef __FreeBSD__ 6783#define ZFS_MIN_KSTACK_PAGES 4 6784#endif 6785 6786int 6787zfs__init(void) 6788{ 6789 6790#ifdef __FreeBSD__ 6791#if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES 6792 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack " 6793 "overflow panic!\nPlease consider adding " 6794 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES, 6795 ZFS_MIN_KSTACK_PAGES); 6796#endif 6797#endif 6798 zfs_root_token = root_mount_hold("ZFS"); 6799 6800 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6801 6802 spa_init(FREAD | FWRITE); 6803 zfs_init(); 6804 zvol_init(); 6805 zfs_ioctl_init(); 6806 6807 tsd_create(&zfs_fsyncer_key, NULL); 6808 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6809 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6810 tsd_create(&zfs_geom_probe_vdev_key, NULL); 6811 6812 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n"); 6813 root_mount_rel(zfs_root_token); 6814 6815 zfsdev_init(); 6816 6817 return (0); 6818} 6819 6820int 6821zfs__fini(void) 6822{ 6823 if (spa_busy() || zfs_busy() || zvol_busy() || 6824 zio_injection_enabled) { 6825 return (EBUSY); 6826 } 6827 6828 zfsdev_fini(); 6829 zvol_fini(); 6830 zfs_fini(); 6831 spa_fini(); 6832 6833 tsd_destroy(&zfs_fsyncer_key); 6834 tsd_destroy(&rrw_tsd_key); 6835 tsd_destroy(&zfs_allow_log_key); 6836 6837 mutex_destroy(&zfs_share_lock); 6838 6839 return (0); 6840} 6841 6842static void 6843zfs_shutdown(void *arg __unused, int howto __unused) 6844{ 6845 6846 /* 6847 * ZFS fini routines can not properly work in a panic-ed system. 6848 */ 6849 if (panicstr == NULL) 6850 (void)zfs__fini(); 6851} 6852 6853 6854static int 6855zfs_modevent(module_t mod, int type, void *unused __unused) 6856{ 6857 int err; 6858 6859 switch (type) { 6860 case MOD_LOAD: 6861 err = zfs__init(); 6862 if (err == 0) 6863 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER( 6864 shutdown_post_sync, zfs_shutdown, NULL, 6865 SHUTDOWN_PRI_FIRST); 6866 return (err); 6867 case MOD_UNLOAD: 6868 err = zfs__fini(); 6869 if (err == 0 && zfs_shutdown_event_tag != NULL) 6870 EVENTHANDLER_DEREGISTER(shutdown_post_sync, 6871 zfs_shutdown_event_tag); 6872 return (err); 6873 case MOD_SHUTDOWN: 6874 return (0); 6875 default: 6876 break; 6877 } 6878 return (EOPNOTSUPP); 6879} 6880 6881static moduledata_t zfs_mod = { 6882 "zfsctrl", 6883 zfs_modevent, 6884 0 6885}; 6886DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY); 6887MODULE_VERSION(zfsctrl, 1); 6888MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1); 6889MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1); 6890MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1); 6891