1 // SPDX-License-Identifier: CDDL-1.0
2 /*
3 * CDDL HEADER START
4 *
5 * The contents of this file are subject to the terms of the
6 * Common Development and Distribution License (the "License").
7 * You may not use this file except in compliance with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or https://opensource.org/licenses/CDDL-1.0.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23 /*
24 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
25 * Portions Copyright 2011 Martin Matuska
26 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
27 * Copyright (c) 2012 Pawel Jakub Dawidek
28 * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved.
29 * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
30 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
31 * Copyright (c) 2011, 2024 by Delphix. All rights reserved.
32 * Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
33 * Copyright (c) 2013 Steven Hartland. All rights reserved.
34 * Copyright (c) 2014 Integros [integros.com]
35 * Copyright 2016 Toomas Soome <tsoome@me.com>
36 * Copyright (c) 2016 Actifio, Inc. All rights reserved.
37 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
38 * Copyright 2017 RackTop Systems.
39 * Copyright (c) 2017 Open-E, Inc. All Rights Reserved.
40 * Copyright (c) 2019 Datto Inc.
41 * Copyright (c) 2019, 2020 by Christian Schwarz. All rights reserved.
42 * Copyright (c) 2019, 2021, 2023, 2024, Klara Inc.
43 * Copyright (c) 2019, Allan Jude
44 * Copyright 2024 Oxide Computer Company
45 */
46
47 /*
48 * ZFS ioctls.
49 *
50 * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage
51 * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool.
52 *
53 * There are two ways that we handle ioctls: the legacy way where almost
54 * all of the logic is in the ioctl callback, and the new way where most
55 * of the marshalling is handled in the common entry point, zfsdev_ioctl().
56 *
57 * Non-legacy ioctls should be registered by calling
58 * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked
59 * from userland by lzc_ioctl().
60 *
61 * The registration arguments are as follows:
62 *
63 * const char *name
64 * The name of the ioctl. This is used for history logging. If the
65 * ioctl returns successfully (the callback returns 0), and allow_log
66 * is true, then a history log entry will be recorded with the input &
67 * output nvlists. The log entry can be printed with "zpool history -i".
68 *
69 * zfs_ioc_t ioc
70 * The ioctl request number, which userland will pass to ioctl(2).
71 * We want newer versions of libzfs and libzfs_core to run against
72 * existing zfs kernel modules (i.e. a deferred reboot after an update).
73 * Therefore the ioctl numbers cannot change from release to release.
74 *
75 * zfs_secpolicy_func_t *secpolicy
76 * This function will be called before the zfs_ioc_func_t, to
77 * determine if this operation is permitted. It should return EPERM
78 * on failure, and 0 on success. Checks include determining if the
79 * dataset is visible in this zone, and if the user has either all
80 * zfs privileges in the zone (SYS_MOUNT), or has been granted permission
81 * to do this operation on this dataset with "zfs allow".
82 *
83 * zfs_ioc_namecheck_t namecheck
84 * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool
85 * name, a dataset name, or nothing. If the name is not well-formed,
86 * the ioctl will fail and the callback will not be called.
87 * Therefore, the callback can assume that the name is well-formed
88 * (e.g. is null-terminated, doesn't have more than one '@' character,
89 * doesn't have invalid characters).
90 *
91 * zfs_ioc_poolcheck_t pool_check
92 * This specifies requirements on the pool state. If the pool does
93 * not meet them (is suspended or is readonly), the ioctl will fail
94 * and the callback will not be called. If any checks are specified
95 * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME.
96 * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED |
97 * POOL_CHECK_READONLY).
98 *
99 * zfs_ioc_key_t *nvl_keys
100 * The list of expected/allowable innvl input keys. This list is used
101 * to validate the nvlist input to the ioctl.
102 *
103 * boolean_t smush_outnvlist
104 * If smush_outnvlist is true, then the output is presumed to be a
105 * list of errors, and it will be "smushed" down to fit into the
106 * caller's buffer, by removing some entries and replacing them with a
107 * single "N_MORE_ERRORS" entry indicating how many were removed. See
108 * nvlist_smush() for details. If smush_outnvlist is false, and the
109 * outnvlist does not fit into the userland-provided buffer, then the
110 * ioctl will fail with ENOMEM.
111 *
112 * zfs_ioc_func_t *func
113 * The callback function that will perform the operation.
114 *
115 * The callback should return 0 on success, or an error number on
116 * failure. If the function fails, the userland ioctl will return -1,
117 * and errno will be set to the callback's return value. The callback
118 * will be called with the following arguments:
119 *
120 * const char *name
121 * The name of the pool or dataset to operate on, from
122 * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the
123 * expected type (pool, dataset, or none).
124 *
125 * nvlist_t *innvl
126 * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or
127 * NULL if no input nvlist was provided. Changes to this nvlist are
128 * ignored. If the input nvlist could not be deserialized, the
129 * ioctl will fail and the callback will not be called.
130 *
131 * nvlist_t *outnvl
132 * The output nvlist, initially empty. The callback can fill it in,
133 * and it will be returned to userland by serializing it into
134 * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization
135 * fails (e.g. because the caller didn't supply a large enough
136 * buffer), then the overall ioctl will fail. See the
137 * 'smush_nvlist' argument above for additional behaviors.
138 *
139 * There are two typical uses of the output nvlist:
140 * - To return state, e.g. property values. In this case,
141 * smush_outnvlist should be false. If the buffer was not large
142 * enough, the caller will reallocate a larger buffer and try
143 * the ioctl again.
144 *
145 * - To return multiple errors from an ioctl which makes on-disk
146 * changes. In this case, smush_outnvlist should be true.
147 * Ioctls which make on-disk modifications should generally not
148 * use the outnvl if they succeed, because the caller can not
149 * distinguish between the operation failing, and
150 * deserialization failing.
151 *
152 * IOCTL Interface Errors
153 *
154 * The following ioctl input errors can be returned:
155 * ZFS_ERR_IOC_CMD_UNAVAIL the ioctl number is not supported by kernel
156 * ZFS_ERR_IOC_ARG_UNAVAIL an input argument is not supported by kernel
157 * ZFS_ERR_IOC_ARG_REQUIRED a required input argument is missing
158 * ZFS_ERR_IOC_ARG_BADTYPE an input argument has an invalid type
159 */
160
161 #include <sys/types.h>
162 #include <sys/param.h>
163 #include <sys/errno.h>
164 #include <sys/file.h>
165 #include <sys/kmem.h>
166 #include <sys/cmn_err.h>
167 #include <sys/stat.h>
168 #include <sys/zfs_ioctl.h>
169 #include <sys/zfs_quota.h>
170 #include <sys/zfs_vfsops.h>
171 #include <sys/zfs_znode.h>
172 #include <sys/zap.h>
173 #include <sys/spa.h>
174 #include <sys/spa_impl.h>
175 #include <sys/vdev.h>
176 #include <sys/vdev_impl.h>
177 #include <sys/dmu.h>
178 #include <sys/dsl_dir.h>
179 #include <sys/dsl_dataset.h>
180 #include <sys/dsl_prop.h>
181 #include <sys/dsl_deleg.h>
182 #include <sys/dmu_objset.h>
183 #include <sys/dmu_impl.h>
184 #include <sys/dmu_redact.h>
185 #include <sys/dmu_tx.h>
186 #include <sys/sunddi.h>
187 #include <sys/policy.h>
188 #include <sys/zone.h>
189 #include <sys/nvpair.h>
190 #include <sys/pathname.h>
191 #include <sys/fs/zfs.h>
192 #include <sys/zfs_ctldir.h>
193 #include <sys/zfs_dir.h>
194 #include <sys/zfs_onexit.h>
195 #include <sys/zvol.h>
196 #include <sys/dsl_scan.h>
197 #include <sys/fm/util.h>
198 #include <sys/dsl_crypt.h>
199 #include <sys/rrwlock.h>
200 #include <sys/zfs_file.h>
201
202 #include <sys/dmu_recv.h>
203 #include <sys/dmu_send.h>
204 #include <sys/dmu_recv.h>
205 #include <sys/dsl_destroy.h>
206 #include <sys/dsl_bookmark.h>
207 #include <sys/dsl_userhold.h>
208 #include <sys/zfeature.h>
209 #include <sys/zcp.h>
210 #include <sys/zio_checksum.h>
211 #include <sys/vdev_removal.h>
212 #include <sys/vdev_impl.h>
213 #include <sys/vdev_initialize.h>
214 #include <sys/vdev_trim.h>
215
216 #include "zfs_namecheck.h"
217 #include "zfs_prop.h"
218 #include "zfs_deleg.h"
219 #include "zfs_comutil.h"
220
221 #include <sys/lua/lua.h>
222 #include <sys/lua/lauxlib.h>
223 #include <sys/zfs_ioctl_impl.h>
224
225 kmutex_t zfsdev_state_lock;
226 static zfsdev_state_t zfsdev_state_listhead;
227
228 /*
229 * Limit maximum nvlist size. We don't want users passing in insane values
230 * for zc->zc_nvlist_src_size, since we will need to allocate that much memory.
231 * Defaults to 0=auto which is handled by platform code.
232 */
233 uint64_t zfs_max_nvlist_src_size = 0;
234
235 /*
236 * When logging the output nvlist of an ioctl in the on-disk history, limit
237 * the logged size to this many bytes. This must be less than DMU_MAX_ACCESS.
238 * This applies primarily to zfs_ioc_channel_program().
239 */
240 static uint64_t zfs_history_output_max = 1024 * 1024;
241
242 uint_t zfs_allow_log_key;
243
244 /* DATA_TYPE_ANY is used when zkey_type can vary. */
245 #define DATA_TYPE_ANY DATA_TYPE_UNKNOWN
246
247 typedef struct zfs_ioc_vec {
248 zfs_ioc_legacy_func_t *zvec_legacy_func;
249 zfs_ioc_func_t *zvec_func;
250 zfs_secpolicy_func_t *zvec_secpolicy;
251 zfs_ioc_namecheck_t zvec_namecheck;
252 boolean_t zvec_allow_log;
253 zfs_ioc_poolcheck_t zvec_pool_check;
254 boolean_t zvec_smush_outnvlist;
255 const char *zvec_name;
256 const zfs_ioc_key_t *zvec_nvl_keys;
257 size_t zvec_nvl_key_count;
258 } zfs_ioc_vec_t;
259
260 /* This array is indexed by zfs_userquota_prop_t */
261 static const char *userquota_perms[] = {
262 ZFS_DELEG_PERM_USERUSED,
263 ZFS_DELEG_PERM_USERQUOTA,
264 ZFS_DELEG_PERM_GROUPUSED,
265 ZFS_DELEG_PERM_GROUPQUOTA,
266 ZFS_DELEG_PERM_USEROBJUSED,
267 ZFS_DELEG_PERM_USEROBJQUOTA,
268 ZFS_DELEG_PERM_GROUPOBJUSED,
269 ZFS_DELEG_PERM_GROUPOBJQUOTA,
270 ZFS_DELEG_PERM_PROJECTUSED,
271 ZFS_DELEG_PERM_PROJECTQUOTA,
272 ZFS_DELEG_PERM_PROJECTOBJUSED,
273 ZFS_DELEG_PERM_PROJECTOBJQUOTA,
274 };
275
276 static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc);
277 static int zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc);
278 static int zfs_check_settable(const char *name, nvpair_t *property,
279 cred_t *cr);
280 static int zfs_check_clearable(const char *dataset, nvlist_t *props,
281 nvlist_t **errors);
282 static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *,
283 boolean_t *);
284 int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *);
285 static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp);
286
287 static void
history_str_free(char * buf)288 history_str_free(char *buf)
289 {
290 kmem_free(buf, HIS_MAX_RECORD_LEN);
291 }
292
293 static char *
history_str_get(zfs_cmd_t * zc)294 history_str_get(zfs_cmd_t *zc)
295 {
296 char *buf;
297
298 if (zc->zc_history == 0)
299 return (NULL);
300
301 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP);
302 if (copyinstr((void *)(uintptr_t)zc->zc_history,
303 buf, HIS_MAX_RECORD_LEN, NULL) != 0) {
304 history_str_free(buf);
305 return (NULL);
306 }
307
308 buf[HIS_MAX_RECORD_LEN -1] = '\0';
309
310 return (buf);
311 }
312
313 /*
314 * Return non-zero if the spa version is less than requested version.
315 */
316 static int
zfs_earlier_version(const char * name,int version)317 zfs_earlier_version(const char *name, int version)
318 {
319 spa_t *spa;
320
321 if (spa_open(name, &spa, FTAG) == 0) {
322 if (spa_version(spa) < version) {
323 spa_close(spa, FTAG);
324 return (1);
325 }
326 spa_close(spa, FTAG);
327 }
328 return (0);
329 }
330
331 /*
332 * Return TRUE if the ZPL version is less than requested version.
333 */
334 static boolean_t
zpl_earlier_version(const char * name,int version)335 zpl_earlier_version(const char *name, int version)
336 {
337 objset_t *os;
338 boolean_t rc = B_TRUE;
339
340 if (dmu_objset_hold(name, FTAG, &os) == 0) {
341 uint64_t zplversion;
342
343 if (dmu_objset_type(os) != DMU_OST_ZFS) {
344 dmu_objset_rele(os, FTAG);
345 return (B_TRUE);
346 }
347 /* XXX reading from non-owned objset */
348 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0)
349 rc = zplversion < version;
350 dmu_objset_rele(os, FTAG);
351 }
352 return (rc);
353 }
354
355 static void
zfs_log_history(zfs_cmd_t * zc)356 zfs_log_history(zfs_cmd_t *zc)
357 {
358 spa_t *spa;
359 char *buf;
360
361 if ((buf = history_str_get(zc)) == NULL)
362 return;
363
364 if (spa_open(zc->zc_name, &spa, FTAG) == 0) {
365 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY)
366 (void) spa_history_log(spa, buf);
367 spa_close(spa, FTAG);
368 }
369 history_str_free(buf);
370 }
371
372 /*
373 * Policy for top-level read operations (list pools). Requires no privileges,
374 * and can be used in the local zone, as there is no associated dataset.
375 */
376 static int
zfs_secpolicy_none(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)377 zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
378 {
379 (void) zc, (void) innvl, (void) cr;
380 return (0);
381 }
382
383 /*
384 * Policy for dataset read operations (list children, get statistics). Requires
385 * no privileges, but must be visible in the local zone.
386 */
387 static int
zfs_secpolicy_read(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)388 zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
389 {
390 (void) innvl, (void) cr;
391 if (INGLOBALZONE(curproc) ||
392 zone_dataset_visible(zc->zc_name, NULL))
393 return (0);
394
395 return (SET_ERROR(ENOENT));
396 }
397
398 static int
zfs_dozonecheck_impl(const char * dataset,uint64_t zoned,cred_t * cr)399 zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr)
400 {
401 int writable = 1;
402
403 /*
404 * The dataset must be visible by this zone -- check this first
405 * so they don't see EPERM on something they shouldn't know about.
406 */
407 if (!INGLOBALZONE(curproc) &&
408 !zone_dataset_visible(dataset, &writable))
409 return (SET_ERROR(ENOENT));
410
411 if (INGLOBALZONE(curproc)) {
412 /*
413 * If the fs is zoned, only root can access it from the
414 * global zone.
415 */
416 if (secpolicy_zfs(cr) && zoned)
417 return (SET_ERROR(EPERM));
418 } else {
419 /*
420 * If we are in a local zone, the 'zoned' property must be set.
421 */
422 if (!zoned)
423 return (SET_ERROR(EPERM));
424
425 /* must be writable by this zone */
426 if (!writable)
427 return (SET_ERROR(EPERM));
428 }
429 return (0);
430 }
431
432 static int
zfs_dozonecheck(const char * dataset,cred_t * cr)433 zfs_dozonecheck(const char *dataset, cred_t *cr)
434 {
435 uint64_t zoned;
436
437 if (dsl_prop_get_integer(dataset, zfs_prop_to_name(ZFS_PROP_ZONED),
438 &zoned, NULL))
439 return (SET_ERROR(ENOENT));
440
441 return (zfs_dozonecheck_impl(dataset, zoned, cr));
442 }
443
444 static int
zfs_dozonecheck_ds(const char * dataset,dsl_dataset_t * ds,cred_t * cr)445 zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr)
446 {
447 uint64_t zoned;
448
449 if (dsl_prop_get_int_ds(ds, zfs_prop_to_name(ZFS_PROP_ZONED), &zoned))
450 return (SET_ERROR(ENOENT));
451
452 return (zfs_dozonecheck_impl(dataset, zoned, cr));
453 }
454
455 static int
zfs_secpolicy_write_perms_ds(const char * name,dsl_dataset_t * ds,const char * perm,cred_t * cr)456 zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds,
457 const char *perm, cred_t *cr)
458 {
459 int error;
460
461 error = zfs_dozonecheck_ds(name, ds, cr);
462 if (error == 0) {
463 error = secpolicy_zfs(cr);
464 if (error != 0)
465 error = dsl_deleg_access_impl(ds, perm, cr);
466 }
467 return (error);
468 }
469
470 static int
zfs_secpolicy_write_perms(const char * name,const char * perm,cred_t * cr)471 zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
472 {
473 int error;
474 dsl_dataset_t *ds;
475 dsl_pool_t *dp;
476
477 /*
478 * First do a quick check for root in the global zone, which
479 * is allowed to do all write_perms. This ensures that zfs_ioc_*
480 * will get to handle nonexistent datasets.
481 */
482 if (INGLOBALZONE(curproc) && secpolicy_zfs(cr) == 0)
483 return (0);
484
485 error = dsl_pool_hold(name, FTAG, &dp);
486 if (error != 0)
487 return (error);
488
489 error = dsl_dataset_hold(dp, name, FTAG, &ds);
490 if (error != 0) {
491 dsl_pool_rele(dp, FTAG);
492 return (error);
493 }
494
495 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr);
496
497 dsl_dataset_rele(ds, FTAG);
498 dsl_pool_rele(dp, FTAG);
499 return (error);
500 }
501
502 /*
503 * Policy for setting the security label property.
504 *
505 * Returns 0 for success, non-zero for access and other errors.
506 */
507 static int
zfs_set_slabel_policy(const char * name,const char * strval,cred_t * cr)508 zfs_set_slabel_policy(const char *name, const char *strval, cred_t *cr)
509 {
510 #ifdef HAVE_MLSLABEL
511 char ds_hexsl[MAXNAMELEN];
512 bslabel_t ds_sl, new_sl;
513 boolean_t new_default = FALSE;
514 uint64_t zoned;
515 int needed_priv = -1;
516 int error;
517
518 /* First get the existing dataset label. */
519 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL),
520 1, sizeof (ds_hexsl), &ds_hexsl, NULL);
521 if (error != 0)
522 return (SET_ERROR(EPERM));
523
524 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
525 new_default = TRUE;
526
527 /* The label must be translatable */
528 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0))
529 return (SET_ERROR(EINVAL));
530
531 /*
532 * In a non-global zone, disallow attempts to set a label that
533 * doesn't match that of the zone; otherwise no other checks
534 * are needed.
535 */
536 if (!INGLOBALZONE(curproc)) {
537 if (new_default || !blequal(&new_sl, CR_SL(CRED())))
538 return (SET_ERROR(EPERM));
539 return (0);
540 }
541
542 /*
543 * For global-zone datasets (i.e., those whose zoned property is
544 * "off", verify that the specified new label is valid for the
545 * global zone.
546 */
547 if (dsl_prop_get_integer(name,
548 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL))
549 return (SET_ERROR(EPERM));
550 if (!zoned) {
551 if (zfs_check_global_label(name, strval) != 0)
552 return (SET_ERROR(EPERM));
553 }
554
555 /*
556 * If the existing dataset label is nondefault, check if the
557 * dataset is mounted (label cannot be changed while mounted).
558 * Get the zfsvfs_t; if there isn't one, then the dataset isn't
559 * mounted (or isn't a dataset, doesn't exist, ...).
560 */
561 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) {
562 objset_t *os;
563 static const char *setsl_tag = "setsl_tag";
564
565 /*
566 * Try to own the dataset; abort if there is any error,
567 * (e.g., already mounted, in use, or other error).
568 */
569 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, B_TRUE,
570 setsl_tag, &os);
571 if (error != 0)
572 return (SET_ERROR(EPERM));
573
574 dmu_objset_disown(os, B_TRUE, setsl_tag);
575
576 if (new_default) {
577 needed_priv = PRIV_FILE_DOWNGRADE_SL;
578 goto out_check;
579 }
580
581 if (hexstr_to_label(strval, &new_sl) != 0)
582 return (SET_ERROR(EPERM));
583
584 if (blstrictdom(&ds_sl, &new_sl))
585 needed_priv = PRIV_FILE_DOWNGRADE_SL;
586 else if (blstrictdom(&new_sl, &ds_sl))
587 needed_priv = PRIV_FILE_UPGRADE_SL;
588 } else {
589 /* dataset currently has a default label */
590 if (!new_default)
591 needed_priv = PRIV_FILE_UPGRADE_SL;
592 }
593
594 out_check:
595 if (needed_priv != -1)
596 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
597 return (0);
598 #else
599 return (SET_ERROR(ENOTSUP));
600 #endif /* HAVE_MLSLABEL */
601 }
602
603 static int
zfs_secpolicy_setprop(const char * dsname,zfs_prop_t prop,nvpair_t * propval,cred_t * cr)604 zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval,
605 cred_t *cr)
606 {
607 const char *strval;
608
609 /*
610 * Check permissions for special properties.
611 */
612 switch (prop) {
613 default:
614 break;
615 case ZFS_PROP_ZONED:
616 /*
617 * Disallow setting of 'zoned' from within a local zone.
618 */
619 if (!INGLOBALZONE(curproc))
620 return (SET_ERROR(EPERM));
621 break;
622
623 case ZFS_PROP_QUOTA:
624 case ZFS_PROP_FILESYSTEM_LIMIT:
625 case ZFS_PROP_SNAPSHOT_LIMIT:
626 if (!INGLOBALZONE(curproc)) {
627 uint64_t zoned;
628 char setpoint[ZFS_MAX_DATASET_NAME_LEN];
629 /*
630 * Unprivileged users are allowed to modify the
631 * limit on things *under* (ie. contained by)
632 * the thing they own.
633 */
634 if (dsl_prop_get_integer(dsname,
635 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, setpoint))
636 return (SET_ERROR(EPERM));
637 if (!zoned || strlen(dsname) <= strlen(setpoint))
638 return (SET_ERROR(EPERM));
639 }
640 break;
641
642 case ZFS_PROP_MLSLABEL:
643 if (!is_system_labeled())
644 return (SET_ERROR(EPERM));
645
646 if (nvpair_value_string(propval, &strval) == 0) {
647 int err;
648
649 err = zfs_set_slabel_policy(dsname, strval, CRED());
650 if (err != 0)
651 return (err);
652 }
653 break;
654 }
655
656 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr));
657 }
658
659 static int
zfs_secpolicy_set_fsacl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)660 zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
661 {
662 /*
663 * permission to set permissions will be evaluated later in
664 * dsl_deleg_can_allow()
665 */
666 (void) innvl;
667 return (zfs_dozonecheck(zc->zc_name, cr));
668 }
669
670 static int
zfs_secpolicy_rollback(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)671 zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
672 {
673 (void) innvl;
674 return (zfs_secpolicy_write_perms(zc->zc_name,
675 ZFS_DELEG_PERM_ROLLBACK, cr));
676 }
677
678 static int
zfs_secpolicy_send(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)679 zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
680 {
681 (void) innvl;
682 dsl_pool_t *dp;
683 dsl_dataset_t *ds;
684 const char *cp;
685 int error;
686
687 /*
688 * Generate the current snapshot name from the given objsetid, then
689 * use that name for the secpolicy/zone checks.
690 */
691 cp = strchr(zc->zc_name, '@');
692 if (cp == NULL)
693 return (SET_ERROR(EINVAL));
694 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
695 if (error != 0)
696 return (error);
697
698 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds);
699 if (error != 0) {
700 dsl_pool_rele(dp, FTAG);
701 return (error);
702 }
703
704 dsl_dataset_name(ds, zc->zc_name);
705
706 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds,
707 ZFS_DELEG_PERM_SEND, cr);
708 dsl_dataset_rele(ds, FTAG);
709 dsl_pool_rele(dp, FTAG);
710
711 return (error);
712 }
713
714 static int
zfs_secpolicy_send_new(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)715 zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
716 {
717 (void) innvl;
718 return (zfs_secpolicy_write_perms(zc->zc_name,
719 ZFS_DELEG_PERM_SEND, cr));
720 }
721
722 static int
zfs_secpolicy_share(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)723 zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
724 {
725 (void) zc, (void) innvl, (void) cr;
726 return (SET_ERROR(ENOTSUP));
727 }
728
729 static int
zfs_secpolicy_smb_acl(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)730 zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
731 {
732 (void) zc, (void) innvl, (void) cr;
733 return (SET_ERROR(ENOTSUP));
734 }
735
736 static int
zfs_get_parent(const char * datasetname,char * parent,int parentsize)737 zfs_get_parent(const char *datasetname, char *parent, int parentsize)
738 {
739 char *cp;
740
741 /*
742 * Remove the @bla or /bla from the end of the name to get the parent.
743 */
744 (void) strlcpy(parent, datasetname, parentsize);
745 cp = strrchr(parent, '@');
746 if (cp != NULL) {
747 cp[0] = '\0';
748 } else {
749 cp = strrchr(parent, '/');
750 if (cp == NULL)
751 return (SET_ERROR(ENOENT));
752 cp[0] = '\0';
753 }
754
755 return (0);
756 }
757
758 int
zfs_secpolicy_destroy_perms(const char * name,cred_t * cr)759 zfs_secpolicy_destroy_perms(const char *name, cred_t *cr)
760 {
761 int error;
762
763 if ((error = zfs_secpolicy_write_perms(name,
764 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
765 return (error);
766
767 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr));
768 }
769
770 static int
zfs_secpolicy_destroy(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)771 zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
772 {
773 (void) innvl;
774 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr));
775 }
776
777 /*
778 * Destroying snapshots with delegated permissions requires
779 * descendant mount and destroy permissions.
780 */
781 static int
zfs_secpolicy_destroy_snaps(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)782 zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
783 {
784 (void) zc;
785 nvlist_t *snaps;
786 nvpair_t *pair, *nextpair;
787 int error = 0;
788
789 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
790
791 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
792 pair = nextpair) {
793 nextpair = nvlist_next_nvpair(snaps, pair);
794 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr);
795 if (error == ENOENT) {
796 /*
797 * Ignore any snapshots that don't exist (we consider
798 * them "already destroyed"). Remove the name from the
799 * nvl here in case the snapshot is created between
800 * now and when we try to destroy it (in which case
801 * we don't want to destroy it since we haven't
802 * checked for permission).
803 */
804 fnvlist_remove_nvpair(snaps, pair);
805 error = 0;
806 }
807 if (error != 0)
808 break;
809 }
810
811 return (error);
812 }
813
814 int
zfs_secpolicy_rename_perms(const char * from,const char * to,cred_t * cr)815 zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr)
816 {
817 char parentname[ZFS_MAX_DATASET_NAME_LEN];
818 int error;
819
820 if ((error = zfs_secpolicy_write_perms(from,
821 ZFS_DELEG_PERM_RENAME, cr)) != 0)
822 return (error);
823
824 if ((error = zfs_secpolicy_write_perms(from,
825 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
826 return (error);
827
828 if ((error = zfs_get_parent(to, parentname,
829 sizeof (parentname))) != 0)
830 return (error);
831
832 if ((error = zfs_secpolicy_write_perms(parentname,
833 ZFS_DELEG_PERM_CREATE, cr)) != 0)
834 return (error);
835
836 if ((error = zfs_secpolicy_write_perms(parentname,
837 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
838 return (error);
839
840 return (error);
841 }
842
843 static int
zfs_secpolicy_rename(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)844 zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
845 {
846 (void) innvl;
847 return (zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr));
848 }
849
850 static int
zfs_secpolicy_promote(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)851 zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
852 {
853 (void) innvl;
854 dsl_pool_t *dp;
855 dsl_dataset_t *clone;
856 int error;
857
858 error = zfs_secpolicy_write_perms(zc->zc_name,
859 ZFS_DELEG_PERM_PROMOTE, cr);
860 if (error != 0)
861 return (error);
862
863 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
864 if (error != 0)
865 return (error);
866
867 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone);
868
869 if (error == 0) {
870 char parentname[ZFS_MAX_DATASET_NAME_LEN];
871 dsl_dataset_t *origin = NULL;
872 dsl_dir_t *dd;
873 dd = clone->ds_dir;
874
875 error = dsl_dataset_hold_obj(dd->dd_pool,
876 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin);
877 if (error != 0) {
878 dsl_dataset_rele(clone, FTAG);
879 dsl_pool_rele(dp, FTAG);
880 return (error);
881 }
882
883 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone,
884 ZFS_DELEG_PERM_MOUNT, cr);
885
886 dsl_dataset_name(origin, parentname);
887 if (error == 0) {
888 error = zfs_secpolicy_write_perms_ds(parentname, origin,
889 ZFS_DELEG_PERM_PROMOTE, cr);
890 }
891 dsl_dataset_rele(clone, FTAG);
892 dsl_dataset_rele(origin, FTAG);
893 }
894 dsl_pool_rele(dp, FTAG);
895 return (error);
896 }
897
898 static int
zfs_secpolicy_recv(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)899 zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
900 {
901 (void) innvl;
902 int error;
903
904 /*
905 * zfs receive -F requires full receive permission,
906 * otherwise receive:append permission is enough
907 */
908 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
909 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) {
910 if (zc->zc_guid || nvlist_exists(innvl, "force"))
911 return (error);
912 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
913 ZFS_DELEG_PERM_RECEIVE_APPEND, cr)) != 0)
914 return (error);
915 }
916
917 if ((error = zfs_secpolicy_write_perms(zc->zc_name,
918 ZFS_DELEG_PERM_MOUNT, cr)) != 0)
919 return (error);
920
921 return (zfs_secpolicy_write_perms(zc->zc_name,
922 ZFS_DELEG_PERM_CREATE, cr));
923 }
924
925 int
zfs_secpolicy_snapshot_perms(const char * name,cred_t * cr)926 zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr)
927 {
928 return (zfs_secpolicy_write_perms(name,
929 ZFS_DELEG_PERM_SNAPSHOT, cr));
930 }
931
932 /*
933 * Check for permission to create each snapshot in the nvlist.
934 */
935 static int
zfs_secpolicy_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)936 zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
937 {
938 (void) zc;
939 nvlist_t *snaps;
940 int error = 0;
941 nvpair_t *pair;
942
943 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
944
945 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
946 pair = nvlist_next_nvpair(snaps, pair)) {
947 char *name = (char *)nvpair_name(pair);
948 char *atp = strchr(name, '@');
949
950 if (atp == NULL) {
951 error = SET_ERROR(EINVAL);
952 break;
953 }
954 *atp = '\0';
955 error = zfs_secpolicy_snapshot_perms(name, cr);
956 *atp = '@';
957 if (error != 0)
958 break;
959 }
960 return (error);
961 }
962
963 /*
964 * Check for permission to create each bookmark in the nvlist.
965 */
966 static int
zfs_secpolicy_bookmark(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)967 zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
968 {
969 (void) zc;
970 int error = 0;
971
972 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
973 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
974 char *name = (char *)nvpair_name(pair);
975 char *hashp = strchr(name, '#');
976
977 if (hashp == NULL) {
978 error = SET_ERROR(EINVAL);
979 break;
980 }
981 *hashp = '\0';
982 error = zfs_secpolicy_write_perms(name,
983 ZFS_DELEG_PERM_BOOKMARK, cr);
984 *hashp = '#';
985 if (error != 0)
986 break;
987 }
988 return (error);
989 }
990
991 static int
zfs_secpolicy_destroy_bookmarks(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)992 zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
993 {
994 (void) zc;
995 nvpair_t *pair, *nextpair;
996 int error = 0;
997
998 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
999 pair = nextpair) {
1000 char *name = (char *)nvpair_name(pair);
1001 char *hashp = strchr(name, '#');
1002 nextpair = nvlist_next_nvpair(innvl, pair);
1003
1004 if (hashp == NULL) {
1005 error = SET_ERROR(EINVAL);
1006 break;
1007 }
1008
1009 *hashp = '\0';
1010 error = zfs_secpolicy_write_perms(name,
1011 ZFS_DELEG_PERM_DESTROY, cr);
1012 *hashp = '#';
1013 if (error == ENOENT) {
1014 /*
1015 * Ignore any filesystems that don't exist (we consider
1016 * their bookmarks "already destroyed"). Remove
1017 * the name from the nvl here in case the filesystem
1018 * is created between now and when we try to destroy
1019 * the bookmark (in which case we don't want to
1020 * destroy it since we haven't checked for permission).
1021 */
1022 fnvlist_remove_nvpair(innvl, pair);
1023 error = 0;
1024 }
1025 if (error != 0)
1026 break;
1027 }
1028
1029 return (error);
1030 }
1031
1032 static int
zfs_secpolicy_log_history(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1033 zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1034 {
1035 (void) zc, (void) innvl, (void) cr;
1036 /*
1037 * Even root must have a proper TSD so that we know what pool
1038 * to log to.
1039 */
1040 if (tsd_get(zfs_allow_log_key) == NULL)
1041 return (SET_ERROR(EPERM));
1042 return (0);
1043 }
1044
1045 static int
zfs_secpolicy_create_clone(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1046 zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1047 {
1048 char parentname[ZFS_MAX_DATASET_NAME_LEN];
1049 int error;
1050 const char *origin;
1051
1052 if ((error = zfs_get_parent(zc->zc_name, parentname,
1053 sizeof (parentname))) != 0)
1054 return (error);
1055
1056 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 &&
1057 (error = zfs_secpolicy_write_perms(origin,
1058 ZFS_DELEG_PERM_CLONE, cr)) != 0)
1059 return (error);
1060
1061 if ((error = zfs_secpolicy_write_perms(parentname,
1062 ZFS_DELEG_PERM_CREATE, cr)) != 0)
1063 return (error);
1064
1065 return (zfs_secpolicy_write_perms(parentname,
1066 ZFS_DELEG_PERM_MOUNT, cr));
1067 }
1068
1069 /*
1070 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires
1071 * SYS_CONFIG privilege, which is not available in a local zone.
1072 */
1073 int
zfs_secpolicy_config(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1074 zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1075 {
1076 (void) zc, (void) innvl;
1077
1078 if (secpolicy_sys_config(cr, B_FALSE) != 0)
1079 return (SET_ERROR(EPERM));
1080
1081 return (0);
1082 }
1083
1084 /*
1085 * Policy for object to name lookups.
1086 */
1087 static int
zfs_secpolicy_diff(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1088 zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1089 {
1090 (void) innvl;
1091 int error;
1092
1093 if (secpolicy_sys_config(cr, B_FALSE) == 0)
1094 return (0);
1095
1096 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr);
1097 return (error);
1098 }
1099
1100 /*
1101 * Policy for fault injection. Requires all privileges.
1102 */
1103 static int
zfs_secpolicy_inject(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1104 zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1105 {
1106 (void) zc, (void) innvl;
1107 return (secpolicy_zinject(cr));
1108 }
1109
1110 static int
zfs_secpolicy_inherit_prop(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1111 zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1112 {
1113 (void) innvl;
1114 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value);
1115
1116 if (prop == ZPROP_USERPROP) {
1117 if (!zfs_prop_user(zc->zc_value))
1118 return (SET_ERROR(EINVAL));
1119 return (zfs_secpolicy_write_perms(zc->zc_name,
1120 ZFS_DELEG_PERM_USERPROP, cr));
1121 } else {
1122 return (zfs_secpolicy_setprop(zc->zc_name, prop,
1123 NULL, cr));
1124 }
1125 }
1126
1127 static int
zfs_secpolicy_userspace_one(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1128 zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1129 {
1130 int err = zfs_secpolicy_read(zc, innvl, cr);
1131 if (err)
1132 return (err);
1133
1134 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1135 return (SET_ERROR(EINVAL));
1136
1137 if (zc->zc_value[0] == 0) {
1138 /*
1139 * They are asking about a posix uid/gid. If it's
1140 * themself, allow it.
1141 */
1142 if (zc->zc_objset_type == ZFS_PROP_USERUSED ||
1143 zc->zc_objset_type == ZFS_PROP_USERQUOTA ||
1144 zc->zc_objset_type == ZFS_PROP_USEROBJUSED ||
1145 zc->zc_objset_type == ZFS_PROP_USEROBJQUOTA) {
1146 if (zc->zc_guid == crgetuid(cr))
1147 return (0);
1148 } else if (zc->zc_objset_type == ZFS_PROP_GROUPUSED ||
1149 zc->zc_objset_type == ZFS_PROP_GROUPQUOTA ||
1150 zc->zc_objset_type == ZFS_PROP_GROUPOBJUSED ||
1151 zc->zc_objset_type == ZFS_PROP_GROUPOBJQUOTA) {
1152 if (groupmember(zc->zc_guid, cr))
1153 return (0);
1154 }
1155 /* else is for project quota/used */
1156 }
1157
1158 return (zfs_secpolicy_write_perms(zc->zc_name,
1159 userquota_perms[zc->zc_objset_type], cr));
1160 }
1161
1162 static int
zfs_secpolicy_userspace_many(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1163 zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1164 {
1165 int err = zfs_secpolicy_read(zc, innvl, cr);
1166 if (err)
1167 return (err);
1168
1169 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
1170 return (SET_ERROR(EINVAL));
1171
1172 return (zfs_secpolicy_write_perms(zc->zc_name,
1173 userquota_perms[zc->zc_objset_type], cr));
1174 }
1175
1176 static int
zfs_secpolicy_userspace_upgrade(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1177 zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1178 {
1179 (void) innvl;
1180 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION,
1181 NULL, cr));
1182 }
1183
1184 static int
zfs_secpolicy_hold(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1185 zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1186 {
1187 (void) zc;
1188 nvpair_t *pair;
1189 nvlist_t *holds;
1190 int error;
1191
1192 holds = fnvlist_lookup_nvlist(innvl, "holds");
1193
1194 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
1195 pair = nvlist_next_nvpair(holds, pair)) {
1196 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1197 error = dmu_fsname(nvpair_name(pair), fsname);
1198 if (error != 0)
1199 return (error);
1200 error = zfs_secpolicy_write_perms(fsname,
1201 ZFS_DELEG_PERM_HOLD, cr);
1202 if (error != 0)
1203 return (error);
1204 }
1205 return (0);
1206 }
1207
1208 static int
zfs_secpolicy_release(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1209 zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1210 {
1211 (void) zc;
1212 nvpair_t *pair;
1213 int error;
1214
1215 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL;
1216 pair = nvlist_next_nvpair(innvl, pair)) {
1217 char fsname[ZFS_MAX_DATASET_NAME_LEN];
1218 error = dmu_fsname(nvpair_name(pair), fsname);
1219 if (error != 0)
1220 return (error);
1221 error = zfs_secpolicy_write_perms(fsname,
1222 ZFS_DELEG_PERM_RELEASE, cr);
1223 if (error != 0)
1224 return (error);
1225 }
1226 return (0);
1227 }
1228
1229 /*
1230 * Policy for allowing temporary snapshots to be taken or released
1231 */
1232 static int
zfs_secpolicy_tmp_snapshot(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1233 zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1234 {
1235 /*
1236 * A temporary snapshot is the same as a snapshot,
1237 * hold, destroy and release all rolled into one.
1238 * Delegated diff alone is sufficient that we allow this.
1239 */
1240 int error;
1241
1242 if (zfs_secpolicy_write_perms(zc->zc_name,
1243 ZFS_DELEG_PERM_DIFF, cr) == 0)
1244 return (0);
1245
1246 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr);
1247
1248 if (innvl != NULL) {
1249 if (error == 0)
1250 error = zfs_secpolicy_hold(zc, innvl, cr);
1251 if (error == 0)
1252 error = zfs_secpolicy_release(zc, innvl, cr);
1253 if (error == 0)
1254 error = zfs_secpolicy_destroy(zc, innvl, cr);
1255 }
1256 return (error);
1257 }
1258
1259 static int
zfs_secpolicy_load_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1260 zfs_secpolicy_load_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1261 {
1262 return (zfs_secpolicy_write_perms(zc->zc_name,
1263 ZFS_DELEG_PERM_LOAD_KEY, cr));
1264 }
1265
1266 static int
zfs_secpolicy_change_key(zfs_cmd_t * zc,nvlist_t * innvl,cred_t * cr)1267 zfs_secpolicy_change_key(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr)
1268 {
1269 return (zfs_secpolicy_write_perms(zc->zc_name,
1270 ZFS_DELEG_PERM_CHANGE_KEY, cr));
1271 }
1272
1273 /*
1274 * Returns the nvlist as specified by the user in the zfs_cmd_t.
1275 */
1276 static int
get_nvlist(uint64_t nvl,uint64_t size,int iflag,nvlist_t ** nvp)1277 get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp)
1278 {
1279 char *packed;
1280 int error;
1281 nvlist_t *list = NULL;
1282
1283 /*
1284 * Read in and unpack the user-supplied nvlist.
1285 */
1286 if (size == 0)
1287 return (SET_ERROR(EINVAL));
1288
1289 packed = vmem_alloc(size, KM_SLEEP);
1290
1291 if (ddi_copyin((void *)(uintptr_t)nvl, packed, size, iflag) != 0) {
1292 vmem_free(packed, size);
1293 return (SET_ERROR(EFAULT));
1294 }
1295
1296 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) {
1297 vmem_free(packed, size);
1298 return (error);
1299 }
1300
1301 vmem_free(packed, size);
1302
1303 *nvp = list;
1304 return (0);
1305 }
1306
1307 /*
1308 * Reduce the size of this nvlist until it can be serialized in 'max' bytes.
1309 * Entries will be removed from the end of the nvlist, and one int32 entry
1310 * named "N_MORE_ERRORS" will be added indicating how many entries were
1311 * removed.
1312 */
1313 static int
nvlist_smush(nvlist_t * errors,size_t max)1314 nvlist_smush(nvlist_t *errors, size_t max)
1315 {
1316 size_t size;
1317
1318 size = fnvlist_size(errors);
1319
1320 if (size > max) {
1321 nvpair_t *more_errors;
1322 int n = 0;
1323
1324 if (max < 1024)
1325 return (SET_ERROR(ENOMEM));
1326
1327 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0);
1328 more_errors = nvlist_prev_nvpair(errors, NULL);
1329
1330 do {
1331 nvpair_t *pair = nvlist_prev_nvpair(errors,
1332 more_errors);
1333 fnvlist_remove_nvpair(errors, pair);
1334 n++;
1335 size = fnvlist_size(errors);
1336 } while (size > max);
1337
1338 fnvlist_remove_nvpair(errors, more_errors);
1339 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n);
1340 ASSERT3U(fnvlist_size(errors), <=, max);
1341 }
1342
1343 return (0);
1344 }
1345
1346 static int
put_nvlist(zfs_cmd_t * zc,nvlist_t * nvl)1347 put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl)
1348 {
1349 char *packed = NULL;
1350 int error = 0;
1351 size_t size;
1352
1353 size = fnvlist_size(nvl);
1354
1355 if (size > zc->zc_nvlist_dst_size) {
1356 error = SET_ERROR(ENOMEM);
1357 } else {
1358 packed = fnvlist_pack(nvl, &size);
1359 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst,
1360 size, zc->zc_iflags) != 0)
1361 error = SET_ERROR(EFAULT);
1362 fnvlist_pack_free(packed, size);
1363 }
1364
1365 zc->zc_nvlist_dst_size = size;
1366 zc->zc_nvlist_dst_filled = B_TRUE;
1367 return (error);
1368 }
1369
1370 int
getzfsvfs_impl(objset_t * os,zfsvfs_t ** zfvp)1371 getzfsvfs_impl(objset_t *os, zfsvfs_t **zfvp)
1372 {
1373 int error = 0;
1374 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1375 return (SET_ERROR(EINVAL));
1376 }
1377
1378 mutex_enter(&os->os_user_ptr_lock);
1379 *zfvp = dmu_objset_get_user(os);
1380 /* bump s_active only when non-zero to prevent umount race */
1381 error = zfs_vfs_ref(zfvp);
1382 mutex_exit(&os->os_user_ptr_lock);
1383 return (error);
1384 }
1385
1386 int
getzfsvfs(const char * dsname,zfsvfs_t ** zfvp)1387 getzfsvfs(const char *dsname, zfsvfs_t **zfvp)
1388 {
1389 objset_t *os;
1390 int error;
1391
1392 error = dmu_objset_hold(dsname, FTAG, &os);
1393 if (error != 0)
1394 return (error);
1395
1396 error = getzfsvfs_impl(os, zfvp);
1397 dmu_objset_rele(os, FTAG);
1398 return (error);
1399 }
1400
1401 /*
1402 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which
1403 * case its z_sb will be NULL, and it will be opened as the owner.
1404 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER,
1405 * which prevents all inode ops from running.
1406 */
1407 static int
zfsvfs_hold(const char * name,const void * tag,zfsvfs_t ** zfvp,boolean_t writer)1408 zfsvfs_hold(const char *name, const void *tag, zfsvfs_t **zfvp,
1409 boolean_t writer)
1410 {
1411 int error = 0;
1412
1413 if (getzfsvfs(name, zfvp) != 0)
1414 error = zfsvfs_create(name, B_FALSE, zfvp);
1415 if (error == 0) {
1416 if (writer)
1417 ZFS_TEARDOWN_ENTER_WRITE(*zfvp, tag);
1418 else
1419 ZFS_TEARDOWN_ENTER_READ(*zfvp, tag);
1420 if ((*zfvp)->z_unmounted) {
1421 /*
1422 * XXX we could probably try again, since the unmounting
1423 * thread should be just about to disassociate the
1424 * objset from the zfsvfs.
1425 */
1426 ZFS_TEARDOWN_EXIT(*zfvp, tag);
1427 return (SET_ERROR(EBUSY));
1428 }
1429 }
1430 return (error);
1431 }
1432
1433 static void
zfsvfs_rele(zfsvfs_t * zfsvfs,const void * tag)1434 zfsvfs_rele(zfsvfs_t *zfsvfs, const void *tag)
1435 {
1436 ZFS_TEARDOWN_EXIT(zfsvfs, tag);
1437
1438 if (zfs_vfs_held(zfsvfs)) {
1439 zfs_vfs_rele(zfsvfs);
1440 } else {
1441 dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
1442 zfsvfs_free(zfsvfs);
1443 }
1444 }
1445
1446 static int
zfs_ioc_pool_create(zfs_cmd_t * zc)1447 zfs_ioc_pool_create(zfs_cmd_t *zc)
1448 {
1449 int error;
1450 nvlist_t *config, *props = NULL;
1451 nvlist_t *rootprops = NULL;
1452 nvlist_t *zplprops = NULL;
1453 dsl_crypto_params_t *dcp = NULL;
1454 const char *spa_name = zc->zc_name;
1455 boolean_t unload_wkey = B_TRUE;
1456
1457 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1458 zc->zc_iflags, &config)))
1459 return (error);
1460
1461 if (zc->zc_nvlist_src_size != 0 && (error =
1462 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1463 zc->zc_iflags, &props))) {
1464 nvlist_free(config);
1465 return (error);
1466 }
1467
1468 if (props) {
1469 nvlist_t *nvl = NULL;
1470 nvlist_t *hidden_args = NULL;
1471 uint64_t version = SPA_VERSION;
1472 const char *tname;
1473
1474 (void) nvlist_lookup_uint64(props,
1475 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version);
1476 if (!SPA_VERSION_IS_SUPPORTED(version)) {
1477 error = SET_ERROR(EINVAL);
1478 goto pool_props_bad;
1479 }
1480 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl);
1481 if (nvl) {
1482 error = nvlist_dup(nvl, &rootprops, KM_SLEEP);
1483 if (error != 0)
1484 goto pool_props_bad;
1485 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS);
1486 }
1487
1488 (void) nvlist_lookup_nvlist(props, ZPOOL_HIDDEN_ARGS,
1489 &hidden_args);
1490 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE,
1491 rootprops, hidden_args, &dcp);
1492 if (error != 0)
1493 goto pool_props_bad;
1494 (void) nvlist_remove_all(props, ZPOOL_HIDDEN_ARGS);
1495
1496 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1497 error = zfs_fill_zplprops_root(version, rootprops,
1498 zplprops, NULL);
1499 if (error != 0)
1500 goto pool_props_bad;
1501
1502 if (nvlist_lookup_string(props,
1503 zpool_prop_to_name(ZPOOL_PROP_TNAME), &tname) == 0)
1504 spa_name = tname;
1505 }
1506
1507 error = spa_create(zc->zc_name, config, props, zplprops, dcp);
1508
1509 /*
1510 * Set the remaining root properties
1511 */
1512 if (!error && (error = zfs_set_prop_nvlist(spa_name,
1513 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) {
1514 (void) spa_destroy(spa_name);
1515 unload_wkey = B_FALSE; /* spa_destroy() unloads wrapping keys */
1516 }
1517
1518 pool_props_bad:
1519 nvlist_free(rootprops);
1520 nvlist_free(zplprops);
1521 nvlist_free(config);
1522 nvlist_free(props);
1523 dsl_crypto_params_free(dcp, unload_wkey && !!error);
1524
1525 return (error);
1526 }
1527
1528 static int
zfs_ioc_pool_destroy(zfs_cmd_t * zc)1529 zfs_ioc_pool_destroy(zfs_cmd_t *zc)
1530 {
1531 int error;
1532 zfs_log_history(zc);
1533 error = spa_destroy(zc->zc_name);
1534
1535 return (error);
1536 }
1537
1538 static int
zfs_ioc_pool_import(zfs_cmd_t * zc)1539 zfs_ioc_pool_import(zfs_cmd_t *zc)
1540 {
1541 nvlist_t *config, *props = NULL;
1542 uint64_t guid;
1543 int error;
1544
1545 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1546 zc->zc_iflags, &config)) != 0)
1547 return (error);
1548
1549 if (zc->zc_nvlist_src_size != 0 && (error =
1550 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1551 zc->zc_iflags, &props))) {
1552 nvlist_free(config);
1553 return (error);
1554 }
1555
1556 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 ||
1557 guid != zc->zc_guid)
1558 error = SET_ERROR(EINVAL);
1559 else
1560 error = spa_import(zc->zc_name, config, props, zc->zc_cookie);
1561
1562 if (zc->zc_nvlist_dst != 0) {
1563 int err;
1564
1565 if ((err = put_nvlist(zc, config)) != 0)
1566 error = err;
1567 }
1568
1569 nvlist_free(config);
1570 nvlist_free(props);
1571
1572 return (error);
1573 }
1574
1575 static int
zfs_ioc_pool_export(zfs_cmd_t * zc)1576 zfs_ioc_pool_export(zfs_cmd_t *zc)
1577 {
1578 int error;
1579 boolean_t force = (boolean_t)zc->zc_cookie;
1580 boolean_t hardforce = (boolean_t)zc->zc_guid;
1581
1582 zfs_log_history(zc);
1583 error = spa_export(zc->zc_name, NULL, force, hardforce);
1584
1585 return (error);
1586 }
1587
1588 static int
zfs_ioc_pool_configs(zfs_cmd_t * zc)1589 zfs_ioc_pool_configs(zfs_cmd_t *zc)
1590 {
1591 nvlist_t *configs;
1592 int error;
1593
1594 error = spa_all_configs(&zc->zc_cookie, &configs);
1595 if (error)
1596 return (error);
1597
1598 error = put_nvlist(zc, configs);
1599
1600 nvlist_free(configs);
1601
1602 return (error);
1603 }
1604
1605 /*
1606 * inputs:
1607 * zc_name name of the pool
1608 *
1609 * outputs:
1610 * zc_cookie real errno
1611 * zc_nvlist_dst config nvlist
1612 * zc_nvlist_dst_size size of config nvlist
1613 */
1614 static int
zfs_ioc_pool_stats(zfs_cmd_t * zc)1615 zfs_ioc_pool_stats(zfs_cmd_t *zc)
1616 {
1617 nvlist_t *config;
1618 int error;
1619 int ret = 0;
1620
1621 error = spa_get_stats(zc->zc_name, &config, zc->zc_value,
1622 sizeof (zc->zc_value));
1623
1624 if (config != NULL) {
1625 ret = put_nvlist(zc, config);
1626 nvlist_free(config);
1627
1628 /*
1629 * The config may be present even if 'error' is non-zero.
1630 * In this case we return success, and preserve the real errno
1631 * in 'zc_cookie'.
1632 */
1633 zc->zc_cookie = error;
1634 } else {
1635 ret = error;
1636 }
1637
1638 return (ret);
1639 }
1640
1641 /*
1642 * Try to import the given pool, returning pool stats as appropriate so that
1643 * user land knows which devices are available and overall pool health.
1644 */
1645 static int
zfs_ioc_pool_tryimport(zfs_cmd_t * zc)1646 zfs_ioc_pool_tryimport(zfs_cmd_t *zc)
1647 {
1648 nvlist_t *tryconfig, *config = NULL;
1649 int error;
1650
1651 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1652 zc->zc_iflags, &tryconfig)) != 0)
1653 return (error);
1654
1655 config = spa_tryimport(tryconfig);
1656
1657 nvlist_free(tryconfig);
1658
1659 if (config == NULL)
1660 return (SET_ERROR(EINVAL));
1661
1662 error = put_nvlist(zc, config);
1663 nvlist_free(config);
1664
1665 return (error);
1666 }
1667
1668 /*
1669 * inputs:
1670 * zc_name name of the pool
1671 * zc_cookie scan func (pool_scan_func_t)
1672 * zc_flags scrub pause/resume flag (pool_scrub_cmd_t)
1673 */
1674 static int
zfs_ioc_pool_scan(zfs_cmd_t * zc)1675 zfs_ioc_pool_scan(zfs_cmd_t *zc)
1676 {
1677 spa_t *spa;
1678 int error;
1679
1680 if (zc->zc_flags >= POOL_SCRUB_FLAGS_END)
1681 return (SET_ERROR(EINVAL));
1682
1683 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1684 return (error);
1685
1686 if (zc->zc_flags == POOL_SCRUB_PAUSE)
1687 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1688 else if (zc->zc_cookie == POOL_SCAN_NONE)
1689 error = spa_scan_stop(spa);
1690 else
1691 error = spa_scan(spa, zc->zc_cookie);
1692
1693 spa_close(spa, FTAG);
1694
1695 return (error);
1696 }
1697
1698 /*
1699 * inputs:
1700 * poolname name of the pool
1701 * scan_type scan func (pool_scan_func_t)
1702 * scan_command scrub pause/resume flag (pool_scrub_cmd_t)
1703 */
1704 static const zfs_ioc_key_t zfs_keys_pool_scrub[] = {
1705 {"scan_type", DATA_TYPE_UINT64, 0},
1706 {"scan_command", DATA_TYPE_UINT64, 0},
1707 };
1708
1709 static int
zfs_ioc_pool_scrub(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)1710 zfs_ioc_pool_scrub(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
1711 {
1712 spa_t *spa;
1713 int error;
1714 uint64_t scan_type, scan_cmd;
1715
1716 if (nvlist_lookup_uint64(innvl, "scan_type", &scan_type) != 0)
1717 return (SET_ERROR(EINVAL));
1718 if (nvlist_lookup_uint64(innvl, "scan_command", &scan_cmd) != 0)
1719 return (SET_ERROR(EINVAL));
1720
1721 if (scan_cmd >= POOL_SCRUB_FLAGS_END)
1722 return (SET_ERROR(EINVAL));
1723
1724 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
1725 return (error);
1726
1727 if (scan_cmd == POOL_SCRUB_PAUSE) {
1728 error = spa_scrub_pause_resume(spa, POOL_SCRUB_PAUSE);
1729 } else if (scan_type == POOL_SCAN_NONE) {
1730 error = spa_scan_stop(spa);
1731 } else if (scan_cmd == POOL_SCRUB_FROM_LAST_TXG) {
1732 error = spa_scan_range(spa, scan_type,
1733 spa_get_last_scrubbed_txg(spa), 0);
1734 } else {
1735 error = spa_scan(spa, scan_type);
1736 }
1737
1738 spa_close(spa, FTAG);
1739 return (error);
1740 }
1741
1742 static int
zfs_ioc_pool_freeze(zfs_cmd_t * zc)1743 zfs_ioc_pool_freeze(zfs_cmd_t *zc)
1744 {
1745 spa_t *spa;
1746 int error;
1747
1748 error = spa_open(zc->zc_name, &spa, FTAG);
1749 if (error == 0) {
1750 spa_freeze(spa);
1751 spa_close(spa, FTAG);
1752 }
1753 return (error);
1754 }
1755
1756 static int
zfs_ioc_pool_upgrade(zfs_cmd_t * zc)1757 zfs_ioc_pool_upgrade(zfs_cmd_t *zc)
1758 {
1759 spa_t *spa;
1760 int error;
1761
1762 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1763 return (error);
1764
1765 if (zc->zc_cookie < spa_version(spa) ||
1766 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) {
1767 spa_close(spa, FTAG);
1768 return (SET_ERROR(EINVAL));
1769 }
1770
1771 spa_upgrade(spa, zc->zc_cookie);
1772 spa_close(spa, FTAG);
1773
1774 return (error);
1775 }
1776
1777 static int
zfs_ioc_pool_get_history(zfs_cmd_t * zc)1778 zfs_ioc_pool_get_history(zfs_cmd_t *zc)
1779 {
1780 spa_t *spa;
1781 char *hist_buf;
1782 uint64_t size;
1783 int error;
1784
1785 if ((size = zc->zc_history_len) == 0)
1786 return (SET_ERROR(EINVAL));
1787
1788 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1789 return (error);
1790
1791 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
1792 spa_close(spa, FTAG);
1793 return (SET_ERROR(ENOTSUP));
1794 }
1795
1796 hist_buf = vmem_alloc(size, KM_SLEEP);
1797 if ((error = spa_history_get(spa, &zc->zc_history_offset,
1798 &zc->zc_history_len, hist_buf)) == 0) {
1799 error = ddi_copyout(hist_buf,
1800 (void *)(uintptr_t)zc->zc_history,
1801 zc->zc_history_len, zc->zc_iflags);
1802 }
1803
1804 spa_close(spa, FTAG);
1805 vmem_free(hist_buf, size);
1806 return (error);
1807 }
1808
1809 /*
1810 * inputs:
1811 * zc_nvlist_src nvlist optionally containing ZPOOL_REGUID_GUID
1812 * zc_nvlist_src_size size of the nvlist
1813 */
1814 static int
zfs_ioc_pool_reguid(zfs_cmd_t * zc)1815 zfs_ioc_pool_reguid(zfs_cmd_t *zc)
1816 {
1817 uint64_t *guidp = NULL;
1818 nvlist_t *props = NULL;
1819 spa_t *spa;
1820 uint64_t guid;
1821 int error;
1822
1823 if (zc->zc_nvlist_src_size != 0) {
1824 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
1825 zc->zc_iflags, &props);
1826 if (error != 0)
1827 return (error);
1828
1829 error = nvlist_lookup_uint64(props, ZPOOL_REGUID_GUID, &guid);
1830 if (error == 0)
1831 guidp = &guid;
1832 else if (error == ENOENT)
1833 guidp = NULL;
1834 else
1835 goto out;
1836 }
1837
1838 error = spa_open(zc->zc_name, &spa, FTAG);
1839 if (error == 0) {
1840 error = spa_change_guid(spa, guidp);
1841 spa_close(spa, FTAG);
1842 }
1843
1844 out:
1845 if (props != NULL)
1846 nvlist_free(props);
1847
1848 return (error);
1849 }
1850
1851 static int
zfs_ioc_dsobj_to_dsname(zfs_cmd_t * zc)1852 zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc)
1853 {
1854 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value));
1855 }
1856
1857 /*
1858 * inputs:
1859 * zc_name name of filesystem
1860 * zc_obj object to find
1861 *
1862 * outputs:
1863 * zc_value name of object
1864 */
1865 static int
zfs_ioc_obj_to_path(zfs_cmd_t * zc)1866 zfs_ioc_obj_to_path(zfs_cmd_t *zc)
1867 {
1868 objset_t *os;
1869 int error;
1870
1871 /* XXX reading from objset not owned */
1872 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1873 FTAG, &os)) != 0)
1874 return (error);
1875 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1876 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1877 return (SET_ERROR(EINVAL));
1878 }
1879 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value,
1880 sizeof (zc->zc_value));
1881 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1882
1883 return (error);
1884 }
1885
1886 /*
1887 * inputs:
1888 * zc_name name of filesystem
1889 * zc_obj object to find
1890 *
1891 * outputs:
1892 * zc_stat stats on object
1893 * zc_value path to object
1894 */
1895 static int
zfs_ioc_obj_to_stats(zfs_cmd_t * zc)1896 zfs_ioc_obj_to_stats(zfs_cmd_t *zc)
1897 {
1898 objset_t *os;
1899 int error;
1900
1901 /* XXX reading from objset not owned */
1902 if ((error = dmu_objset_hold_flags(zc->zc_name, B_TRUE,
1903 FTAG, &os)) != 0)
1904 return (error);
1905 if (dmu_objset_type(os) != DMU_OST_ZFS) {
1906 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1907 return (SET_ERROR(EINVAL));
1908 }
1909 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value,
1910 sizeof (zc->zc_value));
1911 dmu_objset_rele_flags(os, B_TRUE, FTAG);
1912
1913 return (error);
1914 }
1915
1916 static int
zfs_ioc_vdev_add(zfs_cmd_t * zc)1917 zfs_ioc_vdev_add(zfs_cmd_t *zc)
1918 {
1919 spa_t *spa;
1920 int error;
1921 nvlist_t *config;
1922
1923 error = spa_open(zc->zc_name, &spa, FTAG);
1924 if (error != 0)
1925 return (error);
1926
1927 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
1928 zc->zc_iflags, &config);
1929 if (error == 0) {
1930 error = spa_vdev_add(spa, config, zc->zc_flags);
1931 nvlist_free(config);
1932 }
1933 spa_close(spa, FTAG);
1934 return (error);
1935 }
1936
1937 /*
1938 * inputs:
1939 * zc_name name of the pool
1940 * zc_guid guid of vdev to remove
1941 * zc_cookie cancel removal
1942 */
1943 static int
zfs_ioc_vdev_remove(zfs_cmd_t * zc)1944 zfs_ioc_vdev_remove(zfs_cmd_t *zc)
1945 {
1946 spa_t *spa;
1947 int error;
1948
1949 error = spa_open(zc->zc_name, &spa, FTAG);
1950 if (error != 0)
1951 return (error);
1952 if (zc->zc_cookie != 0) {
1953 error = spa_vdev_remove_cancel(spa);
1954 } else {
1955 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE);
1956 }
1957 spa_close(spa, FTAG);
1958 return (error);
1959 }
1960
1961 static int
zfs_ioc_vdev_set_state(zfs_cmd_t * zc)1962 zfs_ioc_vdev_set_state(zfs_cmd_t *zc)
1963 {
1964 spa_t *spa;
1965 int error;
1966 vdev_state_t newstate = VDEV_STATE_UNKNOWN;
1967
1968 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
1969 return (error);
1970 switch (zc->zc_cookie) {
1971 case VDEV_STATE_ONLINE:
1972 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate);
1973 break;
1974
1975 case VDEV_STATE_OFFLINE:
1976 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj);
1977 break;
1978
1979 case VDEV_STATE_FAULTED:
1980 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1981 zc->zc_obj != VDEV_AUX_EXTERNAL &&
1982 zc->zc_obj != VDEV_AUX_EXTERNAL_PERSIST)
1983 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1984
1985 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj);
1986 break;
1987
1988 case VDEV_STATE_DEGRADED:
1989 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED &&
1990 zc->zc_obj != VDEV_AUX_EXTERNAL)
1991 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED;
1992
1993 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj);
1994 break;
1995
1996 case VDEV_STATE_REMOVED:
1997 error = vdev_remove_wanted(spa, zc->zc_guid);
1998 break;
1999
2000 default:
2001 error = SET_ERROR(EINVAL);
2002 }
2003 zc->zc_cookie = newstate;
2004 spa_close(spa, FTAG);
2005 return (error);
2006 }
2007
2008 static int
zfs_ioc_vdev_attach(zfs_cmd_t * zc)2009 zfs_ioc_vdev_attach(zfs_cmd_t *zc)
2010 {
2011 spa_t *spa;
2012 nvlist_t *config;
2013 int replacing = zc->zc_cookie;
2014 int rebuild = zc->zc_simple;
2015 int error;
2016
2017 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2018 return (error);
2019
2020 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2021 zc->zc_iflags, &config)) == 0) {
2022 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing,
2023 rebuild);
2024 nvlist_free(config);
2025 }
2026
2027 spa_close(spa, FTAG);
2028 return (error);
2029 }
2030
2031 static int
zfs_ioc_vdev_detach(zfs_cmd_t * zc)2032 zfs_ioc_vdev_detach(zfs_cmd_t *zc)
2033 {
2034 spa_t *spa;
2035 int error;
2036
2037 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2038 return (error);
2039
2040 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE);
2041
2042 spa_close(spa, FTAG);
2043 return (error);
2044 }
2045
2046 static int
zfs_ioc_vdev_split(zfs_cmd_t * zc)2047 zfs_ioc_vdev_split(zfs_cmd_t *zc)
2048 {
2049 spa_t *spa;
2050 nvlist_t *config, *props = NULL;
2051 int error;
2052 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT);
2053
2054 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
2055 return (error);
2056
2057 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
2058 zc->zc_iflags, &config))) {
2059 spa_close(spa, FTAG);
2060 return (error);
2061 }
2062
2063 if (zc->zc_nvlist_src_size != 0 && (error =
2064 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2065 zc->zc_iflags, &props))) {
2066 spa_close(spa, FTAG);
2067 nvlist_free(config);
2068 return (error);
2069 }
2070
2071 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp);
2072
2073 spa_close(spa, FTAG);
2074
2075 nvlist_free(config);
2076 nvlist_free(props);
2077
2078 return (error);
2079 }
2080
2081 static int
zfs_ioc_vdev_setpath(zfs_cmd_t * zc)2082 zfs_ioc_vdev_setpath(zfs_cmd_t *zc)
2083 {
2084 spa_t *spa;
2085 const char *path = zc->zc_value;
2086 uint64_t guid = zc->zc_guid;
2087 int error;
2088
2089 error = spa_open(zc->zc_name, &spa, FTAG);
2090 if (error != 0)
2091 return (error);
2092
2093 error = spa_vdev_setpath(spa, guid, path);
2094 spa_close(spa, FTAG);
2095 return (error);
2096 }
2097
2098 static int
zfs_ioc_vdev_setfru(zfs_cmd_t * zc)2099 zfs_ioc_vdev_setfru(zfs_cmd_t *zc)
2100 {
2101 spa_t *spa;
2102 const char *fru = zc->zc_value;
2103 uint64_t guid = zc->zc_guid;
2104 int error;
2105
2106 error = spa_open(zc->zc_name, &spa, FTAG);
2107 if (error != 0)
2108 return (error);
2109
2110 error = spa_vdev_setfru(spa, guid, fru);
2111 spa_close(spa, FTAG);
2112 return (error);
2113 }
2114
2115 static int
zfs_ioc_objset_stats_impl(zfs_cmd_t * zc,objset_t * os)2116 zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os)
2117 {
2118 int error = 0;
2119 nvlist_t *nv;
2120
2121 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2122
2123 if (!zc->zc_simple && zc->zc_nvlist_dst != 0 &&
2124 (error = dsl_prop_get_all(os, &nv)) == 0) {
2125 dmu_objset_stats(os, nv);
2126 /*
2127 * NB: zvol_get_stats() will read the objset contents,
2128 * which we aren't supposed to do with a
2129 * DS_MODE_USER hold, because it could be
2130 * inconsistent. So this is a bit of a workaround...
2131 * XXX reading without owning
2132 */
2133 if (!zc->zc_objset_stats.dds_inconsistent &&
2134 dmu_objset_type(os) == DMU_OST_ZVOL) {
2135 error = zvol_get_stats(os, nv);
2136 if (error == EIO) {
2137 nvlist_free(nv);
2138 return (error);
2139 }
2140 VERIFY0(error);
2141 }
2142 if (error == 0)
2143 error = put_nvlist(zc, nv);
2144 nvlist_free(nv);
2145 }
2146
2147 return (error);
2148 }
2149
2150 /*
2151 * inputs:
2152 * zc_name name of filesystem
2153 * zc_nvlist_dst_size size of buffer for property nvlist
2154 *
2155 * outputs:
2156 * zc_objset_stats stats
2157 * zc_nvlist_dst property nvlist
2158 * zc_nvlist_dst_size size of property nvlist
2159 */
2160 static int
zfs_ioc_objset_stats(zfs_cmd_t * zc)2161 zfs_ioc_objset_stats(zfs_cmd_t *zc)
2162 {
2163 objset_t *os;
2164 int error;
2165
2166 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2167 if (error == 0) {
2168 error = zfs_ioc_objset_stats_impl(zc, os);
2169 dmu_objset_rele(os, FTAG);
2170 }
2171
2172 return (error);
2173 }
2174
2175 /*
2176 * inputs:
2177 * zc_name name of filesystem
2178 * zc_nvlist_dst_size size of buffer for property nvlist
2179 *
2180 * outputs:
2181 * zc_nvlist_dst received property nvlist
2182 * zc_nvlist_dst_size size of received property nvlist
2183 *
2184 * Gets received properties (distinct from local properties on or after
2185 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from
2186 * local property values.
2187 */
2188 static int
zfs_ioc_objset_recvd_props(zfs_cmd_t * zc)2189 zfs_ioc_objset_recvd_props(zfs_cmd_t *zc)
2190 {
2191 int error = 0;
2192 nvlist_t *nv;
2193
2194 /*
2195 * Without this check, we would return local property values if the
2196 * caller has not already received properties on or after
2197 * SPA_VERSION_RECVD_PROPS.
2198 */
2199 if (!dsl_prop_get_hasrecvd(zc->zc_name))
2200 return (SET_ERROR(ENOTSUP));
2201
2202 if (zc->zc_nvlist_dst != 0 &&
2203 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) {
2204 error = put_nvlist(zc, nv);
2205 nvlist_free(nv);
2206 }
2207
2208 return (error);
2209 }
2210
2211 static int
nvl_add_zplprop(objset_t * os,nvlist_t * props,zfs_prop_t prop)2212 nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop)
2213 {
2214 uint64_t value;
2215 int error;
2216
2217 /*
2218 * zfs_get_zplprop() will either find a value or give us
2219 * the default value (if there is one).
2220 */
2221 if ((error = zfs_get_zplprop(os, prop, &value)) != 0)
2222 return (error);
2223 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0);
2224 return (0);
2225 }
2226
2227 /*
2228 * inputs:
2229 * zc_name name of filesystem
2230 * zc_nvlist_dst_size size of buffer for zpl property nvlist
2231 *
2232 * outputs:
2233 * zc_nvlist_dst zpl property nvlist
2234 * zc_nvlist_dst_size size of zpl property nvlist
2235 */
2236 static int
zfs_ioc_objset_zplprops(zfs_cmd_t * zc)2237 zfs_ioc_objset_zplprops(zfs_cmd_t *zc)
2238 {
2239 objset_t *os;
2240 int err;
2241
2242 /* XXX reading without owning */
2243 if ((err = dmu_objset_hold(zc->zc_name, FTAG, &os)))
2244 return (err);
2245
2246 dmu_objset_fast_stat(os, &zc->zc_objset_stats);
2247
2248 /*
2249 * NB: nvl_add_zplprop() will read the objset contents,
2250 * which we aren't supposed to do with a DS_MODE_USER
2251 * hold, because it could be inconsistent.
2252 */
2253 if (zc->zc_nvlist_dst != 0 &&
2254 !zc->zc_objset_stats.dds_inconsistent &&
2255 dmu_objset_type(os) == DMU_OST_ZFS) {
2256 nvlist_t *nv;
2257
2258 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2259 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 &&
2260 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 &&
2261 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 &&
2262 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0)
2263 err = put_nvlist(zc, nv);
2264 nvlist_free(nv);
2265 } else {
2266 err = SET_ERROR(ENOENT);
2267 }
2268 dmu_objset_rele(os, FTAG);
2269 return (err);
2270 }
2271
2272 /*
2273 * inputs:
2274 * zc_name name of filesystem
2275 * zc_cookie zap cursor
2276 * zc_nvlist_dst_size size of buffer for property nvlist
2277 *
2278 * outputs:
2279 * zc_name name of next filesystem
2280 * zc_cookie zap cursor
2281 * zc_objset_stats stats
2282 * zc_nvlist_dst property nvlist
2283 * zc_nvlist_dst_size size of property nvlist
2284 */
2285 static int
zfs_ioc_dataset_list_next(zfs_cmd_t * zc)2286 zfs_ioc_dataset_list_next(zfs_cmd_t *zc)
2287 {
2288 objset_t *os;
2289 int error;
2290 char *p;
2291 size_t orig_len = strlen(zc->zc_name);
2292
2293 top:
2294 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os))) {
2295 if (error == ENOENT)
2296 error = SET_ERROR(ESRCH);
2297 return (error);
2298 }
2299
2300 p = strrchr(zc->zc_name, '/');
2301 if (p == NULL || p[1] != '\0')
2302 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name));
2303 p = zc->zc_name + strlen(zc->zc_name);
2304
2305 do {
2306 error = dmu_dir_list_next(os,
2307 sizeof (zc->zc_name) - (p - zc->zc_name), p,
2308 NULL, &zc->zc_cookie);
2309 if (error == ENOENT)
2310 error = SET_ERROR(ESRCH);
2311 } while (error == 0 && zfs_dataset_name_hidden(zc->zc_name));
2312 dmu_objset_rele(os, FTAG);
2313
2314 /*
2315 * If it's an internal dataset (ie. with a '$' in its name),
2316 * don't try to get stats for it, otherwise we'll return ENOENT.
2317 */
2318 if (error == 0 && strchr(zc->zc_name, '$') == NULL) {
2319 error = zfs_ioc_objset_stats(zc); /* fill in the stats */
2320 if (error == ENOENT) {
2321 /* We lost a race with destroy, get the next one. */
2322 zc->zc_name[orig_len] = '\0';
2323 goto top;
2324 }
2325 }
2326 return (error);
2327 }
2328
2329 /*
2330 * inputs:
2331 * zc_name name of filesystem
2332 * zc_cookie zap cursor
2333 * zc_nvlist_src iteration range nvlist
2334 * zc_nvlist_src_size size of iteration range nvlist
2335 *
2336 * outputs:
2337 * zc_name name of next snapshot
2338 * zc_objset_stats stats
2339 * zc_nvlist_dst property nvlist
2340 * zc_nvlist_dst_size size of property nvlist
2341 */
2342 static int
zfs_ioc_snapshot_list_next(zfs_cmd_t * zc)2343 zfs_ioc_snapshot_list_next(zfs_cmd_t *zc)
2344 {
2345 int error;
2346 objset_t *os, *ossnap;
2347 dsl_dataset_t *ds;
2348 uint64_t min_txg = 0, max_txg = 0;
2349
2350 if (zc->zc_nvlist_src_size != 0) {
2351 nvlist_t *props = NULL;
2352 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2353 zc->zc_iflags, &props);
2354 if (error != 0)
2355 return (error);
2356 (void) nvlist_lookup_uint64(props, SNAP_ITER_MIN_TXG,
2357 &min_txg);
2358 (void) nvlist_lookup_uint64(props, SNAP_ITER_MAX_TXG,
2359 &max_txg);
2360 nvlist_free(props);
2361 }
2362
2363 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
2364 if (error != 0) {
2365 return (error == ENOENT ? SET_ERROR(ESRCH) : error);
2366 }
2367
2368 /*
2369 * A dataset name of maximum length cannot have any snapshots,
2370 * so exit immediately.
2371 */
2372 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >=
2373 ZFS_MAX_DATASET_NAME_LEN) {
2374 dmu_objset_rele(os, FTAG);
2375 return (SET_ERROR(ESRCH));
2376 }
2377
2378 while (error == 0) {
2379 if (issig()) {
2380 error = SET_ERROR(EINTR);
2381 break;
2382 }
2383
2384 error = dmu_snapshot_list_next(os,
2385 sizeof (zc->zc_name) - strlen(zc->zc_name),
2386 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj,
2387 &zc->zc_cookie, NULL);
2388 if (error == ENOENT) {
2389 error = SET_ERROR(ESRCH);
2390 break;
2391 } else if (error != 0) {
2392 break;
2393 }
2394
2395 error = dsl_dataset_hold_obj(dmu_objset_pool(os), zc->zc_obj,
2396 FTAG, &ds);
2397 if (error != 0)
2398 break;
2399
2400 if ((min_txg != 0 && dsl_get_creationtxg(ds) < min_txg) ||
2401 (max_txg != 0 && dsl_get_creationtxg(ds) > max_txg)) {
2402 dsl_dataset_rele(ds, FTAG);
2403 /* undo snapshot name append */
2404 *(strchr(zc->zc_name, '@') + 1) = '\0';
2405 /* skip snapshot */
2406 continue;
2407 }
2408
2409 if (zc->zc_simple) {
2410 dsl_dataset_fast_stat(ds, &zc->zc_objset_stats);
2411 dsl_dataset_rele(ds, FTAG);
2412 break;
2413 }
2414
2415 if ((error = dmu_objset_from_ds(ds, &ossnap)) != 0) {
2416 dsl_dataset_rele(ds, FTAG);
2417 break;
2418 }
2419 if ((error = zfs_ioc_objset_stats_impl(zc, ossnap)) != 0) {
2420 dsl_dataset_rele(ds, FTAG);
2421 break;
2422 }
2423 dsl_dataset_rele(ds, FTAG);
2424 break;
2425 }
2426
2427 dmu_objset_rele(os, FTAG);
2428 /* if we failed, undo the @ that we tacked on to zc_name */
2429 if (error != 0)
2430 *strchr(zc->zc_name, '@') = '\0';
2431 return (error);
2432 }
2433
2434 static int
zfs_prop_set_userquota(const char * dsname,nvpair_t * pair)2435 zfs_prop_set_userquota(const char *dsname, nvpair_t *pair)
2436 {
2437 const char *propname = nvpair_name(pair);
2438 uint64_t *valary;
2439 unsigned int vallen;
2440 const char *dash, *domain;
2441 zfs_userquota_prop_t type;
2442 uint64_t rid;
2443 uint64_t quota;
2444 zfsvfs_t *zfsvfs;
2445 int err;
2446
2447 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2448 nvlist_t *attrs;
2449 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2450 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2451 &pair) != 0)
2452 return (SET_ERROR(EINVAL));
2453 }
2454
2455 /*
2456 * A correctly constructed propname is encoded as
2457 * userquota@<rid>-<domain>.
2458 */
2459 if ((dash = strchr(propname, '-')) == NULL ||
2460 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 ||
2461 vallen != 3)
2462 return (SET_ERROR(EINVAL));
2463
2464 domain = dash + 1;
2465 type = valary[0];
2466 rid = valary[1];
2467 quota = valary[2];
2468
2469 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE);
2470 if (err == 0) {
2471 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota);
2472 zfsvfs_rele(zfsvfs, FTAG);
2473 }
2474
2475 return (err);
2476 }
2477
2478 /*
2479 * If the named property is one that has a special function to set its value,
2480 * return 0 on success and a positive error code on failure; otherwise if it is
2481 * not one of the special properties handled by this function, return -1.
2482 *
2483 * XXX: It would be better for callers of the property interface if we handled
2484 * these special cases in dsl_prop.c (in the dsl layer).
2485 */
2486 static int
zfs_prop_set_special(const char * dsname,zprop_source_t source,nvpair_t * pair)2487 zfs_prop_set_special(const char *dsname, zprop_source_t source,
2488 nvpair_t *pair)
2489 {
2490 const char *propname = nvpair_name(pair);
2491 zfs_prop_t prop = zfs_name_to_prop(propname);
2492 uint64_t intval = 0;
2493 const char *strval = NULL;
2494 int err = -1;
2495
2496 if (prop == ZPROP_USERPROP) {
2497 if (zfs_prop_userquota(propname))
2498 return (zfs_prop_set_userquota(dsname, pair));
2499 return (-1);
2500 }
2501
2502 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2503 nvlist_t *attrs;
2504 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
2505 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2506 &pair) == 0);
2507 }
2508
2509 /* all special properties are numeric except for keylocation */
2510 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
2511 strval = fnvpair_value_string(pair);
2512 } else {
2513 intval = fnvpair_value_uint64(pair);
2514 }
2515
2516 switch (prop) {
2517 case ZFS_PROP_QUOTA:
2518 err = dsl_dir_set_quota(dsname, source, intval);
2519 break;
2520 case ZFS_PROP_REFQUOTA:
2521 err = dsl_dataset_set_refquota(dsname, source, intval);
2522 break;
2523 case ZFS_PROP_FILESYSTEM_LIMIT:
2524 case ZFS_PROP_SNAPSHOT_LIMIT:
2525 if (intval == UINT64_MAX) {
2526 /* clearing the limit, just do it */
2527 err = 0;
2528 } else {
2529 err = dsl_dir_activate_fs_ss_limit(dsname);
2530 }
2531 /*
2532 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2533 * default path to set the value in the nvlist.
2534 */
2535 if (err == 0)
2536 err = -1;
2537 break;
2538 case ZFS_PROP_KEYLOCATION:
2539 err = dsl_crypto_can_set_keylocation(dsname, strval);
2540
2541 /*
2542 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2543 * default path to set the value in the nvlist.
2544 */
2545 if (err == 0)
2546 err = -1;
2547 break;
2548 case ZFS_PROP_RESERVATION:
2549 err = dsl_dir_set_reservation(dsname, source, intval);
2550 break;
2551 case ZFS_PROP_REFRESERVATION:
2552 err = dsl_dataset_set_refreservation(dsname, source, intval);
2553 break;
2554 case ZFS_PROP_COMPRESSION:
2555 err = dsl_dataset_set_compression(dsname, source, intval);
2556 /*
2557 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2558 * default path to set the value in the nvlist.
2559 */
2560 if (err == 0)
2561 err = -1;
2562 break;
2563 case ZFS_PROP_VOLSIZE:
2564 err = zvol_set_volsize(dsname, intval);
2565 break;
2566 case ZFS_PROP_VOLTHREADING:
2567 err = zvol_set_volthreading(dsname, intval);
2568 /*
2569 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2570 * default path to set the value in the nvlist.
2571 */
2572 if (err == 0)
2573 err = -1;
2574 break;
2575 case ZFS_PROP_SNAPDEV:
2576 case ZFS_PROP_VOLMODE:
2577 err = zvol_set_common(dsname, prop, source, intval);
2578 break;
2579 case ZFS_PROP_READONLY:
2580 err = zvol_set_ro(dsname, intval);
2581 /*
2582 * Set err to -1 to force the zfs_set_prop_nvlist code down the
2583 * default path to set the value in the nvlist.
2584 */
2585 if (err == 0)
2586 err = -1;
2587 break;
2588 case ZFS_PROP_VERSION:
2589 {
2590 zfsvfs_t *zfsvfs;
2591
2592 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0)
2593 break;
2594
2595 err = zfs_set_version(zfsvfs, intval);
2596 zfsvfs_rele(zfsvfs, FTAG);
2597
2598 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) {
2599 zfs_cmd_t *zc;
2600
2601 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP);
2602 (void) strlcpy(zc->zc_name, dsname,
2603 sizeof (zc->zc_name));
2604 (void) zfs_ioc_userspace_upgrade(zc);
2605 (void) zfs_ioc_id_quota_upgrade(zc);
2606 kmem_free(zc, sizeof (zfs_cmd_t));
2607 }
2608 break;
2609 }
2610 case ZFS_PROP_LONGNAME:
2611 {
2612 zfsvfs_t *zfsvfs;
2613
2614 /*
2615 * Ignore the checks if the property is being applied as part of
2616 * 'zfs receive'. Because, we already check if the local pool
2617 * has SPA_FEATURE_LONGNAME enabled in dmu_recv_begin_check().
2618 */
2619 if (source == ZPROP_SRC_RECEIVED) {
2620 cmn_err(CE_NOTE, "Skipping ZFS_PROP_LONGNAME checks "
2621 "for dsname=%s\n", dsname);
2622 err = -1;
2623 break;
2624 }
2625
2626 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE)) != 0) {
2627 cmn_err(CE_WARN, "%s:%d Failed to hold for dsname=%s "
2628 "err=%d\n", __FILE__, __LINE__, dsname, err);
2629 break;
2630 }
2631
2632 if (!spa_feature_is_enabled(zfsvfs->z_os->os_spa,
2633 SPA_FEATURE_LONGNAME)) {
2634 err = ENOTSUP;
2635 } else {
2636 /*
2637 * Set err to -1 to force the zfs_set_prop_nvlist code
2638 * down the default path to set the value in the nvlist.
2639 */
2640 err = -1;
2641 }
2642 zfsvfs_rele(zfsvfs, FTAG);
2643 break;
2644 }
2645 default:
2646 err = -1;
2647 }
2648
2649 return (err);
2650 }
2651
2652 static boolean_t
zfs_is_namespace_prop(zfs_prop_t prop)2653 zfs_is_namespace_prop(zfs_prop_t prop)
2654 {
2655 switch (prop) {
2656
2657 case ZFS_PROP_ATIME:
2658 case ZFS_PROP_RELATIME:
2659 case ZFS_PROP_DEVICES:
2660 case ZFS_PROP_EXEC:
2661 case ZFS_PROP_SETUID:
2662 case ZFS_PROP_READONLY:
2663 case ZFS_PROP_XATTR:
2664 case ZFS_PROP_NBMAND:
2665 return (B_TRUE);
2666
2667 default:
2668 return (B_FALSE);
2669 }
2670 }
2671
2672 /*
2673 * This function is best effort. If it fails to set any of the given properties,
2674 * it continues to set as many as it can and returns the last error
2675 * encountered. If the caller provides a non-NULL errlist, it will be filled in
2676 * with the list of names of all the properties that failed along with the
2677 * corresponding error numbers.
2678 *
2679 * If every property is set successfully, zero is returned and errlist is not
2680 * modified.
2681 */
2682 int
zfs_set_prop_nvlist(const char * dsname,zprop_source_t source,nvlist_t * nvl,nvlist_t * errlist)2683 zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl,
2684 nvlist_t *errlist)
2685 {
2686 nvpair_t *pair;
2687 nvpair_t *propval;
2688 int rv = 0;
2689 int err;
2690 uint64_t intval;
2691 const char *strval;
2692 boolean_t should_update_mount_cache = B_FALSE;
2693
2694 nvlist_t *genericnvl = fnvlist_alloc();
2695 nvlist_t *retrynvl = fnvlist_alloc();
2696 retry:
2697 pair = NULL;
2698 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2699 const char *propname = nvpair_name(pair);
2700 zfs_prop_t prop = zfs_name_to_prop(propname);
2701 err = 0;
2702
2703 /* decode the property value */
2704 propval = pair;
2705 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2706 nvlist_t *attrs;
2707 attrs = fnvpair_value_nvlist(pair);
2708 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
2709 &propval) != 0)
2710 err = SET_ERROR(EINVAL);
2711 }
2712
2713 /* Validate value type */
2714 if (err == 0 && source == ZPROP_SRC_INHERITED) {
2715 /* inherited properties are expected to be booleans */
2716 if (nvpair_type(propval) != DATA_TYPE_BOOLEAN)
2717 err = SET_ERROR(EINVAL);
2718 } else if (err == 0 && prop == ZPROP_USERPROP) {
2719 if (zfs_prop_user(propname)) {
2720 if (nvpair_type(propval) != DATA_TYPE_STRING)
2721 err = SET_ERROR(EINVAL);
2722 } else if (zfs_prop_userquota(propname)) {
2723 if (nvpair_type(propval) !=
2724 DATA_TYPE_UINT64_ARRAY)
2725 err = SET_ERROR(EINVAL);
2726 } else {
2727 err = SET_ERROR(EINVAL);
2728 }
2729 } else if (err == 0) {
2730 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2731 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING)
2732 err = SET_ERROR(EINVAL);
2733 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) {
2734 const char *unused;
2735
2736 intval = fnvpair_value_uint64(propval);
2737
2738 switch (zfs_prop_get_type(prop)) {
2739 case PROP_TYPE_NUMBER:
2740 break;
2741 case PROP_TYPE_STRING:
2742 err = SET_ERROR(EINVAL);
2743 break;
2744 case PROP_TYPE_INDEX:
2745 if (zfs_prop_index_to_string(prop,
2746 intval, &unused) != 0)
2747 err =
2748 SET_ERROR(ZFS_ERR_BADPROP);
2749 break;
2750 default:
2751 cmn_err(CE_PANIC,
2752 "unknown property type");
2753 }
2754 } else {
2755 err = SET_ERROR(EINVAL);
2756 }
2757 }
2758
2759 /* Validate permissions */
2760 if (err == 0)
2761 err = zfs_check_settable(dsname, pair, CRED());
2762
2763 if (err == 0) {
2764 if (source == ZPROP_SRC_INHERITED)
2765 err = -1; /* does not need special handling */
2766 else
2767 err = zfs_prop_set_special(dsname, source,
2768 pair);
2769 if (err == -1) {
2770 /*
2771 * For better performance we build up a list of
2772 * properties to set in a single transaction.
2773 */
2774 err = nvlist_add_nvpair(genericnvl, pair);
2775 } else if (err != 0 && nvl != retrynvl) {
2776 /*
2777 * This may be a spurious error caused by
2778 * receiving quota and reservation out of order.
2779 * Try again in a second pass.
2780 */
2781 err = nvlist_add_nvpair(retrynvl, pair);
2782 }
2783 }
2784
2785 if (err != 0) {
2786 if (errlist != NULL)
2787 fnvlist_add_int32(errlist, propname, err);
2788 rv = err;
2789 }
2790
2791 if (zfs_is_namespace_prop(prop))
2792 should_update_mount_cache = B_TRUE;
2793 }
2794
2795 if (nvl != retrynvl && !nvlist_empty(retrynvl)) {
2796 nvl = retrynvl;
2797 goto retry;
2798 }
2799
2800 if (nvlist_empty(genericnvl))
2801 goto out;
2802
2803 /*
2804 * Try to set them all in one batch.
2805 */
2806 err = dsl_props_set(dsname, source, genericnvl);
2807 if (err == 0)
2808 goto out;
2809
2810 /*
2811 * If batching fails, we still want to set as many properties as we
2812 * can, so try setting them individually.
2813 */
2814 pair = NULL;
2815 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) {
2816 const char *propname = nvpair_name(pair);
2817
2818 propval = pair;
2819 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
2820 nvlist_t *attrs;
2821 attrs = fnvpair_value_nvlist(pair);
2822 propval = fnvlist_lookup_nvpair(attrs, ZPROP_VALUE);
2823 }
2824
2825 if (nvpair_type(propval) == DATA_TYPE_STRING) {
2826 strval = fnvpair_value_string(propval);
2827 err = dsl_prop_set_string(dsname, propname,
2828 source, strval);
2829 } else if (nvpair_type(propval) == DATA_TYPE_BOOLEAN) {
2830 err = dsl_prop_inherit(dsname, propname, source);
2831 } else {
2832 intval = fnvpair_value_uint64(propval);
2833 err = dsl_prop_set_int(dsname, propname, source,
2834 intval);
2835 }
2836
2837 if (err != 0) {
2838 if (errlist != NULL) {
2839 fnvlist_add_int32(errlist, propname, err);
2840 }
2841 rv = err;
2842 }
2843 }
2844
2845 out:
2846 if (should_update_mount_cache)
2847 zfs_ioctl_update_mount_cache(dsname);
2848
2849 nvlist_free(genericnvl);
2850 nvlist_free(retrynvl);
2851
2852 return (rv);
2853 }
2854
2855 /*
2856 * Check that all the properties are valid user properties.
2857 */
2858 static int
zfs_check_userprops(nvlist_t * nvl)2859 zfs_check_userprops(nvlist_t *nvl)
2860 {
2861 nvpair_t *pair = NULL;
2862
2863 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) {
2864 const char *propname = nvpair_name(pair);
2865
2866 if (!zfs_prop_user(propname) ||
2867 nvpair_type(pair) != DATA_TYPE_STRING)
2868 return (SET_ERROR(EINVAL));
2869
2870 if (strlen(propname) >= ZAP_MAXNAMELEN)
2871 return (SET_ERROR(ENAMETOOLONG));
2872
2873 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN)
2874 return (SET_ERROR(E2BIG));
2875 }
2876 return (0);
2877 }
2878
2879 static void
props_skip(nvlist_t * props,nvlist_t * skipped,nvlist_t ** newprops)2880 props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops)
2881 {
2882 nvpair_t *pair;
2883
2884 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
2885
2886 pair = NULL;
2887 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) {
2888 if (nvlist_exists(skipped, nvpair_name(pair)))
2889 continue;
2890
2891 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0);
2892 }
2893 }
2894
2895 static int
clear_received_props(const char * dsname,nvlist_t * props,nvlist_t * skipped)2896 clear_received_props(const char *dsname, nvlist_t *props,
2897 nvlist_t *skipped)
2898 {
2899 int err = 0;
2900 nvlist_t *cleared_props = NULL;
2901 props_skip(props, skipped, &cleared_props);
2902 if (!nvlist_empty(cleared_props)) {
2903 /*
2904 * Acts on local properties until the dataset has received
2905 * properties at least once on or after SPA_VERSION_RECVD_PROPS.
2906 */
2907 zprop_source_t flags = (ZPROP_SRC_NONE |
2908 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0));
2909 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL);
2910 }
2911 nvlist_free(cleared_props);
2912 return (err);
2913 }
2914
2915 /*
2916 * inputs:
2917 * zc_name name of filesystem
2918 * zc_value name of property to set
2919 * zc_nvlist_src{_size} nvlist of properties to apply
2920 * zc_cookie received properties flag
2921 *
2922 * outputs:
2923 * zc_nvlist_dst{_size} error for each unapplied received property
2924 */
2925 static int
zfs_ioc_set_prop(zfs_cmd_t * zc)2926 zfs_ioc_set_prop(zfs_cmd_t *zc)
2927 {
2928 nvlist_t *nvl;
2929 boolean_t received = zc->zc_cookie;
2930 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED :
2931 ZPROP_SRC_LOCAL);
2932 nvlist_t *errors;
2933 int error;
2934
2935 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
2936 zc->zc_iflags, &nvl)) != 0)
2937 return (error);
2938
2939 if (received) {
2940 nvlist_t *origprops;
2941
2942 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) {
2943 (void) clear_received_props(zc->zc_name,
2944 origprops, nvl);
2945 nvlist_free(origprops);
2946 }
2947
2948 error = dsl_prop_set_hasrecvd(zc->zc_name);
2949 }
2950
2951 errors = fnvlist_alloc();
2952 if (error == 0)
2953 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors);
2954
2955 if (zc->zc_nvlist_dst != 0 && errors != NULL) {
2956 (void) put_nvlist(zc, errors);
2957 }
2958
2959 nvlist_free(errors);
2960 nvlist_free(nvl);
2961 return (error);
2962 }
2963
2964 /*
2965 * inputs:
2966 * zc_name name of filesystem
2967 * zc_value name of property to inherit
2968 * zc_cookie revert to received value if TRUE
2969 *
2970 * outputs: none
2971 */
2972 static int
zfs_ioc_inherit_prop(zfs_cmd_t * zc)2973 zfs_ioc_inherit_prop(zfs_cmd_t *zc)
2974 {
2975 const char *propname = zc->zc_value;
2976 zfs_prop_t prop = zfs_name_to_prop(propname);
2977 boolean_t received = zc->zc_cookie;
2978 zprop_source_t source = (received
2979 ? ZPROP_SRC_NONE /* revert to received value, if any */
2980 : ZPROP_SRC_INHERITED); /* explicitly inherit */
2981 nvlist_t *dummy;
2982 nvpair_t *pair;
2983 zprop_type_t type;
2984 int err;
2985
2986 if (!received) {
2987 /*
2988 * Only check this in the non-received case. We want to allow
2989 * 'inherit -S' to revert non-inheritable properties like quota
2990 * and reservation to the received or default values even though
2991 * they are not considered inheritable.
2992 */
2993 if (prop != ZPROP_USERPROP && !zfs_prop_inheritable(prop))
2994 return (SET_ERROR(EINVAL));
2995 }
2996
2997 if (prop == ZPROP_USERPROP) {
2998 if (!zfs_prop_user(propname))
2999 return (SET_ERROR(EINVAL));
3000
3001 type = PROP_TYPE_STRING;
3002 } else if (prop == ZFS_PROP_VOLSIZE || prop == ZFS_PROP_VERSION) {
3003 return (SET_ERROR(EINVAL));
3004 } else {
3005 type = zfs_prop_get_type(prop);
3006 }
3007
3008 /*
3009 * zfs_prop_set_special() expects properties in the form of an
3010 * nvpair with type info.
3011 */
3012 dummy = fnvlist_alloc();
3013
3014 switch (type) {
3015 case PROP_TYPE_STRING:
3016 VERIFY(0 == nvlist_add_string(dummy, propname, ""));
3017 break;
3018 case PROP_TYPE_NUMBER:
3019 case PROP_TYPE_INDEX:
3020 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0));
3021 break;
3022 default:
3023 err = SET_ERROR(EINVAL);
3024 goto errout;
3025 }
3026
3027 pair = nvlist_next_nvpair(dummy, NULL);
3028 if (pair == NULL) {
3029 err = SET_ERROR(EINVAL);
3030 } else {
3031 err = zfs_prop_set_special(zc->zc_name, source, pair);
3032 if (err == -1) /* property is not "special", needs handling */
3033 err = dsl_prop_inherit(zc->zc_name, zc->zc_value,
3034 source);
3035 }
3036
3037 errout:
3038 nvlist_free(dummy);
3039 return (err);
3040 }
3041
3042 static int
zfs_ioc_pool_set_props(zfs_cmd_t * zc)3043 zfs_ioc_pool_set_props(zfs_cmd_t *zc)
3044 {
3045 nvlist_t *props;
3046 spa_t *spa;
3047 int error;
3048 nvpair_t *pair;
3049
3050 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3051 zc->zc_iflags, &props)))
3052 return (error);
3053
3054 /*
3055 * If the only property is the configfile, then just do a spa_lookup()
3056 * to handle the faulted case.
3057 */
3058 pair = nvlist_next_nvpair(props, NULL);
3059 if (pair != NULL && strcmp(nvpair_name(pair),
3060 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 &&
3061 nvlist_next_nvpair(props, pair) == NULL) {
3062 mutex_enter(&spa_namespace_lock);
3063 if ((spa = spa_lookup(zc->zc_name)) != NULL) {
3064 spa_configfile_set(spa, props, B_FALSE);
3065 spa_write_cachefile(spa, B_FALSE, B_TRUE, B_FALSE);
3066 }
3067 mutex_exit(&spa_namespace_lock);
3068 if (spa != NULL) {
3069 nvlist_free(props);
3070 return (0);
3071 }
3072 }
3073
3074 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) {
3075 nvlist_free(props);
3076 return (error);
3077 }
3078
3079 error = spa_prop_set(spa, props);
3080
3081 nvlist_free(props);
3082 spa_close(spa, FTAG);
3083
3084 return (error);
3085 }
3086
3087 /*
3088 * innvl: {
3089 * "get_props_names": [ "prop1", "prop2", ..., "propN" ]
3090 * }
3091 */
3092
3093 static const zfs_ioc_key_t zfs_keys_get_props[] = {
3094 { ZPOOL_GET_PROPS_NAMES, DATA_TYPE_STRING_ARRAY, ZK_OPTIONAL },
3095 };
3096
3097 static int
zfs_ioc_pool_get_props(const char * pool,nvlist_t * innvl,nvlist_t * outnvl)3098 zfs_ioc_pool_get_props(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
3099 {
3100 spa_t *spa;
3101 char **props = NULL;
3102 unsigned int n_props = 0;
3103 int error;
3104
3105 if (nvlist_lookup_string_array(innvl, ZPOOL_GET_PROPS_NAMES,
3106 &props, &n_props) != 0) {
3107 props = NULL;
3108 }
3109
3110 if ((error = spa_open(pool, &spa, FTAG)) != 0) {
3111 /*
3112 * If the pool is faulted, there may be properties we can still
3113 * get (such as altroot and cachefile), so attempt to get them
3114 * anyway.
3115 */
3116 mutex_enter(&spa_namespace_lock);
3117 if ((spa = spa_lookup(pool)) != NULL) {
3118 error = spa_prop_get(spa, outnvl);
3119 if (error == 0 && props != NULL)
3120 error = spa_prop_get_nvlist(spa, props, n_props,
3121 outnvl);
3122 }
3123 mutex_exit(&spa_namespace_lock);
3124 } else {
3125 error = spa_prop_get(spa, outnvl);
3126 if (error == 0 && props != NULL)
3127 error = spa_prop_get_nvlist(spa, props, n_props,
3128 outnvl);
3129 spa_close(spa, FTAG);
3130 }
3131
3132 return (error);
3133 }
3134
3135 /*
3136 * innvl: {
3137 * "vdevprops_set_vdev" -> guid
3138 * "vdevprops_set_props" -> { prop -> value }
3139 * }
3140 *
3141 * outnvl: propname -> error code (int32)
3142 */
3143 static const zfs_ioc_key_t zfs_keys_vdev_set_props[] = {
3144 {ZPOOL_VDEV_PROPS_SET_VDEV, DATA_TYPE_UINT64, 0},
3145 {ZPOOL_VDEV_PROPS_SET_PROPS, DATA_TYPE_NVLIST, 0}
3146 };
3147
3148 static int
zfs_ioc_vdev_set_props(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3149 zfs_ioc_vdev_set_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3150 {
3151 spa_t *spa;
3152 int error;
3153 vdev_t *vd;
3154 uint64_t vdev_guid;
3155
3156 /* Early validation */
3157 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_SET_VDEV,
3158 &vdev_guid) != 0)
3159 return (SET_ERROR(EINVAL));
3160
3161 if (outnvl == NULL)
3162 return (SET_ERROR(EINVAL));
3163
3164 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3165 return (error);
3166
3167 ASSERT(spa_writeable(spa));
3168
3169 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3170 spa_close(spa, FTAG);
3171 return (SET_ERROR(ENOENT));
3172 }
3173
3174 error = vdev_prop_set(vd, innvl, outnvl);
3175
3176 spa_close(spa, FTAG);
3177
3178 return (error);
3179 }
3180
3181 /*
3182 * innvl: {
3183 * "vdevprops_get_vdev" -> guid
3184 * (optional) "vdevprops_get_props" -> { propname -> propid }
3185 * }
3186 *
3187 * outnvl: propname -> value
3188 */
3189 static const zfs_ioc_key_t zfs_keys_vdev_get_props[] = {
3190 {ZPOOL_VDEV_PROPS_GET_VDEV, DATA_TYPE_UINT64, 0},
3191 {ZPOOL_VDEV_PROPS_GET_PROPS, DATA_TYPE_NVLIST, ZK_OPTIONAL}
3192 };
3193
3194 static int
zfs_ioc_vdev_get_props(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3195 zfs_ioc_vdev_get_props(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3196 {
3197 spa_t *spa;
3198 int error;
3199 vdev_t *vd;
3200 uint64_t vdev_guid;
3201
3202 /* Early validation */
3203 if (nvlist_lookup_uint64(innvl, ZPOOL_VDEV_PROPS_GET_VDEV,
3204 &vdev_guid) != 0)
3205 return (SET_ERROR(EINVAL));
3206
3207 if (outnvl == NULL)
3208 return (SET_ERROR(EINVAL));
3209
3210 if ((error = spa_open(poolname, &spa, FTAG)) != 0)
3211 return (error);
3212
3213 if ((vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE)) == NULL) {
3214 spa_close(spa, FTAG);
3215 return (SET_ERROR(ENOENT));
3216 }
3217
3218 error = vdev_prop_get(vd, innvl, outnvl);
3219
3220 spa_close(spa, FTAG);
3221
3222 return (error);
3223 }
3224
3225 /*
3226 * inputs:
3227 * zc_name name of filesystem
3228 * zc_nvlist_src{_size} nvlist of delegated permissions
3229 * zc_perm_action allow/unallow flag
3230 *
3231 * outputs: none
3232 */
3233 static int
zfs_ioc_set_fsacl(zfs_cmd_t * zc)3234 zfs_ioc_set_fsacl(zfs_cmd_t *zc)
3235 {
3236 int error;
3237 nvlist_t *fsaclnv = NULL;
3238
3239 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
3240 zc->zc_iflags, &fsaclnv)) != 0)
3241 return (error);
3242
3243 /*
3244 * Verify nvlist is constructed correctly
3245 */
3246 if (zfs_deleg_verify_nvlist(fsaclnv) != 0) {
3247 nvlist_free(fsaclnv);
3248 return (SET_ERROR(EINVAL));
3249 }
3250
3251 /*
3252 * If we don't have PRIV_SYS_MOUNT, then validate
3253 * that user is allowed to hand out each permission in
3254 * the nvlist(s)
3255 */
3256
3257 error = secpolicy_zfs(CRED());
3258 if (error != 0) {
3259 if (zc->zc_perm_action == B_FALSE) {
3260 error = dsl_deleg_can_allow(zc->zc_name,
3261 fsaclnv, CRED());
3262 } else {
3263 error = dsl_deleg_can_unallow(zc->zc_name,
3264 fsaclnv, CRED());
3265 }
3266 }
3267
3268 if (error == 0)
3269 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action);
3270
3271 nvlist_free(fsaclnv);
3272 return (error);
3273 }
3274
3275 /*
3276 * inputs:
3277 * zc_name name of filesystem
3278 *
3279 * outputs:
3280 * zc_nvlist_src{_size} nvlist of delegated permissions
3281 */
3282 static int
zfs_ioc_get_fsacl(zfs_cmd_t * zc)3283 zfs_ioc_get_fsacl(zfs_cmd_t *zc)
3284 {
3285 nvlist_t *nvp;
3286 int error;
3287
3288 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) {
3289 error = put_nvlist(zc, nvp);
3290 nvlist_free(nvp);
3291 }
3292
3293 return (error);
3294 }
3295
3296 static void
zfs_create_cb(objset_t * os,void * arg,cred_t * cr,dmu_tx_t * tx)3297 zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx)
3298 {
3299 zfs_creat_t *zct = arg;
3300
3301 zfs_create_fs(os, cr, zct->zct_zplprops, tx);
3302 }
3303
3304 #define ZFS_PROP_UNDEFINED ((uint64_t)-1)
3305
3306 /*
3307 * inputs:
3308 * os parent objset pointer (NULL if root fs)
3309 * fuids_ok fuids allowed in this version of the spa?
3310 * sa_ok SAs allowed in this version of the spa?
3311 * createprops list of properties requested by creator
3312 *
3313 * outputs:
3314 * zplprops values for the zplprops we attach to the master node object
3315 * is_ci true if requested file system will be purely case-insensitive
3316 *
3317 * Determine the settings for utf8only, normalization and
3318 * casesensitivity. Specific values may have been requested by the
3319 * creator and/or we can inherit values from the parent dataset. If
3320 * the file system is of too early a vintage, a creator can not
3321 * request settings for these properties, even if the requested
3322 * setting is the default value. We don't actually want to create dsl
3323 * properties for these, so remove them from the source nvlist after
3324 * processing.
3325 */
3326 static int
zfs_fill_zplprops_impl(objset_t * os,uint64_t zplver,boolean_t fuids_ok,boolean_t sa_ok,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3327 zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver,
3328 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops,
3329 nvlist_t *zplprops, boolean_t *is_ci)
3330 {
3331 uint64_t sense = ZFS_PROP_UNDEFINED;
3332 uint64_t norm = ZFS_PROP_UNDEFINED;
3333 uint64_t u8 = ZFS_PROP_UNDEFINED;
3334 int error;
3335
3336 ASSERT(zplprops != NULL);
3337
3338 /* parent dataset must be a filesystem */
3339 if (os != NULL && os->os_phys->os_type != DMU_OST_ZFS)
3340 return (SET_ERROR(ZFS_ERR_WRONG_PARENT));
3341
3342 /*
3343 * Pull out creator prop choices, if any.
3344 */
3345 if (createprops) {
3346 (void) nvlist_lookup_uint64(createprops,
3347 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver);
3348 (void) nvlist_lookup_uint64(createprops,
3349 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm);
3350 (void) nvlist_remove_all(createprops,
3351 zfs_prop_to_name(ZFS_PROP_NORMALIZE));
3352 (void) nvlist_lookup_uint64(createprops,
3353 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8);
3354 (void) nvlist_remove_all(createprops,
3355 zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
3356 (void) nvlist_lookup_uint64(createprops,
3357 zfs_prop_to_name(ZFS_PROP_CASE), &sense);
3358 (void) nvlist_remove_all(createprops,
3359 zfs_prop_to_name(ZFS_PROP_CASE));
3360 }
3361
3362 /*
3363 * If the zpl version requested is whacky or the file system
3364 * or pool is version is too "young" to support normalization
3365 * and the creator tried to set a value for one of the props,
3366 * error out.
3367 */
3368 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) ||
3369 (zplver >= ZPL_VERSION_FUID && !fuids_ok) ||
3370 (zplver >= ZPL_VERSION_SA && !sa_ok) ||
3371 (zplver < ZPL_VERSION_NORMALIZATION &&
3372 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED ||
3373 sense != ZFS_PROP_UNDEFINED)))
3374 return (SET_ERROR(ENOTSUP));
3375
3376 /*
3377 * Put the version in the zplprops
3378 */
3379 VERIFY(nvlist_add_uint64(zplprops,
3380 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0);
3381
3382 if (norm == ZFS_PROP_UNDEFINED &&
3383 (error = zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm)) != 0)
3384 return (error);
3385 VERIFY(nvlist_add_uint64(zplprops,
3386 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0);
3387
3388 /*
3389 * If we're normalizing, names must always be valid UTF-8 strings.
3390 */
3391 if (norm)
3392 u8 = 1;
3393 if (u8 == ZFS_PROP_UNDEFINED &&
3394 (error = zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8)) != 0)
3395 return (error);
3396 VERIFY(nvlist_add_uint64(zplprops,
3397 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0);
3398
3399 if (sense == ZFS_PROP_UNDEFINED &&
3400 (error = zfs_get_zplprop(os, ZFS_PROP_CASE, &sense)) != 0)
3401 return (error);
3402 VERIFY(nvlist_add_uint64(zplprops,
3403 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0);
3404
3405 if (is_ci)
3406 *is_ci = (sense == ZFS_CASE_INSENSITIVE);
3407
3408 return (0);
3409 }
3410
3411 static int
zfs_fill_zplprops(const char * dataset,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3412 zfs_fill_zplprops(const char *dataset, nvlist_t *createprops,
3413 nvlist_t *zplprops, boolean_t *is_ci)
3414 {
3415 boolean_t fuids_ok, sa_ok;
3416 uint64_t zplver = ZPL_VERSION;
3417 objset_t *os = NULL;
3418 char parentname[ZFS_MAX_DATASET_NAME_LEN];
3419 spa_t *spa;
3420 uint64_t spa_vers;
3421 int error;
3422
3423 zfs_get_parent(dataset, parentname, sizeof (parentname));
3424
3425 if ((error = spa_open(dataset, &spa, FTAG)) != 0)
3426 return (error);
3427
3428 spa_vers = spa_version(spa);
3429 spa_close(spa, FTAG);
3430
3431 zplver = zfs_zpl_version_map(spa_vers);
3432 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3433 sa_ok = (zplver >= ZPL_VERSION_SA);
3434
3435 /*
3436 * Open parent object set so we can inherit zplprop values.
3437 */
3438 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0)
3439 return (error);
3440
3441 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops,
3442 zplprops, is_ci);
3443 dmu_objset_rele(os, FTAG);
3444 return (error);
3445 }
3446
3447 static int
zfs_fill_zplprops_root(uint64_t spa_vers,nvlist_t * createprops,nvlist_t * zplprops,boolean_t * is_ci)3448 zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops,
3449 nvlist_t *zplprops, boolean_t *is_ci)
3450 {
3451 boolean_t fuids_ok;
3452 boolean_t sa_ok;
3453 uint64_t zplver = ZPL_VERSION;
3454 int error;
3455
3456 zplver = zfs_zpl_version_map(spa_vers);
3457 fuids_ok = (zplver >= ZPL_VERSION_FUID);
3458 sa_ok = (zplver >= ZPL_VERSION_SA);
3459
3460 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok,
3461 createprops, zplprops, is_ci);
3462 return (error);
3463 }
3464
3465 /*
3466 * innvl: {
3467 * "type" -> dmu_objset_type_t (int32)
3468 * (optional) "props" -> { prop -> value }
3469 * (optional) "hidden_args" -> { "wkeydata" -> value }
3470 * raw uint8_t array of encryption wrapping key data (32 bytes)
3471 * }
3472 *
3473 * outnvl: propname -> error code (int32)
3474 */
3475
3476 static const zfs_ioc_key_t zfs_keys_create[] = {
3477 {"type", DATA_TYPE_INT32, 0},
3478 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3479 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3480 };
3481
3482 static int
zfs_ioc_create(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3483 zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3484 {
3485 int error = 0;
3486 zfs_creat_t zct = { 0 };
3487 nvlist_t *nvprops = NULL;
3488 nvlist_t *hidden_args = NULL;
3489 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx);
3490 dmu_objset_type_t type;
3491 boolean_t is_insensitive = B_FALSE;
3492 dsl_crypto_params_t *dcp = NULL;
3493
3494 type = (dmu_objset_type_t)fnvlist_lookup_int32(innvl, "type");
3495 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3496 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
3497
3498 switch (type) {
3499 case DMU_OST_ZFS:
3500 cbfunc = zfs_create_cb;
3501 break;
3502
3503 case DMU_OST_ZVOL:
3504 cbfunc = zvol_create_cb;
3505 break;
3506
3507 default:
3508 cbfunc = NULL;
3509 break;
3510 }
3511 if (strchr(fsname, '@') ||
3512 strchr(fsname, '%'))
3513 return (SET_ERROR(EINVAL));
3514
3515 zct.zct_props = nvprops;
3516
3517 if (cbfunc == NULL)
3518 return (SET_ERROR(EINVAL));
3519
3520 if (type == DMU_OST_ZVOL) {
3521 uint64_t volsize, volblocksize;
3522
3523 if (nvprops == NULL)
3524 return (SET_ERROR(EINVAL));
3525 if (nvlist_lookup_uint64(nvprops,
3526 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0)
3527 return (SET_ERROR(EINVAL));
3528
3529 if ((error = nvlist_lookup_uint64(nvprops,
3530 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3531 &volblocksize)) != 0 && error != ENOENT)
3532 return (SET_ERROR(EINVAL));
3533
3534 if (error != 0)
3535 volblocksize = zfs_prop_default_numeric(
3536 ZFS_PROP_VOLBLOCKSIZE);
3537
3538 if ((error = zvol_check_volblocksize(fsname,
3539 volblocksize)) != 0 ||
3540 (error = zvol_check_volsize(volsize,
3541 volblocksize)) != 0)
3542 return (error);
3543 } else if (type == DMU_OST_ZFS) {
3544 int error;
3545
3546 /*
3547 * We have to have normalization and
3548 * case-folding flags correct when we do the
3549 * file system creation, so go figure them out
3550 * now.
3551 */
3552 VERIFY(nvlist_alloc(&zct.zct_zplprops,
3553 NV_UNIQUE_NAME, KM_SLEEP) == 0);
3554 error = zfs_fill_zplprops(fsname, nvprops,
3555 zct.zct_zplprops, &is_insensitive);
3556 if (error != 0) {
3557 nvlist_free(zct.zct_zplprops);
3558 return (error);
3559 }
3560 }
3561
3562 error = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, nvprops,
3563 hidden_args, &dcp);
3564 if (error != 0) {
3565 nvlist_free(zct.zct_zplprops);
3566 return (error);
3567 }
3568
3569 error = dmu_objset_create(fsname, type,
3570 is_insensitive ? DS_FLAG_CI_DATASET : 0, dcp, cbfunc, &zct);
3571
3572 nvlist_free(zct.zct_zplprops);
3573 dsl_crypto_params_free(dcp, !!error);
3574
3575 /*
3576 * It would be nice to do this atomically.
3577 */
3578 if (error == 0) {
3579 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3580 nvprops, outnvl);
3581 if (error != 0) {
3582 spa_t *spa;
3583 int error2;
3584
3585 /*
3586 * Volumes will return EBUSY and cannot be destroyed
3587 * until all asynchronous minor handling (e.g. from
3588 * setting the volmode property) has completed. Wait for
3589 * the spa_zvol_taskq to drain then retry.
3590 */
3591 error2 = dsl_destroy_head(fsname);
3592 while ((error2 == EBUSY) && (type == DMU_OST_ZVOL)) {
3593 error2 = spa_open(fsname, &spa, FTAG);
3594 if (error2 == 0) {
3595 taskq_wait(spa->spa_zvol_taskq);
3596 spa_close(spa, FTAG);
3597 }
3598 error2 = dsl_destroy_head(fsname);
3599 }
3600 }
3601 }
3602 return (error);
3603 }
3604
3605 /*
3606 * innvl: {
3607 * "origin" -> name of origin snapshot
3608 * (optional) "props" -> { prop -> value }
3609 * (optional) "hidden_args" -> { "wkeydata" -> value }
3610 * raw uint8_t array of encryption wrapping key data (32 bytes)
3611 * }
3612 *
3613 * outputs:
3614 * outnvl: propname -> error code (int32)
3615 */
3616 static const zfs_ioc_key_t zfs_keys_clone[] = {
3617 {"origin", DATA_TYPE_STRING, 0},
3618 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3619 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3620 };
3621
3622 static int
zfs_ioc_clone(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3623 zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3624 {
3625 int error = 0;
3626 nvlist_t *nvprops = NULL;
3627 const char *origin_name;
3628
3629 origin_name = fnvlist_lookup_string(innvl, "origin");
3630 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops);
3631
3632 if (strchr(fsname, '@') ||
3633 strchr(fsname, '%'))
3634 return (SET_ERROR(EINVAL));
3635
3636 if (dataset_namecheck(origin_name, NULL, NULL) != 0)
3637 return (SET_ERROR(EINVAL));
3638
3639 error = dmu_objset_clone(fsname, origin_name);
3640
3641 /*
3642 * It would be nice to do this atomically.
3643 */
3644 if (error == 0) {
3645 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL,
3646 nvprops, outnvl);
3647 if (error != 0)
3648 (void) dsl_destroy_head(fsname);
3649 }
3650 return (error);
3651 }
3652
3653 static const zfs_ioc_key_t zfs_keys_remap[] = {
3654 /* no nvl keys */
3655 };
3656
3657 static int
zfs_ioc_remap(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3658 zfs_ioc_remap(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3659 {
3660 /* This IOCTL is no longer supported. */
3661 (void) fsname, (void) innvl, (void) outnvl;
3662 return (0);
3663 }
3664
3665 /*
3666 * innvl: {
3667 * "snaps" -> { snapshot1, snapshot2 }
3668 * (optional) "props" -> { prop -> value (string) }
3669 * }
3670 *
3671 * outnvl: snapshot -> error code (int32)
3672 */
3673 static const zfs_ioc_key_t zfs_keys_snapshot[] = {
3674 {"snaps", DATA_TYPE_NVLIST, 0},
3675 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
3676 };
3677
3678 static int
zfs_ioc_snapshot(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3679 zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3680 {
3681 nvlist_t *snaps;
3682 nvlist_t *props = NULL;
3683 int error, poollen;
3684 nvpair_t *pair;
3685
3686 (void) nvlist_lookup_nvlist(innvl, "props", &props);
3687 if (!nvlist_empty(props) &&
3688 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS))
3689 return (SET_ERROR(ENOTSUP));
3690 if ((error = zfs_check_userprops(props)) != 0)
3691 return (error);
3692
3693 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3694 poollen = strlen(poolname);
3695 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3696 pair = nvlist_next_nvpair(snaps, pair)) {
3697 const char *name = nvpair_name(pair);
3698 char *cp = strchr(name, '@');
3699
3700 /*
3701 * The snap name must contain an @, and the part after it must
3702 * contain only valid characters.
3703 */
3704 if (cp == NULL ||
3705 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
3706 return (SET_ERROR(EINVAL));
3707
3708 /*
3709 * The snap must be in the specified pool.
3710 */
3711 if (strncmp(name, poolname, poollen) != 0 ||
3712 (name[poollen] != '/' && name[poollen] != '@'))
3713 return (SET_ERROR(EXDEV));
3714
3715 /*
3716 * Check for permission to set the properties on the fs.
3717 */
3718 if (!nvlist_empty(props)) {
3719 *cp = '\0';
3720 error = zfs_secpolicy_write_perms(name,
3721 ZFS_DELEG_PERM_USERPROP, CRED());
3722 *cp = '@';
3723 if (error != 0)
3724 return (error);
3725 }
3726
3727 /* This must be the only snap of this fs. */
3728 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair);
3729 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) {
3730 if (strncmp(name, nvpair_name(pair2), cp - name + 1)
3731 == 0) {
3732 return (SET_ERROR(EXDEV));
3733 }
3734 }
3735 }
3736
3737 error = dsl_dataset_snapshot(snaps, props, outnvl);
3738
3739 return (error);
3740 }
3741
3742 /*
3743 * innvl: "message" -> string
3744 */
3745 static const zfs_ioc_key_t zfs_keys_log_history[] = {
3746 {"message", DATA_TYPE_STRING, 0},
3747 };
3748
3749 static int
zfs_ioc_log_history(const char * unused,nvlist_t * innvl,nvlist_t * outnvl)3750 zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
3751 {
3752 (void) unused, (void) outnvl;
3753 const char *message;
3754 char *poolname;
3755 spa_t *spa;
3756 int error;
3757
3758 /*
3759 * The poolname in the ioctl is not set, we get it from the TSD,
3760 * which was set at the end of the last successful ioctl that allows
3761 * logging. The secpolicy func already checked that it is set.
3762 * Only one log ioctl is allowed after each successful ioctl, so
3763 * we clear the TSD here.
3764 */
3765 poolname = tsd_get(zfs_allow_log_key);
3766 if (poolname == NULL)
3767 return (SET_ERROR(EINVAL));
3768 (void) tsd_set(zfs_allow_log_key, NULL);
3769 error = spa_open(poolname, &spa, FTAG);
3770 kmem_strfree(poolname);
3771 if (error != 0)
3772 return (error);
3773
3774 message = fnvlist_lookup_string(innvl, "message");
3775
3776 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) {
3777 spa_close(spa, FTAG);
3778 return (SET_ERROR(ENOTSUP));
3779 }
3780
3781 error = spa_history_log(spa, message);
3782 spa_close(spa, FTAG);
3783 return (error);
3784 }
3785
3786 /*
3787 * This ioctl is used to set the bootenv configuration on the current
3788 * pool. This configuration is stored in the second padding area of the label,
3789 * and it is used by the bootloader(s) to store the bootloader and/or system
3790 * specific data.
3791 * The data is stored as nvlist data stream, and is protected by
3792 * an embedded checksum.
3793 * The version can have two possible values:
3794 * VB_RAW: nvlist should have key GRUB_ENVMAP, value DATA_TYPE_STRING.
3795 * VB_NVLIST: nvlist with arbitrary <key, value> pairs.
3796 */
3797 static const zfs_ioc_key_t zfs_keys_set_bootenv[] = {
3798 {"version", DATA_TYPE_UINT64, 0},
3799 {"<keys>", DATA_TYPE_ANY, ZK_OPTIONAL | ZK_WILDCARDLIST},
3800 };
3801
3802 static int
zfs_ioc_set_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3803 zfs_ioc_set_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3804 {
3805 int error;
3806 spa_t *spa;
3807
3808 if ((error = spa_open(name, &spa, FTAG)) != 0)
3809 return (error);
3810 spa_vdev_state_enter(spa, SCL_ALL);
3811 error = vdev_label_write_bootenv(spa->spa_root_vdev, innvl);
3812 (void) spa_vdev_state_exit(spa, NULL, 0);
3813 spa_close(spa, FTAG);
3814 return (error);
3815 }
3816
3817 static const zfs_ioc_key_t zfs_keys_get_bootenv[] = {
3818 /* no nvl keys */
3819 };
3820
3821 static int
zfs_ioc_get_bootenv(const char * name,nvlist_t * innvl,nvlist_t * outnvl)3822 zfs_ioc_get_bootenv(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
3823 {
3824 spa_t *spa;
3825 int error;
3826
3827 if ((error = spa_open(name, &spa, FTAG)) != 0)
3828 return (error);
3829 spa_vdev_state_enter(spa, SCL_ALL);
3830 error = vdev_label_read_bootenv(spa->spa_root_vdev, outnvl);
3831 (void) spa_vdev_state_exit(spa, NULL, 0);
3832 spa_close(spa, FTAG);
3833 return (error);
3834 }
3835
3836 /*
3837 * The dp_config_rwlock must not be held when calling this, because the
3838 * unmount may need to write out data.
3839 *
3840 * This function is best-effort. Callers must deal gracefully if it
3841 * remains mounted (or is remounted after this call).
3842 *
3843 * Returns 0 if the argument is not a snapshot, or it is not currently a
3844 * filesystem, or we were able to unmount it. Returns error code otherwise.
3845 */
3846 void
zfs_unmount_snap(const char * snapname)3847 zfs_unmount_snap(const char *snapname)
3848 {
3849 if (strchr(snapname, '@') == NULL)
3850 return;
3851
3852 (void) zfsctl_snapshot_unmount(snapname, MNT_FORCE);
3853 }
3854
3855 static int
zfs_unmount_snap_cb(const char * snapname,void * arg)3856 zfs_unmount_snap_cb(const char *snapname, void *arg)
3857 {
3858 (void) arg;
3859 zfs_unmount_snap(snapname);
3860 return (0);
3861 }
3862
3863 /*
3864 * When a clone is destroyed, its origin may also need to be destroyed,
3865 * in which case it must be unmounted. This routine will do that unmount
3866 * if necessary.
3867 */
3868 void
zfs_destroy_unmount_origin(const char * fsname)3869 zfs_destroy_unmount_origin(const char *fsname)
3870 {
3871 int error;
3872 objset_t *os;
3873 dsl_dataset_t *ds;
3874
3875 error = dmu_objset_hold(fsname, FTAG, &os);
3876 if (error != 0)
3877 return;
3878 ds = dmu_objset_ds(os);
3879 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) {
3880 char originname[ZFS_MAX_DATASET_NAME_LEN];
3881 dsl_dataset_name(ds->ds_prev, originname);
3882 dmu_objset_rele(os, FTAG);
3883 zfs_unmount_snap(originname);
3884 } else {
3885 dmu_objset_rele(os, FTAG);
3886 }
3887 }
3888
3889 /*
3890 * innvl: {
3891 * "snaps" -> { snapshot1, snapshot2 }
3892 * (optional boolean) "defer"
3893 * }
3894 *
3895 * outnvl: snapshot -> error code (int32)
3896 */
3897 static const zfs_ioc_key_t zfs_keys_destroy_snaps[] = {
3898 {"snaps", DATA_TYPE_NVLIST, 0},
3899 {"defer", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
3900 };
3901
3902 static int
zfs_ioc_destroy_snaps(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3903 zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3904 {
3905 int poollen;
3906 nvlist_t *snaps;
3907 nvpair_t *pair;
3908 boolean_t defer;
3909 spa_t *spa;
3910
3911 snaps = fnvlist_lookup_nvlist(innvl, "snaps");
3912 defer = nvlist_exists(innvl, "defer");
3913
3914 poollen = strlen(poolname);
3915 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL;
3916 pair = nvlist_next_nvpair(snaps, pair)) {
3917 const char *name = nvpair_name(pair);
3918
3919 /*
3920 * The snap must be in the specified pool to prevent the
3921 * invalid removal of zvol minors below.
3922 */
3923 if (strncmp(name, poolname, poollen) != 0 ||
3924 (name[poollen] != '/' && name[poollen] != '@'))
3925 return (SET_ERROR(EXDEV));
3926
3927 zfs_unmount_snap(nvpair_name(pair));
3928 if (spa_open(name, &spa, FTAG) == 0) {
3929 zvol_remove_minors(spa, name, B_TRUE);
3930 spa_close(spa, FTAG);
3931 }
3932 }
3933
3934 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl));
3935 }
3936
3937 /*
3938 * Create bookmarks. The bookmark names are of the form <fs>#<bmark>.
3939 * All bookmarks and snapshots must be in the same pool.
3940 * dsl_bookmark_create_nvl_validate describes the nvlist schema in more detail.
3941 *
3942 * innvl: {
3943 * new_bookmark1 -> existing_snapshot,
3944 * new_bookmark2 -> existing_bookmark,
3945 * }
3946 *
3947 * outnvl: bookmark -> error code (int32)
3948 *
3949 */
3950 static const zfs_ioc_key_t zfs_keys_bookmark[] = {
3951 {"<bookmark>...", DATA_TYPE_STRING, ZK_WILDCARDLIST},
3952 };
3953
3954 static int
zfs_ioc_bookmark(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)3955 zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
3956 {
3957 (void) poolname;
3958 return (dsl_bookmark_create(innvl, outnvl));
3959 }
3960
3961 /*
3962 * innvl: {
3963 * property 1, property 2, ...
3964 * }
3965 *
3966 * outnvl: {
3967 * bookmark name 1 -> { property 1, property 2, ... },
3968 * bookmark name 2 -> { property 1, property 2, ... }
3969 * }
3970 *
3971 */
3972 static const zfs_ioc_key_t zfs_keys_get_bookmarks[] = {
3973 {"<property>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST | ZK_OPTIONAL},
3974 };
3975
3976 static int
zfs_ioc_get_bookmarks(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)3977 zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
3978 {
3979 return (dsl_get_bookmarks(fsname, innvl, outnvl));
3980 }
3981
3982 /*
3983 * innvl is not used.
3984 *
3985 * outnvl: {
3986 * property 1, property 2, ...
3987 * }
3988 *
3989 */
3990 static const zfs_ioc_key_t zfs_keys_get_bookmark_props[] = {
3991 /* no nvl keys */
3992 };
3993
3994 static int
zfs_ioc_get_bookmark_props(const char * bookmark,nvlist_t * innvl,nvlist_t * outnvl)3995 zfs_ioc_get_bookmark_props(const char *bookmark, nvlist_t *innvl,
3996 nvlist_t *outnvl)
3997 {
3998 (void) innvl;
3999 char fsname[ZFS_MAX_DATASET_NAME_LEN];
4000 char *bmname;
4001
4002 bmname = strchr(bookmark, '#');
4003 if (bmname == NULL)
4004 return (SET_ERROR(EINVAL));
4005 bmname++;
4006
4007 (void) strlcpy(fsname, bookmark, sizeof (fsname));
4008 *(strchr(fsname, '#')) = '\0';
4009
4010 return (dsl_get_bookmark_props(fsname, bmname, outnvl));
4011 }
4012
4013 /*
4014 * innvl: {
4015 * bookmark name 1, bookmark name 2
4016 * }
4017 *
4018 * outnvl: bookmark -> error code (int32)
4019 *
4020 */
4021 static const zfs_ioc_key_t zfs_keys_destroy_bookmarks[] = {
4022 {"<bookmark>...", DATA_TYPE_BOOLEAN, ZK_WILDCARDLIST},
4023 };
4024
4025 static int
zfs_ioc_destroy_bookmarks(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4026 zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl,
4027 nvlist_t *outnvl)
4028 {
4029 int error, poollen;
4030
4031 poollen = strlen(poolname);
4032 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
4033 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
4034 const char *name = nvpair_name(pair);
4035 const char *cp = strchr(name, '#');
4036
4037 /*
4038 * The bookmark name must contain an #, and the part after it
4039 * must contain only valid characters.
4040 */
4041 if (cp == NULL ||
4042 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4043 return (SET_ERROR(EINVAL));
4044
4045 /*
4046 * The bookmark must be in the specified pool.
4047 */
4048 if (strncmp(name, poolname, poollen) != 0 ||
4049 (name[poollen] != '/' && name[poollen] != '#'))
4050 return (SET_ERROR(EXDEV));
4051 }
4052
4053 error = dsl_bookmark_destroy(innvl, outnvl);
4054 return (error);
4055 }
4056
4057 static const zfs_ioc_key_t zfs_keys_channel_program[] = {
4058 {"program", DATA_TYPE_STRING, 0},
4059 {"arg", DATA_TYPE_ANY, 0},
4060 {"sync", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4061 {"instrlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
4062 {"memlimit", DATA_TYPE_UINT64, ZK_OPTIONAL},
4063 };
4064
4065 static int
zfs_ioc_channel_program(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4066 zfs_ioc_channel_program(const char *poolname, nvlist_t *innvl,
4067 nvlist_t *outnvl)
4068 {
4069 const char *program;
4070 uint64_t instrlimit, memlimit;
4071 boolean_t sync_flag;
4072 nvpair_t *nvarg = NULL;
4073
4074 program = fnvlist_lookup_string(innvl, ZCP_ARG_PROGRAM);
4075 if (0 != nvlist_lookup_boolean_value(innvl, ZCP_ARG_SYNC, &sync_flag)) {
4076 sync_flag = B_TRUE;
4077 }
4078 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_INSTRLIMIT, &instrlimit)) {
4079 instrlimit = ZCP_DEFAULT_INSTRLIMIT;
4080 }
4081 if (0 != nvlist_lookup_uint64(innvl, ZCP_ARG_MEMLIMIT, &memlimit)) {
4082 memlimit = ZCP_DEFAULT_MEMLIMIT;
4083 }
4084 nvarg = fnvlist_lookup_nvpair(innvl, ZCP_ARG_ARGLIST);
4085
4086 if (instrlimit == 0 || instrlimit > zfs_lua_max_instrlimit)
4087 return (SET_ERROR(EINVAL));
4088 if (memlimit == 0 || memlimit > zfs_lua_max_memlimit)
4089 return (SET_ERROR(EINVAL));
4090
4091 return (zcp_eval(poolname, program, sync_flag, instrlimit, memlimit,
4092 nvarg, outnvl));
4093 }
4094
4095 /*
4096 * innvl: unused
4097 * outnvl: empty
4098 */
4099 static const zfs_ioc_key_t zfs_keys_pool_checkpoint[] = {
4100 /* no nvl keys */
4101 };
4102
4103 static int
zfs_ioc_pool_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4104 zfs_ioc_pool_checkpoint(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4105 {
4106 (void) innvl, (void) outnvl;
4107 return (spa_checkpoint(poolname));
4108 }
4109
4110 /*
4111 * innvl: unused
4112 * outnvl: empty
4113 */
4114 static const zfs_ioc_key_t zfs_keys_pool_discard_checkpoint[] = {
4115 /* no nvl keys */
4116 };
4117
4118 static int
zfs_ioc_pool_discard_checkpoint(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4119 zfs_ioc_pool_discard_checkpoint(const char *poolname, nvlist_t *innvl,
4120 nvlist_t *outnvl)
4121 {
4122 (void) innvl, (void) outnvl;
4123 return (spa_checkpoint_discard(poolname));
4124 }
4125
4126 /*
4127 * Loads specific types of data for the given pool
4128 *
4129 * innvl: {
4130 * "prefetch_type" -> int32_t
4131 * }
4132 *
4133 * outnvl: empty
4134 */
4135 static const zfs_ioc_key_t zfs_keys_pool_prefetch[] = {
4136 {ZPOOL_PREFETCH_TYPE, DATA_TYPE_INT32, 0},
4137 };
4138
4139 static int
zfs_ioc_pool_prefetch(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4140 zfs_ioc_pool_prefetch(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4141 {
4142 (void) outnvl;
4143
4144 int error;
4145 spa_t *spa;
4146 int32_t type;
4147
4148 /*
4149 * Currently, only ZPOOL_PREFETCH_DDT is supported
4150 */
4151 if (nvlist_lookup_int32(innvl, ZPOOL_PREFETCH_TYPE, &type) != 0 ||
4152 type != ZPOOL_PREFETCH_DDT) {
4153 return (EINVAL);
4154 }
4155
4156 error = spa_open(poolname, &spa, FTAG);
4157 if (error != 0)
4158 return (error);
4159
4160 hrtime_t start_time = gethrtime();
4161
4162 ddt_prefetch_all(spa);
4163
4164 zfs_dbgmsg("pool '%s': loaded ddt into ARC in %llu ms", spa->spa_name,
4165 (u_longlong_t)NSEC2MSEC(gethrtime() - start_time));
4166
4167 spa_close(spa, FTAG);
4168
4169 return (error);
4170 }
4171
4172 /*
4173 * inputs:
4174 * zc_name name of dataset to destroy
4175 * zc_defer_destroy mark for deferred destroy
4176 *
4177 * outputs: none
4178 */
4179 static int
zfs_ioc_destroy(zfs_cmd_t * zc)4180 zfs_ioc_destroy(zfs_cmd_t *zc)
4181 {
4182 objset_t *os;
4183 dmu_objset_type_t ost;
4184 int err;
4185
4186 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4187 if (err != 0)
4188 return (err);
4189 ost = dmu_objset_type(os);
4190 dmu_objset_rele(os, FTAG);
4191
4192 if (ost == DMU_OST_ZFS)
4193 zfs_unmount_snap(zc->zc_name);
4194
4195 if (strchr(zc->zc_name, '@')) {
4196 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy);
4197 } else {
4198 err = dsl_destroy_head(zc->zc_name);
4199 if (err == EEXIST) {
4200 /*
4201 * It is possible that the given DS may have
4202 * hidden child (%recv) datasets - "leftovers"
4203 * resulting from the previously interrupted
4204 * 'zfs receive'.
4205 *
4206 * 6 extra bytes for /%recv
4207 */
4208 char namebuf[ZFS_MAX_DATASET_NAME_LEN + 6];
4209
4210 if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
4211 zc->zc_name, recv_clone_name) >=
4212 sizeof (namebuf))
4213 return (SET_ERROR(EINVAL));
4214
4215 /*
4216 * Try to remove the hidden child (%recv) and after
4217 * that try to remove the target dataset.
4218 * If the hidden child (%recv) does not exist
4219 * the original error (EEXIST) will be returned
4220 */
4221 err = dsl_destroy_head(namebuf);
4222 if (err == 0)
4223 err = dsl_destroy_head(zc->zc_name);
4224 else if (err == ENOENT)
4225 err = SET_ERROR(EEXIST);
4226 }
4227 }
4228
4229 return (err);
4230 }
4231
4232 /*
4233 * innvl: {
4234 * "initialize_command" -> POOL_INITIALIZE_{CANCEL|START|SUSPEND} (uint64)
4235 * "initialize_vdevs": { -> guids to initialize (nvlist)
4236 * "vdev_path_1": vdev_guid_1, (uint64),
4237 * "vdev_path_2": vdev_guid_2, (uint64),
4238 * ...
4239 * },
4240 * }
4241 *
4242 * outnvl: {
4243 * "initialize_vdevs": { -> initialization errors (nvlist)
4244 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4245 * "vdev_path_2": errno, ... (uint64)
4246 * ...
4247 * }
4248 * }
4249 *
4250 * EINVAL is returned for an unknown commands or if any of the provided vdev
4251 * guids have be specified with a type other than uint64.
4252 */
4253 static const zfs_ioc_key_t zfs_keys_pool_initialize[] = {
4254 {ZPOOL_INITIALIZE_COMMAND, DATA_TYPE_UINT64, 0},
4255 {ZPOOL_INITIALIZE_VDEVS, DATA_TYPE_NVLIST, 0}
4256 };
4257
4258 static int
zfs_ioc_pool_initialize(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4259 zfs_ioc_pool_initialize(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4260 {
4261 uint64_t cmd_type;
4262 if (nvlist_lookup_uint64(innvl, ZPOOL_INITIALIZE_COMMAND,
4263 &cmd_type) != 0) {
4264 return (SET_ERROR(EINVAL));
4265 }
4266
4267 if (!(cmd_type == POOL_INITIALIZE_CANCEL ||
4268 cmd_type == POOL_INITIALIZE_START ||
4269 cmd_type == POOL_INITIALIZE_SUSPEND ||
4270 cmd_type == POOL_INITIALIZE_UNINIT)) {
4271 return (SET_ERROR(EINVAL));
4272 }
4273
4274 nvlist_t *vdev_guids;
4275 if (nvlist_lookup_nvlist(innvl, ZPOOL_INITIALIZE_VDEVS,
4276 &vdev_guids) != 0) {
4277 return (SET_ERROR(EINVAL));
4278 }
4279
4280 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4281 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4282 uint64_t vdev_guid;
4283 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4284 return (SET_ERROR(EINVAL));
4285 }
4286 }
4287
4288 spa_t *spa;
4289 int error = spa_open(poolname, &spa, FTAG);
4290 if (error != 0)
4291 return (error);
4292
4293 nvlist_t *vdev_errlist = fnvlist_alloc();
4294 int total_errors = spa_vdev_initialize(spa, vdev_guids, cmd_type,
4295 vdev_errlist);
4296
4297 if (fnvlist_size(vdev_errlist) > 0) {
4298 fnvlist_add_nvlist(outnvl, ZPOOL_INITIALIZE_VDEVS,
4299 vdev_errlist);
4300 }
4301 fnvlist_free(vdev_errlist);
4302
4303 spa_close(spa, FTAG);
4304 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4305 }
4306
4307 /*
4308 * innvl: {
4309 * "trim_command" -> POOL_TRIM_{CANCEL|START|SUSPEND} (uint64)
4310 * "trim_vdevs": { -> guids to TRIM (nvlist)
4311 * "vdev_path_1": vdev_guid_1, (uint64),
4312 * "vdev_path_2": vdev_guid_2, (uint64),
4313 * ...
4314 * },
4315 * "trim_rate" -> Target TRIM rate in bytes/sec.
4316 * "trim_secure" -> Set to request a secure TRIM.
4317 * }
4318 *
4319 * outnvl: {
4320 * "trim_vdevs": { -> TRIM errors (nvlist)
4321 * "vdev_path_1": errno, see function body for possible errnos (uint64)
4322 * "vdev_path_2": errno, ... (uint64)
4323 * ...
4324 * }
4325 * }
4326 *
4327 * EINVAL is returned for an unknown commands or if any of the provided vdev
4328 * guids have be specified with a type other than uint64.
4329 */
4330 static const zfs_ioc_key_t zfs_keys_pool_trim[] = {
4331 {ZPOOL_TRIM_COMMAND, DATA_TYPE_UINT64, 0},
4332 {ZPOOL_TRIM_VDEVS, DATA_TYPE_NVLIST, 0},
4333 {ZPOOL_TRIM_RATE, DATA_TYPE_UINT64, ZK_OPTIONAL},
4334 {ZPOOL_TRIM_SECURE, DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
4335 };
4336
4337 static int
zfs_ioc_pool_trim(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4338 zfs_ioc_pool_trim(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4339 {
4340 uint64_t cmd_type;
4341 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_COMMAND, &cmd_type) != 0)
4342 return (SET_ERROR(EINVAL));
4343
4344 if (!(cmd_type == POOL_TRIM_CANCEL ||
4345 cmd_type == POOL_TRIM_START ||
4346 cmd_type == POOL_TRIM_SUSPEND)) {
4347 return (SET_ERROR(EINVAL));
4348 }
4349
4350 nvlist_t *vdev_guids;
4351 if (nvlist_lookup_nvlist(innvl, ZPOOL_TRIM_VDEVS, &vdev_guids) != 0)
4352 return (SET_ERROR(EINVAL));
4353
4354 for (nvpair_t *pair = nvlist_next_nvpair(vdev_guids, NULL);
4355 pair != NULL; pair = nvlist_next_nvpair(vdev_guids, pair)) {
4356 uint64_t vdev_guid;
4357 if (nvpair_value_uint64(pair, &vdev_guid) != 0) {
4358 return (SET_ERROR(EINVAL));
4359 }
4360 }
4361
4362 /* Optional, defaults to maximum rate when not provided */
4363 uint64_t rate;
4364 if (nvlist_lookup_uint64(innvl, ZPOOL_TRIM_RATE, &rate) != 0)
4365 rate = 0;
4366
4367 /* Optional, defaults to standard TRIM when not provided */
4368 boolean_t secure;
4369 if (nvlist_lookup_boolean_value(innvl, ZPOOL_TRIM_SECURE,
4370 &secure) != 0) {
4371 secure = B_FALSE;
4372 }
4373
4374 spa_t *spa;
4375 int error = spa_open(poolname, &spa, FTAG);
4376 if (error != 0)
4377 return (error);
4378
4379 nvlist_t *vdev_errlist = fnvlist_alloc();
4380 int total_errors = spa_vdev_trim(spa, vdev_guids, cmd_type,
4381 rate, !!zfs_trim_metaslab_skip, secure, vdev_errlist);
4382
4383 if (fnvlist_size(vdev_errlist) > 0)
4384 fnvlist_add_nvlist(outnvl, ZPOOL_TRIM_VDEVS, vdev_errlist);
4385
4386 fnvlist_free(vdev_errlist);
4387
4388 spa_close(spa, FTAG);
4389 return (total_errors > 0 ? SET_ERROR(EINVAL) : 0);
4390 }
4391
4392 #define DDT_PRUNE_UNIT "ddt_prune_unit"
4393 #define DDT_PRUNE_AMOUNT "ddt_prune_amount"
4394
4395 /*
4396 * innvl: {
4397 * "ddt_prune_unit" -> uint32_t
4398 * "ddt_prune_amount" -> uint64_t
4399 * }
4400 *
4401 * outnvl: "waited" -> boolean_t
4402 */
4403 static const zfs_ioc_key_t zfs_keys_ddt_prune[] = {
4404 {DDT_PRUNE_UNIT, DATA_TYPE_INT32, 0},
4405 {DDT_PRUNE_AMOUNT, DATA_TYPE_UINT64, 0},
4406 };
4407
4408 static int
zfs_ioc_ddt_prune(const char * poolname,nvlist_t * innvl,nvlist_t * outnvl)4409 zfs_ioc_ddt_prune(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl)
4410 {
4411 int32_t unit;
4412 uint64_t amount;
4413
4414 if (nvlist_lookup_int32(innvl, DDT_PRUNE_UNIT, &unit) != 0 ||
4415 nvlist_lookup_uint64(innvl, DDT_PRUNE_AMOUNT, &amount) != 0) {
4416 return (EINVAL);
4417 }
4418
4419 spa_t *spa;
4420 int error = spa_open(poolname, &spa, FTAG);
4421 if (error != 0)
4422 return (error);
4423
4424 if (!spa_feature_is_enabled(spa, SPA_FEATURE_FAST_DEDUP)) {
4425 spa_close(spa, FTAG);
4426 return (SET_ERROR(ENOTSUP));
4427 }
4428
4429 error = ddt_prune_unique_entries(spa, (zpool_ddt_prune_unit_t)unit,
4430 amount);
4431
4432 spa_close(spa, FTAG);
4433
4434 return (error);
4435 }
4436
4437 /*
4438 * This ioctl waits for activity of a particular type to complete. If there is
4439 * no activity of that type in progress, it returns immediately, and the
4440 * returned value "waited" is false. If there is activity in progress, and no
4441 * tag is passed in, the ioctl blocks until all activity of that type is
4442 * complete, and then returns with "waited" set to true.
4443 *
4444 * If a tag is provided, it identifies a particular instance of an activity to
4445 * wait for. Currently, this is only valid for use with 'initialize', because
4446 * that is the only activity for which there can be multiple instances running
4447 * concurrently. In the case of 'initialize', the tag corresponds to the guid of
4448 * the vdev on which to wait.
4449 *
4450 * If a thread waiting in the ioctl receives a signal, the call will return
4451 * immediately, and the return value will be EINTR.
4452 *
4453 * innvl: {
4454 * "wait_activity" -> int32_t
4455 * (optional) "wait_tag" -> uint64_t
4456 * }
4457 *
4458 * outnvl: "waited" -> boolean_t
4459 */
4460 static const zfs_ioc_key_t zfs_keys_pool_wait[] = {
4461 {ZPOOL_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4462 {ZPOOL_WAIT_TAG, DATA_TYPE_UINT64, ZK_OPTIONAL},
4463 };
4464
4465 static int
zfs_ioc_wait(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4466 zfs_ioc_wait(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4467 {
4468 int32_t activity;
4469 uint64_t tag;
4470 boolean_t waited;
4471 int error;
4472
4473 if (nvlist_lookup_int32(innvl, ZPOOL_WAIT_ACTIVITY, &activity) != 0)
4474 return (EINVAL);
4475
4476 if (nvlist_lookup_uint64(innvl, ZPOOL_WAIT_TAG, &tag) == 0)
4477 error = spa_wait_tag(name, activity, tag, &waited);
4478 else
4479 error = spa_wait(name, activity, &waited);
4480
4481 if (error == 0)
4482 fnvlist_add_boolean_value(outnvl, ZPOOL_WAIT_WAITED, waited);
4483
4484 return (error);
4485 }
4486
4487 /*
4488 * This ioctl waits for activity of a particular type to complete. If there is
4489 * no activity of that type in progress, it returns immediately, and the
4490 * returned value "waited" is false. If there is activity in progress, and no
4491 * tag is passed in, the ioctl blocks until all activity of that type is
4492 * complete, and then returns with "waited" set to true.
4493 *
4494 * If a thread waiting in the ioctl receives a signal, the call will return
4495 * immediately, and the return value will be EINTR.
4496 *
4497 * innvl: {
4498 * "wait_activity" -> int32_t
4499 * }
4500 *
4501 * outnvl: "waited" -> boolean_t
4502 */
4503 static const zfs_ioc_key_t zfs_keys_fs_wait[] = {
4504 {ZFS_WAIT_ACTIVITY, DATA_TYPE_INT32, 0},
4505 };
4506
4507 static int
zfs_ioc_wait_fs(const char * name,nvlist_t * innvl,nvlist_t * outnvl)4508 zfs_ioc_wait_fs(const char *name, nvlist_t *innvl, nvlist_t *outnvl)
4509 {
4510 int32_t activity;
4511 boolean_t waited = B_FALSE;
4512 int error;
4513 dsl_pool_t *dp;
4514 dsl_dir_t *dd;
4515 dsl_dataset_t *ds;
4516
4517 if (nvlist_lookup_int32(innvl, ZFS_WAIT_ACTIVITY, &activity) != 0)
4518 return (SET_ERROR(EINVAL));
4519
4520 if (activity >= ZFS_WAIT_NUM_ACTIVITIES || activity < 0)
4521 return (SET_ERROR(EINVAL));
4522
4523 if ((error = dsl_pool_hold(name, FTAG, &dp)) != 0)
4524 return (error);
4525
4526 if ((error = dsl_dataset_hold(dp, name, FTAG, &ds)) != 0) {
4527 dsl_pool_rele(dp, FTAG);
4528 return (error);
4529 }
4530
4531 dd = ds->ds_dir;
4532 mutex_enter(&dd->dd_activity_lock);
4533 dd->dd_activity_waiters++;
4534
4535 /*
4536 * We get a long-hold here so that the dsl_dataset_t and dsl_dir_t
4537 * aren't evicted while we're waiting. Normally this is prevented by
4538 * holding the pool, but we can't do that while we're waiting since
4539 * that would prevent TXGs from syncing out. Some of the functionality
4540 * of long-holds (e.g. preventing deletion) is unnecessary for this
4541 * case, since we would cancel the waiters before proceeding with a
4542 * deletion. An alternative mechanism for keeping the dataset around
4543 * could be developed but this is simpler.
4544 */
4545 dsl_dataset_long_hold(ds, FTAG);
4546 dsl_pool_rele(dp, FTAG);
4547
4548 error = dsl_dir_wait(dd, ds, activity, &waited);
4549
4550 dsl_dataset_long_rele(ds, FTAG);
4551 dd->dd_activity_waiters--;
4552 if (dd->dd_activity_waiters == 0)
4553 cv_signal(&dd->dd_activity_cv);
4554 mutex_exit(&dd->dd_activity_lock);
4555
4556 dsl_dataset_rele(ds, FTAG);
4557
4558 if (error == 0)
4559 fnvlist_add_boolean_value(outnvl, ZFS_WAIT_WAITED, waited);
4560
4561 return (error);
4562 }
4563
4564 /*
4565 * fsname is name of dataset to rollback (to most recent snapshot)
4566 *
4567 * innvl may contain name of expected target snapshot
4568 *
4569 * outnvl: "target" -> name of most recent snapshot
4570 * }
4571 */
4572 static const zfs_ioc_key_t zfs_keys_rollback[] = {
4573 {"target", DATA_TYPE_STRING, ZK_OPTIONAL},
4574 };
4575
4576 static int
zfs_ioc_rollback(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)4577 zfs_ioc_rollback(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
4578 {
4579 zfsvfs_t *zfsvfs;
4580 zvol_state_handle_t *zv;
4581 const char *target = NULL;
4582 int error;
4583
4584 (void) nvlist_lookup_string(innvl, "target", &target);
4585 if (target != NULL) {
4586 const char *cp = strchr(target, '@');
4587
4588 /*
4589 * The snap name must contain an @, and the part after it must
4590 * contain only valid characters.
4591 */
4592 if (cp == NULL ||
4593 zfs_component_namecheck(cp + 1, NULL, NULL) != 0)
4594 return (SET_ERROR(EINVAL));
4595 }
4596
4597 if (getzfsvfs(fsname, &zfsvfs) == 0) {
4598 dsl_dataset_t *ds;
4599
4600 ds = dmu_objset_ds(zfsvfs->z_os);
4601 error = zfs_suspend_fs(zfsvfs);
4602 if (error == 0) {
4603 int resume_err;
4604
4605 error = dsl_dataset_rollback(fsname, target, zfsvfs,
4606 outnvl);
4607 resume_err = zfs_resume_fs(zfsvfs, ds);
4608 error = error ? error : resume_err;
4609 }
4610 zfs_vfs_rele(zfsvfs);
4611 } else if ((zv = zvol_suspend(fsname)) != NULL) {
4612 error = dsl_dataset_rollback(fsname, target, zvol_tag(zv),
4613 outnvl);
4614 zvol_resume(zv);
4615 } else {
4616 error = dsl_dataset_rollback(fsname, target, NULL, outnvl);
4617 }
4618 return (error);
4619 }
4620
4621 static int
recursive_unmount(const char * fsname,void * arg)4622 recursive_unmount(const char *fsname, void *arg)
4623 {
4624 const char *snapname = arg;
4625 char *fullname;
4626
4627 fullname = kmem_asprintf("%s@%s", fsname, snapname);
4628 zfs_unmount_snap(fullname);
4629 kmem_strfree(fullname);
4630
4631 return (0);
4632 }
4633
4634 /*
4635 *
4636 * snapname is the snapshot to redact.
4637 * innvl: {
4638 * "bookname" -> (string)
4639 * shortname of the redaction bookmark to generate
4640 * "snapnv" -> (nvlist, values ignored)
4641 * snapshots to redact snapname with respect to
4642 * }
4643 *
4644 * outnvl is unused
4645 */
4646
4647 static const zfs_ioc_key_t zfs_keys_redact[] = {
4648 {"bookname", DATA_TYPE_STRING, 0},
4649 {"snapnv", DATA_TYPE_NVLIST, 0},
4650 };
4651
4652 static int
zfs_ioc_redact(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)4653 zfs_ioc_redact(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
4654 {
4655 (void) outnvl;
4656 nvlist_t *redactnvl = NULL;
4657 const char *redactbook = NULL;
4658
4659 if (nvlist_lookup_nvlist(innvl, "snapnv", &redactnvl) != 0)
4660 return (SET_ERROR(EINVAL));
4661 if (fnvlist_num_pairs(redactnvl) == 0)
4662 return (SET_ERROR(ENXIO));
4663 if (nvlist_lookup_string(innvl, "bookname", &redactbook) != 0)
4664 return (SET_ERROR(EINVAL));
4665
4666 return (dmu_redact_snap(snapname, redactnvl, redactbook));
4667 }
4668
4669 /*
4670 * inputs:
4671 * zc_name old name of dataset
4672 * zc_value new name of dataset
4673 * zc_cookie recursive flag (only valid for snapshots)
4674 *
4675 * outputs: none
4676 */
4677 static int
zfs_ioc_rename(zfs_cmd_t * zc)4678 zfs_ioc_rename(zfs_cmd_t *zc)
4679 {
4680 objset_t *os;
4681 dmu_objset_type_t ost;
4682 boolean_t recursive = zc->zc_cookie & 1;
4683 boolean_t nounmount = !!(zc->zc_cookie & 2);
4684 char *at;
4685 int err;
4686
4687 /* "zfs rename" from and to ...%recv datasets should both fail */
4688 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
4689 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0';
4690 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
4691 dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
4692 strchr(zc->zc_name, '%') || strchr(zc->zc_value, '%'))
4693 return (SET_ERROR(EINVAL));
4694
4695 err = dmu_objset_hold(zc->zc_name, FTAG, &os);
4696 if (err != 0)
4697 return (err);
4698 ost = dmu_objset_type(os);
4699 dmu_objset_rele(os, FTAG);
4700
4701 at = strchr(zc->zc_name, '@');
4702 if (at != NULL) {
4703 /* snaps must be in same fs */
4704 int error;
4705
4706 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1))
4707 return (SET_ERROR(EXDEV));
4708 *at = '\0';
4709 if (ost == DMU_OST_ZFS && !nounmount) {
4710 error = dmu_objset_find(zc->zc_name,
4711 recursive_unmount, at + 1,
4712 recursive ? DS_FIND_CHILDREN : 0);
4713 if (error != 0) {
4714 *at = '@';
4715 return (error);
4716 }
4717 }
4718 error = dsl_dataset_rename_snapshot(zc->zc_name,
4719 at + 1, strchr(zc->zc_value, '@') + 1, recursive);
4720 *at = '@';
4721
4722 return (error);
4723 } else {
4724 return (dsl_dir_rename(zc->zc_name, zc->zc_value));
4725 }
4726 }
4727
4728 static int
zfs_check_settable(const char * dsname,nvpair_t * pair,cred_t * cr)4729 zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr)
4730 {
4731 const char *propname = nvpair_name(pair);
4732 boolean_t issnap = (strchr(dsname, '@') != NULL);
4733 zfs_prop_t prop = zfs_name_to_prop(propname);
4734 uint64_t intval, compval;
4735 int err;
4736
4737 if (prop == ZPROP_USERPROP) {
4738 if (zfs_prop_user(propname)) {
4739 if ((err = zfs_secpolicy_write_perms(dsname,
4740 ZFS_DELEG_PERM_USERPROP, cr)))
4741 return (err);
4742 return (0);
4743 }
4744
4745 if (!issnap && zfs_prop_userquota(propname)) {
4746 const char *perm = NULL;
4747 const char *uq_prefix =
4748 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA];
4749 const char *gq_prefix =
4750 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA];
4751 const char *uiq_prefix =
4752 zfs_userquota_prop_prefixes[ZFS_PROP_USEROBJQUOTA];
4753 const char *giq_prefix =
4754 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPOBJQUOTA];
4755 const char *pq_prefix =
4756 zfs_userquota_prop_prefixes[ZFS_PROP_PROJECTQUOTA];
4757 const char *piq_prefix = zfs_userquota_prop_prefixes[\
4758 ZFS_PROP_PROJECTOBJQUOTA];
4759
4760 if (strncmp(propname, uq_prefix,
4761 strlen(uq_prefix)) == 0) {
4762 perm = ZFS_DELEG_PERM_USERQUOTA;
4763 } else if (strncmp(propname, uiq_prefix,
4764 strlen(uiq_prefix)) == 0) {
4765 perm = ZFS_DELEG_PERM_USEROBJQUOTA;
4766 } else if (strncmp(propname, gq_prefix,
4767 strlen(gq_prefix)) == 0) {
4768 perm = ZFS_DELEG_PERM_GROUPQUOTA;
4769 } else if (strncmp(propname, giq_prefix,
4770 strlen(giq_prefix)) == 0) {
4771 perm = ZFS_DELEG_PERM_GROUPOBJQUOTA;
4772 } else if (strncmp(propname, pq_prefix,
4773 strlen(pq_prefix)) == 0) {
4774 perm = ZFS_DELEG_PERM_PROJECTQUOTA;
4775 } else if (strncmp(propname, piq_prefix,
4776 strlen(piq_prefix)) == 0) {
4777 perm = ZFS_DELEG_PERM_PROJECTOBJQUOTA;
4778 } else {
4779 /* {USER|GROUP|PROJECT}USED are read-only */
4780 return (SET_ERROR(EINVAL));
4781 }
4782
4783 if ((err = zfs_secpolicy_write_perms(dsname, perm, cr)))
4784 return (err);
4785 return (0);
4786 }
4787
4788 return (SET_ERROR(EINVAL));
4789 }
4790
4791 if (issnap)
4792 return (SET_ERROR(EINVAL));
4793
4794 if (nvpair_type(pair) == DATA_TYPE_NVLIST) {
4795 /*
4796 * dsl_prop_get_all_impl() returns properties in this
4797 * format.
4798 */
4799 nvlist_t *attrs;
4800 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0);
4801 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
4802 &pair) == 0);
4803 }
4804
4805 /*
4806 * Check that this value is valid for this pool version
4807 */
4808 switch (prop) {
4809 case ZFS_PROP_COMPRESSION:
4810 /*
4811 * If the user specified gzip compression, make sure
4812 * the SPA supports it. We ignore any errors here since
4813 * we'll catch them later.
4814 */
4815 if (nvpair_value_uint64(pair, &intval) == 0) {
4816 compval = ZIO_COMPRESS_ALGO(intval);
4817 if (compval >= ZIO_COMPRESS_GZIP_1 &&
4818 compval <= ZIO_COMPRESS_GZIP_9 &&
4819 zfs_earlier_version(dsname,
4820 SPA_VERSION_GZIP_COMPRESSION)) {
4821 return (SET_ERROR(ENOTSUP));
4822 }
4823
4824 if (compval == ZIO_COMPRESS_ZLE &&
4825 zfs_earlier_version(dsname,
4826 SPA_VERSION_ZLE_COMPRESSION))
4827 return (SET_ERROR(ENOTSUP));
4828
4829 if (compval == ZIO_COMPRESS_LZ4) {
4830 spa_t *spa;
4831
4832 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4833 return (err);
4834
4835 if (!spa_feature_is_enabled(spa,
4836 SPA_FEATURE_LZ4_COMPRESS)) {
4837 spa_close(spa, FTAG);
4838 return (SET_ERROR(ENOTSUP));
4839 }
4840 spa_close(spa, FTAG);
4841 }
4842
4843 if (compval == ZIO_COMPRESS_ZSTD) {
4844 spa_t *spa;
4845
4846 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4847 return (err);
4848
4849 if (!spa_feature_is_enabled(spa,
4850 SPA_FEATURE_ZSTD_COMPRESS)) {
4851 spa_close(spa, FTAG);
4852 return (SET_ERROR(ENOTSUP));
4853 }
4854 spa_close(spa, FTAG);
4855 }
4856 }
4857 break;
4858
4859 case ZFS_PROP_COPIES:
4860 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS))
4861 return (SET_ERROR(ENOTSUP));
4862 break;
4863
4864 case ZFS_PROP_VOLBLOCKSIZE:
4865 case ZFS_PROP_RECORDSIZE:
4866 /* Record sizes above 128k need the feature to be enabled */
4867 if (nvpair_value_uint64(pair, &intval) == 0 &&
4868 intval > SPA_OLD_MAXBLOCKSIZE) {
4869 spa_t *spa;
4870
4871 /*
4872 * We don't allow setting the property above 1MB,
4873 * unless the tunable has been changed.
4874 */
4875 if (intval > zfs_max_recordsize ||
4876 intval > SPA_MAXBLOCKSIZE)
4877 return (SET_ERROR(ERANGE));
4878
4879 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4880 return (err);
4881
4882 if (!spa_feature_is_enabled(spa,
4883 SPA_FEATURE_LARGE_BLOCKS)) {
4884 spa_close(spa, FTAG);
4885 return (SET_ERROR(ENOTSUP));
4886 }
4887 spa_close(spa, FTAG);
4888 }
4889 break;
4890
4891 case ZFS_PROP_DNODESIZE:
4892 /* Dnode sizes above 512 need the feature to be enabled */
4893 if (nvpair_value_uint64(pair, &intval) == 0 &&
4894 intval != ZFS_DNSIZE_LEGACY) {
4895 spa_t *spa;
4896
4897 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4898 return (err);
4899
4900 if (!spa_feature_is_enabled(spa,
4901 SPA_FEATURE_LARGE_DNODE)) {
4902 spa_close(spa, FTAG);
4903 return (SET_ERROR(ENOTSUP));
4904 }
4905 spa_close(spa, FTAG);
4906 }
4907 break;
4908
4909 case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
4910 /*
4911 * This property could require the allocation classes
4912 * feature to be active for setting, however we allow
4913 * it so that tests of settable properties succeed.
4914 * The CLI will issue a warning in this case.
4915 */
4916 break;
4917
4918 case ZFS_PROP_SHARESMB:
4919 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID))
4920 return (SET_ERROR(ENOTSUP));
4921 break;
4922
4923 case ZFS_PROP_ACLINHERIT:
4924 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4925 nvpair_value_uint64(pair, &intval) == 0) {
4926 if (intval == ZFS_ACL_PASSTHROUGH_X &&
4927 zfs_earlier_version(dsname,
4928 SPA_VERSION_PASSTHROUGH_X))
4929 return (SET_ERROR(ENOTSUP));
4930 }
4931 break;
4932 case ZFS_PROP_CHECKSUM:
4933 case ZFS_PROP_DEDUP:
4934 {
4935 spa_feature_t feature;
4936 spa_t *spa;
4937 int err;
4938
4939 /* dedup feature version checks */
4940 if (prop == ZFS_PROP_DEDUP &&
4941 zfs_earlier_version(dsname, SPA_VERSION_DEDUP))
4942 return (SET_ERROR(ENOTSUP));
4943
4944 if (nvpair_type(pair) == DATA_TYPE_UINT64 &&
4945 nvpair_value_uint64(pair, &intval) == 0) {
4946 /* check prop value is enabled in features */
4947 feature = zio_checksum_to_feature(
4948 intval & ZIO_CHECKSUM_MASK);
4949 if (feature == SPA_FEATURE_NONE)
4950 break;
4951
4952 if ((err = spa_open(dsname, &spa, FTAG)) != 0)
4953 return (err);
4954
4955 if (!spa_feature_is_enabled(spa, feature)) {
4956 spa_close(spa, FTAG);
4957 return (SET_ERROR(ENOTSUP));
4958 }
4959 spa_close(spa, FTAG);
4960 }
4961 break;
4962 }
4963
4964 default:
4965 break;
4966 }
4967
4968 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED()));
4969 }
4970
4971 /*
4972 * Removes properties from the given props list that fail permission checks
4973 * needed to clear them and to restore them in case of a receive error. For each
4974 * property, make sure we have both set and inherit permissions.
4975 *
4976 * Returns the first error encountered if any permission checks fail. If the
4977 * caller provides a non-NULL errlist, it also gives the complete list of names
4978 * of all the properties that failed a permission check along with the
4979 * corresponding error numbers. The caller is responsible for freeing the
4980 * returned errlist.
4981 *
4982 * If every property checks out successfully, zero is returned and the list
4983 * pointed at by errlist is NULL.
4984 */
4985 static int
zfs_check_clearable(const char * dataset,nvlist_t * props,nvlist_t ** errlist)4986 zfs_check_clearable(const char *dataset, nvlist_t *props, nvlist_t **errlist)
4987 {
4988 zfs_cmd_t *zc;
4989 nvpair_t *pair, *next_pair;
4990 nvlist_t *errors;
4991 int err, rv = 0;
4992
4993 if (props == NULL)
4994 return (0);
4995
4996 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0);
4997
4998 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP);
4999 (void) strlcpy(zc->zc_name, dataset, sizeof (zc->zc_name));
5000 pair = nvlist_next_nvpair(props, NULL);
5001 while (pair != NULL) {
5002 next_pair = nvlist_next_nvpair(props, pair);
5003
5004 (void) strlcpy(zc->zc_value, nvpair_name(pair),
5005 sizeof (zc->zc_value));
5006 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 ||
5007 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) {
5008 VERIFY(nvlist_remove_nvpair(props, pair) == 0);
5009 VERIFY(nvlist_add_int32(errors,
5010 zc->zc_value, err) == 0);
5011 }
5012 pair = next_pair;
5013 }
5014 kmem_free(zc, sizeof (zfs_cmd_t));
5015
5016 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) {
5017 nvlist_free(errors);
5018 errors = NULL;
5019 } else {
5020 VERIFY(nvpair_value_int32(pair, &rv) == 0);
5021 }
5022
5023 if (errlist == NULL)
5024 nvlist_free(errors);
5025 else
5026 *errlist = errors;
5027
5028 return (rv);
5029 }
5030
5031 static boolean_t
propval_equals(nvpair_t * p1,nvpair_t * p2)5032 propval_equals(nvpair_t *p1, nvpair_t *p2)
5033 {
5034 if (nvpair_type(p1) == DATA_TYPE_NVLIST) {
5035 /* dsl_prop_get_all_impl() format */
5036 nvlist_t *attrs;
5037 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0);
5038 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
5039 &p1) == 0);
5040 }
5041
5042 if (nvpair_type(p2) == DATA_TYPE_NVLIST) {
5043 nvlist_t *attrs;
5044 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0);
5045 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE,
5046 &p2) == 0);
5047 }
5048
5049 if (nvpair_type(p1) != nvpair_type(p2))
5050 return (B_FALSE);
5051
5052 if (nvpair_type(p1) == DATA_TYPE_STRING) {
5053 const char *valstr1, *valstr2;
5054
5055 VERIFY(nvpair_value_string(p1, &valstr1) == 0);
5056 VERIFY(nvpair_value_string(p2, &valstr2) == 0);
5057 return (strcmp(valstr1, valstr2) == 0);
5058 } else {
5059 uint64_t intval1, intval2;
5060
5061 VERIFY(nvpair_value_uint64(p1, &intval1) == 0);
5062 VERIFY(nvpair_value_uint64(p2, &intval2) == 0);
5063 return (intval1 == intval2);
5064 }
5065 }
5066
5067 /*
5068 * Remove properties from props if they are not going to change (as determined
5069 * by comparison with origprops). Remove them from origprops as well, since we
5070 * do not need to clear or restore properties that won't change.
5071 */
5072 static void
props_reduce(nvlist_t * props,nvlist_t * origprops)5073 props_reduce(nvlist_t *props, nvlist_t *origprops)
5074 {
5075 nvpair_t *pair, *next_pair;
5076
5077 if (origprops == NULL)
5078 return; /* all props need to be received */
5079
5080 pair = nvlist_next_nvpair(props, NULL);
5081 while (pair != NULL) {
5082 const char *propname = nvpair_name(pair);
5083 nvpair_t *match;
5084
5085 next_pair = nvlist_next_nvpair(props, pair);
5086
5087 if ((nvlist_lookup_nvpair(origprops, propname,
5088 &match) != 0) || !propval_equals(pair, match))
5089 goto next; /* need to set received value */
5090
5091 /* don't clear the existing received value */
5092 (void) nvlist_remove_nvpair(origprops, match);
5093 /* don't bother receiving the property */
5094 (void) nvlist_remove_nvpair(props, pair);
5095 next:
5096 pair = next_pair;
5097 }
5098 }
5099
5100 /*
5101 * Extract properties that cannot be set PRIOR to the receipt of a dataset.
5102 * For example, refquota cannot be set until after the receipt of a dataset,
5103 * because in replication streams, an older/earlier snapshot may exceed the
5104 * refquota. We want to receive the older/earlier snapshot, but setting
5105 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent
5106 * the older/earlier snapshot from being received (with EDQUOT).
5107 *
5108 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario.
5109 *
5110 * libzfs will need to be judicious handling errors encountered by props
5111 * extracted by this function.
5112 */
5113 static nvlist_t *
extract_delay_props(nvlist_t * props)5114 extract_delay_props(nvlist_t *props)
5115 {
5116 nvlist_t *delayprops;
5117 nvpair_t *nvp, *tmp;
5118 static const zfs_prop_t delayable[] = {
5119 ZFS_PROP_REFQUOTA,
5120 ZFS_PROP_KEYLOCATION,
5121 /*
5122 * Setting ZFS_PROP_SHARESMB requires the objset type to be
5123 * known, which is not possible prior to receipt of raw sends.
5124 */
5125 ZFS_PROP_SHARESMB,
5126 0
5127 };
5128 int i;
5129
5130 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0);
5131
5132 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL;
5133 nvp = nvlist_next_nvpair(props, nvp)) {
5134 /*
5135 * strcmp() is safe because zfs_prop_to_name() always returns
5136 * a bounded string.
5137 */
5138 for (i = 0; delayable[i] != 0; i++) {
5139 if (strcmp(zfs_prop_to_name(delayable[i]),
5140 nvpair_name(nvp)) == 0) {
5141 break;
5142 }
5143 }
5144 if (delayable[i] != 0) {
5145 tmp = nvlist_prev_nvpair(props, nvp);
5146 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0);
5147 VERIFY(nvlist_remove_nvpair(props, nvp) == 0);
5148 nvp = tmp;
5149 }
5150 }
5151
5152 if (nvlist_empty(delayprops)) {
5153 nvlist_free(delayprops);
5154 delayprops = NULL;
5155 }
5156 return (delayprops);
5157 }
5158
5159 static void
zfs_allow_log_destroy(void * arg)5160 zfs_allow_log_destroy(void *arg)
5161 {
5162 char *poolname = arg;
5163
5164 if (poolname != NULL)
5165 kmem_strfree(poolname);
5166 }
5167
5168 #ifdef ZFS_DEBUG
5169 static boolean_t zfs_ioc_recv_inject_err;
5170 #endif
5171
5172 /*
5173 * nvlist 'errors' is always allocated. It will contain descriptions of
5174 * encountered errors, if any. It's the callers responsibility to free.
5175 */
5176 static int
zfs_ioc_recv_impl(char * tofs,char * tosnap,const char * origin,nvlist_t * recvprops,nvlist_t * localprops,nvlist_t * hidden_args,boolean_t force,boolean_t heal,boolean_t resumable,int input_fd,dmu_replay_record_t * begin_record,uint64_t * read_bytes,uint64_t * errflags,nvlist_t ** errors)5177 zfs_ioc_recv_impl(char *tofs, char *tosnap, const char *origin,
5178 nvlist_t *recvprops, nvlist_t *localprops, nvlist_t *hidden_args,
5179 boolean_t force, boolean_t heal, boolean_t resumable, int input_fd,
5180 dmu_replay_record_t *begin_record, uint64_t *read_bytes,
5181 uint64_t *errflags, nvlist_t **errors)
5182 {
5183 dmu_recv_cookie_t drc;
5184 int error = 0;
5185 int props_error = 0;
5186 offset_t off, noff;
5187 nvlist_t *local_delayprops = NULL;
5188 nvlist_t *recv_delayprops = NULL;
5189 nvlist_t *inherited_delayprops = NULL;
5190 nvlist_t *origprops = NULL; /* existing properties */
5191 nvlist_t *origrecvd = NULL; /* existing received properties */
5192 boolean_t first_recvd_props = B_FALSE;
5193 boolean_t tofs_was_redacted;
5194 zfs_file_t *input_fp;
5195
5196 *read_bytes = 0;
5197 *errflags = 0;
5198 *errors = fnvlist_alloc();
5199 off = 0;
5200
5201 if ((input_fp = zfs_file_get(input_fd)) == NULL)
5202 return (SET_ERROR(EBADF));
5203
5204 noff = off = zfs_file_off(input_fp);
5205 error = dmu_recv_begin(tofs, tosnap, begin_record, force, heal,
5206 resumable, localprops, hidden_args, origin, &drc, input_fp,
5207 &off);
5208 if (error != 0)
5209 goto out;
5210 tofs_was_redacted = dsl_get_redacted(drc.drc_ds);
5211
5212 /*
5213 * Set properties before we receive the stream so that they are applied
5214 * to the new data. Note that we must call dmu_recv_stream() if
5215 * dmu_recv_begin() succeeds.
5216 */
5217 if (recvprops != NULL && !drc.drc_newfs) {
5218 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >=
5219 SPA_VERSION_RECVD_PROPS &&
5220 !dsl_prop_get_hasrecvd(tofs))
5221 first_recvd_props = B_TRUE;
5222
5223 /*
5224 * If new received properties are supplied, they are to
5225 * completely replace the existing received properties,
5226 * so stash away the existing ones.
5227 */
5228 if (dsl_prop_get_received(tofs, &origrecvd) == 0) {
5229 nvlist_t *errlist = NULL;
5230 /*
5231 * Don't bother writing a property if its value won't
5232 * change (and avoid the unnecessary security checks).
5233 *
5234 * The first receive after SPA_VERSION_RECVD_PROPS is a
5235 * special case where we blow away all local properties
5236 * regardless.
5237 */
5238 if (!first_recvd_props)
5239 props_reduce(recvprops, origrecvd);
5240 if (zfs_check_clearable(tofs, origrecvd, &errlist) != 0)
5241 (void) nvlist_merge(*errors, errlist, 0);
5242 nvlist_free(errlist);
5243
5244 if (clear_received_props(tofs, origrecvd,
5245 first_recvd_props ? NULL : recvprops) != 0)
5246 *errflags |= ZPROP_ERR_NOCLEAR;
5247 } else {
5248 *errflags |= ZPROP_ERR_NOCLEAR;
5249 }
5250 }
5251
5252 /*
5253 * Stash away existing properties so we can restore them on error unless
5254 * we're doing the first receive after SPA_VERSION_RECVD_PROPS, in which
5255 * case "origrecvd" will take care of that.
5256 */
5257 if (localprops != NULL && !drc.drc_newfs && !first_recvd_props) {
5258 objset_t *os;
5259 if (dmu_objset_hold(tofs, FTAG, &os) == 0) {
5260 if (dsl_prop_get_all(os, &origprops) != 0) {
5261 *errflags |= ZPROP_ERR_NOCLEAR;
5262 }
5263 dmu_objset_rele(os, FTAG);
5264 } else {
5265 *errflags |= ZPROP_ERR_NOCLEAR;
5266 }
5267 }
5268
5269 if (recvprops != NULL) {
5270 props_error = dsl_prop_set_hasrecvd(tofs);
5271
5272 if (props_error == 0) {
5273 recv_delayprops = extract_delay_props(recvprops);
5274 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5275 recvprops, *errors);
5276 }
5277 }
5278
5279 if (localprops != NULL) {
5280 nvlist_t *oprops = fnvlist_alloc();
5281 nvlist_t *xprops = fnvlist_alloc();
5282 nvpair_t *nvp = NULL;
5283
5284 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5285 if (nvpair_type(nvp) == DATA_TYPE_BOOLEAN) {
5286 /* -x property */
5287 const char *name = nvpair_name(nvp);
5288 zfs_prop_t prop = zfs_name_to_prop(name);
5289 if (prop != ZPROP_USERPROP) {
5290 if (!zfs_prop_inheritable(prop))
5291 continue;
5292 } else if (!zfs_prop_user(name))
5293 continue;
5294 fnvlist_add_boolean(xprops, name);
5295 } else {
5296 /* -o property=value */
5297 fnvlist_add_nvpair(oprops, nvp);
5298 }
5299 }
5300
5301 local_delayprops = extract_delay_props(oprops);
5302 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5303 oprops, *errors);
5304 inherited_delayprops = extract_delay_props(xprops);
5305 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5306 xprops, *errors);
5307
5308 nvlist_free(oprops);
5309 nvlist_free(xprops);
5310 }
5311
5312 error = dmu_recv_stream(&drc, &off);
5313
5314 if (error == 0) {
5315 zfsvfs_t *zfsvfs = NULL;
5316 zvol_state_handle_t *zv = NULL;
5317
5318 if (getzfsvfs(tofs, &zfsvfs) == 0) {
5319 /* online recv */
5320 dsl_dataset_t *ds;
5321 int end_err;
5322 boolean_t stream_is_redacted = DMU_GET_FEATUREFLAGS(
5323 begin_record->drr_u.drr_begin.
5324 drr_versioninfo) & DMU_BACKUP_FEATURE_REDACTED;
5325
5326 ds = dmu_objset_ds(zfsvfs->z_os);
5327 error = zfs_suspend_fs(zfsvfs);
5328 /*
5329 * If the suspend fails, then the recv_end will
5330 * likely also fail, and clean up after itself.
5331 */
5332 end_err = dmu_recv_end(&drc, zfsvfs);
5333 /*
5334 * If the dataset was not redacted, but we received a
5335 * redacted stream onto it, we need to unmount the
5336 * dataset. Otherwise, resume the filesystem.
5337 */
5338 if (error == 0 && !drc.drc_newfs &&
5339 stream_is_redacted && !tofs_was_redacted) {
5340 error = zfs_end_fs(zfsvfs, ds);
5341 } else if (error == 0) {
5342 error = zfs_resume_fs(zfsvfs, ds);
5343 }
5344 error = error ? error : end_err;
5345 zfs_vfs_rele(zfsvfs);
5346 } else if ((zv = zvol_suspend(tofs)) != NULL) {
5347 error = dmu_recv_end(&drc, zvol_tag(zv));
5348 zvol_resume(zv);
5349 } else {
5350 error = dmu_recv_end(&drc, NULL);
5351 }
5352
5353 /* Set delayed properties now, after we're done receiving. */
5354 if (recv_delayprops != NULL && error == 0) {
5355 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED,
5356 recv_delayprops, *errors);
5357 }
5358 if (local_delayprops != NULL && error == 0) {
5359 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL,
5360 local_delayprops, *errors);
5361 }
5362 if (inherited_delayprops != NULL && error == 0) {
5363 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED,
5364 inherited_delayprops, *errors);
5365 }
5366 }
5367
5368 /*
5369 * Merge delayed props back in with initial props, in case
5370 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means
5371 * we have to make sure clear_received_props() includes
5372 * the delayed properties).
5373 *
5374 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels,
5375 * using ASSERT() will be just like a VERIFY.
5376 */
5377 if (recv_delayprops != NULL) {
5378 ASSERT(nvlist_merge(recvprops, recv_delayprops, 0) == 0);
5379 nvlist_free(recv_delayprops);
5380 }
5381 if (local_delayprops != NULL) {
5382 ASSERT(nvlist_merge(localprops, local_delayprops, 0) == 0);
5383 nvlist_free(local_delayprops);
5384 }
5385 if (inherited_delayprops != NULL) {
5386 ASSERT(nvlist_merge(localprops, inherited_delayprops, 0) == 0);
5387 nvlist_free(inherited_delayprops);
5388 }
5389 *read_bytes = off - noff;
5390
5391 #ifdef ZFS_DEBUG
5392 if (zfs_ioc_recv_inject_err) {
5393 zfs_ioc_recv_inject_err = B_FALSE;
5394 error = 1;
5395 }
5396 #endif
5397
5398 /*
5399 * On error, restore the original props.
5400 */
5401 if (error != 0 && recvprops != NULL && !drc.drc_newfs) {
5402 if (clear_received_props(tofs, recvprops, NULL) != 0) {
5403 /*
5404 * We failed to clear the received properties.
5405 * Since we may have left a $recvd value on the
5406 * system, we can't clear the $hasrecvd flag.
5407 */
5408 *errflags |= ZPROP_ERR_NORESTORE;
5409 } else if (first_recvd_props) {
5410 dsl_prop_unset_hasrecvd(tofs);
5411 }
5412
5413 if (origrecvd == NULL && !drc.drc_newfs) {
5414 /* We failed to stash the original properties. */
5415 *errflags |= ZPROP_ERR_NORESTORE;
5416 }
5417
5418 /*
5419 * dsl_props_set() will not convert RECEIVED to LOCAL on or
5420 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL
5421 * explicitly if we're restoring local properties cleared in the
5422 * first new-style receive.
5423 */
5424 if (origrecvd != NULL &&
5425 zfs_set_prop_nvlist(tofs, (first_recvd_props ?
5426 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED),
5427 origrecvd, NULL) != 0) {
5428 /*
5429 * We stashed the original properties but failed to
5430 * restore them.
5431 */
5432 *errflags |= ZPROP_ERR_NORESTORE;
5433 }
5434 }
5435 if (error != 0 && localprops != NULL && !drc.drc_newfs &&
5436 !first_recvd_props) {
5437 nvlist_t *setprops;
5438 nvlist_t *inheritprops;
5439 nvpair_t *nvp;
5440
5441 if (origprops == NULL) {
5442 /* We failed to stash the original properties. */
5443 *errflags |= ZPROP_ERR_NORESTORE;
5444 goto out;
5445 }
5446
5447 /* Restore original props */
5448 setprops = fnvlist_alloc();
5449 inheritprops = fnvlist_alloc();
5450 nvp = NULL;
5451 while ((nvp = nvlist_next_nvpair(localprops, nvp)) != NULL) {
5452 const char *name = nvpair_name(nvp);
5453 const char *source;
5454 nvlist_t *attrs;
5455
5456 if (!nvlist_exists(origprops, name)) {
5457 /*
5458 * Property was not present or was explicitly
5459 * inherited before the receive, restore this.
5460 */
5461 fnvlist_add_boolean(inheritprops, name);
5462 continue;
5463 }
5464 attrs = fnvlist_lookup_nvlist(origprops, name);
5465 source = fnvlist_lookup_string(attrs, ZPROP_SOURCE);
5466
5467 /* Skip received properties */
5468 if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0)
5469 continue;
5470
5471 if (strcmp(source, tofs) == 0) {
5472 /* Property was locally set */
5473 fnvlist_add_nvlist(setprops, name, attrs);
5474 } else {
5475 /* Property was implicitly inherited */
5476 fnvlist_add_boolean(inheritprops, name);
5477 }
5478 }
5479
5480 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_LOCAL, setprops,
5481 NULL) != 0)
5482 *errflags |= ZPROP_ERR_NORESTORE;
5483 if (zfs_set_prop_nvlist(tofs, ZPROP_SRC_INHERITED, inheritprops,
5484 NULL) != 0)
5485 *errflags |= ZPROP_ERR_NORESTORE;
5486
5487 nvlist_free(setprops);
5488 nvlist_free(inheritprops);
5489 }
5490 out:
5491 zfs_file_put(input_fp);
5492 nvlist_free(origrecvd);
5493 nvlist_free(origprops);
5494
5495 if (error == 0)
5496 error = props_error;
5497
5498 return (error);
5499 }
5500
5501 /*
5502 * inputs:
5503 * zc_name name of containing filesystem (unused)
5504 * zc_nvlist_src{_size} nvlist of properties to apply
5505 * zc_nvlist_conf{_size} nvlist of properties to exclude
5506 * (DATA_TYPE_BOOLEAN) and override (everything else)
5507 * zc_value name of snapshot to create
5508 * zc_string name of clone origin (if DRR_FLAG_CLONE)
5509 * zc_cookie file descriptor to recv from
5510 * zc_begin_record the BEGIN record of the stream (not byteswapped)
5511 * zc_guid force flag
5512 *
5513 * outputs:
5514 * zc_cookie number of bytes read
5515 * zc_obj zprop_errflags_t
5516 * zc_nvlist_dst{_size} error for each unapplied received property
5517 */
5518 static int
zfs_ioc_recv(zfs_cmd_t * zc)5519 zfs_ioc_recv(zfs_cmd_t *zc)
5520 {
5521 dmu_replay_record_t begin_record;
5522 nvlist_t *errors = NULL;
5523 nvlist_t *recvdprops = NULL;
5524 nvlist_t *localprops = NULL;
5525 const char *origin = NULL;
5526 char *tosnap;
5527 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5528 int error = 0;
5529
5530 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
5531 strchr(zc->zc_value, '@') == NULL ||
5532 strchr(zc->zc_value, '%') != NULL) {
5533 return (SET_ERROR(EINVAL));
5534 }
5535
5536 (void) strlcpy(tofs, zc->zc_value, sizeof (tofs));
5537 tosnap = strchr(tofs, '@');
5538 *tosnap++ = '\0';
5539
5540 if (zc->zc_nvlist_src != 0 &&
5541 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
5542 zc->zc_iflags, &recvdprops)) != 0) {
5543 goto out;
5544 }
5545
5546 if (zc->zc_nvlist_conf != 0 &&
5547 (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size,
5548 zc->zc_iflags, &localprops)) != 0) {
5549 goto out;
5550 }
5551
5552 if (zc->zc_string[0])
5553 origin = zc->zc_string;
5554
5555 begin_record.drr_type = DRR_BEGIN;
5556 begin_record.drr_payloadlen = 0;
5557 begin_record.drr_u.drr_begin = zc->zc_begin_record;
5558
5559 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvdprops, localprops,
5560 NULL, zc->zc_guid, B_FALSE, B_FALSE, zc->zc_cookie, &begin_record,
5561 &zc->zc_cookie, &zc->zc_obj, &errors);
5562
5563 /*
5564 * Now that all props, initial and delayed, are set, report the prop
5565 * errors to the caller.
5566 */
5567 if (zc->zc_nvlist_dst_size != 0 && errors != NULL &&
5568 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 ||
5569 put_nvlist(zc, errors) != 0)) {
5570 /*
5571 * Caller made zc->zc_nvlist_dst less than the minimum expected
5572 * size or supplied an invalid address.
5573 */
5574 error = SET_ERROR(EINVAL);
5575 }
5576
5577 out:
5578 nvlist_free(errors);
5579 nvlist_free(recvdprops);
5580 nvlist_free(localprops);
5581
5582 return (error);
5583 }
5584
5585 /*
5586 * innvl: {
5587 * "snapname" -> full name of the snapshot to create
5588 * (optional) "props" -> received properties to set (nvlist)
5589 * (optional) "localprops" -> override and exclude properties (nvlist)
5590 * (optional) "origin" -> name of clone origin (DRR_FLAG_CLONE)
5591 * "begin_record" -> non-byteswapped dmu_replay_record_t
5592 * "input_fd" -> file descriptor to read stream from (int32)
5593 * (optional) "force" -> force flag (value ignored)
5594 * (optional) "heal" -> use send stream to heal data corruption
5595 * (optional) "resumable" -> resumable flag (value ignored)
5596 * (optional) "cleanup_fd" -> unused
5597 * (optional) "action_handle" -> unused
5598 * (optional) "hidden_args" -> { "wkeydata" -> value }
5599 * }
5600 *
5601 * outnvl: {
5602 * "read_bytes" -> number of bytes read
5603 * "error_flags" -> zprop_errflags_t
5604 * "errors" -> error for each unapplied received property (nvlist)
5605 * }
5606 */
5607 static const zfs_ioc_key_t zfs_keys_recv_new[] = {
5608 {"snapname", DATA_TYPE_STRING, 0},
5609 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5610 {"localprops", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5611 {"origin", DATA_TYPE_STRING, ZK_OPTIONAL},
5612 {"begin_record", DATA_TYPE_BYTE_ARRAY, 0},
5613 {"input_fd", DATA_TYPE_INT32, 0},
5614 {"force", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5615 {"heal", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5616 {"resumable", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
5617 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
5618 {"action_handle", DATA_TYPE_UINT64, ZK_OPTIONAL},
5619 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
5620 };
5621
5622 static int
zfs_ioc_recv_new(const char * fsname,nvlist_t * innvl,nvlist_t * outnvl)5623 zfs_ioc_recv_new(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl)
5624 {
5625 dmu_replay_record_t *begin_record;
5626 uint_t begin_record_size;
5627 nvlist_t *errors = NULL;
5628 nvlist_t *recvprops = NULL;
5629 nvlist_t *localprops = NULL;
5630 nvlist_t *hidden_args = NULL;
5631 const char *snapname;
5632 const char *origin = NULL;
5633 char *tosnap;
5634 char tofs[ZFS_MAX_DATASET_NAME_LEN];
5635 boolean_t force;
5636 boolean_t heal;
5637 boolean_t resumable;
5638 uint64_t read_bytes = 0;
5639 uint64_t errflags = 0;
5640 int input_fd = -1;
5641 int error;
5642
5643 snapname = fnvlist_lookup_string(innvl, "snapname");
5644
5645 if (dataset_namecheck(snapname, NULL, NULL) != 0 ||
5646 strchr(snapname, '@') == NULL ||
5647 strchr(snapname, '%') != NULL) {
5648 return (SET_ERROR(EINVAL));
5649 }
5650
5651 (void) strlcpy(tofs, snapname, sizeof (tofs));
5652 tosnap = strchr(tofs, '@');
5653 *tosnap++ = '\0';
5654
5655 error = nvlist_lookup_string(innvl, "origin", &origin);
5656 if (error && error != ENOENT)
5657 return (error);
5658
5659 error = nvlist_lookup_byte_array(innvl, "begin_record",
5660 (uchar_t **)&begin_record, &begin_record_size);
5661 if (error != 0 || begin_record_size != sizeof (*begin_record))
5662 return (SET_ERROR(EINVAL));
5663
5664 input_fd = fnvlist_lookup_int32(innvl, "input_fd");
5665
5666 force = nvlist_exists(innvl, "force");
5667 heal = nvlist_exists(innvl, "heal");
5668 resumable = nvlist_exists(innvl, "resumable");
5669
5670 /* we still use "props" here for backwards compatibility */
5671 error = nvlist_lookup_nvlist(innvl, "props", &recvprops);
5672 if (error && error != ENOENT)
5673 goto out;
5674
5675 error = nvlist_lookup_nvlist(innvl, "localprops", &localprops);
5676 if (error && error != ENOENT)
5677 goto out;
5678
5679 error = nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
5680 if (error && error != ENOENT)
5681 goto out;
5682
5683 error = zfs_ioc_recv_impl(tofs, tosnap, origin, recvprops, localprops,
5684 hidden_args, force, heal, resumable, input_fd, begin_record,
5685 &read_bytes, &errflags, &errors);
5686
5687 fnvlist_add_uint64(outnvl, "read_bytes", read_bytes);
5688 fnvlist_add_uint64(outnvl, "error_flags", errflags);
5689 fnvlist_add_nvlist(outnvl, "errors", errors);
5690
5691 out:
5692 nvlist_free(errors);
5693 nvlist_free(recvprops);
5694 nvlist_free(localprops);
5695 nvlist_free(hidden_args);
5696
5697 return (error);
5698 }
5699
5700 /*
5701 * When stack space is limited, we write replication stream data to the target
5702 * on a separate taskq thread, to make sure there's enough stack space.
5703 */
5704 #ifndef HAVE_LARGE_STACKS
5705 #define USE_SEND_TASKQ 1
5706 #endif
5707
5708 typedef struct dump_bytes_io {
5709 zfs_file_t *dbi_fp;
5710 caddr_t dbi_buf;
5711 int dbi_len;
5712 int dbi_err;
5713 } dump_bytes_io_t;
5714
5715 static void
dump_bytes_cb(void * arg)5716 dump_bytes_cb(void *arg)
5717 {
5718 dump_bytes_io_t *dbi = (dump_bytes_io_t *)arg;
5719 zfs_file_t *fp;
5720 caddr_t buf;
5721
5722 fp = dbi->dbi_fp;
5723 buf = dbi->dbi_buf;
5724
5725 dbi->dbi_err = zfs_file_write(fp, buf, dbi->dbi_len, NULL);
5726 }
5727
5728 typedef struct dump_bytes_arg {
5729 zfs_file_t *dba_fp;
5730 #ifdef USE_SEND_TASKQ
5731 taskq_t *dba_tq;
5732 taskq_ent_t dba_tqent;
5733 #endif
5734 } dump_bytes_arg_t;
5735
5736 static int
dump_bytes(objset_t * os,void * buf,int len,void * arg)5737 dump_bytes(objset_t *os, void *buf, int len, void *arg)
5738 {
5739 dump_bytes_arg_t *dba = (dump_bytes_arg_t *)arg;
5740 dump_bytes_io_t dbi;
5741
5742 dbi.dbi_fp = dba->dba_fp;
5743 dbi.dbi_buf = buf;
5744 dbi.dbi_len = len;
5745
5746 #ifdef USE_SEND_TASKQ
5747 taskq_dispatch_ent(dba->dba_tq, dump_bytes_cb, &dbi, TQ_SLEEP,
5748 &dba->dba_tqent);
5749 taskq_wait(dba->dba_tq);
5750 #else
5751 dump_bytes_cb(&dbi);
5752 #endif
5753
5754 return (dbi.dbi_err);
5755 }
5756
5757 static int
dump_bytes_init(dump_bytes_arg_t * dba,int fd,dmu_send_outparams_t * out)5758 dump_bytes_init(dump_bytes_arg_t *dba, int fd, dmu_send_outparams_t *out)
5759 {
5760 zfs_file_t *fp = zfs_file_get(fd);
5761 if (fp == NULL)
5762 return (SET_ERROR(EBADF));
5763
5764 dba->dba_fp = fp;
5765 #ifdef USE_SEND_TASKQ
5766 dba->dba_tq = taskq_create("z_send", 1, defclsyspri, 0, 0, 0);
5767 taskq_init_ent(&dba->dba_tqent);
5768 #endif
5769
5770 memset(out, 0, sizeof (dmu_send_outparams_t));
5771 out->dso_outfunc = dump_bytes;
5772 out->dso_arg = dba;
5773 out->dso_dryrun = B_FALSE;
5774
5775 return (0);
5776 }
5777
5778 static void
dump_bytes_fini(dump_bytes_arg_t * dba)5779 dump_bytes_fini(dump_bytes_arg_t *dba)
5780 {
5781 zfs_file_put(dba->dba_fp);
5782 #ifdef USE_SEND_TASKQ
5783 taskq_destroy(dba->dba_tq);
5784 #endif
5785 }
5786
5787 /*
5788 * inputs:
5789 * zc_name name of snapshot to send
5790 * zc_cookie file descriptor to send stream to
5791 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj)
5792 * zc_sendobj objsetid of snapshot to send
5793 * zc_fromobj objsetid of incremental fromsnap (may be zero)
5794 * zc_guid if set, estimate size of stream only. zc_cookie is ignored.
5795 * output size in zc_objset_type.
5796 * zc_flags lzc_send_flags
5797 *
5798 * outputs:
5799 * zc_objset_type estimated size, if zc_guid is set
5800 *
5801 * NOTE: This is no longer the preferred interface, any new functionality
5802 * should be added to zfs_ioc_send_new() instead.
5803 */
5804 static int
zfs_ioc_send(zfs_cmd_t * zc)5805 zfs_ioc_send(zfs_cmd_t *zc)
5806 {
5807 int error;
5808 offset_t off;
5809 boolean_t estimate = (zc->zc_guid != 0);
5810 boolean_t embedok = (zc->zc_flags & 0x1);
5811 boolean_t large_block_ok = (zc->zc_flags & 0x2);
5812 boolean_t compressok = (zc->zc_flags & 0x4);
5813 boolean_t rawok = (zc->zc_flags & 0x8);
5814 boolean_t savedok = (zc->zc_flags & 0x10);
5815
5816 if (zc->zc_obj != 0) {
5817 dsl_pool_t *dp;
5818 dsl_dataset_t *tosnap;
5819
5820 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5821 if (error != 0)
5822 return (error);
5823
5824 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap);
5825 if (error != 0) {
5826 dsl_pool_rele(dp, FTAG);
5827 return (error);
5828 }
5829
5830 if (dsl_dir_is_clone(tosnap->ds_dir))
5831 zc->zc_fromobj =
5832 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj;
5833 dsl_dataset_rele(tosnap, FTAG);
5834 dsl_pool_rele(dp, FTAG);
5835 }
5836
5837 if (estimate) {
5838 dsl_pool_t *dp;
5839 dsl_dataset_t *tosnap;
5840 dsl_dataset_t *fromsnap = NULL;
5841
5842 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5843 if (error != 0)
5844 return (error);
5845
5846 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj,
5847 FTAG, &tosnap);
5848 if (error != 0) {
5849 dsl_pool_rele(dp, FTAG);
5850 return (error);
5851 }
5852
5853 if (zc->zc_fromobj != 0) {
5854 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj,
5855 FTAG, &fromsnap);
5856 if (error != 0) {
5857 dsl_dataset_rele(tosnap, FTAG);
5858 dsl_pool_rele(dp, FTAG);
5859 return (error);
5860 }
5861 }
5862
5863 error = dmu_send_estimate_fast(tosnap, fromsnap, NULL,
5864 compressok || rawok, savedok, &zc->zc_objset_type);
5865
5866 if (fromsnap != NULL)
5867 dsl_dataset_rele(fromsnap, FTAG);
5868 dsl_dataset_rele(tosnap, FTAG);
5869 dsl_pool_rele(dp, FTAG);
5870 } else {
5871 dump_bytes_arg_t dba;
5872 dmu_send_outparams_t out;
5873 error = dump_bytes_init(&dba, zc->zc_cookie, &out);
5874 if (error)
5875 return (error);
5876
5877 off = zfs_file_off(dba.dba_fp);
5878 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj,
5879 zc->zc_fromobj, embedok, large_block_ok, compressok,
5880 rawok, savedok, zc->zc_cookie, &off, &out);
5881
5882 dump_bytes_fini(&dba);
5883 }
5884 return (error);
5885 }
5886
5887 /*
5888 * inputs:
5889 * zc_name name of snapshot on which to report progress
5890 * zc_cookie file descriptor of send stream
5891 *
5892 * outputs:
5893 * zc_cookie number of bytes written in send stream thus far
5894 * zc_objset_type logical size of data traversed by send thus far
5895 */
5896 static int
zfs_ioc_send_progress(zfs_cmd_t * zc)5897 zfs_ioc_send_progress(zfs_cmd_t *zc)
5898 {
5899 dsl_pool_t *dp;
5900 dsl_dataset_t *ds;
5901 dmu_sendstatus_t *dsp = NULL;
5902 int error;
5903
5904 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
5905 if (error != 0)
5906 return (error);
5907
5908 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
5909 if (error != 0) {
5910 dsl_pool_rele(dp, FTAG);
5911 return (error);
5912 }
5913
5914 mutex_enter(&ds->ds_sendstream_lock);
5915
5916 /*
5917 * Iterate over all the send streams currently active on this dataset.
5918 * If there's one which matches the specified file descriptor _and_ the
5919 * stream was started by the current process, return the progress of
5920 * that stream.
5921 */
5922
5923 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL;
5924 dsp = list_next(&ds->ds_sendstreams, dsp)) {
5925 if (dsp->dss_outfd == zc->zc_cookie &&
5926 zfs_proc_is_caller(dsp->dss_proc))
5927 break;
5928 }
5929
5930 if (dsp != NULL) {
5931 zc->zc_cookie = atomic_cas_64((volatile uint64_t *)dsp->dss_off,
5932 0, 0);
5933 /* This is the closest thing we have to atomic_read_64. */
5934 zc->zc_objset_type = atomic_cas_64(&dsp->dss_blocks, 0, 0);
5935 } else {
5936 error = SET_ERROR(ENOENT);
5937 }
5938
5939 mutex_exit(&ds->ds_sendstream_lock);
5940 dsl_dataset_rele(ds, FTAG);
5941 dsl_pool_rele(dp, FTAG);
5942 return (error);
5943 }
5944
5945 static int
zfs_ioc_inject_fault(zfs_cmd_t * zc)5946 zfs_ioc_inject_fault(zfs_cmd_t *zc)
5947 {
5948 int id, error;
5949
5950 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id,
5951 &zc->zc_inject_record);
5952
5953 if (error == 0)
5954 zc->zc_guid = (uint64_t)id;
5955
5956 return (error);
5957 }
5958
5959 static int
zfs_ioc_clear_fault(zfs_cmd_t * zc)5960 zfs_ioc_clear_fault(zfs_cmd_t *zc)
5961 {
5962 return (zio_clear_fault((int)zc->zc_guid));
5963 }
5964
5965 static int
zfs_ioc_inject_list_next(zfs_cmd_t * zc)5966 zfs_ioc_inject_list_next(zfs_cmd_t *zc)
5967 {
5968 int id = (int)zc->zc_guid;
5969 int error;
5970
5971 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name),
5972 &zc->zc_inject_record);
5973
5974 zc->zc_guid = id;
5975
5976 return (error);
5977 }
5978
5979 static int
zfs_ioc_error_log(zfs_cmd_t * zc)5980 zfs_ioc_error_log(zfs_cmd_t *zc)
5981 {
5982 spa_t *spa;
5983 int error;
5984
5985 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0)
5986 return (error);
5987
5988 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst,
5989 &zc->zc_nvlist_dst_size);
5990
5991 spa_close(spa, FTAG);
5992
5993 return (error);
5994 }
5995
5996 static int
zfs_ioc_clear(zfs_cmd_t * zc)5997 zfs_ioc_clear(zfs_cmd_t *zc)
5998 {
5999 spa_t *spa;
6000 vdev_t *vd;
6001 int error;
6002
6003 /*
6004 * On zpool clear we also fix up missing slogs
6005 */
6006 mutex_enter(&spa_namespace_lock);
6007 spa = spa_lookup(zc->zc_name);
6008 if (spa == NULL) {
6009 mutex_exit(&spa_namespace_lock);
6010 return (SET_ERROR(EIO));
6011 }
6012 if (spa_get_log_state(spa) == SPA_LOG_MISSING) {
6013 /* we need to let spa_open/spa_load clear the chains */
6014 spa_set_log_state(spa, SPA_LOG_CLEAR);
6015 }
6016 spa->spa_last_open_failed = 0;
6017 mutex_exit(&spa_namespace_lock);
6018
6019 if (zc->zc_cookie & ZPOOL_NO_REWIND) {
6020 error = spa_open(zc->zc_name, &spa, FTAG);
6021 } else {
6022 nvlist_t *policy;
6023 nvlist_t *config = NULL;
6024
6025 if (zc->zc_nvlist_src == 0)
6026 return (SET_ERROR(EINVAL));
6027
6028 if ((error = get_nvlist(zc->zc_nvlist_src,
6029 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) {
6030 error = spa_open_rewind(zc->zc_name, &spa, FTAG,
6031 policy, &config);
6032 if (config != NULL) {
6033 int err;
6034
6035 if ((err = put_nvlist(zc, config)) != 0)
6036 error = err;
6037 nvlist_free(config);
6038 }
6039 nvlist_free(policy);
6040 }
6041 }
6042
6043 if (error != 0)
6044 return (error);
6045
6046 /*
6047 * If multihost is enabled, resuming I/O is unsafe as another
6048 * host may have imported the pool. Check for remote activity.
6049 */
6050 if (spa_multihost(spa) && spa_suspended(spa) &&
6051 spa_mmp_remote_host_activity(spa)) {
6052 spa_close(spa, FTAG);
6053 return (SET_ERROR(EREMOTEIO));
6054 }
6055
6056 spa_vdev_state_enter(spa, SCL_NONE);
6057
6058 if (zc->zc_guid == 0) {
6059 vd = NULL;
6060 } else {
6061 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE);
6062 if (vd == NULL) {
6063 error = SET_ERROR(ENODEV);
6064 (void) spa_vdev_state_exit(spa, NULL, error);
6065 spa_close(spa, FTAG);
6066 return (error);
6067 }
6068 }
6069
6070 vdev_clear(spa, vd);
6071
6072 (void) spa_vdev_state_exit(spa, spa_suspended(spa) ?
6073 NULL : spa->spa_root_vdev, 0);
6074
6075 /*
6076 * Resume any suspended I/Os.
6077 */
6078 if (zio_resume(spa) != 0)
6079 error = SET_ERROR(EIO);
6080
6081 spa_close(spa, FTAG);
6082
6083 return (error);
6084 }
6085
6086 /*
6087 * Reopen all the vdevs associated with the pool.
6088 *
6089 * innvl: {
6090 * "scrub_restart" -> when true and scrub is running, allow to restart
6091 * scrub as the side effect of the reopen (boolean).
6092 * }
6093 *
6094 * outnvl is unused
6095 */
6096 static const zfs_ioc_key_t zfs_keys_pool_reopen[] = {
6097 {"scrub_restart", DATA_TYPE_BOOLEAN_VALUE, ZK_OPTIONAL},
6098 };
6099
6100 static int
zfs_ioc_pool_reopen(const char * pool,nvlist_t * innvl,nvlist_t * outnvl)6101 zfs_ioc_pool_reopen(const char *pool, nvlist_t *innvl, nvlist_t *outnvl)
6102 {
6103 (void) outnvl;
6104 spa_t *spa;
6105 int error;
6106 boolean_t rc, scrub_restart = B_TRUE;
6107
6108 if (innvl) {
6109 error = nvlist_lookup_boolean_value(innvl,
6110 "scrub_restart", &rc);
6111 if (error == 0)
6112 scrub_restart = rc;
6113 }
6114
6115 error = spa_open(pool, &spa, FTAG);
6116 if (error != 0)
6117 return (error);
6118
6119 spa_vdev_state_enter(spa, SCL_NONE);
6120
6121 /*
6122 * If the scrub_restart flag is B_FALSE and a scrub is already
6123 * in progress then set spa_scrub_reopen flag to B_TRUE so that
6124 * we don't restart the scrub as a side effect of the reopen.
6125 * Otherwise, let vdev_open() decided if a resilver is required.
6126 */
6127
6128 spa->spa_scrub_reopen = (!scrub_restart &&
6129 dsl_scan_scrubbing(spa->spa_dsl_pool));
6130 vdev_reopen(spa->spa_root_vdev);
6131 spa->spa_scrub_reopen = B_FALSE;
6132
6133 (void) spa_vdev_state_exit(spa, NULL, 0);
6134 spa_close(spa, FTAG);
6135 return (0);
6136 }
6137
6138 /*
6139 * inputs:
6140 * zc_name name of filesystem
6141 *
6142 * outputs:
6143 * zc_string name of conflicting snapshot, if there is one
6144 */
6145 static int
zfs_ioc_promote(zfs_cmd_t * zc)6146 zfs_ioc_promote(zfs_cmd_t *zc)
6147 {
6148 dsl_pool_t *dp;
6149 dsl_dataset_t *ds, *ods;
6150 char origin[ZFS_MAX_DATASET_NAME_LEN];
6151 char *cp;
6152 int error;
6153
6154 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
6155 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0 ||
6156 strchr(zc->zc_name, '%'))
6157 return (SET_ERROR(EINVAL));
6158
6159 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6160 if (error != 0)
6161 return (error);
6162
6163 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds);
6164 if (error != 0) {
6165 dsl_pool_rele(dp, FTAG);
6166 return (error);
6167 }
6168
6169 if (!dsl_dir_is_clone(ds->ds_dir)) {
6170 dsl_dataset_rele(ds, FTAG);
6171 dsl_pool_rele(dp, FTAG);
6172 return (SET_ERROR(EINVAL));
6173 }
6174
6175 error = dsl_dataset_hold_obj(dp,
6176 dsl_dir_phys(ds->ds_dir)->dd_origin_obj, FTAG, &ods);
6177 if (error != 0) {
6178 dsl_dataset_rele(ds, FTAG);
6179 dsl_pool_rele(dp, FTAG);
6180 return (error);
6181 }
6182
6183 dsl_dataset_name(ods, origin);
6184 dsl_dataset_rele(ods, FTAG);
6185 dsl_dataset_rele(ds, FTAG);
6186 dsl_pool_rele(dp, FTAG);
6187
6188 /*
6189 * We don't need to unmount *all* the origin fs's snapshots, but
6190 * it's easier.
6191 */
6192 cp = strchr(origin, '@');
6193 if (cp)
6194 *cp = '\0';
6195 (void) dmu_objset_find(origin,
6196 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS);
6197 return (dsl_dataset_promote(zc->zc_name, zc->zc_string));
6198 }
6199
6200 /*
6201 * Retrieve a single {user|group|project}{used|quota}@... property.
6202 *
6203 * inputs:
6204 * zc_name name of filesystem
6205 * zc_objset_type zfs_userquota_prop_t
6206 * zc_value domain name (eg. "S-1-234-567-89")
6207 * zc_guid RID/UID/GID
6208 *
6209 * outputs:
6210 * zc_cookie property value
6211 */
6212 static int
zfs_ioc_userspace_one(zfs_cmd_t * zc)6213 zfs_ioc_userspace_one(zfs_cmd_t *zc)
6214 {
6215 zfsvfs_t *zfsvfs;
6216 int error;
6217
6218 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS)
6219 return (SET_ERROR(EINVAL));
6220
6221 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
6222 if (error != 0)
6223 return (error);
6224
6225 error = zfs_userspace_one(zfsvfs,
6226 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie);
6227 zfsvfs_rele(zfsvfs, FTAG);
6228
6229 return (error);
6230 }
6231
6232 /*
6233 * inputs:
6234 * zc_name name of filesystem
6235 * zc_cookie zap cursor
6236 * zc_objset_type zfs_userquota_prop_t
6237 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist)
6238 *
6239 * outputs:
6240 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
6241 * zc_cookie zap cursor
6242 */
6243 static int
zfs_ioc_userspace_many(zfs_cmd_t * zc)6244 zfs_ioc_userspace_many(zfs_cmd_t *zc)
6245 {
6246 zfsvfs_t *zfsvfs;
6247 int bufsize = zc->zc_nvlist_dst_size;
6248
6249 if (bufsize <= 0)
6250 return (SET_ERROR(ENOMEM));
6251
6252 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
6253 if (error != 0)
6254 return (error);
6255
6256 void *buf = vmem_alloc(bufsize, KM_SLEEP);
6257
6258 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
6259 buf, &zc->zc_nvlist_dst_size);
6260
6261 if (error == 0) {
6262 error = xcopyout(buf,
6263 (void *)(uintptr_t)zc->zc_nvlist_dst,
6264 zc->zc_nvlist_dst_size);
6265 }
6266 vmem_free(buf, bufsize);
6267 zfsvfs_rele(zfsvfs, FTAG);
6268
6269 return (error);
6270 }
6271
6272 /*
6273 * inputs:
6274 * zc_name name of filesystem
6275 *
6276 * outputs:
6277 * none
6278 */
6279 static int
zfs_ioc_userspace_upgrade(zfs_cmd_t * zc)6280 zfs_ioc_userspace_upgrade(zfs_cmd_t *zc)
6281 {
6282 int error = 0;
6283 zfsvfs_t *zfsvfs;
6284
6285 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) {
6286 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) {
6287 /*
6288 * If userused is not enabled, it may be because the
6289 * objset needs to be closed & reopened (to grow the
6290 * objset_phys_t). Suspend/resume the fs will do that.
6291 */
6292 dsl_dataset_t *ds, *newds;
6293
6294 ds = dmu_objset_ds(zfsvfs->z_os);
6295 error = zfs_suspend_fs(zfsvfs);
6296 if (error == 0) {
6297 dmu_objset_refresh_ownership(ds, &newds,
6298 B_TRUE, zfsvfs);
6299 error = zfs_resume_fs(zfsvfs, newds);
6300 }
6301 }
6302 if (error == 0) {
6303 mutex_enter(&zfsvfs->z_os->os_upgrade_lock);
6304 if (zfsvfs->z_os->os_upgrade_id == 0) {
6305 /* clear potential error code and retry */
6306 zfsvfs->z_os->os_upgrade_status = 0;
6307 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6308
6309 dsl_pool_config_enter(
6310 dmu_objset_pool(zfsvfs->z_os), FTAG);
6311 dmu_objset_userspace_upgrade(zfsvfs->z_os);
6312 dsl_pool_config_exit(
6313 dmu_objset_pool(zfsvfs->z_os), FTAG);
6314 } else {
6315 mutex_exit(&zfsvfs->z_os->os_upgrade_lock);
6316 }
6317
6318 taskq_wait_id(zfsvfs->z_os->os_spa->spa_upgrade_taskq,
6319 zfsvfs->z_os->os_upgrade_id);
6320 error = zfsvfs->z_os->os_upgrade_status;
6321 }
6322 zfs_vfs_rele(zfsvfs);
6323 } else {
6324 objset_t *os;
6325
6326 /* XXX kind of reading contents without owning */
6327 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6328 if (error != 0)
6329 return (error);
6330
6331 mutex_enter(&os->os_upgrade_lock);
6332 if (os->os_upgrade_id == 0) {
6333 /* clear potential error code and retry */
6334 os->os_upgrade_status = 0;
6335 mutex_exit(&os->os_upgrade_lock);
6336
6337 dmu_objset_userspace_upgrade(os);
6338 } else {
6339 mutex_exit(&os->os_upgrade_lock);
6340 }
6341
6342 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6343
6344 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6345 error = os->os_upgrade_status;
6346
6347 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT,
6348 FTAG);
6349 }
6350 return (error);
6351 }
6352
6353 /*
6354 * inputs:
6355 * zc_name name of filesystem
6356 *
6357 * outputs:
6358 * none
6359 */
6360 static int
zfs_ioc_id_quota_upgrade(zfs_cmd_t * zc)6361 zfs_ioc_id_quota_upgrade(zfs_cmd_t *zc)
6362 {
6363 objset_t *os;
6364 int error;
6365
6366 error = dmu_objset_hold_flags(zc->zc_name, B_TRUE, FTAG, &os);
6367 if (error != 0)
6368 return (error);
6369
6370 if (dmu_objset_userobjspace_upgradable(os) ||
6371 dmu_objset_projectquota_upgradable(os)) {
6372 mutex_enter(&os->os_upgrade_lock);
6373 if (os->os_upgrade_id == 0) {
6374 /* clear potential error code and retry */
6375 os->os_upgrade_status = 0;
6376 mutex_exit(&os->os_upgrade_lock);
6377
6378 dmu_objset_id_quota_upgrade(os);
6379 } else {
6380 mutex_exit(&os->os_upgrade_lock);
6381 }
6382
6383 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6384
6385 taskq_wait_id(os->os_spa->spa_upgrade_taskq, os->os_upgrade_id);
6386 error = os->os_upgrade_status;
6387 } else {
6388 dsl_pool_rele(dmu_objset_pool(os), FTAG);
6389 }
6390
6391 dsl_dataset_rele_flags(dmu_objset_ds(os), DS_HOLD_FLAG_DECRYPT, FTAG);
6392
6393 return (error);
6394 }
6395
6396 static int
zfs_ioc_share(zfs_cmd_t * zc)6397 zfs_ioc_share(zfs_cmd_t *zc)
6398 {
6399 return (SET_ERROR(ENOSYS));
6400 }
6401
6402 /*
6403 * inputs:
6404 * zc_name name of containing filesystem
6405 * zc_obj object # beyond which we want next in-use object #
6406 *
6407 * outputs:
6408 * zc_obj next in-use object #
6409 */
6410 static int
zfs_ioc_next_obj(zfs_cmd_t * zc)6411 zfs_ioc_next_obj(zfs_cmd_t *zc)
6412 {
6413 objset_t *os = NULL;
6414 int error;
6415
6416 error = dmu_objset_hold(zc->zc_name, FTAG, &os);
6417 if (error != 0)
6418 return (error);
6419
6420 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 0);
6421
6422 dmu_objset_rele(os, FTAG);
6423 return (error);
6424 }
6425
6426 /*
6427 * inputs:
6428 * zc_name name of filesystem
6429 * zc_value prefix name for snapshot
6430 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process
6431 *
6432 * outputs:
6433 * zc_value short name of new snapshot
6434 */
6435 static int
zfs_ioc_tmp_snapshot(zfs_cmd_t * zc)6436 zfs_ioc_tmp_snapshot(zfs_cmd_t *zc)
6437 {
6438 char *snap_name;
6439 char *hold_name;
6440 minor_t minor;
6441
6442 zfs_file_t *fp = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor);
6443 if (fp == NULL)
6444 return (SET_ERROR(EBADF));
6445
6446 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value,
6447 (u_longlong_t)ddi_get_lbolt64());
6448 hold_name = kmem_asprintf("%%%s", zc->zc_value);
6449
6450 int error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor,
6451 hold_name);
6452 if (error == 0)
6453 (void) strlcpy(zc->zc_value, snap_name,
6454 sizeof (zc->zc_value));
6455 kmem_strfree(snap_name);
6456 kmem_strfree(hold_name);
6457 zfs_onexit_fd_rele(fp);
6458 return (error);
6459 }
6460
6461 /*
6462 * inputs:
6463 * zc_name name of "to" snapshot
6464 * zc_value name of "from" snapshot
6465 * zc_cookie file descriptor to write diff data on
6466 *
6467 * outputs:
6468 * dmu_diff_record_t's to the file descriptor
6469 */
6470 static int
zfs_ioc_diff(zfs_cmd_t * zc)6471 zfs_ioc_diff(zfs_cmd_t *zc)
6472 {
6473 zfs_file_t *fp;
6474 offset_t off;
6475 int error;
6476
6477 if ((fp = zfs_file_get(zc->zc_cookie)) == NULL)
6478 return (SET_ERROR(EBADF));
6479
6480 off = zfs_file_off(fp);
6481 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off);
6482
6483 zfs_file_put(fp);
6484
6485 return (error);
6486 }
6487
6488 static int
zfs_ioc_smb_acl(zfs_cmd_t * zc)6489 zfs_ioc_smb_acl(zfs_cmd_t *zc)
6490 {
6491 return (SET_ERROR(ENOTSUP));
6492 }
6493
6494 /*
6495 * innvl: {
6496 * "holds" -> { snapname -> holdname (string), ... }
6497 * (optional) "cleanup_fd" -> fd (int32)
6498 * }
6499 *
6500 * outnvl: {
6501 * snapname -> error value (int32)
6502 * ...
6503 * }
6504 */
6505 static const zfs_ioc_key_t zfs_keys_hold[] = {
6506 {"holds", DATA_TYPE_NVLIST, 0},
6507 {"cleanup_fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6508 };
6509
6510 static int
zfs_ioc_hold(const char * pool,nvlist_t * args,nvlist_t * errlist)6511 zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist)
6512 {
6513 (void) pool;
6514 nvpair_t *pair;
6515 nvlist_t *holds;
6516 int cleanup_fd = -1;
6517 int error;
6518 minor_t minor = 0;
6519 zfs_file_t *fp = NULL;
6520
6521 holds = fnvlist_lookup_nvlist(args, "holds");
6522
6523 /* make sure the user didn't pass us any invalid (empty) tags */
6524 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL;
6525 pair = nvlist_next_nvpair(holds, pair)) {
6526 const char *htag;
6527
6528 error = nvpair_value_string(pair, &htag);
6529 if (error != 0)
6530 return (SET_ERROR(error));
6531
6532 if (strlen(htag) == 0)
6533 return (SET_ERROR(EINVAL));
6534 }
6535
6536 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) {
6537 fp = zfs_onexit_fd_hold(cleanup_fd, &minor);
6538 if (fp == NULL)
6539 return (SET_ERROR(EBADF));
6540 }
6541
6542 error = dsl_dataset_user_hold(holds, minor, errlist);
6543 if (fp != NULL) {
6544 ASSERT3U(minor, !=, 0);
6545 zfs_onexit_fd_rele(fp);
6546 }
6547 return (SET_ERROR(error));
6548 }
6549
6550 /*
6551 * innvl is not used.
6552 *
6553 * outnvl: {
6554 * holdname -> time added (uint64 seconds since epoch)
6555 * ...
6556 * }
6557 */
6558 static const zfs_ioc_key_t zfs_keys_get_holds[] = {
6559 /* no nvl keys */
6560 };
6561
6562 static int
zfs_ioc_get_holds(const char * snapname,nvlist_t * args,nvlist_t * outnvl)6563 zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl)
6564 {
6565 (void) args;
6566 return (dsl_dataset_get_holds(snapname, outnvl));
6567 }
6568
6569 /*
6570 * innvl: {
6571 * snapname -> { holdname, ... }
6572 * ...
6573 * }
6574 *
6575 * outnvl: {
6576 * snapname -> error value (int32)
6577 * ...
6578 * }
6579 */
6580 static const zfs_ioc_key_t zfs_keys_release[] = {
6581 {"<snapname>...", DATA_TYPE_NVLIST, ZK_WILDCARDLIST},
6582 };
6583
6584 static int
zfs_ioc_release(const char * pool,nvlist_t * holds,nvlist_t * errlist)6585 zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist)
6586 {
6587 (void) pool;
6588 return (dsl_dataset_user_release(holds, errlist));
6589 }
6590
6591 /*
6592 * inputs:
6593 * zc_guid flags (ZEVENT_NONBLOCK)
6594 * zc_cleanup_fd zevent file descriptor
6595 *
6596 * outputs:
6597 * zc_nvlist_dst next nvlist event
6598 * zc_cookie dropped events since last get
6599 */
6600 static int
zfs_ioc_events_next(zfs_cmd_t * zc)6601 zfs_ioc_events_next(zfs_cmd_t *zc)
6602 {
6603 zfs_zevent_t *ze;
6604 nvlist_t *event = NULL;
6605 minor_t minor;
6606 uint64_t dropped = 0;
6607 int error;
6608
6609 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6610 if (fp == NULL)
6611 return (SET_ERROR(EBADF));
6612
6613 do {
6614 error = zfs_zevent_next(ze, &event,
6615 &zc->zc_nvlist_dst_size, &dropped);
6616 if (event != NULL) {
6617 zc->zc_cookie = dropped;
6618 error = put_nvlist(zc, event);
6619 nvlist_free(event);
6620 }
6621
6622 if (zc->zc_guid & ZEVENT_NONBLOCK)
6623 break;
6624
6625 if ((error == 0) || (error != ENOENT))
6626 break;
6627
6628 error = zfs_zevent_wait(ze);
6629 if (error != 0)
6630 break;
6631 } while (1);
6632
6633 zfs_zevent_fd_rele(fp);
6634
6635 return (error);
6636 }
6637
6638 /*
6639 * outputs:
6640 * zc_cookie cleared events count
6641 */
6642 static int
zfs_ioc_events_clear(zfs_cmd_t * zc)6643 zfs_ioc_events_clear(zfs_cmd_t *zc)
6644 {
6645 uint_t count;
6646
6647 zfs_zevent_drain_all(&count);
6648 zc->zc_cookie = count;
6649
6650 return (0);
6651 }
6652
6653 /*
6654 * inputs:
6655 * zc_guid eid | ZEVENT_SEEK_START | ZEVENT_SEEK_END
6656 * zc_cleanup zevent file descriptor
6657 */
6658 static int
zfs_ioc_events_seek(zfs_cmd_t * zc)6659 zfs_ioc_events_seek(zfs_cmd_t *zc)
6660 {
6661 zfs_zevent_t *ze;
6662 minor_t minor;
6663 int error;
6664
6665 zfs_file_t *fp = zfs_zevent_fd_hold(zc->zc_cleanup_fd, &minor, &ze);
6666 if (fp == NULL)
6667 return (SET_ERROR(EBADF));
6668
6669 error = zfs_zevent_seek(ze, zc->zc_guid);
6670 zfs_zevent_fd_rele(fp);
6671
6672 return (error);
6673 }
6674
6675 /*
6676 * inputs:
6677 * zc_name name of later filesystem or snapshot
6678 * zc_value full name of old snapshot or bookmark
6679 *
6680 * outputs:
6681 * zc_cookie space in bytes
6682 * zc_objset_type compressed space in bytes
6683 * zc_perm_action uncompressed space in bytes
6684 */
6685 static int
zfs_ioc_space_written(zfs_cmd_t * zc)6686 zfs_ioc_space_written(zfs_cmd_t *zc)
6687 {
6688 int error;
6689 dsl_pool_t *dp;
6690 dsl_dataset_t *new;
6691
6692 error = dsl_pool_hold(zc->zc_name, FTAG, &dp);
6693 if (error != 0)
6694 return (error);
6695 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new);
6696 if (error != 0) {
6697 dsl_pool_rele(dp, FTAG);
6698 return (error);
6699 }
6700 if (strchr(zc->zc_value, '#') != NULL) {
6701 zfs_bookmark_phys_t bmp;
6702 error = dsl_bookmark_lookup(dp, zc->zc_value,
6703 new, &bmp);
6704 if (error == 0) {
6705 error = dsl_dataset_space_written_bookmark(&bmp, new,
6706 &zc->zc_cookie,
6707 &zc->zc_objset_type, &zc->zc_perm_action);
6708 }
6709 } else {
6710 dsl_dataset_t *old;
6711 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old);
6712
6713 if (error == 0) {
6714 error = dsl_dataset_space_written(old, new,
6715 &zc->zc_cookie,
6716 &zc->zc_objset_type, &zc->zc_perm_action);
6717 dsl_dataset_rele(old, FTAG);
6718 }
6719 }
6720 dsl_dataset_rele(new, FTAG);
6721 dsl_pool_rele(dp, FTAG);
6722 return (error);
6723 }
6724
6725 /*
6726 * innvl: {
6727 * "firstsnap" -> snapshot name
6728 * }
6729 *
6730 * outnvl: {
6731 * "used" -> space in bytes
6732 * "compressed" -> compressed space in bytes
6733 * "uncompressed" -> uncompressed space in bytes
6734 * }
6735 */
6736 static const zfs_ioc_key_t zfs_keys_space_snaps[] = {
6737 {"firstsnap", DATA_TYPE_STRING, 0},
6738 };
6739
6740 static int
zfs_ioc_space_snaps(const char * lastsnap,nvlist_t * innvl,nvlist_t * outnvl)6741 zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl)
6742 {
6743 int error;
6744 dsl_pool_t *dp;
6745 dsl_dataset_t *new, *old;
6746 const char *firstsnap;
6747 uint64_t used, comp, uncomp;
6748
6749 firstsnap = fnvlist_lookup_string(innvl, "firstsnap");
6750
6751 error = dsl_pool_hold(lastsnap, FTAG, &dp);
6752 if (error != 0)
6753 return (error);
6754
6755 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new);
6756 if (error == 0 && !new->ds_is_snapshot) {
6757 dsl_dataset_rele(new, FTAG);
6758 error = SET_ERROR(EINVAL);
6759 }
6760 if (error != 0) {
6761 dsl_pool_rele(dp, FTAG);
6762 return (error);
6763 }
6764 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old);
6765 if (error == 0 && !old->ds_is_snapshot) {
6766 dsl_dataset_rele(old, FTAG);
6767 error = SET_ERROR(EINVAL);
6768 }
6769 if (error != 0) {
6770 dsl_dataset_rele(new, FTAG);
6771 dsl_pool_rele(dp, FTAG);
6772 return (error);
6773 }
6774
6775 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp);
6776 dsl_dataset_rele(old, FTAG);
6777 dsl_dataset_rele(new, FTAG);
6778 dsl_pool_rele(dp, FTAG);
6779 fnvlist_add_uint64(outnvl, "used", used);
6780 fnvlist_add_uint64(outnvl, "compressed", comp);
6781 fnvlist_add_uint64(outnvl, "uncompressed", uncomp);
6782 return (error);
6783 }
6784
6785 /*
6786 * innvl: {
6787 * "fd" -> file descriptor to write stream to (int32)
6788 * (optional) "fromsnap" -> full snap name to send an incremental from
6789 * (optional) "largeblockok" -> (value ignored)
6790 * indicates that blocks > 128KB are permitted
6791 * (optional) "embedok" -> (value ignored)
6792 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6793 * (optional) "compressok" -> (value ignored)
6794 * presence indicates compressed DRR_WRITE records are permitted
6795 * (optional) "rawok" -> (value ignored)
6796 * presence indicates raw encrypted records should be used.
6797 * (optional) "savedok" -> (value ignored)
6798 * presence indicates we should send a partially received snapshot
6799 * (optional) "resume_object" and "resume_offset" -> (uint64)
6800 * if present, resume send stream from specified object and offset.
6801 * (optional) "redactbook" -> (string)
6802 * if present, use this bookmark's redaction list to generate a redacted
6803 * send stream
6804 * }
6805 *
6806 * outnvl is unused
6807 */
6808 static const zfs_ioc_key_t zfs_keys_send_new[] = {
6809 {"fd", DATA_TYPE_INT32, 0},
6810 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6811 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6812 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6813 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6814 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6815 {"savedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6816 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6817 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6818 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6819 };
6820
6821 static int
zfs_ioc_send_new(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)6822 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6823 {
6824 (void) outnvl;
6825 int error;
6826 offset_t off;
6827 const char *fromname = NULL;
6828 int fd;
6829 boolean_t largeblockok;
6830 boolean_t embedok;
6831 boolean_t compressok;
6832 boolean_t rawok;
6833 boolean_t savedok;
6834 uint64_t resumeobj = 0;
6835 uint64_t resumeoff = 0;
6836 const char *redactbook = NULL;
6837
6838 fd = fnvlist_lookup_int32(innvl, "fd");
6839
6840 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname);
6841
6842 largeblockok = nvlist_exists(innvl, "largeblockok");
6843 embedok = nvlist_exists(innvl, "embedok");
6844 compressok = nvlist_exists(innvl, "compressok");
6845 rawok = nvlist_exists(innvl, "rawok");
6846 savedok = nvlist_exists(innvl, "savedok");
6847
6848 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6849 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6850
6851 (void) nvlist_lookup_string(innvl, "redactbook", &redactbook);
6852
6853 dump_bytes_arg_t dba;
6854 dmu_send_outparams_t out;
6855 error = dump_bytes_init(&dba, fd, &out);
6856 if (error)
6857 return (error);
6858
6859 off = zfs_file_off(dba.dba_fp);
6860 error = dmu_send(snapname, fromname, embedok, largeblockok,
6861 compressok, rawok, savedok, resumeobj, resumeoff,
6862 redactbook, fd, &off, &out);
6863
6864 dump_bytes_fini(&dba);
6865
6866 return (error);
6867 }
6868
6869 static int
send_space_sum(objset_t * os,void * buf,int len,void * arg)6870 send_space_sum(objset_t *os, void *buf, int len, void *arg)
6871 {
6872 (void) os, (void) buf;
6873 uint64_t *size = arg;
6874
6875 *size += len;
6876 return (0);
6877 }
6878
6879 /*
6880 * Determine approximately how large a zfs send stream will be -- the number
6881 * of bytes that will be written to the fd supplied to zfs_ioc_send_new().
6882 *
6883 * innvl: {
6884 * (optional) "from" -> full snap or bookmark name to send an incremental
6885 * from
6886 * (optional) "largeblockok" -> (value ignored)
6887 * indicates that blocks > 128KB are permitted
6888 * (optional) "embedok" -> (value ignored)
6889 * presence indicates DRR_WRITE_EMBEDDED records are permitted
6890 * (optional) "compressok" -> (value ignored)
6891 * presence indicates compressed DRR_WRITE records are permitted
6892 * (optional) "rawok" -> (value ignored)
6893 * presence indicates raw encrypted records should be used.
6894 * (optional) "resume_object" and "resume_offset" -> (uint64)
6895 * if present, resume send stream from specified object and offset.
6896 * (optional) "fd" -> file descriptor to use as a cookie for progress
6897 * tracking (int32)
6898 * }
6899 *
6900 * outnvl: {
6901 * "space" -> bytes of space (uint64)
6902 * }
6903 */
6904 static const zfs_ioc_key_t zfs_keys_send_space[] = {
6905 {"from", DATA_TYPE_STRING, ZK_OPTIONAL},
6906 {"fromsnap", DATA_TYPE_STRING, ZK_OPTIONAL},
6907 {"largeblockok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6908 {"embedok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6909 {"compressok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6910 {"rawok", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
6911 {"fd", DATA_TYPE_INT32, ZK_OPTIONAL},
6912 {"redactbook", DATA_TYPE_STRING, ZK_OPTIONAL},
6913 {"resume_object", DATA_TYPE_UINT64, ZK_OPTIONAL},
6914 {"resume_offset", DATA_TYPE_UINT64, ZK_OPTIONAL},
6915 {"bytes", DATA_TYPE_UINT64, ZK_OPTIONAL},
6916 };
6917
6918 static int
zfs_ioc_send_space(const char * snapname,nvlist_t * innvl,nvlist_t * outnvl)6919 zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
6920 {
6921 dsl_pool_t *dp;
6922 dsl_dataset_t *tosnap;
6923 dsl_dataset_t *fromsnap = NULL;
6924 int error;
6925 const char *fromname = NULL;
6926 const char *redactlist_book = NULL;
6927 boolean_t largeblockok;
6928 boolean_t embedok;
6929 boolean_t compressok;
6930 boolean_t rawok;
6931 boolean_t savedok;
6932 uint64_t space = 0;
6933 boolean_t full_estimate = B_FALSE;
6934 uint64_t resumeobj = 0;
6935 uint64_t resumeoff = 0;
6936 uint64_t resume_bytes = 0;
6937 int32_t fd = -1;
6938 zfs_bookmark_phys_t zbm = {0};
6939
6940 error = dsl_pool_hold(snapname, FTAG, &dp);
6941 if (error != 0)
6942 return (error);
6943
6944 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap);
6945 if (error != 0) {
6946 dsl_pool_rele(dp, FTAG);
6947 return (error);
6948 }
6949 (void) nvlist_lookup_int32(innvl, "fd", &fd);
6950
6951 largeblockok = nvlist_exists(innvl, "largeblockok");
6952 embedok = nvlist_exists(innvl, "embedok");
6953 compressok = nvlist_exists(innvl, "compressok");
6954 rawok = nvlist_exists(innvl, "rawok");
6955 savedok = nvlist_exists(innvl, "savedok");
6956 boolean_t from = (nvlist_lookup_string(innvl, "from", &fromname) == 0);
6957 boolean_t altbook = (nvlist_lookup_string(innvl, "redactbook",
6958 &redactlist_book) == 0);
6959
6960 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj);
6961 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff);
6962 (void) nvlist_lookup_uint64(innvl, "bytes", &resume_bytes);
6963
6964 if (altbook) {
6965 full_estimate = B_TRUE;
6966 } else if (from) {
6967 if (strchr(fromname, '#')) {
6968 error = dsl_bookmark_lookup(dp, fromname, tosnap, &zbm);
6969
6970 /*
6971 * dsl_bookmark_lookup() will fail with EXDEV if
6972 * the from-bookmark and tosnap are at the same txg.
6973 * However, it's valid to do a send (and therefore,
6974 * a send estimate) from and to the same time point,
6975 * if the bookmark is redacted (the incremental send
6976 * can change what's redacted on the target). In
6977 * this case, dsl_bookmark_lookup() fills in zbm
6978 * but returns EXDEV. Ignore this error.
6979 */
6980 if (error == EXDEV && zbm.zbm_redaction_obj != 0 &&
6981 zbm.zbm_guid ==
6982 dsl_dataset_phys(tosnap)->ds_guid)
6983 error = 0;
6984
6985 if (error != 0) {
6986 dsl_dataset_rele(tosnap, FTAG);
6987 dsl_pool_rele(dp, FTAG);
6988 return (error);
6989 }
6990 if (zbm.zbm_redaction_obj != 0 || !(zbm.zbm_flags &
6991 ZBM_FLAG_HAS_FBN)) {
6992 full_estimate = B_TRUE;
6993 }
6994 } else if (strchr(fromname, '@')) {
6995 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap);
6996 if (error != 0) {
6997 dsl_dataset_rele(tosnap, FTAG);
6998 dsl_pool_rele(dp, FTAG);
6999 return (error);
7000 }
7001
7002 if (!dsl_dataset_is_before(tosnap, fromsnap, 0)) {
7003 full_estimate = B_TRUE;
7004 dsl_dataset_rele(fromsnap, FTAG);
7005 }
7006 } else {
7007 /*
7008 * from is not properly formatted as a snapshot or
7009 * bookmark
7010 */
7011 dsl_dataset_rele(tosnap, FTAG);
7012 dsl_pool_rele(dp, FTAG);
7013 return (SET_ERROR(EINVAL));
7014 }
7015 }
7016
7017 if (full_estimate) {
7018 dmu_send_outparams_t out = {0};
7019 offset_t off = 0;
7020 out.dso_outfunc = send_space_sum;
7021 out.dso_arg = &space;
7022 out.dso_dryrun = B_TRUE;
7023 /*
7024 * We have to release these holds so dmu_send can take them. It
7025 * will do all the error checking we need.
7026 */
7027 dsl_dataset_rele(tosnap, FTAG);
7028 dsl_pool_rele(dp, FTAG);
7029 error = dmu_send(snapname, fromname, embedok, largeblockok,
7030 compressok, rawok, savedok, resumeobj, resumeoff,
7031 redactlist_book, fd, &off, &out);
7032 } else {
7033 error = dmu_send_estimate_fast(tosnap, fromsnap,
7034 (from && strchr(fromname, '#') != NULL ? &zbm : NULL),
7035 compressok || rawok, savedok, &space);
7036 space -= resume_bytes;
7037 if (fromsnap != NULL)
7038 dsl_dataset_rele(fromsnap, FTAG);
7039 dsl_dataset_rele(tosnap, FTAG);
7040 dsl_pool_rele(dp, FTAG);
7041 }
7042
7043 fnvlist_add_uint64(outnvl, "space", space);
7044
7045 return (error);
7046 }
7047
7048 /*
7049 * Sync the currently open TXG to disk for the specified pool.
7050 * This is somewhat similar to 'zfs_sync()'.
7051 * For cases that do not result in error this ioctl will wait for
7052 * the currently open TXG to commit before returning back to the caller.
7053 *
7054 * innvl: {
7055 * "force" -> when true, force uberblock update even if there is no dirty data.
7056 * In addition this will cause the vdev configuration to be written
7057 * out including updating the zpool cache file. (boolean_t)
7058 * }
7059 *
7060 * onvl is unused
7061 */
7062 static const zfs_ioc_key_t zfs_keys_pool_sync[] = {
7063 {"force", DATA_TYPE_BOOLEAN_VALUE, 0},
7064 };
7065
7066 static int
zfs_ioc_pool_sync(const char * pool,nvlist_t * innvl,nvlist_t * onvl)7067 zfs_ioc_pool_sync(const char *pool, nvlist_t *innvl, nvlist_t *onvl)
7068 {
7069 (void) onvl;
7070 int err;
7071 boolean_t rc, force = B_FALSE;
7072 spa_t *spa;
7073
7074 if ((err = spa_open(pool, &spa, FTAG)) != 0)
7075 return (err);
7076
7077 if (innvl) {
7078 err = nvlist_lookup_boolean_value(innvl, "force", &rc);
7079 if (err == 0)
7080 force = rc;
7081 }
7082
7083 if (force) {
7084 spa_config_enter(spa, SCL_CONFIG, FTAG, RW_WRITER);
7085 vdev_config_dirty(spa->spa_root_vdev);
7086 spa_config_exit(spa, SCL_CONFIG, FTAG);
7087 }
7088 txg_wait_synced(spa_get_dsl(spa), 0);
7089
7090 spa_close(spa, FTAG);
7091
7092 return (0);
7093 }
7094
7095 /*
7096 * Load a user's wrapping key into the kernel.
7097 * innvl: {
7098 * "hidden_args" -> { "wkeydata" -> value }
7099 * raw uint8_t array of encryption wrapping key data (32 bytes)
7100 * (optional) "noop" -> (value ignored)
7101 * presence indicated key should only be verified, not loaded
7102 * }
7103 */
7104 static const zfs_ioc_key_t zfs_keys_load_key[] = {
7105 {"hidden_args", DATA_TYPE_NVLIST, 0},
7106 {"noop", DATA_TYPE_BOOLEAN, ZK_OPTIONAL},
7107 };
7108
7109 static int
zfs_ioc_load_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7110 zfs_ioc_load_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7111 {
7112 (void) outnvl;
7113 int ret;
7114 dsl_crypto_params_t *dcp = NULL;
7115 nvlist_t *hidden_args;
7116 boolean_t noop = nvlist_exists(innvl, "noop");
7117
7118 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7119 ret = SET_ERROR(EINVAL);
7120 goto error;
7121 }
7122
7123 hidden_args = fnvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS);
7124
7125 ret = dsl_crypto_params_create_nvlist(DCP_CMD_NONE, NULL,
7126 hidden_args, &dcp);
7127 if (ret != 0)
7128 goto error;
7129
7130 ret = spa_keystore_load_wkey(dsname, dcp, noop);
7131 if (ret != 0)
7132 goto error;
7133
7134 dsl_crypto_params_free(dcp, noop);
7135
7136 return (0);
7137
7138 error:
7139 dsl_crypto_params_free(dcp, B_TRUE);
7140 return (ret);
7141 }
7142
7143 /*
7144 * Unload a user's wrapping key from the kernel.
7145 * Both innvl and outnvl are unused.
7146 */
7147 static const zfs_ioc_key_t zfs_keys_unload_key[] = {
7148 /* no nvl keys */
7149 };
7150
7151 static int
zfs_ioc_unload_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7152 zfs_ioc_unload_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7153 {
7154 (void) innvl, (void) outnvl;
7155 int ret = 0;
7156
7157 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7158 ret = (SET_ERROR(EINVAL));
7159 goto out;
7160 }
7161
7162 ret = spa_keystore_unload_wkey(dsname);
7163 if (ret != 0)
7164 goto out;
7165
7166 out:
7167 return (ret);
7168 }
7169
7170 /*
7171 * Changes a user's wrapping key used to decrypt a dataset. The keyformat,
7172 * keylocation, pbkdf2salt, and pbkdf2iters properties can also be specified
7173 * here to change how the key is derived in userspace.
7174 *
7175 * innvl: {
7176 * "hidden_args" (optional) -> { "wkeydata" -> value }
7177 * raw uint8_t array of new encryption wrapping key data (32 bytes)
7178 * "props" (optional) -> { prop -> value }
7179 * }
7180 *
7181 * outnvl is unused
7182 */
7183 static const zfs_ioc_key_t zfs_keys_change_key[] = {
7184 {"crypt_cmd", DATA_TYPE_UINT64, ZK_OPTIONAL},
7185 {"hidden_args", DATA_TYPE_NVLIST, ZK_OPTIONAL},
7186 {"props", DATA_TYPE_NVLIST, ZK_OPTIONAL},
7187 };
7188
7189 static int
zfs_ioc_change_key(const char * dsname,nvlist_t * innvl,nvlist_t * outnvl)7190 zfs_ioc_change_key(const char *dsname, nvlist_t *innvl, nvlist_t *outnvl)
7191 {
7192 (void) outnvl;
7193 int ret;
7194 uint64_t cmd = DCP_CMD_NONE;
7195 dsl_crypto_params_t *dcp = NULL;
7196 nvlist_t *args = NULL, *hidden_args = NULL;
7197
7198 if (strchr(dsname, '@') != NULL || strchr(dsname, '%') != NULL) {
7199 ret = (SET_ERROR(EINVAL));
7200 goto error;
7201 }
7202
7203 (void) nvlist_lookup_uint64(innvl, "crypt_cmd", &cmd);
7204 (void) nvlist_lookup_nvlist(innvl, "props", &args);
7205 (void) nvlist_lookup_nvlist(innvl, ZPOOL_HIDDEN_ARGS, &hidden_args);
7206
7207 ret = dsl_crypto_params_create_nvlist(cmd, args, hidden_args, &dcp);
7208 if (ret != 0)
7209 goto error;
7210
7211 ret = spa_keystore_change_key(dsname, dcp);
7212 if (ret != 0)
7213 goto error;
7214
7215 dsl_crypto_params_free(dcp, B_FALSE);
7216
7217 return (0);
7218
7219 error:
7220 dsl_crypto_params_free(dcp, B_TRUE);
7221 return (ret);
7222 }
7223
7224 static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST];
7225
7226 static void
zfs_ioctl_register_legacy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)7227 zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7228 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
7229 boolean_t log_history, zfs_ioc_poolcheck_t pool_check)
7230 {
7231 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
7232
7233 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
7234 ASSERT3U(ioc, <, ZFS_IOC_LAST);
7235 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
7236 ASSERT3P(vec->zvec_func, ==, NULL);
7237
7238 vec->zvec_legacy_func = func;
7239 vec->zvec_secpolicy = secpolicy;
7240 vec->zvec_namecheck = namecheck;
7241 vec->zvec_allow_log = log_history;
7242 vec->zvec_pool_check = pool_check;
7243 }
7244
7245 /*
7246 * See the block comment at the beginning of this file for details on
7247 * each argument to this function.
7248 */
7249 void
zfs_ioctl_register(const char * name,zfs_ioc_t ioc,zfs_ioc_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_namecheck_t namecheck,zfs_ioc_poolcheck_t pool_check,boolean_t smush_outnvlist,boolean_t allow_log,const zfs_ioc_key_t * nvl_keys,size_t num_keys)7250 zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func,
7251 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck,
7252 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist,
7253 boolean_t allow_log, const zfs_ioc_key_t *nvl_keys, size_t num_keys)
7254 {
7255 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST];
7256
7257 ASSERT3U(ioc, >=, ZFS_IOC_FIRST);
7258 ASSERT3U(ioc, <, ZFS_IOC_LAST);
7259 ASSERT3P(vec->zvec_legacy_func, ==, NULL);
7260 ASSERT3P(vec->zvec_func, ==, NULL);
7261
7262 /* if we are logging, the name must be valid */
7263 ASSERT(!allow_log || namecheck != NO_NAME);
7264
7265 vec->zvec_name = name;
7266 vec->zvec_func = func;
7267 vec->zvec_secpolicy = secpolicy;
7268 vec->zvec_namecheck = namecheck;
7269 vec->zvec_pool_check = pool_check;
7270 vec->zvec_smush_outnvlist = smush_outnvlist;
7271 vec->zvec_allow_log = allow_log;
7272 vec->zvec_nvl_keys = nvl_keys;
7273 vec->zvec_nvl_key_count = num_keys;
7274 }
7275
7276 static void
zfs_ioctl_register_pool(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,boolean_t log_history,zfs_ioc_poolcheck_t pool_check)7277 zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7278 zfs_secpolicy_func_t *secpolicy, boolean_t log_history,
7279 zfs_ioc_poolcheck_t pool_check)
7280 {
7281 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7282 POOL_NAME, log_history, pool_check);
7283 }
7284
7285 void
zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy,zfs_ioc_poolcheck_t pool_check)7286 zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7287 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check)
7288 {
7289 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7290 DATASET_NAME, B_FALSE, pool_check);
7291 }
7292
7293 static void
zfs_ioctl_register_pool_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)7294 zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7295 {
7296 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config,
7297 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7298 }
7299
7300 static void
zfs_ioctl_register_pool_meta(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7301 zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7302 zfs_secpolicy_func_t *secpolicy)
7303 {
7304 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7305 NO_NAME, B_FALSE, POOL_CHECK_NONE);
7306 }
7307
7308 static void
zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7309 zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc,
7310 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy)
7311 {
7312 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7313 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED);
7314 }
7315
7316 static void
zfs_ioctl_register_dataset_read(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func)7317 zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func)
7318 {
7319 zfs_ioctl_register_dataset_read_secpolicy(ioc, func,
7320 zfs_secpolicy_read);
7321 }
7322
7323 static void
zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc,zfs_ioc_legacy_func_t * func,zfs_secpolicy_func_t * secpolicy)7324 zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func,
7325 zfs_secpolicy_func_t *secpolicy)
7326 {
7327 zfs_ioctl_register_legacy(ioc, func, secpolicy,
7328 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7329 }
7330
7331 static void
zfs_ioctl_init(void)7332 zfs_ioctl_init(void)
7333 {
7334 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT,
7335 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME,
7336 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7337 zfs_keys_snapshot, ARRAY_SIZE(zfs_keys_snapshot));
7338
7339 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY,
7340 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME,
7341 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7342 zfs_keys_log_history, ARRAY_SIZE(zfs_keys_log_history));
7343
7344 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS,
7345 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME,
7346 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7347 zfs_keys_space_snaps, ARRAY_SIZE(zfs_keys_space_snaps));
7348
7349 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW,
7350 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME,
7351 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7352 zfs_keys_send_new, ARRAY_SIZE(zfs_keys_send_new));
7353
7354 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE,
7355 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME,
7356 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7357 zfs_keys_send_space, ARRAY_SIZE(zfs_keys_send_space));
7358
7359 zfs_ioctl_register("create", ZFS_IOC_CREATE,
7360 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME,
7361 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7362 zfs_keys_create, ARRAY_SIZE(zfs_keys_create));
7363
7364 zfs_ioctl_register("clone", ZFS_IOC_CLONE,
7365 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME,
7366 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7367 zfs_keys_clone, ARRAY_SIZE(zfs_keys_clone));
7368
7369 zfs_ioctl_register("remap", ZFS_IOC_REMAP,
7370 zfs_ioc_remap, zfs_secpolicy_none, DATASET_NAME,
7371 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7372 zfs_keys_remap, ARRAY_SIZE(zfs_keys_remap));
7373
7374 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS,
7375 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME,
7376 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7377 zfs_keys_destroy_snaps, ARRAY_SIZE(zfs_keys_destroy_snaps));
7378
7379 zfs_ioctl_register("hold", ZFS_IOC_HOLD,
7380 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME,
7381 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7382 zfs_keys_hold, ARRAY_SIZE(zfs_keys_hold));
7383 zfs_ioctl_register("release", ZFS_IOC_RELEASE,
7384 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME,
7385 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7386 zfs_keys_release, ARRAY_SIZE(zfs_keys_release));
7387
7388 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS,
7389 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME,
7390 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7391 zfs_keys_get_holds, ARRAY_SIZE(zfs_keys_get_holds));
7392
7393 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK,
7394 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME,
7395 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7396 zfs_keys_rollback, ARRAY_SIZE(zfs_keys_rollback));
7397
7398 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK,
7399 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME,
7400 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7401 zfs_keys_bookmark, ARRAY_SIZE(zfs_keys_bookmark));
7402
7403 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS,
7404 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME,
7405 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE,
7406 zfs_keys_get_bookmarks, ARRAY_SIZE(zfs_keys_get_bookmarks));
7407
7408 zfs_ioctl_register("get_bookmark_props", ZFS_IOC_GET_BOOKMARK_PROPS,
7409 zfs_ioc_get_bookmark_props, zfs_secpolicy_read, ENTITY_NAME,
7410 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE, zfs_keys_get_bookmark_props,
7411 ARRAY_SIZE(zfs_keys_get_bookmark_props));
7412
7413 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS,
7414 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks,
7415 POOL_NAME,
7416 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7417 zfs_keys_destroy_bookmarks,
7418 ARRAY_SIZE(zfs_keys_destroy_bookmarks));
7419
7420 zfs_ioctl_register("receive", ZFS_IOC_RECV_NEW,
7421 zfs_ioc_recv_new, zfs_secpolicy_recv, DATASET_NAME,
7422 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7423 zfs_keys_recv_new, ARRAY_SIZE(zfs_keys_recv_new));
7424 zfs_ioctl_register("load-key", ZFS_IOC_LOAD_KEY,
7425 zfs_ioc_load_key, zfs_secpolicy_load_key,
7426 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7427 zfs_keys_load_key, ARRAY_SIZE(zfs_keys_load_key));
7428 zfs_ioctl_register("unload-key", ZFS_IOC_UNLOAD_KEY,
7429 zfs_ioc_unload_key, zfs_secpolicy_load_key,
7430 DATASET_NAME, POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7431 zfs_keys_unload_key, ARRAY_SIZE(zfs_keys_unload_key));
7432 zfs_ioctl_register("change-key", ZFS_IOC_CHANGE_KEY,
7433 zfs_ioc_change_key, zfs_secpolicy_change_key,
7434 DATASET_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY,
7435 B_TRUE, B_TRUE, zfs_keys_change_key,
7436 ARRAY_SIZE(zfs_keys_change_key));
7437
7438 zfs_ioctl_register("sync", ZFS_IOC_POOL_SYNC,
7439 zfs_ioc_pool_sync, zfs_secpolicy_none, POOL_NAME,
7440 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7441 zfs_keys_pool_sync, ARRAY_SIZE(zfs_keys_pool_sync));
7442 zfs_ioctl_register("reopen", ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen,
7443 zfs_secpolicy_config, POOL_NAME, POOL_CHECK_SUSPENDED, B_TRUE,
7444 B_TRUE, zfs_keys_pool_reopen, ARRAY_SIZE(zfs_keys_pool_reopen));
7445
7446 zfs_ioctl_register("channel_program", ZFS_IOC_CHANNEL_PROGRAM,
7447 zfs_ioc_channel_program, zfs_secpolicy_config,
7448 POOL_NAME, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE,
7449 B_TRUE, zfs_keys_channel_program,
7450 ARRAY_SIZE(zfs_keys_channel_program));
7451
7452 zfs_ioctl_register("redact", ZFS_IOC_REDACT,
7453 zfs_ioc_redact, zfs_secpolicy_config, DATASET_NAME,
7454 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7455 zfs_keys_redact, ARRAY_SIZE(zfs_keys_redact));
7456
7457 zfs_ioctl_register("zpool_checkpoint", ZFS_IOC_POOL_CHECKPOINT,
7458 zfs_ioc_pool_checkpoint, zfs_secpolicy_config, POOL_NAME,
7459 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7460 zfs_keys_pool_checkpoint, ARRAY_SIZE(zfs_keys_pool_checkpoint));
7461
7462 zfs_ioctl_register("zpool_discard_checkpoint",
7463 ZFS_IOC_POOL_DISCARD_CHECKPOINT, zfs_ioc_pool_discard_checkpoint,
7464 zfs_secpolicy_config, POOL_NAME,
7465 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7466 zfs_keys_pool_discard_checkpoint,
7467 ARRAY_SIZE(zfs_keys_pool_discard_checkpoint));
7468
7469 zfs_ioctl_register("zpool_prefetch",
7470 ZFS_IOC_POOL_PREFETCH, zfs_ioc_pool_prefetch,
7471 zfs_secpolicy_config, POOL_NAME,
7472 POOL_CHECK_SUSPENDED, B_TRUE, B_TRUE,
7473 zfs_keys_pool_prefetch, ARRAY_SIZE(zfs_keys_pool_prefetch));
7474
7475 zfs_ioctl_register("initialize", ZFS_IOC_POOL_INITIALIZE,
7476 zfs_ioc_pool_initialize, zfs_secpolicy_config, POOL_NAME,
7477 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7478 zfs_keys_pool_initialize, ARRAY_SIZE(zfs_keys_pool_initialize));
7479
7480 zfs_ioctl_register("trim", ZFS_IOC_POOL_TRIM,
7481 zfs_ioc_pool_trim, zfs_secpolicy_config, POOL_NAME,
7482 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7483 zfs_keys_pool_trim, ARRAY_SIZE(zfs_keys_pool_trim));
7484
7485 zfs_ioctl_register("wait", ZFS_IOC_WAIT,
7486 zfs_ioc_wait, zfs_secpolicy_none, POOL_NAME,
7487 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7488 zfs_keys_pool_wait, ARRAY_SIZE(zfs_keys_pool_wait));
7489
7490 zfs_ioctl_register("wait_fs", ZFS_IOC_WAIT_FS,
7491 zfs_ioc_wait_fs, zfs_secpolicy_none, DATASET_NAME,
7492 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7493 zfs_keys_fs_wait, ARRAY_SIZE(zfs_keys_fs_wait));
7494
7495 zfs_ioctl_register("set_bootenv", ZFS_IOC_SET_BOOTENV,
7496 zfs_ioc_set_bootenv, zfs_secpolicy_config, POOL_NAME,
7497 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE,
7498 zfs_keys_set_bootenv, ARRAY_SIZE(zfs_keys_set_bootenv));
7499
7500 zfs_ioctl_register("get_bootenv", ZFS_IOC_GET_BOOTENV,
7501 zfs_ioc_get_bootenv, zfs_secpolicy_none, POOL_NAME,
7502 POOL_CHECK_SUSPENDED, B_FALSE, B_TRUE,
7503 zfs_keys_get_bootenv, ARRAY_SIZE(zfs_keys_get_bootenv));
7504
7505 zfs_ioctl_register("zpool_vdev_get_props", ZFS_IOC_VDEV_GET_PROPS,
7506 zfs_ioc_vdev_get_props, zfs_secpolicy_read, POOL_NAME,
7507 POOL_CHECK_NONE, B_FALSE, B_FALSE, zfs_keys_vdev_get_props,
7508 ARRAY_SIZE(zfs_keys_vdev_get_props));
7509
7510 zfs_ioctl_register("zpool_vdev_set_props", ZFS_IOC_VDEV_SET_PROPS,
7511 zfs_ioc_vdev_set_props, zfs_secpolicy_config, POOL_NAME,
7512 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE,
7513 zfs_keys_vdev_set_props, ARRAY_SIZE(zfs_keys_vdev_set_props));
7514
7515 zfs_ioctl_register("scrub", ZFS_IOC_POOL_SCRUB,
7516 zfs_ioc_pool_scrub, zfs_secpolicy_config, POOL_NAME,
7517 POOL_CHECK_NONE, B_TRUE, B_TRUE,
7518 zfs_keys_pool_scrub, ARRAY_SIZE(zfs_keys_pool_scrub));
7519
7520 zfs_ioctl_register("get_props", ZFS_IOC_POOL_GET_PROPS,
7521 zfs_ioc_pool_get_props, zfs_secpolicy_read, POOL_NAME,
7522 POOL_CHECK_NONE, B_FALSE, B_FALSE,
7523 zfs_keys_get_props, ARRAY_SIZE(zfs_keys_get_props));
7524
7525 zfs_ioctl_register("zpool_ddt_prune", ZFS_IOC_DDT_PRUNE,
7526 zfs_ioc_ddt_prune, zfs_secpolicy_config, POOL_NAME,
7527 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE,
7528 zfs_keys_ddt_prune, ARRAY_SIZE(zfs_keys_ddt_prune));
7529
7530 /* IOCTLS that use the legacy function signature */
7531
7532 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze,
7533 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY);
7534
7535 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create,
7536 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7537 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN,
7538 zfs_ioc_pool_scan);
7539 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE,
7540 zfs_ioc_pool_upgrade);
7541 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD,
7542 zfs_ioc_vdev_add);
7543 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE,
7544 zfs_ioc_vdev_remove);
7545 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE,
7546 zfs_ioc_vdev_set_state);
7547 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH,
7548 zfs_ioc_vdev_attach);
7549 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH,
7550 zfs_ioc_vdev_detach);
7551 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH,
7552 zfs_ioc_vdev_setpath);
7553 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU,
7554 zfs_ioc_vdev_setfru);
7555 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS,
7556 zfs_ioc_pool_set_props);
7557 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT,
7558 zfs_ioc_vdev_split);
7559 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID,
7560 zfs_ioc_pool_reguid);
7561
7562 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS,
7563 zfs_ioc_pool_configs, zfs_secpolicy_none);
7564 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT,
7565 zfs_ioc_pool_tryimport, zfs_secpolicy_config);
7566 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT,
7567 zfs_ioc_inject_fault, zfs_secpolicy_inject);
7568 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT,
7569 zfs_ioc_clear_fault, zfs_secpolicy_inject);
7570 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT,
7571 zfs_ioc_inject_list_next, zfs_secpolicy_inject);
7572
7573 /*
7574 * pool destroy, and export don't log the history as part of
7575 * zfsdev_ioctl, but rather zfs_ioc_pool_export
7576 * does the logging of those commands.
7577 */
7578 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy,
7579 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7580 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export,
7581 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7582
7583 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats,
7584 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE);
7585
7586 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log,
7587 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_SUSPENDED);
7588 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME,
7589 zfs_ioc_dsobj_to_dsname,
7590 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_SUSPENDED);
7591 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY,
7592 zfs_ioc_pool_get_history,
7593 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED);
7594
7595 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import,
7596 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE);
7597
7598 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear,
7599 zfs_secpolicy_config, B_TRUE, POOL_CHECK_READONLY);
7600
7601 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN,
7602 zfs_ioc_space_written);
7603 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS,
7604 zfs_ioc_objset_recvd_props);
7605 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ,
7606 zfs_ioc_next_obj);
7607 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL,
7608 zfs_ioc_get_fsacl);
7609 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS,
7610 zfs_ioc_objset_stats);
7611 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS,
7612 zfs_ioc_objset_zplprops);
7613 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT,
7614 zfs_ioc_dataset_list_next);
7615 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT,
7616 zfs_ioc_snapshot_list_next);
7617 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS,
7618 zfs_ioc_send_progress);
7619
7620 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF,
7621 zfs_ioc_diff, zfs_secpolicy_diff);
7622 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS,
7623 zfs_ioc_obj_to_stats, zfs_secpolicy_diff);
7624 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH,
7625 zfs_ioc_obj_to_path, zfs_secpolicy_diff);
7626 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE,
7627 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one);
7628 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY,
7629 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many);
7630 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND,
7631 zfs_ioc_send, zfs_secpolicy_send);
7632
7633 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop,
7634 zfs_secpolicy_none);
7635 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy,
7636 zfs_secpolicy_destroy);
7637 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename,
7638 zfs_secpolicy_rename);
7639 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv,
7640 zfs_secpolicy_recv);
7641 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote,
7642 zfs_secpolicy_promote);
7643 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP,
7644 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop);
7645 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl,
7646 zfs_secpolicy_set_fsacl);
7647
7648 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share,
7649 zfs_secpolicy_share, POOL_CHECK_NONE);
7650 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl,
7651 zfs_secpolicy_smb_acl, POOL_CHECK_NONE);
7652 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE,
7653 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade,
7654 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7655 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT,
7656 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot,
7657 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY);
7658
7659 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_NEXT, zfs_ioc_events_next,
7660 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7661 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_CLEAR, zfs_ioc_events_clear,
7662 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7663 zfs_ioctl_register_legacy(ZFS_IOC_EVENTS_SEEK, zfs_ioc_events_seek,
7664 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_NONE);
7665
7666 zfs_ioctl_init_os();
7667 }
7668
7669 /*
7670 * Verify that for non-legacy ioctls the input nvlist
7671 * pairs match against the expected input.
7672 *
7673 * Possible errors are:
7674 * ZFS_ERR_IOC_ARG_UNAVAIL An unrecognized nvpair was encountered
7675 * ZFS_ERR_IOC_ARG_REQUIRED A required nvpair is missing
7676 * ZFS_ERR_IOC_ARG_BADTYPE Invalid type for nvpair
7677 */
7678 static int
zfs_check_input_nvpairs(nvlist_t * innvl,const zfs_ioc_vec_t * vec)7679 zfs_check_input_nvpairs(nvlist_t *innvl, const zfs_ioc_vec_t *vec)
7680 {
7681 const zfs_ioc_key_t *nvl_keys = vec->zvec_nvl_keys;
7682 boolean_t required_keys_found = B_FALSE;
7683
7684 /*
7685 * examine each input pair
7686 */
7687 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL);
7688 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) {
7689 const char *name = nvpair_name(pair);
7690 data_type_t type = nvpair_type(pair);
7691 boolean_t identified = B_FALSE;
7692
7693 /*
7694 * check pair against the documented names and type
7695 */
7696 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7697 /* if not a wild card name, check for an exact match */
7698 if ((nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) == 0 &&
7699 strcmp(nvl_keys[k].zkey_name, name) != 0)
7700 continue;
7701
7702 identified = B_TRUE;
7703
7704 if (nvl_keys[k].zkey_type != DATA_TYPE_ANY &&
7705 nvl_keys[k].zkey_type != type) {
7706 return (SET_ERROR(ZFS_ERR_IOC_ARG_BADTYPE));
7707 }
7708
7709 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7710 continue;
7711
7712 required_keys_found = B_TRUE;
7713 break;
7714 }
7715
7716 /* allow an 'optional' key, everything else is invalid */
7717 if (!identified &&
7718 (strcmp(name, "optional") != 0 ||
7719 type != DATA_TYPE_NVLIST)) {
7720 return (SET_ERROR(ZFS_ERR_IOC_ARG_UNAVAIL));
7721 }
7722 }
7723
7724 /* verify that all required keys were found */
7725 for (int k = 0; k < vec->zvec_nvl_key_count; k++) {
7726 if (nvl_keys[k].zkey_flags & ZK_OPTIONAL)
7727 continue;
7728
7729 if (nvl_keys[k].zkey_flags & ZK_WILDCARDLIST) {
7730 /* at least one non-optional key is expected here */
7731 if (!required_keys_found)
7732 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7733 continue;
7734 }
7735
7736 if (!nvlist_exists(innvl, nvl_keys[k].zkey_name))
7737 return (SET_ERROR(ZFS_ERR_IOC_ARG_REQUIRED));
7738 }
7739
7740 return (0);
7741 }
7742
7743 static int
pool_status_check(const char * name,zfs_ioc_namecheck_t type,zfs_ioc_poolcheck_t check)7744 pool_status_check(const char *name, zfs_ioc_namecheck_t type,
7745 zfs_ioc_poolcheck_t check)
7746 {
7747 spa_t *spa;
7748 int error;
7749
7750 ASSERT(type == POOL_NAME || type == DATASET_NAME ||
7751 type == ENTITY_NAME);
7752
7753 if (check & POOL_CHECK_NONE)
7754 return (0);
7755
7756 error = spa_open(name, &spa, FTAG);
7757 if (error == 0) {
7758 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa))
7759 error = SET_ERROR(EAGAIN);
7760 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa))
7761 error = SET_ERROR(EROFS);
7762 spa_close(spa, FTAG);
7763 }
7764 return (error);
7765 }
7766
7767 int
zfsdev_getminor(zfs_file_t * fp,minor_t * minorp)7768 zfsdev_getminor(zfs_file_t *fp, minor_t *minorp)
7769 {
7770 zfsdev_state_t *zs, *fpd;
7771
7772 ASSERT(!MUTEX_HELD(&zfsdev_state_lock));
7773
7774 fpd = zfs_file_private(fp);
7775 if (fpd == NULL)
7776 return (SET_ERROR(EBADF));
7777
7778 mutex_enter(&zfsdev_state_lock);
7779
7780 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7781
7782 if (zs->zs_minor == -1)
7783 continue;
7784
7785 if (fpd == zs) {
7786 *minorp = fpd->zs_minor;
7787 mutex_exit(&zfsdev_state_lock);
7788 return (0);
7789 }
7790 }
7791
7792 mutex_exit(&zfsdev_state_lock);
7793
7794 return (SET_ERROR(EBADF));
7795 }
7796
7797 void *
zfsdev_get_state(minor_t minor,enum zfsdev_state_type which)7798 zfsdev_get_state(minor_t minor, enum zfsdev_state_type which)
7799 {
7800 zfsdev_state_t *zs;
7801
7802 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7803 if (zs->zs_minor == minor) {
7804 membar_consumer();
7805 switch (which) {
7806 case ZST_ONEXIT:
7807 return (zs->zs_onexit);
7808 case ZST_ZEVENT:
7809 return (zs->zs_zevent);
7810 case ZST_ALL:
7811 return (zs);
7812 }
7813 }
7814 }
7815
7816 return (NULL);
7817 }
7818
7819 /*
7820 * Find a free minor number. The zfsdev_state_list is expected to
7821 * be short since it is only a list of currently open file handles.
7822 */
7823 static minor_t
zfsdev_minor_alloc(void)7824 zfsdev_minor_alloc(void)
7825 {
7826 static minor_t last_minor = 0;
7827 minor_t m;
7828
7829 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7830
7831 for (m = last_minor + 1; m != last_minor; m++) {
7832 if (m > ZFSDEV_MAX_MINOR)
7833 m = 1;
7834 if (zfsdev_get_state(m, ZST_ALL) == NULL) {
7835 last_minor = m;
7836 return (m);
7837 }
7838 }
7839
7840 return (0);
7841 }
7842
7843 int
zfsdev_state_init(void * priv)7844 zfsdev_state_init(void *priv)
7845 {
7846 zfsdev_state_t *zs, *zsprev = NULL;
7847 minor_t minor;
7848 boolean_t newzs = B_FALSE;
7849
7850 ASSERT(MUTEX_HELD(&zfsdev_state_lock));
7851
7852 minor = zfsdev_minor_alloc();
7853 if (minor == 0)
7854 return (SET_ERROR(ENXIO));
7855
7856 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zs->zs_next) {
7857 if (zs->zs_minor == -1)
7858 break;
7859 zsprev = zs;
7860 }
7861
7862 if (!zs) {
7863 zs = kmem_zalloc(sizeof (zfsdev_state_t), KM_SLEEP);
7864 newzs = B_TRUE;
7865 }
7866
7867 zfsdev_private_set_state(priv, zs);
7868
7869 zfs_onexit_init((zfs_onexit_t **)&zs->zs_onexit);
7870 zfs_zevent_init((zfs_zevent_t **)&zs->zs_zevent);
7871
7872 /*
7873 * In order to provide for lock-free concurrent read access
7874 * to the minor list in zfsdev_get_state(), new entries
7875 * must be completely written before linking them into the
7876 * list whereas existing entries are already linked; the last
7877 * operation must be updating zs_minor (from -1 to the new
7878 * value).
7879 */
7880 if (newzs) {
7881 zs->zs_minor = minor;
7882 membar_producer();
7883 zsprev->zs_next = zs;
7884 } else {
7885 membar_producer();
7886 zs->zs_minor = minor;
7887 }
7888
7889 return (0);
7890 }
7891
7892 void
zfsdev_state_destroy(void * priv)7893 zfsdev_state_destroy(void *priv)
7894 {
7895 zfsdev_state_t *zs = zfsdev_private_get_state(priv);
7896
7897 ASSERT(zs != NULL);
7898 ASSERT3S(zs->zs_minor, >, 0);
7899
7900 /*
7901 * The last reference to this zfsdev file descriptor is being dropped.
7902 * We don't have to worry about lookup grabbing this state object, and
7903 * zfsdev_state_init() will not try to reuse this object until it is
7904 * invalidated by setting zs_minor to -1. Invalidation must be done
7905 * last, with a memory barrier to ensure ordering. This lets us avoid
7906 * taking the global zfsdev state lock around destruction.
7907 */
7908 zfs_onexit_destroy(zs->zs_onexit);
7909 zfs_zevent_destroy(zs->zs_zevent);
7910 zs->zs_onexit = NULL;
7911 zs->zs_zevent = NULL;
7912 membar_producer();
7913 zs->zs_minor = -1;
7914 }
7915
7916 long
zfsdev_ioctl_common(uint_t vecnum,zfs_cmd_t * zc,int flag)7917 zfsdev_ioctl_common(uint_t vecnum, zfs_cmd_t *zc, int flag)
7918 {
7919 int error, cmd;
7920 const zfs_ioc_vec_t *vec;
7921 char *saved_poolname = NULL;
7922 uint64_t max_nvlist_src_size;
7923 size_t saved_poolname_len = 0;
7924 nvlist_t *innvl = NULL;
7925 fstrans_cookie_t cookie;
7926 hrtime_t start_time = gethrtime();
7927
7928 cmd = vecnum;
7929 error = 0;
7930 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0]))
7931 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7932
7933 vec = &zfs_ioc_vec[vecnum];
7934
7935 /*
7936 * The registered ioctl list may be sparse, verify that either
7937 * a normal or legacy handler are registered.
7938 */
7939 if (vec->zvec_func == NULL && vec->zvec_legacy_func == NULL)
7940 return (SET_ERROR(ZFS_ERR_IOC_CMD_UNAVAIL));
7941
7942 zc->zc_iflags = flag & FKIOCTL;
7943 max_nvlist_src_size = zfs_max_nvlist_src_size_os();
7944 if (zc->zc_nvlist_src_size > max_nvlist_src_size) {
7945 /*
7946 * Make sure the user doesn't pass in an insane value for
7947 * zc_nvlist_src_size. We have to check, since we will end
7948 * up allocating that much memory inside of get_nvlist(). This
7949 * prevents a nefarious user from allocating tons of kernel
7950 * memory.
7951 *
7952 * Also, we return EINVAL instead of ENOMEM here. The reason
7953 * being that returning ENOMEM from an ioctl() has a special
7954 * connotation; that the user's size value is too small and
7955 * needs to be expanded to hold the nvlist. See
7956 * zcmd_expand_dst_nvlist() for details.
7957 */
7958 error = SET_ERROR(EINVAL); /* User's size too big */
7959
7960 } else if (zc->zc_nvlist_src_size != 0) {
7961 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size,
7962 zc->zc_iflags, &innvl);
7963 if (error != 0)
7964 goto out;
7965 }
7966
7967 /*
7968 * Ensure that all pool/dataset names are valid before we pass down to
7969 * the lower layers.
7970 */
7971 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0';
7972 switch (vec->zvec_namecheck) {
7973 case POOL_NAME:
7974 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0)
7975 error = SET_ERROR(EINVAL);
7976 else
7977 error = pool_status_check(zc->zc_name,
7978 vec->zvec_namecheck, vec->zvec_pool_check);
7979 break;
7980
7981 case DATASET_NAME:
7982 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0)
7983 error = SET_ERROR(EINVAL);
7984 else
7985 error = pool_status_check(zc->zc_name,
7986 vec->zvec_namecheck, vec->zvec_pool_check);
7987 break;
7988
7989 case ENTITY_NAME:
7990 if (entity_namecheck(zc->zc_name, NULL, NULL) != 0) {
7991 error = SET_ERROR(EINVAL);
7992 } else {
7993 error = pool_status_check(zc->zc_name,
7994 vec->zvec_namecheck, vec->zvec_pool_check);
7995 }
7996 break;
7997
7998 case NO_NAME:
7999 break;
8000 }
8001 /*
8002 * Ensure that all input pairs are valid before we pass them down
8003 * to the lower layers.
8004 *
8005 * The vectored functions can use fnvlist_lookup_{type} for any
8006 * required pairs since zfs_check_input_nvpairs() confirmed that
8007 * they exist and are of the correct type.
8008 */
8009 if (error == 0 && vec->zvec_func != NULL) {
8010 error = zfs_check_input_nvpairs(innvl, vec);
8011 if (error != 0)
8012 goto out;
8013 }
8014
8015 if (error == 0) {
8016 cookie = spl_fstrans_mark();
8017 error = vec->zvec_secpolicy(zc, innvl, CRED());
8018 spl_fstrans_unmark(cookie);
8019 }
8020
8021 if (error != 0)
8022 goto out;
8023
8024 /* legacy ioctls can modify zc_name */
8025 /*
8026 * Can't use kmem_strdup() as we might truncate the string and
8027 * kmem_strfree() would then free with incorrect size.
8028 */
8029 saved_poolname_len = strlen(zc->zc_name) + 1;
8030 saved_poolname = kmem_alloc(saved_poolname_len, KM_SLEEP);
8031
8032 strlcpy(saved_poolname, zc->zc_name, saved_poolname_len);
8033 saved_poolname[strcspn(saved_poolname, "/@#")] = '\0';
8034
8035 if (vec->zvec_func != NULL) {
8036 nvlist_t *outnvl;
8037 int puterror = 0;
8038 spa_t *spa;
8039 nvlist_t *lognv = NULL;
8040
8041 ASSERT(vec->zvec_legacy_func == NULL);
8042
8043 /*
8044 * Add the innvl to the lognv before calling the func,
8045 * in case the func changes the innvl.
8046 */
8047 if (vec->zvec_allow_log) {
8048 lognv = fnvlist_alloc();
8049 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL,
8050 vec->zvec_name);
8051 if (!nvlist_empty(innvl)) {
8052 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL,
8053 innvl);
8054 }
8055 }
8056
8057 outnvl = fnvlist_alloc();
8058 cookie = spl_fstrans_mark();
8059 error = vec->zvec_func(zc->zc_name, innvl, outnvl);
8060 spl_fstrans_unmark(cookie);
8061
8062 /*
8063 * Some commands can partially execute, modify state, and still
8064 * return an error. In these cases, attempt to record what
8065 * was modified.
8066 */
8067 if ((error == 0 ||
8068 (cmd == ZFS_IOC_CHANNEL_PROGRAM && error != EINVAL)) &&
8069 vec->zvec_allow_log &&
8070 spa_open(zc->zc_name, &spa, FTAG) == 0) {
8071 if (!nvlist_empty(outnvl)) {
8072 size_t out_size = fnvlist_size(outnvl);
8073 if (out_size > zfs_history_output_max) {
8074 fnvlist_add_int64(lognv,
8075 ZPOOL_HIST_OUTPUT_SIZE, out_size);
8076 } else {
8077 fnvlist_add_nvlist(lognv,
8078 ZPOOL_HIST_OUTPUT_NVL, outnvl);
8079 }
8080 }
8081 if (error != 0) {
8082 fnvlist_add_int64(lognv, ZPOOL_HIST_ERRNO,
8083 error);
8084 }
8085 fnvlist_add_int64(lognv, ZPOOL_HIST_ELAPSED_NS,
8086 gethrtime() - start_time);
8087 (void) spa_history_log_nvl(spa, lognv);
8088 spa_close(spa, FTAG);
8089 }
8090 fnvlist_free(lognv);
8091
8092 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) {
8093 int smusherror = 0;
8094 if (vec->zvec_smush_outnvlist) {
8095 smusherror = nvlist_smush(outnvl,
8096 zc->zc_nvlist_dst_size);
8097 }
8098 if (smusherror == 0)
8099 puterror = put_nvlist(zc, outnvl);
8100 }
8101
8102 if (puterror != 0)
8103 error = puterror;
8104
8105 nvlist_free(outnvl);
8106 } else {
8107 cookie = spl_fstrans_mark();
8108 error = vec->zvec_legacy_func(zc);
8109 spl_fstrans_unmark(cookie);
8110 }
8111
8112 out:
8113 nvlist_free(innvl);
8114 if (error == 0 && vec->zvec_allow_log) {
8115 char *s = tsd_get(zfs_allow_log_key);
8116 if (s != NULL)
8117 kmem_strfree(s);
8118 (void) tsd_set(zfs_allow_log_key, kmem_strdup(saved_poolname));
8119 }
8120 if (saved_poolname != NULL)
8121 kmem_free(saved_poolname, saved_poolname_len);
8122
8123 return (error);
8124 }
8125
8126 int
zfs_kmod_init(void)8127 zfs_kmod_init(void)
8128 {
8129 int error;
8130
8131 if ((error = zvol_init()) != 0)
8132 return (error);
8133
8134 spa_init(SPA_MODE_READ | SPA_MODE_WRITE);
8135 zfs_init();
8136
8137 zfs_ioctl_init();
8138
8139 mutex_init(&zfsdev_state_lock, NULL, MUTEX_DEFAULT, NULL);
8140 zfsdev_state_listhead.zs_minor = -1;
8141
8142 if ((error = zfsdev_attach()) != 0)
8143 goto out;
8144
8145 tsd_create(&rrw_tsd_key, rrw_tsd_destroy);
8146 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy);
8147
8148 return (0);
8149 out:
8150 zfs_fini();
8151 spa_fini();
8152 zvol_fini();
8153
8154 return (error);
8155 }
8156
8157 void
zfs_kmod_fini(void)8158 zfs_kmod_fini(void)
8159 {
8160 zfsdev_state_t *zs, *zsnext = NULL;
8161
8162 zfsdev_detach();
8163
8164 mutex_destroy(&zfsdev_state_lock);
8165
8166 for (zs = &zfsdev_state_listhead; zs != NULL; zs = zsnext) {
8167 zsnext = zs->zs_next;
8168 if (zs->zs_onexit)
8169 zfs_onexit_destroy(zs->zs_onexit);
8170 if (zs->zs_zevent)
8171 zfs_zevent_destroy(zs->zs_zevent);
8172 if (zs != &zfsdev_state_listhead)
8173 kmem_free(zs, sizeof (zfsdev_state_t));
8174 }
8175
8176 zfs_ereport_taskq_fini(); /* run before zfs_fini() on Linux */
8177 zfs_fini();
8178 spa_fini();
8179 zvol_fini();
8180
8181 tsd_destroy(&rrw_tsd_key);
8182 tsd_destroy(&zfs_allow_log_key);
8183 }
8184
8185 ZFS_MODULE_PARAM(zfs, zfs_, max_nvlist_src_size, U64, ZMOD_RW,
8186 "Maximum size in bytes allowed for src nvlist passed with ZFS ioctls");
8187
8188 ZFS_MODULE_PARAM(zfs, zfs_, history_output_max, U64, ZMOD_RW,
8189 "Maximum size in bytes of ZFS ioctl output that will be logged");
8190