xref: /freebsd/sys/contrib/openzfs/lib/libzfs/libzfs_dataset.c (revision 25ecdc7d52770caf1c9b44b5ec11f468f6b636f3)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2019 Joyent, Inc.
25  * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
26  * Copyright (c) 2012 DEY Storage Systems, Inc.  All rights reserved.
27  * Copyright (c) 2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
28  * Copyright (c) 2013 Martin Matuska. All rights reserved.
29  * Copyright (c) 2013 Steven Hartland. All rights reserved.
30  * Copyright 2017 Nexenta Systems, Inc.
31  * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
32  * Copyright 2017-2018 RackTop Systems.
33  * Copyright (c) 2019 Datto Inc.
34  * Copyright (c) 2019, loli10K <ezomori.nozomu@gmail.com>
35  */
36 
37 #include <ctype.h>
38 #include <errno.h>
39 #include <libintl.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <strings.h>
43 #include <unistd.h>
44 #include <stddef.h>
45 #include <zone.h>
46 #include <fcntl.h>
47 #include <sys/mntent.h>
48 #include <sys/mount.h>
49 #include <pwd.h>
50 #include <grp.h>
51 #include <ucred.h>
52 #ifdef HAVE_IDMAP
53 #include <idmap.h>
54 #include <aclutils.h>
55 #include <directory.h>
56 #endif /* HAVE_IDMAP */
57 
58 #include <sys/dnode.h>
59 #include <sys/spa.h>
60 #include <sys/zap.h>
61 #include <sys/dsl_crypt.h>
62 #include <libzfs.h>
63 #include <libzutil.h>
64 
65 #include "zfs_namecheck.h"
66 #include "zfs_prop.h"
67 #include "libzfs_impl.h"
68 #include "zfs_deleg.h"
69 
70 static int userquota_propname_decode(const char *propname, boolean_t zoned,
71     zfs_userquota_prop_t *typep, char *domain, int domainlen, uint64_t *ridp);
72 
73 /*
74  * Given a single type (not a mask of types), return the type in a human
75  * readable form.
76  */
77 const char *
78 zfs_type_to_name(zfs_type_t type)
79 {
80 	switch (type) {
81 	case ZFS_TYPE_FILESYSTEM:
82 		return (dgettext(TEXT_DOMAIN, "filesystem"));
83 	case ZFS_TYPE_SNAPSHOT:
84 		return (dgettext(TEXT_DOMAIN, "snapshot"));
85 	case ZFS_TYPE_VOLUME:
86 		return (dgettext(TEXT_DOMAIN, "volume"));
87 	case ZFS_TYPE_POOL:
88 		return (dgettext(TEXT_DOMAIN, "pool"));
89 	case ZFS_TYPE_BOOKMARK:
90 		return (dgettext(TEXT_DOMAIN, "bookmark"));
91 	default:
92 		assert(!"unhandled zfs_type_t");
93 	}
94 
95 	return (NULL);
96 }
97 
98 /*
99  * Validate a ZFS path.  This is used even before trying to open the dataset, to
100  * provide a more meaningful error message.  We call zfs_error_aux() to
101  * explain exactly why the name was not valid.
102  */
103 int
104 zfs_validate_name(libzfs_handle_t *hdl, const char *path, int type,
105     boolean_t modifying)
106 {
107 	namecheck_err_t why;
108 	char what;
109 
110 	if (!(type & ZFS_TYPE_SNAPSHOT) && strchr(path, '@') != NULL) {
111 		if (hdl != NULL)
112 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
113 			    "snapshot delimiter '@' is not expected here"));
114 		return (0);
115 	}
116 
117 	if (type == ZFS_TYPE_SNAPSHOT && strchr(path, '@') == NULL) {
118 		if (hdl != NULL)
119 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
120 			    "missing '@' delimiter in snapshot name"));
121 		return (0);
122 	}
123 
124 	if (!(type & ZFS_TYPE_BOOKMARK) && strchr(path, '#') != NULL) {
125 		if (hdl != NULL)
126 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
127 			    "bookmark delimiter '#' is not expected here"));
128 		return (0);
129 	}
130 
131 	if (type == ZFS_TYPE_BOOKMARK && strchr(path, '#') == NULL) {
132 		if (hdl != NULL)
133 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
134 			    "missing '#' delimiter in bookmark name"));
135 		return (0);
136 	}
137 
138 	if (modifying && strchr(path, '%') != NULL) {
139 		if (hdl != NULL)
140 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
141 			    "invalid character %c in name"), '%');
142 		return (0);
143 	}
144 
145 	if (entity_namecheck(path, &why, &what) != 0) {
146 		if (hdl != NULL) {
147 			switch (why) {
148 			case NAME_ERR_TOOLONG:
149 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
150 				    "name is too long"));
151 				break;
152 
153 			case NAME_ERR_LEADING_SLASH:
154 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
155 				    "leading slash in name"));
156 				break;
157 
158 			case NAME_ERR_EMPTY_COMPONENT:
159 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
160 				    "empty component or misplaced '@'"
161 				    " or '#' delimiter in name"));
162 				break;
163 
164 			case NAME_ERR_TRAILING_SLASH:
165 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
166 				    "trailing slash in name"));
167 				break;
168 
169 			case NAME_ERR_INVALCHAR:
170 				zfs_error_aux(hdl,
171 				    dgettext(TEXT_DOMAIN, "invalid character "
172 				    "'%c' in name"), what);
173 				break;
174 
175 			case NAME_ERR_MULTIPLE_DELIMITERS:
176 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
177 				    "multiple '@' and/or '#' delimiters in "
178 				    "name"));
179 				break;
180 
181 			case NAME_ERR_NOLETTER:
182 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
183 				    "pool doesn't begin with a letter"));
184 				break;
185 
186 			case NAME_ERR_RESERVED:
187 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
188 				    "name is reserved"));
189 				break;
190 
191 			case NAME_ERR_DISKLIKE:
192 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
193 				    "reserved disk name"));
194 				break;
195 
196 			case NAME_ERR_SELF_REF:
197 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
198 				    "self reference, '.' is found in name"));
199 				break;
200 
201 			case NAME_ERR_PARENT_REF:
202 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
203 				    "parent reference, '..' is found in name"));
204 				break;
205 
206 			default:
207 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
208 				    "(%d) not defined"), why);
209 				break;
210 			}
211 		}
212 
213 		return (0);
214 	}
215 
216 	return (-1);
217 }
218 
219 int
220 zfs_name_valid(const char *name, zfs_type_t type)
221 {
222 	if (type == ZFS_TYPE_POOL)
223 		return (zpool_name_valid(NULL, B_FALSE, name));
224 	return (zfs_validate_name(NULL, name, type, B_FALSE));
225 }
226 
227 /*
228  * This function takes the raw DSL properties, and filters out the user-defined
229  * properties into a separate nvlist.
230  */
231 static nvlist_t *
232 process_user_props(zfs_handle_t *zhp, nvlist_t *props)
233 {
234 	libzfs_handle_t *hdl = zhp->zfs_hdl;
235 	nvpair_t *elem;
236 	nvlist_t *propval;
237 	nvlist_t *nvl;
238 
239 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
240 		(void) no_memory(hdl);
241 		return (NULL);
242 	}
243 
244 	elem = NULL;
245 	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
246 		if (!zfs_prop_user(nvpair_name(elem)))
247 			continue;
248 
249 		verify(nvpair_value_nvlist(elem, &propval) == 0);
250 		if (nvlist_add_nvlist(nvl, nvpair_name(elem), propval) != 0) {
251 			nvlist_free(nvl);
252 			(void) no_memory(hdl);
253 			return (NULL);
254 		}
255 	}
256 
257 	return (nvl);
258 }
259 
260 static zpool_handle_t *
261 zpool_add_handle(zfs_handle_t *zhp, const char *pool_name)
262 {
263 	libzfs_handle_t *hdl = zhp->zfs_hdl;
264 	zpool_handle_t *zph;
265 
266 	if ((zph = zpool_open_canfail(hdl, pool_name)) != NULL) {
267 		if (hdl->libzfs_pool_handles != NULL)
268 			zph->zpool_next = hdl->libzfs_pool_handles;
269 		hdl->libzfs_pool_handles = zph;
270 	}
271 	return (zph);
272 }
273 
274 static zpool_handle_t *
275 zpool_find_handle(zfs_handle_t *zhp, const char *pool_name, int len)
276 {
277 	libzfs_handle_t *hdl = zhp->zfs_hdl;
278 	zpool_handle_t *zph = hdl->libzfs_pool_handles;
279 
280 	while ((zph != NULL) &&
281 	    (strncmp(pool_name, zpool_get_name(zph), len) != 0))
282 		zph = zph->zpool_next;
283 	return (zph);
284 }
285 
286 /*
287  * Returns a handle to the pool that contains the provided dataset.
288  * If a handle to that pool already exists then that handle is returned.
289  * Otherwise, a new handle is created and added to the list of handles.
290  */
291 static zpool_handle_t *
292 zpool_handle(zfs_handle_t *zhp)
293 {
294 	char *pool_name;
295 	int len;
296 	zpool_handle_t *zph;
297 
298 	len = strcspn(zhp->zfs_name, "/@#") + 1;
299 	pool_name = zfs_alloc(zhp->zfs_hdl, len);
300 	(void) strlcpy(pool_name, zhp->zfs_name, len);
301 
302 	zph = zpool_find_handle(zhp, pool_name, len);
303 	if (zph == NULL)
304 		zph = zpool_add_handle(zhp, pool_name);
305 
306 	free(pool_name);
307 	return (zph);
308 }
309 
310 void
311 zpool_free_handles(libzfs_handle_t *hdl)
312 {
313 	zpool_handle_t *next, *zph = hdl->libzfs_pool_handles;
314 
315 	while (zph != NULL) {
316 		next = zph->zpool_next;
317 		zpool_close(zph);
318 		zph = next;
319 	}
320 	hdl->libzfs_pool_handles = NULL;
321 }
322 
323 /*
324  * Utility function to gather stats (objset and zpl) for the given object.
325  */
326 static int
327 get_stats_ioctl(zfs_handle_t *zhp, zfs_cmd_t *zc)
328 {
329 	libzfs_handle_t *hdl = zhp->zfs_hdl;
330 
331 	(void) strlcpy(zc->zc_name, zhp->zfs_name, sizeof (zc->zc_name));
332 
333 	while (zfs_ioctl(hdl, ZFS_IOC_OBJSET_STATS, zc) != 0) {
334 		if (errno == ENOMEM) {
335 			if (zcmd_expand_dst_nvlist(hdl, zc) != 0) {
336 				return (-1);
337 			}
338 		} else {
339 			return (-1);
340 		}
341 	}
342 	return (0);
343 }
344 
345 /*
346  * Utility function to get the received properties of the given object.
347  */
348 static int
349 get_recvd_props_ioctl(zfs_handle_t *zhp)
350 {
351 	libzfs_handle_t *hdl = zhp->zfs_hdl;
352 	nvlist_t *recvdprops;
353 	zfs_cmd_t zc = {"\0"};
354 	int err;
355 
356 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0)
357 		return (-1);
358 
359 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
360 
361 	while (zfs_ioctl(hdl, ZFS_IOC_OBJSET_RECVD_PROPS, &zc) != 0) {
362 		if (errno == ENOMEM) {
363 			if (zcmd_expand_dst_nvlist(hdl, &zc) != 0) {
364 				return (-1);
365 			}
366 		} else {
367 			zcmd_free_nvlists(&zc);
368 			return (-1);
369 		}
370 	}
371 
372 	err = zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &recvdprops);
373 	zcmd_free_nvlists(&zc);
374 	if (err != 0)
375 		return (-1);
376 
377 	nvlist_free(zhp->zfs_recvd_props);
378 	zhp->zfs_recvd_props = recvdprops;
379 
380 	return (0);
381 }
382 
383 static int
384 put_stats_zhdl(zfs_handle_t *zhp, zfs_cmd_t *zc)
385 {
386 	nvlist_t *allprops, *userprops;
387 
388 	zhp->zfs_dmustats = zc->zc_objset_stats; /* structure assignment */
389 
390 	if (zcmd_read_dst_nvlist(zhp->zfs_hdl, zc, &allprops) != 0) {
391 		return (-1);
392 	}
393 
394 	/*
395 	 * XXX Why do we store the user props separately, in addition to
396 	 * storing them in zfs_props?
397 	 */
398 	if ((userprops = process_user_props(zhp, allprops)) == NULL) {
399 		nvlist_free(allprops);
400 		return (-1);
401 	}
402 
403 	nvlist_free(zhp->zfs_props);
404 	nvlist_free(zhp->zfs_user_props);
405 
406 	zhp->zfs_props = allprops;
407 	zhp->zfs_user_props = userprops;
408 
409 	return (0);
410 }
411 
412 static int
413 get_stats(zfs_handle_t *zhp)
414 {
415 	int rc = 0;
416 	zfs_cmd_t zc = {"\0"};
417 
418 	if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
419 		return (-1);
420 	if (get_stats_ioctl(zhp, &zc) != 0)
421 		rc = -1;
422 	else if (put_stats_zhdl(zhp, &zc) != 0)
423 		rc = -1;
424 	zcmd_free_nvlists(&zc);
425 	return (rc);
426 }
427 
428 /*
429  * Refresh the properties currently stored in the handle.
430  */
431 void
432 zfs_refresh_properties(zfs_handle_t *zhp)
433 {
434 	(void) get_stats(zhp);
435 }
436 
437 /*
438  * Makes a handle from the given dataset name.  Used by zfs_open() and
439  * zfs_iter_* to create child handles on the fly.
440  */
441 static int
442 make_dataset_handle_common(zfs_handle_t *zhp, zfs_cmd_t *zc)
443 {
444 	if (put_stats_zhdl(zhp, zc) != 0)
445 		return (-1);
446 
447 	/*
448 	 * We've managed to open the dataset and gather statistics.  Determine
449 	 * the high-level type.
450 	 */
451 	if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
452 		zhp->zfs_head_type = ZFS_TYPE_VOLUME;
453 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
454 		zhp->zfs_head_type = ZFS_TYPE_FILESYSTEM;
455 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_OTHER)
456 		return (-1);
457 	else
458 		abort();
459 
460 	if (zhp->zfs_dmustats.dds_is_snapshot)
461 		zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
462 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZVOL)
463 		zhp->zfs_type = ZFS_TYPE_VOLUME;
464 	else if (zhp->zfs_dmustats.dds_type == DMU_OST_ZFS)
465 		zhp->zfs_type = ZFS_TYPE_FILESYSTEM;
466 	else
467 		abort();	/* we should never see any other types */
468 
469 	if ((zhp->zpool_hdl = zpool_handle(zhp)) == NULL)
470 		return (-1);
471 
472 	return (0);
473 }
474 
475 zfs_handle_t *
476 make_dataset_handle(libzfs_handle_t *hdl, const char *path)
477 {
478 	zfs_cmd_t zc = {"\0"};
479 
480 	zfs_handle_t *zhp = calloc(1, sizeof (zfs_handle_t));
481 
482 	if (zhp == NULL)
483 		return (NULL);
484 
485 	zhp->zfs_hdl = hdl;
486 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
487 	if (zcmd_alloc_dst_nvlist(hdl, &zc, 0) != 0) {
488 		free(zhp);
489 		return (NULL);
490 	}
491 	if (get_stats_ioctl(zhp, &zc) == -1) {
492 		zcmd_free_nvlists(&zc);
493 		free(zhp);
494 		return (NULL);
495 	}
496 	if (make_dataset_handle_common(zhp, &zc) == -1) {
497 		free(zhp);
498 		zhp = NULL;
499 	}
500 	zcmd_free_nvlists(&zc);
501 	return (zhp);
502 }
503 
504 zfs_handle_t *
505 make_dataset_handle_zc(libzfs_handle_t *hdl, zfs_cmd_t *zc)
506 {
507 	zfs_handle_t *zhp = calloc(1, sizeof (zfs_handle_t));
508 
509 	if (zhp == NULL)
510 		return (NULL);
511 
512 	zhp->zfs_hdl = hdl;
513 	(void) strlcpy(zhp->zfs_name, zc->zc_name, sizeof (zhp->zfs_name));
514 	if (make_dataset_handle_common(zhp, zc) == -1) {
515 		free(zhp);
516 		return (NULL);
517 	}
518 	return (zhp);
519 }
520 
521 zfs_handle_t *
522 make_dataset_simple_handle_zc(zfs_handle_t *pzhp, zfs_cmd_t *zc)
523 {
524 	zfs_handle_t *zhp = calloc(1, sizeof (zfs_handle_t));
525 
526 	if (zhp == NULL)
527 		return (NULL);
528 
529 	zhp->zfs_hdl = pzhp->zfs_hdl;
530 	(void) strlcpy(zhp->zfs_name, zc->zc_name, sizeof (zhp->zfs_name));
531 	zhp->zfs_head_type = pzhp->zfs_type;
532 	zhp->zfs_type = ZFS_TYPE_SNAPSHOT;
533 	zhp->zpool_hdl = zpool_handle(zhp);
534 
535 	return (zhp);
536 }
537 
538 zfs_handle_t *
539 zfs_handle_dup(zfs_handle_t *zhp_orig)
540 {
541 	zfs_handle_t *zhp = calloc(1, sizeof (zfs_handle_t));
542 
543 	if (zhp == NULL)
544 		return (NULL);
545 
546 	zhp->zfs_hdl = zhp_orig->zfs_hdl;
547 	zhp->zpool_hdl = zhp_orig->zpool_hdl;
548 	(void) strlcpy(zhp->zfs_name, zhp_orig->zfs_name,
549 	    sizeof (zhp->zfs_name));
550 	zhp->zfs_type = zhp_orig->zfs_type;
551 	zhp->zfs_head_type = zhp_orig->zfs_head_type;
552 	zhp->zfs_dmustats = zhp_orig->zfs_dmustats;
553 	if (zhp_orig->zfs_props != NULL) {
554 		if (nvlist_dup(zhp_orig->zfs_props, &zhp->zfs_props, 0) != 0) {
555 			(void) no_memory(zhp->zfs_hdl);
556 			zfs_close(zhp);
557 			return (NULL);
558 		}
559 	}
560 	if (zhp_orig->zfs_user_props != NULL) {
561 		if (nvlist_dup(zhp_orig->zfs_user_props,
562 		    &zhp->zfs_user_props, 0) != 0) {
563 			(void) no_memory(zhp->zfs_hdl);
564 			zfs_close(zhp);
565 			return (NULL);
566 		}
567 	}
568 	if (zhp_orig->zfs_recvd_props != NULL) {
569 		if (nvlist_dup(zhp_orig->zfs_recvd_props,
570 		    &zhp->zfs_recvd_props, 0)) {
571 			(void) no_memory(zhp->zfs_hdl);
572 			zfs_close(zhp);
573 			return (NULL);
574 		}
575 	}
576 	zhp->zfs_mntcheck = zhp_orig->zfs_mntcheck;
577 	if (zhp_orig->zfs_mntopts != NULL) {
578 		zhp->zfs_mntopts = zfs_strdup(zhp_orig->zfs_hdl,
579 		    zhp_orig->zfs_mntopts);
580 	}
581 	zhp->zfs_props_table = zhp_orig->zfs_props_table;
582 	return (zhp);
583 }
584 
585 boolean_t
586 zfs_bookmark_exists(const char *path)
587 {
588 	nvlist_t *bmarks;
589 	nvlist_t *props;
590 	char fsname[ZFS_MAX_DATASET_NAME_LEN];
591 	char *bmark_name;
592 	char *pound;
593 	int err;
594 	boolean_t rv;
595 
596 	(void) strlcpy(fsname, path, sizeof (fsname));
597 	pound = strchr(fsname, '#');
598 	if (pound == NULL)
599 		return (B_FALSE);
600 
601 	*pound = '\0';
602 	bmark_name = pound + 1;
603 	props = fnvlist_alloc();
604 	err = lzc_get_bookmarks(fsname, props, &bmarks);
605 	nvlist_free(props);
606 	if (err != 0) {
607 		nvlist_free(bmarks);
608 		return (B_FALSE);
609 	}
610 
611 	rv = nvlist_exists(bmarks, bmark_name);
612 	nvlist_free(bmarks);
613 	return (rv);
614 }
615 
616 zfs_handle_t *
617 make_bookmark_handle(zfs_handle_t *parent, const char *path,
618     nvlist_t *bmark_props)
619 {
620 	zfs_handle_t *zhp = calloc(1, sizeof (zfs_handle_t));
621 
622 	if (zhp == NULL)
623 		return (NULL);
624 
625 	/* Fill in the name. */
626 	zhp->zfs_hdl = parent->zfs_hdl;
627 	(void) strlcpy(zhp->zfs_name, path, sizeof (zhp->zfs_name));
628 
629 	/* Set the property lists. */
630 	if (nvlist_dup(bmark_props, &zhp->zfs_props, 0) != 0) {
631 		free(zhp);
632 		return (NULL);
633 	}
634 
635 	/* Set the types. */
636 	zhp->zfs_head_type = parent->zfs_head_type;
637 	zhp->zfs_type = ZFS_TYPE_BOOKMARK;
638 
639 	if ((zhp->zpool_hdl = zpool_handle(zhp)) == NULL) {
640 		nvlist_free(zhp->zfs_props);
641 		free(zhp);
642 		return (NULL);
643 	}
644 
645 	return (zhp);
646 }
647 
648 struct zfs_open_bookmarks_cb_data {
649 	const char *path;
650 	zfs_handle_t *zhp;
651 };
652 
653 static int
654 zfs_open_bookmarks_cb(zfs_handle_t *zhp, void *data)
655 {
656 	struct zfs_open_bookmarks_cb_data *dp = data;
657 
658 	/*
659 	 * Is it the one we are looking for?
660 	 */
661 	if (strcmp(dp->path, zfs_get_name(zhp)) == 0) {
662 		/*
663 		 * We found it.  Save it and let the caller know we are done.
664 		 */
665 		dp->zhp = zhp;
666 		return (EEXIST);
667 	}
668 
669 	/*
670 	 * Not found.  Close the handle and ask for another one.
671 	 */
672 	zfs_close(zhp);
673 	return (0);
674 }
675 
676 /*
677  * Opens the given snapshot, bookmark, filesystem, or volume.   The 'types'
678  * argument is a mask of acceptable types.  The function will print an
679  * appropriate error message and return NULL if it can't be opened.
680  */
681 zfs_handle_t *
682 zfs_open(libzfs_handle_t *hdl, const char *path, int types)
683 {
684 	zfs_handle_t *zhp;
685 	char errbuf[1024];
686 	char *bookp;
687 
688 	(void) snprintf(errbuf, sizeof (errbuf),
689 	    dgettext(TEXT_DOMAIN, "cannot open '%s'"), path);
690 
691 	/*
692 	 * Validate the name before we even try to open it.
693 	 */
694 	if (!zfs_validate_name(hdl, path, types, B_FALSE)) {
695 		(void) zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
696 		return (NULL);
697 	}
698 
699 	/*
700 	 * Bookmarks needs to be handled separately.
701 	 */
702 	bookp = strchr(path, '#');
703 	if (bookp == NULL) {
704 		/*
705 		 * Try to get stats for the dataset, which will tell us if it
706 		 * exists.
707 		 */
708 		errno = 0;
709 		if ((zhp = make_dataset_handle(hdl, path)) == NULL) {
710 			(void) zfs_standard_error(hdl, errno, errbuf);
711 			return (NULL);
712 		}
713 	} else {
714 		char dsname[ZFS_MAX_DATASET_NAME_LEN];
715 		zfs_handle_t *pzhp;
716 		struct zfs_open_bookmarks_cb_data cb_data = {path, NULL};
717 
718 		/*
719 		 * We need to cut out '#' and everything after '#'
720 		 * to get the parent dataset name only.
721 		 */
722 		assert(bookp - path < sizeof (dsname));
723 		(void) strncpy(dsname, path, bookp - path);
724 		dsname[bookp - path] = '\0';
725 
726 		/*
727 		 * Create handle for the parent dataset.
728 		 */
729 		errno = 0;
730 		if ((pzhp = make_dataset_handle(hdl, dsname)) == NULL) {
731 			(void) zfs_standard_error(hdl, errno, errbuf);
732 			return (NULL);
733 		}
734 
735 		/*
736 		 * Iterate bookmarks to find the right one.
737 		 */
738 		errno = 0;
739 		if ((zfs_iter_bookmarks(pzhp, zfs_open_bookmarks_cb,
740 		    &cb_data) == 0) && (cb_data.zhp == NULL)) {
741 			(void) zfs_error(hdl, EZFS_NOENT, errbuf);
742 			zfs_close(pzhp);
743 			return (NULL);
744 		}
745 		if (cb_data.zhp == NULL) {
746 			(void) zfs_standard_error(hdl, errno, errbuf);
747 			zfs_close(pzhp);
748 			return (NULL);
749 		}
750 		zhp = cb_data.zhp;
751 
752 		/*
753 		 * Cleanup.
754 		 */
755 		zfs_close(pzhp);
756 	}
757 
758 	if (!(types & zhp->zfs_type)) {
759 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
760 		zfs_close(zhp);
761 		return (NULL);
762 	}
763 
764 	return (zhp);
765 }
766 
767 /*
768  * Release a ZFS handle.  Nothing to do but free the associated memory.
769  */
770 void
771 zfs_close(zfs_handle_t *zhp)
772 {
773 	if (zhp->zfs_mntopts)
774 		free(zhp->zfs_mntopts);
775 	nvlist_free(zhp->zfs_props);
776 	nvlist_free(zhp->zfs_user_props);
777 	nvlist_free(zhp->zfs_recvd_props);
778 	free(zhp);
779 }
780 
781 typedef struct mnttab_node {
782 	struct mnttab mtn_mt;
783 	avl_node_t mtn_node;
784 } mnttab_node_t;
785 
786 static int
787 libzfs_mnttab_cache_compare(const void *arg1, const void *arg2)
788 {
789 	const mnttab_node_t *mtn1 = (const mnttab_node_t *)arg1;
790 	const mnttab_node_t *mtn2 = (const mnttab_node_t *)arg2;
791 	int rv;
792 
793 	rv = strcmp(mtn1->mtn_mt.mnt_special, mtn2->mtn_mt.mnt_special);
794 
795 	return (TREE_ISIGN(rv));
796 }
797 
798 void
799 libzfs_mnttab_init(libzfs_handle_t *hdl)
800 {
801 	pthread_mutex_init(&hdl->libzfs_mnttab_cache_lock, NULL);
802 	assert(avl_numnodes(&hdl->libzfs_mnttab_cache) == 0);
803 	avl_create(&hdl->libzfs_mnttab_cache, libzfs_mnttab_cache_compare,
804 	    sizeof (mnttab_node_t), offsetof(mnttab_node_t, mtn_node));
805 }
806 
807 static int
808 libzfs_mnttab_update(libzfs_handle_t *hdl)
809 {
810 	struct mnttab entry;
811 
812 	/* Reopen MNTTAB to prevent reading stale data from open file */
813 	if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
814 		return (ENOENT);
815 
816 	while (getmntent(hdl->libzfs_mnttab, &entry) == 0) {
817 		mnttab_node_t *mtn;
818 		avl_index_t where;
819 
820 		if (strcmp(entry.mnt_fstype, MNTTYPE_ZFS) != 0)
821 			continue;
822 
823 		mtn = zfs_alloc(hdl, sizeof (mnttab_node_t));
824 		mtn->mtn_mt.mnt_special = zfs_strdup(hdl, entry.mnt_special);
825 		mtn->mtn_mt.mnt_mountp = zfs_strdup(hdl, entry.mnt_mountp);
826 		mtn->mtn_mt.mnt_fstype = zfs_strdup(hdl, entry.mnt_fstype);
827 		mtn->mtn_mt.mnt_mntopts = zfs_strdup(hdl, entry.mnt_mntopts);
828 
829 		/* Exclude duplicate mounts */
830 		if (avl_find(&hdl->libzfs_mnttab_cache, mtn, &where) != NULL) {
831 			free(mtn->mtn_mt.mnt_special);
832 			free(mtn->mtn_mt.mnt_mountp);
833 			free(mtn->mtn_mt.mnt_fstype);
834 			free(mtn->mtn_mt.mnt_mntopts);
835 			free(mtn);
836 			continue;
837 		}
838 
839 		avl_add(&hdl->libzfs_mnttab_cache, mtn);
840 	}
841 
842 	return (0);
843 }
844 
845 void
846 libzfs_mnttab_fini(libzfs_handle_t *hdl)
847 {
848 	void *cookie = NULL;
849 	mnttab_node_t *mtn;
850 
851 	while ((mtn = avl_destroy_nodes(&hdl->libzfs_mnttab_cache, &cookie))
852 	    != NULL) {
853 		free(mtn->mtn_mt.mnt_special);
854 		free(mtn->mtn_mt.mnt_mountp);
855 		free(mtn->mtn_mt.mnt_fstype);
856 		free(mtn->mtn_mt.mnt_mntopts);
857 		free(mtn);
858 	}
859 	avl_destroy(&hdl->libzfs_mnttab_cache);
860 	(void) pthread_mutex_destroy(&hdl->libzfs_mnttab_cache_lock);
861 }
862 
863 void
864 libzfs_mnttab_cache(libzfs_handle_t *hdl, boolean_t enable)
865 {
866 	hdl->libzfs_mnttab_enable = enable;
867 }
868 
869 int
870 libzfs_mnttab_find(libzfs_handle_t *hdl, const char *fsname,
871     struct mnttab *entry)
872 {
873 	mnttab_node_t find;
874 	mnttab_node_t *mtn;
875 	int ret = ENOENT;
876 
877 	if (!hdl->libzfs_mnttab_enable) {
878 		struct mnttab srch = { 0 };
879 
880 		if (avl_numnodes(&hdl->libzfs_mnttab_cache))
881 			libzfs_mnttab_fini(hdl);
882 
883 		/* Reopen MNTTAB to prevent reading stale data from open file */
884 		if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL)
885 			return (ENOENT);
886 
887 		srch.mnt_special = (char *)fsname;
888 		srch.mnt_fstype = MNTTYPE_ZFS;
889 		if (getmntany(hdl->libzfs_mnttab, entry, &srch) == 0)
890 			return (0);
891 		else
892 			return (ENOENT);
893 	}
894 
895 	pthread_mutex_lock(&hdl->libzfs_mnttab_cache_lock);
896 	if (avl_numnodes(&hdl->libzfs_mnttab_cache) == 0) {
897 		int error;
898 
899 		if ((error = libzfs_mnttab_update(hdl)) != 0) {
900 			pthread_mutex_unlock(&hdl->libzfs_mnttab_cache_lock);
901 			return (error);
902 		}
903 	}
904 
905 	find.mtn_mt.mnt_special = (char *)fsname;
906 	mtn = avl_find(&hdl->libzfs_mnttab_cache, &find, NULL);
907 	if (mtn) {
908 		*entry = mtn->mtn_mt;
909 		ret = 0;
910 	}
911 	pthread_mutex_unlock(&hdl->libzfs_mnttab_cache_lock);
912 	return (ret);
913 }
914 
915 void
916 libzfs_mnttab_add(libzfs_handle_t *hdl, const char *special,
917     const char *mountp, const char *mntopts)
918 {
919 	mnttab_node_t *mtn;
920 
921 	pthread_mutex_lock(&hdl->libzfs_mnttab_cache_lock);
922 	if (avl_numnodes(&hdl->libzfs_mnttab_cache) != 0) {
923 		mtn = zfs_alloc(hdl, sizeof (mnttab_node_t));
924 		mtn->mtn_mt.mnt_special = zfs_strdup(hdl, special);
925 		mtn->mtn_mt.mnt_mountp = zfs_strdup(hdl, mountp);
926 		mtn->mtn_mt.mnt_fstype = zfs_strdup(hdl, MNTTYPE_ZFS);
927 		mtn->mtn_mt.mnt_mntopts = zfs_strdup(hdl, mntopts);
928 		/*
929 		 * Another thread may have already added this entry
930 		 * via libzfs_mnttab_update. If so we should skip it.
931 		 */
932 		if (avl_find(&hdl->libzfs_mnttab_cache, mtn, NULL) != NULL) {
933 			free(mtn->mtn_mt.mnt_special);
934 			free(mtn->mtn_mt.mnt_mountp);
935 			free(mtn->mtn_mt.mnt_fstype);
936 			free(mtn->mtn_mt.mnt_mntopts);
937 			free(mtn);
938 		} else {
939 			avl_add(&hdl->libzfs_mnttab_cache, mtn);
940 		}
941 	}
942 	pthread_mutex_unlock(&hdl->libzfs_mnttab_cache_lock);
943 }
944 
945 void
946 libzfs_mnttab_remove(libzfs_handle_t *hdl, const char *fsname)
947 {
948 	mnttab_node_t find;
949 	mnttab_node_t *ret;
950 
951 	pthread_mutex_lock(&hdl->libzfs_mnttab_cache_lock);
952 	find.mtn_mt.mnt_special = (char *)fsname;
953 	if ((ret = avl_find(&hdl->libzfs_mnttab_cache, (void *)&find, NULL))
954 	    != NULL) {
955 		avl_remove(&hdl->libzfs_mnttab_cache, ret);
956 		free(ret->mtn_mt.mnt_special);
957 		free(ret->mtn_mt.mnt_mountp);
958 		free(ret->mtn_mt.mnt_fstype);
959 		free(ret->mtn_mt.mnt_mntopts);
960 		free(ret);
961 	}
962 	pthread_mutex_unlock(&hdl->libzfs_mnttab_cache_lock);
963 }
964 
965 int
966 zfs_spa_version(zfs_handle_t *zhp, int *spa_version)
967 {
968 	zpool_handle_t *zpool_handle = zhp->zpool_hdl;
969 
970 	if (zpool_handle == NULL)
971 		return (-1);
972 
973 	*spa_version = zpool_get_prop_int(zpool_handle,
974 	    ZPOOL_PROP_VERSION, NULL);
975 	return (0);
976 }
977 
978 /*
979  * The choice of reservation property depends on the SPA version.
980  */
981 static int
982 zfs_which_resv_prop(zfs_handle_t *zhp, zfs_prop_t *resv_prop)
983 {
984 	int spa_version;
985 
986 	if (zfs_spa_version(zhp, &spa_version) < 0)
987 		return (-1);
988 
989 	if (spa_version >= SPA_VERSION_REFRESERVATION)
990 		*resv_prop = ZFS_PROP_REFRESERVATION;
991 	else
992 		*resv_prop = ZFS_PROP_RESERVATION;
993 
994 	return (0);
995 }
996 
997 /*
998  * Given an nvlist of properties to set, validates that they are correct, and
999  * parses any numeric properties (index, boolean, etc) if they are specified as
1000  * strings.
1001  */
1002 nvlist_t *
1003 zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
1004     uint64_t zoned, zfs_handle_t *zhp, zpool_handle_t *zpool_hdl,
1005     boolean_t key_params_ok, const char *errbuf)
1006 {
1007 	nvpair_t *elem;
1008 	uint64_t intval;
1009 	char *strval;
1010 	zfs_prop_t prop;
1011 	nvlist_t *ret;
1012 	int chosen_normal = -1;
1013 	int chosen_utf = -1;
1014 
1015 	if (nvlist_alloc(&ret, NV_UNIQUE_NAME, 0) != 0) {
1016 		(void) no_memory(hdl);
1017 		return (NULL);
1018 	}
1019 
1020 	/*
1021 	 * Make sure this property is valid and applies to this type.
1022 	 */
1023 
1024 	elem = NULL;
1025 	while ((elem = nvlist_next_nvpair(nvl, elem)) != NULL) {
1026 		const char *propname = nvpair_name(elem);
1027 
1028 		prop = zfs_name_to_prop(propname);
1029 		if (prop == ZPROP_INVAL && zfs_prop_user(propname)) {
1030 			/*
1031 			 * This is a user property: make sure it's a
1032 			 * string, and that it's less than ZAP_MAXNAMELEN.
1033 			 */
1034 			if (nvpair_type(elem) != DATA_TYPE_STRING) {
1035 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1036 				    "'%s' must be a string"), propname);
1037 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1038 				goto error;
1039 			}
1040 
1041 			if (strlen(nvpair_name(elem)) >= ZAP_MAXNAMELEN) {
1042 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1043 				    "property name '%s' is too long"),
1044 				    propname);
1045 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1046 				goto error;
1047 			}
1048 
1049 			(void) nvpair_value_string(elem, &strval);
1050 			if (nvlist_add_string(ret, propname, strval) != 0) {
1051 				(void) no_memory(hdl);
1052 				goto error;
1053 			}
1054 			continue;
1055 		}
1056 
1057 		/*
1058 		 * Currently, only user properties can be modified on
1059 		 * snapshots.
1060 		 */
1061 		if (type == ZFS_TYPE_SNAPSHOT) {
1062 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1063 			    "this property can not be modified for snapshots"));
1064 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
1065 			goto error;
1066 		}
1067 
1068 		if (prop == ZPROP_INVAL && zfs_prop_userquota(propname)) {
1069 			zfs_userquota_prop_t uqtype;
1070 			char *newpropname = NULL;
1071 			char domain[128];
1072 			uint64_t rid;
1073 			uint64_t valary[3];
1074 			int rc;
1075 
1076 			if (userquota_propname_decode(propname, zoned,
1077 			    &uqtype, domain, sizeof (domain), &rid) != 0) {
1078 				zfs_error_aux(hdl,
1079 				    dgettext(TEXT_DOMAIN,
1080 				    "'%s' has an invalid user/group name"),
1081 				    propname);
1082 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1083 				goto error;
1084 			}
1085 
1086 			if (uqtype != ZFS_PROP_USERQUOTA &&
1087 			    uqtype != ZFS_PROP_GROUPQUOTA &&
1088 			    uqtype != ZFS_PROP_USEROBJQUOTA &&
1089 			    uqtype != ZFS_PROP_GROUPOBJQUOTA &&
1090 			    uqtype != ZFS_PROP_PROJECTQUOTA &&
1091 			    uqtype != ZFS_PROP_PROJECTOBJQUOTA) {
1092 				zfs_error_aux(hdl,
1093 				    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
1094 				    propname);
1095 				(void) zfs_error(hdl, EZFS_PROPREADONLY,
1096 				    errbuf);
1097 				goto error;
1098 			}
1099 
1100 			if (nvpair_type(elem) == DATA_TYPE_STRING) {
1101 				(void) nvpair_value_string(elem, &strval);
1102 				if (strcmp(strval, "none") == 0) {
1103 					intval = 0;
1104 				} else if (zfs_nicestrtonum(hdl,
1105 				    strval, &intval) != 0) {
1106 					(void) zfs_error(hdl,
1107 					    EZFS_BADPROP, errbuf);
1108 					goto error;
1109 				}
1110 			} else if (nvpair_type(elem) ==
1111 			    DATA_TYPE_UINT64) {
1112 				(void) nvpair_value_uint64(elem, &intval);
1113 				if (intval == 0) {
1114 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1115 					    "use 'none' to disable "
1116 					    "{user|group|project}quota"));
1117 					goto error;
1118 				}
1119 			} else {
1120 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1121 				    "'%s' must be a number"), propname);
1122 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1123 				goto error;
1124 			}
1125 
1126 			/*
1127 			 * Encode the prop name as
1128 			 * userquota@<hex-rid>-domain, to make it easy
1129 			 * for the kernel to decode.
1130 			 */
1131 			rc = asprintf(&newpropname, "%s%llx-%s",
1132 			    zfs_userquota_prop_prefixes[uqtype],
1133 			    (longlong_t)rid, domain);
1134 			if (rc == -1 || newpropname == NULL) {
1135 				(void) no_memory(hdl);
1136 				goto error;
1137 			}
1138 
1139 			valary[0] = uqtype;
1140 			valary[1] = rid;
1141 			valary[2] = intval;
1142 			if (nvlist_add_uint64_array(ret, newpropname,
1143 			    valary, 3) != 0) {
1144 				free(newpropname);
1145 				(void) no_memory(hdl);
1146 				goto error;
1147 			}
1148 			free(newpropname);
1149 			continue;
1150 		} else if (prop == ZPROP_INVAL && zfs_prop_written(propname)) {
1151 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1152 			    "'%s' is readonly"),
1153 			    propname);
1154 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
1155 			goto error;
1156 		}
1157 
1158 		if (prop == ZPROP_INVAL) {
1159 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1160 			    "invalid property '%s'"), propname);
1161 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1162 			goto error;
1163 		}
1164 
1165 		if (!zfs_prop_valid_for_type(prop, type, B_FALSE)) {
1166 			zfs_error_aux(hdl,
1167 			    dgettext(TEXT_DOMAIN, "'%s' does not "
1168 			    "apply to datasets of this type"), propname);
1169 			(void) zfs_error(hdl, EZFS_PROPTYPE, errbuf);
1170 			goto error;
1171 		}
1172 
1173 		if (zfs_prop_readonly(prop) &&
1174 		    !(zfs_prop_setonce(prop) && zhp == NULL) &&
1175 		    !(zfs_prop_encryption_key_param(prop) && key_params_ok)) {
1176 			zfs_error_aux(hdl,
1177 			    dgettext(TEXT_DOMAIN, "'%s' is readonly"),
1178 			    propname);
1179 			(void) zfs_error(hdl, EZFS_PROPREADONLY, errbuf);
1180 			goto error;
1181 		}
1182 
1183 		if (zprop_parse_value(hdl, elem, prop, type, ret,
1184 		    &strval, &intval, errbuf) != 0)
1185 			goto error;
1186 
1187 		/*
1188 		 * Perform some additional checks for specific properties.
1189 		 */
1190 		switch (prop) {
1191 		case ZFS_PROP_VERSION:
1192 		{
1193 			int version;
1194 
1195 			if (zhp == NULL)
1196 				break;
1197 			version = zfs_prop_get_int(zhp, ZFS_PROP_VERSION);
1198 			if (intval < version) {
1199 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1200 				    "Can not downgrade; already at version %u"),
1201 				    version);
1202 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1203 				goto error;
1204 			}
1205 			break;
1206 		}
1207 
1208 		case ZFS_PROP_VOLBLOCKSIZE:
1209 		case ZFS_PROP_RECORDSIZE:
1210 		{
1211 			int maxbs = SPA_MAXBLOCKSIZE;
1212 			char buf[64];
1213 
1214 			if (zpool_hdl != NULL) {
1215 				maxbs = zpool_get_prop_int(zpool_hdl,
1216 				    ZPOOL_PROP_MAXBLOCKSIZE, NULL);
1217 			}
1218 			/*
1219 			 * The value must be a power of two between
1220 			 * SPA_MINBLOCKSIZE and maxbs.
1221 			 */
1222 			if (intval < SPA_MINBLOCKSIZE ||
1223 			    intval > maxbs || !ISP2(intval)) {
1224 				zfs_nicebytes(maxbs, buf, sizeof (buf));
1225 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1226 				    "'%s' must be power of 2 from 512B "
1227 				    "to %s"), propname, buf);
1228 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1229 				goto error;
1230 			}
1231 			break;
1232 		}
1233 
1234 		case ZFS_PROP_SPECIAL_SMALL_BLOCKS:
1235 		{
1236 			int maxbs = SPA_OLD_MAXBLOCKSIZE;
1237 			char buf[64];
1238 
1239 			if (zpool_hdl != NULL) {
1240 				char state[64] = "";
1241 
1242 				maxbs = zpool_get_prop_int(zpool_hdl,
1243 				    ZPOOL_PROP_MAXBLOCKSIZE, NULL);
1244 
1245 				/*
1246 				 * Issue a warning but do not fail so that
1247 				 * tests for settable properties succeed.
1248 				 */
1249 				if (zpool_prop_get_feature(zpool_hdl,
1250 				    "feature@allocation_classes", state,
1251 				    sizeof (state)) != 0 ||
1252 				    strcmp(state, ZFS_FEATURE_ACTIVE) != 0) {
1253 					(void) fprintf(stderr, gettext(
1254 					    "%s: property requires a special "
1255 					    "device in the pool\n"), propname);
1256 				}
1257 			}
1258 			if (intval != 0 &&
1259 			    (intval < SPA_MINBLOCKSIZE ||
1260 			    intval > maxbs || !ISP2(intval))) {
1261 				zfs_nicebytes(maxbs, buf, sizeof (buf));
1262 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1263 				    "invalid '%s=%d' property: must be zero or "
1264 				    "a power of 2 from 512B to %s"), propname,
1265 				    intval, buf);
1266 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1267 				goto error;
1268 			}
1269 			break;
1270 		}
1271 
1272 		case ZFS_PROP_MLSLABEL:
1273 		{
1274 #ifdef HAVE_MLSLABEL
1275 			/*
1276 			 * Verify the mlslabel string and convert to
1277 			 * internal hex label string.
1278 			 */
1279 
1280 			m_label_t *new_sl;
1281 			char *hex = NULL;	/* internal label string */
1282 
1283 			/* Default value is already OK. */
1284 			if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0)
1285 				break;
1286 
1287 			/* Verify the label can be converted to binary form */
1288 			if (((new_sl = m_label_alloc(MAC_LABEL)) == NULL) ||
1289 			    (str_to_label(strval, &new_sl, MAC_LABEL,
1290 			    L_NO_CORRECTION, NULL) == -1)) {
1291 				goto badlabel;
1292 			}
1293 
1294 			/* Now translate to hex internal label string */
1295 			if (label_to_str(new_sl, &hex, M_INTERNAL,
1296 			    DEF_NAMES) != 0) {
1297 				if (hex)
1298 					free(hex);
1299 				goto badlabel;
1300 			}
1301 			m_label_free(new_sl);
1302 
1303 			/* If string is already in internal form, we're done. */
1304 			if (strcmp(strval, hex) == 0) {
1305 				free(hex);
1306 				break;
1307 			}
1308 
1309 			/* Replace the label string with the internal form. */
1310 			(void) nvlist_remove(ret, zfs_prop_to_name(prop),
1311 			    DATA_TYPE_STRING);
1312 			verify(nvlist_add_string(ret, zfs_prop_to_name(prop),
1313 			    hex) == 0);
1314 			free(hex);
1315 
1316 			break;
1317 
1318 badlabel:
1319 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1320 			    "invalid mlslabel '%s'"), strval);
1321 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1322 			m_label_free(new_sl);	/* OK if null */
1323 			goto error;
1324 #else
1325 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1326 			    "mlslabels are unsupported"));
1327 			(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1328 			goto error;
1329 #endif /* HAVE_MLSLABEL */
1330 		}
1331 
1332 		case ZFS_PROP_MOUNTPOINT:
1333 		{
1334 			namecheck_err_t why;
1335 
1336 			if (strcmp(strval, ZFS_MOUNTPOINT_NONE) == 0 ||
1337 			    strcmp(strval, ZFS_MOUNTPOINT_LEGACY) == 0)
1338 				break;
1339 
1340 			if (mountpoint_namecheck(strval, &why)) {
1341 				switch (why) {
1342 				case NAME_ERR_LEADING_SLASH:
1343 					zfs_error_aux(hdl,
1344 					    dgettext(TEXT_DOMAIN,
1345 					    "'%s' must be an absolute path, "
1346 					    "'none', or 'legacy'"), propname);
1347 					break;
1348 				case NAME_ERR_TOOLONG:
1349 					zfs_error_aux(hdl,
1350 					    dgettext(TEXT_DOMAIN,
1351 					    "component of '%s' is too long"),
1352 					    propname);
1353 					break;
1354 
1355 				default:
1356 					zfs_error_aux(hdl,
1357 					    dgettext(TEXT_DOMAIN,
1358 					    "(%d) not defined"),
1359 					    why);
1360 					break;
1361 				}
1362 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1363 				goto error;
1364 			}
1365 		}
1366 
1367 			/*FALLTHRU*/
1368 
1369 		case ZFS_PROP_SHARESMB:
1370 		case ZFS_PROP_SHARENFS:
1371 			/*
1372 			 * For the mountpoint and sharenfs or sharesmb
1373 			 * properties, check if it can be set in a
1374 			 * global/non-global zone based on
1375 			 * the zoned property value:
1376 			 *
1377 			 *		global zone	    non-global zone
1378 			 * --------------------------------------------------
1379 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
1380 			 *		sharenfs (no)	    sharenfs (no)
1381 			 *		sharesmb (no)	    sharesmb (no)
1382 			 *
1383 			 * zoned=off	mountpoint (yes)	N/A
1384 			 *		sharenfs (yes)
1385 			 *		sharesmb (yes)
1386 			 */
1387 			if (zoned) {
1388 				if (getzoneid() == GLOBAL_ZONEID) {
1389 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1390 					    "'%s' cannot be set on "
1391 					    "dataset in a non-global zone"),
1392 					    propname);
1393 					(void) zfs_error(hdl, EZFS_ZONED,
1394 					    errbuf);
1395 					goto error;
1396 				} else if (prop == ZFS_PROP_SHARENFS ||
1397 				    prop == ZFS_PROP_SHARESMB) {
1398 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1399 					    "'%s' cannot be set in "
1400 					    "a non-global zone"), propname);
1401 					(void) zfs_error(hdl, EZFS_ZONED,
1402 					    errbuf);
1403 					goto error;
1404 				}
1405 			} else if (getzoneid() != GLOBAL_ZONEID) {
1406 				/*
1407 				 * If zoned property is 'off', this must be in
1408 				 * a global zone. If not, something is wrong.
1409 				 */
1410 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1411 				    "'%s' cannot be set while dataset "
1412 				    "'zoned' property is set"), propname);
1413 				(void) zfs_error(hdl, EZFS_ZONED, errbuf);
1414 				goto error;
1415 			}
1416 
1417 			/*
1418 			 * At this point, it is legitimate to set the
1419 			 * property. Now we want to make sure that the
1420 			 * property value is valid if it is sharenfs.
1421 			 */
1422 			if ((prop == ZFS_PROP_SHARENFS ||
1423 			    prop == ZFS_PROP_SHARESMB) &&
1424 			    strcmp(strval, "on") != 0 &&
1425 			    strcmp(strval, "off") != 0) {
1426 				zfs_share_proto_t proto;
1427 
1428 				if (prop == ZFS_PROP_SHARESMB)
1429 					proto = PROTO_SMB;
1430 				else
1431 					proto = PROTO_NFS;
1432 
1433 				if (zfs_parse_options(strval, proto) != SA_OK) {
1434 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1435 					    "'%s' cannot be set to invalid "
1436 					    "options"), propname);
1437 					(void) zfs_error(hdl, EZFS_BADPROP,
1438 					    errbuf);
1439 					goto error;
1440 				}
1441 			}
1442 
1443 			break;
1444 
1445 		case ZFS_PROP_KEYLOCATION:
1446 			if (!zfs_prop_valid_keylocation(strval, B_FALSE)) {
1447 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1448 				    "invalid keylocation"));
1449 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1450 				goto error;
1451 			}
1452 
1453 			if (zhp != NULL) {
1454 				uint64_t crypt =
1455 				    zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1456 
1457 				if (crypt == ZIO_CRYPT_OFF &&
1458 				    strcmp(strval, "none") != 0) {
1459 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1460 					    "keylocation must be 'none' "
1461 					    "for unencrypted datasets"));
1462 					(void) zfs_error(hdl, EZFS_BADPROP,
1463 					    errbuf);
1464 					goto error;
1465 				} else if (crypt != ZIO_CRYPT_OFF &&
1466 				    strcmp(strval, "none") == 0) {
1467 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1468 					    "keylocation must not be 'none' "
1469 					    "for encrypted datasets"));
1470 					(void) zfs_error(hdl, EZFS_BADPROP,
1471 					    errbuf);
1472 					goto error;
1473 				}
1474 			}
1475 			break;
1476 
1477 		case ZFS_PROP_PBKDF2_ITERS:
1478 			if (intval < MIN_PBKDF2_ITERATIONS) {
1479 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1480 				    "minimum pbkdf2 iterations is %u"),
1481 				    MIN_PBKDF2_ITERATIONS);
1482 				(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1483 				goto error;
1484 			}
1485 			break;
1486 
1487 		case ZFS_PROP_UTF8ONLY:
1488 			chosen_utf = (int)intval;
1489 			break;
1490 
1491 		case ZFS_PROP_NORMALIZE:
1492 			chosen_normal = (int)intval;
1493 			break;
1494 
1495 		default:
1496 			break;
1497 		}
1498 
1499 		/*
1500 		 * For changes to existing volumes, we have some additional
1501 		 * checks to enforce.
1502 		 */
1503 		if (type == ZFS_TYPE_VOLUME && zhp != NULL) {
1504 			uint64_t blocksize = zfs_prop_get_int(zhp,
1505 			    ZFS_PROP_VOLBLOCKSIZE);
1506 			char buf[64];
1507 
1508 			switch (prop) {
1509 			case ZFS_PROP_VOLSIZE:
1510 				if (intval % blocksize != 0) {
1511 					zfs_nicebytes(blocksize, buf,
1512 					    sizeof (buf));
1513 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1514 					    "'%s' must be a multiple of "
1515 					    "volume block size (%s)"),
1516 					    propname, buf);
1517 					(void) zfs_error(hdl, EZFS_BADPROP,
1518 					    errbuf);
1519 					goto error;
1520 				}
1521 
1522 				if (intval == 0) {
1523 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1524 					    "'%s' cannot be zero"),
1525 					    propname);
1526 					(void) zfs_error(hdl, EZFS_BADPROP,
1527 					    errbuf);
1528 					goto error;
1529 				}
1530 				break;
1531 
1532 			default:
1533 				break;
1534 			}
1535 		}
1536 
1537 		/* check encryption properties */
1538 		if (zhp != NULL) {
1539 			int64_t crypt = zfs_prop_get_int(zhp,
1540 			    ZFS_PROP_ENCRYPTION);
1541 
1542 			switch (prop) {
1543 			case ZFS_PROP_COPIES:
1544 				if (crypt != ZIO_CRYPT_OFF && intval > 2) {
1545 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1546 					    "encrypted datasets cannot have "
1547 					    "3 copies"));
1548 					(void) zfs_error(hdl, EZFS_BADPROP,
1549 					    errbuf);
1550 					goto error;
1551 				}
1552 				break;
1553 			default:
1554 				break;
1555 			}
1556 		}
1557 	}
1558 
1559 	/*
1560 	 * If normalization was chosen, but no UTF8 choice was made,
1561 	 * enforce rejection of non-UTF8 names.
1562 	 *
1563 	 * If normalization was chosen, but rejecting non-UTF8 names
1564 	 * was explicitly not chosen, it is an error.
1565 	 */
1566 	if (chosen_normal > 0 && chosen_utf < 0) {
1567 		if (nvlist_add_uint64(ret,
1568 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY), 1) != 0) {
1569 			(void) no_memory(hdl);
1570 			goto error;
1571 		}
1572 	} else if (chosen_normal > 0 && chosen_utf == 0) {
1573 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1574 		    "'%s' must be set 'on' if normalization chosen"),
1575 		    zfs_prop_to_name(ZFS_PROP_UTF8ONLY));
1576 		(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
1577 		goto error;
1578 	}
1579 	return (ret);
1580 
1581 error:
1582 	nvlist_free(ret);
1583 	return (NULL);
1584 }
1585 
1586 static int
1587 zfs_add_synthetic_resv(zfs_handle_t *zhp, nvlist_t *nvl)
1588 {
1589 	uint64_t old_volsize;
1590 	uint64_t new_volsize;
1591 	uint64_t old_reservation;
1592 	uint64_t new_reservation;
1593 	zfs_prop_t resv_prop;
1594 	nvlist_t *props;
1595 	zpool_handle_t *zph = zpool_handle(zhp);
1596 
1597 	/*
1598 	 * If this is an existing volume, and someone is setting the volsize,
1599 	 * make sure that it matches the reservation, or add it if necessary.
1600 	 */
1601 	old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
1602 	if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
1603 		return (-1);
1604 	old_reservation = zfs_prop_get_int(zhp, resv_prop);
1605 
1606 	props = fnvlist_alloc();
1607 	fnvlist_add_uint64(props, zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1608 	    zfs_prop_get_int(zhp, ZFS_PROP_VOLBLOCKSIZE));
1609 
1610 	if ((zvol_volsize_to_reservation(zph, old_volsize, props) !=
1611 	    old_reservation) || nvlist_exists(nvl,
1612 	    zfs_prop_to_name(resv_prop))) {
1613 		fnvlist_free(props);
1614 		return (0);
1615 	}
1616 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1617 	    &new_volsize) != 0) {
1618 		fnvlist_free(props);
1619 		return (-1);
1620 	}
1621 	new_reservation = zvol_volsize_to_reservation(zph, new_volsize, props);
1622 	fnvlist_free(props);
1623 
1624 	if (nvlist_add_uint64(nvl, zfs_prop_to_name(resv_prop),
1625 	    new_reservation) != 0) {
1626 		(void) no_memory(zhp->zfs_hdl);
1627 		return (-1);
1628 	}
1629 	return (1);
1630 }
1631 
1632 /*
1633  * Helper for 'zfs {set|clone} refreservation=auto'.  Must be called after
1634  * zfs_valid_proplist(), as it is what sets the UINT64_MAX sentinel value.
1635  * Return codes must match zfs_add_synthetic_resv().
1636  */
1637 static int
1638 zfs_fix_auto_resv(zfs_handle_t *zhp, nvlist_t *nvl)
1639 {
1640 	uint64_t volsize;
1641 	uint64_t resvsize;
1642 	zfs_prop_t prop;
1643 	nvlist_t *props;
1644 
1645 	if (!ZFS_IS_VOLUME(zhp)) {
1646 		return (0);
1647 	}
1648 
1649 	if (zfs_which_resv_prop(zhp, &prop) != 0) {
1650 		return (-1);
1651 	}
1652 
1653 	if (prop != ZFS_PROP_REFRESERVATION) {
1654 		return (0);
1655 	}
1656 
1657 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(prop), &resvsize) != 0) {
1658 		/* No value being set, so it can't be "auto" */
1659 		return (0);
1660 	}
1661 	if (resvsize != UINT64_MAX) {
1662 		/* Being set to a value other than "auto" */
1663 		return (0);
1664 	}
1665 
1666 	props = fnvlist_alloc();
1667 
1668 	fnvlist_add_uint64(props, zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
1669 	    zfs_prop_get_int(zhp, ZFS_PROP_VOLBLOCKSIZE));
1670 
1671 	if (nvlist_lookup_uint64(nvl, zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1672 	    &volsize) != 0) {
1673 		volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
1674 	}
1675 
1676 	resvsize = zvol_volsize_to_reservation(zpool_handle(zhp), volsize,
1677 	    props);
1678 	fnvlist_free(props);
1679 
1680 	(void) nvlist_remove_all(nvl, zfs_prop_to_name(prop));
1681 	if (nvlist_add_uint64(nvl, zfs_prop_to_name(prop), resvsize) != 0) {
1682 		(void) no_memory(zhp->zfs_hdl);
1683 		return (-1);
1684 	}
1685 	return (1);
1686 }
1687 
1688 static boolean_t
1689 zfs_is_namespace_prop(zfs_prop_t prop)
1690 {
1691 	switch (prop) {
1692 
1693 	case ZFS_PROP_ATIME:
1694 	case ZFS_PROP_RELATIME:
1695 	case ZFS_PROP_DEVICES:
1696 	case ZFS_PROP_EXEC:
1697 	case ZFS_PROP_SETUID:
1698 	case ZFS_PROP_READONLY:
1699 	case ZFS_PROP_XATTR:
1700 	case ZFS_PROP_NBMAND:
1701 		return (B_TRUE);
1702 
1703 	default:
1704 		return (B_FALSE);
1705 	}
1706 }
1707 
1708 /*
1709  * Given a property name and value, set the property for the given dataset.
1710  */
1711 int
1712 zfs_prop_set(zfs_handle_t *zhp, const char *propname, const char *propval)
1713 {
1714 	int ret = -1;
1715 	char errbuf[1024];
1716 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1717 	nvlist_t *nvl = NULL;
1718 
1719 	(void) snprintf(errbuf, sizeof (errbuf),
1720 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1721 	    zhp->zfs_name);
1722 
1723 	if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0 ||
1724 	    nvlist_add_string(nvl, propname, propval) != 0) {
1725 		(void) no_memory(hdl);
1726 		goto error;
1727 	}
1728 
1729 	ret = zfs_prop_set_list(zhp, nvl);
1730 
1731 error:
1732 	nvlist_free(nvl);
1733 	return (ret);
1734 }
1735 
1736 
1737 
1738 /*
1739  * Given an nvlist of property names and values, set the properties for the
1740  * given dataset.
1741  */
1742 int
1743 zfs_prop_set_list(zfs_handle_t *zhp, nvlist_t *props)
1744 {
1745 	zfs_cmd_t zc = {"\0"};
1746 	int ret = -1;
1747 	prop_changelist_t **cls = NULL;
1748 	int cl_idx;
1749 	char errbuf[1024];
1750 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1751 	nvlist_t *nvl;
1752 	int nvl_len = 0;
1753 	int added_resv = 0;
1754 	zfs_prop_t prop = 0;
1755 	nvpair_t *elem;
1756 
1757 	(void) snprintf(errbuf, sizeof (errbuf),
1758 	    dgettext(TEXT_DOMAIN, "cannot set property for '%s'"),
1759 	    zhp->zfs_name);
1760 
1761 	if ((nvl = zfs_valid_proplist(hdl, zhp->zfs_type, props,
1762 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), zhp, zhp->zpool_hdl,
1763 	    B_FALSE, errbuf)) == NULL)
1764 		goto error;
1765 
1766 	/*
1767 	 * We have to check for any extra properties which need to be added
1768 	 * before computing the length of the nvlist.
1769 	 */
1770 	for (elem = nvlist_next_nvpair(nvl, NULL);
1771 	    elem != NULL;
1772 	    elem = nvlist_next_nvpair(nvl, elem)) {
1773 		if (zfs_name_to_prop(nvpair_name(elem)) == ZFS_PROP_VOLSIZE &&
1774 		    (added_resv = zfs_add_synthetic_resv(zhp, nvl)) == -1) {
1775 			goto error;
1776 		}
1777 	}
1778 
1779 	if (added_resv != 1 &&
1780 	    (added_resv = zfs_fix_auto_resv(zhp, nvl)) == -1) {
1781 		goto error;
1782 	}
1783 
1784 	/*
1785 	 * Check how many properties we're setting and allocate an array to
1786 	 * store changelist pointers for postfix().
1787 	 */
1788 	for (elem = nvlist_next_nvpair(nvl, NULL);
1789 	    elem != NULL;
1790 	    elem = nvlist_next_nvpair(nvl, elem))
1791 		nvl_len++;
1792 	if ((cls = calloc(nvl_len, sizeof (prop_changelist_t *))) == NULL)
1793 		goto error;
1794 
1795 	cl_idx = 0;
1796 	for (elem = nvlist_next_nvpair(nvl, NULL);
1797 	    elem != NULL;
1798 	    elem = nvlist_next_nvpair(nvl, elem)) {
1799 
1800 		prop = zfs_name_to_prop(nvpair_name(elem));
1801 
1802 		assert(cl_idx < nvl_len);
1803 		/*
1804 		 * We don't want to unmount & remount the dataset when changing
1805 		 * its canmount property to 'on' or 'noauto'.  We only use
1806 		 * the changelist logic to unmount when setting canmount=off.
1807 		 */
1808 		if (prop != ZFS_PROP_CANMOUNT ||
1809 		    (fnvpair_value_uint64(elem) == ZFS_CANMOUNT_OFF &&
1810 		    zfs_is_mounted(zhp, NULL))) {
1811 			cls[cl_idx] = changelist_gather(zhp, prop, 0, 0);
1812 			if (cls[cl_idx] == NULL)
1813 				goto error;
1814 		}
1815 
1816 		if (prop == ZFS_PROP_MOUNTPOINT &&
1817 		    changelist_haszonedchild(cls[cl_idx])) {
1818 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1819 			    "child dataset with inherited mountpoint is used "
1820 			    "in a non-global zone"));
1821 			ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1822 			goto error;
1823 		}
1824 
1825 		if (cls[cl_idx] != NULL &&
1826 		    (ret = changelist_prefix(cls[cl_idx])) != 0)
1827 			goto error;
1828 
1829 		cl_idx++;
1830 	}
1831 	assert(cl_idx == nvl_len);
1832 
1833 	/*
1834 	 * Execute the corresponding ioctl() to set this list of properties.
1835 	 */
1836 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1837 
1838 	if ((ret = zcmd_write_src_nvlist(hdl, &zc, nvl)) != 0 ||
1839 	    (ret = zcmd_alloc_dst_nvlist(hdl, &zc, 0)) != 0)
1840 		goto error;
1841 
1842 	ret = zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1843 
1844 	if (ret != 0) {
1845 		if (zc.zc_nvlist_dst_filled == B_FALSE) {
1846 			(void) zfs_standard_error(hdl, errno, errbuf);
1847 			goto error;
1848 		}
1849 
1850 		/* Get the list of unset properties back and report them. */
1851 		nvlist_t *errorprops = NULL;
1852 		if (zcmd_read_dst_nvlist(hdl, &zc, &errorprops) != 0)
1853 			goto error;
1854 		for (nvpair_t *elem = nvlist_next_nvpair(errorprops, NULL);
1855 		    elem != NULL;
1856 		    elem = nvlist_next_nvpair(errorprops, elem)) {
1857 			prop = zfs_name_to_prop(nvpair_name(elem));
1858 			zfs_setprop_error(hdl, prop, errno, errbuf);
1859 		}
1860 		nvlist_free(errorprops);
1861 
1862 		if (added_resv && errno == ENOSPC) {
1863 			/* clean up the volsize property we tried to set */
1864 			uint64_t old_volsize = zfs_prop_get_int(zhp,
1865 			    ZFS_PROP_VOLSIZE);
1866 			nvlist_free(nvl);
1867 			nvl = NULL;
1868 			zcmd_free_nvlists(&zc);
1869 
1870 			if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0)
1871 				goto error;
1872 			if (nvlist_add_uint64(nvl,
1873 			    zfs_prop_to_name(ZFS_PROP_VOLSIZE),
1874 			    old_volsize) != 0)
1875 				goto error;
1876 			if (zcmd_write_src_nvlist(hdl, &zc, nvl) != 0)
1877 				goto error;
1878 			(void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
1879 		}
1880 	} else {
1881 		for (cl_idx = 0; cl_idx < nvl_len; cl_idx++) {
1882 			if (cls[cl_idx] != NULL) {
1883 				int clp_err = changelist_postfix(cls[cl_idx]);
1884 				if (clp_err != 0)
1885 					ret = clp_err;
1886 			}
1887 		}
1888 
1889 		if (ret == 0) {
1890 			/*
1891 			 * Refresh the statistics so the new property
1892 			 * value is reflected.
1893 			 */
1894 			(void) get_stats(zhp);
1895 
1896 			/*
1897 			 * Remount the filesystem to propagate the change
1898 			 * if one of the options handled by the generic
1899 			 * Linux namespace layer has been modified.
1900 			 */
1901 			if (zfs_is_namespace_prop(prop) &&
1902 			    zfs_is_mounted(zhp, NULL))
1903 				ret = zfs_mount(zhp, MNTOPT_REMOUNT, 0);
1904 		}
1905 	}
1906 
1907 error:
1908 	nvlist_free(nvl);
1909 	zcmd_free_nvlists(&zc);
1910 	if (cls != NULL) {
1911 		for (cl_idx = 0; cl_idx < nvl_len; cl_idx++) {
1912 			if (cls[cl_idx] != NULL)
1913 				changelist_free(cls[cl_idx]);
1914 		}
1915 		free(cls);
1916 	}
1917 	return (ret);
1918 }
1919 
1920 /*
1921  * Given a property, inherit the value from the parent dataset, or if received
1922  * is TRUE, revert to the received value, if any.
1923  */
1924 int
1925 zfs_prop_inherit(zfs_handle_t *zhp, const char *propname, boolean_t received)
1926 {
1927 	zfs_cmd_t zc = {"\0"};
1928 	int ret;
1929 	prop_changelist_t *cl;
1930 	libzfs_handle_t *hdl = zhp->zfs_hdl;
1931 	char errbuf[1024];
1932 	zfs_prop_t prop;
1933 
1934 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1935 	    "cannot inherit %s for '%s'"), propname, zhp->zfs_name);
1936 
1937 	zc.zc_cookie = received;
1938 	if ((prop = zfs_name_to_prop(propname)) == ZPROP_INVAL) {
1939 		/*
1940 		 * For user properties, the amount of work we have to do is very
1941 		 * small, so just do it here.
1942 		 */
1943 		if (!zfs_prop_user(propname)) {
1944 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1945 			    "invalid property"));
1946 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1947 		}
1948 
1949 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1950 		(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1951 
1952 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc) != 0)
1953 			return (zfs_standard_error(hdl, errno, errbuf));
1954 
1955 		return (0);
1956 	}
1957 
1958 	/*
1959 	 * Verify that this property is inheritable.
1960 	 */
1961 	if (zfs_prop_readonly(prop))
1962 		return (zfs_error(hdl, EZFS_PROPREADONLY, errbuf));
1963 
1964 	if (!zfs_prop_inheritable(prop) && !received)
1965 		return (zfs_error(hdl, EZFS_PROPNONINHERIT, errbuf));
1966 
1967 	/*
1968 	 * Check to see if the value applies to this type
1969 	 */
1970 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type, B_FALSE))
1971 		return (zfs_error(hdl, EZFS_PROPTYPE, errbuf));
1972 
1973 	/*
1974 	 * Normalize the name, to get rid of shorthand abbreviations.
1975 	 */
1976 	propname = zfs_prop_to_name(prop);
1977 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
1978 	(void) strlcpy(zc.zc_value, propname, sizeof (zc.zc_value));
1979 
1980 	if (prop == ZFS_PROP_MOUNTPOINT && getzoneid() == GLOBAL_ZONEID &&
1981 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
1982 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1983 		    "dataset is used in a non-global zone"));
1984 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
1985 	}
1986 
1987 	/*
1988 	 * Determine datasets which will be affected by this change, if any.
1989 	 */
1990 	if ((cl = changelist_gather(zhp, prop, 0, 0)) == NULL)
1991 		return (-1);
1992 
1993 	if (prop == ZFS_PROP_MOUNTPOINT && changelist_haszonedchild(cl)) {
1994 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1995 		    "child dataset with inherited mountpoint is used "
1996 		    "in a non-global zone"));
1997 		ret = zfs_error(hdl, EZFS_ZONED, errbuf);
1998 		goto error;
1999 	}
2000 
2001 	if ((ret = changelist_prefix(cl)) != 0)
2002 		goto error;
2003 
2004 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_INHERIT_PROP, &zc)) != 0) {
2005 		return (zfs_standard_error(hdl, errno, errbuf));
2006 	} else {
2007 
2008 		if ((ret = changelist_postfix(cl)) != 0)
2009 			goto error;
2010 
2011 		/*
2012 		 * Refresh the statistics so the new property is reflected.
2013 		 */
2014 		(void) get_stats(zhp);
2015 
2016 		/*
2017 		 * Remount the filesystem to propagate the change
2018 		 * if one of the options handled by the generic
2019 		 * Linux namespace layer has been modified.
2020 		 */
2021 		if (zfs_is_namespace_prop(prop) &&
2022 		    zfs_is_mounted(zhp, NULL))
2023 			ret = zfs_mount(zhp, MNTOPT_REMOUNT, 0);
2024 	}
2025 
2026 error:
2027 	changelist_free(cl);
2028 	return (ret);
2029 }
2030 
2031 /*
2032  * True DSL properties are stored in an nvlist.  The following two functions
2033  * extract them appropriately.
2034  */
2035 uint64_t
2036 getprop_uint64(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2037 {
2038 	nvlist_t *nv;
2039 	uint64_t value;
2040 
2041 	*source = NULL;
2042 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2043 	    zfs_prop_to_name(prop), &nv) == 0) {
2044 		verify(nvlist_lookup_uint64(nv, ZPROP_VALUE, &value) == 0);
2045 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2046 	} else {
2047 		verify(!zhp->zfs_props_table ||
2048 		    zhp->zfs_props_table[prop] == B_TRUE);
2049 		value = zfs_prop_default_numeric(prop);
2050 		*source = "";
2051 	}
2052 
2053 	return (value);
2054 }
2055 
2056 static const char *
2057 getprop_string(zfs_handle_t *zhp, zfs_prop_t prop, char **source)
2058 {
2059 	nvlist_t *nv;
2060 	const char *value;
2061 
2062 	*source = NULL;
2063 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2064 	    zfs_prop_to_name(prop), &nv) == 0) {
2065 		value = fnvlist_lookup_string(nv, ZPROP_VALUE);
2066 		(void) nvlist_lookup_string(nv, ZPROP_SOURCE, source);
2067 	} else {
2068 		verify(!zhp->zfs_props_table ||
2069 		    zhp->zfs_props_table[prop] == B_TRUE);
2070 		value = zfs_prop_default_string(prop);
2071 		*source = "";
2072 	}
2073 
2074 	return (value);
2075 }
2076 
2077 static boolean_t
2078 zfs_is_recvd_props_mode(zfs_handle_t *zhp)
2079 {
2080 	return (zhp->zfs_props == zhp->zfs_recvd_props);
2081 }
2082 
2083 static void
2084 zfs_set_recvd_props_mode(zfs_handle_t *zhp, uint64_t *cookie)
2085 {
2086 	*cookie = (uint64_t)(uintptr_t)zhp->zfs_props;
2087 	zhp->zfs_props = zhp->zfs_recvd_props;
2088 }
2089 
2090 static void
2091 zfs_unset_recvd_props_mode(zfs_handle_t *zhp, uint64_t *cookie)
2092 {
2093 	zhp->zfs_props = (nvlist_t *)(uintptr_t)*cookie;
2094 	*cookie = 0;
2095 }
2096 
2097 /*
2098  * Internal function for getting a numeric property.  Both zfs_prop_get() and
2099  * zfs_prop_get_int() are built using this interface.
2100  *
2101  * Certain properties can be overridden using 'mount -o'.  In this case, scan
2102  * the contents of the /proc/self/mounts entry, searching for the
2103  * appropriate options. If they differ from the on-disk values, report the
2104  * current values and mark the source "temporary".
2105  */
2106 static int
2107 get_numeric_property(zfs_handle_t *zhp, zfs_prop_t prop, zprop_source_t *src,
2108     char **source, uint64_t *val)
2109 {
2110 	zfs_cmd_t zc = {"\0"};
2111 	nvlist_t *zplprops = NULL;
2112 	struct mnttab mnt;
2113 	char *mntopt_on = NULL;
2114 	char *mntopt_off = NULL;
2115 	boolean_t received = zfs_is_recvd_props_mode(zhp);
2116 
2117 	*source = NULL;
2118 
2119 	/*
2120 	 * If the property is being fetched for a snapshot, check whether
2121 	 * the property is valid for the snapshot's head dataset type.
2122 	 */
2123 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT &&
2124 	    !zfs_prop_valid_for_type(prop, zhp->zfs_head_type, B_TRUE)) {
2125 		*val = zfs_prop_default_numeric(prop);
2126 		return (-1);
2127 	}
2128 
2129 	switch (prop) {
2130 	case ZFS_PROP_ATIME:
2131 		mntopt_on = MNTOPT_ATIME;
2132 		mntopt_off = MNTOPT_NOATIME;
2133 		break;
2134 
2135 	case ZFS_PROP_RELATIME:
2136 		mntopt_on = MNTOPT_RELATIME;
2137 		mntopt_off = MNTOPT_NORELATIME;
2138 		break;
2139 
2140 	case ZFS_PROP_DEVICES:
2141 		mntopt_on = MNTOPT_DEVICES;
2142 		mntopt_off = MNTOPT_NODEVICES;
2143 		break;
2144 
2145 	case ZFS_PROP_EXEC:
2146 		mntopt_on = MNTOPT_EXEC;
2147 		mntopt_off = MNTOPT_NOEXEC;
2148 		break;
2149 
2150 	case ZFS_PROP_READONLY:
2151 		mntopt_on = MNTOPT_RO;
2152 		mntopt_off = MNTOPT_RW;
2153 		break;
2154 
2155 	case ZFS_PROP_SETUID:
2156 		mntopt_on = MNTOPT_SETUID;
2157 		mntopt_off = MNTOPT_NOSETUID;
2158 		break;
2159 
2160 	case ZFS_PROP_XATTR:
2161 		mntopt_on = MNTOPT_XATTR;
2162 		mntopt_off = MNTOPT_NOXATTR;
2163 		break;
2164 
2165 	case ZFS_PROP_NBMAND:
2166 		mntopt_on = MNTOPT_NBMAND;
2167 		mntopt_off = MNTOPT_NONBMAND;
2168 		break;
2169 
2170 	default:
2171 		break;
2172 	}
2173 
2174 	/*
2175 	 * Because looking up the mount options is potentially expensive
2176 	 * (iterating over all of /proc/self/mounts), we defer its
2177 	 * calculation until we're looking up a property which requires
2178 	 * its presence.
2179 	 */
2180 	if (!zhp->zfs_mntcheck &&
2181 	    (mntopt_on != NULL || prop == ZFS_PROP_MOUNTED)) {
2182 		libzfs_handle_t *hdl = zhp->zfs_hdl;
2183 		struct mnttab entry;
2184 
2185 		if (libzfs_mnttab_find(hdl, zhp->zfs_name, &entry) == 0) {
2186 			zhp->zfs_mntopts = zfs_strdup(hdl,
2187 			    entry.mnt_mntopts);
2188 			if (zhp->zfs_mntopts == NULL)
2189 				return (-1);
2190 		}
2191 
2192 		zhp->zfs_mntcheck = B_TRUE;
2193 	}
2194 
2195 	if (zhp->zfs_mntopts == NULL)
2196 		mnt.mnt_mntopts = "";
2197 	else
2198 		mnt.mnt_mntopts = zhp->zfs_mntopts;
2199 
2200 	switch (prop) {
2201 	case ZFS_PROP_ATIME:
2202 	case ZFS_PROP_RELATIME:
2203 	case ZFS_PROP_DEVICES:
2204 	case ZFS_PROP_EXEC:
2205 	case ZFS_PROP_READONLY:
2206 	case ZFS_PROP_SETUID:
2207 #ifndef __FreeBSD__
2208 	case ZFS_PROP_XATTR:
2209 #endif
2210 	case ZFS_PROP_NBMAND:
2211 		*val = getprop_uint64(zhp, prop, source);
2212 
2213 		if (received)
2214 			break;
2215 
2216 		if (hasmntopt(&mnt, mntopt_on) && !*val) {
2217 			*val = B_TRUE;
2218 			if (src)
2219 				*src = ZPROP_SRC_TEMPORARY;
2220 		} else if (hasmntopt(&mnt, mntopt_off) && *val) {
2221 			*val = B_FALSE;
2222 			if (src)
2223 				*src = ZPROP_SRC_TEMPORARY;
2224 		}
2225 		break;
2226 
2227 	case ZFS_PROP_CANMOUNT:
2228 	case ZFS_PROP_VOLSIZE:
2229 	case ZFS_PROP_QUOTA:
2230 	case ZFS_PROP_REFQUOTA:
2231 	case ZFS_PROP_RESERVATION:
2232 	case ZFS_PROP_REFRESERVATION:
2233 	case ZFS_PROP_FILESYSTEM_LIMIT:
2234 	case ZFS_PROP_SNAPSHOT_LIMIT:
2235 	case ZFS_PROP_FILESYSTEM_COUNT:
2236 	case ZFS_PROP_SNAPSHOT_COUNT:
2237 		*val = getprop_uint64(zhp, prop, source);
2238 
2239 		if (*source == NULL) {
2240 			/* not default, must be local */
2241 			*source = zhp->zfs_name;
2242 		}
2243 		break;
2244 
2245 	case ZFS_PROP_MOUNTED:
2246 		*val = (zhp->zfs_mntopts != NULL);
2247 		break;
2248 
2249 	case ZFS_PROP_NUMCLONES:
2250 		*val = zhp->zfs_dmustats.dds_num_clones;
2251 		break;
2252 
2253 	case ZFS_PROP_VERSION:
2254 	case ZFS_PROP_NORMALIZE:
2255 	case ZFS_PROP_UTF8ONLY:
2256 	case ZFS_PROP_CASE:
2257 		if (zcmd_alloc_dst_nvlist(zhp->zfs_hdl, &zc, 0) != 0)
2258 			return (-1);
2259 		(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
2260 		if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_ZPLPROPS, &zc)) {
2261 			zcmd_free_nvlists(&zc);
2262 			if (prop == ZFS_PROP_VERSION &&
2263 			    zhp->zfs_type == ZFS_TYPE_VOLUME)
2264 				*val = zfs_prop_default_numeric(prop);
2265 			return (-1);
2266 		}
2267 		if (zcmd_read_dst_nvlist(zhp->zfs_hdl, &zc, &zplprops) != 0 ||
2268 		    nvlist_lookup_uint64(zplprops, zfs_prop_to_name(prop),
2269 		    val) != 0) {
2270 			zcmd_free_nvlists(&zc);
2271 			return (-1);
2272 		}
2273 		nvlist_free(zplprops);
2274 		zcmd_free_nvlists(&zc);
2275 		break;
2276 
2277 	case ZFS_PROP_INCONSISTENT:
2278 		*val = zhp->zfs_dmustats.dds_inconsistent;
2279 		break;
2280 
2281 	case ZFS_PROP_REDACTED:
2282 		*val = zhp->zfs_dmustats.dds_redacted;
2283 		break;
2284 
2285 	default:
2286 		switch (zfs_prop_get_type(prop)) {
2287 		case PROP_TYPE_NUMBER:
2288 		case PROP_TYPE_INDEX:
2289 			*val = getprop_uint64(zhp, prop, source);
2290 			/*
2291 			 * If we tried to use a default value for a
2292 			 * readonly property, it means that it was not
2293 			 * present.  Note this only applies to "truly"
2294 			 * readonly properties, not set-once properties
2295 			 * like volblocksize.
2296 			 */
2297 			if (zfs_prop_readonly(prop) &&
2298 			    !zfs_prop_setonce(prop) &&
2299 			    *source != NULL && (*source)[0] == '\0') {
2300 				*source = NULL;
2301 				return (-1);
2302 			}
2303 			break;
2304 
2305 		case PROP_TYPE_STRING:
2306 		default:
2307 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2308 			    "cannot get non-numeric property"));
2309 			return (zfs_error(zhp->zfs_hdl, EZFS_BADPROP,
2310 			    dgettext(TEXT_DOMAIN, "internal error")));
2311 		}
2312 	}
2313 
2314 	return (0);
2315 }
2316 
2317 /*
2318  * Calculate the source type, given the raw source string.
2319  */
2320 static void
2321 get_source(zfs_handle_t *zhp, zprop_source_t *srctype, char *source,
2322     char *statbuf, size_t statlen)
2323 {
2324 	if (statbuf == NULL ||
2325 	    srctype == NULL || *srctype == ZPROP_SRC_TEMPORARY) {
2326 		return;
2327 	}
2328 
2329 	if (source == NULL) {
2330 		*srctype = ZPROP_SRC_NONE;
2331 	} else if (source[0] == '\0') {
2332 		*srctype = ZPROP_SRC_DEFAULT;
2333 	} else if (strstr(source, ZPROP_SOURCE_VAL_RECVD) != NULL) {
2334 		*srctype = ZPROP_SRC_RECEIVED;
2335 	} else {
2336 		if (strcmp(source, zhp->zfs_name) == 0) {
2337 			*srctype = ZPROP_SRC_LOCAL;
2338 		} else {
2339 			(void) strlcpy(statbuf, source, statlen);
2340 			*srctype = ZPROP_SRC_INHERITED;
2341 		}
2342 	}
2343 
2344 }
2345 
2346 int
2347 zfs_prop_get_recvd(zfs_handle_t *zhp, const char *propname, char *propbuf,
2348     size_t proplen, boolean_t literal)
2349 {
2350 	zfs_prop_t prop;
2351 	int err = 0;
2352 
2353 	if (zhp->zfs_recvd_props == NULL)
2354 		if (get_recvd_props_ioctl(zhp) != 0)
2355 			return (-1);
2356 
2357 	prop = zfs_name_to_prop(propname);
2358 
2359 	if (prop != ZPROP_INVAL) {
2360 		uint64_t cookie;
2361 		if (!nvlist_exists(zhp->zfs_recvd_props, propname))
2362 			return (-1);
2363 		zfs_set_recvd_props_mode(zhp, &cookie);
2364 		err = zfs_prop_get(zhp, prop, propbuf, proplen,
2365 		    NULL, NULL, 0, literal);
2366 		zfs_unset_recvd_props_mode(zhp, &cookie);
2367 	} else {
2368 		nvlist_t *propval;
2369 		char *recvdval;
2370 		if (nvlist_lookup_nvlist(zhp->zfs_recvd_props,
2371 		    propname, &propval) != 0)
2372 			return (-1);
2373 		verify(nvlist_lookup_string(propval, ZPROP_VALUE,
2374 		    &recvdval) == 0);
2375 		(void) strlcpy(propbuf, recvdval, proplen);
2376 	}
2377 
2378 	return (err == 0 ? 0 : -1);
2379 }
2380 
2381 static int
2382 get_clones_string(zfs_handle_t *zhp, char *propbuf, size_t proplen)
2383 {
2384 	nvlist_t *value;
2385 	nvpair_t *pair;
2386 
2387 	value = zfs_get_clones_nvl(zhp);
2388 	if (value == NULL)
2389 		return (-1);
2390 
2391 	propbuf[0] = '\0';
2392 	for (pair = nvlist_next_nvpair(value, NULL); pair != NULL;
2393 	    pair = nvlist_next_nvpair(value, pair)) {
2394 		if (propbuf[0] != '\0')
2395 			(void) strlcat(propbuf, ",", proplen);
2396 		(void) strlcat(propbuf, nvpair_name(pair), proplen);
2397 	}
2398 
2399 	return (0);
2400 }
2401 
2402 struct get_clones_arg {
2403 	uint64_t numclones;
2404 	nvlist_t *value;
2405 	const char *origin;
2406 	char buf[ZFS_MAX_DATASET_NAME_LEN];
2407 };
2408 
2409 static int
2410 get_clones_cb(zfs_handle_t *zhp, void *arg)
2411 {
2412 	struct get_clones_arg *gca = arg;
2413 
2414 	if (gca->numclones == 0) {
2415 		zfs_close(zhp);
2416 		return (0);
2417 	}
2418 
2419 	if (zfs_prop_get(zhp, ZFS_PROP_ORIGIN, gca->buf, sizeof (gca->buf),
2420 	    NULL, NULL, 0, B_TRUE) != 0)
2421 		goto out;
2422 	if (strcmp(gca->buf, gca->origin) == 0) {
2423 		fnvlist_add_boolean(gca->value, zfs_get_name(zhp));
2424 		gca->numclones--;
2425 	}
2426 
2427 out:
2428 	(void) zfs_iter_children(zhp, get_clones_cb, gca);
2429 	zfs_close(zhp);
2430 	return (0);
2431 }
2432 
2433 nvlist_t *
2434 zfs_get_clones_nvl(zfs_handle_t *zhp)
2435 {
2436 	nvlist_t *nv, *value;
2437 
2438 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2439 	    zfs_prop_to_name(ZFS_PROP_CLONES), &nv) != 0) {
2440 		struct get_clones_arg gca;
2441 
2442 		/*
2443 		 * if this is a snapshot, then the kernel wasn't able
2444 		 * to get the clones.  Do it by slowly iterating.
2445 		 */
2446 		if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT)
2447 			return (NULL);
2448 		if (nvlist_alloc(&nv, NV_UNIQUE_NAME, 0) != 0)
2449 			return (NULL);
2450 		if (nvlist_alloc(&value, NV_UNIQUE_NAME, 0) != 0) {
2451 			nvlist_free(nv);
2452 			return (NULL);
2453 		}
2454 
2455 		gca.numclones = zfs_prop_get_int(zhp, ZFS_PROP_NUMCLONES);
2456 		gca.value = value;
2457 		gca.origin = zhp->zfs_name;
2458 
2459 		if (gca.numclones != 0) {
2460 			zfs_handle_t *root;
2461 			char pool[ZFS_MAX_DATASET_NAME_LEN];
2462 			char *cp = pool;
2463 
2464 			/* get the pool name */
2465 			(void) strlcpy(pool, zhp->zfs_name, sizeof (pool));
2466 			(void) strsep(&cp, "/@");
2467 			root = zfs_open(zhp->zfs_hdl, pool,
2468 			    ZFS_TYPE_FILESYSTEM);
2469 			if (root == NULL) {
2470 				nvlist_free(nv);
2471 				nvlist_free(value);
2472 				return (NULL);
2473 			}
2474 
2475 			(void) get_clones_cb(root, &gca);
2476 		}
2477 
2478 		if (gca.numclones != 0 ||
2479 		    nvlist_add_nvlist(nv, ZPROP_VALUE, value) != 0 ||
2480 		    nvlist_add_nvlist(zhp->zfs_props,
2481 		    zfs_prop_to_name(ZFS_PROP_CLONES), nv) != 0) {
2482 			nvlist_free(nv);
2483 			nvlist_free(value);
2484 			return (NULL);
2485 		}
2486 		nvlist_free(nv);
2487 		nvlist_free(value);
2488 		verify(0 == nvlist_lookup_nvlist(zhp->zfs_props,
2489 		    zfs_prop_to_name(ZFS_PROP_CLONES), &nv));
2490 	}
2491 
2492 	verify(nvlist_lookup_nvlist(nv, ZPROP_VALUE, &value) == 0);
2493 
2494 	return (value);
2495 }
2496 
2497 static int
2498 get_rsnaps_string(zfs_handle_t *zhp, char *propbuf, size_t proplen)
2499 {
2500 	nvlist_t *value;
2501 	uint64_t *snaps;
2502 	uint_t nsnaps;
2503 
2504 	if (nvlist_lookup_nvlist(zhp->zfs_props,
2505 	    zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), &value) != 0)
2506 		return (-1);
2507 	if (nvlist_lookup_uint64_array(value, ZPROP_VALUE, &snaps,
2508 	    &nsnaps) != 0)
2509 		return (-1);
2510 	if (nsnaps == 0) {
2511 		/* There's no redaction snapshots; pass a special value back */
2512 		(void) snprintf(propbuf, proplen, "none");
2513 		return (0);
2514 	}
2515 	propbuf[0] = '\0';
2516 	for (int i = 0; i < nsnaps; i++) {
2517 		char buf[128];
2518 		if (propbuf[0] != '\0')
2519 			(void) strlcat(propbuf, ",", proplen);
2520 		(void) snprintf(buf, sizeof (buf), "%llu",
2521 		    (u_longlong_t)snaps[i]);
2522 		(void) strlcat(propbuf, buf, proplen);
2523 	}
2524 
2525 	return (0);
2526 }
2527 
2528 /*
2529  * Accepts a property and value and checks that the value
2530  * matches the one found by the channel program. If they are
2531  * not equal, print both of them.
2532  */
2533 static void
2534 zcp_check(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t intval,
2535     const char *strval)
2536 {
2537 	if (!zhp->zfs_hdl->libzfs_prop_debug)
2538 		return;
2539 	int error;
2540 	char *poolname = zhp->zpool_hdl->zpool_name;
2541 	const char *prop_name = zfs_prop_to_name(prop);
2542 	const char *program =
2543 	    "args = ...\n"
2544 	    "ds = args['dataset']\n"
2545 	    "prop = args['property']\n"
2546 	    "value, setpoint = zfs.get_prop(ds, prop)\n"
2547 	    "return {value=value, setpoint=setpoint}\n";
2548 	nvlist_t *outnvl;
2549 	nvlist_t *retnvl;
2550 	nvlist_t *argnvl = fnvlist_alloc();
2551 
2552 	fnvlist_add_string(argnvl, "dataset", zhp->zfs_name);
2553 	fnvlist_add_string(argnvl, "property", zfs_prop_to_name(prop));
2554 
2555 	error = lzc_channel_program_nosync(poolname, program,
2556 	    10 * 1000 * 1000, 10 * 1024 * 1024, argnvl, &outnvl);
2557 
2558 	if (error == 0) {
2559 		retnvl = fnvlist_lookup_nvlist(outnvl, "return");
2560 		if (zfs_prop_get_type(prop) == PROP_TYPE_NUMBER) {
2561 			int64_t ans;
2562 			error = nvlist_lookup_int64(retnvl, "value", &ans);
2563 			if (error != 0) {
2564 				(void) fprintf(stderr, "%s: zcp check error: "
2565 				    "%u\n", prop_name, error);
2566 				return;
2567 			}
2568 			if (ans != intval) {
2569 				(void) fprintf(stderr, "%s: zfs found %llu, "
2570 				    "but zcp found %llu\n", prop_name,
2571 				    (u_longlong_t)intval, (u_longlong_t)ans);
2572 			}
2573 		} else {
2574 			char *str_ans;
2575 			error = nvlist_lookup_string(retnvl, "value", &str_ans);
2576 			if (error != 0) {
2577 				(void) fprintf(stderr, "%s: zcp check error: "
2578 				    "%u\n", prop_name, error);
2579 				return;
2580 			}
2581 			if (strcmp(strval, str_ans) != 0) {
2582 				(void) fprintf(stderr,
2583 				    "%s: zfs found '%s', but zcp found '%s'\n",
2584 				    prop_name, strval, str_ans);
2585 			}
2586 		}
2587 	} else {
2588 		(void) fprintf(stderr, "%s: zcp check failed, channel program "
2589 		    "error: %u\n", prop_name, error);
2590 	}
2591 	nvlist_free(argnvl);
2592 	nvlist_free(outnvl);
2593 }
2594 
2595 /*
2596  * Retrieve a property from the given object.  If 'literal' is specified, then
2597  * numbers are left as exact values.  Otherwise, numbers are converted to a
2598  * human-readable form.
2599  *
2600  * Returns 0 on success, or -1 on error.
2601  */
2602 int
2603 zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
2604     zprop_source_t *src, char *statbuf, size_t statlen, boolean_t literal)
2605 {
2606 	char *source = NULL;
2607 	uint64_t val;
2608 	const char *str;
2609 	const char *strval;
2610 	boolean_t received = zfs_is_recvd_props_mode(zhp);
2611 
2612 	/*
2613 	 * Check to see if this property applies to our object
2614 	 */
2615 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type, B_FALSE))
2616 		return (-1);
2617 
2618 	if (received && zfs_prop_readonly(prop))
2619 		return (-1);
2620 
2621 	if (src)
2622 		*src = ZPROP_SRC_NONE;
2623 
2624 	switch (prop) {
2625 	case ZFS_PROP_CREATION:
2626 		/*
2627 		 * 'creation' is a time_t stored in the statistics.  We convert
2628 		 * this into a string unless 'literal' is specified.
2629 		 */
2630 		{
2631 			val = getprop_uint64(zhp, prop, &source);
2632 			time_t time = (time_t)val;
2633 			struct tm t;
2634 
2635 			if (literal ||
2636 			    localtime_r(&time, &t) == NULL ||
2637 			    strftime(propbuf, proplen, "%a %b %e %k:%M %Y",
2638 			    &t) == 0)
2639 				(void) snprintf(propbuf, proplen, "%llu",
2640 				    (u_longlong_t)val);
2641 		}
2642 		zcp_check(zhp, prop, val, NULL);
2643 		break;
2644 
2645 	case ZFS_PROP_MOUNTPOINT:
2646 		/*
2647 		 * Getting the precise mountpoint can be tricky.
2648 		 *
2649 		 *  - for 'none' or 'legacy', return those values.
2650 		 *  - for inherited mountpoints, we want to take everything
2651 		 *    after our ancestor and append it to the inherited value.
2652 		 *
2653 		 * If the pool has an alternate root, we want to prepend that
2654 		 * root to any values we return.
2655 		 */
2656 
2657 		str = getprop_string(zhp, prop, &source);
2658 
2659 		if (str[0] == '/') {
2660 			char buf[MAXPATHLEN];
2661 			char *root = buf;
2662 			const char *relpath;
2663 
2664 			/*
2665 			 * If we inherit the mountpoint, even from a dataset
2666 			 * with a received value, the source will be the path of
2667 			 * the dataset we inherit from. If source is
2668 			 * ZPROP_SOURCE_VAL_RECVD, the received value is not
2669 			 * inherited.
2670 			 */
2671 			if (strcmp(source, ZPROP_SOURCE_VAL_RECVD) == 0) {
2672 				relpath = "";
2673 			} else {
2674 				relpath = zhp->zfs_name + strlen(source);
2675 				if (relpath[0] == '/')
2676 					relpath++;
2677 			}
2678 
2679 			if ((zpool_get_prop(zhp->zpool_hdl,
2680 			    ZPOOL_PROP_ALTROOT, buf, MAXPATHLEN, NULL,
2681 			    B_FALSE)) || (strcmp(root, "-") == 0))
2682 				root[0] = '\0';
2683 			/*
2684 			 * Special case an alternate root of '/'. This will
2685 			 * avoid having multiple leading slashes in the
2686 			 * mountpoint path.
2687 			 */
2688 			if (strcmp(root, "/") == 0)
2689 				root++;
2690 
2691 			/*
2692 			 * If the mountpoint is '/' then skip over this
2693 			 * if we are obtaining either an alternate root or
2694 			 * an inherited mountpoint.
2695 			 */
2696 			if (str[1] == '\0' && (root[0] != '\0' ||
2697 			    relpath[0] != '\0'))
2698 				str++;
2699 
2700 			if (relpath[0] == '\0')
2701 				(void) snprintf(propbuf, proplen, "%s%s",
2702 				    root, str);
2703 			else
2704 				(void) snprintf(propbuf, proplen, "%s%s%s%s",
2705 				    root, str, relpath[0] == '@' ? "" : "/",
2706 				    relpath);
2707 		} else {
2708 			/* 'legacy' or 'none' */
2709 			(void) strlcpy(propbuf, str, proplen);
2710 		}
2711 		zcp_check(zhp, prop, 0, propbuf);
2712 		break;
2713 
2714 	case ZFS_PROP_ORIGIN:
2715 		str = getprop_string(zhp, prop, &source);
2716 		if (str == NULL)
2717 			return (-1);
2718 		(void) strlcpy(propbuf, str, proplen);
2719 		zcp_check(zhp, prop, 0, str);
2720 		break;
2721 
2722 	case ZFS_PROP_REDACT_SNAPS:
2723 		if (get_rsnaps_string(zhp, propbuf, proplen) != 0)
2724 			return (-1);
2725 		break;
2726 
2727 	case ZFS_PROP_CLONES:
2728 		if (get_clones_string(zhp, propbuf, proplen) != 0)
2729 			return (-1);
2730 		break;
2731 
2732 	case ZFS_PROP_QUOTA:
2733 	case ZFS_PROP_REFQUOTA:
2734 	case ZFS_PROP_RESERVATION:
2735 	case ZFS_PROP_REFRESERVATION:
2736 
2737 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2738 			return (-1);
2739 		/*
2740 		 * If quota or reservation is 0, we translate this into 'none'
2741 		 * (unless literal is set), and indicate that it's the default
2742 		 * value.  Otherwise, we print the number nicely and indicate
2743 		 * that its set locally.
2744 		 */
2745 		if (val == 0) {
2746 			if (literal)
2747 				(void) strlcpy(propbuf, "0", proplen);
2748 			else
2749 				(void) strlcpy(propbuf, "none", proplen);
2750 		} else {
2751 			if (literal)
2752 				(void) snprintf(propbuf, proplen, "%llu",
2753 				    (u_longlong_t)val);
2754 			else
2755 				zfs_nicebytes(val, propbuf, proplen);
2756 		}
2757 		zcp_check(zhp, prop, val, NULL);
2758 		break;
2759 
2760 	case ZFS_PROP_FILESYSTEM_LIMIT:
2761 	case ZFS_PROP_SNAPSHOT_LIMIT:
2762 	case ZFS_PROP_FILESYSTEM_COUNT:
2763 	case ZFS_PROP_SNAPSHOT_COUNT:
2764 
2765 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2766 			return (-1);
2767 
2768 		/*
2769 		 * If limit is UINT64_MAX, we translate this into 'none' (unless
2770 		 * literal is set), and indicate that it's the default value.
2771 		 * Otherwise, we print the number nicely and indicate that it's
2772 		 * set locally.
2773 		 */
2774 		if (literal) {
2775 			(void) snprintf(propbuf, proplen, "%llu",
2776 			    (u_longlong_t)val);
2777 		} else if (val == UINT64_MAX) {
2778 			(void) strlcpy(propbuf, "none", proplen);
2779 		} else {
2780 			zfs_nicenum(val, propbuf, proplen);
2781 		}
2782 
2783 		zcp_check(zhp, prop, val, NULL);
2784 		break;
2785 
2786 	case ZFS_PROP_REFRATIO:
2787 	case ZFS_PROP_COMPRESSRATIO:
2788 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2789 			return (-1);
2790 		if (literal)
2791 			(void) snprintf(propbuf, proplen, "%llu.%02llu",
2792 			    (u_longlong_t)(val / 100),
2793 			    (u_longlong_t)(val % 100));
2794 		else
2795 			(void) snprintf(propbuf, proplen, "%llu.%02llux",
2796 			    (u_longlong_t)(val / 100),
2797 			    (u_longlong_t)(val % 100));
2798 		zcp_check(zhp, prop, val, NULL);
2799 		break;
2800 
2801 	case ZFS_PROP_TYPE:
2802 		switch (zhp->zfs_type) {
2803 		case ZFS_TYPE_FILESYSTEM:
2804 			str = "filesystem";
2805 			break;
2806 		case ZFS_TYPE_VOLUME:
2807 			str = "volume";
2808 			break;
2809 		case ZFS_TYPE_SNAPSHOT:
2810 			str = "snapshot";
2811 			break;
2812 		case ZFS_TYPE_BOOKMARK:
2813 			str = "bookmark";
2814 			break;
2815 		default:
2816 			abort();
2817 		}
2818 		(void) snprintf(propbuf, proplen, "%s", str);
2819 		zcp_check(zhp, prop, 0, propbuf);
2820 		break;
2821 
2822 	case ZFS_PROP_MOUNTED:
2823 		/*
2824 		 * The 'mounted' property is a pseudo-property that described
2825 		 * whether the filesystem is currently mounted.  Even though
2826 		 * it's a boolean value, the typical values of "on" and "off"
2827 		 * don't make sense, so we translate to "yes" and "no".
2828 		 */
2829 		if (get_numeric_property(zhp, ZFS_PROP_MOUNTED,
2830 		    src, &source, &val) != 0)
2831 			return (-1);
2832 		if (val)
2833 			(void) strlcpy(propbuf, "yes", proplen);
2834 		else
2835 			(void) strlcpy(propbuf, "no", proplen);
2836 		break;
2837 
2838 	case ZFS_PROP_NAME:
2839 		/*
2840 		 * The 'name' property is a pseudo-property derived from the
2841 		 * dataset name.  It is presented as a real property to simplify
2842 		 * consumers.
2843 		 */
2844 		(void) strlcpy(propbuf, zhp->zfs_name, proplen);
2845 		zcp_check(zhp, prop, 0, propbuf);
2846 		break;
2847 
2848 	case ZFS_PROP_MLSLABEL:
2849 		{
2850 #ifdef HAVE_MLSLABEL
2851 			m_label_t *new_sl = NULL;
2852 			char *ascii = NULL;	/* human readable label */
2853 
2854 			(void) strlcpy(propbuf,
2855 			    getprop_string(zhp, prop, &source), proplen);
2856 
2857 			if (literal || (strcasecmp(propbuf,
2858 			    ZFS_MLSLABEL_DEFAULT) == 0))
2859 				break;
2860 
2861 			/*
2862 			 * Try to translate the internal hex string to
2863 			 * human-readable output.  If there are any
2864 			 * problems just use the hex string.
2865 			 */
2866 
2867 			if (str_to_label(propbuf, &new_sl, MAC_LABEL,
2868 			    L_NO_CORRECTION, NULL) == -1) {
2869 				m_label_free(new_sl);
2870 				break;
2871 			}
2872 
2873 			if (label_to_str(new_sl, &ascii, M_LABEL,
2874 			    DEF_NAMES) != 0) {
2875 				if (ascii)
2876 					free(ascii);
2877 				m_label_free(new_sl);
2878 				break;
2879 			}
2880 			m_label_free(new_sl);
2881 
2882 			(void) strlcpy(propbuf, ascii, proplen);
2883 			free(ascii);
2884 #else
2885 			(void) strlcpy(propbuf,
2886 			    getprop_string(zhp, prop, &source), proplen);
2887 #endif /* HAVE_MLSLABEL */
2888 		}
2889 		break;
2890 
2891 	case ZFS_PROP_GUID:
2892 	case ZFS_PROP_CREATETXG:
2893 	case ZFS_PROP_OBJSETID:
2894 	case ZFS_PROP_PBKDF2_ITERS:
2895 		/*
2896 		 * These properties are stored as numbers, but they are
2897 		 * identifiers or counters.
2898 		 * We don't want them to be pretty printed, because pretty
2899 		 * printing truncates their values making them useless.
2900 		 */
2901 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2902 			return (-1);
2903 		(void) snprintf(propbuf, proplen, "%llu", (u_longlong_t)val);
2904 		zcp_check(zhp, prop, val, NULL);
2905 		break;
2906 
2907 	case ZFS_PROP_REFERENCED:
2908 	case ZFS_PROP_AVAILABLE:
2909 	case ZFS_PROP_USED:
2910 	case ZFS_PROP_USEDSNAP:
2911 	case ZFS_PROP_USEDDS:
2912 	case ZFS_PROP_USEDREFRESERV:
2913 	case ZFS_PROP_USEDCHILD:
2914 		if (get_numeric_property(zhp, prop, src, &source, &val) != 0)
2915 			return (-1);
2916 		if (literal) {
2917 			(void) snprintf(propbuf, proplen, "%llu",
2918 			    (u_longlong_t)val);
2919 		} else {
2920 			zfs_nicebytes(val, propbuf, proplen);
2921 		}
2922 		zcp_check(zhp, prop, val, NULL);
2923 		break;
2924 
2925 	default:
2926 		switch (zfs_prop_get_type(prop)) {
2927 		case PROP_TYPE_NUMBER:
2928 			if (get_numeric_property(zhp, prop, src,
2929 			    &source, &val) != 0) {
2930 				return (-1);
2931 			}
2932 
2933 			if (literal) {
2934 				(void) snprintf(propbuf, proplen, "%llu",
2935 				    (u_longlong_t)val);
2936 			} else {
2937 				zfs_nicenum(val, propbuf, proplen);
2938 			}
2939 			zcp_check(zhp, prop, val, NULL);
2940 			break;
2941 
2942 		case PROP_TYPE_STRING:
2943 			str = getprop_string(zhp, prop, &source);
2944 			if (str == NULL)
2945 				return (-1);
2946 
2947 			(void) strlcpy(propbuf, str, proplen);
2948 			zcp_check(zhp, prop, 0, str);
2949 			break;
2950 
2951 		case PROP_TYPE_INDEX:
2952 			if (get_numeric_property(zhp, prop, src,
2953 			    &source, &val) != 0)
2954 				return (-1);
2955 			if (zfs_prop_index_to_string(prop, val, &strval) != 0)
2956 				return (-1);
2957 
2958 			(void) strlcpy(propbuf, strval, proplen);
2959 			zcp_check(zhp, prop, 0, strval);
2960 			break;
2961 
2962 		default:
2963 			abort();
2964 		}
2965 	}
2966 
2967 	get_source(zhp, src, source, statbuf, statlen);
2968 
2969 	return (0);
2970 }
2971 
2972 /*
2973  * Utility function to get the given numeric property.  Does no validation that
2974  * the given property is the appropriate type; should only be used with
2975  * hard-coded property types.
2976  */
2977 uint64_t
2978 zfs_prop_get_int(zfs_handle_t *zhp, zfs_prop_t prop)
2979 {
2980 	char *source;
2981 	uint64_t val = 0;
2982 
2983 	(void) get_numeric_property(zhp, prop, NULL, &source, &val);
2984 
2985 	return (val);
2986 }
2987 
2988 static int
2989 zfs_prop_set_int(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t val)
2990 {
2991 	char buf[64];
2992 
2993 	(void) snprintf(buf, sizeof (buf), "%llu", (longlong_t)val);
2994 	return (zfs_prop_set(zhp, zfs_prop_to_name(prop), buf));
2995 }
2996 
2997 /*
2998  * Similar to zfs_prop_get(), but returns the value as an integer.
2999  */
3000 int
3001 zfs_prop_get_numeric(zfs_handle_t *zhp, zfs_prop_t prop, uint64_t *value,
3002     zprop_source_t *src, char *statbuf, size_t statlen)
3003 {
3004 	char *source;
3005 
3006 	/*
3007 	 * Check to see if this property applies to our object
3008 	 */
3009 	if (!zfs_prop_valid_for_type(prop, zhp->zfs_type, B_FALSE)) {
3010 		return (zfs_error_fmt(zhp->zfs_hdl, EZFS_PROPTYPE,
3011 		    dgettext(TEXT_DOMAIN, "cannot get property '%s'"),
3012 		    zfs_prop_to_name(prop)));
3013 	}
3014 
3015 	if (src)
3016 		*src = ZPROP_SRC_NONE;
3017 
3018 	if (get_numeric_property(zhp, prop, src, &source, value) != 0)
3019 		return (-1);
3020 
3021 	get_source(zhp, src, source, statbuf, statlen);
3022 
3023 	return (0);
3024 }
3025 
3026 #ifdef HAVE_IDMAP
3027 static int
3028 idmap_id_to_numeric_domain_rid(uid_t id, boolean_t isuser,
3029     char **domainp, idmap_rid_t *ridp)
3030 {
3031 	idmap_get_handle_t *get_hdl = NULL;
3032 	idmap_stat status;
3033 	int err = EINVAL;
3034 
3035 	if (idmap_get_create(&get_hdl) != IDMAP_SUCCESS)
3036 		goto out;
3037 
3038 	if (isuser) {
3039 		err = idmap_get_sidbyuid(get_hdl, id,
3040 		    IDMAP_REQ_FLG_USE_CACHE, domainp, ridp, &status);
3041 	} else {
3042 		err = idmap_get_sidbygid(get_hdl, id,
3043 		    IDMAP_REQ_FLG_USE_CACHE, domainp, ridp, &status);
3044 	}
3045 	if (err == IDMAP_SUCCESS &&
3046 	    idmap_get_mappings(get_hdl) == IDMAP_SUCCESS &&
3047 	    status == IDMAP_SUCCESS)
3048 		err = 0;
3049 	else
3050 		err = EINVAL;
3051 out:
3052 	if (get_hdl)
3053 		idmap_get_destroy(get_hdl);
3054 	return (err);
3055 }
3056 #endif /* HAVE_IDMAP */
3057 
3058 /*
3059  * convert the propname into parameters needed by kernel
3060  * Eg: userquota@ahrens -> ZFS_PROP_USERQUOTA, "", 126829
3061  * Eg: userused@matt@domain -> ZFS_PROP_USERUSED, "S-1-123-456", 789
3062  * Eg: groupquota@staff -> ZFS_PROP_GROUPQUOTA, "", 1234
3063  * Eg: groupused@staff -> ZFS_PROP_GROUPUSED, "", 1234
3064  * Eg: projectquota@123 -> ZFS_PROP_PROJECTQUOTA, "", 123
3065  * Eg: projectused@789 -> ZFS_PROP_PROJECTUSED, "", 789
3066  */
3067 static int
3068 userquota_propname_decode(const char *propname, boolean_t zoned,
3069     zfs_userquota_prop_t *typep, char *domain, int domainlen, uint64_t *ridp)
3070 {
3071 	zfs_userquota_prop_t type;
3072 	char *cp;
3073 	boolean_t isuser;
3074 	boolean_t isgroup;
3075 	boolean_t isproject;
3076 	struct passwd *pw;
3077 	struct group *gr;
3078 
3079 	domain[0] = '\0';
3080 
3081 	/* Figure out the property type ({user|group|project}{quota|space}) */
3082 	for (type = 0; type < ZFS_NUM_USERQUOTA_PROPS; type++) {
3083 		if (strncmp(propname, zfs_userquota_prop_prefixes[type],
3084 		    strlen(zfs_userquota_prop_prefixes[type])) == 0)
3085 			break;
3086 	}
3087 	if (type == ZFS_NUM_USERQUOTA_PROPS)
3088 		return (EINVAL);
3089 	*typep = type;
3090 
3091 	isuser = (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_USERUSED ||
3092 	    type == ZFS_PROP_USEROBJQUOTA ||
3093 	    type == ZFS_PROP_USEROBJUSED);
3094 	isgroup = (type == ZFS_PROP_GROUPQUOTA || type == ZFS_PROP_GROUPUSED ||
3095 	    type == ZFS_PROP_GROUPOBJQUOTA ||
3096 	    type == ZFS_PROP_GROUPOBJUSED);
3097 	isproject = (type == ZFS_PROP_PROJECTQUOTA ||
3098 	    type == ZFS_PROP_PROJECTUSED || type == ZFS_PROP_PROJECTOBJQUOTA ||
3099 	    type == ZFS_PROP_PROJECTOBJUSED);
3100 
3101 	cp = strchr(propname, '@') + 1;
3102 
3103 	if (isuser && (pw = getpwnam(cp)) != NULL) {
3104 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3105 			return (ENOENT);
3106 		*ridp = pw->pw_uid;
3107 	} else if (isgroup && (gr = getgrnam(cp)) != NULL) {
3108 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3109 			return (ENOENT);
3110 		*ridp = gr->gr_gid;
3111 	} else if (!isproject && strchr(cp, '@')) {
3112 #ifdef HAVE_IDMAP
3113 		/*
3114 		 * It's a SID name (eg "user@domain") that needs to be
3115 		 * turned into S-1-domainID-RID.
3116 		 */
3117 		directory_error_t e;
3118 		char *numericsid = NULL;
3119 		char *end;
3120 
3121 		if (zoned && getzoneid() == GLOBAL_ZONEID)
3122 			return (ENOENT);
3123 		if (isuser) {
3124 			e = directory_sid_from_user_name(NULL,
3125 			    cp, &numericsid);
3126 		} else {
3127 			e = directory_sid_from_group_name(NULL,
3128 			    cp, &numericsid);
3129 		}
3130 		if (e != NULL) {
3131 			directory_error_free(e);
3132 			return (ENOENT);
3133 		}
3134 		if (numericsid == NULL)
3135 			return (ENOENT);
3136 		cp = numericsid;
3137 		(void) strlcpy(domain, cp, domainlen);
3138 		cp = strrchr(domain, '-');
3139 		*cp = '\0';
3140 		cp++;
3141 
3142 		errno = 0;
3143 		*ridp = strtoull(cp, &end, 10);
3144 		free(numericsid);
3145 
3146 		if (errno != 0 || *end != '\0')
3147 			return (EINVAL);
3148 #else
3149 		return (ENOSYS);
3150 #endif /* HAVE_IDMAP */
3151 	} else {
3152 		/* It's a user/group/project ID (eg "12345"). */
3153 		uid_t id;
3154 		char *end;
3155 		id = strtoul(cp, &end, 10);
3156 		if (*end != '\0')
3157 			return (EINVAL);
3158 		if (id > MAXUID && !isproject) {
3159 #ifdef HAVE_IDMAP
3160 			/* It's an ephemeral ID. */
3161 			idmap_rid_t rid;
3162 			char *mapdomain;
3163 
3164 			if (idmap_id_to_numeric_domain_rid(id, isuser,
3165 			    &mapdomain, &rid) != 0)
3166 				return (ENOENT);
3167 			(void) strlcpy(domain, mapdomain, domainlen);
3168 			*ridp = rid;
3169 #else
3170 			return (ENOSYS);
3171 #endif /* HAVE_IDMAP */
3172 		} else {
3173 			*ridp = id;
3174 		}
3175 	}
3176 
3177 	return (0);
3178 }
3179 
3180 static int
3181 zfs_prop_get_userquota_common(zfs_handle_t *zhp, const char *propname,
3182     uint64_t *propvalue, zfs_userquota_prop_t *typep)
3183 {
3184 	int err;
3185 	zfs_cmd_t zc = {"\0"};
3186 
3187 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3188 
3189 	err = userquota_propname_decode(propname,
3190 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED),
3191 	    typep, zc.zc_value, sizeof (zc.zc_value), &zc.zc_guid);
3192 	zc.zc_objset_type = *typep;
3193 	if (err)
3194 		return (err);
3195 
3196 	err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_USERSPACE_ONE, &zc);
3197 	if (err)
3198 		return (err);
3199 
3200 	*propvalue = zc.zc_cookie;
3201 	return (0);
3202 }
3203 
3204 int
3205 zfs_prop_get_userquota_int(zfs_handle_t *zhp, const char *propname,
3206     uint64_t *propvalue)
3207 {
3208 	zfs_userquota_prop_t type;
3209 
3210 	return (zfs_prop_get_userquota_common(zhp, propname, propvalue,
3211 	    &type));
3212 }
3213 
3214 int
3215 zfs_prop_get_userquota(zfs_handle_t *zhp, const char *propname,
3216     char *propbuf, int proplen, boolean_t literal)
3217 {
3218 	int err;
3219 	uint64_t propvalue;
3220 	zfs_userquota_prop_t type;
3221 
3222 	err = zfs_prop_get_userquota_common(zhp, propname, &propvalue,
3223 	    &type);
3224 
3225 	if (err)
3226 		return (err);
3227 
3228 	if (literal) {
3229 		(void) snprintf(propbuf, proplen, "%llu",
3230 		    (u_longlong_t)propvalue);
3231 	} else if (propvalue == 0 &&
3232 	    (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_GROUPQUOTA ||
3233 	    type == ZFS_PROP_USEROBJQUOTA || type == ZFS_PROP_GROUPOBJQUOTA ||
3234 	    type == ZFS_PROP_PROJECTQUOTA ||
3235 	    type == ZFS_PROP_PROJECTOBJQUOTA)) {
3236 		(void) strlcpy(propbuf, "none", proplen);
3237 	} else if (type == ZFS_PROP_USERQUOTA || type == ZFS_PROP_GROUPQUOTA ||
3238 	    type == ZFS_PROP_USERUSED || type == ZFS_PROP_GROUPUSED ||
3239 	    type == ZFS_PROP_PROJECTUSED || type == ZFS_PROP_PROJECTQUOTA) {
3240 		zfs_nicebytes(propvalue, propbuf, proplen);
3241 	} else {
3242 		zfs_nicenum(propvalue, propbuf, proplen);
3243 	}
3244 	return (0);
3245 }
3246 
3247 /*
3248  * propname must start with "written@" or "written#".
3249  */
3250 int
3251 zfs_prop_get_written_int(zfs_handle_t *zhp, const char *propname,
3252     uint64_t *propvalue)
3253 {
3254 	int err;
3255 	zfs_cmd_t zc = {"\0"};
3256 	const char *snapname;
3257 
3258 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
3259 
3260 	assert(zfs_prop_written(propname));
3261 	snapname = propname + strlen("written@");
3262 	if (strchr(snapname, '@') != NULL || strchr(snapname, '#') != NULL) {
3263 		/* full snapshot or bookmark name specified */
3264 		(void) strlcpy(zc.zc_value, snapname, sizeof (zc.zc_value));
3265 	} else {
3266 		/* snapname is the short name, append it to zhp's fsname */
3267 		char *cp;
3268 
3269 		(void) strlcpy(zc.zc_value, zhp->zfs_name,
3270 		    sizeof (zc.zc_value));
3271 		cp = strchr(zc.zc_value, '@');
3272 		if (cp != NULL)
3273 			*cp = '\0';
3274 		(void) strlcat(zc.zc_value, snapname - 1, sizeof (zc.zc_value));
3275 	}
3276 
3277 	err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SPACE_WRITTEN, &zc);
3278 	if (err)
3279 		return (err);
3280 
3281 	*propvalue = zc.zc_cookie;
3282 	return (0);
3283 }
3284 
3285 int
3286 zfs_prop_get_written(zfs_handle_t *zhp, const char *propname,
3287     char *propbuf, int proplen, boolean_t literal)
3288 {
3289 	int err;
3290 	uint64_t propvalue;
3291 
3292 	err = zfs_prop_get_written_int(zhp, propname, &propvalue);
3293 
3294 	if (err)
3295 		return (err);
3296 
3297 	if (literal) {
3298 		(void) snprintf(propbuf, proplen, "%llu",
3299 		    (u_longlong_t)propvalue);
3300 	} else {
3301 		zfs_nicebytes(propvalue, propbuf, proplen);
3302 	}
3303 
3304 	return (0);
3305 }
3306 
3307 /*
3308  * Returns the name of the given zfs handle.
3309  */
3310 const char *
3311 zfs_get_name(const zfs_handle_t *zhp)
3312 {
3313 	return (zhp->zfs_name);
3314 }
3315 
3316 /*
3317  * Returns the name of the parent pool for the given zfs handle.
3318  */
3319 const char *
3320 zfs_get_pool_name(const zfs_handle_t *zhp)
3321 {
3322 	return (zhp->zpool_hdl->zpool_name);
3323 }
3324 
3325 /*
3326  * Returns the type of the given zfs handle.
3327  */
3328 zfs_type_t
3329 zfs_get_type(const zfs_handle_t *zhp)
3330 {
3331 	return (zhp->zfs_type);
3332 }
3333 
3334 /*
3335  * Is one dataset name a child dataset of another?
3336  *
3337  * Needs to handle these cases:
3338  * Dataset 1	"a/foo"		"a/foo"		"a/foo"		"a/foo"
3339  * Dataset 2	"a/fo"		"a/foobar"	"a/bar/baz"	"a/foo/bar"
3340  * Descendant?	No.		No.		No.		Yes.
3341  */
3342 static boolean_t
3343 is_descendant(const char *ds1, const char *ds2)
3344 {
3345 	size_t d1len = strlen(ds1);
3346 
3347 	/* ds2 can't be a descendant if it's smaller */
3348 	if (strlen(ds2) < d1len)
3349 		return (B_FALSE);
3350 
3351 	/* otherwise, compare strings and verify that there's a '/' char */
3352 	return (ds2[d1len] == '/' && (strncmp(ds1, ds2, d1len) == 0));
3353 }
3354 
3355 /*
3356  * Given a complete name, return just the portion that refers to the parent.
3357  * Will return -1 if there is no parent (path is just the name of the
3358  * pool).
3359  */
3360 static int
3361 parent_name(const char *path, char *buf, size_t buflen)
3362 {
3363 	char *slashp;
3364 
3365 	(void) strlcpy(buf, path, buflen);
3366 
3367 	if ((slashp = strrchr(buf, '/')) == NULL)
3368 		return (-1);
3369 	*slashp = '\0';
3370 
3371 	return (0);
3372 }
3373 
3374 int
3375 zfs_parent_name(zfs_handle_t *zhp, char *buf, size_t buflen)
3376 {
3377 	return (parent_name(zfs_get_name(zhp), buf, buflen));
3378 }
3379 
3380 /*
3381  * If accept_ancestor is false, then check to make sure that the given path has
3382  * a parent, and that it exists.  If accept_ancestor is true, then find the
3383  * closest existing ancestor for the given path.  In prefixlen return the
3384  * length of already existing prefix of the given path.  We also fetch the
3385  * 'zoned' property, which is used to validate property settings when creating
3386  * new datasets.
3387  */
3388 static int
3389 check_parents(libzfs_handle_t *hdl, const char *path, uint64_t *zoned,
3390     boolean_t accept_ancestor, int *prefixlen)
3391 {
3392 	zfs_cmd_t zc = {"\0"};
3393 	char parent[ZFS_MAX_DATASET_NAME_LEN];
3394 	char *slash;
3395 	zfs_handle_t *zhp;
3396 	char errbuf[1024];
3397 	uint64_t is_zoned;
3398 
3399 	(void) snprintf(errbuf, sizeof (errbuf),
3400 	    dgettext(TEXT_DOMAIN, "cannot create '%s'"), path);
3401 
3402 	/* get parent, and check to see if this is just a pool */
3403 	if (parent_name(path, parent, sizeof (parent)) != 0) {
3404 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3405 		    "missing dataset name"));
3406 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3407 	}
3408 
3409 	/* check to see if the pool exists */
3410 	if ((slash = strchr(parent, '/')) == NULL)
3411 		slash = parent + strlen(parent);
3412 	(void) strncpy(zc.zc_name, parent, slash - parent);
3413 	zc.zc_name[slash - parent] = '\0';
3414 	if (zfs_ioctl(hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0 &&
3415 	    errno == ENOENT) {
3416 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3417 		    "no such pool '%s'"), zc.zc_name);
3418 		return (zfs_error(hdl, EZFS_NOENT, errbuf));
3419 	}
3420 
3421 	/* check to see if the parent dataset exists */
3422 	while ((zhp = make_dataset_handle(hdl, parent)) == NULL) {
3423 		if (errno == ENOENT && accept_ancestor) {
3424 			/*
3425 			 * Go deeper to find an ancestor, give up on top level.
3426 			 */
3427 			if (parent_name(parent, parent, sizeof (parent)) != 0) {
3428 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3429 				    "no such pool '%s'"), zc.zc_name);
3430 				return (zfs_error(hdl, EZFS_NOENT, errbuf));
3431 			}
3432 		} else if (errno == ENOENT) {
3433 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3434 			    "parent does not exist"));
3435 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3436 		} else
3437 			return (zfs_standard_error(hdl, errno, errbuf));
3438 	}
3439 
3440 	is_zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
3441 	if (zoned != NULL)
3442 		*zoned = is_zoned;
3443 
3444 	/* we are in a non-global zone, but parent is in the global zone */
3445 	if (getzoneid() != GLOBAL_ZONEID && !is_zoned) {
3446 		(void) zfs_standard_error(hdl, EPERM, errbuf);
3447 		zfs_close(zhp);
3448 		return (-1);
3449 	}
3450 
3451 	/* make sure parent is a filesystem */
3452 	if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
3453 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3454 		    "parent is not a filesystem"));
3455 		(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
3456 		zfs_close(zhp);
3457 		return (-1);
3458 	}
3459 
3460 	zfs_close(zhp);
3461 	if (prefixlen != NULL)
3462 		*prefixlen = strlen(parent);
3463 	return (0);
3464 }
3465 
3466 /*
3467  * Finds whether the dataset of the given type(s) exists.
3468  */
3469 boolean_t
3470 zfs_dataset_exists(libzfs_handle_t *hdl, const char *path, zfs_type_t types)
3471 {
3472 	zfs_handle_t *zhp;
3473 
3474 	if (!zfs_validate_name(hdl, path, types, B_FALSE))
3475 		return (B_FALSE);
3476 
3477 	/*
3478 	 * Try to get stats for the dataset, which will tell us if it exists.
3479 	 */
3480 	if ((zhp = make_dataset_handle(hdl, path)) != NULL) {
3481 		int ds_type = zhp->zfs_type;
3482 
3483 		zfs_close(zhp);
3484 		if (types & ds_type)
3485 			return (B_TRUE);
3486 	}
3487 	return (B_FALSE);
3488 }
3489 
3490 /*
3491  * Given a path to 'target', create all the ancestors between
3492  * the prefixlen portion of the path, and the target itself.
3493  * Fail if the initial prefixlen-ancestor does not already exist.
3494  */
3495 int
3496 create_parents(libzfs_handle_t *hdl, char *target, int prefixlen)
3497 {
3498 	zfs_handle_t *h;
3499 	char *cp;
3500 	const char *opname;
3501 
3502 	/* make sure prefix exists */
3503 	cp = target + prefixlen;
3504 	if (*cp != '/') {
3505 		assert(strchr(cp, '/') == NULL);
3506 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3507 	} else {
3508 		*cp = '\0';
3509 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3510 		*cp = '/';
3511 	}
3512 	if (h == NULL)
3513 		return (-1);
3514 	zfs_close(h);
3515 
3516 	/*
3517 	 * Attempt to create, mount, and share any ancestor filesystems,
3518 	 * up to the prefixlen-long one.
3519 	 */
3520 	for (cp = target + prefixlen + 1;
3521 	    (cp = strchr(cp, '/')) != NULL; *cp = '/', cp++) {
3522 
3523 		*cp = '\0';
3524 
3525 		h = make_dataset_handle(hdl, target);
3526 		if (h) {
3527 			/* it already exists, nothing to do here */
3528 			zfs_close(h);
3529 			continue;
3530 		}
3531 
3532 		if (zfs_create(hdl, target, ZFS_TYPE_FILESYSTEM,
3533 		    NULL) != 0) {
3534 			opname = dgettext(TEXT_DOMAIN, "create");
3535 			goto ancestorerr;
3536 		}
3537 
3538 		h = zfs_open(hdl, target, ZFS_TYPE_FILESYSTEM);
3539 		if (h == NULL) {
3540 			opname = dgettext(TEXT_DOMAIN, "open");
3541 			goto ancestorerr;
3542 		}
3543 
3544 		if (zfs_mount(h, NULL, 0) != 0) {
3545 			opname = dgettext(TEXT_DOMAIN, "mount");
3546 			goto ancestorerr;
3547 		}
3548 
3549 		if (zfs_share(h) != 0) {
3550 			opname = dgettext(TEXT_DOMAIN, "share");
3551 			goto ancestorerr;
3552 		}
3553 
3554 		zfs_close(h);
3555 	}
3556 	zfs_commit_all_shares();
3557 
3558 	return (0);
3559 
3560 ancestorerr:
3561 	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3562 	    "failed to %s ancestor '%s'"), opname, target);
3563 	return (-1);
3564 }
3565 
3566 /*
3567  * Creates non-existing ancestors of the given path.
3568  */
3569 int
3570 zfs_create_ancestors(libzfs_handle_t *hdl, const char *path)
3571 {
3572 	int prefix;
3573 	char *path_copy;
3574 	char errbuf[1024];
3575 	int rc = 0;
3576 
3577 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3578 	    "cannot create '%s'"), path);
3579 
3580 	/*
3581 	 * Check that we are not passing the nesting limit
3582 	 * before we start creating any ancestors.
3583 	 */
3584 	if (dataset_nestcheck(path) != 0) {
3585 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3586 		    "maximum name nesting depth exceeded"));
3587 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3588 	}
3589 
3590 	if (check_parents(hdl, path, NULL, B_TRUE, &prefix) != 0)
3591 		return (-1);
3592 
3593 	if ((path_copy = strdup(path)) != NULL) {
3594 		rc = create_parents(hdl, path_copy, prefix);
3595 		free(path_copy);
3596 	}
3597 	if (path_copy == NULL || rc != 0)
3598 		return (-1);
3599 
3600 	return (0);
3601 }
3602 
3603 /*
3604  * Create a new filesystem or volume.
3605  */
3606 int
3607 zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
3608     nvlist_t *props)
3609 {
3610 	int ret;
3611 	uint64_t size = 0;
3612 	uint64_t blocksize = zfs_prop_default_numeric(ZFS_PROP_VOLBLOCKSIZE);
3613 	uint64_t zoned;
3614 	enum lzc_dataset_type ost;
3615 	zpool_handle_t *zpool_handle;
3616 	uint8_t *wkeydata = NULL;
3617 	uint_t wkeylen = 0;
3618 	char errbuf[1024];
3619 	char parent[ZFS_MAX_DATASET_NAME_LEN];
3620 
3621 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3622 	    "cannot create '%s'"), path);
3623 
3624 	/* validate the path, taking care to note the extended error message */
3625 	if (!zfs_validate_name(hdl, path, type, B_TRUE))
3626 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3627 
3628 	if (dataset_nestcheck(path) != 0) {
3629 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3630 		    "maximum name nesting depth exceeded"));
3631 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3632 	}
3633 
3634 	/* validate parents exist */
3635 	if (check_parents(hdl, path, &zoned, B_FALSE, NULL) != 0)
3636 		return (-1);
3637 
3638 	/*
3639 	 * The failure modes when creating a dataset of a different type over
3640 	 * one that already exists is a little strange.  In particular, if you
3641 	 * try to create a dataset on top of an existing dataset, the ioctl()
3642 	 * will return ENOENT, not EEXIST.  To prevent this from happening, we
3643 	 * first try to see if the dataset exists.
3644 	 */
3645 	if (zfs_dataset_exists(hdl, path, ZFS_TYPE_DATASET)) {
3646 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3647 		    "dataset already exists"));
3648 		return (zfs_error(hdl, EZFS_EXISTS, errbuf));
3649 	}
3650 
3651 	if (type == ZFS_TYPE_VOLUME)
3652 		ost = LZC_DATSET_TYPE_ZVOL;
3653 	else
3654 		ost = LZC_DATSET_TYPE_ZFS;
3655 
3656 	/* open zpool handle for prop validation */
3657 	char pool_path[ZFS_MAX_DATASET_NAME_LEN];
3658 	(void) strlcpy(pool_path, path, sizeof (pool_path));
3659 
3660 	/* truncate pool_path at first slash */
3661 	char *p = strchr(pool_path, '/');
3662 	if (p != NULL)
3663 		*p = '\0';
3664 
3665 	if ((zpool_handle = zpool_open(hdl, pool_path)) == NULL)
3666 		return (-1);
3667 
3668 	if (props && (props = zfs_valid_proplist(hdl, type, props,
3669 	    zoned, NULL, zpool_handle, B_TRUE, errbuf)) == 0) {
3670 		zpool_close(zpool_handle);
3671 		return (-1);
3672 	}
3673 	zpool_close(zpool_handle);
3674 
3675 	if (type == ZFS_TYPE_VOLUME) {
3676 		/*
3677 		 * If we are creating a volume, the size and block size must
3678 		 * satisfy a few restraints.  First, the blocksize must be a
3679 		 * valid block size between SPA_{MIN,MAX}BLOCKSIZE.  Second, the
3680 		 * volsize must be a multiple of the block size, and cannot be
3681 		 * zero.
3682 		 */
3683 		if (props == NULL || nvlist_lookup_uint64(props,
3684 		    zfs_prop_to_name(ZFS_PROP_VOLSIZE), &size) != 0) {
3685 			nvlist_free(props);
3686 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3687 			    "missing volume size"));
3688 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3689 		}
3690 
3691 		if ((ret = nvlist_lookup_uint64(props,
3692 		    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
3693 		    &blocksize)) != 0) {
3694 			if (ret == ENOENT) {
3695 				blocksize = zfs_prop_default_numeric(
3696 				    ZFS_PROP_VOLBLOCKSIZE);
3697 			} else {
3698 				nvlist_free(props);
3699 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3700 				    "missing volume block size"));
3701 				return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3702 			}
3703 		}
3704 
3705 		if (size == 0) {
3706 			nvlist_free(props);
3707 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3708 			    "volume size cannot be zero"));
3709 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3710 		}
3711 
3712 		if (size % blocksize != 0) {
3713 			nvlist_free(props);
3714 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3715 			    "volume size must be a multiple of volume block "
3716 			    "size"));
3717 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3718 		}
3719 	}
3720 
3721 	(void) parent_name(path, parent, sizeof (parent));
3722 	if (zfs_crypto_create(hdl, parent, props, NULL, B_TRUE,
3723 	    &wkeydata, &wkeylen) != 0) {
3724 		nvlist_free(props);
3725 		return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3726 	}
3727 
3728 	/* create the dataset */
3729 	ret = lzc_create(path, ost, props, wkeydata, wkeylen);
3730 	nvlist_free(props);
3731 	if (wkeydata != NULL)
3732 		free(wkeydata);
3733 
3734 	/* check for failure */
3735 	if (ret != 0) {
3736 		switch (errno) {
3737 		case ENOENT:
3738 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3739 			    "no such parent '%s'"), parent);
3740 			return (zfs_error(hdl, EZFS_NOENT, errbuf));
3741 
3742 		case ENOTSUP:
3743 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3744 			    "pool must be upgraded to set this "
3745 			    "property or value"));
3746 			return (zfs_error(hdl, EZFS_BADVERSION, errbuf));
3747 
3748 		case EACCES:
3749 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3750 			    "encryption root's key is not loaded "
3751 			    "or provided"));
3752 			return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3753 
3754 		case ERANGE:
3755 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3756 			    "invalid property value(s) specified"));
3757 			return (zfs_error(hdl, EZFS_BADPROP, errbuf));
3758 #ifdef _ILP32
3759 		case EOVERFLOW:
3760 			/*
3761 			 * This platform can't address a volume this big.
3762 			 */
3763 			if (type == ZFS_TYPE_VOLUME)
3764 				return (zfs_error(hdl, EZFS_VOLTOOBIG,
3765 				    errbuf));
3766 #endif
3767 			/* FALLTHROUGH */
3768 		default:
3769 			return (zfs_standard_error(hdl, errno, errbuf));
3770 		}
3771 	}
3772 
3773 	return (0);
3774 }
3775 
3776 /*
3777  * Destroys the given dataset.  The caller must make sure that the filesystem
3778  * isn't mounted, and that there are no active dependents. If the file system
3779  * does not exist this function does nothing.
3780  */
3781 int
3782 zfs_destroy(zfs_handle_t *zhp, boolean_t defer)
3783 {
3784 	int error;
3785 
3786 	if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT && defer)
3787 		return (EINVAL);
3788 
3789 	if (zhp->zfs_type == ZFS_TYPE_BOOKMARK) {
3790 		nvlist_t *nv = fnvlist_alloc();
3791 		fnvlist_add_boolean(nv, zhp->zfs_name);
3792 		error = lzc_destroy_bookmarks(nv, NULL);
3793 		fnvlist_free(nv);
3794 		if (error != 0) {
3795 			return (zfs_standard_error_fmt(zhp->zfs_hdl, error,
3796 			    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3797 			    zhp->zfs_name));
3798 		}
3799 		return (0);
3800 	}
3801 
3802 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
3803 		nvlist_t *nv = fnvlist_alloc();
3804 		fnvlist_add_boolean(nv, zhp->zfs_name);
3805 		error = lzc_destroy_snaps(nv, defer, NULL);
3806 		fnvlist_free(nv);
3807 	} else {
3808 		error = lzc_destroy(zhp->zfs_name);
3809 	}
3810 
3811 	if (error != 0 && error != ENOENT) {
3812 		return (zfs_standard_error_fmt(zhp->zfs_hdl, errno,
3813 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s'"),
3814 		    zhp->zfs_name));
3815 	}
3816 
3817 	remove_mountpoint(zhp);
3818 
3819 	return (0);
3820 }
3821 
3822 struct destroydata {
3823 	nvlist_t *nvl;
3824 	const char *snapname;
3825 };
3826 
3827 static int
3828 zfs_check_snap_cb(zfs_handle_t *zhp, void *arg)
3829 {
3830 	struct destroydata *dd = arg;
3831 	char name[ZFS_MAX_DATASET_NAME_LEN];
3832 	int rv = 0;
3833 
3834 	if (snprintf(name, sizeof (name), "%s@%s", zhp->zfs_name,
3835 	    dd->snapname) >= sizeof (name))
3836 		return (EINVAL);
3837 
3838 	if (lzc_exists(name))
3839 		verify(nvlist_add_boolean(dd->nvl, name) == 0);
3840 
3841 	rv = zfs_iter_filesystems(zhp, zfs_check_snap_cb, dd);
3842 	zfs_close(zhp);
3843 	return (rv);
3844 }
3845 
3846 /*
3847  * Destroys all snapshots with the given name in zhp & descendants.
3848  */
3849 int
3850 zfs_destroy_snaps(zfs_handle_t *zhp, char *snapname, boolean_t defer)
3851 {
3852 	int ret;
3853 	struct destroydata dd = { 0 };
3854 
3855 	dd.snapname = snapname;
3856 	verify(nvlist_alloc(&dd.nvl, NV_UNIQUE_NAME, 0) == 0);
3857 	(void) zfs_check_snap_cb(zfs_handle_dup(zhp), &dd);
3858 
3859 	if (nvlist_empty(dd.nvl)) {
3860 		ret = zfs_standard_error_fmt(zhp->zfs_hdl, ENOENT,
3861 		    dgettext(TEXT_DOMAIN, "cannot destroy '%s@%s'"),
3862 		    zhp->zfs_name, snapname);
3863 	} else {
3864 		ret = zfs_destroy_snaps_nvl(zhp->zfs_hdl, dd.nvl, defer);
3865 	}
3866 	nvlist_free(dd.nvl);
3867 	return (ret);
3868 }
3869 
3870 /*
3871  * Destroys all the snapshots named in the nvlist.
3872  */
3873 int
3874 zfs_destroy_snaps_nvl(libzfs_handle_t *hdl, nvlist_t *snaps, boolean_t defer)
3875 {
3876 	int ret;
3877 	nvlist_t *errlist = NULL;
3878 	nvpair_t *pair;
3879 
3880 	ret = lzc_destroy_snaps(snaps, defer, &errlist);
3881 
3882 	if (ret == 0) {
3883 		nvlist_free(errlist);
3884 		return (0);
3885 	}
3886 
3887 	if (nvlist_empty(errlist)) {
3888 		char errbuf[1024];
3889 		(void) snprintf(errbuf, sizeof (errbuf),
3890 		    dgettext(TEXT_DOMAIN, "cannot destroy snapshots"));
3891 
3892 		ret = zfs_standard_error(hdl, ret, errbuf);
3893 	}
3894 	for (pair = nvlist_next_nvpair(errlist, NULL);
3895 	    pair != NULL; pair = nvlist_next_nvpair(errlist, pair)) {
3896 		char errbuf[1024];
3897 		(void) snprintf(errbuf, sizeof (errbuf),
3898 		    dgettext(TEXT_DOMAIN, "cannot destroy snapshot %s"),
3899 		    nvpair_name(pair));
3900 
3901 		switch (fnvpair_value_int32(pair)) {
3902 		case EEXIST:
3903 			zfs_error_aux(hdl,
3904 			    dgettext(TEXT_DOMAIN, "snapshot is cloned"));
3905 			ret = zfs_error(hdl, EZFS_EXISTS, errbuf);
3906 			break;
3907 		default:
3908 			ret = zfs_standard_error(hdl, errno, errbuf);
3909 			break;
3910 		}
3911 	}
3912 
3913 	nvlist_free(errlist);
3914 	return (ret);
3915 }
3916 
3917 /*
3918  * Clones the given dataset.  The target must be of the same type as the source.
3919  */
3920 int
3921 zfs_clone(zfs_handle_t *zhp, const char *target, nvlist_t *props)
3922 {
3923 	char parent[ZFS_MAX_DATASET_NAME_LEN];
3924 	int ret;
3925 	char errbuf[1024];
3926 	libzfs_handle_t *hdl = zhp->zfs_hdl;
3927 	uint64_t zoned;
3928 
3929 	assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
3930 
3931 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3932 	    "cannot create '%s'"), target);
3933 
3934 	/* validate the target/clone name */
3935 	if (!zfs_validate_name(hdl, target, ZFS_TYPE_FILESYSTEM, B_TRUE))
3936 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
3937 
3938 	/* validate parents exist */
3939 	if (check_parents(hdl, target, &zoned, B_FALSE, NULL) != 0)
3940 		return (-1);
3941 
3942 	(void) parent_name(target, parent, sizeof (parent));
3943 
3944 	/* do the clone */
3945 
3946 	if (props) {
3947 		zfs_type_t type;
3948 
3949 		if (ZFS_IS_VOLUME(zhp)) {
3950 			type = ZFS_TYPE_VOLUME;
3951 		} else {
3952 			type = ZFS_TYPE_FILESYSTEM;
3953 		}
3954 		if ((props = zfs_valid_proplist(hdl, type, props, zoned,
3955 		    zhp, zhp->zpool_hdl, B_TRUE, errbuf)) == NULL)
3956 			return (-1);
3957 		if (zfs_fix_auto_resv(zhp, props) == -1) {
3958 			nvlist_free(props);
3959 			return (-1);
3960 		}
3961 	}
3962 
3963 	if (zfs_crypto_clone_check(hdl, zhp, parent, props) != 0) {
3964 		nvlist_free(props);
3965 		return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
3966 	}
3967 
3968 	ret = lzc_clone(target, zhp->zfs_name, props);
3969 	nvlist_free(props);
3970 
3971 	if (ret != 0) {
3972 		switch (errno) {
3973 
3974 		case ENOENT:
3975 			/*
3976 			 * The parent doesn't exist.  We should have caught this
3977 			 * above, but there may a race condition that has since
3978 			 * destroyed the parent.
3979 			 *
3980 			 * At this point, we don't know whether it's the source
3981 			 * that doesn't exist anymore, or whether the target
3982 			 * dataset doesn't exist.
3983 			 */
3984 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3985 			    "no such parent '%s'"), parent);
3986 			return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
3987 
3988 		case EXDEV:
3989 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
3990 			    "source and target pools differ"));
3991 			return (zfs_error(zhp->zfs_hdl, EZFS_CROSSTARGET,
3992 			    errbuf));
3993 
3994 		default:
3995 			return (zfs_standard_error(zhp->zfs_hdl, errno,
3996 			    errbuf));
3997 		}
3998 	}
3999 
4000 	return (ret);
4001 }
4002 
4003 /*
4004  * Promotes the given clone fs to be the clone parent.
4005  */
4006 int
4007 zfs_promote(zfs_handle_t *zhp)
4008 {
4009 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4010 	char snapname[ZFS_MAX_DATASET_NAME_LEN];
4011 	int ret;
4012 	char errbuf[1024];
4013 
4014 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4015 	    "cannot promote '%s'"), zhp->zfs_name);
4016 
4017 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
4018 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4019 		    "snapshots can not be promoted"));
4020 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
4021 	}
4022 
4023 	if (zhp->zfs_dmustats.dds_origin[0] == '\0') {
4024 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4025 		    "not a cloned filesystem"));
4026 		return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
4027 	}
4028 
4029 	if (!zfs_validate_name(hdl, zhp->zfs_name, zhp->zfs_type, B_TRUE))
4030 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4031 
4032 	ret = lzc_promote(zhp->zfs_name, snapname, sizeof (snapname));
4033 
4034 	if (ret != 0) {
4035 		switch (ret) {
4036 		case EACCES:
4037 			/*
4038 			 * Promoting encrypted dataset outside its
4039 			 * encryption root.
4040 			 */
4041 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4042 			    "cannot promote dataset outside its "
4043 			    "encryption root"));
4044 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
4045 
4046 		case EEXIST:
4047 			/* There is a conflicting snapshot name. */
4048 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4049 			    "conflicting snapshot '%s' from parent '%s'"),
4050 			    snapname, zhp->zfs_dmustats.dds_origin);
4051 			return (zfs_error(hdl, EZFS_EXISTS, errbuf));
4052 
4053 		default:
4054 			return (zfs_standard_error(hdl, ret, errbuf));
4055 		}
4056 	}
4057 	return (ret);
4058 }
4059 
4060 typedef struct snapdata {
4061 	nvlist_t *sd_nvl;
4062 	const char *sd_snapname;
4063 } snapdata_t;
4064 
4065 static int
4066 zfs_snapshot_cb(zfs_handle_t *zhp, void *arg)
4067 {
4068 	snapdata_t *sd = arg;
4069 	char name[ZFS_MAX_DATASET_NAME_LEN];
4070 	int rv = 0;
4071 
4072 	if (zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT) == 0) {
4073 		if (snprintf(name, sizeof (name), "%s@%s", zfs_get_name(zhp),
4074 		    sd->sd_snapname) >= sizeof (name))
4075 			return (EINVAL);
4076 
4077 		fnvlist_add_boolean(sd->sd_nvl, name);
4078 
4079 		rv = zfs_iter_filesystems(zhp, zfs_snapshot_cb, sd);
4080 	}
4081 	zfs_close(zhp);
4082 
4083 	return (rv);
4084 }
4085 
4086 /*
4087  * Creates snapshots.  The keys in the snaps nvlist are the snapshots to be
4088  * created.
4089  */
4090 int
4091 zfs_snapshot_nvl(libzfs_handle_t *hdl, nvlist_t *snaps, nvlist_t *props)
4092 {
4093 	int ret;
4094 	char errbuf[1024];
4095 	nvpair_t *elem;
4096 	nvlist_t *errors;
4097 	zpool_handle_t *zpool_hdl;
4098 	char pool[ZFS_MAX_DATASET_NAME_LEN];
4099 
4100 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4101 	    "cannot create snapshots "));
4102 
4103 	elem = NULL;
4104 	while ((elem = nvlist_next_nvpair(snaps, elem)) != NULL) {
4105 		const char *snapname = nvpair_name(elem);
4106 
4107 		/* validate the target name */
4108 		if (!zfs_validate_name(hdl, snapname, ZFS_TYPE_SNAPSHOT,
4109 		    B_TRUE)) {
4110 			(void) snprintf(errbuf, sizeof (errbuf),
4111 			    dgettext(TEXT_DOMAIN,
4112 			    "cannot create snapshot '%s'"), snapname);
4113 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4114 		}
4115 	}
4116 
4117 	/*
4118 	 * get pool handle for prop validation. assumes all snaps are in the
4119 	 * same pool, as does lzc_snapshot (below).
4120 	 */
4121 	elem = nvlist_next_nvpair(snaps, NULL);
4122 	(void) strlcpy(pool, nvpair_name(elem), sizeof (pool));
4123 	pool[strcspn(pool, "/@")] = '\0';
4124 	zpool_hdl = zpool_open(hdl, pool);
4125 	if (zpool_hdl == NULL)
4126 		return (-1);
4127 
4128 	if (props != NULL &&
4129 	    (props = zfs_valid_proplist(hdl, ZFS_TYPE_SNAPSHOT,
4130 	    props, B_FALSE, NULL, zpool_hdl, B_FALSE, errbuf)) == NULL) {
4131 		zpool_close(zpool_hdl);
4132 		return (-1);
4133 	}
4134 	zpool_close(zpool_hdl);
4135 
4136 	ret = lzc_snapshot(snaps, props, &errors);
4137 
4138 	if (ret != 0) {
4139 		boolean_t printed = B_FALSE;
4140 		for (elem = nvlist_next_nvpair(errors, NULL);
4141 		    elem != NULL;
4142 		    elem = nvlist_next_nvpair(errors, elem)) {
4143 			(void) snprintf(errbuf, sizeof (errbuf),
4144 			    dgettext(TEXT_DOMAIN,
4145 			    "cannot create snapshot '%s'"), nvpair_name(elem));
4146 			(void) zfs_standard_error(hdl,
4147 			    fnvpair_value_int32(elem), errbuf);
4148 			printed = B_TRUE;
4149 		}
4150 		if (!printed) {
4151 			switch (ret) {
4152 			case EXDEV:
4153 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4154 				    "multiple snapshots of same "
4155 				    "fs not allowed"));
4156 				(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
4157 
4158 				break;
4159 			default:
4160 				(void) zfs_standard_error(hdl, ret, errbuf);
4161 			}
4162 		}
4163 	}
4164 
4165 	nvlist_free(props);
4166 	nvlist_free(errors);
4167 	return (ret);
4168 }
4169 
4170 int
4171 zfs_snapshot(libzfs_handle_t *hdl, const char *path, boolean_t recursive,
4172     nvlist_t *props)
4173 {
4174 	int ret;
4175 	snapdata_t sd = { 0 };
4176 	char fsname[ZFS_MAX_DATASET_NAME_LEN];
4177 	char *cp;
4178 	zfs_handle_t *zhp;
4179 	char errbuf[1024];
4180 
4181 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4182 	    "cannot snapshot %s"), path);
4183 
4184 	if (!zfs_validate_name(hdl, path, ZFS_TYPE_SNAPSHOT, B_TRUE))
4185 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4186 
4187 	(void) strlcpy(fsname, path, sizeof (fsname));
4188 	cp = strchr(fsname, '@');
4189 	*cp = '\0';
4190 	sd.sd_snapname = cp + 1;
4191 
4192 	if ((zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM |
4193 	    ZFS_TYPE_VOLUME)) == NULL) {
4194 		return (-1);
4195 	}
4196 
4197 	verify(nvlist_alloc(&sd.sd_nvl, NV_UNIQUE_NAME, 0) == 0);
4198 	if (recursive) {
4199 		(void) zfs_snapshot_cb(zfs_handle_dup(zhp), &sd);
4200 	} else {
4201 		fnvlist_add_boolean(sd.sd_nvl, path);
4202 	}
4203 
4204 	ret = zfs_snapshot_nvl(hdl, sd.sd_nvl, props);
4205 	nvlist_free(sd.sd_nvl);
4206 	zfs_close(zhp);
4207 	return (ret);
4208 }
4209 
4210 /*
4211  * Destroy any more recent snapshots.  We invoke this callback on any dependents
4212  * of the snapshot first.  If the 'cb_dependent' member is non-zero, then this
4213  * is a dependent and we should just destroy it without checking the transaction
4214  * group.
4215  */
4216 typedef struct rollback_data {
4217 	const char	*cb_target;		/* the snapshot */
4218 	uint64_t	cb_create;		/* creation time reference */
4219 	boolean_t	cb_error;
4220 	boolean_t	cb_force;
4221 } rollback_data_t;
4222 
4223 static int
4224 rollback_destroy_dependent(zfs_handle_t *zhp, void *data)
4225 {
4226 	rollback_data_t *cbp = data;
4227 	prop_changelist_t *clp;
4228 
4229 	/* We must destroy this clone; first unmount it */
4230 	clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
4231 	    cbp->cb_force ? MS_FORCE: 0);
4232 	if (clp == NULL || changelist_prefix(clp) != 0) {
4233 		cbp->cb_error = B_TRUE;
4234 		zfs_close(zhp);
4235 		return (0);
4236 	}
4237 	if (zfs_destroy(zhp, B_FALSE) != 0)
4238 		cbp->cb_error = B_TRUE;
4239 	else
4240 		changelist_remove(clp, zhp->zfs_name);
4241 	(void) changelist_postfix(clp);
4242 	changelist_free(clp);
4243 
4244 	zfs_close(zhp);
4245 	return (0);
4246 }
4247 
4248 static int
4249 rollback_destroy(zfs_handle_t *zhp, void *data)
4250 {
4251 	rollback_data_t *cbp = data;
4252 
4253 	if (zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG) > cbp->cb_create) {
4254 		cbp->cb_error |= zfs_iter_dependents(zhp, B_FALSE,
4255 		    rollback_destroy_dependent, cbp);
4256 
4257 		cbp->cb_error |= zfs_destroy(zhp, B_FALSE);
4258 	}
4259 
4260 	zfs_close(zhp);
4261 	return (0);
4262 }
4263 
4264 /*
4265  * Given a dataset, rollback to a specific snapshot, discarding any
4266  * data changes since then and making it the active dataset.
4267  *
4268  * Any snapshots and bookmarks more recent than the target are
4269  * destroyed, along with their dependents (i.e. clones).
4270  */
4271 int
4272 zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
4273 {
4274 	rollback_data_t cb = { 0 };
4275 	int err;
4276 	boolean_t restore_resv = 0;
4277 	uint64_t old_volsize = 0, new_volsize;
4278 	zfs_prop_t resv_prop = { 0 };
4279 	uint64_t min_txg = 0;
4280 
4281 	assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM ||
4282 	    zhp->zfs_type == ZFS_TYPE_VOLUME);
4283 
4284 	/*
4285 	 * Destroy all recent snapshots and their dependents.
4286 	 */
4287 	cb.cb_force = force;
4288 	cb.cb_target = snap->zfs_name;
4289 	cb.cb_create = zfs_prop_get_int(snap, ZFS_PROP_CREATETXG);
4290 
4291 	if (cb.cb_create > 0)
4292 		min_txg = cb.cb_create;
4293 
4294 	(void) zfs_iter_snapshots(zhp, B_FALSE, rollback_destroy, &cb,
4295 	    min_txg, 0);
4296 
4297 	(void) zfs_iter_bookmarks(zhp, rollback_destroy, &cb);
4298 
4299 	if (cb.cb_error)
4300 		return (-1);
4301 
4302 	/*
4303 	 * Now that we have verified that the snapshot is the latest,
4304 	 * rollback to the given snapshot.
4305 	 */
4306 
4307 	if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
4308 		if (zfs_which_resv_prop(zhp, &resv_prop) < 0)
4309 			return (-1);
4310 		old_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
4311 		restore_resv =
4312 		    (old_volsize == zfs_prop_get_int(zhp, resv_prop));
4313 	}
4314 
4315 	/*
4316 	 * Pass both the filesystem and the wanted snapshot names,
4317 	 * we would get an error back if the snapshot is destroyed or
4318 	 * a new snapshot is created before this request is processed.
4319 	 */
4320 	err = lzc_rollback_to(zhp->zfs_name, snap->zfs_name);
4321 	if (err != 0) {
4322 		char errbuf[1024];
4323 
4324 		(void) snprintf(errbuf, sizeof (errbuf),
4325 		    dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
4326 		    zhp->zfs_name);
4327 		switch (err) {
4328 		case EEXIST:
4329 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
4330 			    "there is a snapshot or bookmark more recent "
4331 			    "than '%s'"), snap->zfs_name);
4332 			(void) zfs_error(zhp->zfs_hdl, EZFS_EXISTS, errbuf);
4333 			break;
4334 		case ESRCH:
4335 			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
4336 			    "'%s' is not found among snapshots of '%s'"),
4337 			    snap->zfs_name, zhp->zfs_name);
4338 			(void) zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf);
4339 			break;
4340 		case EINVAL:
4341 			(void) zfs_error(zhp->zfs_hdl, EZFS_BADTYPE, errbuf);
4342 			break;
4343 		default:
4344 			(void) zfs_standard_error(zhp->zfs_hdl, err, errbuf);
4345 		}
4346 		return (err);
4347 	}
4348 
4349 	/*
4350 	 * For volumes, if the pre-rollback volsize matched the pre-
4351 	 * rollback reservation and the volsize has changed then set
4352 	 * the reservation property to the post-rollback volsize.
4353 	 * Make a new handle since the rollback closed the dataset.
4354 	 */
4355 	if ((zhp->zfs_type == ZFS_TYPE_VOLUME) &&
4356 	    (zhp = make_dataset_handle(zhp->zfs_hdl, zhp->zfs_name))) {
4357 		if (restore_resv) {
4358 			new_volsize = zfs_prop_get_int(zhp, ZFS_PROP_VOLSIZE);
4359 			if (old_volsize != new_volsize)
4360 				err = zfs_prop_set_int(zhp, resv_prop,
4361 				    new_volsize);
4362 		}
4363 		zfs_close(zhp);
4364 	}
4365 	return (err);
4366 }
4367 
4368 /*
4369  * Renames the given dataset.
4370  */
4371 int
4372 zfs_rename(zfs_handle_t *zhp, const char *target, renameflags_t flags)
4373 {
4374 	int ret = 0;
4375 	zfs_cmd_t zc = {"\0"};
4376 	char *delim;
4377 	prop_changelist_t *cl = NULL;
4378 	char parent[ZFS_MAX_DATASET_NAME_LEN];
4379 	char property[ZFS_MAXPROPLEN];
4380 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4381 	char errbuf[1024];
4382 
4383 	/* if we have the same exact name, just return success */
4384 	if (strcmp(zhp->zfs_name, target) == 0)
4385 		return (0);
4386 
4387 	(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4388 	    "cannot rename to '%s'"), target);
4389 
4390 	/* make sure source name is valid */
4391 	if (!zfs_validate_name(hdl, zhp->zfs_name, zhp->zfs_type, B_TRUE))
4392 		return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4393 
4394 	/*
4395 	 * Make sure the target name is valid
4396 	 */
4397 	if (zhp->zfs_type == ZFS_TYPE_SNAPSHOT) {
4398 		if ((strchr(target, '@') == NULL) ||
4399 		    *target == '@') {
4400 			/*
4401 			 * Snapshot target name is abbreviated,
4402 			 * reconstruct full dataset name
4403 			 */
4404 			(void) strlcpy(parent, zhp->zfs_name,
4405 			    sizeof (parent));
4406 			delim = strchr(parent, '@');
4407 			if (strchr(target, '@') == NULL)
4408 				*(++delim) = '\0';
4409 			else
4410 				*delim = '\0';
4411 			(void) strlcat(parent, target, sizeof (parent));
4412 			target = parent;
4413 		} else {
4414 			/*
4415 			 * Make sure we're renaming within the same dataset.
4416 			 */
4417 			delim = strchr(target, '@');
4418 			if (strncmp(zhp->zfs_name, target, delim - target)
4419 			    != 0 || zhp->zfs_name[delim - target] != '@') {
4420 				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4421 				    "snapshots must be part of same "
4422 				    "dataset"));
4423 				return (zfs_error(hdl, EZFS_CROSSTARGET,
4424 				    errbuf));
4425 			}
4426 		}
4427 
4428 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
4429 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4430 	} else {
4431 		if (flags.recursive) {
4432 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4433 			    "recursive rename must be a snapshot"));
4434 			return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
4435 		}
4436 
4437 		if (!zfs_validate_name(hdl, target, zhp->zfs_type, B_TRUE))
4438 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4439 
4440 		/* validate parents */
4441 		if (check_parents(hdl, target, NULL, B_FALSE, NULL) != 0)
4442 			return (-1);
4443 
4444 		/* make sure we're in the same pool */
4445 		verify((delim = strchr(target, '/')) != NULL);
4446 		if (strncmp(zhp->zfs_name, target, delim - target) != 0 ||
4447 		    zhp->zfs_name[delim - target] != '/') {
4448 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4449 			    "datasets must be within same pool"));
4450 			return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
4451 		}
4452 
4453 		/* new name cannot be a child of the current dataset name */
4454 		if (is_descendant(zhp->zfs_name, target)) {
4455 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4456 			    "New dataset name cannot be a descendant of "
4457 			    "current dataset name"));
4458 			return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
4459 		}
4460 	}
4461 
4462 	(void) snprintf(errbuf, sizeof (errbuf),
4463 	    dgettext(TEXT_DOMAIN, "cannot rename '%s'"), zhp->zfs_name);
4464 
4465 	if (getzoneid() == GLOBAL_ZONEID &&
4466 	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED)) {
4467 		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4468 		    "dataset is used in a non-global zone"));
4469 		return (zfs_error(hdl, EZFS_ZONED, errbuf));
4470 	}
4471 
4472 	/*
4473 	 * Avoid unmounting file systems with mountpoint property set to
4474 	 * 'legacy' or 'none' even if -u option is not given.
4475 	 */
4476 	if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM &&
4477 	    !flags.recursive && !flags.nounmount &&
4478 	    zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, property,
4479 	    sizeof (property), NULL, NULL, 0, B_FALSE) == 0 &&
4480 	    (strcmp(property, "legacy") == 0 ||
4481 	    strcmp(property, "none") == 0)) {
4482 		flags.nounmount = B_TRUE;
4483 	}
4484 	if (flags.recursive) {
4485 		char *parentname = zfs_strdup(zhp->zfs_hdl, zhp->zfs_name);
4486 		if (parentname == NULL) {
4487 			ret = -1;
4488 			goto error;
4489 		}
4490 		delim = strchr(parentname, '@');
4491 		*delim = '\0';
4492 		zfs_handle_t *zhrp = zfs_open(zhp->zfs_hdl, parentname,
4493 		    ZFS_TYPE_DATASET);
4494 		free(parentname);
4495 		if (zhrp == NULL) {
4496 			ret = -1;
4497 			goto error;
4498 		}
4499 		zfs_close(zhrp);
4500 	} else if (zhp->zfs_type != ZFS_TYPE_SNAPSHOT) {
4501 		if ((cl = changelist_gather(zhp, ZFS_PROP_NAME,
4502 		    flags.nounmount ? CL_GATHER_DONT_UNMOUNT :
4503 		    CL_GATHER_ITER_MOUNTED,
4504 		    flags.forceunmount ? MS_FORCE : 0)) == NULL)
4505 			return (-1);
4506 
4507 		if (changelist_haszonedchild(cl)) {
4508 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4509 			    "child dataset with inherited mountpoint is used "
4510 			    "in a non-global zone"));
4511 			(void) zfs_error(hdl, EZFS_ZONED, errbuf);
4512 			ret = -1;
4513 			goto error;
4514 		}
4515 
4516 		if ((ret = changelist_prefix(cl)) != 0)
4517 			goto error;
4518 	}
4519 
4520 	if (ZFS_IS_VOLUME(zhp))
4521 		zc.zc_objset_type = DMU_OST_ZVOL;
4522 	else
4523 		zc.zc_objset_type = DMU_OST_ZFS;
4524 
4525 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
4526 	(void) strlcpy(zc.zc_value, target, sizeof (zc.zc_value));
4527 
4528 	zc.zc_cookie = !!flags.recursive;
4529 	zc.zc_cookie |= (!!flags.nounmount) << 1;
4530 
4531 	if ((ret = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_RENAME, &zc)) != 0) {
4532 		/*
4533 		 * if it was recursive, the one that actually failed will
4534 		 * be in zc.zc_name
4535 		 */
4536 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4537 		    "cannot rename '%s'"), zc.zc_name);
4538 
4539 		if (flags.recursive && errno == EEXIST) {
4540 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4541 			    "a child dataset already has a snapshot "
4542 			    "with the new name"));
4543 			(void) zfs_error(hdl, EZFS_EXISTS, errbuf);
4544 		} else if (errno == EACCES) {
4545 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4546 			    "cannot move encrypted child outside of "
4547 			    "its encryption root"));
4548 			(void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4549 		} else {
4550 			(void) zfs_standard_error(zhp->zfs_hdl, errno, errbuf);
4551 		}
4552 
4553 		/*
4554 		 * On failure, we still want to remount any filesystems that
4555 		 * were previously mounted, so we don't alter the system state.
4556 		 */
4557 		if (cl != NULL)
4558 			(void) changelist_postfix(cl);
4559 	} else {
4560 		if (cl != NULL) {
4561 			changelist_rename(cl, zfs_get_name(zhp), target);
4562 			ret = changelist_postfix(cl);
4563 		}
4564 	}
4565 
4566 error:
4567 	if (cl != NULL) {
4568 		changelist_free(cl);
4569 	}
4570 	return (ret);
4571 }
4572 
4573 nvlist_t *
4574 zfs_get_all_props(zfs_handle_t *zhp)
4575 {
4576 	return (zhp->zfs_props);
4577 }
4578 
4579 nvlist_t *
4580 zfs_get_recvd_props(zfs_handle_t *zhp)
4581 {
4582 	if (zhp->zfs_recvd_props == NULL)
4583 		if (get_recvd_props_ioctl(zhp) != 0)
4584 			return (NULL);
4585 	return (zhp->zfs_recvd_props);
4586 }
4587 
4588 nvlist_t *
4589 zfs_get_user_props(zfs_handle_t *zhp)
4590 {
4591 	return (zhp->zfs_user_props);
4592 }
4593 
4594 /*
4595  * This function is used by 'zfs list' to determine the exact set of columns to
4596  * display, and their maximum widths.  This does two main things:
4597  *
4598  *      - If this is a list of all properties, then expand the list to include
4599  *        all native properties, and set a flag so that for each dataset we look
4600  *        for new unique user properties and add them to the list.
4601  *
4602  *      - For non fixed-width properties, keep track of the maximum width seen
4603  *        so that we can size the column appropriately. If the user has
4604  *        requested received property values, we also need to compute the width
4605  *        of the RECEIVED column.
4606  */
4607 int
4608 zfs_expand_proplist(zfs_handle_t *zhp, zprop_list_t **plp, boolean_t received,
4609     boolean_t literal)
4610 {
4611 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4612 	zprop_list_t *entry;
4613 	zprop_list_t **last, **start;
4614 	nvlist_t *userprops, *propval;
4615 	nvpair_t *elem;
4616 	char *strval;
4617 	char buf[ZFS_MAXPROPLEN];
4618 
4619 	if (zprop_expand_list(hdl, plp, ZFS_TYPE_DATASET) != 0)
4620 		return (-1);
4621 
4622 	userprops = zfs_get_user_props(zhp);
4623 
4624 	entry = *plp;
4625 	if (entry->pl_all && nvlist_next_nvpair(userprops, NULL) != NULL) {
4626 		/*
4627 		 * Go through and add any user properties as necessary.  We
4628 		 * start by incrementing our list pointer to the first
4629 		 * non-native property.
4630 		 */
4631 		start = plp;
4632 		while (*start != NULL) {
4633 			if ((*start)->pl_prop == ZPROP_INVAL)
4634 				break;
4635 			start = &(*start)->pl_next;
4636 		}
4637 
4638 		elem = NULL;
4639 		while ((elem = nvlist_next_nvpair(userprops, elem)) != NULL) {
4640 			/*
4641 			 * See if we've already found this property in our list.
4642 			 */
4643 			for (last = start; *last != NULL;
4644 			    last = &(*last)->pl_next) {
4645 				if (strcmp((*last)->pl_user_prop,
4646 				    nvpair_name(elem)) == 0)
4647 					break;
4648 			}
4649 
4650 			if (*last == NULL) {
4651 				if ((entry = zfs_alloc(hdl,
4652 				    sizeof (zprop_list_t))) == NULL ||
4653 				    ((entry->pl_user_prop = zfs_strdup(hdl,
4654 				    nvpair_name(elem)))) == NULL) {
4655 					free(entry);
4656 					return (-1);
4657 				}
4658 
4659 				entry->pl_prop = ZPROP_INVAL;
4660 				entry->pl_width = strlen(nvpair_name(elem));
4661 				entry->pl_all = B_TRUE;
4662 				*last = entry;
4663 			}
4664 		}
4665 	}
4666 
4667 	/*
4668 	 * Now go through and check the width of any non-fixed columns
4669 	 */
4670 	for (entry = *plp; entry != NULL; entry = entry->pl_next) {
4671 		if (entry->pl_fixed && !literal)
4672 			continue;
4673 
4674 		if (entry->pl_prop != ZPROP_INVAL) {
4675 			if (zfs_prop_get(zhp, entry->pl_prop,
4676 			    buf, sizeof (buf), NULL, NULL, 0, literal) == 0) {
4677 				if (strlen(buf) > entry->pl_width)
4678 					entry->pl_width = strlen(buf);
4679 			}
4680 			if (received && zfs_prop_get_recvd(zhp,
4681 			    zfs_prop_to_name(entry->pl_prop),
4682 			    buf, sizeof (buf), literal) == 0)
4683 				if (strlen(buf) > entry->pl_recvd_width)
4684 					entry->pl_recvd_width = strlen(buf);
4685 		} else {
4686 			if (nvlist_lookup_nvlist(userprops, entry->pl_user_prop,
4687 			    &propval) == 0) {
4688 				verify(nvlist_lookup_string(propval,
4689 				    ZPROP_VALUE, &strval) == 0);
4690 				if (strlen(strval) > entry->pl_width)
4691 					entry->pl_width = strlen(strval);
4692 			}
4693 			if (received && zfs_prop_get_recvd(zhp,
4694 			    entry->pl_user_prop,
4695 			    buf, sizeof (buf), literal) == 0)
4696 				if (strlen(buf) > entry->pl_recvd_width)
4697 					entry->pl_recvd_width = strlen(buf);
4698 		}
4699 	}
4700 
4701 	return (0);
4702 }
4703 
4704 void
4705 zfs_prune_proplist(zfs_handle_t *zhp, uint8_t *props)
4706 {
4707 	nvpair_t *curr;
4708 	nvpair_t *next;
4709 
4710 	/*
4711 	 * Keep a reference to the props-table against which we prune the
4712 	 * properties.
4713 	 */
4714 	zhp->zfs_props_table = props;
4715 
4716 	curr = nvlist_next_nvpair(zhp->zfs_props, NULL);
4717 
4718 	while (curr) {
4719 		zfs_prop_t zfs_prop = zfs_name_to_prop(nvpair_name(curr));
4720 		next = nvlist_next_nvpair(zhp->zfs_props, curr);
4721 
4722 		/*
4723 		 * User properties will result in ZPROP_INVAL, and since we
4724 		 * only know how to prune standard ZFS properties, we always
4725 		 * leave these in the list.  This can also happen if we
4726 		 * encounter an unknown DSL property (when running older
4727 		 * software, for example).
4728 		 */
4729 		if (zfs_prop != ZPROP_INVAL && props[zfs_prop] == B_FALSE)
4730 			(void) nvlist_remove(zhp->zfs_props,
4731 			    nvpair_name(curr), nvpair_type(curr));
4732 		curr = next;
4733 	}
4734 }
4735 
4736 static int
4737 zfs_smb_acl_mgmt(libzfs_handle_t *hdl, char *dataset, char *path,
4738     zfs_smb_acl_op_t cmd, char *resource1, char *resource2)
4739 {
4740 	zfs_cmd_t zc = {"\0"};
4741 	nvlist_t *nvlist = NULL;
4742 	int error;
4743 
4744 	(void) strlcpy(zc.zc_name, dataset, sizeof (zc.zc_name));
4745 	(void) strlcpy(zc.zc_value, path, sizeof (zc.zc_value));
4746 	zc.zc_cookie = (uint64_t)cmd;
4747 
4748 	if (cmd == ZFS_SMB_ACL_RENAME) {
4749 		if (nvlist_alloc(&nvlist, NV_UNIQUE_NAME, 0) != 0) {
4750 			(void) no_memory(hdl);
4751 			return (0);
4752 		}
4753 	}
4754 
4755 	switch (cmd) {
4756 	case ZFS_SMB_ACL_ADD:
4757 	case ZFS_SMB_ACL_REMOVE:
4758 		(void) strlcpy(zc.zc_string, resource1, sizeof (zc.zc_string));
4759 		break;
4760 	case ZFS_SMB_ACL_RENAME:
4761 		if (nvlist_add_string(nvlist, ZFS_SMB_ACL_SRC,
4762 		    resource1) != 0) {
4763 				(void) no_memory(hdl);
4764 				return (-1);
4765 		}
4766 		if (nvlist_add_string(nvlist, ZFS_SMB_ACL_TARGET,
4767 		    resource2) != 0) {
4768 				(void) no_memory(hdl);
4769 				return (-1);
4770 		}
4771 		if (zcmd_write_src_nvlist(hdl, &zc, nvlist) != 0) {
4772 			nvlist_free(nvlist);
4773 			return (-1);
4774 		}
4775 		break;
4776 	case ZFS_SMB_ACL_PURGE:
4777 		break;
4778 	default:
4779 		return (-1);
4780 	}
4781 	error = ioctl(hdl->libzfs_fd, ZFS_IOC_SMB_ACL, &zc);
4782 	nvlist_free(nvlist);
4783 	return (error);
4784 }
4785 
4786 int
4787 zfs_smb_acl_add(libzfs_handle_t *hdl, char *dataset,
4788     char *path, char *resource)
4789 {
4790 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_ADD,
4791 	    resource, NULL));
4792 }
4793 
4794 int
4795 zfs_smb_acl_remove(libzfs_handle_t *hdl, char *dataset,
4796     char *path, char *resource)
4797 {
4798 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_REMOVE,
4799 	    resource, NULL));
4800 }
4801 
4802 int
4803 zfs_smb_acl_purge(libzfs_handle_t *hdl, char *dataset, char *path)
4804 {
4805 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_PURGE,
4806 	    NULL, NULL));
4807 }
4808 
4809 int
4810 zfs_smb_acl_rename(libzfs_handle_t *hdl, char *dataset, char *path,
4811     char *oldname, char *newname)
4812 {
4813 	return (zfs_smb_acl_mgmt(hdl, dataset, path, ZFS_SMB_ACL_RENAME,
4814 	    oldname, newname));
4815 }
4816 
4817 int
4818 zfs_userspace(zfs_handle_t *zhp, zfs_userquota_prop_t type,
4819     zfs_userspace_cb_t func, void *arg)
4820 {
4821 	zfs_cmd_t zc = {"\0"};
4822 	zfs_useracct_t buf[100];
4823 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4824 	int ret;
4825 
4826 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
4827 
4828 	zc.zc_objset_type = type;
4829 	zc.zc_nvlist_dst = (uintptr_t)buf;
4830 
4831 	for (;;) {
4832 		zfs_useracct_t *zua = buf;
4833 
4834 		zc.zc_nvlist_dst_size = sizeof (buf);
4835 		if (zfs_ioctl(hdl, ZFS_IOC_USERSPACE_MANY, &zc) != 0) {
4836 			char errbuf[1024];
4837 
4838 			if ((errno == ENOTSUP &&
4839 			    (type == ZFS_PROP_USEROBJUSED ||
4840 			    type == ZFS_PROP_GROUPOBJUSED ||
4841 			    type == ZFS_PROP_USEROBJQUOTA ||
4842 			    type == ZFS_PROP_GROUPOBJQUOTA ||
4843 			    type == ZFS_PROP_PROJECTOBJUSED ||
4844 			    type == ZFS_PROP_PROJECTOBJQUOTA ||
4845 			    type == ZFS_PROP_PROJECTUSED ||
4846 			    type == ZFS_PROP_PROJECTQUOTA)))
4847 				break;
4848 
4849 			(void) snprintf(errbuf, sizeof (errbuf),
4850 			    dgettext(TEXT_DOMAIN,
4851 			    "cannot get used/quota for %s"), zc.zc_name);
4852 			return (zfs_standard_error_fmt(hdl, errno, errbuf));
4853 		}
4854 		if (zc.zc_nvlist_dst_size == 0)
4855 			break;
4856 
4857 		while (zc.zc_nvlist_dst_size > 0) {
4858 			if ((ret = func(arg, zua->zu_domain, zua->zu_rid,
4859 			    zua->zu_space)) != 0)
4860 				return (ret);
4861 			zua++;
4862 			zc.zc_nvlist_dst_size -= sizeof (zfs_useracct_t);
4863 		}
4864 	}
4865 
4866 	return (0);
4867 }
4868 
4869 struct holdarg {
4870 	nvlist_t *nvl;
4871 	const char *snapname;
4872 	const char *tag;
4873 	boolean_t recursive;
4874 	int error;
4875 };
4876 
4877 static int
4878 zfs_hold_one(zfs_handle_t *zhp, void *arg)
4879 {
4880 	struct holdarg *ha = arg;
4881 	char name[ZFS_MAX_DATASET_NAME_LEN];
4882 	int rv = 0;
4883 
4884 	if (snprintf(name, sizeof (name), "%s@%s", zhp->zfs_name,
4885 	    ha->snapname) >= sizeof (name))
4886 		return (EINVAL);
4887 
4888 	if (lzc_exists(name))
4889 		fnvlist_add_string(ha->nvl, name, ha->tag);
4890 
4891 	if (ha->recursive)
4892 		rv = zfs_iter_filesystems(zhp, zfs_hold_one, ha);
4893 	zfs_close(zhp);
4894 	return (rv);
4895 }
4896 
4897 int
4898 zfs_hold(zfs_handle_t *zhp, const char *snapname, const char *tag,
4899     boolean_t recursive, int cleanup_fd)
4900 {
4901 	int ret;
4902 	struct holdarg ha;
4903 
4904 	ha.nvl = fnvlist_alloc();
4905 	ha.snapname = snapname;
4906 	ha.tag = tag;
4907 	ha.recursive = recursive;
4908 	(void) zfs_hold_one(zfs_handle_dup(zhp), &ha);
4909 
4910 	if (nvlist_empty(ha.nvl)) {
4911 		char errbuf[1024];
4912 
4913 		fnvlist_free(ha.nvl);
4914 		ret = ENOENT;
4915 		(void) snprintf(errbuf, sizeof (errbuf),
4916 		    dgettext(TEXT_DOMAIN,
4917 		    "cannot hold snapshot '%s@%s'"),
4918 		    zhp->zfs_name, snapname);
4919 		(void) zfs_standard_error(zhp->zfs_hdl, ret, errbuf);
4920 		return (ret);
4921 	}
4922 
4923 	ret = zfs_hold_nvl(zhp, cleanup_fd, ha.nvl);
4924 	fnvlist_free(ha.nvl);
4925 
4926 	return (ret);
4927 }
4928 
4929 int
4930 zfs_hold_nvl(zfs_handle_t *zhp, int cleanup_fd, nvlist_t *holds)
4931 {
4932 	int ret;
4933 	nvlist_t *errors;
4934 	libzfs_handle_t *hdl = zhp->zfs_hdl;
4935 	char errbuf[1024];
4936 	nvpair_t *elem;
4937 
4938 	errors = NULL;
4939 	ret = lzc_hold(holds, cleanup_fd, &errors);
4940 
4941 	if (ret == 0) {
4942 		/* There may be errors even in the success case. */
4943 		fnvlist_free(errors);
4944 		return (0);
4945 	}
4946 
4947 	if (nvlist_empty(errors)) {
4948 		/* no hold-specific errors */
4949 		(void) snprintf(errbuf, sizeof (errbuf),
4950 		    dgettext(TEXT_DOMAIN, "cannot hold"));
4951 		switch (ret) {
4952 		case ENOTSUP:
4953 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4954 			    "pool must be upgraded"));
4955 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
4956 			break;
4957 		case EINVAL:
4958 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
4959 			break;
4960 		default:
4961 			(void) zfs_standard_error(hdl, ret, errbuf);
4962 		}
4963 	}
4964 
4965 	for (elem = nvlist_next_nvpair(errors, NULL);
4966 	    elem != NULL;
4967 	    elem = nvlist_next_nvpair(errors, elem)) {
4968 		(void) snprintf(errbuf, sizeof (errbuf),
4969 		    dgettext(TEXT_DOMAIN,
4970 		    "cannot hold snapshot '%s'"), nvpair_name(elem));
4971 		switch (fnvpair_value_int32(elem)) {
4972 		case E2BIG:
4973 			/*
4974 			 * Temporary tags wind up having the ds object id
4975 			 * prepended. So even if we passed the length check
4976 			 * above, it's still possible for the tag to wind
4977 			 * up being slightly too long.
4978 			 */
4979 			(void) zfs_error(hdl, EZFS_TAGTOOLONG, errbuf);
4980 			break;
4981 		case EINVAL:
4982 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
4983 			break;
4984 		case EEXIST:
4985 			(void) zfs_error(hdl, EZFS_REFTAG_HOLD, errbuf);
4986 			break;
4987 		default:
4988 			(void) zfs_standard_error(hdl,
4989 			    fnvpair_value_int32(elem), errbuf);
4990 		}
4991 	}
4992 
4993 	fnvlist_free(errors);
4994 	return (ret);
4995 }
4996 
4997 static int
4998 zfs_release_one(zfs_handle_t *zhp, void *arg)
4999 {
5000 	struct holdarg *ha = arg;
5001 	char name[ZFS_MAX_DATASET_NAME_LEN];
5002 	int rv = 0;
5003 	nvlist_t *existing_holds;
5004 
5005 	if (snprintf(name, sizeof (name), "%s@%s", zhp->zfs_name,
5006 	    ha->snapname) >= sizeof (name)) {
5007 		ha->error = EINVAL;
5008 		rv = EINVAL;
5009 	}
5010 
5011 	if (lzc_get_holds(name, &existing_holds) != 0) {
5012 		ha->error = ENOENT;
5013 	} else if (!nvlist_exists(existing_holds, ha->tag)) {
5014 		ha->error = ESRCH;
5015 	} else {
5016 		nvlist_t *torelease = fnvlist_alloc();
5017 		fnvlist_add_boolean(torelease, ha->tag);
5018 		fnvlist_add_nvlist(ha->nvl, name, torelease);
5019 		fnvlist_free(torelease);
5020 	}
5021 
5022 	if (ha->recursive)
5023 		rv = zfs_iter_filesystems(zhp, zfs_release_one, ha);
5024 	zfs_close(zhp);
5025 	return (rv);
5026 }
5027 
5028 int
5029 zfs_release(zfs_handle_t *zhp, const char *snapname, const char *tag,
5030     boolean_t recursive)
5031 {
5032 	int ret;
5033 	struct holdarg ha;
5034 	nvlist_t *errors = NULL;
5035 	nvpair_t *elem;
5036 	libzfs_handle_t *hdl = zhp->zfs_hdl;
5037 	char errbuf[1024];
5038 
5039 	ha.nvl = fnvlist_alloc();
5040 	ha.snapname = snapname;
5041 	ha.tag = tag;
5042 	ha.recursive = recursive;
5043 	ha.error = 0;
5044 	(void) zfs_release_one(zfs_handle_dup(zhp), &ha);
5045 
5046 	if (nvlist_empty(ha.nvl)) {
5047 		fnvlist_free(ha.nvl);
5048 		ret = ha.error;
5049 		(void) snprintf(errbuf, sizeof (errbuf),
5050 		    dgettext(TEXT_DOMAIN,
5051 		    "cannot release hold from snapshot '%s@%s'"),
5052 		    zhp->zfs_name, snapname);
5053 		if (ret == ESRCH) {
5054 			(void) zfs_error(hdl, EZFS_REFTAG_RELE, errbuf);
5055 		} else {
5056 			(void) zfs_standard_error(hdl, ret, errbuf);
5057 		}
5058 		return (ret);
5059 	}
5060 
5061 	ret = lzc_release(ha.nvl, &errors);
5062 	fnvlist_free(ha.nvl);
5063 
5064 	if (ret == 0) {
5065 		/* There may be errors even in the success case. */
5066 		fnvlist_free(errors);
5067 		return (0);
5068 	}
5069 
5070 	if (nvlist_empty(errors)) {
5071 		/* no hold-specific errors */
5072 		(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
5073 		    "cannot release"));
5074 		switch (errno) {
5075 		case ENOTSUP:
5076 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5077 			    "pool must be upgraded"));
5078 			(void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
5079 			break;
5080 		default:
5081 			(void) zfs_standard_error_fmt(hdl, errno, errbuf);
5082 		}
5083 	}
5084 
5085 	for (elem = nvlist_next_nvpair(errors, NULL);
5086 	    elem != NULL;
5087 	    elem = nvlist_next_nvpair(errors, elem)) {
5088 		(void) snprintf(errbuf, sizeof (errbuf),
5089 		    dgettext(TEXT_DOMAIN,
5090 		    "cannot release hold from snapshot '%s'"),
5091 		    nvpair_name(elem));
5092 		switch (fnvpair_value_int32(elem)) {
5093 		case ESRCH:
5094 			(void) zfs_error(hdl, EZFS_REFTAG_RELE, errbuf);
5095 			break;
5096 		case EINVAL:
5097 			(void) zfs_error(hdl, EZFS_BADTYPE, errbuf);
5098 			break;
5099 		default:
5100 			(void) zfs_standard_error_fmt(hdl,
5101 			    fnvpair_value_int32(elem), errbuf);
5102 		}
5103 	}
5104 
5105 	fnvlist_free(errors);
5106 	return (ret);
5107 }
5108 
5109 int
5110 zfs_get_fsacl(zfs_handle_t *zhp, nvlist_t **nvl)
5111 {
5112 	zfs_cmd_t zc = {"\0"};
5113 	libzfs_handle_t *hdl = zhp->zfs_hdl;
5114 	int nvsz = 2048;
5115 	void *nvbuf;
5116 	int err = 0;
5117 	char errbuf[1024];
5118 
5119 	assert(zhp->zfs_type == ZFS_TYPE_VOLUME ||
5120 	    zhp->zfs_type == ZFS_TYPE_FILESYSTEM);
5121 
5122 tryagain:
5123 
5124 	nvbuf = malloc(nvsz);
5125 	if (nvbuf == NULL) {
5126 		err = (zfs_error(hdl, EZFS_NOMEM, strerror(errno)));
5127 		goto out;
5128 	}
5129 
5130 	zc.zc_nvlist_dst_size = nvsz;
5131 	zc.zc_nvlist_dst = (uintptr_t)nvbuf;
5132 
5133 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
5134 
5135 	if (zfs_ioctl(hdl, ZFS_IOC_GET_FSACL, &zc) != 0) {
5136 		(void) snprintf(errbuf, sizeof (errbuf),
5137 		    dgettext(TEXT_DOMAIN, "cannot get permissions on '%s'"),
5138 		    zc.zc_name);
5139 		switch (errno) {
5140 		case ENOMEM:
5141 			free(nvbuf);
5142 			nvsz = zc.zc_nvlist_dst_size;
5143 			goto tryagain;
5144 
5145 		case ENOTSUP:
5146 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5147 			    "pool must be upgraded"));
5148 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5149 			break;
5150 		case EINVAL:
5151 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5152 			break;
5153 		case ENOENT:
5154 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5155 			break;
5156 		default:
5157 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5158 			break;
5159 		}
5160 	} else {
5161 		/* success */
5162 		int rc = nvlist_unpack(nvbuf, zc.zc_nvlist_dst_size, nvl, 0);
5163 		if (rc) {
5164 			(void) snprintf(errbuf, sizeof (errbuf), dgettext(
5165 			    TEXT_DOMAIN, "cannot get permissions on '%s'"),
5166 			    zc.zc_name);
5167 			err = zfs_standard_error_fmt(hdl, rc, errbuf);
5168 		}
5169 	}
5170 
5171 	free(nvbuf);
5172 out:
5173 	return (err);
5174 }
5175 
5176 int
5177 zfs_set_fsacl(zfs_handle_t *zhp, boolean_t un, nvlist_t *nvl)
5178 {
5179 	zfs_cmd_t zc = {"\0"};
5180 	libzfs_handle_t *hdl = zhp->zfs_hdl;
5181 	char *nvbuf;
5182 	char errbuf[1024];
5183 	size_t nvsz;
5184 	int err;
5185 
5186 	assert(zhp->zfs_type == ZFS_TYPE_VOLUME ||
5187 	    zhp->zfs_type == ZFS_TYPE_FILESYSTEM);
5188 
5189 	err = nvlist_size(nvl, &nvsz, NV_ENCODE_NATIVE);
5190 	assert(err == 0);
5191 
5192 	nvbuf = malloc(nvsz);
5193 
5194 	err = nvlist_pack(nvl, &nvbuf, &nvsz, NV_ENCODE_NATIVE, 0);
5195 	assert(err == 0);
5196 
5197 	zc.zc_nvlist_src_size = nvsz;
5198 	zc.zc_nvlist_src = (uintptr_t)nvbuf;
5199 	zc.zc_perm_action = un;
5200 
5201 	(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
5202 
5203 	if (zfs_ioctl(hdl, ZFS_IOC_SET_FSACL, &zc) != 0) {
5204 		(void) snprintf(errbuf, sizeof (errbuf),
5205 		    dgettext(TEXT_DOMAIN, "cannot set permissions on '%s'"),
5206 		    zc.zc_name);
5207 		switch (errno) {
5208 		case ENOTSUP:
5209 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5210 			    "pool must be upgraded"));
5211 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5212 			break;
5213 		case EINVAL:
5214 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5215 			break;
5216 		case ENOENT:
5217 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5218 			break;
5219 		default:
5220 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5221 			break;
5222 		}
5223 	}
5224 
5225 	free(nvbuf);
5226 
5227 	return (err);
5228 }
5229 
5230 int
5231 zfs_get_holds(zfs_handle_t *zhp, nvlist_t **nvl)
5232 {
5233 	int err;
5234 	char errbuf[1024];
5235 
5236 	err = lzc_get_holds(zhp->zfs_name, nvl);
5237 
5238 	if (err != 0) {
5239 		libzfs_handle_t *hdl = zhp->zfs_hdl;
5240 
5241 		(void) snprintf(errbuf, sizeof (errbuf),
5242 		    dgettext(TEXT_DOMAIN, "cannot get holds for '%s'"),
5243 		    zhp->zfs_name);
5244 		switch (err) {
5245 		case ENOTSUP:
5246 			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5247 			    "pool must be upgraded"));
5248 			err = zfs_error(hdl, EZFS_BADVERSION, errbuf);
5249 			break;
5250 		case EINVAL:
5251 			err = zfs_error(hdl, EZFS_BADTYPE, errbuf);
5252 			break;
5253 		case ENOENT:
5254 			err = zfs_error(hdl, EZFS_NOENT, errbuf);
5255 			break;
5256 		default:
5257 			err = zfs_standard_error_fmt(hdl, errno, errbuf);
5258 			break;
5259 		}
5260 	}
5261 
5262 	return (err);
5263 }
5264 
5265 /*
5266  * The theory of raidz space accounting
5267  *
5268  * The "referenced" property of RAIDZ vdevs is scaled such that a 128KB block
5269  * will "reference" 128KB, even though it allocates more than that, to store the
5270  * parity information (and perhaps skip sectors). This concept of the
5271  * "referenced" (and other DMU space accounting) being lower than the allocated
5272  * space by a constant factor is called "raidz deflation."
5273  *
5274  * As mentioned above, the constant factor for raidz deflation assumes a 128KB
5275  * block size. However, zvols typically have a much smaller block size (default
5276  * 8KB). These smaller blocks may require proportionally much more parity
5277  * information (and perhaps skip sectors). In this case, the change to the
5278  * "referenced" property may be much more than the logical block size.
5279  *
5280  * Suppose a raidz vdev has 5 disks with ashift=12.  A 128k block may be written
5281  * as follows.
5282  *
5283  * +-------+-------+-------+-------+-------+
5284  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5285  * +-------+-------+-------+-------+-------+
5286  * |  P0   |  D0   |  D8   |  D16  |  D24  |
5287  * |  P1   |  D1   |  D9   |  D17  |  D25  |
5288  * |  P2   |  D2   |  D10  |  D18  |  D26  |
5289  * |  P3   |  D3   |  D11  |  D19  |  D27  |
5290  * |  P4   |  D4   |  D12  |  D20  |  D28  |
5291  * |  P5   |  D5   |  D13  |  D21  |  D29  |
5292  * |  P6   |  D6   |  D14  |  D22  |  D30  |
5293  * |  P7   |  D7   |  D15  |  D23  |  D31  |
5294  * +-------+-------+-------+-------+-------+
5295  *
5296  * Above, notice that 160k was allocated: 8 x 4k parity sectors + 32 x 4k data
5297  * sectors.  The dataset's referenced will increase by 128k and the pool's
5298  * allocated and free properties will be adjusted by 160k.
5299  *
5300  * A 4k block written to the same raidz vdev will require two 4k sectors.  The
5301  * blank cells represent unallocated space.
5302  *
5303  * +-------+-------+-------+-------+-------+
5304  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5305  * +-------+-------+-------+-------+-------+
5306  * |  P0   |  D0   |       |       |       |
5307  * +-------+-------+-------+-------+-------+
5308  *
5309  * Above, notice that the 4k block required one sector for parity and another
5310  * for data.  vdev_raidz_asize() will return 8k and as such the pool's allocated
5311  * and free properties will be adjusted by 8k.  The dataset will not be charged
5312  * 8k.  Rather, it will be charged a value that is scaled according to the
5313  * overhead of the 128k block on the same vdev.  This 8k allocation will be
5314  * charged 8k * 128k / 160k.  128k is from SPA_OLD_MAXBLOCKSIZE and 160k is as
5315  * calculated in the 128k block example above.
5316  *
5317  * Every raidz allocation is sized to be a multiple of nparity+1 sectors.  That
5318  * is, every raidz1 allocation will be a multiple of 2 sectors, raidz2
5319  * allocations are a multiple of 3 sectors, and raidz3 allocations are a
5320  * multiple of of 4 sectors.  When a block does not fill the required number of
5321  * sectors, skip blocks (sectors) are used.
5322  *
5323  * An 8k block being written to a raidz vdev may be written as follows:
5324  *
5325  * +-------+-------+-------+-------+-------+
5326  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5327  * +-------+-------+-------+-------+-------+
5328  * |  P0   |  D0   |  D1   |  S0   |       |
5329  * +-------+-------+-------+-------+-------+
5330  *
5331  * In order to maintain the nparity+1 allocation size, a skip block (S0) was
5332  * added.  For this 8k block, the pool's allocated and free properties are
5333  * adjusted by 16k and the dataset's referenced is increased by 16k * 128k /
5334  * 160k.  Again, 128k is from SPA_OLD_MAXBLOCKSIZE and 160k is as calculated in
5335  * the 128k block example above.
5336  *
5337  * The situtation is slightly different for dRAID since the minimum allocation
5338  * size is the full group width.  The same 8K block above would be written as
5339  * follows in a dRAID group:
5340  *
5341  * +-------+-------+-------+-------+-------+
5342  * | disk1 | disk2 | disk3 | disk4 | disk5 |
5343  * +-------+-------+-------+-------+-------+
5344  * |  P0   |  D0   |  D1   |  S0   |  S1   |
5345  * +-------+-------+-------+-------+-------+
5346  *
5347  * Compression may lead to a variety of block sizes being written for the same
5348  * volume or file.  There is no clear way to reserve just the amount of space
5349  * that will be required, so the worst case (no compression) is assumed.
5350  * Note that metadata blocks will typically be compressed, so the reservation
5351  * size returned by zvol_volsize_to_reservation() will generally be slightly
5352  * larger than the maximum that the volume can reference.
5353  */
5354 
5355 /*
5356  * Derived from function of same name in module/zfs/vdev_raidz.c.  Returns the
5357  * amount of space (in bytes) that will be allocated for the specified block
5358  * size. Note that the "referenced" space accounted will be less than this, but
5359  * not necessarily equal to "blksize", due to RAIDZ deflation.
5360  */
5361 static uint64_t
5362 vdev_raidz_asize(uint64_t ndisks, uint64_t nparity, uint64_t ashift,
5363     uint64_t blksize)
5364 {
5365 	uint64_t asize, ndata;
5366 
5367 	ASSERT3U(ndisks, >, nparity);
5368 	ndata = ndisks - nparity;
5369 	asize = ((blksize - 1) >> ashift) + 1;
5370 	asize += nparity * ((asize + ndata - 1) / ndata);
5371 	asize = roundup(asize, nparity + 1) << ashift;
5372 
5373 	return (asize);
5374 }
5375 
5376 /*
5377  * Derived from function of same name in module/zfs/vdev_draid.c.  Returns the
5378  * amount of space (in bytes) that will be allocated for the specified block
5379  * size.
5380  */
5381 static uint64_t
5382 vdev_draid_asize(uint64_t ndisks, uint64_t nparity, uint64_t ashift,
5383     uint64_t blksize)
5384 {
5385 	ASSERT3U(ndisks, >, nparity);
5386 	uint64_t ndata = ndisks - nparity;
5387 	uint64_t rows = ((blksize - 1) / (ndata << ashift)) + 1;
5388 	uint64_t asize = (rows * ndisks) << ashift;
5389 
5390 	return (asize);
5391 }
5392 
5393 /*
5394  * Determine how much space will be allocated if it lands on the most space-
5395  * inefficient top-level vdev.  Returns the size in bytes required to store one
5396  * copy of the volume data.  See theory comment above.
5397  */
5398 static uint64_t
5399 volsize_from_vdevs(zpool_handle_t *zhp, uint64_t nblocks, uint64_t blksize)
5400 {
5401 	nvlist_t *config, *tree, **vdevs;
5402 	uint_t nvdevs;
5403 	uint64_t ret = 0;
5404 
5405 	config = zpool_get_config(zhp, NULL);
5406 	if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE, &tree) != 0 ||
5407 	    nvlist_lookup_nvlist_array(tree, ZPOOL_CONFIG_CHILDREN,
5408 	    &vdevs, &nvdevs) != 0) {
5409 		return (nblocks * blksize);
5410 	}
5411 
5412 	for (int v = 0; v < nvdevs; v++) {
5413 		char *type;
5414 		uint64_t nparity, ashift, asize, tsize;
5415 		uint64_t volsize;
5416 
5417 		if (nvlist_lookup_string(vdevs[v], ZPOOL_CONFIG_TYPE,
5418 		    &type) != 0)
5419 			continue;
5420 
5421 		if (strcmp(type, VDEV_TYPE_RAIDZ) != 0 &&
5422 		    strcmp(type, VDEV_TYPE_DRAID) != 0)
5423 			continue;
5424 
5425 		if (nvlist_lookup_uint64(vdevs[v],
5426 		    ZPOOL_CONFIG_NPARITY, &nparity) != 0)
5427 			continue;
5428 
5429 		if (nvlist_lookup_uint64(vdevs[v],
5430 		    ZPOOL_CONFIG_ASHIFT, &ashift) != 0)
5431 			continue;
5432 
5433 		if (strcmp(type, VDEV_TYPE_RAIDZ) == 0) {
5434 			nvlist_t **disks;
5435 			uint_t ndisks;
5436 
5437 			if (nvlist_lookup_nvlist_array(vdevs[v],
5438 			    ZPOOL_CONFIG_CHILDREN, &disks, &ndisks) != 0)
5439 				continue;
5440 
5441 			/* allocation size for the "typical" 128k block */
5442 			tsize = vdev_raidz_asize(ndisks, nparity, ashift,
5443 			    SPA_OLD_MAXBLOCKSIZE);
5444 
5445 			/* allocation size for the blksize block */
5446 			asize = vdev_raidz_asize(ndisks, nparity, ashift,
5447 			    blksize);
5448 		} else {
5449 			uint64_t ndata;
5450 
5451 			if (nvlist_lookup_uint64(vdevs[v],
5452 			    ZPOOL_CONFIG_DRAID_NDATA, &ndata) != 0)
5453 				continue;
5454 
5455 			/* allocation size for the "typical" 128k block */
5456 			tsize = vdev_draid_asize(ndata + nparity, nparity,
5457 			    ashift, SPA_OLD_MAXBLOCKSIZE);
5458 
5459 			/* allocation size for the blksize block */
5460 			asize = vdev_draid_asize(ndata + nparity, nparity,
5461 			    ashift, blksize);
5462 		}
5463 
5464 		/*
5465 		 * Scale this size down as a ratio of 128k / tsize.
5466 		 * See theory statement above.
5467 		 */
5468 		volsize = nblocks * asize * SPA_OLD_MAXBLOCKSIZE / tsize;
5469 		if (volsize > ret) {
5470 			ret = volsize;
5471 		}
5472 	}
5473 
5474 	if (ret == 0) {
5475 		ret = nblocks * blksize;
5476 	}
5477 
5478 	return (ret);
5479 }
5480 
5481 /*
5482  * Convert the zvol's volume size to an appropriate reservation.  See theory
5483  * comment above.
5484  *
5485  * Note: If this routine is updated, it is necessary to update the ZFS test
5486  * suite's shell version in reservation.shlib.
5487  */
5488 uint64_t
5489 zvol_volsize_to_reservation(zpool_handle_t *zph, uint64_t volsize,
5490     nvlist_t *props)
5491 {
5492 	uint64_t numdb;
5493 	uint64_t nblocks, volblocksize;
5494 	int ncopies;
5495 	char *strval;
5496 
5497 	if (nvlist_lookup_string(props,
5498 	    zfs_prop_to_name(ZFS_PROP_COPIES), &strval) == 0)
5499 		ncopies = atoi(strval);
5500 	else
5501 		ncopies = 1;
5502 	if (nvlist_lookup_uint64(props,
5503 	    zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE),
5504 	    &volblocksize) != 0)
5505 		volblocksize = ZVOL_DEFAULT_BLOCKSIZE;
5506 
5507 	nblocks = volsize / volblocksize;
5508 	/*
5509 	 * Metadata defaults to using 128k blocks, not volblocksize blocks.  For
5510 	 * this reason, only the data blocks are scaled based on vdev config.
5511 	 */
5512 	volsize = volsize_from_vdevs(zph, nblocks, volblocksize);
5513 
5514 	/* start with metadnode L0-L6 */
5515 	numdb = 7;
5516 	/* calculate number of indirects */
5517 	while (nblocks > 1) {
5518 		nblocks += DNODES_PER_LEVEL - 1;
5519 		nblocks /= DNODES_PER_LEVEL;
5520 		numdb += nblocks;
5521 	}
5522 	numdb *= MIN(SPA_DVAS_PER_BP, ncopies + 1);
5523 	volsize *= ncopies;
5524 	/*
5525 	 * this is exactly DN_MAX_INDBLKSHIFT when metadata isn't
5526 	 * compressed, but in practice they compress down to about
5527 	 * 1100 bytes
5528 	 */
5529 	numdb *= 1ULL << DN_MAX_INDBLKSHIFT;
5530 	volsize += numdb;
5531 	return (volsize);
5532 }
5533 
5534 /*
5535  * Wait for the given activity and return the status of the wait (whether or not
5536  * any waiting was done) in the 'waited' parameter. Non-existent fses are
5537  * reported via the 'missing' parameter, rather than by printing an error
5538  * message. This is convenient when this function is called in a loop over a
5539  * long period of time (as it is, for example, by zfs's wait cmd). In that
5540  * scenario, a fs being exported or destroyed should be considered a normal
5541  * event, so we don't want to print an error when we find that the fs doesn't
5542  * exist.
5543  */
5544 int
5545 zfs_wait_status(zfs_handle_t *zhp, zfs_wait_activity_t activity,
5546     boolean_t *missing, boolean_t *waited)
5547 {
5548 	int error = lzc_wait_fs(zhp->zfs_name, activity, waited);
5549 	*missing = (error == ENOENT);
5550 	if (*missing)
5551 		return (0);
5552 
5553 	if (error != 0) {
5554 		(void) zfs_standard_error_fmt(zhp->zfs_hdl, error,
5555 		    dgettext(TEXT_DOMAIN, "error waiting in fs '%s'"),
5556 		    zhp->zfs_name);
5557 	}
5558 
5559 	return (error);
5560 }
5561