1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3 * CDDL HEADER START
4 *
5 * The contents of this file are subject to the terms of the
6 * Common Development and Distribution License (the "License").
7 * You may not use this file except in compliance with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or https://opensource.org/licenses/CDDL-1.0.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23 /*
24 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
25 * Portions Copyright 2011 Martin Matuska
26 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
27 * Copyright (c) 2012 Pawel Jakub Dawidek
28 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
29 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
30 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
31 * Copyright (c) 2011, 2024 by Delphix. All rights reserved.
32 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
33 * Copyright (c) 2013 Steven Hartland. All rights reserved.
34 * Copyright (c) 2014 Integros [integros.com]
35 * Copyright 2016 Toomas Soome <tsoome@me.com>
36 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
37 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
38 * Copyright 2017 RackTop Systems.
39 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
40 * Copyright (c) 2019 Datto Inc.
41 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
42 * Copyright (c) 2019, 2021, 2023, 2024, Klara Inc.
43 * Copyright (c) 2019, Allan Jude
44 * Copyright 2024 Oxide Computer Company
45 */
46
47 /*
48 * ZFS ioctls.
49 *
50 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
51 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
52 *
53 * There are two ways that we handle ioctls: the legacy way where almost
54 * all of the logic is in the ioctl callback, and the new way where most
55 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
56 *
57 * Non-legacy ioctls should be registered by calling
58 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
59 * from userland by lzc_ioctl().
60 *
61 * The registration arguments are as follows:
62 *
63 * const char *name
64 * The name of the ioctl. This is used for history logging. If the
65 * ioctl returns successfully (the callback returns 0), and allow_log
66 * is true, then a history log entry will be recorded with the input &
67 * output nvlists. The log entry can be printed with "zpool history -i".
68 *
69 * zfs_ioc_t ioc
70 * The ioctl request number, which userland will pass to ioctl(2).
71 * We want newer versions of libzfs and libzfs_core to run against
72 * existing zfs kernel modules (i.e. a deferred reboot after an update).
73 * Therefore the ioctl numbers cannot change from release to release.
74 *
75 * zfs_secpolicy_func_t *secpolicy
76 * This function will be called before the zfs_ioc_func_t, to
77 * determine if this operation is permitted. It should return EPERM
78 * on failure, and 0 on success. Checks include determining if the
79 * dataset is visible in this zone, and if the user has either all
80 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
81 * to do this operation on this dataset with "zfs allow".
82 *
83 * zfs_ioc_namecheck_t namecheck
84 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
85 * name, a dataset name, or nothing. If the name is not well-formed,
86 * the ioctl will fail and the callback will not be called.
87 * Therefore, the callback can assume that the name is well-formed
88 * (e.g. is null-terminated, doesn't have more than one '@' character,
89 * doesn't have invalid characters).
90 *
91 * zfs_ioc_poolcheck_t pool_check
92 * This specifies requirements on the pool state. If the pool does
93 * not meet them (is suspended or is readonly), the ioctl will fail
94 * and the callback will not be called. If any checks are specified
95 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
96 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
97 * POOL_CHECK_READONLY).
98 *
99 * zfs_ioc_key_t *nvl_keys
100 * The list of expected/allowable innvl input keys. This list is used
101 * to validate the nvlist input to the ioctl.
102 *
103 * boolean_t smush_outnvlist
104 * If smush_outnvlist is true, then the output is presumed to be a
105 * list of errors, and it will be "smushed" down to fit into the
106 * caller's buffer, by removing some entries and replacing them with a
107 * single "N_MORE_ERRORS" entry indicating how many were removed. See
108 * nvlist_smush() for details. If smush_outnvlist is false, and the
109 * outnvlist does not fit into the userland-provided buffer, then the
110 * ioctl will fail with ENOMEM.
111 *
112 * zfs_ioc_func_t *func
113 * The callback function that will perform the operation.
114 *
115 * The callback should return 0 on success, or an error number on
116 * failure. If the function fails, the userland ioctl will return -1,
117 * and errno will be set to the callback's return value. The callback
118 * will be called with the following arguments:
119 *
120 * const char *name
121 * The name of the pool or dataset to operate on, from
122 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
123 * expected type (pool, dataset, or none).
124 *
125 * nvlist_t *innvl
126 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
127 * NULL if no input nvlist was provided. Changes to this nvlist are
128 * ignored. If the input nvlist could not be deserialized, the
129 * ioctl will fail and the callback will not be called.
130 *
131 * nvlist_t *outnvl
132 * The output nvlist, initially empty. The callback can fill it in,
133 * and it will be returned to userland by serializing it into
134 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
135 * fails (e.g. because the caller didn't supply a large enough
136 * buffer), then the overall ioctl will fail. See the
137 * 'smush_nvlist' argument above for additional behaviors.
138 *
139 * There are two typical uses of the output nvlist:
140 * - To return state, e.g. property values. In this case,
141 * smush_outnvlist should be false. If the buffer was not large
142 * enough, the caller will reallocate a larger buffer and try
143 * the ioctl again.
144 *
145 * - To return multiple errors from an ioctl which makes on-disk
146 * changes. In this case, smush_outnvlist should be true.
147 * Ioctls which make on-disk modifications should generally not
148 * use the outnvl if they succeed, because the caller can not
149 * distinguish between the operation failing, and
150 * deserialization failing.
151 *
152 * IOCTL Interface Errors
153 *
154 * The following ioctl input errors can be returned:
155 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
156 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
157 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
158 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
159 */
160
161 #include <sys/types.h>
162 #include <sys/param.h>
163 #include <sys/errno.h>
164 #include <sys/file.h>
165 #include <sys/kmem.h>
166 #include <sys/cmn_err.h>
167 #include <sys/stat.h>
168 #include <sys/zfs_ioctl.h>
169 #include <sys/zfs_quota.h>
170 #include <sys/zfs_vfsops.h>
171 #include <sys/zfs_znode.h>
172 #include <sys/zap.h>
173 #include <sys/spa.h>
174 #include <sys/spa_impl.h>
175 #include <sys/vdev.h>
176 #include <sys/vdev_impl.h>
177 #include <sys/dmu.h>
178 #include <sys/dsl_dir.h>
179 #include <sys/dsl_dataset.h>
180 #include <sys/dsl_prop.h>
181 #include <sys/dsl_deleg.h>
182 #include <sys/dmu_objset.h>
183 #include <sys/dmu_impl.h>
184 #include <sys/dmu_redact.h>
185 #include <sys/dmu_tx.h>
186 #include <sys/sunddi.h>
187 #include <sys/policy.h>
188 #include <sys/zone.h>
189 #include <sys/nvpair.h>
190 #include <sys/pathname.h>
191 #include <sys/fs/zfs.h>
192 #include <sys/zfs_ctldir.h>
193 #include <sys/zfs_dir.h>
194 #include <sys/zfs_onexit.h>
195 #include <sys/zvol.h>
196 #include <sys/dsl_scan.h>
197 #include <sys/fm/util.h>
198 #include <sys/dsl_crypt.h>
199 #include <sys/rrwlock.h>
200 #include <sys/zfs_file.h>
201
202 #include <sys/dmu_recv.h>
203 #include <sys/dmu_send.h>
204 #include <sys/dmu_recv.h>
205 #include <sys/dsl_destroy.h>
206 #include <sys/dsl_bookmark.h>
207 #include <sys/dsl_userhold.h>
208 #include <sys/zfeature.h>
209 #include <sys/zcp.h>
210 #include <sys/zio_checksum.h>
211 #include <sys/vdev_removal.h>
212 #include <sys/vdev_impl.h>
213 #include <sys/vdev_initialize.h>
214 #include <sys/vdev_trim.h>
215
216 #include "zfs_namecheck.h"
217 #include "zfs_prop.h"
218 #include "zfs_deleg.h"
219 #include "zfs_comutil.h"
220
221 #include <sys/lua/lua.h>
222 #include <sys/lua/lauxlib.h>
223 #include <sys/zfs_ioctl_impl.h>
224
225 kmutex_t zfsdev_state_lock;
226 static zfsdev_state_t zfsdev_state_listhead;
227
228 /*
229 * Limit maximum nvlist size. We don't want users passing in insane values
230 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
231 * Defaults to 0=auto which is handled by platform code.
232 */
233 uint64_t zfs_max_nvlist_src_size = 0;
234
235 /*
236 * When logging the output nvlist of an ioctl in the on-disk history, limit
237 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS.
238 * This applies primarily to zfs_ioc_channel_program().
239 */
240 static uint64_t zfs_history_output_max = 1024 * 1024;
241
242 uint_t zfs_allow_log_key;
243
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
246
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
258 } zfs_ioc_vec_t;
259
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
274 };
275
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
279 cred_t *cr);
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
281 nvlist_t **errors);
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
283 boolean_t *);
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
286
287 static void
history_str_free(char * buf)288 history_str_free(char *buf)
289 {
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
291 }
292
293 static char *
history_str_get(zfs_cmd_t * zc)294 history_str_get(zfs_cmd_t *zc)
295 {
296 char *buf;
297
298 if (zc->zc_history == 0)
299 return (NULL);
300
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
305 return (NULL);
306 }
307
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
309
310 return (buf);
311 }
312
313 /*
314 * Return non-zero if the spa version is less than requested version.
315 */
316 static int
zfs_earlier_version(const char * name,int version)317 zfs_earlier_version(const char *name, int version)
318 {
319 spa_t *spa;
320
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
324 return (1);
325 }
326 spa_close(spa, FTAG);
327 }
328 return (0);
329 }
330
331 /*
332 * Return TRUE if the ZPL version is less than requested version.
333 */
334 static boolean_t
zpl_earlier_version(const char * name,int version)335 zpl_earlier_version(const char *name, int version)
336 {
337 objset_t *os;
338 boolean_t rc = B_TRUE;
339
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
341 uint64_t zplversion;
342
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
345 return (B_TRUE);
346 }
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
351 }
352 return (rc);
353 }
354
355 static void
zfs_log_history(zfs_cmd_t * zc)356 zfs_log_history(zfs_cmd_t *zc)
357 {
358 spa_t *spa;
359 char *buf;
360
361 if ((buf = history_str_get(zc)) == NULL)
362 return;
363
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
368 }
369 history_str_free(buf);
370 }
371
372 /*
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
375 */
376 static int
zfs_secpolicy_none(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)377 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
378 {
379 (void) zc, (void) innvl, (void) cr;
380 return (0);
381 }
382
383 /*
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
386 */
387 static int
zfs_secpolicy_read(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)388 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
389 {
390 (void) innvl, (void) cr;
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
393 return (0);
394
395 return (SET_ERROR(ENOENT));
396 }
397
398 static int
zfs_dozonecheck_impl(const char * dataset,uint64_t zoned,cred_t * cr)399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
400 {
401 int writable = 1;
402
403 /*
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
406 */
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
410
411 if (INGLOBALZONE(curproc)) {
412 /*
413 * If the fs is zoned, only root can access it from the
414 * global zone.
415 */
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
418 } else {
419 /*
420 * If we are in a local zone, the 'zoned' property must be set.
421 */
422 if (!zoned)
423 return (SET_ERROR(EPERM));
424
425 /* must be writable by this zone */
426 if (!writable)
427 return (SET_ERROR(EPERM));
428 }
429 return (0);
430 }
431
432 static int
zfs_dozonecheck(const char * dataset,cred_t * cr)433 zfs_dozonecheck(const char *dataset, cred_t *cr)
434 {
435 uint64_t zoned;
436
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
438 &zoned, NULL))
439 return (SET_ERROR(ENOENT));
440
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
442 }
443
444 static int
zfs_dozonecheck_ds(const char * dataset,dsl_dataset_t * ds,cred_t * cr)445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
446 {
447 uint64_t zoned;
448
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
451
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
453 }
454
455 static int
zfs_secpolicy_write_perms_ds(const char * name,dsl_dataset_t * ds,const char * perm,cred_t * cr)456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
458 {
459 int error;
460
461 error = zfs_dozonecheck_ds(name, ds, cr);
462 if (error == 0) {
463 error = secpolicy_zfs(cr);
464 if (error != 0)
465 error = dsl_deleg_access_impl(ds, perm, cr);
466 }
467 return (error);
468 }
469
470 static int
zfs_secpolicy_write_perms(const char * name,const char * perm,cred_t * cr)471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
472 {
473 int error;
474 dsl_dataset_t *ds;
475 dsl_pool_t *dp;
476
477 /*
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
481 */
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
483 return (0);
484
485 error = dsl_pool_hold(name, FTAG, &dp);
486 if (error != 0)
487 return (error);
488
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
490 if (error != 0) {
491 dsl_pool_rele(dp, FTAG);
492 return (error);
493 }
494
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
496
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
zfs_set_slabel_policy(const char * name,const char * strval,cred_t * cr)508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
509 {
510 #ifdef HAVE_MLSLABEL
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
514 uint64_t zoned;
515 int needed_priv = -1;
516 int error;
517
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
521 if (error != 0)
522 return (SET_ERROR(EPERM));
523
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
525 new_default = TRUE;
526
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
530
531 /*
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
534 * are needed.
535 */
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
539 return (0);
540 }
541
542 /*
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
545 * global zone.
546 */
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
550 if (!zoned) {
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
553 }
554
555 /*
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
560 */
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
562 objset_t *os;
563 static const char *setsl_tag = "setsl_tag";
564
565 /*
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
568 */
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
570 setsl_tag, &os);
571 if (error != 0)
572 return (SET_ERROR(EPERM));
573
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
575
576 if (new_default) {
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
578 goto out_check;
579 }
580
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
583
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
588 } else {
589 /* dataset currently has a default label */
590 if (!new_default)
591 needed_priv = PRIV_FILE_UPGRADE_SL;
592 }
593
594 out_check:
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
597 return (0);
598 #else
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
601 }
602
603 static int
zfs_secpolicy_setprop(const char * dsname,zfs_prop_t prop,nvpair_t * propval,cred_t * cr)604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
605 cred_t *cr)
606 {
607 const char *strval;
608
609 /*
610 * Check permissions for special properties.
611 */
612 switch (prop) {
613 default:
614 break;
615 case ZFS_PROP_ZONED:
616 /*
617 * Disallow setting of 'zoned' from within a local zone.
618 */
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
621 break;
622
623 case ZFS_PROP_QUOTA:
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
627 uint64_t zoned;
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
629 /*
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
633 */
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
639 }
640 break;
641
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
645
646 if (nvpair_value_string(propval, &strval) == 0) {
647 int err;
648
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
650 if (err != 0)
651 return (err);
652 }
653 break;
654 }
655
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
657 }
658
659 static int
zfs_secpolicy_set_fsacl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)660 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
661 {
662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
666 (void) innvl;
667 return (zfs_dozonecheck(zc->zc_name, cr));
668 }
669
670 static int
zfs_secpolicy_rollback(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
672 {
673 (void) innvl;
674 return (zfs_secpolicy_write_perms(zc->zc_name,
675 ZFS_DELEG_PERM_ROLLBACK, cr));
676 }
677
678 static int
zfs_secpolicy_send(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 {
681 (void) innvl;
682 dsl_pool_t *dp;
683 dsl_dataset_t *ds;
684 const char *cp;
685 int error;
686
687 /*
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
690 */
691 cp = strchr(zc->zc_name, '@');
692 if (cp == NULL)
693 return (SET_ERROR(EINVAL));
694 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
695 if (error != 0)
696 return (error);
697
698 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
699 if (error != 0) {
700 dsl_pool_rele(dp, FTAG);
701 return (error);
702 }
703
704 dsl_dataset_name(ds, zc->zc_name);
705
706 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
707 ZFS_DELEG_PERM_SEND, cr);
708 dsl_dataset_rele(ds, FTAG);
709 dsl_pool_rele(dp, FTAG);
710
711 return (error);
712 }
713
714 static int
zfs_secpolicy_send_new(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)715 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
716 {
717 (void) innvl;
718 return (zfs_secpolicy_write_perms(zc->zc_name,
719 ZFS_DELEG_PERM_SEND, cr));
720 }
721
722 static int
zfs_secpolicy_share(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)723 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
724 {
725 (void) zc, (void) innvl, (void) cr;
726 return (SET_ERROR(ENOTSUP));
727 }
728
729 static int
zfs_secpolicy_smb_acl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)730 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
731 {
732 (void) zc, (void) innvl, (void) cr;
733 return (SET_ERROR(ENOTSUP));
734 }
735
736 static int
zfs_get_parent(const char * datasetname,char * parent,int parentsize)737 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
738 {
739 char *cp;
740
741 /*
742 * Remove the @bla or /bla from the end of the name to get the parent.
743 */
744 (void) strlcpy(parent, datasetname, parentsize);
745 cp = strrchr(parent, '@');
746 if (cp != NULL) {
747 cp[0] = '\0';
748 } else {
749 cp = strrchr(parent, '/');
750 if (cp == NULL)
751 return (SET_ERROR(ENOENT));
752 cp[0] = '\0';
753 }
754
755 return (0);
756 }
757
758 int
zfs_secpolicy_destroy_perms(const char * name,cred_t * cr)759 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
760 {
761 int error;
762
763 if ((error = zfs_secpolicy_write_perms(name,
764 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
765 return (error);
766
767 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
768 }
769
770 static int
zfs_secpolicy_destroy(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)771 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
772 {
773 (void) innvl;
774 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
775 }
776
777 /*
778 * Destroying snapshots with delegated permissions requires
779 * descendant mount and destroy permissions.
780 */
781 static int
zfs_secpolicy_destroy_snaps(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)782 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
783 {
784 (void) zc;
785 nvlist_t *snaps;
786 nvpair_t *pair, *nextpair;
787 int error = 0;
788
789 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
790
791 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
792 pair = nextpair) {
793 nextpair = nvlist_next_nvpair(snaps, pair);
794 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
795 if (error == ENOENT) {
796 /*
797 * Ignore any snapshots that don't exist (we consider
798 * them "already destroyed"). Remove the name from the
799 * nvl here in case the snapshot is created between
800 * now and when we try to destroy it (in which case
801 * we don't want to destroy it since we haven't
802 * checked for permission).
803 */
804 fnvlist_remove_nvpair(snaps, pair);
805 error = 0;
806 }
807 if (error != 0)
808 break;
809 }
810
811 return (error);
812 }
813
814 int
zfs_secpolicy_rename_perms(const char * from,const char * to,cred_t * cr)815 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
816 {
817 char parentname[ZFS_MAX_DATASET_NAME_LEN];
818 int error;
819
820 if ((error = zfs_secpolicy_write_perms(from,
821 ZFS_DELEG_PERM_RENAME, cr)) != 0)
822 return (error);
823
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
826 return (error);
827
828 if ((error = zfs_get_parent(to, parentname,
829 sizeof (parentname))) != 0)
830 return (error);
831
832 if ((error = zfs_secpolicy_write_perms(parentname,
833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
834 return (error);
835
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
838 return (error);
839
840 return (error);
841 }
842
843 static int
zfs_secpolicy_rename(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)844 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
845 {
846 (void) innvl;
847 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
848 }
849
850 static int
zfs_secpolicy_promote(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)851 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
852 {
853 (void) innvl;
854 dsl_pool_t *dp;
855 dsl_dataset_t *clone;
856 int error;
857
858 error = zfs_secpolicy_write_perms(zc->zc_name,
859 ZFS_DELEG_PERM_PROMOTE, cr);
860 if (error != 0)
861 return (error);
862
863 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
864 if (error != 0)
865 return (error);
866
867 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
868
869 if (error == 0) {
870 char parentname[ZFS_MAX_DATASET_NAME_LEN];
871 dsl_dataset_t *origin = NULL;
872 dsl_dir_t *dd;
873 dd = clone->ds_dir;
874
875 error = dsl_dataset_hold_obj(dd->dd_pool,
876 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
877 if (error != 0) {
878 dsl_dataset_rele(clone, FTAG);
879 dsl_pool_rele(dp, FTAG);
880 return (error);
881 }
882
883 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
884 ZFS_DELEG_PERM_MOUNT, cr);
885
886 dsl_dataset_name(origin, parentname);
887 if (error == 0) {
888 error = zfs_secpolicy_write_perms_ds(parentname, origin,
889 ZFS_DELEG_PERM_PROMOTE, cr);
890 }
891 dsl_dataset_rele(clone, FTAG);
892 dsl_dataset_rele(origin, FTAG);
893 }
894 dsl_pool_rele(dp, FTAG);
895 return (error);
896 }
897
898 static int
zfs_secpolicy_recv(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)899 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
900 {
901 (void) innvl;
902 int error;
903
904 /*
905 * zfs receive -F requires full receive permission,
906 * otherwise receive:append permission is enough
907 */
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) {
910 if (zc->zc_guid || nvlist_exists(innvl, "force"))
911 return (error);
912 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_RECEIVE_APPEND, cr)) != 0)
914 return (error);
915 }
916
917 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
918 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
919 return (error);
920
921 return (zfs_secpolicy_write_perms(zc->zc_name,
922 ZFS_DELEG_PERM_CREATE, cr));
923 }
924
925 int
zfs_secpolicy_snapshot_perms(const char * name,cred_t * cr)926 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
927 {
928 return (zfs_secpolicy_write_perms(name,
929 ZFS_DELEG_PERM_SNAPSHOT, cr));
930 }
931
932 /*
933 * Check for permission to create each snapshot in the nvlist.
934 */
935 static int
zfs_secpolicy_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)936 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
937 {
938 (void) zc;
939 nvlist_t *snaps;
940 int error = 0;
941 nvpair_t *pair;
942
943 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
944
945 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
946 pair = nvlist_next_nvpair(snaps, pair)) {
947 char *name = (char *)nvpair_name(pair);
948 char *atp = strchr(name, '@');
949
950 if (atp == NULL) {
951 error = SET_ERROR(EINVAL);
952 break;
953 }
954 *atp = '\0';
955 error = zfs_secpolicy_snapshot_perms(name, cr);
956 *atp = '@';
957 if (error != 0)
958 break;
959 }
960 return (error);
961 }
962
963 /*
964 * Check for permission to create each bookmark in the nvlist.
965 */
966 static int
zfs_secpolicy_bookmark(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)967 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
968 {
969 (void) zc;
970 int error = 0;
971
972 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
973 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
974 char *name = (char *)nvpair_name(pair);
975 char *hashp = strchr(name, '#');
976
977 if (hashp == NULL) {
978 error = SET_ERROR(EINVAL);
979 break;
980 }
981 *hashp = '\0';
982 error = zfs_secpolicy_write_perms(name,
983 ZFS_DELEG_PERM_BOOKMARK, cr);
984 *hashp = '#';
985 if (error != 0)
986 break;
987 }
988 return (error);
989 }
990
991 static int
zfs_secpolicy_destroy_bookmarks(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)992 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
993 {
994 (void) zc;
995 nvpair_t *pair, *nextpair;
996 int error = 0;
997
998 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
999 pair = nextpair) {
1000 char *name = (char *)nvpair_name(pair);
1001 char *hashp = strchr(name, '#');
1002 nextpair = nvlist_next_nvpair(innvl, pair);
1003
1004 if (hashp == NULL) {
1005 error = SET_ERROR(EINVAL);
1006 break;
1007 }
1008
1009 *hashp = '\0';
1010 error = zfs_secpolicy_write_perms(name,
1011 ZFS_DELEG_PERM_DESTROY, cr);
1012 *hashp = '#';
1013 if (error == ENOENT) {
1014 /*
1015 * Ignore any filesystems that don't exist (we consider
1016 * their bookmarks "already destroyed"). Remove
1017 * the name from the nvl here in case the filesystem
1018 * is created between now and when we try to destroy
1019 * the bookmark (in which case we don't want to
1020 * destroy it since we haven't checked for permission).
1021 */
1022 fnvlist_remove_nvpair(innvl, pair);
1023 error = 0;
1024 }
1025 if (error != 0)
1026 break;
1027 }
1028
1029 return (error);
1030 }
1031
1032 static int
zfs_secpolicy_log_history(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1033 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1034 {
1035 (void) zc, (void) innvl, (void) cr;
1036 /*
1037 * Even root must have a proper TSD so that we know what pool
1038 * to log to.
1039 */
1040 if (tsd_get(zfs_allow_log_key) == NULL)
1041 return (SET_ERROR(EPERM));
1042 return (0);
1043 }
1044
1045 static int
zfs_secpolicy_create_clone(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1046 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1047 {
1048 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1049 int error;
1050 const char *origin;
1051
1052 if ((error = zfs_get_parent(zc->zc_name, parentname,
1053 sizeof (parentname))) != 0)
1054 return (error);
1055
1056 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1057 (error = zfs_secpolicy_write_perms(origin,
1058 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1059 return (error);
1060
1061 if ((error = zfs_secpolicy_write_perms(parentname,
1062 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1063 return (error);
1064
1065 return (zfs_secpolicy_write_perms(parentname,
1066 ZFS_DELEG_PERM_MOUNT, cr));
1067 }
1068
1069 /*
1070 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1071 * SYS_CONFIG privilege, which is not available in a local zone.
1072 */
1073 int
zfs_secpolicy_config(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1074 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1075 {
1076 (void) zc, (void) innvl;
1077
1078 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1079 return (SET_ERROR(EPERM));
1080
1081 return (0);
1082 }
1083
1084 /*
1085 * Policy for object to name lookups.
1086 */
1087 static int
zfs_secpolicy_diff(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1088 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1089 {
1090 (void) innvl;
1091 int error;
1092
1093 if (secpolicy_sys_config(cr, B_FALSE) == 0)
1094 return (0);
1095
1096 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1097 return (error);
1098 }
1099
1100 /*
1101 * Policy for fault injection. Requires all privileges.
1102 */
1103 static int
zfs_secpolicy_inject(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1104 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1105 {
1106 (void) zc, (void) innvl;
1107 return (secpolicy_zinject(cr));
1108 }
1109
1110 static int
zfs_secpolicy_inherit_prop(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1111 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1112 {
1113 (void) innvl;
1114 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1115
1116 if (prop == ZPROP_USERPROP) {
1117 if (!zfs_prop_user(zc->zc_value))
1118 return (SET_ERROR(EINVAL));
1119 return (zfs_secpolicy_write_perms(zc->zc_name,
1120 ZFS_DELEG_PERM_USERPROP, cr));
1121 } else {
1122 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1123 NULL, cr));
1124 }
1125 }
1126
1127 static int
zfs_secpolicy_userspace_one(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1128 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1129 {
1130 int err = zfs_secpolicy_read(zc, innvl, cr);
1131 if (err)
1132 return (err);
1133
1134 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1135 return (SET_ERROR(EINVAL));
1136
1137 if (zc->zc_value[0] == 0) {
1138 /*
1139 * They are asking about a posix uid/gid. If it's
1140 * themself, allow it.
1141 */
1142 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1143 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1144 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1145 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1146 if (zc->zc_guid == crgetuid(cr))
1147 return (0);
1148 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1149 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1150 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1152 if (groupmember(zc->zc_guid, cr))
1153 return (0);
1154 }
1155 /* else is for project quota/used */
1156 }
1157
1158 return (zfs_secpolicy_write_perms(zc->zc_name,
1159 userquota_perms[zc->zc_objset_type], cr));
1160 }
1161
1162 static int
zfs_secpolicy_userspace_many(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1163 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1164 {
1165 int err = zfs_secpolicy_read(zc, innvl, cr);
1166 if (err)
1167 return (err);
1168
1169 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1170 return (SET_ERROR(EINVAL));
1171
1172 return (zfs_secpolicy_write_perms(zc->zc_name,
1173 userquota_perms[zc->zc_objset_type], cr));
1174 }
1175
1176 static int
zfs_secpolicy_userspace_upgrade(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1177 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1178 {
1179 (void) innvl;
1180 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1181 NULL, cr));
1182 }
1183
1184 static int
zfs_secpolicy_hold(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1185 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1186 {
1187 (void) zc;
1188 nvpair_t *pair;
1189 nvlist_t *holds;
1190 int error;
1191
1192 holds = fnvlist_lookup_nvlist(innvl, "holds");
1193
1194 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1195 pair = nvlist_next_nvpair(holds, pair)) {
1196 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1197 error = dmu_fsname(nvpair_name(pair), fsname);
1198 if (error != 0)
1199 return (error);
1200 error = zfs_secpolicy_write_perms(fsname,
1201 ZFS_DELEG_PERM_HOLD, cr);
1202 if (error != 0)
1203 return (error);
1204 }
1205 return (0);
1206 }
1207
1208 static int
zfs_secpolicy_release(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1209 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1210 {
1211 (void) zc;
1212 nvpair_t *pair;
1213 int error;
1214
1215 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1216 pair = nvlist_next_nvpair(innvl, pair)) {
1217 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1218 error = dmu_fsname(nvpair_name(pair), fsname);
1219 if (error != 0)
1220 return (error);
1221 error = zfs_secpolicy_write_perms(fsname,
1222 ZFS_DELEG_PERM_RELEASE, cr);
1223 if (error != 0)
1224 return (error);
1225 }
1226 return (0);
1227 }
1228
1229 /*
1230 * Policy for allowing temporary snapshots to be taken or released
1231 */
1232 static int
zfs_secpolicy_tmp_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1233 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1234 {
1235 /*
1236 * A temporary snapshot is the same as a snapshot,
1237 * hold, destroy and release all rolled into one.
1238 * Delegated diff alone is sufficient that we allow this.
1239 */
1240 int error;
1241
1242 if (zfs_secpolicy_write_perms(zc->zc_name,
1243 ZFS_DELEG_PERM_DIFF, cr) == 0)
1244 return (0);
1245
1246 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1247
1248 if (innvl != NULL) {
1249 if (error == 0)
1250 error = zfs_secpolicy_hold(zc, innvl, cr);
1251 if (error == 0)
1252 error = zfs_secpolicy_release(zc, innvl, cr);
1253 if (error == 0)
1254 error = zfs_secpolicy_destroy(zc, innvl, cr);
1255 }
1256 return (error);
1257 }
1258
1259 static int
zfs_secpolicy_load_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1260 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1261 {
1262 return (zfs_secpolicy_write_perms(zc->zc_name,
1263 ZFS_DELEG_PERM_LOAD_KEY, cr));
1264 }
1265
1266 static int
zfs_secpolicy_change_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1267 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1268 {
1269 return (zfs_secpolicy_write_perms(zc->zc_name,
1270 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1271 }
1272
1273 /*
1274 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1275 */
1276 static int
get_nvlist(uint64_t nvl,uint64_t size,int iflag,nvlist_t ** nvp)1277 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1278 {
1279 char *packed;
1280 int error;
1281 nvlist_t *list = NULL;
1282
1283 /*
1284 * Read in and unpack the user-supplied nvlist.
1285 */
1286 if (size == 0)
1287 return (SET_ERROR(EINVAL));
1288
1289 packed = vmem_alloc(size, KM_SLEEP);
1290
1291 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) {
1292 vmem_free(packed, size);
1293 return (SET_ERROR(EFAULT));
1294 }
1295
1296 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1297 vmem_free(packed, size);
1298 return (error);
1299 }
1300
1301 vmem_free(packed, size);
1302
1303 *nvp = list;
1304 return (0);
1305 }
1306
1307 /*
1308 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1309 * Entries will be removed from the end of the nvlist, and one int32 entry
1310 * named "N_MORE_ERRORS" will be added indicating how many entries were
1311 * removed.
1312 */
1313 static int
nvlist_smush(nvlist_t * errors,size_t max)1314 nvlist_smush(nvlist_t *errors, size_t max)
1315 {
1316 size_t size;
1317
1318 size = fnvlist_size(errors);
1319
1320 if (size > max) {
1321 nvpair_t *more_errors;
1322 int n = 0;
1323
1324 if (max < 1024)
1325 return (SET_ERROR(ENOMEM));
1326
1327 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1328 more_errors = nvlist_prev_nvpair(errors, NULL);
1329
1330 do {
1331 nvpair_t *pair = nvlist_prev_nvpair(errors,
1332 more_errors);
1333 fnvlist_remove_nvpair(errors, pair);
1334 n++;
1335 size = fnvlist_size(errors);
1336 } while (size > max);
1337
1338 fnvlist_remove_nvpair(errors, more_errors);
1339 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1340 ASSERT3U(fnvlist_size(errors), <=, max);
1341 }
1342
1343 return (0);
1344 }
1345
1346 static int
put_nvlist(zfs_cmd_t * zc,nvlist_t * nvl)1347 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1348 {
1349 char *packed = NULL;
1350 int error = 0;
1351 size_t size;
1352
1353 size = fnvlist_size(nvl);
1354
1355 if (size > zc->zc_nvlist_dst_size) {
1356 error = SET_ERROR(ENOMEM);
1357 } else {
1358 packed = fnvlist_pack(nvl, &size);
1359 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1360 size, zc->zc_iflags) != 0)
1361 error = SET_ERROR(EFAULT);
1362 fnvlist_pack_free(packed, size);
1363 }
1364
1365 zc->zc_nvlist_dst_size = size;
1366 zc->zc_nvlist_dst_filled = B_TRUE;
1367 return (error);
1368 }
1369
1370 int
getzfsvfs_impl(objset_t * os,zfsvfs_t ** zfvp)1371 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1372 {
1373 int error = 0;
1374 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1375 return (SET_ERROR(EINVAL));
1376 }
1377
1378 mutex_enter(&os->os_user_ptr_lock);
1379 *zfvp = dmu_objset_get_user(os);
1380 /* bump s_active only when non-zero to prevent umount race */
1381 error = zfs_vfs_ref(zfvp);
1382 mutex_exit(&os->os_user_ptr_lock);
1383 return (error);
1384 }
1385
1386 int
getzfsvfs(const char * dsname,zfsvfs_t ** zfvp)1387 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1388 {
1389 objset_t *os;
1390 int error;
1391
1392 error = dmu_objset_hold(dsname, FTAG, &os);
1393 if (error != 0)
1394 return (error);
1395
1396 error = getzfsvfs_impl(os, zfvp);
1397 dmu_objset_rele(os, FTAG);
1398 return (error);
1399 }
1400
1401 /*
1402 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1403 * case its z_sb will be NULL, and it will be opened as the owner.
1404 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1405 * which prevents all inode ops from running.
1406 */
1407 static int
zfsvfs_hold(const char * name,const void * tag,zfsvfs_t ** zfvp,boolean_t writer)1408 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp,
1409 boolean_t writer)
1410 {
1411 int error = 0;
1412
1413 if (getzfsvfs(name, zfvp) != 0)
1414 error = zfsvfs_create(name, B_FALSE, zfvp);
1415 if (error == 0) {
1416 if (writer)
1417 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1418 else
1419 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
1420 if ((*zfvp)->z_unmounted) {
1421 /*
1422 * XXX we could probably try again, since the unmounting
1423 * thread should be just about to disassociate the
1424 * objset from the zfsvfs.
1425 */
1426 ZFS_TEARDOWN_EXIT(*zfvp, tag);
1427 return (SET_ERROR(EBUSY));
1428 }
1429 }
1430 return (error);
1431 }
1432
1433 static void
zfsvfs_rele(zfsvfs_t * zfsvfs,const void * tag)1434 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag)
1435 {
1436 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
1437
1438 if (zfs_vfs_held(zfsvfs)) {
1439 zfs_vfs_rele(zfsvfs);
1440 } else {
1441 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1442 zfsvfs_free(zfsvfs);
1443 }
1444 }
1445
1446 static int
zfs_ioc_pool_create(zfs_cmd_t * zc)1447 zfs_ioc_pool_create(zfs_cmd_t *zc)
1448 {
1449 int error;
1450 nvlist_t *config, *props = NULL;
1451 nvlist_t *rootprops = NULL;
1452 nvlist_t *zplprops = NULL;
1453 dsl_crypto_params_t *dcp = NULL;
1454 const char *spa_name = zc->zc_name;
1455 boolean_t unload_wkey = B_TRUE;
1456
1457 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1458 zc->zc_iflags, &config)))
1459 return (error);
1460
1461 if (zc->zc_nvlist_src_size != 0 && (error =
1462 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1463 zc->zc_iflags, &props))) {
1464 nvlist_free(config);
1465 return (error);
1466 }
1467
1468 if (props) {
1469 nvlist_t *nvl = NULL;
1470 nvlist_t *hidden_args = NULL;
1471 uint64_t version = SPA_VERSION;
1472 const char *tname;
1473
1474 (void) nvlist_lookup_uint64(props,
1475 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1476 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1477 error = SET_ERROR(EINVAL);
1478 goto pool_props_bad;
1479 }
1480 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1481 if (nvl) {
1482 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1483 if (error != 0)
1484 goto pool_props_bad;
1485 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1486 }
1487
1488 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1489 &hidden_args);
1490 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1491 rootprops, hidden_args, &dcp);
1492 if (error != 0)
1493 goto pool_props_bad;
1494 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1495
1496 VERIFY0(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP));
1497 error = zfs_fill_zplprops_root(version, rootprops,
1498 zplprops, NULL);
1499 if (error != 0)
1500 goto pool_props_bad;
1501
1502 if (nvlist_lookup_string(props,
1503 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1504 spa_name = tname;
1505 }
1506
1507 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1508
1509 /*
1510 * Set the remaining root properties
1511 */
1512 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1513 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1514 (void) spa_destroy(spa_name);
1515 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1516 }
1517
1518 pool_props_bad:
1519 nvlist_free(rootprops);
1520 nvlist_free(zplprops);
1521 nvlist_free(config);
1522 nvlist_free(props);
1523 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1524
1525 return (error);
1526 }
1527
1528 static int
zfs_ioc_pool_destroy(zfs_cmd_t * zc)1529 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1530 {
1531 int error;
1532 zfs_log_history(zc);
1533 error = spa_destroy(zc->zc_name);
1534
1535 return (error);
1536 }
1537
1538 static int
zfs_ioc_pool_import(zfs_cmd_t * zc)1539 zfs_ioc_pool_import(zfs_cmd_t *zc)
1540 {
1541 nvlist_t *config, *props = NULL;
1542 uint64_t guid;
1543 int error;
1544
1545 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1546 zc->zc_iflags, &config)) != 0)
1547 return (error);
1548
1549 if (zc->zc_nvlist_src_size != 0 && (error =
1550 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1551 zc->zc_iflags, &props))) {
1552 nvlist_free(config);
1553 return (error);
1554 }
1555
1556 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1557 guid != zc->zc_guid)
1558 error = SET_ERROR(EINVAL);
1559 else
1560 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1561
1562 if (zc->zc_nvlist_dst != 0) {
1563 int err;
1564
1565 if ((err = put_nvlist(zc, config)) != 0)
1566 error = err;
1567 }
1568
1569 nvlist_free(config);
1570 nvlist_free(props);
1571
1572 return (error);
1573 }
1574
1575 static int
zfs_ioc_pool_export(zfs_cmd_t * zc)1576 zfs_ioc_pool_export(zfs_cmd_t *zc)
1577 {
1578 int error;
1579 boolean_t force = (boolean_t)zc->zc_cookie;
1580 boolean_t hardforce = (boolean_t)zc->zc_guid;
1581
1582 zfs_log_history(zc);
1583 error = spa_export(zc->zc_name, NULL, force, hardforce);
1584
1585 return (error);
1586 }
1587
1588 static int
zfs_ioc_pool_configs(zfs_cmd_t * zc)1589 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1590 {
1591 nvlist_t *configs;
1592 int error;
1593
1594 error = spa_all_configs(&zc->zc_cookie, &configs);
1595 if (error)
1596 return (error);
1597
1598 error = put_nvlist(zc, configs);
1599
1600 nvlist_free(configs);
1601
1602 return (error);
1603 }
1604
1605 /*
1606 * inputs:
1607 * zc_name name of the pool
1608 *
1609 * outputs:
1610 * zc_cookie real errno
1611 * zc_nvlist_dst config nvlist
1612 * zc_nvlist_dst_size size of config nvlist
1613 */
1614 static int
zfs_ioc_pool_stats(zfs_cmd_t * zc)1615 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1616 {
1617 nvlist_t *config;
1618 int error;
1619 int ret = 0;
1620
1621 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1622 sizeof (zc->zc_value));
1623
1624 if (config != NULL) {
1625 ret = put_nvlist(zc, config);
1626 nvlist_free(config);
1627
1628 /*
1629 * The config may be present even if 'error' is non-zero.
1630 * In this case we return success, and preserve the real errno
1631 * in 'zc_cookie'.
1632 */
1633 zc->zc_cookie = error;
1634 } else {
1635 ret = error;
1636 }
1637
1638 return (ret);
1639 }
1640
1641 /*
1642 * Try to import the given pool, returning pool stats as appropriate so that
1643 * user land knows which devices are available and overall pool health.
1644 */
1645 static int
zfs_ioc_pool_tryimport(zfs_cmd_t * zc)1646 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1647 {
1648 nvlist_t *tryconfig, *config = NULL;
1649 int error;
1650
1651 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1652 zc->zc_iflags, &tryconfig)) != 0)
1653 return (error);
1654
1655 config = spa_tryimport(tryconfig);
1656
1657 nvlist_free(tryconfig);
1658
1659 if (config == NULL)
1660 return (SET_ERROR(EINVAL));
1661
1662 error = put_nvlist(zc, config);
1663 nvlist_free(config);
1664
1665 return (error);
1666 }
1667
1668 /*
1669 * inputs:
1670 * zc_name name of the pool
1671 * zc_cookie scan func (pool_scan_func_t)
1672 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1673 */
1674 static int
zfs_ioc_pool_scan(zfs_cmd_t * zc)1675 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1676 {
1677 spa_t *spa;
1678 int error;
1679
1680 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1681 return (SET_ERROR(EINVAL));
1682
1683 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1684 return (error);
1685
1686 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1687 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1688 else if (zc->zc_cookie == POOL_SCAN_NONE)
1689 error = spa_scan_stop(spa);
1690 else
1691 error = spa_scan(spa, zc->zc_cookie);
1692
1693 spa_close(spa, FTAG);
1694
1695 return (error);
1696 }
1697
1698 /*
1699 * inputs:
1700 * poolname name of the pool
1701 * scan_type scan func (pool_scan_func_t)
1702 * scan_command scrub pause/resume flag (pool_scrub_cmd_t)
1703 */
1704 static const zfs_ioc_key_t zfs_keys_pool_scrub[] = {
1705 {"scan_type", DATA_TYPE_UINT64, 0},
1706 {"scan_command", DATA_TYPE_UINT64, 0},
1707 {"scan_date_start", DATA_TYPE_UINT64, ZK_OPTIONAL},
1708 {"scan_date_end", DATA_TYPE_UINT64, ZK_OPTIONAL},
1709 };
1710
1711 static int
zfs_ioc_pool_scrub(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)1712 zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
1713 {
1714 spa_t *spa;
1715 int error;
1716 uint64_t scan_type, scan_cmd;
1717 uint64_t date_start, date_end;
1718
1719 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0)
1720 return (SET_ERROR(EINVAL));
1721 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0)
1722 return (SET_ERROR(EINVAL));
1723
1724 if (scan_cmd >= POOL_SCRUB_FLAGS_END)
1725 return (SET_ERROR(EINVAL));
1726
1727 if (nvlist_lookup_uint64(innvl, "scan_date_start", &date_start) != 0)
1728 date_start = 0;
1729 if (nvlist_lookup_uint64(innvl, "scan_date_end", &date_end) != 0)
1730 date_end = 0;
1731
1732 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
1733 return (error);
1734
1735 if (scan_cmd == POOL_SCRUB_PAUSE) {
1736 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1737 } else if (scan_type == POOL_SCAN_NONE) {
1738 error = spa_scan_stop(spa);
1739 } else if (scan_cmd == POOL_SCRUB_FROM_LAST_TXG) {
1740 error = spa_scan_range(spa, scan_type,
1741 spa_get_last_scrubbed_txg(spa), 0);
1742 } else {
1743 uint64_t txg_start, txg_end;
1744
1745 txg_start = txg_end = 0;
1746 if (date_start != 0 || date_end != 0) {
1747 mutex_enter(&spa->spa_txg_log_time_lock);
1748 if (date_start != 0) {
1749 txg_start = dbrrd_query(&spa->spa_txg_log_time,
1750 date_start, DBRRD_FLOOR);
1751 }
1752
1753 if (date_end != 0) {
1754 txg_end = dbrrd_query(&spa->spa_txg_log_time,
1755 date_end, DBRRD_CEILING);
1756 }
1757 mutex_exit(&spa->spa_txg_log_time_lock);
1758 }
1759
1760 error = spa_scan_range(spa, scan_type, txg_start, txg_end);
1761 }
1762
1763 spa_close(spa, FTAG);
1764 return (error);
1765 }
1766
1767 static int
zfs_ioc_pool_freeze(zfs_cmd_t * zc)1768 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1769 {
1770 spa_t *spa;
1771 int error;
1772
1773 error = spa_open(zc->zc_name, &spa, FTAG);
1774 if (error == 0) {
1775 spa_freeze(spa);
1776 spa_close(spa, FTAG);
1777 }
1778 return (error);
1779 }
1780
1781 static int
zfs_ioc_pool_upgrade(zfs_cmd_t * zc)1782 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1783 {
1784 spa_t *spa;
1785 int error;
1786
1787 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1788 return (error);
1789
1790 if (zc->zc_cookie < spa_version(spa) ||
1791 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1792 spa_close(spa, FTAG);
1793 return (SET_ERROR(EINVAL));
1794 }
1795
1796 spa_upgrade(spa, zc->zc_cookie);
1797 spa_close(spa, FTAG);
1798
1799 return (error);
1800 }
1801
1802 static int
zfs_ioc_pool_get_history(zfs_cmd_t * zc)1803 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1804 {
1805 spa_t *spa;
1806 char *hist_buf;
1807 uint64_t size;
1808 int error;
1809
1810 if ((size = zc->zc_history_len) == 0)
1811 return (SET_ERROR(EINVAL));
1812
1813 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1814 return (error);
1815
1816 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1817 spa_close(spa, FTAG);
1818 return (SET_ERROR(ENOTSUP));
1819 }
1820
1821 hist_buf = vmem_alloc(size, KM_SLEEP);
1822 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1823 &zc->zc_history_len, hist_buf)) == 0) {
1824 error = ddi_copyout(hist_buf,
1825 (void *)(uintptr_t)zc->zc_history,
1826 zc->zc_history_len, zc->zc_iflags);
1827 }
1828
1829 spa_close(spa, FTAG);
1830 vmem_free(hist_buf, size);
1831 return (error);
1832 }
1833
1834 /*
1835 * inputs:
1836 * zc_nvlist_src nvlist optionally containing ZPOOL_REGUID_GUID
1837 * zc_nvlist_src_size size of the nvlist
1838 */
1839 static int
zfs_ioc_pool_reguid(zfs_cmd_t * zc)1840 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1841 {
1842 uint64_t *guidp = NULL;
1843 nvlist_t *props = NULL;
1844 spa_t *spa;
1845 uint64_t guid;
1846 int error;
1847
1848 if (zc->zc_nvlist_src_size != 0) {
1849 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1850 zc->zc_iflags, &props);
1851 if (error != 0)
1852 return (error);
1853
1854 error = nvlist_lookup_uint64(props, ZPOOL_REGUID_GUID, &guid);
1855 if (error == 0)
1856 guidp = &guid;
1857 else if (error == ENOENT)
1858 guidp = NULL;
1859 else
1860 goto out;
1861 }
1862
1863 error = spa_open(zc->zc_name, &spa, FTAG);
1864 if (error == 0) {
1865 error = spa_change_guid(spa, guidp);
1866 spa_close(spa, FTAG);
1867 }
1868
1869 out:
1870 if (props != NULL)
1871 nvlist_free(props);
1872
1873 return (error);
1874 }
1875
1876 static int
zfs_ioc_dsobj_to_dsname(zfs_cmd_t * zc)1877 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1878 {
1879 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1880 }
1881
1882 /*
1883 * inputs:
1884 * zc_name name of filesystem
1885 * zc_obj object to find
1886 *
1887 * outputs:
1888 * zc_value name of object
1889 */
1890 static int
zfs_ioc_obj_to_path(zfs_cmd_t * zc)1891 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1892 {
1893 objset_t *os;
1894 int error;
1895
1896 /* XXX reading from objset not owned */
1897 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1898 FTAG, &os)) != 0)
1899 return (error);
1900 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1901 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1902 return (SET_ERROR(EINVAL));
1903 }
1904 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1905 sizeof (zc->zc_value));
1906 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1907
1908 return (error);
1909 }
1910
1911 /*
1912 * inputs:
1913 * zc_name name of filesystem
1914 * zc_obj object to find
1915 *
1916 * outputs:
1917 * zc_stat stats on object
1918 * zc_value path to object
1919 */
1920 static int
zfs_ioc_obj_to_stats(zfs_cmd_t * zc)1921 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1922 {
1923 objset_t *os;
1924 int error;
1925
1926 /* XXX reading from objset not owned */
1927 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1928 FTAG, &os)) != 0)
1929 return (error);
1930 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1931 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1932 return (SET_ERROR(EINVAL));
1933 }
1934 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1935 sizeof (zc->zc_value));
1936 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1937
1938 return (error);
1939 }
1940
1941 static int
zfs_ioc_vdev_add(zfs_cmd_t * zc)1942 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1943 {
1944 spa_t *spa;
1945 int error;
1946 nvlist_t *config;
1947
1948 error = spa_open(zc->zc_name, &spa, FTAG);
1949 if (error != 0)
1950 return (error);
1951
1952 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1953 zc->zc_iflags, &config);
1954 if (error == 0) {
1955 error = spa_vdev_add(spa, config, zc->zc_flags);
1956 nvlist_free(config);
1957 }
1958 spa_close(spa, FTAG);
1959 return (error);
1960 }
1961
1962 /*
1963 * inputs:
1964 * zc_name name of the pool
1965 * zc_guid guid of vdev to remove
1966 * zc_cookie cancel removal
1967 */
1968 static int
zfs_ioc_vdev_remove(zfs_cmd_t * zc)1969 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1970 {
1971 spa_t *spa;
1972 int error;
1973
1974 error = spa_open(zc->zc_name, &spa, FTAG);
1975 if (error != 0)
1976 return (error);
1977 if (zc->zc_cookie != 0) {
1978 error = spa_vdev_remove_cancel(spa);
1979 } else {
1980 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1981 }
1982 spa_close(spa, FTAG);
1983 return (error);
1984 }
1985
1986 static int
zfs_ioc_vdev_set_state(zfs_cmd_t * zc)1987 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1988 {
1989 spa_t *spa;
1990 int error;
1991 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1992
1993 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1994 return (error);
1995 switch (zc->zc_cookie) {
1996 case VDEV_STATE_ONLINE:
1997 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1998 break;
1999
2000 case VDEV_STATE_OFFLINE:
2001 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
2002 break;
2003
2004 case VDEV_STATE_FAULTED:
2005 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
2006 zc->zc_obj != VDEV_AUX_EXTERNAL &&
2007 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
2008 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
2009
2010 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
2011 break;
2012
2013 case VDEV_STATE_DEGRADED:
2014 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
2015 zc->zc_obj != VDEV_AUX_EXTERNAL)
2016 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
2017
2018 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
2019 break;
2020
2021 case VDEV_STATE_REMOVED:
2022 error = vdev_remove_wanted(spa, zc->zc_guid);
2023 break;
2024
2025 default:
2026 error = SET_ERROR(EINVAL);
2027 }
2028 zc->zc_cookie = newstate;
2029 spa_close(spa, FTAG);
2030 return (error);
2031 }
2032
2033 static int
zfs_ioc_vdev_attach(zfs_cmd_t * zc)2034 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
2035 {
2036 spa_t *spa;
2037 nvlist_t *config;
2038 int replacing = zc->zc_cookie;
2039 int rebuild = zc->zc_simple;
2040 int error;
2041
2042 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2043 return (error);
2044
2045 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2046 zc->zc_iflags, &config)) == 0) {
2047 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
2048 rebuild);
2049 nvlist_free(config);
2050 }
2051
2052 spa_close(spa, FTAG);
2053 return (error);
2054 }
2055
2056 static int
zfs_ioc_vdev_detach(zfs_cmd_t * zc)2057 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
2058 {
2059 spa_t *spa;
2060 int error;
2061
2062 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2063 return (error);
2064
2065 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
2066
2067 spa_close(spa, FTAG);
2068 return (error);
2069 }
2070
2071 static int
zfs_ioc_vdev_split(zfs_cmd_t * zc)2072 zfs_ioc_vdev_split(zfs_cmd_t *zc)
2073 {
2074 spa_t *spa;
2075 nvlist_t *config, *props = NULL;
2076 int error;
2077 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
2078
2079 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2080 return (error);
2081
2082 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2083 zc->zc_iflags, &config))) {
2084 spa_close(spa, FTAG);
2085 return (error);
2086 }
2087
2088 if (zc->zc_nvlist_src_size != 0 && (error =
2089 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2090 zc->zc_iflags, &props))) {
2091 spa_close(spa, FTAG);
2092 nvlist_free(config);
2093 return (error);
2094 }
2095
2096 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2097
2098 spa_close(spa, FTAG);
2099
2100 nvlist_free(config);
2101 nvlist_free(props);
2102
2103 return (error);
2104 }
2105
2106 static int
zfs_ioc_vdev_setpath(zfs_cmd_t * zc)2107 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2108 {
2109 spa_t *spa;
2110 const char *path = zc->zc_value;
2111 uint64_t guid = zc->zc_guid;
2112 int error;
2113
2114 error = spa_open(zc->zc_name, &spa, FTAG);
2115 if (error != 0)
2116 return (error);
2117
2118 error = spa_vdev_setpath(spa, guid, path);
2119 spa_close(spa, FTAG);
2120 return (error);
2121 }
2122
2123 static int
zfs_ioc_vdev_setfru(zfs_cmd_t * zc)2124 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2125 {
2126 spa_t *spa;
2127 const char *fru = zc->zc_value;
2128 uint64_t guid = zc->zc_guid;
2129 int error;
2130
2131 error = spa_open(zc->zc_name, &spa, FTAG);
2132 if (error != 0)
2133 return (error);
2134
2135 error = spa_vdev_setfru(spa, guid, fru);
2136 spa_close(spa, FTAG);
2137 return (error);
2138 }
2139
2140 static int
zfs_ioc_objset_stats_impl(zfs_cmd_t * zc,objset_t * os)2141 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2142 {
2143 int error = 0;
2144 nvlist_t *nv;
2145
2146 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2147
2148 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 &&
2149 (error = dsl_prop_get_all(os, &nv)) == 0) {
2150 dmu_objset_stats(os, nv);
2151 /*
2152 * NB: zvol_get_stats() will read the objset contents,
2153 * which we aren't supposed to do with a
2154 * DS_MODE_USER hold, because it could be
2155 * inconsistent. So this is a bit of a workaround...
2156 * XXX reading without owning
2157 */
2158 if (!zc->zc_objset_stats.dds_inconsistent &&
2159 dmu_objset_type(os) == DMU_OST_ZVOL) {
2160 error = zvol_get_stats(os, nv);
2161 if (error == EIO) {
2162 nvlist_free(nv);
2163 return (error);
2164 }
2165 VERIFY0(error);
2166 }
2167 if (error == 0)
2168 error = put_nvlist(zc, nv);
2169 nvlist_free(nv);
2170 }
2171
2172 return (error);
2173 }
2174
2175 /*
2176 * inputs:
2177 * zc_name name of filesystem
2178 * zc_nvlist_dst_size size of buffer for property nvlist
2179 *
2180 * outputs:
2181 * zc_objset_stats stats
2182 * zc_nvlist_dst property nvlist
2183 * zc_nvlist_dst_size size of property nvlist
2184 */
2185 static int
zfs_ioc_objset_stats(zfs_cmd_t * zc)2186 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2187 {
2188 objset_t *os;
2189 int error;
2190
2191 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2192 if (error == 0) {
2193 error = zfs_ioc_objset_stats_impl(zc, os);
2194 dmu_objset_rele(os, FTAG);
2195 }
2196
2197 return (error);
2198 }
2199
2200 /*
2201 * inputs:
2202 * zc_name name of filesystem
2203 * zc_nvlist_dst_size size of buffer for property nvlist
2204 *
2205 * outputs:
2206 * zc_nvlist_dst received property nvlist
2207 * zc_nvlist_dst_size size of received property nvlist
2208 *
2209 * Gets received properties (distinct from local properties on or after
2210 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2211 * local property values.
2212 */
2213 static int
zfs_ioc_objset_recvd_props(zfs_cmd_t * zc)2214 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2215 {
2216 int error = 0;
2217 nvlist_t *nv;
2218
2219 /*
2220 * Without this check, we would return local property values if the
2221 * caller has not already received properties on or after
2222 * SPA_VERSION_RECVD_PROPS.
2223 */
2224 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2225 return (SET_ERROR(ENOTSUP));
2226
2227 if (zc->zc_nvlist_dst != 0 &&
2228 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2229 error = put_nvlist(zc, nv);
2230 nvlist_free(nv);
2231 }
2232
2233 return (error);
2234 }
2235
2236 static int
nvl_add_zplprop(objset_t * os,nvlist_t * props,zfs_prop_t prop)2237 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2238 {
2239 uint64_t value;
2240 int error;
2241
2242 /*
2243 * zfs_get_zplprop() will either find a value or give us
2244 * the default value (if there is one).
2245 */
2246 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2247 return (error);
2248 VERIFY0(nvlist_add_uint64(props, zfs_prop_to_name(prop), value));
2249 return (0);
2250 }
2251
2252 /*
2253 * inputs:
2254 * zc_name name of filesystem
2255 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2256 *
2257 * outputs:
2258 * zc_nvlist_dst zpl property nvlist
2259 * zc_nvlist_dst_size size of zpl property nvlist
2260 */
2261 static int
zfs_ioc_objset_zplprops(zfs_cmd_t * zc)2262 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2263 {
2264 objset_t *os;
2265 int err;
2266
2267 /* XXX reading without owning */
2268 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2269 return (err);
2270
2271 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2272
2273 /*
2274 * NB: nvl_add_zplprop() will read the objset contents,
2275 * which we aren't supposed to do with a DS_MODE_USER
2276 * hold, because it could be inconsistent.
2277 */
2278 if (zc->zc_nvlist_dst != 0 &&
2279 !zc->zc_objset_stats.dds_inconsistent &&
2280 dmu_objset_type(os) == DMU_OST_ZFS) {
2281 nvlist_t *nv;
2282
2283 VERIFY0(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP));
2284 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2285 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2286 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2287 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0 &&
2288 (err = nvl_add_zplprop(os, nv,
2289 ZFS_PROP_DEFAULTUSERQUOTA)) == 0 &&
2290 (err = nvl_add_zplprop(os, nv,
2291 ZFS_PROP_DEFAULTGROUPQUOTA)) == 0 &&
2292 (err = nvl_add_zplprop(os, nv,
2293 ZFS_PROP_DEFAULTPROJECTQUOTA)) == 0 &&
2294 (err = nvl_add_zplprop(os, nv,
2295 ZFS_PROP_DEFAULTUSEROBJQUOTA)) == 0 &&
2296 (err = nvl_add_zplprop(os, nv,
2297 ZFS_PROP_DEFAULTGROUPOBJQUOTA)) == 0 &&
2298 (err = nvl_add_zplprop(os, nv,
2299 ZFS_PROP_DEFAULTPROJECTOBJQUOTA)) == 0)
2300 err = put_nvlist(zc, nv);
2301 nvlist_free(nv);
2302 } else {
2303 err = SET_ERROR(ENOENT);
2304 }
2305 dmu_objset_rele(os, FTAG);
2306 return (err);
2307 }
2308
2309 /*
2310 * inputs:
2311 * zc_name name of filesystem
2312 * zc_cookie zap cursor
2313 * zc_nvlist_dst_size size of buffer for property nvlist
2314 *
2315 * outputs:
2316 * zc_name name of next filesystem
2317 * zc_cookie zap cursor
2318 * zc_objset_stats stats
2319 * zc_nvlist_dst property nvlist
2320 * zc_nvlist_dst_size size of property nvlist
2321 */
2322 static int
zfs_ioc_dataset_list_next(zfs_cmd_t * zc)2323 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2324 {
2325 objset_t *os;
2326 int error;
2327 char *p;
2328 size_t orig_len = strlen(zc->zc_name);
2329
2330 top:
2331 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2332 if (error == ENOENT)
2333 error = SET_ERROR(ESRCH);
2334 return (error);
2335 }
2336
2337 p = strrchr(zc->zc_name, '/');
2338 if (p == NULL || p[1] != '\0')
2339 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2340 p = zc->zc_name + strlen(zc->zc_name);
2341
2342 do {
2343 error = dmu_dir_list_next(os,
2344 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2345 NULL, &zc->zc_cookie);
2346 if (error == ENOENT)
2347 error = SET_ERROR(ESRCH);
2348 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2349 dmu_objset_rele(os, FTAG);
2350
2351 /*
2352 * If it's an internal dataset (ie. with a '$' in its name),
2353 * don't try to get stats for it, otherwise we'll return ENOENT.
2354 */
2355 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2356 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2357 if (error == ENOENT) {
2358 /* We lost a race with destroy, get the next one. */
2359 zc->zc_name[orig_len] = '\0';
2360 goto top;
2361 }
2362 }
2363 return (error);
2364 }
2365
2366 /*
2367 * inputs:
2368 * zc_name name of filesystem
2369 * zc_cookie zap cursor
2370 * zc_nvlist_src iteration range nvlist
2371 * zc_nvlist_src_size size of iteration range nvlist
2372 *
2373 * outputs:
2374 * zc_name name of next snapshot
2375 * zc_objset_stats stats
2376 * zc_nvlist_dst property nvlist
2377 * zc_nvlist_dst_size size of property nvlist
2378 */
2379 static int
zfs_ioc_snapshot_list_next(zfs_cmd_t * zc)2380 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2381 {
2382 int error;
2383 objset_t *os, *ossnap;
2384 dsl_dataset_t *ds;
2385 uint64_t min_txg = 0, max_txg = 0;
2386
2387 if (zc->zc_nvlist_src_size != 0) {
2388 nvlist_t *props = NULL;
2389 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2390 zc->zc_iflags, &props);
2391 if (error != 0)
2392 return (error);
2393 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2394 &min_txg);
2395 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2396 &max_txg);
2397 nvlist_free(props);
2398 }
2399
2400 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2401 if (error != 0) {
2402 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2403 }
2404
2405 /*
2406 * A dataset name of maximum length cannot have any snapshots,
2407 * so exit immediately.
2408 */
2409 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2410 ZFS_MAX_DATASET_NAME_LEN) {
2411 dmu_objset_rele(os, FTAG);
2412 return (SET_ERROR(ESRCH));
2413 }
2414
2415 while (error == 0) {
2416 if (issig()) {
2417 error = SET_ERROR(EINTR);
2418 break;
2419 }
2420
2421 error = dmu_snapshot_list_next(os,
2422 sizeof (zc->zc_name) - strlen(zc->zc_name),
2423 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2424 &zc->zc_cookie, NULL);
2425 if (error == ENOENT) {
2426 error = SET_ERROR(ESRCH);
2427 break;
2428 } else if (error != 0) {
2429 break;
2430 }
2431
2432 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2433 FTAG, &ds);
2434 if (error != 0)
2435 break;
2436
2437 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2438 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2439 dsl_dataset_rele(ds, FTAG);
2440 /* undo snapshot name append */
2441 *(strchr(zc->zc_name, '@') + 1) = '\0';
2442 /* skip snapshot */
2443 continue;
2444 }
2445
2446 if (zc->zc_simple) {
2447 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats);
2448 dsl_dataset_rele(ds, FTAG);
2449 break;
2450 }
2451
2452 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2453 dsl_dataset_rele(ds, FTAG);
2454 break;
2455 }
2456 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2457 dsl_dataset_rele(ds, FTAG);
2458 break;
2459 }
2460 dsl_dataset_rele(ds, FTAG);
2461 break;
2462 }
2463
2464 dmu_objset_rele(os, FTAG);
2465 /* if we failed, undo the @ that we tacked on to zc_name */
2466 if (error != 0)
2467 *strchr(zc->zc_name, '@') = '\0';
2468 return (error);
2469 }
2470
2471 static int
zfs_prop_set_userquota(const char * dsname,nvpair_t * pair)2472 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2473 {
2474 const char *propname = nvpair_name(pair);
2475 uint64_t *valary;
2476 unsigned int vallen;
2477 const char *dash, *domain;
2478 zfs_userquota_prop_t type;
2479 uint64_t rid;
2480 uint64_t quota;
2481 zfsvfs_t *zfsvfs;
2482 int err;
2483
2484 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2485 nvlist_t *attrs;
2486 VERIFY0(nvpair_value_nvlist(pair, &attrs));
2487 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2488 &pair) != 0)
2489 return (SET_ERROR(EINVAL));
2490 }
2491
2492 /*
2493 * A correctly constructed propname is encoded as
2494 * userquota@<rid>-<domain>.
2495 */
2496 if ((dash = strchr(propname, '-')) == NULL ||
2497 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2498 vallen != 3)
2499 return (SET_ERROR(EINVAL));
2500
2501 domain = dash + 1;
2502 type = valary[0];
2503 rid = valary[1];
2504 quota = valary[2];
2505
2506 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2507 if (err == 0) {
2508 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2509 zfsvfs_rele(zfsvfs, FTAG);
2510 }
2511
2512 return (err);
2513 }
2514
2515 /*
2516 * If the named property is one that has a special function to set its value,
2517 * return 0 on success and a positive error code on failure; otherwise if it is
2518 * not one of the special properties handled by this function, return -1.
2519 *
2520 * XXX: It would be better for callers of the property interface if we handled
2521 * these special cases in dsl_prop.c (in the dsl layer).
2522 */
2523 static int
zfs_prop_set_special(const char * dsname,zprop_source_t source,nvpair_t * pair)2524 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2525 nvpair_t *pair)
2526 {
2527 const char *propname = nvpair_name(pair);
2528 zfs_prop_t prop = zfs_name_to_prop(propname);
2529 uint64_t intval = 0;
2530 const char *strval = NULL;
2531 int err = -1;
2532
2533 if (prop == ZPROP_USERPROP) {
2534 if (zfs_prop_userquota(propname))
2535 return (zfs_prop_set_userquota(dsname, pair));
2536 return (-1);
2537 }
2538
2539 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2540 nvlist_t *attrs;
2541 VERIFY0(nvpair_value_nvlist(pair, &attrs));
2542 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &pair));
2543 }
2544
2545 /* all special properties are numeric except for keylocation */
2546 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2547 strval = fnvpair_value_string(pair);
2548 } else {
2549 intval = fnvpair_value_uint64(pair);
2550 }
2551
2552 switch (prop) {
2553 case ZFS_PROP_QUOTA:
2554 err = dsl_dir_set_quota(dsname, source, intval);
2555 break;
2556 case ZFS_PROP_REFQUOTA:
2557 err = dsl_dataset_set_refquota(dsname, source, intval);
2558 break;
2559 case ZFS_PROP_FILESYSTEM_LIMIT:
2560 case ZFS_PROP_SNAPSHOT_LIMIT:
2561 if (intval == UINT64_MAX) {
2562 /* clearing the limit, just do it */
2563 err = 0;
2564 } else {
2565 err = dsl_dir_activate_fs_ss_limit(dsname);
2566 }
2567 /*
2568 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2569 * default path to set the value in the nvlist.
2570 */
2571 if (err == 0)
2572 err = -1;
2573 break;
2574 case ZFS_PROP_KEYLOCATION:
2575 err = dsl_crypto_can_set_keylocation(dsname, strval);
2576
2577 /*
2578 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2579 * default path to set the value in the nvlist.
2580 */
2581 if (err == 0)
2582 err = -1;
2583 break;
2584 case ZFS_PROP_RESERVATION:
2585 err = dsl_dir_set_reservation(dsname, source, intval);
2586 break;
2587 case ZFS_PROP_REFRESERVATION:
2588 err = dsl_dataset_set_refreservation(dsname, source, intval);
2589 break;
2590 case ZFS_PROP_COMPRESSION:
2591 err = dsl_dataset_set_compression(dsname, source, intval);
2592 /*
2593 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2594 * default path to set the value in the nvlist.
2595 */
2596 if (err == 0)
2597 err = -1;
2598 break;
2599 case ZFS_PROP_VOLSIZE:
2600 err = zvol_set_volsize(dsname, intval);
2601 break;
2602 case ZFS_PROP_VOLTHREADING:
2603 err = zvol_set_volthreading(dsname, intval);
2604 /*
2605 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2606 * default path to set the value in the nvlist.
2607 */
2608 if (err == 0)
2609 err = -1;
2610 break;
2611 case ZFS_PROP_SNAPDEV:
2612 case ZFS_PROP_VOLMODE:
2613 err = zvol_set_common(dsname, prop, source, intval);
2614 break;
2615 case ZFS_PROP_READONLY:
2616 err = zvol_set_ro(dsname, intval);
2617 /*
2618 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2619 * default path to set the value in the nvlist.
2620 */
2621 if (err == 0)
2622 err = -1;
2623 break;
2624 case ZFS_PROP_VERSION:
2625 {
2626 zfsvfs_t *zfsvfs;
2627
2628 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2629 break;
2630
2631 err = zfs_set_version(zfsvfs, intval);
2632 zfsvfs_rele(zfsvfs, FTAG);
2633
2634 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2635 zfs_cmd_t *zc;
2636
2637 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2638 (void) strlcpy(zc->zc_name, dsname,
2639 sizeof (zc->zc_name));
2640 (void) zfs_ioc_userspace_upgrade(zc);
2641 (void) zfs_ioc_id_quota_upgrade(zc);
2642 kmem_free(zc, sizeof (zfs_cmd_t));
2643 }
2644 break;
2645 }
2646 case ZFS_PROP_LONGNAME:
2647 {
2648 zfsvfs_t *zfsvfs;
2649
2650 /*
2651 * Ignore the checks if the property is being applied as part of
2652 * 'zfs receive'. Because, we already check if the local pool
2653 * has SPA_FEATURE_LONGNAME enabled in dmu_recv_begin_check().
2654 */
2655 if (source == ZPROP_SRC_RECEIVED) {
2656 cmn_err(CE_NOTE, "Skipping ZFS_PROP_LONGNAME checks "
2657 "for dsname=%s\n", dsname);
2658 err = -1;
2659 break;
2660 }
2661
2662 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE)) != 0) {
2663 cmn_err(CE_WARN, "%s:%d Failed to hold for dsname=%s "
2664 "err=%d\n", __FILE__, __LINE__, dsname, err);
2665 break;
2666 }
2667
2668 if (!spa_feature_is_enabled(zfsvfs->z_os->os_spa,
2669 SPA_FEATURE_LONGNAME)) {
2670 err = ENOTSUP;
2671 } else {
2672 /*
2673 * Set err to -1 to force the zfs_set_prop_nvlist code
2674 * down the default path to set the value in the nvlist.
2675 */
2676 err = -1;
2677 }
2678 zfsvfs_rele(zfsvfs, FTAG);
2679 break;
2680 }
2681 case ZFS_PROP_DEFAULTUSERQUOTA:
2682 case ZFS_PROP_DEFAULTGROUPQUOTA:
2683 case ZFS_PROP_DEFAULTPROJECTQUOTA:
2684 case ZFS_PROP_DEFAULTUSEROBJQUOTA:
2685 case ZFS_PROP_DEFAULTGROUPOBJQUOTA:
2686 case ZFS_PROP_DEFAULTPROJECTOBJQUOTA:
2687 {
2688 zfsvfs_t *zfsvfs;
2689 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2690 break;
2691 err = zfs_set_default_quota(zfsvfs, prop, intval);
2692 zfsvfs_rele(zfsvfs, FTAG);
2693 break;
2694 }
2695 default:
2696 err = -1;
2697 }
2698
2699 return (err);
2700 }
2701
2702 static boolean_t
zfs_is_namespace_prop(zfs_prop_t prop)2703 zfs_is_namespace_prop(zfs_prop_t prop)
2704 {
2705 switch (prop) {
2706
2707 case ZFS_PROP_ATIME:
2708 case ZFS_PROP_RELATIME:
2709 case ZFS_PROP_DEVICES:
2710 case ZFS_PROP_EXEC:
2711 case ZFS_PROP_SETUID:
2712 case ZFS_PROP_READONLY:
2713 case ZFS_PROP_XATTR:
2714 case ZFS_PROP_NBMAND:
2715 return (B_TRUE);
2716
2717 default:
2718 return (B_FALSE);
2719 }
2720 }
2721
2722 /*
2723 * This function is best effort. If it fails to set any of the given properties,
2724 * it continues to set as many as it can and returns the last error
2725 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2726 * with the list of names of all the properties that failed along with the
2727 * corresponding error numbers.
2728 *
2729 * If every property is set successfully, zero is returned and errlist is not
2730 * modified.
2731 */
2732 int
zfs_set_prop_nvlist(const char * dsname,zprop_source_t source,nvlist_t * nvl,nvlist_t * errlist)2733 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2734 nvlist_t *errlist)
2735 {
2736 nvpair_t *pair;
2737 nvpair_t *propval;
2738 int rv = 0;
2739 int err;
2740 uint64_t intval;
2741 const char *strval;
2742 boolean_t should_update_mount_cache = B_FALSE;
2743
2744 nvlist_t *genericnvl = fnvlist_alloc();
2745 nvlist_t *retrynvl = fnvlist_alloc();
2746 retry:
2747 pair = NULL;
2748 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2749 const char *propname = nvpair_name(pair);
2750 zfs_prop_t prop = zfs_name_to_prop(propname);
2751 err = 0;
2752
2753 /* decode the property value */
2754 propval = pair;
2755 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2756 nvlist_t *attrs;
2757 attrs = fnvpair_value_nvlist(pair);
2758 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2759 &propval) != 0)
2760 err = SET_ERROR(EINVAL);
2761 }
2762
2763 /* Validate value type */
2764 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2765 /* inherited properties are expected to be booleans */
2766 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2767 err = SET_ERROR(EINVAL);
2768 } else if (err == 0 && prop == ZPROP_USERPROP) {
2769 if (zfs_prop_user(propname)) {
2770 if (nvpair_type(propval) != DATA_TYPE_STRING)
2771 err = SET_ERROR(EINVAL);
2772 } else if (zfs_prop_userquota(propname)) {
2773 if (nvpair_type(propval) !=
2774 DATA_TYPE_UINT64_ARRAY)
2775 err = SET_ERROR(EINVAL);
2776 } else {
2777 err = SET_ERROR(EINVAL);
2778 }
2779 } else if (err == 0) {
2780 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2781 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2782 err = SET_ERROR(EINVAL);
2783 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2784 const char *unused;
2785
2786 intval = fnvpair_value_uint64(propval);
2787
2788 switch (zfs_prop_get_type(prop)) {
2789 case PROP_TYPE_NUMBER:
2790 break;
2791 case PROP_TYPE_STRING:
2792 err = SET_ERROR(EINVAL);
2793 break;
2794 case PROP_TYPE_INDEX:
2795 if (zfs_prop_index_to_string(prop,
2796 intval, &unused) != 0)
2797 err =
2798 SET_ERROR(ZFS_ERR_BADPROP);
2799 break;
2800 default:
2801 cmn_err(CE_PANIC,
2802 "unknown property type");
2803 }
2804 } else {
2805 err = SET_ERROR(EINVAL);
2806 }
2807 }
2808
2809 /* Validate permissions */
2810 if (err == 0)
2811 err = zfs_check_settable(dsname, pair, CRED());
2812
2813 if (err == 0) {
2814 if (source == ZPROP_SRC_INHERITED)
2815 err = -1; /* does not need special handling */
2816 else
2817 err = zfs_prop_set_special(dsname, source,
2818 pair);
2819 if (err == -1) {
2820 /*
2821 * For better performance we build up a list of
2822 * properties to set in a single transaction.
2823 */
2824 err = nvlist_add_nvpair(genericnvl, pair);
2825 } else if (err != 0 && nvl != retrynvl) {
2826 /*
2827 * This may be a spurious error caused by
2828 * receiving quota and reservation out of order.
2829 * Try again in a second pass.
2830 */
2831 err = nvlist_add_nvpair(retrynvl, pair);
2832 }
2833 }
2834
2835 if (err != 0) {
2836 if (errlist != NULL)
2837 fnvlist_add_int32(errlist, propname, err);
2838 rv = err;
2839 }
2840
2841 if (zfs_is_namespace_prop(prop))
2842 should_update_mount_cache = B_TRUE;
2843 }
2844
2845 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2846 nvl = retrynvl;
2847 goto retry;
2848 }
2849
2850 if (nvlist_empty(genericnvl))
2851 goto out;
2852
2853 /*
2854 * Try to set them all in one batch.
2855 */
2856 err = dsl_props_set(dsname, source, genericnvl);
2857 if (err == 0)
2858 goto out;
2859
2860 /*
2861 * If batching fails, we still want to set as many properties as we
2862 * can, so try setting them individually.
2863 */
2864 pair = NULL;
2865 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2866 const char *propname = nvpair_name(pair);
2867
2868 propval = pair;
2869 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2870 nvlist_t *attrs;
2871 attrs = fnvpair_value_nvlist(pair);
2872 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE);
2873 }
2874
2875 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2876 strval = fnvpair_value_string(propval);
2877 err = dsl_prop_set_string(dsname, propname,
2878 source, strval);
2879 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2880 err = dsl_prop_inherit(dsname, propname, source);
2881 } else {
2882 intval = fnvpair_value_uint64(propval);
2883 err = dsl_prop_set_int(dsname, propname, source,
2884 intval);
2885 }
2886
2887 if (err != 0) {
2888 if (errlist != NULL) {
2889 fnvlist_add_int32(errlist, propname, err);
2890 }
2891 rv = err;
2892 }
2893 }
2894
2895 out:
2896 if (should_update_mount_cache)
2897 zfs_ioctl_update_mount_cache(dsname);
2898
2899 nvlist_free(genericnvl);
2900 nvlist_free(retrynvl);
2901
2902 return (rv);
2903 }
2904
2905 /*
2906 * Check that all the properties are valid user properties.
2907 */
2908 static int
zfs_check_userprops(nvlist_t * nvl)2909 zfs_check_userprops(nvlist_t *nvl)
2910 {
2911 nvpair_t *pair = NULL;
2912
2913 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2914 const char *propname = nvpair_name(pair);
2915
2916 if (!zfs_prop_user(propname) ||
2917 nvpair_type(pair) != DATA_TYPE_STRING)
2918 return (SET_ERROR(EINVAL));
2919
2920 if (strlen(propname) >= ZAP_MAXNAMELEN)
2921 return (SET_ERROR(ENAMETOOLONG));
2922
2923 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2924 return (SET_ERROR(E2BIG));
2925 }
2926 return (0);
2927 }
2928
2929 static void
props_skip(nvlist_t * props,nvlist_t * skipped,nvlist_t ** newprops)2930 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2931 {
2932 nvpair_t *pair;
2933
2934 VERIFY0(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP));
2935
2936 pair = NULL;
2937 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2938 if (nvlist_exists(skipped, nvpair_name(pair)))
2939 continue;
2940
2941 VERIFY0(nvlist_add_nvpair(*newprops, pair));
2942 }
2943 }
2944
2945 static int
clear_received_props(const char * dsname,nvlist_t * props,nvlist_t * skipped)2946 clear_received_props(const char *dsname, nvlist_t *props,
2947 nvlist_t *skipped)
2948 {
2949 int err = 0;
2950 nvlist_t *cleared_props = NULL;
2951 props_skip(props, skipped, &cleared_props);
2952 if (!nvlist_empty(cleared_props)) {
2953 /*
2954 * Acts on local properties until the dataset has received
2955 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2956 */
2957 zprop_source_t flags = (ZPROP_SRC_NONE |
2958 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2959 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2960 }
2961 nvlist_free(cleared_props);
2962 return (err);
2963 }
2964
2965 /*
2966 * inputs:
2967 * zc_name name of filesystem
2968 * zc_value name of property to set
2969 * zc_nvlist_src{_size} nvlist of properties to apply
2970 * zc_cookie received properties flag
2971 *
2972 * outputs:
2973 * zc_nvlist_dst{_size} error for each unapplied received property
2974 */
2975 static int
zfs_ioc_set_prop(zfs_cmd_t * zc)2976 zfs_ioc_set_prop(zfs_cmd_t *zc)
2977 {
2978 nvlist_t *nvl;
2979 boolean_t received = zc->zc_cookie;
2980 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2981 ZPROP_SRC_LOCAL);
2982 nvlist_t *errors;
2983 int error;
2984
2985 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2986 zc->zc_iflags, &nvl)) != 0)
2987 return (error);
2988
2989 if (received) {
2990 nvlist_t *origprops;
2991
2992 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2993 (void) clear_received_props(zc->zc_name,
2994 origprops, nvl);
2995 nvlist_free(origprops);
2996 }
2997
2998 error = dsl_prop_set_hasrecvd(zc->zc_name);
2999 }
3000
3001 errors = fnvlist_alloc();
3002 if (error == 0)
3003 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
3004
3005 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
3006 (void) put_nvlist(zc, errors);
3007 }
3008
3009 nvlist_free(errors);
3010 nvlist_free(nvl);
3011 return (error);
3012 }
3013
3014 /*
3015 * inputs:
3016 * zc_name name of filesystem
3017 * zc_value name of property to inherit
3018 * zc_cookie revert to received value if TRUE
3019 *
3020 * outputs: none
3021 */
3022 static int
zfs_ioc_inherit_prop(zfs_cmd_t * zc)3023 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
3024 {
3025 const char *propname = zc->zc_value;
3026 zfs_prop_t prop = zfs_name_to_prop(propname);
3027 boolean_t received = zc->zc_cookie;
3028 zprop_source_t source = (received
3029 ? ZPROP_SRC_NONE /* revert to received value, if any */
3030 : ZPROP_SRC_INHERITED); /* explicitly inherit */
3031 nvlist_t *dummy;
3032 nvpair_t *pair;
3033 zprop_type_t type;
3034 int err;
3035
3036 if (!received) {
3037 /*
3038 * Only check this in the non-received case. We want to allow
3039 * 'inherit -S' to revert non-inheritable properties like quota
3040 * and reservation to the received or default values even though
3041 * they are not considered inheritable.
3042 */
3043 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop))
3044 return (SET_ERROR(EINVAL));
3045 }
3046
3047 if (prop == ZPROP_USERPROP) {
3048 if (!zfs_prop_user(propname))
3049 return (SET_ERROR(EINVAL));
3050
3051 type = PROP_TYPE_STRING;
3052 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
3053 return (SET_ERROR(EINVAL));
3054 } else {
3055 type = zfs_prop_get_type(prop);
3056 }
3057
3058 /*
3059 * zfs_prop_set_special() expects properties in the form of an
3060 * nvpair with type info.
3061 */
3062 dummy = fnvlist_alloc();
3063
3064 switch (type) {
3065 case PROP_TYPE_STRING:
3066 VERIFY0(nvlist_add_string(dummy, propname, ""));
3067 break;
3068 case PROP_TYPE_NUMBER:
3069 case PROP_TYPE_INDEX:
3070 VERIFY0(nvlist_add_uint64(dummy, propname, 0));
3071 break;
3072 default:
3073 err = SET_ERROR(EINVAL);
3074 goto errout;
3075 }
3076
3077 pair = nvlist_next_nvpair(dummy, NULL);
3078 if (pair == NULL) {
3079 err = SET_ERROR(EINVAL);
3080 } else {
3081 err = zfs_prop_set_special(zc->zc_name, source, pair);
3082 if (err == -1) /* property is not "special", needs handling */
3083 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
3084 source);
3085 }
3086
3087 errout:
3088 nvlist_free(dummy);
3089 return (err);
3090 }
3091
3092 static int
zfs_ioc_pool_set_props(zfs_cmd_t * zc)3093 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
3094 {
3095 nvlist_t *props;
3096 spa_t *spa;
3097 int error;
3098 nvpair_t *pair;
3099
3100 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3101 zc->zc_iflags, &props)))
3102 return (error);
3103
3104 /*
3105 * If the only property is the configfile, then just do a spa_lookup()
3106 * to handle the faulted case.
3107 */
3108 pair = nvlist_next_nvpair(props, NULL);
3109 if (pair != NULL && strcmp(nvpair_name(pair),
3110 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
3111 nvlist_next_nvpair(props, pair) == NULL) {
3112 mutex_enter(&spa_namespace_lock);
3113 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
3114 spa_configfile_set(spa, props, B_FALSE);
3115 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE);
3116 }
3117 mutex_exit(&spa_namespace_lock);
3118 if (spa != NULL) {
3119 nvlist_free(props);
3120 return (0);
3121 }
3122 }
3123
3124 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
3125 nvlist_free(props);
3126 return (error);
3127 }
3128
3129 error = spa_prop_set(spa, props);
3130
3131 nvlist_free(props);
3132 spa_close(spa, FTAG);
3133
3134 return (error);
3135 }
3136
3137 /*
3138 * innvl: {
3139 * "get_props_names": [ "prop1", "prop2", ..., "propN" ]
3140 * }
3141 */
3142
3143 static const zfs_ioc_key_t zfs_keys_get_props[] = {
3144 { ZPOOL_GET_PROPS_NAMES, DATA_TYPE_STRING_ARRAY, ZK_OPTIONAL },
3145 };
3146
3147 static int
zfs_ioc_pool_get_props(const char * pool,nvlist_t * innvl,nvlist_t * outnvl)3148 zfs_ioc_pool_get_props(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
3149 {
3150 spa_t *spa;
3151 char **props = NULL;
3152 unsigned int n_props = 0;
3153 int error;
3154
3155 if (nvlist_lookup_string_array(innvl, ZPOOL_GET_PROPS_NAMES,
3156 &props, &n_props) != 0) {
3157 props = NULL;
3158 }
3159
3160 if ((error = spa_open(pool, &spa, FTAG)) != 0) {
3161 /*
3162 * If the pool is faulted, there may be properties we can still
3163 * get (such as altroot and cachefile), so attempt to get them
3164 * anyway.
3165 */
3166 mutex_enter(&spa_namespace_lock);
3167 if ((spa = spa_lookup(pool)) != NULL) {
3168 error = spa_prop_get(spa, outnvl);
3169 if (error == 0 && props != NULL)
3170 error = spa_prop_get_nvlist(spa, props, n_props,
3171 outnvl);
3172 }
3173 mutex_exit(&spa_namespace_lock);
3174 } else {
3175 error = spa_prop_get(spa, outnvl);
3176 if (error == 0 && props != NULL)
3177 error = spa_prop_get_nvlist(spa, props, n_props,
3178 outnvl);
3179 spa_close(spa, FTAG);
3180 }
3181
3182 return (error);
3183 }
3184
3185 /*
3186 * innvl: {
3187 * "vdevprops_set_vdev" -> guid
3188 * "vdevprops_set_props" -> { prop -> value }
3189 * }
3190 *
3191 * outnvl: propname -> error code (int32)
3192 */
3193 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = {
3194 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0},
3195 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0}
3196 };
3197
3198 static int
zfs_ioc_vdev_set_props(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3199 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3200 {
3201 spa_t *spa;
3202 int error;
3203 vdev_t *vd;
3204 uint64_t vdev_guid;
3205
3206 /* Early validation */
3207 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV,
3208 &vdev_guid) != 0)
3209 return (SET_ERROR(EINVAL));
3210
3211 if (outnvl == NULL)
3212 return (SET_ERROR(EINVAL));
3213
3214 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3215 return (error);
3216
3217 ASSERT(spa_writeable(spa));
3218
3219 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3220 spa_close(spa, FTAG);
3221 return (SET_ERROR(ENOENT));
3222 }
3223
3224 error = vdev_prop_set(vd, innvl, outnvl);
3225
3226 spa_close(spa, FTAG);
3227
3228 return (error);
3229 }
3230
3231 /*
3232 * innvl: {
3233 * "vdevprops_get_vdev" -> guid
3234 * (optional) "vdevprops_get_props" -> { propname -> propid }
3235 * }
3236 *
3237 * outnvl: propname -> value
3238 */
3239 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = {
3240 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0},
3241 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL}
3242 };
3243
3244 static int
zfs_ioc_vdev_get_props(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3245 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3246 {
3247 spa_t *spa;
3248 int error;
3249 vdev_t *vd;
3250 uint64_t vdev_guid;
3251
3252 /* Early validation */
3253 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV,
3254 &vdev_guid) != 0)
3255 return (SET_ERROR(EINVAL));
3256
3257 if (outnvl == NULL)
3258 return (SET_ERROR(EINVAL));
3259
3260 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3261 return (error);
3262
3263 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3264 spa_close(spa, FTAG);
3265 return (SET_ERROR(ENOENT));
3266 }
3267
3268 error = vdev_prop_get(vd, innvl, outnvl);
3269
3270 spa_close(spa, FTAG);
3271
3272 return (error);
3273 }
3274
3275 /*
3276 * inputs:
3277 * zc_name name of filesystem
3278 * zc_nvlist_src{_size} nvlist of delegated permissions
3279 * zc_perm_action allow/unallow flag
3280 *
3281 * outputs: none
3282 */
3283 static int
zfs_ioc_set_fsacl(zfs_cmd_t * zc)3284 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
3285 {
3286 int error;
3287 nvlist_t *fsaclnv = NULL;
3288
3289 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3290 zc->zc_iflags, &fsaclnv)) != 0)
3291 return (error);
3292
3293 /*
3294 * Verify nvlist is constructed correctly
3295 */
3296 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) {
3297 nvlist_free(fsaclnv);
3298 return (SET_ERROR(EINVAL));
3299 }
3300
3301 /*
3302 * If we don't have PRIV_SYS_MOUNT, then validate
3303 * that user is allowed to hand out each permission in
3304 * the nvlist(s)
3305 */
3306
3307 error = secpolicy_zfs(CRED());
3308 if (error != 0) {
3309 if (zc->zc_perm_action == B_FALSE) {
3310 error = dsl_deleg_can_allow(zc->zc_name,
3311 fsaclnv, CRED());
3312 } else {
3313 error = dsl_deleg_can_unallow(zc->zc_name,
3314 fsaclnv, CRED());
3315 }
3316 }
3317
3318 if (error == 0)
3319 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3320
3321 nvlist_free(fsaclnv);
3322 return (error);
3323 }
3324
3325 /*
3326 * inputs:
3327 * zc_name name of filesystem
3328 *
3329 * outputs:
3330 * zc_nvlist_src{_size} nvlist of delegated permissions
3331 */
3332 static int
zfs_ioc_get_fsacl(zfs_cmd_t * zc)3333 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3334 {
3335 nvlist_t *nvp;
3336 int error;
3337
3338 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3339 error = put_nvlist(zc, nvp);
3340 nvlist_free(nvp);
3341 }
3342
3343 return (error);
3344 }
3345
3346 static void
zfs_create_cb(objset_t * os,void * arg,cred_t * cr,dmu_tx_t * tx)3347 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3348 {
3349 zfs_creat_t *zct = arg;
3350
3351 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3352 }
3353
3354 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3355
3356 /*
3357 * inputs:
3358 * os parent objset pointer (NULL if root fs)
3359 * fuids_ok fuids allowed in this version of the spa?
3360 * sa_ok SAs allowed in this version of the spa?
3361 * createprops list of properties requested by creator
3362 *
3363 * outputs:
3364 * zplprops values for the zplprops we attach to the master node object
3365 * is_ci true if requested file system will be purely case-insensitive
3366 *
3367 * Determine the settings for utf8only, normalization and
3368 * casesensitivity. Specific values may have been requested by the
3369 * creator and/or we can inherit values from the parent dataset. If
3370 * the file system is of too early a vintage, a creator can not
3371 * request settings for these properties, even if the requested
3372 * setting is the default value. We don't actually want to create dsl
3373 * properties for these, so remove them from the source nvlist after
3374 * processing.
3375 */
3376 static int
zfs_fill_zplprops_impl(objset_t * os,uint64_t zplver,boolean_t fuids_ok,boolean_t sa_ok,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3377 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3378 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3379 nvlist_t *zplprops, boolean_t *is_ci)
3380 {
3381 uint64_t sense = ZFS_PROP_UNDEFINED;
3382 uint64_t norm = ZFS_PROP_UNDEFINED;
3383 uint64_t u8 = ZFS_PROP_UNDEFINED;
3384 uint64_t duq = ZFS_PROP_UNDEFINED, duoq = ZFS_PROP_UNDEFINED;
3385 uint64_t dgq = ZFS_PROP_UNDEFINED, dgoq = ZFS_PROP_UNDEFINED;
3386 uint64_t dpq = ZFS_PROP_UNDEFINED, dpoq = ZFS_PROP_UNDEFINED;
3387 int error;
3388
3389 ASSERT(zplprops != NULL);
3390
3391 /* parent dataset must be a filesystem */
3392 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3393 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3394
3395 /*
3396 * Pull out creator prop choices, if any.
3397 */
3398 if (createprops) {
3399 (void) nvlist_lookup_uint64(createprops,
3400 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3401 (void) nvlist_lookup_uint64(createprops,
3402 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3403 (void) nvlist_remove_all(createprops,
3404 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3405 (void) nvlist_lookup_uint64(createprops,
3406 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3407 (void) nvlist_remove_all(createprops,
3408 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3409 (void) nvlist_lookup_uint64(createprops,
3410 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3411 (void) nvlist_remove_all(createprops,
3412 zfs_prop_to_name(ZFS_PROP_CASE));
3413 (void) nvlist_lookup_uint64(createprops,
3414 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA), &duq);
3415 (void) nvlist_remove_all(createprops,
3416 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA));
3417 (void) nvlist_lookup_uint64(createprops,
3418 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA), &dgq);
3419 (void) nvlist_remove_all(createprops,
3420 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA));
3421 (void) nvlist_lookup_uint64(createprops,
3422 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA), &dpq);
3423 (void) nvlist_remove_all(createprops,
3424 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA));
3425 (void) nvlist_lookup_uint64(createprops,
3426 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA), &duoq);
3427 (void) nvlist_remove_all(createprops,
3428 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA));
3429 (void) nvlist_lookup_uint64(createprops,
3430 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA), &dgoq);
3431 (void) nvlist_remove_all(createprops,
3432 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA));
3433 (void) nvlist_lookup_uint64(createprops,
3434 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA), &dpoq);
3435 (void) nvlist_remove_all(createprops,
3436 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA));
3437 }
3438
3439 /*
3440 * If the zpl version requested is whacky or the file system
3441 * or pool is version is too "young" to support normalization
3442 * and the creator tried to set a value for one of the props,
3443 * error out.
3444 */
3445 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3446 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3447 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3448 (zplver < ZPL_VERSION_NORMALIZATION &&
3449 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3450 sense != ZFS_PROP_UNDEFINED)))
3451 return (SET_ERROR(ENOTSUP));
3452
3453 /*
3454 * Put the version in the zplprops
3455 */
3456 VERIFY0(nvlist_add_uint64(zplprops,
3457 zfs_prop_to_name(ZFS_PROP_VERSION), zplver));
3458
3459 if (norm == ZFS_PROP_UNDEFINED &&
3460 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3461 return (error);
3462 VERIFY0(nvlist_add_uint64(zplprops,
3463 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm));
3464
3465 /*
3466 * If we're normalizing, names must always be valid UTF-8 strings.
3467 */
3468 if (norm)
3469 u8 = 1;
3470 if (u8 == ZFS_PROP_UNDEFINED &&
3471 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3472 return (error);
3473 VERIFY0(nvlist_add_uint64(zplprops,
3474 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8));
3475
3476 if (sense == ZFS_PROP_UNDEFINED &&
3477 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3478 return (error);
3479 VERIFY0(nvlist_add_uint64(zplprops,
3480 zfs_prop_to_name(ZFS_PROP_CASE), sense));
3481
3482 if (duq == ZFS_PROP_UNDEFINED &&
3483 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTUSERQUOTA, &duq)) != 0)
3484 return (error);
3485 VERIFY0(nvlist_add_uint64(zplprops,
3486 zfs_prop_to_name(ZFS_PROP_DEFAULTUSERQUOTA), duq));
3487
3488 if (dgq == ZFS_PROP_UNDEFINED &&
3489 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTGROUPQUOTA,
3490 &dgq)) != 0)
3491 return (error);
3492 VERIFY0(nvlist_add_uint64(zplprops,
3493 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPQUOTA), dgq));
3494
3495 if (dpq == ZFS_PROP_UNDEFINED &&
3496 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTPROJECTQUOTA,
3497 &dpq)) != 0)
3498 return (error);
3499 VERIFY0(nvlist_add_uint64(zplprops,
3500 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTQUOTA), dpq));
3501
3502 if (duoq == ZFS_PROP_UNDEFINED &&
3503 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTUSEROBJQUOTA,
3504 &duoq)) != 0)
3505 return (error);
3506 VERIFY0(nvlist_add_uint64(zplprops,
3507 zfs_prop_to_name(ZFS_PROP_DEFAULTUSEROBJQUOTA), duoq));
3508
3509 if (dgoq == ZFS_PROP_UNDEFINED &&
3510 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTGROUPOBJQUOTA,
3511 &dgoq)) != 0)
3512 return (error);
3513 VERIFY0(nvlist_add_uint64(zplprops,
3514 zfs_prop_to_name(ZFS_PROP_DEFAULTGROUPOBJQUOTA), dgoq));
3515
3516 if (dpoq == ZFS_PROP_UNDEFINED &&
3517 (error = zfs_get_zplprop(os, ZFS_PROP_DEFAULTPROJECTOBJQUOTA,
3518 &dpoq)) != 0)
3519 return (error);
3520 VERIFY0(nvlist_add_uint64(zplprops,
3521 zfs_prop_to_name(ZFS_PROP_DEFAULTPROJECTOBJQUOTA), dpoq));
3522
3523 if (is_ci)
3524 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3525
3526 return (0);
3527 }
3528
3529 static int
zfs_fill_zplprops(const char * dataset,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3530 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3531 nvlist_t *zplprops, boolean_t *is_ci)
3532 {
3533 boolean_t fuids_ok, sa_ok;
3534 uint64_t zplver = ZPL_VERSION;
3535 objset_t *os = NULL;
3536 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3537 spa_t *spa;
3538 uint64_t spa_vers;
3539 int error;
3540
3541 zfs_get_parent(dataset, parentname, sizeof (parentname));
3542
3543 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3544 return (error);
3545
3546 spa_vers = spa_version(spa);
3547 spa_close(spa, FTAG);
3548
3549 zplver = zfs_zpl_version_map(spa_vers);
3550 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3551 sa_ok = (zplver >= ZPL_VERSION_SA);
3552
3553 /*
3554 * Open parent object set so we can inherit zplprop values.
3555 */
3556 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3557 return (error);
3558
3559 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3560 zplprops, is_ci);
3561 dmu_objset_rele(os, FTAG);
3562 return (error);
3563 }
3564
3565 static int
zfs_fill_zplprops_root(uint64_t spa_vers,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3566 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3567 nvlist_t *zplprops, boolean_t *is_ci)
3568 {
3569 boolean_t fuids_ok;
3570 boolean_t sa_ok;
3571 uint64_t zplver = ZPL_VERSION;
3572 int error;
3573
3574 zplver = zfs_zpl_version_map(spa_vers);
3575 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3576 sa_ok = (zplver >= ZPL_VERSION_SA);
3577
3578 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3579 createprops, zplprops, is_ci);
3580 return (error);
3581 }
3582
3583 /*
3584 * innvl: {
3585 * "type" -> dmu_objset_type_t (int32)
3586 * (optional) "props" -> { prop -> value }
3587 * (optional) "hidden_args" -> { "wkeydata" -> value }
3588 * raw uint8_t array of encryption wrapping key data (32 bytes)
3589 * }
3590 *
3591 * outnvl: propname -> error code (int32)
3592 */
3593
3594 static const zfs_ioc_key_t zfs_keys_create[] = {
3595 {"type", DATA_TYPE_INT32, 0},
3596 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3597 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3598 };
3599
3600 static int
zfs_ioc_create(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3601 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3602 {
3603 int error = 0;
3604 zfs_creat_t zct = { 0 };
3605 nvlist_t *nvprops = NULL;
3606 nvlist_t *hidden_args = NULL;
3607 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3608 dmu_objset_type_t type;
3609 boolean_t is_insensitive = B_FALSE;
3610 dsl_crypto_params_t *dcp = NULL;
3611
3612 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3613 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3614 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3615
3616 switch (type) {
3617 case DMU_OST_ZFS:
3618 cbfunc = zfs_create_cb;
3619 break;
3620
3621 case DMU_OST_ZVOL:
3622 cbfunc = zvol_create_cb;
3623 break;
3624
3625 default:
3626 cbfunc = NULL;
3627 break;
3628 }
3629 if (strchr(fsname, '@') ||
3630 strchr(fsname, '%'))
3631 return (SET_ERROR(EINVAL));
3632
3633 zct.zct_props = nvprops;
3634
3635 if (cbfunc == NULL)
3636 return (SET_ERROR(EINVAL));
3637
3638 if (type == DMU_OST_ZVOL) {
3639 uint64_t volsize, volblocksize;
3640
3641 if (nvprops == NULL)
3642 return (SET_ERROR(EINVAL));
3643 if (nvlist_lookup_uint64(nvprops,
3644 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3645 return (SET_ERROR(EINVAL));
3646
3647 if ((error = nvlist_lookup_uint64(nvprops,
3648 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3649 &volblocksize)) != 0 && error != ENOENT)
3650 return (SET_ERROR(EINVAL));
3651
3652 if (error != 0)
3653 volblocksize = zfs_prop_default_numeric(
3654 ZFS_PROP_VOLBLOCKSIZE);
3655
3656 if ((error = zvol_check_volblocksize(fsname,
3657 volblocksize)) != 0 ||
3658 (error = zvol_check_volsize(volsize,
3659 volblocksize)) != 0)
3660 return (error);
3661 } else if (type == DMU_OST_ZFS) {
3662 int error;
3663
3664 /*
3665 * We have to have normalization and
3666 * case-folding flags correct when we do the
3667 * file system creation, so go figure them out
3668 * now.
3669 */
3670 VERIFY0(nvlist_alloc(&zct.zct_zplprops,
3671 NV_UNIQUE_NAME, KM_SLEEP));
3672 error = zfs_fill_zplprops(fsname, nvprops,
3673 zct.zct_zplprops, &is_insensitive);
3674 if (error != 0) {
3675 nvlist_free(zct.zct_zplprops);
3676 return (error);
3677 }
3678 }
3679
3680 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3681 hidden_args, &dcp);
3682 if (error != 0) {
3683 nvlist_free(zct.zct_zplprops);
3684 return (error);
3685 }
3686
3687 error = dmu_objset_create(fsname, type,
3688 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3689
3690 nvlist_free(zct.zct_zplprops);
3691 dsl_crypto_params_free(dcp, !!error);
3692
3693 /*
3694 * It would be nice to do this atomically.
3695 */
3696 if (error == 0) {
3697 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3698 nvprops, outnvl);
3699 if (error != 0) {
3700 spa_t *spa;
3701 int error2;
3702
3703 /*
3704 * Volumes will return EBUSY and cannot be destroyed
3705 * until all asynchronous minor handling (e.g. from
3706 * setting the volmode property) has completed. Wait for
3707 * the spa_zvol_taskq to drain then retry.
3708 */
3709 error2 = dsl_destroy_head(fsname);
3710 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3711 error2 = spa_open(fsname, &spa, FTAG);
3712 if (error2 == 0) {
3713 taskq_wait(spa->spa_zvol_taskq);
3714 spa_close(spa, FTAG);
3715 }
3716 error2 = dsl_destroy_head(fsname);
3717 }
3718 }
3719 }
3720 return (error);
3721 }
3722
3723 /*
3724 * innvl: {
3725 * "origin" -> name of origin snapshot
3726 * (optional) "props" -> { prop -> value }
3727 * (optional) "hidden_args" -> { "wkeydata" -> value }
3728 * raw uint8_t array of encryption wrapping key data (32 bytes)
3729 * }
3730 *
3731 * outputs:
3732 * outnvl: propname -> error code (int32)
3733 */
3734 static const zfs_ioc_key_t zfs_keys_clone[] = {
3735 {"origin", DATA_TYPE_STRING, 0},
3736 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3737 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3738 };
3739
3740 static int
zfs_ioc_clone(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3741 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3742 {
3743 int error = 0;
3744 nvlist_t *nvprops = NULL;
3745 const char *origin_name;
3746
3747 origin_name = fnvlist_lookup_string(innvl, "origin");
3748 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3749
3750 if (strchr(fsname, '@') ||
3751 strchr(fsname, '%'))
3752 return (SET_ERROR(EINVAL));
3753
3754 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3755 return (SET_ERROR(EINVAL));
3756
3757 error = dsl_dataset_clone(fsname, origin_name);
3758
3759 /*
3760 * It would be nice to do this atomically.
3761 */
3762 if (error == 0) {
3763 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3764 nvprops, outnvl);
3765 if (error != 0)
3766 (void) dsl_destroy_head(fsname);
3767 }
3768 return (error);
3769 }
3770
3771 static const zfs_ioc_key_t zfs_keys_remap[] = {
3772 /* no nvl keys */
3773 };
3774
3775 static int
zfs_ioc_remap(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3776 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3777 {
3778 /* This IOCTL is no longer supported. */
3779 (void) fsname, (void) innvl, (void) outnvl;
3780 return (0);
3781 }
3782
3783 /*
3784 * innvl: {
3785 * "snaps" -> { snapshot1, snapshot2 }
3786 * (optional) "props" -> { prop -> value (string) }
3787 * }
3788 *
3789 * outnvl: snapshot -> error code (int32)
3790 */
3791 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3792 {"snaps", DATA_TYPE_NVLIST, 0},
3793 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3794 };
3795
3796 static int
zfs_ioc_snapshot(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3797 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3798 {
3799 nvlist_t *snaps;
3800 nvlist_t *props = NULL;
3801 int error, poollen;
3802 nvpair_t *pair;
3803
3804 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3805 if (!nvlist_empty(props) &&
3806 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3807 return (SET_ERROR(ENOTSUP));
3808 if ((error = zfs_check_userprops(props)) != 0)
3809 return (error);
3810
3811 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3812 poollen = strlen(poolname);
3813 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3814 pair = nvlist_next_nvpair(snaps, pair)) {
3815 const char *name = nvpair_name(pair);
3816 char *cp = strchr(name, '@');
3817
3818 /*
3819 * The snap name must contain an @, and the part after it must
3820 * contain only valid characters.
3821 */
3822 if (cp == NULL ||
3823 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3824 return (SET_ERROR(EINVAL));
3825
3826 /*
3827 * The snap must be in the specified pool.
3828 */
3829 if (strncmp(name, poolname, poollen) != 0 ||
3830 (name[poollen] != '/' && name[poollen] != '@'))
3831 return (SET_ERROR(EXDEV));
3832
3833 /*
3834 * Check for permission to set the properties on the fs.
3835 */
3836 if (!nvlist_empty(props)) {
3837 *cp = '\0';
3838 error = zfs_secpolicy_write_perms(name,
3839 ZFS_DELEG_PERM_USERPROP, CRED());
3840 *cp = '@';
3841 if (error != 0)
3842 return (error);
3843 }
3844
3845 /* This must be the only snap of this fs. */
3846 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3847 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3848 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3849 == 0) {
3850 return (SET_ERROR(EXDEV));
3851 }
3852 }
3853 }
3854
3855 error = dsl_dataset_snapshot(snaps, props, outnvl);
3856
3857 return (error);
3858 }
3859
3860 /*
3861 * innvl: "message" -> string
3862 */
3863 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3864 {"message", DATA_TYPE_STRING, 0},
3865 };
3866
3867 static int
zfs_ioc_log_history(const char * unused,nvlist_t * innvl,nvlist_t * outnvl)3868 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3869 {
3870 (void) unused, (void) outnvl;
3871 const char *message;
3872 char *poolname;
3873 spa_t *spa;
3874 int error;
3875
3876 /*
3877 * The poolname in the ioctl is not set, we get it from the TSD,
3878 * which was set at the end of the last successful ioctl that allows
3879 * logging. The secpolicy func already checked that it is set.
3880 * Only one log ioctl is allowed after each successful ioctl, so
3881 * we clear the TSD here.
3882 */
3883 poolname = tsd_get(zfs_allow_log_key);
3884 if (poolname == NULL)
3885 return (SET_ERROR(EINVAL));
3886 (void) tsd_set(zfs_allow_log_key, NULL);
3887 error = spa_open(poolname, &spa, FTAG);
3888 kmem_strfree(poolname);
3889 if (error != 0)
3890 return (error);
3891
3892 message = fnvlist_lookup_string(innvl, "message");
3893
3894 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3895 spa_close(spa, FTAG);
3896 return (SET_ERROR(ENOTSUP));
3897 }
3898
3899 error = spa_history_log(spa, message);
3900 spa_close(spa, FTAG);
3901 return (error);
3902 }
3903
3904 /*
3905 * This ioctl is used to set the bootenv configuration on the current
3906 * pool. This configuration is stored in the second padding area of the label,
3907 * and it is used by the bootloader(s) to store the bootloader and/or system
3908 * specific data.
3909 * The data is stored as nvlist data stream, and is protected by
3910 * an embedded checksum.
3911 * The version can have two possible values:
3912 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3913 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3914 */
3915 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3916 {"version", DATA_TYPE_UINT64, 0},
3917 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3918 };
3919
3920 static int
zfs_ioc_set_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3921 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3922 {
3923 int error;
3924 spa_t *spa;
3925
3926 if ((error = spa_open(name, &spa, FTAG)) != 0)
3927 return (error);
3928 spa_vdev_state_enter(spa, SCL_ALL);
3929 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3930 (void) spa_vdev_state_exit(spa, NULL, 0);
3931 spa_close(spa, FTAG);
3932 return (error);
3933 }
3934
3935 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3936 /* no nvl keys */
3937 };
3938
3939 static int
zfs_ioc_get_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3940 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3941 {
3942 spa_t *spa;
3943 int error;
3944
3945 if ((error = spa_open(name, &spa, FTAG)) != 0)
3946 return (error);
3947 spa_vdev_state_enter(spa, SCL_ALL);
3948 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3949 (void) spa_vdev_state_exit(spa, NULL, 0);
3950 spa_close(spa, FTAG);
3951 return (error);
3952 }
3953
3954 /*
3955 * The dp_config_rwlock must not be held when calling this, because the
3956 * unmount may need to write out data.
3957 *
3958 * This function is best-effort. Callers must deal gracefully if it
3959 * remains mounted (or is remounted after this call).
3960 *
3961 * Returns 0 if the argument is not a snapshot, or it is not currently a
3962 * filesystem, or we were able to unmount it. Returns error code otherwise.
3963 */
3964 void
zfs_unmount_snap(const char * snapname)3965 zfs_unmount_snap(const char *snapname)
3966 {
3967 if (strchr(snapname, '@') == NULL)
3968 return;
3969
3970 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3971 }
3972
3973 static int
zfs_unmount_snap_cb(const char * snapname,void * arg)3974 zfs_unmount_snap_cb(const char *snapname, void *arg)
3975 {
3976 (void) arg;
3977 zfs_unmount_snap(snapname);
3978 return (0);
3979 }
3980
3981 /*
3982 * When a clone is destroyed, its origin may also need to be destroyed,
3983 * in which case it must be unmounted. This routine will do that unmount
3984 * if necessary.
3985 */
3986 void
zfs_destroy_unmount_origin(const char * fsname)3987 zfs_destroy_unmount_origin(const char *fsname)
3988 {
3989 int error;
3990 objset_t *os;
3991 dsl_dataset_t *ds;
3992
3993 error = dmu_objset_hold(fsname, FTAG, &os);
3994 if (error != 0)
3995 return;
3996 ds = dmu_objset_ds(os);
3997 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3998 char originname[ZFS_MAX_DATASET_NAME_LEN];
3999 dsl_dataset_name(ds->ds_prev, originname);
4000 dmu_objset_rele(os, FTAG);
4001 zfs_unmount_snap(originname);
4002 } else {
4003 dmu_objset_rele(os, FTAG);
4004 }
4005 }
4006
4007 /*
4008 * innvl: {
4009 * "snaps" -> { snapshot1, snapshot2 }
4010 * (optional boolean) "defer"
4011 * }
4012 *
4013 * outnvl: snapshot -> error code (int32)
4014 */
4015 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
4016 {"snaps", DATA_TYPE_NVLIST, 0},
4017 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
4018 };
4019
4020 static int
zfs_ioc_destroy_snaps(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4021 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4022 {
4023 int poollen;
4024 nvlist_t *snaps;
4025 nvpair_t *pair;
4026 boolean_t defer;
4027 spa_t *spa;
4028
4029 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
4030 defer = nvlist_exists(innvl, "defer");
4031
4032 poollen = strlen(poolname);
4033 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
4034 pair = nvlist_next_nvpair(snaps, pair)) {
4035 const char *name = nvpair_name(pair);
4036
4037 /*
4038 * The snap must be in the specified pool to prevent the
4039 * invalid removal of zvol minors below.
4040 */
4041 if (strncmp(name, poolname, poollen) != 0 ||
4042 (name[poollen] != '/' && name[poollen] != '@'))
4043 return (SET_ERROR(EXDEV));
4044
4045 zfs_unmount_snap(nvpair_name(pair));
4046 if (spa_open(name, &spa, FTAG) == 0) {
4047 zvol_remove_minors(spa, name, B_TRUE);
4048 spa_close(spa, FTAG);
4049 }
4050 }
4051
4052 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
4053 }
4054
4055 /*
4056 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
4057 * All bookmarks and snapshots must be in the same pool.
4058 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
4059 *
4060 * innvl: {
4061 * new_bookmark1 -> existing_snapshot,
4062 * new_bookmark2 -> existing_bookmark,
4063 * }
4064 *
4065 * outnvl: bookmark -> error code (int32)
4066 *
4067 */
4068 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
4069 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
4070 };
4071
4072 static int
zfs_ioc_bookmark(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4073 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4074 {
4075 (void) poolname;
4076 return (dsl_bookmark_create(innvl, outnvl));
4077 }
4078
4079 /*
4080 * innvl: {
4081 * property 1, property 2, ...
4082 * }
4083 *
4084 * outnvl: {
4085 * bookmark name 1 -> { property 1, property 2, ... },
4086 * bookmark name 2 -> { property 1, property 2, ... }
4087 * }
4088 *
4089 */
4090 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
4091 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
4092 };
4093
4094 static int
zfs_ioc_get_bookmarks(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)4095 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4096 {
4097 return (dsl_get_bookmarks(fsname, innvl, outnvl));
4098 }
4099
4100 /*
4101 * innvl is not used.
4102 *
4103 * outnvl: {
4104 * property 1, property 2, ...
4105 * }
4106 *
4107 */
4108 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
4109 /* no nvl keys */
4110 };
4111
4112 static int
zfs_ioc_get_bookmark_props(const char * bookmark,nvlist_t * innvl,nvlist_t * outnvl)4113 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
4114 nvlist_t *outnvl)
4115 {
4116 (void) innvl;
4117 char fsname[ZFS_MAX_DATASET_NAME_LEN];
4118 char *bmname;
4119
4120 bmname = strchr(bookmark, '#');
4121 if (bmname == NULL)
4122 return (SET_ERROR(EINVAL));
4123 bmname++;
4124
4125 (void) strlcpy(fsname, bookmark, sizeof (fsname));
4126 *(strchr(fsname, '#')) = '\0';
4127
4128 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
4129 }
4130
4131 /*
4132 * innvl: {
4133 * bookmark name 1, bookmark name 2
4134 * }
4135 *
4136 * outnvl: bookmark -> error code (int32)
4137 *
4138 */
4139 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
4140 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
4141 };
4142
4143 static int
zfs_ioc_destroy_bookmarks(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4144 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
4145 nvlist_t *outnvl)
4146 {
4147 int error, poollen;
4148
4149 poollen = strlen(poolname);
4150 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
4151 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
4152 const char *name = nvpair_name(pair);
4153 const char *cp = strchr(name, '#');
4154
4155 /*
4156 * The bookmark name must contain an #, and the part after it
4157 * must contain only valid characters.
4158 */
4159 if (cp == NULL ||
4160 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4161 return (SET_ERROR(EINVAL));
4162
4163 /*
4164 * The bookmark must be in the specified pool.
4165 */
4166 if (strncmp(name, poolname, poollen) != 0 ||
4167 (name[poollen] != '/' && name[poollen] != '#'))
4168 return (SET_ERROR(EXDEV));
4169 }
4170
4171 error = dsl_bookmark_destroy(innvl, outnvl);
4172 return (error);
4173 }
4174
4175 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
4176 {"program", DATA_TYPE_STRING, 0},
4177 {"arg", DATA_TYPE_ANY, 0},
4178 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4179 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
4180 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
4181 };
4182
4183 static int
zfs_ioc_channel_program(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4184 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
4185 nvlist_t *outnvl)
4186 {
4187 const char *program;
4188 uint64_t instrlimit, memlimit;
4189 boolean_t sync_flag;
4190 nvpair_t *nvarg = NULL;
4191
4192 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
4193 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
4194 sync_flag = B_TRUE;
4195 }
4196 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
4197 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
4198 }
4199 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
4200 memlimit = ZCP_DEFAULT_MEMLIMIT;
4201 }
4202 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
4203
4204 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
4205 return (SET_ERROR(EINVAL));
4206 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
4207 return (SET_ERROR(EINVAL));
4208
4209 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
4210 nvarg, outnvl));
4211 }
4212
4213 /*
4214 * innvl: unused
4215 * outnvl: empty
4216 */
4217 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
4218 /* no nvl keys */
4219 };
4220
4221 static int
zfs_ioc_pool_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4222 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4223 {
4224 (void) innvl, (void) outnvl;
4225 return (spa_checkpoint(poolname));
4226 }
4227
4228 /*
4229 * innvl: unused
4230 * outnvl: empty
4231 */
4232 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
4233 /* no nvl keys */
4234 };
4235
4236 static int
zfs_ioc_pool_discard_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4237 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
4238 nvlist_t *outnvl)
4239 {
4240 (void) innvl, (void) outnvl;
4241 return (spa_checkpoint_discard(poolname));
4242 }
4243
4244 /*
4245 * Loads specific types of data for the given pool
4246 *
4247 * innvl: {
4248 * "prefetch_type" -> int32_t
4249 * }
4250 *
4251 * outnvl: empty
4252 */
4253 static const zfs_ioc_key_t zfs_keys_pool_prefetch[] = {
4254 {ZPOOL_PREFETCH_TYPE, DATA_TYPE_INT32, 0},
4255 };
4256
4257 static int
zfs_ioc_pool_prefetch(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4258 zfs_ioc_pool_prefetch(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4259 {
4260 (void) outnvl;
4261
4262 int error;
4263 spa_t *spa;
4264 int32_t type;
4265
4266 /*
4267 * Currently, only ZPOOL_PREFETCH_DDT is supported
4268 */
4269 if (nvlist_lookup_int32(innvl, ZPOOL_PREFETCH_TYPE, &type) != 0 ||
4270 type != ZPOOL_PREFETCH_DDT) {
4271 return (EINVAL);
4272 }
4273
4274 error = spa_open(poolname, &spa, FTAG);
4275 if (error != 0)
4276 return (error);
4277
4278 hrtime_t start_time = gethrtime();
4279
4280 ddt_prefetch_all(spa);
4281
4282 zfs_dbgmsg("pool '%s': loaded ddt into ARC in %llu ms", spa->spa_name,
4283 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time));
4284
4285 spa_close(spa, FTAG);
4286
4287 return (error);
4288 }
4289
4290 /*
4291 * inputs:
4292 * zc_name name of dataset to destroy
4293 * zc_defer_destroy mark for deferred destroy
4294 *
4295 * outputs: none
4296 */
4297 static int
zfs_ioc_destroy(zfs_cmd_t * zc)4298 zfs_ioc_destroy(zfs_cmd_t *zc)
4299 {
4300 objset_t *os;
4301 dmu_objset_type_t ost;
4302 int err;
4303
4304 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4305 if (err != 0)
4306 return (err);
4307 ost = dmu_objset_type(os);
4308 dmu_objset_rele(os, FTAG);
4309
4310 if (ost == DMU_OST_ZFS)
4311 zfs_unmount_snap(zc->zc_name);
4312
4313 if (strchr(zc->zc_name, '@')) {
4314 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
4315 } else {
4316 err = dsl_destroy_head(zc->zc_name);
4317 if (err == EEXIST) {
4318 /*
4319 * It is possible that the given DS may have
4320 * hidden child (%recv) datasets - "leftovers"
4321 * resulting from the previously interrupted
4322 * 'zfs receive'.
4323 *
4324 * 6 extra bytes for /%recv
4325 */
4326 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
4327
4328 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
4329 zc->zc_name, recv_clone_name) >=
4330 sizeof (namebuf))
4331 return (SET_ERROR(EINVAL));
4332
4333 /*
4334 * Try to remove the hidden child (%recv) and after
4335 * that try to remove the target dataset.
4336 * If the hidden child (%recv) does not exist
4337 * the original error (EEXIST) will be returned
4338 */
4339 err = dsl_destroy_head(namebuf);
4340 if (err == 0)
4341 err = dsl_destroy_head(zc->zc_name);
4342 else if (err == ENOENT)
4343 err = SET_ERROR(EEXIST);
4344 }
4345 }
4346
4347 return (err);
4348 }
4349
4350 /*
4351 * innvl: {
4352 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
4353 * "initialize_vdevs": { -> guids to initialize (nvlist)
4354 * "vdev_path_1": vdev_guid_1, (uint64),
4355 * "vdev_path_2": vdev_guid_2, (uint64),
4356 * ...
4357 * },
4358 * }
4359 *
4360 * outnvl: {
4361 * "initialize_vdevs": { -> initialization errors (nvlist)
4362 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4363 * "vdev_path_2": errno, ... (uint64)
4364 * ...
4365 * }
4366 * }
4367 *
4368 * EINVAL is returned for an unknown commands or if any of the provided vdev
4369 * guids have be specified with a type other than uint64.
4370 */
4371 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
4372 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
4373 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
4374 };
4375
4376 static int
zfs_ioc_pool_initialize(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4377 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4378 {
4379 uint64_t cmd_type;
4380 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
4381 &cmd_type) != 0) {
4382 return (SET_ERROR(EINVAL));
4383 }
4384
4385 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
4386 cmd_type == POOL_INITIALIZE_START ||
4387 cmd_type == POOL_INITIALIZE_SUSPEND ||
4388 cmd_type == POOL_INITIALIZE_UNINIT)) {
4389 return (SET_ERROR(EINVAL));
4390 }
4391
4392 nvlist_t *vdev_guids;
4393 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
4394 &vdev_guids) != 0) {
4395 return (SET_ERROR(EINVAL));
4396 }
4397
4398 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4399 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4400 uint64_t vdev_guid;
4401 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4402 return (SET_ERROR(EINVAL));
4403 }
4404 }
4405
4406 spa_t *spa;
4407 int error = spa_open(poolname, &spa, FTAG);
4408 if (error != 0)
4409 return (error);
4410
4411 nvlist_t *vdev_errlist = fnvlist_alloc();
4412 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
4413 vdev_errlist);
4414
4415 if (fnvlist_size(vdev_errlist) > 0) {
4416 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
4417 vdev_errlist);
4418 }
4419 fnvlist_free(vdev_errlist);
4420
4421 spa_close(spa, FTAG);
4422 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4423 }
4424
4425 /*
4426 * innvl: {
4427 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
4428 * "trim_vdevs": { -> guids to TRIM (nvlist)
4429 * "vdev_path_1": vdev_guid_1, (uint64),
4430 * "vdev_path_2": vdev_guid_2, (uint64),
4431 * ...
4432 * },
4433 * "trim_rate" -> Target TRIM rate in bytes/sec.
4434 * "trim_secure" -> Set to request a secure TRIM.
4435 * }
4436 *
4437 * outnvl: {
4438 * "trim_vdevs": { -> TRIM errors (nvlist)
4439 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4440 * "vdev_path_2": errno, ... (uint64)
4441 * ...
4442 * }
4443 * }
4444 *
4445 * EINVAL is returned for an unknown commands or if any of the provided vdev
4446 * guids have be specified with a type other than uint64.
4447 */
4448 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4449 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4450 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4451 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4452 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4453 };
4454
4455 static int
zfs_ioc_pool_trim(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4456 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4457 {
4458 uint64_t cmd_type;
4459 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4460 return (SET_ERROR(EINVAL));
4461
4462 if (!(cmd_type == POOL_TRIM_CANCEL ||
4463 cmd_type == POOL_TRIM_START ||
4464 cmd_type == POOL_TRIM_SUSPEND)) {
4465 return (SET_ERROR(EINVAL));
4466 }
4467
4468 nvlist_t *vdev_guids;
4469 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4470 return (SET_ERROR(EINVAL));
4471
4472 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4473 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4474 uint64_t vdev_guid;
4475 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4476 return (SET_ERROR(EINVAL));
4477 }
4478 }
4479
4480 /* Optional, defaults to maximum rate when not provided */
4481 uint64_t rate;
4482 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4483 rate = 0;
4484
4485 /* Optional, defaults to standard TRIM when not provided */
4486 boolean_t secure;
4487 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4488 &secure) != 0) {
4489 secure = B_FALSE;
4490 }
4491
4492 spa_t *spa;
4493 int error = spa_open(poolname, &spa, FTAG);
4494 if (error != 0)
4495 return (error);
4496
4497 nvlist_t *vdev_errlist = fnvlist_alloc();
4498 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4499 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4500
4501 if (fnvlist_size(vdev_errlist) > 0)
4502 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4503
4504 fnvlist_free(vdev_errlist);
4505
4506 spa_close(spa, FTAG);
4507 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4508 }
4509
4510 #define DDT_PRUNE_UNIT "ddt_prune_unit"
4511 #define DDT_PRUNE_AMOUNT "ddt_prune_amount"
4512
4513 /*
4514 * innvl: {
4515 * "ddt_prune_unit" -> uint32_t
4516 * "ddt_prune_amount" -> uint64_t
4517 * }
4518 *
4519 * outnvl: "waited" -> boolean_t
4520 */
4521 static const zfs_ioc_key_t zfs_keys_ddt_prune[] = {
4522 {DDT_PRUNE_UNIT, DATA_TYPE_INT32, 0},
4523 {DDT_PRUNE_AMOUNT, DATA_TYPE_UINT64, 0},
4524 };
4525
4526 static int
zfs_ioc_ddt_prune(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4527 zfs_ioc_ddt_prune(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4528 {
4529 int32_t unit;
4530 uint64_t amount;
4531
4532 if (nvlist_lookup_int32(innvl, DDT_PRUNE_UNIT, &unit) != 0 ||
4533 nvlist_lookup_uint64(innvl, DDT_PRUNE_AMOUNT, &amount) != 0) {
4534 return (EINVAL);
4535 }
4536
4537 spa_t *spa;
4538 int error = spa_open(poolname, &spa, FTAG);
4539 if (error != 0)
4540 return (error);
4541
4542 if (!spa_feature_is_enabled(spa, SPA_FEATURE_FAST_DEDUP)) {
4543 spa_close(spa, FTAG);
4544 return (SET_ERROR(ENOTSUP));
4545 }
4546
4547 error = ddt_prune_unique_entries(spa, (zpool_ddt_prune_unit_t)unit,
4548 amount);
4549
4550 spa_close(spa, FTAG);
4551
4552 return (error);
4553 }
4554
4555 /*
4556 * This ioctl waits for activity of a particular type to complete. If there is
4557 * no activity of that type in progress, it returns immediately, and the
4558 * returned value "waited" is false. If there is activity in progress, and no
4559 * tag is passed in, the ioctl blocks until all activity of that type is
4560 * complete, and then returns with "waited" set to true.
4561 *
4562 * If a tag is provided, it identifies a particular instance of an activity to
4563 * wait for. Currently, this is only valid for use with 'initialize', because
4564 * that is the only activity for which there can be multiple instances running
4565 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4566 * the vdev on which to wait.
4567 *
4568 * If a thread waiting in the ioctl receives a signal, the call will return
4569 * immediately, and the return value will be EINTR.
4570 *
4571 * innvl: {
4572 * "wait_activity" -> int32_t
4573 * (optional) "wait_tag" -> uint64_t
4574 * }
4575 *
4576 * outnvl: "waited" -> boolean_t
4577 */
4578 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4579 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4580 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4581 };
4582
4583 static int
zfs_ioc_wait(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4584 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4585 {
4586 int32_t activity;
4587 uint64_t tag;
4588 boolean_t waited;
4589 int error;
4590
4591 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4592 return (EINVAL);
4593
4594 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4595 error = spa_wait_tag(name, activity, tag, &waited);
4596 else
4597 error = spa_wait(name, activity, &waited);
4598
4599 if (error == 0)
4600 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4601
4602 return (error);
4603 }
4604
4605 /*
4606 * This ioctl waits for activity of a particular type to complete. If there is
4607 * no activity of that type in progress, it returns immediately, and the
4608 * returned value "waited" is false. If there is activity in progress, and no
4609 * tag is passed in, the ioctl blocks until all activity of that type is
4610 * complete, and then returns with "waited" set to true.
4611 *
4612 * If a thread waiting in the ioctl receives a signal, the call will return
4613 * immediately, and the return value will be EINTR.
4614 *
4615 * innvl: {
4616 * "wait_activity" -> int32_t
4617 * }
4618 *
4619 * outnvl: "waited" -> boolean_t
4620 */
4621 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4622 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4623 };
4624
4625 static int
zfs_ioc_wait_fs(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4626 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4627 {
4628 int32_t activity;
4629 boolean_t waited = B_FALSE;
4630 int error;
4631 dsl_pool_t *dp;
4632 dsl_dir_t *dd;
4633 dsl_dataset_t *ds;
4634
4635 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4636 return (SET_ERROR(EINVAL));
4637
4638 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4639 return (SET_ERROR(EINVAL));
4640
4641 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4642 return (error);
4643
4644 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4645 dsl_pool_rele(dp, FTAG);
4646 return (error);
4647 }
4648
4649 dd = ds->ds_dir;
4650 mutex_enter(&dd->dd_activity_lock);
4651 dd->dd_activity_waiters++;
4652
4653 /*
4654 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4655 * aren't evicted while we're waiting. Normally this is prevented by
4656 * holding the pool, but we can't do that while we're waiting since
4657 * that would prevent TXGs from syncing out. Some of the functionality
4658 * of long-holds (e.g. preventing deletion) is unnecessary for this
4659 * case, since we would cancel the waiters before proceeding with a
4660 * deletion. An alternative mechanism for keeping the dataset around
4661 * could be developed but this is simpler.
4662 */
4663 dsl_dataset_long_hold(ds, FTAG);
4664 dsl_pool_rele(dp, FTAG);
4665
4666 error = dsl_dir_wait(dd, ds, activity, &waited);
4667
4668 dsl_dataset_long_rele(ds, FTAG);
4669 dd->dd_activity_waiters--;
4670 if (dd->dd_activity_waiters == 0)
4671 cv_signal(&dd->dd_activity_cv);
4672 mutex_exit(&dd->dd_activity_lock);
4673
4674 dsl_dataset_rele(ds, FTAG);
4675
4676 if (error == 0)
4677 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4678
4679 return (error);
4680 }
4681
4682 /*
4683 * fsname is name of dataset to rollback (to most recent snapshot)
4684 *
4685 * innvl may contain name of expected target snapshot
4686 *
4687 * outnvl: "target" -> name of most recent snapshot
4688 * }
4689 */
4690 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4691 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4692 };
4693
4694 static int
zfs_ioc_rollback(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)4695 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4696 {
4697 zfsvfs_t *zfsvfs;
4698 zvol_state_handle_t *zv;
4699 const char *target = NULL;
4700 int error;
4701
4702 (void) nvlist_lookup_string(innvl, "target", &target);
4703 if (target != NULL) {
4704 const char *cp = strchr(target, '@');
4705
4706 /*
4707 * The snap name must contain an @, and the part after it must
4708 * contain only valid characters.
4709 */
4710 if (cp == NULL ||
4711 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4712 return (SET_ERROR(EINVAL));
4713 }
4714
4715 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4716 dsl_dataset_t *ds;
4717
4718 ds = dmu_objset_ds(zfsvfs->z_os);
4719 error = zfs_suspend_fs(zfsvfs);
4720 if (error == 0) {
4721 int resume_err;
4722
4723 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4724 outnvl);
4725 resume_err = zfs_resume_fs(zfsvfs, ds);
4726 error = error ? error : resume_err;
4727 }
4728 zfs_vfs_rele(zfsvfs);
4729 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4730 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4731 outnvl);
4732 zvol_resume(zv);
4733 } else {
4734 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4735 }
4736 return (error);
4737 }
4738
4739 static int
recursive_unmount(const char * fsname,void * arg)4740 recursive_unmount(const char *fsname, void *arg)
4741 {
4742 const char *snapname = arg;
4743 char *fullname;
4744
4745 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4746 zfs_unmount_snap(fullname);
4747 kmem_strfree(fullname);
4748
4749 return (0);
4750 }
4751
4752 /*
4753 *
4754 * snapname is the snapshot to redact.
4755 * innvl: {
4756 * "bookname" -> (string)
4757 * shortname of the redaction bookmark to generate
4758 * "snapnv" -> (nvlist, values ignored)
4759 * snapshots to redact snapname with respect to
4760 * }
4761 *
4762 * outnvl is unused
4763 */
4764
4765 static const zfs_ioc_key_t zfs_keys_redact[] = {
4766 {"bookname", DATA_TYPE_STRING, 0},
4767 {"snapnv", DATA_TYPE_NVLIST, 0},
4768 };
4769
4770 static int
zfs_ioc_redact(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)4771 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4772 {
4773 (void) outnvl;
4774 nvlist_t *redactnvl = NULL;
4775 const char *redactbook = NULL;
4776
4777 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4778 return (SET_ERROR(EINVAL));
4779 if (fnvlist_num_pairs(redactnvl) == 0)
4780 return (SET_ERROR(ENXIO));
4781 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4782 return (SET_ERROR(EINVAL));
4783
4784 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4785 }
4786
4787 /*
4788 * inputs:
4789 * zc_name old name of dataset
4790 * zc_value new name of dataset
4791 * zc_cookie recursive flag (only valid for snapshots)
4792 *
4793 * outputs: none
4794 */
4795 static int
zfs_ioc_rename(zfs_cmd_t * zc)4796 zfs_ioc_rename(zfs_cmd_t *zc)
4797 {
4798 objset_t *os;
4799 dmu_objset_type_t ost;
4800 boolean_t recursive = zc->zc_cookie & 1;
4801 boolean_t nounmount = !!(zc->zc_cookie & 2);
4802 char *at;
4803 int err;
4804
4805 /* "zfs rename" from and to ...%recv datasets should both fail */
4806 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4807 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4808 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4809 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4810 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4811 return (SET_ERROR(EINVAL));
4812
4813 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4814 if (err != 0)
4815 return (err);
4816 ost = dmu_objset_type(os);
4817 dmu_objset_rele(os, FTAG);
4818
4819 at = strchr(zc->zc_name, '@');
4820 if (at != NULL) {
4821 /* snaps must be in same fs */
4822 int error;
4823
4824 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4825 return (SET_ERROR(EXDEV));
4826 *at = '\0';
4827 if (ost == DMU_OST_ZFS && !nounmount) {
4828 error = dmu_objset_find(zc->zc_name,
4829 recursive_unmount, at + 1,
4830 recursive ? DS_FIND_CHILDREN : 0);
4831 if (error != 0) {
4832 *at = '@';
4833 return (error);
4834 }
4835 }
4836 error = dsl_dataset_rename_snapshot(zc->zc_name,
4837 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4838 *at = '@';
4839
4840 return (error);
4841 } else {
4842 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4843 }
4844 }
4845
4846 static int
zfs_check_settable(const char * dsname,nvpair_t * pair,cred_t * cr)4847 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4848 {
4849 const char *propname = nvpair_name(pair);
4850 boolean_t issnap = (strchr(dsname, '@') != NULL);
4851 zfs_prop_t prop = zfs_name_to_prop(propname);
4852 uint64_t intval, compval;
4853 int err;
4854
4855 if (prop == ZPROP_USERPROP) {
4856 if (zfs_prop_user(propname)) {
4857 if ((err = zfs_secpolicy_write_perms(dsname,
4858 ZFS_DELEG_PERM_USERPROP, cr)))
4859 return (err);
4860 return (0);
4861 }
4862
4863 if (!issnap && zfs_prop_userquota(propname)) {
4864 const char *perm = NULL;
4865 const char *uq_prefix =
4866 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4867 const char *gq_prefix =
4868 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4869 const char *uiq_prefix =
4870 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4871 const char *giq_prefix =
4872 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4873 const char *pq_prefix =
4874 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4875 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4876 ZFS_PROP_PROJECTOBJQUOTA];
4877
4878 if (strncmp(propname, uq_prefix,
4879 strlen(uq_prefix)) == 0) {
4880 perm = ZFS_DELEG_PERM_USERQUOTA;
4881 } else if (strncmp(propname, uiq_prefix,
4882 strlen(uiq_prefix)) == 0) {
4883 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4884 } else if (strncmp(propname, gq_prefix,
4885 strlen(gq_prefix)) == 0) {
4886 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4887 } else if (strncmp(propname, giq_prefix,
4888 strlen(giq_prefix)) == 0) {
4889 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4890 } else if (strncmp(propname, pq_prefix,
4891 strlen(pq_prefix)) == 0) {
4892 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4893 } else if (strncmp(propname, piq_prefix,
4894 strlen(piq_prefix)) == 0) {
4895 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4896 } else {
4897 /* {USER|GROUP|PROJECT}USED are read-only */
4898 return (SET_ERROR(EINVAL));
4899 }
4900
4901 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4902 return (err);
4903 return (0);
4904 }
4905
4906 return (SET_ERROR(EINVAL));
4907 }
4908
4909 if (issnap)
4910 return (SET_ERROR(EINVAL));
4911
4912 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4913 /*
4914 * dsl_prop_get_all_impl() returns properties in this
4915 * format.
4916 */
4917 nvlist_t *attrs;
4918 VERIFY0(nvpair_value_nvlist(pair, &attrs));
4919 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &pair));
4920 }
4921
4922 /*
4923 * Check that this value is valid for this pool version
4924 */
4925 switch (prop) {
4926 case ZFS_PROP_COMPRESSION:
4927 /*
4928 * If the user specified gzip compression, make sure
4929 * the SPA supports it. We ignore any errors here since
4930 * we'll catch them later.
4931 */
4932 if (nvpair_value_uint64(pair, &intval) == 0) {
4933 compval = ZIO_COMPRESS_ALGO(intval);
4934 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4935 compval <= ZIO_COMPRESS_GZIP_9 &&
4936 zfs_earlier_version(dsname,
4937 SPA_VERSION_GZIP_COMPRESSION)) {
4938 return (SET_ERROR(ENOTSUP));
4939 }
4940
4941 if (compval == ZIO_COMPRESS_ZLE &&
4942 zfs_earlier_version(dsname,
4943 SPA_VERSION_ZLE_COMPRESSION))
4944 return (SET_ERROR(ENOTSUP));
4945
4946 if (compval == ZIO_COMPRESS_LZ4) {
4947 spa_t *spa;
4948
4949 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4950 return (err);
4951
4952 if (!spa_feature_is_enabled(spa,
4953 SPA_FEATURE_LZ4_COMPRESS)) {
4954 spa_close(spa, FTAG);
4955 return (SET_ERROR(ENOTSUP));
4956 }
4957 spa_close(spa, FTAG);
4958 }
4959
4960 if (compval == ZIO_COMPRESS_ZSTD) {
4961 spa_t *spa;
4962
4963 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4964 return (err);
4965
4966 if (!spa_feature_is_enabled(spa,
4967 SPA_FEATURE_ZSTD_COMPRESS)) {
4968 spa_close(spa, FTAG);
4969 return (SET_ERROR(ENOTSUP));
4970 }
4971 spa_close(spa, FTAG);
4972 }
4973 }
4974 break;
4975
4976 case ZFS_PROP_COPIES:
4977 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4978 return (SET_ERROR(ENOTSUP));
4979 break;
4980
4981 case ZFS_PROP_VOLBLOCKSIZE:
4982 case ZFS_PROP_RECORDSIZE:
4983 /* Record sizes above 128k need the feature to be enabled */
4984 if (nvpair_value_uint64(pair, &intval) == 0 &&
4985 intval > SPA_OLD_MAXBLOCKSIZE) {
4986 spa_t *spa;
4987
4988 /*
4989 * We don't allow setting the property above 1MB,
4990 * unless the tunable has been changed.
4991 */
4992 if (intval > zfs_max_recordsize ||
4993 intval > SPA_MAXBLOCKSIZE)
4994 return (SET_ERROR(ERANGE));
4995
4996 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4997 return (err);
4998
4999 if (!spa_feature_is_enabled(spa,
5000 SPA_FEATURE_LARGE_BLOCKS)) {
5001 spa_close(spa, FTAG);
5002 return (SET_ERROR(ENOTSUP));
5003 }
5004 spa_close(spa, FTAG);
5005 }
5006 break;
5007
5008 case ZFS_PROP_DNODESIZE:
5009 /* Dnode sizes above 512 need the feature to be enabled */
5010 if (nvpair_value_uint64(pair, &intval) == 0 &&
5011 intval != ZFS_DNSIZE_LEGACY) {
5012 spa_t *spa;
5013
5014 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
5015 return (err);
5016
5017 if (!spa_feature_is_enabled(spa,
5018 SPA_FEATURE_LARGE_DNODE)) {
5019 spa_close(spa, FTAG);
5020 return (SET_ERROR(ENOTSUP));
5021 }
5022 spa_close(spa, FTAG);
5023 }
5024 break;
5025
5026 case ZFS_PROP_SHARESMB:
5027 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
5028 return (SET_ERROR(ENOTSUP));
5029 break;
5030
5031 case ZFS_PROP_ACLINHERIT:
5032 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
5033 nvpair_value_uint64(pair, &intval) == 0) {
5034 if (intval == ZFS_ACL_PASSTHROUGH_X &&
5035 zfs_earlier_version(dsname,
5036 SPA_VERSION_PASSTHROUGH_X))
5037 return (SET_ERROR(ENOTSUP));
5038 }
5039 break;
5040 case ZFS_PROP_CHECKSUM:
5041 case ZFS_PROP_DEDUP:
5042 {
5043 spa_feature_t feature;
5044 spa_t *spa;
5045 int err;
5046
5047 /* dedup feature version checks */
5048 if (prop == ZFS_PROP_DEDUP &&
5049 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
5050 return (SET_ERROR(ENOTSUP));
5051
5052 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
5053 nvpair_value_uint64(pair, &intval) == 0) {
5054 /* check prop value is enabled in features */
5055 feature = zio_checksum_to_feature(
5056 intval & ZIO_CHECKSUM_MASK);
5057 if (feature == SPA_FEATURE_NONE)
5058 break;
5059
5060 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
5061 return (err);
5062
5063 if (!spa_feature_is_enabled(spa, feature)) {
5064 spa_close(spa, FTAG);
5065 return (SET_ERROR(ENOTSUP));
5066 }
5067 spa_close(spa, FTAG);
5068 }
5069 break;
5070 }
5071
5072 default:
5073 break;
5074 }
5075
5076 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
5077 }
5078
5079 /*
5080 * Removes properties from the given props list that fail permission checks
5081 * needed to clear them and to restore them in case of a receive error. For each
5082 * property, make sure we have both set and inherit permissions.
5083 *
5084 * Returns the first error encountered if any permission checks fail. If the
5085 * caller provides a non-NULL errlist, it also gives the complete list of names
5086 * of all the properties that failed a permission check along with the
5087 * corresponding error numbers. The caller is responsible for freeing the
5088 * returned errlist.
5089 *
5090 * If every property checks out successfully, zero is returned and the list
5091 * pointed at by errlist is NULL.
5092 */
5093 static int
zfs_check_clearable(const char * dataset,nvlist_t * props,nvlist_t ** errlist)5094 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
5095 {
5096 zfs_cmd_t *zc;
5097 nvpair_t *pair, *next_pair;
5098 nvlist_t *errors;
5099 int err, rv = 0;
5100
5101 if (props == NULL)
5102 return (0);
5103
5104 VERIFY0(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP));
5105
5106 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
5107 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
5108 pair = nvlist_next_nvpair(props, NULL);
5109 while (pair != NULL) {
5110 next_pair = nvlist_next_nvpair(props, pair);
5111
5112 (void) strlcpy(zc->zc_value, nvpair_name(pair),
5113 sizeof (zc->zc_value));
5114 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
5115 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
5116 VERIFY0(nvlist_remove_nvpair(props, pair));
5117 VERIFY0(nvlist_add_int32(errors, zc->zc_value, err));
5118 }
5119 pair = next_pair;
5120 }
5121 kmem_free(zc, sizeof (zfs_cmd_t));
5122
5123 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
5124 nvlist_free(errors);
5125 errors = NULL;
5126 } else {
5127 VERIFY0(nvpair_value_int32(pair, &rv));
5128 }
5129
5130 if (errlist == NULL)
5131 nvlist_free(errors);
5132 else
5133 *errlist = errors;
5134
5135 return (rv);
5136 }
5137
5138 static boolean_t
propval_equals(nvpair_t * p1,nvpair_t * p2)5139 propval_equals(nvpair_t *p1, nvpair_t *p2)
5140 {
5141 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
5142 /* dsl_prop_get_all_impl() format */
5143 nvlist_t *attrs;
5144 VERIFY0(nvpair_value_nvlist(p1, &attrs));
5145 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &p1));
5146 }
5147
5148 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
5149 nvlist_t *attrs;
5150 VERIFY0(nvpair_value_nvlist(p2, &attrs));
5151 VERIFY0(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, &p2));
5152 }
5153
5154 if (nvpair_type(p1) != nvpair_type(p2))
5155 return (B_FALSE);
5156
5157 if (nvpair_type(p1) == DATA_TYPE_STRING) {
5158 const char *valstr1, *valstr2;
5159
5160 VERIFY0(nvpair_value_string(p1, &valstr1));
5161 VERIFY0(nvpair_value_string(p2, &valstr2));
5162 return (strcmp(valstr1, valstr2) == 0);
5163 } else {
5164 uint64_t intval1, intval2;
5165
5166 VERIFY0(nvpair_value_uint64(p1, &intval1));
5167 VERIFY0(nvpair_value_uint64(p2, &intval2));
5168 return (intval1 == intval2);
5169 }
5170 }
5171
5172 /*
5173 * Remove properties from props if they are not going to change (as determined
5174 * by comparison with origprops). Remove them from origprops as well, since we
5175 * do not need to clear or restore properties that won't change.
5176 */
5177 static void
props_reduce(nvlist_t * props,nvlist_t * origprops)5178 props_reduce(nvlist_t *props, nvlist_t *origprops)
5179 {
5180 nvpair_t *pair, *next_pair;
5181
5182 if (origprops == NULL)
5183 return; /* all props need to be received */
5184
5185 pair = nvlist_next_nvpair(props, NULL);
5186 while (pair != NULL) {
5187 const char *propname = nvpair_name(pair);
5188 nvpair_t *match;
5189
5190 next_pair = nvlist_next_nvpair(props, pair);
5191
5192 if ((nvlist_lookup_nvpair(origprops, propname,
5193 &match) != 0) || !propval_equals(pair, match))
5194 goto next; /* need to set received value */
5195
5196 /* don't clear the existing received value */
5197 (void) nvlist_remove_nvpair(origprops, match);
5198 /* don't bother receiving the property */
5199 (void) nvlist_remove_nvpair(props, pair);
5200 next:
5201 pair = next_pair;
5202 }
5203 }
5204
5205 /*
5206 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
5207 * For example, refquota cannot be set until after the receipt of a dataset,
5208 * because in replication streams, an older/earlier snapshot may exceed the
5209 * refquota. We want to receive the older/earlier snapshot, but setting
5210 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
5211 * the older/earlier snapshot from being received (with EDQUOT).
5212 *
5213 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
5214 *
5215 * libzfs will need to be judicious handling errors encountered by props
5216 * extracted by this function.
5217 */
5218 static nvlist_t *
extract_delay_props(nvlist_t * props)5219 extract_delay_props(nvlist_t *props)
5220 {
5221 nvlist_t *delayprops;
5222 nvpair_t *nvp, *tmp;
5223 static const zfs_prop_t delayable[] = {
5224 ZFS_PROP_REFQUOTA,
5225 ZFS_PROP_KEYLOCATION,
5226 /*
5227 * Setting ZFS_PROP_SHARESMB requires the objset type to be
5228 * known, which is not possible prior to receipt of raw sends.
5229 */
5230 ZFS_PROP_SHARESMB,
5231 0
5232 };
5233 int i;
5234
5235 VERIFY0(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP));
5236
5237 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
5238 nvp = nvlist_next_nvpair(props, nvp)) {
5239 /*
5240 * strcmp() is safe because zfs_prop_to_name() always returns
5241 * a bounded string.
5242 */
5243 for (i = 0; delayable[i] != 0; i++) {
5244 if (strcmp(zfs_prop_to_name(delayable[i]),
5245 nvpair_name(nvp)) == 0) {
5246 break;
5247 }
5248 }
5249 if (delayable[i] != 0) {
5250 tmp = nvlist_prev_nvpair(props, nvp);
5251 VERIFY0(nvlist_add_nvpair(delayprops, nvp));
5252 VERIFY0(nvlist_remove_nvpair(props, nvp));
5253 nvp = tmp;
5254 }
5255 }
5256
5257 if (nvlist_empty(delayprops)) {
5258 nvlist_free(delayprops);
5259 delayprops = NULL;
5260 }
5261 return (delayprops);
5262 }
5263
5264 static void
zfs_allow_log_destroy(void * arg)5265 zfs_allow_log_destroy(void *arg)
5266 {
5267 char *poolname = arg;
5268
5269 if (poolname != NULL)
5270 kmem_strfree(poolname);
5271 }
5272
5273 #ifdef ZFS_DEBUG
5274 static boolean_t zfs_ioc_recv_inject_err;
5275 #endif
5276
5277 /*
5278 * nvlist 'errors' is always allocated. It will contain descriptions of
5279 * encountered errors, if any. It's the callers responsibility to free.
5280 */
5281 static int
zfs_ioc_recv_impl(char * tofs,char * tosnap,const char * origin,nvlist_t * recvprops,nvlist_t * localprops,nvlist_t * hidden_args,boolean_t force,boolean_t heal,boolean_t resumable,int input_fd,dmu_replay_record_t * begin_record,uint64_t * read_bytes,uint64_t * errflags,nvlist_t ** errors)5282 zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin,
5283 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args,
5284 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd,
5285 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
5286 uint64_t *errflags, nvlist_t **errors)
5287 {
5288 dmu_recv_cookie_t drc;
5289 int error = 0;
5290 int props_error = 0;
5291 offset_t off, noff;
5292 nvlist_t *local_delayprops = NULL;
5293 nvlist_t *recv_delayprops = NULL;
5294 nvlist_t *inherited_delayprops = NULL;
5295 nvlist_t *origprops = NULL; /* existing properties */
5296 nvlist_t *origrecvd = NULL; /* existing received properties */
5297 boolean_t first_recvd_props = B_FALSE;
5298 boolean_t tofs_was_redacted;
5299 zfs_file_t *input_fp;
5300
5301 *read_bytes = 0;
5302 *errflags = 0;
5303 *errors = fnvlist_alloc();
5304 off = 0;
5305
5306 if ((input_fp = zfs_file_get(input_fd)) == NULL)
5307 return (SET_ERROR(EBADF));
5308
5309 noff = off = zfs_file_off(input_fp);
5310 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal,
5311 resumable, localprops, hidden_args, origin, &drc, input_fp,
5312 &off);
5313 if (error != 0)
5314 goto out;
5315 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
5316
5317 /*
5318 * Set properties before we receive the stream so that they are applied
5319 * to the new data. Note that we must call dmu_recv_stream() if
5320 * dmu_recv_begin() succeeds.
5321 */
5322 if (recvprops != NULL && !drc.drc_newfs) {
5323 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
5324 SPA_VERSION_RECVD_PROPS &&
5325 !dsl_prop_get_hasrecvd(tofs))
5326 first_recvd_props = B_TRUE;
5327
5328 /*
5329 * If new received properties are supplied, they are to
5330 * completely replace the existing received properties,
5331 * so stash away the existing ones.
5332 */
5333 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
5334 nvlist_t *errlist = NULL;
5335 /*
5336 * Don't bother writing a property if its value won't
5337 * change (and avoid the unnecessary security checks).
5338 *
5339 * The first receive after SPA_VERSION_RECVD_PROPS is a
5340 * special case where we blow away all local properties
5341 * regardless.
5342 */
5343 if (!first_recvd_props)
5344 props_reduce(recvprops, origrecvd);
5345 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
5346 (void) nvlist_merge(*errors, errlist, 0);
5347 nvlist_free(errlist);
5348
5349 if (clear_received_props(tofs, origrecvd,
5350 first_recvd_props ? NULL : recvprops) != 0)
5351 *errflags |= ZPROP_ERR_NOCLEAR;
5352 } else {
5353 *errflags |= ZPROP_ERR_NOCLEAR;
5354 }
5355 }
5356
5357 /*
5358 * Stash away existing properties so we can restore them on error unless
5359 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
5360 * case "origrecvd" will take care of that.
5361 */
5362 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
5363 objset_t *os;
5364 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
5365 if (dsl_prop_get_all(os, &origprops) != 0) {
5366 *errflags |= ZPROP_ERR_NOCLEAR;
5367 }
5368 dmu_objset_rele(os, FTAG);
5369 } else {
5370 *errflags |= ZPROP_ERR_NOCLEAR;
5371 }
5372 }
5373
5374 if (recvprops != NULL) {
5375 props_error = dsl_prop_set_hasrecvd(tofs);
5376
5377 if (props_error == 0) {
5378 recv_delayprops = extract_delay_props(recvprops);
5379 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5380 recvprops, *errors);
5381 }
5382 }
5383
5384 if (localprops != NULL) {
5385 nvlist_t *oprops = fnvlist_alloc();
5386 nvlist_t *xprops = fnvlist_alloc();
5387 nvpair_t *nvp = NULL;
5388
5389 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5390 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
5391 /* -x property */
5392 const char *name = nvpair_name(nvp);
5393 zfs_prop_t prop = zfs_name_to_prop(name);
5394 if (prop != ZPROP_USERPROP) {
5395 if (!zfs_prop_inheritable(prop))
5396 continue;
5397 } else if (!zfs_prop_user(name))
5398 continue;
5399 fnvlist_add_boolean(xprops, name);
5400 } else {
5401 /* -o property=value */
5402 fnvlist_add_nvpair(oprops, nvp);
5403 }
5404 }
5405
5406 local_delayprops = extract_delay_props(oprops);
5407 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5408 oprops, *errors);
5409 inherited_delayprops = extract_delay_props(xprops);
5410 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5411 xprops, *errors);
5412
5413 nvlist_free(oprops);
5414 nvlist_free(xprops);
5415 }
5416
5417 error = dmu_recv_stream(&drc, &off);
5418
5419 if (error == 0) {
5420 zfsvfs_t *zfsvfs = NULL;
5421 zvol_state_handle_t *zv = NULL;
5422
5423 if (getzfsvfs(tofs, &zfsvfs) == 0) {
5424 /* online recv */
5425 dsl_dataset_t *ds;
5426 int end_err;
5427 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
5428 begin_record->drr_u.drr_begin.
5429 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
5430
5431 ds = dmu_objset_ds(zfsvfs->z_os);
5432 error = zfs_suspend_fs(zfsvfs);
5433 /*
5434 * If the suspend fails, then the recv_end will
5435 * likely also fail, and clean up after itself.
5436 */
5437 end_err = dmu_recv_end(&drc, zfsvfs);
5438 /*
5439 * If the dataset was not redacted, but we received a
5440 * redacted stream onto it, we need to unmount the
5441 * dataset. Otherwise, resume the filesystem.
5442 */
5443 if (error == 0 && !drc.drc_newfs &&
5444 stream_is_redacted && !tofs_was_redacted) {
5445 error = zfs_end_fs(zfsvfs, ds);
5446 } else if (error == 0) {
5447 error = zfs_resume_fs(zfsvfs, ds);
5448 }
5449 error = error ? error : end_err;
5450 zfs_vfs_rele(zfsvfs);
5451 } else if ((zv = zvol_suspend(tofs)) != NULL) {
5452 error = dmu_recv_end(&drc, zvol_tag(zv));
5453 zvol_resume(zv);
5454 } else {
5455 error = dmu_recv_end(&drc, NULL);
5456 }
5457
5458 /* Set delayed properties now, after we're done receiving. */
5459 if (recv_delayprops != NULL && error == 0) {
5460 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5461 recv_delayprops, *errors);
5462 }
5463 if (local_delayprops != NULL && error == 0) {
5464 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5465 local_delayprops, *errors);
5466 }
5467 if (inherited_delayprops != NULL && error == 0) {
5468 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5469 inherited_delayprops, *errors);
5470 }
5471 }
5472
5473 /*
5474 * Merge delayed props back in with initial props, in case
5475 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5476 * we have to make sure clear_received_props() includes
5477 * the delayed properties).
5478 *
5479 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5480 * using ASSERT() will be just like a VERIFY.
5481 */
5482 if (recv_delayprops != NULL) {
5483 ASSERT0(nvlist_merge(recvprops, recv_delayprops, 0));
5484 nvlist_free(recv_delayprops);
5485 }
5486 if (local_delayprops != NULL) {
5487 ASSERT0(nvlist_merge(localprops, local_delayprops, 0));
5488 nvlist_free(local_delayprops);
5489 }
5490 if (inherited_delayprops != NULL) {
5491 ASSERT0(nvlist_merge(localprops, inherited_delayprops, 0));
5492 nvlist_free(inherited_delayprops);
5493 }
5494 *read_bytes = off - noff;
5495
5496 #ifdef ZFS_DEBUG
5497 if (zfs_ioc_recv_inject_err) {
5498 zfs_ioc_recv_inject_err = B_FALSE;
5499 error = 1;
5500 }
5501 #endif
5502
5503 /*
5504 * On error, restore the original props.
5505 */
5506 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5507 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5508 /*
5509 * We failed to clear the received properties.
5510 * Since we may have left a $recvd value on the
5511 * system, we can't clear the $hasrecvd flag.
5512 */
5513 *errflags |= ZPROP_ERR_NORESTORE;
5514 } else if (first_recvd_props) {
5515 dsl_prop_unset_hasrecvd(tofs);
5516 }
5517
5518 if (origrecvd == NULL && !drc.drc_newfs) {
5519 /* We failed to stash the original properties. */
5520 *errflags |= ZPROP_ERR_NORESTORE;
5521 }
5522
5523 /*
5524 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5525 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5526 * explicitly if we're restoring local properties cleared in the
5527 * first new-style receive.
5528 */
5529 if (origrecvd != NULL &&
5530 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5531 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5532 origrecvd, NULL) != 0) {
5533 /*
5534 * We stashed the original properties but failed to
5535 * restore them.
5536 */
5537 *errflags |= ZPROP_ERR_NORESTORE;
5538 }
5539 }
5540 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5541 !first_recvd_props) {
5542 nvlist_t *setprops;
5543 nvlist_t *inheritprops;
5544 nvpair_t *nvp;
5545
5546 if (origprops == NULL) {
5547 /* We failed to stash the original properties. */
5548 *errflags |= ZPROP_ERR_NORESTORE;
5549 goto out;
5550 }
5551
5552 /* Restore original props */
5553 setprops = fnvlist_alloc();
5554 inheritprops = fnvlist_alloc();
5555 nvp = NULL;
5556 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5557 const char *name = nvpair_name(nvp);
5558 const char *source;
5559 nvlist_t *attrs;
5560
5561 if (!nvlist_exists(origprops, name)) {
5562 /*
5563 * Property was not present or was explicitly
5564 * inherited before the receive, restore this.
5565 */
5566 fnvlist_add_boolean(inheritprops, name);
5567 continue;
5568 }
5569 attrs = fnvlist_lookup_nvlist(origprops, name);
5570 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5571
5572 /* Skip received properties */
5573 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5574 continue;
5575
5576 if (strcmp(source, tofs) == 0) {
5577 /* Property was locally set */
5578 fnvlist_add_nvlist(setprops, name, attrs);
5579 } else {
5580 /* Property was implicitly inherited */
5581 fnvlist_add_boolean(inheritprops, name);
5582 }
5583 }
5584
5585 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5586 NULL) != 0)
5587 *errflags |= ZPROP_ERR_NORESTORE;
5588 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5589 NULL) != 0)
5590 *errflags |= ZPROP_ERR_NORESTORE;
5591
5592 nvlist_free(setprops);
5593 nvlist_free(inheritprops);
5594 }
5595 out:
5596 zfs_file_put(input_fp);
5597 nvlist_free(origrecvd);
5598 nvlist_free(origprops);
5599
5600 if (error == 0)
5601 error = props_error;
5602
5603 return (error);
5604 }
5605
5606 /*
5607 * inputs:
5608 * zc_name name of containing filesystem (unused)
5609 * zc_nvlist_src{_size} nvlist of properties to apply
5610 * zc_nvlist_conf{_size} nvlist of properties to exclude
5611 * (DATA_TYPE_BOOLEAN) and override (everything else)
5612 * zc_value name of snapshot to create
5613 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5614 * zc_cookie file descriptor to recv from
5615 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5616 * zc_guid force flag
5617 *
5618 * outputs:
5619 * zc_cookie number of bytes read
5620 * zc_obj zprop_errflags_t
5621 * zc_nvlist_dst{_size} error for each unapplied received property
5622 */
5623 static int
zfs_ioc_recv(zfs_cmd_t * zc)5624 zfs_ioc_recv(zfs_cmd_t *zc)
5625 {
5626 dmu_replay_record_t begin_record;
5627 nvlist_t *errors = NULL;
5628 nvlist_t *recvdprops = NULL;
5629 nvlist_t *localprops = NULL;
5630 const char *origin = NULL;
5631 char *tosnap;
5632 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5633 int error = 0;
5634
5635 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5636 strchr(zc->zc_value, '@') == NULL ||
5637 strchr(zc->zc_value, '%') != NULL) {
5638 return (SET_ERROR(EINVAL));
5639 }
5640
5641 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5642 tosnap = strchr(tofs, '@');
5643 *tosnap++ = '\0';
5644
5645 if (zc->zc_nvlist_src != 0 &&
5646 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5647 zc->zc_iflags, &recvdprops)) != 0) {
5648 goto out;
5649 }
5650
5651 if (zc->zc_nvlist_conf != 0 &&
5652 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5653 zc->zc_iflags, &localprops)) != 0) {
5654 goto out;
5655 }
5656
5657 if (zc->zc_string[0])
5658 origin = zc->zc_string;
5659
5660 begin_record.drr_type = DRR_BEGIN;
5661 begin_record.drr_payloadlen = 0;
5662 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5663
5664 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5665 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record,
5666 &zc->zc_cookie, &zc->zc_obj, &errors);
5667
5668 /*
5669 * Now that all props, initial and delayed, are set, report the prop
5670 * errors to the caller.
5671 */
5672 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5673 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5674 put_nvlist(zc, errors) != 0)) {
5675 /*
5676 * Caller made zc->zc_nvlist_dst less than the minimum expected
5677 * size or supplied an invalid address.
5678 */
5679 error = SET_ERROR(EINVAL);
5680 }
5681
5682 out:
5683 nvlist_free(errors);
5684 nvlist_free(recvdprops);
5685 nvlist_free(localprops);
5686
5687 return (error);
5688 }
5689
5690 /*
5691 * innvl: {
5692 * "snapname" -> full name of the snapshot to create
5693 * (optional) "props" -> received properties to set (nvlist)
5694 * (optional) "localprops" -> override and exclude properties (nvlist)
5695 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5696 * "begin_record" -> non-byteswapped dmu_replay_record_t
5697 * "input_fd" -> file descriptor to read stream from (int32)
5698 * (optional) "force" -> force flag (value ignored)
5699 * (optional) "heal" -> use send stream to heal data corruption
5700 * (optional) "resumable" -> resumable flag (value ignored)
5701 * (optional) "cleanup_fd" -> unused
5702 * (optional) "action_handle" -> unused
5703 * (optional) "hidden_args" -> { "wkeydata" -> value }
5704 * }
5705 *
5706 * outnvl: {
5707 * "read_bytes" -> number of bytes read
5708 * "error_flags" -> zprop_errflags_t
5709 * "errors" -> error for each unapplied received property (nvlist)
5710 * }
5711 */
5712 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5713 {"snapname", DATA_TYPE_STRING, 0},
5714 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5715 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5716 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5717 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5718 {"input_fd", DATA_TYPE_INT32, 0},
5719 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5720 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5721 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5722 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5723 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5724 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5725 };
5726
5727 static int
zfs_ioc_recv_new(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)5728 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5729 {
5730 dmu_replay_record_t *begin_record;
5731 uint_t begin_record_size;
5732 nvlist_t *errors = NULL;
5733 nvlist_t *recvprops = NULL;
5734 nvlist_t *localprops = NULL;
5735 nvlist_t *hidden_args = NULL;
5736 const char *snapname;
5737 const char *origin = NULL;
5738 char *tosnap;
5739 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5740 boolean_t force;
5741 boolean_t heal;
5742 boolean_t resumable;
5743 uint64_t read_bytes = 0;
5744 uint64_t errflags = 0;
5745 int input_fd = -1;
5746 int error;
5747
5748 snapname = fnvlist_lookup_string(innvl, "snapname");
5749
5750 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5751 strchr(snapname, '@') == NULL ||
5752 strchr(snapname, '%') != NULL) {
5753 return (SET_ERROR(EINVAL));
5754 }
5755
5756 (void) strlcpy(tofs, snapname, sizeof (tofs));
5757 tosnap = strchr(tofs, '@');
5758 *tosnap++ = '\0';
5759
5760 error = nvlist_lookup_string(innvl, "origin", &origin);
5761 if (error && error != ENOENT)
5762 return (error);
5763
5764 error = nvlist_lookup_byte_array(innvl, "begin_record",
5765 (uchar_t **)&begin_record, &begin_record_size);
5766 if (error != 0 || begin_record_size != sizeof (*begin_record))
5767 return (SET_ERROR(EINVAL));
5768
5769 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5770
5771 force = nvlist_exists(innvl, "force");
5772 heal = nvlist_exists(innvl, "heal");
5773 resumable = nvlist_exists(innvl, "resumable");
5774
5775 /* we still use "props" here for backwards compatibility */
5776 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5777 if (error && error != ENOENT)
5778 goto out;
5779
5780 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5781 if (error && error != ENOENT)
5782 goto out;
5783
5784 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5785 if (error && error != ENOENT)
5786 goto out;
5787
5788 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5789 hidden_args, force, heal, resumable, input_fd, begin_record,
5790 &read_bytes, &errflags, &errors);
5791
5792 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5793 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5794 fnvlist_add_nvlist(outnvl, "errors", errors);
5795
5796 out:
5797 nvlist_free(errors);
5798 nvlist_free(recvprops);
5799 nvlist_free(localprops);
5800 nvlist_free(hidden_args);
5801
5802 return (error);
5803 }
5804
5805 /*
5806 * When stack space is limited, we write replication stream data to the target
5807 * on a separate taskq thread, to make sure there's enough stack space.
5808 */
5809 #ifndef HAVE_LARGE_STACKS
5810 #define USE_SEND_TASKQ 1
5811 #endif
5812
5813 typedef struct dump_bytes_io {
5814 zfs_file_t *dbi_fp;
5815 caddr_t dbi_buf;
5816 int dbi_len;
5817 int dbi_err;
5818 } dump_bytes_io_t;
5819
5820 static void
dump_bytes_cb(void * arg)5821 dump_bytes_cb(void *arg)
5822 {
5823 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5824 zfs_file_t *fp;
5825 caddr_t buf;
5826
5827 fp = dbi->dbi_fp;
5828 buf = dbi->dbi_buf;
5829
5830 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5831 }
5832
5833 typedef struct dump_bytes_arg {
5834 zfs_file_t *dba_fp;
5835 #ifdef USE_SEND_TASKQ
5836 taskq_t *dba_tq;
5837 taskq_ent_t dba_tqent;
5838 #endif
5839 } dump_bytes_arg_t;
5840
5841 static int
dump_bytes(objset_t * os,void * buf,int len,void * arg)5842 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5843 {
5844 dump_bytes_arg_t *dba = (dump_bytes_arg_t *)arg;
5845 dump_bytes_io_t dbi;
5846
5847 dbi.dbi_fp = dba->dba_fp;
5848 dbi.dbi_buf = buf;
5849 dbi.dbi_len = len;
5850
5851 #ifdef USE_SEND_TASKQ
5852 taskq_dispatch_ent(dba->dba_tq, dump_bytes_cb, &dbi, TQ_SLEEP,
5853 &dba->dba_tqent);
5854 taskq_wait(dba->dba_tq);
5855 #else
5856 dump_bytes_cb(&dbi);
5857 #endif
5858
5859 return (dbi.dbi_err);
5860 }
5861
5862 static int
dump_bytes_init(dump_bytes_arg_t * dba,int fd,dmu_send_outparams_t * out)5863 dump_bytes_init(dump_bytes_arg_t *dba, int fd, dmu_send_outparams_t *out)
5864 {
5865 zfs_file_t *fp = zfs_file_get(fd);
5866 if (fp == NULL)
5867 return (SET_ERROR(EBADF));
5868
5869 dba->dba_fp = fp;
5870 #ifdef USE_SEND_TASKQ
5871 dba->dba_tq = taskq_create("z_send", 1, defclsyspri, 0, 0, 0);
5872 taskq_init_ent(&dba->dba_tqent);
5873 #endif
5874
5875 memset(out, 0, sizeof (dmu_send_outparams_t));
5876 out->dso_outfunc = dump_bytes;
5877 out->dso_arg = dba;
5878 out->dso_dryrun = B_FALSE;
5879
5880 return (0);
5881 }
5882
5883 static void
dump_bytes_fini(dump_bytes_arg_t * dba)5884 dump_bytes_fini(dump_bytes_arg_t *dba)
5885 {
5886 zfs_file_put(dba->dba_fp);
5887 #ifdef USE_SEND_TASKQ
5888 taskq_destroy(dba->dba_tq);
5889 #endif
5890 }
5891
5892 /*
5893 * inputs:
5894 * zc_name name of snapshot to send
5895 * zc_cookie file descriptor to send stream to
5896 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5897 * zc_sendobj objsetid of snapshot to send
5898 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5899 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5900 * output size in zc_objset_type.
5901 * zc_flags lzc_send_flags
5902 *
5903 * outputs:
5904 * zc_objset_type estimated size, if zc_guid is set
5905 *
5906 * NOTE: This is no longer the preferred interface, any new functionality
5907 * should be added to zfs_ioc_send_new() instead.
5908 */
5909 static int
zfs_ioc_send(zfs_cmd_t * zc)5910 zfs_ioc_send(zfs_cmd_t *zc)
5911 {
5912 int error;
5913 offset_t off;
5914 boolean_t estimate = (zc->zc_guid != 0);
5915 boolean_t embedok = (zc->zc_flags & 0x1);
5916 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5917 boolean_t compressok = (zc->zc_flags & 0x4);
5918 boolean_t rawok = (zc->zc_flags & 0x8);
5919 boolean_t savedok = (zc->zc_flags & 0x10);
5920
5921 if (zc->zc_obj != 0) {
5922 dsl_pool_t *dp;
5923 dsl_dataset_t *tosnap;
5924
5925 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5926 if (error != 0)
5927 return (error);
5928
5929 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5930 if (error != 0) {
5931 dsl_pool_rele(dp, FTAG);
5932 return (error);
5933 }
5934
5935 if (dsl_dir_is_clone(tosnap->ds_dir))
5936 zc->zc_fromobj =
5937 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5938 dsl_dataset_rele(tosnap, FTAG);
5939 dsl_pool_rele(dp, FTAG);
5940 }
5941
5942 if (estimate) {
5943 dsl_pool_t *dp;
5944 dsl_dataset_t *tosnap;
5945 dsl_dataset_t *fromsnap = NULL;
5946
5947 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5948 if (error != 0)
5949 return (error);
5950
5951 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5952 FTAG, &tosnap);
5953 if (error != 0) {
5954 dsl_pool_rele(dp, FTAG);
5955 return (error);
5956 }
5957
5958 if (zc->zc_fromobj != 0) {
5959 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5960 FTAG, &fromsnap);
5961 if (error != 0) {
5962 dsl_dataset_rele(tosnap, FTAG);
5963 dsl_pool_rele(dp, FTAG);
5964 return (error);
5965 }
5966 }
5967
5968 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5969 compressok || rawok, savedok, &zc->zc_objset_type);
5970
5971 if (fromsnap != NULL)
5972 dsl_dataset_rele(fromsnap, FTAG);
5973 dsl_dataset_rele(tosnap, FTAG);
5974 dsl_pool_rele(dp, FTAG);
5975 } else {
5976 dump_bytes_arg_t dba;
5977 dmu_send_outparams_t out;
5978 error = dump_bytes_init(&dba, zc->zc_cookie, &out);
5979 if (error)
5980 return (error);
5981
5982 off = zfs_file_off(dba.dba_fp);
5983 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5984 zc->zc_fromobj, embedok, large_block_ok, compressok,
5985 rawok, savedok, zc->zc_cookie, &off, &out);
5986
5987 dump_bytes_fini(&dba);
5988 }
5989 return (error);
5990 }
5991
5992 /*
5993 * inputs:
5994 * zc_name name of snapshot on which to report progress
5995 * zc_cookie file descriptor of send stream
5996 *
5997 * outputs:
5998 * zc_cookie number of bytes written in send stream thus far
5999 * zc_objset_type logical size of data traversed by send thus far
6000 */
6001 static int
zfs_ioc_send_progress(zfs_cmd_t * zc)6002 zfs_ioc_send_progress(zfs_cmd_t *zc)
6003 {
6004 dsl_pool_t *dp;
6005 dsl_dataset_t *ds;
6006 dmu_sendstatus_t *dsp = NULL;
6007 int error;
6008
6009 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6010 if (error != 0)
6011 return (error);
6012
6013 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
6014 if (error != 0) {
6015 dsl_pool_rele(dp, FTAG);
6016 return (error);
6017 }
6018
6019 mutex_enter(&ds->ds_sendstream_lock);
6020
6021 /*
6022 * Iterate over all the send streams currently active on this dataset.
6023 * If there's one which matches the specified file descriptor _and_ the
6024 * stream was started by the current process, return the progress of
6025 * that stream.
6026 */
6027
6028 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
6029 dsp = list_next(&ds->ds_sendstreams, dsp)) {
6030 if (dsp->dss_outfd == zc->zc_cookie &&
6031 zfs_proc_is_caller(dsp->dss_proc))
6032 break;
6033 }
6034
6035 if (dsp != NULL) {
6036 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
6037 0, 0);
6038 /* This is the closest thing we have to atomic_read_64. */
6039 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
6040 } else {
6041 error = SET_ERROR(ENOENT);
6042 }
6043
6044 mutex_exit(&ds->ds_sendstream_lock);
6045 dsl_dataset_rele(ds, FTAG);
6046 dsl_pool_rele(dp, FTAG);
6047 return (error);
6048 }
6049
6050 static int
zfs_ioc_inject_fault(zfs_cmd_t * zc)6051 zfs_ioc_inject_fault(zfs_cmd_t *zc)
6052 {
6053 int id, error;
6054
6055 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
6056 &zc->zc_inject_record);
6057
6058 if (error == 0)
6059 zc->zc_guid = (uint64_t)id;
6060
6061 return (error);
6062 }
6063
6064 static int
zfs_ioc_clear_fault(zfs_cmd_t * zc)6065 zfs_ioc_clear_fault(zfs_cmd_t *zc)
6066 {
6067 return (zio_clear_fault((int)zc->zc_guid));
6068 }
6069
6070 static int
zfs_ioc_inject_list_next(zfs_cmd_t * zc)6071 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
6072 {
6073 int id = (int)zc->zc_guid;
6074 int error;
6075
6076 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
6077 &zc->zc_inject_record);
6078
6079 zc->zc_guid = id;
6080
6081 return (error);
6082 }
6083
6084 static int
zfs_ioc_error_log(zfs_cmd_t * zc)6085 zfs_ioc_error_log(zfs_cmd_t *zc)
6086 {
6087 spa_t *spa;
6088 int error;
6089
6090 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
6091 return (error);
6092
6093 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
6094 &zc->zc_nvlist_dst_size);
6095
6096 spa_close(spa, FTAG);
6097
6098 return (error);
6099 }
6100
6101 static int
zfs_ioc_clear(zfs_cmd_t * zc)6102 zfs_ioc_clear(zfs_cmd_t *zc)
6103 {
6104 spa_t *spa;
6105 vdev_t *vd;
6106 int error;
6107
6108 /*
6109 * On zpool clear we also fix up missing slogs
6110 */
6111 mutex_enter(&spa_namespace_lock);
6112 spa = spa_lookup(zc->zc_name);
6113 if (spa == NULL) {
6114 mutex_exit(&spa_namespace_lock);
6115 return (SET_ERROR(EIO));
6116 }
6117 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
6118 /* we need to let spa_open/spa_load clear the chains */
6119 spa_set_log_state(spa, SPA_LOG_CLEAR);
6120 }
6121 spa->spa_last_open_failed = 0;
6122 mutex_exit(&spa_namespace_lock);
6123
6124 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
6125 error = spa_open(zc->zc_name, &spa, FTAG);
6126 } else {
6127 nvlist_t *policy;
6128 nvlist_t *config = NULL;
6129
6130 if (zc->zc_nvlist_src == 0)
6131 return (SET_ERROR(EINVAL));
6132
6133 if ((error = get_nvlist(zc->zc_nvlist_src,
6134 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
6135 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
6136 policy, &config);
6137 if (config != NULL) {
6138 int err;
6139
6140 if ((err = put_nvlist(zc, config)) != 0)
6141 error = err;
6142 nvlist_free(config);
6143 }
6144 nvlist_free(policy);
6145 }
6146 }
6147
6148 if (error != 0)
6149 return (error);
6150
6151 /*
6152 * If multihost is enabled, resuming I/O is unsafe as another
6153 * host may have imported the pool. Check for remote activity.
6154 */
6155 if (spa_multihost(spa) && spa_suspended(spa) &&
6156 spa_mmp_remote_host_activity(spa)) {
6157 spa_close(spa, FTAG);
6158 return (SET_ERROR(EREMOTEIO));
6159 }
6160
6161 spa_vdev_state_enter(spa, SCL_NONE);
6162
6163 if (zc->zc_guid == 0) {
6164 vd = NULL;
6165 } else {
6166 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
6167 if (vd == NULL) {
6168 error = SET_ERROR(ENODEV);
6169 (void) spa_vdev_state_exit(spa, NULL, error);
6170 spa_close(spa, FTAG);
6171 return (error);
6172 }
6173 }
6174
6175 vdev_clear(spa, vd);
6176
6177 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
6178 NULL : spa->spa_root_vdev, 0);
6179
6180 /*
6181 * Resume any suspended I/Os.
6182 */
6183 if (zio_resume(spa) != 0)
6184 error = SET_ERROR(EIO);
6185
6186 spa_close(spa, FTAG);
6187
6188 return (error);
6189 }
6190
6191 /*
6192 * Reopen all the vdevs associated with the pool.
6193 *
6194 * innvl: {
6195 * "scrub_restart" -> when true and scrub is running, allow to restart
6196 * scrub as the side effect of the reopen (boolean).
6197 * }
6198 *
6199 * outnvl is unused
6200 */
6201 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
6202 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
6203 };
6204
6205 static int
zfs_ioc_pool_reopen(const char * pool,nvlist_t * innvl,nvlist_t * outnvl)6206 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
6207 {
6208 (void) outnvl;
6209 spa_t *spa;
6210 int error;
6211 boolean_t rc, scrub_restart = B_TRUE;
6212
6213 if (innvl) {
6214 error = nvlist_lookup_boolean_value(innvl,
6215 "scrub_restart", &rc);
6216 if (error == 0)
6217 scrub_restart = rc;
6218 }
6219
6220 error = spa_open(pool, &spa, FTAG);
6221 if (error != 0)
6222 return (error);
6223
6224 spa_vdev_state_enter(spa, SCL_NONE);
6225
6226 /*
6227 * If the scrub_restart flag is B_FALSE and a scrub is already
6228 * in progress then set spa_scrub_reopen flag to B_TRUE so that
6229 * we don't restart the scrub as a side effect of the reopen.
6230 * Otherwise, let vdev_open() decided if a resilver is required.
6231 */
6232
6233 spa->spa_scrub_reopen = (!scrub_restart &&
6234 dsl_scan_scrubbing(spa->spa_dsl_pool));
6235 vdev_reopen(spa->spa_root_vdev);
6236 spa->spa_scrub_reopen = B_FALSE;
6237
6238 (void) spa_vdev_state_exit(spa, NULL, 0);
6239 spa_close(spa, FTAG);
6240 return (0);
6241 }
6242
6243 /*
6244 * inputs:
6245 * zc_name name of filesystem
6246 *
6247 * outputs:
6248 * zc_string name of conflicting snapshot, if there is one
6249 */
6250 static int
zfs_ioc_promote(zfs_cmd_t * zc)6251 zfs_ioc_promote(zfs_cmd_t *zc)
6252 {
6253 dsl_pool_t *dp;
6254 dsl_dataset_t *ds, *ods;
6255 char origin[ZFS_MAX_DATASET_NAME_LEN];
6256 char *cp;
6257 int error;
6258
6259 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
6260 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
6261 strchr(zc->zc_name, '%'))
6262 return (SET_ERROR(EINVAL));
6263
6264 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6265 if (error != 0)
6266 return (error);
6267
6268 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
6269 if (error != 0) {
6270 dsl_pool_rele(dp, FTAG);
6271 return (error);
6272 }
6273
6274 if (!dsl_dir_is_clone(ds->ds_dir)) {
6275 dsl_dataset_rele(ds, FTAG);
6276 dsl_pool_rele(dp, FTAG);
6277 return (SET_ERROR(EINVAL));
6278 }
6279
6280 error = dsl_dataset_hold_obj(dp,
6281 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
6282 if (error != 0) {
6283 dsl_dataset_rele(ds, FTAG);
6284 dsl_pool_rele(dp, FTAG);
6285 return (error);
6286 }
6287
6288 dsl_dataset_name(ods, origin);
6289 dsl_dataset_rele(ods, FTAG);
6290 dsl_dataset_rele(ds, FTAG);
6291 dsl_pool_rele(dp, FTAG);
6292
6293 /*
6294 * We don't need to unmount *all* the origin fs's snapshots, but
6295 * it's easier.
6296 */
6297 cp = strchr(origin, '@');
6298 if (cp)
6299 *cp = '\0';
6300 (void) dmu_objset_find(origin,
6301 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
6302 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
6303 }
6304
6305 /*
6306 * Retrieve a single {user|group|project}{used|quota}@... property.
6307 *
6308 * inputs:
6309 * zc_name name of filesystem
6310 * zc_objset_type zfs_userquota_prop_t
6311 * zc_value domain name (eg. "S-1-234-567-89")
6312 * zc_guid RID/UID/GID
6313 *
6314 * outputs:
6315 * zc_cookie property value
6316 */
6317 static int
zfs_ioc_userspace_one(zfs_cmd_t * zc)6318 zfs_ioc_userspace_one(zfs_cmd_t *zc)
6319 {
6320 zfsvfs_t *zfsvfs;
6321 int error;
6322
6323 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
6324 return (SET_ERROR(EINVAL));
6325
6326 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
6327 if (error != 0)
6328 return (error);
6329
6330 error = zfs_userspace_one(zfsvfs,
6331 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
6332 zfsvfs_rele(zfsvfs, FTAG);
6333
6334 return (error);
6335 }
6336
6337 /*
6338 * inputs:
6339 * zc_name name of filesystem
6340 * zc_cookie zap cursor
6341 * zc_objset_type zfs_userquota_prop_t
6342 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
6343 *
6344 * outputs:
6345 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
6346 * zc_cookie zap cursor
6347 */
6348 static int
zfs_ioc_userspace_many(zfs_cmd_t * zc)6349 zfs_ioc_userspace_many(zfs_cmd_t *zc)
6350 {
6351 zfsvfs_t *zfsvfs;
6352 int bufsize = zc->zc_nvlist_dst_size;
6353
6354 if (bufsize <= 0)
6355 return (SET_ERROR(ENOMEM));
6356
6357 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
6358 if (error != 0)
6359 return (error);
6360
6361 void *buf = vmem_alloc(bufsize, KM_SLEEP);
6362
6363 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
6364 buf, &zc->zc_nvlist_dst_size, &zc->zc_guid);
6365
6366 if (error == 0) {
6367 error = xcopyout(buf,
6368 (void *)(uintptr_t)zc->zc_nvlist_dst,
6369 zc->zc_nvlist_dst_size);
6370 }
6371 vmem_free(buf, bufsize);
6372 zfsvfs_rele(zfsvfs, FTAG);
6373
6374 return (error);
6375 }
6376
6377 /*
6378 * inputs:
6379 * zc_name name of filesystem
6380 *
6381 * outputs:
6382 * none
6383 */
6384 static int
zfs_ioc_userspace_upgrade(zfs_cmd_t * zc)6385 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
6386 {
6387 int error = 0;
6388 zfsvfs_t *zfsvfs;
6389
6390 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
6391 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
6392 /*
6393 * If userused is not enabled, it may be because the
6394 * objset needs to be closed & reopened (to grow the
6395 * objset_phys_t). Suspend/resume the fs will do that.
6396 */
6397 dsl_dataset_t *ds, *newds;
6398
6399 ds = dmu_objset_ds(zfsvfs->z_os);
6400 error = zfs_suspend_fs(zfsvfs);
6401 if (error == 0) {
6402 dmu_objset_refresh_ownership(ds, &newds,
6403 B_TRUE, zfsvfs);
6404 error = zfs_resume_fs(zfsvfs, newds);
6405 }
6406 }
6407 if (error == 0) {
6408 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
6409 if (zfsvfs->z_os->os_upgrade_id == 0) {
6410 /* clear potential error code and retry */
6411 zfsvfs->z_os->os_upgrade_status = 0;
6412 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6413
6414 dsl_pool_config_enter(
6415 dmu_objset_pool(zfsvfs->z_os), FTAG);
6416 dmu_objset_userspace_upgrade(zfsvfs->z_os);
6417 dsl_pool_config_exit(
6418 dmu_objset_pool(zfsvfs->z_os), FTAG);
6419 } else {
6420 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6421 }
6422
6423 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
6424 zfsvfs->z_os->os_upgrade_id);
6425 error = zfsvfs->z_os->os_upgrade_status;
6426 }
6427 zfs_vfs_rele(zfsvfs);
6428 } else {
6429 objset_t *os;
6430
6431 /* XXX kind of reading contents without owning */
6432 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6433 if (error != 0)
6434 return (error);
6435
6436 mutex_enter(&os->os_upgrade_lock);
6437 if (os->os_upgrade_id == 0) {
6438 /* clear potential error code and retry */
6439 os->os_upgrade_status = 0;
6440 mutex_exit(&os->os_upgrade_lock);
6441
6442 dmu_objset_userspace_upgrade(os);
6443 } else {
6444 mutex_exit(&os->os_upgrade_lock);
6445 }
6446
6447 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6448
6449 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6450 error = os->os_upgrade_status;
6451
6452 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
6453 FTAG);
6454 }
6455 return (error);
6456 }
6457
6458 /*
6459 * inputs:
6460 * zc_name name of filesystem
6461 *
6462 * outputs:
6463 * none
6464 */
6465 static int
zfs_ioc_id_quota_upgrade(zfs_cmd_t * zc)6466 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
6467 {
6468 objset_t *os;
6469 int error;
6470
6471 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6472 if (error != 0)
6473 return (error);
6474
6475 if (dmu_objset_userobjspace_upgradable(os) ||
6476 dmu_objset_projectquota_upgradable(os)) {
6477 mutex_enter(&os->os_upgrade_lock);
6478 if (os->os_upgrade_id == 0) {
6479 /* clear potential error code and retry */
6480 os->os_upgrade_status = 0;
6481 mutex_exit(&os->os_upgrade_lock);
6482
6483 dmu_objset_id_quota_upgrade(os);
6484 } else {
6485 mutex_exit(&os->os_upgrade_lock);
6486 }
6487
6488 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6489
6490 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6491 error = os->os_upgrade_status;
6492 } else {
6493 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6494 }
6495
6496 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
6497
6498 return (error);
6499 }
6500
6501 static int
zfs_ioc_share(zfs_cmd_t * zc)6502 zfs_ioc_share(zfs_cmd_t *zc)
6503 {
6504 return (SET_ERROR(ENOSYS));
6505 }
6506
6507 /*
6508 * inputs:
6509 * zc_name name of containing filesystem
6510 * zc_obj object # beyond which we want next in-use object #
6511 *
6512 * outputs:
6513 * zc_obj next in-use object #
6514 */
6515 static int
zfs_ioc_next_obj(zfs_cmd_t * zc)6516 zfs_ioc_next_obj(zfs_cmd_t *zc)
6517 {
6518 objset_t *os = NULL;
6519 int error;
6520
6521 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6522 if (error != 0)
6523 return (error);
6524
6525 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6526
6527 dmu_objset_rele(os, FTAG);
6528 return (error);
6529 }
6530
6531 /*
6532 * inputs:
6533 * zc_name name of filesystem
6534 * zc_value prefix name for snapshot
6535 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6536 *
6537 * outputs:
6538 * zc_value short name of new snapshot
6539 */
6540 static int
zfs_ioc_tmp_snapshot(zfs_cmd_t * zc)6541 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6542 {
6543 char *snap_name;
6544 char *hold_name;
6545 minor_t minor;
6546
6547 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6548 if (fp == NULL)
6549 return (SET_ERROR(EBADF));
6550
6551 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6552 (u_longlong_t)ddi_get_lbolt64());
6553 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6554
6555 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6556 hold_name);
6557 if (error == 0)
6558 (void) strlcpy(zc->zc_value, snap_name,
6559 sizeof (zc->zc_value));
6560 kmem_strfree(snap_name);
6561 kmem_strfree(hold_name);
6562 zfs_onexit_fd_rele(fp);
6563 return (error);
6564 }
6565
6566 /*
6567 * inputs:
6568 * zc_name name of "to" snapshot
6569 * zc_value name of "from" snapshot
6570 * zc_cookie file descriptor to write diff data on
6571 *
6572 * outputs:
6573 * dmu_diff_record_t's to the file descriptor
6574 */
6575 static int
zfs_ioc_diff(zfs_cmd_t * zc)6576 zfs_ioc_diff(zfs_cmd_t *zc)
6577 {
6578 zfs_file_t *fp;
6579 offset_t off;
6580 int error;
6581
6582 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
6583 return (SET_ERROR(EBADF));
6584
6585 off = zfs_file_off(fp);
6586 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6587
6588 zfs_file_put(fp);
6589
6590 return (error);
6591 }
6592
6593 static int
zfs_ioc_smb_acl(zfs_cmd_t * zc)6594 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6595 {
6596 return (SET_ERROR(ENOTSUP));
6597 }
6598
6599 /*
6600 * innvl: {
6601 * "holds" -> { snapname -> holdname (string), ... }
6602 * (optional) "cleanup_fd" -> fd (int32)
6603 * }
6604 *
6605 * outnvl: {
6606 * snapname -> error value (int32)
6607 * ...
6608 * }
6609 */
6610 static const zfs_ioc_key_t zfs_keys_hold[] = {
6611 {"holds", DATA_TYPE_NVLIST, 0},
6612 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6613 };
6614
6615 static int
zfs_ioc_hold(const char * pool,nvlist_t * args,nvlist_t * errlist)6616 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6617 {
6618 (void) pool;
6619 nvpair_t *pair;
6620 nvlist_t *holds;
6621 int cleanup_fd = -1;
6622 int error;
6623 minor_t minor = 0;
6624 zfs_file_t *fp = NULL;
6625
6626 holds = fnvlist_lookup_nvlist(args, "holds");
6627
6628 /* make sure the user didn't pass us any invalid (empty) tags */
6629 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6630 pair = nvlist_next_nvpair(holds, pair)) {
6631 const char *htag;
6632
6633 error = nvpair_value_string(pair, &htag);
6634 if (error != 0)
6635 return (SET_ERROR(error));
6636
6637 if (strlen(htag) == 0)
6638 return (SET_ERROR(EINVAL));
6639 }
6640
6641 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6642 fp = zfs_onexit_fd_hold(cleanup_fd, &minor);
6643 if (fp == NULL)
6644 return (SET_ERROR(EBADF));
6645 }
6646
6647 error = dsl_dataset_user_hold(holds, minor, errlist);
6648 if (fp != NULL) {
6649 ASSERT3U(minor, !=, 0);
6650 zfs_onexit_fd_rele(fp);
6651 }
6652 return (SET_ERROR(error));
6653 }
6654
6655 /*
6656 * innvl is not used.
6657 *
6658 * outnvl: {
6659 * holdname -> time added (uint64 seconds since epoch)
6660 * ...
6661 * }
6662 */
6663 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6664 /* no nvl keys */
6665 };
6666
6667 static int
zfs_ioc_get_holds(const char * snapname,nvlist_t * args,nvlist_t * outnvl)6668 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6669 {
6670 (void) args;
6671 return (dsl_dataset_get_holds(snapname, outnvl));
6672 }
6673
6674 /*
6675 * innvl: {
6676 * snapname -> { holdname, ... }
6677 * ...
6678 * }
6679 *
6680 * outnvl: {
6681 * snapname -> error value (int32)
6682 * ...
6683 * }
6684 */
6685 static const zfs_ioc_key_t zfs_keys_release[] = {
6686 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6687 };
6688
6689 static int
zfs_ioc_release(const char * pool,nvlist_t * holds,nvlist_t * errlist)6690 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6691 {
6692 (void) pool;
6693 return (dsl_dataset_user_release(holds, errlist));
6694 }
6695
6696 /*
6697 * inputs:
6698 * zc_guid flags (ZEVENT_NONBLOCK)
6699 * zc_cleanup_fd zevent file descriptor
6700 *
6701 * outputs:
6702 * zc_nvlist_dst next nvlist event
6703 * zc_cookie dropped events since last get
6704 */
6705 static int
zfs_ioc_events_next(zfs_cmd_t * zc)6706 zfs_ioc_events_next(zfs_cmd_t *zc)
6707 {
6708 zfs_zevent_t *ze;
6709 nvlist_t *event = NULL;
6710 minor_t minor;
6711 uint64_t dropped = 0;
6712 int error;
6713
6714 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6715 if (fp == NULL)
6716 return (SET_ERROR(EBADF));
6717
6718 do {
6719 error = zfs_zevent_next(ze, &event,
6720 &zc->zc_nvlist_dst_size, &dropped);
6721 if (event != NULL) {
6722 zc->zc_cookie = dropped;
6723 error = put_nvlist(zc, event);
6724 nvlist_free(event);
6725 }
6726
6727 if (zc->zc_guid & ZEVENT_NONBLOCK)
6728 break;
6729
6730 if ((error == 0) || (error != ENOENT))
6731 break;
6732
6733 error = zfs_zevent_wait(ze);
6734 if (error != 0)
6735 break;
6736 } while (1);
6737
6738 zfs_zevent_fd_rele(fp);
6739
6740 return (error);
6741 }
6742
6743 /*
6744 * outputs:
6745 * zc_cookie cleared events count
6746 */
6747 static int
zfs_ioc_events_clear(zfs_cmd_t * zc)6748 zfs_ioc_events_clear(zfs_cmd_t *zc)
6749 {
6750 uint_t count;
6751
6752 zfs_zevent_drain_all(&count);
6753 zc->zc_cookie = count;
6754
6755 return (0);
6756 }
6757
6758 /*
6759 * inputs:
6760 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6761 * zc_cleanup zevent file descriptor
6762 */
6763 static int
zfs_ioc_events_seek(zfs_cmd_t * zc)6764 zfs_ioc_events_seek(zfs_cmd_t *zc)
6765 {
6766 zfs_zevent_t *ze;
6767 minor_t minor;
6768 int error;
6769
6770 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6771 if (fp == NULL)
6772 return (SET_ERROR(EBADF));
6773
6774 error = zfs_zevent_seek(ze, zc->zc_guid);
6775 zfs_zevent_fd_rele(fp);
6776
6777 return (error);
6778 }
6779
6780 /*
6781 * inputs:
6782 * zc_name name of later filesystem or snapshot
6783 * zc_value full name of old snapshot or bookmark
6784 *
6785 * outputs:
6786 * zc_cookie space in bytes
6787 * zc_objset_type compressed space in bytes
6788 * zc_perm_action uncompressed space in bytes
6789 */
6790 static int
zfs_ioc_space_written(zfs_cmd_t * zc)6791 zfs_ioc_space_written(zfs_cmd_t *zc)
6792 {
6793 int error;
6794 dsl_pool_t *dp;
6795 dsl_dataset_t *new;
6796
6797 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6798 if (error != 0)
6799 return (error);
6800 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6801 if (error != 0) {
6802 dsl_pool_rele(dp, FTAG);
6803 return (error);
6804 }
6805 if (strchr(zc->zc_value, '#') != NULL) {
6806 zfs_bookmark_phys_t bmp;
6807 error = dsl_bookmark_lookup(dp, zc->zc_value,
6808 new, &bmp);
6809 if (error == 0) {
6810 error = dsl_dataset_space_written_bookmark(&bmp, new,
6811 &zc->zc_cookie,
6812 &zc->zc_objset_type, &zc->zc_perm_action);
6813 }
6814 } else {
6815 dsl_dataset_t *old;
6816 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6817
6818 if (error == 0) {
6819 error = dsl_dataset_space_written(old, new,
6820 &zc->zc_cookie,
6821 &zc->zc_objset_type, &zc->zc_perm_action);
6822 dsl_dataset_rele(old, FTAG);
6823 }
6824 }
6825 dsl_dataset_rele(new, FTAG);
6826 dsl_pool_rele(dp, FTAG);
6827 return (error);
6828 }
6829
6830 /*
6831 * innvl: {
6832 * "firstsnap" -> snapshot name
6833 * }
6834 *
6835 * outnvl: {
6836 * "used" -> space in bytes
6837 * "compressed" -> compressed space in bytes
6838 * "uncompressed" -> uncompressed space in bytes
6839 * }
6840 */
6841 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6842 {"firstsnap", DATA_TYPE_STRING, 0},
6843 };
6844
6845 static int
zfs_ioc_space_snaps(const char * lastsnap,nvlist_t * innvl,nvlist_t * outnvl)6846 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6847 {
6848 int error;
6849 dsl_pool_t *dp;
6850 dsl_dataset_t *new, *old;
6851 const char *firstsnap;
6852 uint64_t used, comp, uncomp;
6853
6854 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6855
6856 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6857 if (error != 0)
6858 return (error);
6859
6860 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6861 if (error == 0 && !new->ds_is_snapshot) {
6862 dsl_dataset_rele(new, FTAG);
6863 error = SET_ERROR(EINVAL);
6864 }
6865 if (error != 0) {
6866 dsl_pool_rele(dp, FTAG);
6867 return (error);
6868 }
6869 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6870 if (error == 0 && !old->ds_is_snapshot) {
6871 dsl_dataset_rele(old, FTAG);
6872 error = SET_ERROR(EINVAL);
6873 }
6874 if (error != 0) {
6875 dsl_dataset_rele(new, FTAG);
6876 dsl_pool_rele(dp, FTAG);
6877 return (error);
6878 }
6879
6880 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6881 dsl_dataset_rele(old, FTAG);
6882 dsl_dataset_rele(new, FTAG);
6883 dsl_pool_rele(dp, FTAG);
6884 fnvlist_add_uint64(outnvl, "used", used);
6885 fnvlist_add_uint64(outnvl, "compressed", comp);
6886 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6887 return (error);
6888 }
6889
6890 /*
6891 * innvl: {
6892 * "fd" -> file descriptor to write stream to (int32)
6893 * (optional) "fromsnap" -> full snap name to send an incremental from
6894 * (optional) "largeblockok" -> (value ignored)
6895 * indicates that blocks > 128KB are permitted
6896 * (optional) "embedok" -> (value ignored)
6897 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6898 * (optional) "compressok" -> (value ignored)
6899 * presence indicates compressed DRR_WRITE records are permitted
6900 * (optional) "rawok" -> (value ignored)
6901 * presence indicates raw encrypted records should be used.
6902 * (optional) "savedok" -> (value ignored)
6903 * presence indicates we should send a partially received snapshot
6904 * (optional) "resume_object" and "resume_offset" -> (uint64)
6905 * if present, resume send stream from specified object and offset.
6906 * (optional) "redactbook" -> (string)
6907 * if present, use this bookmark's redaction list to generate a redacted
6908 * send stream
6909 * }
6910 *
6911 * outnvl is unused
6912 */
6913 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6914 {"fd", DATA_TYPE_INT32, 0},
6915 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6916 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6917 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6918 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6919 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6920 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6921 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6922 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6923 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6924 };
6925
6926 static int
zfs_ioc_send_new(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)6927 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6928 {
6929 (void) outnvl;
6930 int error;
6931 offset_t off;
6932 const char *fromname = NULL;
6933 int fd;
6934 boolean_t largeblockok;
6935 boolean_t embedok;
6936 boolean_t compressok;
6937 boolean_t rawok;
6938 boolean_t savedok;
6939 uint64_t resumeobj = 0;
6940 uint64_t resumeoff = 0;
6941 const char *redactbook = NULL;
6942
6943 fd = fnvlist_lookup_int32(innvl, "fd");
6944
6945 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6946
6947 largeblockok = nvlist_exists(innvl, "largeblockok");
6948 embedok = nvlist_exists(innvl, "embedok");
6949 compressok = nvlist_exists(innvl, "compressok");
6950 rawok = nvlist_exists(innvl, "rawok");
6951 savedok = nvlist_exists(innvl, "savedok");
6952
6953 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6954 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6955
6956 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6957
6958 dump_bytes_arg_t dba;
6959 dmu_send_outparams_t out;
6960 error = dump_bytes_init(&dba, fd, &out);
6961 if (error)
6962 return (error);
6963
6964 off = zfs_file_off(dba.dba_fp);
6965 error = dmu_send(snapname, fromname, embedok, largeblockok,
6966 compressok, rawok, savedok, resumeobj, resumeoff,
6967 redactbook, fd, &off, &out);
6968
6969 dump_bytes_fini(&dba);
6970
6971 return (error);
6972 }
6973
6974 static int
send_space_sum(objset_t * os,void * buf,int len,void * arg)6975 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6976 {
6977 (void) os, (void) buf;
6978 uint64_t *size = arg;
6979
6980 *size += len;
6981 return (0);
6982 }
6983
6984 /*
6985 * Determine approximately how large a zfs send stream will be -- the number
6986 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6987 *
6988 * innvl: {
6989 * (optional) "from" -> full snap or bookmark name to send an incremental
6990 * from
6991 * (optional) "largeblockok" -> (value ignored)
6992 * indicates that blocks > 128KB are permitted
6993 * (optional) "embedok" -> (value ignored)
6994 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6995 * (optional) "compressok" -> (value ignored)
6996 * presence indicates compressed DRR_WRITE records are permitted
6997 * (optional) "rawok" -> (value ignored)
6998 * presence indicates raw encrypted records should be used.
6999 * (optional) "resume_object" and "resume_offset" -> (uint64)
7000 * if present, resume send stream from specified object and offset.
7001 * (optional) "fd" -> file descriptor to use as a cookie for progress
7002 * tracking (int32)
7003 * }
7004 *
7005 * outnvl: {
7006 * "space" -> bytes of space (uint64)
7007 * }
7008 */
7009 static const zfs_ioc_key_t zfs_keys_send_space[] = {
7010 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
7011 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
7012 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7013 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7014 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7015 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7016 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
7017 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
7018 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
7019 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
7020 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
7021 };
7022
7023 static int
zfs_ioc_send_space(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)7024 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
7025 {
7026 dsl_pool_t *dp;
7027 dsl_dataset_t *tosnap;
7028 dsl_dataset_t *fromsnap = NULL;
7029 int error;
7030 const char *fromname = NULL;
7031 const char *redactlist_book = NULL;
7032 boolean_t largeblockok;
7033 boolean_t embedok;
7034 boolean_t compressok;
7035 boolean_t rawok;
7036 boolean_t savedok;
7037 uint64_t space = 0;
7038 boolean_t full_estimate = B_FALSE;
7039 uint64_t resumeobj = 0;
7040 uint64_t resumeoff = 0;
7041 uint64_t resume_bytes = 0;
7042 int32_t fd = -1;
7043 zfs_bookmark_phys_t zbm = {0};
7044
7045 error = dsl_pool_hold(snapname, FTAG, &dp);
7046 if (error != 0)
7047 return (error);
7048
7049 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
7050 if (error != 0) {
7051 dsl_pool_rele(dp, FTAG);
7052 return (error);
7053 }
7054 (void) nvlist_lookup_int32(innvl, "fd", &fd);
7055
7056 largeblockok = nvlist_exists(innvl, "largeblockok");
7057 embedok = nvlist_exists(innvl, "embedok");
7058 compressok = nvlist_exists(innvl, "compressok");
7059 rawok = nvlist_exists(innvl, "rawok");
7060 savedok = nvlist_exists(innvl, "savedok");
7061 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
7062 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
7063 &redactlist_book) == 0);
7064
7065 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
7066 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
7067 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
7068
7069 if (altbook) {
7070 full_estimate = B_TRUE;
7071 } else if (from) {
7072 if (strchr(fromname, '#')) {
7073 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
7074
7075 /*
7076 * dsl_bookmark_lookup() will fail with EXDEV if
7077 * the from-bookmark and tosnap are at the same txg.
7078 * However, it's valid to do a send (and therefore,
7079 * a send estimate) from and to the same time point,
7080 * if the bookmark is redacted (the incremental send
7081 * can change what's redacted on the target). In
7082 * this case, dsl_bookmark_lookup() fills in zbm
7083 * but returns EXDEV. Ignore this error.
7084 */
7085 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
7086 zbm.zbm_guid ==
7087 dsl_dataset_phys(tosnap)->ds_guid)
7088 error = 0;
7089
7090 if (error != 0) {
7091 dsl_dataset_rele(tosnap, FTAG);
7092 dsl_pool_rele(dp, FTAG);
7093 return (error);
7094 }
7095 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
7096 ZBM_FLAG_HAS_FBN)) {
7097 full_estimate = B_TRUE;
7098 }
7099 } else if (strchr(fromname, '@')) {
7100 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
7101 if (error != 0) {
7102 dsl_dataset_rele(tosnap, FTAG);
7103 dsl_pool_rele(dp, FTAG);
7104 return (error);
7105 }
7106
7107 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
7108 full_estimate = B_TRUE;
7109 dsl_dataset_rele(fromsnap, FTAG);
7110 }
7111 } else {
7112 /*
7113 * from is not properly formatted as a snapshot or
7114 * bookmark
7115 */
7116 dsl_dataset_rele(tosnap, FTAG);
7117 dsl_pool_rele(dp, FTAG);
7118 return (SET_ERROR(EINVAL));
7119 }
7120 }
7121
7122 if (full_estimate) {
7123 dmu_send_outparams_t out = {0};
7124 offset_t off = 0;
7125 out.dso_outfunc = send_space_sum;
7126 out.dso_arg = &space;
7127 out.dso_dryrun = B_TRUE;
7128 /*
7129 * We have to release these holds so dmu_send can take them. It
7130 * will do all the error checking we need.
7131 */
7132 dsl_dataset_rele(tosnap, FTAG);
7133 dsl_pool_rele(dp, FTAG);
7134 error = dmu_send(snapname, fromname, embedok, largeblockok,
7135 compressok, rawok, savedok, resumeobj, resumeoff,
7136 redactlist_book, fd, &off, &out);
7137 } else {
7138 error = dmu_send_estimate_fast(tosnap, fromsnap,
7139 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
7140 compressok || rawok, savedok, &space);
7141 space -= resume_bytes;
7142 if (fromsnap != NULL)
7143 dsl_dataset_rele(fromsnap, FTAG);
7144 dsl_dataset_rele(tosnap, FTAG);
7145 dsl_pool_rele(dp, FTAG);
7146 }
7147
7148 fnvlist_add_uint64(outnvl, "space", space);
7149
7150 return (error);
7151 }
7152
7153 /*
7154 * Sync the currently open TXG to disk for the specified pool.
7155 * This is somewhat similar to 'zfs_sync()'.
7156 * For cases that do not result in error this ioctl will wait for
7157 * the currently open TXG to commit before returning back to the caller.
7158 *
7159 * innvl: {
7160 * "force" -> when true, force uberblock update even if there is no dirty data.
7161 * In addition this will cause the vdev configuration to be written
7162 * out including updating the zpool cache file. (boolean_t)
7163 * }
7164 *
7165 * onvl is unused
7166 */
7167 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
7168 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
7169 };
7170
7171 static int
zfs_ioc_pool_sync(const char * pool,nvlist_t * innvl,nvlist_t * onvl)7172 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
7173 {
7174 (void) onvl;
7175 int err;
7176 boolean_t rc, force = B_FALSE;
7177 spa_t *spa;
7178
7179 if ((err = spa_open(pool, &spa, FTAG)) != 0)
7180 return (err);
7181
7182 if (innvl) {
7183 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
7184 if (err == 0)
7185 force = rc;
7186 }
7187
7188 if (force) {
7189 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
7190 vdev_config_dirty(spa->spa_root_vdev);
7191 spa_config_exit(spa, SCL_CONFIG, FTAG);
7192 }
7193 txg_wait_synced(spa_get_dsl(spa), 0);
7194
7195 spa_close(spa, FTAG);
7196
7197 return (0);
7198 }
7199
7200 /*
7201 * Load a user's wrapping key into the kernel.
7202 * innvl: {
7203 * "hidden_args" -> { "wkeydata" -> value }
7204 * raw uint8_t array of encryption wrapping key data (32 bytes)
7205 * (optional) "noop" -> (value ignored)
7206 * presence indicated key should only be verified, not loaded
7207 * }
7208 */
7209 static const zfs_ioc_key_t zfs_keys_load_key[] = {
7210 {"hidden_args", DATA_TYPE_NVLIST, 0},
7211 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7212 };
7213
7214 static int
zfs_ioc_load_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7215 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7216 {
7217 (void) outnvl;
7218 int ret;
7219 dsl_crypto_params_t *dcp = NULL;
7220 nvlist_t *hidden_args;
7221 boolean_t noop = nvlist_exists(innvl, "noop");
7222
7223 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7224 ret = SET_ERROR(EINVAL);
7225 goto error;
7226 }
7227
7228 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
7229
7230 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
7231 hidden_args, &dcp);
7232 if (ret != 0)
7233 goto error;
7234
7235 ret = spa_keystore_load_wkey(dsname, dcp, noop);
7236 if (ret != 0)
7237 goto error;
7238
7239 dsl_crypto_params_free(dcp, noop);
7240
7241 return (0);
7242
7243 error:
7244 dsl_crypto_params_free(dcp, B_TRUE);
7245 return (ret);
7246 }
7247
7248 /*
7249 * Unload a user's wrapping key from the kernel.
7250 * Both innvl and outnvl are unused.
7251 */
7252 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
7253 /* no nvl keys */
7254 };
7255
7256 static int
zfs_ioc_unload_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7257 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7258 {
7259 (void) innvl, (void) outnvl;
7260 int ret = 0;
7261
7262 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7263 ret = (SET_ERROR(EINVAL));
7264 goto out;
7265 }
7266
7267 ret = spa_keystore_unload_wkey(dsname);
7268 if (ret != 0)
7269 goto out;
7270
7271 out:
7272 return (ret);
7273 }
7274
7275 /*
7276 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
7277 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
7278 * here to change how the key is derived in userspace.
7279 *
7280 * innvl: {
7281 * "hidden_args" (optional) -> { "wkeydata" -> value }
7282 * raw uint8_t array of new encryption wrapping key data (32 bytes)
7283 * "props" (optional) -> { prop -> value }
7284 * }
7285 *
7286 * outnvl is unused
7287 */
7288 static const zfs_ioc_key_t zfs_keys_change_key[] = {
7289 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
7290 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
7291 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
7292 };
7293
7294 static int
zfs_ioc_change_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7295 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7296 {
7297 (void) outnvl;
7298 int ret;
7299 uint64_t cmd = DCP_CMD_NONE;
7300 dsl_crypto_params_t *dcp = NULL;
7301 nvlist_t *args = NULL, *hidden_args = NULL;
7302
7303 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7304 ret = (SET_ERROR(EINVAL));
7305 goto error;
7306 }
7307
7308 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
7309 (void) nvlist_lookup_nvlist(innvl, "props", &args);
7310 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
7311
7312 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
7313 if (ret != 0)
7314 goto error;
7315
7316 ret = spa_keystore_change_key(dsname, dcp);
7317 if (ret != 0)
7318 goto error;
7319
7320 dsl_crypto_params_free(dcp, B_FALSE);
7321
7322 return (0);
7323
7324 error:
7325 dsl_crypto_params_free(dcp, B_TRUE);
7326 return (ret);
7327 }
7328
7329 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
7330
7331 static void
zfs_ioctl_register_legacy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)7332 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7333 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
7334 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
7335 {
7336 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
7337
7338 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
7339 ASSERT3U(ioc, <, ZFS_IOC_LAST);
7340 ASSERT0P(vec->zvec_legacy_func);
7341 ASSERT0P(vec->zvec_func);
7342
7343 vec->zvec_legacy_func = func;
7344 vec->zvec_secpolicy = secpolicy;
7345 vec->zvec_namecheck = namecheck;
7346 vec->zvec_allow_log = log_history;
7347 vec->zvec_pool_check = pool_check;
7348 }
7349
7350 /*
7351 * See the block comment at the beginning of this file for details on
7352 * each argument to this function.
7353 */
7354 void
zfs_ioctl_register(const char * name,zfs_ioc_t ioc,zfs_ioc_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,zfs_ioc_poolcheck_t pool_check,boolean_t smush_outnvlist,boolean_t allow_log,const zfs_ioc_key_t * nvl_keys,size_t num_keys)7355 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
7356 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
7357 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
7358 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
7359 {
7360 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
7361
7362 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
7363 ASSERT3U(ioc, <, ZFS_IOC_LAST);
7364 ASSERT0P(vec->zvec_legacy_func);
7365 ASSERT0P(vec->zvec_func);
7366
7367 /* if we are logging, the name must be valid */
7368 ASSERT(!allow_log || namecheck != NO_NAME);
7369
7370 vec->zvec_name = name;
7371 vec->zvec_func = func;
7372 vec->zvec_secpolicy = secpolicy;
7373 vec->zvec_namecheck = namecheck;
7374 vec->zvec_pool_check = pool_check;
7375 vec->zvec_smush_outnvlist = smush_outnvlist;
7376 vec->zvec_allow_log = allow_log;
7377 vec->zvec_nvl_keys = nvl_keys;
7378 vec->zvec_nvl_key_count = num_keys;
7379 }
7380
7381 static void
zfs_ioctl_register_pool(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)7382 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7383 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
7384 zfs_ioc_poolcheck_t pool_check)
7385 {
7386 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7387 POOL_NAME, log_history, pool_check);
7388 }
7389
7390 void
zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_poolcheck_t pool_check)7391 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7392 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
7393 {
7394 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7395 DATASET_NAME, B_FALSE, pool_check);
7396 }
7397
7398 static void
zfs_ioctl_register_pool_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)7399 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7400 {
7401 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
7402 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7403 }
7404
7405 static void
zfs_ioctl_register_pool_meta(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7406 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7407 zfs_secpolicy_func_t *secpolicy)
7408 {
7409 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7410 NO_NAME, B_FALSE, POOL_CHECK_NONE);
7411 }
7412
7413 static void
zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7414 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
7415 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
7416 {
7417 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7418 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
7419 }
7420
7421 static void
zfs_ioctl_register_dataset_read(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)7422 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7423 {
7424 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
7425 zfs_secpolicy_read);
7426 }
7427
7428 static void
zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7429 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7430 zfs_secpolicy_func_t *secpolicy)
7431 {
7432 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7433 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7434 }
7435
7436 static void
zfs_ioctl_init(void)7437 zfs_ioctl_init(void)
7438 {
7439 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
7440 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
7441 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7442 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
7443
7444 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
7445 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
7446 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7447 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
7448
7449 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
7450 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
7451 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7452 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
7453
7454 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
7455 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
7456 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7457 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
7458
7459 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
7460 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
7461 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7462 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
7463
7464 zfs_ioctl_register("create", ZFS_IOC_CREATE,
7465 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
7466 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7467 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
7468
7469 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
7470 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
7471 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7472 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
7473
7474 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
7475 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
7476 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7477 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
7478
7479 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
7480 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
7481 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7482 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
7483
7484 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
7485 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
7486 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7487 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
7488 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
7489 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
7490 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7491 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
7492
7493 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
7494 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
7495 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7496 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
7497
7498 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
7499 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
7500 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7501 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
7502
7503 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
7504 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
7505 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7506 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
7507
7508 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
7509 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
7510 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7511 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
7512
7513 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
7514 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
7515 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
7516 ARRAY_SIZE(zfs_keys_get_bookmark_props));
7517
7518 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
7519 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
7520 POOL_NAME,
7521 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7522 zfs_keys_destroy_bookmarks,
7523 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7524
7525 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7526 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME,
7527 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7528 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7529 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7530 zfs_ioc_load_key, zfs_secpolicy_load_key,
7531 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7532 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7533 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7534 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7535 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7536 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7537 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7538 zfs_ioc_change_key, zfs_secpolicy_change_key,
7539 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7540 B_TRUE, B_TRUE, zfs_keys_change_key,
7541 ARRAY_SIZE(zfs_keys_change_key));
7542
7543 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7544 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7545 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7546 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7547 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7548 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7549 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7550
7551 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7552 zfs_ioc_channel_program, zfs_secpolicy_config,
7553 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7554 B_TRUE, zfs_keys_channel_program,
7555 ARRAY_SIZE(zfs_keys_channel_program));
7556
7557 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7558 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7559 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7560 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7561
7562 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7563 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7564 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7565 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7566
7567 zfs_ioctl_register("zpool_discard_checkpoint",
7568 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7569 zfs_secpolicy_config, POOL_NAME,
7570 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7571 zfs_keys_pool_discard_checkpoint,
7572 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7573
7574 zfs_ioctl_register("zpool_prefetch",
7575 ZFS_IOC_POOL_PREFETCH, zfs_ioc_pool_prefetch,
7576 zfs_secpolicy_config, POOL_NAME,
7577 POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7578 zfs_keys_pool_prefetch, ARRAY_SIZE(zfs_keys_pool_prefetch));
7579
7580 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7581 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7582 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7583 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7584
7585 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7586 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7587 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7588 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7589
7590 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7591 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7592 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7593 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7594
7595 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7596 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7597 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7598 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7599
7600 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7601 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7602 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7603 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7604
7605 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7606 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7607 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7608 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7609
7610 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS,
7611 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME,
7612 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props,
7613 ARRAY_SIZE(zfs_keys_vdev_get_props));
7614
7615 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS,
7616 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME,
7617 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7618 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props));
7619
7620 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB,
7621 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME,
7622 POOL_CHECK_NONE, B_TRUE, B_TRUE,
7623 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub));
7624
7625 zfs_ioctl_register("get_props", ZFS_IOC_POOL_GET_PROPS,
7626 zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME,
7627 POOL_CHECK_NONE, B_FALSE, B_FALSE,
7628 zfs_keys_get_props, ARRAY_SIZE(zfs_keys_get_props));
7629
7630 zfs_ioctl_register("zpool_ddt_prune", ZFS_IOC_DDT_PRUNE,
7631 zfs_ioc_ddt_prune, zfs_secpolicy_config, POOL_NAME,
7632 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7633 zfs_keys_ddt_prune, ARRAY_SIZE(zfs_keys_ddt_prune));
7634
7635 /* IOCTLS that use the legacy function signature */
7636
7637 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7638 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7639
7640 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7641 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7642 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7643 zfs_ioc_pool_scan);
7644 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7645 zfs_ioc_pool_upgrade);
7646 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7647 zfs_ioc_vdev_add);
7648 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7649 zfs_ioc_vdev_remove);
7650 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7651 zfs_ioc_vdev_set_state);
7652 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7653 zfs_ioc_vdev_attach);
7654 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7655 zfs_ioc_vdev_detach);
7656 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7657 zfs_ioc_vdev_setpath);
7658 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7659 zfs_ioc_vdev_setfru);
7660 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7661 zfs_ioc_pool_set_props);
7662 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7663 zfs_ioc_vdev_split);
7664 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7665 zfs_ioc_pool_reguid);
7666
7667 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7668 zfs_ioc_pool_configs, zfs_secpolicy_none);
7669 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7670 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7671 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7672 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7673 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7674 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7675 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7676 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7677
7678 /*
7679 * pool destroy, and export don't log the history as part of
7680 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7681 * does the logging of those commands.
7682 */
7683 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7684 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7685 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7686 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7687
7688 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7689 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7690
7691 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7692 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7693 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7694 zfs_ioc_dsobj_to_dsname,
7695 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7696 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7697 zfs_ioc_pool_get_history,
7698 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7699
7700 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7701 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7702
7703 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7704 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7705
7706 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7707 zfs_ioc_space_written);
7708 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7709 zfs_ioc_objset_recvd_props);
7710 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7711 zfs_ioc_next_obj);
7712 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7713 zfs_ioc_get_fsacl);
7714 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7715 zfs_ioc_objset_stats);
7716 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7717 zfs_ioc_objset_zplprops);
7718 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7719 zfs_ioc_dataset_list_next);
7720 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7721 zfs_ioc_snapshot_list_next);
7722 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7723 zfs_ioc_send_progress);
7724
7725 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7726 zfs_ioc_diff, zfs_secpolicy_diff);
7727 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7728 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7729 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7730 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7731 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7732 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7733 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7734 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7735 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7736 zfs_ioc_send, zfs_secpolicy_send);
7737
7738 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7739 zfs_secpolicy_none);
7740 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7741 zfs_secpolicy_destroy);
7742 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7743 zfs_secpolicy_rename);
7744 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7745 zfs_secpolicy_recv);
7746 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7747 zfs_secpolicy_promote);
7748 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7749 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7750 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7751 zfs_secpolicy_set_fsacl);
7752
7753 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7754 zfs_secpolicy_share, POOL_CHECK_NONE);
7755 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7756 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7757 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7758 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7759 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7760 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7761 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7762 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7763
7764 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7765 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7766 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7767 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7768 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7769 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7770
7771 zfs_ioctl_init_os();
7772 }
7773
7774 /*
7775 * Verify that for non-legacy ioctls the input nvlist
7776 * pairs match against the expected input.
7777 *
7778 * Possible errors are:
7779 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7780 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7781 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7782 */
7783 static int
zfs_check_input_nvpairs(nvlist_t * innvl,const zfs_ioc_vec_t * vec)7784 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7785 {
7786 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7787 boolean_t required_keys_found = B_FALSE;
7788
7789 /*
7790 * examine each input pair
7791 */
7792 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7793 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7794 const char *name = nvpair_name(pair);
7795 data_type_t type = nvpair_type(pair);
7796 boolean_t identified = B_FALSE;
7797
7798 /*
7799 * check pair against the documented names and type
7800 */
7801 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7802 /* if not a wild card name, check for an exact match */
7803 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7804 strcmp(nvl_keys[k].zkey_name, name) != 0)
7805 continue;
7806
7807 identified = B_TRUE;
7808
7809 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7810 nvl_keys[k].zkey_type != type) {
7811 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7812 }
7813
7814 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7815 continue;
7816
7817 required_keys_found = B_TRUE;
7818 break;
7819 }
7820
7821 /* allow an 'optional' key, everything else is invalid */
7822 if (!identified &&
7823 (strcmp(name, "optional") != 0 ||
7824 type != DATA_TYPE_NVLIST)) {
7825 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7826 }
7827 }
7828
7829 /* verify that all required keys were found */
7830 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7831 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7832 continue;
7833
7834 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7835 /* at least one non-optional key is expected here */
7836 if (!required_keys_found)
7837 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7838 continue;
7839 }
7840
7841 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7842 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7843 }
7844
7845 return (0);
7846 }
7847
7848 static int
pool_status_check(const char * name,zfs_ioc_namecheck_t type,zfs_ioc_poolcheck_t check)7849 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7850 zfs_ioc_poolcheck_t check)
7851 {
7852 spa_t *spa;
7853 int error;
7854
7855 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7856 type == ENTITY_NAME);
7857
7858 if (check & POOL_CHECK_NONE)
7859 return (0);
7860
7861 error = spa_open(name, &spa, FTAG);
7862 if (error == 0) {
7863 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7864 error = SET_ERROR(EAGAIN);
7865 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7866 error = SET_ERROR(EROFS);
7867 spa_close(spa, FTAG);
7868 }
7869 return (error);
7870 }
7871
7872 int
zfsdev_getminor(zfs_file_t * fp,minor_t * minorp)7873 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp)
7874 {
7875 zfsdev_state_t *zs, *fpd;
7876
7877 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7878
7879 fpd = zfs_file_private(fp);
7880 if (fpd == NULL)
7881 return (SET_ERROR(EBADF));
7882
7883 mutex_enter(&zfsdev_state_lock);
7884
7885 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7886
7887 if (zs->zs_minor == -1)
7888 continue;
7889
7890 if (fpd == zs) {
7891 *minorp = fpd->zs_minor;
7892 mutex_exit(&zfsdev_state_lock);
7893 return (0);
7894 }
7895 }
7896
7897 mutex_exit(&zfsdev_state_lock);
7898
7899 return (SET_ERROR(EBADF));
7900 }
7901
7902 void *
zfsdev_get_state(minor_t minor,enum zfsdev_state_type which)7903 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7904 {
7905 zfsdev_state_t *zs;
7906
7907 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7908 if (zs->zs_minor == minor) {
7909 membar_consumer();
7910 switch (which) {
7911 case ZST_ONEXIT:
7912 return (zs->zs_onexit);
7913 case ZST_ZEVENT:
7914 return (zs->zs_zevent);
7915 case ZST_ALL:
7916 return (zs);
7917 }
7918 }
7919 }
7920
7921 return (NULL);
7922 }
7923
7924 /*
7925 * Find a free minor number. The zfsdev_state_list is expected to
7926 * be short since it is only a list of currently open file handles.
7927 */
7928 static minor_t
zfsdev_minor_alloc(void)7929 zfsdev_minor_alloc(void)
7930 {
7931 static minor_t last_minor = 0;
7932 minor_t m;
7933
7934 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7935
7936 for (m = last_minor + 1; m != last_minor; m++) {
7937 if (m > ZFSDEV_MAX_MINOR)
7938 m = 1;
7939 if (zfsdev_get_state(m, ZST_ALL) == NULL) {
7940 last_minor = m;
7941 return (m);
7942 }
7943 }
7944
7945 return (0);
7946 }
7947
7948 int
zfsdev_state_init(void * priv)7949 zfsdev_state_init(void *priv)
7950 {
7951 zfsdev_state_t *zs, *zsprev = NULL;
7952 minor_t minor;
7953 boolean_t newzs = B_FALSE;
7954
7955 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7956
7957 minor = zfsdev_minor_alloc();
7958 if (minor == 0)
7959 return (SET_ERROR(ENXIO));
7960
7961 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7962 if (zs->zs_minor == -1)
7963 break;
7964 zsprev = zs;
7965 }
7966
7967 if (!zs) {
7968 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7969 newzs = B_TRUE;
7970 }
7971
7972 zfsdev_private_set_state(priv, zs);
7973
7974 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
7975 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
7976
7977 /*
7978 * In order to provide for lock-free concurrent read access
7979 * to the minor list in zfsdev_get_state(), new entries
7980 * must be completely written before linking them into the
7981 * list whereas existing entries are already linked; the last
7982 * operation must be updating zs_minor (from -1 to the new
7983 * value).
7984 */
7985 if (newzs) {
7986 zs->zs_minor = minor;
7987 membar_producer();
7988 zsprev->zs_next = zs;
7989 } else {
7990 membar_producer();
7991 zs->zs_minor = minor;
7992 }
7993
7994 return (0);
7995 }
7996
7997 void
zfsdev_state_destroy(void * priv)7998 zfsdev_state_destroy(void *priv)
7999 {
8000 zfsdev_state_t *zs = zfsdev_private_get_state(priv);
8001
8002 ASSERT(zs != NULL);
8003 ASSERT3S(zs->zs_minor, >, 0);
8004
8005 /*
8006 * The last reference to this zfsdev file descriptor is being dropped.
8007 * We don't have to worry about lookup grabbing this state object, and
8008 * zfsdev_state_init() will not try to reuse this object until it is
8009 * invalidated by setting zs_minor to -1. Invalidation must be done
8010 * last, with a memory barrier to ensure ordering. This lets us avoid
8011 * taking the global zfsdev state lock around destruction.
8012 */
8013 zfs_onexit_destroy(zs->zs_onexit);
8014 zfs_zevent_destroy(zs->zs_zevent);
8015 zs->zs_onexit = NULL;
8016 zs->zs_zevent = NULL;
8017 membar_producer();
8018 zs->zs_minor = -1;
8019 }
8020
8021 long
zfsdev_ioctl_common(uint_t vecnum,zfs_cmd_t * zc,int flag)8022 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
8023 {
8024 int error, cmd;
8025 const zfs_ioc_vec_t *vec;
8026 char *saved_poolname = NULL;
8027 uint64_t max_nvlist_src_size;
8028 size_t saved_poolname_len = 0;
8029 nvlist_t *innvl = NULL;
8030 fstrans_cookie_t cookie;
8031 hrtime_t start_time = gethrtime();
8032
8033 cmd = vecnum;
8034 error = 0;
8035 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
8036 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
8037
8038 vec = &zfs_ioc_vec[vecnum];
8039
8040 /*
8041 * The registered ioctl list may be sparse, verify that either
8042 * a normal or legacy handler are registered.
8043 */
8044 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
8045 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
8046
8047 zc->zc_iflags = flag & FKIOCTL;
8048 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
8049 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
8050 /*
8051 * Make sure the user doesn't pass in an insane value for
8052 * zc_nvlist_src_size. We have to check, since we will end
8053 * up allocating that much memory inside of get_nvlist(). This
8054 * prevents a nefarious user from allocating tons of kernel
8055 * memory.
8056 *
8057 * Also, we return EINVAL instead of ENOMEM here. The reason
8058 * being that returning ENOMEM from an ioctl() has a special
8059 * connotation; that the user's size value is too small and
8060 * needs to be expanded to hold the nvlist. See
8061 * zcmd_expand_dst_nvlist() for details.
8062 */
8063 error = SET_ERROR(EINVAL); /* User's size too big */
8064
8065 } else if (zc->zc_nvlist_src_size != 0) {
8066 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
8067 zc->zc_iflags, &innvl);
8068 if (error != 0)
8069 goto out;
8070 }
8071
8072 /*
8073 * Ensure that all pool/dataset names are valid before we pass down to
8074 * the lower layers.
8075 */
8076 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
8077 switch (vec->zvec_namecheck) {
8078 case POOL_NAME:
8079 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
8080 error = SET_ERROR(EINVAL);
8081 else
8082 error = pool_status_check(zc->zc_name,
8083 vec->zvec_namecheck, vec->zvec_pool_check);
8084 break;
8085
8086 case DATASET_NAME:
8087 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
8088 error = SET_ERROR(EINVAL);
8089 else
8090 error = pool_status_check(zc->zc_name,
8091 vec->zvec_namecheck, vec->zvec_pool_check);
8092 break;
8093
8094 case ENTITY_NAME:
8095 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
8096 error = SET_ERROR(EINVAL);
8097 } else {
8098 error = pool_status_check(zc->zc_name,
8099 vec->zvec_namecheck, vec->zvec_pool_check);
8100 }
8101 break;
8102
8103 case NO_NAME:
8104 break;
8105 }
8106 /*
8107 * Ensure that all input pairs are valid before we pass them down
8108 * to the lower layers.
8109 *
8110 * The vectored functions can use fnvlist_lookup_{type} for any
8111 * required pairs since zfs_check_input_nvpairs() confirmed that
8112 * they exist and are of the correct type.
8113 */
8114 if (error == 0 && vec->zvec_func != NULL) {
8115 error = zfs_check_input_nvpairs(innvl, vec);
8116 if (error != 0)
8117 goto out;
8118 }
8119
8120 if (error == 0) {
8121 cookie = spl_fstrans_mark();
8122 error = vec->zvec_secpolicy(zc, innvl, CRED());
8123 spl_fstrans_unmark(cookie);
8124 }
8125
8126 if (error != 0)
8127 goto out;
8128
8129 /* legacy ioctls can modify zc_name */
8130 /*
8131 * Can't use kmem_strdup() as we might truncate the string and
8132 * kmem_strfree() would then free with incorrect size.
8133 */
8134 saved_poolname_len = strlen(zc->zc_name) + 1;
8135 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
8136
8137 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
8138 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
8139
8140 if (vec->zvec_func != NULL) {
8141 nvlist_t *outnvl;
8142 int puterror = 0;
8143 spa_t *spa;
8144 nvlist_t *lognv = NULL;
8145
8146 ASSERT0P(vec->zvec_legacy_func);
8147
8148 /*
8149 * Add the innvl to the lognv before calling the func,
8150 * in case the func changes the innvl.
8151 */
8152 if (vec->zvec_allow_log) {
8153 lognv = fnvlist_alloc();
8154 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
8155 vec->zvec_name);
8156 if (!nvlist_empty(innvl)) {
8157 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
8158 innvl);
8159 }
8160 }
8161
8162 outnvl = fnvlist_alloc();
8163 cookie = spl_fstrans_mark();
8164 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
8165 spl_fstrans_unmark(cookie);
8166
8167 /*
8168 * Some commands can partially execute, modify state, and still
8169 * return an error. In these cases, attempt to record what
8170 * was modified.
8171 */
8172 if ((error == 0 ||
8173 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
8174 vec->zvec_allow_log &&
8175 spa_open(zc->zc_name, &spa, FTAG) == 0) {
8176 if (!nvlist_empty(outnvl)) {
8177 size_t out_size = fnvlist_size(outnvl);
8178 if (out_size > zfs_history_output_max) {
8179 fnvlist_add_int64(lognv,
8180 ZPOOL_HIST_OUTPUT_SIZE, out_size);
8181 } else {
8182 fnvlist_add_nvlist(lognv,
8183 ZPOOL_HIST_OUTPUT_NVL, outnvl);
8184 }
8185 }
8186 if (error != 0) {
8187 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
8188 error);
8189 }
8190 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
8191 gethrtime() - start_time);
8192 (void) spa_history_log_nvl(spa, lognv);
8193 spa_close(spa, FTAG);
8194 }
8195 fnvlist_free(lognv);
8196
8197 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
8198 int smusherror = 0;
8199 if (vec->zvec_smush_outnvlist) {
8200 smusherror = nvlist_smush(outnvl,
8201 zc->zc_nvlist_dst_size);
8202 }
8203 if (smusherror == 0)
8204 puterror = put_nvlist(zc, outnvl);
8205 }
8206
8207 if (puterror != 0)
8208 error = puterror;
8209
8210 nvlist_free(outnvl);
8211 } else {
8212 cookie = spl_fstrans_mark();
8213 error = vec->zvec_legacy_func(zc);
8214 spl_fstrans_unmark(cookie);
8215 }
8216
8217 out:
8218 nvlist_free(innvl);
8219 if (error == 0 && vec->zvec_allow_log) {
8220 char *s = tsd_get(zfs_allow_log_key);
8221 if (s != NULL)
8222 kmem_strfree(s);
8223 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
8224 }
8225 if (saved_poolname != NULL)
8226 kmem_free(saved_poolname, saved_poolname_len);
8227
8228 return (error);
8229 }
8230
8231 int
zfs_kmod_init(void)8232 zfs_kmod_init(void)
8233 {
8234 int error;
8235
8236 if ((error = zvol_init()) != 0)
8237 return (error);
8238
8239 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
8240 zfs_init();
8241
8242 zfs_ioctl_init();
8243
8244 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
8245 zfsdev_state_listhead.zs_minor = -1;
8246
8247 if ((error = zfsdev_attach()) != 0)
8248 goto out;
8249
8250 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
8251 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
8252
8253 return (0);
8254 out:
8255 zfs_fini();
8256 spa_fini();
8257 zvol_fini();
8258
8259 return (error);
8260 }
8261
8262 void
zfs_kmod_fini(void)8263 zfs_kmod_fini(void)
8264 {
8265 zfsdev_state_t *zs, *zsnext = NULL;
8266
8267 zfsdev_detach();
8268
8269 mutex_destroy(&zfsdev_state_lock);
8270
8271 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) {
8272 zsnext = zs->zs_next;
8273 if (zs->zs_onexit)
8274 zfs_onexit_destroy(zs->zs_onexit);
8275 if (zs->zs_zevent)
8276 zfs_zevent_destroy(zs->zs_zevent);
8277 if (zs != &zfsdev_state_listhead)
8278 kmem_free(zs, sizeof (zfsdev_state_t));
8279 }
8280
8281 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
8282 zfs_fini();
8283 spa_fini();
8284 zvol_fini();
8285
8286 tsd_destroy(&rrw_tsd_key);
8287 tsd_destroy(&zfs_allow_log_key);
8288 }
8289
8290 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW,
8291 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
8292
8293 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW,
8294 "Maximum size in bytes of ZFS ioctl output that will be logged");
8295