xref: /freebsd/stand/libsa/zfs/zfsimpl.c (revision 924226fba12cc9a228c73b956e1b7fa24c60b055)
1 /*-
2  * Copyright (c) 2007 Doug Rabson
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 /*
31  *	Stand-alone ZFS file reader.
32  */
33 
34 #include <stdbool.h>
35 #include <sys/endian.h>
36 #include <sys/stat.h>
37 #include <sys/stdint.h>
38 #include <sys/list.h>
39 #include <sys/zfs_bootenv.h>
40 #include <machine/_inttypes.h>
41 
42 #include "zfsimpl.h"
43 #include "zfssubr.c"
44 
45 #ifdef HAS_ZSTD_ZFS
46 extern int zstd_init(void);
47 #endif
48 
49 struct zfsmount {
50 	char			*path;
51 	const spa_t		*spa;
52 	objset_phys_t		objset;
53 	uint64_t		rootobj;
54 	STAILQ_ENTRY(zfsmount)	next;
55 };
56 
57 typedef STAILQ_HEAD(zfs_mnt_list, zfsmount) zfs_mnt_list_t;
58 static zfs_mnt_list_t zfsmount = STAILQ_HEAD_INITIALIZER(zfsmount);
59 
60 /*
61  * The indirect_child_t represents the vdev that we will read from, when we
62  * need to read all copies of the data (e.g. for scrub or reconstruction).
63  * For plain (non-mirror) top-level vdevs (i.e. is_vdev is not a mirror),
64  * ic_vdev is the same as is_vdev.  However, for mirror top-level vdevs,
65  * ic_vdev is a child of the mirror.
66  */
67 typedef struct indirect_child {
68 	void *ic_data;
69 	vdev_t *ic_vdev;
70 } indirect_child_t;
71 
72 /*
73  * The indirect_split_t represents one mapped segment of an i/o to the
74  * indirect vdev. For non-split (contiguously-mapped) blocks, there will be
75  * only one indirect_split_t, with is_split_offset==0 and is_size==io_size.
76  * For split blocks, there will be several of these.
77  */
78 typedef struct indirect_split {
79 	list_node_t is_node; /* link on iv_splits */
80 
81 	/*
82 	 * is_split_offset is the offset into the i/o.
83 	 * This is the sum of the previous splits' is_size's.
84 	 */
85 	uint64_t is_split_offset;
86 
87 	vdev_t *is_vdev; /* top-level vdev */
88 	uint64_t is_target_offset; /* offset on is_vdev */
89 	uint64_t is_size;
90 	int is_children; /* number of entries in is_child[] */
91 
92 	/*
93 	 * is_good_child is the child that we are currently using to
94 	 * attempt reconstruction.
95 	 */
96 	int is_good_child;
97 
98 	indirect_child_t is_child[1]; /* variable-length */
99 } indirect_split_t;
100 
101 /*
102  * The indirect_vsd_t is associated with each i/o to the indirect vdev.
103  * It is the "Vdev-Specific Data" in the zio_t's io_vsd.
104  */
105 typedef struct indirect_vsd {
106 	boolean_t iv_split_block;
107 	boolean_t iv_reconstruct;
108 
109 	list_t iv_splits; /* list of indirect_split_t's */
110 } indirect_vsd_t;
111 
112 /*
113  * List of all vdevs, chained through v_alllink.
114  */
115 static vdev_list_t zfs_vdevs;
116 
117 /*
118  * List of ZFS features supported for read
119  */
120 static const char *features_for_read[] = {
121 	"org.illumos:lz4_compress",
122 	"com.delphix:hole_birth",
123 	"com.delphix:extensible_dataset",
124 	"com.delphix:embedded_data",
125 	"org.open-zfs:large_blocks",
126 	"org.illumos:sha512",
127 	"org.illumos:skein",
128 	"org.zfsonlinux:large_dnode",
129 	"com.joyent:multi_vdev_crash_dump",
130 	"com.delphix:spacemap_histogram",
131 	"com.delphix:zpool_checkpoint",
132 	"com.delphix:spacemap_v2",
133 	"com.datto:encryption",
134 	"com.datto:bookmark_v2",
135 	"org.zfsonlinux:allocation_classes",
136 	"com.datto:resilver_defer",
137 	"com.delphix:device_removal",
138 	"com.delphix:obsolete_counts",
139 	"com.intel:allocation_classes",
140 	"org.freebsd:zstd_compress",
141 	"com.delphix:bookmark_written",
142 	"com.delphix:head_errlog",
143 	NULL
144 };
145 
146 /*
147  * List of all pools, chained through spa_link.
148  */
149 static spa_list_t zfs_pools;
150 
151 static const dnode_phys_t *dnode_cache_obj;
152 static uint64_t dnode_cache_bn;
153 static char *dnode_cache_buf;
154 
155 static int zio_read(const spa_t *spa, const blkptr_t *bp, void *buf);
156 static int zfs_get_root(const spa_t *spa, uint64_t *objid);
157 static int zfs_rlookup(const spa_t *spa, uint64_t objnum, char *result);
158 static int zap_lookup(const spa_t *spa, const dnode_phys_t *dnode,
159     const char *name, uint64_t integer_size, uint64_t num_integers,
160     void *value);
161 static int objset_get_dnode(const spa_t *, const objset_phys_t *, uint64_t,
162     dnode_phys_t *);
163 static int dnode_read(const spa_t *, const dnode_phys_t *, off_t, void *,
164     size_t);
165 static int vdev_indirect_read(vdev_t *, const blkptr_t *, void *, off_t,
166     size_t);
167 static int vdev_mirror_read(vdev_t *, const blkptr_t *, void *, off_t, size_t);
168 vdev_indirect_mapping_t *vdev_indirect_mapping_open(spa_t *, objset_phys_t *,
169     uint64_t);
170 vdev_indirect_mapping_entry_phys_t *
171     vdev_indirect_mapping_duplicate_adjacent_entries(vdev_t *, uint64_t,
172     uint64_t, uint64_t *);
173 
174 static void
175 zfs_init(void)
176 {
177 	STAILQ_INIT(&zfs_vdevs);
178 	STAILQ_INIT(&zfs_pools);
179 
180 	dnode_cache_buf = malloc(SPA_MAXBLOCKSIZE);
181 
182 	zfs_init_crc();
183 #ifdef HAS_ZSTD_ZFS
184 	zstd_init();
185 #endif
186 }
187 
188 static int
189 nvlist_check_features_for_read(nvlist_t *nvl)
190 {
191 	nvlist_t *features = NULL;
192 	nvs_data_t *data;
193 	nvp_header_t *nvp;
194 	nv_string_t *nvp_name;
195 	int rc;
196 
197 	rc = nvlist_find(nvl, ZPOOL_CONFIG_FEATURES_FOR_READ,
198 	    DATA_TYPE_NVLIST, NULL, &features, NULL);
199 	switch (rc) {
200 	case 0:
201 		break;		/* Continue with checks */
202 
203 	case ENOENT:
204 		return (0);	/* All features are disabled */
205 
206 	default:
207 		return (rc);	/* Error while reading nvlist */
208 	}
209 
210 	data = (nvs_data_t *)features->nv_data;
211 	nvp = &data->nvl_pair;	/* first pair in nvlist */
212 
213 	while (nvp->encoded_size != 0 && nvp->decoded_size != 0) {
214 		int i, found;
215 
216 		nvp_name = (nv_string_t *)((uintptr_t)nvp + sizeof(*nvp));
217 		found = 0;
218 
219 		for (i = 0; features_for_read[i] != NULL; i++) {
220 			if (memcmp(nvp_name->nv_data, features_for_read[i],
221 			    nvp_name->nv_size) == 0) {
222 				found = 1;
223 				break;
224 			}
225 		}
226 
227 		if (!found) {
228 			printf("ZFS: unsupported feature: %.*s\n",
229 			    nvp_name->nv_size, nvp_name->nv_data);
230 			rc = EIO;
231 		}
232 		nvp = (nvp_header_t *)((uint8_t *)nvp + nvp->encoded_size);
233 	}
234 	nvlist_destroy(features);
235 
236 	return (rc);
237 }
238 
239 static int
240 vdev_read_phys(vdev_t *vdev, const blkptr_t *bp, void *buf,
241     off_t offset, size_t size)
242 {
243 	size_t psize;
244 	int rc;
245 
246 	if (vdev->v_phys_read == NULL)
247 		return (ENOTSUP);
248 
249 	if (bp) {
250 		psize = BP_GET_PSIZE(bp);
251 	} else {
252 		psize = size;
253 	}
254 
255 	rc = vdev->v_phys_read(vdev, vdev->v_priv, offset, buf, psize);
256 	if (rc == 0) {
257 		if (bp != NULL)
258 			rc = zio_checksum_verify(vdev->v_spa, bp, buf);
259 	}
260 
261 	return (rc);
262 }
263 
264 static int
265 vdev_write_phys(vdev_t *vdev, void *buf, off_t offset, size_t size)
266 {
267 	if (vdev->v_phys_write == NULL)
268 		return (ENOTSUP);
269 
270 	return (vdev->v_phys_write(vdev, offset, buf, size));
271 }
272 
273 typedef struct remap_segment {
274 	vdev_t *rs_vd;
275 	uint64_t rs_offset;
276 	uint64_t rs_asize;
277 	uint64_t rs_split_offset;
278 	list_node_t rs_node;
279 } remap_segment_t;
280 
281 static remap_segment_t *
282 rs_alloc(vdev_t *vd, uint64_t offset, uint64_t asize, uint64_t split_offset)
283 {
284 	remap_segment_t *rs = malloc(sizeof (remap_segment_t));
285 
286 	if (rs != NULL) {
287 		rs->rs_vd = vd;
288 		rs->rs_offset = offset;
289 		rs->rs_asize = asize;
290 		rs->rs_split_offset = split_offset;
291 	}
292 
293 	return (rs);
294 }
295 
296 vdev_indirect_mapping_t *
297 vdev_indirect_mapping_open(spa_t *spa, objset_phys_t *os,
298     uint64_t mapping_object)
299 {
300 	vdev_indirect_mapping_t *vim;
301 	vdev_indirect_mapping_phys_t *vim_phys;
302 	int rc;
303 
304 	vim = calloc(1, sizeof (*vim));
305 	if (vim == NULL)
306 		return (NULL);
307 
308 	vim->vim_dn = calloc(1, sizeof (*vim->vim_dn));
309 	if (vim->vim_dn == NULL) {
310 		free(vim);
311 		return (NULL);
312 	}
313 
314 	rc = objset_get_dnode(spa, os, mapping_object, vim->vim_dn);
315 	if (rc != 0) {
316 		free(vim->vim_dn);
317 		free(vim);
318 		return (NULL);
319 	}
320 
321 	vim->vim_spa = spa;
322 	vim->vim_phys = malloc(sizeof (*vim->vim_phys));
323 	if (vim->vim_phys == NULL) {
324 		free(vim->vim_dn);
325 		free(vim);
326 		return (NULL);
327 	}
328 
329 	vim_phys = (vdev_indirect_mapping_phys_t *)DN_BONUS(vim->vim_dn);
330 	*vim->vim_phys = *vim_phys;
331 
332 	vim->vim_objset = os;
333 	vim->vim_object = mapping_object;
334 	vim->vim_entries = NULL;
335 
336 	vim->vim_havecounts =
337 	    (vim->vim_dn->dn_bonuslen > VDEV_INDIRECT_MAPPING_SIZE_V0);
338 
339 	return (vim);
340 }
341 
342 /*
343  * Compare an offset with an indirect mapping entry; there are three
344  * possible scenarios:
345  *
346  *     1. The offset is "less than" the mapping entry; meaning the
347  *        offset is less than the source offset of the mapping entry. In
348  *        this case, there is no overlap between the offset and the
349  *        mapping entry and -1 will be returned.
350  *
351  *     2. The offset is "greater than" the mapping entry; meaning the
352  *        offset is greater than the mapping entry's source offset plus
353  *        the entry's size. In this case, there is no overlap between
354  *        the offset and the mapping entry and 1 will be returned.
355  *
356  *        NOTE: If the offset is actually equal to the entry's offset
357  *        plus size, this is considered to be "greater" than the entry,
358  *        and this case applies (i.e. 1 will be returned). Thus, the
359  *        entry's "range" can be considered to be inclusive at its
360  *        start, but exclusive at its end: e.g. [src, src + size).
361  *
362  *     3. The last case to consider is if the offset actually falls
363  *        within the mapping entry's range. If this is the case, the
364  *        offset is considered to be "equal to" the mapping entry and
365  *        0 will be returned.
366  *
367  *        NOTE: If the offset is equal to the entry's source offset,
368  *        this case applies and 0 will be returned. If the offset is
369  *        equal to the entry's source plus its size, this case does
370  *        *not* apply (see "NOTE" above for scenario 2), and 1 will be
371  *        returned.
372  */
373 static int
374 dva_mapping_overlap_compare(const void *v_key, const void *v_array_elem)
375 {
376 	const uint64_t *key = v_key;
377 	const vdev_indirect_mapping_entry_phys_t *array_elem =
378 	    v_array_elem;
379 	uint64_t src_offset = DVA_MAPPING_GET_SRC_OFFSET(array_elem);
380 
381 	if (*key < src_offset) {
382 		return (-1);
383 	} else if (*key < src_offset + DVA_GET_ASIZE(&array_elem->vimep_dst)) {
384 		return (0);
385 	} else {
386 		return (1);
387 	}
388 }
389 
390 /*
391  * Return array entry.
392  */
393 static vdev_indirect_mapping_entry_phys_t *
394 vdev_indirect_mapping_entry(vdev_indirect_mapping_t *vim, uint64_t index)
395 {
396 	uint64_t size;
397 	off_t offset = 0;
398 	int rc;
399 
400 	if (vim->vim_phys->vimp_num_entries == 0)
401 		return (NULL);
402 
403 	if (vim->vim_entries == NULL) {
404 		uint64_t bsize;
405 
406 		bsize = vim->vim_dn->dn_datablkszsec << SPA_MINBLOCKSHIFT;
407 		size = vim->vim_phys->vimp_num_entries *
408 		    sizeof (*vim->vim_entries);
409 		if (size > bsize) {
410 			size = bsize / sizeof (*vim->vim_entries);
411 			size *= sizeof (*vim->vim_entries);
412 		}
413 		vim->vim_entries = malloc(size);
414 		if (vim->vim_entries == NULL)
415 			return (NULL);
416 		vim->vim_num_entries = size / sizeof (*vim->vim_entries);
417 		offset = index * sizeof (*vim->vim_entries);
418 	}
419 
420 	/* We have data in vim_entries */
421 	if (offset == 0) {
422 		if (index >= vim->vim_entry_offset &&
423 		    index <= vim->vim_entry_offset + vim->vim_num_entries) {
424 			index -= vim->vim_entry_offset;
425 			return (&vim->vim_entries[index]);
426 		}
427 		offset = index * sizeof (*vim->vim_entries);
428 	}
429 
430 	vim->vim_entry_offset = index;
431 	size = vim->vim_num_entries * sizeof (*vim->vim_entries);
432 	rc = dnode_read(vim->vim_spa, vim->vim_dn, offset, vim->vim_entries,
433 	    size);
434 	if (rc != 0) {
435 		/* Read error, invalidate vim_entries. */
436 		free(vim->vim_entries);
437 		vim->vim_entries = NULL;
438 		return (NULL);
439 	}
440 	index -= vim->vim_entry_offset;
441 	return (&vim->vim_entries[index]);
442 }
443 
444 /*
445  * Returns the mapping entry for the given offset.
446  *
447  * It's possible that the given offset will not be in the mapping table
448  * (i.e. no mapping entries contain this offset), in which case, the
449  * return value value depends on the "next_if_missing" parameter.
450  *
451  * If the offset is not found in the table and "next_if_missing" is
452  * B_FALSE, then NULL will always be returned. The behavior is intended
453  * to allow consumers to get the entry corresponding to the offset
454  * parameter, iff the offset overlaps with an entry in the table.
455  *
456  * If the offset is not found in the table and "next_if_missing" is
457  * B_TRUE, then the entry nearest to the given offset will be returned,
458  * such that the entry's source offset is greater than the offset
459  * passed in (i.e. the "next" mapping entry in the table is returned, if
460  * the offset is missing from the table). If there are no entries whose
461  * source offset is greater than the passed in offset, NULL is returned.
462  */
463 static vdev_indirect_mapping_entry_phys_t *
464 vdev_indirect_mapping_entry_for_offset(vdev_indirect_mapping_t *vim,
465     uint64_t offset)
466 {
467 	ASSERT(vim->vim_phys->vimp_num_entries > 0);
468 
469 	vdev_indirect_mapping_entry_phys_t *entry;
470 
471 	uint64_t last = vim->vim_phys->vimp_num_entries - 1;
472 	uint64_t base = 0;
473 
474 	/*
475 	 * We don't define these inside of the while loop because we use
476 	 * their value in the case that offset isn't in the mapping.
477 	 */
478 	uint64_t mid;
479 	int result;
480 
481 	while (last >= base) {
482 		mid = base + ((last - base) >> 1);
483 
484 		entry = vdev_indirect_mapping_entry(vim, mid);
485 		if (entry == NULL)
486 			break;
487 		result = dva_mapping_overlap_compare(&offset, entry);
488 
489 		if (result == 0) {
490 			break;
491 		} else if (result < 0) {
492 			last = mid - 1;
493 		} else {
494 			base = mid + 1;
495 		}
496 	}
497 	return (entry);
498 }
499 
500 /*
501  * Given an indirect vdev and an extent on that vdev, it duplicates the
502  * physical entries of the indirect mapping that correspond to the extent
503  * to a new array and returns a pointer to it. In addition, copied_entries
504  * is populated with the number of mapping entries that were duplicated.
505  *
506  * Finally, since we are doing an allocation, it is up to the caller to
507  * free the array allocated in this function.
508  */
509 vdev_indirect_mapping_entry_phys_t *
510 vdev_indirect_mapping_duplicate_adjacent_entries(vdev_t *vd, uint64_t offset,
511     uint64_t asize, uint64_t *copied_entries)
512 {
513 	vdev_indirect_mapping_entry_phys_t *duplicate_mappings = NULL;
514 	vdev_indirect_mapping_t *vim = vd->v_mapping;
515 	uint64_t entries = 0;
516 
517 	vdev_indirect_mapping_entry_phys_t *first_mapping =
518 	    vdev_indirect_mapping_entry_for_offset(vim, offset);
519 	ASSERT3P(first_mapping, !=, NULL);
520 
521 	vdev_indirect_mapping_entry_phys_t *m = first_mapping;
522 	while (asize > 0) {
523 		uint64_t size = DVA_GET_ASIZE(&m->vimep_dst);
524 		uint64_t inner_offset = offset - DVA_MAPPING_GET_SRC_OFFSET(m);
525 		uint64_t inner_size = MIN(asize, size - inner_offset);
526 
527 		offset += inner_size;
528 		asize -= inner_size;
529 		entries++;
530 		m++;
531 	}
532 
533 	size_t copy_length = entries * sizeof (*first_mapping);
534 	duplicate_mappings = malloc(copy_length);
535 	if (duplicate_mappings != NULL)
536 		bcopy(first_mapping, duplicate_mappings, copy_length);
537 	else
538 		entries = 0;
539 
540 	*copied_entries = entries;
541 
542 	return (duplicate_mappings);
543 }
544 
545 static vdev_t *
546 vdev_lookup_top(spa_t *spa, uint64_t vdev)
547 {
548 	vdev_t *rvd;
549 	vdev_list_t *vlist;
550 
551 	vlist = &spa->spa_root_vdev->v_children;
552 	STAILQ_FOREACH(rvd, vlist, v_childlink)
553 		if (rvd->v_id == vdev)
554 			break;
555 
556 	return (rvd);
557 }
558 
559 /*
560  * This is a callback for vdev_indirect_remap() which allocates an
561  * indirect_split_t for each split segment and adds it to iv_splits.
562  */
563 static void
564 vdev_indirect_gather_splits(uint64_t split_offset, vdev_t *vd, uint64_t offset,
565     uint64_t size, void *arg)
566 {
567 	int n = 1;
568 	zio_t *zio = arg;
569 	indirect_vsd_t *iv = zio->io_vsd;
570 
571 	if (vd->v_read == vdev_indirect_read)
572 		return;
573 
574 	if (vd->v_read == vdev_mirror_read)
575 		n = vd->v_nchildren;
576 
577 	indirect_split_t *is =
578 	    malloc(offsetof(indirect_split_t, is_child[n]));
579 	if (is == NULL) {
580 		zio->io_error = ENOMEM;
581 		return;
582 	}
583 	bzero(is, offsetof(indirect_split_t, is_child[n]));
584 
585 	is->is_children = n;
586 	is->is_size = size;
587 	is->is_split_offset = split_offset;
588 	is->is_target_offset = offset;
589 	is->is_vdev = vd;
590 
591 	/*
592 	 * Note that we only consider multiple copies of the data for
593 	 * *mirror* vdevs.  We don't for "replacing" or "spare" vdevs, even
594 	 * though they use the same ops as mirror, because there's only one
595 	 * "good" copy under the replacing/spare.
596 	 */
597 	if (vd->v_read == vdev_mirror_read) {
598 		int i = 0;
599 		vdev_t *kid;
600 
601 		STAILQ_FOREACH(kid, &vd->v_children, v_childlink) {
602 			is->is_child[i++].ic_vdev = kid;
603 		}
604 	} else {
605 		is->is_child[0].ic_vdev = vd;
606 	}
607 
608 	list_insert_tail(&iv->iv_splits, is);
609 }
610 
611 static void
612 vdev_indirect_remap(vdev_t *vd, uint64_t offset, uint64_t asize, void *arg)
613 {
614 	list_t stack;
615 	spa_t *spa = vd->v_spa;
616 	zio_t *zio = arg;
617 	remap_segment_t *rs;
618 
619 	list_create(&stack, sizeof (remap_segment_t),
620 	    offsetof(remap_segment_t, rs_node));
621 
622 	rs = rs_alloc(vd, offset, asize, 0);
623 	if (rs == NULL) {
624 		printf("vdev_indirect_remap: out of memory.\n");
625 		zio->io_error = ENOMEM;
626 	}
627 	for (; rs != NULL; rs = list_remove_head(&stack)) {
628 		vdev_t *v = rs->rs_vd;
629 		uint64_t num_entries = 0;
630 		/* vdev_indirect_mapping_t *vim = v->v_mapping; */
631 		vdev_indirect_mapping_entry_phys_t *mapping =
632 		    vdev_indirect_mapping_duplicate_adjacent_entries(v,
633 		    rs->rs_offset, rs->rs_asize, &num_entries);
634 
635 		if (num_entries == 0)
636 			zio->io_error = ENOMEM;
637 
638 		for (uint64_t i = 0; i < num_entries; i++) {
639 			vdev_indirect_mapping_entry_phys_t *m = &mapping[i];
640 			uint64_t size = DVA_GET_ASIZE(&m->vimep_dst);
641 			uint64_t dst_offset = DVA_GET_OFFSET(&m->vimep_dst);
642 			uint64_t dst_vdev = DVA_GET_VDEV(&m->vimep_dst);
643 			uint64_t inner_offset = rs->rs_offset -
644 			    DVA_MAPPING_GET_SRC_OFFSET(m);
645 			uint64_t inner_size =
646 			    MIN(rs->rs_asize, size - inner_offset);
647 			vdev_t *dst_v = vdev_lookup_top(spa, dst_vdev);
648 
649 			if (dst_v->v_read == vdev_indirect_read) {
650 				remap_segment_t *o;
651 
652 				o = rs_alloc(dst_v, dst_offset + inner_offset,
653 				    inner_size, rs->rs_split_offset);
654 				if (o == NULL) {
655 					printf("vdev_indirect_remap: "
656 					    "out of memory.\n");
657 					zio->io_error = ENOMEM;
658 					break;
659 				}
660 
661 				list_insert_head(&stack, o);
662 			}
663 			vdev_indirect_gather_splits(rs->rs_split_offset, dst_v,
664 			    dst_offset + inner_offset,
665 			    inner_size, arg);
666 
667 			/*
668 			 * vdev_indirect_gather_splits can have memory
669 			 * allocation error, we can not recover from it.
670 			 */
671 			if (zio->io_error != 0)
672 				break;
673 			rs->rs_offset += inner_size;
674 			rs->rs_asize -= inner_size;
675 			rs->rs_split_offset += inner_size;
676 		}
677 
678 		free(mapping);
679 		free(rs);
680 		if (zio->io_error != 0)
681 			break;
682 	}
683 
684 	list_destroy(&stack);
685 }
686 
687 static void
688 vdev_indirect_map_free(zio_t *zio)
689 {
690 	indirect_vsd_t *iv = zio->io_vsd;
691 	indirect_split_t *is;
692 
693 	while ((is = list_head(&iv->iv_splits)) != NULL) {
694 		for (int c = 0; c < is->is_children; c++) {
695 			indirect_child_t *ic = &is->is_child[c];
696 			free(ic->ic_data);
697 		}
698 		list_remove(&iv->iv_splits, is);
699 		free(is);
700 	}
701 	free(iv);
702 }
703 
704 static int
705 vdev_indirect_read(vdev_t *vdev, const blkptr_t *bp, void *buf,
706     off_t offset, size_t bytes)
707 {
708 	zio_t zio;
709 	spa_t *spa = vdev->v_spa;
710 	indirect_vsd_t *iv;
711 	indirect_split_t *first;
712 	int rc = EIO;
713 
714 	iv = calloc(1, sizeof(*iv));
715 	if (iv == NULL)
716 		return (ENOMEM);
717 
718 	list_create(&iv->iv_splits,
719 	    sizeof (indirect_split_t), offsetof(indirect_split_t, is_node));
720 
721 	bzero(&zio, sizeof(zio));
722 	zio.io_spa = spa;
723 	zio.io_bp = (blkptr_t *)bp;
724 	zio.io_data = buf;
725 	zio.io_size = bytes;
726 	zio.io_offset = offset;
727 	zio.io_vd = vdev;
728 	zio.io_vsd = iv;
729 
730 	if (vdev->v_mapping == NULL) {
731 		vdev_indirect_config_t *vic;
732 
733 		vic = &vdev->vdev_indirect_config;
734 		vdev->v_mapping = vdev_indirect_mapping_open(spa,
735 		    spa->spa_mos, vic->vic_mapping_object);
736 	}
737 
738 	vdev_indirect_remap(vdev, offset, bytes, &zio);
739 	if (zio.io_error != 0)
740 		return (zio.io_error);
741 
742 	first = list_head(&iv->iv_splits);
743 	if (first->is_size == zio.io_size) {
744 		/*
745 		 * This is not a split block; we are pointing to the entire
746 		 * data, which will checksum the same as the original data.
747 		 * Pass the BP down so that the child i/o can verify the
748 		 * checksum, and try a different location if available
749 		 * (e.g. on a mirror).
750 		 *
751 		 * While this special case could be handled the same as the
752 		 * general (split block) case, doing it this way ensures
753 		 * that the vast majority of blocks on indirect vdevs
754 		 * (which are not split) are handled identically to blocks
755 		 * on non-indirect vdevs.  This allows us to be less strict
756 		 * about performance in the general (but rare) case.
757 		 */
758 		rc = first->is_vdev->v_read(first->is_vdev, zio.io_bp,
759 		    zio.io_data, first->is_target_offset, bytes);
760 	} else {
761 		iv->iv_split_block = B_TRUE;
762 		/*
763 		 * Read one copy of each split segment, from the
764 		 * top-level vdev.  Since we don't know the
765 		 * checksum of each split individually, the child
766 		 * zio can't ensure that we get the right data.
767 		 * E.g. if it's a mirror, it will just read from a
768 		 * random (healthy) leaf vdev.  We have to verify
769 		 * the checksum in vdev_indirect_io_done().
770 		 */
771 		for (indirect_split_t *is = list_head(&iv->iv_splits);
772 		    is != NULL; is = list_next(&iv->iv_splits, is)) {
773 			char *ptr = zio.io_data;
774 
775 			rc = is->is_vdev->v_read(is->is_vdev, zio.io_bp,
776 			    ptr + is->is_split_offset, is->is_target_offset,
777 			    is->is_size);
778 		}
779 		if (zio_checksum_verify(spa, zio.io_bp, zio.io_data))
780 			rc = ECKSUM;
781 		else
782 			rc = 0;
783 	}
784 
785 	vdev_indirect_map_free(&zio);
786 	if (rc == 0)
787 		rc = zio.io_error;
788 
789 	return (rc);
790 }
791 
792 static int
793 vdev_disk_read(vdev_t *vdev, const blkptr_t *bp, void *buf,
794     off_t offset, size_t bytes)
795 {
796 
797 	return (vdev_read_phys(vdev, bp, buf,
798 	    offset + VDEV_LABEL_START_SIZE, bytes));
799 }
800 
801 static int
802 vdev_missing_read(vdev_t *vdev __unused, const blkptr_t *bp __unused,
803     void *buf __unused, off_t offset __unused, size_t bytes __unused)
804 {
805 
806 	return (ENOTSUP);
807 }
808 
809 static int
810 vdev_mirror_read(vdev_t *vdev, const blkptr_t *bp, void *buf,
811     off_t offset, size_t bytes)
812 {
813 	vdev_t *kid;
814 	int rc;
815 
816 	rc = EIO;
817 	STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
818 		if (kid->v_state != VDEV_STATE_HEALTHY)
819 			continue;
820 		rc = kid->v_read(kid, bp, buf, offset, bytes);
821 		if (!rc)
822 			return (0);
823 	}
824 
825 	return (rc);
826 }
827 
828 static int
829 vdev_replacing_read(vdev_t *vdev, const blkptr_t *bp, void *buf,
830     off_t offset, size_t bytes)
831 {
832 	vdev_t *kid;
833 
834 	/*
835 	 * Here we should have two kids:
836 	 * First one which is the one we are replacing and we can trust
837 	 * only this one to have valid data, but it might not be present.
838 	 * Second one is that one we are replacing with. It is most likely
839 	 * healthy, but we can't trust it has needed data, so we won't use it.
840 	 */
841 	kid = STAILQ_FIRST(&vdev->v_children);
842 	if (kid == NULL)
843 		return (EIO);
844 	if (kid->v_state != VDEV_STATE_HEALTHY)
845 		return (EIO);
846 	return (kid->v_read(kid, bp, buf, offset, bytes));
847 }
848 
849 static vdev_t *
850 vdev_find(uint64_t guid)
851 {
852 	vdev_t *vdev;
853 
854 	STAILQ_FOREACH(vdev, &zfs_vdevs, v_alllink)
855 		if (vdev->v_guid == guid)
856 			return (vdev);
857 
858 	return (0);
859 }
860 
861 static vdev_t *
862 vdev_create(uint64_t guid, vdev_read_t *_read)
863 {
864 	vdev_t *vdev;
865 	vdev_indirect_config_t *vic;
866 
867 	vdev = calloc(1, sizeof(vdev_t));
868 	if (vdev != NULL) {
869 		STAILQ_INIT(&vdev->v_children);
870 		vdev->v_guid = guid;
871 		vdev->v_read = _read;
872 
873 		/*
874 		 * root vdev has no read function, we use this fact to
875 		 * skip setting up data we do not need for root vdev.
876 		 * We only point root vdev from spa.
877 		 */
878 		if (_read != NULL) {
879 			vic = &vdev->vdev_indirect_config;
880 			vic->vic_prev_indirect_vdev = UINT64_MAX;
881 			STAILQ_INSERT_TAIL(&zfs_vdevs, vdev, v_alllink);
882 		}
883 	}
884 
885 	return (vdev);
886 }
887 
888 static void
889 vdev_set_initial_state(vdev_t *vdev, const nvlist_t *nvlist)
890 {
891 	uint64_t is_offline, is_faulted, is_degraded, is_removed, isnt_present;
892 	uint64_t is_log;
893 
894 	is_offline = is_removed = is_faulted = is_degraded = isnt_present = 0;
895 	is_log = 0;
896 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_OFFLINE, DATA_TYPE_UINT64, NULL,
897 	    &is_offline, NULL);
898 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_REMOVED, DATA_TYPE_UINT64, NULL,
899 	    &is_removed, NULL);
900 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_FAULTED, DATA_TYPE_UINT64, NULL,
901 	    &is_faulted, NULL);
902 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_DEGRADED, DATA_TYPE_UINT64,
903 	    NULL, &is_degraded, NULL);
904 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_NOT_PRESENT, DATA_TYPE_UINT64,
905 	    NULL, &isnt_present, NULL);
906 	(void) nvlist_find(nvlist, ZPOOL_CONFIG_IS_LOG, DATA_TYPE_UINT64, NULL,
907 	    &is_log, NULL);
908 
909 	if (is_offline != 0)
910 		vdev->v_state = VDEV_STATE_OFFLINE;
911 	else if (is_removed != 0)
912 		vdev->v_state = VDEV_STATE_REMOVED;
913 	else if (is_faulted != 0)
914 		vdev->v_state = VDEV_STATE_FAULTED;
915 	else if (is_degraded != 0)
916 		vdev->v_state = VDEV_STATE_DEGRADED;
917 	else if (isnt_present != 0)
918 		vdev->v_state = VDEV_STATE_CANT_OPEN;
919 
920 	vdev->v_islog = is_log != 0;
921 }
922 
923 static int
924 vdev_init(uint64_t guid, const nvlist_t *nvlist, vdev_t **vdevp)
925 {
926 	uint64_t id, ashift, asize, nparity;
927 	const char *path;
928 	const char *type;
929 	int len, pathlen;
930 	char *name;
931 	vdev_t *vdev;
932 
933 	if (nvlist_find(nvlist, ZPOOL_CONFIG_ID, DATA_TYPE_UINT64, NULL, &id,
934 	    NULL) ||
935 	    nvlist_find(nvlist, ZPOOL_CONFIG_TYPE, DATA_TYPE_STRING, NULL,
936 	    &type, &len)) {
937 		return (ENOENT);
938 	}
939 
940 	if (memcmp(type, VDEV_TYPE_MIRROR, len) != 0 &&
941 	    memcmp(type, VDEV_TYPE_DISK, len) != 0 &&
942 #ifdef ZFS_TEST
943 	    memcmp(type, VDEV_TYPE_FILE, len) != 0 &&
944 #endif
945 	    memcmp(type, VDEV_TYPE_RAIDZ, len) != 0 &&
946 	    memcmp(type, VDEV_TYPE_INDIRECT, len) != 0 &&
947 	    memcmp(type, VDEV_TYPE_REPLACING, len) != 0 &&
948 	    memcmp(type, VDEV_TYPE_HOLE, len) != 0) {
949 		printf("ZFS: can only boot from disk, mirror, raidz1, "
950 		    "raidz2 and raidz3 vdevs, got: %.*s\n", len, type);
951 		return (EIO);
952 	}
953 
954 	if (memcmp(type, VDEV_TYPE_MIRROR, len) == 0)
955 		vdev = vdev_create(guid, vdev_mirror_read);
956 	else if (memcmp(type, VDEV_TYPE_RAIDZ, len) == 0)
957 		vdev = vdev_create(guid, vdev_raidz_read);
958 	else if (memcmp(type, VDEV_TYPE_REPLACING, len) == 0)
959 		vdev = vdev_create(guid, vdev_replacing_read);
960 	else if (memcmp(type, VDEV_TYPE_INDIRECT, len) == 0) {
961 		vdev_indirect_config_t *vic;
962 
963 		vdev = vdev_create(guid, vdev_indirect_read);
964 		if (vdev != NULL) {
965 			vdev->v_state = VDEV_STATE_HEALTHY;
966 			vic = &vdev->vdev_indirect_config;
967 
968 			nvlist_find(nvlist,
969 			    ZPOOL_CONFIG_INDIRECT_OBJECT,
970 			    DATA_TYPE_UINT64,
971 			    NULL, &vic->vic_mapping_object, NULL);
972 			nvlist_find(nvlist,
973 			    ZPOOL_CONFIG_INDIRECT_BIRTHS,
974 			    DATA_TYPE_UINT64,
975 			    NULL, &vic->vic_births_object, NULL);
976 			nvlist_find(nvlist,
977 			    ZPOOL_CONFIG_PREV_INDIRECT_VDEV,
978 			    DATA_TYPE_UINT64,
979 			    NULL, &vic->vic_prev_indirect_vdev, NULL);
980 		}
981 	} else if (memcmp(type, VDEV_TYPE_HOLE, len) == 0) {
982 		vdev = vdev_create(guid, vdev_missing_read);
983 	} else {
984 		vdev = vdev_create(guid, vdev_disk_read);
985 	}
986 
987 	if (vdev == NULL)
988 		return (ENOMEM);
989 
990 	vdev_set_initial_state(vdev, nvlist);
991 	vdev->v_id = id;
992 	if (nvlist_find(nvlist, ZPOOL_CONFIG_ASHIFT,
993 	    DATA_TYPE_UINT64, NULL, &ashift, NULL) == 0)
994 		vdev->v_ashift = ashift;
995 
996 	if (nvlist_find(nvlist, ZPOOL_CONFIG_ASIZE,
997 	    DATA_TYPE_UINT64, NULL, &asize, NULL) == 0) {
998 		vdev->v_psize = asize +
999 		    VDEV_LABEL_START_SIZE + VDEV_LABEL_END_SIZE;
1000 	}
1001 
1002 	if (nvlist_find(nvlist, ZPOOL_CONFIG_NPARITY,
1003 	    DATA_TYPE_UINT64, NULL, &nparity, NULL) == 0)
1004 		vdev->v_nparity = nparity;
1005 
1006 	if (nvlist_find(nvlist, ZPOOL_CONFIG_PATH,
1007 	    DATA_TYPE_STRING, NULL, &path, &pathlen) == 0) {
1008 		char prefix[] = "/dev/";
1009 
1010 		len = strlen(prefix);
1011 		if (len < pathlen && memcmp(path, prefix, len) == 0) {
1012 			path += len;
1013 			pathlen -= len;
1014 		}
1015 		name = malloc(pathlen + 1);
1016 		bcopy(path, name, pathlen);
1017 		name[pathlen] = '\0';
1018 		vdev->v_name = name;
1019 	} else {
1020 		name = NULL;
1021 		if (memcmp(type, VDEV_TYPE_RAIDZ, len) == 0) {
1022 			if (vdev->v_nparity < 1 ||
1023 			    vdev->v_nparity > 3) {
1024 				printf("ZFS: invalid raidz parity: %d\n",
1025 				    vdev->v_nparity);
1026 				return (EIO);
1027 			}
1028 			(void) asprintf(&name, "%.*s%d-%" PRIu64, len, type,
1029 			    vdev->v_nparity, id);
1030 		} else {
1031 			(void) asprintf(&name, "%.*s-%" PRIu64, len, type, id);
1032 		}
1033 		vdev->v_name = name;
1034 	}
1035 	*vdevp = vdev;
1036 	return (0);
1037 }
1038 
1039 /*
1040  * Find slot for vdev. We return either NULL to signal to use
1041  * STAILQ_INSERT_HEAD, or we return link element to be used with
1042  * STAILQ_INSERT_AFTER.
1043  */
1044 static vdev_t *
1045 vdev_find_previous(vdev_t *top_vdev, vdev_t *vdev)
1046 {
1047 	vdev_t *v, *previous;
1048 
1049 	if (STAILQ_EMPTY(&top_vdev->v_children))
1050 		return (NULL);
1051 
1052 	previous = NULL;
1053 	STAILQ_FOREACH(v, &top_vdev->v_children, v_childlink) {
1054 		if (v->v_id > vdev->v_id)
1055 			return (previous);
1056 
1057 		if (v->v_id == vdev->v_id)
1058 			return (v);
1059 
1060 		if (v->v_id < vdev->v_id)
1061 			previous = v;
1062 	}
1063 	return (previous);
1064 }
1065 
1066 static size_t
1067 vdev_child_count(vdev_t *vdev)
1068 {
1069 	vdev_t *v;
1070 	size_t count;
1071 
1072 	count = 0;
1073 	STAILQ_FOREACH(v, &vdev->v_children, v_childlink) {
1074 		count++;
1075 	}
1076 	return (count);
1077 }
1078 
1079 /*
1080  * Insert vdev into top_vdev children list. List is ordered by v_id.
1081  */
1082 static void
1083 vdev_insert(vdev_t *top_vdev, vdev_t *vdev)
1084 {
1085 	vdev_t *previous;
1086 	size_t count;
1087 
1088 	/*
1089 	 * The top level vdev can appear in random order, depending how
1090 	 * the firmware is presenting the disk devices.
1091 	 * However, we will insert vdev to create list ordered by v_id,
1092 	 * so we can use either STAILQ_INSERT_HEAD or STAILQ_INSERT_AFTER
1093 	 * as STAILQ does not have insert before.
1094 	 */
1095 	previous = vdev_find_previous(top_vdev, vdev);
1096 
1097 	if (previous == NULL) {
1098 		STAILQ_INSERT_HEAD(&top_vdev->v_children, vdev, v_childlink);
1099 	} else if (previous->v_id == vdev->v_id) {
1100 		/*
1101 		 * This vdev was configured from label config,
1102 		 * do not insert duplicate.
1103 		 */
1104 		return;
1105 	} else {
1106 		STAILQ_INSERT_AFTER(&top_vdev->v_children, previous, vdev,
1107 		    v_childlink);
1108 	}
1109 
1110 	count = vdev_child_count(top_vdev);
1111 	if (top_vdev->v_nchildren < count)
1112 		top_vdev->v_nchildren = count;
1113 }
1114 
1115 static int
1116 vdev_from_nvlist(spa_t *spa, uint64_t top_guid, const nvlist_t *nvlist)
1117 {
1118 	vdev_t *top_vdev, *vdev;
1119 	nvlist_t **kids = NULL;
1120 	int rc, nkids;
1121 
1122 	/* Get top vdev. */
1123 	top_vdev = vdev_find(top_guid);
1124 	if (top_vdev == NULL) {
1125 		rc = vdev_init(top_guid, nvlist, &top_vdev);
1126 		if (rc != 0)
1127 			return (rc);
1128 		top_vdev->v_spa = spa;
1129 		top_vdev->v_top = top_vdev;
1130 		vdev_insert(spa->spa_root_vdev, top_vdev);
1131 	}
1132 
1133 	/* Add children if there are any. */
1134 	rc = nvlist_find(nvlist, ZPOOL_CONFIG_CHILDREN, DATA_TYPE_NVLIST_ARRAY,
1135 	    &nkids, &kids, NULL);
1136 	if (rc == 0) {
1137 		for (int i = 0; i < nkids; i++) {
1138 			uint64_t guid;
1139 
1140 			rc = nvlist_find(kids[i], ZPOOL_CONFIG_GUID,
1141 			    DATA_TYPE_UINT64, NULL, &guid, NULL);
1142 			if (rc != 0)
1143 				goto done;
1144 
1145 			rc = vdev_init(guid, kids[i], &vdev);
1146 			if (rc != 0)
1147 				goto done;
1148 
1149 			vdev->v_spa = spa;
1150 			vdev->v_top = top_vdev;
1151 			vdev_insert(top_vdev, vdev);
1152 		}
1153 	} else {
1154 		/*
1155 		 * When there are no children, nvlist_find() does return
1156 		 * error, reset it because leaf devices have no children.
1157 		 */
1158 		rc = 0;
1159 	}
1160 done:
1161 	if (kids != NULL) {
1162 		for (int i = 0; i < nkids; i++)
1163 			nvlist_destroy(kids[i]);
1164 		free(kids);
1165 	}
1166 
1167 	return (rc);
1168 }
1169 
1170 static int
1171 vdev_init_from_label(spa_t *spa, const nvlist_t *nvlist)
1172 {
1173 	uint64_t pool_guid, top_guid;
1174 	nvlist_t *vdevs;
1175 	int rc;
1176 
1177 	if (nvlist_find(nvlist, ZPOOL_CONFIG_POOL_GUID, DATA_TYPE_UINT64,
1178 	    NULL, &pool_guid, NULL) ||
1179 	    nvlist_find(nvlist, ZPOOL_CONFIG_TOP_GUID, DATA_TYPE_UINT64,
1180 	    NULL, &top_guid, NULL) ||
1181 	    nvlist_find(nvlist, ZPOOL_CONFIG_VDEV_TREE, DATA_TYPE_NVLIST,
1182 	    NULL, &vdevs, NULL)) {
1183 		printf("ZFS: can't find vdev details\n");
1184 		return (ENOENT);
1185 	}
1186 
1187 	rc = vdev_from_nvlist(spa, top_guid, vdevs);
1188 	nvlist_destroy(vdevs);
1189 	return (rc);
1190 }
1191 
1192 static void
1193 vdev_set_state(vdev_t *vdev)
1194 {
1195 	vdev_t *kid;
1196 	int good_kids;
1197 	int bad_kids;
1198 
1199 	STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
1200 		vdev_set_state(kid);
1201 	}
1202 
1203 	/*
1204 	 * A mirror or raidz is healthy if all its kids are healthy. A
1205 	 * mirror is degraded if any of its kids is healthy; a raidz
1206 	 * is degraded if at most nparity kids are offline.
1207 	 */
1208 	if (STAILQ_FIRST(&vdev->v_children)) {
1209 		good_kids = 0;
1210 		bad_kids = 0;
1211 		STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
1212 			if (kid->v_state == VDEV_STATE_HEALTHY)
1213 				good_kids++;
1214 			else
1215 				bad_kids++;
1216 		}
1217 		if (bad_kids == 0) {
1218 			vdev->v_state = VDEV_STATE_HEALTHY;
1219 		} else {
1220 			if (vdev->v_read == vdev_mirror_read) {
1221 				if (good_kids) {
1222 					vdev->v_state = VDEV_STATE_DEGRADED;
1223 				} else {
1224 					vdev->v_state = VDEV_STATE_OFFLINE;
1225 				}
1226 			} else if (vdev->v_read == vdev_raidz_read) {
1227 				if (bad_kids > vdev->v_nparity) {
1228 					vdev->v_state = VDEV_STATE_OFFLINE;
1229 				} else {
1230 					vdev->v_state = VDEV_STATE_DEGRADED;
1231 				}
1232 			}
1233 		}
1234 	}
1235 }
1236 
1237 static int
1238 vdev_update_from_nvlist(uint64_t top_guid, const nvlist_t *nvlist)
1239 {
1240 	vdev_t *vdev;
1241 	nvlist_t **kids = NULL;
1242 	int rc, nkids;
1243 
1244 	/* Update top vdev. */
1245 	vdev = vdev_find(top_guid);
1246 	if (vdev != NULL)
1247 		vdev_set_initial_state(vdev, nvlist);
1248 
1249 	/* Update children if there are any. */
1250 	rc = nvlist_find(nvlist, ZPOOL_CONFIG_CHILDREN, DATA_TYPE_NVLIST_ARRAY,
1251 	    &nkids, &kids, NULL);
1252 	if (rc == 0) {
1253 		for (int i = 0; i < nkids; i++) {
1254 			uint64_t guid;
1255 
1256 			rc = nvlist_find(kids[i], ZPOOL_CONFIG_GUID,
1257 			    DATA_TYPE_UINT64, NULL, &guid, NULL);
1258 			if (rc != 0)
1259 				break;
1260 
1261 			vdev = vdev_find(guid);
1262 			if (vdev != NULL)
1263 				vdev_set_initial_state(vdev, kids[i]);
1264 		}
1265 	} else {
1266 		rc = 0;
1267 	}
1268 	if (kids != NULL) {
1269 		for (int i = 0; i < nkids; i++)
1270 			nvlist_destroy(kids[i]);
1271 		free(kids);
1272 	}
1273 
1274 	return (rc);
1275 }
1276 
1277 static int
1278 vdev_init_from_nvlist(spa_t *spa, const nvlist_t *nvlist)
1279 {
1280 	uint64_t pool_guid, vdev_children;
1281 	nvlist_t *vdevs = NULL, **kids = NULL;
1282 	int rc, nkids;
1283 
1284 	if (nvlist_find(nvlist, ZPOOL_CONFIG_POOL_GUID, DATA_TYPE_UINT64,
1285 	    NULL, &pool_guid, NULL) ||
1286 	    nvlist_find(nvlist, ZPOOL_CONFIG_VDEV_CHILDREN, DATA_TYPE_UINT64,
1287 	    NULL, &vdev_children, NULL) ||
1288 	    nvlist_find(nvlist, ZPOOL_CONFIG_VDEV_TREE, DATA_TYPE_NVLIST,
1289 	    NULL, &vdevs, NULL)) {
1290 		printf("ZFS: can't find vdev details\n");
1291 		return (ENOENT);
1292 	}
1293 
1294 	/* Wrong guid?! */
1295 	if (spa->spa_guid != pool_guid) {
1296 		nvlist_destroy(vdevs);
1297 		return (EINVAL);
1298 	}
1299 
1300 	spa->spa_root_vdev->v_nchildren = vdev_children;
1301 
1302 	rc = nvlist_find(vdevs, ZPOOL_CONFIG_CHILDREN, DATA_TYPE_NVLIST_ARRAY,
1303 	    &nkids, &kids, NULL);
1304 	nvlist_destroy(vdevs);
1305 
1306 	/*
1307 	 * MOS config has at least one child for root vdev.
1308 	 */
1309 	if (rc != 0)
1310 		return (rc);
1311 
1312 	for (int i = 0; i < nkids; i++) {
1313 		uint64_t guid;
1314 		vdev_t *vdev;
1315 
1316 		rc = nvlist_find(kids[i], ZPOOL_CONFIG_GUID, DATA_TYPE_UINT64,
1317 		    NULL, &guid, NULL);
1318 		if (rc != 0)
1319 			break;
1320 		vdev = vdev_find(guid);
1321 		/*
1322 		 * Top level vdev is missing, create it.
1323 		 */
1324 		if (vdev == NULL)
1325 			rc = vdev_from_nvlist(spa, guid, kids[i]);
1326 		else
1327 			rc = vdev_update_from_nvlist(guid, kids[i]);
1328 		if (rc != 0)
1329 			break;
1330 	}
1331 	if (kids != NULL) {
1332 		for (int i = 0; i < nkids; i++)
1333 			nvlist_destroy(kids[i]);
1334 		free(kids);
1335 	}
1336 
1337 	/*
1338 	 * Re-evaluate top-level vdev state.
1339 	 */
1340 	vdev_set_state(spa->spa_root_vdev);
1341 
1342 	return (rc);
1343 }
1344 
1345 static spa_t *
1346 spa_find_by_guid(uint64_t guid)
1347 {
1348 	spa_t *spa;
1349 
1350 	STAILQ_FOREACH(spa, &zfs_pools, spa_link)
1351 		if (spa->spa_guid == guid)
1352 			return (spa);
1353 
1354 	return (NULL);
1355 }
1356 
1357 static spa_t *
1358 spa_find_by_name(const char *name)
1359 {
1360 	spa_t *spa;
1361 
1362 	STAILQ_FOREACH(spa, &zfs_pools, spa_link)
1363 		if (strcmp(spa->spa_name, name) == 0)
1364 			return (spa);
1365 
1366 	return (NULL);
1367 }
1368 
1369 static spa_t *
1370 spa_find_by_dev(struct zfs_devdesc *dev)
1371 {
1372 
1373 	if (dev->dd.d_dev->dv_type != DEVT_ZFS)
1374 		return (NULL);
1375 
1376 	if (dev->pool_guid == 0)
1377 		return (STAILQ_FIRST(&zfs_pools));
1378 
1379 	return (spa_find_by_guid(dev->pool_guid));
1380 }
1381 
1382 static spa_t *
1383 spa_create(uint64_t guid, const char *name)
1384 {
1385 	spa_t *spa;
1386 
1387 	if ((spa = calloc(1, sizeof(spa_t))) == NULL)
1388 		return (NULL);
1389 	if ((spa->spa_name = strdup(name)) == NULL) {
1390 		free(spa);
1391 		return (NULL);
1392 	}
1393 	spa->spa_uberblock = &spa->spa_uberblock_master;
1394 	spa->spa_mos = &spa->spa_mos_master;
1395 	spa->spa_guid = guid;
1396 	spa->spa_root_vdev = vdev_create(guid, NULL);
1397 	if (spa->spa_root_vdev == NULL) {
1398 		free(spa->spa_name);
1399 		free(spa);
1400 		return (NULL);
1401 	}
1402 	spa->spa_root_vdev->v_name = strdup("root");
1403 	STAILQ_INSERT_TAIL(&zfs_pools, spa, spa_link);
1404 
1405 	return (spa);
1406 }
1407 
1408 static const char *
1409 state_name(vdev_state_t state)
1410 {
1411 	static const char *names[] = {
1412 		"UNKNOWN",
1413 		"CLOSED",
1414 		"OFFLINE",
1415 		"REMOVED",
1416 		"CANT_OPEN",
1417 		"FAULTED",
1418 		"DEGRADED",
1419 		"ONLINE"
1420 	};
1421 	return (names[state]);
1422 }
1423 
1424 #ifdef BOOT2
1425 
1426 #define pager_printf printf
1427 
1428 #else
1429 
1430 static int
1431 pager_printf(const char *fmt, ...)
1432 {
1433 	char line[80];
1434 	va_list args;
1435 
1436 	va_start(args, fmt);
1437 	vsnprintf(line, sizeof(line), fmt, args);
1438 	va_end(args);
1439 	return (pager_output(line));
1440 }
1441 
1442 #endif
1443 
1444 #define	STATUS_FORMAT	"        %s %s\n"
1445 
1446 static int
1447 print_state(int indent, const char *name, vdev_state_t state)
1448 {
1449 	int i;
1450 	char buf[512];
1451 
1452 	buf[0] = 0;
1453 	for (i = 0; i < indent; i++)
1454 		strcat(buf, "  ");
1455 	strcat(buf, name);
1456 	return (pager_printf(STATUS_FORMAT, buf, state_name(state)));
1457 }
1458 
1459 static int
1460 vdev_status(vdev_t *vdev, int indent)
1461 {
1462 	vdev_t *kid;
1463 	int ret;
1464 
1465 	if (vdev->v_islog) {
1466 		(void) pager_output("        logs\n");
1467 		indent++;
1468 	}
1469 
1470 	ret = print_state(indent, vdev->v_name, vdev->v_state);
1471 	if (ret != 0)
1472 		return (ret);
1473 
1474 	STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
1475 		ret = vdev_status(kid, indent + 1);
1476 		if (ret != 0)
1477 			return (ret);
1478 	}
1479 	return (ret);
1480 }
1481 
1482 static int
1483 spa_status(spa_t *spa)
1484 {
1485 	static char bootfs[ZFS_MAXNAMELEN];
1486 	uint64_t rootid;
1487 	vdev_list_t *vlist;
1488 	vdev_t *vdev;
1489 	int good_kids, bad_kids, degraded_kids, ret;
1490 	vdev_state_t state;
1491 
1492 	ret = pager_printf("  pool: %s\n", spa->spa_name);
1493 	if (ret != 0)
1494 		return (ret);
1495 
1496 	if (zfs_get_root(spa, &rootid) == 0 &&
1497 	    zfs_rlookup(spa, rootid, bootfs) == 0) {
1498 		if (bootfs[0] == '\0')
1499 			ret = pager_printf("bootfs: %s\n", spa->spa_name);
1500 		else
1501 			ret = pager_printf("bootfs: %s/%s\n", spa->spa_name,
1502 			    bootfs);
1503 		if (ret != 0)
1504 			return (ret);
1505 	}
1506 	ret = pager_printf("config:\n\n");
1507 	if (ret != 0)
1508 		return (ret);
1509 	ret = pager_printf(STATUS_FORMAT, "NAME", "STATE");
1510 	if (ret != 0)
1511 		return (ret);
1512 
1513 	good_kids = 0;
1514 	degraded_kids = 0;
1515 	bad_kids = 0;
1516 	vlist = &spa->spa_root_vdev->v_children;
1517 	STAILQ_FOREACH(vdev, vlist, v_childlink) {
1518 		if (vdev->v_state == VDEV_STATE_HEALTHY)
1519 			good_kids++;
1520 		else if (vdev->v_state == VDEV_STATE_DEGRADED)
1521 			degraded_kids++;
1522 		else
1523 			bad_kids++;
1524 	}
1525 
1526 	state = VDEV_STATE_CLOSED;
1527 	if (good_kids > 0 && (degraded_kids + bad_kids) == 0)
1528 		state = VDEV_STATE_HEALTHY;
1529 	else if ((good_kids + degraded_kids) > 0)
1530 		state = VDEV_STATE_DEGRADED;
1531 
1532 	ret = print_state(0, spa->spa_name, state);
1533 	if (ret != 0)
1534 		return (ret);
1535 
1536 	STAILQ_FOREACH(vdev, vlist, v_childlink) {
1537 		ret = vdev_status(vdev, 1);
1538 		if (ret != 0)
1539 			return (ret);
1540 	}
1541 	return (ret);
1542 }
1543 
1544 static int
1545 spa_all_status(void)
1546 {
1547 	spa_t *spa;
1548 	int first = 1, ret = 0;
1549 
1550 	STAILQ_FOREACH(spa, &zfs_pools, spa_link) {
1551 		if (!first) {
1552 			ret = pager_printf("\n");
1553 			if (ret != 0)
1554 				return (ret);
1555 		}
1556 		first = 0;
1557 		ret = spa_status(spa);
1558 		if (ret != 0)
1559 			return (ret);
1560 	}
1561 	return (ret);
1562 }
1563 
1564 static uint64_t
1565 vdev_label_offset(uint64_t psize, int l, uint64_t offset)
1566 {
1567 	uint64_t label_offset;
1568 
1569 	if (l < VDEV_LABELS / 2)
1570 		label_offset = 0;
1571 	else
1572 		label_offset = psize - VDEV_LABELS * sizeof (vdev_label_t);
1573 
1574 	return (offset + l * sizeof (vdev_label_t) + label_offset);
1575 }
1576 
1577 static int
1578 vdev_uberblock_compare(const uberblock_t *ub1, const uberblock_t *ub2)
1579 {
1580 	unsigned int seq1 = 0;
1581 	unsigned int seq2 = 0;
1582 	int cmp = AVL_CMP(ub1->ub_txg, ub2->ub_txg);
1583 
1584 	if (cmp != 0)
1585 		return (cmp);
1586 
1587 	cmp = AVL_CMP(ub1->ub_timestamp, ub2->ub_timestamp);
1588 	if (cmp != 0)
1589 		return (cmp);
1590 
1591 	if (MMP_VALID(ub1) && MMP_SEQ_VALID(ub1))
1592 		seq1 = MMP_SEQ(ub1);
1593 
1594 	if (MMP_VALID(ub2) && MMP_SEQ_VALID(ub2))
1595 		seq2 = MMP_SEQ(ub2);
1596 
1597 	return (AVL_CMP(seq1, seq2));
1598 }
1599 
1600 static int
1601 uberblock_verify(uberblock_t *ub)
1602 {
1603 	if (ub->ub_magic == BSWAP_64((uint64_t)UBERBLOCK_MAGIC)) {
1604 		byteswap_uint64_array(ub, sizeof (uberblock_t));
1605 	}
1606 
1607 	if (ub->ub_magic != UBERBLOCK_MAGIC ||
1608 	    !SPA_VERSION_IS_SUPPORTED(ub->ub_version))
1609 		return (EINVAL);
1610 
1611 	return (0);
1612 }
1613 
1614 static int
1615 vdev_label_read(vdev_t *vd, int l, void *buf, uint64_t offset,
1616     size_t size)
1617 {
1618 	blkptr_t bp;
1619 	off_t off;
1620 
1621 	off = vdev_label_offset(vd->v_psize, l, offset);
1622 
1623 	BP_ZERO(&bp);
1624 	BP_SET_LSIZE(&bp, size);
1625 	BP_SET_PSIZE(&bp, size);
1626 	BP_SET_CHECKSUM(&bp, ZIO_CHECKSUM_LABEL);
1627 	BP_SET_COMPRESS(&bp, ZIO_COMPRESS_OFF);
1628 	DVA_SET_OFFSET(BP_IDENTITY(&bp), off);
1629 	ZIO_SET_CHECKSUM(&bp.blk_cksum, off, 0, 0, 0);
1630 
1631 	return (vdev_read_phys(vd, &bp, buf, off, size));
1632 }
1633 
1634 /*
1635  * We do need to be sure we write to correct location.
1636  * Our vdev label does consist of 4 fields:
1637  * pad1 (8k), reserved.
1638  * bootenv (8k), checksummed, previously reserved, may contian garbage.
1639  * vdev_phys (112k), checksummed
1640  * uberblock ring (128k), checksummed.
1641  *
1642  * Since bootenv area may contain garbage, we can not reliably read it, as
1643  * we can get checksum errors.
1644  * Next best thing is vdev_phys - it is just after bootenv. It still may
1645  * be corrupted, but in such case we will miss this one write.
1646  */
1647 static int
1648 vdev_label_write_validate(vdev_t *vd, int l, uint64_t offset)
1649 {
1650 	uint64_t off, o_phys;
1651 	void *buf;
1652 	size_t size = VDEV_PHYS_SIZE;
1653 	int rc;
1654 
1655 	o_phys = offsetof(vdev_label_t, vl_vdev_phys);
1656 	off = vdev_label_offset(vd->v_psize, l, o_phys);
1657 
1658 	/* off should be 8K from bootenv */
1659 	if (vdev_label_offset(vd->v_psize, l, offset) + VDEV_PAD_SIZE != off)
1660 		return (EINVAL);
1661 
1662 	buf = malloc(size);
1663 	if (buf == NULL)
1664 		return (ENOMEM);
1665 
1666 	/* Read vdev_phys */
1667 	rc = vdev_label_read(vd, l, buf, o_phys, size);
1668 	free(buf);
1669 	return (rc);
1670 }
1671 
1672 static int
1673 vdev_label_write(vdev_t *vd, int l, vdev_boot_envblock_t *be, uint64_t offset)
1674 {
1675 	zio_checksum_info_t *ci;
1676 	zio_cksum_t cksum;
1677 	off_t off;
1678 	size_t size = VDEV_PAD_SIZE;
1679 	int rc;
1680 
1681 	if (vd->v_phys_write == NULL)
1682 		return (ENOTSUP);
1683 
1684 	off = vdev_label_offset(vd->v_psize, l, offset);
1685 
1686 	rc = vdev_label_write_validate(vd, l, offset);
1687 	if (rc != 0) {
1688 		return (rc);
1689 	}
1690 
1691 	ci = &zio_checksum_table[ZIO_CHECKSUM_LABEL];
1692 	be->vbe_zbt.zec_magic = ZEC_MAGIC;
1693 	zio_checksum_label_verifier(&be->vbe_zbt.zec_cksum, off);
1694 	ci->ci_func[0](be, size, NULL, &cksum);
1695 	be->vbe_zbt.zec_cksum = cksum;
1696 
1697 	return (vdev_write_phys(vd, be, off, size));
1698 }
1699 
1700 static int
1701 vdev_write_bootenv_impl(vdev_t *vdev, vdev_boot_envblock_t *be)
1702 {
1703 	vdev_t *kid;
1704 	int rv = 0, rc;
1705 
1706 	STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
1707 		if (kid->v_state != VDEV_STATE_HEALTHY)
1708 			continue;
1709 		rc = vdev_write_bootenv_impl(kid, be);
1710 		if (rv == 0)
1711 			rv = rc;
1712 	}
1713 
1714 	/*
1715 	 * Non-leaf vdevs do not have v_phys_write.
1716 	 */
1717 	if (vdev->v_phys_write == NULL)
1718 		return (rv);
1719 
1720 	for (int l = 0; l < VDEV_LABELS; l++) {
1721 		rc = vdev_label_write(vdev, l, be,
1722 		    offsetof(vdev_label_t, vl_be));
1723 		if (rc != 0) {
1724 			printf("failed to write bootenv to %s label %d: %d\n",
1725 			    vdev->v_name ? vdev->v_name : "unknown", l, rc);
1726 			rv = rc;
1727 		}
1728 	}
1729 	return (rv);
1730 }
1731 
1732 int
1733 vdev_write_bootenv(vdev_t *vdev, nvlist_t *nvl)
1734 {
1735 	vdev_boot_envblock_t *be;
1736 	nvlist_t nv, *nvp;
1737 	uint64_t version;
1738 	int rv;
1739 
1740 	if (nvl->nv_size > sizeof(be->vbe_bootenv))
1741 		return (E2BIG);
1742 
1743 	version = VB_RAW;
1744 	nvp = vdev_read_bootenv(vdev);
1745 	if (nvp != NULL) {
1746 		nvlist_find(nvp, BOOTENV_VERSION, DATA_TYPE_UINT64, NULL,
1747 		    &version, NULL);
1748 		nvlist_destroy(nvp);
1749 	}
1750 
1751 	be = calloc(1, sizeof(*be));
1752 	if (be == NULL)
1753 		return (ENOMEM);
1754 
1755 	be->vbe_version = version;
1756 	switch (version) {
1757 	case VB_RAW:
1758 		/*
1759 		 * If there is no envmap, we will just wipe bootenv.
1760 		 */
1761 		nvlist_find(nvl, GRUB_ENVMAP, DATA_TYPE_STRING, NULL,
1762 		    be->vbe_bootenv, NULL);
1763 		rv = 0;
1764 		break;
1765 
1766 	case VB_NVLIST:
1767 		nv.nv_header = nvl->nv_header;
1768 		nv.nv_asize = nvl->nv_asize;
1769 		nv.nv_size = nvl->nv_size;
1770 
1771 		bcopy(&nv.nv_header, be->vbe_bootenv, sizeof(nv.nv_header));
1772 		nv.nv_data = be->vbe_bootenv + sizeof(nvs_header_t);
1773 		bcopy(nvl->nv_data, nv.nv_data, nv.nv_size);
1774 		rv = nvlist_export(&nv);
1775 		break;
1776 
1777 	default:
1778 		rv = EINVAL;
1779 		break;
1780 	}
1781 
1782 	if (rv == 0) {
1783 		be->vbe_version = htobe64(be->vbe_version);
1784 		rv = vdev_write_bootenv_impl(vdev, be);
1785 	}
1786 	free(be);
1787 	return (rv);
1788 }
1789 
1790 /*
1791  * Read the bootenv area from pool label, return the nvlist from it.
1792  * We return from first successful read.
1793  */
1794 nvlist_t *
1795 vdev_read_bootenv(vdev_t *vdev)
1796 {
1797 	vdev_t *kid;
1798 	nvlist_t *benv;
1799 	vdev_boot_envblock_t *be;
1800 	char *command;
1801 	bool ok;
1802 	int rv;
1803 
1804 	STAILQ_FOREACH(kid, &vdev->v_children, v_childlink) {
1805 		if (kid->v_state != VDEV_STATE_HEALTHY)
1806 			continue;
1807 
1808 		benv = vdev_read_bootenv(kid);
1809 		if (benv != NULL)
1810 			return (benv);
1811 	}
1812 
1813 	be = malloc(sizeof (*be));
1814 	if (be == NULL)
1815 		return (NULL);
1816 
1817 	rv = 0;
1818 	for (int l = 0; l < VDEV_LABELS; l++) {
1819 		rv = vdev_label_read(vdev, l, be,
1820 		    offsetof(vdev_label_t, vl_be),
1821 		    sizeof (*be));
1822 		if (rv == 0)
1823 			break;
1824 	}
1825 	if (rv != 0) {
1826 		free(be);
1827 		return (NULL);
1828 	}
1829 
1830 	be->vbe_version = be64toh(be->vbe_version);
1831 	switch (be->vbe_version) {
1832 	case VB_RAW:
1833 		/*
1834 		 * we have textual data in vbe_bootenv, create nvlist
1835 		 * with key "envmap".
1836 		 */
1837 		benv = nvlist_create(NV_UNIQUE_NAME);
1838 		if (benv != NULL) {
1839 			if (*be->vbe_bootenv == '\0') {
1840 				nvlist_add_uint64(benv, BOOTENV_VERSION,
1841 				    VB_NVLIST);
1842 				break;
1843 			}
1844 			nvlist_add_uint64(benv, BOOTENV_VERSION, VB_RAW);
1845 			be->vbe_bootenv[sizeof (be->vbe_bootenv) - 1] = '\0';
1846 			nvlist_add_string(benv, GRUB_ENVMAP, be->vbe_bootenv);
1847 		}
1848 		break;
1849 
1850 	case VB_NVLIST:
1851 		benv = nvlist_import(be->vbe_bootenv, sizeof(be->vbe_bootenv));
1852 		break;
1853 
1854 	default:
1855 		command = (char *)be;
1856 		ok = false;
1857 
1858 		/* Check for legacy zfsbootcfg command string */
1859 		for (int i = 0; command[i] != '\0'; i++) {
1860 			if (iscntrl(command[i])) {
1861 				ok = false;
1862 				break;
1863 			} else {
1864 				ok = true;
1865 			}
1866 		}
1867 		benv = nvlist_create(NV_UNIQUE_NAME);
1868 		if (benv != NULL) {
1869 			if (ok)
1870 				nvlist_add_string(benv, FREEBSD_BOOTONCE,
1871 				    command);
1872 			else
1873 				nvlist_add_uint64(benv, BOOTENV_VERSION,
1874 				    VB_NVLIST);
1875 		}
1876 		break;
1877 	}
1878 	free(be);
1879 	return (benv);
1880 }
1881 
1882 static uint64_t
1883 vdev_get_label_asize(nvlist_t *nvl)
1884 {
1885 	nvlist_t *vdevs;
1886 	uint64_t asize;
1887 	const char *type;
1888 	int len;
1889 
1890 	asize = 0;
1891 	/* Get vdev tree */
1892 	if (nvlist_find(nvl, ZPOOL_CONFIG_VDEV_TREE, DATA_TYPE_NVLIST,
1893 	    NULL, &vdevs, NULL) != 0)
1894 		return (asize);
1895 
1896 	/*
1897 	 * Get vdev type. We will calculate asize for raidz, mirror and disk.
1898 	 * For raidz, the asize is raw size of all children.
1899 	 */
1900 	if (nvlist_find(vdevs, ZPOOL_CONFIG_TYPE, DATA_TYPE_STRING,
1901 	    NULL, &type, &len) != 0)
1902 		goto done;
1903 
1904 	if (memcmp(type, VDEV_TYPE_MIRROR, len) != 0 &&
1905 	    memcmp(type, VDEV_TYPE_DISK, len) != 0 &&
1906 	    memcmp(type, VDEV_TYPE_RAIDZ, len) != 0)
1907 		goto done;
1908 
1909 	if (nvlist_find(vdevs, ZPOOL_CONFIG_ASIZE, DATA_TYPE_UINT64,
1910 	    NULL, &asize, NULL) != 0)
1911 		goto done;
1912 
1913 	if (memcmp(type, VDEV_TYPE_RAIDZ, len) == 0) {
1914 		nvlist_t **kids;
1915 		int nkids;
1916 
1917 		if (nvlist_find(vdevs, ZPOOL_CONFIG_CHILDREN,
1918 		    DATA_TYPE_NVLIST_ARRAY, &nkids, &kids, NULL) != 0) {
1919 			asize = 0;
1920 			goto done;
1921 		}
1922 
1923 		asize /= nkids;
1924 		for (int i = 0; i < nkids; i++)
1925 			nvlist_destroy(kids[i]);
1926 		free(kids);
1927 	}
1928 
1929 	asize += VDEV_LABEL_START_SIZE + VDEV_LABEL_END_SIZE;
1930 done:
1931 	nvlist_destroy(vdevs);
1932 	return (asize);
1933 }
1934 
1935 static nvlist_t *
1936 vdev_label_read_config(vdev_t *vd, uint64_t txg)
1937 {
1938 	vdev_phys_t *label;
1939 	uint64_t best_txg = 0;
1940 	uint64_t label_txg = 0;
1941 	uint64_t asize;
1942 	nvlist_t *nvl = NULL, *tmp;
1943 	int error;
1944 
1945 	label = malloc(sizeof (vdev_phys_t));
1946 	if (label == NULL)
1947 		return (NULL);
1948 
1949 	for (int l = 0; l < VDEV_LABELS; l++) {
1950 		if (vdev_label_read(vd, l, label,
1951 		    offsetof(vdev_label_t, vl_vdev_phys),
1952 		    sizeof (vdev_phys_t)))
1953 			continue;
1954 
1955 		tmp = nvlist_import(label->vp_nvlist,
1956 		    sizeof(label->vp_nvlist));
1957 		if (tmp == NULL)
1958 			continue;
1959 
1960 		error = nvlist_find(tmp, ZPOOL_CONFIG_POOL_TXG,
1961 		    DATA_TYPE_UINT64, NULL, &label_txg, NULL);
1962 		if (error != 0 || label_txg == 0) {
1963 			nvlist_destroy(nvl);
1964 			nvl = tmp;
1965 			goto done;
1966 		}
1967 
1968 		if (label_txg <= txg && label_txg > best_txg) {
1969 			best_txg = label_txg;
1970 			nvlist_destroy(nvl);
1971 			nvl = tmp;
1972 			tmp = NULL;
1973 
1974 			/*
1975 			 * Use asize from pool config. We need this
1976 			 * because we can get bad value from BIOS.
1977 			 */
1978 			asize = vdev_get_label_asize(nvl);
1979 			if (asize != 0) {
1980 				vd->v_psize = asize;
1981 			}
1982 		}
1983 		nvlist_destroy(tmp);
1984 	}
1985 
1986 	if (best_txg == 0) {
1987 		nvlist_destroy(nvl);
1988 		nvl = NULL;
1989 	}
1990 done:
1991 	free(label);
1992 	return (nvl);
1993 }
1994 
1995 static void
1996 vdev_uberblock_load(vdev_t *vd, uberblock_t *ub)
1997 {
1998 	uberblock_t *buf;
1999 
2000 	buf = malloc(VDEV_UBERBLOCK_SIZE(vd));
2001 	if (buf == NULL)
2002 		return;
2003 
2004 	for (int l = 0; l < VDEV_LABELS; l++) {
2005 		for (int n = 0; n < VDEV_UBERBLOCK_COUNT(vd); n++) {
2006 			if (vdev_label_read(vd, l, buf,
2007 			    VDEV_UBERBLOCK_OFFSET(vd, n),
2008 			    VDEV_UBERBLOCK_SIZE(vd)))
2009 				continue;
2010 			if (uberblock_verify(buf) != 0)
2011 				continue;
2012 
2013 			if (vdev_uberblock_compare(buf, ub) > 0)
2014 				*ub = *buf;
2015 		}
2016 	}
2017 	free(buf);
2018 }
2019 
2020 static int
2021 vdev_probe(vdev_phys_read_t *_read, vdev_phys_write_t *_write, void *priv,
2022     spa_t **spap)
2023 {
2024 	vdev_t vtmp;
2025 	spa_t *spa;
2026 	vdev_t *vdev;
2027 	nvlist_t *nvl;
2028 	uint64_t val;
2029 	uint64_t guid, vdev_children;
2030 	uint64_t pool_txg, pool_guid;
2031 	const char *pool_name;
2032 	int rc, namelen;
2033 
2034 	/*
2035 	 * Load the vdev label and figure out which
2036 	 * uberblock is most current.
2037 	 */
2038 	memset(&vtmp, 0, sizeof(vtmp));
2039 	vtmp.v_phys_read = _read;
2040 	vtmp.v_phys_write = _write;
2041 	vtmp.v_priv = priv;
2042 	vtmp.v_psize = P2ALIGN(ldi_get_size(priv),
2043 	    (uint64_t)sizeof (vdev_label_t));
2044 
2045 	/* Test for minimum device size. */
2046 	if (vtmp.v_psize < SPA_MINDEVSIZE)
2047 		return (EIO);
2048 
2049 	nvl = vdev_label_read_config(&vtmp, UINT64_MAX);
2050 	if (nvl == NULL)
2051 		return (EIO);
2052 
2053 	if (nvlist_find(nvl, ZPOOL_CONFIG_VERSION, DATA_TYPE_UINT64,
2054 	    NULL, &val, NULL) != 0) {
2055 		nvlist_destroy(nvl);
2056 		return (EIO);
2057 	}
2058 
2059 	if (!SPA_VERSION_IS_SUPPORTED(val)) {
2060 		printf("ZFS: unsupported ZFS version %u (should be %u)\n",
2061 		    (unsigned)val, (unsigned)SPA_VERSION);
2062 		nvlist_destroy(nvl);
2063 		return (EIO);
2064 	}
2065 
2066 	/* Check ZFS features for read */
2067 	rc = nvlist_check_features_for_read(nvl);
2068 	if (rc != 0) {
2069 		nvlist_destroy(nvl);
2070 		return (EIO);
2071 	}
2072 
2073 	if (nvlist_find(nvl, ZPOOL_CONFIG_POOL_STATE, DATA_TYPE_UINT64,
2074 	    NULL, &val, NULL) != 0) {
2075 		nvlist_destroy(nvl);
2076 		return (EIO);
2077 	}
2078 
2079 	if (val == POOL_STATE_DESTROYED) {
2080 		/* We don't boot only from destroyed pools. */
2081 		nvlist_destroy(nvl);
2082 		return (EIO);
2083 	}
2084 
2085 	if (nvlist_find(nvl, ZPOOL_CONFIG_POOL_TXG, DATA_TYPE_UINT64,
2086 	    NULL, &pool_txg, NULL) != 0 ||
2087 	    nvlist_find(nvl, ZPOOL_CONFIG_POOL_GUID, DATA_TYPE_UINT64,
2088 	    NULL, &pool_guid, NULL) != 0 ||
2089 	    nvlist_find(nvl, ZPOOL_CONFIG_POOL_NAME, DATA_TYPE_STRING,
2090 	    NULL, &pool_name, &namelen) != 0) {
2091 		/*
2092 		 * Cache and spare devices end up here - just ignore
2093 		 * them.
2094 		 */
2095 		nvlist_destroy(nvl);
2096 		return (EIO);
2097 	}
2098 
2099 	/*
2100 	 * Create the pool if this is the first time we've seen it.
2101 	 */
2102 	spa = spa_find_by_guid(pool_guid);
2103 	if (spa == NULL) {
2104 		char *name;
2105 
2106 		nvlist_find(nvl, ZPOOL_CONFIG_VDEV_CHILDREN,
2107 		    DATA_TYPE_UINT64, NULL, &vdev_children, NULL);
2108 		name = malloc(namelen + 1);
2109 		if (name == NULL) {
2110 			nvlist_destroy(nvl);
2111 			return (ENOMEM);
2112 		}
2113 		bcopy(pool_name, name, namelen);
2114 		name[namelen] = '\0';
2115 		spa = spa_create(pool_guid, name);
2116 		free(name);
2117 		if (spa == NULL) {
2118 			nvlist_destroy(nvl);
2119 			return (ENOMEM);
2120 		}
2121 		spa->spa_root_vdev->v_nchildren = vdev_children;
2122 	}
2123 	if (pool_txg > spa->spa_txg)
2124 		spa->spa_txg = pool_txg;
2125 
2126 	/*
2127 	 * Get the vdev tree and create our in-core copy of it.
2128 	 * If we already have a vdev with this guid, this must
2129 	 * be some kind of alias (overlapping slices, dangerously dedicated
2130 	 * disks etc).
2131 	 */
2132 	if (nvlist_find(nvl, ZPOOL_CONFIG_GUID, DATA_TYPE_UINT64,
2133 	    NULL, &guid, NULL) != 0) {
2134 		nvlist_destroy(nvl);
2135 		return (EIO);
2136 	}
2137 	vdev = vdev_find(guid);
2138 	/* Has this vdev already been inited? */
2139 	if (vdev && vdev->v_phys_read) {
2140 		nvlist_destroy(nvl);
2141 		return (EIO);
2142 	}
2143 
2144 	rc = vdev_init_from_label(spa, nvl);
2145 	nvlist_destroy(nvl);
2146 	if (rc != 0)
2147 		return (rc);
2148 
2149 	/*
2150 	 * We should already have created an incomplete vdev for this
2151 	 * vdev. Find it and initialise it with our read proc.
2152 	 */
2153 	vdev = vdev_find(guid);
2154 	if (vdev != NULL) {
2155 		vdev->v_phys_read = _read;
2156 		vdev->v_phys_write = _write;
2157 		vdev->v_priv = priv;
2158 		vdev->v_psize = vtmp.v_psize;
2159 		/*
2160 		 * If no other state is set, mark vdev healthy.
2161 		 */
2162 		if (vdev->v_state == VDEV_STATE_UNKNOWN)
2163 			vdev->v_state = VDEV_STATE_HEALTHY;
2164 	} else {
2165 		printf("ZFS: inconsistent nvlist contents\n");
2166 		return (EIO);
2167 	}
2168 
2169 	if (vdev->v_islog)
2170 		spa->spa_with_log = vdev->v_islog;
2171 
2172 	/*
2173 	 * Re-evaluate top-level vdev state.
2174 	 */
2175 	vdev_set_state(vdev->v_top);
2176 
2177 	/*
2178 	 * Ok, we are happy with the pool so far. Lets find
2179 	 * the best uberblock and then we can actually access
2180 	 * the contents of the pool.
2181 	 */
2182 	vdev_uberblock_load(vdev, spa->spa_uberblock);
2183 
2184 	if (spap != NULL)
2185 		*spap = spa;
2186 	return (0);
2187 }
2188 
2189 static int
2190 ilog2(int n)
2191 {
2192 	int v;
2193 
2194 	for (v = 0; v < 32; v++)
2195 		if (n == (1 << v))
2196 			return (v);
2197 	return (-1);
2198 }
2199 
2200 static int
2201 zio_read_gang(const spa_t *spa, const blkptr_t *bp, void *buf)
2202 {
2203 	blkptr_t gbh_bp;
2204 	zio_gbh_phys_t zio_gb;
2205 	char *pbuf;
2206 	int i;
2207 
2208 	/* Artificial BP for gang block header. */
2209 	gbh_bp = *bp;
2210 	BP_SET_PSIZE(&gbh_bp, SPA_GANGBLOCKSIZE);
2211 	BP_SET_LSIZE(&gbh_bp, SPA_GANGBLOCKSIZE);
2212 	BP_SET_CHECKSUM(&gbh_bp, ZIO_CHECKSUM_GANG_HEADER);
2213 	BP_SET_COMPRESS(&gbh_bp, ZIO_COMPRESS_OFF);
2214 	for (i = 0; i < SPA_DVAS_PER_BP; i++)
2215 		DVA_SET_GANG(&gbh_bp.blk_dva[i], 0);
2216 
2217 	/* Read gang header block using the artificial BP. */
2218 	if (zio_read(spa, &gbh_bp, &zio_gb))
2219 		return (EIO);
2220 
2221 	pbuf = buf;
2222 	for (i = 0; i < SPA_GBH_NBLKPTRS; i++) {
2223 		blkptr_t *gbp = &zio_gb.zg_blkptr[i];
2224 
2225 		if (BP_IS_HOLE(gbp))
2226 			continue;
2227 		if (zio_read(spa, gbp, pbuf))
2228 			return (EIO);
2229 		pbuf += BP_GET_PSIZE(gbp);
2230 	}
2231 
2232 	if (zio_checksum_verify(spa, bp, buf))
2233 		return (EIO);
2234 	return (0);
2235 }
2236 
2237 static int
2238 zio_read(const spa_t *spa, const blkptr_t *bp, void *buf)
2239 {
2240 	int cpfunc = BP_GET_COMPRESS(bp);
2241 	uint64_t align, size;
2242 	void *pbuf;
2243 	int i, error;
2244 
2245 	/*
2246 	 * Process data embedded in block pointer
2247 	 */
2248 	if (BP_IS_EMBEDDED(bp)) {
2249 		ASSERT(BPE_GET_ETYPE(bp) == BP_EMBEDDED_TYPE_DATA);
2250 
2251 		size = BPE_GET_PSIZE(bp);
2252 		ASSERT(size <= BPE_PAYLOAD_SIZE);
2253 
2254 		if (cpfunc != ZIO_COMPRESS_OFF)
2255 			pbuf = malloc(size);
2256 		else
2257 			pbuf = buf;
2258 
2259 		if (pbuf == NULL)
2260 			return (ENOMEM);
2261 
2262 		decode_embedded_bp_compressed(bp, pbuf);
2263 		error = 0;
2264 
2265 		if (cpfunc != ZIO_COMPRESS_OFF) {
2266 			error = zio_decompress_data(cpfunc, pbuf,
2267 			    size, buf, BP_GET_LSIZE(bp));
2268 			free(pbuf);
2269 		}
2270 		if (error != 0)
2271 			printf("ZFS: i/o error - unable to decompress "
2272 			    "block pointer data, error %d\n", error);
2273 		return (error);
2274 	}
2275 
2276 	error = EIO;
2277 
2278 	for (i = 0; i < SPA_DVAS_PER_BP; i++) {
2279 		const dva_t *dva = &bp->blk_dva[i];
2280 		vdev_t *vdev;
2281 		vdev_list_t *vlist;
2282 		uint64_t vdevid;
2283 		off_t offset;
2284 
2285 		if (!dva->dva_word[0] && !dva->dva_word[1])
2286 			continue;
2287 
2288 		vdevid = DVA_GET_VDEV(dva);
2289 		offset = DVA_GET_OFFSET(dva);
2290 		vlist = &spa->spa_root_vdev->v_children;
2291 		STAILQ_FOREACH(vdev, vlist, v_childlink) {
2292 			if (vdev->v_id == vdevid)
2293 				break;
2294 		}
2295 		if (!vdev || !vdev->v_read)
2296 			continue;
2297 
2298 		size = BP_GET_PSIZE(bp);
2299 		if (vdev->v_read == vdev_raidz_read) {
2300 			align = 1ULL << vdev->v_ashift;
2301 			if (P2PHASE(size, align) != 0)
2302 				size = P2ROUNDUP(size, align);
2303 		}
2304 		if (size != BP_GET_PSIZE(bp) || cpfunc != ZIO_COMPRESS_OFF)
2305 			pbuf = malloc(size);
2306 		else
2307 			pbuf = buf;
2308 
2309 		if (pbuf == NULL) {
2310 			error = ENOMEM;
2311 			break;
2312 		}
2313 
2314 		if (DVA_GET_GANG(dva))
2315 			error = zio_read_gang(spa, bp, pbuf);
2316 		else
2317 			error = vdev->v_read(vdev, bp, pbuf, offset, size);
2318 		if (error == 0) {
2319 			if (cpfunc != ZIO_COMPRESS_OFF)
2320 				error = zio_decompress_data(cpfunc, pbuf,
2321 				    BP_GET_PSIZE(bp), buf, BP_GET_LSIZE(bp));
2322 			else if (size != BP_GET_PSIZE(bp))
2323 				bcopy(pbuf, buf, BP_GET_PSIZE(bp));
2324 		} else {
2325 			printf("zio_read error: %d\n", error);
2326 		}
2327 		if (buf != pbuf)
2328 			free(pbuf);
2329 		if (error == 0)
2330 			break;
2331 	}
2332 	if (error != 0)
2333 		printf("ZFS: i/o error - all block copies unavailable\n");
2334 
2335 	return (error);
2336 }
2337 
2338 static int
2339 dnode_read(const spa_t *spa, const dnode_phys_t *dnode, off_t offset,
2340     void *buf, size_t buflen)
2341 {
2342 	int ibshift = dnode->dn_indblkshift - SPA_BLKPTRSHIFT;
2343 	int bsize = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2344 	int nlevels = dnode->dn_nlevels;
2345 	int i, rc;
2346 
2347 	if (bsize > SPA_MAXBLOCKSIZE) {
2348 		printf("ZFS: I/O error - blocks larger than %llu are not "
2349 		    "supported\n", SPA_MAXBLOCKSIZE);
2350 		return (EIO);
2351 	}
2352 
2353 	/*
2354 	 * Handle odd block sizes, mirrors dmu_read_impl().  Data can't exist
2355 	 * past the first block, so we'll clip the read to the portion of the
2356 	 * buffer within bsize and zero out the remainder.
2357 	 */
2358 	if (dnode->dn_maxblkid == 0) {
2359 		size_t newbuflen;
2360 
2361 		newbuflen = offset > bsize ? 0 : MIN(buflen, bsize - offset);
2362 		bzero((char *)buf + newbuflen, buflen - newbuflen);
2363 		buflen = newbuflen;
2364 	}
2365 
2366 	/*
2367 	 * Note: bsize may not be a power of two here so we need to do an
2368 	 * actual divide rather than a bitshift.
2369 	 */
2370 	while (buflen > 0) {
2371 		uint64_t bn = offset / bsize;
2372 		int boff = offset % bsize;
2373 		int ibn;
2374 		const blkptr_t *indbp;
2375 		blkptr_t bp;
2376 
2377 		if (bn > dnode->dn_maxblkid)
2378 			return (EIO);
2379 
2380 		if (dnode == dnode_cache_obj && bn == dnode_cache_bn)
2381 			goto cached;
2382 
2383 		indbp = dnode->dn_blkptr;
2384 		for (i = 0; i < nlevels; i++) {
2385 			/*
2386 			 * Copy the bp from the indirect array so that
2387 			 * we can re-use the scratch buffer for multi-level
2388 			 * objects.
2389 			 */
2390 			ibn = bn >> ((nlevels - i - 1) * ibshift);
2391 			ibn &= ((1 << ibshift) - 1);
2392 			bp = indbp[ibn];
2393 			if (BP_IS_HOLE(&bp)) {
2394 				memset(dnode_cache_buf, 0, bsize);
2395 				break;
2396 			}
2397 			rc = zio_read(spa, &bp, dnode_cache_buf);
2398 			if (rc)
2399 				return (rc);
2400 			indbp = (const blkptr_t *) dnode_cache_buf;
2401 		}
2402 		dnode_cache_obj = dnode;
2403 		dnode_cache_bn = bn;
2404 	cached:
2405 
2406 		/*
2407 		 * The buffer contains our data block. Copy what we
2408 		 * need from it and loop.
2409 		 */
2410 		i = bsize - boff;
2411 		if (i > buflen) i = buflen;
2412 		memcpy(buf, &dnode_cache_buf[boff], i);
2413 		buf = ((char *)buf) + i;
2414 		offset += i;
2415 		buflen -= i;
2416 	}
2417 
2418 	return (0);
2419 }
2420 
2421 /*
2422  * Lookup a value in a microzap directory.
2423  */
2424 static int
2425 mzap_lookup(const mzap_phys_t *mz, size_t size, const char *name,
2426     uint64_t *value)
2427 {
2428 	const mzap_ent_phys_t *mze;
2429 	int chunks, i;
2430 
2431 	/*
2432 	 * Microzap objects use exactly one block. Read the whole
2433 	 * thing.
2434 	 */
2435 	chunks = size / MZAP_ENT_LEN - 1;
2436 	for (i = 0; i < chunks; i++) {
2437 		mze = &mz->mz_chunk[i];
2438 		if (strcmp(mze->mze_name, name) == 0) {
2439 			*value = mze->mze_value;
2440 			return (0);
2441 		}
2442 	}
2443 
2444 	return (ENOENT);
2445 }
2446 
2447 /*
2448  * Compare a name with a zap leaf entry. Return non-zero if the name
2449  * matches.
2450  */
2451 static int
2452 fzap_name_equal(const zap_leaf_t *zl, const zap_leaf_chunk_t *zc,
2453     const char *name)
2454 {
2455 	size_t namelen;
2456 	const zap_leaf_chunk_t *nc;
2457 	const char *p;
2458 
2459 	namelen = zc->l_entry.le_name_numints;
2460 
2461 	nc = &ZAP_LEAF_CHUNK(zl, zc->l_entry.le_name_chunk);
2462 	p = name;
2463 	while (namelen > 0) {
2464 		size_t len;
2465 
2466 		len = namelen;
2467 		if (len > ZAP_LEAF_ARRAY_BYTES)
2468 			len = ZAP_LEAF_ARRAY_BYTES;
2469 		if (memcmp(p, nc->l_array.la_array, len))
2470 			return (0);
2471 		p += len;
2472 		namelen -= len;
2473 		nc = &ZAP_LEAF_CHUNK(zl, nc->l_array.la_next);
2474 	}
2475 
2476 	return (1);
2477 }
2478 
2479 /*
2480  * Extract a uint64_t value from a zap leaf entry.
2481  */
2482 static uint64_t
2483 fzap_leaf_value(const zap_leaf_t *zl, const zap_leaf_chunk_t *zc)
2484 {
2485 	const zap_leaf_chunk_t *vc;
2486 	int i;
2487 	uint64_t value;
2488 	const uint8_t *p;
2489 
2490 	vc = &ZAP_LEAF_CHUNK(zl, zc->l_entry.le_value_chunk);
2491 	for (i = 0, value = 0, p = vc->l_array.la_array; i < 8; i++) {
2492 		value = (value << 8) | p[i];
2493 	}
2494 
2495 	return (value);
2496 }
2497 
2498 static void
2499 stv(int len, void *addr, uint64_t value)
2500 {
2501 	switch (len) {
2502 	case 1:
2503 		*(uint8_t *)addr = value;
2504 		return;
2505 	case 2:
2506 		*(uint16_t *)addr = value;
2507 		return;
2508 	case 4:
2509 		*(uint32_t *)addr = value;
2510 		return;
2511 	case 8:
2512 		*(uint64_t *)addr = value;
2513 		return;
2514 	}
2515 }
2516 
2517 /*
2518  * Extract a array from a zap leaf entry.
2519  */
2520 static void
2521 fzap_leaf_array(const zap_leaf_t *zl, const zap_leaf_chunk_t *zc,
2522     uint64_t integer_size, uint64_t num_integers, void *buf)
2523 {
2524 	uint64_t array_int_len = zc->l_entry.le_value_intlen;
2525 	uint64_t value = 0;
2526 	uint64_t *u64 = buf;
2527 	char *p = buf;
2528 	int len = MIN(zc->l_entry.le_value_numints, num_integers);
2529 	int chunk = zc->l_entry.le_value_chunk;
2530 	int byten = 0;
2531 
2532 	if (integer_size == 8 && len == 1) {
2533 		*u64 = fzap_leaf_value(zl, zc);
2534 		return;
2535 	}
2536 
2537 	while (len > 0) {
2538 		struct zap_leaf_array *la = &ZAP_LEAF_CHUNK(zl, chunk).l_array;
2539 		int i;
2540 
2541 		ASSERT3U(chunk, <, ZAP_LEAF_NUMCHUNKS(zl));
2542 		for (i = 0; i < ZAP_LEAF_ARRAY_BYTES && len > 0; i++) {
2543 			value = (value << 8) | la->la_array[i];
2544 			byten++;
2545 			if (byten == array_int_len) {
2546 				stv(integer_size, p, value);
2547 				byten = 0;
2548 				len--;
2549 				if (len == 0)
2550 					return;
2551 				p += integer_size;
2552 			}
2553 		}
2554 		chunk = la->la_next;
2555 	}
2556 }
2557 
2558 static int
2559 fzap_check_size(uint64_t integer_size, uint64_t num_integers)
2560 {
2561 
2562 	switch (integer_size) {
2563 	case 1:
2564 	case 2:
2565 	case 4:
2566 	case 8:
2567 		break;
2568 	default:
2569 		return (EINVAL);
2570 	}
2571 
2572 	if (integer_size * num_integers > ZAP_MAXVALUELEN)
2573 		return (E2BIG);
2574 
2575 	return (0);
2576 }
2577 
2578 static void
2579 zap_leaf_free(zap_leaf_t *leaf)
2580 {
2581 	free(leaf->l_phys);
2582 	free(leaf);
2583 }
2584 
2585 static int
2586 zap_get_leaf_byblk(fat_zap_t *zap, uint64_t blk, zap_leaf_t **lp)
2587 {
2588 	int bs = FZAP_BLOCK_SHIFT(zap);
2589 	int err;
2590 
2591 	*lp = malloc(sizeof(**lp));
2592 	if (*lp == NULL)
2593 		return (ENOMEM);
2594 
2595 	(*lp)->l_bs = bs;
2596 	(*lp)->l_phys = malloc(1 << bs);
2597 
2598 	if ((*lp)->l_phys == NULL) {
2599 		free(*lp);
2600 		return (ENOMEM);
2601 	}
2602 	err = dnode_read(zap->zap_spa, zap->zap_dnode, blk << bs, (*lp)->l_phys,
2603 	    1 << bs);
2604 	if (err != 0) {
2605 		zap_leaf_free(*lp);
2606 	}
2607 	return (err);
2608 }
2609 
2610 static int
2611 zap_table_load(fat_zap_t *zap, zap_table_phys_t *tbl, uint64_t idx,
2612     uint64_t *valp)
2613 {
2614 	int bs = FZAP_BLOCK_SHIFT(zap);
2615 	uint64_t blk = idx >> (bs - 3);
2616 	uint64_t off = idx & ((1 << (bs - 3)) - 1);
2617 	uint64_t *buf;
2618 	int rc;
2619 
2620 	buf = malloc(1 << zap->zap_block_shift);
2621 	if (buf == NULL)
2622 		return (ENOMEM);
2623 	rc = dnode_read(zap->zap_spa, zap->zap_dnode, (tbl->zt_blk + blk) << bs,
2624 	    buf, 1 << zap->zap_block_shift);
2625 	if (rc == 0)
2626 		*valp = buf[off];
2627 	free(buf);
2628 	return (rc);
2629 }
2630 
2631 static int
2632 zap_idx_to_blk(fat_zap_t *zap, uint64_t idx, uint64_t *valp)
2633 {
2634 	if (zap->zap_phys->zap_ptrtbl.zt_numblks == 0) {
2635 		*valp = ZAP_EMBEDDED_PTRTBL_ENT(zap, idx);
2636 		return (0);
2637 	} else {
2638 		return (zap_table_load(zap, &zap->zap_phys->zap_ptrtbl,
2639 		    idx, valp));
2640 	}
2641 }
2642 
2643 #define	ZAP_HASH_IDX(hash, n)	(((n) == 0) ? 0 : ((hash) >> (64 - (n))))
2644 static int
2645 zap_deref_leaf(fat_zap_t *zap, uint64_t h, zap_leaf_t **lp)
2646 {
2647 	uint64_t idx, blk;
2648 	int err;
2649 
2650 	idx = ZAP_HASH_IDX(h, zap->zap_phys->zap_ptrtbl.zt_shift);
2651 	err = zap_idx_to_blk(zap, idx, &blk);
2652 	if (err != 0)
2653 		return (err);
2654 	return (zap_get_leaf_byblk(zap, blk, lp));
2655 }
2656 
2657 #define	CHAIN_END	0xffff	/* end of the chunk chain */
2658 #define	LEAF_HASH(l, h) \
2659 	((ZAP_LEAF_HASH_NUMENTRIES(l)-1) & \
2660 	((h) >> \
2661 	(64 - ZAP_LEAF_HASH_SHIFT(l) - (l)->l_phys->l_hdr.lh_prefix_len)))
2662 #define	LEAF_HASH_ENTPTR(l, h)	(&(l)->l_phys->l_hash[LEAF_HASH(l, h)])
2663 
2664 static int
2665 zap_leaf_lookup(zap_leaf_t *zl, uint64_t hash, const char *name,
2666     uint64_t integer_size, uint64_t num_integers, void *value)
2667 {
2668 	int rc;
2669 	uint16_t *chunkp;
2670 	struct zap_leaf_entry *le;
2671 
2672 	/*
2673 	 * Make sure this chunk matches our hash.
2674 	 */
2675 	if (zl->l_phys->l_hdr.lh_prefix_len > 0 &&
2676 	    zl->l_phys->l_hdr.lh_prefix !=
2677 	    hash >> (64 - zl->l_phys->l_hdr.lh_prefix_len))
2678 		return (EIO);
2679 
2680 	rc = ENOENT;
2681 	for (chunkp = LEAF_HASH_ENTPTR(zl, hash);
2682 	    *chunkp != CHAIN_END; chunkp = &le->le_next) {
2683 		zap_leaf_chunk_t *zc;
2684 		uint16_t chunk = *chunkp;
2685 
2686 		le = ZAP_LEAF_ENTRY(zl, chunk);
2687 		if (le->le_hash != hash)
2688 			continue;
2689 		zc = &ZAP_LEAF_CHUNK(zl, chunk);
2690 		if (fzap_name_equal(zl, zc, name)) {
2691 			if (zc->l_entry.le_value_intlen > integer_size) {
2692 				rc = EINVAL;
2693 			} else {
2694 				fzap_leaf_array(zl, zc, integer_size,
2695 				    num_integers, value);
2696 				rc = 0;
2697 			}
2698 			break;
2699 		}
2700 	}
2701 	return (rc);
2702 }
2703 
2704 /*
2705  * Lookup a value in a fatzap directory.
2706  */
2707 static int
2708 fzap_lookup(const spa_t *spa, const dnode_phys_t *dnode, zap_phys_t *zh,
2709     const char *name, uint64_t integer_size, uint64_t num_integers,
2710     void *value)
2711 {
2712 	int bsize = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2713 	fat_zap_t z;
2714 	zap_leaf_t *zl;
2715 	uint64_t hash;
2716 	int rc;
2717 
2718 	if (zh->zap_magic != ZAP_MAGIC)
2719 		return (EIO);
2720 
2721 	if ((rc = fzap_check_size(integer_size, num_integers)) != 0) {
2722 		return (rc);
2723 	}
2724 
2725 	z.zap_block_shift = ilog2(bsize);
2726 	z.zap_phys = zh;
2727 	z.zap_spa = spa;
2728 	z.zap_dnode = dnode;
2729 
2730 	hash = zap_hash(zh->zap_salt, name);
2731 	rc = zap_deref_leaf(&z, hash, &zl);
2732 	if (rc != 0)
2733 		return (rc);
2734 
2735 	rc = zap_leaf_lookup(zl, hash, name, integer_size, num_integers, value);
2736 
2737 	zap_leaf_free(zl);
2738 	return (rc);
2739 }
2740 
2741 /*
2742  * Lookup a name in a zap object and return its value as a uint64_t.
2743  */
2744 static int
2745 zap_lookup(const spa_t *spa, const dnode_phys_t *dnode, const char *name,
2746     uint64_t integer_size, uint64_t num_integers, void *value)
2747 {
2748 	int rc;
2749 	zap_phys_t *zap;
2750 	size_t size = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2751 
2752 	zap = malloc(size);
2753 	if (zap == NULL)
2754 		return (ENOMEM);
2755 
2756 	rc = dnode_read(spa, dnode, 0, zap, size);
2757 	if (rc)
2758 		goto done;
2759 
2760 	switch (zap->zap_block_type) {
2761 	case ZBT_MICRO:
2762 		rc = mzap_lookup((const mzap_phys_t *)zap, size, name, value);
2763 		break;
2764 	case ZBT_HEADER:
2765 		rc = fzap_lookup(spa, dnode, zap, name, integer_size,
2766 		    num_integers, value);
2767 		break;
2768 	default:
2769 		printf("ZFS: invalid zap_type=%" PRIx64 "\n",
2770 		    zap->zap_block_type);
2771 		rc = EIO;
2772 	}
2773 done:
2774 	free(zap);
2775 	return (rc);
2776 }
2777 
2778 /*
2779  * List a microzap directory.
2780  */
2781 static int
2782 mzap_list(const mzap_phys_t *mz, size_t size,
2783     int (*callback)(const char *, uint64_t))
2784 {
2785 	const mzap_ent_phys_t *mze;
2786 	int chunks, i, rc;
2787 
2788 	/*
2789 	 * Microzap objects use exactly one block. Read the whole
2790 	 * thing.
2791 	 */
2792 	rc = 0;
2793 	chunks = size / MZAP_ENT_LEN - 1;
2794 	for (i = 0; i < chunks; i++) {
2795 		mze = &mz->mz_chunk[i];
2796 		if (mze->mze_name[0]) {
2797 			rc = callback(mze->mze_name, mze->mze_value);
2798 			if (rc != 0)
2799 				break;
2800 		}
2801 	}
2802 
2803 	return (rc);
2804 }
2805 
2806 /*
2807  * List a fatzap directory.
2808  */
2809 static int
2810 fzap_list(const spa_t *spa, const dnode_phys_t *dnode, zap_phys_t *zh,
2811     int (*callback)(const char *, uint64_t))
2812 {
2813 	int bsize = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2814 	fat_zap_t z;
2815 	uint64_t i;
2816 	int j, rc;
2817 
2818 	if (zh->zap_magic != ZAP_MAGIC)
2819 		return (EIO);
2820 
2821 	z.zap_block_shift = ilog2(bsize);
2822 	z.zap_phys = zh;
2823 
2824 	/*
2825 	 * This assumes that the leaf blocks start at block 1. The
2826 	 * documentation isn't exactly clear on this.
2827 	 */
2828 	zap_leaf_t zl;
2829 	zl.l_bs = z.zap_block_shift;
2830 	zl.l_phys = malloc(bsize);
2831 	if (zl.l_phys == NULL)
2832 		return (ENOMEM);
2833 
2834 	for (i = 0; i < zh->zap_num_leafs; i++) {
2835 		off_t off = ((off_t)(i + 1)) << zl.l_bs;
2836 		char name[256], *p;
2837 		uint64_t value;
2838 
2839 		if (dnode_read(spa, dnode, off, zl.l_phys, bsize)) {
2840 			free(zl.l_phys);
2841 			return (EIO);
2842 		}
2843 
2844 		for (j = 0; j < ZAP_LEAF_NUMCHUNKS(&zl); j++) {
2845 			zap_leaf_chunk_t *zc, *nc;
2846 			int namelen;
2847 
2848 			zc = &ZAP_LEAF_CHUNK(&zl, j);
2849 			if (zc->l_entry.le_type != ZAP_CHUNK_ENTRY)
2850 				continue;
2851 			namelen = zc->l_entry.le_name_numints;
2852 			if (namelen > sizeof(name))
2853 				namelen = sizeof(name);
2854 
2855 			/*
2856 			 * Paste the name back together.
2857 			 */
2858 			nc = &ZAP_LEAF_CHUNK(&zl, zc->l_entry.le_name_chunk);
2859 			p = name;
2860 			while (namelen > 0) {
2861 				int len;
2862 				len = namelen;
2863 				if (len > ZAP_LEAF_ARRAY_BYTES)
2864 					len = ZAP_LEAF_ARRAY_BYTES;
2865 				memcpy(p, nc->l_array.la_array, len);
2866 				p += len;
2867 				namelen -= len;
2868 				nc = &ZAP_LEAF_CHUNK(&zl, nc->l_array.la_next);
2869 			}
2870 
2871 			/*
2872 			 * Assume the first eight bytes of the value are
2873 			 * a uint64_t.
2874 			 */
2875 			value = fzap_leaf_value(&zl, zc);
2876 
2877 			/* printf("%s 0x%jx\n", name, (uintmax_t)value); */
2878 			rc = callback((const char *)name, value);
2879 			if (rc != 0) {
2880 				free(zl.l_phys);
2881 				return (rc);
2882 			}
2883 		}
2884 	}
2885 
2886 	free(zl.l_phys);
2887 	return (0);
2888 }
2889 
2890 static int zfs_printf(const char *name, uint64_t value __unused)
2891 {
2892 
2893 	printf("%s\n", name);
2894 
2895 	return (0);
2896 }
2897 
2898 /*
2899  * List a zap directory.
2900  */
2901 static int
2902 zap_list(const spa_t *spa, const dnode_phys_t *dnode)
2903 {
2904 	zap_phys_t *zap;
2905 	size_t size = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2906 	int rc;
2907 
2908 	zap = malloc(size);
2909 	if (zap == NULL)
2910 		return (ENOMEM);
2911 
2912 	rc = dnode_read(spa, dnode, 0, zap, size);
2913 	if (rc == 0) {
2914 		if (zap->zap_block_type == ZBT_MICRO)
2915 			rc = mzap_list((const mzap_phys_t *)zap, size,
2916 			    zfs_printf);
2917 		else
2918 			rc = fzap_list(spa, dnode, zap, zfs_printf);
2919 	}
2920 	free(zap);
2921 	return (rc);
2922 }
2923 
2924 static int
2925 objset_get_dnode(const spa_t *spa, const objset_phys_t *os, uint64_t objnum,
2926     dnode_phys_t *dnode)
2927 {
2928 	off_t offset;
2929 
2930 	offset = objnum * sizeof(dnode_phys_t);
2931 	return dnode_read(spa, &os->os_meta_dnode, offset,
2932 		dnode, sizeof(dnode_phys_t));
2933 }
2934 
2935 /*
2936  * Lookup a name in a microzap directory.
2937  */
2938 static int
2939 mzap_rlookup(const mzap_phys_t *mz, size_t size, char *name, uint64_t value)
2940 {
2941 	const mzap_ent_phys_t *mze;
2942 	int chunks, i;
2943 
2944 	/*
2945 	 * Microzap objects use exactly one block. Read the whole
2946 	 * thing.
2947 	 */
2948 	chunks = size / MZAP_ENT_LEN - 1;
2949 	for (i = 0; i < chunks; i++) {
2950 		mze = &mz->mz_chunk[i];
2951 		if (value == mze->mze_value) {
2952 			strcpy(name, mze->mze_name);
2953 			return (0);
2954 		}
2955 	}
2956 
2957 	return (ENOENT);
2958 }
2959 
2960 static void
2961 fzap_name_copy(const zap_leaf_t *zl, const zap_leaf_chunk_t *zc, char *name)
2962 {
2963 	size_t namelen;
2964 	const zap_leaf_chunk_t *nc;
2965 	char *p;
2966 
2967 	namelen = zc->l_entry.le_name_numints;
2968 
2969 	nc = &ZAP_LEAF_CHUNK(zl, zc->l_entry.le_name_chunk);
2970 	p = name;
2971 	while (namelen > 0) {
2972 		size_t len;
2973 		len = namelen;
2974 		if (len > ZAP_LEAF_ARRAY_BYTES)
2975 			len = ZAP_LEAF_ARRAY_BYTES;
2976 		memcpy(p, nc->l_array.la_array, len);
2977 		p += len;
2978 		namelen -= len;
2979 		nc = &ZAP_LEAF_CHUNK(zl, nc->l_array.la_next);
2980 	}
2981 
2982 	*p = '\0';
2983 }
2984 
2985 static int
2986 fzap_rlookup(const spa_t *spa, const dnode_phys_t *dnode, zap_phys_t *zh,
2987     char *name, uint64_t value)
2988 {
2989 	int bsize = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
2990 	fat_zap_t z;
2991 	uint64_t i;
2992 	int j, rc;
2993 
2994 	if (zh->zap_magic != ZAP_MAGIC)
2995 		return (EIO);
2996 
2997 	z.zap_block_shift = ilog2(bsize);
2998 	z.zap_phys = zh;
2999 
3000 	/*
3001 	 * This assumes that the leaf blocks start at block 1. The
3002 	 * documentation isn't exactly clear on this.
3003 	 */
3004 	zap_leaf_t zl;
3005 	zl.l_bs = z.zap_block_shift;
3006 	zl.l_phys = malloc(bsize);
3007 	if (zl.l_phys == NULL)
3008 		return (ENOMEM);
3009 
3010 	for (i = 0; i < zh->zap_num_leafs; i++) {
3011 		off_t off = ((off_t)(i + 1)) << zl.l_bs;
3012 
3013 		rc = dnode_read(spa, dnode, off, zl.l_phys, bsize);
3014 		if (rc != 0)
3015 			goto done;
3016 
3017 		for (j = 0; j < ZAP_LEAF_NUMCHUNKS(&zl); j++) {
3018 			zap_leaf_chunk_t *zc;
3019 
3020 			zc = &ZAP_LEAF_CHUNK(&zl, j);
3021 			if (zc->l_entry.le_type != ZAP_CHUNK_ENTRY)
3022 				continue;
3023 			if (zc->l_entry.le_value_intlen != 8 ||
3024 			    zc->l_entry.le_value_numints != 1)
3025 				continue;
3026 
3027 			if (fzap_leaf_value(&zl, zc) == value) {
3028 				fzap_name_copy(&zl, zc, name);
3029 				goto done;
3030 			}
3031 		}
3032 	}
3033 
3034 	rc = ENOENT;
3035 done:
3036 	free(zl.l_phys);
3037 	return (rc);
3038 }
3039 
3040 static int
3041 zap_rlookup(const spa_t *spa, const dnode_phys_t *dnode, char *name,
3042     uint64_t value)
3043 {
3044 	zap_phys_t *zap;
3045 	size_t size = dnode->dn_datablkszsec << SPA_MINBLOCKSHIFT;
3046 	int rc;
3047 
3048 	zap = malloc(size);
3049 	if (zap == NULL)
3050 		return (ENOMEM);
3051 
3052 	rc = dnode_read(spa, dnode, 0, zap, size);
3053 	if (rc == 0) {
3054 		if (zap->zap_block_type == ZBT_MICRO)
3055 			rc = mzap_rlookup((const mzap_phys_t *)zap, size,
3056 			    name, value);
3057 		else
3058 			rc = fzap_rlookup(spa, dnode, zap, name, value);
3059 	}
3060 	free(zap);
3061 	return (rc);
3062 }
3063 
3064 static int
3065 zfs_rlookup(const spa_t *spa, uint64_t objnum, char *result)
3066 {
3067 	char name[256];
3068 	char component[256];
3069 	uint64_t dir_obj, parent_obj, child_dir_zapobj;
3070 	dnode_phys_t child_dir_zap, dataset, dir, parent;
3071 	dsl_dir_phys_t *dd;
3072 	dsl_dataset_phys_t *ds;
3073 	char *p;
3074 	int len;
3075 
3076 	p = &name[sizeof(name) - 1];
3077 	*p = '\0';
3078 
3079 	if (objset_get_dnode(spa, spa->spa_mos, objnum, &dataset)) {
3080 		printf("ZFS: can't find dataset %ju\n", (uintmax_t)objnum);
3081 		return (EIO);
3082 	}
3083 	ds = (dsl_dataset_phys_t *)&dataset.dn_bonus;
3084 	dir_obj = ds->ds_dir_obj;
3085 
3086 	for (;;) {
3087 		if (objset_get_dnode(spa, spa->spa_mos, dir_obj, &dir) != 0)
3088 			return (EIO);
3089 		dd = (dsl_dir_phys_t *)&dir.dn_bonus;
3090 
3091 		/* Actual loop condition. */
3092 		parent_obj = dd->dd_parent_obj;
3093 		if (parent_obj == 0)
3094 			break;
3095 
3096 		if (objset_get_dnode(spa, spa->spa_mos, parent_obj,
3097 		    &parent) != 0)
3098 			return (EIO);
3099 		dd = (dsl_dir_phys_t *)&parent.dn_bonus;
3100 		child_dir_zapobj = dd->dd_child_dir_zapobj;
3101 		if (objset_get_dnode(spa, spa->spa_mos, child_dir_zapobj,
3102 		    &child_dir_zap) != 0)
3103 			return (EIO);
3104 		if (zap_rlookup(spa, &child_dir_zap, component, dir_obj) != 0)
3105 			return (EIO);
3106 
3107 		len = strlen(component);
3108 		p -= len;
3109 		memcpy(p, component, len);
3110 		--p;
3111 		*p = '/';
3112 
3113 		/* Actual loop iteration. */
3114 		dir_obj = parent_obj;
3115 	}
3116 
3117 	if (*p != '\0')
3118 		++p;
3119 	strcpy(result, p);
3120 
3121 	return (0);
3122 }
3123 
3124 static int
3125 zfs_lookup_dataset(const spa_t *spa, const char *name, uint64_t *objnum)
3126 {
3127 	char element[256];
3128 	uint64_t dir_obj, child_dir_zapobj;
3129 	dnode_phys_t child_dir_zap, dir;
3130 	dsl_dir_phys_t *dd;
3131 	const char *p, *q;
3132 
3133 	if (objset_get_dnode(spa, spa->spa_mos,
3134 	    DMU_POOL_DIRECTORY_OBJECT, &dir))
3135 		return (EIO);
3136 	if (zap_lookup(spa, &dir, DMU_POOL_ROOT_DATASET, sizeof (dir_obj),
3137 	    1, &dir_obj))
3138 		return (EIO);
3139 
3140 	p = name;
3141 	for (;;) {
3142 		if (objset_get_dnode(spa, spa->spa_mos, dir_obj, &dir))
3143 			return (EIO);
3144 		dd = (dsl_dir_phys_t *)&dir.dn_bonus;
3145 
3146 		while (*p == '/')
3147 			p++;
3148 		/* Actual loop condition #1. */
3149 		if (*p == '\0')
3150 			break;
3151 
3152 		q = strchr(p, '/');
3153 		if (q) {
3154 			memcpy(element, p, q - p);
3155 			element[q - p] = '\0';
3156 			p = q + 1;
3157 		} else {
3158 			strcpy(element, p);
3159 			p += strlen(p);
3160 		}
3161 
3162 		child_dir_zapobj = dd->dd_child_dir_zapobj;
3163 		if (objset_get_dnode(spa, spa->spa_mos, child_dir_zapobj,
3164 		    &child_dir_zap) != 0)
3165 			return (EIO);
3166 
3167 		/* Actual loop condition #2. */
3168 		if (zap_lookup(spa, &child_dir_zap, element, sizeof (dir_obj),
3169 		    1, &dir_obj) != 0)
3170 			return (ENOENT);
3171 	}
3172 
3173 	*objnum = dd->dd_head_dataset_obj;
3174 	return (0);
3175 }
3176 
3177 #ifndef BOOT2
3178 static int
3179 zfs_list_dataset(const spa_t *spa, uint64_t objnum/*, int pos, char *entry*/)
3180 {
3181 	uint64_t dir_obj, child_dir_zapobj;
3182 	dnode_phys_t child_dir_zap, dir, dataset;
3183 	dsl_dataset_phys_t *ds;
3184 	dsl_dir_phys_t *dd;
3185 
3186 	if (objset_get_dnode(spa, spa->spa_mos, objnum, &dataset)) {
3187 		printf("ZFS: can't find dataset %ju\n", (uintmax_t)objnum);
3188 		return (EIO);
3189 	}
3190 	ds = (dsl_dataset_phys_t *)&dataset.dn_bonus;
3191 	dir_obj = ds->ds_dir_obj;
3192 
3193 	if (objset_get_dnode(spa, spa->spa_mos, dir_obj, &dir)) {
3194 		printf("ZFS: can't find dirobj %ju\n", (uintmax_t)dir_obj);
3195 		return (EIO);
3196 	}
3197 	dd = (dsl_dir_phys_t *)&dir.dn_bonus;
3198 
3199 	child_dir_zapobj = dd->dd_child_dir_zapobj;
3200 	if (objset_get_dnode(spa, spa->spa_mos, child_dir_zapobj,
3201 	    &child_dir_zap) != 0) {
3202 		printf("ZFS: can't find child zap %ju\n", (uintmax_t)dir_obj);
3203 		return (EIO);
3204 	}
3205 
3206 	return (zap_list(spa, &child_dir_zap) != 0);
3207 }
3208 
3209 int
3210 zfs_callback_dataset(const spa_t *spa, uint64_t objnum,
3211     int (*callback)(const char *, uint64_t))
3212 {
3213 	uint64_t dir_obj, child_dir_zapobj;
3214 	dnode_phys_t child_dir_zap, dir, dataset;
3215 	dsl_dataset_phys_t *ds;
3216 	dsl_dir_phys_t *dd;
3217 	zap_phys_t *zap;
3218 	size_t size;
3219 	int err;
3220 
3221 	err = objset_get_dnode(spa, spa->spa_mos, objnum, &dataset);
3222 	if (err != 0) {
3223 		printf("ZFS: can't find dataset %ju\n", (uintmax_t)objnum);
3224 		return (err);
3225 	}
3226 	ds = (dsl_dataset_phys_t *)&dataset.dn_bonus;
3227 	dir_obj = ds->ds_dir_obj;
3228 
3229 	err = objset_get_dnode(spa, spa->spa_mos, dir_obj, &dir);
3230 	if (err != 0) {
3231 		printf("ZFS: can't find dirobj %ju\n", (uintmax_t)dir_obj);
3232 		return (err);
3233 	}
3234 	dd = (dsl_dir_phys_t *)&dir.dn_bonus;
3235 
3236 	child_dir_zapobj = dd->dd_child_dir_zapobj;
3237 	err = objset_get_dnode(spa, spa->spa_mos, child_dir_zapobj,
3238 	    &child_dir_zap);
3239 	if (err != 0) {
3240 		printf("ZFS: can't find child zap %ju\n", (uintmax_t)dir_obj);
3241 		return (err);
3242 	}
3243 
3244 	size = child_dir_zap.dn_datablkszsec << SPA_MINBLOCKSHIFT;
3245 	zap = malloc(size);
3246 	if (zap != NULL) {
3247 		err = dnode_read(spa, &child_dir_zap, 0, zap, size);
3248 		if (err != 0)
3249 			goto done;
3250 
3251 		if (zap->zap_block_type == ZBT_MICRO)
3252 			err = mzap_list((const mzap_phys_t *)zap, size,
3253 			    callback);
3254 		else
3255 			err = fzap_list(spa, &child_dir_zap, zap, callback);
3256 	} else {
3257 		err = ENOMEM;
3258 	}
3259 done:
3260 	free(zap);
3261 	return (err);
3262 }
3263 #endif
3264 
3265 /*
3266  * Find the object set given the object number of its dataset object
3267  * and return its details in *objset
3268  */
3269 static int
3270 zfs_mount_dataset(const spa_t *spa, uint64_t objnum, objset_phys_t *objset)
3271 {
3272 	dnode_phys_t dataset;
3273 	dsl_dataset_phys_t *ds;
3274 
3275 	if (objset_get_dnode(spa, spa->spa_mos, objnum, &dataset)) {
3276 		printf("ZFS: can't find dataset %ju\n", (uintmax_t)objnum);
3277 		return (EIO);
3278 	}
3279 
3280 	ds = (dsl_dataset_phys_t *)&dataset.dn_bonus;
3281 	if (zio_read(spa, &ds->ds_bp, objset)) {
3282 		printf("ZFS: can't read object set for dataset %ju\n",
3283 		    (uintmax_t)objnum);
3284 		return (EIO);
3285 	}
3286 
3287 	return (0);
3288 }
3289 
3290 /*
3291  * Find the object set pointed to by the BOOTFS property or the root
3292  * dataset if there is none and return its details in *objset
3293  */
3294 static int
3295 zfs_get_root(const spa_t *spa, uint64_t *objid)
3296 {
3297 	dnode_phys_t dir, propdir;
3298 	uint64_t props, bootfs, root;
3299 
3300 	*objid = 0;
3301 
3302 	/*
3303 	 * Start with the MOS directory object.
3304 	 */
3305 	if (objset_get_dnode(spa, spa->spa_mos,
3306 	    DMU_POOL_DIRECTORY_OBJECT, &dir)) {
3307 		printf("ZFS: can't read MOS object directory\n");
3308 		return (EIO);
3309 	}
3310 
3311 	/*
3312 	 * Lookup the pool_props and see if we can find a bootfs.
3313 	 */
3314 	if (zap_lookup(spa, &dir, DMU_POOL_PROPS,
3315 	    sizeof(props), 1, &props) == 0 &&
3316 	    objset_get_dnode(spa, spa->spa_mos, props, &propdir) == 0 &&
3317 	    zap_lookup(spa, &propdir, "bootfs",
3318 	    sizeof(bootfs), 1, &bootfs) == 0 && bootfs != 0) {
3319 		*objid = bootfs;
3320 		return (0);
3321 	}
3322 	/*
3323 	 * Lookup the root dataset directory
3324 	 */
3325 	if (zap_lookup(spa, &dir, DMU_POOL_ROOT_DATASET,
3326 	    sizeof(root), 1, &root) ||
3327 	    objset_get_dnode(spa, spa->spa_mos, root, &dir)) {
3328 		printf("ZFS: can't find root dsl_dir\n");
3329 		return (EIO);
3330 	}
3331 
3332 	/*
3333 	 * Use the information from the dataset directory's bonus buffer
3334 	 * to find the dataset object and from that the object set itself.
3335 	 */
3336 	dsl_dir_phys_t *dd = (dsl_dir_phys_t *)&dir.dn_bonus;
3337 	*objid = dd->dd_head_dataset_obj;
3338 	return (0);
3339 }
3340 
3341 static int
3342 zfs_mount_impl(const spa_t *spa, uint64_t rootobj, struct zfsmount *mount)
3343 {
3344 
3345 	mount->spa = spa;
3346 
3347 	/*
3348 	 * Find the root object set if not explicitly provided
3349 	 */
3350 	if (rootobj == 0 && zfs_get_root(spa, &rootobj)) {
3351 		printf("ZFS: can't find root filesystem\n");
3352 		return (EIO);
3353 	}
3354 
3355 	if (zfs_mount_dataset(spa, rootobj, &mount->objset)) {
3356 		printf("ZFS: can't open root filesystem\n");
3357 		return (EIO);
3358 	}
3359 
3360 	mount->rootobj = rootobj;
3361 
3362 	return (0);
3363 }
3364 
3365 /*
3366  * callback function for feature name checks.
3367  */
3368 static int
3369 check_feature(const char *name, uint64_t value)
3370 {
3371 	int i;
3372 
3373 	if (value == 0)
3374 		return (0);
3375 	if (name[0] == '\0')
3376 		return (0);
3377 
3378 	for (i = 0; features_for_read[i] != NULL; i++) {
3379 		if (strcmp(name, features_for_read[i]) == 0)
3380 			return (0);
3381 	}
3382 	printf("ZFS: unsupported feature: %s\n", name);
3383 	return (EIO);
3384 }
3385 
3386 /*
3387  * Checks whether the MOS features that are active are supported.
3388  */
3389 static int
3390 check_mos_features(const spa_t *spa)
3391 {
3392 	dnode_phys_t dir;
3393 	zap_phys_t *zap;
3394 	uint64_t objnum;
3395 	size_t size;
3396 	int rc;
3397 
3398 	if ((rc = objset_get_dnode(spa, spa->spa_mos, DMU_OT_OBJECT_DIRECTORY,
3399 	    &dir)) != 0)
3400 		return (rc);
3401 	if ((rc = zap_lookup(spa, &dir, DMU_POOL_FEATURES_FOR_READ,
3402 	    sizeof (objnum), 1, &objnum)) != 0) {
3403 		/*
3404 		 * It is older pool without features. As we have already
3405 		 * tested the label, just return without raising the error.
3406 		 */
3407 		return (0);
3408 	}
3409 
3410 	if ((rc = objset_get_dnode(spa, spa->spa_mos, objnum, &dir)) != 0)
3411 		return (rc);
3412 
3413 	if (dir.dn_type != DMU_OTN_ZAP_METADATA)
3414 		return (EIO);
3415 
3416 	size = dir.dn_datablkszsec << SPA_MINBLOCKSHIFT;
3417 	zap = malloc(size);
3418 	if (zap == NULL)
3419 		return (ENOMEM);
3420 
3421 	if (dnode_read(spa, &dir, 0, zap, size)) {
3422 		free(zap);
3423 		return (EIO);
3424 	}
3425 
3426 	if (zap->zap_block_type == ZBT_MICRO)
3427 		rc = mzap_list((const mzap_phys_t *)zap, size, check_feature);
3428 	else
3429 		rc = fzap_list(spa, &dir, zap, check_feature);
3430 
3431 	free(zap);
3432 	return (rc);
3433 }
3434 
3435 static int
3436 load_nvlist(spa_t *spa, uint64_t obj, nvlist_t **value)
3437 {
3438 	dnode_phys_t dir;
3439 	size_t size;
3440 	int rc;
3441 	char *nv;
3442 
3443 	*value = NULL;
3444 	if ((rc = objset_get_dnode(spa, spa->spa_mos, obj, &dir)) != 0)
3445 		return (rc);
3446 	if (dir.dn_type != DMU_OT_PACKED_NVLIST &&
3447 	    dir.dn_bonustype != DMU_OT_PACKED_NVLIST_SIZE) {
3448 		return (EIO);
3449 	}
3450 
3451 	if (dir.dn_bonuslen != sizeof (uint64_t))
3452 		return (EIO);
3453 
3454 	size = *(uint64_t *)DN_BONUS(&dir);
3455 	nv = malloc(size);
3456 	if (nv == NULL)
3457 		return (ENOMEM);
3458 
3459 	rc = dnode_read(spa, &dir, 0, nv, size);
3460 	if (rc != 0) {
3461 		free(nv);
3462 		nv = NULL;
3463 		return (rc);
3464 	}
3465 	*value = nvlist_import(nv, size);
3466 	free(nv);
3467 	return (rc);
3468 }
3469 
3470 static int
3471 zfs_spa_init(spa_t *spa)
3472 {
3473 	struct uberblock checkpoint;
3474 	dnode_phys_t dir;
3475 	uint64_t config_object;
3476 	nvlist_t *nvlist;
3477 	int rc;
3478 
3479 	if (zio_read(spa, &spa->spa_uberblock->ub_rootbp, spa->spa_mos)) {
3480 		printf("ZFS: can't read MOS of pool %s\n", spa->spa_name);
3481 		return (EIO);
3482 	}
3483 	if (spa->spa_mos->os_type != DMU_OST_META) {
3484 		printf("ZFS: corrupted MOS of pool %s\n", spa->spa_name);
3485 		return (EIO);
3486 	}
3487 
3488 	if (objset_get_dnode(spa, &spa->spa_mos_master,
3489 	    DMU_POOL_DIRECTORY_OBJECT, &dir)) {
3490 		printf("ZFS: failed to read pool %s directory object\n",
3491 		    spa->spa_name);
3492 		return (EIO);
3493 	}
3494 	/* this is allowed to fail, older pools do not have salt */
3495 	rc = zap_lookup(spa, &dir, DMU_POOL_CHECKSUM_SALT, 1,
3496 	    sizeof (spa->spa_cksum_salt.zcs_bytes),
3497 	    spa->spa_cksum_salt.zcs_bytes);
3498 
3499 	rc = check_mos_features(spa);
3500 	if (rc != 0) {
3501 		printf("ZFS: pool %s is not supported\n", spa->spa_name);
3502 		return (rc);
3503 	}
3504 
3505 	rc = zap_lookup(spa, &dir, DMU_POOL_CONFIG,
3506 	    sizeof (config_object), 1, &config_object);
3507 	if (rc != 0) {
3508 		printf("ZFS: can not read MOS %s\n", DMU_POOL_CONFIG);
3509 		return (EIO);
3510 	}
3511 	rc = load_nvlist(spa, config_object, &nvlist);
3512 	if (rc != 0)
3513 		return (rc);
3514 
3515 	rc = zap_lookup(spa, &dir, DMU_POOL_ZPOOL_CHECKPOINT,
3516 	    sizeof(uint64_t), sizeof(checkpoint) / sizeof(uint64_t),
3517 	    &checkpoint);
3518 	if (rc == 0 && checkpoint.ub_checkpoint_txg != 0) {
3519 		memcpy(&spa->spa_uberblock_checkpoint, &checkpoint,
3520 		    sizeof(checkpoint));
3521 		if (zio_read(spa, &spa->spa_uberblock_checkpoint.ub_rootbp,
3522 		    &spa->spa_mos_checkpoint)) {
3523 			printf("ZFS: can not read checkpoint data.\n");
3524 			return (EIO);
3525 		}
3526 	}
3527 
3528 	/*
3529 	 * Update vdevs from MOS config. Note, we do skip encoding bytes
3530 	 * here. See also vdev_label_read_config().
3531 	 */
3532 	rc = vdev_init_from_nvlist(spa, nvlist);
3533 	nvlist_destroy(nvlist);
3534 	return (rc);
3535 }
3536 
3537 static int
3538 zfs_dnode_stat(const spa_t *spa, dnode_phys_t *dn, struct stat *sb)
3539 {
3540 
3541 	if (dn->dn_bonustype != DMU_OT_SA) {
3542 		znode_phys_t *zp = (znode_phys_t *)dn->dn_bonus;
3543 
3544 		sb->st_mode = zp->zp_mode;
3545 		sb->st_uid = zp->zp_uid;
3546 		sb->st_gid = zp->zp_gid;
3547 		sb->st_size = zp->zp_size;
3548 	} else {
3549 		sa_hdr_phys_t *sahdrp;
3550 		int hdrsize;
3551 		size_t size = 0;
3552 		void *buf = NULL;
3553 
3554 		if (dn->dn_bonuslen != 0)
3555 			sahdrp = (sa_hdr_phys_t *)DN_BONUS(dn);
3556 		else {
3557 			if ((dn->dn_flags & DNODE_FLAG_SPILL_BLKPTR) != 0) {
3558 				blkptr_t *bp = DN_SPILL_BLKPTR(dn);
3559 				int error;
3560 
3561 				size = BP_GET_LSIZE(bp);
3562 				buf = malloc(size);
3563 				if (buf == NULL)
3564 					error = ENOMEM;
3565 				else
3566 					error = zio_read(spa, bp, buf);
3567 
3568 				if (error != 0) {
3569 					free(buf);
3570 					return (error);
3571 				}
3572 				sahdrp = buf;
3573 			} else {
3574 				return (EIO);
3575 			}
3576 		}
3577 		hdrsize = SA_HDR_SIZE(sahdrp);
3578 		sb->st_mode = *(uint64_t *)((char *)sahdrp + hdrsize +
3579 		    SA_MODE_OFFSET);
3580 		sb->st_uid = *(uint64_t *)((char *)sahdrp + hdrsize +
3581 		    SA_UID_OFFSET);
3582 		sb->st_gid = *(uint64_t *)((char *)sahdrp + hdrsize +
3583 		    SA_GID_OFFSET);
3584 		sb->st_size = *(uint64_t *)((char *)sahdrp + hdrsize +
3585 		    SA_SIZE_OFFSET);
3586 		free(buf);
3587 	}
3588 
3589 	return (0);
3590 }
3591 
3592 static int
3593 zfs_dnode_readlink(const spa_t *spa, dnode_phys_t *dn, char *path, size_t psize)
3594 {
3595 	int rc = 0;
3596 
3597 	if (dn->dn_bonustype == DMU_OT_SA) {
3598 		sa_hdr_phys_t *sahdrp = NULL;
3599 		size_t size = 0;
3600 		void *buf = NULL;
3601 		int hdrsize;
3602 		char *p;
3603 
3604 		if (dn->dn_bonuslen != 0) {
3605 			sahdrp = (sa_hdr_phys_t *)DN_BONUS(dn);
3606 		} else {
3607 			blkptr_t *bp;
3608 
3609 			if ((dn->dn_flags & DNODE_FLAG_SPILL_BLKPTR) == 0)
3610 				return (EIO);
3611 			bp = DN_SPILL_BLKPTR(dn);
3612 
3613 			size = BP_GET_LSIZE(bp);
3614 			buf = malloc(size);
3615 			if (buf == NULL)
3616 				rc = ENOMEM;
3617 			else
3618 				rc = zio_read(spa, bp, buf);
3619 			if (rc != 0) {
3620 				free(buf);
3621 				return (rc);
3622 			}
3623 			sahdrp = buf;
3624 		}
3625 		hdrsize = SA_HDR_SIZE(sahdrp);
3626 		p = (char *)((uintptr_t)sahdrp + hdrsize + SA_SYMLINK_OFFSET);
3627 		memcpy(path, p, psize);
3628 		free(buf);
3629 		return (0);
3630 	}
3631 	/*
3632 	 * Second test is purely to silence bogus compiler
3633 	 * warning about accessing past the end of dn_bonus.
3634 	 */
3635 	if (psize + sizeof(znode_phys_t) <= dn->dn_bonuslen &&
3636 	    sizeof(znode_phys_t) <= sizeof(dn->dn_bonus)) {
3637 		memcpy(path, &dn->dn_bonus[sizeof(znode_phys_t)], psize);
3638 	} else {
3639 		rc = dnode_read(spa, dn, 0, path, psize);
3640 	}
3641 	return (rc);
3642 }
3643 
3644 struct obj_list {
3645 	uint64_t		objnum;
3646 	STAILQ_ENTRY(obj_list)	entry;
3647 };
3648 
3649 /*
3650  * Lookup a file and return its dnode.
3651  */
3652 static int
3653 zfs_lookup(const struct zfsmount *mount, const char *upath, dnode_phys_t *dnode)
3654 {
3655 	int rc;
3656 	uint64_t objnum;
3657 	const spa_t *spa;
3658 	dnode_phys_t dn;
3659 	const char *p, *q;
3660 	char element[256];
3661 	char path[1024];
3662 	int symlinks_followed = 0;
3663 	struct stat sb;
3664 	struct obj_list *entry, *tentry;
3665 	STAILQ_HEAD(, obj_list) on_cache = STAILQ_HEAD_INITIALIZER(on_cache);
3666 
3667 	spa = mount->spa;
3668 	if (mount->objset.os_type != DMU_OST_ZFS) {
3669 		printf("ZFS: unexpected object set type %ju\n",
3670 		    (uintmax_t)mount->objset.os_type);
3671 		return (EIO);
3672 	}
3673 
3674 	if ((entry = malloc(sizeof(struct obj_list))) == NULL)
3675 		return (ENOMEM);
3676 
3677 	/*
3678 	 * Get the root directory dnode.
3679 	 */
3680 	rc = objset_get_dnode(spa, &mount->objset, MASTER_NODE_OBJ, &dn);
3681 	if (rc) {
3682 		free(entry);
3683 		return (rc);
3684 	}
3685 
3686 	rc = zap_lookup(spa, &dn, ZFS_ROOT_OBJ, sizeof(objnum), 1, &objnum);
3687 	if (rc) {
3688 		free(entry);
3689 		return (rc);
3690 	}
3691 	entry->objnum = objnum;
3692 	STAILQ_INSERT_HEAD(&on_cache, entry, entry);
3693 
3694 	rc = objset_get_dnode(spa, &mount->objset, objnum, &dn);
3695 	if (rc != 0)
3696 		goto done;
3697 
3698 	p = upath;
3699 	while (p && *p) {
3700 		rc = objset_get_dnode(spa, &mount->objset, objnum, &dn);
3701 		if (rc != 0)
3702 			goto done;
3703 
3704 		while (*p == '/')
3705 			p++;
3706 		if (*p == '\0')
3707 			break;
3708 		q = p;
3709 		while (*q != '\0' && *q != '/')
3710 			q++;
3711 
3712 		/* skip dot */
3713 		if (p + 1 == q && p[0] == '.') {
3714 			p++;
3715 			continue;
3716 		}
3717 		/* double dot */
3718 		if (p + 2 == q && p[0] == '.' && p[1] == '.') {
3719 			p += 2;
3720 			if (STAILQ_FIRST(&on_cache) ==
3721 			    STAILQ_LAST(&on_cache, obj_list, entry)) {
3722 				rc = ENOENT;
3723 				goto done;
3724 			}
3725 			entry = STAILQ_FIRST(&on_cache);
3726 			STAILQ_REMOVE_HEAD(&on_cache, entry);
3727 			free(entry);
3728 			objnum = (STAILQ_FIRST(&on_cache))->objnum;
3729 			continue;
3730 		}
3731 		if (q - p + 1 > sizeof(element)) {
3732 			rc = ENAMETOOLONG;
3733 			goto done;
3734 		}
3735 		memcpy(element, p, q - p);
3736 		element[q - p] = 0;
3737 		p = q;
3738 
3739 		if ((rc = zfs_dnode_stat(spa, &dn, &sb)) != 0)
3740 			goto done;
3741 		if (!S_ISDIR(sb.st_mode)) {
3742 			rc = ENOTDIR;
3743 			goto done;
3744 		}
3745 
3746 		rc = zap_lookup(spa, &dn, element, sizeof (objnum), 1, &objnum);
3747 		if (rc)
3748 			goto done;
3749 		objnum = ZFS_DIRENT_OBJ(objnum);
3750 
3751 		if ((entry = malloc(sizeof(struct obj_list))) == NULL) {
3752 			rc = ENOMEM;
3753 			goto done;
3754 		}
3755 		entry->objnum = objnum;
3756 		STAILQ_INSERT_HEAD(&on_cache, entry, entry);
3757 		rc = objset_get_dnode(spa, &mount->objset, objnum, &dn);
3758 		if (rc)
3759 			goto done;
3760 
3761 		/*
3762 		 * Check for symlink.
3763 		 */
3764 		rc = zfs_dnode_stat(spa, &dn, &sb);
3765 		if (rc)
3766 			goto done;
3767 		if (S_ISLNK(sb.st_mode)) {
3768 			if (symlinks_followed > 10) {
3769 				rc = EMLINK;
3770 				goto done;
3771 			}
3772 			symlinks_followed++;
3773 
3774 			/*
3775 			 * Read the link value and copy the tail of our
3776 			 * current path onto the end.
3777 			 */
3778 			if (sb.st_size + strlen(p) + 1 > sizeof(path)) {
3779 				rc = ENAMETOOLONG;
3780 				goto done;
3781 			}
3782 			strcpy(&path[sb.st_size], p);
3783 
3784 			rc = zfs_dnode_readlink(spa, &dn, path, sb.st_size);
3785 			if (rc != 0)
3786 				goto done;
3787 
3788 			/*
3789 			 * Restart with the new path, starting either at
3790 			 * the root or at the parent depending whether or
3791 			 * not the link is relative.
3792 			 */
3793 			p = path;
3794 			if (*p == '/') {
3795 				while (STAILQ_FIRST(&on_cache) !=
3796 				    STAILQ_LAST(&on_cache, obj_list, entry)) {
3797 					entry = STAILQ_FIRST(&on_cache);
3798 					STAILQ_REMOVE_HEAD(&on_cache, entry);
3799 					free(entry);
3800 				}
3801 			} else {
3802 				entry = STAILQ_FIRST(&on_cache);
3803 				STAILQ_REMOVE_HEAD(&on_cache, entry);
3804 				free(entry);
3805 			}
3806 			objnum = (STAILQ_FIRST(&on_cache))->objnum;
3807 		}
3808 	}
3809 
3810 	*dnode = dn;
3811 done:
3812 	STAILQ_FOREACH_SAFE(entry, &on_cache, entry, tentry)
3813 		free(entry);
3814 	return (rc);
3815 }
3816